Large numbers of Limiting open port RST response from 6 to 5 packets/sec

[Manolis Kiagias]

roy lee wrote:
> Manolis Kiagias 写道:
>>
>>
>> roy lee wrote:
>>> this is  a web server,use nginx, Large numbers of Limiting
>>> open port RST response from 6 to 5 packets/sec.
>>>
>>> I need help.
>>>
>>> dmesg：
>>> Limiting open port RST response from 11 to 5 packets/sec
>>> Limiting open port RST response from 6 to 5 packets/sec
>>> Limiting open port RST response from 8 to 5 packets/sec
>>> Limiting open port RST response from 6 to 5 packets/sec
>>> Limiting open port RST response from 8 to 5 packets/sec
>>> Limiting open port RST response from 7 to 5 packets/sec
>>> Limiting open port RST response from 7 to 5 packets/sec
>>> Limiting open port RST response from 14 to 5 packets/sec
>>> Limiting open port RST response from 11 to 5 packets/sec
>>> Limiting open port RST response from 9 to 5 packets/sec
>>> Limiting open port RST response from 12 to 5 packets/sec
>>> Limiting open port RST response from 6 to 5 packets/sec
>>> .......
>>>
>>> uname -a
>>> FreeBSD qz14253.tmdxy.org 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat Mar
>>> 8 20:41:05 UTC 2008     roy at qz14253.tmdxy.org:/usr/obj/usr/src/sys/
>>> qz2kernel  i386
>>>
>>> <SNIP>
>>>
>>> sysctl.conf:
>>> net.inet.icmp.drop_redirect=1
>>> net.inet.icmp.log_redirect=1
>>> net.inet.tcp.msl=2500
>>> net.inet.icmp.icmplim=5
>>> kern.ipc.somaxconn=32768
>>> kern.ipc.shmall=32768
>>> kern.ipc.shmmax=134217728
>>> kern.ipc.semmap=256
>>>
>>> <SNIP>
>> ICMP packets are rate-limited by the kernel, but you limited them 
>> even more with this:
>>
>> net.inet.icmp.icmplim=5
>>
>> This is the cause of your messages. Adjust it to about 500.
>>
>>
> if sysctl net.inet.icmp.icmplim=500 ， the services will stop，
> twisted log : writev() failed (32: Broken pipe) while sending request 
> to upstream
This is weird. We use 500 on a production web server (large torrent 
site). Kernel default is 200, you may wish to use this value.