From nobody Sat Aug 31 14:32:08 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WwyCS1pTnz5MSKN for ; Sat, 31 Aug 2024 14:32:20 +0000 (UTC) (envelope-from pete@twisted.org.uk) Received: from toybox.twisted.org.uk (toybox.twisted.org.uk [178.250.76.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4WwyCQ3jMpz47d6 for ; Sat, 31 Aug 2024 14:32:18 +0000 (UTC) (envelope-from pete@twisted.org.uk) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=twisted.org.uk header.s=tbx-short header.b=w+o3ucOJ; dmarc=pass (policy=none) header.from=twisted.org.uk; spf=pass (mx1.freebsd.org: domain of pete@twisted.org.uk designates 178.250.76.50 as permitted sender) smtp.mailfrom=pete@twisted.org.uk DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=twisted.org.uk; s=tbx-short; h=Content-Transfer-Encoding:Content-Type: Subject:From:To:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=jI2+vvToUhPdHLgV9ziokFAJhmpjlkr0mv9jTJfpUNw=; t=1725114738; x=1725978738; b=w+o3ucOJwplqG7Bs9/yQZPVYZA1YPEu9it/BSSwjsvk1NQ8RzbbsGncQuKqbMYvH5IpNvn8/Qnl shGXccxJtaIYZ5/vBa7QmcUGPpwafvoFMZ+U8IVsi4ExcEbiqdU5DWd8F7DslgbaHaGyZDkECym8d ACcE8jI0UoFM+F5vgdE=; Received: from mailnull by toybox.twisted.org.uk with spamc-scanned (Exim 4.96.2 (FreeBSD)) (envelope-from ) id 1skP96-00091T-2F for freebsd-stable@freebsd.org; Sat, 31 Aug 2024 14:32:09 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on toybox.twisted.org.uk X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=ALL_TRUSTED,TW_PM, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=4.0.0 X-Spam-Score: -0.9 () Received: from balta.twisted.org.uk ([2001:470:6cc4:1::57]) by toybox.twisted.org.uk with esmtpsa (TLS1.3) tls TLS_AES_128_GCM_SHA256 (Exim 4.96.2 (FreeBSD)) (envelope-from ) id 1skP96-00091P-21 for freebsd-stable@freebsd.org; Sat, 31 Aug 2024 14:32:08 +0000 Message-ID: <27a993d5-c456-4add-8893-3e86af747ab1@twisted.org.uk> Date: Sat, 31 Aug 2024 15:32:08 +0100 List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-stable@freebsd.org Sender: owner-freebsd-stable@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Beta Content-Language: en-GB To: FreeBSD Stable Mailing List From: Pete French Subject: How to diagnose "Limiting closed port RST response from 213 to 205 packets/sec" ? Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-spamc-toybox: true X-transport-toybox: lookuphost X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.99 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[twisted.org.uk,none]; R_DKIM_ALLOW(-0.20)[twisted.org.uk:s=tbx-short]; R_SPF_ALLOW(-0.20)[+ip4:178.250.76.50/32]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ASN(0.00)[asn:12290, ipnet:178.250.72.0/21, country:GB]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_DN_ALL(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[twisted.org.uk:+] X-Rspamd-Queue-Id: 4WwyCQ3jMpz47d6 So I am running some servers with 14.1-STABLE, pretty standard - Apache + mysql setup, and I am seeing a lot of the above messages. I have always seen these form time to time, but recently I have had compmnaits from a customer about the webservers being unavailable, and the times they give correspond to bursts of these errors. I dont see any other errors, and am wondering how to get more info about this message. Knowing if its IPv4 or IPv6 would be nice. Knowing the port that is closed would be ideal. I have a feeling that the closed port is the one which Apaxche is suppsoed to be listenin gon (I cant think of nay other ports which would get hammered), but that should never be closed. Any advice ? -pete.