Исходное сообщение
"TCP reset" Отправлено Сырно, 02-Июн-11 08:20
> Ядро точно GENERIC? Да. > покажите вывод У Фаерфокса: network.http.max-connections-per-server;15 Если 1 или 2 всё ok. На сервере: Перезаргрузка, запрос фаерфоксом страницы с картинками (часть не загрузились - тот самый RST), итог: > netstat -s tcp:     127 packets sent         83 data packets (76576 bytes)         0 data packets (0 bytes) retransmitted         0 data packets unnecessarily retransmitted         0 resends initiated by MTU discovery         34 ack-only packets (0 delayed)         0 URG only packets         0 window probe packets         0 window update packets         10 control packets     202 packets received         94 acks (for 76590 bytes)         0 duplicate acks         0 acks for unsent data         17 packets (5743 bytes) received in-sequence         0 completely duplicate packets (0 bytes)         0 old duplicate packets         0 packets with some dup. data (0 bytes duped)         0 out-of-order packets (0 bytes)         0 packets (0 bytes) of data after window         0 window probes         0 window update packets         0 packets received after close         0 discarded for bad checksums         0 discarded for bad header offset fields         0 discarded because packet too short         0 discarded due to memory problems     4 connection requests     7 connection accepts     0 bad connection attempts     52 listen queue overflows     0 ignored RSTs in the windows     7 connections established (including accepts)     7 connections closed (including 0 drops)         1 connection updated cached RTT on close         1 connection updated cached RTT variance on close         0 connections updated cached ssthresh on close     4 embryonic connections dropped     94 segments updated rtt (of 62 attempts)     0 retransmit timeouts         0 connections dropped by rexmit timeout     0 persist timeouts         0 connections dropped by persist timeout     0 Connections (fin_wait_2) dropped because of timeout     0 keepalive timeouts         0 keepalive probes sent         0 connections dropped by keepalive     0 correct ACK header predictions     15 correct data packet header predictions     33 syncache entries added         0 retransmitted         0 dupsyn         0 dropped         7 completed         0 bucket overflow         0 cache overflow         0 reset         0 stale         52 aborted         0 badack         0 unreach         0 zone failures     33 cookies sent     26 cookies received     0 SACK recovery episodes     0 segment rexmits in SACK recovery episodes     0 byte rexmits in SACK recovery episodes     0 SACK options (SACK blocks) received     0 SACK options (SACK blocks) sent     0 SACK scoreboard overflow     0 packets with ECN CE bit set     0 packets with ECN ECT(0) bit set     0 packets with ECN ECT(1) bit set     0 successful ECN handshakes     0 times ECN reduced the congestion window udp:     33 datagrams received     0 with incomplete header     0 with bad data length field     0 with bad checksum     0 with no checksum     0 dropped due to no socket     0 broadcast/multicast datagrams undelivered     0 dropped due to full socket buffers     0 not for hashed pcb     33 delivered     30 datagrams output     0 times multicast source filter matched sctp:     0 input packets         0 datagrams         0 packets that had data         0 input SACK chunks         0 input DATA chunks         0 duplicate DATA chunks         0 input HB chunks         0 HB-ACK chunks         0 input ECNE chunks         0 input AUTH chunks         0 chunks missing AUTH         0 invalid HMAC ids received         0 invalid secret ids received         0 auth failed         0 fast path receives all one chunk         0 fast path multi-part data     0 output packets         0 output SACKs         0 output DATA chunks         0 retransmitted DATA chunks         0 fast retransmitted DATA chunks         0 FR's that happened more than once to same chunk         0 intput HB chunks         0 output ECNE chunks         0 output AUTH chunks         0 ip_output error counter     Packet drop statistics:         0 from middle box         0 from end host         0 with data         0 non-data, non-endhost         0 non-endhost, bandwidth rep only         0 not enough for chunk header         0 not enough data to confirm         0 where process_chunk_drop said break         0 failed to find TSN         0 attempt reverse TSN lookup         0 e-host confirms zero-rwnd         0 midbox confirms no space         0 data did not match TSN         0 TSN's marked for Fast Retran     Timeouts:         0 iterator timers fired         0 T3 data time outs         0 window probe (T3) timers fired         0 INIT timers fired         0 sack timers fired         0 shutdown timers fired         0 heartbeat timers fired         0 a cookie timeout fired         0 an endpoint changed its cookiesecret         0 PMTU timers fired         0 shutdown ack timers fired         0 shutdown guard timers fired         0 stream reset timers fired         0 early FR timers fired         0 an asconf timer fired         0 auto close timer fired         0 asoc free timers expired         0 inp free timers expired     0 packet shorter than header     0 checksum error     0 no endpoint for port     0 bad v-tag     0 bad SID     0 no memory     0 number of multiple FR in a RTT window     0 RFC813 allowed sending     0 RFC813 does not allow sending     0 times max burst prohibited sending     0 look ahead tells us no memory in interface     0 numbers of window probes sent     0 times an output error to clamp down on next user send     0 times sctp_senderrors were caused from a user     0 number of in data drops due to chunk limit reached     0 number of in data drops due to rwnd limit reached     0 times a ECN reduced the cwnd     0 used express lookup via vtag     0 collision in express lookup     0 times the sender ran dry of user data on primary     0 same for above     0 sacks the slow way     0 window update only sacks sent     0 sends with sinfo_flags !=0     0 unordered sends     0 sends with EOF flag set     0 sends with ABORT flag set     0 times protocol drain called     0 times we did a protocol drain     0 times recv was called with peek     0 cached chunks used     0 cached stream oq's used     0 unread messages abandonded by close     0 send burst avoidance, already max burst inflight to net     0 send cwnd full avoidance, already max burst inflight to net     0 number of map array over-runs via fwd-tsn's ip:     237 total packets received     0 bad header checksums     0 with size smaller than minimum     0 with data size < data length     0 with ip length > max ip packet size     0 with header length < data size     0 with data length < header length     0 with bad options     0 with incorrect version number     0 fragments received     0 fragments dropped (dup or out of space)     0 fragments dropped after timeout     0 packets reassembled ok     231 packets for this host     0 packets for unknown/unsupported protocol     0 packets forwarded (0 packets fast forwarded)     6 packets not forwardable     0 packets received for unknown multicast group     0 redirects sent     209 packets sent from this host     0 packets sent with fabricated ip header     0 output packets dropped due to no bufs, etc.     0 output packets discarded due to no route     0 output datagrams fragmented     0 fragments created     0 datagrams that can't be fragmented     0 tunneling packets that can't find gif     0 datagrams with bad address in header icmp:     0 calls to icmp_error     0 errors not generated in response to an icmp message     0 messages with bad code fields     0 messages less than the minimum length     0 messages with bad checksum     0 messages with bad length     0 multicast echo requests ignored     0 multicast timestamp requests ignored     0 message responses generated     0 invalid return addresses     0 no return routes     ICMP address mask responses are disabled igmp:     0 messages received     0 messages received with too few bytes     0 messages received with wrong TTL     0 messages received with bad checksum     0 V1/V2 membership queries received     0 V3 membership queries received     0 membership queries received with invalid field(s)     0 general queries received     0 group queries received     0 group-source queries received     0 group-source queries dropped     0 membership reports received     0 membership reports received with invalid field(s)     0 membership reports received for groups to which we belong     0 V3 reports received without Router Alert     0 membership reports sent arp:     2 ARP requests sent     2 ARP replies sent     2 ARP requests received     1 ARP reply received     3 ARP packets received     0 total packets dropped due to no ARP entry     0 ARP entrys timed out     0 Duplicate IPs seen ip6:     4 total packets received     0 with size smaller than minimum     0 with data size < data length     0 with bad options     0 with incorrect version number     0 fragments received     0 fragments dropped (dup or out of space)     0 fragments dropped after timeout     0 fragments that exceeded limit     0 packets reassembled ok     4 packets for this host     0 packets forwarded     0 packets not forwardable     0 redirects sent     4 packets sent from this host     0 packets sent with fabricated ip header     0 output packets dropped due to no bufs, etc.     0 output packets discarded due to no route     0 output datagrams fragmented     0 fragments created     0 datagrams that can't be fragmented     0 packets that violated scope rules     0 multicast packets which we don't join     Input histogram:         TCP: 4     Mbuf statistics:         4 one mbuf         0 one ext mbuf         0 two or more ext mbuf     0 packets whose headers are not continuous     0 tunneling packets that can't find gif     0 packets discarded because of too many headers     0 failures of source address selection     Source addresses selection rule applied:         2 first candidate         2 same address icmp6:     0 calls to icmp6_error     0 errors not generated in response to an icmp6 message     0 errors not generated because of rate limitation     0 messages with bad code fields     0 messages < minimum length     0 bad checksums     0 messages with bad length     Histogram of error messages to be generated:         0 no route         0 administratively prohibited         0 beyond scope         0 address unreachable         0 port unreachable         0 packet too big         0 time exceed transit         0 time exceed reassembly         0 erroneous header field         0 unrecognized next header         0 unrecognized option         0 redirect         0 unknown     0 message responses generated     0 messages with too many ND options     0 messages with bad ND options     0 bad neighbor solicitation messages     0 bad neighbor advertisement messages     0 bad router solicitation messages     0 bad router advertisement messages     0 bad redirect messages     0 path MTU changes rip6:     0 messages received     0 checksum calculations on inbound     0 messages with bad checksum     0 messages dropped due to no socket     0 multicast messages dropped due to no socket     0 messages dropped due to full socket buffers     0 delivered     0 datagrams output >и sysctl -a net.inet net.inet.ip.portrange.randomtime: 45 net.inet.ip.portrange.randomcps: 10 net.inet.ip.portrange.randomized: 1 net.inet.ip.portrange.reservedlow: 0 net.inet.ip.portrange.reservedhigh: 1023 net.inet.ip.portrange.hilast: 65535 net.inet.ip.portrange.hifirst: 49152 net.inet.ip.portrange.last: 65535 net.inet.ip.portrange.first: 10000 net.inet.ip.portrange.lowlast: 600 net.inet.ip.portrange.lowfirst: 1023 net.inet.ip.forwarding: 0 net.inet.ip.redirect: 1 net.inet.ip.ttl: 64 net.inet.ip.rtexpire: 3600 net.inet.ip.rtminexpire: 10 net.inet.ip.rtmaxcache: 128 net.inet.ip.sourceroute: 0 net.inet.ip.intr_queue_maxlen: 256 net.inet.ip.intr_queue_drops: 0 net.inet.ip.accept_sourceroute: 0 net.inet.ip.keepfaith: 0 net.inet.ip.gifttl: 30 net.inet.ip.same_prefix_carp_only: 0 net.inet.ip.subnets_are_local: 0 net.inet.ip.random_id_total: 0 net.inet.ip.random_id_collisions: 0 net.inet.ip.random_id_period: 8192 net.inet.ip.mcast.loop: 1 net.inet.ip.mcast.maxsocksrc: 128 net.inet.ip.mcast.maxgrpsrc: 512 net.inet.ip.fastforwarding: 0 net.inet.ip.maxfragpackets: 800 net.inet.ip.output_flowtable_size: 32768 net.inet.ip.maxfragsperpacket: 16 net.inet.ip.fragpackets: 0 net.inet.ip.check_interface: 0 net.inet.ip.random_id: 0 net.inet.ip.sendsourcequench: 0 net.inet.ip.process_options: 1 net.inet.icmp.maskrepl: 0 net.inet.icmp.icmplim: 200 net.inet.icmp.bmcastecho: 0 net.inet.icmp.quotelen: 8 net.inet.icmp.reply_from_interface: 0 net.inet.icmp.reply_src: net.inet.icmp.icmplim_output: 1 net.inet.icmp.log_redirect: 0 net.inet.icmp.drop_redirect: 0 net.inet.icmp.maskfake: 0 net.inet.igmp.gsrdelay: 10 net.inet.igmp.default_version: 3 net.inet.igmp.legacysupp: 0 net.inet.igmp.v2enable: 1 net.inet.igmp.v1enable: 1 net.inet.igmp.sendlocal: 1 net.inet.igmp.sendra: 1 net.inet.igmp.recvifkludge: 1 net.inet.tcp.rfc1323: 1 net.inet.tcp.mssdflt: 512 net.inet.tcp.keepidle: 7200000 net.inet.tcp.keepintvl: 75000 net.inet.tcp.sendspace: 32768 net.inet.tcp.recvspace: 65536 net.inet.tcp.keepinit: 75000 net.inet.tcp.delacktime: 100 net.inet.tcp.v6mssdflt: 1024 net.inet.tcp.hostcache.purge: 0 net.inet.tcp.hostcache.prune: 300 net.inet.tcp.hostcache.expire: 3600 net.inet.tcp.hostcache.count: 1 net.inet.tcp.hostcache.bucketlimit: 30 net.inet.tcp.hostcache.hashsize: 512 net.inet.tcp.hostcache.cachelimit: 15360 net.inet.tcp.read_locking: 1 net.inet.tcp.recvbuf_max: 262144 net.inet.tcp.recvbuf_inc: 16384 net.inet.tcp.recvbuf_auto: 1 net.inet.tcp.insecure_rst: 0 net.inet.tcp.ecn.maxretries: 1 net.inet.tcp.ecn.enable: 0 net.inet.tcp.abc_l_var: 2 net.inet.tcp.rfc3465: 1 net.inet.tcp.rfc3390: 1 net.inet.tcp.rfc3042: 1 net.inet.tcp.drop_synfin: 0 net.inet.tcp.delayed_ack: 1 net.inet.tcp.blackhole: 0 net.inet.tcp.log_in_vain: 0 net.inet.tcp.sendbuf_max: 262144 net.inet.tcp.sendbuf_inc: 8192 net.inet.tcp.sendbuf_auto: 1 net.inet.tcp.tso: 1 net.inet.tcp.newreno: 1 net.inet.tcp.local_slowstart_flightsize: 4 net.inet.tcp.slowstart_flightsize: 1 net.inet.tcp.path_mtu_discovery: 1 net.inet.tcp.reass.overflows: 0 net.inet.tcp.reass.cursegments: 0 net.inet.tcp.reass.maxsegments: 1680 net.inet.tcp.sack.globalholes: 0 net.inet.tcp.sack.globalmaxholes: 65536 net.inet.tcp.sack.maxholes: 128 net.inet.tcp.sack.enable: 1 net.inet.tcp.inflight.stab: 20 net.inet.tcp.inflight.max: 1073725440 net.inet.tcp.inflight.min: 6144 net.inet.tcp.inflight.rttthresh: 10 net.inet.tcp.inflight.debug: 0 net.inet.tcp.inflight.enable: 0 net.inet.tcp.isn_reseed_interval: 0 net.inet.tcp.icmp_may_rst: 1 net.inet.tcp.pcbcount: 13 net.inet.tcp.do_tcpdrain: 1 net.inet.tcp.tcbhashsize: 512 net.inet.tcp.log_debug: 0 net.inet.tcp.minmss: 216 net.inet.tcp.syncache.rst_on_sock_fail: 1 net.inet.tcp.syncache.rexmtlimit: 3 net.inet.tcp.syncache.hashsize: 512 net.inet.tcp.syncache.count: 0 net.inet.tcp.syncache.cachelimit: 15360 net.inet.tcp.syncache.bucketlimit: 30 net.inet.tcp.syncookies_only: 0 net.inet.tcp.syncookies: 1 net.inet.tcp.timer_race: 0 net.inet.tcp.finwait2_timeout: 60000 net.inet.tcp.fast_finwait2_recycle: 0 net.inet.tcp.always_keepalive: 1 net.inet.tcp.rexmit_slop: 200 net.inet.tcp.rexmit_min: 30 net.inet.tcp.msl: 30000 net.inet.tcp.nolocaltimewait: 0 net.inet.tcp.maxtcptw: 5120 net.inet.udp.checksum: 1 net.inet.udp.maxdgram: 9216 net.inet.udp.recvspace: 42080 net.inet.udp.blackhole: 0 net.inet.udp.log_in_vain: 0 net.inet.sctp.initial_cwnd: 3 net.inet.sctp.buffer_splitting: 0 net.inet.sctp.vtag_time_wait: 60 net.inet.sctp.nat_friendly_init: 0 net.inet.sctp.enable_sack_immediately: 0 net.inet.sctp.udp_tunneling_port: 0 net.inet.sctp.udp_tunneling_for_client_enable: 0 net.inet.sctp.mobility_fasthandoff: 0 net.inet.sctp.mobility_base: 0 net.inet.sctp.default_frag_interleave: 1 net.inet.sctp.default_cc_module: 0 net.inet.sctp.log_level: 0 net.inet.sctp.max_retran_chunk: 30 net.inet.sctp.min_residual: 1452 net.inet.sctp.strict_data_order: 0 net.inet.sctp.abort_at_limit: 0 net.inet.sctp.hb_max_burst: 4 net.inet.sctp.do_sctp_drain: 1 net.inet.sctp.max_chained_mbufs: 5 net.inet.sctp.abc_l_var: 1 net.inet.sctp.nat_friendly: 1 net.inet.sctp.auth_disable: 0 net.inet.sctp.asconf_auth_nochk: 0 net.inet.sctp.early_fast_retran_msec: 250 net.inet.sctp.early_fast_retran: 0 net.inet.sctp.cwnd_maxburst: 1 net.inet.sctp.cmt_pf: 0 net.inet.sctp.cmt_use_dac: 0 net.inet.sctp.nr_sack_on_off: 0 net.inet.sctp.cmt_on_off: 0 net.inet.sctp.outgoing_streams: 10 net.inet.sctp.add_more_on_output: 1452 net.inet.sctp.path_rtx_max: 5 net.inet.sctp.assoc_rtx_max: 10 net.inet.sctp.init_rtx_max: 8 net.inet.sctp.valid_cookie_life: 60000 net.inet.sctp.init_rto_max: 60000 net.inet.sctp.rto_initial: 3000 net.inet.sctp.rto_min: 1000 net.inet.sctp.rto_max: 60000 net.inet.sctp.secret_lifetime: 3600 net.inet.sctp.shutdown_guard_time: 180 net.inet.sctp.pmtu_raise_time: 600 net.inet.sctp.heartbeat_interval: 30000 net.inet.sctp.asoc_resource: 10 net.inet.sctp.sys_resource: 1000 net.inet.sctp.sack_freq: 2 net.inet.sctp.delayed_sack_time: 200 net.inet.sctp.chunkscale: 10 net.inet.sctp.min_split_point: 2904 net.inet.sctp.pcbhashsize: 256 net.inet.sctp.tcbhashsize: 1024 net.inet.sctp.maxchunks: 3200 net.inet.sctp.maxburst: 4 net.inet.sctp.peer_chkoh: 256 net.inet.sctp.strict_init: 1 net.inet.sctp.loopback_nocsum: 1 net.inet.sctp.strict_sacks: 1 net.inet.sctp.ecn_nonce: 0 net.inet.sctp.ecn_enable: 1 net.inet.sctp.auto_asconf: 1 net.inet.sctp.recvspace: 233016 net.inet.sctp.sendspace: 233016 net.inet.raw.recvspace: 9216 net.inet.raw.maxdgram: 9216 net.inet.accf.unloadable: 0 net.inet.flowtable.stats: table name: ipv4     collisions: 0     allocated: 0     misses: 5     max_depth: 0     free_checks: 13     frees: 4     hits: 206     lookups: 211 net.inet.flowtable.nmbflows: 25600 net.inet.flowtable.tcp_expire: 86400 net.inet.flowtable.fin_wait_expire: 600 net.inet.flowtable.udp_expire: 300 net.inet.flowtable.syn_expire: 300 net.inet.flowtable.enable: 1 net.inet.flowtable.debug: 0