check http://lxr.linux.no/linux+v3.5.3/net/ipv4/tcp_minisocks.c#L707 It mean the client sent a RST after it receive a SYN+ACK. Which maybe just malicious client behavior. On the other hand, when you look at these counters, you would have to calcuate either a rate (increase per second or a ratio compare to some other event). It will tell you whether something is just accumalative for a long time or something that is happening really really often. Cheers. On Fri, Aug 31, 2012 at 2:08 AM, kay <kay.diam@xxxxxxxxx> wrote: > > Dear community, > > I'm new in network stack optimization and I have rather big subj value > on back end servers: > > 2479229 resets received for embryonic SYN_RECV sockets > > I've googled for it but didn't find exact explanation of this value. > How can I catch it using tcpdump and how can I avoid it? > > sysctl custom values: > net.ipv4.tcp_timestamps = 1 > net.ipv4.tcp_window_scaling = 1 > net.ipv4.tcp_fack = 1 > net.ipv4.tcp_sack = 1 > net.ipv4.ip_forward = 0 > net.ipv4.conf.default.rp_filter = 1 > net.ipv4.conf.default.accept_source_route = 0 > net.ipv4.tcp_tw_reuse = 1 > net.ipv4.tcp_tw_recycle = 1 > > I have attached netstat -s. CentOS 6.2, kvm virtual machine. > > P.S. Also I use ipvs + keepalived. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
