[FUG-BR] Res: Re: Res: Re: ping: sendto: Operation not permitted
Marcelo Gondim
gondim em bsdinfo.com.br
Sexta Outubro 14 20:00:50 BRT 2011
Em 14/10/2011 18:51, Alexandre Biancalana escreveu:
> manda a saida de um vmstat -z
Tá na mão :)
ITEM SIZE LIMIT USED FREE REQUESTS
FAILURES
UMA Kegs: 208, 0, 97, 5,
97, 0
UMA Zones: 320, 0, 97, 11,
97, 0
UMA Slabs: 568, 0, 1485, 349,
23720, 0
UMA RCntSlabs: 568, 0, 2069, 101,
125843, 0
UMA Hash: 256, 0, 0, 0,
3, 0
16 Bucket: 152, 0, 26, 99,
170, 0
32 Bucket: 280, 0, 55, 57,
242, 0
64 Bucket: 536, 0, 58, 54,
406, 1
128 Bucket: 1048, 0, 262, 74,
7350, 31565
VM OBJECT: 216, 0, 52514, 81820,
184530258, 0
MAP: 232, 0, 7, 25,
7, 0
KMAP ENTRY: 120, 183179, 26, 191,
7787, 0
MAP ENTRY: 120, 0, 6714, 2586,
306144998, 0
DP fakepg: 120, 0, 0, 0,
0, 0
SG fakepg: 120, 0, 0, 0,
0, 0
mt_zone: 2056, 0, 220, 11,
220, 0
16: 16, 0, 1673, 679,
4577060, 0
32: 32, 0, 1946, 680,
8094797, 0
64: 64, 0, 4624, 864,
3421706348, 0
128: 128, 0, 6997, 1906,
2000615, 0
256: 256, 0, 646, 554,
8433122, 0
512: 512, 0, 1606, 515,
13995254, 0
1024: 1024, 0, 68, 252,
194472, 0
2048: 2048, 0, 59, 287,
12924, 0
4096: 4096, 0, 323, 449,
13994954, 0
Files: 80, 0, 1411, 839,
26574870, 0
TURNSTILE: 136, 0, 1105, 55,
1108, 0
umtx pi: 96, 0, 0, 0,
0, 0
MAC labels: 40, 0, 0, 0,
0, 0
PROC: 1136, 0, 79, 779,
10312573, 0
THREAD: 1120, 0, 1026, 78,
1376, 0
SLEEPQUEUE: 80, 0, 1105, 84,
1108, 0
VMSPACE: 392, 0, 57, 753,
10312554, 0
cpuset: 72, 0, 8, 192,
8, 0
audit_record: 952, 0, 0, 0,
0, 0
mbuf_packet: 256, 0, 2055, 412,
3373071003, 0
mbuf: 256, 0, 3, 515,
61869356, 0
mbuf_cluster: 2048, 66560, 2468, 498,
1649804569, 0
mbuf_jumbo_page: 4096, 33280, 0, 586,
2873555, 0
mbuf_jumbo_9k: 9216, 16640, 0, 0,
0, 0
mbuf_jumbo_16k: 16384, 8320, 0, 0,
0, 0
mbuf_ext_refcnt: 4, 0, 0, 168,
58, 0
g_bio: 232, 0, 0, 656,
6563051, 0
ttyinq: 160, 0, 180, 228,
1050, 0
ttyoutq: 256, 0, 96, 129,
560, 0
ata_request: 320, 0, 0, 372,
1640767, 0
ata_composite: 336, 0, 0, 0,
0, 0
cryptop: 88, 0, 0, 0,
0, 0
cryptodesc: 72, 0, 0, 0,
0, 0
VNODE: 472, 0, 50375, 27873,
519033, 0
VNODEPOLL: 112, 0, 1, 65,
2, 0
S VFS Cache: 108, 0, 51699, 34992,
490366, 0
L VFS Cache: 328, 0, 276, 1620,
50664, 0
NAMEI: 1024, 0, 0, 480,
65773982, 0
NFSMOUNT: 632, 0, 0, 0,
0, 0
NFSNODE: 688, 0, 0, 0,
0, 0
DIRHASH: 1024, 0, 9, 483,
9185, 0
pipe: 728, 0, 12, 688,
6962759, 0
ksiginfo: 112, 0, 847, 572,
17217, 0
itimer: 344, 0, 1, 21,
1, 0
KNOTE: 128, 0, 44, 594,
177865, 0
socket: 680, 66564, 271, 677,
417479, 0
unpcb: 240, 66560, 220, 580,
27056, 0
ipq: 56, 2142, 0, 126,
2173, 0
udp_inpcb: 336, 66561, 18, 268,
317350, 0
udpcb: 16, 66696, 18, 654,
317350, 0
tcp_inpcb: 336, 66561, 34, 714,
72929, 0
tcpcb: 880, 66560, 29, 611,
72929, 0
tcptw: 72, 13350, 5, 745,
33346, 0
syncache: 144, 15366, 0, 260,
41689, 0
hostcache: 136, 15372, 15, 125,
45, 0
tcpreass: 40, 4200, 4, 500,
13232, 0
sackhole: 32, 0, 0, 404,
6130, 0
ripcb: 336, 66561, 0, 77,
111, 0
rtentry: 200, 0, 65, 49,
65, 0
pfsrctrpl: 152, 10000, 0, 0,
0, 0
pfrulepl: 912, 0, 197, 127,
961, 0
pfstatepl: 392, 10000, 2669, 1901,
2510030, 0
pfaltqpl: 240, 0, 0, 0,
0, 0
pfpooladdrpl: 88, 0, 26, 142,
85, 0
pfrktable: 1296, 1002, 6, 57,
92, 0
pfrkentry: 216, 100008, 32, 130,
208, 0
pfrkentry2: 216, 0, 0, 0,
0, 0
pffrent: 32, 5050, 0, 0,
0, 0
pffrag: 80, 0, 0, 0,
0, 0
pffrcache: 80, 10035, 0, 0,
0, 0
pffrcent: 24, 50022, 0, 0,
0, 0
pfstatescrub: 40, 0, 0, 0,
0, 0
pfiaddrpl: 120, 0, 0, 0,
0, 0
pfospfen: 112, 0, 696, 63,
3480, 0
pfosfp: 40, 0, 407, 349,
2035, 0
IPFW dynamic rule: 120, 0, 0, 0,
0, 0
divcb: 336, 66561, 0, 0,
0, 0
selfd: 56, 0, 1343, 799,
27180047, 0
SWAPMETA: 288, 116519, 16, 36,
95, 0
Mountpoints: 752, 0, 5, 10,
5, 0
FFS inode: 168, 0, 50330, 33358,
518858, 0
FFS1 dinode: 128, 0, 0, 0,
0, 0
FFS2 dinode: 256, 0, 50330, 31405,
518858, 0
>
> 2011/10/14 Marcelo Gondim<gondim em bsdinfo.com.br>:
>> Em 14/10/2011 12:01, Alexandre Biancalana escreveu:
>>> manda a saida do netstat -mi
>> Opa Alexandre,
>>
>> Aqui vai:
>>
>> (root em seca)[~]# netstat -mi
>> 2050/1415/3465 mbufs in use (current/cache/total)
>> 2048/1326/3374/66560 mbuf clusters in use (current/cache/total/max)
>> 2047/581 mbuf+clusters out of packet secondary zone in use (current/cache)
>> 0/574/574/33280 4k (page size) jumbo clusters in use
>> (current/cache/total/max)
>> 0/0/0/16640 9k jumbo clusters in use (current/cache/total/max)
>> 0/0/0/8320 16k jumbo clusters in use (current/cache/total/max)
>> 4608K/5301K/9910K bytes allocated to network (current/cache/total)
>> 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters)
>> 0/0/0 requests for jumbo clusters denied (4k/9k/16k)
>> 0/0/0 sfbufs in use (current/peak/max)
>> 0 requests for sfbufs denied
>> 0 requests for sfbufs delayed
>> 2 requests for I/O initiated by sendfile
>> 0 calls to protocol drain routines
>>
>>>
>>> 2011/10/14<gianrubio em gmail.com>:
>>>> E a a tabela de estados foi otimizada? Qtas sessoes você tem aberta qdo acontece o erro?
>>>> Rode um pfctl -ss ! Wc -l qdo der o erro
>>>> Enviado pelo meu aparelho BlackBerry® da Vivo
>>>>
>>>> -----Original Message-----
>>>> From: Marcelo Gondim<gondim em bsdinfo.com.br>
>>>> Sender: freebsd-bounces em fug.com.br
>>>> Date: Fri, 14 Oct 2011 09:32:59
>>>> To: "Lista Brasileira de Discussão sobre Fre eBSD (FUG-BR)"<freebsd em fug.com.br>
>>>> Reply-To: Lista Brasileira de Discussão sobre FreeBSD
>>>> (FUG-BR)<freebsd em fug.com.br>
>>>> Subject: Re: [FUG-BR] Res: Re: ping: sendto: Operation not permitted
>>>>
>>>> Em 14/10/2011 00:31, gianrubio em gmail.com escreveu:
>>>>> Pf ou ipfw?
>>>> Opa, to usando PF nele mas controlando só o acesso ao próprio Firewall
>>>> porque como é provedor a gente não pode fazer bloqueios de forward para
>>>> os clientes. Só usamos mesmo quando aparece algum ataque ou algo que
>>>> precisamos conter. Fora isso drop nas portas usadas pelo windows e que
>>>> os worms adoram. rsrsrrs
>>>>
>>>>> Enviado pelo meu aparelho BlackBerry® da Vivo
>>>>>
>>>>> -----Original Message-----
>>>>> From: Marcelo Gondim<gondim em bsdinfo.com.br>
>>>>> Sender: freebsd-bounces em fug.com.br
>>>>> Date: Thu, 13 Oct 2011 22:59:02
>>>>> To: "Lista Brasileira de Discussão sobre Fre eBSD (FUG-BR)"<freebsd em fug.com.br>
>>>>> Reply-To: Lista Brasileira de Discussão sobre FreeBSD
>>>>> (FUG-BR)<freebsd em fug.com.br>
>>>>> Subject: Re: [FUG-BR] ping: sendto: Operation not permitted
>>>>>
>>>>> Em 13/10/2011 18:30, Rodrigo Mosconi escreveu:
>>>>>> Em 13 de outubro de 2011 17:02, Marcelo Gondim<gondim em bsdinfo.com.br> escreveu:
>>>>>>> Pessoal,
>>>>>>>
>>>>>>> Hoje aconteceu algo estranho aqui no Firewall, algo que não havia
>>>>>>> percebido antes mas que pode estar relacionado com a falta de
>>>>>>> performance em algumas ocasiões.
>>>>>>> Do nada o acesso aos servidores ficaram com muita perda e todos eles
>>>>>>> passam pelo Firewall. Envio e consulta de e-mails travando e tal.
>>>>>>>
>>>>>>> Quando me loguei no Firewall e tentei pingar alguns lugares tanto
>>>>>>> externos quanto na minha própria rede local algumas vezes pingava e
>>>>>>> outras aparecia a mensagem abaixo:
>>>>>>>
>>>>>>> ping: sendto: Operation not permitted
>>>>>>>
>>>>>>> Essa mensagem aparecia algumas vezes como resposta do ping e logo em
>>>>>>> seguida continuava à pingar normal.
>>>>>>>
>>>>>>> Não vi nada no dmesg e nem no messages relacionado à esse problema e
>>>>>>> procurando na sysctl não vi nenhum limite no icmp:
>>>>>>>
>>>>>>> (root em seca)[~]# sysctl -a|grep icmp
>>>>>>> net.inet.icmp.maskrepl: 0
>>>>>>> net.inet.icmp.icmplim: 0
>>>>>>> net.inet.icmp.bmcastecho: 0
>>>>>>> net.inet.icmp.quotelen: 8
>>>>>>> net.inet.icmp.reply_from_interface: 0
>>>>>>> net.inet.icmp.reply_src:
>>>>>>> net.inet.icmp.icmplim_output: 0
>>>>>>> net.inet.icmp.log_redirect: 0
>>>>>>> net.inet.icmp.drop_redirect: 1
>>>>>>> net.inet.icmp.maskfake: 0
>>>>>>> net.inet.tcp.icmp_may_rst: 1
>>>>>>> net.inet6.icmp6.rediraccept: 1
>>>>>>> net.inet6.icmp6.redirtimeout: 600
>>>>>>> net.inet6.icmp6.nd6_prune: 1
>>>>>>> net.inet6.icmp6.nd6_delay: 5
>>>>>>> net.inet6.icmp6.nd6_umaxtries: 3
>>>>>>> net.inet6.icmp6.nd6_mmaxtries: 3
>>>>>>> net.inet6.icmp6.nd6_useloopback: 1
>>>>>>> net.inet6.icmp6.nodeinfo: 3
>>>>>>> net.inet6.icmp6.errppslimit: 100
>>>>>>> net.inet6.icmp6.nd6_maxnudhint: 0
>>>>>>> net.inet6.icmp6.nd6_debug: 0
>>>>>>> net.inet6.icmp6.nd6_maxqueuelen: 1
>>>>>>> net.inet6.icmp6.nd6_onlink_ns_rfc4861: 0
>>>>>>>
>>>>>>> Tentei no google e achei algumas coisas vagas relacionadas ao PF. O fato
>>>>>>> é que após um reboot do Firewall tudo normalizou.
>>>>>>> Alguém tem alguma idéia? O estranho é que o sistema se desestabilizou
>>>>>>> todo e só com um reboot que voltou à funcionar. Depois vi que podia ter
>>>>>>> feito um disable no PF pra ver se ele era o causador mas já havia
>>>>>>> re-iniciado o sistema. Próxima vez tentarei isso antes.
>>>>>>>
>>>>>>> []´s à todos
>>>>>>> -------------------------
>>>>>>> Histórico: http://www.fug.com.br/historico/html/freebsd/
>>>>>>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>>>>>>
>>>>>> sysctl net.inet?
>>>>>>
>>>>> Opa Rodrigo,
>>>>>
>>>>> O tráfego nesse Firewall é de 160 à 200Mbps. O Firewall está stateless
>>>>> no forward dos pacotes.
>>>>>
>>>>> net.inet.ip.portrange.randomtime: 45
>>>>> net.inet.ip.portrange.randomcps: 10
>>>>> net.inet.ip.portrange.randomized: 1
>>>>> net.inet.ip.portrange.reservedlow: 0
>>>>> net.inet.ip.portrange.reservedhigh: 1023
>>>>> net.inet.ip.portrange.hilast: 65535
>>>>> net.inet.ip.portrange.hifirst: 49152
>>>>> net.inet.ip.portrange.last: 65535
>>>>> net.inet.ip.portrange.first: 10000
>>>>> net.inet.ip.portrange.lowlast: 600
>>>>> net.inet.ip.portrange.lowfirst: 1023
>>>>> net.inet.ip.forwarding: 1
>>>>> net.inet.ip.redirect: 0
>>>>> net.inet.ip.ttl: 64
>>>>> net.inet.ip.rtexpire: 3600
>>>>> net.inet.ip.rtminexpire: 10
>>>>> net.inet.ip.rtmaxcache: 128
>>>>> net.inet.ip.sourceroute: 0
>>>>> net.inet.ip.intr_queue_maxlen: 256
>>>>> net.inet.ip.intr_queue_drops: 0
>>>>> net.inet.ip.accept_sourceroute: 0
>>>>> net.inet.ip.keepfaith: 0
>>>>> net.inet.ip.gifttl: 30
>>>>> net.inet.ip.same_prefix_carp_only: 0
>>>>> net.inet.ip.subnets_are_local: 0
>>>>> net.inet.ip.random_id_total: 0
>>>>> net.inet.ip.random_id_collisions: 0
>>>>> net.inet.ip.random_id_period: 8192
>>>>> net.inet.ip.mcast.loop: 1
>>>>> net.inet.ip.mcast.maxsocksrc: 128
>>>>> net.inet.ip.mcast.maxgrpsrc: 512
>>>>> net.inet.ip.dummynet.io_pkt_drop: 0
>>>>> net.inet.ip.dummynet.io_pkt_fast: 0
>>>>> net.inet.ip.dummynet.io_pkt: 0
>>>>> net.inet.ip.dummynet.queue_count: 0
>>>>> net.inet.ip.dummynet.fsk_count: 0
>>>>> net.inet.ip.dummynet.si_count: 0
>>>>> net.inet.ip.dummynet.schk_count: 0
>>>>> net.inet.ip.dummynet.tick_lost: 0
>>>>> net.inet.ip.dummynet.tick_diff: -1704
>>>>> net.inet.ip.dummynet.tick_adjustment: 47142177
>>>>> net.inet.ip.dummynet.tick_delta_sum: 84
>>>>> net.inet.ip.dummynet.tick_delta: 666
>>>>> net.inet.ip.dummynet.red_max_pkt_size: 1500
>>>>> net.inet.ip.dummynet.red_avg_pkt_size: 512
>>>>> net.inet.ip.dummynet.red_lookup_depth: 256
>>>>> net.inet.ip.dummynet.expire_cycle: 0
>>>>> net.inet.ip.dummynet.expire: 1
>>>>> net.inet.ip.dummynet.debug: 0
>>>>> net.inet.ip.dummynet.io_fast: 0
>>>>> net.inet.ip.dummynet.pipe_byte_limit: 1048576
>>>>> net.inet.ip.dummynet.pipe_slot_limit: 100
>>>>> net.inet.ip.dummynet.hash_size: 64
>>>>> net.inet.ip.fastforwarding: 1
>>>>> net.inet.ip.fw.static_count: 1
>>>>> net.inet.ip.fw.default_to_accept: 1
>>>>> net.inet.ip.fw.tables_max: 128
>>>>> net.inet.ip.fw.default_rule: 65535
>>>>> net.inet.ip.fw.verbose_limit: 100
>>>>> net.inet.ip.fw.verbose: 1
>>>>> net.inet.ip.fw.autoinc_step: 100
>>>>> net.inet.ip.fw.one_pass: 1
>>>>> net.inet.ip.fw.dyn_keepalive: 1
>>>>> net.inet.ip.fw.dyn_short_lifetime: 10
>>>>> net.inet.ip.fw.dyn_udp_lifetime: 10
>>>>> net.inet.ip.fw.dyn_rst_lifetime: 1
>>>>> net.inet.ip.fw.dyn_fin_lifetime: 2
>>>>> net.inet.ip.fw.dyn_syn_lifetime: 10
>>>>> net.inet.ip.fw.dyn_ack_lifetime: 120
>>>>> net.inet.ip.fw.dyn_max: 65536
>>>>> net.inet.ip.fw.dyn_count: 0
>>>>> net.inet.ip.fw.curr_dyn_buckets: 256
>>>>> net.inet.ip.fw.dyn_buckets: 65536
>>>>> net.inet.ip.fw.enable: 1
>>>>> net.inet.ip.maxfragpackets: 2080
>>>>> net.inet.ip.stealth: 0
>>>>> net.inet.ip.maxfragsperpacket: 16
>>>>> net.inet.ip.fragpackets: 1
>>>>> net.inet.ip.check_interface: 0
>>>>> net.inet.ip.random_id: 0
>>>>> net.inet.ip.sendsourcequench: 0
>>>>> net.inet.ip.process_options: 1
>>>>> net.inet.ip.alias.sctp.track_global_addresses: 0
>>>>> net.inet.ip.alias.sctp.param_proc_limit: 25
>>>>> net.inet.ip.alias.sctp.chunk_proc_limit: 5
>>>>> net.inet.ip.alias.sctp.initialising_chunk_proc_limit: 2
>>>>> net.inet.ip.alias.sctp.accept_global_ootb_addip: 0
>>>>> net.inet.ip.alias.sctp.error_on_ootb: 1
>>>>> net.inet.ip.alias.sctp.hashtable_size: 2003
>>>>> net.inet.ip.alias.sctp.holddown_timer: 0
>>>>> net.inet.ip.alias.sctp.shutdown_timer: 15
>>>>> net.inet.ip.alias.sctp.up_timer: 300
>>>>> net.inet.ip.alias.sctp.init_timer: 15
>>>>> net.inet.ip.alias.sctp.log_level: 0
>>>>> net.inet.icmp.maskrepl: 0
>>>>> net.inet.icmp.icmplim: 0
>>>>> net.inet.icmp.bmcastecho: 0
>>>>> net.inet.icmp.quotelen: 8
>>>>> net.inet.icmp.reply_from_interface: 0
>>>>> net.inet.icmp.reply_src:
>>>>> net.inet.icmp.icmplim_output: 0
>>>>> net.inet.icmp.log_redirect: 0
>>>>> net.inet.icmp.drop_redirect: 1
>>>>> net.inet.icmp.maskfake: 0
>>>>> net.inet.igmp.gsrdelay: 10
>>>>> net.inet.igmp.default_version: 3
>>>>> net.inet.igmp.legacysupp: 0
>>>>> net.inet.igmp.v2enable: 1
>>>>> net.inet.igmp.v1enable: 1
>>>>> net.inet.igmp.sendlocal: 1
>>>>> net.inet.igmp.sendra: 1
>>>>> net.inet.igmp.recvifkludge: 1
>>>>> net.inet.ipip.ipip_allow: 0
>>>>> net.inet.tcp.rfc1323: 1
>>>>> net.inet.tcp.mssdflt: 512
>>>>> net.inet.tcp.keepidle: 7200000
>>>>> net.inet.tcp.keepintvl: 75000
>>>>> net.inet.tcp.sendspace: 32768
>>>>> net.inet.tcp.recvspace: 65536
>>>>> net.inet.tcp.keepinit: 75000
>>>>> net.inet.tcp.delacktime: 100
>>>>> net.inet.tcp.v6mssdflt: 1024
>>>>> net.inet.tcp.hostcache.purge: 0
>>>>> net.inet.tcp.hostcache.prune: 300
>>>>> net.inet.tcp.hostcache.expire: 3600
>>>>> net.inet.tcp.hostcache.count: 14
>>>>> net.inet.tcp.hostcache.bucketlimit: 30
>>>>> net.inet.tcp.hostcache.hashsize: 512
>>>>> net.inet.tcp.hostcache.cachelimit: 15360
>>>>> net.inet.tcp.read_locking: 1
>>>>> net.inet.tcp.recvbuf_max: 262144
>>>>> net.inet.tcp.recvbuf_inc: 16384
>>>>> net.inet.tcp.recvbuf_auto: 1
>>>>> net.inet.tcp.insecure_rst: 0
>>>>> net.inet.tcp.ecn.maxretries: 1
>>>>> net.inet.tcp.ecn.enable: 0
>>>>> net.inet.tcp.abc_l_var: 2
>>>>> net.inet.tcp.rfc3465: 1
>>>>> net.inet.tcp.rfc3390: 1
>>>>> net.inet.tcp.rfc3042: 1
>>>>> net.inet.tcp.drop_synfin: 1
>>>>> net.inet.tcp.delayed_ack: 1
>>>>> net.inet.tcp.blackhole: 0
>>>>> net.inet.tcp.log_in_vain: 0
>>>>> net.inet.tcp.sendbuf_max: 262144
>>>>> net.inet.tcp.sendbuf_inc: 8192
>>>>> net.inet.tcp.sendbuf_auto: 1
>>>>> net.inet.tcp.tso: 1
>>>>> net.inet.tcp.newreno: 1
>>>>> net.inet.tcp.local_slowstart_flightsize: 4
>>>>> net.inet.tcp.slowstart_flightsize: 1
>>>>> net.inet.tcp.path_mtu_discovery: 1
>>>>> net.inet.tcp.reass.overflows: 0
>>>>> net.inet.tcp.reass.cursegments: 0
>>>>> net.inet.tcp.reass.maxsegments: 4200
>>>>> net.inet.tcp.sack.globalholes: 0
>>>>> net.inet.tcp.sack.globalmaxholes: 65536
>>>>> net.inet.tcp.sack.maxholes: 128
>>>>> net.inet.tcp.sack.enable: 1
>>>>> net.inet.tcp.signature_verify_input: 1
>>>>> net.inet.tcp.inflight.stab: 20
>>>>> net.inet.tcp.inflight.max: 1073725440
>>>>> net.inet.tcp.inflight.min: 6144
>>>>> net.inet.tcp.inflight.rttthresh: 10
>>>>> net.inet.tcp.inflight.debug: 0
>>>>> net.inet.tcp.inflight.enable: 0
>>>>> net.inet.tcp.isn_reseed_interval: 0
>>>>> net.inet.tcp.icmp_may_rst: 1
>>>>> net.inet.tcp.pcbcount: 16
>>>>> net.inet.tcp.do_tcpdrain: 1
>>>>> net.inet.tcp.tcbhashsize: 512
>>>>> net.inet.tcp.log_debug: 0
>>>>> net.inet.tcp.minmss: 216
>>>>> net.inet.tcp.syncache.rst_on_sock_fail: 1
>>>>> net.inet.tcp.syncache.rexmtlimit: 3
>>>>> net.inet.tcp.syncache.hashsize: 512
>>>>> net.inet.tcp.syncache.count: 0
>>>>> net.inet.tcp.syncache.cachelimit: 15360
>>>>> net.inet.tcp.syncache.bucketlimit: 30
>>>>> net.inet.tcp.syncookies_only: 0
>>>>> net.inet.tcp.syncookies: 1
>>>>> net.inet.tcp.timer_race: 0
>>>>> net.inet.tcp.finwait2_timeout: 60000
>>>>> net.inet.tcp.fast_finwait2_recycle: 0
>>>>> net.inet.tcp.always_keepalive: 1
>>>>> net.inet.tcp.rexmit_slop: 200
>>>>> net.inet.tcp.rexmit_min: 30
>>>>> net.inet.tcp.msl: 3000
>>>>> net.inet.tcp.nolocaltimewait: 0
>>>>> net.inet.tcp.maxtcptw: 13312
>>>>> net.inet.udp.checksum: 1
>>>>> net.inet.udp.maxdgram: 9216
>>>>> net.inet.udp.recvspace: 42080
>>>>> net.inet.udp.blackhole: 0
>>>>> net.inet.udp.log_in_vain: 0
>>>>> net.inet.esp.esp_enable: 1
>>>>> net.inet.ah.ah_cleartos: 1
>>>>> net.inet.ah.ah_enable: 1
>>>>> net.inet.ipcomp.ipcomp_enable: 1
>>>>> net.inet.carp.allow: 1
>>>>> net.inet.carp.preempt: 0
>>>>> net.inet.carp.log: 1
>>>>> net.inet.carp.arpbalance: 0
>>>>> net.inet.carp.suppress_preempt: 0
>>>>> net.inet.ipsec.def_policy: 1
>>>>> net.inet.ipsec.esp_trans_deflev: 1
>>>>> net.inet.ipsec.esp_net_deflev: 1
>>>>> net.inet.ipsec.ah_trans_deflev: 1
>>>>> net.inet.ipsec.ah_net_deflev: 1
>>>>> net.inet.ipsec.ah_cleartos: 1
>>>>> net.inet.ipsec.ah_offsetmask: 0
>>>>> net.inet.ipsec.dfbit: 0
>>>>> net.inet.ipsec.ecn: 0
>>>>> net.inet.ipsec.debug: 0
>>>>> net.inet.ipsec.filtertunnel: 0
>>>>> net.inet.ipsec.crypto_support: 50331648
>>>>> net.inet.raw.recvspace: 9216
>>>>> net.inet.raw.maxdgram: 9216
>>>>> net.inet.accf.unloadable: 0
>>>>> net.inet.accf.http.parsehttpversion: 1
>>>>>
Mais detalhes sobre a lista de discussão freebsd