Re: [44net] missing packets in to AMPRGW ?

amprgw has an icmp response rate limit set to 1 per second. If a bunch of people are triggering ICMP responses (by pinging it, traceroute to it, etc) at the same time it will not respond to all of them. This is done via sysctl net.inet.icmp.icmplim=1 sysctl net.inet.icmp.icmplim_output=1 The log shows a large number of 'limiting icmp ping response' messages like the following: Aug 23 06:40:01 <kern.crit> amprgw kernel: Limiting icmp ping response from 21 to 1 packets/sec and tcpdump shows a LOT of icmp traffic. As an experiment, I turned off icmp rate limiting for a brief period and the ping response "loss" rate went to zero, which I believe means that it's seeing a lot of traffic that would be generating icmp responses if it were not limited. - Brian