Date: Fri, 1 Aug 2008 00:08:38 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: ticso@cicely.de Cc: freebsd-net@freebsd.org Subject: Re: TCP zombie connections with 7-RELEASE and STABLE from 15th june Message-ID: <alpine.BSF.1.10.0808010004440.14518@odysseus.silby.com> In-Reply-To: <20080718135931.GA48087@cicely7.cicely.de> References: <20080718135931.GA48087@cicely7.cicely.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 18 Jul 2008, Bernd Walter wrote: > 443 is a self written server, but it also happens with port 80 and > sslproxy. > The client is a telnet, which disconnects directly after connecting, > so the disconnect is initiated from the client, which seems to be > important for this problem to trigger. > > You can see that the FIN handshake completes and netstat on the > client box shows the connection in TIME_WAIT. > The server however has the connection still in ESTABLISHED state. Well, syncookies allow the ack of the 3WHS to establish a connection. Just a quick look at your tcpdump shows that since you aren't sending any data you are not advancing the sequence number. As a result, it looks like one of the ACKs the client sends during connection shutdown may actually be causing the server to re-establish the connection. You might want to file a PR with exact instructions (and code) that'll easily reproduce this so that it can be solved at some point in the future. I don't have time to look into it now, although I'd be happy to code review a fix! -Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.1.10.0808010004440.14518>