From owner-freebsd-stable@FreeBSD.ORG  Thu May 29 06:07:08 2008
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 824F1106566B
	for <freebsd-stable@freebsd.org>; Thu, 29 May 2008 06:07:08 +0000 (UTC)
	(envelope-from jdc@parodius.com)
Received: from mx01.sc1.parodius.com (mx01.sc1.parodius.com [72.20.106.3])
	by mx1.freebsd.org (Postfix) with ESMTP id 8442B8FC16
	for <freebsd-stable@freebsd.org>; Thu, 29 May 2008 06:07:08 +0000 (UTC)
	(envelope-from jdc@parodius.com)
Received: by mx01.sc1.parodius.com (Postfix, from userid 1000)
	id 5B64F1CC031; Wed, 28 May 2008 23:07:08 -0700 (PDT)
Date: Wed, 28 May 2008 23:07:08 -0700
From: Jeremy Chadwick <koitsu@FreeBSD.org>
To: Robert Blayzor <rblayzor.bulk@inoc.net>
Message-ID: <20080529060708.GA66432@eos.sc1.parodius.com>
References: <B42F9BDF-1E00-45FF-BD88-5A07B5B553DC@inoc.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <B42F9BDF-1E00-45FF-BD88-5A07B5B553DC@inoc.net>
User-Agent: Mutt/1.5.17 (2007-11-01)
Cc: freebsd-stable@freebsd.org
Subject: Re: Sockets stuck in FIN_WAIT_1
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 May 2008 06:07:08 -0000

On Wed, May 28, 2008 at 06:13:04PM -0400, Robert Blayzor wrote:
> Here is what I have on the server now:
>
> and loader.conf
>
> accf_http_load="YES"

You shouldn't bother with this.  Let the apache22 rc.d script handle
loading it dynamically.  Use apache22_http_accept_enable="yes" in
rc.conf.

I've read reports in the past how the accept filter can cause FIN_WAIT
issues, but I can't remember if that's FIN_WAIT_2 or FIN_WAIT_1.

I've also read that pf(4) could possibly cause what you're seeing, so if
you have broken firewall rules, those may be responsible for this
behaviour.

Finally, for what it's worth, we don't have this problem on RELENG_6 or
RELENG_7 using Apache 2.2 with the accept filter, and also use pf(4).
We use absolutely no tuning in sysctl.conf for any of the things you
have listed.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |