From owner-freebsd-net@FreeBSD.ORG  Mon Dec 14 23:20:10 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1E94B1065670
	for <freebsd-net@freebsd.org>; Mon, 14 Dec 2009 23:20:10 +0000 (UTC)
	(envelope-from fjo@ogris.de)
Received: from ns1.ogris.net (ns1.ogris.net [212.62.68.23])
	by mx1.freebsd.org (Postfix) with ESMTP id D70E18FC12
	for <freebsd-net@freebsd.org>; Mon, 14 Dec 2009 23:20:09 +0000 (UTC)
Received: from [192.168.0.14] (p54877C65.dip.t-dialin.net [84.135.124.101])
	by ns1.ogris.net (Postfix) with ESMTPA id 1CF3F1211A3;
	Tue, 15 Dec 2009 00:03:00 +0100 (CET)
User-Agent: Microsoft-Entourage/13.3.0.091002
Date: Tue, 15 Dec 2009 00:02:59 +0100
From: "Felix J. Ogris" <fjo@ogris.de>
To: <freebsd-net@freebsd.org>
Message-ID: <C74C82B3.2324A%fjo@ogris.de>
Thread-Topic: tcp keepalive after fin+ack from client and server
Thread-Index: Acp9EZRVHLr2RcLOAUGJrR7El/yqSA==
In-Reply-To: <4B25BFF3.4060103@elischer.org>
Mime-version: 1.0
Content-type: text/plain;
	charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: Julian Elischer <julian@elischer.org>
Subject: Re: tcp keepalive after fin+ack from client and server
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2009 23:20:10 -0000

On 12/14/09 5:32 AM, "Julian Elischer" wrote:

> Felix J. Ogris wrote:
>> Hi,
>> 
>> I am experiencing some strange problem where FreeBSD sometimes starts
>> sending tcp keepalives after client and server have sent and ack'ed FINs.
>> The server runs 7.1-RELEASE/amd64 with open-vm-tools-nox11-148847 in a
>> VMware ESXi 4.0. The client runs a CentOS Linux 2.6.18-164.6.1.el5PAE SMP on
>> a bare metal machine. FreeBSD houses a Apache installation with sendfile and
>> mmap enabled. The Linux machine runs a homemade monitoring system and starts
>> a Perl script every 5 minutes to check if Apache is still alive. I have put
>> a tcpdump output on http://ogris.de/keepalive.txt for readability and can
>> provide the raw tcpdump file, if needed. Client and server keep sending
>> those keepalives for about 2 hours (yielding 300kB/s constantly) if not
>> stopped manually by an ipfw rule. lsof shows that no user process has open
>> the corresponding sockets anymore, whereas netstat shows established
>> connections.
>> FreeBSD has loaded ipfw with some keep-state rules, the Linux box has
>> iptables disabled.
> 
> 
> are you sure it isn't the firewall (ipfw) sending keepalives? it is
> one of the options with kept state to inject keepalives.
> if it didint' see all the FINs for some reason, it may think the
> session is still alive.

Thanks for the hint - net.inet.ip.fw.dyn_keepalive=0 did the trick.

Felix