Date: Tue, 15 Dec 2009 00:02:59 +0100 From: "Felix J. Ogris" <fjo@ogris.de> To: <freebsd-net@freebsd.org> Cc: Julian Elischer <julian@elischer.org> Subject: Re: tcp keepalive after fin+ack from client and server Message-ID: <C74C82B3.2324A%fjo@ogris.de> In-Reply-To: <4B25BFF3.4060103@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/14/09 5:32 AM, "Julian Elischer" wrote: > Felix J. Ogris wrote: >> Hi, >> >> I am experiencing some strange problem where FreeBSD sometimes starts >> sending tcp keepalives after client and server have sent and ack'ed FINs. >> The server runs 7.1-RELEASE/amd64 with open-vm-tools-nox11-148847 in a >> VMware ESXi 4.0. The client runs a CentOS Linux 2.6.18-164.6.1.el5PAE SMP on >> a bare metal machine. FreeBSD houses a Apache installation with sendfile and >> mmap enabled. The Linux machine runs a homemade monitoring system and starts >> a Perl script every 5 minutes to check if Apache is still alive. I have put >> a tcpdump output on http://ogris.de/keepalive.txt for readability and can >> provide the raw tcpdump file, if needed. Client and server keep sending >> those keepalives for about 2 hours (yielding 300kB/s constantly) if not >> stopped manually by an ipfw rule. lsof shows that no user process has open >> the corresponding sockets anymore, whereas netstat shows established >> connections. >> FreeBSD has loaded ipfw with some keep-state rules, the Linux box has >> iptables disabled. > > > are you sure it isn't the firewall (ipfw) sending keepalives? it is > one of the options with kept state to inject keepalives. > if it didint' see all the FINs for some reason, it may think the > session is still alive. Thanks for the hint - net.inet.ip.fw.dyn_keepalive=0 did the trick. Felix
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C74C82B3.2324A%fjo>