Date: Wed, 14 May 2008 17:02:28 -0400 From: Mark Saad <msaad@datapipe.com> To: Mikolaj Golub <to.my.trociny@gmail.com> Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: Re: Socket leak Message-ID: <482B5364.7080406@datapipe.com> In-Reply-To: <81y76c7kyy.fsf@zhuzha.ua1> References: <482A2639.7000401@datapipe.com> <81zlqtfazy.fsf@zhuzha.ua1> <482AED3B.1020307@datapipe.com> <81y76c7kyy.fsf@zhuzha.ua1>
next in thread | previous in thread | raw e-mail | index | archive | help
Mikolaj
I looked at netstat and I do not have this many sockets TCP or UNIX.
Wed May 14 16:58:37 EDT 2008
ewr# sysctl kern.ipc.numopensockets && netstat -an -p tcp | wc -l &&
sockstat -u |wc -l
kern.ipc.numopensockets: 15903
261
60
ewr# sockstat -46lu | wc -l
82
Running your script I can only find 1 matching 0 count socket .
I also shutdown proftpd and left it down for 10 mins and I did not see
the number of sockets drop at all.
Any ideas ?
Mikolaj Golub wrote:
> On Wed, 14 May 2008 09:46:35 -0400 Mark Saad wrote:
>
> MS> Mikolaj
> MS> Thanks for the input, did you change any of the options for
> MS> TimeoutLinger or TimeoutIdle ?
>
> No, I didn't
>
> MS> The Proftpd I am running is build for 6.3-RELEASE here are the build
> MS> options
>
> MS> Compile-time Settings:
> MS> Version: 1.3.0a
> MS> Platform: FREEBSD6 (FREEBSD6_3)
> MS> Built With:
> MS> configure CPPFLAGS=-DHAVE_OPENSSL --localstatedir=/var/run
> MS> --disable-sendfile --disable-ipv6
> MS> --with-modules=mod_sql:mod_sql_mysql:mod_check_mysql:mod_check_digest
> MS> --prefix=/usr/local
> MS> --with-includes=/usr/local/include/mysql:/usr/include/openssl
> MS> --with-libraries=/usr/local/lib/mysql
>
> It might be that it is not proftpd but other application that cause the leak.
> Anyway, to check if it is proftpd, look in its logs for entries like these:
>
> Entering Passive Mode (192,168,0,213,241,70).
> FTP session closed.
>
> Convert the last two numbers to port (241*256+70) and check by netstat if you
> still have this connection. If you have, then it is likely this is the same
> situation as in my case and the proftpd is a problem. Upgrade to 1.3.1 from
> ports then.
>
> If proftpd is ok, look for other applications. Search for connections reported
> by netstat as ESTABLISHED but not displayed by sockstat utility. You could run
> something like this:
>
> netstat -an | grep ESTABL |
> while read b l a local remote state; do
> echo -n "$local $remote: "
> sockstat |
> sed -e 's/:/./g' |
> grep -c "$local *$remote"
> done
>
> Look for sockets with 0 count. These are suspicious ones. Observe these
> sockets by netstat and try to figure out what application they could belong
> and dig in that direction.
>
> --
> Mikolaj Golub
> _______________________________________________
> freebsd-hackers@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
--
Mark Saad
Managed UNIX Support
DataPipe Managed Global IT Services
msaad@datapipe.com
1.201.792.4847 (international)
1.888.749.5821 (toll free)
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/emaildisclaimer.aspx for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?482B5364.7080406>