From owner-freebsd-stable@FreeBSD.ORG  Fri May 30 03:07:21 2008
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6F9961065671
	for <freebsd-stable@freebsd.org>; Fri, 30 May 2008 03:07:21 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from mail2.fluidhosting.com (mx24.fluidhosting.com [204.14.89.7])
	by mx1.freebsd.org (Postfix) with ESMTP id 0C5278FC1A
	for <freebsd-stable@freebsd.org>; Fri, 30 May 2008 03:07:20 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: (qmail 28731 invoked by uid 399); 30 May 2008 03:19:20 -0000
Received: from localhost (HELO lap.dougb.net) (dougb@dougbarton.us@127.0.0.1)
	by localhost with ESMTPAM; 30 May 2008 03:19:20 -0000
X-Originating-IP: 127.0.0.1
X-Sender: dougb@dougbarton.us
Message-ID: <483F6F66.4050909@FreeBSD.org>
Date: Thu, 29 May 2008 20:07:18 -0700
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://www.FreeBSD.org/
User-Agent: Thunderbird 2.0.0.14 (X11/20080525)
MIME-Version: 1.0
To: Robert Blayzor <rblayzor.bulk@inoc.net>
References: <B42F9BDF-1E00-45FF-BD88-5A07B5B553DC@inoc.net>	<1A19ABA2-61CD-4D92-A08D-5D9650D69768@mac.com>	<23C02C8B-281A-4ABD-8144-3E25E36EDAB4@inoc.net>	<483DE2E0.90003@FreeBSD.org>	<B775700E-7494-42C1-A9B2-A600CE176ACB@inoc.net>	<483E36CE.3060400@FreeBSD.org>	<483E3C26.3060103@paradise.net.nz>	<483E4657.9060906@FreeBSD.org>	<483EA513.4070409@earthlink.net>	<96AFE8D3-7EAC-4A4A-8EFF-35A5DCEC6426@inoc.net>	<483EAED1.2050404@FreeBSD.org>	<200805291912.m4TJCG56025525@apollo.backplane.com>	<14DA211A-A9C5-483A-8CB9-886E5B19A840@inoc.net>	<200805291930.m4TJUeGX025815@apollo.backplane.com>	<0C827F66-09CE-476D-86E9-146AB255926B@inoc.net>	<200805292132.m4TLWhCv026720@apollo.backplane.com>	<CCBAEE3E-35A5-4BF8-A0B7-321272533B62@inoc.net>	<200805300055.m4U0tkqx027965@apollo.backplane.com>
	<EB975E1A-7995-4214-A2CC-AE2D789B19AB@inoc.net>
In-Reply-To: <EB975E1A-7995-4214-A2CC-AE2D789B19AB@inoc.net>
X-Enigmail-Version: 0.95.6
OpenPGP: id=D5B2F0FB
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-stable@freebsd.org
Subject: Re: Sockets stuck in FIN_WAIT_1
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 May 2008 03:07:21 -0000

Robert Blayzor wrote:
> On May 29, 2008, at 8:55 PM, Matthew Dillon wrote:
>>    It's got to a be a bug on the client(s) in question.  I can't think
>>    of anything else.   You may have to resort to injecting a TCP RST
>>    packet (e.g. via a TUN device) to clear the connections.
> 
> 
> 
> That would be most unpleasant... and also seems like some sort of 
> exploit if a client and run a server out of socket buffers so easily.

There are way more exciting things about a web server to exploit. :)

> On a side note, I may be onto something... The server traffic right now 
> is calming down, but it picks up...  I made a change to the IPFW rules 

Hrrm, are you running ipfw ON the web server box? If so, I'd be 
curious as to why, and whether or not the problem goes away if you 
take IPFW out of the equation. If IPFW is running on another machine, 
never mind.

Doug

-- 

     This .signature sanitized for your protection