From owner-freebsd-net Fri Apr 14 14:25:16 2000 Delivered-To: freebsd-net@freebsd.org Received: from ants.pocketscience.com (gateway1.pocketscience.com [209.24.64.3]) by hub.freebsd.org (Postfix) with ESMTP id 5A40837B6D5; Fri, 14 Apr 2000 14:25:13 -0700 (PDT) (envelope-from brian@pocketscience.com) Received: from pocketscience.com (southpark.i.pocketscience.com [10.10.4.2]) by ants.pocketscience.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0) id HXB8H8PT; Fri, 14 Apr 2000 14:25:43 -0700 Message-ID: <38F78CB8.AC801CD4@pocketscience.com> Date: Fri, 14 Apr 2000 14:25:12 -0700 From: Brian Nelson Organization: PocketScience, Inc X-Mailer: Mozilla 4.72 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en, pdf MIME-Version: 1.0 To: Ruslan Ermilov Cc: brian@FreeBSD.org, cmott@scientech.com, net@FreeBSD.org, freebsd-gnats-submit@FreeBSD.org Subject: Re: bin/17963: NATD appears to memory leak when a connection fails from the internal network to the external network. References: <200004130218.TAA12378@freefall.freebsd.org> <20000414121759.A37837@relay.ucb.crimea.ua> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This seems to have worked! been running for hours, and we're still at ~600k. Thanks a lot for your help! is this going into -current or -stable any time soon? Ruslan Ermilov wrote: > > On Wed, Apr 12, 2000 at 07:18:39PM -0700, brian@pocketscience.com wrote: > > > [...] > > from an internal machine, make several network connections that get > > dropped on the remote end (not denied, but connection timeouts) > > > Please try the following patch. It is for RELENG_3 (latest) sources. > Extract patch to the currrent directory, then follow instructions: > > # mv ./p /tmp > # cd /usr/src/lib/libalias > # patch # make clean all install # build/install new library > # cd /usr/src/sbin/natd > # make clean all install # build/install natd with new library > > BACKGROUND > > The problem was that the TCP link's timeout was set to TCP_EXPIRE_CONNECTED > (86400 secs) right after the first SYN from the client (or from the server > for incoming connections). With this change, this huge timeout value will > only be applied to ESTABLISHED connections, i.e. only after SYN was seen > from both client and server side. TCP links corresponding to failed TCP > connections (those which never receive neither SYN-ACK nor RST from server), > will be dropped after TCP_EXPIRE_INITIAL (300 seconds) timeout. > > Cheers, > -- > Ruslan Ermilov Sysadmin and DBA of the > ru@ucb.crimea.ua United Commercial Bank, > ru@FreeBSD.org FreeBSD committer, > +380.652.247.647 Simferopol, Ukraine > > http://www.FreeBSD.org The Power To Serve > http://www.oracle.com Enabling The Information Age > > ------------------------------------------------------------------------ > > pName: p > Type: Plain Text (text/plain) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message