From owner-freebsd-stable@FreeBSD.ORG Fri May 30 09:36:03 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A79541065674 for ; Fri, 30 May 2008 09:36:03 +0000 (UTC) (envelope-from rblayzor.bulk@inoc.net) Received: from mx1-b.inoc.net (mx1-b.inoc.net [64.246.131.28]) by mx1.freebsd.org (Postfix) with ESMTP id 2DDA48FC22 for ; Fri, 30 May 2008 09:36:03 +0000 (UTC) (envelope-from rblayzor.bulk@inoc.net) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=inoc.net; h=Received:From:To:Subject:Date; b=APJIVBPQYIBIyxL5p6iDjkXSgKzwAd+cAcRF4Bycd8K4iC9b6wySjY8XCUobX85Q69KeoAhrvD9e1eOlhfFhp3pCmvmYNXWykWt4TqwuonGTsIq1Xum7RFCLny9paNFzOnGxxfLqu7+ZCHqQPUiNvmJPC/tK/6eWD3VZYHPh3DA=; Received: from [172.16.0.199] (cpe-67-240-119-200.nycap.res.rr.com [67.240.119.200]) by mx1-b.inoc.net (build v8.3.29) with ESMTP id 149768593-1941382 for multiple; Fri, 30 May 2008 09:35:59 +0000 (UTC) Message-Id: From: Robert Blayzor To: David Malone In-Reply-To: <20080530084724.GA37672@walton.maths.tcd.ie> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v924) Date: Fri, 30 May 2008 05:35:56 -0400 References: <483EA513.4070409@earthlink.net> <96AFE8D3-7EAC-4A4A-8EFF-35A5DCEC6426@inoc.net> <483EAED1.2050404@FreeBSD.org> <200805291912.m4TJCG56025525@apollo.backplane.com> <14DA211A-A9C5-483A-8CB9-886E5B19A840@inoc.net> <200805291930.m4TJUeGX025815@apollo.backplane.com> <0C827F66-09CE-476D-86E9-146AB255926B@inoc.net> <200805292132.m4TLWhCv026720@apollo.backplane.com> <20080530081143.GI1028@server.vk2pj.dyndns.org> <20080530084724.GA37672@walton.maths.tcd.ie> X-Mailer: Apple Mail (2.924) Cc: freebsd-stable@freebsd.org Subject: Re: Sockets stuck in FIN_WAIT_1 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2008 09:36:03 -0000 On May 30, 2008, at 4:47 AM, David Malone wrote: > There has been some talk about this sort of problem on the IETF TCP > Maintainers list. I don't think any good conclusion was reached - > whatever the solution was certainly needs to be tunable per-socket > because this behaviour is perfectly valid in some situations but a > bit of a pain in others. A timeout value would be fine. Obviously if the client keeps sending back packets with a 0 size, there should be some option or work around to tell the stack to drop the connection. There than to have the server lock up resources on a "dead connection". Unfortunately we're talking about the internet here, we can't insure that every one of the clients connecting to our servers behaves correctly! ;-) On a side note, I could easily fix this problem by frontending the server with a Cisco PIX or ASA. I believe they have "half closed" timers just for this purpose... Perhaps a kernel tunable knob would be a nice option/fix/hack also. -- Robert Blayzor, BOFH INOC, LLC rblayzor@inoc.net http://www.inoc.net/~rblayzor/