From owner-freebsd-stable@FreeBSD.ORG Fri May 30 17:34:18 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 24C89106567B for ; Fri, 30 May 2008 17:34:18 +0000 (UTC) (envelope-from rblayzor.bulk@inoc.net) Received: from mx1-a.inoc.net (mx1-a.inoc.net [64.246.131.30]) by mx1.freebsd.org (Postfix) with ESMTP id CF4608FC21 for ; Fri, 30 May 2008 17:34:17 +0000 (UTC) (envelope-from rblayzor.bulk@inoc.net) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=inoc.net; h=Received:From:To:Subject:Date; b=3Kgzyd9seIeoRQ1YwIbZVdp0C/iID6DgXV8rrpF7aa7k3u9hfWT4zn5Gth+VWUBbEAu0+gXTGaIoy/NBA3w8flbop7TnUzh8pkvbvVn3Qa6HHaPgyWtQ2bKs5Fit1dgIkrx1RXTZEuBxYrhMwsHaQNVZ82qYAc43eX4yDJLRZRM=; Received: from void.ops.inoc.net (vanguard.noc.albyny.inoc.net [64.246.135.8]) by mx1-a.inoc.net (build v8.3.29) with ESMTP id 148685672-1941382 for multiple; Fri, 30 May 2008 17:34:13 +0000 (UTC) Message-Id: <69B2392D-E349-4E29-B028-900C8D1693A8@inoc.net> From: Robert Blayzor To: Matthew Dillon In-Reply-To: <200805301643.m4UGhSa0033918@apollo.backplane.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v924) Date: Fri, 30 May 2008 13:34:13 -0400 References: <1A19ABA2-61CD-4D92-A08D-5D9650D69768@mac.com> <23C02C8B-281A-4ABD-8144-3E25E36EDAB4@inoc.net> <483DE2E0.90003@FreeBSD.org> <483E36CE.3060400@FreeBSD.org> <483E3C26.3060103@paradise.net.nz> <483E4657.9060906@FreeBSD.org> <483EA513.4070409@earthlink.net> <96AFE8D3-7EAC-4A4A-8EFF-35A5DCEC6426@inoc.net> <483EAED1.2050404@FreeBSD.org> <200805291912.m4TJCG56025525@apollo.backplane.com> <14DA211A-A9C5-483A-8CB9-886E5B19A840@inoc.net> <200805291930.m4TJUeGX025815@apollo.backplane.com> <0C827F66-09CE-476D-86E9-146AB255926B@inoc.net> <200805292132.m4TLWhCv026720@apollo.backplane.com> <200805300055.m4U0tkqx027965@apollo.backplane.com> <483F6F66.4050909@FreeBSD.org> <200805301643.m4UGhSa0033918@apollo.backplane.com> X-Mailer: Apple Mail (2.924) Cc: freebsd-stable@freebsd.org Subject: Re: Sockets stuck in FIN_WAIT_1 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2008 17:34:18 -0000 On May 30, 2008, at 12:43 PM, Matthew Dillon wrote: > I would be very careful with any type of ruleset (IPFW or PF) which > relies on keep-state. You can wind up causing legitimate > connections > to drop if it isn't carefully tuned. Thanks again Matt... I do agree on the firewall and keep-state and scaling issue. It wasn't the magic bullet I thought it may have been. The stuck connections just dropped off due to the load dropping at night. The bandaid I have is the tcpdrop hack that was posted here. That seems to clear all the stuck sessions. While it's probably not the best thing to do, it protects the server at least. I don't know what more to do at this point. While these may be broken client issues, it's breaking the server. I don't know if it makes sense to push something upstream to see if some type of knob can be implemented into the network stack to force close/drop these or to just let it go and deal with it as-is. I have a message into the clamav-devel list to see if this is a problem on the freshclam client and the way it handles closing connections/broken connections. It's quite possible it's something broken in freshclam where it's failing to deal with a network failure properly.... -- Robert Blayzor, BOFH INOC, LLC rblayzor@inoc.net http://www.inoc.net/~rblayzor/