From owner-freebsd-hackers Thu May 21 23:23:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA17342 for freebsd-hackers-outgoing; Thu, 21 May 1998 23:23:30 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from smtp03.primenet.com (daemon@smtp03.primenet.com [206.165.6.133]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA17296; Thu, 21 May 1998 23:23:15 -0700 (PDT) (envelope-from tlambert@usr04.primenet.com) Received: (from daemon@localhost) by smtp03.primenet.com (8.8.8/8.8.8) id XAA24765; Thu, 21 May 1998 23:23:09 -0700 (MST) Received: from usr04.primenet.com(206.165.6.204) via SMTP by smtp03.primenet.com, id smtpd024739; Thu May 21 23:23:02 1998 Received: (from tlambert@localhost) by usr04.primenet.com (8.8.5/8.8.5) id XAA11218; Thu, 21 May 1998 23:23:00 -0700 (MST) From: Terry Lambert Message-Id: <199805220623.XAA11218@usr04.primenet.com> Subject: Re: TIME_WAIT/FIN_WAIT_2... To: mark@vmunix.com (Mark Mayo) Date: Fri, 22 May 1998 06:23:00 +0000 (GMT) Cc: isp@FreeBSD.ORG, hackers@FreeBSD.ORG In-Reply-To: <19980521230948.A23199@vmunix.com> from "Mark Mayo" at May 21, 98 11:09:48 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > The somewhat odd thing is the extraordinary number of > sockets left open in TIME_WAIT and FIN_WAIT_2. I roughly understand > what they mean, but we're talking about 3000 entries here (about 400-500 > of which are FIN_WAIT_2, the rest are TIME_WAIT).. So I have ~3000 > sockets in TIME_WAIT/FIN and only about 100 ESTABLISHED. > > Is this normal?? It doesn't seem like it to me. If not, what would be > causing it, and what should I look at tuning on the Slowaris box?? This is a client bug, specifically with Windows WinSock clients, which do not call "shutdown(2)" in the following way: shutdown( s, 1); The '1' should be a '2', but many WinSock implementations fail to work correctly if it isn't a '1'. You should talk to Paul Vixie about this. The fix is to be bug-compatible with Windows NT as a server, and to, when you are in FIN_WAIT_2 state, back up to resend the FIN. The problem is the lack of an ACK needed for a state transition in the Windows TCP/IP implemenetation. The root cause is badly written client code that assumes that the system does resource tracking of sockets, such that when the client program exits, a resource-track cleanup occurs, and sockets are shut down correctly. Alternately, you could blame it on Microsoft for writing an OS that doesn't do resource tracking. But you could blame Apple for the same thing. In any case, Paul has hacked NetBSD to do the right thing. I've played with hacks to FreeBSD for the same thing. Basically, it times out and backs up, rememebring that it backed up, and if it gets an abort when the FIN is resent (ie: the machine has rebooted or the host is unreachable because it has disconnected from it's ISP), it needs to rush forward to completion. Obviously, it would have to be controlled via sysctl(2), since it violates the RFC's all to hell. This is a standard Windows "Denial of service to non-Windows OS's" attack. 8-|. FreeBSD pretends it has solved the problem with a timeout (Solaris has a similar "fix"), but the latency is too high. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message