Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 7 May 2007 19:01:02 +0200 (CEST)
From:      Oliver Fromme <olli@lurza.secnetix.de>
To:        freebsd-stable@FreeBSD.ORG, scrappy@FreeBSD.ORG
Subject:   Re: Socket leak (Was: Re: What triggers "No Buffer Space) Available"?
Message-ID:  <200705071701.l47H12JJ034015@lurza.secnetix.de>
In-Reply-To: <D2A2BB0F2857DF90BFC07305@ganymede.hub.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Marc G. Fournier wrote:
 > Now, that makes sense to me, I can understand that ... but, how would
 > that look as far as netstat -nA shows?  Or, would it?  For example, I
 > have:

You should use "-na" to list all sockets, not "-nA".

 > mars# netstat -nA | grep c9655a20
 > c9655a20 stream      0      0        0 c95d63f0        0        0
 > c95d63f0 stream      0      0        0 c9655a20        0        0
 > mars# netstat -nA | grep c95d63f0
 > c9655a20 stream      0      0        0 c95d63f0        0        0
 > c95d63f0 stream      0      0        0 c9655a20        0        0
 > 
 > They are attached to each other, but there appears to be no 'referencing 
 > process'

netstat doesn't show processes at all (sockstat, fstat
and lsof list sockets by processes).  The sockets above
are probably from a socketpair(2) or a pipe (which is
implemented with socketpair(2), AFAIK).  That's perfectly
normal.

If I remember correctly, you wrote that 11k sockets are
in use with 90 jails.  That's about 120 sockets per jail,
which isn't out of the ordinary.  Of course it depends on
what is running in those jails, but my guess is that you
just need to increase the limit on the number of sockets
(i.e. kern.ipc.maxsockets).

 > Again, if I'm reading / understanding things right, without the 'referencing 
 > process', it won't show up in sockstat -u, which is why my netstat -nA numbers 
 > keep growing, but sockstat -u numbers don't ... which also means that there is 
 > no way to figure out what process / program is leaving 'dangling sockets'? :(

Be careful here, sockstat's output is process-based and
lists sockets multiple times.  For example, the server
sockets that httpd children inherit from their parent
are listed for every single child, while you see it only
once in the netstat output.  On the other hand, sockstat
doesn't show sockets that have been closed and are in
TIME_WAIT state or similar.

Are you sure that UNIX domain sockets are causing the
problem?  Can you rule out other sockets (e.g. tcp)?
In that case you should run "netstat -funix" to list
only UNIX domain sockets (basically the same as the
-u option to sockstat).

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

$ dd if=/dev/urandom of=test.pl count=1
$ file test.pl
test.pl: perl script text executable



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705071701.l47H12JJ034015>