From owner-freebsd-stable@FreeBSD.ORG Mon May 7 23:48:33 2007 Return-Path: X-Original-To: freebsd-stable@FreeBSD.ORG Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 93C6716A402; Mon, 7 May 2007 23:48:33 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.freebsd.org (Postfix) with ESMTP id 7F67013C447; Mon, 7 May 2007 23:48:33 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 20BF21A4DCD; Mon, 7 May 2007 16:49:14 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 7A9BA514AA; Mon, 7 May 2007 19:48:32 -0400 (EDT) Date: Mon, 7 May 2007 19:48:32 -0400 From: Kris Kennaway To: freebsd-stable@FreeBSD.ORG, scrappy@FreeBSD.ORG Message-ID: <20070507234832.GA59530@xor.obsecurity.org> References: <200705071701.l47H12JJ034015@lurza.secnetix.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200705071701.l47H12JJ034015@lurza.secnetix.de> User-Agent: Mutt/1.4.2.2i Cc: Subject: Re: Socket leak (Was: Re: What triggers "No Buffer Space) Available"? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 May 2007 23:48:33 -0000 On Mon, May 07, 2007 at 07:01:02PM +0200, Oliver Fromme wrote: > Marc G. Fournier wrote: > > Now, that makes sense to me, I can understand that ... but, how would > > that look as far as netstat -nA shows? Or, would it? For example, I > > have: > > You should use "-na" to list all sockets, not "-nA". > > > mars# netstat -nA | grep c9655a20 > > c9655a20 stream 0 0 0 c95d63f0 0 0 > > c95d63f0 stream 0 0 0 c9655a20 0 0 > > mars# netstat -nA | grep c95d63f0 > > c9655a20 stream 0 0 0 c95d63f0 0 0 > > c95d63f0 stream 0 0 0 c9655a20 0 0 > > > > They are attached to each other, but there appears to be no 'referencing > > process' > > netstat doesn't show processes at all (sockstat, fstat > and lsof list sockets by processes). The sockets above > are probably from a socketpair(2) or a pipe (which is > implemented with socketpair(2), AFAIK). That's perfectly > normal. > > If I remember correctly, you wrote that 11k sockets are > in use with 90 jails. That's about 120 sockets per jail, > which isn't out of the ordinary. Of course it depends on > what is running in those jails, but my guess is that you > just need to increase the limit on the number of sockets > (i.e. kern.ipc.maxsockets). Yes, and if you have 11000 sockets in use under "normal" situations then you're likely to be pressing right up against the default limit anyway (e.g. on this machine with 8GB of RAM the default is 12328), so a slight increase in load will run out of space. Kris