From owner-freebsd-hackers  Tue Dec  3 14:22:26 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7312337B401; Tue,  3 Dec 2002 14:22:24 -0800 (PST)
Received: from aramis.rutgers.edu (aramis.rutgers.edu [128.6.4.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id B583943EDC; Tue,  3 Dec 2002 14:22:23 -0800 (PST)
	(envelope-from bohra@cs.rutgers.edu)
Received: from cs.rutgers.edu (sirtaki.rutgers.edu [128.6.171.146])
	by aramis.rutgers.edu (8.11.6+Sun/8.8.8) with ESMTP id gB3MMHH06847;
	Tue, 3 Dec 2002 17:22:17 -0500 (EST)
Message-ID: <3DED2DE3.7040002@cs.rutgers.edu>
Date: Tue, 03 Dec 2002 17:19:15 -0500
From: Aniruddha Bohra <bohra@cs.rutgers.edu>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-net <freebsd-net@freebsd.org>,
	freebsd-hackers@freebsd.org
Cc: bohra@cs.rutgers.edu
Subject: tcp_usrreq bug ??
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Hello
    The following code snippet is from netinet/tcp_usrreq.c

As in the comment (and presumably correct behaviour) a RST should
be sent on close if the connection is embryonic. However,
if (tp->t_state < TCPS_ESTABLISHED)
    tp = tcp_close(tp);
does not do it.  One can imagine a scenario when a client would just
do a connect() and close() and an overloaded server would have its
listen queue crowded by connections that were not synchronized but closed.

I have seen this happen in my lab test, where I use httperf  to measure 
Apache
webserver throughput. There are several listen queue overflows and resets.
The interesting part is that the client _NEVER_ has more than 3200 open 
descriptors
yet a queue of 4096 on the server gets filled up.

Is there a reason for not sending a RST or is it a bug? Please help.

Thanks
Aniruddha


/*
 * Initiate (or continue) disconnect.
 * If embryonic state, just send reset (once).
 * If in ``let data drain'' option and linger null, just drop.
 * Otherwise (hard), mark socket disconnecting and drop
 * current input data; switch states based on user close, and
 * send segment to peer (with FIN).
 */
static struct tcpcb *
tcp_disconnect(tp)
register struct tcpcb *tp;
{
struct socket *so = tp->t_inpcb->inp_socket;

if (tp->t_state < TCPS_ESTABLISHED)
tp = tcp_close(tp);
else if ((so->so_options & SO_LINGER) && so->so_linger == 0)
tp = tcp_drop(tp, 0);
else {
soisdisconnecting(so);
sbflush(&so->so_rcv);
tp = tcp_usrclosed(tp);
if (tp)
(void) tcp_output(tp);
}
return (tp);
}


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message