From owner-freebsd-current Tue Jun 1 14:30:41 1999 Delivered-To: freebsd-current@freebsd.org Received: from ra.eng.mindspring.net (ra.eng.mindspring.net [207.69.192.184]) by hub.freebsd.org (Postfix) with SMTP id A16B514FDA for ; Tue, 1 Jun 1999 14:30:25 -0700 (PDT) (envelope-from sj@ra.eng.mindspring.net) Received: (qmail 21107 invoked by uid 52477); 1 Jun 1999 21:30:13 -0000 To: current@FreeBSD.ORG Subject: Re: net.inet.tcp.always_keepalive on as default ? References: <19990601130331.A21176@wopr.caltech.edu> <22394.928267922@critter.freebsd.dk> Content-Type: text/plain; charset=us-ascii From: Sudish Joseph Date: 01 Jun 1999 17:30:13 -0400 In-Reply-To: Poul-Henning Kamp's message of "Tue, 01 Jun 1999 22:12:02 +0200" Message-ID: Lines: 22 User-Agent: Gnus/5.070084 (Pterodactyl Gnus v0.84) XEmacs/21.2(beta12) (Clio) MIME-Version: 1.0 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Poul-Henning Kamp writes: > Mind you, this is only a problem because FreeBSD is to bloddy > stable: I logged into a customers server a few days a go, it had > been up for over a year, and had accumulated tons of ftpds from If this customer is using wu-ftpd, it's very possible that you saw daemons blocked inside of accept() for PASV data connections. We used to see the same behavior here wrt. ftpds hanging around and it was almost always the case that the socket was in the LISTEN state. The code (ftpd.c:dataconn()) was changed to time out the data connection establishment using select() before calling accept(). If the client doesn't connect within 15 minutes, we log the event and the daemon exits. A diff against our code wouldn't be helpful, since we've added our own ugly warts to it (but I'll do so if you want it). If this is indeed the same problem you're seeing, tcp keepalives won't help. I haven't looked at the FreeBSD ftpd code to see if the accept is timed out somehow to prevent this (possibly inadvertent) DOS attack. -- Sudish Joseph MindSpring Enterprises To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message