Date: Thu, 29 May 2008 21:15:55 -0400 From: Robert Blayzor <rblayzor.bulk@inoc.net> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: freebsd-stable@freebsd.org Subject: Re: Sockets stuck in FIN_WAIT_1 Message-ID: <EB975E1A-7995-4214-A2CC-AE2D789B19AB@inoc.net> In-Reply-To: <200805300055.m4U0tkqx027965@apollo.backplane.com> References: <B42F9BDF-1E00-45FF-BD88-5A07B5B553DC@inoc.net> <1A19ABA2-61CD-4D92-A08D-5D9650D69768@mac.com> <23C02C8B-281A-4ABD-8144-3E25E36EDAB4@inoc.net> <483DE2E0.90003@FreeBSD.org> <B775700E-7494-42C1-A9B2-A600CE176ACB@inoc.net> <483E36CE.3060400@FreeBSD.org> <483E3C26.3060103@paradise.net.nz> <483E4657.9060906@FreeBSD.org> <483EA513.4070409@earthlink.net> <96AFE8D3-7EAC-4A4A-8EFF-35A5DCEC6426@inoc.net> <483EAED1.2050404@FreeBSD.org> <200805291912.m4TJCG56025525@apollo.backplane.com> <14DA211A-A9C5-483A-8CB9-886E5B19A840@inoc.net> <200805291930.m4TJUeGX025815@apollo.backplane.com> <0C827F66-09CE-476D-86E9-146AB255926B@inoc.net> <200805292132.m4TLWhCv026720@apollo.backplane.com> <CCBAEE3E-35A5-4BF8-A0B7-321272533B62@inoc.net> <200805300055.m4U0tkqx027965@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 29, 2008, at 8:55 PM, Matthew Dillon wrote: > It's got to a be a bug on the client(s) in question. I can't think > of anything else. You may have to resort to injecting a TCP RST > packet (e.g. via a TUN device) to clear the connections. That would be most unpleasant... and also seems like some sort of exploit if a client and run a server out of socket buffers so easily. On a side note, I may be onto something... The server traffic right now is calming down, but it picks up... I made a change to the IPFW rules which basically went from something like: 100 permit tcp from any to any established 200 permit tcp from any to me 80 setup 300 deny log ip from any to me to: 100 check-state 150 deny tcp from any to any established 200 permit tcp from any to me 80 setup keep-state 300 deny log ip from any to me While the traffic is lower now, I don't see the FIN_WAIT_1's going up like I did before. At least I'm not going to count my chickens before they hatch. I'm going to watch this over the next 24 hours and see what comes up. Unfortunately if it doesn't end up being part of the solution I may have to resort to running some flavor of Linux 2.6 (*sob*). -- Robert Blayzor, BOFH INOC, LLC rblayzor@inoc.net http://www.inoc.net/~rblayzor/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EB975E1A-7995-4214-A2CC-AE2D789B19AB>