Date: Mon, 16 Sep 2019 06:13:57 +0000 From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 240532] pf stops purging IPv6 FIN_WAIT_2 states? Message-ID: <bug-240532-16861-sJAKQbvCoY@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-240532-16861@https.bugs.freebsd.org/bugzilla/> References: <bug-240532-16861@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240532 --- Comment #3 from Peter Eriksson <pen@lysator.liu.se> --- I ran those tests you mention and some other stuff, and it looks like the "accumulation" was due to Linux (Ubuntu 18.04 for what it's worth) NFS clie= nts bombarding our servers with new TCP connections (which they just as quickly teared down). Like 200-400 new requests/s with unique client source port numbers - no surprise those states accumulated quickly. Exactly why those Linux clients are doing this is a bit unclear but it looks like it have something to do with users having their home directory mounted= via NFSv4 with sec=3Dkrb5, and then their Kerberos tickets expiring (on the cli= ent). Possibly while they were running "evolution" which has a number of files/databases opened on the users home directory. This seems to cause "rpc.gssd" (on the client) to go into a spin (100% CPU) and somehow causes = this endless stream of new TCP connections... The stream of IP packets we are seeing look like this: 0.001280 Client -> Server SYN 0.001289 Server -> Client SYN+ACK 0.001516 Client -> Server ACK 0.003609 Client -> Server FIN+ACK 0.003615 Server -> Client ACK 0.003620 Server -> Client FIN+ACK 0.003841 Client -> Server ACK <repeat 400 times/s> Anyway I don't think this is a problem in FreeBSD/pf so we can close this b= ug. Looking more like (yet another) Linux bug. (I wonder if it would be possible to throttle misbehaving clients like these somehow, perhaps some rate-limiting in PF could do the trick? Hmm...) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-240532-16861-sJAKQbvCoY>