Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 16 Sep 2019 06:13:57 +0000
From:      bugzilla-noreply@freebsd.org
To:        pf@FreeBSD.org
Subject:   [Bug 240532] pf stops purging IPv6 FIN_WAIT_2 states?
Message-ID:  <bug-240532-16861-sJAKQbvCoY@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-240532-16861@https.bugs.freebsd.org/bugzilla/>
References:  <bug-240532-16861@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240532

--- Comment #3 from Peter Eriksson <pen@lysator.liu.se> ---
I ran those tests you mention and some other stuff, and it looks like the
"accumulation" was due to Linux (Ubuntu 18.04 for what it's worth) NFS clie=
nts
bombarding our servers with new TCP connections (which they just as quickly
teared down). Like 200-400 new requests/s with unique client source port
numbers - no surprise those states accumulated quickly.

Exactly why those Linux clients are doing this is a bit unclear but it looks
like it have something to do with users having their home directory mounted=
 via
NFSv4 with sec=3Dkrb5, and then their Kerberos tickets expiring (on the cli=
ent).
Possibly while they were running "evolution" which has a number of
files/databases opened on the users home directory. This seems to cause
"rpc.gssd" (on the client) to go into a spin (100% CPU) and somehow causes =
this
endless stream of new TCP connections...

The stream of IP packets we are seeing look like this:

0.001280 Client -> Server SYN
0.001289 Server -> Client SYN+ACK
0.001516 Client -> Server ACK
0.003609 Client -> Server FIN+ACK
0.003615 Server -> Client ACK
0.003620 Server -> Client FIN+ACK
0.003841 Client -> Server ACK
<repeat 400 times/s>

Anyway I don't think this is a problem in FreeBSD/pf so we can close this b=
ug.
Looking more like (yet another) Linux bug.

(I wonder if it would be possible to throttle misbehaving clients like these
somehow, perhaps some rate-limiting in PF could do the trick? Hmm...)

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-240532-16861-sJAKQbvCoY>