[aclug-L] Re: December Aclug Meeting: Regular or Pizza Social?
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
John,
Unless you are seeing a lot of connections in the FIN_WAIT2 state, you
should not be worried about the number of connections in the
CLOSE_WAIT state. Many clients sit in the CLOSE_WAIT state to continue
listening after done sending. Any client that does that will take care
of the connection itself when it needs to reuse the socket.
Certain DOS attacks leave lots of connections in FIN_WAIT2
indefinitely. So, most all modern TCP/IP implementations keep those
from accumulating by violating the protocol specification.
Properly written clients may rely on the expected behavior of
CLOSE_WAIT. And on a heavily loaded web server there can be many
hundreds of these. If you are tracking down a performance issue, and
are not seeing a lot of FIN_WAIT2 connections, then I would look for
something else. If you are seeing a lot of FIN_WAIT2 connections, then
you may be the target of a denial of service attack. Who did you piss
off this time? (Just kidding)(maybe)
On Dec 9, 2007 4:02 PM, Chris Owen <owenc@xxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Dec 6, 2007, at 10:39 AM, John Alexander wrote:
>
> > Social, as long as somebody can tell me how the change the default
> > timeout
> > for the the CLOSE_WAIT on a network connection!!!!
>
> Depending on the kernel you may be able to set it in:
>
> /proc/sys/net/ipv4/
>
> or perhaps:
>
> /etc/sysctl.conf
>
> However, I believe this is one of those things that isn't easily done
> because really you shouldn't. I believe the RFCs specify only the
> application that opened the connection can issue a close. If you are
> seeing lots of open CLOSE_WAIT connections then that is an indication
> of a problem with an application, not the kernel. The kernel is just
> supposed to wait (I believe the default time out is 12 _hours_).
>
> Chris
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Chris Owen ~ Garden City (620) 275-1900 ~ Lottery (noun):
> President ~ Wichita (316) 858-3000 ~ A stupidity tax
> Hubris Communications Inc www.hubris.net
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
> Comment: Public Key: http://home.hubris.net/owenc/pgpkey.txt
> Comment: Public Key ID: 0xB513D9DD
>
> iD8DBQFHXGXoElUlCLUT2d0RApa1AKCrXTJ+GD8N9fr+z+c8nF2kQOpMyQCg1Xwp
> EzBPfnNfJ/bWjUESNuOLk7M=
> =0R7l
> -----END PGP SIGNATURE-----
>
> -- This is the discussion@xxxxxxxxx list. To unsubscribe,
> visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
>
>
-- This is the discussion@xxxxxxxxx list. To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
|
|
