Socket leak

Mark Saad msaad at datapipe.com
Wed May 14 13:46:37 UTC 2008 

Mikolaj
   Thanks for the input, did you change any of the options for 
TimeoutLinger or TimeoutIdle ?
The Proftpd I am running is build for 6.3-RELEASE  here are the build 
options

Compile-time Settings:
  Version: 1.3.0a
  Platform: FREEBSD6 (FREEBSD6_3)
  Built With:
    configure CPPFLAGS=-DHAVE_OPENSSL --localstatedir=/var/run 
--disable-sendfile --disable-ipv6 
--with-modules=mod_sql:mod_sql_mysql:mod_check_mysql:mod_check_digest 
--prefix=/usr/local 
--with-includes=/usr/local/include/mysql:/usr/include/openssl 
--with-libraries=/usr/local/lib/mysql

This is not built from ports, one of the other S/A who works on this 
setup built proftpd with MySQL support,  not sure why
this is not from ports , from what I understand this mysql patch is not 
in ports.



Mikolaj Golub wrote:
> On Tue, 13 May 2008 19:37:29 -0400 Mark Saad wrote:
>
>  MS> I started logging the values of kern.ipc.numopensockets and I noticed
>  MS> that something is leaking sockets. Here is a sample of the log
>
>  MS> 2008-04-29--15:04.10 ____ kern.ipc.numopensockets: 1501
>  MS> 2008-04-29--16:04.01 ____ kern.ipc.numopensockets: 1535
>  MS> 2008-04-29--17:04.00 ____ kern.ipc.numopensockets: 1617
>  MS> 2008-04-29--18:04.00 ____ kern.ipc.numopensockets: 1710
>
>  MS> This continues until kern.ipc.maxsockets its reached or the box is
>  MS> rebooted.
>
>  MS> The other thing we looked at was the output from vmstat -z
>  MS> The first thing was the high amount of malloc 128 bucket failures
>
>  MS> 128 Bucket:    524,        0,     2489,       80,     8364, 23055239
>
>  MS> I also logged the mbuf clusters, we never reached the max mbuf clusters
>
>  MS> Its almost like there are stale sockets. Here is a snapshot of the server now
>
>  MS> ewr# sockstat -4u |wc -l
>  MS>     139
>  MS> ewr# sysctl kern.ipc.numopensockets
>  MS> kern.ipc.numopensockets: 13935
>
>  MS> ewr# uptime
>  MS> 7:30PM  up 6 days, 26 mins, 3 users, load averages: 0.18, 0.25, 0.17
>
> We had the same problem on one of hosts running 6.2-RELEASE-p11. The situation
> was complicated by the fact that I didn't have root access to the host and
> there were problems with getting more debugging or running tcpdump.
>
> Eventually, it appeared that problem was caused by proftpd. One of our clients
> connected to ftp server every five minutes looking for new file to
> download. When there was the file everything was good. But when there wasn't,
> some strange things happened. In proftpd logs we had:
>
> FTP session opened.
> mod_delay/0.5: delaying for 28 usecs
> user fake authenticated by mod_auth_pam.c
> USER fake: Login successful.
> Preparing to chroot to directory '/var/ftp/fake'
> Environment successfully chroot()ed.
> mod_delay/0.5: delaying for 621 usecs
> Entering Passive Mode (XX,YY,ZZ,213,241,70).
> FTP session closed.
>
> i.e. the client connected to server, had login successful, created new DATA
> connection in passive mode and then exited. But although proftpd reported that
> connection closed and proftpd process exited we still had this orphaned
> connection in our system reported by netstat in ESTABLISHED state. sockstat
> did not display this connections. Some of these connections could be in
> CLOSE_WAIT mode instead of ESTABLISHED. Such connection was seen by netstat
> for several hours and then disappeared but I suspect that the socket buffer
> was not freed and numopensockets counter did not decrease.
>
> Unfortunately, I did not managed to persuade admin to increase DebugLevel in
> proftpd.conf and run tcpdump to investigate more what was going on. It turned
> out that we had proftpd built for FREEBSD5_4:
>
> Compile-time Settings:
>   Version: 1.3.0
>   Platform: FREEBSD5 (FREEBSD5_4)
>   Built With:
>     configure --localstatedir=/var/run --sysconfdir=/usr/local/etc --disable-sendfile --disable-ipv6 --with-modules=mod_ratio:mod_readme:mod_rewrite:mod_wrap:mod_ifsession --prefix=/usr/local i386-portbld-freebsd5.4
>
> Upgrade to more recent proftpd built for proper platform resolved the problem.
>
> So I would recommend to look for process that could cause this leak. In my
> case careful investigation of netstat output history and comparing with
> sockstat output helped to find guilty. May be it would help to restart daemons
> one by one and see if sockets are freed.
>
> You can surely increase kern.ipc.maxsockets as workaround until you identify
> what causes the problem.
>
> --
> Mikolaj Golub
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>   


-- 
Mark Saad
msaad at datapipe.com

More information about the freebsd-hackers mailing list