tcp keepalive after fin+ack from client and server
Felix J. Ogris
fjo at ogris.de
Mon Dec 14 23:20:10 UTC 2009
On 12/14/09 5:32 AM, "Julian Elischer" wrote:
> Felix J. Ogris wrote:
>> Hi,
>>
>> I am experiencing some strange problem where FreeBSD sometimes starts
>> sending tcp keepalives after client and server have sent and ack'ed FINs.
>> The server runs 7.1-RELEASE/amd64 with open-vm-tools-nox11-148847 in a
>> VMware ESXi 4.0. The client runs a CentOS Linux 2.6.18-164.6.1.el5PAE SMP on
>> a bare metal machine. FreeBSD houses a Apache installation with sendfile and
>> mmap enabled. The Linux machine runs a homemade monitoring system and starts
>> a Perl script every 5 minutes to check if Apache is still alive. I have put
>> a tcpdump output on http://ogris.de/keepalive.txt for readability and can
>> provide the raw tcpdump file, if needed. Client and server keep sending
>> those keepalives for about 2 hours (yielding 300kB/s constantly) if not
>> stopped manually by an ipfw rule. lsof shows that no user process has open
>> the corresponding sockets anymore, whereas netstat shows established
>> connections.
>> FreeBSD has loaded ipfw with some keep-state rules, the Linux box has
>> iptables disabled.
>
>
> are you sure it isn't the firewall (ipfw) sending keepalives? it is
> one of the options with kept state to inject keepalives.
> if it didint' see all the FINs for some reason, it may think the
> session is still alive.
Thanks for the hint - net.inet.ip.fw.dyn_keepalive=0 did the trick.
Felix
More information about the freebsd-net
mailing list