[Bug 255065] Accept filters do not timeout inactive

Wed Apr 14 20:06:26 UTC 2021

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255065

            Bug ID: 255065
           Summary: Accept filters do not timeout inactive
           Product: Base System
           Version: 12.2-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: bugs at FreeBSD.org
          Reporter: dave at jetcafe.org

The accept filter mechanism apparently has no methodology to timeout inactive
connections. This allows one to connect to an application using accept filter,
and simply hold the connection open indefinitely without sending data. 

Sockets that connect to an accept filter should timeout after some reasonable
period of inactivity.

This ancient bug is related: 

  https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=29774

I do realize this behavior is (thankfully) limited by the setting of
kern.ipc.soacceptqueue, which defaults to 4096. I also realize that the 4097th
socket will cause the oldest socket to be dropped by the kernel. Even so, this
is still a potential waste of resource. 

Is it possible to allow an explicit timeout to be set, either by sysctl or by
API?

-- 
You are receiving this mail because:
You are the assignee for the bug.