www/obhttpd and question marks in sockstat

Matthew Seaman matthew at FreeBSD.org
Tue Mar 29 21:59:55 UTC 2016 

On 29/03/2016 17:51, Niklaas Baudet von Gersdorff wrote:
> So there's nothing to worry about too. Nonetheless, I'm wondering: After more
> than three hours, the output is still the same? I just started www/obhttpd
> again and got the following:
> 
> USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS      
> www      obhttpd    9308  4  tcp4   10.15.1.1:80          *:*
> www      obhttpd    9307  4  tcp4   10.15.1.1:80          *:*
> www      obhttpd    9305  4  tcp4   10.15.1.1:80          *:*
> root     syslogd    4654  6  udp6   2a00:c98:2200:af07:6:0:1:1:514 *:*
> root     syslogd    4654  7  udp4   10.15.1.1:514         *:*
> ?        ?          ?     ?  tcp6   2a00:c98:2200:af07:6:0:1:1:80 *:*
> ?        ?          ?     ?  tcp4   10.15.1.1:80          *:*
> ?        ?          ?     ?  tcp6   2a00:c98:2200:af07:6:0:1:1:80 *:*
> 
> So it seems that www/obhttpd has problems binding again on IPv6 while IPv4
> works fine. Stopping and starting again gives me an additional "closed" port on
> IPv6:
> 
> USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS      
> www      obhttpd    9355  4  tcp4   10.15.1.1:80          *:*
> www      obhttpd    9354  4  tcp4   10.15.1.1:80          *:*
> www      obhttpd    9352  4  tcp4   10.15.1.1:80          *:*
> root     syslogd    4654  6  udp6   2a00:c98:2200:af07:6:0:1:1:514 *:*
> root     syslogd    4654  7  udp4   10.15.1.1:514         *:*
> ?        ?          ?     ?  tcp6   2a00:c98:2200:af07:6:0:1:1:80 *:*
> ?        ?          ?     ?  tcp6   2a00:c98:2200:af07:6:0:1:1:80 *:*
> ?        ?          ?     ?  tcp4   10.15.1.1:80          *:*
> ?        ?          ?     ?  tcp6   2a00:c98:2200:af07:6:0:1:1:80 *:*
> 
> Something's not working properly here, is it?

Three hours does seem a little excessive for closing down a listening
socket.  Yeah, that's not right.  Those already-closed connections
should disappear after a few seconds.  Actually, it's also quite odd now
I come to think of it, to see them for the listening socket of a server
process.  It's common for them to appear for the point to point link
when a particular client connects and then disconnects -- you can see
the effect in sockstat on either the server or the client machines.

This is possibly related to the other odd output you've been seeing.
Looks like the obhttpd process is not getting shutdown properly; rather
it seems to be being killed in an excessively brutal way, which prevents
it from cleaning up after itself.

It might be worth trying some alternate web servers.  If you want a
pretty bare-bones but fast alternative, I like www/nginx-devel with most
of the port's OPTIONS turned off.

I know that nginx doesn't normally suffer from anything like this
effect. If you still see it with nginx, then you've good evidence it's
not something to do with a specific httpd implementation, but something
systemic in your server setup.

Do you see anything similar for any other network servers on your
machine?  Assuming, that is, you can afford to turn them off and
on-again a few times while checking.

	
	Cheers,

	Matthew


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20160329/d4a1da3b/attachment-0001.sig>

More information about the freebsd-questions mailing list