www/obhttpd and question marks in sockstat
Matthew Seaman
matthew at FreeBSD.org
Tue Mar 29 21:59:55 UTC 2016
On 29/03/2016 17:51, Niklaas Baudet von Gersdorff wrote:
> So there's nothing to worry about too. Nonetheless, I'm wondering: After more
> than three hours, the output is still the same? I just started www/obhttpd
> again and got the following:
>
> USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
> www obhttpd 9308 4 tcp4 10.15.1.1:80 *:*
> www obhttpd 9307 4 tcp4 10.15.1.1:80 *:*
> www obhttpd 9305 4 tcp4 10.15.1.1:80 *:*
> root syslogd 4654 6 udp6 2a00:c98:2200:af07:6:0:1:1:514 *:*
> root syslogd 4654 7 udp4 10.15.1.1:514 *:*
> ? ? ? ? tcp6 2a00:c98:2200:af07:6:0:1:1:80 *:*
> ? ? ? ? tcp4 10.15.1.1:80 *:*
> ? ? ? ? tcp6 2a00:c98:2200:af07:6:0:1:1:80 *:*
>
> So it seems that www/obhttpd has problems binding again on IPv6 while IPv4
> works fine. Stopping and starting again gives me an additional "closed" port on
> IPv6:
>
> USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
> www obhttpd 9355 4 tcp4 10.15.1.1:80 *:*
> www obhttpd 9354 4 tcp4 10.15.1.1:80 *:*
> www obhttpd 9352 4 tcp4 10.15.1.1:80 *:*
> root syslogd 4654 6 udp6 2a00:c98:2200:af07:6:0:1:1:514 *:*
> root syslogd 4654 7 udp4 10.15.1.1:514 *:*
> ? ? ? ? tcp6 2a00:c98:2200:af07:6:0:1:1:80 *:*
> ? ? ? ? tcp6 2a00:c98:2200:af07:6:0:1:1:80 *:*
> ? ? ? ? tcp4 10.15.1.1:80 *:*
> ? ? ? ? tcp6 2a00:c98:2200:af07:6:0:1:1:80 *:*
>
> Something's not working properly here, is it?
Three hours does seem a little excessive for closing down a listening
socket. Yeah, that's not right. Those already-closed connections
should disappear after a few seconds. Actually, it's also quite odd now
I come to think of it, to see them for the listening socket of a server
process. It's common for them to appear for the point to point link
when a particular client connects and then disconnects -- you can see
the effect in sockstat on either the server or the client machines.
This is possibly related to the other odd output you've been seeing.
Looks like the obhttpd process is not getting shutdown properly; rather
it seems to be being killed in an excessively brutal way, which prevents
it from cleaning up after itself.
It might be worth trying some alternate web servers. If you want a
pretty bare-bones but fast alternative, I like www/nginx-devel with most
of the port's OPTIONS turned off.
I know that nginx doesn't normally suffer from anything like this
effect. If you still see it with nginx, then you've good evidence it's
not something to do with a specific httpd implementation, but something
systemic in your server setup.
Do you see anything similar for any other network servers on your
machine? Assuming, that is, you can afford to turn them off and
on-again a few times while checking.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20160329/d4a1da3b/attachment-0001.sig>
More information about the freebsd-questions
mailing list