From nobody@FreeBSD.ORG  Thu Dec 30 07:38:07 1999
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 5B94E14D65; Thu, 30 Dec 1999 07:38:07 -0800 (PST)
Message-Id: <19991230153807.5B94E14D65@hub.freebsd.org>
Date: Thu, 30 Dec 1999 07:38:07 -0800 (PST)
From: pfritz@nap.com.ar
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@freebsd.org
Subject: tcp connections linger too long in the timed wait state
X-Send-Pr-Version: www-1.0

>Number:         15783
>Category:       kern
>Synopsis:       tcp connections linger too long in the timed wait state
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 30 07:40:02 PST 1999
>Closed-Date:    Thu Dec 30 09:29:51 PST 1999
>Last-Modified:  Thu Dec 30 09:34:08 PST 1999
>Originator:     Pablo J. Fritz
>Release:        3.3-RELEASE
>Organization:
Network Access Point S.R.L.
>Environment:
not available at this moment, sorry
>Description:
While stress-testing Apache on FreeBSD, we found an out of memory condition. We found that tcp streams are kept in the last stage (the timed wait) for 60 seconds, while the specs say that this state has to last 2 round-trip times. So, if you open and close enough connections per second, you can waste all memory and halt the service. This error was also present in OpenBSD and NetBSD, but they crashed to the kernel when out of memory, while FreeBSD only didn't let more connections to be created until the others timed out.
>How-To-Repeat:
open a connection to the web server, close it, and look at how many seconds it takes to destroy the endpoint and release the memory.
I used netstat -m.
>Fix:
I could alleviate the problem changing the timeout form 60 seconds to 6 seconds, but what should be done is the rewriting of the tcp state machine.
I changed in /usr/src/sys/netinet/tcp_timer.h the value of TCPTV_MSL from 30 seconds to 3 seconds, and rebuilt the kernel.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: jlemon 
State-Changed-When: Thu Dec 30 09:29:51 PST 1999 
State-Changed-Why:  
This is not a bug - the TCP specification requires the side that did 
an active close to linger in the TIME_WAIT state for 2*MSL.  MSL is 
by convention set to 30 sec.  If you want to circumvent the spec, you 
can do so by changing the TCPTV_MSL definition.  Note that in -current, 
this is now a sysctl: net.inet.tcp.msl 
-- 
Jonathan 
>Unformatted:
