https://issues.apache.org/bugzilla/show_bug.cgi?id=50807
Summary: mod_proxy fails to send FIN response when a FIN is
received from a backend
Product: Apache httpd-2
Version: 2.2.16
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_proxy
AssignedTo: [email protected]
ReportedBy: [email protected]
I'm currently responsible for managing some reverse proxy servers using apache
and mod_proxy, and I stumbled across an apparent bug that I'm hoping someone
might have some insights into.
Mod_proxy is configured to frontend various webservers, typically with
persistent connections enabled on both the frontend and on the backend. What
I've discovered is that when there is an established connection to the backend
and the remote side of the connection sends a FIN, mod_proxy gets into a bad
state. For some reason we never send the corresponding FIN to finish closing
the connection.
Connections where backend persistent connections are disabled work fine.
I replicated this on my Ubuntu desktop running Apache 2.2.16 with a very simple
proxy configuration:
ProxyPass /apache/ http://72.52.221.58/
ProxyPassReverse /apache/ http://apache.com/
I issue a curl against http://localhost/apache/ and I see the following in a
packet capture:
13:56:52.377520 IP 192.168.1.57.58103 > 72.52.221.58.80: Flags [S], seq
3154899214, win 5840, options [mss 1460,sackOK,TS val 465793064 ecr
0,nop,wscale 7], length 0
13:56:52.428168 IP 72.52.221.58.80 > 192.168.1.57.58103: Flags [S.], seq
1968453344, ack 3154899215, win 5840, options [mss 1460,nop,nop,sackOK], length
0
13:56:52.428210 IP 192.168.1.57.58103 > 72.52.221.58.80: Flags [.], ack 1, win
5840, length 0
13:56:52.428453 IP 192.168.1.57.58103 > 72.52.221.58.80: Flags [P.], seq 1:266,
ack 1, win 5840, length 265
13:56:52.480281 IP 72.52.221.58.80 > 192.168.1.57.58103: Flags [.], ack 266,
win 6432, length 0
13:56:52.484575 IP 72.52.221.58.80 > 192.168.1.57.58103: Flags [P.], seq 1:648,
ack 266, win 6432, length 647
13:56:52.484593 IP 192.168.1.57.58103 > 72.52.221.58.80: Flags [.], ack 648,
win 7117, length 0
Interesting part comes after a few seconds:
13:56:57.484840 IP 72.52.221.58.80 > 192.168.1.57.58103: Flags [F.], seq 648,
ack 266, win 6432, length 0
13:56:57.519404 IP 192.168.1.57.58103 > 72.52.221.58.80: Flags [.], ack 649,
win 7117, length 0
In netstat I see an apache thread in a CLOSE_WAIT state:
tcp 1 0 192.168.1.57:58103 72.52.221.58:80 CLOSE_WAIT
apachectl-status shows one of the threads in a "W" Sending Reply status.
I haven't found any existing bugs on this, but I do see an old e-mail with a
similar behavior for mod_proxy's ftp data connection back in 2000:
http://mail-archives.apache.org/mod_mbox/www-apache-bugdb/200001.mbox/%[email protected]%3E
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
