Here my impressions of the situation from an serveradmin perspective. On Wed, 2006-08-23 at 17:08 +0200, Rainer Jung wrote: > I still don't have a consistent idea what happened around the firewall: > > - silently dropping is not expected apart from a deny rule, but deny > will not be the rule that had been applied to the apache-tomcat connection.
state keeping firewalls have timeouts. If the firewalltimeouts are lower that keepalive timeouts there is a possibility that the firewall invalidates the connection - afterwards it will drop any related packet. Another possibility would be a firewall that is forgetting states which would be clearly a bug. > > - only shutting down one side of an established (!) connection seems broken I don't think this is going to happen, but here is the reason why tomcat is in the worse situation: client ---request---> apache apache tries to use the stale connection and realizes that this is broken de facto immediately (socket error) tomcat on the other hand is not really notified (execpt when the kernel marks the connection as stale (timeout) AND tomcat tries to read from or poll/select the connections state) > - no answers yet about using TCP keep-alive should help in most cases imho regards Klaus --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]