On 12/14/09 5:32 AM, "Julian Elischer" wrote: > Felix J. Ogris wrote: >> Hi, >> >> I am experiencing some strange problem where FreeBSD sometimes starts >> sending tcp keepalives after client and server have sent and ack'ed FINs. >> The server runs 7.1-RELEASE/amd64 with open-vm-tools-nox11-148847 in a >> VMware ESXi 4.0. The client runs a CentOS Linux 2.6.18-164.6.1.el5PAE SMP on >> a bare metal machine. FreeBSD houses a Apache installation with sendfile and >> mmap enabled. The Linux machine runs a homemade monitoring system and starts >> a Perl script every 5 minutes to check if Apache is still alive. I have put >> a tcpdump output on http://ogris.de/keepalive.txt for readability and can >> provide the raw tcpdump file, if needed. Client and server keep sending >> those keepalives for about 2 hours (yielding 300kB/s constantly) if not >> stopped manually by an ipfw rule. lsof shows that no user process has open >> the corresponding sockets anymore, whereas netstat shows established >> connections. >> FreeBSD has loaded ipfw with some keep-state rules, the Linux box has >> iptables disabled. > > > are you sure it isn't the firewall (ipfw) sending keepalives? it is > one of the options with kept state to inject keepalives. > if it didint' see all the FINs for some reason, it may think the > session is still alive.
Thanks for the hint - net.inet.ip.fw.dyn_keepalive=0 did the trick. Felix _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[email protected]"
