> Hello!
>
> I have compiled/installed Squid 2.1.Patch2 on a Hewlett-Packard D220
> system running HP-UX 10.20 without problem. Compilation was error-free
> using HP's own C/ANSI compiler. Installation was smooth as well.
>
> Although Squid works well for us satisfying our proxying needs, a rather
> serious problem exists. A lot (I mean a lot!) of network connections
> between the proxy server and the browser clients remain in FIN_WAIT_2
> state instead of being terminated.
>
> All clients systems are using either Netscape Navigator 4.x or Internet
> Explorer 4.x under Windows NT 4.0SP3 and are behind a firewall. The
> firewall itself is implemented on a CISCO 2500 router running IOS 10.3.
> The proxy server is outside of the firewall.
>
> As I write this, Squid is up for a day and a half and there are
> currently more than 800 network connections in FIN_WAIT_2 state:
>
Hi,
I used to have this problem. HP provided me with a script to set the
tcp_fin_wait_timer kernel value. I have attached this script. I execute
it at boot time with : /usr/local/bin/fin_wait_timer -b.
Claude.
#!/bin/ksh
#
# set_fin_time:
#
# Script to modify the keepalive values:
# tcp_fin_wait_timer - time period before connection in fin_wait2
# is silently dropped.
#
# Hewlett Packard Corporation
# This script is UNSUPPORTED. Use at own risk.
# Written: 11 October 95 Scott Millward
#
# @(#)$Revision: 1.3 $ $Author: scotty $ $Date: 95/12/06 14:35:59 $
#
PATH=/bin:/usr/bin:/etc:.
#
# Range of accepted values
#
max_maxidle=32767 # maximum for a short.
min_maxidle=1200 # 10 minutes
#
# Default Values
#
bsdmaxidle=1200 # 8 * 75 seconds (10 minutes)
defmaxidle=0 # default is infinite
#
#
# Temporary Dumping Ground
#
TMPFILE=/tmp/keep$$
# initialize variables
#
max=$defmaxidle
#flags
setmax=0
#misc New for version 1.3 .. Allow for 9.X and 10.X
OS_VERSION=$(uname -r | awk -F. '{print $2}')
kernel_file="/hp-ux"
#
# Usage Subroutine
#
#
usage()
{
echo "usage: set_fin_time [-d] [-i] [-b] [-t <value>] [-help] [-p]"
exit
}
#
# Help Information Subroutine - called when -help option given
#
printhelp()
{
echo "set_fin_time:"
echo " Will set the kernel's TCP FIN_WAIT_2 timer"
echo ""
echo "- The \"- i\" option sets the timer to infinite(0)"
echo ""
echo "- The \"-t\" option will set the FIN_WAIT_2 timer to the"
echo " specified value. This value is in half-seconds."
echo ""
echo "- The \"-d\" option sets these values to their defaults."
echo ""
echo "- The \"-b\" option sets these values to the BSD 4.4 value (10 minutes)"
echo ""
echo "- The \"-help\" option prints this message."
echo ""
echo "- The \"- p\" option prints out the current values."
}
#
# Kernel value reading subroutine
#
read_values()
{
adb $kernel_file /dev/kmem << EOF > $TMPFILE
tcp_fin_wait_timer/d
EOF
vals=`cat $TMPFILE | grep tcp | awk '{if ($2 != "") printf "%d ", $2}'`
once=0
for i in $vals
do
case $once in
0) max_image=$i
once=`expr $once + 1`;;
*) echo "internal error"
esac
done
rm $TMPFILE
}
# Begin of Program
#
# check for options
if [ $(id -u) -ne 0 ]
then
print
print "Sorry, you are not a super-user."
print
print "You must be a super-user to run this script."
print
exit 1
fi
if [ $OS_VERSION -lt 10 ]
then
kernel_file="/hp-ux"
else
kernel_file="/stand/vmunix"
fi
for i in $*
do
case $i in
-t ) shift
setmax=1
max=$1
if [ $max -le $max_maxidle ] && [ $max -ge $min_maxidle ]
then
shift
else
echo "FIN_WAIT_2 timer, $max, is out of recommended range (
$min_maxidle to $max_maxidle ), "
shift
if [ $max -ge $max_maxidle+1 ]
then
echo "Setting FIN_WAIT_2 timer to 0 (infinite)"
echo ""
max=0
else
echo "but change will be made"
echo ""
fi
fi;;
-d ) max=$defmaxidle
echo "Setting FIN_WAIT_2 timer to 0 (infinite)"
setmax=1;;
-b ) max=$bsdmaxidle
setmax=1;;
-i ) max=0
echo "Setting FIN_WAIT_2 timer to 0 (infinite)"
setmax=1;;
-p) ;; #default case
-help ) printhelp
exit ;;
-* ) echo $1 is an unknown parameter
usage;;
esac
done
read_values
#
# if we are not setting values, then print out the current ones
#
if [ $setmax -eq 0 ]
then
echo "The FIN_WAIT_2 timer is set to $max_image half seconds"
exit
fi
#
# Set the value
#
if [ $setmax -eq 1 ]
then
# write value to kernel
adb -w $kernel_file /dev/kmem << EOF > /dev/null
tcp_fin_wait_timer/w 0d$max
EOF
read_values
if [ $max_image -eq $max ]
then
echo "FIN_WAIT_2 timer changed to $max half seconds."
else
echo "ERROR: FIN_WAIT_2 timer change failed. Timer left at $max_image"
fi
fi
