shibd leaves connections in CLOSE_WAIT state
Roland Tanner
roland at tannerritchie.com
Mon Nov 14 19:22:48 GMT 2011
Hi,
I have shibd (version 2.3.1) running on an Apache2 server for
authentication of UK academic institutions. (Installed via apt-get on a
Debian Lenny server.)
I'm finding that over time the server quickly accumulates an increasing
number of connections in CLOSE_WAIT state which never completely close.
Here's and example output from netstat.
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 38 0 localserver:41904 some-idp.ac.uk:5057 CLOSE_WAIT
tcp 38 0 localserver:39484 some-idp.ac.uk:8443 CLOSE_WAIT
tcp 38 0 localserver:39484 someother-idp.ac.uk:8443 CLOSE_WAIT
The only thing that clears these connections is a forced close of shibd
(eg by killing the process or a force-restart). Restarting networking
with, eg, '/etc/init.d/networking restart' fails to clear them, and in
fact networking won't close down while the connections remain open.
Any ideas about a solution? So far, it does not seem to happen so often
as to exhaust the available connections, but the possibility of
crashing/blocking the server seems to be there if they accumulate like
this. From what I understand, CLOSE_WAIT status gets stuck if the local
application does not close the connection, after receiving a request to
close from the remote server.
Many thanks in advance,
Roland
More information about the users
mailing list