[Gross] grossd - blocker TIME_WAIT connections
Jesse Thompson
jesse.thompson at doit.wisc.edu
Wed Sep 5 14:52:38 EEST 2007
Eino Tuominen wrote:
> Jesse Thompson wrote:
>> version 0.8.2
>>
>> I've been trying to figure out why I'm been having trouble scping and
>> sshing from my gross servers. One thing we noticed was a large number
>> of connections to the Sophos blocker in TIME_WAIT state.
>>
>> netstat -n | grep TIME_WAIT | grep -c 4466
>> 2317
>
> I think it is. It means that you are making some 100 blocker queries per
> second. The problem with the current blocker check implementation is
> that the connections are not reused. So grossd opens a new TCP
> connection for each blocker query.
Ah. ok. The ssh issue isn't a big enough problem to warrant major code
changes in grossd. We've got the TIME_WAIT cleanup set to 60 seconds,
so we may try turning it down to 30 or 45 to see if it helps.
Thanks!
Jesse
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3340 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.utu.fi/pipermail/gross/attachments/20070905/b037c29b/attachment.bin>
More information about the Gross
mailing list