[Gross] grossd - blocker TIME_WAIT connections

Jesse Thompson jesse.thompson at doit.wisc.edu
Wed Sep 5 14:52:38 EEST 2007


Eino Tuominen wrote:
> Jesse Thompson wrote:
>> version 0.8.2
>>
>> I've been trying to figure out why I'm been having trouble scping and 
>> sshing from my gross servers.  One thing we noticed was a large number 
>> of connections to the Sophos blocker in TIME_WAIT state.
>>
>> netstat -n | grep TIME_WAIT | grep -c 4466
>> 2317
> 
> I think it is. It means that you are making some 100 blocker queries per 
> second. The problem with the current blocker check implementation is 
> that the connections are not reused. So grossd opens a new TCP 
> connection for each blocker query.

Ah.  ok.  The ssh issue isn't a big enough problem to warrant major code 
changes in grossd.  We've got the TIME_WAIT cleanup set to 60 seconds, 
so we may try turning it down to 30 or 45 to see if it helps.

Thanks!
Jesse
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3340 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.utu.fi/pipermail/gross/attachments/20070905/b037c29b/attachment.bin>


More information about the Gross mailing list