Mikolaj
I looked at netstat and I do not have this many sockets TCP or UNIX.
Wed May 14 16:58:37 EDT 2008
ewr# sysctl kern.ipc.numopensockets && netstat -an -p tcp | wc -l &&
sockstat -u |wc -l
kern.ipc.numopensockets: 15903
261
60
ewr# sockstat -46lu | wc -l
82
Running your script I can only find 1 matching 0 count socket .
I also shutdown proftpd and left it down for 10 mins and I did not see
the number of sockets drop at all.
Any ideas ?
Mikolaj Golub wrote:
On Wed, 14 May 2008 09:46:35 -0400 Mark Saad wrote:
MS> Mikolaj
MS> Thanks for the input, did you change any of the options for
MS> TimeoutLinger or TimeoutIdle ?
No, I didn't
MS> The Proftpd I am running is build for 6.3-RELEASE here are the build
MS> options
MS> Compile-time Settings:
MS> Version: 1.3.0a
MS> Platform: FREEBSD6 (FREEBSD6_3)
MS> Built With:
MS> configure CPPFLAGS=-DHAVE_OPENSSL --localstatedir=/var/run
MS> --disable-sendfile --disable-ipv6
MS> --with-modules=mod_sql:mod_sql_mysql:mod_check_mysql:mod_check_digest
MS> --prefix=/usr/local
MS> --with-includes=/usr/local/include/mysql:/usr/include/openssl
MS> --with-libraries=/usr/local/lib/mysql
It might be that it is not proftpd but other application that cause the leak.
Anyway, to check if it is proftpd, look in its logs for entries like these:
Entering Passive Mode (192,168,0,213,241,70).
FTP session closed.
Convert the last two numbers to port (241*256+70) and check by netstat if you
still have this connection. If you have, then it is likely this is the same
situation as in my case and the proftpd is a problem. Upgrade to 1.3.1 from
ports then.
If proftpd is ok, look for other applications. Search for connections reported
by netstat as ESTABLISHED but not displayed by sockstat utility. You could run
something like this:
netstat -an | grep ESTABL |
while read b l a local remote state; do
echo -n "$local $remote: "
sockstat |
sed -e 's/:/./g' |
grep -c "$local *$remote"
done
Look for sockets with 0 count. These are suspicious ones. Observe these
sockets by netstat and try to figure out what application they could belong
and dig in that direction.
--
Mikolaj Golub
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
--
Mark Saad
Managed UNIX Support
DataPipe Managed Global IT Services
[EMAIL PROTECTED]
1.201.792.4847 (international)
1.888.749.5821 (toll free)
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
This message may contain confidential or privileged information. If you are
not the intended recipient, please advise us immediately and delete this
message. See http://www.datapipe.com/emaildisclaimer.aspx for further
information on confidentiality and the risks of non-secure electronic
communication. If you cannot access these links, please notify us by reply
message and we will send the contents to you.
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
