5 Mar
2019
5 Mar
'19
1:14 p.m.
### Description
On our setup with Kamailio 5.2.1 with users connected via TLS. i see frequently TCP/TLS
sessions remain in CLOSE_WAIT:
netstat -ntp |grep CLOSE
tcp 238 0 172.17.217.10:5061 xxx.xxx.xxx.218:52613 CLOSE_WAIT
117912/kamailio
tcp 4681 0 172.17.217.10:5061 xxx.xxx.xxx.125:8892 CLOSE_WAIT
117912/kamailio
In tcpdump i see, that the client send a TCP FIN,ACK and and the OS which is hosting the
Kamailio send TCP ACK. But Kamailio is not closing. So the session remain in CLOSE_WAIT
for a long time (over a hour)
We also have configured:
tcp_connection_lifetime=65
modparam("tls", "connection_timeout", 63)
Which should finally close after 65 second. But no effect.
### Troubleshooting
#### Reproduction
Register SIP clients via TLS, and then let the client close the TCP session ia TCP
FIN,ACK
* **Operating System**:
Debian GNU/Linux 9
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1881
5 Mar
5 Mar
1:53 p.m.
I have see similar behavior on CentOS with default network initialization subsystem.
After I reconfigured to use `systemd-networkd` instead default network initialization,
then i not see more "CLOSE_WAIT".
Could you reconfigure network using `systemd-networkd` and then retest.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1881#issuecomment-469635608
5:26 p.m.
I have see similar behavior on CentOS with default
network initialization subsystem.
After I reconfigured to use `systemd-networkd` instead default network initialization,
then i not see more "CLOSE_WAIT".
Could you reconfigure network using `systemd-networkd` and then retest.
Hey sergey, i could try this too. But as far as I understand it. CLOSE_WAIT is a issue by
the application, not finally closing the session.
As described by [Crist
Clark](http://unix.derkeiler.com/Mailing-Lists/SunManagers/2006-01/msg00367…
CLOSE_WAIT means that the local end of the connection
has received
a FIN from the other end, but the OS is waiting for the program at the
local end to actually close its connection.
The problem is your program running on the local machine is not closing
the socket. It is not a TCP tuning issue. A connection can (and quite
correctly) stay in CLOSE_WAIT forever while the program holds the
connection open.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1881#issuecomment-469699091
6:10 p.m.
Try by setting this core parameter:
* https://www.kamailio.org/wiki/cookbooks/devel/core#tcp_linger2
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1881#issuecomment-469716054
7:02 p.m.
Try by setting this core parameter:
* https://www.kamailio.org/wiki/cookbooks/devel/core#tcp_linger2
Tried out just now with "tcp_linger2=5" and restarted Kamailio. No effect. Also
documentation say it for FIN_WAIT2 not for CLOSE_WAIT state.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1881#issuecomment-469736854
8 Mar
8 Mar
12:09 p.m.
Tune the tcp keepalive parameters to shorten the lifetime duration of these sockets --
there are couple of them, see:
* https://www.kamailio.org/wiki/cookbooks/devel/core#tcp_keepalive
Also, you can tune at OS level with sysctl. The OS value can be seen in the file:
```
/proc/sys/net/ipv4/tcp_keepalive_time
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1881#issuecomment-470857800
22 Mar
22 Mar
3:57 p.m.
Was the hint from previous comment fixing it?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1881#issuecomment-475611122
1 Apr
1 Apr
10:57 a.m.
Reopen if still an issue after keepalive settings.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1881#issuecomment-478475500
10:57 a.m.
Closed #1881.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1881#event-2242443108
2062
days inactive
2089
days old
8 comments
3 participants
participants (3)
-
Daniel-Constantin Mierla -
kvrban
-
sergey-safarov