www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lajos Incze <in...@mail.matav.hu>
Subject os-linux/3873: Seems to reproduce PR#3190, PR#1950, PR#1940 and PR#3312. httpd children disappear.
Date Wed, 10 Feb 1999 18:53:54 GMT

>Number:         3873
>Category:       os-linux
>Synopsis:       Seems to reproduce PR#3190, PR#1950, PR#1940 and PR#3312. httpd children
disappear.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Feb 10 12:10:01 PST 1999
>Last-Modified:
>Originator:     incze@mail.matav.hu
>Organization:
apache
>Release:        1.2.6
>Environment:
-------------------------------
[root@web httpd]# uname -a
Linux web.hbrt.hu 2.0.36 #1 Tue Nov 17 13:01:19 EST 1998 i586 unknown
[root@web httpd]# rpm -q glibc
glibc-2.0.7-29
[root@web httpd]# rpm -q apache
apache-1.2.6-4
----------------------------------
>Description:
---------------------------------
Moderately loaded intranet server behind a firewall, children regularly cease
to work, only the master httpd server remains. When dying no entry in the error
log, seemingly the master server does not recognize that has no children.
Since upgraded to 2.0.36 (stock redhat update rpm) I allways experience the
SYN flood messages in the syslog:
...
Feb  9 05:12:44 web kernel: Warning: possible SYN flood from 172.16.128.65 on 172.16.128.65:80.
 Sending cookies.
Feb  9 05:14:14 web kernel: Warning: possible SYN flood from 172.16.128.65 on 172.16.128.65:80.
 Sending cookies.
Feb  9 05:15:44 web kernel: Warning: possible SYN flood from 172.16.128.65 on 172.16.128.65:80.
 Sending cookies.
<snip>
Feb  9 08:01:36 web kernel: Warning: possible SYN flood from 172.16.68.60 on 172.16.128.65:80.
 Sending cookies.
Feb  9 08:01:54 web PAM_pwdb[399]: (login) session opened for user vili by (uid=0)
Feb  9 08:01:54 web login[399]: LOGIN ON tty2 BY vili
Feb  9 08:01:59 web PAM_pwdb[8582]: (su) session opened for user root by vili(uid=0)
Feb  9 08:02:44 web kernel: Warning: possible SYN flood from 172.16.128.65 on 172.16.128.65:80.
 Sending cookies.
...
This last four lines show the last SYN flood messages as user 'vili' logs in
to restart the server. Altough the _start_ of these messages (05:12) does not
coincide with the death of children. Meantime a htdig facility tried continually
index the site, and the last access_log entry was about 04:08 am:
...
[Tue Feb  9 04:08:40 1999] File does not exist: /home/htdocs/BELSO/hir/sajtofigy/1998/06/09/026439.html
[Tue Feb  9 04:08:40 1999] File does not exist: /home/htdocs/BELSO/hir/sajtofigy/1998/06/09/026439.html/
[Tue Feb  9 08:02:48 1999] httpd: caught SIGTERM, shutting down
[Tue Feb  9 08:02:49 1999] created shared memory segment #512
[Tue Feb  9 08:02:49 1999] Server configured -- resuming normal operations
[Tue Feb  9 08:02:51 1999] File does not exist: /home/htdocs/BELSO/hir/sajtofigy/1998/07/10/098665.html
[Tue Feb  9 08:02:51 1999] File does not exist: /home/htdocs/BELSO/hir/sajtofigy/1998/07/10/098665.html/
-----------------------------------
>How-To-Repeat:
htdig sometimes causes the problem (but not allways). Unfortunately
whenever I run our scripts from command line it finishes without a
hitch. When it failed ran from cron. 
>Fix:
PR#3312's Ole Tange seems to be on the right track, maybe this all is
a form of the http://www.apache.org/docs/misc/fin_wait_2.html FIN_WAIT2
problem. On the other hand knowledgable shooud visit the tcp/ip kernel
code under what circumstances you can get the TcpAttemptFailed counter
increased. I see that the counter gets increased at the SYN flood detection,
but the numbers provided by netstat -s seems to be higher than that.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]




Mime
View raw message