>> every now and then, some tcp connections get "stuck" on my machine,
>> usually in the CLOSE_WAIT state.  the one i'm looking at now has been
>> there for about an hour and a half.  i could ignore it (but i don't
>> want to :), 
>
>The close_wait/fin_wait cleanup is a good thing to add timeouts to.

i'm not looking to add code to the tcp engine, just to assassinate
arbitrary connections based on what the kernel knows about them.  i
could, for example, take the tcpcb address from netstat -A output and
paass it to a program that would read in the tcpcb, snarf the
appropriate data (ip src and dst, port src and dest, seq and ack
numbers) and write a tcp reset packet to a raw ip socket.  what i
wanted to do was just poke a couple of things in kernel memory and
have it just go away of it's own accord.

>The tcp specs assume the other end of the tcp connection is a well
>behaved unix box.  If (for example) you get a lot of M$ boxes looking
>at your web site, and they happen to disconnect all sessions
>ungracefully you'll have quite a few connections stuck in FIN_WAIT.

FIN_WAIT is a client-side transition point, so my server would not be
affected.  tcp was designed to be able to allow the server more ways
"out" of a lost connection, including the way the client has to wait
2msl and not the server.

but the machine in question is a netbsd-1.2/i386 that was talking to
itself through the loopback interface.  somehow i managed to get my
sshd to "forget" about an open file descriptor, which is why it never
called close() on it, and consequently, the connection lives on in
CLOSE_WAIT.

>For this reason its not unheard of for big server manufacturers to say
>"stuff the RFC" and put a one or two hour timeout in all aspects of
>the 3-way handshake.

and also it is not unknown for tcp stacks to follow the
fin-from-the-server/ack exchange with a reset packet...

>You might want to ask in comp.protocols.tcp-ip .  This comes up there
>every once in a while.

i will look.  thanks...

-- 
|-----< "CODE WARRIOR" >-----|
andrew@echonyc.com (TheMan)        * "ah!  i see you have the internet
codewarrior@daemon.org                               that goes *ping*!"
warfare@graffiti.com      * "information is power -- share the wealth."