1833775 Members
3234 Online
110063 Solutions
New Discussion

FIN_WAIT_2

 
Daniel Ubeda
Frequent Advisor

FIN_WAIT_2

Where can I find an script to "kill" connections in FIN_WAIT_2 state ??
Daniel
4 REPLIES 4
Stefan Farrelly
Honored Contributor

Re: FIN_WAIT_2


I dont have a script - but here is the procedure to it;

Find the TCP instance data and then use tcp_discon to remove
the instance as follows:

# ndd -get /dev/tcp tcp_status
TCP dest snxt suna swnd cwnd rnxt rack rwnd rto mss [lport,fport] state

0183b8b4 015.043.233.086 533cb8ce 533cb8ce 00008000 00003000 533bc583 533bc583
00000000 02812 04096 [c00a,cea9] TCP_CLOSE_WAIT

So, if you wanted to remove this connection:
# ndd -set /dev/tcp tcp_discon 0x0183b8b4

If you want to use the tcp_discon_by_addr, you use a 24 byte string that contains the hex representation of the quadruple.

For example, if the connection that I want to delete is:

Local IP: 192.1.2.3 (0xc0010203)
Local Port: 1024 (0x0400)
Remote IP : 192.4.5.6 (0xc0040506)
Remote Port: 2049 (0x0801)

The "hex" string you pass to tcp_discon_by_addr is:

# ndd -set /dev/tcp tcp_discon_by_addr "c00102030400c00405060801"

NOTE: the preceding 0x that typically indicates a Hex number is NOT part of the string passed.
Im from Palmerston North, New Zealand, but somehow ended up in London...
Andreas Voss
Honored Contributor

Re: FIN_WAIT_2

Hi,

have a look at this doc:

http://us-support2.external.hp.com/cki/bin/doc.pl/sid=0c20be0f0b98cb7088/screen=ckiDisplayDocument?docId=200000050068096

Or if you have no access here is the script:

#!/bin/ksh
# Hewlett-Packard Corporation
# This script is UNSUPPORTED. Use at own risk.
# @(#)$Revision: 1.3 $ $Author: scotty $ $Date: 98/08/25 17:55:01 $
#
# This script will query the system for any TCP connections that
# are in the FIN_WAIT_2 state and forcibly disconnect them. It
# uses netstat(1) to find the FIN_WAIT_2 connections and calls
# ndd with the correct hexidecimal representation of the connection
# to close the connection.
#
#
# Temporary files used to compare netstat output
#
MYSCRIPTNAME=${0##*/}
TMPFILE1=/var/tmp/$MYSCRIPTNAME.1
TMPFILE2=/var/tmp/$MYSCRIPTNAME.2
#
# Create a log file to keep track of connection that were removed
#
LOGFILE=/var/adm/$MYSCRIPTNAME.log
function getFinWait2 {
/usr/bin/printf "%.2x%.2x%.2x%.2x%.4x%.2x%.2x%.2x%.2x%.4x\n" $(/usr/bin/netstat -an -f inet | /usr/bin/grep FIN_WAIT_2 | /usr/bin/awk '{print $4,$5}' | /usr/bin/sed 's/\./ /g') > $TMPFILE1
}
function compareFinWait2 {

FIRST_TIME=1
cp $TMPFILE1 $TMPFILE2
getFinWait2
comm -12 $TMPFILE1 $TMPFILE2 | while read CONN
do
if [[ $CONN != "000000000000000000000000" ]]
then
if [ $FIRST_TIME -eq 1 ]
then
print >> $LOGFILE
date >> $LOGFILE
FIRST_TIME=0
fi
print "/usr/bin/ndd -set /dev/tcp tcp_discon_by_addr
\"$CONN\""
>> $LOGFILE
/usr/bin/ndd -set /dev/tcp tcp_discon_by_addr $CONN
fi
done
getFinWait2
}
#
# Main
#
touch $TMPFILE1
touch $TMPFILE2
compareFinWait2

Regards
rick jones
Honored Contributor

Re: FIN_WAIT_2

I woudl strongly suggest that folks NOT use that ndd kludge.

If you are running on HP-UX 11, when an application closes a connection, the TCP stack will immediately enable keepalives on that connection. Those keepalive probes will terminate the connection in FIN_WAIT_2 sometime between tcp_keepalive_detached_interval and tcp_keepalive_detached_interval+tcp_ip_abort_interval milliseconds.

there is no rest for the wicked yet the virtuous have no pillows
Bill McNAMARA_1
Honored Contributor

Re: FIN_WAIT_2

You'll get the info in the attached doc.

Bill
It works for me (tm)