Bug 255065

Summary: Accept filters do not timeout inactive connections
Product: Base System Reporter: Dave Hayes <dave>
Component: kernAssignee: freebsd-net (Nobody) <net>
Status: New ---    
Severity: Affects Many People    
Priority: ---    
Version: 12.2-STABLE   
Hardware: Any   
OS: Any   
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=29774

Description Dave Hayes 2021-04-14 20:06:26 UTC 
The accept filter mechanism apparently has no methodology to timeout inactive connections. This allows one to connect to an application using accept filter, and simply hold the connection open indefinitely without sending data. 

Sockets that connect to an accept filter should timeout after some reasonable period of inactivity.

This ancient bug is related: 

  https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=29774

I do realize this behavior is (thankfully) limited by the setting of kern.ipc.soacceptqueue, which defaults to 4096. I also realize that the 4097th socket will cause the oldest socket to be dropped by the kernel. Even so, this is still a potential waste of resource. 

Is it possible to allow an explicit timeout to be set, either by sysctl or by API?