255065 – Accept filters do not timeout inactive connections

Bug 255065 - Accept filters do not timeout inactive connections

Summary: Accept filters do not timeout inactive connections

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	12.2-STABLE
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	freebsd-net (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-04-14 20:06 UTC by Dave Hayes
Modified:	2021-04-15 07:45 UTC (History)
CC List:	0 users

See Also:	29774

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dave Hayes 2021-04-14 20:06:26 UTC

The accept filter mechanism apparently has no methodology to timeout inactive connections. This allows one to connect to an application using accept filter, and simply hold the connection open indefinitely without sending data. 

Sockets that connect to an accept filter should timeout after some reasonable period of inactivity.

This ancient bug is related: 

  https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=29774

I do realize this behavior is (thankfully) limited by the setting of kern.ipc.soacceptqueue, which defaults to 4096. I also realize that the 4097th socket will cause the oldest socket to be dropped by the kernel. Even so, this is still a potential waste of resource. 

Is it possible to allow an explicit timeout to be set, either by sysctl or by API?