ATS 6.1.1 -- Found some orphaned connections after sending 403-response to the client. #1304
Description
We have ATS 6.1.1 (running under Linux RH72) configured as a reverse proxy. If the client requests a URL that is not defined with a rule in remap.config, then we send a 403 forbidden back to the client and close the connection. This normally works, but we found after several weeks (and thousands of 403's sent) that there are a handful of connections that show up as ESTABLISHED in netstat, but they do not appear to be managed any longer by ATS.
First, we monitored using tcpdump to confirm that there was no activity on these connections for about an hour. Second, we removed the cache from production and dynamically turned on debug for the net_queue tag using traffic_ctl, and even when the queue sizes were zero the established connections persisted. So these seem to be orphaned connections not policed by inactivity_cop (time-out set for 300 seconds). We confirmed in our ATS log files that ATS had previously sent completed 403 responses on these connections (matched by client IP and source port) from days up to weeks back.
Any ideas? Also, does or can ATS make use of the socket TCP level time-outs (setsockopt ... SO_KEEPALIVE)?