Comment 4 for bug 134274

TJ (tj) wrote :

I asked the question on the 'netdev' mailing list and got some inconclusive reactions.

The general consensus was that:

a) TCP_DEFER_ACCEPT isn't specified in any RFC and breaks regular handshake negotiation of RFC 793.
b) The load-balancer shouldn't open an HTTP connection and not use it immediately, but no one could/did provide a definitive rule on that.

The upshot is, any Apache 2.1.5+ installation behind pipe-lining load-balancers could suffer the same fate. It is something we should add to the documentation for version 2.1.5+, and it should be up-front in the installation notes for the server product as well as making the server support teams aware of it.

In one way shipping Apache with TCP_DEFER_ACCEPT enabled is in breach of the RFCs and as such it could be argued is a 'bad thing'. On the other had it appears it affects only a small number of installations (judging by how little information there is about it).

There are a few other related issues around TCP_KEEP_ALIVE and broken time-outs in the 'netdev' and 'kernel' mailing lists, and at apache:

Apache "TCP_DEFER_ACCEPT timeout set way too low"
kernel "TCP_DEFER_ACCEPT issues"
netdev "TCP_DEFER_ACCEPT brokenness?"