Skip to content

fix(dnstap source): close TCP connection after sending FINISH to prevent CLOSE_WAIT socket leak#24915

Open
jpds wants to merge 1 commit intovectordotdev:masterfrom
jpds:fix/dnstap-tcp-socket-leak-24838
Open

fix(dnstap source): close TCP connection after sending FINISH to prevent CLOSE_WAIT socket leak#24915
jpds wants to merge 1 commit intovectordotdev:masterfrom
jpds:fix/dnstap-tcp-socket-leak-24838

Conversation

@jpds
Copy link
Contributor

@jpds jpds commented Mar 13, 2026

Summary

After sending a FrameStream FINISH frame in response to a client STOP, explicitly shut down the write side of the TCP connection. Per the FrameStream protocol, the server should initiate TCP close after FINISH. Without this, sockets accumulate in CLOSE_WAIT indefinitely because the client may wait for the server to close first, creating a protocol-level deadlock.

Vector configuration

How did you test this PR?

Simple change to TCP behaviour.

Change Type

  • Bug fix
  • New feature
  • Dependencies
  • Non-functional (chore, refactoring, docs)
  • Performance

Is this a breaking change?

  • Yes
  • No

Does this PR include user facing changes?

  • Yes. Please add a changelog fragment based on our guidelines.
  • No. A maintainer will apply the no-changelog label to this PR.

References

Fixes #24838

Notes

  • Please read our Vector contributor resources.
  • Do not hesitate to use @vectordotdev/vector to reach out to us regarding this PR.
  • Some CI checks run only after we manually approve them.
    • We recommend adding a pre-push hook, please see this template.
    • Alternatively, we recommend running the following locally before pushing to the remote branch:
      • make fmt
      • make check-clippy (if there are failures it's possible some of them can be fixed with make clippy-fix)
      • make test
  • After a review is requested, please avoid force pushes to help us review incrementally.
    • Feel free to push as many commits as you want. They will be squashed into one before merging.
    • For example, you can run git merge origin master and git push.
  • If this PR introduces changes Vector dependencies (modifies Cargo.lock), please
    run make build-licenses to regenerate the license inventory and commit the changes (if any). More details here.

@jpds jpds requested a review from a team as a code owner March 13, 2026 10:48
@github-actions github-actions bot added the domain: sources Anything related to the Vector's sources label Mar 13, 2026
@jpds
Copy link
Contributor Author

jpds commented Mar 13, 2026

@esensar Please review when you have a moment.

@jpds @claude
fix(dnstap source): close TCP connection after sending FINISH to prev…
7322604 
…ent CLOSE_WAIT socket leak

After sending a FrameStream FINISH frame in response to a client STOP,
explicitly shut down the write side of the TCP connection. Per the
FrameStream protocol, the server should initiate TCP close after FINISH.
Without this, sockets accumulate in CLOSE_WAIT indefinitely because the
client may wait for the server to close first, creating a protocol-level
deadlock.

Fixes vectordotdev#24838

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@jpds jpds force-pushed the fix/dnstap-tcp-socket-leak-24838 branch from 3986cd8 to 7322604 Compare March 13, 2026 11:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

domain: sources Anything related to the Vector's sources

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

dnstap TCP source leaks CLOSE_WAIT sockets on remote connection close, exhausting RequestLimiter permit pool over ~48h

1 participant

@jpds