Excessive memory consumption when keepalives are enabled

[djs55]

The keepalives implementation in #338 maintains a reference to the TCP connection state while the keep-alive timer is set. When the connection is closed the refresh function will not be called as there is no more traffic, so the keep-alive timer will start counting down and sending keep-alive messages. This is unnecessary because the connection has been closed. The peer will send RST packets but we ignore those too. Eventually the final timer expires and the keep-alive code gives up and the connection state can be collected by the GC.

Unfortunately the connection state can be quite large, as it includes buffers of data which have been received but not yet transmitted to the application.

Therefore if

• the stack has keep-alive enabled; and
• connects or accepts large numbers of short-lived connections; and
• lots of data is received by the stack and buffered

then the heap usage of the stack can quickly grow to unacceptable levels, causing the machine to swap or otherwise run out of memory.

This was first reported in [moby/vpnkit#371]

As discussed here the plan is to add a warning to the keep alive code in the short term and then fix it in a future release.