Hi TIA,
The first question is can you find the file descriptor for the socket that is currently being seen as waiting to close or open a connection. If you can locate the socket, you could do this with the output of a tool like lsof (list open file handles) but I do not know how you would do this in perl other than possibly reading proc, then you need to pass the descriptor to something like select or poll, you probably want poll since it will not return until it finds a condition in one of the sockets. As far as I know though since the socket is already in a closing state, FIN wait meaning it is waiting for the other side to finish closing the connection, the standard read/write tools may not help. These tools have an error condition but not a 'test for half closed condition'. You could just manually close the sockets but that may be a bad idea as you don't know how the original application is handling it. You could also try to write raw ip packets and spoof fin packets to the localhost but that could also cause the original application to grow unhappy.

A better thing to do would be to fix the actual issue at hand then trying to bandage a solution. If your firewall is timingout connection then it sounds like it is maintaing a state table and possibly translating (NAT) the connection. You do not need to do this. Why? Because there is no benefit to keeping a state on a persistent database connection and no added security since as far as I've ever seen no one has made a list of secure database commands to check against in the application layer. This would be very hard to do since most database problems come in valid syntax queries.

So what you really need to do is ask your firewall/network person to treat your connection as a static route and only apply packet filtering rules, no state. This is achievable but can be difficult on some firewalls, cisco pix for example. that treat every connection through them as a route. This will prevent the firewall from closing the socket and preventing the webserver from sending the fin in the first place.

If this does not work for you let me know, there are some other solutions you could try that I've helped clients with.

Just my opinion.

Dave -- Saving the world one node at a time