This morning I noticed that one of my directory servers has hundreds of
"ESTABLISHED" connections from a coworker's Linux host. The directory
server is running RHEL4, kernel 2.6.9-55.ELsmp, and tcp_keepalive_time
is set to 600. The client no longer shows an ESTABLISHED connection on
the port that is reported by netstat on the directory server. It
reports less than ten open connections.
I'm not sure whether or not an intermediary firewall is doing something
bad, but I expected that the directory server would use setsockopt() to
set SO_KEEPALIVE on its connections so that it could detect connections
that die off. After 600 seconds of inactivity, the server should start
sending probes, and then notify ns-slapd that the connection is closed.
I'm not sure how I might filter keepalive packets with tcpdump, so I'm
not sure if I can verify that they're being used with that tool. Can
anyone identify the code that *should* be setting SO_KEEPALIVE on the
sockets, or otherwise speculate on why they might not be working?
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
