Re: tcp keepalive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Date: Thu, 15 Nov 2007 15:10:59 -0700
From: David Boreham <david_list@xxxxxxxxxxx>



I doubt you need to use SO_KEEPALIVE. A couple of observations:

1. If you have ESTABLISHED state connections on one end that are not
in the same state on the peer, that would indicate something broken in the
network or the stack, rather than in the DS.
There's a lot of firewalls out there that silently drop idle connections, rather than informing either side of the action (e.g., at least they should send TCP RST packets but they do nothing). I think SO_KEEPALIVE is a reasonable defensive measure to use, faced with such unfriendly behavior in the network. 


2. The DS already has connection timeout features that you can enable:
http://osdir.com/ml/redhat.fedora.directory.user/2006-04/msg00131.html



Gordon Messmer wrote:
> This morning I noticed that one of my directory servers has hundreds > of "ESTABLISHED" connections from a coworker's Linux host. The > directory server is running RHEL4, kernel 2.6.9-55.ELsmp, and > tcp_keepalive_time is set to 600. The client no longer shows an > ESTABLISHED connection on the port that is reported by netstat on the > directory server. It reports less than ten open connections. 
>
> I'm not sure whether or not an intermediary firewall is doing > something bad, but I expected that the directory server would use > setsockopt() to set SO_KEEPALIVE on its connections so that it could > detect connections that die off. After 600 seconds of inactivity, the > server should start sending probes, and then notify ns-slapd that the > connection is closed. 
>
> I'm not sure how I might filter keepalive packets with tcpdump, so I'm > not sure if I can verify that they're being used with that tool. Can > anyone identify the code that *should* be setting SO_KEEPALIVE on the > sockets, or otherwise speculate on why they might not be working? 

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux