[Fedora-directory-users] tcp keepalive
David Boreham
david_list at boreham.org
Thu Nov 15 22:10:59 UTC 2007
I doubt you need to use SO_KEEPALIVE. A couple of observations:
1. If you have ESTABLISHED state connections on one end that are not
in the same state on the peer, that would indicate something broken in the
network or the stack, rather than in the DS.
2. The DS already has connection timeout features that you can enable:
http://osdir.com/ml/redhat.fedora.directory.user/2006-04/msg00131.html
Gordon Messmer wrote:
> This morning I noticed that one of my directory servers has hundreds
> of "ESTABLISHED" connections from a coworker's Linux host. The
> directory server is running RHEL4, kernel 2.6.9-55.ELsmp, and
> tcp_keepalive_time is set to 600. The client no longer shows an
> ESTABLISHED connection on the port that is reported by netstat on the
> directory server. It reports less than ten open connections.
>
> I'm not sure whether or not an intermediary firewall is doing
> something bad, but I expected that the directory server would use
> setsockopt() to set SO_KEEPALIVE on its connections so that it could
> detect connections that die off. After 600 seconds of inactivity, the
> server should start sending probes, and then notify ns-slapd that the
> connection is closed.
>
> I'm not sure how I might filter keepalive packets with tcpdump, so I'm
> not sure if I can verify that they're being used with that tool. Can
> anyone identify the code that *should* be setting SO_KEEPALIVE on the
> sockets, or otherwise speculate on why they might not be working?
More information about the 389-users
mailing list