On Sat, Aug 29, 2009 at 08:56:25AM +0100, Andrew Gabriel wrote:
>
> I would suggest some more guidance on it's use on the manpage, aimed at
> sysadmin rather than networking expert level, because in most cases the
> use of tcp keepalive actually does the exact opposite, and ensures death
> of connections which would otherwise have not died (the naming is
> somewhat misleading). Consider addition of something like:
>
> This parameter may be useful to preserve idle
> connections through a stateful firewall which
> implements a short timeout, and it may be useful
> to closedown connections from clients which fail
> to closedown their connections when powered off.
> However, it may cause idle connections to be
> broken during periods of transitory network
> outage, which would have survived the outage in
> the absence of this parameter.
>
> It's this last part which catches people out -- the parameter causes
> death to connections during transitory network problems, which is
> completely contrary to what you might assume from the parameter name.
That's certainly acceptable to me. I don't know how much guidance
to sysadmins should be included in man pages, but in this case the
name is indeed misleading. I'll add that to the ARC materials.
Now, here come the worms: I've had a number of requests to add
per-socket keepalive timeouts. I agree that this is a reasonable
thing to do, since they go along nicely with setting SO_KEEPALIVE.
In fact, I wondered how I had overlooked those settings in my wrapper
for Solaris 9 and Solaris 10. It turns out that they don't exist
there! For snv_121 in /usr/include/netinet/tcp.h there are:
#define TCP_KEEPALIVE_THRESHOLD 0x16
#define TCP_KEEPALIVE_ABORT_THRESHOLD 0x17
Now that I know what to change in the inetd code, I can easily add two
more TCP settings. People have only asked for the first one. Should
I add one or both or none?
What happens with a back-port to Solaris 10? I can `ifdef' them in
the C source, but not in the XML file or man page. Alternatively, I
can leave them in for Solaris 10 but have them do nothing if the
symbols don't exist. What do you recommend?
--
-Gary Mills- -Unix Group- -Computer and Network Services-
