From denis.hainsworth@gmail.com Thu May 1 15:27:40 2014 Received: from mail-qa0-f52.google.com (mail-qa0-f52.google.com [209.85.216.52]) by underdog.stansell.org (8.14.7/8.14.7) with ESMTP id s41FRbuA007445 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for ; Thu, 1 May 2014 15:27:39 GMT Received: by mail-qa0-f52.google.com with SMTP id cm18so2018800qab.39 for ; Thu, 01 May 2014 08:27:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:subject:message-id:reply-to:mime-version :content-type:content-disposition:user-agent; bh=y86ZscLTNSy+Ih2o/2me2uvkgMOgylMcDYg9mJ0UsZA=; b=WPzrlBPcdT9GAugNrt2p7eI9w3hRkchUGQBLSHTnUWQbL6hGmKZyu+icIwr3YH868B IAKhlQJIUzW1hQwxDQo6LpssugkEISntwzd53J1+Dr4NfVVlkXd3YIR/iylbnIUh3b4R tuDzHKMvCqI+pfqM4z9KwtVC2Jw0lDcb7cpy5HLKmoyqJJCnzBuHxXINgfu0ZANBvjqy 2N7L3sorlE9DbIkUydOhN1XBSFz5ii8C/Xzx7vkwCDiDPSNB3Lpbpsrv4uWnbXMUGk+I heGyyTVno9ZCLe8wbt7o3DBy/pYsHI+CZaq869Cn28ruekV+s3s222fTSse44X+gp0Ns RpIA== X-Received: by 10.229.53.136 with SMTP id m8mr14718598qcg.4.1398958057052; Thu, 01 May 2014 08:27:37 -0700 (PDT) Received: from xmas.dyndns.org (cl-890.chi-02.us.sixxs.net. [2001:4978:f:379::2]) by mx.google.com with ESMTPSA id q5sm47550838qam.37.2014.05.01.08.27.35 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 01 May 2014 08:27:36 -0700 (PDT) Sender: Denis Hainsworth Received: by xmas.dyndns.org (Postfix, from userid 501) id 4B6CDBFA053; Thu, 1 May 2014 11:27:34 -0400 (EDT) Date: Thu, 1 May 2014 11:27:34 -0400 From: Denis Hainsworth To: users@conserver.com Subject: add keepalives as an options to the console tool Message-ID: <20140501152733.GA14454@cs.brandeis.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Score: -1.489 () BAYES_00,FREEMAIL_FROM,T_DKIM_INVALID X-Scanned-By: MIMEDefang 2.72 on 198.151.248.21 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.16 Precedence: list Reply-To: Denis Hainsworth List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2014 15:27:40 -0000 hello, wanted to mention something that I think would be pretty simple to add, though its clearly a rare issue. in our case we have several datacenters connected by vpn links. like most vpns it watches for stale sessions and clears them to keep its state tables reasonably clean. what was happening was if you were working with the console tool on a device and lets say were waiting to see output or just leaving the connection open for later work you would often find the tcp connection between "console" and the remote conserver. this was only mildly annoying but since when do we not fix the mildly annoying :) I took the easy way out and am using libkeepalive to send keepalives on my console connections however it would be a nice to have to add a flag to console to be able to set the tcp_keepalives on the ssl connections it makes. -denis -- __________________________ Denis Alan Hainsworth denis@alumni.brandeis.edu From denis.hainsworth@gmail.com Thu May 1 19:02:19 2014 Received: from mail-qc0-f173.google.com (mail-qc0-f173.google.com [209.85.216.173]) by underdog.stansell.org (8.14.7/8.14.7) with ESMTP id s41J2Hs1014988 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for ; Thu, 1 May 2014 19:02:19 GMT Received: by mail-qc0-f173.google.com with SMTP id r5so3790012qcx.32 for ; Thu, 01 May 2014 12:02:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:reply-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=0+UB+SubzEpxkVs50idTGRgyfdyaG1lYu+ZMy0o+toM=; b=R9g6xlysxOLnRrGizQ30PXu+2nPuJwsXYwA6NA9i34ONATI+nNR+VLE9Q+xjt1P9b+ LlJyUtlmtfNA43NeGQq+f5pwUxnqLHsjjU8DODYSven0ykc8p9h7G4A70l4k+4dTPEvx No+gatLX8f/SWZl2Q05xu5pV0X/BL9sQ38RR1YRcE2S0Sv3cq9vhy2MAiI1eOClpqS5Q LCasavMctkMomvafHcNm1uIy+Q1vyTzb5uGCbsMi2mq/JNvkdFjD7vXw9USy881oVsh4 DomGnUDl7YBJv1QYa47iS6y26e5XZL4hULemUybRVhJT8oVF31mVK0EbQqA9kHRnQ9KI FUkA== X-Received: by 10.140.87.207 with SMTP id r73mr15116155qgd.110.1398970935368; Thu, 01 May 2014 12:02:15 -0700 (PDT) Received: from xmas.dyndns.org (cl-890.chi-02.us.sixxs.net. [2001:4978:f:379::2]) by mx.google.com with ESMTPSA id c90sm36170664qgd.3.2014.05.01.12.02.14 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 01 May 2014 12:02:14 -0700 (PDT) Sender: Denis Hainsworth Received: by xmas.dyndns.org (Postfix, from userid 501) id 925BEBFA053; Thu, 1 May 2014 15:02:11 -0400 (EDT) Date: Thu, 1 May 2014 15:02:11 -0400 From: Denis Hainsworth To: Joe Greco Subject: Re: add keepalives as an options to the console tool Message-ID: <20140501190211.GA27610@cs.brandeis.edu> References: <20140501152733.GA14454@cs.brandeis.edu> <201405011108.s41B8cC9078260@aurora.sol.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201405011108.s41B8cC9078260@aurora.sol.net> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Score: -1.489 () BAYES_00,FREEMAIL_FROM,T_DKIM_INVALID X-Scanned-By: MIMEDefang 2.72 on 198.151.248.21 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.16 Precedence: list Reply-To: Denis Hainsworth List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2014 19:02:20 -0000 On Thu, May 01, 2014 at 06:08:37AM -0500, Joe Greco wrote: > > hello, > > wanted to mention something that I think would be pretty simple to add, > > though its clearly a rare issue. > > > > in our case we have several datacenters connected by vpn links. like > > most vpns it watches for stale sessions and clears them to keep its > > state tables reasonably clean. what was happening was if you were > > working with the console tool on a device and lets say were waiting to > > see output or just leaving the connection open for later work you would > > often find the tcp connection between "console" and the remote > > conserver. this was only mildly annoying but since when do we not fix > > the mildly annoying :) > > > > I took the easy way out and am using libkeepalive to send keepalives on > > my console connections however it would be a nice to have to add a flag > > to console to be able to set the tcp_keepalives on the ssl connections > > it makes. > > Why don't you just enable keepalives globally? On FreeBSD for example > that's been net.inet.tcp.always_keepalive=1 for many years. Its certainly one option but folks dont always have access to the global options or your IT/sysadmin dept may not want to for valid/invalid reasons. I always like when I can enable such things on a per program basis. -denis From bryan@conserver.com Thu May 1 19:55:49 2014 Received: from shuttle.home.stansell.org (c-98-207-6-47.hsd1.ca.comcast.net [98.207.6.47]) (authenticated bits=0) by underdog.stansell.org (8.14.7/8.14.7) with ESMTP id s41Jtmi7016572 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Thu, 1 May 2014 19:55:48 GMT From: Bryan Stansell Content-Type: multipart/mixed; boundary="Apple-Mail=_3A953806-D62E-4522-B383-A9226D6B58A2" Message-Id: <982FEAA6-9DAE-4A97-B0D8-083FD4D6B1BF@conserver.com> Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) Subject: Re: add keepalives as an options to the console tool Date: Thu, 1 May 2014 12:55:48 -0700 References: <20140501152733.GA14454@cs.brandeis.edu> <201405011108.s41B8cC9078260@aurora.sol.net> <20140501190211.GA27610@cs.brandeis.edu> To: users@conserver.com In-Reply-To: <20140501190211.GA27610@cs.brandeis.edu> X-Mailer: Apple Mail (2.1874) X-Spam-Score: 0.163 () BAYES_00,RDNS_DYNAMIC X-Scanned-By: MIMEDefang 2.72 on 198.151.248.21 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.16 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2014 19:55:49 -0000 --Apple-Mail=_3A953806-D62E-4522-B383-A9226D6B58A2 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii I think having keepalives between client and server has, basically, been = an oversight. They are enabled (when possible) from server to console. = I've attached a quick patch (based on 8.2.0) that compiles and passes = "make test". But that's the extent of the effort on my side so far. = I'd love to know if it solves your problem, as it'll go in 8.2.1. Bryan --Apple-Mail=_3A953806-D62E-4522-B383-A9226D6B58A2 Content-Disposition: attachment; filename=keepalive.patch Content-Type: application/octet-stream; name="keepalive.patch" Content-Transfer-Encoding: 7bit *** console/console.c 20 Apr 2014 06:45:07 -0000 5.190 --- console/console.c 1 May 2014 19:46:04 -0000 *************** *** 518,523 **** --- 518,526 ---- struct hostent *hp = (struct hostent *)0; struct sockaddr_in port; #endif + #if HAVE_SETSOCKOPT + int one = 1; + #endif #if USE_IPV6 # if HAVE_MEMSET *************** *** 561,568 **** --- 564,578 ---- */ s = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); if (s != -1) { + # if HAVE_SETSOCKOPT + if (setsockopt + (s, SOL_SOCKET, SO_KEEPALIVE, (char *)&one, + sizeof(one)) < 0) + goto fail; + # endif if (connect(s, rp->ai_addr, rp->ai_addrlen) == 0) goto success; + fail: close(s); } rp = rp->ai_next; *************** *** 639,644 **** --- 649,662 ---- Error("socket(AF_INET,SOCK_STREAM): %s", strerror(errno)); return (CONSFILE *)0; } + # if HAVE_SETSOCKOPT + if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *)&one, sizeof(one)) + < 0) { + Error("setsockopt(SO_KEEPALIVE): %s", strerror(errno)); + close(s); + return (CONSFILE *)0; + } + # endif if (connect(s, (struct sockaddr *)(&port), sizeof(port)) < 0) { Error("connect(): %hu@%s: %s", ntohs(port.sin_port), pcToHost, --Apple-Mail=_3A953806-D62E-4522-B383-A9226D6B58A2 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On May 1, 2014, at 12:02 PM, Denis Hainsworth = wrote: > On Thu, May 01, 2014 at 06:08:37AM -0500, Joe Greco wrote: >>> hello, >>> wanted to mention something that I think would be pretty simple to = add, >>> though its clearly a rare issue. >>>=20 >>> in our case we have several datacenters connected by vpn links. = like >>> most vpns it watches for stale sessions and clears them to keep its >>> state tables reasonably clean. what was happening was if you were >>> working with the console tool on a device and lets say were waiting = to >>> see output or just leaving the connection open for later work you = would >>> often find the tcp connection between "console" and the remote >>> conserver. this was only mildly annoying but since when do we not = fix >>> the mildly annoying :) >>>=20 >>> I took the easy way out and am using libkeepalive to send keepalives = on >>> my console connections however it would be a nice to have to add a = flag >>> to console to be able to set the tcp_keepalives on the ssl = connections >>> it makes. >>=20 >> Why don't you just enable keepalives globally? On FreeBSD for = example >> that's been net.inet.tcp.always_keepalive=3D1 for many years. >=20 > Its certainly one option but folks dont always have access to the = global > options or your IT/sysadmin dept may not want to for valid/invalid > reasons. I always like when I can enable such things on a per program > basis. >=20 > -denis > _______________________________________________ > users mailing list > users@conserver.com > https://www.conserver.com/mailman/listinfo/users --Apple-Mail=_3A953806-D62E-4522-B383-A9226D6B58A2-- From denis.hainsworth@gmail.com Thu May 1 21:06:44 2014 Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) by underdog.stansell.org (8.14.7/8.14.7) with ESMTP id s41L6fa4019584 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 1 May 2014 21:06:43 GMT Received: by mail-qc0-f182.google.com with SMTP id e16so1352022qcx.13 for ; Thu, 01 May 2014 14:06:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:reply-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=uy7ankAeAx8050deo5gXMiEdc5FVxq1YHIubOFlDUTE=; b=IerMDzYBpmWZg/I7El6X7rPKih10icHz9Eo4oaWX+7o8E5fbaiPPUs87/Qn7A2BsA3 Cr4oaAJPIL8P1DWkBSed8XQ5z42cqZ0JPEb/c61tPOTzHpQzyuP8IrrvQOM/0t9e6gVa ufBGcIoRRrqZC6jJW/6Uz4onQDNuZBctkSy4e/CUED8fknbL8RLzO1oEsEN5cZwK+pc9 J03Z+kKYL9hiq0jYQKdtU5okFyshwKSj0q0lLJ46ns9hKnNunWA7+h45wfn9x8/Jza1v 2lvQtbcY3Byjuuc4GAk85RFsJOZJMghnzkazlPp8tmu1HADyH8y1gH+37md+zeEVKj/C meGA== X-Received: by 10.224.4.5 with SMTP id 5mr17054088qap.85.1398978400694; Thu, 01 May 2014 14:06:40 -0700 (PDT) Received: from xmas.dyndns.org (cl-890.chi-02.us.sixxs.net. [2001:4978:f:379::2]) by mx.google.com with ESMTPSA id w101sm36600775qge.12.2014.05.01.14.06.39 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 01 May 2014 14:06:40 -0700 (PDT) Sender: Denis Hainsworth Received: by xmas.dyndns.org (Postfix, from userid 501) id 7EB06BFA053; Thu, 1 May 2014 17:06:37 -0400 (EDT) Date: Thu, 1 May 2014 17:06:37 -0400 From: Denis Hainsworth To: Bryan Stansell Subject: Re: add keepalives as an options to the console tool Message-ID: <20140501210637.GD27610@cs.brandeis.edu> References: <20140501152733.GA14454@cs.brandeis.edu> <201405011108.s41B8cC9078260@aurora.sol.net> <20140501190211.GA27610@cs.brandeis.edu> <982FEAA6-9DAE-4A97-B0D8-083FD4D6B1BF@conserver.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <982FEAA6-9DAE-4A97-B0D8-083FD4D6B1BF@conserver.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Score: -1.489 () BAYES_00,FREEMAIL_FROM,T_DKIM_INVALID X-Scanned-By: MIMEDefang 2.72 on 198.151.248.21 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.16 Precedence: list Reply-To: Denis Hainsworth List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2014 21:06:44 -0000 Hey Bryan, I'll try to test it out soonish. Does it use the OS default keepalive settings? As linux's is like 2 hours whch is well over when most firewalls will kill off a session with no traffic. This is why i was thinking of it more as a confurable setting. Also that would allow people who maybe are on sketchy lab networks and would rather not have keepalives tearing down things, to be able seet them high or disable them. -denis On Thu, May 01, 2014 at 12:55:48PM -0700, Bryan Stansell wrote: > I think having keepalives between client and server has, basically, been an oversight. They are enabled (when possible) from server to console. I've attached a quick patch (based on 8.2.0) that compiles and passes "make test". But that's the extent of the effort on my side so far. I'd love to know if it solves your problem, as it'll go in 8.2.1. > > Bryan > > > > > On May 1, 2014, at 12:02 PM, Denis Hainsworth wrote: > > > On Thu, May 01, 2014 at 06:08:37AM -0500, Joe Greco wrote: > >>> hello, > >>> wanted to mention something that I think would be pretty simple to add, > >>> though its clearly a rare issue. > >>> > >>> in our case we have several datacenters connected by vpn links. like > >>> most vpns it watches for stale sessions and clears them to keep its > >>> state tables reasonably clean. what was happening was if you were > >>> working with the console tool on a device and lets say were waiting to > >>> see output or just leaving the connection open for later work you would > >>> often find the tcp connection between "console" and the remote > >>> conserver. this was only mildly annoying but since when do we not fix > >>> the mildly annoying :) > >>> > >>> I took the easy way out and am using libkeepalive to send keepalives on > >>> my console connections however it would be a nice to have to add a flag > >>> to console to be able to set the tcp_keepalives on the ssl connections > >>> it makes. > >> > >> Why don't you just enable keepalives globally? On FreeBSD for example > >> that's been net.inet.tcp.always_keepalive=1 for many years. > > > > Its certainly one option but folks dont always have access to the global > > options or your IT/sysadmin dept may not want to for valid/invalid > > reasons. I always like when I can enable such things on a per program > > basis. > > > > -denis > > _______________________________________________ > > users mailing list > > users@conserver.com > > https://www.conserver.com/mailman/listinfo/users > > _______________________________________________ > users mailing list > users@conserver.com > https://www.conserver.com/mailman/listinfo/users -- __________________________ Denis Alan Hainsworth denis@alumni.brandeis.edu From bryan@conserver.com Thu May 1 21:26:03 2014 Received: from shuttle.home.stansell.org (c-98-207-6-47.hsd1.ca.comcast.net [98.207.6.47]) (authenticated bits=0) by underdog.stansell.org (8.14.7/8.14.7) with ESMTP id s41LQ2xD020140 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Thu, 1 May 2014 21:26:02 GMT Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) Subject: Re: add keepalives as an options to the console tool From: Bryan Stansell In-Reply-To: <20140501210637.GD27610@cs.brandeis.edu> Date: Thu, 1 May 2014 14:26:02 -0700 Message-Id: <3BCFF776-F0C2-4499-A843-77C3BE5A330D@conserver.com> References: <20140501152733.GA14454@cs.brandeis.edu> <201405011108.s41B8cC9078260@aurora.sol.net> <20140501190211.GA27610@cs.brandeis.edu> <982FEAA6-9DAE-4A97-B0D8-083FD4D6B1BF@conserver.com> <20140501210637.GD27610@cs.brandeis.edu> To: users@conserver.com X-Mailer: Apple Mail (2.1874) X-Spam-Score: 0.163 () BAYES_00,RDNS_DYNAMIC X-Scanned-By: MIMEDefang 2.72 on 198.151.248.21 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by underdog.stansell.org id s41LQ2xD020140 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.16 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2014 21:26:03 -0000 My knowledge on any keepalive "tuning" is minimal. But, looking at tcp(7) on a linux host, it looks like there are TCP options like TCP_KEEPIDLE that allow you to override the system-level settings, but they are linux specific and it says portable code should not use these options. So, as far as I understood things (and still do), there's no generic way to adjust timings. Obviously, it *could* be a linux-specific feature, but that seems non-ideal. Maybe a console<->conserver keepalive would be best (akin to openssh "server alive" messages)... If anyone wants to educate me on tuning keepalives (in a portable way), I'm all ears... ;-) I'll be thinking about things... Bryan On May 1, 2014, at 2:06 PM, Denis Hainsworth wrote: > Hey Bryan, > I'll try to test it out soonish. Does it use the OS default keepalive > settings? As linux's is like 2 hours whch is well over when most > firewalls will kill off a session with no traffic. > > This is why i was thinking of it more as a confurable setting. Also > that would allow people who maybe are on sketchy lab networks and would > rather not have keepalives tearing down things, to be able seet them > high or disable them. > > -denis > > On Thu, May 01, 2014 at 12:55:48PM -0700, Bryan Stansell wrote: >> I think having keepalives between client and server has, basically, been an oversight. They are enabled (when possible) from server to console. I've attached a quick patch (based on 8.2.0) that compiles and passes "make test". But that's the extent of the effort on my side so far. I'd love to know if it solves your problem, as it'll go in 8.2.1. >> >> Bryan >> > > >> >> >> >> On May 1, 2014, at 12:02 PM, Denis Hainsworth wrote: >> >>> On Thu, May 01, 2014 at 06:08:37AM -0500, Joe Greco wrote: >>>>> hello, >>>>> wanted to mention something that I think would be pretty simple to add, >>>>> though its clearly a rare issue. >>>>> >>>>> in our case we have several datacenters connected by vpn links. like >>>>> most vpns it watches for stale sessions and clears them to keep its >>>>> state tables reasonably clean. what was happening was if you were >>>>> working with the console tool on a device and lets say were waiting to >>>>> see output or just leaving the connection open for later work you would >>>>> often find the tcp connection between "console" and the remote >>>>> conserver. this was only mildly annoying but since when do we not fix >>>>> the mildly annoying :) >>>>> >>>>> I took the easy way out and am using libkeepalive to send keepalives on >>>>> my console connections however it would be a nice to have to add a flag >>>>> to console to be able to set the tcp_keepalives on the ssl connections >>>>> it makes. >>>> >>>> Why don't you just enable keepalives globally? On FreeBSD for example >>>> that's been net.inet.tcp.always_keepalive=1 for many years. >>> >>> Its certainly one option but folks dont always have access to the global >>> options or your IT/sysadmin dept may not want to for valid/invalid >>> reasons. I always like when I can enable such things on a per program >>> basis. >>> >>> -denis >>> _______________________________________________ >>> users mailing list >>> users@conserver.com >>> https://www.conserver.com/mailman/listinfo/users >> > >> _______________________________________________ >> users mailing list >> users@conserver.com >> https://www.conserver.com/mailman/listinfo/users > > > -- > __________________________ > Denis Alan Hainsworth > denis@alumni.brandeis.edu From cfowler@outpostsentinel.com Thu May 1 21:35:15 2014 Received: from support.opsdc.com (support.opsdc.com [65.254.219.9]) by underdog.stansell.org (8.14.7/8.14.7) with ESMTP id s41LZC4I020497 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 1 May 2014 21:35:15 GMT Received: from [192.168.100.2] ([192.168.100.2]) (authenticated bits=0) by support.opsdc.com (8.13.8/8.13.8) with ESMTP id s41LZ8E7006117 for ; Thu, 1 May 2014 17:35:09 -0400 Message-ID: <5362BE16.3@outpostsentinel.com> Date: Thu, 01 May 2014 17:35:18 -0400 From: Chris Fowler User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: users@conserver.com Subject: Re: add keepalives as an options to the console tool References: <20140501152733.GA14454@cs.brandeis.edu> <201405011108.s41B8cC9078260@aurora.sol.net> <20140501190211.GA27610@cs.brandeis.edu> <982FEAA6-9DAE-4A97-B0D8-083FD4D6B1BF@conserver.com> <20140501210637.GD27610@cs.brandeis.edu> <3BCFF776-F0C2-4499-A843-77C3BE5A330D@conserver.com> In-Reply-To: <3BCFF776-F0C2-4499-A843-77C3BE5A330D@conserver.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -1.5 () BAYES_00 X-Scanned-By: MIMEDefang 2.72 on 198.151.248.21 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.16 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2014 21:35:15 -0000 On 05/01/2014 05:26 PM, Bryan Stansell wrote: > My knowledge on any keepalive "tuning" is minimal. But, looking at tcp(7) on a linux host, it looks like there are TCP options like TCP_KEEPIDLE that allow you to override the system-level settings, but they are linux specific and it says portable code should not use these options. > > So, as far as I understood things (and still do), there's no generic way to adjust timings. Obviously, it *could* be a linux-specific feature, but that seems non-ideal. Maybe a console<->conserver keepalive would be best (akin to openssh "server alive" messages)... > > If anyone wants to educate me on tuning keepalives (in a portable way), I'm all ears... ;-) > > I'll be thinking about things... echo 300 > /proc/sys/net/ipv4/tcp_keepalive_time echo 1 > /proc/sys/net/ipv4/tcp_keepalive_probes This adjusts it for the server. How important is keeping the connection alive? When you are only receiving from the remote target then it is very important. Chris From denis.hainsworth@gmail.com Thu May 1 22:45:17 2014 Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) by underdog.stansell.org (8.14.7/8.14.7) with ESMTP id s41MjEnY022752 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 1 May 2014 22:45:16 GMT Received: by mail-qc0-f182.google.com with SMTP id e16so1450686qcx.13 for ; Thu, 01 May 2014 15:45:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:reply-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=fGSS4xnu7qgPIioygCJJzoQpIBqewHSA6Y+AKMXdKPw=; b=MhoZPPzlCjFZpiSZfkGYguxX7RDxtOFaHWJznt+gb6v7u1cneHwyhcik8LMp205ge4 goSIi312uieT9UjZOhRQj84b29p7+psj6zRHe8F2IfMXHE3YhhQTNZFIUyYAjO9pDVlL CQXdq/Yw+iRcAwGI4AbKeaW8RBia1VD2404WeTOh1LWH65dSq8lqdP3wk5epADBCFBq3 81x9j7K9On4gQv8A/leSWlDSKJ9s+dSTn8T9wQyQiE+iHhJ86W0odFTe9u0PQUTxbZlw 1qCqHe6F8MtFB79lKv1Hi5LCajQZgfETtDvLqHk3qEzT3MaEX6wMXDJAiw7e4L9NmRhY Jhqw== X-Received: by 10.224.11.208 with SMTP id u16mr18094403qau.4.1398984313777; Thu, 01 May 2014 15:45:13 -0700 (PDT) Received: from xmas.dyndns.org (cl-890.chi-02.us.sixxs.net. [2001:4978:f:379::2]) by mx.google.com with ESMTPSA id 39sm36934751qgo.22.2014.05.01.15.45.12 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 01 May 2014 15:45:13 -0700 (PDT) Sender: Denis Hainsworth Received: by xmas.dyndns.org (Postfix, from userid 501) id 39A55BFA053; Thu, 1 May 2014 18:45:10 -0400 (EDT) Date: Thu, 1 May 2014 18:45:10 -0400 From: Denis Hainsworth To: Bryan Stansell Subject: Re: add keepalives as an options to the console tool Message-ID: <20140501224510.GA10410@cs.brandeis.edu> References: <20140501152733.GA14454@cs.brandeis.edu> <201405011108.s41B8cC9078260@aurora.sol.net> <20140501190211.GA27610@cs.brandeis.edu> <982FEAA6-9DAE-4A97-B0D8-083FD4D6B1BF@conserver.com> <20140501210637.GD27610@cs.brandeis.edu> <3BCFF776-F0C2-4499-A843-77C3BE5A330D@conserver.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3BCFF776-F0C2-4499-A843-77C3BE5A330D@conserver.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Score: -1.489 () BAYES_00,FREEMAIL_FROM,T_DKIM_INVALID X-Scanned-By: MIMEDefang 2.72 on 198.151.248.21 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.16 Precedence: list Reply-To: Denis Hainsworth List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2014 22:45:18 -0000 Hmm. I have no clue how to write portable code ;) these guys seem to be discussing such things https://github.com/automatak/dnp3/issues/38 That being said if basic keepalive settings are not tweakable with other builds I'd say just add it as a linux only feature for now. Me and one other dude are probably the only ones that will find it useful :) -denis On Thu, May 01, 2014 at 02:26:02PM -0700, Bryan Stansell wrote: > My knowledge on any keepalive "tuning" is minimal. But, looking at tcp(7) on a linux host, it looks like there are TCP options like TCP_KEEPIDLE that allow you to override the system-level settings, but they are linux specific and it says portable code should not use these options. > > So, as far as I understood things (and still do), there's no generic way to adjust timings. Obviously, it *could* be a linux-specific feature, but that seems non-ideal. Maybe a console<->conserver keepalive would be best (akin to openssh "server alive" messages)... > > If anyone wants to educate me on tuning keepalives (in a portable way), I'm all ears... ;-) > > I'll be thinking about things... > > Bryan > > On May 1, 2014, at 2:06 PM, Denis Hainsworth wrote: > > > Hey Bryan, > > I'll try to test it out soonish. Does it use the OS default keepalive > > settings? As linux's is like 2 hours whch is well over when most > > firewalls will kill off a session with no traffic. > > > > This is why i was thinking of it more as a confurable setting. Also > > that would allow people who maybe are on sketchy lab networks and would > > rather not have keepalives tearing down things, to be able seet them > > high or disable them. > > > > -denis > > > > On Thu, May 01, 2014 at 12:55:48PM -0700, Bryan Stansell wrote: > >> I think having keepalives between client and server has, basically, been an oversight. They are enabled (when possible) from server to console. I've attached a quick patch (based on 8.2.0) that compiles and passes "make test". But that's the extent of the effort on my side so far. I'd love to know if it solves your problem, as it'll go in 8.2.1. > >> > >> Bryan > >> > > > > > >> > >> > >> > >> On May 1, 2014, at 12:02 PM, Denis Hainsworth wrote: > >> > >>> On Thu, May 01, 2014 at 06:08:37AM -0500, Joe Greco wrote: > >>>>> hello, > >>>>> wanted to mention something that I think would be pretty simple to add, > >>>>> though its clearly a rare issue. > >>>>> > >>>>> in our case we have several datacenters connected by vpn links. like > >>>>> most vpns it watches for stale sessions and clears them to keep its > >>>>> state tables reasonably clean. what was happening was if you were > >>>>> working with the console tool on a device and lets say were waiting to > >>>>> see output or just leaving the connection open for later work you would > >>>>> often find the tcp connection between "console" and the remote > >>>>> conserver. this was only mildly annoying but since when do we not fix > >>>>> the mildly annoying :) > >>>>> > >>>>> I took the easy way out and am using libkeepalive to send keepalives on > >>>>> my console connections however it would be a nice to have to add a flag > >>>>> to console to be able to set the tcp_keepalives on the ssl connections > >>>>> it makes. > >>>> > >>>> Why don't you just enable keepalives globally? On FreeBSD for example > >>>> that's been net.inet.tcp.always_keepalive=1 for many years. > >>> > >>> Its certainly one option but folks dont always have access to the global > >>> options or your IT/sysadmin dept may not want to for valid/invalid > >>> reasons. I always like when I can enable such things on a per program > >>> basis. > >>> > >>> -denis > >>> _______________________________________________ > >>> users mailing list > >>> users@conserver.com > >>> https://www.conserver.com/mailman/listinfo/users > >> > > > >> _______________________________________________ > >> users mailing list > >> users@conserver.com > >> https://www.conserver.com/mailman/listinfo/users > > > > > > -- > > __________________________ > > Denis Alan Hainsworth > > denis@alumni.brandeis.edu > > > _______________________________________________ > users mailing list > users@conserver.com > https://www.conserver.com/mailman/listinfo/users -- __________________________ Denis Alan Hainsworth denis@alumni.brandeis.edu