[JDEV] Keep-Alives

Thomas Muldowney temas at box5.net
Mon Jul 1 12:31:08 CDT 2002 

Well the main point of the section is that it is a way to implement a
true heartbeat that is mostly transparent.  KEEPALIVE is designed so
that it is only sent after some amout of idleness.  That is potentially
ok, but you can't use that to better guarantee to no data loss.  A true
heartbeat could be used to partially regulate the sending of data.

Regarding the NIDS/Firewalls.  We're designing a protocol so they can
learn about this, and admins that are installing a server can add rules
for this.  They have to work with us, not against us, otherwise they are
useless.

--temas


On Mon, 2002-07-01 at 11:46, Matthias Wimmer wrote:
> Hi Thomas!
> 
> Thomas Muldowney wrote:
> 
> >I believe the problems I found when playing with this were the large
> >timeout and you lose the data you've pushed into the buffer.  Basically
> >you have to be idle before it kicks in.  The data loss is the more
> >important case so we need a smaller spacing in the tests.
> >
> The timeouts just default to a very long time. They can be configured 
> with the sysctl interface (tcp_keepalive_probes and tcp_keepalive_time). 
> At Linux you can also change the timeout by accessing the proc 
> filesystem (/proc/sys/net/ipv4/tcp_keepalive_*).
> 
> >If you have
> >the Stevens book take a look at section 21.5.  It has a pretty nifty
> >client-server heartbeat example.  It uses the TCP OOB data (sometimes
> >called urgent) to send heartbeats to one another.  This could be used at
> >regular intervals to ensure minimal data loss.  The problem is that a
> >lot of the higher level socket implementations (Java pre 1.4 included)
> >don't support OOB data well.  At least not that I've figured out.  If we
> >could guarantee that most languages could use this, then I would support
> >it.
> >
> Yeah I know. Even with Java there was a discussion if it should be 
> implemented or not. But I think the bigger problem with OOB is that 
> there was a big bug in windows. Older versions of Windows (pre Windows 
> NT sp 4 I think) can be kicked by sending them OOB data. This has been 
> fixed by Microsoft, but I expect that many unfixed Win95/98 are still 
> out and we would kick our user's systems if the server starts sending OOB.
> As far as I know OOB is also tracked by some intrusion detection systems 
> and they will kick your connection if you use it with a protocol that is 
> not known to use OOB (and I don't think Jabber is known by them). This 
> would make it harder for our service to be used behind corporate firewalls.
> 
> 
> Tot kijk
>    Matthias
> 
> -- 
> Fon: +49-700 77007770		http://matthias-wimmer.de/
> Fax: +49-89 312 88654		jabber://mawis@charente.de
> 
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev

More information about the JDev mailing list