Re: configurable keepalive setting through libldap?
Am Mittwoch 06 Mai 2009 11:27:29 schrieb Howard Chu:
Ralf Haferkamp wrote:
> Am Dienstag 05 Mai 2009 22:48:10 schrieb Howard Chu:
> Something like proposed in ITS#5133? It seems that it was rejected with a
> reference to the enablement of SO_KEEPALIVE, though. Should we revisit
> that?
Seems like it, yes.
Btw, you mentioned that sending Abandon 0 will be sufficient as
a no-op. How's
that going to work?
[..]
> I havn't had a good idea yet how to easily fix this case,
apart from
> leveraging TCP keepalives.
>
> (According to the docs, SSL_read() would return SSL_ERROR_WANT_READ when
> the underlying BIO is non-blocking. But we're using blocking IO. I am
> unsure how much effort it would be to port that to non-blocking. I'd
> think it's a non- trivial task ;)).
I don't think there's any particular dependencies left in our code in this
regard; ber_get_next() can be called as many times as necessary to retrieve
a complete message. All of our input is triggered by select/poll/etc.
What's less clear is how well OpenSSL actually behaves with non-blocking
sockets; there are a lot of bug reports on that as I recall. You interested
in testing that?
Apart from the usual time-constraints, I am not too keen on that.
;)
I guess, in the absence of a better solution, go ahead with what
you've
already worked up. We'll just have to document somewhere (Admin Guide I
suppose) that a system's TCP keepalive setting may need to be adjusted if
not on Linux...
I just submitted the libldap part, will see how/if I can work out
the syncrepl
part later. I need to finish some other stuff first.
--
regards,
Ralf