[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: configurable keepalive setting through libldap?

To: Ralf Haferkamp <rhafer@suse.de>
Subject: Re: configurable keepalive setting through libldap?
From: Howard Chu <hyc@symas.com>
Date: Wed, 06 May 2009 02:27:29 -0700
Cc: openldap-devel@openldap.org
In-reply-to: <200905061105.05964.rhafer@suse.de>
References: <200904301645.49071.rhafer@suse.de> <200905051739.06317.rhafer@suse.de> <4A00A60A.8020509@symas.com> <200905061105.05964.rhafer@suse.de>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1b5pre) Gecko/20090425 SeaMonkey/2.0a1pre Firefox/3.0.3

Ralf Haferkamp wrote:

Am Dienstag 05 Mai 2009 22:48:10 schrieb Howard Chu:
Something like proposed in ITS#5133? It seems that it was rejected with a
reference to the enablement of SO_KEEPALIVE, though. Should we revisit that?


Seems like it, yes.

My problem was not so much with syncrepl though, I had nss_ldap making me
trouble.

While it's not as general purpose as setting a
keepalive in the socket layer, I think we only need to worry about the
syncrepl client. back-ldap/meta already have their own retry mechanisms,
they can take care of themselves.

There seems to be a problem with many retry mechanisms when it comes to the
scenario I described in my orignial post. On a TLS protected connection
SSL_read (called from ldap_result) might trigger multiple read() calls. As
there are no select/poll calls inbetween them, one of those read()s might
block forever (until TCP keepalive kicks in) in case the server is not
answering anymore and didn't close the connection correctly (power failure,
...)
I havn't had a good idea yet how to easily fix this case, apart from
leveraging TCP keepalives.

(According to the docs, SSL_read() would return SSL_ERROR_WANT_READ when the
underlying BIO is non-blocking. But we're using blocking IO. I am unsure how
much effort it would be to port that to non-blocking. I'd think it's a non-
trivial task ;)).

I don't think there's any particular dependencies left in our code in thisregard; ber_get_next() can be called as many times as necessary to retrieve acomplete message. All of our input is triggered by select/poll/etc. What'sless clear is how well OpenSSL actually behaves with non-blocking sockets;there are a lot of bug reports on that as I recall. You interested in testingthat?

I guess, in the absence of a better solution, go ahead with what you'vealready worked up. We'll just have to document somewhere (Admin Guide Isuppose) that a system's TCP keepalive setting may need to be adjusted if noton Linux...

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: configurable keepalive setting through libldap?
  - From: Ralf Haferkamp <rhafer@suse.de>

References:
- Re: configurable keepalive setting through libldap?
  - From: Ralf Haferkamp <rhafer@suse.de>
- Re: configurable keepalive setting through libldap?
  - From: Howard Chu <hyc@symas.com>
- Re: configurable keepalive setting through libldap?
  - From: Ralf Haferkamp <rhafer@suse.de>

Prev by Date: Re: configurable keepalive setting through libldap?
Next by Date: Re: configurable keepalive setting through libldap?
Index(es):
- Chronological
- Thread