linux tcp keepalive for http?

Is there a way to implement tcp keepalive packets for http sessions in
Linux/Apache? Ie. where a tcp packet is sent every 15 seconds or so?
This would be used to keep the session active if it is waiting on a
long database query to return a result.

Thanks
Mike

MDO <(E-Mail Removed)> wrote:
> Is there a way to implement tcp keepalive packets for http sessions
> in Linux/Apache? Ie. where a tcp packet is sent every 15 seconds or
> so? This would be used to keep the session active if it is waiting
> on a long database query to return a result.

Well, one side or the other could always make the
setsockopt(SO_KEEPALIVE) call and have "keepalives" at the TCP level.
There would be the mater of getting the frequency set. That would
_not_ be visible to the HTTP software itself - that is it would not
see that traffic, just TCP, so if there is some timeout in say the
HTTP client, _that_ is what you really need to address.

In and of itself though, the TCP connection would be perfectly content
with hours and hours of idle time.

rick jones
--
a wide gulf separates "what if" from "if only"
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to raj in cup.hp.com but NOT BOTH...

Rick Jones wrote:
> MDO <(E-Mail Removed)> wrote:
>
>>Is there a way to implement tcp keepalive packets for http sessions
>>in Linux/Apache? Ie. where a tcp packet is sent every 15 seconds or
>>so? This would be used to keep the session active if it is waiting
>>on a long database query to return a result.
>
> Well, one side or the other could always make the
> setsockopt(SO_KEEPALIVE) call and have "keepalives" at the TCP level.
> There would be the mater of getting the frequency set. That would
> _not_ be visible to the HTTP software itself - that is it would not
> see that traffic, just TCP, so if there is some timeout in say the
> HTTP client, _that_ is what you really need to address.
>
> In and of itself though, the TCP connection would be perfectly content
> with hours and hours of idle time.

A sane firewall wouldn't be content to maintain state on a connection
idle that long, though. OTOH, a sane firewall admin wouldn't be content
with the use of keepalives used to fool his firewall.

Allen Kistler <(E-Mail Removed)> wrote:
> A sane firewall wouldn't be content to maintain state on a
> connection idle that long, though. OTOH, a sane firewall admin
> wouldn't be content with the use of keepalives used to fool his
> firewall.

I like that, the juxtaposition of sane and firewall I can see where
a firewall (sane or otherwise could detect TCP keepalives, but I
wonder if it could detect application-level keepalives with decent
certainty.

What is the perceived risk of allowing an idle connection for long
periods of time? DOS against the firewall itself or is there more to
it?

rick jones
--
a wide gulf separates "what if" from "if only"
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to raj in cup.hp.com but NOT BOTH...

Rick Jones wrote:
> Allen Kistler <(E-Mail Removed)> wrote:
>
>>A sane firewall wouldn't be content to maintain state on a
>>connection idle that long, though. OTOH, a sane firewall admin
>>wouldn't be content with the use of keepalives used to fool his
>>firewall.
>
>
> I like that, the juxtaposition of sane and firewall I can see where
> a firewall (sane or otherwise could detect TCP keepalives, but I
> wonder if it could detect application-level keepalives with decent
> certainty.
>
> What is the perceived risk of allowing an idle connection for long
> periods of time? DOS against the firewall itself or is there more to
> it?

TCP hijacking.

I have not researched this lately, someone can correct me on this, but it
seems to me the cgi data passed by the browser shows as keep alive is
implimented by the browser software. The browser itself sets the socket
option for keep alive when it opens the socket connection.

"MDO" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) m...
> Is there a way to implement tcp keepalive packets for http sessions in
> Linux/Apache? Ie. where a tcp packet is sent every 15 seconds or so?
> This would be used to keep the session active if it is waiting on a
> long database query to return a result.
>
> Thanks
> Mike

Allen Kistler <(E-Mail Removed)> wrote:
> TCP hijacking.

Because? More chances to guess before the window moves?

rick jones
--
a wide gulf separates "what if" from "if only"
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to raj in cup.hp.com but NOT BOTH...

Rick Jones wrote:
> Allen Kistler <(E-Mail Removed)> wrote:
>
>>TCP hijacking.
>
>
> Because? More chances to guess before the window moves?

Yup.