TCP Keepalive HOWTO

Fabio Busatto

<[mailto:fabio.busatto@sikurezza.org fabio.busatto@sikurezza.org]>

2007-05-04

Revision History

Revision 1.0

2007-05-04

Revised by: FB

First release, reviewed by TM.

1. Introduction

1.2. Disclaimer

1.3. Credits / Contributors

1.4. Feedback

1.5. Translations

2. TCP keepalive overview

2.1. What is TCP keepalive?

2.2. Why use TCP keepalive?

* Checking for dead peers

* Preventing disconnection due to network inactivity

2.3. Checking for dead peers

    _______                                                   _______
    |     |                                                   |     |
    |  A  |                                                   |  B  |
    |_____|                                                   |_____|
       ^                                                         ^
       |-->--->--->-------------- SYN -------------->--->--->----|
       |--<---<---<------------ SYN/ACK ------------<---<---<----|
       |-->--->--->-------------- ACK -------------->--->--->----|
       |                                                         |
       |                                       system crash ---> X
       |
       |                                     system restart ---> ^
       |                                                         |
       |-->--->--->-------------- PSH -------------->--->--->----|
       |--<---<---<-------------- RST --------------<---<---<----|
       |                                                         |

2.4. Preventing disconnection due to network inactivity

    _______         _______                                   _______
    |     |         |     |                                   |     |
    |  A  |         | NAT |                                   |  B  |
    |_____|         |_____|                                   |_____|
       ^               ^                                         ^
       |-->--->--->------------- SYN ------------->--->--->------|
       |--<---<---<----------- SYN/ACK -----------<---<---<------|
       |-->--->--->------------- ACK ------------->--->--->------|
       |               |                                         |
       |               | <--- connection deleted from table      |
       |               |                                         |
       |-->- PSH ->----| <--- invalid connection                 |
       |               |                                         |

3. Using TCP keepalive under Linux

tcp_keepalive_time

tcp_keepalive_intvl

tcp_keepalive_probes

3.1. Configuring the kernel

* procfs interface * sysctl interface

3.1.1. The procfs interface

3.1.2. The sysctl interface

3.2. Making changes persistent to reboot

4. Programming applications

4.1. When your code needs keepalive support

4.2. The setsockopt function call

* TCP_KEEPCNT: overrides

* TCP_KEEPIDLE: overrides

* TCP_KEEPINTVL: overrides

4.3. Code examples

 /* --- begin of keepalive test program --- */

 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>

 int main(void);

 int main()
 {
    int s;
    int optval;
    socklen_t optlen = sizeof(optval);

    /* Create the socket */
    if((s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
       perror("socket()");
       exit(EXIT_FAILURE);
    }

    /* Check the status for the keepalive option */
    if(getsockopt(s, SOL_SOCKET, SO_KEEPALIVE, &optval, &optlen) < 0) {
       perror("getsockopt()");
       close(s);
       exit(EXIT_FAILURE);
    }
    printf("SO_KEEPALIVE is %s\n", (optval ? "ON" : "OFF"));

    /* Set the option active */
    optval = 1;
    optlen = sizeof(optval);
    if(setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, &optval, optlen) < 0) {
       perror("setsockopt()");
       close(s);
       exit(EXIT_FAILURE);
    }
    printf("SO_KEEPALIVE set on socket\n");

    /* Check the status again */
    if(getsockopt(s, SOL_SOCKET, SO_KEEPALIVE, &optval, &optlen) < 0) {
       perror("getsockopt()");
       close(s);
       exit(EXIT_FAILURE);
    }
    printf("SO_KEEPALIVE is %s\n", (optval ? "ON" : "OFF"));

    close(s);

    exit(EXIT_SUCCESS);
 }

 /* ---  end of keepalive test program  --- */

5. Adding support to third-party software

* source code modification of the original program * setsockopt (2) injection using the library preloading technique

5.1. Modifying source code

5.2. libkeepalive: library preloading

TCP_Keepalive_HOWTO (last edited 2008-11-02 17:08:28 by jdd)