[PATCH] Add a Maximum Idle Time (1.2.2)

Jacob Luna Lundberg jacob at velius.chaos2.org
Sun Mar 5 19:55:01 EST 2000

> I would first rather get to the bottom of figuring out why keepalives
> aren't working. 

     Ok.  I've played around some and now understand keepalives a bit
better.  So that 7200 setting would be two hours, which is rather long.
And in fact it turns out that setting it to 300 solves the problem for me.
But it is of note that 7200 is the _default_ value.  And also I'm still
not sure why a setting of 7200 (both server and client) would break
things.  (Also finally I see some keepalive packets going by so now I
understand much better what they are.)

> /proc/sys/net/ipv4/tcp_keepalive_time set to less than the masquerading timeouts?

     The question remains here: what if you can't get your sysadmin to go
tweaking with the kernel default keepalive of 7200 seconds?  Do we just
say to such a person, "too bad!" or do we let them send packets on their
own to keep the connection alive?

     Unless I misunderstand, keepalive default is set here:
/usr/src/linux/include/net/tcp.h line 264 (Linux 2.2.14)
#define TCP_KEEPALIVE_TIME (120*60*HZ)		/* two hours */

     I know it could be contrued as bloat, which is why my patch didn't
include a commandline option.  I think the option itself is useful for the
purpose of empowering the user (in a non-security threatening way ;).



"Heh.  You mean this is Stef's source code?"
  -User Friendly

More information about the openssh-unix-dev mailing list