HPE Community
Operating System - OpenVMS
1752805 Members
5519 Online
108789 Solutions
New Discussion юеВ

Re: HP SSL & SO_KEEPALIVE + TCPWare-TCP

 
SOLVED
Go to solution
Ruslan R. Laishev
Super Advisor

тАО11-07-2008 01:11 AM

тАО11-07-2008 01:11 AM

HP SSL & SO_KEEPALIVE + TCPWare-TCP

Hi All!

I have a some application wich use HP SSL API, it
1) accept an incomming TCP connection witj $QIO
2) Use SSL_set_fd(,decc$socket_fd (chan))
SSL_accept(...)
3) set setsockopt(decc$socket_fd (chan),SOL_SOCKET,SO_KEEPALIVE,&chan,sizeof(chan));

So, a KEEP Alive checking is expecting for the TCP connection. But I do not see zero-length packets for the connection.


Is the SSL disable SO_KEEPALIVE actualy, or something else ?
0 Kudos
17 REPLIES 17
Richard Whalen
Honored Contributor

тАО11-07-2008 03:15 AM

тАО11-07-2008 03:15 AM

Solution

Re: HP SSL & SO_KEEPALIVE + TCPWare-TCP

Ruslan,

If you are using TCPware 5.7 or 5.8 (as the title says), then the following will help you determine if the socket has keepalive turned on or not.
$ define tw$sda tcpware:tcpware$sda
$ ana/sys
sda> tw show connections
!find the appropriate connection in the list
sda> tw show socket
If keepalive is set you will see it listed in the options.

I've done some programming using the SSL library, but have not been concerned whether or not keepalive was set. It's possible that SSL is transferring information frequently enough that there is no need for keepalive packets.
0 Kudos
Ruslan R. Laishev
Super Advisor

тАО11-07-2008 03:34 AM

тАО11-07-2008 03:34 AM

Re: HP SSL & SO_KEEPALIVE + TCPWare-TCP

Him Richard!

Thanks, I'll try to get some more information...


0 Kudos
Ruslan R. Laishev
Super Advisor

тАО11-07-2008 03:41 AM

тАО11-07-2008 03:41 AM

Re: HP SSL & SO_KEEPALIVE + TCPWare-TCP

SDA> tw sho sock 906ACAC0
scb at 906ACAC0 BG8623 lia 172.16.0.45 fia 172.16.0.4 lpn 995 fpn 11490
options REUSEADDR KEEPALIVE
state SOCKET CONNECTED PRIV tcp flags IDLE WSCALE tcp state ESTABLISHED cdb 88E2A100
Receive Queue 90826700 90826700, byte count 0
Transmit Queue 906ACB4C 906ACB4C, byte count 0
Transmit data buffer 00000000, Byte count 0
Hash table entry 88E2AC88, Hash Link 00000000
Allocated RTE address 88E273C0 Send Unack 2190122137, Send Max 2190122137 Send next 2190122137 Send High water 32676
send window size 4096, maximum 4096 congestion window 4380
offered receive window size 61440
probe idle 15 Drop idle 60
maximum segment size 1460, original MSS 1460, MTU 8134

SDA>

$ netcu debug /tcp /lpn=995 /ria=dtv4
DTV5::LAISHEV 14:38:32 NETCU CPU=00:02:41.96 PF=15746 IO=138792 MEM=314
DTV5::LAISHEV 14:38:53 NETCU CPU=00:02:41.96 PF=15748 IO=138793 MEM=316

Hmmm... It looks like that KeepAlive is set socket but there is not any zero-length packets...



$ netcu debug /tcp /lpn=995 /ria=dtv4
DTV5::LAISHEV 14:38:32 NETCU CPU=00:02:41.96 PF=15746 IO=138792 MEM=314
DTV5::LAISHEV 14:38:53 NETCU CPU=00:02:41.96 PF=15748 IO=138793 MEM=316
DTV5::LAISHEV 14:39:53 NETCU CPU=00:02:41.96 PF=15748 IO=138794 MEM=316
DTV5::LAISHEV 14:39:53 NETCU CPU=00:02:41.96 PF=15748 IO=138795 MEM=316
0 Kudos
Richard Whalen
Honored Contributor

тАО11-07-2008 07:46 AM

тАО11-07-2008 07:46 AM

Re: HP SSL & SO_KEEPALIVE + TCPWare-TCP

Ruslan,

Unfortunately the SDA callouts don't show the actual information used in figuring out when to send a keepalive packet. The default value for when to send a keepalive packet would be the drop idle time * 5 seconds, so you have to wait at least 5 minutes to see if a keepalive is sent.
0 Kudos
Ruslan R. Laishev
Super Advisor

тАО11-08-2008 12:55 AM

тАО11-08-2008 12:55 AM

Re: HP SSL & SO_KEEPALIVE + TCPWare-TCP

Hi, Richard!

I spend 10+ minutes in hope that will catch keepalive checking.


$ netcu sho conn /loc=*.995
TCPware(R) for OpenVMS Active Internet Connections (including servers ) :

ID RecvQ SendQ Local Address Foreign Address State
-- ----- ----- ------------- --------------- -----
BG50578 0 0 172.16.0.8.pop3s 83.149.3.47.5518 ESTABLISHED
BG0 171 0 172.16.0.8.pop3s 172.16.1.24.20735 CLOSE-WAIT
BG0 96 0 172.16.0.8.pop3s 89.223.96.210.12175 CLOSE-WAIT
BG0 102 0 172.16.0.8.pop3s 172.16.1.9.4001 CLOSE-WAIT
BG0 78 0 172.16.0.8.pop3s 172.16.1.9.4007 CLOSE-WAIT
BG0 96 0 172.16.0.8.pop3s 83.149.3.86.53202 CLOSE-WAIT
BG44749 0 0 *.pop3s *.* LISTEN


$ netcu debug /tcp /ria=83.149.3.47 /rpn=5518
DTV1::SSHD 0843A PTD 11:35:03 NETCU CPU=00:00:00.18 PF=608 IO=610 MEM=296
New mail on node DTV5 from MX%"jcagey@mail2doctor.com" "=?koi8-r?B?7NXexdrB0iDlxtLFzQ==?=" (11:35:49)
DTV1::SSHD 0843A PTD 11:36:34 NETCU CPU=00:00:00.18 PF=608 IO=611 MEM=296
DTV1::SSHD 0843A PTD 11:38:46 NETCU CPU=00:00:00.18 PF=608 IO=612 MEM=296
DTV1::SSHD 0843A PTD 11:40:15 NETCU CPU=00:00:00.18 PF=608 IO=613 MEM=296
DTV1::SSHD 0843A PTD 11:40:15 NETCU CPU=00:00:00.18 PF=608 IO=614 MEM=296
DTV1::SSHD 0843A PTD 11:41:25 NETCU CPU=00:00:00.18 PF=608 IO=615 MEM=296
DTV1::SSHD 0843A PTD 11:42:59 NETCU CPU=00:00:00.18 PF=608 IO=616 MEM=296
DTV1::SSHD 0843A PTD 11:42:59 NETCU CPU=00:00:00.18 PF=608 IO=617 MEM=296
DTV1::SSHD 0843A PTD 11:45:31 NETCU CPU=00:00:00.18 PF=608 IO=618 MEM=296
DTV1::SSHD 0843A PTD 11:47:13 NETCU CPU=00:00:00.18 PF=608 IO=619 MEM=296
DTV1::SSHD 0843A PTD 11:47:41 NETCU CPU=00:00:00.18 PF=608 IO=620 MEM=296
Cancel

$ netcu sho conn /loc=*.995
TCPware(R) for OpenVMS Active Internet Connections (including servers ) :

ID RecvQ SendQ Local Address Foreign Address State
-- ----- ----- ------------- --------------- -----
BG50578 0 0 172.16.0.8.pop3s 83.149.3.47.5518 ESTABLISHED
BG0 171 0 172.16.0.8.pop3s 172.16.1.24.20735 CLOSE-WAIT
BG0 96 0 172.16.0.8.pop3s 89.223.96.210.12175 CLOSE-WAIT
BG0 102 0 172.16.0.8.pop3s 172.16.1.9.4001 CLOSE-WAIT
BG0 78 0 172.16.0.8.pop3s 172.16.1.9.4007 CLOSE-WAIT
BG0 96 0 172.16.0.8.pop3s 83.149.3.86.53202 CLOSE-WAIT
BG44749 0 0 *.pop3s *.* LISTEN
$


SDA> tw sho sock 8A8BDDC0
scb at 8A8BDDC0 BG50578 lia 172.16.0.8 fia 83.149.3.47 lpn 995 fpn 5518
options REUSEADDR KEEPALIVE
state SOCKET CONNECTED PRIV tcp flags IDLE WSCALE tcp state ESTABLISHED cdb 89A9E000
Receive Queue 89C783C0 89C783C0, byte count 0
Transmit Queue 8A8BDE4C 8A8BDE4C, byte count 0
Transmit data buffer 00000000, Byte count 0
Hash table entry 89A9E47C, Hash Link 00000000
Allocated RTE address 89849C80 Send Unack 1063292057, Send Max 1063292057 Send next 1063292057 Send High water 32676
send window size 66240, maximum 66240 congestion window 4140
offered receive window size 61440
probe idle 15 Drop idle 60
maximum segment size 1380, original MSS 1380, MTU 1460

SDA>
DTV1::SSHD 0843A PTD 11:52:37 (DCL) CPU=00:00:00.30 PF=972 IO=960 MEM=165
$ netcu sho conn /loc=*.995
TCPware(R) for OpenVMS Active Internet Connections (including servers):

ID RecvQ SendQ Local Address Foreign Address State
-- ----- ----- ------------- --------------- -----
BG50578 0 0 172.16.0.8.pop3s 83.149.3.47.5518 ESTABLISHED
BG0 171 0 172.16.0.8.pop3s 172.16.1.24.20735 CLOSE-WAIT
BG0 96 0 172.16.0.8.pop3s 89.223.96.210.12175 CLOSE-WAIT
BG0 102 0 172.16.0.8.pop3s 172.16.1.9.4001 CLOSE-WAIT
BG0 78 0 172.16.0.8.pop3s 172.16.1.9.4007 CLOSE-WAIT
BG0 96 0 172.16.0.8.pop3s 83.149.3.86.53202 CLOSE-WAIT
BG44749 0 0 *.pop3s *.* LISTEN
$
0 Kudos
Richard Whalen
Honored Contributor

тАО11-10-2008 08:32 AM

тАО11-10-2008 08:32 AM

Re: HP SSL & SO_KEEPALIVE + TCPWare-TCP

Works fine for me using a modified version of the SSL sample programs with the following line added after the connect() call
err = setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on));
0 Kudos
Ruslan R. Laishev
Super Advisor

тАО11-10-2008 09:35 AM

тАО11-10-2008 09:35 AM

Re: HP SSL & SO_KEEPALIVE + TCPWare-TCP

Richard,
see my first post. A TCP-connection is accepted by using $QIO. SSL stuff want "unix socket handle", to get it decc$socket_fd() is used.
0 Kudos
Richard Whalen
Honored Contributor

тАО11-10-2008 11:27 AM

тАО11-10-2008 11:27 AM

Re: HP SSL & SO_KEEPALIVE + TCPWare-TCP

For the server it works if the setsocketopt is done on the listening socket before the accept, but not on the socket created as a result of the accept.
0 Kudos
Ruslan R. Laishev
Super Advisor

тАО11-10-2008 11:51 PM

тАО11-10-2008 11:51 PM

Re: HP SSL & SO_KEEPALIVE + TCPWare-TCP

Richard,
pay attention that $QUI has been used. A test prog to reproduce the problem:
http://starlet.deltatel.ru/~laishev/work/pop3/zzs.c
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.