LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Nmap 5.00 released

Nmap 5.00 released

Posted Jul 17, 2009 8:26 UTC (Fri) by tialaramex (subscriber, #21167)
In reply to: Nmap 5.00 released by foom
Parent article: Nmap 5.00 released

On the SO_KEEPALIVE issue, some of us don't have broken networks, and the constant pressure to give in and put every node on the Internet the other side of two layers of amateur hour NAT and have it only ever sort-of work with HTTP and nothing else is exactly the sort of thing that gives us a headache.

One of the things we should have learned from the "browser wars" era web experience is that meekly going along with whatever craziness is currently dominant doesn't get you progress, just more pain. The standard says your TCP connection doesn't need keep alive packets, so there's no reason to send them by default.

More practically, if I have a quiescent connection, and I pull the rug out from under it, then put the rug back before using it, I expect it not to notice. With SO_KEEPALIVE the OS will notice and drop the connection. So forcing SO_KEEPALIVE throws away a feature I use. No thanks.

(Log in to post comments)

Nmap 5.00 released

Posted Jul 17, 2009 9:08 UTC (Fri) by tzafrir (subscriber, #11501) [Link]

netcat and similar tools are one of those things that should also be usable on broken networks, if possible.

Nmap 5.00 released

Posted Jul 21, 2009 9:49 UTC (Tue) by tialaramex (subscriber, #21167) [Link]

and so netcat has a flag to set this socket option. I'm happy with that. What I was reacting adversely to was the suggestion that keepalive should be the default.

Nmap 5.00 released

Posted Jul 17, 2009 15:05 UTC (Fri) by foom (subscriber, #14868) [Link]

I dearly wish the majority of NAT gateways and firewalls out there didn't drop TCP connections after 10 minutes of inactivity. But they do. It sucks, yes. But that's what's out there...

My home NAT (linksys) did this. (until I replaced it with a linux box). And a non-natting firewall (Cisco, I think) at my workplace does this between certain internal networks!

I'm sure glad you have a non-broken network, but a great many people don't.

Nmap 5.00 released

Posted Jul 17, 2009 17:30 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

if firewalls (including NAT devices) didn't drop info about the connection after some period of inactivity you would have the equivalent of a memory leak because a system crash or reboot would leave the device 'tracking' a connection that the endpoint no longer knows about, and will never close.

routers and firewalls don't have infinite resources, so if you never timeout 'idle' connections you will eventually crash instead and take out everything

Nmap 5.00 released

Posted Jul 19, 2009 9:21 UTC (Sun) by dankamongmen (subscriber, #35141) [Link]

bounded LRU, buddy

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds