In message <4201370D.7020008@cql.com>, Seth Kurtzberg writes:
>Gert Doering wrote:

>>
>>TCP keepalives are usually sent once per hour or so (did some googling:
>>default on most unixes seems to be 2 hours), which is enough to clean 
>>up "dead" TCP connections, but usually not enough to keep open over-eager 
>>NAT routers.
>>  
The two hour figure is from Section 4.2.3.6 of RFC 1122.
>>
>That's just a default.  Usually you can override the default with a 
>setsockopt call, or an ioctl call, depending on the O/S.

It's a sysctl on NetBSD>
>
>However, I've found in many cases that TCP keepalive is simply broken 
>(not  in NetBSD, but broken anywhere along the path is broken for the 
>entire path).

Hmm -- details?  I'm surprised that anything else notices.
>
>>(This is the reason why, for example, OpenSSH contains a protocol-level
>>keepalive mechanism, which sends packets much more frequently).

Not a bad idea, though from what I can see it's solely a server option;
there's no way a client -- say, one behind a @#$%^ NAT box -- can 
generate such messages (at least not that I see from a quick glance at 
the code).

		--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb