RE: TCP keepalive seems to send to only one port

From: David Schwartz (
Date: Mon Dec 25 2000 - 19:59:05 EST

Cesar Barros wrote:

> On Mon, Dec 25, 2000 at 04:33:07PM -0800, David Schwartz wrote:
> > If the administrator of the NAT meant for you to have a
> > permanent mapping,
> > she would have put one there. Using keepalives to hold a NAT entry open
> > indefinitely without activity would be considered abuse in most NAT
> > configurations. The NAT might not consider a keepalive to be
> > activity anyway
> > (arguably, it shouldn't).

> Well, consider the scenario of an application which opens a
> control connection
> and a data connection, and the data connection remains idle for some hours
> while you get to the beginning of the queue, and then the
> transfer starts. The
> data connection is not open forever, and the timeout (and the
> periodic pings)
> is on the control connection.

        I would consider that application broken. The data connection should be
opened when it's needed, not left idle for hours and used later. If the data
connection does break somehow, there should be a provision for
re-establishing it without losing all application-level state.

        I'm not saying it shouldn't be possible to work around a defective
application protocol. But to expect there to be some easy way to just flip a
switch and fix it is unreasonable.

        The NAT may not even consider a keepalive to be activity. There's no
logical reason it should if the timeout is less than many hours.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at

This archive was generated by hypermail 2b29 : Sun Dec 31 2000 - 21:00:08 EST