[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Do you keep opening and closing connections to LDAP?



Hi,

The only sure way I find is to use a non-blocking read.

	Yves

========== cut here ==========
static flag IsSocketAvailable(const int fd)
	ssize_t	nbytes;
	char	c;

	assert(fd>=0);
	if (fd < 0){
		return FALSE;
	}
	set_fl(fd,O_NONBLOCK);
	nbytes = read(fd,&c,(size_t)1);
	if (nbytes==0){
		/* EOF */
		clr_fl(fd,O_NONBLOCK);
		return FALSE;
	}
	if (nbytes>0){
		/* Il y a des donnees: c'est anormal! */
		clr_fl(fd,O_NONBLOCK);
		return FALSE;
	}
	if (errno==EAGAIN
#if defined(EWOULDBLOCK) && EWOULDBLOCK!=EAGAIN
			|| errno==EWOULDBLOCK
#endif /* defined(EWOULDBLOCK) && EWOULDBLOCK!=EAGAIN */
					){
		/* No data was immediately available */
		clr_fl(fd,O_NONBLOCK);
		return TRUE;
	}
	if (errno==EPIPE
			/* EPIPE n'est retourne que par write() */
#ifdef ECONNRESET
			|| errno==ECONNRESET /* Connection reset by peer */
#endif /* ECONNRESET */
#ifdef ECONNABORT
			|| errno==ECONNABORT /* Software caused connection abort */
#endif /* ECONNABORT */
#ifdef ECONNREFUSED
			|| errno==ECONNREFUSED /* Connection refused */
#endif /* ECONNREFUSED */
#ifdef ETIMEDOUT
			|| errno==ETIMEDOUT /* Connection timed out */
#endif /* ETIMEDOUT */
			|| errno == EHOSTUNREACH /* No route to host */
		){
		clr_fl(fd,O_NONBLOCK);
		return FALSE;
	}
	if (errno==EINTR || errno==EIO || errno==EINVAL || errno==EBADF ||
errno==EFAULT || errno==EISDIR){
		err_ret("SYSTEM ERROR:IsSocketAvalaible:read failed on socket %d",fd);
		clr_fl(fd,O_NONBLOCK);
		return FALSE;
	}
	err_ret("IsSocketAvalaible:read failed on socket %d",fd);
	clr_fl(fd,O_NONBLOCK);
	return FALSE;
}
========== cut here ==========

> -----Message d'origine-----
> De : owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]De la part de Prune
> Envoye : mardi 4 decembre 2001 09:39
> A : Howard Chu
> Cc : tgagne@efinnet.com; openldap list
> Objet : Re: Do you keep opening and closing connections to LDAP?
>
>
> Hi,
>
> Howard Chu wrote:
>
> >I don't think what you're trying to do is wrong at all. I think your
> >firewall admin needs a little talking-to. Even if they want to
> enforce such
> >a timeout (sounds silly to me) the firewall ought to be sending
> a TCP FIN to
> >both sides to force the connection closed, not just dropping the packets.
> >
> sometimes it's not wanted... but many firewalls have session limits, and
> flush older connexions periodicaly... It's happening where I work... you
> can't have an ssh longer than 30 secs :/
> The biggest problem is you can't know if the opened socket is still
> valid or not. The only way seems to be sending some data and waiting for
> an answer, error or timeout... then, re-open the socket. I'm not a
> developper... but it's how it seems to be.
> Check your net admin. change your firewall or your admin. If you can't,
> find a new job where internet is taken seriously :)
>
> Cheers,
>
> Prune
>
> >
> >
> >  -- Howard Chu
> >  Chief Architect, Symas Corp.       Director, Highland Sun
> >  http://www.symas.com               http://highlandsun.com/hyc
> >  Symas: Premier OpenSource Development and Support
> >
> >>-----Original Message-----
> >>From: owner-openldap-software@OpenLDAP.org
> >>[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Thomas Gagne
> >>Sent: Monday, December 03, 2001 8:40 PM
> >>To: openldap list
> >>Subject: Do you keep opening and closing connections to LDAP?
> >>
> >>
> >>Or do you open one connection and keep reusing?
> >>
> >>My application is a server handling requests from hundreds of
> >>clients.  Each
> >>has their own username/password.  When my application starts up
> >>it connects to
> >>the LDAP server and rebinds to check username/passwords (when
> >>sessions with
> >>the server are created) and also queries the LDAP server to see
> >>of the user is
> >>permitted to do the thing they're requesting.
> >>
> >>What I discovered is some firewalls have a timeout for LDAP requests (20
> >>seconds on the one I'm working with).  If more than 20 seconds
> >>elapse between
> >>transactions my next LDAP connection hangs 'cause the firewall is
> >>*dropping*
> >>the packets.  I've used netstat and both the server box and the
> >>LDAP box and
> >>it shows both computer think there's a connection but the
> >>firewall has dropped
> >>it.
> >>
> >>So I'm thinking maybe what I'm doing is either non-idiomatic or wrong.
> >>
> >>Comments?
> >>
> >>--
> >>.tom
> >>
> >>
> >
>
>
>