Reply To: firewall problems and workarounds –

To test socket open with keepalive, I modified hcitcptest to open a socket to the remote system (going thru at least 2 firewalls) with SO_KEEPALIVE,

sent a message and received and ack – waited 68 minutes with no messages being sent, sent another message and received the ack.

None of the firewalls timed out the connection.

I am currently testing the same connection without the SO_KEEPALIVE and

expect the system keepalive that will be sent in 2 hours to fail to go thru the firewall and start the notcpack sequences to start and error the socket to determine how long that takes.

For anyone who would like to try the same and report on your findings,

make a copy of hcictptest to tcptestkeepalive, and add the line (a single line)

setsockopt(NS,&SOL_SOCKET,&SO_KEEPALIVE,undef) || warn “setsockopt: $!”;

where shown below.

start it connecting to your remote as cloverleaf would do

for example

     tcptestkeepalive -h 192.168.4.4 -p 8075 -t mlp

and send a message like MSH||||||

leave your test program running.

It should be acked OK or rejected unless the system you connected is brain dead ( which some are)

Wait at least one hour and then some and send the message again

If it is working you will receive the same ack  message other wise nothing.

#######################################

# init_client – initialize and connect

#               to host as client

sub init_client {

   $them = $opt_h;

   $iaddr = inet_aton($remote);

   $paddr = sockaddr_in($port, $iaddr);

   $proto = getprotobyname(‘tcp’);

   socket(SOCKET, AF_INET, SOCK_STREAM, $proto) || die “socket error: $!”;

# use keepalive

setsockopt(NS,&SOL_SOCKET,&SO_KEEPALIVE,undef) || warn “setsockopt: $!”;

   print STDOUT “connecting…nn”;

   if (connect(SOCKET,$paddr)) {

        print STDOUT “Connected to host: $them, port: $portnn”;

   } else {

        die “socket error: $!”;

   }

}