<div dir="ltr">Uri,<div><br></div><div>The main and display channels have no problem because they have ping logic in them. However, other channels such as input and playback channels don't have it, so they become stuck if idle time is longer than firewall timeout.</div><div><br></div><div>Adding keepalive timeout is a workaround and a quick fix for this, and I think we need ping logic and your patch for all of the channels in the long run.</div><div><br></div><div><br></div><div>David, Frediano, and Christophoe,<br></div><div><br></div><div>Thank you for the comments. As you suggested, I'll modify the patch and resubmit it.</div><div><br></div><div><br></div><div>Sunny</div><div> </div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-11-29 18:56 GMT+09:00 Uri Lublin <span dir="ltr"><<a href="mailto:uril@redhat.com" target="_blank">uril@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 11/27/2015 07:45 AM, Sunny Shin wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Hi,<br>
<br>
With firewall running between spice server and client, if idle time is<br>
larger than firewall session timeout, spice sessions freeze and users<br>
lose their keyboard and mouse control.<br>
</blockquote>
<br></span>
Hi,<br>
<br>
The server already monitors client connectivity.<br>
<br>
git log -2  ed1f70c6d16ff55adf73a08f063f5d7955f4c488<br>
<br>
Can you try setting CLIENT_CONNECTIVITY_TIMEOUT to a lower value ?<br>
(BTW, 1800 seconds is exactly 30 minutes)<br>
<br>
Regards,<br>
    Uri.<br>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
<br>
To workaround this issue, I made a patch to add tcp keepalive timeout to<br>
spice server. The timeout can be added to qemu config like below.<br>
     <domain type='kvm'<br>
xmlns:qemu='<a href="http://libvirt.org/schemas/domain/qemu/1.0" rel="noreferrer" target="_blank">http://libvirt.org/schemas/domain/qemu/1.0</a>'><br>
       <qemu:commandline><br>
         <qemu:env name='SPICE_KEEPALIVE_TIMEOUT' value='1800'/><br>
       </qemu:commandline><br>
<br>
I wanted to add this option to spice client, but there was no<br>
setsockopt() option of TCP_KEEPIDLE for windows platform, So, I ended up<br>
adding it to spice server. Please review the patch and let me know what<br>
you think. Thank you.<br>
<br>
---------------------------------------------------------------------------------------------------<br>
[PATCH 1/1] channel: add optional tcp keepalive timeout to channels<br>
<br>
Signed-off-by: Sunny Shin <<a href="mailto:sunny4s.git@gmail.com" target="_blank">sunny4s.git@gmail.com</a><br></span>
<mailto:<a href="mailto:sunny4s.git@gmail.com" target="_blank">sunny4s.git@gmail.com</a>>><div><div class="h5"><br>
---<br>
  server/reds.c | 28 ++++++++++++++++++++++++++++<br>
  1 file changed, 28 insertions(+)<br>
<br>
diff --git a/server/reds.c b/server/reds.c<br>
index 8b3c3cb..05d0b1d 100644<br>
--- a/server/reds.c<br>
+++ b/server/reds.c<br>
@@ -2254,6 +2254,9 @@ static RedLinkInfo<br>
*reds_init_client_connection(int socket)<br>
      RedLinkInfo *link;<br>
      int delay_val = 1;<br>
      int flags;<br>
+    char *keepalive_timeout_str;<br>
+    int keepalive_timeout;<br>
+    int keepalive = 1;<br>
<br>
      if ((flags = fcntl(socket, F_GETFL)) == -1) {<br>
          spice_warning("accept failed, %s", strerror(errno));<br>
@@ -2271,6 +2274,31 @@ static RedLinkInfo<br>
*reds_init_client_connection(int socket)<br>
          }<br>
      }<br>
<br>
+    keepalive_timeout_str = getenv("SPICE_KEEPALIVE_TIMEOUT");<br>
+    if (keepalive_timeout_str != NULL) {<br>
+        errno = 0;<br>
+        keepalive_timeout = strtol(keepalive_timeout_str, NULL, 10);<br>
+        if (errno != 0) {<br>
+            spice_warning("error parsing SPICE_KEEPALIVE_TIMEOUT: %s",<br>
strerror(errno));<br>
+            goto error;<br>
+        }<br>
+<br>
+        spice_debug("keepalive timeout %ds", keepalive_timeout);<br>
+        if (setsockopt(socket, SOL_SOCKET, SO_KEEPALIVE, &keepalive,<br>
sizeof(keepalive)) == -1) {<br>
+            if (errno != ENOTSUP) {<br>
+                spice_printerr("setsockopt for keepalive failed, %s",<br>
strerror(errno));<br>
+                goto error;<br>
+            }<br>
+        }<br>
+        if (setsockopt(socket, SOL_TCP, TCP_KEEPIDLE,<br>
+                       &keepalive_timeout, sizeof(keepalive_timeout))<br>
== -1) {<br>
+            if (errno != ENOTSUP) {<br>
+                spice_printerr("setsockopt for keepalive timeout<br>
failed, %s", strerror(errno));<br>
+                goto error;<br>
+            }<br>
+        }<br>
+    }<br>
+<br>
      link = spice_new0(RedLinkInfo, 1);<br>
      link->stream = reds_stream_new(socket);<br>
<br>
--<br>
1.8.3.1<br>
<br>
<br>
<br>
<br></div></div><span class="">
_______________________________________________<br>
Spice-devel mailing list<br>
<a href="mailto:Spice-devel@lists.freedesktop.org" target="_blank">Spice-devel@lists.freedesktop.org</a><br>
<a href="http://lists.freedesktop.org/mailman/listinfo/spice-devel" rel="noreferrer" target="_blank">http://lists.freedesktop.org/mailman/listinfo/spice-devel</a><br>
<br>
</span></blockquote>
<br>
</blockquote></div><br></div>