|
Hello,
On Wed, 24 Jan 2001, mark doutre wrote:
> A far as the cluster is concerned, if I run lvs by hand (lvs -n) nanny
> reports that it gets no reponse from the server so the service is not made
> available. From looking at the source for nanny, nanny sends an ICMP ECHO
> REQUEST packet to the requested service port and expects a response. If it
> gets a response then the service is available. Thats fine but what happens
> for SSL services. Nanny does the ping to the port but nothing comes back as
> the port is only "talking" SSL.
Hm, how an ICMP packet can be sent to TCP port? Is this a
dirty ICMP trick? Also ICMP reply to ICMP request is not returned.
> My question is, if you send an ICMP packet to an SSL listener, should
> you
> get a response.? If you should then I'll go back to investigating futrher.
> However, if you do not then how can you monitor an SSL service?
SSL is on top of TCP. So, a connect() call to a normal or SSL-ed
TCP service will return the same result but ICMP is returned when a
ipchains firewall or other kernel component returns such response. The
TCP stack returns TCP RST packet by default.
> Thanks in advance.
>
> Mark Doutre
> Ibidlive-Systems Ltd
> Glenlister House
> 14-16 King Street, East Grinstead, West Sussex
> RH19 3DJ
> tel: 01342 311778
Regards
--
Julian Anastasov <ja@xxxxxx>
|
