If a connected host disappears without our knowledge, as can happen over
wireless or a hibernating machine, we continue to hold the port open waiting
for messages. Because we never try to send anything down this now-broken
pipe, the connection will sit idle taking up a slot in our allowed incoming
connections list.
If enough of these happen, an unintended Denial of Service takes place,
where all connection slots are filled with now-broken, never ending
connections. Setting the TCP keepalive option at least allows these to time
out after the default two hours, which is sufficient in the non-malicious
case.
Signed-off-by: Dan McGee <dan@archlinux.org>
When you pass the flag AI_ADDRCONFIG to getaddrinfo(), it does not
consider address families on the loopback device. When run on a
machine without an external network card, just with "lo", it was
unable to look up any address.
Max Kellermann