[PATCH] Add a Maximum Idle Time (1.2.2)
Di Zhao
dzhao1 at gl.umbc.edu
Sun Mar 5 09:24:32 EST 2000
Hi, I have applied this patch, and it works pretty well. Well, I agree
with you about the KeepAlive thing, it seems not functioning, at least on
Linux machine.
I just glaced at your patch, seems you send a "NOP" every TransInterclude
time. While this solves the problem while using the openssh client, but
people who use different ssh client may be unlucky. Maybe the best choice
is to implement it on server side??
Anyway, my problem is gone and thank you very much!
On Fri, 3 Mar 2000, Jacob Luna Lundberg wrote:
>
> The attached patch adds an option (off by default to preserve current
> behavior) to set a timeout on the select() statement that waits for input
> in clientloop.c. This fixes a timeout issue for me (explained below) and
> probably also fixes the timeouts mentioned in last month's thread "Idle
> time out". The patch is also available by http from:
> http://www.chaos2.org/~jacob/code/patch-openssh-1.2.2-trans_inter
>
> I am ssh-ing from a machine on my home network to one on the
> internet. This goes out over a Linux ip_masquerade firewall. When I
> wrote the attached patch, I thought it was the firewall that was killing
> the connection by timing out on the redirected port due to lack of
> traffic. But after reading some similar posts on this list, I think there
> might be problems even if a firewall isn't involved. Also note that in
> the tcpdump below, I did have KeepAlive turned on (both server and client)
> and yet I don't see any traffic being generated due to this, which seems
> to render KeepAlive pretty useless...
>
> When ssh dies on me (when no max idle time is set) it gives me the
> error below:
>
> "
> velius:~% Read from remote host velius.chaos2.org: Connection reset by peer
> Connection to velius.chaos2.org closed.
> jacob:~#
> "
>
> From the tcpdump below, we see that the firewall has assigned a new
> ip_masq port. This shows all the packets; specifically, none are
> generated in the interim.
>
> "
> 00:59:19.987703 velius.chaos2.org.ssh > c392100-a.crvlls1.or.home.com.64579: P 1:21(20) ack 20 win 32120
> <nop,nop,timestamp 46926353 47417028> (DF)
> 00:59:19.998389 c392100-a.crvlls1.or.home.com.64579 > velius.chaos2.org.ssh: . ack 21 win 32120
> <nop,nop,timestamp 47417072 46926353> (DF) [tos 0x10]
> ... time passes here but no traffic to velius ...
> 01:20:37.477884 c392100-a.crvlls1.or.home.com.64687 > velius.chaos2.org.ssh: P 2954940853:2954940873(20) ack
> 2970631452 win 32120 <nop,nop,timestamp 47544804 46926353> (DF) [tos 0x10]
> 01:20:37.583097 velius.chaos2.org.ssh > c392100-a.crvlls1.or.home.com.64687: R 2970631452:2970631452(0) win 0
> [tos 0x10]
> "
>
> The attached patch allows the user to put a TransmitInterlude option
> in their ssh_config file that gives how many seconds are allowed to pass
> without generating traffic. A value of 300 completely solves the timeouts
> for me and I haven't observed any stability issues.
>
> Please cc me with comments as I am not subscribed to the list.
>
> Jacob Lundberg
> jacob at chaos2.org
>
> --
>
> "Heh. You mean this is Stef's source code?"
> -User Friendly
>
-- "My grandpa told me to remember two things in life. Look out
for Number One, and remember your number" - Orville Cogswell
-- http://members.xoom.com/_XOOM/dizhao/index.html
More information about the openssh-unix-dev
mailing list