[PATCH] Add a Maximum Idle Time (1.2.2)
Jacob Luna Lundberg
jacob at velius.chaos2.org
Sun Mar 5 10:12:16 EST 2000
On Sun, 5 Mar 2000, Damien Miller wrote:
> I would first rather get to the bottom of figuring out why keepalives
> aren't working.
Which brings a question to mind. I haven't really programmed with
keepalives before. I presume they're a field in the tcp frames (as
opposed to a periodic empty frame)?
> Is "KeepAlive yes" set for both client and server?
Yes. To no avail. Both are Linux 2.2.14 boxen, but I have been
seeing this problem since I switched to 2.1.x (client with server still
2.0.x). I still see it with the not-so-open ssh suite as well, both 1.x
and 2.x. I tried kernel 2.3.42 and was still seeing it there too.
> Is /proc/sys/net/ipv4/tcp_keepalive_time set
It is set to 7200.
> to less than the masquerading timeouts?
I checked after reading the recent list entries and actually I see
the exact same behavior when I run ssh out from the firewall (thus
bypassing the ip_masq). So while the ip_masq is an issue, it is
orthogonal to the problem and could be resolved (as you say) by setting
the keepalives to less than the ip_masq timeout. For some reason,
keepalives aren't sufficient to keep some connections alive right now.
On a side note, Di Zhao asked if I should have implemented a server
version of the patch as well. I rather felt that (from what I've seen)
the problem is a bit too infrequent for that (let the users turn it on if
they discover they need it)... But I suppose it does leave people using
different clients out in the cold. Any preference there?
-Jacob
--
"Heh. You mean this is Stef's source code?"
-User Friendly
More information about the openssh-unix-dev
mailing list