[PATCH] Add a Maximum Idle Time (1.2.2)

Jacob Luna Lundberg jacob at velius.chaos2.org
Sun Mar 5 10:12:16 EST 2000

On Sun, 5 Mar 2000, Damien Miller wrote:

> I would first rather get to the bottom of figuring out why keepalives
> aren't working. 

     Which brings a question to mind.  I haven't really programmed with
keepalives before.  I presume they're a field in the tcp frames (as
opposed to a periodic empty frame)?

> Is "KeepAlive yes" set for both client and server?

     Yes.  To no avail.  Both are Linux 2.2.14 boxen, but I have been
seeing this problem since I switched to 2.1.x (client with server still
2.0.x).  I still see it with the not-so-open ssh suite as well, both 1.x
and 2.x.  I tried kernel 2.3.42 and was still seeing it there too.

> Is /proc/sys/net/ipv4/tcp_keepalive_time set

     It is set to 7200.

> to less than the masquerading timeouts?

     I checked after reading the recent list entries and actually I see
the exact same behavior when I run ssh out from the firewall (thus
bypassing the ip_masq).  So while the ip_masq is an issue, it is
orthogonal to the problem and could be resolved (as you say) by setting
the keepalives to less than the ip_masq timeout.  For some reason,
keepalives aren't sufficient to keep some connections alive right now.

     On a side note, Di Zhao asked if I should have implemented a server
version of the patch as well.  I rather felt that (from what I've seen)
the problem is a bit too infrequent for that (let the users turn it on if
they discover they need it)...  But I suppose it does leave people using
different clients out in the cold.  Any preference there?



"Heh.  You mean this is Stef's source code?"
  -User Friendly

More information about the openssh-unix-dev mailing list