[PATCH] SO_KEEPALIVE for port forwards

Manoj Kasichainula manoj at collab.net
Fri Aug 24 10:48:08 EST 2001 

Attached is a patch to allow a user to turn on TCP keepalives for port
forwarded connections. It's mainly useful when the connections to the
ssh listener are coming from many different boxes, some of which
crash, leaving the service on the other side of the port forwarder
waiting on connections indefinitely.

It creates a new option named "KeepAliveForward" to control this
behavior. It's off by default for backward compatibility.

This patch was made for 2.9p2, but it applies almost perfectly to the
CVS HEAD. I would've provided a patch to CVS instead, but the HEAD
doesn't build for me at the moment.

Thoughts?

Please cc: me, I'm not on the list. Thanks.
-------------- next part --------------
--- openssh-2.9p2/channels.c.keepalivetunnel	Wed Jun 13 12:18:05 2001
+++ openssh-2.9p2/channels.c	Thu Aug 23 15:40:43 2001
@@ -61,6 +61,9 @@
 #include "canohost.h"
 #include "key.h"
 #include "authfd.h"
+#include "readconf.h"
+
+extern Options options;
 
 /* Maximum number of fake X11 displays to try. */
 #define MAX_DISPLAYS  1000
@@ -765,6 +768,7 @@
 	int newsock, newch, nextstate;
 	socklen_t addrlen;
 	char *rtype;
+	int one = 1;
 
 	if (FD_ISSET(c->sock, readset)) {
 		debug("Connection to port %d forwarding "
@@ -781,6 +785,13 @@
 		if (newsock < 0) {
 			error("accept: %.100s", strerror(errno));
 			return;
+		}
+		/* Set keepalives if requested */
+		if (options.keepalives_forward &&
+		    setsockopt(newsock, SOL_SOCKET, SO_KEEPALIVE,
+		    (void *) &one, sizeof(one)) < 0)
+		{
+			error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
 		}
 		newch = channel_new(rtype,
 		    nextstate, newsock, newsock, -1,
--- openssh-2.9p2/readconf.c.keepalivetunnel	Tue Apr 17 11:11:37 2001
+++ openssh-2.9p2/readconf.c	Thu Aug 23 15:42:37 2001
@@ -106,7 +106,7 @@
 	oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
 	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
 	oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
-	oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
+	oCompressionLevel, oKeepAlives, oKeepAlivesForward, oNumberOfPasswordPrompts,
 	oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
 	oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
 	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
@@ -172,6 +172,7 @@
 	{ "compression", oCompression },
 	{ "compressionlevel", oCompressionLevel },
 	{ "keepalive", oKeepAlives },
+	{ "keepaliveforward", oKeepAlivesForward },
 	{ "numberofpasswordprompts", oNumberOfPasswordPrompts },
 	{ "loglevel", oLogLevel },
 	{ "dynamicforward", oDynamicForward },
@@ -394,6 +395,10 @@
 		intptr = &options->keepalives;
 		goto parse_flag;
 
+	case oKeepAlivesForward:
+		intptr = &options->keepalives_forward;
+		goto parse_flag;
+
 	case oNumberOfPasswordPrompts:
 		intptr = &options->number_of_password_prompts;
 		goto parse_int;
@@ -738,6 +743,7 @@
 	options->strict_host_key_checking = -1;
 	options->compression = -1;
 	options->keepalives = -1;
+	options->keepalives_forward = -1;
 	options->compression_level = -1;
 	options->port = -1;
 	options->connection_attempts = -1;
@@ -825,6 +831,8 @@
 		options->compression = 0;
 	if (options->keepalives == -1)
 		options->keepalives = 1;
+	if (options->keepalives_forward == -1)
+		options->keepalives_forward = 0;
 	if (options->compression_level == -1)
 		options->compression_level = 6;
 	if (options->port == -1)
--- openssh-2.9p2/readconf.h.keepalivetunnel	Tue Apr 17 11:11:37 2001
+++ openssh-2.9p2/readconf.h	Thu Aug 23 15:40:43 2001
@@ -62,6 +62,7 @@
 	int     compression_level;	/* Compression level 1 (fast) to 9
 					 * (best). */
 	int     keepalives;	/* Set SO_KEEPALIVE. */
+	int     keepalives_forward;	/* Set SO_KEEPALIVE for port forwards. */
 	LogLevel log_level;	/* Level for logging. */
 
 	int     port;		/* Port to connect. */
--- openssh-2.9p2/ssh.1.keepalivetunnel	Mon Apr 23 06:02:17 2001
+++ openssh-2.9p2/ssh.1	Thu Aug 23 15:40:43 2001
@@ -844,6 +844,12 @@
 To disable keepalives, the value should be set to
 .Dq no
 in both the server and the client configuration files.
+.It Cm KeepAliveForward
+Similar to KeepAlive, but applies to port forwards
+.Pp
+The default is
+.Dq no
+(to not send keepalives)
 .It Cm KerberosAuthentication
 Specifies whether Kerberos authentication will be used.
 The argument to this keyword must be

More information about the openssh-unix-dev mailing list