Why isn't it possible to lower TCP values of running SSH session?

Salvador Fandino sfandino at gmail.com
Tue Nov 24 18:57:30 AEDT 2015

On 11/24/2015 01:05 AM, john smith wrote:
> On Tue, Nov 24, 2015 at 12:57 AM, Damien Miller <djm at mindrot.org> wrote:
>> TCP is the kernel's responsibility. I guess that these values get
>> copied into each TCB from the copy managed via proc at connection
>> start time, but never updated afterwards.
> This had to happen but the question is why is it possible to increase
> a timeout but not to decrease it.

Some years ago I found that the implementation of TCP keepalive on Linux 
is not reliable.

Inside the kernel, the code that does the keep-alive thing is not called 
unless the output socket buffer is empty, otherwise the regular handling 
for the TCP output stream that just retries sending the queued data with 
increasing (IIRC, x2) delays is applied and it uses a different set of 
counters and timeouts that are not affected by the tcp_keepalive_* 

That bug is probably still there.

More information about the openssh-unix-dev mailing list