[EXTERNAL] Re: Controlling SO_RCVBUF

Darren Tucker dtucker at dtucker.net
Fri Dec 13 12:01:27 AEDT 2019 

On Fri, 13 Dec 2019 at 03:16, Robinson, Herbie <Herbie.Robinson at stratus.com>
wrote:

> [...]

Darren Tucker Replied:
> > Sending, receiving or both?
> Server (sftp-server) receiving.
>

Earlier you said "I looked at HPN-SSH, but that won't work because we don't
control what software the peer is using" but you're now talking about
modifying the server.  Last time I looked at HPN it'd interop with other
implementations so any changes it did to its socket buffers would also
affect any other client.

> What's the speed and RTT on the link?
>
> The RTT is between 40 and 50 msec.  The window when the customer measured
> was 32K.  The throughput they saw was 6mbit/sec (which implies an RTT of 44
> msec).  We worked with them to adjust kernel parameters so they get 65K
> windows and that's kept them happy in the short term, but they also
> indicated they were hoping for 100mb; so, I'm trying to get ahead of them
> before they come back for more.
>

The other limiting factor you may see is the number and size of SFTP
operations in flight.  OpenSSH's sftp defaults to 64 requests of 32k each
but other clients may vary.

> If your limiting factor is really the TCP BDP that's between the ssh and
> sshd process, and that's independent of subsystem.
>
> Correct.  The actual TCP socket is not available to the subsystem.  If it
> was, I could just add options to the sftp-server code.  Given that upping
> the window size to a really big number is not a good idea for all
> connections, I wanted to have sshd decide what to use based on the
> subsystem.


The problem with doing it per-subsystem is that subsystem is a per ssh
channel thing and tcp socket buffers are a per connection thing.  There are
zero or more channels per TCP connection and it's possible to have both
interactive and sftp channels in a single connection, either serially or
concurrently.


>   Perhaps it might also be useful to select the window size based on input
> and/or output subnet masks, too.  Opinions?
>

If it was a standard sshd option then it could be conditionalized using
Match, which would let you select based on any of: User, Group, Host,
LocalAddress, LocalPort, RDomain, Address.  Would that address your use
case?

There was a request to do "Match subsystem" in the past however I didn't
think it was a good architectural fit since all the other match things are
per-connection and set early in the connection process.

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list