[EXTERNAL] Re: Controlling SO_RCVBUF

Robinson, Herbie Herbie.Robinson at stratus.com
Sat Dec 14 03:57:21 AEDT 2019


Darren Tucker Wrote:

> On Fri, 13 Dec 2019 at 03:16, Robinson, Herbie <mailto:Herbie.Robinson at stratus.com> wrote:
> [...]
> Darren Tucker Replied:
> > Sending, receiving or both?  
> Server (sftp-server) receiving.
>
> Earlier you said "I looked at HPN-SSH, but that won't work because we don't control what software the peer is using" but you're now talking about modifying the server.  Last time I looked at HPN it'd interop with other implementations so any changes it did to its socket buffers would also affect any other client.

I looked at the comments around the code that did setsockopt for SO_RCVBUF and it appeared to only apply when the peer -- the comments implied that there are implementations out there that will choke on large window sizes.  I will take a more careful look at it (there are other reasons I was shying away that are probably OT here).

> > What's the speed and RTT on the link?
>
> The RTT is between 40 and 50 msec.  The window when the customer measured was 32K.  The throughput they saw was 6mbit/sec (which implies an RTT of 44 msec).  We worked with them to adjust kernel parameters so they get 65K windows and that's kept them happy in the short term, but they also indicated they were hoping for 100mb; so,  I'm trying to get ahead of them before they come back for more.
>
> > If your limiting factor is really the TCP BDP that's between the ssh and sshd process, and that's independent of subsystem.
>
> Correct.  The actual TCP socket is not available to the subsystem.  If it was, I could just add options to the sftp-server code.  Given that upping the window size to a really big  number is not a good idea for all connections, I wanted to have sshd decide what to use based on the subsystem.
>
> The problem with doing it per-subsystem is that subsystem is a per ssh channel thing and tcp socket buffers are a per connection thing.  There are zero or more channels per TCP connection and it's possible to have both interactive and sftp channels in a single connection, either serially or concurrently.
> 
>  Perhaps it might also be useful to select the window size based on input and/or output subnet masks, too.  Opinions?
>
> If it was a standard sshd option then it could be conditionalized using Match, which would let you select based on any of: User, Group, Host, LocalAddress, LocalPort, RDomain, Address.  Would that address your use case?

I missed "Match" when I was looking through the documentation.  That is a much better way to go.  Now, I need to go look at whether HPN-SSH operates under Match or not.  

Thanks.

 


More information about the openssh-unix-dev mailing list