Tunnel disconnects with "peer ignored channel window"

Tue Oct 21 10:52:48 AEDT 2025

Yeah I did that but it didn't change anything.
With the patch and removing that part I don't get disconnects. But still the connection is buggy, gives handshake errors sometimes and failed downloads/connections.
I get lots of

" channel 0: datagram length 1444 too big for window 476 or maximum packet 32768"

at the beginning. These messages stop after a while and instead I get a cycle with many

"debug1: enqueue packet: 93"

followed occasionally by

" SSH2_MSG_KEXINIT received
debug1: kex: algorithm: mlkem768x25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
 debug1: expecting SSH2_MSG_KEX_ECDH_INIT
debug1: SSH2_MSG_KEX_ECDH_INIT received
debug1: mm_answer_sign: hostkey ssh-ed25519 index 0
 debug1: ssh_packet_send2_wrapped: resetting send seqnr 995525
 debug1: ssh_set_newkeys: rekeying out, input 32943120 bytes 3626116 blocks, output 1077718012 bytes 134216627 blocks
debug1: rekey out after 134217728 blocks
"

followed by many

"dequeue packet: 93"

and occasionally a

"debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 982769
debug1: SSH2_MSG_NEWKEYS received
debug1: ssh_set_newkeys: rekeying in, input 32943132 bytes 3626117 blocks, output 1077732080 bytes 1443 blocks
debug1: rekey in after 134217728 blocks
"
And then the cycle starts again.
On the client side it looks similar but there are less messages and no "datagram length" messages.
Could you maybe explain what is going on in general regarding the channel/windows stuff?
Is there anything I can do or is this only a ssh problem? It seems to happen only under load/lots of traffic?

________________________________________
From: Damien Miller <djm at mindrot.org>
Sent: Sunday, October 19, 2025 11:23 PM
To: valt aran
Cc: openssh-unix-dev at mindrot.org
Subject: Re: Tunnel disconnects with "peer ignored channel window"

On Sun, 19 Oct 2025, valt aran wrote:

> Tried it with the patch and version 10.2
> Error messages are something like
> "channel 0: datagram length 1444 too big for window 1206 or maximum packet 32768"
> Length or window can have different values.
> Connection still breaks after a while.
> Then I disabled the automatic disconnecting in the source code (which says the connection could deadlock in this case.)
> However, no disconnects up to now. Though I seem to get lots of
>
> "debug1: rekeying in progress
> debug1: enqueue packet: ...
> "
>
> messages which I did not get before. Not sure if this is relevant or happens because the connection is now running longer.

Did you try removing the section of code I suggested?

> I'm suspicious of this section of code in channel_input_data():
>
>   3498          if (c->datagram)
>   3499                  win_len += 4;  /* string length header */
>
> might be double-counting the header and permanently shrinking the
> channel window for each tunneled packet received. You could try
> removing or commenting it out and seeing if it solves the problem.