dbclient and detecting broken connections
Ahilan Anantha
aanantha at riverbed.com
Thu Dec 10 04:26:40 WST 2009
Matt Johnston wrote:
> On Tue, Dec 08, 2009 at 03:47:02PM -0800, Ahilan Anantha wrote:
>> Hi List,
>>
>> I plan to use "dbclient" as a low memory footprint alternative to
>> OpenSSH's "ssh" for SSH tunnels.
>>
>> On the client I have software that creates SSH tunnels to many systems.
>> Sometimes the connection to these remote systems will break, at which
>> point "ssh" will exit. The exit gets detected and the connection gets
>> reestablished. But this works in "ssh" because I'm using the
>> ServerAliveInterval and ServerAliveCountMax options. Without them, ssh
>> would never check that the connection was up and I'd have to wait an
>> eternity for a TCP timeout. Or implement my own heartbeat on top of the
>> tunnel.
>
> dbclient sends an "ignore" packet every N seconds, but I
> don't think that elicits a server response. It will
> generally time out after a minute or so when the client OS
> gives up on receiving an ACK, though SIGSTOP is a funny
> case since the remote OS is probably still sending TCP ACKs.
> I'll take a look at implementing something closer to what
> ServerAliveInterval does (sending something that will fail
> and checking for a reply, iirc).
>
> OpenSSH's "tcpkeepalive" just sets the TCP keepalive option
> on the socket with setsockopt(), but won't probe the
> connection itself.
>
> Cheers,
> Matt
>
Thanks, Matt.
OpenSSH's client is sending an "SSH2_MSG_GLOBAL_REQUEST" with a bogus
request type of "keepalive at openssh.com" with want reply set to 1. And on
the server side it doesn't try to match that name and just always sends
an "SSH2_MSG_REQUEST_FAILURE" when it gets that message.
And then every time the client gets an SSH2_MSG_REQUEST_SUCCESS or
SSH2_MSG_REQUEST_FAILURE it sets the number of outstanding server alives
to 0.
Regards,
Ahilan
More information about the Dropbear
mailing list