dbclient and detecting broken connections

Ahilan Anantha aanantha at riverbed.com
Thu Dec 10 04:26:40 WST 2009


Matt Johnston wrote:
> On Tue, Dec 08, 2009 at 03:47:02PM -0800, Ahilan Anantha wrote:
>> Hi List,
>>
>> I plan to use "dbclient" as a low memory footprint alternative to  
>> OpenSSH's "ssh" for SSH tunnels.
>>
>> On the client I have software that creates SSH tunnels to many systems.  
>> Sometimes the connection to these remote systems will break, at which  
>> point "ssh" will exit. The exit gets detected and the connection gets  
>> reestablished. But this works in "ssh" because I'm using the  
>> ServerAliveInterval and ServerAliveCountMax options. Without them, ssh  
>> would never check that the connection was up and I'd have to wait an  
>> eternity for a TCP timeout. Or implement my own heartbeat on top of the  
>> tunnel.
> 
> dbclient sends an "ignore" packet every N seconds, but I
> don't think that elicits a server response. It will
> generally time out after a minute or so when the client OS
> gives up on receiving an ACK, though SIGSTOP is a funny
> case since the remote OS is probably still sending TCP ACKs.
> I'll take a look at implementing something closer to what
> ServerAliveInterval does (sending something that will fail
> and checking for a reply, iirc).
> 
> OpenSSH's "tcpkeepalive" just sets the TCP keepalive option
> on the socket with setsockopt(), but won't probe the
> connection itself.
> 
> Cheers,
> Matt
> 

Thanks, Matt.

OpenSSH's client is sending an "SSH2_MSG_GLOBAL_REQUEST" with a bogus 
request type of "keepalive at openssh.com" with want reply set to 1. And on 
the server side it doesn't try to match that name and just always sends 
an "SSH2_MSG_REQUEST_FAILURE" when it gets that message.

And then every time the client gets an SSH2_MSG_REQUEST_SUCCESS or 
SSH2_MSG_REQUEST_FAILURE it sets the number of outstanding server alives 
to 0.

Regards,

Ahilan


More information about the Dropbear mailing list