Timeout dead connections

Matt Johnston matt at ucc.asn.au
Mon Apr 1 23:03:27 WST 2013 

And the patch actually attached here.

On Mon, Apr 01, 2013 at 11:01:42PM +0800, Matt Johnston wrote:
> Hi,
> 
> The attached attached patch against 2013.56 should fix it, or
> https://secure.ucc.asn.au/hg/dropbear/rev/70811267715c
> 
> Dropbear wasn't running cleanup handlers when it exited due
> to the TCP connection being closed.
> 
> Matt
> 
> On Thu, Mar 28, 2013 at 07:24:55PM +0800, Matt Johnston wrote:
> > I think that -K on the server should be enough. On the
> > server can you run "tcpdump -i eth0 -w cap1.cap port 22",
> > get a ssh session going, pull out the cable, wait 10
> > minutes, then send me the capture?
> > 
> > Could you also check that the Dropbear process for the
> > connection is still running after the connection should have
> > been finished. It's possible that the process is exiting but
> > the session cleanup code isn't working correctly. The whole
> > debug log might give me an idea what's going on.
> > 
> > Cheers,
> > Matt
> > 
> > On Thu, Mar 28, 2013 at 09:56:02AM +0100, Mattias Walström wrote:
> > > Thanks for your responses, all your suggestions imply that you should do something
> > > in the client (set keepalive on client end), but shouldn't the server itself be able to
> > > decide if a client is dead (can't OpenSSH do this?).
> > > 
> > > If I do the -K 15 -I 20 on the server end only, this will close the connection when
> > > the OpenSSH client has not sent any characters in 20s. I expected the keepalive to be
> > > two way, that the server got responses on these packages as well, is that not the case?
> > > 
> > > Regards
> > >  Mattias
> > 
> > > >>On Wed, Mar 27, 2013 at 11:24 AM, Mattias Walström <
> > > >>mattias.walstrom at westermo.se> wrote:
> > > >>
> > > >>>Hi!
> > > >>>I am running dropbear 2013.56, connecting to the server with a PC but
> > > >>>not performing a clean close (I pulled my ethernet cable), this caused
> > > >>>dropbear to never drop its connection.
> > > >>>
> > > >>>Looking at the utmp entries, I could see that the connection never got
> > > >>>dropped,
> > > >>>the utmp entries was kept forever, and running with debug indicates that
> > > >>>also.
> > > >>>  Tried to use -K to send keepalive, but it just keeps sending keepalives
> > > >>>to the peer,
> > > >>>even it is no longer there, and not possible to reach. Shouldn't
> > > >>>the connection be dropped if the keepalive does not reach its destination?
> > > >>>
> > > >>>I know there is the -I option, but that does not really do what I want,
> > > >>>I want the connection to be tear down when the peer is unreachable, not
> > > >>>when the user has been idle for a while.
> > > >>>
> > > >>>Regards
> > > >>>  Mattias
> > > >>>
> > > 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: utmp-exit-cleanup-2013.56.diff
Type: text/x-diff
Size: 3653 bytes
Desc: not available
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20130401/3cd14d9a/attachment.diff

More information about the Dropbear mailing list