I remember reporting this problem and sending a patch long time ago (for version 0.52). <div><br></div><div>The problem with the keep-alive (if I remember correctly) was that every time dropbear was sending the keep-alive message, it was also resetting the timeout counter... so dropbear or dbclient never detect the dropped connection.<div>
Here is an extract from my old email sent on 9/29/2010:</div><div><br></div><div>Hope this help,</div><div>Regards,</div><div>Fabrizio</div><div><br></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">____________________________________________________________________________________</span></div>
<div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><br></span></div><div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
First Issue: When <span class="il" style="background-color:rgb(255,255,204)">keep</span>-<span class="il" style="background-color:rgb(255,255,204)">alive</span> messages are sent, they reset the idle timeout counter. (-I counter).</div>
<div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">I would expect that SENT messages (in particular <span class="il" style="background-color:rgb(255,255,204)">keep</span>-<span class="il" style="background-color:rgb(255,255,204)">alive</span> packets) do not affect the idle timeout...</div>
<div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">This is in function write_packet() (file packet.c)</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
When a message is written, it stores the current time in both the registers for the last packet transmitted *AND* last packet (for the idle timeout):</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<div> ses.last_trx_packet_time = time(NULL);</div><div> ses.last_packet_time = time(NULL);</div></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">(beside that, this cause two system calls, to read the time, when only one would be needed... just optimizing :) )</div>
<div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">This is a little unexpected because I would think that the idle timeout works only on received packets, not about sent packets.</div>
<div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Basically if I start <span class="il" style="background-color:rgb(255,255,204)">dropbear</span> with -I and -K options, the idle timeout will never kick in... because the <span class="il" style="background-color:rgb(255,255,204)">keepalive</span> will always reset the timer even if the connection is dead.</div>
<div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
I'm proposing to simply remove the line:</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"> ses.last_packet_time = time(NULL);</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
So the idle timeout does not get reset when any packet is sent.</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
Watch out: after this change, the semantic of the argument -I is different than before, as it only consider received packets... but at least it makes more sense.</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
Here is a scenario WITHOUT this modification:</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">1. Start the server with: <span class="il" style="background-color:rgb(255,255,204)">dropbear</span> -K 15 -I 20 [...]</div>
<div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">2. Start the client with dbclient -K 15 [...]</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
3. On my device, start a program that sends data over one tunneled port</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Everything works fine, connection is up and data is exchanging.</div>
<div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Now...</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
4. Unplug my embedded device (the one running dbclient)</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">-> The server does not detect the connection is down. Any attempt to access a tunneled port cause the caller to hang.</div>
<div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
now, after this change, with the same scenario, after I unplug my box, the server detects it after 20 seconds and closes the connection.</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
Second Issue: When a <span class="il" style="background-color:rgb(255,255,204)">keepalive</span> message is received, the idle timeout timer (for received packets) is NOT updated.</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
I'm referring here to the function 'process_packet()' in file 'process-packet.c'.</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Here the timer update:</div>
<div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"> ses.last_packet_time = time(NULL);</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
is performed AFTER the first switch where we check for SSH_MSG_IGNORE, SSH_MSG_DEBUG, SSH_MSG_UNIMPLEMENTED, and SSH_MSG_DISCONNECT.</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
So, in few words: although a <span class="il" style="background-color:rgb(255,255,204)">keep</span>-<span class="il" style="background-color:rgb(255,255,204)">alive</span> message (that is a message of type SSH_MSG_IGNORE) is correctly ignored, but the timer is not reset.</div>
<div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
Here is what happen:</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">1. Start my server again with <span class="il" style="background-color:rgb(255,255,204)">dropbear</span> -I 20 [...]</div>
<div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">2. Start my client with <span class="il" style="background-color:rgb(255,255,204)">dropbear</span> -K 15 [...]</div>
<div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">(this time I'm not starting my application to send data over a tunneled port)</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Without doing anything, the server will close the connection after 20 seconds. No matter if the client have sent the <span class="il" style="background-color:rgb(255,255,204)">keep</span>-<span class="il" style="background-color:rgb(255,255,204)">alive</span>messages... </div>
<div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
After moving that statement:</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"> ses.last_packet_time = time(NULL);</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
BEFORE the first switch(), now a <span class="il" style="background-color:rgb(255,255,204)">keep</span>-<span class="il" style="background-color:rgb(255,255,204)">alive</span> message cause the idle timer to reset, and the previous test case works as expected (server does't disconnect).</div>
<div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
So, in conclusion, as you see, these two small changes are critical for my situation, and I believe they could also benefit others with similar needs.</div></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">____________________________________________________________________________________</div><div><br></div>
<div><br></div><div><br></div><div><br></div><div><br></div><div><br><div><br></div><div><br><br><div class="gmail_quote">On Wed, Mar 27, 2013 at 11:24 AM, Mattias Walström <span dir="ltr"><<a href="mailto:mattias.walstrom@westermo.se" target="_blank">mattias.walstrom@westermo.se</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi!<br>
I am running dropbear 2013.56, connecting to the server with a PC but<br>
not performing a clean close (I pulled my ethernet cable), this caused<br>
dropbear to never drop its connection.<br>
<br>
Looking at the utmp entries, I could see that the connection never got dropped,<br>
the utmp entries was kept forever, and running with debug indicates that also.<br>
Tried to use -K to send keepalive, but it just keeps sending keepalives to the peer,<br>
even it is no longer there, and not possible to reach. Shouldn't<br>
the connection be dropped if the keepalive does not reach its destination?<br>
<br>
I know there is the -I option, but that does not really do what I want,<br>
I want the connection to be tear down when the peer is unreachable, not<br>
when the user has been idle for a while.<br>
<br>
Regards<span class="HOEnZb"><font color="#888888"><br>
Mattias<br>
</font></span></blockquote></div><br></div></div></div>