Yep, you're right Matt... the latest version contains those fixes... (the truth is that I'm still working with my patched 0.52 that is rock solid for my usage)...<div>Regards,</div><div>Fabrizio</div><div><br><br><div class="gmail_quote">
On Wed, Mar 27, 2013 at 11:47 AM, Matt Johnston <span dir="ltr"><<a href="mailto:matt@ucc.asn.au" target="_blank">matt@ucc.asn.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I thought those were fixed in 0.53 or perhaps 2011.54:<br>
<br>
2011.54 - Tuesday 8 November 2011<br>
- Fixed case where "-K 1" keepalive for dbclient would cause a SSH_MSG_IGNORE<br>
� packet to be sent<br>
0.53 - Thurs 24 February 2011<br>
- Make -K (keepalive) and -I (idle timeout) work together sensibly in the client.<br>
� The idle timeout is no longer reset by SSH_MSG_IGNORE packets.<br>
<br>
If the network cable has been pulled out, shouldn't the OS send a TCP RST<br>
packet eventually after some traffic and close the connection?<br>
<br>
Cheers,<br>
Matt<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
On Wed, Mar 27, 2013 at 11:41:40AM -0400, Fabrizio Bertocci wrote:<br>
> I remember reporting this problem and sending a patch long time ago (for<br>
> version 0.52).<br>
><br>
> The problem with the keep-alive (if I remember correctly) was that every<br>
> time dropbear was sending the keep-alive message, it was also resetting the<br>
> timeout counter... so dropbear or dbclient never detect the dropped<br>
> connection.<br>
> Here is an extract from my old email sent on 9/29/2010:<br>
><br>
> Hope this help,<br>
> Regards,<br>
> Fabrizio<br>
><br>
> ____________________________________________________________________________________<br>
><br>
> First Issue: When keep-alive messages are sent, they reset the idle timeout<br>
> counter. (-I counter).<br>
> I would expect that SENT messages (in particular keep-alive packets) do not<br>
> affect the idle timeout...<br>
> This is in function write_packet() (file packet.c)<br>
> When a message is written, it stores the current time in both the registers<br>
> for the last packet transmitted *AND* last packet (for the idle timeout):<br>
> � � � � ses.last_trx_packet_time = time(NULL);<br>
> � � � � ses.last_packet_time = time(NULL);<br>
><br>
> (beside that, this cause two system calls, to read the time, when only one<br>
> would be needed... just optimizing :) )<br>
> This is a little unexpected because I would think that the idle timeout<br>
> works only on received packets, not about sent packets.<br>
> Basically if I start dropbear with -I and -K options, the idle timeout will<br>
> never kick in... because the keepalive will always reset the timer even if<br>
> the connection is dead.<br>
><br>
> I'm proposing to simply remove the line:<br>
> � � � � ses.last_packet_time = time(NULL);<br>
> So the idle timeout does not get reset when any packet is sent.<br>
><br>
> Watch out: after this change, the semantic of the argument -I is different<br>
> than before, as it only consider received packets... but at least it makes<br>
> more sense.<br>
> Here is a scenario WITHOUT this modification:<br>
> 1. Start the server with: dropbear -K 15 -I 20 �[...]<br>
> 2. Start the client with dbclient -K 15 [...]<br>
> 3. On my device, start a program that sends data over one tunneled port<br>
> Everything works fine, connection is up and data is exchanging.<br>
> Now...<br>
> 4. Unplug my embedded device (the one running dbclient)<br>
> -> The server does not detect the connection is down. Any attempt to access<br>
> a tunneled port cause the caller to hang.<br>
><br>
> now, after this change, with the same scenario, after I unplug my box, the<br>
> server detects it after 20 seconds and closes the connection.<br>
><br>
><br>
> Second Issue: When a keepalive message is received, the idle timeout timer<br>
> (for received packets) is NOT updated.<br>
> I'm referring here to the function 'process_packet()' in file<br>
> 'process-packet.c'.<br>
> Here the timer update:<br>
> � � ses.last_packet_time = time(NULL);<br>
> is performed AFTER the first switch where we check for SSH_MSG_IGNORE,<br>
> SSH_MSG_DEBUG, SSH_MSG_UNIMPLEMENTED, and SSH_MSG_DISCONNECT.<br>
> So, in few words: although a keep-alive message (that is a message of type<br>
> SSH_MSG_IGNORE) is correctly ignored, but the timer is not reset.<br>
><br>
> Here is what happen:<br>
> 1. Start my server again with dropbear -I 20 [...]<br>
> 2. Start my client with dropbear -K 15 [...]<br>
> (this time I'm not starting my application to send data over a tunneled<br>
> port)<br>
><br>
> Without doing anything, the server will close the connection after 20<br>
> seconds. No matter if the client have sent the keep-alivemessages...<br>
><br>
> After moving that statement:<br>
> � � ses.last_packet_time = time(NULL);<br>
> BEFORE the first switch(), now a keep-alive message cause the idle timer to<br>
> reset, and the previous test case works as expected (server does't<br>
> disconnect).<br>
><br>
> So, in conclusion, as you see, these two small changes are critical for my<br>
> situation, and I believe they could also benefit others with similar needs.<br>
><br>
> ____________________________________________________________________________________<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> On Wed, Mar 27, 2013 at 11:24 AM, Mattias Walstr�m <<br>
> <a href="mailto:mattias.walstrom@westermo.se">mattias.walstrom@westermo.se</a>> wrote:<br>
><br>
> > Hi!<br>
> > I am running dropbear 2013.56, connecting to the server with a PC but<br>
> > not performing a clean close (I pulled my ethernet cable), this caused<br>
> > dropbear to never drop its connection.<br>
> ><br>
> > Looking at the utmp entries, I could see that the connection never got<br>
> > dropped,<br>
> > the utmp entries was kept forever, and running with debug indicates that<br>
> > also.<br>
> > �Tried to use -K to send keepalive, but it just keeps sending keepalives<br>
> > to the peer,<br>
> > even it is no longer there, and not possible to reach. Shouldn't<br>
> > the connection be dropped if the keepalive does not reach its destination?<br>
> ><br>
> > I know there is the -I option, but that does not really do what I want,<br>
> > I want the connection to be tear down when the peer is unreachable, not<br>
> > when the user has been idle for a while.<br>
> ><br>
> > Regards<br>
> > �Mattias<br>
> ><br>
</div></div></blockquote></div><br></div>