David Chapdelaine
2016-06-07 11:59:03 UTC
Hi everyone,
We have been using version 65 of Dropbear to maintain an ssh connection to a central server. It usually works fine, but when there is a network failure the Dropbear client waits until there is a tcp timeout before declaring that there was a keepalive timeout. So in practice even though we set the keepalive timeout as 30 seconds, dbclient doesn't exit before ~15 minutes which is when the tcp timeout is triggered.
By digging in dropbear's code I noticed that when running in client mode, the connection to the server is blocking whereas that connection is non blocking when running in server mode. I thus changed the connection to non blocking in client mode. To do this I changed the call to connect_remote line 75-76 of cli-main.c from
int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, 0, &error);
to
int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, 1, &error);
Initial tests are good so far and it addresses our issue, but I wanted to run this through you to get your insights on potential problems with this change. As far as you know, is there any side effect that we should be aware of? Was there a reason why the connection was blocking in client mode?
Thanks a lot for your inputs!
David Chapdelaine
Développeur logiciel | Software Developer
T|P: +1-514-332-4000 p.6595 | ***@genetec.com<mailto:***@genetec.com>
[cid:***@01D0F159.91250450]
Conçu pour évoluer | Built to evolve | www.genetec.com/dna<http://www.genetec.com/dna>
[cid:***@01CBEA2D.0B393EC0]<Loading Image...
@01CBEA2D.0B393EC0]<http://www.linkedin.com/company/genetec/> [cid:***@01CBEA2D.0B393EC0] <http://www.twitter.com/_Genetec_> [cid:***@01CBEA2D.0B393EC0] <http://www.youtube.com/Genetec>
We have been using version 65 of Dropbear to maintain an ssh connection to a central server. It usually works fine, but when there is a network failure the Dropbear client waits until there is a tcp timeout before declaring that there was a keepalive timeout. So in practice even though we set the keepalive timeout as 30 seconds, dbclient doesn't exit before ~15 minutes which is when the tcp timeout is triggered.
By digging in dropbear's code I noticed that when running in client mode, the connection to the server is blocking whereas that connection is non blocking when running in server mode. I thus changed the connection to non blocking in client mode. To do this I changed the call to connect_remote line 75-76 of cli-main.c from
int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, 0, &error);
to
int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, 1, &error);
Initial tests are good so far and it addresses our issue, but I wanted to run this through you to get your insights on potential problems with this change. As far as you know, is there any side effect that we should be aware of? Was there a reason why the connection was blocking in client mode?
Thanks a lot for your inputs!
David Chapdelaine
Développeur logiciel | Software Developer
T|P: +1-514-332-4000 p.6595 | ***@genetec.com<mailto:***@genetec.com>
[cid:***@01D0F159.91250450]
Conçu pour évoluer | Built to evolve | www.genetec.com/dna<http://www.genetec.com/dna>
[cid:***@01CBEA2D.0B393EC0]<Loading Image...
@01CBEA2D.0B393EC0]<http://www.linkedin.com/company/genetec/> [cid:***@01CBEA2D.0B393EC0] <http://www.twitter.com/_Genetec_> [cid:***@01CBEA2D.0B393EC0] <http://www.youtube.com/Genetec>