Hi David, Dropbear since 2015.68 always sets the socket non-blocking [1], so I think that change should be safe on older versions. The only risk I can think of is if it gets in some state where it might spin with 100% CPU.
Cheers, Matt [1] https://secure.ucc.asn.au/hg/dropbear/annotate/10f198d4a308/common-session.c#l68 > On Tue 7/6/2016, at 7:59 pm, David Chapdelaine <[email protected]> > wrote: > > Hi everyone, > > We have been using version 65 of Dropbear to maintain an ssh connection to a > central server. It usually works fine, but when there is a network failure > the Dropbear client waits until there is a tcp timeout before declaring that > there was a keepalive timeout. So in practice even though we set the > keepalive timeout as 30 seconds, dbclient doesn’t exit before ~15 minutes > which is when the tcp timeout is triggered. > > By digging in dropbear’s code I noticed that when running in client mode, the > connection to the server is blocking whereas that connection is non blocking > when running in server mode. I thus changed the connection to non blocking in > client mode. To do this I changed the call to connect_remote line 75-76 of > cli-main.c from > > int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, 0, > &error); > > > to > > int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, 1, > &error); > > > Initial tests are good so far and it addresses our issue, but I wanted to run > this through you to get your insights on potential problems with this change. > As far as you know, is there any side effect that we should be aware of? Was > there a reason why the connection was blocking in client mode? > > Thanks a lot for your inputs! > > David Chapdelaine > Développeur logiciel | Software Developer > T|P: +1-514-332-4000 p.6595 | [email protected] > <mailto:[email protected]> > > <image001.png> > > Conçu pour évoluer | Built to evolve | www.genetec.com/dna > <http://www.genetec.com/dna> > <image002.png> <http://www.facebook.com/Genetec><image003.png> > <http://www.linkedin.com/company/genetec/> <image004.png> > <http://www.twitter.com/_Genetec_> <image005.png> > <http://www.youtube.com/Genetec>
