[Bug 2756] sshd does not seem to terminate despite ClientAlive[Interval|CountMax] when a process is polling a remote forwarding channel
https://bugzilla.mindrot.org/show_bug.cgi?id=2756 Damien Miller changed: What|Removed |Added Attachment #3030|ok?(d...@mindrot.org)| Flags|| -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2756] sshd does not seem to terminate despite ClientAlive[Interval|CountMax] when a process is polling a remote forwarding channel
https://bugzilla.mindrot.org/show_bug.cgi?id=2756 Damien Miller changed: What|Removed |Added Status|RESOLVED|CLOSED --- Comment #8 from Damien Miller --- Close all resolved bugs after release of OpenSSH 7.7. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2756] sshd does not seem to terminate despite ClientAlive[Interval|CountMax] when a process is polling a remote forwarding channel
https://bugzilla.mindrot.org/show_bug.cgi?id=2756 --- Comment #7 from willc...@google.com --- Thanks for the quick turnaround! Much appreciated. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2756] sshd does not seem to terminate despite ClientAlive[Interval|CountMax] when a process is polling a remote forwarding channel
https://bugzilla.mindrot.org/show_bug.cgi?id=2756 Darren Tucker changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #6 from Darren Tucker --- I have committed a variant of this patch and it will be in the 7.6 release. Thanks for the report and analysis! -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2756] sshd does not seem to terminate despite ClientAlive[Interval|CountMax] when a process is polling a remote forwarding channel
https://bugzilla.mindrot.org/show_bug.cgi?id=2756 Darren Tucker changed: What|Removed |Added Blocks||2698 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2698 [Bug 2698] Tracking bug for OpenSSH 7.6 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2756] sshd does not seem to terminate despite ClientAlive[Interval|CountMax] when a process is polling a remote forwarding channel
https://bugzilla.mindrot.org/show_bug.cgi?id=2756 Darren Tucker changed: What|Removed |Added Attachment #3029|0 |1 is obsolete|| CC||d...@mindrot.org Attachment #3030||ok?(d...@mindrot.org) Flags|| --- Comment #5 from Darren Tucker --- Created attachment 3030 --> https://bugzilla.mindrot.org/attachment.cgi?id=3030&action=edit keep track of the last time we heard from the client and trigger client_alive_check() I came up with the following to reproduce: 1) make sure you've got an inetd with the discard service enabled. 2) sshd -o ClientAliveInterval=3 -o ClientAliveCountMax=3 -p 2022 3) ssh -p 2022 -R 1234:localhost:9 localhost 4) while sleep 1; do echo foo; done | nc localhost 1234 5) pkill -STOP -u $USER -x ssh -current does indeed hang. I found that my first patch kills the connection too early because once the last_client_time check fires it'll fire again immediately, so last_client_time needs to be reset when that happens. With that it works more or less as expected. I'm not super concerned about the potential timing inaccuracy you mention as we're looking at redoing the select code to use something that allows a bit more flexibility and is easier to reason about. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2756] sshd does not seem to terminate despite ClientAlive[Interval|CountMax] when a process is polling a remote forwarding channel
https://bugzilla.mindrot.org/show_bug.cgi?id=2756 --- Comment #4 from willc...@google.com --- Cool, thanks! I glanced briefly at the patch and it looks like it'll definitely help. The minor nit I have is it could also update the select timeout. It's OK as is, but it means that the client_alive_check() may be called up to, in worst case, just under a full ClientAliveInterval after it should. The worst case is when writesetp is ready when (last_client_time + options.client_alive_interval == monotime()), so it fails the (last_client_time + options.client_alive_interval < monotime()) check. And then the next select() call times out after a full ClientAliveInterval. That's a nit. This fixes the bulk of the issue AFAICT. Thanks. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2756] sshd does not seem to terminate despite ClientAlive[Interval|CountMax] when a process is polling a remote forwarding channel
https://bugzilla.mindrot.org/show_bug.cgi?id=2756 --- Comment #3 from Darren Tucker --- Created attachment 3029 --> https://bugzilla.mindrot.org/attachment.cgi?id=3029&action=edit keep track of the last time we heard from the client and trigger client_alive_check() (In reply to willchan from comment #2) > What did you think about my questions around this code snippet which > I linked earlier from wait_until_can_do_something()? I think you're right; the select won't time out so the client_alive_check() won't be triggered. Attached is an untested patch which might help... -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2756] sshd does not seem to terminate despite ClientAlive[Interval|CountMax] when a process is polling a remote forwarding channel
https://bugzilla.mindrot.org/show_bug.cgi?id=2756 --- Comment #2 from willc...@google.com --- OK, thanks! I'll try testing it the next time I get my team together to repro this situation again. I'll get back to you on that one. What did you think about my questions around this code snippet which I linked earlier from wait_until_can_do_something()? /* Wait for something to happen, or the timeout to expire. */ ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); At a very quick glance, it looks possible that if the client connection is dead (and thus readsetp never becomes ready), the ClientAliveInterval (tvp) may never be hit if writesetp always becomes ready before the ClientAliveInterval expires. In my situation, a monitoring service polling a remote forwarding channel's server port at an interval shorter than ClientAliveInterval might conceivably trigger this. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2756] sshd does not seem to terminate despite ClientAlive[Interval|CountMax] when a process is polling a remote forwarding channel
https://bugzilla.mindrot.org/show_bug.cgi?id=2756 Darren Tucker changed: What|Removed |Added CC||dtuc...@zip.com.au --- Comment #1 from Darren Tucker --- (In reply to willchan from comment #0) > I should note at this point that the client is running OpenSSH_7.2p2 > and the server is running OpenSSH_6.7p1. I'd suggest trying 7.5p1, there was a keepalive bug (#2252) fixed in 7.3. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs