SSH login takes very long time...sometimes

Rostislav Krasny rosti.bsd at gmail.com
Sat Feb 25 06:47:11 PST 2006 

On Sat, 25 Feb 2006 16:28:50 +0900
Hajimu UMEMOTO <ume at freebsd.org> wrote:

> Hi,
> 
> >>>>> On Sat, 25 Feb 2006 02:42:46 +0200
> >>>>> Rostislav Krasny <rosti.bsd at gmail.com> said:
> 
> rosti> I've found the problem in both: ftpd(8) and ftp(1). In the ftpd(8) a
> rosti> getaddrinfo() is called in two places with hints.ai_socktype == 0 and
> rosti> hints.ai_family == PF_UNSPEC. In the ftp(1) a command reply timeout is
> rosti> only 60 seconds. Those things are what I've changed to fix the problem.
> rosti> Two diffs are attached to this email. The ftpd.c.diff extends -4 and -6
> rosti> ftpd options. So if this patch is good, the ftpd(8) manual page and the
> rosti> default /etc/inetd.conf should also be changed appropriately.
> 
> For your ftpd.c.diff, I like your idea to reduce redundant query.  It
> is enough to query just appropriate address family.  In inetd mode, we
> know the address family already.  So, we don't need to rely on the
> -4/-6 option.  The following diff is against ftpd.c with your patch
> applied:
> 
> --- ftpd.c.rosti	Sat Feb 25 15:41:52 2006
> +++ ftpd.c	Sat Feb 25 16:01:46 2006
> @@ -423,10 +423,6 @@ main(int argc, char *argv[], char **envp
>  		}
>  	}
>  
> -#ifdef VIRTUAL_HOSTING
> -	inithosts(family);
> -#endif
> -
>  	if (daemon_mode) {
>  		int *ctl_sock, fd, maxfd = -1, nfds, i;
>  		fd_set defreadfds, readfds;
> @@ -456,6 +452,10 @@ main(int argc, char *argv[], char **envp
>  		sa.sa_handler = reapchild;
>  		(void)sigaction(SIGCHLD, &sa, NULL);
>  
> +#ifdef VIRTUAL_HOSTING
> +		inithosts(family);
> +#endif
> +
>  		/*
>  		 * Open a socket, bind it to the FTP port, and start
>  		 * listening.
> @@ -525,6 +525,14 @@ main(int argc, char *argv[], char **envp
>  			syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
>  			exit(1);
>  		}
> +
> +#ifdef VIRTUAL_HOSTING
> +		family = his_addr.su_family;
> +		if (his_addr.su_family == AF_INET6 &&
> +		    IN6_IS_ADDR_V4MAPPED(&his_addr.su_sin6.sin6_addr))
> +			family = AF_INET;
> +		inithosts(family);
> +#endif
>  	}
>  
>  gotchild:

"family = his_addr.su_family;" is really a good idea. But what is the
reason to check if IPv6 address of a remote client is IPv4 mapped and
assign AF_INET to a 'family' when that's true? The inithosts() doesn't
lookup for that address but for the server's hostname and optionally
virtual server's hostnames from /etc/ftphosts. I think it's unnecessary
and can even produce problems. IMHO "inithosts(family);" could be
called right after the "family = his_addr.su_family;" line.

> For ftp.c.diff, how about considering adding new option for timeout?

That was what I thought about when wrote my previous email. What name
could be good for that option? Is "-c seconds" (ftp Command reply
timeout in seconds) a good one?

> However, I'm still in doubt.  I cannot think it is usual situation
> that there are unreachable IP addresses in /etc/resolv.conf.

It is unusual situation but it can happen. Otherwise this duscussion
was not started.

More information about the freebsd-stable mailing list