SSH login takes very long time...sometimes
Yar Tikhiy
yar at comp.chem.msu.su
Sat Feb 25 06:22:36 PST 2006
On Sat, Feb 25, 2006 at 02:42:46AM +0200, Rostislav Krasny wrote:
> On Fri, 24 Feb 2006 20:40:07 +0300
> Yar Tikhiy <yar at comp.chem.msu.su> wrote:
>
> > To Rostislav: Could you do now, with the resolver fixes applied,
> > the following experiment: find how many dead nameservers in resolv.conf
> > it takes for sshd to start timing out a connection to it? There
> > is still your PR open on this issue, so we should see whether
> > the default for LoginGraceTime needs a change, too. Thanks!
>
> The maximum number of name servers those the resolver will work with is
> MAXNS, which currently is 3. With three unreachable name servers in
> resolv.conf I successfully connected from other, not patched, FreeBSD
> 6.1-PRERELEASE by ssh without touching LoginGraceTime. I've got the
> password prompt after about 48.5 seconds, according to a stop watch in
> my cell phone :-)
>
> I also tested telnet connection and it worked properly in that
> situation.
Sounds good! Thanks!
> However I was unable to connect by ftp, even with only one unreachable
> name server in resolv.conf. I got following error:
>
> 421 Service not available, remote server timed out. Connection closed
>
> I've found the problem in both: ftpd(8) and ftp(1). In the ftpd(8) a
> getaddrinfo() is called in two places with hints.ai_socktype == 0 and
> hints.ai_family == PF_UNSPEC. In the ftp(1) a command reply timeout is
> only 60 seconds. Those things are what I've changed to fix the problem.
> Two diffs are attached to this email. The ftpd.c.diff extends -4 and -6
> ftpd options. So if this patch is good, the ftpd(8) manual page and the
> default /etc/inetd.conf should also be changed appropriately.
Could you explain please how your patch would affect ftpd(8) semantics
visible to the user?
> Although I changed two getaddrinfo() calls in ftpd.c, only first of
> them is really called on default FreeBSD configuration,
> when /etc/ftphosts isn't existing yet. So there might be a need of
> additional increase of the command reply timeout in ftp.c. Or better if
> this timeout could be configurable by some new ftp(1) option, with 120
> seconds by default.
> --- libexec/ftpd/ftpd.c.orig Wed Feb 8 18:54:05 2006
> +++ libexec/ftpd/ftpd.c Sat Feb 25 00:30:26 2006
> @@ -239,7 +239,7 @@
> }
>
> #ifdef VIRTUAL_HOSTING
> -static void inithosts(void);
> +static void inithosts(int);
> static void selecthost(union sockunion *);
> #endif
> static void ack(char *);
> @@ -424,7 +424,7 @@
> }
>
> #ifdef VIRTUAL_HOSTING
> - inithosts();
> + inithosts(family);
> #endif
>
> if (daemon_mode) {
> @@ -663,7 +663,7 @@
> */
>
> static void
> -inithosts(void)
> +inithosts(int family)
> {
> int insert;
> size_t len;
> @@ -689,7 +689,8 @@
>
> memset(&hints, 0, sizeof(hints));
> hints.ai_flags = AI_CANONNAME;
> - hints.ai_family = AF_UNSPEC;
> + hints.ai_family = family;
> + hints.ai_socktype = SOCK_STREAM;
> if (getaddrinfo(hrp->hostname, NULL, &hints, &res) == 0)
> hrp->hostinfo = res;
> hrp->statfile = _PATH_FTPDSTATFILE;
> @@ -759,9 +760,10 @@
> /* NOTREACHED */
> }
>
> - hints.ai_flags = 0;
> - hints.ai_family = AF_UNSPEC;
> + /* If no flag, assign hints.ai_flags to zero! */
Sorry, but I don't understand the purpose of this comment here.
> hints.ai_flags = AI_PASSIVE;
> + hints.ai_family = family;
> + hints.ai_socktype = SOCK_STREAM;
> if (getaddrinfo(vhost, NULL, &hints, &res) != 0)
> goto nextline;
> for (ai = res; ai != NULL && ai->ai_addr != NULL;
--
Yar
More information about the freebsd-stable
mailing list