From owner-freebsd-bugs Tue Jul 23 1:10:12 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B50737B400 for ; Tue, 23 Jul 2002 01:10:06 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C2B143E31 for ; Tue, 23 Jul 2002 01:10:06 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6N8A5JU010223 for ; Tue, 23 Jul 2002 01:10:05 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6N8A5bL010222; Tue, 23 Jul 2002 01:10:05 -0700 (PDT) Date: Tue, 23 Jul 2002 01:10:05 -0700 (PDT) Message-Id: <200207230810.g6N8A5bL010222@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Peter Pentchev Subject: Re: bin/40894: OpenSSH weird delays Reply-To: Peter Pentchev Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR bin/40894; it has been noted by GNATS. From: Peter Pentchev To: Jan Srzednicki Cc: FreeBSD-gnats-submit@FreeBSD.org Subject: Re: bin/40894: OpenSSH weird delays Date: Tue, 23 Jul 2002 11:02:36 +0300 On Mon, Jul 22, 2002 at 09:38:53PM +0200, Jan Srzednicki wrote: > > >Number: 40894 > >Category: bin > >Synopsis: OpenSSH weird delays > >Originator: Jan Srzednicki > >Release: FreeBSD 4.6.1-RELEASE i386 > >Description: > > I've noticed some strange behaviour of recent versions of OpenSSH sshd > daemon. When I turn the UDP blackhole on (sysctl > net.inet.udp.blackhole=1) and try to ssh to a given machine, the > connection stops on: [snip] > > 20:48:42.738508 10.0.1.2.1064 > 10.0.1.2.53: 4817+ PTR? 2.1.0.10.in-addr.arpa. (39) > 20:48:42.738729 10.0.1.2.1065 > 10.0.1.2.53: 4817+ PTR? 2.1.0.10.in-addr.arpa. (39) > 20:48:42.738833 10.0.1.2.1066 > 10.0.1.2.53: 4817+ PTR? 2.1.0.10.in-addr.arpa. (39) > 20:48:42.738930 10.0.1.2.1067 > 10.0.1.2.53: 4817+ PTR? 2.1.0.10.in-addr.arpa. (39) > > Well, well. > > [21:05] mizantrop:~(8)# cat /etc/resolv.conf > nameserver 10.0.1.10 > nameserver 10.0.1.11 > > But.. of course. It doesn't happen when I turn off the > UsePrivilegeSeparation. chroot()ed unprivileged process does not have > access to /etc/resolv.conf, so it tries to ask on local interface.. and > waits for a timeout. How is this 'strange'? :) You seem to have found the reason for the delays yourself. From there, it is only a little step to the idea of copying your /etc/resolv.conf into the privilege separation's tree; that is, mkdir -p /var/empty/etc && cp -p /etc/resolv.conf /var/empty/etc/ Does this help? G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence claims to be an Epimenides paradox, but it is lying. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message