From owner-freebsd-stable@FreeBSD.ORG Sat Feb 25 00:43:10 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CB6F16A420 for ; Sat, 25 Feb 2006 00:43:10 +0000 (GMT) (envelope-from rosti.bsd@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4122343D46 for ; Sat, 25 Feb 2006 00:43:09 +0000 (GMT) (envelope-from rosti.bsd@gmail.com) Received: by wproxy.gmail.com with SMTP id 68so412279wri for ; Fri, 24 Feb 2006 16:43:08 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer:mime-version:content-type; b=Ip9WTP8u4AZ5Exa7DywVsDeg/AQhtYwd1eJr+y1igAqZReVyhapOeCdkGfmptEgMSkob4475DgneY3DOHEP+J8lWyDOCoaWZaQyzcxBfUwGyyob2ku+siafdJyNy1DpcKKAi8zvDZjY490t+QhRNWYJRw7ZGMovnAJjY6nUeIvs= Received: by 10.64.10.6 with SMTP id 6mr3856457qbj; Fri, 24 Feb 2006 16:43:08 -0800 (PST) Received: from saturn.lan ( [212.143.154.227]) by mx.gmail.com with ESMTP id e13sm1284833qbe.2006.02.24.16.43.04; Fri, 24 Feb 2006 16:43:07 -0800 (PST) Date: Sat, 25 Feb 2006 02:42:46 +0200 From: Rostislav Krasny To: Yar Tikhiy Message-Id: <20060225024246.d6284719.rosti.bsd@gmail.com> In-Reply-To: <20060224174007.GF36227@comp.chem.msu.su> References: <20060218012029.e146e2ff.rosti.bsd@gmail.com> <20060219104912.GB20500@comp.chem.msu.su> <20060219225701.0e3e244b.rosti.bsd@gmail.com> <20060221165959.GB77513@comp.chem.msu.su> <20060222024430.ad4b5c60.rosti.bsd@gmail.com> <20060223235727.33cddb13.rosti.bsd@gmail.com> <20060224155153.f7da1a52.rosti.bsd@gmail.com> <20060224174007.GF36227@comp.chem.msu.su> X-Mailer: Sylpheed version 2.2.0 (GTK+ 2.8.12; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Multipart=_Sat__25_Feb_2006_02_42_46_+0200_0.1uX85QalsI.fRy" Cc: freebsd-stable@freebsd.org, dwmalone@maths.tcd.ie, des@des.no, mak@ll.mit.edu, MH@kernel32.de, freebsd-stable-local@be-well.ilk.org Subject: Re: SSH login takes very long time...sometimes X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2006 00:43:10 -0000 This is a multi-part message in MIME format. --Multipart=_Sat__25_Feb_2006_02_42_46_+0200_0.1uX85QalsI.fRy Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Fri, 24 Feb 2006 20:40:07 +0300 Yar Tikhiy wrote: > To Rostislav: Could you do now, with the resolver fixes applied, > the following experiment: find how many dead nameservers in resolv.conf > it takes for sshd to start timing out a connection to it? There > is still your PR open on this issue, so we should see whether > the default for LoginGraceTime needs a change, too. Thanks! The maximum number of name servers those the resolver will work with is MAXNS, which currently is 3. With three unreachable name servers in resolv.conf I successfully connected from other, not patched, FreeBSD 6.1-PRERELEASE by ssh without touching LoginGraceTime. I've got the password prompt after about 48.5 seconds, according to a stop watch in my cell phone :-) I also tested telnet connection and it worked properly in that situation. However I was unable to connect by ftp, even with only one unreachable name server in resolv.conf. I got following error: 421 Service not available, remote server timed out. Connection closed I've found the problem in both: ftpd(8) and ftp(1). In the ftpd(8) a getaddrinfo() is called in two places with hints.ai_socktype == 0 and hints.ai_family == PF_UNSPEC. In the ftp(1) a command reply timeout is only 60 seconds. Those things are what I've changed to fix the problem. Two diffs are attached to this email. The ftpd.c.diff extends -4 and -6 ftpd options. So if this patch is good, the ftpd(8) manual page and the default /etc/inetd.conf should also be changed appropriately. Although I changed two getaddrinfo() calls in ftpd.c, only first of them is really called on default FreeBSD configuration, when /etc/ftphosts isn't existing yet. So there might be a need of additional increase of the command reply timeout in ftp.c. Or better if this timeout could be configurable by some new ftp(1) option, with 120 seconds by default. --Multipart=_Sat__25_Feb_2006_02_42_46_+0200_0.1uX85QalsI.fRy Content-Type: text/plain; name="ftpd.c.diff" Content-Disposition: attachment; filename="ftpd.c.diff" Content-Transfer-Encoding: 7bit --- libexec/ftpd/ftpd.c.orig Wed Feb 8 18:54:05 2006 +++ libexec/ftpd/ftpd.c Sat Feb 25 00:30:26 2006 @@ -239,7 +239,7 @@ } #ifdef VIRTUAL_HOSTING -static void inithosts(void); +static void inithosts(int); static void selecthost(union sockunion *); #endif static void ack(char *); @@ -424,7 +424,7 @@ } #ifdef VIRTUAL_HOSTING - inithosts(); + inithosts(family); #endif if (daemon_mode) { @@ -663,7 +663,7 @@ */ static void -inithosts(void) +inithosts(int family) { int insert; size_t len; @@ -689,7 +689,8 @@ memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_CANONNAME; - hints.ai_family = AF_UNSPEC; + hints.ai_family = family; + hints.ai_socktype = SOCK_STREAM; if (getaddrinfo(hrp->hostname, NULL, &hints, &res) == 0) hrp->hostinfo = res; hrp->statfile = _PATH_FTPDSTATFILE; @@ -759,9 +760,10 @@ /* NOTREACHED */ } - hints.ai_flags = 0; - hints.ai_family = AF_UNSPEC; + /* If no flag, assign hints.ai_flags to zero! */ hints.ai_flags = AI_PASSIVE; + hints.ai_family = family; + hints.ai_socktype = SOCK_STREAM; if (getaddrinfo(vhost, NULL, &hints, &res) != 0) goto nextline; for (ai = res; ai != NULL && ai->ai_addr != NULL; --Multipart=_Sat__25_Feb_2006_02_42_46_+0200_0.1uX85QalsI.fRy Content-Type: text/plain; name="ftp.c.diff" Content-Disposition: attachment; filename="ftp.c.diff" Content-Transfer-Encoding: 7bit --- contrib/lukemftp/src/ftp.c.orig Tue May 17 06:11:25 2005 +++ contrib/lukemftp/src/ftp.c Sat Feb 25 01:42:19 2006 @@ -406,7 +406,7 @@ for (line = 0 ;; line++) { dig = n = code = 0; cp = current_line; - while (alarmtimer(60),((c = getc(cin)) != '\n')) { + while (alarmtimer(120),((c = getc(cin)) != '\n')) { if (c == IAC) { /* handle telnet commands */ switch (c = getc(cin)) { case WILL: @@ -447,7 +447,7 @@ if (verbose) { if (reply_timeoutflag) fputs( - "421 Service not available, remote server timed out. Connection closed\n", + "421 Service not available, remote server timed out. Connection closed.\n", ttyout); else if (reply_abrtflag) fputs( --Multipart=_Sat__25_Feb_2006_02_42_46_+0200_0.1uX85QalsI.fRy--