Date: Sat, 25 Feb 2006 02:42:46 +0200 From: Rostislav Krasny <rosti.bsd@gmail.com> To: Yar Tikhiy <yar@comp.chem.msu.su> Cc: freebsd-stable@freebsd.org, dwmalone@maths.tcd.ie, des@des.no, mak@ll.mit.edu, MH@kernel32.de, freebsd-stable-local@be-well.ilk.org Subject: Re: SSH login takes very long time...sometimes Message-ID: <20060225024246.d6284719.rosti.bsd@gmail.com> In-Reply-To: <20060224174007.GF36227@comp.chem.msu.su> References: <20060218012029.e146e2ff.rosti.bsd@gmail.com> <20060219104912.GB20500@comp.chem.msu.su> <20060219225701.0e3e244b.rosti.bsd@gmail.com> <20060221165959.GB77513@comp.chem.msu.su> <20060222024430.ad4b5c60.rosti.bsd@gmail.com> <yge1wxvz5ha.wl%ume@mahoroba.org> <20060223235727.33cddb13.rosti.bsd@gmail.com> <ygefym98o7i.wl%ume@mahoroba.org> <20060224155153.f7da1a52.rosti.bsd@gmail.com> <ygewtfkelbu.wl%ume@mahoroba.org> <20060224174007.GF36227@comp.chem.msu.su>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --Multipart=_Sat__25_Feb_2006_02_42_46_+0200_0.1uX85QalsI.fRy Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Fri, 24 Feb 2006 20:40:07 +0300 Yar Tikhiy <yar@comp.chem.msu.su> wrote: > To Rostislav: Could you do now, with the resolver fixes applied, > the following experiment: find how many dead nameservers in resolv.conf > it takes for sshd to start timing out a connection to it? There > is still your PR open on this issue, so we should see whether > the default for LoginGraceTime needs a change, too. Thanks! The maximum number of name servers those the resolver will work with is MAXNS, which currently is 3. With three unreachable name servers in resolv.conf I successfully connected from other, not patched, FreeBSD 6.1-PRERELEASE by ssh without touching LoginGraceTime. I've got the password prompt after about 48.5 seconds, according to a stop watch in my cell phone :-) I also tested telnet connection and it worked properly in that situation. However I was unable to connect by ftp, even with only one unreachable name server in resolv.conf. I got following error: 421 Service not available, remote server timed out. Connection closed I've found the problem in both: ftpd(8) and ftp(1). In the ftpd(8) a getaddrinfo() is called in two places with hints.ai_socktype == 0 and hints.ai_family == PF_UNSPEC. In the ftp(1) a command reply timeout is only 60 seconds. Those things are what I've changed to fix the problem. Two diffs are attached to this email. The ftpd.c.diff extends -4 and -6 ftpd options. So if this patch is good, the ftpd(8) manual page and the default /etc/inetd.conf should also be changed appropriately. Although I changed two getaddrinfo() calls in ftpd.c, only first of them is really called on default FreeBSD configuration, when /etc/ftphosts isn't existing yet. So there might be a need of additional increase of the command reply timeout in ftp.c. Or better if this timeout could be configurable by some new ftp(1) option, with 120 seconds by default. --Multipart=_Sat__25_Feb_2006_02_42_46_+0200_0.1uX85QalsI.fRy Content-Type: text/plain; name="ftpd.c.diff" Content-Disposition: attachment; filename="ftpd.c.diff" Content-Transfer-Encoding: 7bit --- libexec/ftpd/ftpd.c.orig Wed Feb 8 18:54:05 2006 +++ libexec/ftpd/ftpd.c Sat Feb 25 00:30:26 2006 @@ -239,7 +239,7 @@ } #ifdef VIRTUAL_HOSTING -static void inithosts(void); +static void inithosts(int); static void selecthost(union sockunion *); #endif static void ack(char *); @@ -424,7 +424,7 @@ } #ifdef VIRTUAL_HOSTING - inithosts(); + inithosts(family); #endif if (daemon_mode) { @@ -663,7 +663,7 @@ */ static void -inithosts(void) +inithosts(int family) { int insert; size_t len; @@ -689,7 +689,8 @@ memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_CANONNAME; - hints.ai_family = AF_UNSPEC; + hints.ai_family = family; + hints.ai_socktype = SOCK_STREAM; if (getaddrinfo(hrp->hostname, NULL, &hints, &res) == 0) hrp->hostinfo = res; hrp->statfile = _PATH_FTPDSTATFILE; @@ -759,9 +760,10 @@ /* NOTREACHED */ } - hints.ai_flags = 0; - hints.ai_family = AF_UNSPEC; + /* If no flag, assign hints.ai_flags to zero! */ hints.ai_flags = AI_PASSIVE; + hints.ai_family = family; + hints.ai_socktype = SOCK_STREAM; if (getaddrinfo(vhost, NULL, &hints, &res) != 0) goto nextline; for (ai = res; ai != NULL && ai->ai_addr != NULL; --Multipart=_Sat__25_Feb_2006_02_42_46_+0200_0.1uX85QalsI.fRy Content-Type: text/plain; name="ftp.c.diff" Content-Disposition: attachment; filename="ftp.c.diff" Content-Transfer-Encoding: 7bit --- contrib/lukemftp/src/ftp.c.orig Tue May 17 06:11:25 2005 +++ contrib/lukemftp/src/ftp.c Sat Feb 25 01:42:19 2006 @@ -406,7 +406,7 @@ for (line = 0 ;; line++) { dig = n = code = 0; cp = current_line; - while (alarmtimer(60),((c = getc(cin)) != '\n')) { + while (alarmtimer(120),((c = getc(cin)) != '\n')) { if (c == IAC) { /* handle telnet commands */ switch (c = getc(cin)) { case WILL: @@ -447,7 +447,7 @@ if (verbose) { if (reply_timeoutflag) fputs( - "421 Service not available, remote server timed out. Connection closed\n", + "421 Service not available, remote server timed out. Connection closed.\n", ttyout); else if (reply_abrtflag) fputs( --Multipart=_Sat__25_Feb_2006_02_42_46_+0200_0.1uX85QalsI.fRy--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060225024246.d6284719.rosti.bsd>