Date: Sat, 25 Feb 2006 02:42:46 +0200 From: Rostislav Krasny <rosti.bsd@gmail.com> To: Yar Tikhiy <yar@comp.chem.msu.su> Cc: freebsd-stable@freebsd.org, dwmalone@maths.tcd.ie, des@des.no, mak@ll.mit.edu, MH@kernel32.de, freebsd-stable-local@be-well.ilk.org Subject: Re: SSH login takes very long time...sometimes Message-ID: <20060225024246.d6284719.rosti.bsd@gmail.com> In-Reply-To: <20060224174007.GF36227@comp.chem.msu.su> References: <20060218012029.e146e2ff.rosti.bsd@gmail.com> <20060219104912.GB20500@comp.chem.msu.su> <20060219225701.0e3e244b.rosti.bsd@gmail.com> <20060221165959.GB77513@comp.chem.msu.su> <20060222024430.ad4b5c60.rosti.bsd@gmail.com> <yge1wxvz5ha.wl%ume@mahoroba.org> <20060223235727.33cddb13.rosti.bsd@gmail.com> <ygefym98o7i.wl%ume@mahoroba.org> <20060224155153.f7da1a52.rosti.bsd@gmail.com> <ygewtfkelbu.wl%ume@mahoroba.org> <20060224174007.GF36227@comp.chem.msu.su>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--Multipart=_Sat__25_Feb_2006_02_42_46_+0200_0.1uX85QalsI.fRy
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
On Fri, 24 Feb 2006 20:40:07 +0300
Yar Tikhiy <yar@comp.chem.msu.su> wrote:
> To Rostislav: Could you do now, with the resolver fixes applied,
> the following experiment: find how many dead nameservers in resolv.conf
> it takes for sshd to start timing out a connection to it? There
> is still your PR open on this issue, so we should see whether
> the default for LoginGraceTime needs a change, too. Thanks!
The maximum number of name servers those the resolver will work with is
MAXNS, which currently is 3. With three unreachable name servers in
resolv.conf I successfully connected from other, not patched, FreeBSD
6.1-PRERELEASE by ssh without touching LoginGraceTime. I've got the
password prompt after about 48.5 seconds, according to a stop watch in
my cell phone :-)
I also tested telnet connection and it worked properly in that
situation.
However I was unable to connect by ftp, even with only one unreachable
name server in resolv.conf. I got following error:
421 Service not available, remote server timed out. Connection closed
I've found the problem in both: ftpd(8) and ftp(1). In the ftpd(8) a
getaddrinfo() is called in two places with hints.ai_socktype == 0 and
hints.ai_family == PF_UNSPEC. In the ftp(1) a command reply timeout is
only 60 seconds. Those things are what I've changed to fix the problem.
Two diffs are attached to this email. The ftpd.c.diff extends -4 and -6
ftpd options. So if this patch is good, the ftpd(8) manual page and the
default /etc/inetd.conf should also be changed appropriately.
Although I changed two getaddrinfo() calls in ftpd.c, only first of
them is really called on default FreeBSD configuration,
when /etc/ftphosts isn't existing yet. So there might be a need of
additional increase of the command reply timeout in ftp.c. Or better if
this timeout could be configurable by some new ftp(1) option, with 120
seconds by default.
--Multipart=_Sat__25_Feb_2006_02_42_46_+0200_0.1uX85QalsI.fRy
Content-Type: text/plain;
name="ftpd.c.diff"
Content-Disposition: attachment;
filename="ftpd.c.diff"
Content-Transfer-Encoding: 7bit
--- libexec/ftpd/ftpd.c.orig Wed Feb 8 18:54:05 2006
+++ libexec/ftpd/ftpd.c Sat Feb 25 00:30:26 2006
@@ -239,7 +239,7 @@
}
#ifdef VIRTUAL_HOSTING
-static void inithosts(void);
+static void inithosts(int);
static void selecthost(union sockunion *);
#endif
static void ack(char *);
@@ -424,7 +424,7 @@
}
#ifdef VIRTUAL_HOSTING
- inithosts();
+ inithosts(family);
#endif
if (daemon_mode) {
@@ -663,7 +663,7 @@
*/
static void
-inithosts(void)
+inithosts(int family)
{
int insert;
size_t len;
@@ -689,7 +689,8 @@
memset(&hints, 0, sizeof(hints));
hints.ai_flags = AI_CANONNAME;
- hints.ai_family = AF_UNSPEC;
+ hints.ai_family = family;
+ hints.ai_socktype = SOCK_STREAM;
if (getaddrinfo(hrp->hostname, NULL, &hints, &res) == 0)
hrp->hostinfo = res;
hrp->statfile = _PATH_FTPDSTATFILE;
@@ -759,9 +760,10 @@
/* NOTREACHED */
}
- hints.ai_flags = 0;
- hints.ai_family = AF_UNSPEC;
+ /* If no flag, assign hints.ai_flags to zero! */
hints.ai_flags = AI_PASSIVE;
+ hints.ai_family = family;
+ hints.ai_socktype = SOCK_STREAM;
if (getaddrinfo(vhost, NULL, &hints, &res) != 0)
goto nextline;
for (ai = res; ai != NULL && ai->ai_addr != NULL;
--Multipart=_Sat__25_Feb_2006_02_42_46_+0200_0.1uX85QalsI.fRy
Content-Type: text/plain;
name="ftp.c.diff"
Content-Disposition: attachment;
filename="ftp.c.diff"
Content-Transfer-Encoding: 7bit
--- contrib/lukemftp/src/ftp.c.orig Tue May 17 06:11:25 2005
+++ contrib/lukemftp/src/ftp.c Sat Feb 25 01:42:19 2006
@@ -406,7 +406,7 @@
for (line = 0 ;; line++) {
dig = n = code = 0;
cp = current_line;
- while (alarmtimer(60),((c = getc(cin)) != '\n')) {
+ while (alarmtimer(120),((c = getc(cin)) != '\n')) {
if (c == IAC) { /* handle telnet commands */
switch (c = getc(cin)) {
case WILL:
@@ -447,7 +447,7 @@
if (verbose) {
if (reply_timeoutflag)
fputs(
- "421 Service not available, remote server timed out. Connection closed\n",
+ "421 Service not available, remote server timed out. Connection closed.\n",
ttyout);
else if (reply_abrtflag)
fputs(
--Multipart=_Sat__25_Feb_2006_02_42_46_+0200_0.1uX85QalsI.fRy--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060225024246.d6284719.rosti.bsd>