openssh unix dev - May 2001 - connecting to non-responding hosts: 1 hr timeout (fwd)

Hello all,

If you try to make a TCP connection to a host, and the host is down,
timeouts can be as long as an hour.  This is not specific to ssh, or OS.

Is this a scenario worth working around, e.g. with a timer when
connecting or the like?

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

---------- Forwarded message ----------
Date: Mon, 30 Apr 2001 06:39:23 -0700 (PDT)
From: Rob Landley <telomerase at yahoo.com>
To: pekkas at netcore.fi
Subject: ssh hang.  (Help?)

[ snip typical sleep &; exit scenario ]

Another fun way to hang ssh is to try to contact a
host that's down.  It makes 4 attempts, each of which
takes about 20 minutes to time out on a host that's
routable but which isn't responding to any packets.
("No route to host" returns immediately, but unplug
the network cable from the box you're trying to
connect and it'll spend an hour trying.)

All of this is on Red Hat 7.0.

Rob

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

On Tue, May 01, 2001 at 03:03:54PM +0300, Pekka Savola
wrote:
> Hello all,
> 
> If you try to make a TCP connection to a host, and the host is down,
> timeouts can be as long as an hour.  This is not specific to ssh, or OS.
It is specific to the O.S.   Linux has a longer default timeout than
Solaris, which is about 2 minutes.  2 minutes is much too long too though.
> Is this a scenario worth working around, e.g. with a timer when
> connecting or the like?
I just brought up the same issue on the GnuPG mailing list yesterday.  Last
week I wrote some code to get around the long timeout in ssh but I
implemented it as an external program that ssh calls via -oProxyCommand.
There's no reason why it can't be done inside ssh itself though, and I
think it should and perhaps even have a config option to adjust the length
of the timer.

Here's what I wrote to gnupg-devel at gnupg.org:

On Mon, Apr 30, 2001 at 01:30:02PM -0500, Dave Dykstra wrote:
...
> you just need to do fcntl(fd, F_SETFL, O_NONBLOCK) on the socket before the
> connect(), check for EINPROGRESS from the connect(), and then do a select()
> for writability on the fd with a timeout of however long you want.  Note
> that if the connection is then refused it will come as an error message
> from the next read() or write().  Some older systems may not have
> O_NONBLOCK or EINPROGRESS defines so I'd #ifdef out the code if
they're
> missing.
A reply said where you can get some code to do it portably:

On Wed, May 02, 2001 at 06:33:28AM +1200, Peter Gutmann wrote:
...
> I wrote my own wrappers for this which work under
> every Unix I've been able to get my hands on as well as Win32, if
whoever's
> working on this for GPG wants the code they can grab it from the latest
> cryptlib version,
ftp://ftp.franken.de/pub/crypt/cryptlib/beta/cl30beta05.zip,
> as misc/net_tcp.c.
- Dave Dykstra