openssh unix dev - Apr 2016 - Strange behaviour with ptmx file descriptors

Hi Peter

Can you let me know how to proceed for forward this to the openssh source
code team?

Regards


Nacho del Rey wrote:
>> 6647  1456244042.325310 select(14, [3 9], [], NULL, {900, 0}) = 1 (in
[3],
>> left {892, 12016})       <<-- where id fd#13 ?
>Can you map this back to the OpenSSH source code?
>//Peter

Nacho del Rey wrote:
> Can you let me know how to proceed for forward this to the openssh
> source code team?
Map your strace syscalls to the source code and point out where the
problem is. Do debugging on your own. Send a patch.


//Peter

Hi again

Finally I recompiled the ssh to include several 'traps' within the code
(channels.c mainly)

channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
{
        u_int limit = compat20 ? c->remote_window : packet_get_maxsize();

int aux = buffer_len(&c->input);
debugnacho("En pre_open c-istate: %d limit %d buffer_len %d c_ostate %d
ctl_fd %d\n",c->istate,limit,aux,c->ostate,c->ctl_fd);

/* the rest of the function code */
}

In normal conditions the buffer_len(&c->input) is adjusting its window
size

En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1048495 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1048495 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1048415 buffer_len 0 c_ostate 0   ctl_fd -1
...... time later
En pre_open c-istate: 0 limit 1002267 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1002267 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1002267 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 998560 buffer_len 0 c_ostate 0   ctl_fd
-1
En pre_open c-istate: 0 limit 998560 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1

But, If I compare the same trace when the the hand-terminal connects to the
application...

En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1048476 buffer_len 0 c_ostate 0   ctl_fd -1
......
En pre_open c-istate: 0 limit 985 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 647 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 647 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 647 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 647 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 632 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 322 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 322 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1

It seems the channel_input_window_adjust function is not adjusting rwindow
size and it finally comes to zero and it is when the problem appears ( the
file-descriptor fd#13 which connects to the application dissapear)

So the question is.. who is the responsible in adjusting
"channel_input_window_adjust" function? the binary application which
runs
in the server or on the contrary the ssh client?

I ask this question because when I'm connected thru ssh (putty), although I
am not sending a keystroke to the server if I'm changing the size of the
putty window (using the mouse), I can see the buffer_len(c->input) changes
, and I don't have clear in which side (client/server) the rwindow is
adjusted

Thanks in advance

Nacho.








2016-04-20 16:52 GMT+02:00 Nacho del Rey <odelreym at gmail.com>:
> Hi Peter
>
> Can you let me know how to proceed for forward this to the openssh source
> code team?
>
> Regards
>
>
> Nacho del Rey wrote:
> >> 6647  1456244042.325310 select(14, [3 9], [], NULL, {900, 0}) = 1
(in
> [3],
> >> left {892, 12016})       <<-- where id fd#13 ?
>
> >Can you map this back to the OpenSSH source code?
>
>
> >//Peter
>

Hi again


Finally I found out what it was going on

The problem lays on the Honeywell ssh client (a fork of OpenSSH)
The client doesn't negotiate
SSH_MSG_CHANNEL_WINDOW_ADJUST/SSH2_MSG_CHANNEL_WINDOW_ADJUST parameters

This issue it's not happening using putty ssh client (for instance)

Hope this information helps anyone

[SOLVED]

Nacho.



2016-06-18 20:50 GMT+02:00 Nacho del Rey <odelreym at gmail.com>:
> Hi again
>
> Finally I recompiled the ssh to include several 'traps' within the
code
> (channels.c mainly)
>
> channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
> {
>         u_int limit = compat20 ? c->remote_window :
packet_get_maxsize();
>
> int aux = buffer_len(&c->input);
> debugnacho("En pre_open c-istate: %d limit %d buffer_len %d c_ostate
%d
> ctl_fd %d\n",c->istate,limit,aux,c->ostate,c->ctl_fd);
>
> /* the rest of the function code */
> }
>
> In normal conditions the buffer_len(&c->input) is adjusting its
window
> size
>
> En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 1048495 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 1048495 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 1048415 buffer_len 0 c_ostate 0   ctl_fd -1
> ...... time later
> En pre_open c-istate: 0 limit 1002267 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 1002267 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 1002267 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 998560 buffer_len 0 c_ostate 0   ctl_fd
> -1
> En pre_open c-istate: 0 limit 998560 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1
>
> But, If I compare the same trace when the the hand-terminal connects to
> the application...
>
> En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 1048476 buffer_len 0 c_ostate 0   ctl_fd -1
> ......
> En pre_open c-istate: 0 limit 985 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 647 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 647 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 647 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 647 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 632 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 322 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 322 buffer_len 0 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
> En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
>
> It seems the channel_input_window_adjust function is not adjusting rwindow
> size and it finally comes to zero and it is when the problem appears ( the
> file-descriptor fd#13 which connects to the application dissapear)
>
> So the question is.. who is the responsible in adjusting
> "channel_input_window_adjust" function? the binary application
which runs
> in the server or on the contrary the ssh client?
>
> I ask this question because when I'm connected thru ssh (putty),
although
> I am not sending a keystroke to the server if I'm changing the size of
the
> putty window (using the mouse), I can see the buffer_len(c->input)
changes
> , and I don't have clear in which side (client/server) the rwindow is
> adjusted
>
> Thanks in advance
>
> Nacho.
>
>
>
>
>
>
>
>
> 2016-04-20 16:52 GMT+02:00 Nacho del Rey <odelreym at gmail.com>:
>
>> Hi Peter
>>
>> Can you let me know how to proceed for forward this to the openssh
source
>> code team?
>>
>> Regards
>>
>>
>> Nacho del Rey wrote:
>> >> 6647  1456244042.325310 select(14, [3 9], [], NULL, {900, 0})
= 1 (in
>> [3],
>> >> left {892, 12016})       <<-- where id fd#13 ?
>>
>> >Can you map this back to the OpenSSH source code?
>>
>>
>> >//Peter
>>
>
>