Dmitry Belyavskiy wrote:> My colleague has proposed a patch to deal with it in > https://bugzilla.mindrot.org/show_bug.cgi?id=3484 > > It looks like a reasonable featureHave you considered that the feature actually requires sftp-server to measure time, and how undesirable that is? The proposed patch doesn't implement what it says: using poll() fd events to approximate actual SFTP protocol events is a rather weak heuristic that is likely to cause problems when fd events happen to /not/ coincide with SFTP protocol events sometime in the future. Note that poll() is platform-specific. Again, I for one don't want sftp-server to measure time, which is what would be needed to actually determine SFTP protocol timeout. Implementation comment: Why use strtol() when negative numbers are disallowed? Finally, have you tested how this works with internal-sftp? I guess many large scale servers don't use internal-sftp because of logging requirements as discussed in an older thread but I bet that internal-sftp is desirable especially when scaling up so make sure to not neglect it. Thanks. //Peter
On Fri, 21 Oct 2022 at 01:14, Peter Stuge <peter at stuge.se> wrote: [...]> Note that poll() is platform-specific.That's true, however OpenSSH provides an implementation of poll() (which is not specified by POSIX) on top of select() (which is) in the compat library. We have been slowly migrating to the poll API since it's a bit more programmer-friendly, at least for our use case, so the use of poll is not an issue. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Thu, 20 Oct 2022, Peter Stuge wrote:> Finally, have you tested how this works with internal-sftp? > > I guess many large scale servers don't use internal-sftp because of > logging requirements as discussed in an older thread but I bet that > internal-sftp is desirable especially when scaling up so make sure > to not neglect it. Thanks.I didn't catch the other thread, but internal-sftp logging should work just fine. e.g. with Subsystem sftp internal-sftp -l verbose -f daemon I see: Oct 21 16:46:22 djm internal-sftp[82167]: session opened for local user djm from [10.130.80.1] Oct 21 16:46:22 djm internal-sftp[82167]: received client version 3 Oct 21 16:46:22 djm internal-sftp[82167]: realpath "." Oct 21 16:47:59 djm internal-sftp[82167]: session closed for local user djm from [10.130.80.1] -d