On Mon, Jun 17, 2019 at 11:56:08PM +0200, Sebastian Benoit wrote:
> Joel Carnat(j...@carnat.net) on 2019.06.12 16:10:25 +0200:
> > Hi,
> >
> > I have configured relayd(8) on my vmd(8) host so that I can connect to
> > the running VMs using SSH.
> >
> > Using relayctl(8), I can see that those sessions have the same value for
> > age and idle ; even when something happens in the SSH sessions.
> >
> > Is this expected or an error in my relayd.conf ?
> >
> > Thanks.
> >
> > ####
> > # config snippet
> >
> > protocol sshtcp {
> > tcp { nodelay, socket buffer 65536 }
>
> this uses the implicit "splice" option.
>
> If you add "no splice" to the tcp options, the idle time will be reset.
>
> The reason is this: After connection setup, relayd "splices" the socket
> connecting to the ssh client to the socket connecting to the ssh server.
> After that, the kernel takes care of transfering data between the client
> connection and the forward connection. relayd does not see the traffic
> anymore.
>
> It will only touch the connection again, when a maximum number of bytes are
> transfered, or a timeout triggers.
>
> For tcp connections, the max number of bytes is unlimited, and the timeout
> is set toyour session timeout.
>
> (For http connections, the max number of bytes is smaller, because relayd
> wants to look at the headers of the next http request).
>
> So relayd cannot know if the connection has been idle. It will only know
> when it reaches "session timeout". If you dont like this, use "no splice".
> However, that makes the connection slower and consume more cpu.
>
> /Benno
>
Thanks a lot for this detailled explanation.
I'll check cpu consumption and connection speed to see if I'd rather
stick with a long timeout configuration.
Regards,
Jo
