On Mon, Jun 17, 2019 at 11:56:08PM +0200, Sebastian Benoit wrote: > Joel Carnat(j...@carnat.net) on 2019.06.12 16:10:25 +0200: > > Hi, > > > > I have configured relayd(8) on my vmd(8) host so that I can connect to > > the running VMs using SSH. > > > > Using relayctl(8), I can see that those sessions have the same value for > > age and idle ; even when something happens in the SSH sessions. > > > > Is this expected or an error in my relayd.conf ? > > > > Thanks. > > > > #### > > # config snippet > > > > protocol sshtcp { > > tcp { nodelay, socket buffer 65536 } > > this uses the implicit "splice" option. > > If you add "no splice" to the tcp options, the idle time will be reset. > > The reason is this: After connection setup, relayd "splices" the socket > connecting to the ssh client to the socket connecting to the ssh server. > After that, the kernel takes care of transfering data between the client > connection and the forward connection. relayd does not see the traffic > anymore. > > It will only touch the connection again, when a maximum number of bytes are > transfered, or a timeout triggers. > > For tcp connections, the max number of bytes is unlimited, and the timeout > is set toyour session timeout. > > (For http connections, the max number of bytes is smaller, because relayd > wants to look at the headers of the next http request). > > So relayd cannot know if the connection has been idle. It will only know > when it reaches "session timeout". If you dont like this, use "no splice". > However, that makes the connection slower and consume more cpu. > > /Benno >
Thanks a lot for this detailled explanation. I'll check cpu consumption and connection speed to see if I'd rather stick with a long timeout configuration. Regards, Jo