[OmniOS-discuss] strangeness ssh into omnios from oi_151a9

Richard PALO richard at netbsd.org
Thu Oct 1 12:29:32 UTC 2015 

Le 01/10/15 14:23, Lauri Tirkkonen a écrit :
> On Thu, Oct 01 2015 13:49:03 +0200, Richard PALO wrote:
>> Le 01/10/15 11:58, Lauri Tirkkonen a écrit :
>>> On Thu, Oct 01 2015 11:50:03 +0200, Richard PALO wrote:
>>>>>> In that case, wouldn't setting tcp_tstamp_always on OI to '1' be better in
>>>>>> this case (or would OI not honour that setting correctly)?
>>>>>
>>>>> It wouldn't work. From what I can tell, those ndd settings only affect
>>>>> the SYN segments (ie.  timestamp negotiation); pre-5850 illumos will
>>>>> always stop timestamping mid-connection if it receives a non-timestamped
>>>>> segment.
>>>>>
>>>>
>>>> Okay, I set tcp_tstamp_if_wscale to 0 and it does seem to work fine.
>>>
>>> Thanks, that pretty much confirms the issue is what I suspected it is.
>>>
>>>> (Hoping there isn't any fallout from doing this now...)
>>>
>>> As long as that middlebox has been mucking with your traffic in the way
>>> it is, timestamps have been getting turned off mid-connection for your
>>> pre-5850 box. I recommend you to ugprade to post-5850 if you can, or to
>>> scream loudly at whoever is modifying your traffic :)
>>>
>>
>> Actually I still notice some problems.. This morning in the direction OI => omnios 
>> things seemed okay.
>> Now, omnios => OI I just now experienced the hang again, and it is repeatable.
>>
>> Could it be that your workaround is only useful for outbound connections (relative to OI)?
> 
> Yeah, it's possible. Whoever sends the SYN expresses their capability to
> timestamp by including the tsopt, and you can disable that with the ndd
> options. I assumed that the ndd options would affect SYNACK as well, but
> I didn't actually read the code; I guess that's not the case after all,
> so inbound connections still get timestamping negotiated. I don't have a
> workaround for this, sorry.
> 

Too bad.  Naturally it isn't feasible to turn things off via ndd on omnios for just one target.
Is there any way to do that differently? That is, for only one target (and primarily ssh)?

Unfortunately as well seems my inquiry to the OI list went unheard, even after subscribing (again).
Must not have any moderators any longer... oh bother. The easiest would be to have 5850 integrated into OI.


-- 
Richard PALO

More information about the OmniOS-discuss mailing list