tech-net: Re: ipv6 reverse name server vs. ftp

Subject: Re: ipv6 reverse name server vs. ftp
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Luke Mewburn <lukem@NetBSD.org>
List: tech-net
Date: 08/02/2005 21:49:42
--95xjieIIiUQImiTX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jun 30, 2005 at 09:56:07PM -0400, Steven M. Bellovin wrote:
  | In message <20050701014123.GB12905@mewburn.net>, Luke Mewburn writes:
  | >Ok, so it's the use of "alarmtimer(60)" in getreply(); that behaviour
  | >has been there for a few years.
  | >
  | >I think I need to modify that use of alarmtimer so that it uses
  | >the -q quit_time value.
  | >That leaves the issue of what timeout to use for the timeout in
  | >dataconn() and getreply() if no quit_time is given?
  | >Possibly revert back to very old ftp behaviour of "wait forever"...
  | >(I may consider an environment various to set quit_time as well.)
  |=20
  | I think I'd opt for about 5 minutes (or maybe 10) as the default value
  | for all of these timeouts: you want to ensure that normal delays don't=
=20
  | trigger them.  For example, the delay on the accept() calls should be=
=20
  | greater than (default) timeout on the corresonding connect() calls. =20
  | That way, the connect()er will give up first.  (A quick test on=20
  | -current says that the connect() timeout is about 75 seconds.  I should=
=20
  | read the source, I suppose, rather than testing....) In my situation,
  | the problem is with DNS queries.  How long can they take?  I know it's=
=20
  | at least 2 minutes.
  |=20
  | These timeouts are an excellent idea.  In fact, the place I'm running=
=20
  | into the problem is when running /usr/pkg/sbin/download-vulnerability-l=
ist
  | from /etc/security.local; I don't want my daily job hanging forever. =
=20
  | I'm glad the timers were added; just make the default values quite=20
  | conservative.

Do you mind send-pr-ing this issue and the suggested fix, so that we
don't lose track of it?


Thanks,
Luke.

--95xjieIIiUQImiTX
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iD8DBQFC713WpBhtmn8zJHIRAumyAJ9fpQO1PqiQ1f/0vOUTEHSmmAXPvACgxIII
2MTk7rVUCsc9uq/tiP7SpRo=
=Spyw
-----END PGP SIGNATURE-----

--95xjieIIiUQImiTX--