How do SSH tunnels handle TCP RSTs on either side?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












Say I have an SSH tunnel from my local machine to a database on a remote server.



If I send a query into the tunnel, it comes out on the other side, but halfway through sending the query or receiving the result the Database triggers a TCP RST, how does SSH handle that?



Does it:



  1. Wait to ACK packets on either side until it has received an ACK from the endpoints?

  2. Buffer application level data and resend until successful?

  3. Other?

My worry is that if the tunnel ACKs before the other side ACKs, and the other side instead sends a RST then there is no way to propagate that RST back. Both sides will just hang.




ssh ssh-tunneling




share|improve this question




















  • ACKs are handled by the TCP layer, not the application.
    – Barmar
    Mar 7 at 21:02














up vote
1
down vote

favorite












Say I have an SSH tunnel from my local machine to a database on a remote server.



If I send a query into the tunnel, it comes out on the other side, but halfway through sending the query or receiving the result the Database triggers a TCP RST, how does SSH handle that?



Does it:



  1. Wait to ACK packets on either side until it has received an ACK from the endpoints?

  2. Buffer application level data and resend until successful?

  3. Other?

My worry is that if the tunnel ACKs before the other side ACKs, and the other side instead sends a RST then there is no way to propagate that RST back. Both sides will just hang.




ssh ssh-tunneling




share|improve this question




















  • ACKs are handled by the TCP layer, not the application.
    – Barmar
    Mar 7 at 21:02












up vote
1
down vote

favorite









up vote
1
down vote

favorite











Say I have an SSH tunnel from my local machine to a database on a remote server.



If I send a query into the tunnel, it comes out on the other side, but halfway through sending the query or receiving the result the Database triggers a TCP RST, how does SSH handle that?



Does it:



  1. Wait to ACK packets on either side until it has received an ACK from the endpoints?

  2. Buffer application level data and resend until successful?

  3. Other?

My worry is that if the tunnel ACKs before the other side ACKs, and the other side instead sends a RST then there is no way to propagate that RST back. Both sides will just hang.




ssh ssh-tunneling




share|improve this question












Say I have an SSH tunnel from my local machine to a database on a remote server.



If I send a query into the tunnel, it comes out on the other side, but halfway through sending the query or receiving the result the Database triggers a TCP RST, how does SSH handle that?



Does it:



  1. Wait to ACK packets on either side until it has received an ACK from the endpoints?

  2. Buffer application level data and resend until successful?

  3. Other?

My worry is that if the tunnel ACKs before the other side ACKs, and the other side instead sends a RST then there is no way to propagate that RST back. Both sides will just hang.





ssh ssh-tunneling





share|improve this question











share|improve this question




share|improve this question










asked Mar 7 at 15:00









Breedly

1083




1083











  • ACKs are handled by the TCP layer, not the application.
    – Barmar
    Mar 7 at 21:02
















  • ACKs are handled by the TCP layer, not the application.
    – Barmar
    Mar 7 at 21:02















ACKs are handled by the TCP layer, not the application.
– Barmar
Mar 7 at 21:02




ACKs are handled by the TCP layer, not the application.
– Barmar
Mar 7 at 21:02










1 Answer
1






active

oldest

votes

















up vote
0
down vote













How will "both sides will just hang"? Do you actually observe that?



Quoting from "TCP/IP Illustrated, Volume 1, 2nd edition" p. 628:




The reset segment contains a sequence number and acknowledgement number. Also notice that the reset segment elicits no response from the other end—it is not acknowledged at all. The receiver of the reset aborts the connection and advises the application that the connection was reset. This often results in the error indication "Connection reset by peer" or a similar message.




And on the previous page:




Aborting a connecting provides two features...any queued data is thrown away and a reset segment is sent immediately...the receiver of the reset can tell that the other end did an abort instead of a normal close.




(You may also want to review the socket option SO_LINGER that may be used by the listening socket of your application.)






share|improve this answer




















  • Not so much a TCP question, but a "how does the tunnel handle TCP". Does it ACK all packets coming in before replaying them on the other side? Does it pass the TCP sequence through transparently and replay both sides? Am I guaranteed to have the same sequence numbers on either side of the tunnel?
    – Breedly
    Mar 7 at 20:55










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f428767%2fhow-do-ssh-tunnels-handle-tcp-rsts-on-either-side%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
0
down vote













How will "both sides will just hang"? Do you actually observe that?



Quoting from "TCP/IP Illustrated, Volume 1, 2nd edition" p. 628:




The reset segment contains a sequence number and acknowledgement number. Also notice that the reset segment elicits no response from the other end—it is not acknowledged at all. The receiver of the reset aborts the connection and advises the application that the connection was reset. This often results in the error indication "Connection reset by peer" or a similar message.




And on the previous page:




Aborting a connecting provides two features...any queued data is thrown away and a reset segment is sent immediately...the receiver of the reset can tell that the other end did an abort instead of a normal close.




(You may also want to review the socket option SO_LINGER that may be used by the listening socket of your application.)






share|improve this answer




















  • Not so much a TCP question, but a "how does the tunnel handle TCP". Does it ACK all packets coming in before replaying them on the other side? Does it pass the TCP sequence through transparently and replay both sides? Am I guaranteed to have the same sequence numbers on either side of the tunnel?
    – Breedly
    Mar 7 at 20:55














up vote
0
down vote













How will "both sides will just hang"? Do you actually observe that?



Quoting from "TCP/IP Illustrated, Volume 1, 2nd edition" p. 628:




The reset segment contains a sequence number and acknowledgement number. Also notice that the reset segment elicits no response from the other end—it is not acknowledged at all. The receiver of the reset aborts the connection and advises the application that the connection was reset. This often results in the error indication "Connection reset by peer" or a similar message.




And on the previous page:




Aborting a connecting provides two features...any queued data is thrown away and a reset segment is sent immediately...the receiver of the reset can tell that the other end did an abort instead of a normal close.




(You may also want to review the socket option SO_LINGER that may be used by the listening socket of your application.)






share|improve this answer




















  • Not so much a TCP question, but a "how does the tunnel handle TCP". Does it ACK all packets coming in before replaying them on the other side? Does it pass the TCP sequence through transparently and replay both sides? Am I guaranteed to have the same sequence numbers on either side of the tunnel?
    – Breedly
    Mar 7 at 20:55












up vote
0
down vote










up vote
0
down vote









How will "both sides will just hang"? Do you actually observe that?



Quoting from "TCP/IP Illustrated, Volume 1, 2nd edition" p. 628:




The reset segment contains a sequence number and acknowledgement number. Also notice that the reset segment elicits no response from the other end—it is not acknowledged at all. The receiver of the reset aborts the connection and advises the application that the connection was reset. This often results in the error indication "Connection reset by peer" or a similar message.




And on the previous page:




Aborting a connecting provides two features...any queued data is thrown away and a reset segment is sent immediately...the receiver of the reset can tell that the other end did an abort instead of a normal close.




(You may also want to review the socket option SO_LINGER that may be used by the listening socket of your application.)






share|improve this answer












How will "both sides will just hang"? Do you actually observe that?



Quoting from "TCP/IP Illustrated, Volume 1, 2nd edition" p. 628:




The reset segment contains a sequence number and acknowledgement number. Also notice that the reset segment elicits no response from the other end—it is not acknowledged at all. The receiver of the reset aborts the connection and advises the application that the connection was reset. This often results in the error indication "Connection reset by peer" or a similar message.




And on the previous page:




Aborting a connecting provides two features...any queued data is thrown away and a reset segment is sent immediately...the receiver of the reset can tell that the other end did an abort instead of a normal close.




(You may also want to review the socket option SO_LINGER that may be used by the listening socket of your application.)







share|improve this answer












share|improve this answer



share|improve this answer










answered Mar 7 at 18:35









thrig

22.2k12852




22.2k12852











  • Not so much a TCP question, but a "how does the tunnel handle TCP". Does it ACK all packets coming in before replaying them on the other side? Does it pass the TCP sequence through transparently and replay both sides? Am I guaranteed to have the same sequence numbers on either side of the tunnel?
    – Breedly
    Mar 7 at 20:55
















  • Not so much a TCP question, but a "how does the tunnel handle TCP". Does it ACK all packets coming in before replaying them on the other side? Does it pass the TCP sequence through transparently and replay both sides? Am I guaranteed to have the same sequence numbers on either side of the tunnel?
    – Breedly
    Mar 7 at 20:55















Not so much a TCP question, but a "how does the tunnel handle TCP". Does it ACK all packets coming in before replaying them on the other side? Does it pass the TCP sequence through transparently and replay both sides? Am I guaranteed to have the same sequence numbers on either side of the tunnel?
– Breedly
Mar 7 at 20:55




Not so much a TCP question, but a "how does the tunnel handle TCP". Does it ACK all packets coming in before replaying them on the other side? Does it pass the TCP sequence through transparently and replay both sides? Am I guaranteed to have the same sequence numbers on either side of the tunnel?
– Breedly
Mar 7 at 20:55












 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f428767%2fhow-do-ssh-tunnels-handle-tcp-rsts-on-either-side%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

Peggy Mitchell

Image
EastEnders character This article is about the soap opera character. For the British tennis player, see Peggy Michell. For the author, see Margaret Mitchell. Peggy Mitchell Barbara Windsor as Peggy Mitchell (2008) EastEnders character Portrayed by Jo Warne (1991) Barbara Windsor (1994–2016) Duration 1991, 1994–2010, 2013–2016 First appearance Episode 650 30 April 1991  ( 1991-04-30 ) Last appearance Episode 5286 17 May 2016  ( 2016-05-17 ) (appearance) Episode 5287 19 May 2016 (voiceover) Introduced by Michael Ferguson (1991) Barbara Emile (1994) Louise Berridge (2004) Kate Harwood (2005) Lorraine Newman (2013) Dominic Treadwell-Collins (2014) Spin-off appearances The Mitchells - Naked Truths (1998) Classification Former; regular Profile Other names Peggy Butcher Occupation Barmaid Businesswoman Pub landlady Jo Warne as Peggy Mitchell (1991) Family Family Mitchell Father Jack Martin Mother Lily Martin Sisters Aunt ...
Read more

Palaiologos

Image
Palaiologos Παλαιολόγος Palaeologus, Palaeologue Imperial Family Double-headed eagle with the family cypher Country Byzantine Empire, Duchy of Montferrat (remaining lineage after Empire annexed by Ottomans) Founded 11th century  ( 11th century ) Founder Nikephoros Palaiologos (first known) Final ruler Constantine XI Palaiologos (Byzantine Empire) Margaret Paleologa (Montferrat) Titles Byzantine Emperor Marquess of Montferrat Style(s) "Augustus" "Basileus" "Autokrator" Traditions Greek Orthodoxy (predominantly) Roman Catholicism (remaining lineage in Montferrat) Dissolution 1533  ( 1533 ) Cadet branches Claimants: House of Kastrioti (defunct) House of Rurik (defunct) Palaiologan dynasty Chronology Michael VIII 1259–1282 with Andronikos II as co-emperor, 1261–1282 Andronikos II 1282–1328 with Michael IX (1294–1320) and Andronikos III (1321–1328) as co-emperors Andronikos III 1328–1341 John...
Read more

The Forum (Inglewood, California)

Image
The Forum "LA Forum" Prairie Ave. façade of The Forum in 2014 Full name The Forum, presented by Chase Former names The Forum (1967–1988) Great Western Forum (1988–2003) Address 3900 W. Manchester Blvd Location Inglewood, California Coordinates Coordinates: 33°57′29″N 118°20′31″W  /  33.95806°N 118.34194°W  / 33.95806; -118.34194 Public transit     Downtown Inglewood station Owner The Madison Square Garden Company Operator MSG Entertainment Seating type Reserved Capacity 17,500 Half-bowl: 8,000 Construction Broke ground July 1, 1966  ( 1966-07-01 ) Opened December 30, 1967  ( 1967-12-30 ) Renovated 1988, 2012–2014 Construction cost $16 million Renovation: 2014: $76.5 million Architect Charles Luckman Associates (original) Brisbin Brook Beynon (renovation) Structural engineer Johnson & Nielsen Associates (original) Severud Associates (renovation) Genera...
Read more