SSH: Avoid "Write failed: Broken pipe" message when logging out gracefully.

Veit
Veit Posts: 21  Freshman Member
First Comment Friend Collector Fifth Anniversary
edited August 2022 in Switch
Hi,

another request for SSH:

Currently SSH clients emit the error message like "Write failed: Broken pipe" or similar when logging out gracefully from a SSH/SFTP session to the switch.

This is likely caused by prematurely closing a file handle without announcing a channel shutdown.

The error message is confusing/leads to the assumption that anything went wrong, and processing/suppressing this error message makes scripting unnecessarily harder/complex.

Best regards
// Veit

Comments

  • Zyxel_Ryan
    Zyxel_Ryan Posts: 72  Zyxel Employee
    First Answer First Comment Friend Collector
    edited April 2018
    Hi @Veit

    Thanks for your idea. 
    When terminating TCP connection process, there are actually two methods.
    One is FIN packet, while the other is RST packet. 
    For details, you can refer to website: https://ipwithease.com/tcp-fin-vs-rst-packets/

    Zyxel switches use RST packet to terminate TCP connection. 
    Linux system will reply "Broken Pipe message" if switches use this method to terminate connection. 
    However, both FIN and RST packet follow standard. 
    For switches, it is a normal behavior, while it is also a normal behavior for Linux system. 

    If you have further suggestion, welcome to let us know!
    Thanks!

    Ryan
  • Veit
    Veit Posts: 21  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    Hi @Zyxel_Ryan,

    thank you for the explaination. I was not aware that RST only instead of FIN/FIN ACK/ACK was an legitimate way to regularly end a TCP connection, though it does not seem very graceful.

    But might that bevaiour be the cause of the SFTP problem described here: https://businessforum.zyxel.com/discussion/1100/how-to-import-configuration-via-sftp

    Following the test cases so far, it seems to affect any Linux client, but not Windows. And uploading the config via SFTP (which does not work) cancels the connection and results in instant broken pipe error on Linux clients, while uploading firmware via SFTP (which works well) does not end the connection.

    For what I have read now, ending a connection with RST the "dirty way" instead of FIN/FIN ACK/ACK will cause data that is still unprocessed in the TCP send and receive buffers to be discarded. Might that be the root of the problems described in the other post?

    Regards,
    // Veit
  • Zyxel_Albert
    Zyxel_Albert Posts: 36  Zyxel Employee
    First Answer First Comment Friend Collector Third Anniversary
    Hello @Veit,

    Your assumption is partially correct.
    Broken pipe error message on Linux clients is caused by using RST packet to terminate a TCP session .
    sFTP transfer file fail is caused by software design issue.

    As you've known that both RST and FIN/ACK are regular ways to terminate a TCP connection and we agree that using FIN/ACK to terminate TCP connections is softer.
    Thank for you suggestion we will consider it in our future design. 

    If you have further suggestion, welcome to let us know!
    Thanks and Best Regards.