SSH: Avoid "Write failed: Broken pipe" message when logging out gracefully.
Freshman Member
Hi,
another request for SSH:
Currently SSH clients emit the error message like "Write failed: Broken pipe" or similar when logging out gracefully from a SSH/SFTP session to the switch.
This is likely caused by prematurely closing a file handle without announcing a channel shutdown.
The error message is confusing/leads to the assumption that anything went wrong, and processing/suppressing this error message makes scripting unnecessarily harder/complex.
Best regards
// Veit
another request for SSH:
Currently SSH clients emit the error message like "Write failed: Broken pipe" or similar when logging out gracefully from a SSH/SFTP session to the switch.
This is likely caused by prematurely closing a file handle without announcing a channel shutdown.
The error message is confusing/leads to the assumption that anything went wrong, and processing/suppressing this error message makes scripting unnecessarily harder/complex.
Best regards
// Veit
0
Comments
-
Hi @Veit,Thanks for your idea.When terminating TCP connection process, there are actually two methods.One is FIN packet, while the other is RST packet.For details, you can refer to website: https://ipwithease.com/tcp-fin-vs-rst-packets/Zyxel switches use RST packet to terminate TCP connection.Linux system will reply "Broken Pipe message" if switches use this method to terminate connection.However, both FIN and RST packet follow standard.For switches, it is a normal behavior, while it is also a normal behavior for Linux system.If you have further suggestion, welcome to let us know!Thanks!Ryan0
-
Hi @Zyxel_Ryan,
thank you for the explaination. I was not aware that RST only instead of FIN/FIN ACK/ACK was an legitimate way to regularly end a TCP connection, though it does not seem very graceful.
But might that bevaiour be the cause of the SFTP problem described here: https://businessforum.zyxel.com/discussion/1100/how-to-import-configuration-via-sftp
Following the test cases so far, it seems to affect any Linux client, but not Windows. And uploading the config via SFTP (which does not work) cancels the connection and results in instant broken pipe error on Linux clients, while uploading firmware via SFTP (which works well) does not end the connection.
For what I have read now, ending a connection with RST the "dirty way" instead of FIN/FIN ACK/ACK will cause data that is still unprocessed in the TCP send and receive buffers to be discarded. Might that be the root of the problems described in the other post?
Regards,
// Veit
0 -
Hello @Veit,
Your assumption is partially correct.
Broken pipe error message on Linux clients is caused by using RST packet to terminate a TCP session .
sFTP transfer file fail is caused by software design issue.
As you've known that both RST and FIN/ACK are regular ways to terminate a TCP connection and we agree that using FIN/ACK to terminate TCP connections is softer.
Thank for you suggestion we will consider it in our future design.If you have further suggestion, welcome to let us know!Thanks and Best Regards.0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
