site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com User-agent: Mutt/1.5.12-2006-07-14 On Fri, Apr 13, 2007 at 12:13:44PM +0200, Nicola Vitacolonna scratched on the wall:

Hi, I use to read email through an ssh tunnel and I want to turn the task into an on-demand launchd user agent. So far, I have come out with the following, "nearly working", solution:

I have a couple of problems, though:

1) The first email sent during a session correctly triggers the ssh tunnel on, but the mail client (I have tried with Apple Mail and Thunderbird) hangs on "Connecting to localhost...". If I stop sending the email and try again (now the tunnel is already active) the mail is sent. Subsequent messages are also sent without any problem.

This isn't as simple as it sounds. The problem is that "servers" (defined, for the purpose of this conversation, as anything that allows incoming network connections; in this case the local end of the ssh tunnel) that want to run "on demand" must be written in a special way. This is true of launchd, it is also true of launchd's predecessors, such as inetd and xinetd. In short, the problem is that launchd has control over the incoming network connection. When it detects an incoming connection (e.g. your mail program) it launches the defined on-demand program (your ssh tunnel). But after that it done, it needs some way to plumb together the network connection and the newly launched program. This requires an alternate input/output method in the on-demand server application. While sshd (the normal server daemon) supports this mode (-i), the ssh client does not. So your first connection triggers the startup of the tunnel, but it doesn't actually work, since the plumbing can't be connected correctly. The tunnel has started up, however, so subsequent connections work as expected. Google for "ssh tunnel inetd" to get some ideas on how people have worked around this.

2) When I pull out the network cable (e.g., because I change location), ssh quits after a while (see options ServerAliveInterval and ServerAliveCountMax); it is respawned by launchd, however, no matter how long it has been running. Since there is no network available, ssh exits again, and so repearedly until the job is eventually removed. So, I have to unload/load the plist when I connect the cable again.

This sounds odd. Without getting into the details, it sounds like launchd is not properly maintaining control over the ssh process (which is likely since most ssh tunnels are more of a daemon than a one-shot deal (required by on-demand); -f can somewhat reproduce this, but not well). There is also going to be issues if you don't turn your mail program off when your network connection is gone. I have a less clear picture of what is going on in this second case. Perhaps someone else has a better idea. -j -- Jay A. Kreibich < J A Y @ K R E I B I.C H > "'People who live in bamboo houses should not throw pandas.' Jesus said that." - "The Ninja", www.AskANinja.com, "Special Delivery 10: Pop!Tech 2006" _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com