]>
Commit | Line | Data |
---|---|---|
c14d659f ER |
1 | diff -NupwB ../4.7/openssh-4.7p1/atomicio.c openssh-4.7p1/atomicio.c |
2 | --- ../4.7/openssh-4.7p1/atomicio.c 2007-06-25 08:15:12.000000000 -0400 | |
3 | +++ openssh-4.7p1/atomicio.c 2008-02-06 13:28:54.000000000 -0500 | |
4 | @@ -57,13 +57,13 @@ atomicio(ssize_t (*f) (int, void *, size | |
5 | res = (f) (fd, s + pos, n - pos); | |
6 | switch (res) { | |
7 | case -1: | |
8 | -#ifdef EWOULDBLOCK | |
9 | - if (errno == EINTR || errno == EWOULDBLOCK) | |
10 | -#else | |
11 | if (errno == EINTR) | |
12 | -#endif | |
13 | continue; | |
14 | +#ifdef EWOULDBLOCK | |
15 | + if (errno == EAGAIN || errno == EWOULDBLOCK) { | |
16 | +#else | |
17 | if (errno == EAGAIN) { | |
18 | +#endif | |
19 | (void)poll(&pfd, 1, -1); | |
20 | continue; | |
21 | } | |
22 | @@ -103,13 +103,13 @@ atomiciov(ssize_t (*f) (int, const struc | |
23 | res = (f) (fd, iov, iovcnt); | |
24 | switch (res) { | |
25 | case -1: | |
26 | -#ifdef EWOULDBLOCK | |
27 | - if (errno == EINTR || errno == EWOULDBLOCK) | |
28 | -#else | |
29 | if (errno == EINTR) | |
30 | -#endif | |
31 | continue; | |
32 | +#ifdef EWOULDBLOCK | |
33 | + if (errno == EAGAIN || errno == EWOULDBLOCK) { | |
34 | +#else | |
35 | if (errno == EAGAIN) { | |
36 | +#endif | |
37 | (void)poll(&pfd, 1, -1); | |
38 | continue; | |
39 | } | |
40 | diff -NupwB ../4.7/openssh-4.7p1/auth2.c openssh-4.7p1/auth2.c | |
41 | --- ../4.7/openssh-4.7p1/auth2.c 2007-05-20 00:58:41.000000000 -0400 | |
42 | +++ openssh-4.7p1/auth2.c 2008-02-06 13:29:19.000000000 -0500 | |
43 | @@ -44,6 +44,7 @@ | |
44 | #include "dispatch.h" | |
45 | #include "pathnames.h" | |
46 | #include "buffer.h" | |
47 | +#include "canohost.h" | |
48 | ||
49 | #ifdef GSSAPI | |
50 | #include "ssh-gss.h" | |
51 | @@ -67,6 +68,9 @@ extern Authmethod method_hostbased; | |
52 | extern Authmethod method_gssapi; | |
53 | #endif | |
54 | ||
55 | +static int log_flag = 0; | |
56 | + | |
57 | + | |
58 | Authmethod *authmethods[] = { | |
59 | &method_none, | |
60 | &method_pubkey, | |
61 | @@ -151,6 +155,11 @@ input_userauth_request(int type, u_int32 | |
62 | service = packet_get_string(NULL); | |
63 | method = packet_get_string(NULL); | |
64 | debug("userauth-request for user %s service %s method %s", user, service, method); | |
65 | + if (!log_flag) { | |
66 | + logit("SSH: Server;Ltype: Authname;Remote: %s-%d;Name: %s", | |
67 | + get_remote_ipaddr(), get_remote_port(), user); | |
68 | + log_flag = 1; | |
69 | + } | |
70 | debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); | |
71 | ||
72 | if ((style = strchr(user, ':')) != NULL) | |
73 | diff -NupwB ../4.7/openssh-4.7p1/buffer.c openssh-4.7p1/buffer.c | |
74 | --- ../4.7/openssh-4.7p1/buffer.c 2006-08-04 22:39:39.000000000 -0400 | |
75 | +++ openssh-4.7p1/buffer.c 2008-02-06 17:02:07.000000000 -0500 | |
76 | @@ -127,7 +127,9 @@ restart: | |
77 | ||
78 | /* Increase the size of the buffer and retry. */ | |
79 | newlen = roundup(buffer->alloc + len, BUFFER_ALLOCSZ); | |
80 | - if (newlen > BUFFER_MAX_LEN) | |
81 | + /* need it to be slightly larger than the MAX LEN for this */ | |
82 | + /* still investigating *why* but this works for now -cjr */ | |
83 | + if (newlen > (BUFFER_MAX_LEN_HPN + BUFFER_MAX_LEN)) | |
84 | fatal("buffer_append_space: alloc %u not supported", | |
85 | newlen); | |
86 | buffer->buf = xrealloc(buffer->buf, 1, newlen); | |
87 | diff -NupwB ../4.7/openssh-4.7p1/buffer.h openssh-4.7p1/buffer.h | |
88 | --- ../4.7/openssh-4.7p1/buffer.h 2006-08-04 22:39:39.000000000 -0400 | |
89 | +++ openssh-4.7p1/buffer.h 2008-02-06 13:28:23.000000000 -0500 | |
90 | @@ -16,6 +16,9 @@ | |
91 | #ifndef BUFFER_H | |
92 | #define BUFFER_H | |
93 | ||
94 | +/* move the following to a more appropriate place and name */ | |
95 | +#define BUFFER_MAX_LEN_HPN 0x4000000 /* 64MB */ | |
96 | + | |
97 | typedef struct { | |
98 | u_char *buf; /* Buffer for data. */ | |
99 | u_int alloc; /* Number of bytes allocated for data. */ | |
100 | diff -NupwB ../4.7/openssh-4.7p1/channels.c openssh-4.7p1/channels.c | |
101 | --- ../4.7/openssh-4.7p1/channels.c 2007-06-25 05:04:47.000000000 -0400 | |
102 | +++ openssh-4.7p1/channels.c 2008-02-06 13:29:19.000000000 -0500 | |
103 | @@ -311,6 +311,7 @@ channel_new(char *ctype, int type, int r | |
104 | c->local_window_max = window; | |
105 | c->local_consumed = 0; | |
106 | c->local_maxpacket = maxpack; | |
107 | + c->dynamic_window = 0; | |
108 | c->remote_id = -1; | |
109 | c->remote_name = xstrdup(remote_name); | |
110 | c->remote_window = 0; | |
111 | @@ -765,11 +766,35 @@ channel_pre_open_13(Channel *c, fd_set * | |
112 | FD_SET(c->sock, writeset); | |
113 | } | |
114 | ||
115 | +int channel_tcpwinsz () { | |
116 | + u_int32_t tcpwinsz = 0; | |
117 | + socklen_t optsz = sizeof(tcpwinsz); | |
118 | + int ret = -1; | |
119 | + | |
120 | + /* if we aren't on a socket return 128KB*/ | |
121 | + if(!packet_connection_is_on_socket()) | |
122 | + return(128*1024); | |
123 | + ret = getsockopt(packet_get_connection_in(), | |
124 | + SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz); | |
125 | + /* return no more than 64MB */ | |
126 | + if ((ret == 0) && tcpwinsz > BUFFER_MAX_LEN_HPN) | |
127 | + tcpwinsz = BUFFER_MAX_LEN_HPN; | |
128 | + debug2("tcpwinsz: %d for connection: %d", tcpwinsz, | |
129 | + packet_get_connection_in()); | |
130 | + return(tcpwinsz); | |
131 | +} | |
132 | + | |
133 | static void | |
134 | channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset) | |
135 | { | |
136 | u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); | |
137 | ||
138 | + /* check buffer limits */ | |
139 | + if ((!c->tcpwinsz) || (c->dynamic_window > 0)) | |
140 | + c->tcpwinsz = channel_tcpwinsz(); | |
141 | + | |
142 | + limit = MIN(limit, 2 * c->tcpwinsz); | |
143 | + | |
144 | if (c->istate == CHAN_INPUT_OPEN && | |
145 | limit > 0 && | |
146 | buffer_len(&c->input) < limit && | |
147 | @@ -1661,14 +1686,21 @@ channel_check_window(Channel *c) | |
148 | c->local_maxpacket*3) || | |
149 | c->local_window < c->local_window_max/2) && | |
150 | c->local_consumed > 0) { | |
151 | + u_int addition = 0; | |
152 | + /* adjust max window size if we are in a dynamic environment */ | |
153 | + if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) { | |
154 | + /* grow the window somewhat aggressively to maintain pressure */ | |
155 | + addition = 1.5*(c->tcpwinsz - c->local_window_max); | |
156 | + c->local_window_max += addition; | |
157 | + } | |
158 | packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST); | |
159 | packet_put_int(c->remote_id); | |
160 | - packet_put_int(c->local_consumed); | |
161 | + packet_put_int(c->local_consumed + addition); | |
162 | packet_send(); | |
163 | debug2("channel %d: window %d sent adjust %d", | |
164 | c->self, c->local_window, | |
165 | c->local_consumed); | |
166 | - c->local_window += c->local_consumed; | |
167 | + c->local_window += c->local_consumed + addition; | |
168 | c->local_consumed = 0; | |
169 | } | |
170 | return 1; | |
171 | @@ -1871,11 +1903,12 @@ channel_after_select(fd_set *readset, fd | |
172 | ||
173 | ||
174 | /* If there is data to send to the connection, enqueue some of it now. */ | |
175 | -void | |
176 | +int | |
177 | channel_output_poll(void) | |
178 | { | |
179 | Channel *c; | |
180 | u_int i, len; | |
181 | + int packet_length = 0; | |
182 | ||
183 | for (i = 0; i < channels_alloc; i++) { | |
184 | c = channels[i]; | |
185 | @@ -1915,7 +1948,7 @@ channel_output_poll(void) | |
186 | packet_start(SSH2_MSG_CHANNEL_DATA); | |
187 | packet_put_int(c->remote_id); | |
188 | packet_put_string(data, dlen); | |
189 | - packet_send(); | |
190 | + packet_length = packet_send(); | |
191 | c->remote_window -= dlen + 4; | |
192 | xfree(data); | |
193 | } | |
194 | @@ -1945,7 +1978,7 @@ channel_output_poll(void) | |
195 | SSH2_MSG_CHANNEL_DATA : SSH_MSG_CHANNEL_DATA); | |
196 | packet_put_int(c->remote_id); | |
197 | packet_put_string(buffer_ptr(&c->input), len); | |
198 | - packet_send(); | |
199 | + packet_length = packet_send(); | |
200 | buffer_consume(&c->input, len); | |
201 | c->remote_window -= len; | |
202 | } | |
203 | @@ -1980,12 +2013,13 @@ channel_output_poll(void) | |
204 | packet_put_int(c->remote_id); | |
205 | packet_put_int(SSH2_EXTENDED_DATA_STDERR); | |
206 | packet_put_string(buffer_ptr(&c->extended), len); | |
207 | - packet_send(); | |
208 | + packet_length = packet_send(); | |
209 | buffer_consume(&c->extended, len); | |
210 | c->remote_window -= len; | |
211 | debug2("channel %d: sent ext data %d", c->self, len); | |
212 | } | |
213 | } | |
214 | + return (packet_length); | |
215 | } | |
216 | ||
217 | ||
218 | @@ -2342,7 +2376,8 @@ channel_set_af(int af) | |
219 | ||
220 | static int | |
221 | channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port, | |
222 | - const char *host_to_connect, u_short port_to_connect, int gateway_ports) | |
223 | + const char *host_to_connect, u_short port_to_connect, int gateway_ports, | |
224 | + int hpn_disabled, int hpn_buffer_size) | |
225 | { | |
226 | Channel *c; | |
227 | int sock, r, success = 0, wildcard = 0, is_client; | |
228 | @@ -2455,9 +2490,15 @@ channel_setup_fwd_listener(int type, con | |
229 | continue; | |
230 | } | |
231 | /* Allocate a channel number for the socket. */ | |
232 | + /* explicitly test for hpn disabled option. if true use smaller window size */ | |
233 | + if (hpn_disabled) | |
234 | c = channel_new("port listener", type, sock, sock, -1, | |
235 | CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, | |
236 | 0, "port listener", 1); | |
237 | + else | |
238 | + c = channel_new("port listener", type, sock, sock, -1, | |
239 | + hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, | |
240 | + 0, "port listener", 1); | |
241 | strlcpy(c->path, host, sizeof(c->path)); | |
242 | c->host_port = port_to_connect; | |
243 | c->listening_port = listen_port; | |
244 | @@ -2494,20 +2535,22 @@ channel_cancel_rport_listener(const char | |
245 | /* protocol local port fwd, used by ssh (and sshd in v1) */ | |
246 | int | |
247 | channel_setup_local_fwd_listener(const char *listen_host, u_short listen_port, | |
248 | - const char *host_to_connect, u_short port_to_connect, int gateway_ports) | |
249 | + const char *host_to_connect, u_short port_to_connect, int gateway_ports, | |
250 | + int hpn_disabled, int hpn_buffer_size) | |
251 | { | |
252 | return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER, | |
253 | listen_host, listen_port, host_to_connect, port_to_connect, | |
254 | - gateway_ports); | |
255 | + gateway_ports, hpn_disabled, hpn_buffer_size); | |
256 | } | |
257 | ||
258 | /* protocol v2 remote port fwd, used by sshd */ | |
259 | int | |
260 | channel_setup_remote_fwd_listener(const char *listen_address, | |
261 | - u_short listen_port, int gateway_ports) | |
262 | + u_short listen_port, int gateway_ports, int hpn_disabled, int hpn_buffer_size) | |
263 | { | |
264 | return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER, | |
265 | - listen_address, listen_port, NULL, 0, gateway_ports); | |
266 | + listen_address, listen_port, NULL, 0, gateway_ports, | |
267 | + hpn_disabled, hpn_buffer_size); | |
268 | } | |
269 | ||
270 | /* | |
271 | @@ -2622,7 +2665,8 @@ channel_request_rforward_cancel(const ch | |
272 | * message if there was an error). | |
273 | */ | |
274 | int | |
275 | -channel_input_port_forward_request(int is_root, int gateway_ports) | |
276 | +channel_input_port_forward_request(int is_root, int gateway_ports, | |
277 | + int hpn_disabled, int hpn_buffer_size) | |
278 | { | |
279 | u_short port, host_port; | |
280 | int success = 0; | |
281 | @@ -2648,7 +2692,7 @@ channel_input_port_forward_request(int i | |
282 | ||
283 | /* Initiate forwarding */ | |
284 | success = channel_setup_local_fwd_listener(NULL, port, hostname, | |
285 | - host_port, gateway_ports); | |
286 | + host_port, gateway_ports, hpn_disabled, hpn_buffer_size); | |
287 | ||
288 | /* Free the argument string. */ | |
289 | xfree(hostname); | |
290 | @@ -2852,7 +2896,8 @@ channel_send_window_changes(void) | |
291 | */ | |
292 | int | |
293 | x11_create_display_inet(int x11_display_offset, int x11_use_localhost, | |
294 | - int single_connection, u_int *display_numberp, int **chanids) | |
295 | + int single_connection, u_int *display_numberp, int **chanids, | |
296 | + int hpn_disabled, int hpn_buffer_size) | |
297 | { | |
298 | Channel *nc = NULL; | |
299 | int display_number, sock; | |
300 | @@ -2949,10 +2994,17 @@ x11_create_display_inet(int x11_display_ | |
301 | *chanids = xcalloc(num_socks + 1, sizeof(**chanids)); | |
302 | for (n = 0; n < num_socks; n++) { | |
303 | sock = socks[n]; | |
304 | + /* Is this really necassary? */ | |
305 | + if (hpn_disabled) | |
306 | nc = channel_new("x11 listener", | |
307 | SSH_CHANNEL_X11_LISTENER, sock, sock, -1, | |
308 | CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, | |
309 | 0, "X11 inet listener", 1); | |
310 | + else | |
311 | + nc = channel_new("x11 listener", | |
312 | + SSH_CHANNEL_X11_LISTENER, sock, sock, -1, | |
313 | + hpn_buffer_size, CHAN_X11_PACKET_DEFAULT, | |
314 | + 0, "X11 inet listener", 1); | |
315 | nc->single_connection = single_connection; | |
316 | (*chanids)[n] = nc->self; | |
317 | } | |
318 | diff -NupwB ../4.7/openssh-4.7p1/channels.h openssh-4.7p1/channels.h | |
319 | --- ../4.7/openssh-4.7p1/channels.h 2007-06-12 09:38:54.000000000 -0400 | |
320 | +++ openssh-4.7p1/channels.h 2008-02-06 13:29:19.000000000 -0500 | |
321 | @@ -98,8 +98,10 @@ struct Channel { | |
322 | u_int local_window_max; | |
323 | u_int local_consumed; | |
324 | u_int local_maxpacket; | |
325 | + int dynamic_window; | |
326 | int extended_usage; | |
327 | int single_connection; | |
328 | + u_int tcpwinsz; | |
329 | ||
330 | char *ctype; /* type */ | |
331 | ||
332 | @@ -122,9 +124,11 @@ struct Channel { | |
333 | ||
334 | /* default window/packet sizes for tcp/x11-fwd-channel */ | |
335 | #define CHAN_SES_PACKET_DEFAULT (32*1024) | |
336 | -#define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT) | |
337 | +#define CHAN_SES_WINDOW_DEFAULT (4*CHAN_SES_PACKET_DEFAULT) | |
338 | + | |
339 | #define CHAN_TCP_PACKET_DEFAULT (32*1024) | |
340 | -#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT) | |
341 | +#define CHAN_TCP_WINDOW_DEFAULT (4*CHAN_TCP_PACKET_DEFAULT) | |
342 | + | |
343 | #define CHAN_X11_PACKET_DEFAULT (16*1024) | |
344 | #define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT) | |
345 | ||
346 | @@ -193,7 +197,7 @@ void channel_input_window_adjust(int, u | |
347 | ||
348 | void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, int); | |
349 | void channel_after_select(fd_set *, fd_set *); | |
350 | -void channel_output_poll(void); | |
351 | +int channel_output_poll(void); | |
352 | ||
353 | int channel_not_very_much_buffered_data(void); | |
354 | void channel_close_all(void); | |
355 | @@ -208,21 +212,21 @@ void channel_add_permitted_opens(char * | |
356 | int channel_add_adm_permitted_opens(char *, int); | |
357 | void channel_clear_permitted_opens(void); | |
358 | void channel_clear_adm_permitted_opens(void); | |
359 | -int channel_input_port_forward_request(int, int); | |
360 | +int channel_input_port_forward_request(int, int, int, int); | |
361 | int channel_connect_to(const char *, u_short); | |
362 | int channel_connect_by_listen_address(u_short); | |
363 | int channel_request_remote_forwarding(const char *, u_short, | |
364 | const char *, u_short); | |
365 | int channel_setup_local_fwd_listener(const char *, u_short, | |
366 | - const char *, u_short, int); | |
367 | + const char *, u_short, int, int, int); | |
368 | void channel_request_rforward_cancel(const char *host, u_short port); | |
369 | -int channel_setup_remote_fwd_listener(const char *, u_short, int); | |
370 | +int channel_setup_remote_fwd_listener(const char *, u_short, int, int, int); | |
371 | int channel_cancel_rport_listener(const char *, u_short); | |
372 | ||
373 | /* x11 forwarding */ | |
374 | ||
375 | int x11_connect_display(void); | |
376 | -int x11_create_display_inet(int, int, int, u_int *, int **); | |
377 | +int x11_create_display_inet(int, int, int, u_int *, int **, int, int); | |
378 | void x11_input_open(int, u_int32_t, void *); | |
379 | void x11_request_forwarding_with_spoofing(int, const char *, const char *, | |
380 | const char *); | |
381 | diff -NupwB ../4.7/openssh-4.7p1/cipher.c openssh-4.7p1/cipher.c | |
382 | --- ../4.7/openssh-4.7p1/cipher.c 2006-08-04 22:39:39.000000000 -0400 | |
383 | +++ openssh-4.7p1/cipher.c 2008-02-06 13:28:54.000000000 -0500 | |
384 | @@ -55,6 +55,7 @@ extern const EVP_CIPHER *evp_ssh1_bf(voi | |
385 | extern const EVP_CIPHER *evp_ssh1_3des(void); | |
386 | extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); | |
387 | extern const EVP_CIPHER *evp_aes_128_ctr(void); | |
388 | +extern const EVP_CIPHER *evp_aes_ctr_mt(void); | |
389 | extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); | |
390 | ||
391 | struct Cipher { | |
392 | @@ -81,9 +82,9 @@ struct Cipher { | |
393 | { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, | |
394 | { "rijndael-cbc@lysator.liu.se", | |
395 | SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, | |
396 | - { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr }, | |
397 | - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr }, | |
398 | - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr }, | |
399 | + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_ctr_mt }, | |
400 | + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_ctr_mt }, | |
401 | + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_ctr_mt }, | |
402 | #ifdef USE_CIPHER_ACSS | |
403 | { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss }, | |
404 | #endif | |
405 | @@ -156,7 +157,8 @@ ciphers_valid(const char *names) | |
406 | for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; | |
407 | (p = strsep(&cp, CIPHER_SEP))) { | |
408 | c = cipher_by_name(p); | |
409 | - if (c == NULL || c->number != SSH_CIPHER_SSH2) { | |
410 | + if (c == NULL || (c->number != SSH_CIPHER_SSH2 && | |
411 | +c->number != SSH_CIPHER_NONE)) { | |
412 | debug("bad cipher %s [%s]", p, names); | |
413 | xfree(cipher_list); | |
414 | return 0; | |
415 | @@ -330,6 +332,7 @@ cipher_get_keyiv(CipherContext *cc, u_ch | |
416 | int evplen; | |
417 | ||
418 | switch (c->number) { | |
419 | + case SSH_CIPHER_NONE: | |
420 | case SSH_CIPHER_SSH2: | |
421 | case SSH_CIPHER_DES: | |
422 | case SSH_CIPHER_BLOWFISH: | |
423 | @@ -364,6 +367,7 @@ cipher_set_keyiv(CipherContext *cc, u_ch | |
424 | int evplen = 0; | |
425 | ||
426 | switch (c->number) { | |
427 | + case SSH_CIPHER_NONE: | |
428 | case SSH_CIPHER_SSH2: | |
429 | case SSH_CIPHER_DES: | |
430 | case SSH_CIPHER_BLOWFISH: | |
431 | diff -NupwB ../4.7/openssh-4.7p1/cipher-ctr-mt.c openssh-4.7p1/cipher-ctr-mt.c | |
432 | --- ../4.7/openssh-4.7p1/cipher-ctr-mt.c 1969-12-31 19:00:00.000000000 -0500 | |
433 | +++ openssh-4.7p1/cipher-ctr-mt.c 2008-02-06 13:28:54.000000000 -0500 | |
434 | @@ -0,0 +1,473 @@ | |
435 | +/* | |
436 | + * OpenSSH Multi-threaded AES-CTR Cipher | |
437 | + * | |
438 | + * Author: Benjamin Bennett <ben@psc.edu> | |
439 | + * Copyright (c) 2008 Pittsburgh Supercomputing Center. All rights reserved. | |
440 | + * | |
441 | + * Based on original OpenSSH AES-CTR cipher. Small portions remain unchanged, | |
442 | + * Copyright (c) 2003 Markus Friedl <markus@openbsd.org> | |
443 | + * | |
444 | + * Permission to use, copy, modify, and distribute this software for any | |
445 | + * purpose with or without fee is hereby granted, provided that the above | |
446 | + * copyright notice and this permission notice appear in all copies. | |
447 | + * | |
448 | + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |
449 | + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |
450 | + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |
451 | + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
452 | + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
453 | + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
454 | + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
455 | + */ | |
456 | +#include "includes.h" | |
457 | + | |
458 | +#include <sys/types.h> | |
459 | + | |
460 | +#include <stdarg.h> | |
461 | +#include <string.h> | |
462 | + | |
463 | +#include <openssl/evp.h> | |
464 | + | |
465 | +#include "xmalloc.h" | |
466 | +#include "log.h" | |
467 | + | |
468 | +/* compatibility with old or broken OpenSSL versions */ | |
469 | +#include "openbsd-compat/openssl-compat.h" | |
470 | + | |
471 | +#ifndef USE_BUILTIN_RIJNDAEL | |
472 | +#include <openssl/aes.h> | |
473 | +#endif | |
474 | + | |
475 | +#include <pthread.h> | |
476 | + | |
477 | +/*-------------------- TUNABLES --------------------*/ | |
478 | +/* Number of pregen threads to use */ | |
479 | +#define CIPHER_THREADS 2 | |
480 | + | |
481 | +/* Number of keystream queues */ | |
482 | +#define NUMKQ (CIPHER_THREADS + 2) | |
483 | + | |
484 | +/* Length of a keystream queue */ | |
485 | +#define KQLEN 4096 | |
486 | + | |
487 | +/* Processor cacheline length */ | |
488 | +#define CACHELINE_LEN 64 | |
489 | + | |
490 | +/* Collect thread stats and print at cancellation when in debug mode */ | |
491 | +// #define CIPHER_THREAD_STATS | |
492 | + | |
493 | +/* Use single-byte XOR instead of 8-byte XOR */ | |
494 | +// #define CIPHER_BYTE_XOR | |
495 | +/*-------------------- END TUNABLES --------------------*/ | |
496 | + | |
497 | + | |
498 | +const EVP_CIPHER *evp_aes_ctr_mt(void); | |
499 | + | |
500 | +#ifdef CIPHER_THREAD_STATS | |
501 | +/* | |
502 | + * Struct to collect thread stats | |
503 | + */ | |
504 | +struct thread_stats { | |
505 | + u_int fills; | |
506 | + u_int skips; | |
507 | + u_int waits; | |
508 | + u_int drains; | |
509 | +}; | |
510 | + | |
511 | +/* | |
512 | + * Debug print the thread stats | |
513 | + * Use with pthread_cleanup_push for displaying at thread cancellation | |
514 | + */ | |
515 | +static void | |
516 | +thread_loop_stats(void *x) | |
517 | +{ | |
518 | + struct thread_stats *s = x; | |
519 | + | |
520 | + debug("tid %lu - %u fills, %u skips, %u waits", pthread_self(), | |
521 | + s->fills, s->skips, s->waits); | |
522 | +} | |
523 | + | |
524 | + #define STATS_STRUCT(s) struct thread_stats s | |
525 | + #define STATS_INIT(s) { memset(&s, 0, sizeof(s)); } | |
526 | + #define STATS_FILL(s) { s.fills++; } | |
527 | + #define STATS_SKIP(s) { s.skips++; } | |
528 | + #define STATS_WAIT(s) { s.waits++; } | |
529 | + #define STATS_DRAIN(s) { s.drains++; } | |
530 | +#else | |
531 | + #define STATS_STRUCT(s) | |
532 | + #define STATS_INIT(s) | |
533 | + #define STATS_FILL(s) | |
534 | + #define STATS_SKIP(s) | |
535 | + #define STATS_WAIT(s) | |
536 | + #define STATS_DRAIN(s) | |
537 | +#endif | |
538 | + | |
539 | +/* Keystream Queue state */ | |
540 | +enum { | |
541 | + KQINIT, | |
542 | + KQEMPTY, | |
543 | + KQFILLING, | |
544 | + KQFULL, | |
545 | + KQDRAINING | |
546 | +}; | |
547 | + | |
548 | +/* Keystream Queue struct */ | |
549 | +struct kq { | |
550 | + u_char keys[KQLEN][AES_BLOCK_SIZE]; | |
551 | + u_char ctr[AES_BLOCK_SIZE]; | |
552 | + u_char pad0[CACHELINE_LEN]; | |
553 | + volatile int qstate; | |
554 | + pthread_mutex_t lock; | |
555 | + pthread_cond_t cond; | |
556 | + u_char pad1[CACHELINE_LEN]; | |
557 | +}; | |
558 | + | |
559 | +/* Context struct */ | |
560 | +struct ssh_aes_ctr_ctx | |
561 | +{ | |
562 | + struct kq q[NUMKQ]; | |
563 | + AES_KEY aes_ctx; | |
564 | + STATS_STRUCT(stats); | |
565 | + u_char aes_counter[AES_BLOCK_SIZE]; | |
566 | + pthread_t tid[CIPHER_THREADS]; | |
567 | + int state; | |
568 | + int qidx; | |
569 | + int ridx; | |
570 | +}; | |
571 | + | |
572 | +/* <friedl> | |
573 | + * increment counter 'ctr', | |
574 | + * the counter is of size 'len' bytes and stored in network-byte-order. | |
575 | + * (LSB at ctr[len-1], MSB at ctr[0]) | |
576 | + */ | |
577 | +static void | |
578 | +ssh_ctr_inc(u_char *ctr, u_int len) | |
579 | +{ | |
580 | + int i; | |
581 | + | |
582 | + for (i = len - 1; i >= 0; i--) | |
583 | + if (++ctr[i]) /* continue on overflow */ | |
584 | + return; | |
585 | +} | |
586 | + | |
587 | +/* | |
588 | + * Add num to counter 'ctr' | |
589 | + */ | |
590 | +static void | |
591 | +ssh_ctr_add(u_char *ctr, uint32_t num, u_int len) | |
592 | +{ | |
593 | + int i; | |
594 | + uint16_t n; | |
595 | + | |
596 | + for (n = 0, i = len - 1; i >= 0 && (num || n); i--) { | |
597 | + n = ctr[i] + (num & 0xff) + n; | |
598 | + num >>= 8; | |
599 | + ctr[i] = n & 0xff; | |
600 | + n >>= 8; | |
601 | + } | |
602 | +} | |
603 | + | |
604 | +/* | |
605 | + * Threads may be cancelled in a pthread_cond_wait, we must free the mutex | |
606 | + */ | |
607 | +static void | |
608 | +thread_loop_cleanup(void *x) | |
609 | +{ | |
610 | + pthread_mutex_unlock((pthread_mutex_t *)x); | |
611 | +} | |
612 | + | |
613 | +/* | |
614 | + * The life of a pregen thread: | |
615 | + * Find empty keystream queues and fill them using their counter. | |
616 | + * When done, update counter for the next fill. | |
617 | + */ | |
618 | +static void * | |
619 | +thread_loop(void *x) | |
620 | +{ | |
621 | + AES_KEY key; | |
622 | + STATS_STRUCT(stats); | |
623 | + struct ssh_aes_ctr_ctx *c = x; | |
624 | + struct kq *q; | |
625 | + int i; | |
626 | + int qidx; | |
627 | + | |
628 | + /* Threads stats on cancellation */ | |
629 | + STATS_INIT(stats); | |
630 | +#ifdef CIPHER_THREAD_STATS | |
631 | + pthread_cleanup_push(thread_loop_stats, &stats); | |
632 | +#endif | |
633 | + | |
634 | + /* Thread local copy of AES key */ | |
635 | + memcpy(&key, &c->aes_ctx, sizeof(key)); | |
636 | + | |
637 | + /* | |
638 | + * Handle the special case of startup, one thread must fill | |
639 | + * the first KQ then mark it as draining. Lock held throughout. | |
640 | + */ | |
641 | + if (pthread_equal(pthread_self(), c->tid[0])) { | |
642 | + q = &c->q[0]; | |
643 | + pthread_mutex_lock(&q->lock); | |
644 | + if (q->qstate == KQINIT) { | |
645 | + for (i = 0; i < KQLEN; i++) { | |
646 | + AES_encrypt(q->ctr, q->keys[i], &key); | |
647 | + ssh_ctr_inc(q->ctr, AES_BLOCK_SIZE); | |
648 | + } | |
649 | + ssh_ctr_add(q->ctr, KQLEN * (NUMKQ - 1), AES_BLOCK_SIZE); | |
650 | + q->qstate = KQDRAINING; | |
651 | + STATS_FILL(stats); | |
652 | + pthread_cond_broadcast(&q->cond); | |
653 | + } | |
654 | + pthread_mutex_unlock(&q->lock); | |
655 | + } | |
656 | + else | |
657 | + STATS_SKIP(stats); | |
658 | + | |
659 | + /* | |
660 | + * Normal case is to find empty queues and fill them, skipping over | |
661 | + * queues already filled by other threads and stopping to wait for | |
662 | + * a draining queue to become empty. | |
663 | + * | |
664 | + * Multiple threads may be waiting on a draining queue and awoken | |
665 | + * when empty. The first thread to wake will mark it as filling, | |
666 | + * others will move on to fill, skip, or wait on the next queue. | |
667 | + */ | |
668 | + for (qidx = 1;; qidx = (qidx + 1) % NUMKQ) { | |
669 | + /* Check if I was cancelled, also checked in cond_wait */ | |
670 | + pthread_testcancel(); | |
671 | + | |
672 | + /* Lock queue and block if its draining */ | |
673 | + q = &c->q[qidx]; | |
674 | + pthread_mutex_lock(&q->lock); | |
675 | + pthread_cleanup_push(thread_loop_cleanup, &q->lock); | |
676 | + while (q->qstate == KQDRAINING || q->qstate == KQINIT) { | |
677 | + STATS_WAIT(stats); | |
678 | + pthread_cond_wait(&q->cond, &q->lock); | |
679 | + } | |
680 | + pthread_cleanup_pop(0); | |
681 | + | |
682 | + /* If filling or full, somebody else got it, skip */ | |
683 | + if (q->qstate != KQEMPTY) { | |
684 | + pthread_mutex_unlock(&q->lock); | |
685 | + STATS_SKIP(stats); | |
686 | + continue; | |
687 | + } | |
688 | + | |
689 | + /* | |
690 | + * Empty, let's fill it. | |
691 | + * Queue lock is relinquished while we do this so others | |
692 | + * can see that it's being filled. | |
693 | + */ | |
694 | + q->qstate = KQFILLING; | |
695 | + pthread_mutex_unlock(&q->lock); | |
696 | + for (i = 0; i < KQLEN; i++) { | |
697 | + AES_encrypt(q->ctr, q->keys[i], &key); | |
698 | + ssh_ctr_inc(q->ctr, AES_BLOCK_SIZE); | |
699 | + } | |
700 | + | |
701 | + /* Re-lock, mark full and signal consumer */ | |
702 | + pthread_mutex_lock(&q->lock); | |
703 | + ssh_ctr_add(q->ctr, KQLEN * (NUMKQ - 1), AES_BLOCK_SIZE); | |
704 | + q->qstate = KQFULL; | |
705 | + STATS_FILL(stats); | |
706 | + pthread_cond_signal(&q->cond); | |
707 | + pthread_mutex_unlock(&q->lock); | |
708 | + } | |
709 | + | |
710 | +#ifdef CIPHER_THREAD_STATS | |
711 | + /* Stats */ | |
712 | + pthread_cleanup_pop(1); | |
713 | +#endif | |
714 | + | |
715 | + return NULL; | |
716 | +} | |
717 | + | |
718 | +static int | |
719 | +ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, | |
720 | + u_int len) | |
721 | +{ | |
722 | + struct ssh_aes_ctr_ctx *c; | |
723 | + struct kq *q, *oldq; | |
724 | + int ridx; | |
725 | + u_char *buf; | |
726 | + | |
727 | + if (len == 0) | |
728 | + return (1); | |
729 | + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) | |
730 | + return (0); | |
731 | + | |
732 | + q = &c->q[c->qidx]; | |
733 | + ridx = c->ridx; | |
734 | + | |
735 | + /* src already padded to block multiple */ | |
736 | + while (len > 0) { | |
737 | + buf = q->keys[ridx]; | |
738 | + | |
739 | +#ifdef CIPHER_BYTE_XOR | |
740 | + dest[0] = src[0] ^ buf[0]; | |
741 | + dest[1] = src[1] ^ buf[1]; | |
742 | + dest[2] = src[2] ^ buf[2]; | |
743 | + dest[3] = src[3] ^ buf[3]; | |
744 | + dest[4] = src[4] ^ buf[4]; | |
745 | + dest[5] = src[5] ^ buf[5]; | |
746 | + dest[6] = src[6] ^ buf[6]; | |
747 | + dest[7] = src[7] ^ buf[7]; | |
748 | + dest[8] = src[8] ^ buf[8]; | |
749 | + dest[9] = src[9] ^ buf[9]; | |
750 | + dest[10] = src[10] ^ buf[10]; | |
751 | + dest[11] = src[11] ^ buf[11]; | |
752 | + dest[12] = src[12] ^ buf[12]; | |
753 | + dest[13] = src[13] ^ buf[13]; | |
754 | + dest[14] = src[14] ^ buf[14]; | |
755 | + dest[15] = src[15] ^ buf[15]; | |
756 | +#else | |
757 | + *(uint64_t *)dest = *(uint64_t *)src ^ *(uint64_t *)buf; | |
758 | + *(uint64_t *)(dest + 8) = *(uint64_t *)(src + 8) ^ | |
759 | + *(uint64_t *)(buf + 8); | |
760 | +#endif | |
761 | + | |
762 | + dest += 16; | |
763 | + src += 16; | |
764 | + len -= 16; | |
765 | + ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE); | |
766 | + | |
767 | + /* Increment read index, switch queues on rollover */ | |
768 | + if ((ridx = (ridx + 1) % KQLEN) == 0) { | |
769 | + oldq = q; | |
770 | + | |
771 | + /* Mark next queue draining, may need to wait */ | |
772 | + c->qidx = (c->qidx + 1) % NUMKQ; | |
773 | + q = &c->q[c->qidx]; | |
774 | + pthread_mutex_lock(&q->lock); | |
775 | + while (q->qstate != KQFULL) { | |
776 | + STATS_WAIT(c->stats); | |
777 | + pthread_cond_wait(&q->cond, &q->lock); | |
778 | + } | |
779 | + q->qstate = KQDRAINING; | |
780 | + pthread_mutex_unlock(&q->lock); | |
781 | + | |
782 | + /* Mark consumed queue empty and signal producers */ | |
783 | + pthread_mutex_lock(&oldq->lock); | |
784 | + oldq->qstate = KQEMPTY; | |
785 | + STATS_DRAIN(c->stats); | |
786 | + pthread_cond_broadcast(&oldq->cond); | |
787 | + pthread_mutex_unlock(&oldq->lock); | |
788 | + } | |
789 | + } | |
790 | + c->ridx = ridx; | |
791 | + return (1); | |
792 | +} | |
793 | + | |
794 | +#define HAVE_NONE 0 | |
795 | +#define HAVE_KEY 1 | |
796 | +#define HAVE_IV 2 | |
797 | +static int | |
798 | +ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, | |
799 | + int enc) | |
800 | +{ | |
801 | + struct ssh_aes_ctr_ctx *c; | |
802 | + int i; | |
803 | + | |
804 | + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { | |
805 | + c = xmalloc(sizeof(*c)); | |
806 | + | |
807 | + c->state = HAVE_NONE; | |
808 | + for (i = 0; i < NUMKQ; i++) { | |
809 | + pthread_mutex_init(&c->q[i].lock, NULL); | |
810 | + pthread_cond_init(&c->q[i].cond, NULL); | |
811 | + } | |
812 | + | |
813 | + STATS_INIT(c->stats); | |
814 | + | |
815 | + EVP_CIPHER_CTX_set_app_data(ctx, c); | |
816 | + } | |
817 | + | |
818 | + if (c->state == (HAVE_KEY | HAVE_IV)) { | |
819 | + /* Cancel pregen threads */ | |
820 | + for (i = 0; i < CIPHER_THREADS; i++) | |
821 | + pthread_cancel(c->tid[i]); | |
822 | + for (i = 0; i < CIPHER_THREADS; i++) | |
823 | + pthread_join(c->tid[i], NULL); | |
824 | + /* Start over getting key & iv */ | |
825 | + c->state = HAVE_NONE; | |
826 | + } | |
827 | + | |
828 | + if (key != NULL) { | |
829 | + AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, | |
830 | + &c->aes_ctx); | |
831 | + c->state |= HAVE_KEY; | |
832 | + } | |
833 | + | |
834 | + if (iv != NULL) { | |
835 | + memcpy(ctx->iv, iv, AES_BLOCK_SIZE); | |
836 | + c->state |= HAVE_IV; | |
837 | + } | |
838 | + | |
839 | + if (c->state == (HAVE_KEY | HAVE_IV)) { | |
840 | + /* Clear queues */ | |
841 | + memcpy(c->q[0].ctr, ctx->iv, AES_BLOCK_SIZE); | |
842 | + c->q[0].qstate = KQINIT; | |
843 | + for (i = 1; i < NUMKQ; i++) { | |
844 | + memcpy(c->q[i].ctr, ctx->iv, AES_BLOCK_SIZE); | |
845 | + ssh_ctr_add(c->q[i].ctr, i * KQLEN, AES_BLOCK_SIZE); | |
846 | + c->q[i].qstate = KQEMPTY; | |
847 | + } | |
848 | + c->qidx = 0; | |
849 | + c->ridx = 0; | |
850 | + | |
851 | + /* Start threads */ | |
852 | + for (i = 0; i < CIPHER_THREADS; i++) { | |
853 | + pthread_create(&c->tid[i], NULL, thread_loop, c); | |
854 | + } | |
855 | + pthread_mutex_lock(&c->q[0].lock); | |
856 | + while (c->q[0].qstate != KQDRAINING) | |
857 | + pthread_cond_wait(&c->q[0].cond, &c->q[0].lock); | |
858 | + pthread_mutex_unlock(&c->q[0].lock); | |
859 | + | |
860 | + } | |
861 | + return (1); | |
862 | +} | |
863 | + | |
864 | +static int | |
865 | +ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) | |
866 | +{ | |
867 | + struct ssh_aes_ctr_ctx *c; | |
868 | + int i; | |
869 | + | |
870 | + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { | |
871 | +#ifdef CIPHER_THREAD_STATS | |
872 | + debug("main thread: %u drains, %u waits", c->stats.drains, | |
873 | + c->stats.waits); | |
874 | +#endif | |
875 | + /* Cancel pregen threads */ | |
876 | + for (i = 0; i < CIPHER_THREADS; i++) | |
877 | + pthread_cancel(c->tid[i]); | |
878 | + for (i = 0; i < CIPHER_THREADS; i++) | |
879 | + pthread_join(c->tid[i], NULL); | |
880 | + | |
881 | + memset(c, 0, sizeof(*c)); | |
882 | + xfree(c); | |
883 | + EVP_CIPHER_CTX_set_app_data(ctx, NULL); | |
884 | + } | |
885 | + return (1); | |
886 | +} | |
887 | + | |
888 | +/* <friedl> */ | |
889 | +const EVP_CIPHER * | |
890 | +evp_aes_ctr_mt(void) | |
891 | +{ | |
892 | + static EVP_CIPHER aes_ctr; | |
893 | + | |
894 | + memset(&aes_ctr, 0, sizeof(EVP_CIPHER)); | |
895 | + aes_ctr.nid = NID_undef; | |
896 | + aes_ctr.block_size = AES_BLOCK_SIZE; | |
897 | + aes_ctr.iv_len = AES_BLOCK_SIZE; | |
898 | + aes_ctr.key_len = 16; | |
899 | + aes_ctr.init = ssh_aes_ctr_init; | |
900 | + aes_ctr.cleanup = ssh_aes_ctr_cleanup; | |
901 | + aes_ctr.do_cipher = ssh_aes_ctr; | |
902 | +#ifndef SSH_OLD_EVP | |
903 | + aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | | |
904 | + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; | |
905 | +#endif | |
906 | + return (&aes_ctr); | |
907 | +} | |
908 | diff -NupwB ../4.7/openssh-4.7p1/clientloop.c openssh-4.7p1/clientloop.c | |
909 | --- ../4.7/openssh-4.7p1/clientloop.c 2007-08-15 05:13:42.000000000 -0400 | |
910 | +++ openssh-4.7p1/clientloop.c 2008-02-06 13:28:23.000000000 -0500 | |
911 | @@ -910,13 +910,16 @@ client_process_control(fd_set *readset) | |
912 | ||
913 | set_nonblock(client_fd); | |
914 | ||
915 | + if (options.hpn_disabled) | |
916 | window = CHAN_SES_WINDOW_DEFAULT; | |
917 | + else | |
918 | + window = options.hpn_buffer_size; | |
919 | + | |
920 | packetmax = CHAN_SES_PACKET_DEFAULT; | |
921 | if (cctx->want_tty) { | |
922 | window >>= 1; | |
923 | packetmax >>= 1; | |
924 | } | |
925 | - | |
926 | c = channel_new("session", SSH_CHANNEL_OPENING, | |
927 | new_fd[0], new_fd[1], new_fd[2], window, packetmax, | |
928 | CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); | |
929 | @@ -1018,7 +1021,8 @@ process_cmdline(void) | |
930 | if (local) { | |
931 | if (channel_setup_local_fwd_listener(fwd.listen_host, | |
932 | fwd.listen_port, fwd.connect_host, | |
933 | - fwd.connect_port, options.gateway_ports) < 0) { | |
934 | + fwd.connect_port, options.gateway_ports, | |
935 | + options.hpn_disabled, options.hpn_buffer_size) < 0) { | |
936 | logit("Port forwarding failed."); | |
937 | goto out; | |
938 | } | |
939 | @@ -1717,10 +1721,16 @@ client_request_forwarded_tcpip(const cha | |
940 | xfree(listen_address); | |
941 | return NULL; | |
942 | } | |
943 | + if (options.hpn_disabled) | |
944 | c = channel_new("forwarded-tcpip", | |
945 | SSH_CHANNEL_CONNECTING, sock, sock, -1, | |
946 | CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0, | |
947 | originator_address, 1); | |
948 | + else | |
949 | + c = channel_new("forwarded-tcpip", | |
950 | + SSH_CHANNEL_CONNECTING, sock, sock, -1, | |
951 | + options.hpn_buffer_size, options.hpn_buffer_size, 0, | |
952 | + originator_address, 1); | |
953 | xfree(originator_address); | |
954 | xfree(listen_address); | |
955 | return c; | |
956 | @@ -1754,9 +1764,15 @@ client_request_x11(const char *request_t | |
957 | sock = x11_connect_display(); | |
958 | if (sock < 0) | |
959 | return NULL; | |
960 | + /* again is this really necessary for X11? */ | |
961 | + if (options.hpn_disabled) | |
962 | c = channel_new("x11", | |
963 | SSH_CHANNEL_X11_OPEN, sock, sock, -1, | |
964 | CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1); | |
965 | + else | |
966 | + c = channel_new("x11", | |
967 | + SSH_CHANNEL_X11_OPEN, sock, sock, -1, | |
968 | + options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1); | |
969 | c->force_drain = 1; | |
970 | return c; | |
971 | } | |
972 | @@ -1775,10 +1791,17 @@ client_request_agent(const char *request | |
973 | sock = ssh_get_authentication_socket(); | |
974 | if (sock < 0) | |
975 | return NULL; | |
976 | + /* not sure this is really needed here either */ | |
977 | + if (options.hpn_disabled) | |
978 | c = channel_new("authentication agent connection", | |
979 | SSH_CHANNEL_OPEN, sock, sock, -1, | |
980 | CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0, | |
981 | "authentication agent connection", 1); | |
982 | + else | |
983 | + c = channel_new("authentication agent connection", | |
984 | + SSH_CHANNEL_OPEN, sock, sock, -1, | |
985 | + options.hpn_buffer_size, options.hpn_buffer_size, 0, | |
986 | + "authentication agent connection", 1); | |
987 | c->force_drain = 1; | |
988 | return c; | |
989 | } | |
990 | @@ -1805,10 +1828,18 @@ client_request_tun_fwd(int tun_mode, int | |
991 | return -1; | |
992 | } | |
993 | ||
994 | + if(options.hpn_disabled) | |
995 | c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, | |
996 | - CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); | |
997 | + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, | |
998 | + 0, "tun", 1); | |
999 | + else | |
1000 | + c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, | |
1001 | + options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, | |
1002 | + 0, "tun", 1); | |
1003 | c->datagram = 1; | |
1004 | ||
1005 | + | |
1006 | + | |
1007 | #if defined(SSH_TUN_FILTER) | |
1008 | if (options.tun_open == SSH_TUNMODE_POINTOPOINT) | |
1009 | channel_register_filter(c->self, sys_tun_infilter, | |
1010 | diff -NupwB ../4.7/openssh-4.7p1/compat.c openssh-4.7p1/compat.c | |
1011 | --- ../4.7/openssh-4.7p1/compat.c 2007-01-05 00:26:46.000000000 -0500 | |
1012 | +++ openssh-4.7p1/compat.c 2008-02-06 13:28:23.000000000 -0500 | |
1013 | @@ -169,6 +169,15 @@ compat_datafellows(const char *version) | |
1014 | strlen(check[i].pat), 0) == 1) { | |
1015 | debug("match: %s pat %s", version, check[i].pat); | |
1016 | datafellows = check[i].bugs; | |
1017 | + /* Check to see if the remote side is OpenSSH and not HPN */ | |
1018 | + if(strstr(version,"OpenSSH") != NULL) | |
1019 | + { | |
1020 | + if (strstr(version,"hpn") == NULL) | |
1021 | + { | |
1022 | + datafellows |= SSH_BUG_LARGEWINDOW; | |
1023 | + debug("Remote is NON-HPN aware"); | |
1024 | + } | |
1025 | + } | |
1026 | return; | |
1027 | } | |
1028 | } | |
1029 | diff -NupwB ../4.7/openssh-4.7p1/compat.h openssh-4.7p1/compat.h | |
1030 | --- ../4.7/openssh-4.7p1/compat.h 2007-01-05 00:26:46.000000000 -0500 | |
1031 | +++ openssh-4.7p1/compat.h 2008-02-06 13:28:23.000000000 -0500 | |
1032 | @@ -57,6 +57,7 @@ | |
1033 | #define SSH_BUG_FIRSTKEX 0x00800000 | |
1034 | #define SSH_OLD_FORWARD_ADDR 0x01000000 | |
1035 | #define SSH_BUG_RFWD_ADDR 0x02000000 | |
1036 | +#define SSH_BUG_LARGEWINDOW 0x04000000 | |
1037 | ||
1038 | void enable_compat13(void); | |
1039 | void enable_compat20(void); | |
1040 | Common subdirectories: ../4.7/openssh-4.7p1/contrib and openssh-4.7p1/contrib | |
1041 | diff -NupwB ../4.7/openssh-4.7p1/HPN12-README openssh-4.7p1/HPN12-README | |
1042 | --- ../4.7/openssh-4.7p1/HPN12-README 1969-12-31 19:00:00.000000000 -0500 | |
1043 | +++ openssh-4.7p1/HPN12-README 2008-02-06 13:28:23.000000000 -0500 | |
1044 | @@ -0,0 +1,111 @@ | |
1045 | +Notes: | |
1046 | + | |
1047 | +To use the NONE option you must have the NoneEnabled switch set on the server and | |
1048 | +you *must* have *both* NoneEnabled and NoneSwitch set to yes on the client. The NONE | |
1049 | +feature works with ALL ssh subsystems (as far as we can tell) *AS LONG AS* a tty is not | |
1050 | +spawned. If a user uses the -T switch to prevent a tty being created the NONE cipher will | |
1051 | +be disabled. | |
1052 | + | |
1053 | +The performance increase will only be as good as the network and TCP stack tuning | |
1054 | +on the reciever side of the connection allows. As a rule of thumb a user will need | |
1055 | +at least 10Mb/s connection with a 100ms RTT to see a doubling of performance. The | |
1056 | +HPN-SSH home page describes this in greater detail. | |
1057 | + | |
1058 | +http://www.psc.edu/networking/projects/hpn-ssh | |
1059 | + | |
1060 | +Buffer Sizes: | |
1061 | + | |
1062 | +If HPN is disabled the receive buffer size will be set to the | |
1063 | +OpenSSH default of 64K. | |
1064 | + | |
1065 | +If an HPN system connects to a nonHPN system the receive buffer will | |
1066 | +be set to the HPNBufferSize value. The default is 2MB but user adjustable. | |
1067 | + | |
1068 | +If an HPN to HPN connection is established a number of different things might | |
1069 | +happen based on the user options and conditions. | |
1070 | + | |
1071 | +Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set | |
1072 | +HPN Buffer Size = up to 64MB | |
1073 | +This is the default state. The HPN buffer size will grow to a maximum of 64MB | |
1074 | +as the TCP receive buffer grows. The maximum HPN Buffer size of 64MB is | |
1075 | +geared towards 10GigE transcontinental connections. | |
1076 | + | |
1077 | +Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set | |
1078 | +HPN Buffer Size = TCP receive buffer value. | |
1079 | +Users on non-autotuning systesm should disable TCPRcvBufPoll in the | |
1080 | +ssh_cofig and sshd_config | |
1081 | + | |
1082 | +Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set | |
1083 | +HPN Buffer Size = minmum of TCP receive buffer and HPNBufferSize. | |
1084 | +This would be the system defined TCP receive buffer (RWIN). | |
1085 | + | |
1086 | +Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf SET | |
1087 | +HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize. | |
1088 | +Generally there is no need to set both. | |
1089 | + | |
1090 | +Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set | |
1091 | +HPN Buffer Size = grows to HPNBufferSize | |
1092 | +The buffer will grow up to the maximum size specified here. | |
1093 | + | |
1094 | +Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf SET | |
1095 | +HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize. | |
1096 | +Generally there is no need to set both of these, especially on autotuning | |
1097 | +systems. However, if the users wishes to override the autotuning this would be | |
1098 | +one way to do it. | |
1099 | + | |
1100 | +Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf SET | |
1101 | +HPN Buffer Size = TCPRcvBuf. | |
1102 | +This will override autotuning and set the TCP recieve buffer to the user defined | |
1103 | +value. | |
1104 | + | |
1105 | + | |
1106 | +HPN Specific Configuration options | |
1107 | + | |
1108 | +TcpRcvBuf=[int]KB client | |
1109 | + set the TCP socket receive buffer to n Kilobytes. It can be set up to the | |
1110 | +maximum socket size allowed by the system. This is useful in situations where | |
1111 | +the tcp receive window is set low but the maximum buffer size is set | |
1112 | +higher (as is typical). This works on a per TCP connection basis. You can also | |
1113 | +use this to artifically limit the transfer rate of the connection. In these | |
1114 | +cases the throughput will be no more than n/RTT. The minimum buffer size is 1KB. | |
1115 | +Default is the current system wide tcp receive buffer size. | |
1116 | + | |
1117 | +TcpRcvBufPoll=[yes/no] client/server | |
1118 | + enable of disable the polling of the tcp receive buffer through the life | |
1119 | +of the connection. You would want to make sure that this option is enabled | |
1120 | +for systems making use of autotuning kernels (linux 2.4.24+, 2.6, MS Vista) | |
1121 | +default is yes. | |
1122 | + | |
1123 | +NoneEnabled=[yes/no] client/server | |
1124 | + enable or disable the use of the None cipher. Care must always be used | |
1125 | +when enabling this as it will allow users to send data in the clear. However, | |
1126 | +it is important to note that authentication information remains encrypted | |
1127 | +even if this option is enabled. Set to no by default. | |
1128 | + | |
1129 | +NoneSwitch=[yes/no] client | |
1130 | + Switch the encryption cipher being used to the None cipher after | |
1131 | +authentication takes place. NoneEnabled must be enabled on both the client | |
1132 | +and server side of the connection. When the connection switches to the NONE | |
1133 | +cipher a warning is sent to STDERR. The connection attempt will fail with an | |
1134 | +error if a client requests a NoneSwitch from the server that does not explicitly | |
1135 | +have NoneEnabled set to yes. Note: The NONE cipher cannot be used in | |
1136 | +interactive (shell) sessions and it will fail silently. Set to no by default. | |
1137 | + | |
1138 | +HPNDisabled=[yes/no] client/server | |
1139 | + In some situations, such as transfers on a local area network, the impact | |
1140 | +of the HPN code produces a net decrease in performance. In these cases it is | |
1141 | +helpful to disable the HPN functionality. By default HPNDisabled is set to no. | |
1142 | + | |
1143 | +HPNBufferSize=[int]KB client/server | |
1144 | + This is the default buffer size the HPN functionality uses when interacting | |
1145 | +with nonHPN SSH installations. Conceptually this is similar to the TcpRcvBuf | |
1146 | +option as applied to the internal SSH flow control. This value can range from | |
1147 | +1KB to 64MB (1-65536). Use of oversized or undersized buffers can cause performance | |
1148 | +problems depending on the length of the network path. The default size of this buffer | |
1149 | +is 2MB. | |
1150 | + | |
1151 | + | |
1152 | +Credits: This patch was conceived, designed, and led by Chris Rapier (rapier@psc.edu) | |
1153 | + The majority of the actual coding for versions up to HPN12v1 was performed | |
1154 | + by Michael Stevens (mstevens@andrew.cmu.edu). This work was financed, in part, | |
1155 | + by Cisco System, Inc., and the National Science Foundation. | |
1156 | diff -NupwB ../4.7/openssh-4.7p1/kex.c openssh-4.7p1/kex.c | |
1157 | --- ../4.7/openssh-4.7p1/kex.c 2007-06-05 04:30:18.000000000 -0400 | |
1158 | +++ openssh-4.7p1/kex.c 2008-02-06 13:29:19.000000000 -0500 | |
1159 | @@ -48,6 +48,7 @@ | |
1160 | #include "match.h" | |
1161 | #include "dispatch.h" | |
1162 | #include "monitor.h" | |
1163 | +#include "canohost.h" | |
1164 | ||
1165 | #define KEX_COOKIE_LEN 16 | |
1166 | ||
1167 | @@ -64,7 +65,8 @@ static void kex_kexinit_finish(Kex *); | |
1168 | static void kex_choose_conf(Kex *); | |
1169 | ||
1170 | /* put algorithm proposal into buffer */ | |
1171 | -static void | |
1172 | +/* used in sshconnect.c as well as kex.c */ | |
1173 | +void | |
1174 | kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) | |
1175 | { | |
1176 | u_int i; | |
1177 | @@ -376,6 +378,13 @@ kex_choose_conf(Kex *kex) | |
1178 | int nenc, nmac, ncomp; | |
1179 | u_int mode, ctos, need; | |
1180 | int first_kex_follows, type; | |
1181 | + int log_flag = 0; | |
1182 | + | |
1183 | + int auth_flag; | |
1184 | + | |
1185 | + auth_flag = packet_authentication_state(); | |
1186 | + | |
1187 | + debug ("AUTH STATE IS %d", auth_flag); | |
1188 | ||
1189 | my = kex_buf2prop(&kex->my, NULL); | |
1190 | peer = kex_buf2prop(&kex->peer, &first_kex_follows); | |
1191 | @@ -400,11 +409,34 @@ kex_choose_conf(Kex *kex) | |
1192 | choose_enc (&newkeys->enc, cprop[nenc], sprop[nenc]); | |
1193 | choose_mac (&newkeys->mac, cprop[nmac], sprop[nmac]); | |
1194 | choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]); | |
1195 | + debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name); | |
1196 | + if (strcmp(newkeys->enc.name, "none") == 0) { | |
1197 | + debug("Requesting NONE. Authflag is %d", auth_flag); | |
1198 | + if (auth_flag == 1) { | |
1199 | + debug("None requested post authentication."); | |
1200 | + } else { | |
1201 | + fatal("Pre-authentication none cipher requests are not allowed."); | |
1202 | + } | |
1203 | + } | |
1204 | debug("kex: %s %s %s %s", | |
1205 | ctos ? "client->server" : "server->client", | |
1206 | newkeys->enc.name, | |
1207 | newkeys->mac.name, | |
1208 | newkeys->comp.name); | |
1209 | + /* client starts withctos = 0 && log flag = 0 and no log*/ | |
1210 | + /* 2nd client pass ctos=1 and flag = 1 so no log*/ | |
1211 | + /* server starts with ctos =1 && log_flag = 0 so log */ | |
1212 | + /* 2nd sever pass ctos = 1 && log flag = 1 so no log*/ | |
1213 | + /* -cjr*/ | |
1214 | + if (ctos && !log_flag) { | |
1215 | + logit("SSH: Server;Ltype: Kex;Remote: %s-%d;Enc: %s;MAC: %s;Comp: %s", | |
1216 | + get_remote_ipaddr(), | |
1217 | + get_remote_port(), | |
1218 | + newkeys->enc.name, | |
1219 | + newkeys->mac.name, | |
1220 | + newkeys->comp.name); | |
1221 | + } | |
1222 | + log_flag = 1; | |
1223 | } | |
1224 | choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]); | |
1225 | choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], | |
1226 | diff -NupwB ../4.7/openssh-4.7p1/kex.h openssh-4.7p1/kex.h | |
1227 | --- ../4.7/openssh-4.7p1/kex.h 2007-06-11 00:01:42.000000000 -0400 | |
1228 | +++ openssh-4.7p1/kex.h 2008-02-06 13:28:23.000000000 -0500 | |
1229 | @@ -127,6 +127,8 @@ struct Kex { | |
1230 | void (*kex[KEX_MAX])(Kex *); | |
1231 | }; | |
1232 | ||
1233 | +void kex_prop2buf(Buffer *, char *proposal[PROPOSAL_MAX]); | |
1234 | + | |
1235 | Kex *kex_setup(char *[PROPOSAL_MAX]); | |
1236 | void kex_finish(Kex *); | |
1237 | ||
1238 | diff -NupwB ../4.7/openssh-4.7p1/Makefile.in openssh-4.7p1/Makefile.in | |
1239 | --- ../4.7/openssh-4.7p1/Makefile.in 2007-06-11 00:01:42.000000000 -0400 | |
1240 | +++ openssh-4.7p1/Makefile.in 2008-02-06 13:28:54.000000000 -0500 | |
1241 | @@ -43,7 +43,7 @@ CC=@CC@ | |
1242 | LD=@LD@ | |
1243 | CFLAGS=@CFLAGS@ | |
1244 | CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ | |
1245 | -LIBS=@LIBS@ | |
1246 | +LIBS=@LIBS@ -lpthread | |
1247 | SSHDLIBS=@SSHDLIBS@ | |
1248 | LIBEDIT=@LIBEDIT@ | |
1249 | AR=@AR@ | |
1250 | @@ -64,7 +64,7 @@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-a | |
1251 | ||
1252 | LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ | |
1253 | canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ | |
1254 | - cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ | |
1255 | + cipher-bf1.o cipher-ctr.o cipher-ctr-mt.o cipher-3des1.o cleanup.o \ | |
1256 | compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \ | |
1257 | log.o match.o md-sha256.o moduli.o nchan.o packet.o \ | |
1258 | readpass.o rsa.o ttymodes.o xmalloc.o \ | |
1259 | diff -NupwB ../4.7/openssh-4.7p1/myproposal.h openssh-4.7p1/myproposal.h | |
1260 | --- ../4.7/openssh-4.7p1/myproposal.h 2007-06-11 00:01:42.000000000 -0400 | |
1261 | +++ openssh-4.7p1/myproposal.h 2008-02-06 13:28:23.000000000 -0500 | |
1262 | @@ -46,6 +46,8 @@ | |
1263 | "arcfour128,arcfour256,arcfour," \ | |
1264 | "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \ | |
1265 | "aes128-ctr,aes192-ctr,aes256-ctr" | |
1266 | +#define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \ | |
1267 | + ",none" | |
1268 | #define KEX_DEFAULT_MAC \ | |
1269 | "hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \ | |
1270 | "hmac-ripemd160@openssh.com," \ | |
1271 | Common subdirectories: ../4.7/openssh-4.7p1/openbsd-compat and openssh-4.7p1/openbsd-compat | |
1272 | diff -NupwB ../4.7/openssh-4.7p1/packet.c openssh-4.7p1/packet.c | |
1273 | --- ../4.7/openssh-4.7p1/packet.c 2007-06-11 00:01:42.000000000 -0400 | |
1274 | +++ openssh-4.7p1/packet.c 2008-02-06 13:29:19.000000000 -0500 | |
1275 | @@ -710,7 +710,7 @@ packet_enable_delayed_compress(void) | |
1276 | /* | |
1277 | * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) | |
1278 | */ | |
1279 | -static void | |
1280 | +static int | |
1281 | packet_send2_wrapped(void) | |
1282 | { | |
1283 | u_char type, *cp, *macbuf = NULL; | |
1284 | @@ -822,11 +822,13 @@ packet_send2_wrapped(void) | |
1285 | set_newkeys(MODE_OUT); | |
1286 | else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side) | |
1287 | packet_enable_delayed_compress(); | |
1288 | + return(packet_length); | |
1289 | } | |
1290 | ||
1291 | -static void | |
1292 | +static int | |
1293 | packet_send2(void) | |
1294 | { | |
1295 | + static int packet_length = 0; | |
1296 | static int rekeying = 0; | |
1297 | struct packet *p; | |
1298 | u_char type, *cp; | |
1299 | @@ -844,7 +846,7 @@ packet_send2(void) | |
1300 | memcpy(&p->payload, &outgoing_packet, sizeof(Buffer)); | |
1301 | buffer_init(&outgoing_packet); | |
1302 | TAILQ_INSERT_TAIL(&outgoing, p, next); | |
1303 | - return; | |
1304 | + return(sizeof(Buffer)); | |
1305 | } | |
1306 | } | |
1307 | ||
1308 | @@ -852,7 +854,7 @@ packet_send2(void) | |
1309 | if (type == SSH2_MSG_KEXINIT) | |
1310 | rekeying = 1; | |
1311 | ||
1312 | - packet_send2_wrapped(); | |
1313 | + packet_length = packet_send2_wrapped(); | |
1314 | ||
1315 | /* after a NEWKEYS message we can send the complete queue */ | |
1316 | if (type == SSH2_MSG_NEWKEYS) { | |
1317 | @@ -865,19 +867,22 @@ packet_send2(void) | |
1318 | sizeof(Buffer)); | |
1319 | TAILQ_REMOVE(&outgoing, p, next); | |
1320 | xfree(p); | |
1321 | - packet_send2_wrapped(); | |
1322 | + packet_length += packet_send2_wrapped(); | |
1323 | } | |
1324 | } | |
1325 | + return(packet_length); | |
1326 | } | |
1327 | ||
1328 | -void | |
1329 | +int | |
1330 | packet_send(void) | |
1331 | { | |
1332 | + int packet_len = 0; | |
1333 | if (compat20) | |
1334 | - packet_send2(); | |
1335 | + packet_len = packet_send2(); | |
1336 | else | |
1337 | packet_send1(); | |
1338 | DBG(debug("packet_send done")); | |
1339 | + return(packet_len); | |
1340 | } | |
1341 | ||
1342 | /* | |
1343 | @@ -1415,21 +1420,23 @@ packet_disconnect(const char *fmt,...) | |
1344 | ||
1345 | /* Checks if there is any buffered output, and tries to write some of the output. */ | |
1346 | ||
1347 | -void | |
1348 | +int | |
1349 | packet_write_poll(void) | |
1350 | { | |
1351 | - int len = buffer_len(&output); | |
1352 | + int len = 0; | |
1353 | + len = buffer_len(&output); | |
1354 | ||
1355 | if (len > 0) { | |
1356 | len = write(connection_out, buffer_ptr(&output), len); | |
1357 | if (len <= 0) { | |
1358 | if (errno == EAGAIN) | |
1359 | - return; | |
1360 | + return (0); | |
1361 | else | |
1362 | fatal("Write failed: %.100s", strerror(errno)); | |
1363 | } | |
1364 | buffer_consume(&output, len); | |
1365 | } | |
1366 | + return(len); | |
1367 | } | |
1368 | ||
1369 | /* | |
1370 | @@ -1437,14 +1444,15 @@ packet_write_poll(void) | |
1371 | * written. | |
1372 | */ | |
1373 | ||
1374 | -void | |
1375 | +int | |
1376 | packet_write_wait(void) | |
1377 | { | |
1378 | fd_set *setp; | |
1379 | + u_int bytes_sent = 0; | |
1380 | ||
1381 | setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS), | |
1382 | sizeof(fd_mask)); | |
1383 | - packet_write_poll(); | |
1384 | + bytes_sent += packet_write_poll(); | |
1385 | while (packet_have_data_to_write()) { | |
1386 | memset(setp, 0, howmany(connection_out + 1, NFDBITS) * | |
1387 | sizeof(fd_mask)); | |
1388 | @@ -1452,9 +1460,10 @@ packet_write_wait(void) | |
1389 | while (select(connection_out + 1, NULL, setp, NULL, NULL) == -1 && | |
1390 | (errno == EAGAIN || errno == EINTR)) | |
1391 | ; | |
1392 | - packet_write_poll(); | |
1393 | + bytes_sent += packet_write_poll(); | |
1394 | } | |
1395 | xfree(setp); | |
1396 | + return (bytes_sent); | |
1397 | } | |
1398 | ||
1399 | /* Returns true if there is buffered data to write to the connection. */ | |
1400 | @@ -1576,12 +1585,24 @@ packet_send_ignore(int nbytes) | |
1401 | } | |
1402 | } | |
1403 | ||
1404 | +int rekey_requested = 0; | |
1405 | +void | |
1406 | +packet_request_rekeying(void) | |
1407 | +{ | |
1408 | + rekey_requested = 1; | |
1409 | +} | |
1410 | + | |
1411 | #define MAX_PACKETS (1U<<31) | |
1412 | int | |
1413 | packet_need_rekeying(void) | |
1414 | { | |
1415 | if (datafellows & SSH_BUG_NOREKEY) | |
1416 | return 0; | |
1417 | + if (rekey_requested == 1) | |
1418 | + { | |
1419 | + rekey_requested = 0; | |
1420 | + return 1; | |
1421 | + } | |
1422 | return | |
1423 | (p_send.packets > MAX_PACKETS) || | |
1424 | (p_read.packets > MAX_PACKETS) || | |
1425 | @@ -1606,3 +1627,9 @@ packet_set_authenticated(void) | |
1426 | { | |
1427 | after_authentication = 1; | |
1428 | } | |
1429 | + | |
1430 | +int | |
1431 | +packet_authentication_state(void) | |
1432 | +{ | |
1433 | + return(after_authentication); | |
1434 | +} | |
1435 | diff -NupwB ../4.7/openssh-4.7p1/packet.h openssh-4.7p1/packet.h | |
1436 | --- ../4.7/openssh-4.7p1/packet.h 2006-03-25 22:30:02.000000000 -0500 | |
1437 | +++ openssh-4.7p1/packet.h 2008-02-06 13:29:19.000000000 -0500 | |
1438 | @@ -20,6 +20,9 @@ | |
1439 | ||
1440 | #include <openssl/bn.h> | |
1441 | ||
1442 | +void | |
1443 | +packet_request_rekeying(void); | |
1444 | + | |
1445 | void packet_set_connection(int, int); | |
1446 | void packet_set_nonblocking(void); | |
1447 | int packet_get_connection_in(void); | |
1448 | @@ -34,6 +37,7 @@ void packet_set_interactive(int); | |
1449 | int packet_is_interactive(void); | |
1450 | void packet_set_server(void); | |
1451 | void packet_set_authenticated(void); | |
1452 | +int packet_authentication_state(void); | |
1453 | ||
1454 | void packet_start(u_char); | |
1455 | void packet_put_char(int ch); | |
1456 | @@ -43,7 +47,7 @@ void packet_put_bignum2(BIGNUM * val | |
1457 | void packet_put_string(const void *buf, u_int len); | |
1458 | void packet_put_cstring(const char *str); | |
1459 | void packet_put_raw(const void *buf, u_int len); | |
1460 | -void packet_send(void); | |
1461 | +int packet_send(void); | |
1462 | ||
1463 | int packet_read(void); | |
1464 | void packet_read_expect(int type); | |
1465 | @@ -71,8 +75,8 @@ void packet_set_state(int, u_int32_t, u | |
1466 | int packet_get_ssh1_cipher(void); | |
1467 | void packet_set_iv(int, u_char *); | |
1468 | ||
1469 | -void packet_write_poll(void); | |
1470 | -void packet_write_wait(void); | |
1471 | +int packet_write_poll(void); | |
1472 | +int packet_write_wait(void); | |
1473 | int packet_have_data_to_write(void); | |
1474 | int packet_not_very_much_data_to_write(void); | |
1475 | ||
1476 | diff -NupwB ../4.7/openssh-4.7p1/readconf.c openssh-4.7p1/readconf.c | |
1477 | --- ../4.7/openssh-4.7p1/readconf.c 2007-03-21 05:46:03.000000000 -0400 | |
1478 | +++ openssh-4.7p1/readconf.c 2008-02-06 13:28:23.000000000 -0500 | |
1479 | @@ -130,6 +130,8 @@ typedef enum { | |
1480 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | |
1481 | oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, | |
1482 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | |
1483 | + oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisabled, | |
1484 | + oHPNBufferSize, | |
1485 | oDeprecated, oUnsupported | |
1486 | } OpCodes; | |
1487 | ||
1488 | @@ -226,6 +228,12 @@ static struct { | |
1489 | { "tunneldevice", oTunnelDevice }, | |
1490 | { "localcommand", oLocalCommand }, | |
1491 | { "permitlocalcommand", oPermitLocalCommand }, | |
1492 | + { "noneenabled", oNoneEnabled }, | |
1493 | + { "tcprcvbufpoll", oTcpRcvBufPoll }, | |
1494 | + { "tcprcvbuf", oTcpRcvBuf }, | |
1495 | + { "noneswitch", oNoneSwitch }, | |
1496 | + { "hpndisabled", oHPNDisabled }, | |
1497 | + { "hpnbuffersize", oHPNBufferSize }, | |
1498 | { NULL, oBadOption } | |
1499 | }; | |
1500 | ||
1501 | @@ -453,6 +461,37 @@ parse_flag: | |
1502 | intptr = &options->check_host_ip; | |
1503 | goto parse_flag; | |
1504 | ||
1505 | + case oNoneEnabled: | |
1506 | + intptr = &options->none_enabled; | |
1507 | + goto parse_flag; | |
1508 | + | |
1509 | + /* we check to see if the command comes from the */ | |
1510 | + /* command line or not. If it does then enable it */ | |
1511 | + /* otherwise fail. NONE should never be a default configuration */ | |
1512 | + case oNoneSwitch: | |
1513 | + if(strcmp(filename,"command-line")==0) | |
1514 | + { | |
1515 | + intptr = &options->none_switch; | |
1516 | + goto parse_flag; | |
1517 | + } else { | |
1518 | + error("NoneSwitch is found in %.200s.\nYou may only use this configuration option from the command line", filename); | |
1519 | + error("Continuing..."); | |
1520 | + debug("NoneSwitch directive found in %.200s.", filename); | |
1521 | + return 0; | |
1522 | + } | |
1523 | + | |
1524 | + case oHPNDisabled: | |
1525 | + intptr = &options->hpn_disabled; | |
1526 | + goto parse_flag; | |
1527 | + | |
1528 | + case oHPNBufferSize: | |
1529 | + intptr = &options->hpn_buffer_size; | |
1530 | + goto parse_int; | |
1531 | + | |
1532 | + case oTcpRcvBufPoll: | |
1533 | + intptr = &options->tcp_rcv_buf_poll; | |
1534 | + goto parse_flag; | |
1535 | + | |
1536 | case oVerifyHostKeyDNS: | |
1537 | intptr = &options->verify_host_key_dns; | |
1538 | goto parse_yesnoask; | |
1539 | @@ -632,6 +671,10 @@ parse_int: | |
1540 | intptr = &options->connection_attempts; | |
1541 | goto parse_int; | |
1542 | ||
1543 | + case oTcpRcvBuf: | |
1544 | + intptr = &options->tcp_rcv_buf; | |
1545 | + goto parse_int; | |
1546 | + | |
1547 | case oCipher: | |
1548 | intptr = &options->cipher; | |
1549 | arg = strdelim(&s); | |
1550 | @@ -1065,6 +1108,12 @@ initialize_options(Options * options) | |
1551 | options->tun_remote = -1; | |
1552 | options->local_command = NULL; | |
1553 | options->permit_local_command = -1; | |
1554 | + options->none_switch = -1; | |
1555 | + options->none_enabled = -1; | |
1556 | + options->hpn_disabled = -1; | |
1557 | + options->hpn_buffer_size = -1; | |
1558 | + options->tcp_rcv_buf_poll = -1; | |
1559 | + options->tcp_rcv_buf = -1; | |
1560 | } | |
1561 | ||
1562 | /* | |
1563 | @@ -1187,6 +1236,29 @@ fill_default_options(Options * options) | |
1564 | options->server_alive_interval = 0; | |
1565 | if (options->server_alive_count_max == -1) | |
1566 | options->server_alive_count_max = 3; | |
1567 | + if (options->none_switch == -1) | |
1568 | + options->none_switch = 0; | |
1569 | + if (options->hpn_disabled == -1) | |
1570 | + options->hpn_disabled = 0; | |
1571 | + if (options->hpn_buffer_size > -1) | |
1572 | + { | |
1573 | + /* if a user tries to set the size to 0 set it to 1KB */ | |
1574 | + if (options->hpn_buffer_size == 0) | |
1575 | + options->hpn_buffer_size = 1024; | |
1576 | + /*limit the buffer to 64MB*/ | |
1577 | + if (options->hpn_buffer_size > 65536) | |
1578 | + { | |
1579 | + options->hpn_buffer_size = 65536*1024; | |
1580 | + debug("User requested buffer larger than 64MB. Request reverted to 64MB"); | |
1581 | + } | |
1582 | + debug("hpn_buffer_size set to %d", options->hpn_buffer_size); | |
1583 | + } | |
1584 | + if (options->tcp_rcv_buf == 0) | |
1585 | + options->tcp_rcv_buf = 1; | |
1586 | + if (options->tcp_rcv_buf > -1) | |
1587 | + options->tcp_rcv_buf *=1024; | |
1588 | + if (options->tcp_rcv_buf_poll == -1) | |
1589 | + options->tcp_rcv_buf_poll = 1; | |
1590 | if (options->control_master == -1) | |
1591 | options->control_master = 0; | |
1592 | if (options->hash_known_hosts == -1) | |
1593 | diff -NupwB ../4.7/openssh-4.7p1/readconf.h openssh-4.7p1/readconf.h | |
1594 | --- ../4.7/openssh-4.7p1/readconf.h 2006-08-04 22:39:40.000000000 -0400 | |
1595 | +++ openssh-4.7p1/readconf.h 2008-02-06 13:28:23.000000000 -0500 | |
1596 | @@ -56,6 +56,11 @@ typedef struct { | |
1597 | int compression_level; /* Compression level 1 (fast) to 9 | |
1598 | * (best). */ | |
1599 | int tcp_keep_alive; /* Set SO_KEEPALIVE. */ | |
1600 | + int tcp_rcv_buf; /* user switch to set tcp recv buffer */ | |
1601 | + int tcp_rcv_buf_poll; /* Option to poll recv buf every window transfer */ | |
1602 | + int hpn_disabled; /* Switch to disable HPN buffer management */ | |
1603 | + int hpn_buffer_size; /* User definable size for HPN buffer window */ | |
1604 | + | |
1605 | LogLevel log_level; /* Level for logging. */ | |
1606 | ||
1607 | int port; /* Port to connect. */ | |
1608 | @@ -101,6 +106,8 @@ typedef struct { | |
1609 | ||
1610 | int enable_ssh_keysign; | |
1611 | int rekey_limit; | |
1612 | + int none_switch; /* Use none cipher */ | |
1613 | + int none_enabled; /* Allow none to be used */ | |
1614 | int no_host_authentication_for_localhost; | |
1615 | int identities_only; | |
1616 | int server_alive_interval; | |
1617 | Common subdirectories: ../4.7/openssh-4.7p1/regress and openssh-4.7p1/regress | |
1618 | Common subdirectories: ../4.7/openssh-4.7p1/scard and openssh-4.7p1/scard | |
1619 | diff -NupwB ../4.7/openssh-4.7p1/scp.c openssh-4.7p1/scp.c | |
1620 | --- ../4.7/openssh-4.7p1/scp.c 2007-08-08 00:29:58.000000000 -0400 | |
1621 | +++ openssh-4.7p1/scp.c 2008-02-06 13:28:23.000000000 -0500 | |
1622 | @@ -585,7 +585,7 @@ source(int argc, char **argv) | |
1623 | off_t i, amt, statbytes; | |
1624 | size_t result; | |
1625 | int fd = -1, haderr, indx; | |
1626 | - char *last, *name, buf[2048], encname[MAXPATHLEN]; | |
1627 | + char *last, *name, buf[16384], encname[MAXPATHLEN]; | |
1628 | int len; | |
1629 | ||
1630 | for (indx = 0; indx < argc; ++indx) { | |
1631 | @@ -645,7 +645,7 @@ syserr: run_err("%s: %s", name, strerr | |
1632 | (void) atomicio(vwrite, remout, buf, strlen(buf)); | |
1633 | if (response() < 0) | |
1634 | goto next; | |
1635 | - if ((bp = allocbuf(&buffer, fd, 2048)) == NULL) { | |
1636 | + if ((bp = allocbuf(&buffer, fd, sizeof(buf))) == NULL) { | |
1637 | next: if (fd != -1) { | |
1638 | (void) close(fd); | |
1639 | fd = -1; | |
1640 | @@ -813,7 +813,7 @@ sink(int argc, char **argv) | |
1641 | mode_t mode, omode, mask; | |
1642 | off_t size, statbytes; | |
1643 | int setimes, targisdir, wrerrno = 0; | |
1644 | - char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; | |
1645 | + char ch, *cp, *np, *targ, *why, *vect[1], buf[16384]; | |
1646 | struct timeval tv[2]; | |
1647 | ||
1648 | #define atime tv[0] | |
1649 | @@ -974,7 +974,7 @@ bad: run_err("%s: %s", np, strerror(er | |
1650 | continue; | |
1651 | } | |
1652 | (void) atomicio(vwrite, remout, "", 1); | |
1653 | - if ((bp = allocbuf(&buffer, ofd, 4096)) == NULL) { | |
1654 | + if ((bp = allocbuf(&buffer, ofd, sizeof(buf))) == NULL) { | |
1655 | (void) close(ofd); | |
1656 | continue; | |
1657 | } | |
1658 | @@ -984,8 +984,8 @@ bad: run_err("%s: %s", np, strerror(er | |
1659 | statbytes = 0; | |
1660 | if (showprogress) | |
1661 | start_progress_meter(curfile, size, &statbytes); | |
1662 | - for (count = i = 0; i < size; i += 4096) { | |
1663 | - amt = 4096; | |
1664 | + for (count = i = 0; i < size; i += sizeof(buf)) { | |
1665 | + amt = sizeof(buf); | |
1666 | if (i + amt > size) | |
1667 | amt = size - i; | |
1668 | count += amt; | |
1669 | @@ -1002,7 +1002,7 @@ bad: run_err("%s: %s", np, strerror(er | |
1670 | } while (amt > 0); | |
1671 | ||
1672 | if (limit_rate) | |
1673 | - bwlimit(4096); | |
1674 | + bwlimit(sizeof(buf)); | |
1675 | ||
1676 | if (count == bp->cnt) { | |
1677 | /* Keep reading so we stay sync'd up. */ | |
1678 | diff -NupwB ../4.7/openssh-4.7p1/servconf.c openssh-4.7p1/servconf.c | |
1679 | --- ../4.7/openssh-4.7p1/servconf.c 2007-05-20 01:03:16.000000000 -0400 | |
1680 | +++ openssh-4.7p1/servconf.c 2008-02-06 13:28:23.000000000 -0500 | |
1681 | @@ -122,11 +122,19 @@ initialize_server_options(ServerOptions | |
1682 | options->permit_tun = -1; | |
1683 | options->num_permitted_opens = -1; | |
1684 | options->adm_forced_command = NULL; | |
1685 | + options->none_enabled = -1; | |
1686 | + options->tcp_rcv_buf_poll = -1; | |
1687 | + options->hpn_disabled = -1; | |
1688 | + options->hpn_buffer_size = -1; | |
1689 | } | |
1690 | ||
1691 | void | |
1692 | fill_default_server_options(ServerOptions *options) | |
1693 | { | |
1694 | + int sock; | |
1695 | + int socksize; | |
1696 | + int socksizelen = sizeof(int); | |
1697 | + | |
1698 | /* Portable-specific options */ | |
1699 | if (options->use_pam == -1) | |
1700 | options->use_pam = 0; | |
1701 | @@ -250,6 +258,42 @@ fill_default_server_options(ServerOption | |
1702 | if (options->permit_tun == -1) | |
1703 | options->permit_tun = SSH_TUNMODE_NO; | |
1704 | ||
1705 | + if (options->hpn_disabled == -1) | |
1706 | + options->hpn_disabled = 0; | |
1707 | + | |
1708 | + if (options->hpn_buffer_size == -1) { | |
1709 | + /* option not explicitly set. Now we have to figure out */ | |
1710 | + /* what value to use */ | |
1711 | + if (options->hpn_disabled == 1) { | |
1712 | + options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT; | |
1713 | + } else { | |
1714 | + /* get the current RCV size and set it to that */ | |
1715 | + /*create a socket but don't connect it */ | |
1716 | + /* we use that the get the rcv socket size */ | |
1717 | + sock = socket(AF_INET, SOCK_STREAM, 0); | |
1718 | + getsockopt(sock, SOL_SOCKET, SO_RCVBUF, | |
1719 | + &socksize, &socksizelen); | |
1720 | + close(sock); | |
1721 | + options->hpn_buffer_size = socksize; | |
1722 | + debug ("HPN Buffer Size: %d", options->hpn_buffer_size); | |
1723 | + | |
1724 | + } | |
1725 | + } else { | |
1726 | + /* we have to do this incase the user sets both values in a contradictory */ | |
1727 | + /* manner. hpn_disabled overrrides hpn_buffer_size*/ | |
1728 | + if (options->hpn_disabled <= 0) { | |
1729 | + if (options->hpn_buffer_size == 0) | |
1730 | + options->hpn_buffer_size = 1; | |
1731 | + /* limit the maximum buffer to 64MB */ | |
1732 | + if (options->hpn_buffer_size > 64*1024) { | |
1733 | + options->hpn_buffer_size = 64*1024*1024; | |
1734 | + } else { | |
1735 | + options->hpn_buffer_size *= 1024; | |
1736 | + } | |
1737 | + } else | |
1738 | + options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; | |
1739 | + } | |
1740 | + | |
1741 | /* Turn privilege separation on by default */ | |
1742 | if (use_privsep == -1) | |
1743 | use_privsep = 1; | |
1744 | @@ -292,7 +336,8 @@ typedef enum { | |
1745 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | |
1746 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, | |
1747 | sMatch, sPermitOpen, sForceCommand, | |
1748 | - sUsePrivilegeSeparation, | |
1749 | + sUsePrivilegeSeparation, sNoneEnabled, sTcpRcvBufPoll, | |
1750 | + sHPNDisabled, sHPNBufferSize, | |
1751 | sDeprecated, sUnsupported | |
1752 | } ServerOpCodes; | |
1753 | ||
1754 | @@ -403,6 +448,10 @@ static struct { | |
1755 | { "match", sMatch, SSHCFG_ALL }, | |
1756 | { "permitopen", sPermitOpen, SSHCFG_ALL }, | |
1757 | { "forcecommand", sForceCommand, SSHCFG_ALL }, | |
1758 | + { "noneenabled", sNoneEnabled }, | |
1759 | + { "hpndisabled", sHPNDisabled }, | |
1760 | + { "hpnbuffersize", sHPNBufferSize }, | |
1761 | + { "tcprcvbufpoll", sTcpRcvBufPoll }, | |
1762 | { NULL, sBadOption, 0 } | |
1763 | }; | |
1764 | ||
1765 | @@ -418,6 +467,7 @@ parse_token(const char *cp, const char * | |
1766 | ||
1767 | for (i = 0; keywords[i].name; i++) | |
1768 | if (strcasecmp(cp, keywords[i].name) == 0) { | |
1769 | + debug ("Config token is %s", keywords[i].name); | |
1770 | *flags = keywords[i].flags; | |
1771 | return keywords[i].opcode; | |
1772 | } | |
1773 | @@ -827,6 +877,22 @@ parse_flag: | |
1774 | *intptr = value; | |
1775 | break; | |
1776 | ||
1777 | + case sNoneEnabled: | |
1778 | + intptr = &options->none_enabled; | |
1779 | + goto parse_flag; | |
1780 | + | |
1781 | + case sTcpRcvBufPoll: | |
1782 | + intptr = &options->tcp_rcv_buf_poll; | |
1783 | + goto parse_flag; | |
1784 | + | |
1785 | + case sHPNDisabled: | |
1786 | + intptr = &options->hpn_disabled; | |
1787 | + goto parse_flag; | |
1788 | + | |
1789 | + case sHPNBufferSize: | |
1790 | + intptr = &options->hpn_buffer_size; | |
1791 | + goto parse_int; | |
1792 | + | |
1793 | case sIgnoreUserKnownHosts: | |
1794 | intptr = &options->ignore_user_known_hosts; | |
1795 | goto parse_flag; | |
1796 | diff -NupwB ../4.7/openssh-4.7p1/servconf.h openssh-4.7p1/servconf.h | |
1797 | --- ../4.7/openssh-4.7p1/servconf.h 2007-02-19 06:25:38.000000000 -0500 | |
1798 | +++ openssh-4.7p1/servconf.h 2008-02-06 13:28:23.000000000 -0500 | |
1799 | @@ -137,6 +137,10 @@ typedef struct { | |
1800 | char *adm_forced_command; | |
1801 | ||
1802 | int use_pam; /* Enable auth via PAM */ | |
1803 | + int none_enabled; /* enable NONE cipher switch */ | |
1804 | + int tcp_rcv_buf_poll; /* poll tcp rcv window in autotuning kernels*/ | |
1805 | + int hpn_disabled; /* disable hpn functionality. false by default */ | |
1806 | + int hpn_buffer_size; /* set the hpn buffer size - default 3MB */ | |
1807 | ||
1808 | int permit_tun; | |
1809 | ||
1810 | diff -NupwB ../4.7/openssh-4.7p1/serverloop.c openssh-4.7p1/serverloop.c | |
1811 | --- ../4.7/openssh-4.7p1/serverloop.c 2007-01-28 18:16:28.000000000 -0500 | |
1812 | +++ openssh-4.7p1/serverloop.c 2008-02-06 13:29:19.000000000 -0500 | |
1813 | @@ -92,10 +92,10 @@ static int fdin; /* Descriptor for stdi | |
1814 | static int fdout; /* Descriptor for stdout (for reading); | |
1815 | May be same number as fdin. */ | |
1816 | static int fderr; /* Descriptor for stderr. May be -1. */ | |
1817 | -static long stdin_bytes = 0; /* Number of bytes written to stdin. */ | |
1818 | -static long stdout_bytes = 0; /* Number of stdout bytes sent to client. */ | |
1819 | -static long stderr_bytes = 0; /* Number of stderr bytes sent to client. */ | |
1820 | -static long fdout_bytes = 0; /* Number of stdout bytes read from program. */ | |
1821 | +static u_long stdin_bytes = 0; /* Number of bytes written to stdin. */ | |
1822 | +static u_long stdout_bytes = 0; /* Number of stdout bytes sent to client. */ | |
1823 | +static u_long stderr_bytes = 0; /* Number of stderr bytes sent to client. */ | |
1824 | +static u_long fdout_bytes = 0; /* Number of stdout bytes read from program. */ | |
1825 | static int stdin_eof = 0; /* EOF message received from client. */ | |
1826 | static int fdout_eof = 0; /* EOF encountered reading from fdout. */ | |
1827 | static int fderr_eof = 0; /* EOF encountered readung from fderr. */ | |
1828 | @@ -120,6 +120,20 @@ static volatile sig_atomic_t received_si | |
1829 | static void server_init_dispatch(void); | |
1830 | ||
1831 | /* | |
1832 | + * Returns current time in seconds from Jan 1, 1970 with the maximum | |
1833 | + * available resolution. | |
1834 | + */ | |
1835 | + | |
1836 | +static double | |
1837 | +get_current_time(void) | |
1838 | +{ | |
1839 | + struct timeval tv; | |
1840 | + gettimeofday(&tv, NULL); | |
1841 | + return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0; | |
1842 | +} | |
1843 | + | |
1844 | + | |
1845 | +/* | |
1846 | * we write to this pipe if a SIGCHLD is caught in order to avoid | |
1847 | * the race between select() and child_terminated | |
1848 | */ | |
1849 | @@ -408,6 +422,7 @@ process_input(fd_set *readset) | |
1850 | } else { | |
1851 | /* Buffer any received data. */ | |
1852 | packet_process_incoming(buf, len); | |
1853 | + fdout_bytes += len; | |
1854 | } | |
1855 | } | |
1856 | if (compat20) | |
1857 | @@ -430,6 +445,7 @@ process_input(fd_set *readset) | |
1858 | } else { | |
1859 | buffer_append(&stdout_buffer, buf, len); | |
1860 | fdout_bytes += len; | |
1861 | + debug ("FD out now: %ld", fdout_bytes); | |
1862 | } | |
1863 | } | |
1864 | /* Read and buffer any available stderr data from the program. */ | |
1865 | @@ -496,7 +512,7 @@ process_output(fd_set *writeset) | |
1866 | } | |
1867 | /* Send any buffered packet data to the client. */ | |
1868 | if (FD_ISSET(connection_out, writeset)) | |
1869 | - packet_write_poll(); | |
1870 | + stdin_bytes += packet_write_poll(); | |
1871 | } | |
1872 | ||
1873 | /* | |
1874 | @@ -813,8 +829,10 @@ server_loop2(Authctxt *authctxt) | |
1875 | { | |
1876 | fd_set *readset = NULL, *writeset = NULL; | |
1877 | int rekeying = 0, max_fd, nalloc = 0; | |
1878 | + double start_time, total_time; | |
1879 | ||
1880 | debug("Entering interactive session for SSH2."); | |
1881 | + start_time = get_current_time(); | |
1882 | ||
1883 | mysignal(SIGCHLD, sigchld_handler); | |
1884 | child_terminated = 0; | |
1885 | @@ -876,6 +894,11 @@ server_loop2(Authctxt *authctxt) | |
1886 | ||
1887 | /* free remaining sessions, e.g. remove wtmp entries */ | |
1888 | session_destroy_all(NULL); | |
1889 | + total_time = get_current_time() - start_time; | |
1890 | + logit("SSH: Server;LType: Throughput;Remote: %s-%d;IN: %lu;OUT: %lu;Duration: %.1f;tPut_in: %.1f;tPut_out: %.1f", | |
1891 | + get_remote_ipaddr(), get_remote_port(), | |
1892 | + stdin_bytes, fdout_bytes, total_time, stdin_bytes / total_time, | |
1893 | + fdout_bytes / total_time); | |
1894 | } | |
1895 | ||
1896 | static void | |
1897 | @@ -957,9 +980,14 @@ server_request_direct_tcpip(void) | |
1898 | xfree(originator); | |
1899 | if (sock < 0) | |
1900 | return NULL; | |
1901 | + if (options.hpn_disabled) | |
1902 | c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING, | |
1903 | sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, | |
1904 | CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1); | |
1905 | + else | |
1906 | + c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING, | |
1907 | + sock, sock, -1, options.hpn_buffer_size, | |
1908 | + CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1); | |
1909 | return c; | |
1910 | } | |
1911 | ||
1912 | @@ -994,8 +1022,12 @@ server_request_tun(void) | |
1913 | sock = tun_open(tun, mode); | |
1914 | if (sock < 0) | |
1915 | goto done; | |
1916 | + if (options.hpn_disabled) | |
1917 | c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, | |
1918 | CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); | |
1919 | + else | |
1920 | + c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, | |
1921 | + options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); | |
1922 | c->datagram = 1; | |
1923 | #if defined(SSH_TUN_FILTER) | |
1924 | if (mode == SSH_TUNMODE_POINTOPOINT) | |
1925 | @@ -1025,6 +1057,8 @@ server_request_session(void) | |
1926 | c = channel_new("session", SSH_CHANNEL_LARVAL, | |
1927 | -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT, | |
1928 | 0, "server-session", 1); | |
1929 | + if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled)) | |
1930 | + c->dynamic_window = 1; | |
1931 | if (session_open(the_authctxt, c->self) != 1) { | |
1932 | debug("session open failed, free channel %d", c->self); | |
1933 | channel_free(c); | |
1934 | @@ -1121,7 +1155,8 @@ server_input_global_request(int type, u_ | |
1935 | } else { | |
1936 | /* Start listening on the port */ | |
1937 | success = channel_setup_remote_fwd_listener( | |
1938 | - listen_address, listen_port, options.gateway_ports); | |
1939 | + listen_address, listen_port, options.gateway_ports, | |
1940 | + options.hpn_disabled, options.hpn_buffer_size); | |
1941 | } | |
1942 | xfree(listen_address); | |
1943 | } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { | |
1944 | diff -NupwB ../4.7/openssh-4.7p1/session.c openssh-4.7p1/session.c | |
1945 | --- ../4.7/openssh-4.7p1/session.c 2007-08-16 09:28:04.000000000 -0400 | |
1946 | +++ openssh-4.7p1/session.c 2008-02-06 13:28:23.000000000 -0500 | |
1947 | @@ -211,6 +211,7 @@ auth_input_request_forwarding(struct pas | |
1948 | packet_disconnect("listen: %.100s", strerror(errno)); | |
1949 | ||
1950 | /* Allocate a channel for the authentication agent socket. */ | |
1951 | + /* this shouldn't matter if its hpn or not - cjr */ | |
1952 | nc = channel_new("auth socket", | |
1953 | SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, | |
1954 | CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, | |
1955 | @@ -348,7 +349,8 @@ do_authenticated1(Authctxt *authctxt) | |
1956 | } | |
1957 | debug("Received TCP/IP port forwarding request."); | |
1958 | if (channel_input_port_forward_request(s->pw->pw_uid == 0, | |
1959 | - options.gateway_ports) < 0) { | |
1960 | + options.gateway_ports, options.hpn_disabled, | |
1961 | + options.hpn_buffer_size) < 0) { | |
1962 | debug("Port forwarding failed."); | |
1963 | break; | |
1964 | } | |
1965 | @@ -2058,11 +2060,18 @@ session_set_fds(Session *s, int fdin, in | |
1966 | */ | |
1967 | if (s->chanid == -1) | |
1968 | fatal("no channel for session %d", s->self); | |
1969 | + if(options.hpn_disabled) | |
1970 | channel_set_fds(s->chanid, | |
1971 | fdout, fdin, fderr, | |
1972 | fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, | |
1973 | 1, | |
1974 | CHAN_SES_WINDOW_DEFAULT); | |
1975 | + else | |
1976 | + channel_set_fds(s->chanid, | |
1977 | + fdout, fdin, fderr, | |
1978 | + fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, | |
1979 | + 1, | |
1980 | + options.hpn_buffer_size); | |
1981 | } | |
1982 | ||
1983 | /* | |
1984 | @@ -2407,7 +2416,8 @@ session_setup_x11fwd(Session *s) | |
1985 | } | |
1986 | if (x11_create_display_inet(options.x11_display_offset, | |
1987 | options.x11_use_localhost, s->single_connection, | |
1988 | - &s->display_number, &s->x11_chanids) == -1) { | |
1989 | + &s->display_number, &s->x11_chanids, | |
1990 | + options.hpn_disabled, options.hpn_buffer_size) == -1) { | |
1991 | debug("x11_create_display_inet failed."); | |
1992 | return 0; | |
1993 | } | |
1994 | diff -NupwB ../4.7/openssh-4.7p1/ssh.c openssh-4.7p1/ssh.c | |
1995 | --- ../4.7/openssh-4.7p1/ssh.c 2007-08-08 00:32:41.000000000 -0400 | |
1996 | +++ openssh-4.7p1/ssh.c 2008-02-06 13:28:23.000000000 -0500 | |
1997 | @@ -502,9 +502,6 @@ main(int ac, char **av) | |
1998 | no_shell_flag = 1; | |
1999 | no_tty_flag = 1; | |
2000 | break; | |
2001 | - case 'T': | |
2002 | - no_tty_flag = 1; | |
2003 | - break; | |
2004 | case 'o': | |
2005 | dummy = 1; | |
2006 | line = xstrdup(optarg); | |
2007 | @@ -513,6 +510,13 @@ main(int ac, char **av) | |
2008 | exit(255); | |
2009 | xfree(line); | |
2010 | break; | |
2011 | + case 'T': | |
2012 | + no_tty_flag = 1; | |
2013 | + /* ensure that the user doesn't try to backdoor a */ | |
2014 | + /* null cipher switch on an interactive session */ | |
2015 | + /* so explicitly disable it no matter what */ | |
2016 | + options.none_switch=0; | |
2017 | + break; | |
2018 | case 's': | |
2019 | subsystem_flag = 1; | |
2020 | break; | |
2021 | @@ -829,7 +833,8 @@ ssh_init_forwarding(void) | |
2022 | options.local_forwards[i].listen_port, | |
2023 | options.local_forwards[i].connect_host, | |
2024 | options.local_forwards[i].connect_port, | |
2025 | - options.gateway_ports); | |
2026 | + options.gateway_ports, options.hpn_disabled, | |
2027 | + options.hpn_buffer_size); | |
2028 | } | |
2029 | if (i > 0 && success != i && options.exit_on_forward_failure) | |
2030 | fatal("Could not request local forwarding."); | |
2031 | @@ -1142,6 +1147,9 @@ ssh_session2_open(void) | |
2032 | { | |
2033 | Channel *c; | |
2034 | int window, packetmax, in, out, err; | |
2035 | + int sock; | |
2036 | + int socksize; | |
2037 | + int socksizelen = sizeof(int); | |
2038 | ||
2039 | if (stdin_null_flag) { | |
2040 | in = open(_PATH_DEVNULL, O_RDONLY); | |
2041 | @@ -1162,9 +1170,70 @@ ssh_session2_open(void) | |
2042 | if (!isatty(err)) | |
2043 | set_nonblock(err); | |
2044 | ||
2045 | - window = CHAN_SES_WINDOW_DEFAULT; | |
2046 | + /* we need to check to see if what they want to do about buffer */ | |
2047 | + /* sizes here. In a hpn to nonhpn connection we want to limit */ | |
2048 | + /* the window size to something reasonable in case the far side */ | |
2049 | + /* has the large window bug. In hpn to hpn connection we want to */ | |
2050 | + /* use the max window size but allow the user to override it */ | |
2051 | + /* lastly if they disabled hpn then use the ssh std window size */ | |
2052 | + | |
2053 | + /* so why don't we just do a getsockopt() here and set the */ | |
2054 | + /* ssh window to that? In the case of a autotuning receive */ | |
2055 | + /* window the window would get stuck at the initial buffer */ | |
2056 | + /* size generally less than 96k. Therefore we need to set the */ | |
2057 | + /* maximum ssh window size to the maximum hpn buffer size */ | |
2058 | + /* unless the user has specifically set the tcprcvbufpoll */ | |
2059 | + /* to no. In which case we *can* just set the window to the */ | |
2060 | + /* minimum of the hpn buffer size and tcp receive buffer size */ | |
2061 | + | |
2062 | + if(options.hpn_disabled) | |
2063 | + { | |
2064 | + options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT; | |
2065 | + } | |
2066 | + else if (datafellows & SSH_BUG_LARGEWINDOW) | |
2067 | + { | |
2068 | + debug("HPN to Non-HPN Connection"); | |
2069 | + if (options.hpn_buffer_size < 0) | |
2070 | + options.hpn_buffer_size = 2*1024*1024; | |
2071 | + } | |
2072 | + else | |
2073 | + { | |
2074 | + if (options.hpn_buffer_size < 0) | |
2075 | + options.hpn_buffer_size = BUFFER_MAX_LEN_HPN; | |
2076 | + | |
2077 | + /*create a socket but don't connect it */ | |
2078 | + /* we use that the get the rcv socket size */ | |
2079 | + sock = socket(AF_INET, SOCK_STREAM, 0); | |
2080 | + /* if they are using the tcp_rcv_buf option */ | |
2081 | + /* attempt to set the buffer size to that */ | |
2082 | + if (options.tcp_rcv_buf) | |
2083 | + setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&options.tcp_rcv_buf, | |
2084 | + sizeof(options.tcp_rcv_buf)); | |
2085 | + getsockopt(sock, SOL_SOCKET, SO_RCVBUF, | |
2086 | + &socksize, &socksizelen); | |
2087 | + close(sock); | |
2088 | + debug("socksize %d", socksize); | |
2089 | + if (options.tcp_rcv_buf_poll <= 0) | |
2090 | + { | |
2091 | + options.hpn_buffer_size = MIN(socksize,options.hpn_buffer_size); | |
2092 | + debug ("MIN of TCP RWIN and HPNBufferSize: %d", options.hpn_buffer_size); | |
2093 | + } | |
2094 | + else | |
2095 | + { | |
2096 | + if (options.tcp_rcv_buf > 0) | |
2097 | + options.hpn_buffer_size = MIN(options.tcp_rcv_buf, options.hpn_buffer_size); | |
2098 | + debug ("MIN of TCPRcvBuf and HPNBufferSize: %d", options.hpn_buffer_size); | |
2099 | + } | |
2100 | + | |
2101 | + } | |
2102 | + | |
2103 | + debug("Final hpn_buffer_size = %d", options.hpn_buffer_size); | |
2104 | + | |
2105 | + window = options.hpn_buffer_size; | |
2106 | + | |
2107 | packetmax = CHAN_SES_PACKET_DEFAULT; | |
2108 | if (tty_flag) { | |
2109 | + window = 4*CHAN_SES_PACKET_DEFAULT; | |
2110 | window >>= 1; | |
2111 | packetmax >>= 1; | |
2112 | } | |
2113 | @@ -1172,7 +1241,10 @@ ssh_session2_open(void) | |
2114 | "session", SSH_CHANNEL_OPENING, in, out, err, | |
2115 | window, packetmax, CHAN_EXTENDED_WRITE, | |
2116 | "client-session", /*nonblock*/0); | |
2117 | - | |
2118 | + if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled)) { | |
2119 | + c->dynamic_window = 1; | |
2120 | + debug ("Enabled Dynamic Window Scaling\n"); | |
2121 | + } | |
2122 | debug3("ssh_session2_open: channel_new: %d", c->self); | |
2123 | ||
2124 | channel_send_open(c->self); | |
2125 | diff -NupwB ../4.7/openssh-4.7p1/sshconnect2.c openssh-4.7p1/sshconnect2.c | |
2126 | --- ../4.7/openssh-4.7p1/sshconnect2.c 2007-05-20 01:11:33.000000000 -0400 | |
2127 | +++ openssh-4.7p1/sshconnect2.c 2008-02-06 13:28:23.000000000 -0500 | |
2128 | @@ -73,6 +73,12 @@ | |
2129 | extern char *client_version_string; | |
2130 | extern char *server_version_string; | |
2131 | extern Options options; | |
2132 | +extern Kex *xxx_kex; | |
2133 | + | |
2134 | +/* tty_flag is set in ssh.c. use this in ssh_userauth2 */ | |
2135 | +/* if it is set then prevent the switch to the null cipher */ | |
2136 | + | |
2137 | +extern int tty_flag; | |
2138 | ||
2139 | /* | |
2140 | * SSH2 key exchange | |
2141 | @@ -326,6 +332,28 @@ ssh_userauth2(const char *local_user, co | |
2142 | pubkey_cleanup(&authctxt); | |
2143 | dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); | |
2144 | ||
2145 | + /* if the user wants to use the none cipher do it */ | |
2146 | + /* post authentication and only if the right conditions are met */ | |
2147 | + /* both of the NONE commands must be true and there must be no */ | |
2148 | + /* tty allocated */ | |
2149 | + if ((options.none_switch == 1) && (options.none_enabled == 1)) | |
2150 | + { | |
2151 | + if (!tty_flag) /* no null on tty sessions */ | |
2152 | + { | |
2153 | + debug("Requesting none rekeying..."); | |
2154 | + myproposal[PROPOSAL_ENC_ALGS_STOC] = "none"; | |
2155 | + myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none"; | |
2156 | + kex_prop2buf(&xxx_kex->my,myproposal); | |
2157 | + packet_request_rekeying(); | |
2158 | + fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n"); | |
2159 | + } | |
2160 | + else | |
2161 | + { | |
2162 | + /* requested NONE cipher when in a tty */ | |
2163 | + debug("Cannot switch to NONE cipher with tty allocated"); | |
2164 | + fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n"); | |
2165 | + } | |
2166 | + } | |
2167 | debug("Authentication succeeded (%s).", authctxt.method->name); | |
2168 | } | |
2169 | ||
2170 | diff -NupwB ../4.7/openssh-4.7p1/sshconnect.c openssh-4.7p1/sshconnect.c | |
2171 | --- ../4.7/openssh-4.7p1/sshconnect.c 2006-10-23 13:02:24.000000000 -0400 | |
2172 | +++ openssh-4.7p1/sshconnect.c 2008-02-06 13:28:23.000000000 -0500 | |
2173 | @@ -164,6 +164,31 @@ ssh_proxy_connect(const char *host, u_sh | |
2174 | } | |
2175 | ||
2176 | /* | |
2177 | + * Set TCP receive buffer if requested. | |
2178 | + * Note: tuning needs to happen after the socket is | |
2179 | + * created but before the connection happens | |
2180 | + * so winscale is negotiated properly -cjr | |
2181 | + */ | |
2182 | +static void | |
2183 | +ssh_set_socket_recvbuf(int sock) | |
2184 | +{ | |
2185 | + void *buf = (void *)&options.tcp_rcv_buf; | |
2186 | + int sz = sizeof(options.tcp_rcv_buf); | |
2187 | + int socksize; | |
2188 | + int socksizelen = sizeof(int); | |
2189 | + | |
2190 | + debug("setsockopt Attempting to set SO_RCVBUF to %d", options.tcp_rcv_buf); | |
2191 | + if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, buf, sz) >= 0) { | |
2192 | + getsockopt(sock, SOL_SOCKET, SO_RCVBUF, &socksize, &socksizelen); | |
2193 | + debug("setsockopt SO_RCVBUF: %.100s %d", strerror(errno), socksize); | |
2194 | + } | |
2195 | + else | |
2196 | + error("Couldn't set socket receive buffer to %d: %.100s", | |
2197 | + options.tcp_rcv_buf, strerror(errno)); | |
2198 | +} | |
2199 | + | |
2200 | + | |
2201 | +/* | |
2202 | * Creates a (possibly privileged) socket for use as the ssh connection. | |
2203 | */ | |
2204 | static int | |
2205 | @@ -186,12 +211,18 @@ ssh_create_socket(int privileged, struct | |
2206 | strerror(errno)); | |
2207 | else | |
2208 | debug("Allocated local port %d.", p); | |
2209 | + | |
2210 | + if (options.tcp_rcv_buf > 0) | |
2211 | + ssh_set_socket_recvbuf(sock); | |
2212 | return sock; | |
2213 | } | |
2214 | sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); | |
2215 | if (sock < 0) | |
2216 | error("socket: %.100s", strerror(errno)); | |
2217 | ||
2218 | + if (options.tcp_rcv_buf > 0) | |
2219 | + ssh_set_socket_recvbuf(sock); | |
2220 | + | |
2221 | /* Bind the socket to an alternative local IP address */ | |
2222 | if (options.bind_address == NULL) | |
2223 | return sock; | |
2224 | @@ -487,7 +518,7 @@ ssh_exchange_identification(void) | |
2225 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", | |
2226 | compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, | |
2227 | compat20 ? PROTOCOL_MINOR_2 : minor1, | |
2228 | - SSH_VERSION); | |
2229 | + SSH_RELEASE); | |
2230 | if (atomicio(vwrite, connection_out, buf, strlen(buf)) != strlen(buf)) | |
2231 | fatal("write: %.100s", strerror(errno)); | |
2232 | client_version_string = xstrdup(buf); | |
2233 | diff -NupwB ../4.7/openssh-4.7p1/sshd.c openssh-4.7p1/sshd.c | |
2234 | --- ../4.7/openssh-4.7p1/sshd.c 2007-06-05 04:22:32.000000000 -0400 | |
2235 | +++ openssh-4.7p1/sshd.c 2008-02-06 13:29:19.000000000 -0500 | |
2236 | @@ -134,6 +134,9 @@ int deny_severity = LOG_WARNING; | |
2237 | #define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3) | |
2238 | #define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4) | |
2239 | ||
2240 | +int myflag = 0; | |
2241 | + | |
2242 | + | |
2243 | extern char *__progname; | |
2244 | ||
2245 | /* Server configuration options. */ | |
2246 | @@ -419,7 +422,7 @@ sshd_exchange_identification(int sock_in | |
2247 | major = PROTOCOL_MAJOR_1; | |
2248 | minor = PROTOCOL_MINOR_1; | |
2249 | } | |
2250 | - snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION); | |
2251 | + snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_RELEASE); | |
2252 | server_version_string = xstrdup(buf); | |
2253 | ||
2254 | /* Send our protocol version identification. */ | |
2255 | @@ -470,6 +473,9 @@ sshd_exchange_identification(int sock_in | |
2256 | } | |
2257 | debug("Client protocol version %d.%d; client software version %.100s", | |
2258 | remote_major, remote_minor, remote_version); | |
2259 | + logit("SSH: Server;Ltype: Version;Remote: %s-%d;Protocol: %d.%d;Client: %.100s", | |
2260 | + get_remote_ipaddr(), get_remote_port(), | |
2261 | + remote_major, remote_minor, remote_version); | |
2262 | ||
2263 | compat_datafellows(remote_version); | |
2264 | ||
2265 | @@ -942,6 +948,8 @@ server_listen(void) | |
2266 | int ret, listen_sock, on = 1; | |
2267 | struct addrinfo *ai; | |
2268 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; | |
2269 | + int socksize; | |
2270 | + int socksizelen = sizeof(int); | |
2271 | ||
2272 | for (ai = options.listen_addrs; ai; ai = ai->ai_next) { | |
2273 | if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) | |
2274 | @@ -979,6 +987,11 @@ server_listen(void) | |
2275 | ||
2276 | debug("Bind to port %s on %s.", strport, ntop); | |
2277 | ||
2278 | + getsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, | |
2279 | + &socksize, &socksizelen); | |
2280 | + debug("Server TCP RWIN socket size: %d", socksize); | |
2281 | + debug("HPN Buffer Size: %d", options.hpn_buffer_size); | |
2282 | + | |
2283 | /* Bind the socket to the desired port. */ | |
2284 | if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { | |
2285 | error("Bind to port %s on %s failed: %.200s.", | |
2286 | @@ -2094,9 +2107,15 @@ do_ssh2_kex(void) | |
2287 | { | |
2288 | Kex *kex; | |
2289 | ||
2290 | + myflag++; | |
2291 | + debug ("MYFLAG IS %d", myflag); | |
2292 | if (options.ciphers != NULL) { | |
2293 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = | |
2294 | myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; | |
2295 | + } else if (options.none_enabled == 1) { | |
2296 | + debug ("WARNING: None cipher enabled"); | |
2297 | + myproposal[PROPOSAL_ENC_ALGS_CTOS] = | |
2298 | + myproposal[PROPOSAL_ENC_ALGS_STOC] = KEX_ENCRYPT_INCLUDE_NONE; | |
2299 | } | |
2300 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = | |
2301 | compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); | |
2302 | diff -NupwB ../4.7/openssh-4.7p1/sshd_config openssh-4.7p1/sshd_config | |
2303 | --- ../4.7/openssh-4.7p1/sshd_config 2007-03-21 05:42:25.000000000 -0400 | |
2304 | +++ openssh-4.7p1/sshd_config 2008-02-06 13:28:23.000000000 -0500 | |
2305 | @@ -109,6 +109,20 @@ Protocol 2 | |
2306 | # override default of no subsystems | |
2307 | Subsystem sftp /usr/libexec/sftp-server | |
2308 | ||
2309 | +# the following are HPN related configuration options | |
2310 | +# tcp receive buffer polling. disable in non autotuning kernels | |
2311 | +#TcpRcvBufPoll yes | |
2312 | + | |
2313 | +# allow the use of the none cipher | |
2314 | +#NoneEnabled no | |
2315 | + | |
2316 | +# disable hpn performance boosts. | |
2317 | +#HPNDisabled no | |
2318 | + | |
2319 | +# buffer size for hpn to non-hpn connections | |
2320 | +#HPNBufferSize 2048 | |
2321 | + | |
2322 | + | |
2323 | # Example of overriding settings on a per-user basis | |
2324 | #Match User anoncvs | |
2325 | # X11Forwarding no | |
2326 | diff -NupwB ../4.7/openssh-4.7p1/version.h openssh-4.7p1/version.h | |
2327 | --- ../4.7/openssh-4.7p1/version.h 2007-08-15 05:14:52.000000000 -0400 | |
2328 | +++ openssh-4.7p1/version.h 2008-02-06 15:31:47.000000000 -0500 | |
2329 | @@ -3,4 +3,5 @@ | |
2330 | #define SSH_VERSION "OpenSSH_4.7" | |
2331 | ||
2332 | #define SSH_PORTABLE "p1" | |
2333 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE | |
2334 | +#define SSH_HPN "-hpn13v1" | |
2335 | +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN |