[packages/openssh.git] / openssh-session-keepalive.patch

diff -Nur openssh-3.2.3p1.orig/clientloop.c openssh-3.2.3p1-alive/clientloop.c
--- openssh-3.2.3p1.orig/clientloop.c	Tue Apr 23 13:09:46 2002
+++ openssh-3.2.3p1-alive/clientloop.c	Sun Oct 13 18:32:06 2002
@@ -321,6 +321,9 @@
 client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
     int *maxfdp, int *nallocp, int rekeying)
 {
+	struct timeval tv, *tvp;
+	int ret;
+
 	/* Add any selections by the channel mechanism. */
 	channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, rekeying);
 
@@ -362,13 +365,30 @@
 	/*
 	 * Wait for something to happen.  This will suspend the process until
 	 * some selected descriptor can be read, written, or has some other
-	 * event pending. Note: if you want to implement SSH_MSG_IGNORE
-	 * messages to fool traffic analysis, this might be the place to do
-	 * it: just have a random timeout for the select, and send a random
-	 * SSH_MSG_IGNORE packet when the timeout expires.
+	 * event pending.
+	 * Set a random timeout for the select, and send a random SSH_MSG_IGNORE
+	 * packet when the timeout expires to fool traffic analysis.
 	 */
 
-	if (select((*maxfdp)+1, *readsetp, *writesetp, NULL, NULL) < 0) {
+	if (options.bogus_traffic_interval_max) {
+		u_int32_t rand = arc4random();
+		u_int64_t timeusec;
+		static u_int64_t timebase = 0;
+
+		if (!timebase)
+			timebase = (options.bogus_traffic_interval_max -
+		options.bogus_traffic_interval_min) * 1000000;  
+		timeusec = timebase * rand / 0xffffffffUL;
+		timeusec += options.bogus_traffic_interval_min * 1000000;
+		tv.tv_sec = timeusec / 1000000;
+		tv.tv_usec = timeusec % 1000000;
+		tvp = &tv;
+		debug2("Will send SSH_MSG_IGNORE in %lu.%lu s", tv.tv_sec, tv.tv_usec);
+	}
+	else tvp = NULL;
+
+	ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp);
+	if (ret < 0) {
 		char buf[100];
 
 		/*
@@ -386,6 +406,12 @@
 		buffer_append(&stderr_buffer, buf, strlen(buf));
 		quit_pending = 1;
 	}
+	else if (ret == 0) { /* timeout */
+		u_int32_t rand = arc4random();
+		packet_send_ignore((rand & 0x3f) + 1);
+		packet_send();
+		packet_write_wait();
+	}
 }
 
 static void
diff -Nur openssh-3.2.3p1.orig/readconf.c openssh-3.2.3p1-alive/readconf.c
--- openssh-3.2.3p1.orig/readconf.c	Tue Feb  5 02:26:35 2002
+++ openssh-3.2.3p1-alive/readconf.c	Sun Oct 13 17:57:46 2002
@@ -115,7 +115,8 @@
 	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
 	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
 	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
-	oClearAllForwardings, oNoHostAuthenticationForLocalhost
+	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+	oBogusTrafficIntervalMax, oBogusTrafficIntervalMin
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -178,6 +179,8 @@
 	{ "compression", oCompression },
 	{ "compressionlevel", oCompressionLevel },
 	{ "keepalive", oKeepAlives },
+	{ "BogusTrafficIntervalMax", oBogusTrafficIntervalMax },
+	{ "BogusTrafficIntervalMin", oBogusTrafficIntervalMin },
 	{ "numberofpasswordprompts", oNumberOfPasswordPrompts },
 	{ "loglevel", oLogLevel },
 	{ "dynamicforward", oDynamicForward },
@@ -420,6 +423,42 @@
 		intptr = &options->no_host_authentication_for_localhost;
 		goto parse_flag;
 
+	case oBogusTrafficIntervalMax:
+		intptr = &options->bogus_traffic_interval_max;
+		arg = strdelim(&s);
+		if (!arg || *arg == '\0')
+			fatal("%.200s line %d: Missing argument.", filename, linenum);
+		if (arg[0] < '0' || arg[0] > '9')
+			fatal("%.200s line %d: Bad number.", filename, linenum);
+
+		/* Octal, decimal, or hex format? */
+		value = strtol(arg, &endofnumber, 0);
+		if (arg == endofnumber)
+			fatal("%.200s line %d: Bad number.", filename, linenum);
+		if (*activep && *intptr == -1)
+			*intptr = value;
+		if (options->bogus_traffic_interval_min >= value)
+			fatal("%.200s line %d: Bad value.", filename, linenum);
+		break;
+
+	case oBogusTrafficIntervalMin:
+		intptr = &options->bogus_traffic_interval_min;
+		arg = strdelim(&s);
+		if (!arg || *arg == '\0')
+			fatal("%.200s line %d: Missing argument.", filename, linenum);
+		if (arg[0] < '0' || arg[0] > '9')
+			fatal("%.200s line %d: Bad number.", filename, linenum);
+
+		/* Octal, decimal, or hex format? */
+		value = strtol(arg, &endofnumber, 0);
+		if (arg == endofnumber)
+			fatal("%.200s line %d: Bad number.", filename, linenum);
+		if (*activep && *intptr == -1)
+			*intptr = value;
+		if (options->bogus_traffic_interval_max <= value)
+			fatal("%.200s line %d: Bad value.", filename, linenum);
+		break;
+
 	case oNumberOfPasswordPrompts:
 		intptr = &options->number_of_password_prompts;
 		goto parse_int;
@@ -772,6 +811,8 @@
 	options->strict_host_key_checking = -1;
 	options->compression = -1;
 	options->keepalives = -1;
+	options->bogus_traffic_interval_max = -1;
+	options->bogus_traffic_interval_min = -1;
 	options->compression_level = -1;
 	options->port = -1;
 	options->connection_attempts = -1;
@@ -863,6 +904,10 @@
 		options->compression = 0;
 	if (options->keepalives == -1)
 		options->keepalives = 1;
+	if (options->bogus_traffic_interval_max == -1)
+		options->bogus_traffic_interval_max = 0;
+	if (options->bogus_traffic_interval_min == -1)
+		options->bogus_traffic_interval_min = 0;
 	if (options->compression_level == -1)
 		options->compression_level = 6;
 	if (options->port == -1)
diff -Nur openssh-3.2.3p1.orig/readconf.h openssh-3.2.3p1-alive/readconf.h
--- openssh-3.2.3p1.orig/readconf.h	Tue Mar  5 02:53:05 2002
+++ openssh-3.2.3p1-alive/readconf.h	Sun Oct 13 19:09:02 2002
@@ -63,6 +63,16 @@
 	int     compression_level;	/* Compression level 1 (fast) to 9
 					 * (best). */
 	int     keepalives;	/* Set SO_KEEPALIVE. */
+	int	bogus_traffic_interval_max;/*
+		 * max time value of SSH_MSG_IGNORE 
+		 * interval
+		 */
+	int	bogus_traffic_interval_min;/*
+		 * min time value of SSH_MSG_IGNORE 
+		 * interval
+		 */
+	int	pam_authentication_via_kbd_int;
+	
 	LogLevel log_level;	/* Level for logging. */
 
 	int     port;		/* Port to connect. */
Commit	Line	Data
f506a2a3 MM	1	diff -Nur openssh-3.2.3p1.orig/clientloop.c openssh-3.2.3p1-alive/clientloop.c
	2	--- openssh-3.2.3p1.orig/clientloop.c Tue Apr 23 13:09:46 2002
	3	+++ openssh-3.2.3p1-alive/clientloop.c Sun Oct 13 18:32:06 2002
	4	@@ -321,6 +321,9 @@
	5	client_wait_until_can_do_something(fd_set readsetp, fd_set writesetp,
	6	int maxfdp, int nallocp, int rekeying)
	7	{
	8	+ struct timeval tv, *tvp;
	9	+ int ret;
	10	+
	11	/* Add any selections by the channel mechanism. */
	12	channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, rekeying);
	13
	14	@@ -362,13 +365,30 @@
	15	/*
	16	* Wait for something to happen. This will suspend the process until
	17	* some selected descriptor can be read, written, or has some other
	18	- * event pending. Note: if you want to implement SSH_MSG_IGNORE
	19	- * messages to fool traffic analysis, this might be the place to do
	20	- * it: just have a random timeout for the select, and send a random
	21	- * SSH_MSG_IGNORE packet when the timeout expires.
	22	+ * event pending.
	23	+ * Set a random timeout for the select, and send a random SSH_MSG_IGNORE
	24	+ * packet when the timeout expires to fool traffic analysis.
	25	*/
	26
	27	- if (select((maxfdp)+1, readsetp, *writesetp, NULL, NULL) < 0) {
	28	+ if (options.bogus_traffic_interval_max) {
	29	+ u_int32_t rand = arc4random();
	30	+ u_int64_t timeusec;
	31	+ static u_int64_t timebase = 0;
	32	+
	33	+ if (!timebase)
	34	+ timebase = (options.bogus_traffic_interval_max -
	35	+ options.bogus_traffic_interval_min) * 1000000;
	36	+ timeusec = timebase * rand / 0xffffffffUL;
	37	+ timeusec += options.bogus_traffic_interval_min * 1000000;
	38	+ tv.tv_sec = timeusec / 1000000;
	39	+ tv.tv_usec = timeusec % 1000000;
	40	+ tvp = &tv;
	41	+ debug2("Will send SSH_MSG_IGNORE in %lu.%lu s", tv.tv_sec, tv.tv_usec);
	42	+ }
	43	+ else tvp = NULL;
	44	+
	45	+ ret = select((maxfdp)+1, readsetp, *writesetp, NULL, tvp);
	46	+ if (ret < 0) {
	47	char buf[100];
	48
	49	/*
	50	@@ -386,6 +406,12 @@
	51	buffer_append(&stderr_buffer, buf, strlen(buf));
	52	quit_pending = 1;
	53	}
	54	+ else if (ret == 0) { /* timeout */
	55	+ u_int32_t rand = arc4random();
	56	+ packet_send_ignore((rand & 0x3f) + 1);
	57	+ packet_send();
	58	+ packet_write_wait();
	59	+ }
	60	}
	61
	62	static void
	63	diff -Nur openssh-3.2.3p1.orig/readconf.c openssh-3.2.3p1-alive/readconf.c
	64	--- openssh-3.2.3p1.orig/readconf.c Tue Feb 5 02:26:35 2002
65	+++ openssh-3.2.3p1-alive/readconf.c Sun Oct 13 17:57:46 2002
66	@@ -115,7 +115,8 @@
67	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
68	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
69	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
70	- oClearAllForwardings, oNoHostAuthenticationForLocalhost
71	+ oClearAllForwardings, oNoHostAuthenticationForLocalhost,
72	+ oBogusTrafficIntervalMax, oBogusTrafficIntervalMin
73	} OpCodes;
74
75	/* Textual representations of the tokens. */
76	@@ -178,6 +179,8 @@
77	{ "compression", oCompression },
78	{ "compressionlevel", oCompressionLevel },
79	{ "keepalive", oKeepAlives },
80	+ { "BogusTrafficIntervalMax", oBogusTrafficIntervalMax },
81	+ { "BogusTrafficIntervalMin", oBogusTrafficIntervalMin },
82	{ "numberofpasswordprompts", oNumberOfPasswordPrompts },
83	{ "loglevel", oLogLevel },
84	{ "dynamicforward", oDynamicForward },
85	@@ -420,6 +423,42 @@
86	intptr = &options->no_host_authentication_for_localhost;
87	goto parse_flag;
88
89	+ case oBogusTrafficIntervalMax:
90	+ intptr = &options->bogus_traffic_interval_max;
91	+ arg = strdelim(&s);
92	+ if (!arg \|\| *arg == '\0')
93	+ fatal("%.200s line %d: Missing argument.", filename, linenum);
94	+ if (arg[0] < '0' \|\| arg[0] > '9')
95	+ fatal("%.200s line %d: Bad number.", filename, linenum);
96	+
97	+ /* Octal, decimal, or hex format? */
98	+ value = strtol(arg, &endofnumber, 0);
99	+ if (arg == endofnumber)
100	+ fatal("%.200s line %d: Bad number.", filename, linenum);
101	+ if (activep && intptr == -1)
102	+ *intptr = value;
103	+ if (options->bogus_traffic_interval_min >= value)
104	+ fatal("%.200s line %d: Bad value.", filename, linenum);
105	+ break;
106	+
107	+ case oBogusTrafficIntervalMin:
108	+ intptr = &options->bogus_traffic_interval_min;
109	+ arg = strdelim(&s);
110	+ if (!arg \|\| *arg == '\0')
111	+ fatal("%.200s line %d: Missing argument.", filename, linenum);
112	+ if (arg[0] < '0' \|\| arg[0] > '9')
113	+ fatal("%.200s line %d: Bad number.", filename, linenum);
114	+
115	+ /* Octal, decimal, or hex format? */
116	+ value = strtol(arg, &endofnumber, 0);
117	+ if (arg == endofnumber)
118	+ fatal("%.200s line %d: Bad number.", filename, linenum);
119	+ if (activep && intptr == -1)
120	+ *intptr = value;
121	+ if (options->bogus_traffic_interval_max <= value)
122	+ fatal("%.200s line %d: Bad value.", filename, linenum);
123	+ break;
124	+
125	case oNumberOfPasswordPrompts:
126	intptr = &options->number_of_password_prompts;
127	goto parse_int;
128	@@ -772,6 +811,8 @@
129	options->strict_host_key_checking = -1;
130	options->compression = -1;
131	options->keepalives = -1;
132	+ options->bogus_traffic_interval_max = -1;
133	+ options->bogus_traffic_interval_min = -1;
134	options->compression_level = -1;
135	options->port = -1;
136	options->connection_attempts = -1;
137	@@ -863,6 +904,10 @@
138	options->compression = 0;
139	if (options->keepalives == -1)
140	options->keepalives = 1;
141	+ if (options->bogus_traffic_interval_max == -1)
142	+ options->bogus_traffic_interval_max = 0;
143	+ if (options->bogus_traffic_interval_min == -1)
144	+ options->bogus_traffic_interval_min = 0;
145	if (options->compression_level == -1)
146	options->compression_level = 6;
147	if (options->port == -1)
148	diff -Nur openssh-3.2.3p1.orig/readconf.h openssh-3.2.3p1-alive/readconf.h
149	--- openssh-3.2.3p1.orig/readconf.h Tue Mar 5 02:53:05 2002
150	+++ openssh-3.2.3p1-alive/readconf.h Sun Oct 13 19:09:02 2002
151	@@ -63,6 +63,16 @@
152	int compression_level; /* Compression level 1 (fast) to 9
153	* (best). */
154	int keepalives; /* Set SO_KEEPALIVE. */
155	+ int bogus_traffic_interval_max;/*
156	+ * max time value of SSH_MSG_IGNORE
157	+ * interval
158	+ */
159	+ int bogus_traffic_interval_min;/*
160	+ * min time value of SSH_MSG_IGNORE
161	+ * interval
162	+ */
163	+ int pam_authentication_via_kbd_int;
164	+
165	LogLevel log_level; /* Level for logging. */
166
167	int port; /* Port to connect. */