1 diff -Nur openssh-3.2.3p1.orig/clientloop.c openssh-3.2.3p1-alive/clientloop.c
2 --- openssh-3.2.3p1.orig/clientloop.c Tue Apr 23 13:09:46 2002
3 +++ openssh-3.2.3p1-alive/clientloop.c Sun Oct 13 18:32:06 2002
5 client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
6 int *maxfdp, int *nallocp, int rekeying)
8 + struct timeval tv, *tvp;
11 /* Add any selections by the channel mechanism. */
12 channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, rekeying);
16 * Wait for something to happen. This will suspend the process until
17 * some selected descriptor can be read, written, or has some other
18 - * event pending. Note: if you want to implement SSH_MSG_IGNORE
19 - * messages to fool traffic analysis, this might be the place to do
20 - * it: just have a random timeout for the select, and send a random
21 - * SSH_MSG_IGNORE packet when the timeout expires.
23 + * Set a random timeout for the select, and send a random SSH_MSG_IGNORE
24 + * packet when the timeout expires to fool traffic analysis.
27 - if (select((*maxfdp)+1, *readsetp, *writesetp, NULL, NULL) < 0) {
28 + if (options.bogus_traffic_interval_max) {
29 + u_int32_t rand = arc4random();
31 + static u_int64_t timebase = 0;
34 + timebase = (options.bogus_traffic_interval_max -
35 + options.bogus_traffic_interval_min) * 1000000;
36 + timeusec = timebase * rand / 0xffffffffUL;
37 + timeusec += options.bogus_traffic_interval_min * 1000000;
38 + tv.tv_sec = timeusec / 1000000;
39 + tv.tv_usec = timeusec % 1000000;
41 + debug2("Will send SSH_MSG_IGNORE in %lu.%lu s", tv.tv_sec, tv.tv_usec);
45 + ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp);
51 buffer_append(&stderr_buffer, buf, strlen(buf));
54 + else if (ret == 0) { /* timeout */
55 + u_int32_t rand = arc4random();
56 + packet_send_ignore((rand & 0x3f) + 1);
58 + packet_write_wait();
63 diff -Nur openssh-3.2.3p1.orig/readconf.c openssh-3.2.3p1-alive/readconf.c
64 --- openssh-3.2.3p1.orig/readconf.c Tue Feb 5 02:26:35 2002
65 +++ openssh-3.2.3p1-alive/readconf.c Sun Oct 13 17:57:46 2002
67 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
68 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
69 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
70 - oClearAllForwardings, oNoHostAuthenticationForLocalhost
71 + oClearAllForwardings, oNoHostAuthenticationForLocalhost,
72 + oBogusTrafficIntervalMax, oBogusTrafficIntervalMin
75 /* Textual representations of the tokens. */
77 { "compression", oCompression },
78 { "compressionlevel", oCompressionLevel },
79 { "keepalive", oKeepAlives },
80 + { "BogusTrafficIntervalMax", oBogusTrafficIntervalMax },
81 + { "BogusTrafficIntervalMin", oBogusTrafficIntervalMin },
82 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
83 { "loglevel", oLogLevel },
84 { "dynamicforward", oDynamicForward },
86 intptr = &options->no_host_authentication_for_localhost;
89 + case oBogusTrafficIntervalMax:
90 + intptr = &options->bogus_traffic_interval_max;
92 + if (!arg || *arg == '\0')
93 + fatal("%.200s line %d: Missing argument.", filename, linenum);
94 + if (arg[0] < '0' || arg[0] > '9')
95 + fatal("%.200s line %d: Bad number.", filename, linenum);
97 + /* Octal, decimal, or hex format? */
98 + value = strtol(arg, &endofnumber, 0);
99 + if (arg == endofnumber)
100 + fatal("%.200s line %d: Bad number.", filename, linenum);
101 + if (*activep && *intptr == -1)
103 + if (options->bogus_traffic_interval_min >= value)
104 + fatal("%.200s line %d: Bad value.", filename, linenum);
107 + case oBogusTrafficIntervalMin:
108 + intptr = &options->bogus_traffic_interval_min;
109 + arg = strdelim(&s);
110 + if (!arg || *arg == '\0')
111 + fatal("%.200s line %d: Missing argument.", filename, linenum);
112 + if (arg[0] < '0' || arg[0] > '9')
113 + fatal("%.200s line %d: Bad number.", filename, linenum);
115 + /* Octal, decimal, or hex format? */
116 + value = strtol(arg, &endofnumber, 0);
117 + if (arg == endofnumber)
118 + fatal("%.200s line %d: Bad number.", filename, linenum);
119 + if (*activep && *intptr == -1)
121 + if (options->bogus_traffic_interval_max <= value)
122 + fatal("%.200s line %d: Bad value.", filename, linenum);
125 case oNumberOfPasswordPrompts:
126 intptr = &options->number_of_password_prompts;
129 options->strict_host_key_checking = -1;
130 options->compression = -1;
131 options->keepalives = -1;
132 + options->bogus_traffic_interval_max = -1;
133 + options->bogus_traffic_interval_min = -1;
134 options->compression_level = -1;
136 options->connection_attempts = -1;
138 options->compression = 0;
139 if (options->keepalives == -1)
140 options->keepalives = 1;
141 + if (options->bogus_traffic_interval_max == -1)
142 + options->bogus_traffic_interval_max = 0;
143 + if (options->bogus_traffic_interval_min == -1)
144 + options->bogus_traffic_interval_min = 0;
145 if (options->compression_level == -1)
146 options->compression_level = 6;
147 if (options->port == -1)
148 diff -Nur openssh-3.2.3p1.orig/readconf.h openssh-3.2.3p1-alive/readconf.h
149 --- openssh-3.2.3p1.orig/readconf.h Tue Mar 5 02:53:05 2002
150 +++ openssh-3.2.3p1-alive/readconf.h Sun Oct 13 19:09:02 2002
152 int compression_level; /* Compression level 1 (fast) to 9
154 int keepalives; /* Set SO_KEEPALIVE. */
155 + int bogus_traffic_interval_max;/*
156 + * max time value of SSH_MSG_IGNORE
159 + int bogus_traffic_interval_min;/*
160 + * min time value of SSH_MSG_IGNORE
163 + int pam_authentication_via_kbd_int;
165 LogLevel log_level; /* Level for logging. */
167 int port; /* Port to connect. */