]> git.pld-linux.org Git - packages/openssh.git/blame - openssh-4.9p1-hpn13v2.diff
projects / packages / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- raw
[packages/openssh.git] / openssh-4.9p1-hpn13v2.diff
CommitLineData
becf7a1f
ER		 1diff -NupwB openssh-4.9p1/auth2.c openssh-4.9p1-hpn13/auth2.c
2--- openssh-4.9p1/auth2.c 2007-10-26 00:26:16.000000000 -0400
3+++ openssh-4.9p1-hpn13/auth2.c 2008-04-01 13:03:59.000000000 -0400
4@@ -44,6 +44,7 @@
5 #include "dispatch.h"
6 #include "pathnames.h"
7 #include "buffer.h"
8+#include "canohost.h"
9
10 #ifdef GSSAPI
11 #include "ssh-gss.h"
12@@ -67,6 +68,9 @@ extern Authmethod method_hostbased;
13 extern Authmethod method_gssapi;
14 #endif
15
16+static int log_flag = 0;
17+
18+
19 Authmethod *authmethods[] = {
20 &method_none,
21 &method_pubkey,
22@@ -150,6 +154,11 @@ input_userauth_request(int type, u_int32
23 service = packet_get_string(NULL);
24 method = packet_get_string(NULL);
25 debug("userauth-request for user %s service %s method %s", user, service, method);
26+ if (!log_flag) {
27+ logit("SSH: Server;Ltype: Authname;Remote: %s-%d;Name: %s",
28+ get_remote_ipaddr(), get_remote_port(), user);
29+ log_flag = 1;
30+ }
31 debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
32
33 if ((style = strchr(user, ':')) != NULL)
34diff -NupwB openssh-4.9p1/buffer.c openssh-4.9p1-hpn13/buffer.c
35--- openssh-4.9p1/buffer.c 2006-08-04 22:39:39.000000000 -0400
36+++ openssh-4.9p1-hpn13/buffer.c 2008-04-01 13:03:59.000000000 -0400
37@@ -127,7 +127,9 @@ restart:
38
39 /* Increase the size of the buffer and retry. */
40 newlen = roundup(buffer->alloc + len, BUFFER_ALLOCSZ);
41- if (newlen > BUFFER_MAX_LEN)
42+ /* need it to be slightly larger than the MAX LEN for this */
43+ /* still investigating *why* but this works for now -cjr */
44+ if (newlen > (BUFFER_MAX_LEN_HPN + BUFFER_MAX_LEN))
45 fatal("buffer_append_space: alloc %u not supported",
46 newlen);
47 buffer->buf = xrealloc(buffer->buf, 1, newlen);
48diff -NupwB openssh-4.9p1/buffer.h openssh-4.9p1-hpn13/buffer.h
49--- openssh-4.9p1/buffer.h 2006-08-04 22:39:39.000000000 -0400
50+++ openssh-4.9p1-hpn13/buffer.h 2008-04-01 13:03:59.000000000 -0400
51@@ -16,6 +16,9 @@
52 #ifndef BUFFER_H
53 #define BUFFER_H
54
55+/* move the following to a more appropriate place and name */
56+#define BUFFER_MAX_LEN_HPN 0x4000000 /* 64MB */
57+
58 typedef struct {
59 u_char *buf; /* Buffer for data. */
60 u_int alloc; /* Number of bytes allocated for data. */
61diff -NupwB openssh-4.9p1/channels.c openssh-4.9p1-hpn13/channels.c
62--- openssh-4.9p1/channels.c 2008-02-10 06:25:24.000000000 -0500
63+++ openssh-4.9p1-hpn13/channels.c 2008-04-01 13:03:59.000000000 -0400
64@@ -311,6 +311,7 @@ channel_new(char *ctype, int type, int r
65 c->local_window_max = window;
66 c->local_consumed = 0;
67 c->local_maxpacket = maxpack;
68+ c->dynamic_window = 0;
69 c->remote_id = -1;
70 c->remote_name = xstrdup(remote_name);
71 c->remote_window = 0;
72@@ -765,11 +766,35 @@ channel_pre_open_13(Channel *c, fd_set *
73 FD_SET(c->sock, writeset);
74 }
75
76+int channel_tcpwinsz () {
77+ u_int32_t tcpwinsz = 0;
78+ socklen_t optsz = sizeof(tcpwinsz);
79+ int ret = -1;
80+
81+ /* if we aren't on a socket return 128KB*/
82+ if(!packet_connection_is_on_socket())
83+ return(128*1024);
84+ ret = getsockopt(packet_get_connection_in(),
85+ SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
86+ /* return no more than 64MB */
87+ if ((ret == 0) && tcpwinsz > BUFFER_MAX_LEN_HPN)
88+ tcpwinsz = BUFFER_MAX_LEN_HPN;
89+ debug2("tcpwinsz: %d for connection: %d", tcpwinsz,
90+ packet_get_connection_in());
91+ return(tcpwinsz);
92+}
93+
94 static void
95 channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
96 {
97 u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
98
99+ /* check buffer limits */
100+ if ((!c->tcpwinsz) || (c->dynamic_window > 0))
101+ c->tcpwinsz = channel_tcpwinsz();
102+
103+ limit = MIN(limit, 2 * c->tcpwinsz);
104+
105 if (c->istate == CHAN_INPUT_OPEN &&
106 limit > 0 &&
107 buffer_len(&c->input) < limit &&
108@@ -1661,14 +1686,21 @@ channel_check_window(Channel *c)
109 c->local_maxpacket*3) ||
110 c->local_window < c->local_window_max/2) &&
111 c->local_consumed > 0) {
112+ u_int addition = 0;
113+ /* adjust max window size if we are in a dynamic environment */
114+ if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) {
115+ /* grow the window somewhat aggressively to maintain pressure */
116+ addition = 1.5*(c->tcpwinsz - c->local_window_max);
117+ c->local_window_max += addition;
118+ }
119 packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
120 packet_put_int(c->remote_id);
121- packet_put_int(c->local_consumed);
122+ packet_put_int(c->local_consumed + addition);
123 packet_send();
124 debug2("channel %d: window %d sent adjust %d",
125 c->self, c->local_window,
126 c->local_consumed);
127- c->local_window += c->local_consumed;
128+ c->local_window += c->local_consumed + addition;
129 c->local_consumed = 0;
130 }
131 return 1;
132@@ -1871,11 +1903,12 @@ channel_after_select(fd_set *readset, fd
133
134
135 /* If there is data to send to the connection, enqueue some of it now. */
136-void
137+int
138 channel_output_poll(void)
139 {
140 Channel *c;
141 u_int i, len;
142+ int packet_length = 0;
143
144 for (i = 0; i < channels_alloc; i++) {
145 c = channels[i];
146@@ -1915,7 +1948,7 @@ channel_output_poll(void)
147 packet_start(SSH2_MSG_CHANNEL_DATA);
148 packet_put_int(c->remote_id);
149 packet_put_string(data, dlen);
150- packet_send();
151+ packet_length = packet_send();
152 c->remote_window -= dlen + 4;
153 xfree(data);
154 }
155@@ -1945,7 +1978,7 @@ channel_output_poll(void)
156 SSH2_MSG_CHANNEL_DATA : SSH_MSG_CHANNEL_DATA);
157 packet_put_int(c->remote_id);
158 packet_put_string(buffer_ptr(&c->input), len);
159- packet_send();
160+ packet_length = packet_send();
161 buffer_consume(&c->input, len);
162 c->remote_window -= len;
163 }
164@@ -1980,12 +2013,13 @@ channel_output_poll(void)
165 packet_put_int(c->remote_id);
166 packet_put_int(SSH2_EXTENDED_DATA_STDERR);
167 packet_put_string(buffer_ptr(&c->extended), len);
168- packet_send();
169+ packet_length = packet_send();
170 buffer_consume(&c->extended, len);
171 c->remote_window -= len;
172 debug2("channel %d: sent ext data %d", c->self, len);
173 }
174 }
175+ return (packet_length);
176 }
177
178
179@@ -2342,7 +2376,8 @@ channel_set_af(int af)
180
181 static int
182 channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port,
183- const char *host_to_connect, u_short port_to_connect, int gateway_ports)
184+ const char *host_to_connect, u_short port_to_connect, int gateway_ports,
185+ int hpn_disabled, int hpn_buffer_size)
186 {
187 Channel *c;
188 int sock, r, success = 0, wildcard = 0, is_client;
189@@ -2456,9 +2491,15 @@ channel_setup_fwd_listener(int type, con
190 continue;
191 }
192 /* Allocate a channel number for the socket. */
193+ /* explicitly test for hpn disabled option. if true use smaller window size */
194+ if (hpn_disabled)
195 c = channel_new("port listener", type, sock, sock, -1,
196 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
197 0, "port listener", 1);
198+ else
199+ c = channel_new("port listener", type, sock, sock, -1,
200+ hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
201+ 0, "port listener", 1);
202 strlcpy(c->path, host, sizeof(c->path));
203 c->host_port = port_to_connect;
204 c->listening_port = listen_port;
205@@ -2495,20 +2536,22 @@ channel_cancel_rport_listener(const char
206 /* protocol local port fwd, used by ssh (and sshd in v1) */
207 int
208 channel_setup_local_fwd_listener(const char *listen_host, u_short listen_port,
209- const char *host_to_connect, u_short port_to_connect, int gateway_ports)
210+ const char *host_to_connect, u_short port_to_connect, int gateway_ports,
211+ int hpn_disabled, int hpn_buffer_size)
212 {
213 return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER,
214 listen_host, listen_port, host_to_connect, port_to_connect,
215- gateway_ports);
216+ gateway_ports, hpn_disabled, hpn_buffer_size);
217 }
218
219 /* protocol v2 remote port fwd, used by sshd */
220 int
221 channel_setup_remote_fwd_listener(const char *listen_address,
222- u_short listen_port, int gateway_ports)
223+ u_short listen_port, int gateway_ports, int hpn_disabled, int hpn_buffer_size)
224 {
225 return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER,
226- listen_address, listen_port, NULL, 0, gateway_ports);
227+ listen_address, listen_port, NULL, 0, gateway_ports,
228+ hpn_disabled, hpn_buffer_size);
229 }
230
231 /*
232@@ -2623,7 +2666,8 @@ channel_request_rforward_cancel(const ch
233 * message if there was an error).
234 */
235 int
236-channel_input_port_forward_request(int is_root, int gateway_ports)
237+channel_input_port_forward_request(int is_root, int gateway_ports,
238+ int hpn_disabled, int hpn_buffer_size)
239 {
240 u_short port, host_port;
241 int success = 0;
242@@ -2649,7 +2693,7 @@ channel_input_port_forward_request(int i
243
244 /* Initiate forwarding */
245 success = channel_setup_local_fwd_listener(NULL, port, hostname,
246- host_port, gateway_ports);
247+ host_port, gateway_ports, hpn_disabled, hpn_buffer_size);
248
249 /* Free the argument string. */
250 xfree(hostname);
251@@ -2853,7 +2897,8 @@ channel_send_window_changes(void)
252 */
253 int
254 x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
255- int single_connection, u_int *display_numberp, int **chanids)
256+ int single_connection, u_int *display_numberp, int **chanids,
257+ int hpn_disabled, int hpn_buffer_size)
258 {
259 Channel *nc = NULL;
260 int display_number, sock;
261@@ -2950,10 +2995,17 @@ x11_create_display_inet(int x11_display_
262 *chanids = xcalloc(num_socks + 1, sizeof(**chanids));
263 for (n = 0; n < num_socks; n++) {
264 sock = socks[n];
265+ /* Is this really necassary? */
266+ if (hpn_disabled)
267 nc = channel_new("x11 listener",
268 SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
269 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
270 0, "X11 inet listener", 1);
271+ else
272+ nc = channel_new("x11 listener",
273+ SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
274+ hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
275+ 0, "X11 inet listener", 1);
276 nc->single_connection = single_connection;
277 (*chanids)[n] = nc->self;
278 }
279diff -NupwB openssh-4.9p1/channels.h openssh-4.9p1-hpn13/channels.h
280--- openssh-4.9p1/channels.h 2007-06-12 09:38:54.000000000 -0400
281+++ openssh-4.9p1-hpn13/channels.h 2008-04-01 13:03:59.000000000 -0400
282@@ -98,8 +98,10 @@ struct Channel {
283 u_int local_window_max;
284 u_int local_consumed;
285 u_int local_maxpacket;
286+ int dynamic_window;
287 int extended_usage;
288 int single_connection;
289+ u_int tcpwinsz;
290
291 char *ctype; /* type */
292
293@@ -122,9 +124,11 @@ struct Channel {
294
295 /* default window/packet sizes for tcp/x11-fwd-channel */
296 #define CHAN_SES_PACKET_DEFAULT (32*1024)
297-#define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT)
298+#define CHAN_SES_WINDOW_DEFAULT (4*CHAN_SES_PACKET_DEFAULT)
299+
300 #define CHAN_TCP_PACKET_DEFAULT (32*1024)
301-#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT)
302+#define CHAN_TCP_WINDOW_DEFAULT (4*CHAN_TCP_PACKET_DEFAULT)
303+
304 #define CHAN_X11_PACKET_DEFAULT (16*1024)
305 #define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)
306
307@@ -193,7 +197,7 @@ void channel_input_window_adjust(int, u
308
309 void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, int);
310 void channel_after_select(fd_set *, fd_set *);
311-void channel_output_poll(void);
312+int channel_output_poll(void);
313
314 int channel_not_very_much_buffered_data(void);
315 void channel_close_all(void);
316@@ -208,21 +212,21 @@ void channel_add_permitted_opens(char *
317 int channel_add_adm_permitted_opens(char *, int);
318 void channel_clear_permitted_opens(void);
319 void channel_clear_adm_permitted_opens(void);
320-int channel_input_port_forward_request(int, int);
321+int channel_input_port_forward_request(int, int, int, int);
322 int channel_connect_to(const char *, u_short);
323 int channel_connect_by_listen_address(u_short);
324 int channel_request_remote_forwarding(const char *, u_short,
325 const char *, u_short);
326 int channel_setup_local_fwd_listener(const char *, u_short,
327- const char *, u_short, int);
328+ const char *, u_short, int, int, int);
329 void channel_request_rforward_cancel(const char *host, u_short port);
330-int channel_setup_remote_fwd_listener(const char *, u_short, int);
331+int channel_setup_remote_fwd_listener(const char *, u_short, int, int, int);
332 int channel_cancel_rport_listener(const char *, u_short);
333
334 /* x11 forwarding */
335
336 int x11_connect_display(void);
337-int x11_create_display_inet(int, int, int, u_int *, int **);
338+int x11_create_display_inet(int, int, int, u_int *, int **, int, int);
339 void x11_input_open(int, u_int32_t, void *);
340 void x11_request_forwarding_with_spoofing(int, const char *, const char *,
341 const char *);
342diff -NupwB openssh-4.9p1/cipher.c openssh-4.9p1-hpn13/cipher.c
343--- openssh-4.9p1/cipher.c 2006-08-04 22:39:39.000000000 -0400
344+++ openssh-4.9p1-hpn13/cipher.c 2008-04-01 13:03:59.000000000 -0400
345@@ -55,6 +55,7 @@ extern const EVP_CIPHER *evp_ssh1_bf(voi
346 extern const EVP_CIPHER *evp_ssh1_3des(void);
347 extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
348 extern const EVP_CIPHER *evp_aes_128_ctr(void);
349+extern const EVP_CIPHER *evp_aes_ctr_mt(void);
350 extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
351
352 struct Cipher {
353@@ -81,9 +82,9 @@ struct Cipher {
354 { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
355 { "rijndael-cbc@lysator.liu.se",
356 SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
357- { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr },
358- { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr },
359- { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr },
360+ { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_ctr_mt },
361+ { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_ctr_mt },
362+ { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_ctr_mt },
363 #ifdef USE_CIPHER_ACSS
364 { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss },
365 #endif
366@@ -156,7 +157,8 @@ ciphers_valid(const char *names)
367 for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
368 (p = strsep(&cp, CIPHER_SEP))) {
369 c = cipher_by_name(p);
370- if (c == NULL || c->number != SSH_CIPHER_SSH2) {
371+ if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
372+c->number != SSH_CIPHER_NONE)) {
373 debug("bad cipher %s [%s]", p, names);
374 xfree(cipher_list);
375 return 0;
376@@ -330,6 +332,7 @@ cipher_get_keyiv(CipherContext *cc, u_ch
377 int evplen;
378
379 switch (c->number) {
380+ case SSH_CIPHER_NONE:
381 case SSH_CIPHER_SSH2:
382 case SSH_CIPHER_DES:
383 case SSH_CIPHER_BLOWFISH:
384@@ -364,6 +367,7 @@ cipher_set_keyiv(CipherContext *cc, u_ch
385 int evplen = 0;
386
387 switch (c->number) {
388+ case SSH_CIPHER_NONE:
389 case SSH_CIPHER_SSH2:
390 case SSH_CIPHER_DES:
391 case SSH_CIPHER_BLOWFISH:
392diff -NupwB openssh-4.9p1/cipher-ctr-mt.c openssh-4.9p1-hpn13/cipher-ctr-mt.c
393--- openssh-4.9p1/cipher-ctr-mt.c 1969-12-31 19:00:00.000000000 -0500
394+++ openssh-4.9p1-hpn13/cipher-ctr-mt.c 2008-04-01 13:03:59.000000000 -0400
395@@ -0,0 +1,473 @@
396+/*
397+ * OpenSSH Multi-threaded AES-CTR Cipher
398+ *
399+ * Author: Benjamin Bennett <ben@psc.edu>
400+ * Copyright (c) 2008 Pittsburgh Supercomputing Center. All rights reserved.
401+ *
402+ * Based on original OpenSSH AES-CTR cipher. Small portions remain unchanged,
403+ * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
404+ *
405+ * Permission to use, copy, modify, and distribute this software for any
406+ * purpose with or without fee is hereby granted, provided that the above
407+ * copyright notice and this permission notice appear in all copies.
408+ *
409+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
410+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
411+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
412+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
413+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
414+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
415+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
416+ */
417+#include "includes.h"
418+
419+#include <sys/types.h>
420+
421+#include <stdarg.h>
422+#include <string.h>
423+
424+#include <openssl/evp.h>
425+
426+#include "xmalloc.h"
427+#include "log.h"
428+
429+/* compatibility with old or broken OpenSSL versions */
430+#include "openbsd-compat/openssl-compat.h"
431+
432+#ifndef USE_BUILTIN_RIJNDAEL
433+#include <openssl/aes.h>
434+#endif
435+
436+#include <pthread.h>
437+
438+/*-------------------- TUNABLES --------------------*/
439+/* Number of pregen threads to use */
440+#define CIPHER_THREADS 2
441+
442+/* Number of keystream queues */
443+#define NUMKQ (CIPHER_THREADS + 2)
444+
445+/* Length of a keystream queue */
446+#define KQLEN 4096
447+
448+/* Processor cacheline length */
449+#define CACHELINE_LEN 64
450+
451+/* Collect thread stats and print at cancellation when in debug mode */
452+// #define CIPHER_THREAD_STATS
453+
454+/* Use single-byte XOR instead of 8-byte XOR */
455+// #define CIPHER_BYTE_XOR
456+/*-------------------- END TUNABLES --------------------*/
457+
458+
459+const EVP_CIPHER *evp_aes_ctr_mt(void);
460+
461+#ifdef CIPHER_THREAD_STATS
462+/*
463+ * Struct to collect thread stats
464+ */
465+struct thread_stats {
466+ u_int fills;
467+ u_int skips;
468+ u_int waits;
469+ u_int drains;
470+};
471+
472+/*
473+ * Debug print the thread stats
474+ * Use with pthread_cleanup_push for displaying at thread cancellation
475+ */
476+static void
477+thread_loop_stats(void *x)
478+{
479+ struct thread_stats *s = x;
480+
481+ debug("tid %lu - %u fills, %u skips, %u waits", pthread_self(),
482+ s->fills, s->skips, s->waits);
483+}
484+
485+ #define STATS_STRUCT(s) struct thread_stats s
486+ #define STATS_INIT(s) { memset(&s, 0, sizeof(s)); }
487+ #define STATS_FILL(s) { s.fills++; }
488+ #define STATS_SKIP(s) { s.skips++; }
489+ #define STATS_WAIT(s) { s.waits++; }
490+ #define STATS_DRAIN(s) { s.drains++; }
491+#else
492+ #define STATS_STRUCT(s)
493+ #define STATS_INIT(s)
494+ #define STATS_FILL(s)
495+ #define STATS_SKIP(s)
496+ #define STATS_WAIT(s)
497+ #define STATS_DRAIN(s)
498+#endif
499+
500+/* Keystream Queue state */
501+enum {
502+ KQINIT,
503+ KQEMPTY,
504+ KQFILLING,
505+ KQFULL,
506+ KQDRAINING
507+};
508+
509+/* Keystream Queue struct */
510+struct kq {
511+ u_char keys[KQLEN][AES_BLOCK_SIZE];
512+ u_char ctr[AES_BLOCK_SIZE];
513+ u_char pad0[CACHELINE_LEN];
514+ volatile int qstate;
515+ pthread_mutex_t lock;
516+ pthread_cond_t cond;
517+ u_char pad1[CACHELINE_LEN];
518+};
519+
520+/* Context struct */
521+struct ssh_aes_ctr_ctx
522+{
523+ struct kq q[NUMKQ];
524+ AES_KEY aes_ctx;
525+ STATS_STRUCT(stats);
526+ u_char aes_counter[AES_BLOCK_SIZE];
527+ pthread_t tid[CIPHER_THREADS];
528+ int state;
529+ int qidx;
530+ int ridx;
531+};
532+
533+/* <friedl>
534+ * increment counter 'ctr',
535+ * the counter is of size 'len' bytes and stored in network-byte-order.
536+ * (LSB at ctr[len-1], MSB at ctr[0])
537+ */
538+static void
539+ssh_ctr_inc(u_char *ctr, u_int len)
540+{
541+ int i;
542+
543+ for (i = len - 1; i >= 0; i--)
544+ if (++ctr[i]) /* continue on overflow */
545+ return;
546+}
547+
548+/*
549+ * Add num to counter 'ctr'
550+ */
551+static void
552+ssh_ctr_add(u_char *ctr, uint32_t num, u_int len)
553+{
554+ int i;
555+ uint16_t n;
556+
557+ for (n = 0, i = len - 1; i >= 0 && (num || n); i--) {
558+ n = ctr[i] + (num & 0xff) + n;
559+ num >>= 8;
560+ ctr[i] = n & 0xff;
561+ n >>= 8;
562+ }
563+}
564+
565+/*
566+ * Threads may be cancelled in a pthread_cond_wait, we must free the mutex
567+ */
568+static void
569+thread_loop_cleanup(void *x)
570+{
571+ pthread_mutex_unlock((pthread_mutex_t *)x);
572+}
573+
574+/*
575+ * The life of a pregen thread:
576+ * Find empty keystream queues and fill them using their counter.
577+ * When done, update counter for the next fill.
578+ */
579+static void *
580+thread_loop(void *x)
581+{
582+ AES_KEY key;
583+ STATS_STRUCT(stats);
584+ struct ssh_aes_ctr_ctx *c = x;
585+ struct kq *q;
586+ int i;
587+ int qidx;
588+
589+ /* Threads stats on cancellation */
590+ STATS_INIT(stats);
591+#ifdef CIPHER_THREAD_STATS
592+ pthread_cleanup_push(thread_loop_stats, &stats);
593+#endif
594+
595+ /* Thread local copy of AES key */
596+ memcpy(&key, &c->aes_ctx, sizeof(key));
597+
598+ /*
599+ * Handle the special case of startup, one thread must fill
600+ * the first KQ then mark it as draining. Lock held throughout.
601+ */
602+ if (pthread_equal(pthread_self(), c->tid[0])) {
603+ q = &c->q[0];
604+ pthread_mutex_lock(&q->lock);
605+ if (q->qstate == KQINIT) {
606+ for (i = 0; i < KQLEN; i++) {
607+ AES_encrypt(q->ctr, q->keys[i], &key);
608+ ssh_ctr_inc(q->ctr, AES_BLOCK_SIZE);
609+ }
610+ ssh_ctr_add(q->ctr, KQLEN * (NUMKQ - 1), AES_BLOCK_SIZE);
611+ q->qstate = KQDRAINING;
612+ STATS_FILL(stats);
613+ pthread_cond_broadcast(&q->cond);
614+ }
615+ pthread_mutex_unlock(&q->lock);
616+ }
617+ else
618+ STATS_SKIP(stats);
619+
620+ /*
621+ * Normal case is to find empty queues and fill them, skipping over
622+ * queues already filled by other threads and stopping to wait for
623+ * a draining queue to become empty.
624+ *
625+ * Multiple threads may be waiting on a draining queue and awoken
626+ * when empty. The first thread to wake will mark it as filling,
627+ * others will move on to fill, skip, or wait on the next queue.
628+ */
629+ for (qidx = 1;; qidx = (qidx + 1) % NUMKQ) {
630+ /* Check if I was cancelled, also checked in cond_wait */
631+ pthread_testcancel();
632+
633+ /* Lock queue and block if its draining */
634+ q = &c->q[qidx];
635+ pthread_mutex_lock(&q->lock);
636+ pthread_cleanup_push(thread_loop_cleanup, &q->lock);
637+ while (q->qstate == KQDRAINING || q->qstate == KQINIT) {
638+ STATS_WAIT(stats);
639+ pthread_cond_wait(&q->cond, &q->lock);
640+ }
641+ pthread_cleanup_pop(0);
642+
643+ /* If filling or full, somebody else got it, skip */
644+ if (q->qstate != KQEMPTY) {
645+ pthread_mutex_unlock(&q->lock);
646+ STATS_SKIP(stats);
647+ continue;
648+ }
649+
650+ /*
651+ * Empty, let's fill it.
652+ * Queue lock is relinquished while we do this so others
653+ * can see that it's being filled.
654+ */
655+ q->qstate = KQFILLING;
656+ pthread_mutex_unlock(&q->lock);
657+ for (i = 0; i < KQLEN; i++) {
658+ AES_encrypt(q->ctr, q->keys[i], &key);
659+ ssh_ctr_inc(q->ctr, AES_BLOCK_SIZE);
660+ }
661+
662+ /* Re-lock, mark full and signal consumer */
663+ pthread_mutex_lock(&q->lock);
664+ ssh_ctr_add(q->ctr, KQLEN * (NUMKQ - 1), AES_BLOCK_SIZE);
665+ q->qstate = KQFULL;
666+ STATS_FILL(stats);
667+ pthread_cond_signal(&q->cond);
668+ pthread_mutex_unlock(&q->lock);
669+ }
670+
671+#ifdef CIPHER_THREAD_STATS
672+ /* Stats */
673+ pthread_cleanup_pop(1);
674+#endif
675+
676+ return NULL;
677+}
678+
679+static int
680+ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
681+ u_int len)
682+{
683+ struct ssh_aes_ctr_ctx *c;
684+ struct kq *q, *oldq;
685+ int ridx;
686+ u_char *buf;
687+
688+ if (len == 0)
689+ return (1);
690+ if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
691+ return (0);
692+
693+ q = &c->q[c->qidx];
694+ ridx = c->ridx;
695+
696+ /* src already padded to block multiple */
697+ while (len > 0) {
698+ buf = q->keys[ridx];
699+
700+#ifdef CIPHER_BYTE_XOR
701+ dest[0] = src[0] ^ buf[0];
702+ dest[1] = src[1] ^ buf[1];
703+ dest[2] = src[2] ^ buf[2];
704+ dest[3] = src[3] ^ buf[3];
705+ dest[4] = src[4] ^ buf[4];
706+ dest[5] = src[5] ^ buf[5];
707+ dest[6] = src[6] ^ buf[6];
708+ dest[7] = src[7] ^ buf[7];
709+ dest[8] = src[8] ^ buf[8];
710+ dest[9] = src[9] ^ buf[9];
711+ dest[10] = src[10] ^ buf[10];
712+ dest[11] = src[11] ^ buf[11];
713+ dest[12] = src[12] ^ buf[12];
714+ dest[13] = src[13] ^ buf[13];
715+ dest[14] = src[14] ^ buf[14];
716+ dest[15] = src[15] ^ buf[15];
717+#else
718+ *(uint64_t *)dest = *(uint64_t *)src ^ *(uint64_t *)buf;
719+ *(uint64_t *)(dest + 8) = *(uint64_t *)(src + 8) ^
720+ *(uint64_t *)(buf + 8);
721+#endif
722+
723+ dest += 16;
724+ src += 16;
725+ len -= 16;
726+ ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE);
727+
728+ /* Increment read index, switch queues on rollover */
729+ if ((ridx = (ridx + 1) % KQLEN) == 0) {
730+ oldq = q;
731+
732+ /* Mark next queue draining, may need to wait */
733+ c->qidx = (c->qidx + 1) % NUMKQ;
734+ q = &c->q[c->qidx];
735+ pthread_mutex_lock(&q->lock);
736+ while (q->qstate != KQFULL) {
737+ STATS_WAIT(c->stats);
738+ pthread_cond_wait(&q->cond, &q->lock);
739+ }
740+ q->qstate = KQDRAINING;
741+ pthread_mutex_unlock(&q->lock);
742+
743+ /* Mark consumed queue empty and signal producers */
744+ pthread_mutex_lock(&oldq->lock);
745+ oldq->qstate = KQEMPTY;
746+ STATS_DRAIN(c->stats);
747+ pthread_cond_broadcast(&oldq->cond);
748+ pthread_mutex_unlock(&oldq->lock);
749+ }
750+ }
751+ c->ridx = ridx;
752+ return (1);
753+}
754+
755+#define HAVE_NONE 0
756+#define HAVE_KEY 1
757+#define HAVE_IV 2
758+static int
759+ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
760+ int enc)
761+{
762+ struct ssh_aes_ctr_ctx *c;
763+ int i;
764+
765+ if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
766+ c = xmalloc(sizeof(*c));
767+
768+ c->state = HAVE_NONE;
769+ for (i = 0; i < NUMKQ; i++) {
770+ pthread_mutex_init(&c->q[i].lock, NULL);
771+ pthread_cond_init(&c->q[i].cond, NULL);
772+ }
773+
774+ STATS_INIT(c->stats);
775+
776+ EVP_CIPHER_CTX_set_app_data(ctx, c);
777+ }
778+
779+ if (c->state == (HAVE_KEY | HAVE_IV)) {
780+ /* Cancel pregen threads */
781+ for (i = 0; i < CIPHER_THREADS; i++)
782+ pthread_cancel(c->tid[i]);
783+ for (i = 0; i < CIPHER_THREADS; i++)
784+ pthread_join(c->tid[i], NULL);
785+ /* Start over getting key & iv */
786+ c->state = HAVE_NONE;
787+ }
788+
789+ if (key != NULL) {
790+ AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
791+ &c->aes_ctx);
792+ c->state |= HAVE_KEY;
793+ }
794+
795+ if (iv != NULL) {
796+ memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
797+ c->state |= HAVE_IV;
798+ }
799+
800+ if (c->state == (HAVE_KEY | HAVE_IV)) {
801+ /* Clear queues */
802+ memcpy(c->q[0].ctr, ctx->iv, AES_BLOCK_SIZE);
803+ c->q[0].qstate = KQINIT;
804+ for (i = 1; i < NUMKQ; i++) {
805+ memcpy(c->q[i].ctr, ctx->iv, AES_BLOCK_SIZE);
806+ ssh_ctr_add(c->q[i].ctr, i * KQLEN, AES_BLOCK_SIZE);
807+ c->q[i].qstate = KQEMPTY;
808+ }
809+ c->qidx = 0;
810+ c->ridx = 0;
811+
812+ /* Start threads */
813+ for (i = 0; i < CIPHER_THREADS; i++) {
814+ pthread_create(&c->tid[i], NULL, thread_loop, c);
815+ }
816+ pthread_mutex_lock(&c->q[0].lock);
817+ while (c->q[0].qstate != KQDRAINING)
818+ pthread_cond_wait(&c->q[0].cond, &c->q[0].lock);
819+ pthread_mutex_unlock(&c->q[0].lock);
820+
821+ }
822+ return (1);
823+}
824+
825+static int
826+ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
827+{
828+ struct ssh_aes_ctr_ctx *c;
829+ int i;
830+
831+ if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
832+#ifdef CIPHER_THREAD_STATS
833+ debug("main thread: %u drains, %u waits", c->stats.drains,
834+ c->stats.waits);
835+#endif
836+ /* Cancel pregen threads */
837+ for (i = 0; i < CIPHER_THREADS; i++)
838+ pthread_cancel(c->tid[i]);
839+ for (i = 0; i < CIPHER_THREADS; i++)
840+ pthread_join(c->tid[i], NULL);
841+
842+ memset(c, 0, sizeof(*c));
843+ xfree(c);
844+ EVP_CIPHER_CTX_set_app_data(ctx, NULL);
845+ }
846+ return (1);
847+}
848+
849+/* <friedl> */
850+const EVP_CIPHER *
851+evp_aes_ctr_mt(void)
852+{
853+ static EVP_CIPHER aes_ctr;
854+
855+ memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
856+ aes_ctr.nid = NID_undef;
857+ aes_ctr.block_size = AES_BLOCK_SIZE;
858+ aes_ctr.iv_len = AES_BLOCK_SIZE;
859+ aes_ctr.key_len = 16;
860+ aes_ctr.init = ssh_aes_ctr_init;
861+ aes_ctr.cleanup = ssh_aes_ctr_cleanup;
862+ aes_ctr.do_cipher = ssh_aes_ctr;
863+#ifndef SSH_OLD_EVP
864+ aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
865+ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
866+#endif
867+ return (&aes_ctr);
868+}
869diff -NupwB openssh-4.9p1/clientloop.c openssh-4.9p1-hpn13/clientloop.c
870--- openssh-4.9p1/clientloop.c 2008-03-07 02:33:30.000000000 -0500
871+++ openssh-4.9p1-hpn13/clientloop.c 2008-04-01 13:17:11.000000000 -0400
872@@ -923,13 +923,16 @@ client_process_control(fd_set *readset)
873
874 set_nonblock(client_fd);
875
876+ if (options.hpn_disabled)
877 window = CHAN_SES_WINDOW_DEFAULT;
878+ else
879+ window = options.hpn_buffer_size;
880+
881 packetmax = CHAN_SES_PACKET_DEFAULT;
882 if (cctx->want_tty) {
883 window >>= 1;
884 packetmax >>= 1;
885 }
886-
887 c = channel_new("session", SSH_CHANNEL_OPENING,
888 new_fd[0], new_fd[1], new_fd[2], window, packetmax,
889 CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
890@@ -1034,7 +1037,8 @@ process_cmdline(void)
891 if (local) {
892 if (channel_setup_local_fwd_listener(fwd.listen_host,
893 fwd.listen_port, fwd.connect_host,
894- fwd.connect_port, options.gateway_ports) < 0) {
895+ fwd.connect_port, options.gateway_ports,
896+ options.hpn_disabled, options.hpn_buffer_size) < 0) {
897 logit("Port forwarding failed.");
898 goto out;
899 }
900@@ -1737,9 +1741,15 @@ client_request_forwarded_tcpip(const cha
901 xfree(listen_address);
902 return NULL;
903 }
904+ if (options.hpn_disabled)
905 c = channel_new("forwarded-tcpip",
906 SSH_CHANNEL_CONNECTING, sock, sock, -1,
907- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
908+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
909+ originator_address, 1);
910+ else
911+ c = channel_new("forwarded-tcpip",
912+ SSH_CHANNEL_CONNECTING, sock, sock, -1,
913+ options.hpn_buffer_size, options.hpn_buffer_size, 0,
914 originator_address, 1);
915 xfree(originator_address);
916 xfree(listen_address);
917@@ -1774,9 +1784,15 @@ client_request_x11(const char *request_t
918 sock = x11_connect_display();
919 if (sock < 0)
920 return NULL;
921+ /* again is this really necessary for X11? */
922+ if (options.hpn_disabled)
923 c = channel_new("x11",
924 SSH_CHANNEL_X11_OPEN, sock, sock, -1,
925 CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
926+ else
927+ c = channel_new("x11",
928+ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
929+ options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
930 c->force_drain = 1;
931 return c;
932 }
933@@ -1795,9 +1811,15 @@ client_request_agent(const char *request
934 sock = ssh_get_authentication_socket();
935 if (sock < 0)
936 return NULL;
937+ if (options.hpn_disabled)
938+ c = channel_new("authentication agent connection",
939+ SSH_CHANNEL_OPEN, sock, sock, -1,
940+ CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
941+ "authentication agent connection", 1);
942+ else
943 c = channel_new("authentication agent connection",
944 SSH_CHANNEL_OPEN, sock, sock, -1,
945- CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
946+ options.hpn_buffer_size, options.hpn_buffer_size, 0,
947 "authentication agent connection", 1);
948 c->force_drain = 1;
949 return c;
950@@ -1825,10 +1847,18 @@ client_request_tun_fwd(int tun_mode, int
951 return -1;
952 }
953
954+ if(options.hpn_disabled)
955 c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
956- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
957+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
958+ 0, "tun", 1);
959+ else
960+ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
961+ options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
962+ 0, "tun", 1);
963 c->datagram = 1;
964
965+
966+
967 #if defined(SSH_TUN_FILTER)
968 if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
969 channel_register_filter(c->self, sys_tun_infilter,
970diff -NupwB openssh-4.9p1/compat.c openssh-4.9p1-hpn13/compat.c
971--- openssh-4.9p1/compat.c 2007-01-05 00:26:46.000000000 -0500
972+++ openssh-4.9p1-hpn13/compat.c 2008-04-01 13:03:59.000000000 -0400
973@@ -169,6 +169,15 @@ compat_datafellows(const char *version)
974 strlen(check[i].pat), 0) == 1) {
975 debug("match: %s pat %s", version, check[i].pat);
976 datafellows = check[i].bugs;
977+ /* Check to see if the remote side is OpenSSH and not HPN */
978+ if(strstr(version,"OpenSSH") != NULL)
979+ {
980+ if (strstr(version,"hpn") == NULL)
981+ {
982+ datafellows |= SSH_BUG_LARGEWINDOW;
983+ debug("Remote is NON-HPN aware");
984+ }
985+ }
986 return;
987 }
988 }
989diff -NupwB openssh-4.9p1/compat.h openssh-4.9p1-hpn13/compat.h
990--- openssh-4.9p1/compat.h 2007-01-05 00:26:46.000000000 -0500
991+++ openssh-4.9p1-hpn13/compat.h 2008-04-01 13:03:59.000000000 -0400
992@@ -57,6 +57,7 @@
993 #define SSH_BUG_FIRSTKEX 0x00800000
994 #define SSH_OLD_FORWARD_ADDR 0x01000000
995 #define SSH_BUG_RFWD_ADDR 0x02000000
996+#define SSH_BUG_LARGEWINDOW 0x04000000
997
998 void enable_compat13(void);
999 void enable_compat20(void);
1000Common subdirectories: openssh-4.9p1/contrib and openssh-4.9p1-hpn13/contrib
1001diff -NupwB openssh-4.9p1/HPN-README openssh-4.9p1-hpn13/HPN-README
1002--- openssh-4.9p1/HPN-README 1969-12-31 19:00:00.000000000 -0500
1003+++ openssh-4.9p1-hpn13/HPN-README 2008-04-01 13:37:46.000000000 -0400
1004@@ -0,0 +1,128 @@
1005+Notes:
1006+
1007+MULTI-THREADED CIPHER:
1008+The AES cipher in CTR mode has been multithreaded (MTR-AES-CTR). This will allow ssh installations
1009+on hosts with multiple cores to use more than one processing core during encryption.
1010+Tests have show significant throughput performance increases when using MTR-AES-CTR up
1011+to and including a full gigabit per second on quad core systems. It should be possible to
1012+achieve full line rate on dual core systems but OS and data management overhead makes this
1013+more difficult to achieve. The cipher stream from MTR-AES-CTR is entirely compatible with single
1014+thread AES-CTR (ST-AES-CTR) implementations and should be 100% backward compatible. Optimal
1015+performance requires the MTR-AES-CTR mode be enabled on both ends of the connection.
1016+The MTR-AES-CTR replaces ST-AES-CTR and is used in exactly the same way with the same
1017+nomenclature.
1018+Use examples: ssh -caes128-ctr you@host.com
1019+ scp -oCipher=aes256-ctr file you@host.com:~/file
1020+
1021+NONE CIPHER:
1022+To use the NONE option you must have the NoneEnabled switch set on the server and
1023+you *must* have *both* NoneEnabled and NoneSwitch set to yes on the client. The NONE
1024+feature works with ALL ssh subsystems (as far as we can tell) *AS LONG AS* a tty is not
1025+spawned. If a user uses the -T switch to prevent a tty being created the NONE cipher will
1026+be disabled.
1027+
1028+The performance increase will only be as good as the network and TCP stack tuning
1029+on the reciever side of the connection allows. As a rule of thumb a user will need
1030+at least 10Mb/s connection with a 100ms RTT to see a doubling of performance. The
1031+HPN-SSH home page describes this in greater detail.
1032+
1033+http://www.psc.edu/networking/projects/hpn-ssh
1034+
1035+BUFFER SIZES:
1036+
1037+If HPN is disabled the receive buffer size will be set to the
1038+OpenSSH default of 64K.
1039+
1040+If an HPN system connects to a nonHPN system the receive buffer will
1041+be set to the HPNBufferSize value. The default is 2MB but user adjustable.
1042+
1043+If an HPN to HPN connection is established a number of different things might
1044+happen based on the user options and conditions.
1045+
1046+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
1047+HPN Buffer Size = up to 64MB
1048+This is the default state. The HPN buffer size will grow to a maximum of 64MB
1049+as the TCP receive buffer grows. The maximum HPN Buffer size of 64MB is
1050+geared towards 10GigE transcontinental connections.
1051+
1052+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
1053+HPN Buffer Size = TCP receive buffer value.
1054+Users on non-autotuning systesm should disable TCPRcvBufPoll in the
1055+ssh_cofig and sshd_config
1056+
1057+Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
1058+HPN Buffer Size = minmum of TCP receive buffer and HPNBufferSize.
1059+This would be the system defined TCP receive buffer (RWIN).
1060+
1061+Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf SET
1062+HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
1063+Generally there is no need to set both.
1064+
1065+Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
1066+HPN Buffer Size = grows to HPNBufferSize
1067+The buffer will grow up to the maximum size specified here.
1068+
1069+Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf SET
1070+HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
1071+Generally there is no need to set both of these, especially on autotuning
1072+systems. However, if the users wishes to override the autotuning this would be
1073+one way to do it.
1074+
1075+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf SET
1076+HPN Buffer Size = TCPRcvBuf.
1077+This will override autotuning and set the TCP recieve buffer to the user defined
1078+value.
1079+
1080+
1081+HPN Specific Configuration options
1082+
1083+TcpRcvBuf=[int]KB client
1084+ set the TCP socket receive buffer to n Kilobytes. It can be set up to the
1085+maximum socket size allowed by the system. This is useful in situations where
1086+the tcp receive window is set low but the maximum buffer size is set
1087+higher (as is typical). This works on a per TCP connection basis. You can also
1088+use this to artifically limit the transfer rate of the connection. In these
1089+cases the throughput will be no more than n/RTT. The minimum buffer size is 1KB.
1090+Default is the current system wide tcp receive buffer size.
1091+
1092+TcpRcvBufPoll=[yes/no] client/server
1093+ enable of disable the polling of the tcp receive buffer through the life
1094+of the connection. You would want to make sure that this option is enabled
1095+for systems making use of autotuning kernels (linux 2.4.24+, 2.6, MS Vista)
1096+default is yes.
1097+
1098+NoneEnabled=[yes/no] client/server
1099+ enable or disable the use of the None cipher. Care must always be used
1100+when enabling this as it will allow users to send data in the clear. However,
1101+it is important to note that authentication information remains encrypted
1102+even if this option is enabled. Set to no by default.
1103+
1104+NoneSwitch=[yes/no] client
1105+ Switch the encryption cipher being used to the None cipher after
1106+authentication takes place. NoneEnabled must be enabled on both the client
1107+and server side of the connection. When the connection switches to the NONE
1108+cipher a warning is sent to STDERR. The connection attempt will fail with an
1109+error if a client requests a NoneSwitch from the server that does not explicitly
1110+have NoneEnabled set to yes. Note: The NONE cipher cannot be used in
1111+interactive (shell) sessions and it will fail silently. Set to no by default.
1112+
1113+HPNDisabled=[yes/no] client/server
1114+ In some situations, such as transfers on a local area network, the impact
1115+of the HPN code produces a net decrease in performance. In these cases it is
1116+helpful to disable the HPN functionality. By default HPNDisabled is set to no.
1117+
1118+HPNBufferSize=[int]KB client/server
1119+ This is the default buffer size the HPN functionality uses when interacting
1120+with nonHPN SSH installations. Conceptually this is similar to the TcpRcvBuf
1121+option as applied to the internal SSH flow control. This value can range from
1122+1KB to 64MB (1-65536). Use of oversized or undersized buffers can cause performance
1123+problems depending on the length of the network path. The default size of this buffer
1124+is 2MB.
1125+
1126+
1127+Credits: This patch was conceived, designed, and led by Chris Rapier (rapier@psc.edu)
1128+ The majority of the actual coding for versions up to HPN12v1 was performed
1129+ by Michael Stevens (mstevens@andrew.cmu.edu). The MT-AES-CTR cipher was
1130+ implemented by Ben Bennet (ben@psc.edu). This work was financed, in part,
1131+ by Cisco System, Inc., the National Library of Medicine,
1132+ and the National Science Foundation.
1133diff -NupwB openssh-4.9p1/kex.c openssh-4.9p1-hpn13/kex.c
1134--- openssh-4.9p1/kex.c 2007-06-05 04:30:18.000000000 -0400
1135+++ openssh-4.9p1-hpn13/kex.c 2008-04-01 13:03:59.000000000 -0400
1136@@ -48,6 +48,7 @@
1137 #include "match.h"
1138 #include "dispatch.h"
1139 #include "monitor.h"
1140+#include "canohost.h"
1141
1142 #define KEX_COOKIE_LEN 16
1143
1144@@ -64,7 +65,8 @@ static void kex_kexinit_finish(Kex *);
1145 static void kex_choose_conf(Kex *);
1146
1147 /* put algorithm proposal into buffer */
1148-static void
1149+/* used in sshconnect.c as well as kex.c */
1150+void
1151 kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
1152 {
1153 u_int i;
1154@@ -376,6 +378,13 @@ kex_choose_conf(Kex *kex)
1155 int nenc, nmac, ncomp;
1156 u_int mode, ctos, need;
1157 int first_kex_follows, type;
1158+ int log_flag = 0;
1159+
1160+ int auth_flag;
1161+
1162+ auth_flag = packet_authentication_state();
1163+
1164+ debug ("AUTH STATE IS %d", auth_flag);
1165
1166 my = kex_buf2prop(&kex->my, NULL);
1167 peer = kex_buf2prop(&kex->peer, &first_kex_follows);
1168@@ -400,11 +409,34 @@ kex_choose_conf(Kex *kex)
1169 choose_enc (&newkeys->enc, cprop[nenc], sprop[nenc]);
1170 choose_mac (&newkeys->mac, cprop[nmac], sprop[nmac]);
1171 choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
1172+ debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
1173+ if (strcmp(newkeys->enc.name, "none") == 0) {
1174+ debug("Requesting NONE. Authflag is %d", auth_flag);
1175+ if (auth_flag == 1) {
1176+ debug("None requested post authentication.");
1177+ } else {
1178+ fatal("Pre-authentication none cipher requests are not allowed.");
1179+ }
1180+ }
1181 debug("kex: %s %s %s %s",
1182 ctos ? "client->server" : "server->client",
1183 newkeys->enc.name,
1184 newkeys->mac.name,
1185 newkeys->comp.name);
1186+ /* client starts withctos = 0 && log flag = 0 and no log*/
1187+ /* 2nd client pass ctos=1 and flag = 1 so no log*/
1188+ /* server starts with ctos =1 && log_flag = 0 so log */
1189+ /* 2nd sever pass ctos = 1 && log flag = 1 so no log*/
1190+ /* -cjr*/
1191+ if (ctos && !log_flag) {
1192+ logit("SSH: Server;Ltype: Kex;Remote: %s-%d;Enc: %s;MAC: %s;Comp: %s",
1193+ get_remote_ipaddr(),
1194+ get_remote_port(),
1195+ newkeys->enc.name,
1196+ newkeys->mac.name,
1197+ newkeys->comp.name);
1198+ }
1199+ log_flag = 1;
1200 }
1201 choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
1202 choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
1203diff -NupwB openssh-4.9p1/kex.h openssh-4.9p1-hpn13/kex.h
1204--- openssh-4.9p1/kex.h 2007-06-11 00:01:42.000000000 -0400
1205+++ openssh-4.9p1-hpn13/kex.h 2008-04-01 13:03:59.000000000 -0400
1206@@ -127,6 +127,8 @@ struct Kex {
1207 void (*kex[KEX_MAX])(Kex *);
1208 };
1209
1210+void kex_prop2buf(Buffer *, char *proposal[PROPOSAL_MAX]);
1211+
1212 Kex *kex_setup(char *[PROPOSAL_MAX]);
1213 void kex_finish(Kex *);
1214
1215diff -NupwB openssh-4.9p1/Makefile.in openssh-4.9p1-hpn13/Makefile.in
1216--- openssh-4.9p1/Makefile.in 2008-03-12 21:41:31.000000000 -0400
1217+++ openssh-4.9p1-hpn13/Makefile.in 2008-04-01 13:03:59.000000000 -0400
1218@@ -43,7 +43,7 @@ CC=@CC@
1219 LD=@LD@
1220 CFLAGS=@CFLAGS@
1221 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
1222-LIBS=@LIBS@
1223+LIBS=@LIBS@ -lpthread
1224 SSHDLIBS=@SSHDLIBS@
1225 LIBEDIT=@LIBEDIT@
1226 AR=@AR@
1227@@ -64,7 +64,7 @@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-a
1228
1229 LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
1230 canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
1231- cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
1232+ cipher-bf1.o cipher-ctr.o cipher-ctr-mt.o cipher-3des1.o cleanup.o \
1233 compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
1234 log.o match.o md-sha256.o moduli.o nchan.o packet.o \
1235 readpass.o rsa.o ttymodes.o xmalloc.o \
1236diff -NupwB openssh-4.9p1/myproposal.h openssh-4.9p1-hpn13/myproposal.h
1237--- openssh-4.9p1/myproposal.h 2007-06-11 00:01:42.000000000 -0400
1238+++ openssh-4.9p1-hpn13/myproposal.h 2008-04-01 13:03:59.000000000 -0400
1239@@ -46,6 +46,8 @@
1240 "arcfour128,arcfour256,arcfour," \
1241 "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \
1242 "aes128-ctr,aes192-ctr,aes256-ctr"
1243+#define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \
1244+ ",none"
1245 #define KEX_DEFAULT_MAC \
1246 "hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \
1247 "hmac-ripemd160@openssh.com," \
1248Common subdirectories: openssh-4.9p1/openbsd-compat and openssh-4.9p1-hpn13/openbsd-compat
1249diff -NupwB openssh-4.9p1/packet.c openssh-4.9p1-hpn13/packet.c
1250--- openssh-4.9p1/packet.c 2008-03-07 02:33:30.000000000 -0500
1251+++ openssh-4.9p1-hpn13/packet.c 2008-04-01 13:03:59.000000000 -0400
1252@@ -712,7 +712,7 @@ packet_enable_delayed_compress(void)
1253 /*
1254 * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
1255 */
1256-static void
1257+static int
1258 packet_send2_wrapped(void)
1259 {
1260 u_char type, *cp, *macbuf = NULL;
1261@@ -824,11 +824,13 @@ packet_send2_wrapped(void)
1262 set_newkeys(MODE_OUT);
1263 else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side)
1264 packet_enable_delayed_compress();
1265+ return(packet_length);
1266 }
1267
1268-static void
1269+static int
1270 packet_send2(void)
1271 {
1272+ static int packet_length = 0;
1273 static int rekeying = 0;
1274 struct packet *p;
1275 u_char type, *cp;
1276@@ -846,7 +848,7 @@ packet_send2(void)
1277 memcpy(&p->payload, &outgoing_packet, sizeof(Buffer));
1278 buffer_init(&outgoing_packet);
1279 TAILQ_INSERT_TAIL(&outgoing, p, next);
1280- return;
1281+ return(sizeof(Buffer));
1282 }
1283 }
1284
1285@@ -854,7 +856,7 @@ packet_send2(void)
1286 if (type == SSH2_MSG_KEXINIT)
1287 rekeying = 1;
1288
1289- packet_send2_wrapped();
1290+ packet_length = packet_send2_wrapped();
1291
1292 /* after a NEWKEYS message we can send the complete queue */
1293 if (type == SSH2_MSG_NEWKEYS) {
1294@@ -867,19 +869,22 @@ packet_send2(void)
1295 sizeof(Buffer));
1296 TAILQ_REMOVE(&outgoing, p, next);
1297 xfree(p);
1298- packet_send2_wrapped();
1299+ packet_length += packet_send2_wrapped();
1300 }
1301 }
1302+ return(packet_length);
1303 }
1304
1305-void
1306+int
1307 packet_send(void)
1308 {
1309+ int packet_len = 0;
1310 if (compat20)
1311- packet_send2();
1312+ packet_len = packet_send2();
1313 else
1314 packet_send1();
1315 DBG(debug("packet_send done"));
1316+ return(packet_len);
1317 }
1318
1319 /*
1320@@ -1419,21 +1424,23 @@ packet_disconnect(const char *fmt,...)
1321
1322 /* Checks if there is any buffered output, and tries to write some of the output. */
1323
1324-void
1325+int
1326 packet_write_poll(void)
1327 {
1328- int len = buffer_len(&output);
1329+ int len = 0;
1330+ len = buffer_len(&output);
1331
1332 if (len > 0) {
1333 len = write(connection_out, buffer_ptr(&output), len);
1334 if (len <= 0) {
1335 if (errno == EAGAIN)
1336- return;
1337+ return (0);
1338 else
1339 fatal("Write failed: %.100s", strerror(errno));
1340 }
1341 buffer_consume(&output, len);
1342 }
1343+ return(len);
1344 }
1345
1346 /*
1347@@ -1441,14 +1448,15 @@ packet_write_poll(void)
1348 * written.
1349 */
1350
1351-void
1352+int
1353 packet_write_wait(void)
1354 {
1355 fd_set *setp;
1356+ u_int bytes_sent = 0;
1357
1358 setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS),
1359 sizeof(fd_mask));
1360- packet_write_poll();
1361+ bytes_sent += packet_write_poll();
1362 while (packet_have_data_to_write()) {
1363 memset(setp, 0, howmany(connection_out + 1, NFDBITS) *
1364 sizeof(fd_mask));
1365@@ -1456,9 +1464,10 @@ packet_write_wait(void)
1366 while (select(connection_out + 1, NULL, setp, NULL, NULL) == -1 &&
1367 (errno == EAGAIN || errno == EINTR))
1368 ;
1369- packet_write_poll();
1370+ bytes_sent += packet_write_poll();
1371 }
1372 xfree(setp);
1373+ return (bytes_sent);
1374 }
1375
1376 /* Returns true if there is buffered data to write to the connection. */
1377@@ -1580,12 +1589,24 @@ packet_send_ignore(int nbytes)
1378 }
1379 }
1380
1381+int rekey_requested = 0;
1382+void
1383+packet_request_rekeying(void)
1384+{
1385+ rekey_requested = 1;
1386+}
1387+
1388 #define MAX_PACKETS (1U<<31)
1389 int
1390 packet_need_rekeying(void)
1391 {
1392 if (datafellows & SSH_BUG_NOREKEY)
1393 return 0;
1394+ if (rekey_requested == 1)
1395+ {
1396+ rekey_requested = 0;
1397+ return 1;
1398+ }
1399 return
1400 (p_send.packets > MAX_PACKETS) ||
1401 (p_read.packets > MAX_PACKETS) ||
1402@@ -1610,3 +1631,9 @@ packet_set_authenticated(void)
1403 {
1404 after_authentication = 1;
1405 }
1406+
1407+int
1408+packet_authentication_state(void)
1409+{
1410+ return(after_authentication);
1411+}
1412diff -NupwB openssh-4.9p1/packet.h openssh-4.9p1-hpn13/packet.h
1413--- openssh-4.9p1/packet.h 2008-03-07 02:33:30.000000000 -0500
1414+++ openssh-4.9p1-hpn13/packet.h 2008-04-01 13:03:59.000000000 -0400
1415@@ -20,6 +20,9 @@
1416
1417 #include <openssl/bn.h>
1418
1419+void
1420+packet_request_rekeying(void);
1421+
1422 void packet_set_connection(int, int);
1423 void packet_set_nonblocking(void);
1424 int packet_get_connection_in(void);
1425@@ -34,6 +37,7 @@ void packet_set_interactive(int);
1426 int packet_is_interactive(void);
1427 void packet_set_server(void);
1428 void packet_set_authenticated(void);
1429+int packet_authentication_state(void);
1430
1431 void packet_start(u_char);
1432 void packet_put_char(int ch);
1433@@ -43,7 +47,7 @@ void packet_put_bignum2(BIGNUM * val
1434 void packet_put_string(const void *buf, u_int len);
1435 void packet_put_cstring(const char *str);
1436 void packet_put_raw(const void *buf, u_int len);
1437-void packet_send(void);
1438+int packet_send(void);
1439
1440 int packet_read(void);
1441 void packet_read_expect(int type);
1442@@ -71,8 +75,8 @@ void packet_set_state(int, u_int32_t, u
1443 int packet_get_ssh1_cipher(void);
1444 void packet_set_iv(int, u_char *);
1445
1446-void packet_write_poll(void);
1447-void packet_write_wait(void);
1448+int packet_write_poll(void);
1449+int packet_write_wait(void);
1450 int packet_have_data_to_write(void);
1451 int packet_not_very_much_data_to_write(void);
1452
1453diff -NupwB openssh-4.9p1/progressmeter.c openssh-4.9p1-hpn13/progressmeter.c
1454--- openssh-4.9p1/progressmeter.c 2006-08-04 22:39:40.000000000 -0400
1455+++ openssh-4.9p1-hpn13/progressmeter.c 2008-04-01 14:31:59.000000000 -0400
1456@@ -68,6 +68,8 @@ static time_t last_update; /* last progr
1457 static char *file; /* name of the file being transferred */
1458 static off_t end_pos; /* ending position of transfer */
1459 static off_t cur_pos; /* transfer position as of last refresh */
1460+static off_t last_pos;
1461+static off_t max_delta_pos = 0;
1462 static volatile off_t *counter; /* progress counter */
1463 static long stalled; /* how long we have been stalled */
1464 static int bytes_per_second; /* current speed in bytes per second */
1465@@ -128,12 +130,17 @@ refresh_progress_meter(void)
1466 int hours, minutes, seconds;
1467 int i, len;
1468 int file_len;
1469+ off_t delta_pos;
1470
1471 transferred = *counter - cur_pos;
1472 cur_pos = *counter;
1473 now = time(NULL);
1474 bytes_left = end_pos - cur_pos;
1475
1476+ delta_pos = cur_pos - last_pos;
1477+ if (delta_pos > max_delta_pos)
1478+ max_delta_pos = delta_pos;
1479+
1480 if (bytes_left > 0)
1481 elapsed = now - last_update;
1482 else {
1483@@ -158,7 +165,7 @@ refresh_progress_meter(void)
1484
1485 /* filename */
1486 buf[0] = '\0';
1487- file_len = win_size - 35;
1488+ file_len = win_size - 45;
1489 if (file_len > 0) {
1490 len = snprintf(buf, file_len + 1, "\r%s", file);
1491 if (len < 0)
1492@@ -175,7 +182,8 @@ refresh_progress_meter(void)
1493 percent = ((float)cur_pos / end_pos) * 100;
1494 else
1495 percent = 100;
1496- snprintf(buf + strlen(buf), win_size - strlen(buf),
1497+
1498+ snprintf(buf + strlen(buf), win_size - strlen(buf-8),
1499 " %3d%% ", percent);
1500
1501 /* amount transferred */
1502@@ -188,6 +196,11 @@ refresh_progress_meter(void)
1503 (off_t)bytes_per_second);
1504 strlcat(buf, "/s ", win_size);
1505
1506+ /* instantaneous rate */
1507+ format_rate(buf + strlen(buf), win_size - strlen(buf),
1508+ delta_pos);
1509+ strlcat(buf, "/s ", win_size);
1510+
1511 /* ETA */
1512 if (!transferred)
1513 stalled += elapsed;
1514@@ -224,6 +237,7 @@ refresh_progress_meter(void)
1515
1516 atomicio(vwrite, STDOUT_FILENO, buf, win_size - 1);
1517 last_update = now;
1518+ last_pos = cur_pos;
1519 }
1520
1521 /*ARGSUSED*/
1522@@ -270,6 +284,7 @@ void
1523 stop_progress_meter(void)
1524 {
1525 alarm(0);
1526+ char lbuf[10];
1527
1528 if (!can_output())
1529 return;
1530@@ -278,6 +293,8 @@ stop_progress_meter(void)
1531 if (cur_pos != end_pos)
1532 refresh_progress_meter();
1533
1534+ format_rate(lbuf, sizeof(lbuf), max_delta_pos);
1535+ printf("\nMax throughput: %s/s\n", lbuf);
1536 atomicio(vwrite, STDOUT_FILENO, "\n", 1);
1537 }
1538
1539diff -NupwB openssh-4.9p1/readconf.c openssh-4.9p1-hpn13/readconf.c
1540--- openssh-4.9p1/readconf.c 2008-02-10 06:25:52.000000000 -0500
1541+++ openssh-4.9p1-hpn13/readconf.c 2008-04-01 13:03:59.000000000 -0400
1542@@ -130,6 +130,8 @@ typedef enum {
1543 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
1544 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
1545 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
1546+ oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisabled,
1547+ oHPNBufferSize,
1548 oDeprecated, oUnsupported
1549 } OpCodes;
1550
1551@@ -226,6 +228,12 @@ static struct {
1552 { "tunneldevice", oTunnelDevice },
1553 { "localcommand", oLocalCommand },
1554 { "permitlocalcommand", oPermitLocalCommand },
1555+ { "noneenabled", oNoneEnabled },
1556+ { "tcprcvbufpoll", oTcpRcvBufPoll },
1557+ { "tcprcvbuf", oTcpRcvBuf },
1558+ { "noneswitch", oNoneSwitch },
1559+ { "hpndisabled", oHPNDisabled },
1560+ { "hpnbuffersize", oHPNBufferSize },
1561 { NULL, oBadOption }
1562 };
1563
1564@@ -454,6 +462,37 @@ parse_flag:
1565 intptr = &options->check_host_ip;
1566 goto parse_flag;
1567
1568+ case oNoneEnabled:
1569+ intptr = &options->none_enabled;
1570+ goto parse_flag;
1571+
1572+ /* we check to see if the command comes from the */
1573+ /* command line or not. If it does then enable it */
1574+ /* otherwise fail. NONE should never be a default configuration */
1575+ case oNoneSwitch:
1576+ if(strcmp(filename,"command-line")==0)
1577+ {
1578+ intptr = &options->none_switch;
1579+ goto parse_flag;
1580+ } else {
1581+ error("NoneSwitch is found in %.200s.\nYou may only use this configuration option from the command line", filename);
1582+ error("Continuing...");
1583+ debug("NoneSwitch directive found in %.200s.", filename);
1584+ return 0;
1585+ }
1586+
1587+ case oHPNDisabled:
1588+ intptr = &options->hpn_disabled;
1589+ goto parse_flag;
1590+
1591+ case oHPNBufferSize:
1592+ intptr = &options->hpn_buffer_size;
1593+ goto parse_int;
1594+
1595+ case oTcpRcvBufPoll:
1596+ intptr = &options->tcp_rcv_buf_poll;
1597+ goto parse_flag;
1598+
1599 case oVerifyHostKeyDNS:
1600 intptr = &options->verify_host_key_dns;
1601 goto parse_yesnoask;
1602@@ -632,6 +671,10 @@ parse_int:
1603 intptr = &options->connection_attempts;
1604 goto parse_int;
1605
1606+ case oTcpRcvBuf:
1607+ intptr = &options->tcp_rcv_buf;
1608+ goto parse_int;
1609+
1610 case oCipher:
1611 intptr = &options->cipher;
1612 arg = strdelim(&s);
1613@@ -1065,6 +1108,12 @@ initialize_options(Options * options)
1614 options->tun_remote = -1;
1615 options->local_command = NULL;
1616 options->permit_local_command = -1;
1617+ options->none_switch = -1;
1618+ options->none_enabled = -1;
1619+ options->hpn_disabled = -1;
1620+ options->hpn_buffer_size = -1;
1621+ options->tcp_rcv_buf_poll = -1;
1622+ options->tcp_rcv_buf = -1;
1623 }
1624
1625 /*
1626@@ -1187,6 +1236,29 @@ fill_default_options(Options * options)
1627 options->server_alive_interval = 0;
1628 if (options->server_alive_count_max == -1)
1629 options->server_alive_count_max = 3;
1630+ if (options->none_switch == -1)
1631+ options->none_switch = 0;
1632+ if (options->hpn_disabled == -1)
1633+ options->hpn_disabled = 0;
1634+ if (options->hpn_buffer_size > -1)
1635+ {
1636+ /* if a user tries to set the size to 0 set it to 1KB */
1637+ if (options->hpn_buffer_size == 0)
1638+ options->hpn_buffer_size = 1024;
1639+ /*limit the buffer to 64MB*/
1640+ if (options->hpn_buffer_size > 65536)
1641+ {
1642+ options->hpn_buffer_size = 65536*1024;
1643+ debug("User requested buffer larger than 64MB. Request reverted to 64MB");
1644+ }
1645+ debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
1646+ }
1647+ if (options->tcp_rcv_buf == 0)
1648+ options->tcp_rcv_buf = 1;
1649+ if (options->tcp_rcv_buf > -1)
1650+ options->tcp_rcv_buf *=1024;
1651+ if (options->tcp_rcv_buf_poll == -1)
1652+ options->tcp_rcv_buf_poll = 1;
1653 if (options->control_master == -1)
1654 options->control_master = 0;
1655 if (options->hash_known_hosts == -1)
1656diff -NupwB openssh-4.9p1/readconf.h openssh-4.9p1-hpn13/readconf.h
1657--- openssh-4.9p1/readconf.h 2008-02-10 06:25:52.000000000 -0500
1658+++ openssh-4.9p1-hpn13/readconf.h 2008-04-01 13:18:43.000000000 -0400
1659@@ -56,6 +56,11 @@ typedef struct {
1660 int compression_level; /* Compression level 1 (fast) to 9
1661 * (best). */
1662 int tcp_keep_alive; /* Set SO_KEEPALIVE. */
1663+ int tcp_rcv_buf; /* user switch to set tcp recv buffer */
1664+ int tcp_rcv_buf_poll; /* Option to poll recv buf every window transfer */
1665+ int hpn_disabled; /* Switch to disable HPN buffer management */
1666+ int hpn_buffer_size; /* User definable size for HPN buffer window */
1667+
1668 LogLevel log_level; /* Level for logging. */
1669
1670 int port; /* Port to connect. */
1671@@ -101,6 +106,8 @@ typedef struct {
1672
1673 int enable_ssh_keysign;
1674 int64_t rekey_limit;
1675+ int none_switch; /* Use none cipher */
1676+ int none_enabled; /* Allow none to be used */
1677 int no_host_authentication_for_localhost;
1678 int identities_only;
1679 int server_alive_interval;
1680Common subdirectories: openssh-4.9p1/regress and openssh-4.9p1-hpn13/regress
1681Common subdirectories: openssh-4.9p1/scard and openssh-4.9p1-hpn13/scard
1682diff -NupwB openssh-4.9p1/scp.c openssh-4.9p1-hpn13/scp.c
1683--- openssh-4.9p1/scp.c 2008-03-13 20:59:50.000000000 -0400
1684+++ openssh-4.9p1-hpn13/scp.c 2008-04-01 13:03:59.000000000 -0400
1685@@ -631,7 +631,7 @@ source(int argc, char **argv)
1686 BUF *bp;
1687 off_t i, amt, statbytes;
1688 int fd = -1, haderr, indx;
1689- char *last, *name, buf[2048], encname[MAXPATHLEN];
1690+ char *last, *name, buf[16384], encname[MAXPATHLEN];
1691 int len;
1692
1693 for (indx = 0; indx < argc; ++indx) {
1694@@ -863,7 +863,7 @@ sink(int argc, char **argv)
1695 mode_t mode, omode, mask;
1696 off_t size, statbytes;
1697 int setimes, targisdir, wrerrno = 0;
1698- char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
1699+ char ch, *cp, *np, *targ, *why, *vect[1], buf[16384];
1700 struct timeval tv[2];
1701
1702 #define atime tv[0]
1703diff -NupwB openssh-4.9p1/servconf.c openssh-4.9p1-hpn13/servconf.c
1704--- openssh-4.9p1/servconf.c 2008-02-10 06:48:55.000000000 -0500
1705+++ openssh-4.9p1-hpn13/servconf.c 2008-04-01 13:23:46.000000000 -0400
1706@@ -123,11 +123,20 @@ initialize_server_options(ServerOptions
1707 options->num_permitted_opens = -1;
1708 options->adm_forced_command = NULL;
1709 options->chroot_directory = NULL;
1710+ options->none_enabled = -1;
1711+ options->tcp_rcv_buf_poll = -1;
1712+ options->hpn_disabled = -1;
1713+ options->hpn_buffer_size = -1;
1714 }
1715
1716 void
1717 fill_default_server_options(ServerOptions *options)
1718 {
1719+ /* needed for hpn socket tests */
1720+ int sock;
1721+ int socksize;
1722+ int socksizelen = sizeof(int);
1723+
1724 /* Portable-specific options */
1725 if (options->use_pam == -1)
1726 options->use_pam = 0;
1727@@ -251,6 +260,42 @@ fill_default_server_options(ServerOption
1728 if (options->permit_tun == -1)
1729 options->permit_tun = SSH_TUNMODE_NO;
1730
1731+ if (options->hpn_disabled == -1)
1732+ options->hpn_disabled = 0;
1733+
1734+ if (options->hpn_buffer_size == -1) {
1735+ /* option not explicitly set. Now we have to figure out */
1736+ /* what value to use */
1737+ if (options->hpn_disabled == 1) {
1738+ options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
1739+ } else {
1740+ /* get the current RCV size and set it to that */
1741+ /*create a socket but don't connect it */
1742+ /* we use that the get the rcv socket size */
1743+ sock = socket(AF_INET, SOCK_STREAM, 0);
1744+ getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
1745+ &socksize, &socksizelen);
1746+ close(sock);
1747+ options->hpn_buffer_size = socksize;
1748+ debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
1749+
1750+ }
1751+ } else {
1752+ /* we have to do this incase the user sets both values in a contradictory */
1753+ /* manner. hpn_disabled overrrides hpn_buffer_size*/
1754+ if (options->hpn_disabled <= 0) {
1755+ if (options->hpn_buffer_size == 0)
1756+ options->hpn_buffer_size = 1;
1757+ /* limit the maximum buffer to 64MB */
1758+ if (options->hpn_buffer_size > 64*1024) {
1759+ options->hpn_buffer_size = 64*1024*1024;
1760+ } else {
1761+ options->hpn_buffer_size *= 1024;
1762+ }
1763+ } else
1764+ options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
1765+ }
1766+
1767 /* Turn privilege separation on by default */
1768 if (use_privsep == -1)
1769 use_privsep = 1;
1770@@ -293,7 +338,8 @@ typedef enum {
1771 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
1772 sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
1773 sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
1774- sUsePrivilegeSeparation,
1775+ sUsePrivilegeSeparation, sNoneEnabled, sTcpRcvBufPoll,
1776+ sHPNDisabled, sHPNBufferSize,
1777 sDeprecated, sUnsupported
1778 } ServerOpCodes;
1779
1780@@ -405,6 +451,10 @@ static struct {
1781 { "permitopen", sPermitOpen, SSHCFG_ALL },
1782 { "forcecommand", sForceCommand, SSHCFG_ALL },
1783 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
1784+ { "noneenabled", sNoneEnabled },
1785+ { "hpndisabled", sHPNDisabled },
1786+ { "hpnbuffersize", sHPNBufferSize },
1787+ { "tcprcvbufpoll", sTcpRcvBufPoll },
1788 { NULL, sBadOption, 0 }
1789 };
1790
1791@@ -420,6 +470,7 @@ parse_token(const char *cp, const char *
1792
1793 for (i = 0; keywords[i].name; i++)
1794 if (strcasecmp(cp, keywords[i].name) == 0) {
1795+ debug ("Config token is %s", keywords[i].name);
1796 *flags = keywords[i].flags;
1797 return keywords[i].opcode;
1798 }
1799@@ -831,6 +882,22 @@ parse_flag:
1800 *intptr = value;
1801 break;
1802
1803+ case sNoneEnabled:
1804+ intptr = &options->none_enabled;
1805+ goto parse_flag;
1806+
1807+ case sTcpRcvBufPoll:
1808+ intptr = &options->tcp_rcv_buf_poll;
1809+ goto parse_flag;
1810+
1811+ case sHPNDisabled:
1812+ intptr = &options->hpn_disabled;
1813+ goto parse_flag;
1814+
1815+ case sHPNBufferSize:
1816+ intptr = &options->hpn_buffer_size;
1817+ goto parse_int;
1818+
1819 case sIgnoreUserKnownHosts:
1820 intptr = &options->ignore_user_known_hosts;
1821 goto parse_flag;
1822diff -NupwB openssh-4.9p1/servconf.h openssh-4.9p1-hpn13/servconf.h
1823--- openssh-4.9p1/servconf.h 2008-03-07 02:31:24.000000000 -0500
1824+++ openssh-4.9p1-hpn13/servconf.h 2008-04-01 13:03:59.000000000 -0400
1825@@ -140,6 +140,10 @@ typedef struct {
1826 char *adm_forced_command;
1827
1828 int use_pam; /* Enable auth via PAM */
1829+ int none_enabled; /* enable NONE cipher switch */
1830+ int tcp_rcv_buf_poll; /* poll tcp rcv window in autotuning kernels*/
1831+ int hpn_disabled; /* disable hpn functionality. false by default */
1832+ int hpn_buffer_size; /* set the hpn buffer size - default 3MB */
1833
1834 int permit_tun;
1835
1836diff -NupwB openssh-4.9p1/serverloop.c openssh-4.9p1-hpn13/serverloop.c
1837--- openssh-4.9p1/serverloop.c 2008-03-07 02:33:30.000000000 -0500
1838+++ openssh-4.9p1-hpn13/serverloop.c 2008-04-01 13:03:59.000000000 -0400
1839@@ -92,10 +92,10 @@ static int fdin; /* Descriptor for stdi
1840 static int fdout; /* Descriptor for stdout (for reading);
1841 May be same number as fdin. */
1842 static int fderr; /* Descriptor for stderr. May be -1. */
1843-static long stdin_bytes = 0; /* Number of bytes written to stdin. */
1844-static long stdout_bytes = 0; /* Number of stdout bytes sent to client. */
1845-static long stderr_bytes = 0; /* Number of stderr bytes sent to client. */
1846-static long fdout_bytes = 0; /* Number of stdout bytes read from program. */
1847+static u_long stdin_bytes = 0; /* Number of bytes written to stdin. */
1848+static u_long stdout_bytes = 0; /* Number of stdout bytes sent to client. */
1849+static u_long stderr_bytes = 0; /* Number of stderr bytes sent to client. */
1850+static u_long fdout_bytes = 0; /* Number of stdout bytes read from program. */
1851 static int stdin_eof = 0; /* EOF message received from client. */
1852 static int fdout_eof = 0; /* EOF encountered reading from fdout. */
1853 static int fderr_eof = 0; /* EOF encountered readung from fderr. */
1854@@ -119,6 +119,20 @@ static volatile sig_atomic_t received_si
1855 static void server_init_dispatch(void);
1856
1857 /*
1858+ * Returns current time in seconds from Jan 1, 1970 with the maximum
1859+ * available resolution.
1860+ */
1861+
1862+static double
1863+get_current_time(void)
1864+{
1865+ struct timeval tv;
1866+ gettimeofday(&tv, NULL);
1867+ return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0;
1868+}
1869+
1870+
1871+/*
1872 * we write to this pipe if a SIGCHLD is caught in order to avoid
1873 * the race between select() and child_terminated
1874 */
1875@@ -407,6 +421,7 @@ process_input(fd_set *readset)
1876 } else {
1877 /* Buffer any received data. */
1878 packet_process_incoming(buf, len);
1879+ fdout_bytes += len;
1880 }
1881 }
1882 if (compat20)
1883@@ -429,6 +444,7 @@ process_input(fd_set *readset)
1884 } else {
1885 buffer_append(&stdout_buffer, buf, len);
1886 fdout_bytes += len;
1887+ debug ("FD out now: %ld", fdout_bytes);
1888 }
1889 }
1890 /* Read and buffer any available stderr data from the program. */
1891@@ -495,7 +511,7 @@ process_output(fd_set *writeset)
1892 }
1893 /* Send any buffered packet data to the client. */
1894 if (FD_ISSET(connection_out, writeset))
1895- packet_write_poll();
1896+ stdin_bytes += packet_write_poll();
1897 }
1898
1899 /*
1900@@ -812,8 +828,10 @@ server_loop2(Authctxt *authctxt)
1901 {
1902 fd_set *readset = NULL, *writeset = NULL;
1903 int rekeying = 0, max_fd, nalloc = 0;
1904+ double start_time, total_time;
1905
1906 debug("Entering interactive session for SSH2.");
1907+ start_time = get_current_time();
1908
1909 mysignal(SIGCHLD, sigchld_handler);
1910 child_terminated = 0;
1911@@ -875,6 +893,11 @@ server_loop2(Authctxt *authctxt)
1912
1913 /* free remaining sessions, e.g. remove wtmp entries */
1914 session_destroy_all(NULL);
1915+ total_time = get_current_time() - start_time;
1916+ logit("SSH: Server;LType: Throughput;Remote: %s-%d;IN: %lu;OUT: %lu;Duration: %.1f;tPut_in: %.1f;tPut_out: %.1f",
1917+ get_remote_ipaddr(), get_remote_port(),
1918+ stdin_bytes, fdout_bytes, total_time, stdin_bytes / total_time,
1919+ fdout_bytes / total_time);
1920 }
1921
1922 static void
1923@@ -956,9 +979,14 @@ server_request_direct_tcpip(void)
1924 xfree(originator);
1925 if (sock < 0)
1926 return NULL;
1927+ if (options.hpn_disabled)
1928 c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING,
1929 sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT,
1930 CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1);
1931+ else
1932+ c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING,
1933+ sock, sock, -1, options.hpn_buffer_size,
1934+ CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1);
1935 return c;
1936 }
1937
1938@@ -993,8 +1021,12 @@ server_request_tun(void)
1939 sock = tun_open(tun, mode);
1940 if (sock < 0)
1941 goto done;
1942+ if (options.hpn_disabled)
1943 c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
1944 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
1945+ else
1946+ c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
1947+ options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
1948 c->datagram = 1;
1949 #if defined(SSH_TUN_FILTER)
1950 if (mode == SSH_TUNMODE_POINTOPOINT)
1951@@ -1024,6 +1056,8 @@ server_request_session(void)
1952 c = channel_new("session", SSH_CHANNEL_LARVAL,
1953 -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
1954 0, "server-session", 1);
1955+ if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled))
1956+ c->dynamic_window = 1;
1957 if (session_open(the_authctxt, c->self) != 1) {
1958 debug("session open failed, free channel %d", c->self);
1959 channel_free(c);
1960@@ -1120,7 +1154,8 @@ server_input_global_request(int type, u_
1961 } else {
1962 /* Start listening on the port */
1963 success = channel_setup_remote_fwd_listener(
1964- listen_address, listen_port, options.gateway_ports);
1965+ listen_address, listen_port, options.gateway_ports,
1966+ options.hpn_disabled, options.hpn_buffer_size);
1967 }
1968 xfree(listen_address);
1969 } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
1970diff -NupwB openssh-4.9p1/session.c openssh-4.9p1-hpn13/session.c
1971--- openssh-4.9p1/session.c 2008-03-26 20:03:05.000000000 -0400
1972+++ openssh-4.9p1-hpn13/session.c 2008-04-01 13:03:59.000000000 -0400
1973@@ -217,6 +217,7 @@ auth_input_request_forwarding(struct pas
1974 packet_disconnect("listen: %.100s", strerror(errno));
1975
1976 /* Allocate a channel for the authentication agent socket. */
1977+ /* this shouldn't matter if its hpn or not - cjr */
1978 nc = channel_new("auth socket",
1979 SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
1980 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
1981@@ -354,7 +355,8 @@ do_authenticated1(Authctxt *authctxt)
1982 }
1983 debug("Received TCP/IP port forwarding request.");
1984 if (channel_input_port_forward_request(s->pw->pw_uid == 0,
1985- options.gateway_ports) < 0) {
1986+ options.gateway_ports, options.hpn_disabled,
1987+ options.hpn_buffer_size) < 0) {
1988 debug("Port forwarding failed.");
1989 break;
1990 }
1991@@ -2147,11 +2149,18 @@ session_set_fds(Session *s, int fdin, in
1992 */
1993 if (s->chanid == -1)
1994 fatal("no channel for session %d", s->self);
1995+ if(options.hpn_disabled)
1996 channel_set_fds(s->chanid,
1997 fdout, fdin, fderr,
1998 fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
1999 1,
2000 CHAN_SES_WINDOW_DEFAULT);
2001+ else
2002+ channel_set_fds(s->chanid,
2003+ fdout, fdin, fderr,
2004+ fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
2005+ 1,
2006+ options.hpn_buffer_size);
2007 }
2008
2009 /*
2010@@ -2496,7 +2505,8 @@ session_setup_x11fwd(Session *s)
2011 }
2012 if (x11_create_display_inet(options.x11_display_offset,
2013 options.x11_use_localhost, s->single_connection,
2014- &s->display_number, &s->x11_chanids) == -1) {
2015+ &s->display_number, &s->x11_chanids,
2016+ options.hpn_disabled, options.hpn_buffer_size) == -1) {
2017 debug("x11_create_display_inet failed.");
2018 return 0;
2019 }
2020diff -NupwB openssh-4.9p1/ssh.c openssh-4.9p1-hpn13/ssh.c
2021--- openssh-4.9p1/ssh.c 2008-02-28 03:13:52.000000000 -0500
2022+++ openssh-4.9p1-hpn13/ssh.c 2008-04-01 13:03:59.000000000 -0400
2023@@ -503,9 +503,6 @@ main(int ac, char **av)
2024 no_shell_flag = 1;
2025 no_tty_flag = 1;
2026 break;
2027- case 'T':
2028- no_tty_flag = 1;
2029- break;
2030 case 'o':
2031 dummy = 1;
2032 line = xstrdup(optarg);
2033@@ -514,6 +511,13 @@ main(int ac, char **av)
2034 exit(255);
2035 xfree(line);
2036 break;
2037+ case 'T':
2038+ no_tty_flag = 1;
2039+ /* ensure that the user doesn't try to backdoor a */
2040+ /* null cipher switch on an interactive session */
2041+ /* so explicitly disable it no matter what */
2042+ options.none_switch=0;
2043+ break;
2044 case 's':
2045 subsystem_flag = 1;
2046 break;
2047@@ -842,7 +846,8 @@ ssh_init_forwarding(void)
2048 options.local_forwards[i].listen_port,
2049 options.local_forwards[i].connect_host,
2050 options.local_forwards[i].connect_port,
2051- options.gateway_ports);
2052+ options.gateway_ports, options.hpn_disabled,
2053+ options.hpn_buffer_size);
2054 }
2055 if (i > 0 && success != i && options.exit_on_forward_failure)
2056 fatal("Could not request local forwarding.");
2057@@ -1160,6 +1165,9 @@ ssh_session2_open(void)
2058 {
2059 Channel *c;
2060 int window, packetmax, in, out, err;
2061+ int sock;
2062+ int socksize;
2063+ int socksizelen = sizeof(int);
2064
2065 if (stdin_null_flag) {
2066 in = open(_PATH_DEVNULL, O_RDONLY);
2067@@ -1180,9 +1188,70 @@ ssh_session2_open(void)
2068 if (!isatty(err))
2069 set_nonblock(err);
2070
2071- window = CHAN_SES_WINDOW_DEFAULT;
2072+ /* we need to check to see if what they want to do about buffer */
2073+ /* sizes here. In a hpn to nonhpn connection we want to limit */
2074+ /* the window size to something reasonable in case the far side */
2075+ /* has the large window bug. In hpn to hpn connection we want to */
2076+ /* use the max window size but allow the user to override it */
2077+ /* lastly if they disabled hpn then use the ssh std window size */
2078+
2079+ /* so why don't we just do a getsockopt() here and set the */
2080+ /* ssh window to that? In the case of a autotuning receive */
2081+ /* window the window would get stuck at the initial buffer */
2082+ /* size generally less than 96k. Therefore we need to set the */
2083+ /* maximum ssh window size to the maximum hpn buffer size */
2084+ /* unless the user has specifically set the tcprcvbufpoll */
2085+ /* to no. In which case we *can* just set the window to the */
2086+ /* minimum of the hpn buffer size and tcp receive buffer size */
2087+
2088+ if(options.hpn_disabled)
2089+ {
2090+ options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
2091+ }
2092+ else if (datafellows & SSH_BUG_LARGEWINDOW)
2093+ {
2094+ debug("HPN to Non-HPN Connection");
2095+ if (options.hpn_buffer_size < 0)
2096+ options.hpn_buffer_size = 2*1024*1024;
2097+ }
2098+ else
2099+ {
2100+ if (options.hpn_buffer_size < 0)
2101+ options.hpn_buffer_size = BUFFER_MAX_LEN_HPN;
2102+
2103+ /*create a socket but don't connect it */
2104+ /* we use that the get the rcv socket size */
2105+ sock = socket(AF_INET, SOCK_STREAM, 0);
2106+ /* if they are using the tcp_rcv_buf option */
2107+ /* attempt to set the buffer size to that */
2108+ if (options.tcp_rcv_buf)
2109+ setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&options.tcp_rcv_buf,
2110+ sizeof(options.tcp_rcv_buf));
2111+ getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
2112+ &socksize, &socksizelen);
2113+ close(sock);
2114+ debug("socksize %d", socksize);
2115+ if (options.tcp_rcv_buf_poll <= 0)
2116+ {
2117+ options.hpn_buffer_size = MIN(socksize,options.hpn_buffer_size);
2118+ debug ("MIN of TCP RWIN and HPNBufferSize: %d", options.hpn_buffer_size);
2119+ }
2120+ else
2121+ {
2122+ if (options.tcp_rcv_buf > 0)
2123+ options.hpn_buffer_size = MIN(options.tcp_rcv_buf, options.hpn_buffer_size);
2124+ debug ("MIN of TCPRcvBuf and HPNBufferSize: %d", options.hpn_buffer_size);
2125+ }
2126+
2127+ }
2128+
2129+ debug("Final hpn_buffer_size = %d", options.hpn_buffer_size);
2130+
2131+ window = options.hpn_buffer_size;
2132+
2133 packetmax = CHAN_SES_PACKET_DEFAULT;
2134 if (tty_flag) {
2135+ window = 4*CHAN_SES_PACKET_DEFAULT;
2136 window >>= 1;
2137 packetmax >>= 1;
2138 }
2139@@ -1190,7 +1259,10 @@ ssh_session2_open(void)
2140 "session", SSH_CHANNEL_OPENING, in, out, err,
2141 window, packetmax, CHAN_EXTENDED_WRITE,
2142 "client-session", /*nonblock*/0);
2143-
2144+ if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled)) {
2145+ c->dynamic_window = 1;
2146+ debug ("Enabled Dynamic Window Scaling\n");
2147+ }
2148 debug3("ssh_session2_open: channel_new: %d", c->self);
2149
2150 channel_send_open(c->self);
2151diff -NupwB openssh-4.9p1/sshconnect2.c openssh-4.9p1-hpn13/sshconnect2.c
2152--- openssh-4.9p1/sshconnect2.c 2008-02-10 06:25:53.000000000 -0500
2153+++ openssh-4.9p1-hpn13/sshconnect2.c 2008-04-01 13:03:59.000000000 -0400
2154@@ -73,6 +73,12 @@
2155 extern char *client_version_string;
2156 extern char *server_version_string;
2157 extern Options options;
2158+extern Kex *xxx_kex;
2159+
2160+/* tty_flag is set in ssh.c. use this in ssh_userauth2 */
2161+/* if it is set then prevent the switch to the null cipher */
2162+
2163+extern int tty_flag;
2164
2165 /*
2166 * SSH2 key exchange
2167@@ -326,6 +332,28 @@ ssh_userauth2(const char *local_user, co
2168 pubkey_cleanup(&authctxt);
2169 dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
2170
2171+ /* if the user wants to use the none cipher do it */
2172+ /* post authentication and only if the right conditions are met */
2173+ /* both of the NONE commands must be true and there must be no */
2174+ /* tty allocated */
2175+ if ((options.none_switch == 1) && (options.none_enabled == 1))
2176+ {
2177+ if (!tty_flag) /* no null on tty sessions */
2178+ {
2179+ debug("Requesting none rekeying...");
2180+ myproposal[PROPOSAL_ENC_ALGS_STOC] = "none";
2181+ myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none";
2182+ kex_prop2buf(&xxx_kex->my,myproposal);
2183+ packet_request_rekeying();
2184+ fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n");
2185+ }
2186+ else
2187+ {
2188+ /* requested NONE cipher when in a tty */
2189+ debug("Cannot switch to NONE cipher with tty allocated");
2190+ fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n");
2191+ }
2192+ }
2193 debug("Authentication succeeded (%s).", authctxt.method->name);
2194 }
2195
2196diff -NupwB openssh-4.9p1/sshconnect.c openssh-4.9p1-hpn13/sshconnect.c
2197--- openssh-4.9p1/sshconnect.c 2007-12-28 10:43:51.000000000 -0500
2198+++ openssh-4.9p1-hpn13/sshconnect.c 2008-04-01 13:03:59.000000000 -0400
2199@@ -184,6 +184,31 @@ ssh_proxy_connect(const char *host, u_sh
2200 }
2201
2202 /*
2203+ * Set TCP receive buffer if requested.
2204+ * Note: tuning needs to happen after the socket is
2205+ * created but before the connection happens
2206+ * so winscale is negotiated properly -cjr
2207+ */
2208+static void
2209+ssh_set_socket_recvbuf(int sock)
2210+{
2211+ void *buf = (void *)&options.tcp_rcv_buf;
2212+ int sz = sizeof(options.tcp_rcv_buf);
2213+ int socksize;
2214+ int socksizelen = sizeof(int);
2215+
2216+ debug("setsockopt Attempting to set SO_RCVBUF to %d", options.tcp_rcv_buf);
2217+ if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, buf, sz) >= 0) {
2218+ getsockopt(sock, SOL_SOCKET, SO_RCVBUF, &socksize, &socksizelen);
2219+ debug("setsockopt SO_RCVBUF: %.100s %d", strerror(errno), socksize);
2220+ }
2221+ else
2222+ error("Couldn't set socket receive buffer to %d: %.100s",
2223+ options.tcp_rcv_buf, strerror(errno));
2224+}
2225+
2226+
2227+/*
2228 * Creates a (possibly privileged) socket for use as the ssh connection.
2229 */
2230 static int
2231@@ -206,12 +231,18 @@ ssh_create_socket(int privileged, struct
2232 strerror(errno));
2233 else
2234 debug("Allocated local port %d.", p);
2235+
2236+ if (options.tcp_rcv_buf > 0)
2237+ ssh_set_socket_recvbuf(sock);
2238 return sock;
2239 }
2240 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2241 if (sock < 0)
2242 error("socket: %.100s", strerror(errno));
2243
2244+ if (options.tcp_rcv_buf > 0)
2245+ ssh_set_socket_recvbuf(sock);
2246+
2247 /* Bind the socket to an alternative local IP address */
2248 if (options.bind_address == NULL)
2249 return sock;
2250@@ -553,7 +584,7 @@ ssh_exchange_identification(int timeout_
2251 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n",
2252 compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
2253 compat20 ? PROTOCOL_MINOR_2 : minor1,
2254- SSH_VERSION);
2255+ SSH_RELEASE);
2256 if (atomicio(vwrite, connection_out, buf, strlen(buf)) != strlen(buf))
2257 fatal("write: %.100s", strerror(errno));
2258 client_version_string = xstrdup(buf);
2259diff -NupwB openssh-4.9p1/sshd.c openssh-4.9p1-hpn13/sshd.c
2260--- openssh-4.9p1/sshd.c 2008-03-11 07:58:25.000000000 -0400
2261+++ openssh-4.9p1-hpn13/sshd.c 2008-04-01 13:03:59.000000000 -0400
2262@@ -136,6 +136,9 @@ int deny_severity;
2263 #define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3)
2264 #define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4)
2265
2266+int myflag = 0;
2267+
2268+
2269 extern char *__progname;
2270
2271 /* Server configuration options. */
2272@@ -421,7 +424,7 @@ sshd_exchange_identification(int sock_in
2273 major = PROTOCOL_MAJOR_1;
2274 minor = PROTOCOL_MINOR_1;
2275 }
2276- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);
2277+ snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_RELEASE);
2278 server_version_string = xstrdup(buf);
2279
2280 /* Send our protocol version identification. */
2281@@ -472,6 +475,9 @@ sshd_exchange_identification(int sock_in
2282 }
2283 debug("Client protocol version %d.%d; client software version %.100s",
2284 remote_major, remote_minor, remote_version);
2285+ logit("SSH: Server;Ltype: Version;Remote: %s-%d;Protocol: %d.%d;Client: %.100s",
2286+ get_remote_ipaddr(), get_remote_port(),
2287+ remote_major, remote_minor, remote_version);
2288
2289 compat_datafellows(remote_version);
2290
2291@@ -953,6 +959,8 @@ server_listen(void)
2292 int ret, listen_sock, on = 1;
2293 struct addrinfo *ai;
2294 char ntop[NI_MAXHOST], strport[NI_MAXSERV];
2295+ int socksize;
2296+ int socksizelen = sizeof(int);
2297
2298 for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
2299 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2300@@ -999,6 +1007,11 @@ server_listen(void)
2301
2302 debug("Bind to port %s on %s.", strport, ntop);
2303
2304+ getsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF,
2305+ &socksize, &socksizelen);
2306+ debug("Server TCP RWIN socket size: %d", socksize);
2307+ debug("HPN Buffer Size: %d", options.hpn_buffer_size);
2308+
2309 /* Bind the socket to the desired port. */
2310 if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2311 error("Bind to port %s on %s failed: %.200s.",
2312@@ -2130,9 +2143,15 @@ do_ssh2_kex(void)
2313 {
2314 Kex *kex;
2315
2316+ myflag++;
2317+ debug ("MYFLAG IS %d", myflag);
2318 if (options.ciphers != NULL) {
2319 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
2320 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
2321+ } else if (options.none_enabled == 1) {
2322+ debug ("WARNING: None cipher enabled");
2323+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
2324+ myproposal[PROPOSAL_ENC_ALGS_STOC] = KEX_ENCRYPT_INCLUDE_NONE;
2325 }
2326 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
2327 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
2328diff -NupwB openssh-4.9p1/sshd_config openssh-4.9p1-hpn13/sshd_config
2329--- openssh-4.9p1/sshd_config 2008-02-10 06:40:12.000000000 -0500
2330+++ openssh-4.9p1-hpn13/sshd_config 2008-04-01 13:03:59.000000000 -0400
2331@@ -110,6 +110,20 @@ Protocol 2
2332 # override default of no subsystems
2333 Subsystem sftp /usr/libexec/sftp-server
2334
2335+# the following are HPN related configuration options
2336+# tcp receive buffer polling. disable in non autotuning kernels
2337+#TcpRcvBufPoll yes
2338+
2339+# allow the use of the none cipher
2340+#NoneEnabled no
2341+
2342+# disable hpn performance boosts.
2343+#HPNDisabled no
2344+
2345+# buffer size for hpn to non-hpn connections
2346+#HPNBufferSize 2048
2347+
2348+
2349 # Example of overriding settings on a per-user basis
2350 #Match User anoncvs
2351 # X11Forwarding no
2352diff -NupwB openssh-4.9p1/version.h openssh-4.9p1-hpn13/version.h
2353--- openssh-4.9p1/version.h 2008-03-26 20:18:13.000000000 -0400
2354+++ openssh-4.9p1-hpn13/version.h 2008-04-01 13:03:59.000000000 -0400
2355@@ -3,4 +3,5 @@
2356 #define SSH_VERSION "OpenSSH_4.9"
2357
2358 #define SSH_PORTABLE "p1"
2359-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
2360+#define SSH_HPN "-hpn13v1"
2361+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
OpenSSH free Secure Shell (SSH) implementation
This page took 3.815162 seconds and 4 git commands to generate.