void
fill_default_server_options(ServerOptions *options)
{
+ int sock;
+ int socksize;
+ int socksizelen = sizeof(int);
/* Portable-specific options */
if (options->use_pam == -1)
if (options->gss_cleanup_creds == -1)
options->gss_cleanup_creds = 1;
if (options->gss_strict_acceptor == -1)
- options->gss_strict_acceptor = 0;
+ options->gss_strict_acceptor = 1;
if (options->gsi_allow_limited_proxy == -1)
options->gsi_allow_limited_proxy = 0;
if (options->password_authentication == -1)
if (options->hpn_disabled == -1)
options->hpn_disabled = 0;
- if (options->hpn_buffer_size == -1)
- options->hpn_buffer_size = 2*1024*1024;
- else {
- if (options->hpn_buffer_size == 0)
- options->hpn_buffer_size = 1;
- /* limit the maximum buffer to 7MB */
- if (options->hpn_buffer_size > 7168)
- options->hpn_buffer_size = 7168;
- options->hpn_buffer_size *=1024;
+ if (options->hpn_buffer_size == -1)
+ {
+ /* option not explicitly set. Now we have to figure out */
+ /* what value to use */
+ if (options->hpn_disabled == 1)
+ {
+ options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
+ }
+ else
+ {
+ /* get the current RCV size and set it to that */
+ /*create a socket but don't connect it */
+ /* we use that the get the rcv socket size */
+ sock = socket(AF_INET, SOCK_STREAM, 0);
+ getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
+ &socksize, &socksizelen);
+ close(sock);
+ options->hpn_buffer_size = socksize;
+ debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
+
+ }
+ }
+ else
+ {
+ /* we have to do this incase the user sets both values in a contradictory */
+ /* manner. hpn_disabled overrrides hpn_buffer_size*/
+ if (options->hpn_disabled <= 0)
+ {
+ if (options->hpn_buffer_size == 0)
+ options->hpn_buffer_size = 1;
+ /* limit the maximum buffer to 64MB */
+ if (options->hpn_buffer_size > 64*1024)
+ options->hpn_buffer_size = 64*1024;
+ options->hpn_buffer_size *=1024;
+ }
+ else
+ options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
}
/* Turn privilege separation on by default */
sGsiAllowLimitedProxy,
sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand,
- sUsePrivilegeSeparation,
- sNoneEnabled, sTcpRcvBufPoll,
- sHPNDisabled, sHPNBufferSize,
+ sUsePrivilegeSeparation, sNoneEnabled, sTcpRcvBufPoll,
+ sHPNDisabled, sHPNBufferSize,
sDeprecated, sUnsupported
} ServerOpCodes;
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_GLOBAL },
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
- { "gssapicredentialspath", sGssCredsPath, SSHCFG_GLOBAL },
{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
+ { "gssapicredentialspath", sGssCredsPath, SSHCFG_GLOBAL },
{ "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
#ifdef GSI
{ "gsiallowlimitedproxy", sGsiAllowLimitedProxy, SSHCFG_GLOBAL },
#else
{ "gssapiauthentication", sUnsupported, SSHCFG_GLOBAL },
{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
- { "gssapicredentialspath", sUnsupported, SSHCFG_GLOBAL },
{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
+ { "gssapicredentialspath", sUnsupported, SSHCFG_GLOBAL },
{ "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
#ifdef GSI
{ "gsiallowlimitedproxy", sUnsupported, SSHCFG_GLOBAL },
{ "match", sMatch, SSHCFG_ALL },
{ "permitopen", sPermitOpen, SSHCFG_ALL },
{ "forcecommand", sForceCommand, SSHCFG_ALL },
- { "noneenabled", sNoneEnabled },
+ { "noneenabled", sNoneEnabled },
{ "hpndisabled", sHPNDisabled },
{ "hpnbuffersize", sHPNBufferSize },
{ "tcprcvbufpoll", sTcpRcvBufPoll },
for (i = 0; keywords[i].name; i++)
if (strcasecmp(cp, keywords[i].name) == 0) {
+ debug ("Config token is %s", keywords[i].name);
*flags = keywords[i].flags;
return keywords[i].opcode;
}
intptr = &options->gss_cleanup_creds;
goto parse_flag;
- case sGssCredsPath:
- charptr = &options->gss_creds_path;
- goto parse_filename;
-
case sGssStrictAcceptor:
intptr = &options->gss_strict_acceptor;
goto parse_flag;
+ case sGssCredsPath:
+ charptr = &options->gss_creds_path;
+ goto parse_filename;
+
case sGsiAllowLimitedProxy:
intptr = &options->gsi_allow_limited_proxy;
goto parse_flag;
{
if (options.hpn_buffer_size < 0)
options.hpn_buffer_size = BUFFER_MAX_LEN_HPN;
+
+ /*create a socket but don't connect it */
+ /* we use that the get the rcv socket size */
+ sock = socket(AF_INET, SOCK_STREAM, 0);
+ /* if they are using the tcp_rcv_buf option */
+ /* attempt to set the buffer size to that */
+ if (options.tcp_rcv_buf)
+ setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&options.tcp_rcv_buf,
+ sizeof(options.tcp_rcv_buf));
+ getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
+ &socksize, &socksizelen);
+ close(sock);
+ debug("socksize %d", socksize);
if (options.tcp_rcv_buf_poll <= 0)
{
- /*create a socket but don't connect it */
- /* we use that the get the rcv socket size */
- sock = socket(AF_INET, SOCK_STREAM, 0);
- /* if they are using the tcp_rcv_buf option */
- /* attempt to set the buffer size to that */
- if (options.tcp_rcv_buf)
- setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&options.tcp_rcv_buf,
- sizeof(options.tcp_rcv_buf));
- getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
- &socksize, &socksizelen);
- close(sock);
- debug("socksize %d", socksize);
- options.hpn_buffer_size = MIN(socksize,options.hpn_buffer_size);
+ options.hpn_buffer_size = MIN(socksize,options.hpn_buffer_size);
+ debug ("MIN of TCP RWIN and HPNBufferSize: %d", options.hpn_buffer_size);
}
else
{
if (options.tcp_rcv_buf > 0)
options.hpn_buffer_size = MIN(options.tcp_rcv_buf, options.hpn_buffer_size);
+ debug ("MIN of TCPRcvBuf and HPNBufferSize: %d", options.hpn_buffer_size);
}
}
int ret, listen_sock, on = 1;
struct addrinfo *ai;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
+ int socksize;
+ int socksizelen = sizeof(int);
for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
error("setsockopt SO_REUSEADDR: %s", strerror(errno));
debug("Bind to port %s on %s.", strport, ntop);
+
+ getsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF,
+ &socksize, &socksizelen);
+ debug("Server TCP RWIN socket size: %d", socksize);
+ debug("HPN Buffer Size: %d", options.hpn_buffer_size);
/* Bind the socket to the desired port. */
if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
- /* start key exchange */
-
#ifdef GSSAPI
{
char *orig;
orig = myproposal[PROPOSAL_KEX_ALGS];
/*
- * If we don't have a host key, then there's no point advertising
- * the other key exchange algorithms
+ * If we don't have a host key, then there's no point advertising
+ * the other key exchange algorithms
*/
if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
}
#endif
- /* start key exchange */
+ /* start key exchange */
/* start key exchange */
kex = kex_setup(myproposal);
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;