If an HPN to HPN connection is established a number of different things might
happen based on the user options and conditions.
+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
+HPN Buffer Size = up to 64MB
+This is the default state. The HPN buffer size will grow to a maximum of 64MB
+as the TCP receive buffer grows. The maximum HPN Buffer size of 64MB is
+geared towards 10GigE transcontinental connections.
+
Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
HPN Buffer Size = TCP receive buffer value.
-This is the default unmodified behaviour. Users on autotuning systesm should
-enabled TCPRcvBufPoll in the ssh_cofig and sshd_config
+Users on non-autotuning systesm should disable TCPRcvBufPoll in the
+ssh_cofig and sshd_config
Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
HPN Buffer Size = minmum of TCP receive buffer and HPNBufferSize.
HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
Generally there is no need to set both.
-Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set HPN
-Buffer Size = Maximum HPN Buffer Size (64MB).
-The maximum HPN Buffer size of 64MB is geared towards 10GigE transcontinental
-connections. Users with less extravagant networks should reduce this via the
-configuration files to a more reasonable size.
-
Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
-HPN Buffer Size = HPNBufferSize
+HPN Buffer Size = grows to HPNBufferSize
The buffer will grow up to the maximum size specified here.
Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf SET
enable of disable the polling of the tcp receive buffer through the life
of the connection. You would want to make sure that this option is enabled
for systems making use of autotuning kernels (linux 2.4.24+, 2.6, MS Vista)
-default is no.
+default is yes.
NoneEnabled=[yes/no] client/server
enable or disable the use of the None cipher. Care must always be used
#define BUFFER_MAX_CHUNK 0x100000
#define BUFFER_MAX_LEN 0xa00000
-/* try increasing to 256k in hpnxfers */
-#define BUFFER_ALLOCSZ 0x008000 /* 32k */
-#define BUFFER_ALLOCSZ_HPN 0x040000 /* 256k */
+#define BUFFER_ALLOCSZ 0x008000
/* Initializes the buffer structure. */
buffer_append_space(Buffer *buffer, u_int len)
{
u_int newlen;
- u_int buf_max;
- u_int buf_alloc_sz;
void *p;
if (len > BUFFER_MAX_CHUNK)
if (buffer_compact(buffer))
goto restart;
- /* if hpn is disabled use the smaller buffer size */
- buf_max = BUFFER_MAX_LEN_HPN;
- buf_alloc_sz = BUFFER_ALLOCSZ_HPN;
-
/* Increase the size of the buffer and retry. */
- newlen = roundup(buffer->alloc + len, buf_alloc_sz);
-
-
- if (newlen > buf_max)
+ newlen = roundup(buffer->alloc + len, BUFFER_ALLOCSZ);
+ if (newlen > BUFFER_MAX_LEN_HPN)
fatal("buffer_append_space: alloc %u not supported",
newlen);
buffer->buf = xrealloc(buffer->buf, 1, newlen);
int
buffer_check_alloc(Buffer *buffer, u_int len)
{
- u_int buf_max;
- u_int buf_alloc_sz;
-
if (buffer->offset == buffer->end) {
buffer->offset = 0;
buffer->end = 0;
return (1);
if (buffer_compact(buffer))
goto restart;
-
- /* if hpn is disabled use the smaller buffer size */
- buf_max = BUFFER_MAX_LEN_HPN;
- buf_alloc_sz = BUFFER_ALLOCSZ_HPN;
-
- if (roundup(buffer->alloc + len, buf_alloc_sz) <= buf_max)
+ if (roundup(buffer->alloc + len, BUFFER_ALLOCSZ) <= BUFFER_MAX_LEN)
return (1);
return (0);
}
#ifndef BUFFER_H
#define BUFFER_H
-#define BUFFER_MAX_LEN_HPN 0x4000000 /* 64MB */
+
+/* move the following to a more appropriate place and name */
+#define BUFFER_MAX_LEN_HPN 0x4000000 /* 64MB */
typedef struct {
u_char *buf; /* Buffer for data. */
u_int32_t tcpwinsz = 0;
socklen_t optsz = sizeof(tcpwinsz);
int ret = -1;
+
+ /* if we aren't on a socket return 128KB*/
if(!packet_connection_is_on_socket())
- return(131072);
+ return(128*1024);
ret = getsockopt(packet_get_connection_in(),
SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
+ /* return no more than 64MB */
if ((ret == 0) && tcpwinsz > BUFFER_MAX_LEN_HPN)
tcpwinsz = BUFFER_MAX_LEN_HPN;
debug2("tcpwinsz: %d for connection: %d", tcpwinsz,
u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
/* check buffer limits */
- if (!c->tcpwinsz)
+ if ((!c->tcpwinsz) || (c->dynamic_window > 0))
c->tcpwinsz = channel_tcpwinsz();
- if (c->dynamic_window > 0)
- c->tcpwinsz = channel_tcpwinsz();
limit = MIN(limit, 2 * c->tcpwinsz);
u_int addition = 0;
/* adjust max window size if we are in a dynamic environment */
if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) {
- addition = c->tcpwinsz - c->local_window_max;
+ /* grow the window somewhat aggressively to maintain pressure */
+ addition = 1.5*(c->tcpwinsz - c->local_window_max);
c->local_window_max += addition;
}
packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
/* Allocate a channel number for the socket. */
/* explicitly test for hpn disabled option. if true use smaller window size */
if (hpn_disabled)
- c = channel_new("port listener", type, sock, sock, -1,
- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
- 0, "port listener", 1);
+ c = channel_new("port listener", type, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
+ 0, "port listener", 1);
else
c = channel_new("port listener", type, sock, sock, -1,
hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
for (n = 0; n < num_socks; n++) {
sock = socks[n];
+ /* Is this really necassary? */
if (hpn_disabled)
- nc = channel_new("x11 listener",
- SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
- CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
- 0, "X11 inet listener", 1);
+ nc = channel_new("x11 listener",
+ SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
+ CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
+ 0, "X11 inet listener", 1);
else
nc = channel_new("x11 listener",
SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
u_int i, len, env_len, command, flags;
uid_t euid;
gid_t egid;
- int listen_port = 0;
- int connect_port = 0;
- char * listen_host = NULL;
- char * connect_host = NULL;
/*
* Accept connection on control socket
command = buffer_get_int(&m);
flags = buffer_get_int(&m);
- if (SSHMUX_FLAG_PORTFORWARD & flags)
- {
- listen_host = buffer_get_string(&m,NULL);
- listen_port = buffer_get_int(&m);
- connect_host = buffer_get_string(&m,NULL);
- connect_port = buffer_get_int(&m);
- }
buffer_clear(&m);
switch (command) {
return;
}
- if (allowed && (SSHMUX_FLAG_PORTFORWARD & flags) && listen_host && connect_host)
- {
- int ret;
- Forward * fwd;
-
- fwd = &options.local_forwards[options.num_local_forwards++];
- fwd->listen_host = xstrdup(listen_host);
- fwd->listen_port = listen_port;
- fwd->connect_host = xstrdup(connect_host);
- fwd->connect_port = connect_port;
- ret = channel_setup_local_fwd_listener(
- options.local_forwards[options.num_local_forwards-1].listen_host,
- options.local_forwards[options.num_local_forwards-1].listen_port,
- options.local_forwards[options.num_local_forwards-1].connect_host,
- options.local_forwards[options.num_local_forwards-1].connect_port,
- options.gateway_ports, options.hpn_disabled, options.hpn_buffer_size);
-
- }
-
-
- if (listen_host)
- xfree(listen_host);
- if (connect_host)
- xfree(connect_host);
-
/* Reply for SSHMUX_COMMAND_OPEN */
buffer_clear(&m);
buffer_put_int(&m, allowed);
set_nonblock(client_fd);
if (options.hpn_disabled)
- window = options.hpn_buffer_size;
- else
window = CHAN_SES_WINDOW_DEFAULT;
+ else
+ window = options.hpn_buffer_size;
+
packetmax = CHAN_SES_PACKET_DEFAULT;
if (cctx->want_tty) {
window >>= 1;
return NULL;
}
if (options.hpn_disabled)
- c = channel_new("forwarded-tcpip",
- SSH_CHANNEL_CONNECTING, sock, sock, -1,
- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
- originator_address, 1);
+ c = channel_new("forwarded-tcpip",
+ SSH_CHANNEL_CONNECTING, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
+ originator_address, 1);
else
c = channel_new("forwarded-tcpip",
SSH_CHANNEL_CONNECTING, sock, sock, -1,
sock = x11_connect_display();
if (sock < 0)
return NULL;
+ /* again is this really necessary for X11? */
if (options.hpn_disabled)
- c = channel_new("x11",
- SSH_CHANNEL_X11_OPEN, sock, sock, -1,
- CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
+ c = channel_new("x11",
+ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
else
c = channel_new("x11",
SSH_CHANNEL_X11_OPEN, sock, sock, -1,
sock = ssh_get_authentication_socket();
if (sock < 0)
return NULL;
+ /* not sure this is really needed here either */
if (options.hpn_disabled)
- c = channel_new("authentication agent connection",
- SSH_CHANNEL_OPEN, sock, sock, -1,
- CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
- "authentication agent connection", 1);
+ c = channel_new("authentication agent connection",
+ SSH_CHANNEL_OPEN, sock, sock, -1,
+ CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
+ "authentication agent connection", 1);
else
c = channel_new("authentication agent connection",
SSH_CHANNEL_OPEN, sock, sock, -1,
}
if(options.hpn_disabled)
- c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
0, "tun", 1);
else
- c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
0, "tun", 1);
c->datagram = 1;
#define SSHMUX_COMMAND_OPEN 1 /* Open new connection */
#define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */
#define SSHMUX_COMMAND_TERMINATE 3 /* Ask master to exit */
-#define SSHMUX_COMMAND_PORTFORWARD 4 /* Ask master to portforward */
#define SSHMUX_FLAG_TTY (1) /* Request tty on open */
#define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */
#define SSHMUX_FLAG_X11_FWD (1<<2) /* Request X11 forwarding */
#define SSHMUX_FLAG_AGENT_FWD (1<<3) /* Request agent forwarding */
-#define SSHMUX_FLAG_PORTFORWARD (1<<4) /* Request portforward */
static void kex_choose_conf(Kex *);
/* put algorithm proposal into buffer */
+/* used in sshconnect.c as well as kex.c */
void
kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
{
u_int mode, ctos, need;
int first_kex_follows, type;
+ int auth_flag;
+
+ auth_flag = packet_authentication_state();
+
+ debug ("AUTH STATE IS %d", auth_flag);
+
my = kex_buf2prop(&kex->my, NULL);
peer = kex_buf2prop(&kex->peer, &first_kex_follows);
choose_enc (&newkeys->enc, cprop[nenc], sprop[nenc]);
choose_mac (&newkeys->mac, cprop[nmac], sprop[nmac]);
choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
+ debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
+ if (strcmp(newkeys->enc.name, "none") == 0) {
+ debug("Requesting NONE. Authflag is %d", auth_flag);
+ if (auth_flag == 1) {
+ debug("None requested post authentication.");
+ } else {
+ fatal("Pre-authentication none cipher requests are not allowed.");
+ }
+ }
debug("kex: %s %s %s %s",
ctos ? "client->server" : "server->client",
newkeys->enc.name,
rnd >>= 8;
}
}
-int rekey_requested = 0;
+int rekey_requested = 0;
void
packet_request_rekeying(void)
{
{
after_authentication = 1;
}
+
+int
+packet_authentication_state(void)
+{
+ return(after_authentication);
+}
int packet_is_interactive(void);
void packet_set_server(void);
void packet_set_authenticated(void);
+int packet_authentication_state(void);
void packet_start(u_char);
void packet_put_char(int ch);
options->hpn_disabled = 0;
if (options->hpn_buffer_size > -1)
{
+ /* if a user tries to set the size to 0 set it to 1KB */
if (options->hpn_buffer_size == 0)
- options->hpn_buffer_size = 1;
+ options->hpn_buffer_size = 1024;
/*limit the buffer to 64MB*/
- if (options->hpn_buffer_size > 65536)
+ if (options->hpn_buffer_size > 65536)
{
- options->hpn_buffer_size = 65536;
+ options->hpn_buffer_size = 65536*1024;
debug("User requested buffer larger than 64MB. Request reverted to 64MB");
}
- options->hpn_buffer_size *=1024;
debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
}
if (options->tcp_rcv_buf == 0)
options->tcp_rcv_buf = 1;
if (options->tcp_rcv_buf > -1)
options->tcp_rcv_buf *=1024;
+ if (options->tcp_rcv_buf_poll == -1)
+ options->tcp_rcv_buf_poll = 1;
if (options->control_master == -1)
options->control_master = 0;
if (options->hash_known_hosts == -1)
int enable_ssh_keysign;
int rekey_limit;
- int none_switch; /* use none cipher */
+ int none_switch; /* Use none cipher */
int none_enabled; /* Allow none to be used */
int no_host_authentication_for_localhost;
int identities_only;
case '4':
case '6':
case 'C':
- addargs(&args, "-%c", ch);
- break;
+ addargs(&args, "-%c", ch);
+ break;
case 'o':
case 'c':
case 'i':
if (options->hpn_disabled == -1)
options->hpn_disabled = 0;
- if (options->hpn_buffer_size == -1)
- {
+ if (options->hpn_buffer_size == -1) {
/* option not explicitly set. Now we have to figure out */
/* what value to use */
- if (options->hpn_disabled == 1)
- {
+ if (options->hpn_disabled == 1) {
options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
- }
- else
- {
+ } else {
/* get the current RCV size and set it to that */
/*create a socket but don't connect it */
/* we use that the get the rcv socket size */
debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
}
- }
- else
- {
+ } else {
/* we have to do this incase the user sets both values in a contradictory */
/* manner. hpn_disabled overrrides hpn_buffer_size*/
- if (options->hpn_disabled <= 0)
- {
- if (options->hpn_buffer_size == 0)
- options->hpn_buffer_size = 1;
- /* limit the maximum buffer to 64MB */
- if (options->hpn_buffer_size > 64*1024)
- options->hpn_buffer_size = 64*1024;
- options->hpn_buffer_size *=1024;
- }
- else
- options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
+ if (options->hpn_disabled <= 0) {
+ if (options->hpn_buffer_size == 0)
+ options->hpn_buffer_size = 1;
+ /* limit the maximum buffer to 64MB */
+ if (options->hpn_buffer_size > 64*1024) {
+ options->hpn_buffer_size = 64*1024*1024;
+ } else {
+ options->hpn_buffer_size *= 1024;
+ }
+ } else
+ options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
}
/* Turn privilege separation on by default */
if (sock < 0)
return NULL;
if (options.hpn_disabled)
- c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING,
- sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT,
- CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1);
+ c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING,
+ sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT,
+ CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1);
else
c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING,
sock, sock, -1, options.hpn_buffer_size,
if (sock < 0)
goto done;
if (options.hpn_disabled)
- c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
+ c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
else
c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
if (s->chanid == -1)
fatal("no channel for session %d", s->self);
if(options.hpn_disabled)
- channel_set_fds(s->chanid,
- fdout, fdin, fderr,
- fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
- 1,
- CHAN_SES_WINDOW_DEFAULT);
+ channel_set_fds(s->chanid,
+ fdout, fdin, fderr,
+ fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
+ 1,
+ CHAN_SES_WINDOW_DEFAULT);
else
channel_set_fds(s->chanid,
fdout, fdin, fderr,
/* window the window would get stuck at the initial buffer */
/* size generally less than 96k. Therefore we need to set the */
/* maximum ssh window size to the maximum hpn buffer size */
- /* unless the user hasspecifically set the hpnrcvbufpoll */
+ /* unless the user has specifically set the tcprcvbufpoll */
/* to no. In which case we *can* just set the window to the */
/* minimum of the hpn buffer size and tcp receive buffer size */
flags |= SSHMUX_FLAG_X11_FWD;
if (options.forward_agent)
flags |= SSHMUX_FLAG_AGENT_FWD;
- if (options.num_local_forwards > 0)
- flags |= SSHMUX_FLAG_PORTFORWARD;
buffer_init(&m);
/* Send our command to server */
buffer_put_int(&m, mux_command);
buffer_put_int(&m, flags);
- if (options.num_local_forwards > 0)
- {
- if (options.local_forwards[0].listen_host == NULL)
- buffer_put_string(&m,"LOCALHOST",11);
- else
- buffer_put_string(&m,options.local_forwards[0].listen_host,512);
- buffer_put_int(&m,options.local_forwards[0].listen_port);
- buffer_put_string(&m,options.local_forwards[0].connect_host,512);
- buffer_put_int(&m,options.local_forwards[0].connect_port);
- }
if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1)
fatal("%s: msg_send", __func__);
buffer_clear(&m);
if (sock < 0)
error("socket: %.100s", strerror(errno));
- if (options.tcp_rcv_buf > 0)
- ssh_set_socket_recvbuf(sock);
+
+ if (options.tcp_rcv_buf > 0)
+ ssh_set_socket_recvbuf(sock);
/* Bind the socket to an alternative local IP address */
if (options.bind_address == NULL)
#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3)
#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4)
+int myflag = 0;
+
+
extern char *__progname;
/* Server configuration options. */
error("setsockopt SO_REUSEADDR: %s", strerror(errno));
debug("Bind to port %s on %s.", strport, ntop);
-
+
getsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF,
&socksize, &socksizelen);
debug("Server TCP RWIN socket size: %d", socksize);
{
Kex *kex;
+ myflag++;
+ debug ("MYFLAG IS %d", myflag);
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
# the following are HPN related configuration options
-# tcp receive buffer polling. enable in autotuning kernels
-#TcpRcvBufPoll no
+# tcp receive buffer polling. disable in non autotuning kernels
+#TcpRcvBufPoll yes
# allow the use of the none cipher
#NoneEnabled no
# disable hpn performance boosts.
#HPNDisabled no
-# buffer size for hpn to non-hn connections
+# buffer size for hpn to non-hpn connections
#HPNBufferSize 2048
#define MGLUE_VERSION ""
#endif
-#define NCSA_VERSION " NCSA_GSSAPI_20071004"
+#define NCSA_VERSION " NCSA_GSSAPI_20071204"
#define SSH_VERSION "OpenSSH_4.7"
#define SSH_PORTABLE "p1"
-#define SSH_HPN "-hpn12v18"
+#define SSH_HPN "-hpn12v20"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN \
NCSA_VERSION GSI_VERSION KRB5_VERSION MGLUE_VERSION