From: jbasney Date: Thu, 15 Feb 2007 21:08:24 +0000 (+0000) Subject: hpn12v14 updates X-Git-Tag: OPENSSH_4_5P1_20070215~2 X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/commitdiff_plain/2d7c038e60d273876c288f4532769fb1be1166ec hpn12v14 updates --- diff --git a/openssh/servconf.c b/openssh/servconf.c index 0dc28e3..78766ee 100644 --- a/openssh/servconf.c +++ b/openssh/servconf.c @@ -139,6 +139,9 @@ initialize_server_options(ServerOptions *options) void fill_default_server_options(ServerOptions *options) { + int sock; + int socksize; + int socksizelen = sizeof(int); /* Portable-specific options */ if (options->use_pam == -1) @@ -222,7 +225,7 @@ fill_default_server_options(ServerOptions *options) if (options->gss_cleanup_creds == -1) options->gss_cleanup_creds = 1; if (options->gss_strict_acceptor == -1) - options->gss_strict_acceptor = 0; + options->gss_strict_acceptor = 1; if (options->gsi_allow_limited_proxy == -1) options->gsi_allow_limited_proxy = 0; if (options->password_authentication == -1) @@ -272,15 +275,43 @@ fill_default_server_options(ServerOptions *options) if (options->hpn_disabled == -1) options->hpn_disabled = 0; - if (options->hpn_buffer_size == -1) - options->hpn_buffer_size = 2*1024*1024; - else { - if (options->hpn_buffer_size == 0) - options->hpn_buffer_size = 1; - /* limit the maximum buffer to 7MB */ - if (options->hpn_buffer_size > 7168) - options->hpn_buffer_size = 7168; - options->hpn_buffer_size *=1024; + if (options->hpn_buffer_size == -1) + { + /* option not explicitly set. Now we have to figure out */ + /* what value to use */ + if (options->hpn_disabled == 1) + { + options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT; + } + else + { + /* get the current RCV size and set it to that */ + /*create a socket but don't connect it */ + /* we use that the get the rcv socket size */ + sock = socket(AF_INET, SOCK_STREAM, 0); + getsockopt(sock, SOL_SOCKET, SO_RCVBUF, + &socksize, &socksizelen); + close(sock); + options->hpn_buffer_size = socksize; + debug ("HPN Buffer Size: %d", options->hpn_buffer_size); + + } + } + else + { + /* we have to do this incase the user sets both values in a contradictory */ + /* manner. hpn_disabled overrrides hpn_buffer_size*/ + if (options->hpn_disabled <= 0) + { + if (options->hpn_buffer_size == 0) + options->hpn_buffer_size = 1; + /* limit the maximum buffer to 64MB */ + if (options->hpn_buffer_size > 64*1024) + options->hpn_buffer_size = 64*1024; + options->hpn_buffer_size *=1024; + } + else + options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT; } /* Turn privilege separation on by default */ @@ -334,9 +365,8 @@ typedef enum { sGsiAllowLimitedProxy, sAcceptEnv, sPermitTunnel, sMatch, sPermitOpen, sForceCommand, - sUsePrivilegeSeparation, - sNoneEnabled, sTcpRcvBufPoll, - sHPNDisabled, sHPNBufferSize, + sUsePrivilegeSeparation, sNoneEnabled, sTcpRcvBufPoll, + sHPNDisabled, sHPNBufferSize, sDeprecated, sUnsupported } ServerOpCodes; @@ -395,8 +425,8 @@ static struct { #ifdef GSSAPI { "gssapiauthentication", sGssAuthentication, SSHCFG_GLOBAL }, { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, - { "gssapicredentialspath", sGssCredsPath, SSHCFG_GLOBAL }, { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, + { "gssapicredentialspath", sGssCredsPath, SSHCFG_GLOBAL }, { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, #ifdef GSI { "gsiallowlimitedproxy", sGsiAllowLimitedProxy, SSHCFG_GLOBAL }, @@ -404,8 +434,8 @@ static struct { #else { "gssapiauthentication", sUnsupported, SSHCFG_GLOBAL }, { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, - { "gssapicredentialspath", sUnsupported, SSHCFG_GLOBAL }, { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, + { "gssapicredentialspath", sUnsupported, SSHCFG_GLOBAL }, { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, #ifdef GSI { "gsiallowlimitedproxy", sUnsupported, SSHCFG_GLOBAL }, @@ -464,7 +494,7 @@ static struct { { "match", sMatch, SSHCFG_ALL }, { "permitopen", sPermitOpen, SSHCFG_ALL }, { "forcecommand", sForceCommand, SSHCFG_ALL }, - { "noneenabled", sNoneEnabled }, + { "noneenabled", sNoneEnabled }, { "hpndisabled", sHPNDisabled }, { "hpnbuffersize", sHPNBufferSize }, { "tcprcvbufpoll", sTcpRcvBufPoll }, @@ -483,6 +513,7 @@ parse_token(const char *cp, const char *filename, for (i = 0; keywords[i].name; i++) if (strcasecmp(cp, keywords[i].name) == 0) { + debug ("Config token is %s", keywords[i].name); *flags = keywords[i].flags; return keywords[i].opcode; } @@ -961,14 +992,14 @@ parse_flag: intptr = &options->gss_cleanup_creds; goto parse_flag; - case sGssCredsPath: - charptr = &options->gss_creds_path; - goto parse_filename; - case sGssStrictAcceptor: intptr = &options->gss_strict_acceptor; goto parse_flag; + case sGssCredsPath: + charptr = &options->gss_creds_path; + goto parse_filename; + case sGsiAllowLimitedProxy: intptr = &options->gsi_allow_limited_proxy; goto parse_flag; diff --git a/openssh/ssh.c b/openssh/ssh.c index dd44efb..6edb30f 100644 --- a/openssh/ssh.c +++ b/openssh/ssh.c @@ -1243,26 +1243,29 @@ ssh_session2_open(void) { if (options.hpn_buffer_size < 0) options.hpn_buffer_size = BUFFER_MAX_LEN_HPN; + + /*create a socket but don't connect it */ + /* we use that the get the rcv socket size */ + sock = socket(AF_INET, SOCK_STREAM, 0); + /* if they are using the tcp_rcv_buf option */ + /* attempt to set the buffer size to that */ + if (options.tcp_rcv_buf) + setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&options.tcp_rcv_buf, + sizeof(options.tcp_rcv_buf)); + getsockopt(sock, SOL_SOCKET, SO_RCVBUF, + &socksize, &socksizelen); + close(sock); + debug("socksize %d", socksize); if (options.tcp_rcv_buf_poll <= 0) { - /*create a socket but don't connect it */ - /* we use that the get the rcv socket size */ - sock = socket(AF_INET, SOCK_STREAM, 0); - /* if they are using the tcp_rcv_buf option */ - /* attempt to set the buffer size to that */ - if (options.tcp_rcv_buf) - setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&options.tcp_rcv_buf, - sizeof(options.tcp_rcv_buf)); - getsockopt(sock, SOL_SOCKET, SO_RCVBUF, - &socksize, &socksizelen); - close(sock); - debug("socksize %d", socksize); - options.hpn_buffer_size = MIN(socksize,options.hpn_buffer_size); + options.hpn_buffer_size = MIN(socksize,options.hpn_buffer_size); + debug ("MIN of TCP RWIN and HPNBufferSize: %d", options.hpn_buffer_size); } else { if (options.tcp_rcv_buf > 0) options.hpn_buffer_size = MIN(options.tcp_rcv_buf, options.hpn_buffer_size); + debug ("MIN of TCPRcvBuf and HPNBufferSize: %d", options.hpn_buffer_size); } } diff --git a/openssh/sshd.c b/openssh/sshd.c index 0ffef9f..cfcb2a8 100644 --- a/openssh/sshd.c +++ b/openssh/sshd.c @@ -945,6 +945,8 @@ server_listen(void) int ret, listen_sock, on = 1; struct addrinfo *ai; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; + int socksize; + int socksizelen = sizeof(int); for (ai = options.listen_addrs; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) @@ -981,6 +983,11 @@ server_listen(void) error("setsockopt SO_REUSEADDR: %s", strerror(errno)); debug("Bind to port %s on %s.", strport, ntop); + + getsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, + &socksize, &socksizelen); + debug("Server TCP RWIN socket size: %d", socksize); + debug("HPN Buffer Size: %d", options.hpn_buffer_size); /* Bind the socket to the desired port. */ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { @@ -2184,8 +2191,6 @@ do_ssh2_kex(void) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); - /* start key exchange */ - #ifdef GSSAPI { char *orig; @@ -2194,8 +2199,8 @@ do_ssh2_kex(void) orig = myproposal[PROPOSAL_KEX_ALGS]; /* - * If we don't have a host key, then there's no point advertising - * the other key exchange algorithms + * If we don't have a host key, then there's no point advertising + * the other key exchange algorithms */ if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0) @@ -2228,7 +2233,7 @@ do_ssh2_kex(void) } #endif - /* start key exchange */ + /* start key exchange */ /* start key exchange */ kex = kex_setup(myproposal); kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; diff --git a/openssh/version.h b/openssh/version.h index 047c214..837fbcd 100644 --- a/openssh/version.h +++ b/openssh/version.h @@ -23,6 +23,6 @@ #define SSH_VERSION "OpenSSH_4.5" #define SSH_PORTABLE "p1" -#define SSH_HPN "-hpn12v12" +#define SSH_HPN "-hpn12v14" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN \ NCSA_VERSION GSI_VERSION KRB5_VERSION MGLUE_VERSION