From: jbasney Date: Wed, 26 Jul 2006 18:59:04 +0000 (+0000) Subject: openssh-4.3p2-hpn12.diff X-Git-Tag: OPENSSH_4_3P2_HPN12 X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/commitdiff_plain/d4e9cd2c59efa4d2eadf28e9c2f97d2d91919227 openssh-4.3p2-hpn12.diff --- diff --git a/openssh/HPN12-README b/openssh/HPN12-README new file mode 100644 index 0000000..01f46aa --- /dev/null +++ b/openssh/HPN12-README @@ -0,0 +1,43 @@ +config options + +TcpRcvBuf=[int]KB client + set the TCP socket receive buffer to n Kilobytes. It can be set up to the +maximum socket size allowed by the system. This is useful in situations where +the tcp receive window is set low but the maximum buffer size is set +higher (as is typical). This works on a per TCP connection basis. You can also +use this to artifically limit the transfer rate of the connection. In these +cases the throughput will be no more than n/RTT. The minimum buffer size is 1KB. +Default is the current system wide tcp receive buffer size. + +TcpRcvBufPoll=[yes/no] client/server + enable of disable the polling of the tcp receive buffer through the life +of the connection. You would want to make sure that this option is enabled +for systems making use of autotuning kernels (linux 2.4.24+, 2.6, MS Vista) +default is no. + +NoneEnabled=[yes/no] client/server + enable or disable the use of the None cipher. Care must always be used +when enabling this as it will allow users to send data in the clear. However, +it is important to note that authentication information remains encrypted +even if this option is enabled. Set to no by default. + +NoneSwitch=[yes/no] client + Switch the encryption cipher being used to the None cipher after +authentication takes place. NoneEnabled must be enabled on both the client +and server side of the connection. When the connection switches to the NONE +cipher a warning is sent to STDERR. The connection attempt will fail with an +error if a client requests a NoneSwitch from the server that does not explicitly +have NoneEnabled set to yes. Note: The NONE cipher cannot be used in +interactive (shell) sessions and it will fail silently. Set to no by default. + +HPNDisabled=[yes/no] client/server + In some situations, such as transfers on a local area network, the impact +of the HPN code produces a net decrease in performance. In these cases it is +helpful to disable the HPN functionality. By default HPNDisabled is set to no. + +HPNBufferSize=[int]KB client/server + This is the default buffer size the HPN functionality uses when interacting +with nonHPN SSH installations. Conceptually this is similar to the TcpRcvBuf +option as applied to the internal SSH flow control. This value can range from +1KB to 14MB (1-14336). Use of oversized or undersized buffers can cause performance +problems depending on the length of the network path. The default size of this buffer diff --git a/openssh/buffer.h b/openssh/buffer.h index 634b272..62e43d1 100644 --- a/openssh/buffer.h +++ b/openssh/buffer.h @@ -23,9 +23,15 @@ typedef struct { u_int end; /* Offset of last byte containing data. */ } Buffer; -#define BUFFER_MAX_CHUNK 0x100000 -#define BUFFER_MAX_LEN 0xa00000 -#define BUFFER_MAX_HPN_LEN (2<<29)-1 +#define BUFFER_MAX_CHUNK 0x100000 /*1MB*/ +#define BUFFER_MAX_LEN 0xa00000 /*10MB*/ + +/* this value for BUFFER_MAX_HPN_LEN is */ +/* still undersized for the faster networks */ +/* it might make sense to have yet another */ +/* MAX_LEN for 10+GB networks. Something closer to */ +/* 128MB or 192MB -cjr*/ +#define BUFFER_MAX_HPN_LEN 0x2000000 /*32MB*/ void buffer_init(Buffer *); void buffer_clear(Buffer *); diff --git a/openssh/channels.c b/openssh/channels.c index b7f36d0..9311643 100644 --- a/openssh/channels.c +++ b/openssh/channels.c @@ -56,6 +56,7 @@ RCSID("$OpenBSD: channels.c,v 1.232 2006/01/30 12:22:22 reyk Exp $"); #include "pathnames.h" #include "bufaux.h" + /* -- channel core */ /* @@ -745,13 +746,32 @@ channel_pre_open_13(Channel *c, fd_set * readset, fd_set * writeset) FD_SET(c->sock, writeset); } +int channel_tcpwinsz () { + u_int32_t tcpwinsz = 0; + socklen_t optsz = sizeof(tcpwinsz); + int ret = -1; + if(!packet_connection_is_on_socket()) + return(131072); + ret = getsockopt(packet_get_connection_in(), + SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz); + if ((ret == 0) && tcpwinsz > BUFFER_MAX_HPN_LEN) + tcpwinsz = BUFFER_MAX_HPN_LEN; + debug2("tcpwinsz: %d for connection: %d", tcpwinsz, packet_get_connection_in()); + return(tcpwinsz); +} + static void channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset) { u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); - + /* check buffer limits */ - limit = MIN(limit, (BUFFER_MAX_HPN_LEN - BUFFER_MAX_CHUNK - CHAN_RBUF)); + if (!c->tcpwinsz) + c->tcpwinsz = channel_tcpwinsz(); + if (c->dynamic_window > 0) + c->tcpwinsz = channel_tcpwinsz(); + + limit = MIN(limit, 2 * c->tcpwinsz); if (c->istate == CHAN_INPUT_OPEN && limit > 0 && @@ -1616,19 +1636,10 @@ channel_check_window(Channel *c) !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) && c->local_window < c->local_window_max/2 && c->local_consumed > 0) { - u_int32_t tcpwinsz = 0; - socklen_t optsz = sizeof(tcpwinsz); - int ret = -1; - u_int32_t addition = 0; - if (c->dynamic_window) { - ret = getsockopt(packet_get_connection_in(), - SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz); - if ((ret == 0) && tcpwinsz > BUFFER_MAX_HPN_LEN) - tcpwinsz = BUFFER_MAX_HPN_LEN; - } - if (c->dynamic_window && (ret == 0) && - (tcpwinsz > c->local_window_max)) { - addition = tcpwinsz - c->local_window_max; + u_int addition = 0; + /* adjust max window size if we are in a dynamic environment */ + if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) { + addition = c->tcpwinsz - c->local_window_max; c->local_window_max += addition; } packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST); @@ -2297,7 +2308,8 @@ channel_set_af(int af) static int channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port, - const char *host_to_connect, u_short port_to_connect, int gateway_ports) + const char *host_to_connect, u_short port_to_connect, int gateway_ports, + int hpn_disabled, int hpn_buffer_size) { Channel *c; int sock, r, success = 0, wildcard = 0, is_client; @@ -2410,9 +2422,15 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por continue; } /* Allocate a channel number for the socket. */ - c = channel_new("port listener", type, sock, sock, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, - 0, "port listener", 1); + /* explicitly test for hpn disabled option. if true use smaller window size */ + if (hpn_disabled) + c = channel_new("port listener", type, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, + 0, "port listener", 1); + else + c = channel_new("port listener", type, sock, sock, -1, + hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, + 0, "port listener", 1); strlcpy(c->path, host, sizeof(c->path)); c->host_port = port_to_connect; c->listening_port = listen_port; @@ -2449,20 +2467,22 @@ channel_cancel_rport_listener(const char *host, u_short port) /* protocol local port fwd, used by ssh (and sshd in v1) */ int channel_setup_local_fwd_listener(const char *listen_host, u_short listen_port, - const char *host_to_connect, u_short port_to_connect, int gateway_ports) + const char *host_to_connect, u_short port_to_connect, int gateway_ports, + int hpn_disabled, int hpn_buffer_size) { return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER, listen_host, listen_port, host_to_connect, port_to_connect, - gateway_ports); + gateway_ports, hpn_disabled, hpn_buffer_size); } /* protocol v2 remote port fwd, used by sshd */ int channel_setup_remote_fwd_listener(const char *listen_address, - u_short listen_port, int gateway_ports) + u_short listen_port, int gateway_ports, int hpn_disabled, int hpn_buffer_size) { return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER, - listen_address, listen_port, NULL, 0, gateway_ports); + listen_address, listen_port, NULL, 0, gateway_ports, + hpn_disabled, hpn_buffer_size); } /* @@ -2571,7 +2591,8 @@ channel_request_rforward_cancel(const char *host, u_short port) */ void -channel_input_port_forward_request(int is_root, int gateway_ports) +channel_input_port_forward_request(int is_root, int gateway_ports, + int hpn_disabled, int hpn_buffer_size) { u_short port, host_port; char *hostname; @@ -2596,7 +2617,7 @@ channel_input_port_forward_request(int is_root, int gateway_ports) /* Initiate forwarding */ channel_setup_local_fwd_listener(NULL, port, hostname, - host_port, gateway_ports); + host_port, gateway_ports, hpn_disabled, hpn_buffer_size); /* Free the argument string. */ xfree(hostname); @@ -2766,7 +2787,8 @@ channel_send_window_changes(void) */ int x11_create_display_inet(int x11_display_offset, int x11_use_localhost, - int single_connection, u_int *display_numberp, int **chanids) + int single_connection, u_int *display_numberp, int **chanids, + int hpn_disabled, int hpn_buffer_size) { Channel *nc = NULL; int display_number, sock; @@ -2863,10 +2885,16 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, *chanids = xmalloc(sizeof(**chanids) * (num_socks + 1)); for (n = 0; n < num_socks; n++) { sock = socks[n]; - nc = channel_new("x11 listener", - SSH_CHANNEL_X11_LISTENER, sock, sock, -1, - CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, - 0, "X11 inet listener", 1); + if (hpn_disabled) + nc = channel_new("x11 listener", + SSH_CHANNEL_X11_LISTENER, sock, sock, -1, + CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, + 0, "X11 inet listener", 1); + else + nc = channel_new("x11 listener", + SSH_CHANNEL_X11_LISTENER, sock, sock, -1, + hpn_buffer_size, CHAN_X11_PACKET_DEFAULT, + 0, "X11 inet listener", 1); nc->single_connection = single_connection; (*chanids)[n] = nc->self; } diff --git a/openssh/channels.h b/openssh/channels.h index 3f4b788..f380531 100644 --- a/openssh/channels.h +++ b/openssh/channels.h @@ -103,6 +103,7 @@ struct Channel { int dynamic_window; int extended_usage; int single_connection; + u_int tcpwinsz; char *ctype; /* type */ @@ -124,12 +125,17 @@ struct Channel { #define CHAN_EXTENDED_WRITE 2 /* default window/packet sizes for tcp/x11-fwd-channel */ -#define CHAN_SES_PACKET_DEFAULT (32*1024) -#define CHAN_SES_WINDOW_DEFAULT (0xa00000/2) -#define CHAN_TCP_PACKET_DEFAULT (32*1024) -#define CHAN_TCP_WINDOW_DEFAULT (0xa00000/2) -#define CHAN_X11_PACKET_DEFAULT (16*1024) -#define CHAN_X11_WINDOW_DEFAULT (0xa00000/2) +#define CHAN_SES_PACKET_DEFAULT (32*1024) +#define CHAN_SES_WINDOW_DEFAULT_HPN (160*CHAN_TCP_PACKET_DEFAULT) +#define CHAN_SES_WINDOW_DEFAULT (4*CHAN_SES_PACKET_DEFAULT) + +#define CHAN_TCP_PACKET_DEFAULT (32*1024) +#define CHAN_TCP_WINDOW_DEFAULT_HPN (160*CHAN_TCP_PACKET_DEFAULT) +#define CHAN_TCP_WINDOW_DEFAULT (4*CHAN_TCP_PACKET_DEFAULT) + +#define CHAN_X11_PACKET_DEFAULT (16*1024) +#define CHAN_X11_WINDOW_DEFAULT_HPN (4*CHAN_X11_PACKET_DEFAULT) +#define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT) /* possible input states */ #define CHAN_INPUT_OPEN 0 @@ -209,21 +215,21 @@ void channel_set_af(int af); void channel_permit_all_opens(void); void channel_add_permitted_opens(char *, int); void channel_clear_permitted_opens(void); -void channel_input_port_forward_request(int, int); +void channel_input_port_forward_request(int, int, int, int); int channel_connect_to(const char *, u_short); int channel_connect_by_listen_address(u_short); void channel_request_remote_forwarding(const char *, u_short, const char *, u_short); int channel_setup_local_fwd_listener(const char *, u_short, - const char *, u_short, int); + const char *, u_short, int, int, int); void channel_request_rforward_cancel(const char *host, u_short port); -int channel_setup_remote_fwd_listener(const char *, u_short, int); +int channel_setup_remote_fwd_listener(const char *, u_short, int, int, int); int channel_cancel_rport_listener(const char *, u_short); /* x11 forwarding */ int x11_connect_display(void); -int x11_create_display_inet(int, int, int, u_int *, int **); +int x11_create_display_inet(int, int, int, u_int *, int **, int, int); void x11_input_open(int, u_int32_t, void *); void x11_request_forwarding_with_spoofing(int, const char *, const char *, const char *); diff --git a/openssh/clientloop.c b/openssh/clientloop.c index b76f7cf..3089bcf 100644 --- a/openssh/clientloop.c +++ b/openssh/clientloop.c @@ -689,6 +689,10 @@ client_process_control(fd_set * readset) u_int i, len, env_len, command, flags; uid_t euid; gid_t egid; + int listen_port = 0; + int connect_port = 0; + char * listen_host = NULL; + char * connect_host = NULL; /* * Accept connection on control socket @@ -737,6 +741,13 @@ client_process_control(fd_set * readset) command = buffer_get_int(&m); flags = buffer_get_int(&m); + if (SSHMUX_FLAG_PORTFORWARD & flags) + { + listen_host = buffer_get_string(&m,NULL); + listen_port = buffer_get_int(&m); + connect_host = buffer_get_string(&m,NULL); + connect_port = buffer_get_int(&m); + } buffer_clear(&m); switch (command) { @@ -776,6 +787,31 @@ client_process_control(fd_set * readset) return; } + if (allowed && (SSHMUX_FLAG_PORTFORWARD & flags) && listen_host && connect_host) + { + int ret; + Forward * fwd; + + fwd = &options.local_forwards[options.num_local_forwards++]; + fwd->listen_host = xstrdup(listen_host); + fwd->listen_port = listen_port; + fwd->connect_host = xstrdup(connect_host); + fwd->connect_port = connect_port; + ret = channel_setup_local_fwd_listener( + options.local_forwards[options.num_local_forwards-1].listen_host, + options.local_forwards[options.num_local_forwards-1].listen_port, + options.local_forwards[options.num_local_forwards-1].connect_host, + options.local_forwards[options.num_local_forwards-1].connect_port, + options.gateway_ports, options.hpn_disabled, options.hpn_buffer_size); + + } + + + if (listen_host) + xfree(listen_host); + if (connect_host) + xfree(connect_host); + /* Reply for SSHMUX_COMMAND_OPEN */ buffer_clear(&m); buffer_put_int(&m, allowed); @@ -874,11 +910,16 @@ client_process_control(fd_set * readset) set_nonblock(client_fd); - c = channel_new("session", SSH_CHANNEL_OPENING, - new_fd[0], new_fd[1], new_fd[2], - CHAN_SES_WINDOW_DEFAULT, CHAN_SES_PACKET_DEFAULT, - CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); - + if (options.hpn_disabled) + c = channel_new("session", SSH_CHANNEL_OPENING, + new_fd[0], new_fd[1], new_fd[2], + CHAN_SES_WINDOW_DEFAULT, CHAN_SES_PACKET_DEFAULT, + CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); + else + c = channel_new("session", SSH_CHANNEL_OPENING, + new_fd[0], new_fd[1], new_fd[2], + options.hpn_buffer_size, CHAN_SES_PACKET_DEFAULT, + CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); /* XXX */ c->ctl_fd = client_fd; @@ -973,7 +1014,8 @@ process_cmdline(void) if (local) { if (channel_setup_local_fwd_listener(fwd.listen_host, fwd.listen_port, fwd.connect_host, - fwd.connect_port, options.gateway_ports) < 0) { + fwd.connect_port, options.gateway_ports, + options.hpn_disabled, options.hpn_buffer_size) < 0) { logit("Port forwarding failed."); goto out; } @@ -1669,10 +1711,16 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) xfree(listen_address); return NULL; } - c = channel_new("forwarded-tcpip", - SSH_CHANNEL_CONNECTING, sock, sock, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0, - originator_address, 1); + if (options.hpn_disabled) + c = channel_new("forwarded-tcpip", + SSH_CHANNEL_CONNECTING, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0, + originator_address, 1); + else + c = channel_new("forwarded-tcpip", + SSH_CHANNEL_CONNECTING, sock, sock, -1, + options.hpn_buffer_size, options.hpn_buffer_size, 0, + originator_address, 1); xfree(originator_address); xfree(listen_address); return c; @@ -1706,9 +1754,14 @@ client_request_x11(const char *request_type, int rchan) sock = x11_connect_display(); if (sock < 0) return NULL; - c = channel_new("x11", - SSH_CHANNEL_X11_OPEN, sock, sock, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1); + if (options.hpn_disabled) + c = channel_new("x11", + SSH_CHANNEL_X11_OPEN, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1); + else + c = channel_new("x11", + SSH_CHANNEL_X11_OPEN, sock, sock, -1, + options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1); c->force_drain = 1; return c; } @@ -1727,10 +1780,16 @@ client_request_agent(const char *request_type, int rchan) sock = ssh_get_authentication_socket(); if (sock < 0) return NULL; - c = channel_new("authentication agent connection", - SSH_CHANNEL_OPEN, sock, sock, -1, - CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0, - "authentication agent connection", 1); + if (options.hpn_disabled) + c = channel_new("authentication agent connection", + SSH_CHANNEL_OPEN, sock, sock, -1, + CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0, + "authentication agent connection", 1); + else + c = channel_new("authentication agent connection", + SSH_CHANNEL_OPEN, sock, sock, -1, + options.hpn_buffer_size, options.hpn_buffer_size, 0, + "authentication agent connection", 1); c->force_drain = 1; return c; } diff --git a/openssh/clientloop.h b/openssh/clientloop.h index aed2d91..1845663 100644 --- a/openssh/clientloop.h +++ b/openssh/clientloop.h @@ -50,8 +50,10 @@ void client_session2_setup(int, int, int, const char *, struct termios *, #define SSHMUX_COMMAND_OPEN 1 /* Open new connection */ #define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */ #define SSHMUX_COMMAND_TERMINATE 3 /* Ask master to exit */ +#define SSHMUX_COMMAND_PORTFORWARD 4 /* Ask master to portforward */ #define SSHMUX_FLAG_TTY (1) /* Request tty on open */ #define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */ #define SSHMUX_FLAG_X11_FWD (1<<2) /* Request X11 forwarding */ #define SSHMUX_FLAG_AGENT_FWD (1<<3) /* Request agent forwarding */ +#define SSHMUX_FLAG_PORTFORWARD (1<<4) /* Request portforward */ diff --git a/openssh/myproposal.h b/openssh/myproposal.h index 9690459..129d98c 100644 --- a/openssh/myproposal.h +++ b/openssh/myproposal.h @@ -31,7 +31,9 @@ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ "arcfour128,arcfour256,arcfour," \ "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \ - "aes128-ctr,aes192-ctr,aes256-ctr,none" + "aes128-ctr,aes192-ctr,aes256-ctr" +#define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \ + ",none" #define KEX_DEFAULT_MAC \ "hmac-md5,hmac-sha1,hmac-ripemd160," \ "hmac-ripemd160@openssh.com," \ diff --git a/openssh/readconf.c b/openssh/readconf.c index 9458891..00fd0c0 100644 --- a/openssh/readconf.c +++ b/openssh/readconf.c @@ -112,6 +112,8 @@ typedef enum { oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, + oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisabled, + oHPNBufferSize, oDeprecated, oUnsupported } OpCodes; @@ -207,6 +209,12 @@ static struct { { "tunneldevice", oTunnelDevice }, { "localcommand", oLocalCommand }, { "permitlocalcommand", oPermitLocalCommand }, + { "noneenabled", oNoneEnabled }, + { "tcprcvbufpoll", oTcpRcvBufPoll }, + { "tcprcvbuf", oTcpRcvBuf }, + { "noneswitch", oNoneSwitch }, + { "hpndisabled", oHPNDisabled }, + { "hpnbuffersize", oHPNBufferSize }, { NULL, oBadOption } }; @@ -428,10 +436,31 @@ parse_flag: intptr = &options->check_host_ip; goto parse_flag; + case oNoneEnabled: + intptr = &options->none_enabled; + goto parse_flag; + + case oNoneSwitch: + intptr = &options->none_switch; + goto parse_flag; + + case oHPNDisabled: + intptr = &options->hpn_disabled; + goto parse_flag; + + case oHPNBufferSize: + intptr = &options->hpn_buffer_size; + goto parse_int; + + case oTcpRcvBufPoll: + intptr = &options->tcp_rcv_buf_poll; + goto parse_flag; + case oVerifyHostKeyDNS: intptr = &options->verify_host_key_dns; goto parse_yesnoask; + case oStrictHostKeyChecking: intptr = &options->strict_host_key_checking; parse_yesnoask: @@ -593,6 +622,10 @@ parse_int: intptr = &options->connection_attempts; goto parse_int; + case oTcpRcvBuf: + intptr = &options->tcp_rcv_buf; + goto parse_int; + case oCipher: intptr = &options->cipher; arg = strdelim(&s); @@ -1016,7 +1049,6 @@ initialize_options(Options * options) options->verify_host_key_dns = -1; options->server_alive_interval = -1; options->server_alive_count_max = -1; - options->none_switch = -1; options->num_send_env = 0; options->control_path = NULL; options->control_master = -1; @@ -1026,6 +1058,12 @@ initialize_options(Options * options) options->tun_remote = -1; options->local_command = NULL; options->permit_local_command = -1; + options->none_switch = -1; + options->none_enabled = -1; + options->hpn_disabled = -1; + options->hpn_buffer_size = -1; + options->tcp_rcv_buf_poll = -1; + options->tcp_rcv_buf = -1; } /* @@ -1148,6 +1186,22 @@ fill_default_options(Options * options) options->server_alive_count_max = 3; if (options->none_switch == -1) options->none_switch = 0; + if (options->hpn_disabled == -1) + options->hpn_disabled = 0; + if (options->hpn_buffer_size == -1) + options->hpn_buffer_size = 2*1024*1024; + else { + if (options->hpn_buffer_size == 0) + options->hpn_buffer_size = 1; + /*limit the buffer to 7MB*/ + if (options->hpn_buffer_size > 7168) + options->hpn_buffer_size = 7168; + options->hpn_buffer_size *=1024; + } + if (options->tcp_rcv_buf == 0) + options->tcp_rcv_buf = 1; + if (options->tcp_rcv_buf > -1) + options->tcp_rcv_buf *=1024; if (options->control_master == -1) options->control_master = 0; if (options->hash_known_hosts == -1) diff --git a/openssh/readconf.h b/openssh/readconf.h index 08134b6..0c826a4 100644 --- a/openssh/readconf.h +++ b/openssh/readconf.h @@ -58,6 +58,10 @@ typedef struct { * (best). */ int tcp_keep_alive; /* Set SO_KEEPALIVE. */ int tcp_rcv_buf; /* user switch to set tcp recv buffer */ + int tcp_rcv_buf_poll; /* Option to poll recv buf every window transfer */ + int hpn_disabled; /* Switch to disable HPN buffer management */ + int hpn_buffer_size; /* User definable size for HPN buffer window */ + LogLevel log_level; /* Level for logging. */ int port; /* Port to connect. */ @@ -103,7 +107,8 @@ typedef struct { int enable_ssh_keysign; int rekey_limit; - int none_switch; + int none_switch; /* use none cipher */ + int none_enabled; /* Allow none to be used */ int no_host_authentication_for_localhost; int identities_only; int server_alive_interval; diff --git a/openssh/scp.c b/openssh/scp.c index b1779ed..6e81062 100644 --- a/openssh/scp.c +++ b/openssh/scp.c @@ -278,7 +278,7 @@ main(int argc, char **argv) addargs(&args, "-oClearAllForwardings yes"); fflag = tflag = 0; - while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246zS:o:F:R:")) != -1) + while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246zS:o:F:w:")) != -1) switch (ch) { /* User-visible flags. */ case '1': @@ -340,9 +340,9 @@ main(int argc, char **argv) setmode(0, O_BINARY); #endif break; - case 'R': - addargs(&args, "-r%s", optarg); - break; + case 'w': + addargs(&args, "-w%s", optarg); + break; default: usage(); } @@ -617,7 +617,7 @@ syserr: run_err("%s: %s", name, strerror(errno)); (void) atomicio(vwrite, remout, buf, strlen(buf)); if (response() < 0) goto next; - if ((bp = allocbuf(&buffer, fd, 2048)) == NULL) { + if ((bp = allocbuf(&buffer, fd, sizeof(buf))) == NULL) { next: if (fd != -1) { (void) close(fd); fd = -1; @@ -1089,7 +1089,7 @@ usage(void) { (void) fprintf(stderr, "usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n" - " [-l limit] [-o ssh_option] [-P port] [-R Receive buffer size (Kb)] [-S program]\n" + " [-l limit] [-o ssh_option] [-P port] [-w buffer size] [-S program]\n" " [[user@]host1:]file1 [...] [[user@]host2:]file2\n"); exit(1); } diff --git a/openssh/servconf.c b/openssh/servconf.c index 81953bb..efe34a3 100644 --- a/openssh/servconf.c +++ b/openssh/servconf.c @@ -102,6 +102,10 @@ initialize_server_options(ServerOptions *options) options->authorized_keys_file2 = NULL; options->num_accept_env = 0; options->permit_tun = -1; + options->none_enabled = -1; + options->tcp_rcv_buf_poll = -1; + options->hpn_disabled = -1; + options->hpn_buffer_size = -1; /* Needs to be accessable in many places */ use_privsep = -1; @@ -110,6 +114,7 @@ initialize_server_options(ServerOptions *options) void fill_default_server_options(ServerOptions *options) { + /* Portable-specific options */ if (options->use_pam == -1) options->use_pam = 0; @@ -233,10 +238,26 @@ fill_default_server_options(ServerOptions *options) if (options->permit_tun == -1) options->permit_tun = SSH_TUNMODE_NO; + if (options->hpn_disabled == -1) + options->hpn_disabled = 0; + + if (options->hpn_buffer_size == -1) + options->hpn_buffer_size = 2*1024*1024; + else { + if (options->hpn_buffer_size == 0) + options->hpn_buffer_size = 1; + /* limit the maximum buffer to 7MB */ + if (options->hpn_buffer_size > 7168) + options->hpn_buffer_size = 7168; + options->hpn_buffer_size *=1024; + } + /* Turn privilege separation on by default */ if (use_privsep == -1) use_privsep = 1; + + #ifndef HAVE_MMAP if (use_privsep && options->compression == 1) { error("This platform does not support both privilege " @@ -274,7 +295,8 @@ typedef enum { sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, - sUsePrivilegeSeparation, + sUsePrivilegeSeparation, sNoneEnabled, sTcpRcvBufPoll, + sHPNDisabled, sHPNBufferSize, sDeprecated, sUnsupported } ServerOpCodes; @@ -376,6 +398,10 @@ static struct { { "authorizedkeysfile2", sAuthorizedKeysFile2 }, { "useprivilegeseparation", sUsePrivilegeSeparation}, { "acceptenv", sAcceptEnv }, + { "noneenabled", sNoneEnabled }, + { "hpndisabled", sHPNDisabled }, + { "hpnbuffersize", sHPNBufferSize }, + { "tcprcvbufpoll", sTcpRcvBufPoll }, { "permittunnel", sPermitTunnel }, { NULL, sBadOption } }; @@ -391,9 +417,9 @@ parse_token(const char *cp, const char *filename, u_int i; for (i = 0; keywords[i].name; i++) - if (strcasecmp(cp, keywords[i].name) == 0) - return keywords[i].opcode; - + if (strcasecmp(cp, keywords[i].name) == 0){ + debug ("TOKEN IS %s", keywords[i].name); + return keywords[i].opcode;} error("%s: line %d: Bad configuration option: %s", filename, linenum, cp); return sBadOption; @@ -457,6 +483,7 @@ process_server_config_line(ServerOptions *options, char *line, intptr = NULL; charptr = NULL; opcode = parse_token(arg, filename, linenum); + switch (opcode) { /* Portable-specific options */ case sUsePAM: @@ -629,6 +656,22 @@ parse_flag: *intptr = value; break; + case sNoneEnabled: + intptr = &options->none_enabled; + goto parse_flag; + + case sTcpRcvBufPoll: + intptr = &options->tcp_rcv_buf_poll; + goto parse_flag; + + case sHPNDisabled: + intptr = &options->hpn_disabled; + goto parse_flag; + + case sHPNBufferSize: + intptr = &options->hpn_buffer_size; + goto parse_int; + case sIgnoreUserKnownHosts: intptr = &options->ignore_user_known_hosts; goto parse_flag; diff --git a/openssh/servconf.h b/openssh/servconf.h index ab82c8f..7c851e6 100644 --- a/openssh/servconf.h +++ b/openssh/servconf.h @@ -135,6 +135,10 @@ typedef struct { char *authorized_keys_file2; int use_pam; /* Enable auth via PAM */ + int none_enabled; /* enable NONE cipher switch */ + int tcp_rcv_buf_poll; /* poll tcp rcv window in autotuning kernels*/ + int hpn_disabled; /* disable hpn functionality. false by default */ + int hpn_buffer_size; /* set the hpn buffer size - default 3MB */ int permit_tun; } ServerOptions; diff --git a/openssh/serverloop.c b/openssh/serverloop.c index b60932f..5eb5fd5 100644 --- a/openssh/serverloop.c +++ b/openssh/serverloop.c @@ -907,9 +907,14 @@ server_request_direct_tcpip(void) xfree(originator); if (sock < 0) return NULL; - c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING, - sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, - CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1); + if (options.hpn_disabled) + c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING, + sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, + CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1); + else + c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING, + sock, sock, -1, options.hpn_buffer_size, + CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1); return c; } @@ -944,8 +949,12 @@ server_request_tun(void) sock = tun_open(tun, mode); if (sock < 0) goto done; - c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); + if (options.hpn_disabled) + c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); + else + c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, + options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); c->datagram = 1; #if defined(SSH_TUN_FILTER) if (mode == SSH_TUNMODE_POINTOPOINT) @@ -975,7 +984,7 @@ server_request_session(void) c = channel_new("session", SSH_CHANNEL_LARVAL, -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT, 0, "server-session", 1); - if (!(datafellows & SSH_BUG_LARGEWINDOW)) + if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled)) c->dynamic_window = 1; if (session_open(the_authctxt, c->self) != 1) { debug("session open failed, free channel %d", c->self); @@ -1073,7 +1082,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) } else { /* Start listening on the port */ success = channel_setup_remote_fwd_listener( - listen_address, listen_port, options.gateway_ports); + listen_address, listen_port, options.gateway_ports, + options.hpn_disabled, options.hpn_buffer_size); } xfree(listen_address); } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { diff --git a/openssh/session.c b/openssh/session.c index 0cbd5fb..79648b4 100644 --- a/openssh/session.c +++ b/openssh/session.c @@ -186,6 +186,7 @@ auth_input_request_forwarding(struct passwd * pw) packet_disconnect("listen: %.100s", strerror(errno)); /* Allocate a channel for the authentication agent socket. */ + /* this shouldn't matter if its hpn or not - cjr */ nc = channel_new("auth socket", SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, @@ -322,7 +323,9 @@ do_authenticated1(Authctxt *authctxt) break; } debug("Received TCP/IP port forwarding request."); - channel_input_port_forward_request(s->pw->pw_uid == 0, options.gateway_ports); + channel_input_port_forward_request(s->pw->pw_uid == 0, options.gateway_ports, + options.hpn_disabled, + options.hpn_buffer_size); success = 1; break; @@ -2017,11 +2020,18 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr) */ if (s->chanid == -1) fatal("no channel for session %d", s->self); - channel_set_fds(s->chanid, - fdout, fdin, fderr, - fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, - 1, - CHAN_SES_WINDOW_DEFAULT); + if(options.hpn_disabled) + channel_set_fds(s->chanid, + fdout, fdin, fderr, + fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, + 1, + CHAN_SES_WINDOW_DEFAULT); + else + channel_set_fds(s->chanid, + fdout, fdin, fderr, + fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, + 1, + options.hpn_buffer_size); } /* @@ -2365,7 +2375,8 @@ session_setup_x11fwd(Session *s) } if (x11_create_display_inet(options.x11_display_offset, options.x11_use_localhost, s->single_connection, - &s->display_number, &s->x11_chanids) == -1) { + &s->display_number, &s->x11_chanids, + options.hpn_disabled, options.hpn_buffer_size) == -1) { debug("x11_create_display_inet failed."); return 0; } diff --git a/openssh/sftp.c b/openssh/sftp.c index 56a6922..a2e3f6a 100644 --- a/openssh/sftp.c +++ b/openssh/sftp.c @@ -1464,7 +1464,7 @@ main(int argc, char **argv) ll = SYSLOG_LEVEL_INFO; infile = stdin; - while ((ch = getopt(argc, argv, "1hvCo:s:S:b:B:F:P:R:z")) != -1) { + while ((ch = getopt(argc, argv, "1hvCo:s:S:b:B:F:P:R:")) != -1) { switch (ch) { case 'C': addargs(&args, "-C"); @@ -1519,9 +1519,6 @@ main(int argc, char **argv) optarg); break; case 'h': - case 'z': - addargs(&args, "-%c", ch); - break; default: usage(); } diff --git a/openssh/ssh.c b/openssh/ssh.c index 16e2fe0..4529ba4 100644 --- a/openssh/ssh.c +++ b/openssh/ssh.c @@ -157,13 +157,12 @@ static void usage(void) { fprintf(stderr, -"usage: ssh [-1246AaCfgkMNnqrsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" +"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" " [-D [bind_address:]port] [-e escape_char] [-F configfile]\n" " [-i identity_file] [-L [bind_address:]port:host:hostport]\n" " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" " [-w tunnel:tunnel] [user@]hostname [command]\n" -" [-r Receive Buffer Size in K]\n" ); exit(255); } @@ -242,12 +241,10 @@ main(int ac, char **av) /* Parse command-line arguments. */ host = NULL; - /* need to set options.tcp_rcv_buf to 0 */ - options.tcp_rcv_buf = 0; again: while ((opt = getopt(ac, av, - "1246ab:c:e:fgi:kl:m:no:p:qrstvxACD:F:I:L:MNO:PR:S:TVw:XYz")) != -1) { + "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) { switch (opt) { case '1': options.protocol = SSH_PROTO_1; @@ -499,9 +496,6 @@ again: case 'F': config = optarg; break; - case 'r': - options.tcp_rcv_buf = atoi(optarg) * 1024; - break; case 'z': /* make sure we can't turn on the none_switch */ /* if they try to force a no tty flag on a tty session */ @@ -808,7 +802,8 @@ ssh_init_forwarding(void) options.local_forwards[i].listen_port, options.local_forwards[i].connect_host, options.local_forwards[i].connect_port, - options.gateway_ports); + options.gateway_ports, options.hpn_disabled, + options.hpn_buffer_size); } if (i > 0 && success == 0) error("Could not request local forwarding."); @@ -1090,9 +1085,14 @@ ssh_session2_setup(int id, void *arg) debug("Requesting tun."); if ((fd = tun_open(options.tun_local, options.tun_open)) >= 0) { - c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, - 0, "tun", 1); + if(options.hpn_disabled) + c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, + 0, "tun", 1); + else + c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, + options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, + 0, "tun", 1); c->datagram = 1; #if defined(SSH_TUN_FILTER) if (options.tun_open == SSH_TUNMODE_POINTOPOINT) @@ -1142,7 +1142,10 @@ ssh_session2_open(void) if (!isatty(err)) set_nonblock(err); - window = CHAN_SES_WINDOW_DEFAULT; + if(options.hpn_disabled) + window = CHAN_SES_WINDOW_DEFAULT; + else + window = options.hpn_buffer_size; packetmax = CHAN_SES_PACKET_DEFAULT; if (tty_flag) { window = 4*CHAN_SES_PACKET_DEFAULT; @@ -1153,8 +1156,9 @@ ssh_session2_open(void) "session", SSH_CHANNEL_OPENING, in, out, err, window, packetmax, CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); - if (!tty_flag && (!(datafellows & SSH_BUG_LARGEWINDOW))) { + if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled)) { c->dynamic_window = 1; + debug ("Enabled Dynamic Window Scaling\n"); } debug3("ssh_session2_open: channel_new: %d", c->self); @@ -1335,12 +1339,23 @@ control_client(const char *path) flags |= SSHMUX_FLAG_X11_FWD; if (options.forward_agent) flags |= SSHMUX_FLAG_AGENT_FWD; - + if (options.num_local_forwards > 0) + flags |= SSHMUX_FLAG_PORTFORWARD; buffer_init(&m); /* Send our command to server */ buffer_put_int(&m, mux_command); buffer_put_int(&m, flags); + if (options.num_local_forwards > 0) + { + if (options.local_forwards[0].listen_host == NULL) + buffer_put_string(&m,"LOCALHOST",11); + else + buffer_put_string(&m,options.local_forwards[0].listen_host,512); + buffer_put_int(&m,options.local_forwards[0].listen_port); + buffer_put_string(&m,options.local_forwards[0].connect_host,512); + buffer_put_int(&m,options.local_forwards[0].connect_port); + } if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1) fatal("%s: msg_send", __func__); buffer_clear(&m); diff --git a/openssh/sshconnect.c b/openssh/sshconnect.c index 711d693..975674c 100644 --- a/openssh/sshconnect.c +++ b/openssh/sshconnect.c @@ -143,6 +143,31 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) return 0; } +/* + * Set TCP receive buffer if requested. + * Note: tuning needs to happen after the socket is + * created but before the connection happens + * so winscale is negotiated properly -cjr + */ +static void +ssh_set_socket_recvbuf(int sock) +{ + void *buf = (void *)&options.tcp_rcv_buf; + int sz = sizeof(options.tcp_rcv_buf); + int socksize; + int socksizelen = sizeof(int); + + debug("setsockopt Attempting to set SO_RCVBUF to %d", options.tcp_rcv_buf); + if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, buf, sz) >= 0) { + getsockopt(sock, SOL_SOCKET, SO_RCVBUF, &socksize, &socksizelen); + debug("setsockopt SO_RCVBUF: %.100s %d", strerror(errno), socksize); + } + else + error("Couldn't set socket receive buffer to %d: %.100s", + options.tcp_rcv_buf, strerror(errno)); +} + + /* * Creates a (possibly privileged) socket for use as the ssh connection. */ @@ -167,55 +192,16 @@ ssh_create_socket(int privileged, struct addrinfo *ai) else debug("Allocated local port %d.", p); - - /* tuning needs to happen after the socket is */ - /* created but before the connection happens */ - /* so winscale is negotiated properly -cjr */ - - /* Set tcp receive buffer if requested */ - if (options.tcp_rcv_buf) - { - if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, - (void *)&options.tcp_rcv_buf, - sizeof(options.tcp_rcv_buf)) >= 0) - { - debug("setsockopt SO_RCVBUF: %.100s", strerror(errno)); - } - else - { - /* coudln't set the socket size to use spec. */ - /* should default to system param and continue */ - /* warn the user though - cjr */ - error("Couldn't set socket receive buffer as requested. Continuing anyway."); - } - } + if (options.tcp_rcv_buf > 0) + ssh_set_socket_recvbuf(sock); return sock; } sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) error("socket: %.100s", strerror(errno)); - /* tuning needs to happen after the socket is */ - /* created but before the connection happens */ - /* so winscale is negotiated properly -cjr */ - - /* Set tcp receive buffer if requested */ - if (options.tcp_rcv_buf) - { - if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, - (void *)&options.tcp_rcv_buf, - sizeof(options.tcp_rcv_buf)) >= 0) - { - debug("setsockopt SO_RCVBUF: %.100s", strerror(errno)); - } - else - { - /* coudln't set the socket size to use spec. */ - /* should default to system param and continue */ - /* warn the user though - cjr */ - error("Couldn't set socket receive buffer as requested. Continuing anyway."); - } - } + if (options.tcp_rcv_buf > 0) + ssh_set_socket_recvbuf(sock); /* Bind the socket to an alternative local IP address */ if (options.bind_address == NULL) diff --git a/openssh/sshconnect2.c b/openssh/sshconnect2.c index c806bb4..0e3b7d0 100644 --- a/openssh/sshconnect2.c +++ b/openssh/sshconnect2.c @@ -100,7 +100,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) if (options.ciphers != NULL) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; - } + } + myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); myproposal[PROPOSAL_ENC_ALGS_STOC] = @@ -315,7 +316,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, pubkey_cleanup(&authctxt); dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); - if ((options.none_switch == 1) && !tty_flag) /* no null on tty sessions */ + if ((options.none_switch == 1) && (options.none_enabled == 1) && !tty_flag) /* no null on tty sessions */ { debug("Requesting none rekeying..."); myproposal[PROPOSAL_ENC_ALGS_STOC] = "none"; diff --git a/openssh/sshd.c b/openssh/sshd.c index 9b5f73f..5a84d9c 100644 --- a/openssh/sshd.c +++ b/openssh/sshd.c @@ -2007,6 +2007,10 @@ do_ssh2_kex(void) if (options.ciphers != NULL) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; + } else if (options.none_enabled == 1) { + debug ("WARNING: None cipher enabled"); + myproposal[PROPOSAL_ENC_ALGS_CTOS] = + myproposal[PROPOSAL_ENC_ALGS_STOC] = KEX_ENCRYPT_INCLUDE_NONE; } myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); diff --git a/openssh/sshd_config b/openssh/sshd_config index 4957dd1..c0b3f08 100644 --- a/openssh/sshd_config +++ b/openssh/sshd_config @@ -98,8 +98,22 @@ #MaxStartups 10 #PermitTunnel no +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + # no default banner path #Banner /some/path -# override default of no subsystems -Subsystem sftp /usr/libexec/sftp-server +# the following are HPN related configuration options +# tcp receive buffer polling. enable in autotuning kernels +#TcpRcvBufPoll no + +# allow the use of the none cipher +#NoneEnabled no + +# disable hpn performance boosts. +#HPNDisabled no + +# buffer size for hpn to non-hn connections +#HPNBufferSize 2048 + diff --git a/openssh/version.h b/openssh/version.h index 5e451c6..3097ccd 100644 --- a/openssh/version.h +++ b/openssh/version.h @@ -2,6 +2,7 @@ #define SSH_VERSION "OpenSSH_4.3" -#define SSH_PORTABLE "p2" -#define SSH_HPN "-hpn" -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN +#define SSH_PORTABLE "p2" +#define SSH_HPN "-hpn" +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN +