From 6df46d40aa90fd7f72e647d1fdb253daec39024c Mon Sep 17 00:00:00 2001 From: basney Date: Tue, 4 Dec 2007 23:28:19 +0000 Subject: [PATCH] Update to hpn12v20 from hpn12v18. --- openssh/HPN12-README | 20 ++++++------- openssh/buffer.c | 26 +++-------------- openssh/buffer.h | 4 ++- openssh/channels.c | 27 +++++++++-------- openssh/clientloop.c | 69 ++++++++++++-------------------------------- openssh/clientloop.h | 2 -- openssh/kex.c | 16 ++++++++++ openssh/packet.c | 8 ++++- openssh/packet.h | 1 + openssh/readconf.c | 10 ++++--- openssh/readconf.h | 2 +- openssh/scp.c | 4 +-- openssh/servconf.c | 36 ++++++++++------------- openssh/serverloop.c | 10 +++---- openssh/session.c | 10 +++---- openssh/ssh.c | 14 +-------- openssh/sshconnect.c | 5 ++-- openssh/sshd.c | 7 ++++- openssh/sshd_config | 6 ++-- openssh/version.h | 4 +-- 20 files changed, 123 insertions(+), 158 deletions(-) diff --git a/openssh/HPN12-README b/openssh/HPN12-README index ecd76ae..3ba3aa7 100644 --- a/openssh/HPN12-README +++ b/openssh/HPN12-README @@ -24,10 +24,16 @@ be set to the HPNBufferSize value. The default is 2MB but user adjustable. If an HPN to HPN connection is established a number of different things might happen based on the user options and conditions. +Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set +HPN Buffer Size = up to 64MB +This is the default state. The HPN buffer size will grow to a maximum of 64MB +as the TCP receive buffer grows. The maximum HPN Buffer size of 64MB is +geared towards 10GigE transcontinental connections. + Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set HPN Buffer Size = TCP receive buffer value. -This is the default unmodified behaviour. Users on autotuning systesm should -enabled TCPRcvBufPoll in the ssh_cofig and sshd_config +Users on non-autotuning systesm should disable TCPRcvBufPoll in the +ssh_cofig and sshd_config Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set HPN Buffer Size = minmum of TCP receive buffer and HPNBufferSize. @@ -37,14 +43,8 @@ Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf SET HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize. Generally there is no need to set both. -Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set HPN -Buffer Size = Maximum HPN Buffer Size (64MB). -The maximum HPN Buffer size of 64MB is geared towards 10GigE transcontinental -connections. Users with less extravagant networks should reduce this via the -configuration files to a more reasonable size. - Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set -HPN Buffer Size = HPNBufferSize +HPN Buffer Size = grows to HPNBufferSize The buffer will grow up to the maximum size specified here. Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf SET @@ -74,7 +74,7 @@ TcpRcvBufPoll=[yes/no] client/server enable of disable the polling of the tcp receive buffer through the life of the connection. You would want to make sure that this option is enabled for systems making use of autotuning kernels (linux 2.4.24+, 2.6, MS Vista) -default is no. +default is yes. NoneEnabled=[yes/no] client/server enable or disable the use of the None cipher. Care must always be used diff --git a/openssh/buffer.c b/openssh/buffer.c index 705155c..cb0b620 100644 --- a/openssh/buffer.c +++ b/openssh/buffer.c @@ -26,9 +26,7 @@ #define BUFFER_MAX_CHUNK 0x100000 #define BUFFER_MAX_LEN 0xa00000 -/* try increasing to 256k in hpnxfers */ -#define BUFFER_ALLOCSZ 0x008000 /* 32k */ -#define BUFFER_ALLOCSZ_HPN 0x040000 /* 256k */ +#define BUFFER_ALLOCSZ 0x008000 /* Initializes the buffer structure. */ @@ -105,8 +103,6 @@ void * buffer_append_space(Buffer *buffer, u_int len) { u_int newlen; - u_int buf_max; - u_int buf_alloc_sz; void *p; if (len > BUFFER_MAX_CHUNK) @@ -129,15 +125,9 @@ restart: if (buffer_compact(buffer)) goto restart; - /* if hpn is disabled use the smaller buffer size */ - buf_max = BUFFER_MAX_LEN_HPN; - buf_alloc_sz = BUFFER_ALLOCSZ_HPN; - /* Increase the size of the buffer and retry. */ - newlen = roundup(buffer->alloc + len, buf_alloc_sz); - - - if (newlen > buf_max) + newlen = roundup(buffer->alloc + len, BUFFER_ALLOCSZ); + if (newlen > BUFFER_MAX_LEN_HPN) fatal("buffer_append_space: alloc %u not supported", newlen); buffer->buf = xrealloc(buffer->buf, 1, newlen); @@ -153,9 +143,6 @@ restart: int buffer_check_alloc(Buffer *buffer, u_int len) { - u_int buf_max; - u_int buf_alloc_sz; - if (buffer->offset == buffer->end) { buffer->offset = 0; buffer->end = 0; @@ -165,12 +152,7 @@ buffer_check_alloc(Buffer *buffer, u_int len) return (1); if (buffer_compact(buffer)) goto restart; - - /* if hpn is disabled use the smaller buffer size */ - buf_max = BUFFER_MAX_LEN_HPN; - buf_alloc_sz = BUFFER_ALLOCSZ_HPN; - - if (roundup(buffer->alloc + len, buf_alloc_sz) <= buf_max) + if (roundup(buffer->alloc + len, BUFFER_ALLOCSZ) <= BUFFER_MAX_LEN) return (1); return (0); } diff --git a/openssh/buffer.h b/openssh/buffer.h index c062bc0..057d643 100644 --- a/openssh/buffer.h +++ b/openssh/buffer.h @@ -15,7 +15,9 @@ #ifndef BUFFER_H #define BUFFER_H -#define BUFFER_MAX_LEN_HPN 0x4000000 /* 64MB */ + +/* move the following to a more appropriate place and name */ +#define BUFFER_MAX_LEN_HPN 0x4000000 /* 64MB */ typedef struct { u_char *buf; /* Buffer for data. */ diff --git a/openssh/channels.c b/openssh/channels.c index 410f75e..39dd930 100644 --- a/openssh/channels.c +++ b/openssh/channels.c @@ -770,10 +770,13 @@ int channel_tcpwinsz () { u_int32_t tcpwinsz = 0; socklen_t optsz = sizeof(tcpwinsz); int ret = -1; + + /* if we aren't on a socket return 128KB*/ if(!packet_connection_is_on_socket()) - return(131072); + return(128*1024); ret = getsockopt(packet_get_connection_in(), SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz); + /* return no more than 64MB */ if ((ret == 0) && tcpwinsz > BUFFER_MAX_LEN_HPN) tcpwinsz = BUFFER_MAX_LEN_HPN; debug2("tcpwinsz: %d for connection: %d", tcpwinsz, @@ -787,10 +790,8 @@ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset) u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); /* check buffer limits */ - if (!c->tcpwinsz) + if ((!c->tcpwinsz) || (c->dynamic_window > 0)) c->tcpwinsz = channel_tcpwinsz(); - if (c->dynamic_window > 0) - c->tcpwinsz = channel_tcpwinsz(); limit = MIN(limit, 2 * c->tcpwinsz); @@ -1688,7 +1689,8 @@ channel_check_window(Channel *c) u_int addition = 0; /* adjust max window size if we are in a dynamic environment */ if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) { - addition = c->tcpwinsz - c->local_window_max; + /* grow the window somewhat aggressively to maintain pressure */ + addition = 1.5*(c->tcpwinsz - c->local_window_max); c->local_window_max += addition; } packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST); @@ -2488,9 +2490,9 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por /* Allocate a channel number for the socket. */ /* explicitly test for hpn disabled option. if true use smaller window size */ if (hpn_disabled) - c = channel_new("port listener", type, sock, sock, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, - 0, "port listener", 1); + c = channel_new("port listener", type, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, + 0, "port listener", 1); else c = channel_new("port listener", type, sock, sock, -1, hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, @@ -2990,11 +2992,12 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, *chanids = xcalloc(num_socks + 1, sizeof(**chanids)); for (n = 0; n < num_socks; n++) { sock = socks[n]; + /* Is this really necassary? */ if (hpn_disabled) - nc = channel_new("x11 listener", - SSH_CHANNEL_X11_LISTENER, sock, sock, -1, - CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, - 0, "X11 inet listener", 1); + nc = channel_new("x11 listener", + SSH_CHANNEL_X11_LISTENER, sock, sock, -1, + CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, + 0, "X11 inet listener", 1); else nc = channel_new("x11 listener", SSH_CHANNEL_X11_LISTENER, sock, sock, -1, diff --git a/openssh/clientloop.c b/openssh/clientloop.c index d781305..d8016ac 100644 --- a/openssh/clientloop.c +++ b/openssh/clientloop.c @@ -725,10 +725,6 @@ client_process_control(fd_set *readset) u_int i, len, env_len, command, flags; uid_t euid; gid_t egid; - int listen_port = 0; - int connect_port = 0; - char * listen_host = NULL; - char * connect_host = NULL; /* * Accept connection on control socket @@ -777,13 +773,6 @@ client_process_control(fd_set *readset) command = buffer_get_int(&m); flags = buffer_get_int(&m); - if (SSHMUX_FLAG_PORTFORWARD & flags) - { - listen_host = buffer_get_string(&m,NULL); - listen_port = buffer_get_int(&m); - connect_host = buffer_get_string(&m,NULL); - connect_port = buffer_get_int(&m); - } buffer_clear(&m); switch (command) { @@ -823,31 +812,6 @@ client_process_control(fd_set *readset) return; } - if (allowed && (SSHMUX_FLAG_PORTFORWARD & flags) && listen_host && connect_host) - { - int ret; - Forward * fwd; - - fwd = &options.local_forwards[options.num_local_forwards++]; - fwd->listen_host = xstrdup(listen_host); - fwd->listen_port = listen_port; - fwd->connect_host = xstrdup(connect_host); - fwd->connect_port = connect_port; - ret = channel_setup_local_fwd_listener( - options.local_forwards[options.num_local_forwards-1].listen_host, - options.local_forwards[options.num_local_forwards-1].listen_port, - options.local_forwards[options.num_local_forwards-1].connect_host, - options.local_forwards[options.num_local_forwards-1].connect_port, - options.gateway_ports, options.hpn_disabled, options.hpn_buffer_size); - - } - - - if (listen_host) - xfree(listen_host); - if (connect_host) - xfree(connect_host); - /* Reply for SSHMUX_COMMAND_OPEN */ buffer_clear(&m); buffer_put_int(&m, allowed); @@ -947,9 +911,10 @@ client_process_control(fd_set *readset) set_nonblock(client_fd); if (options.hpn_disabled) - window = options.hpn_buffer_size; - else window = CHAN_SES_WINDOW_DEFAULT; + else + window = options.hpn_buffer_size; + packetmax = CHAN_SES_PACKET_DEFAULT; if (cctx->want_tty) { window >>= 1; @@ -1758,10 +1723,10 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) return NULL; } if (options.hpn_disabled) - c = channel_new("forwarded-tcpip", - SSH_CHANNEL_CONNECTING, sock, sock, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0, - originator_address, 1); + c = channel_new("forwarded-tcpip", + SSH_CHANNEL_CONNECTING, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0, + originator_address, 1); else c = channel_new("forwarded-tcpip", SSH_CHANNEL_CONNECTING, sock, sock, -1, @@ -1800,10 +1765,11 @@ client_request_x11(const char *request_type, int rchan) sock = x11_connect_display(); if (sock < 0) return NULL; + /* again is this really necessary for X11? */ if (options.hpn_disabled) - c = channel_new("x11", - SSH_CHANNEL_X11_OPEN, sock, sock, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1); + c = channel_new("x11", + SSH_CHANNEL_X11_OPEN, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1); else c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1, @@ -1826,11 +1792,12 @@ client_request_agent(const char *request_type, int rchan) sock = ssh_get_authentication_socket(); if (sock < 0) return NULL; + /* not sure this is really needed here either */ if (options.hpn_disabled) - c = channel_new("authentication agent connection", - SSH_CHANNEL_OPEN, sock, sock, -1, - CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0, - "authentication agent connection", 1); + c = channel_new("authentication agent connection", + SSH_CHANNEL_OPEN, sock, sock, -1, + CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0, + "authentication agent connection", 1); else c = channel_new("authentication agent connection", SSH_CHANNEL_OPEN, sock, sock, -1, @@ -1863,11 +1830,11 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun) } if(options.hpn_disabled) - c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, + c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); else - c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, + c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); c->datagram = 1; diff --git a/openssh/clientloop.h b/openssh/clientloop.h index afc4999..c7d2233 100644 --- a/openssh/clientloop.h +++ b/openssh/clientloop.h @@ -53,10 +53,8 @@ int client_request_tun_fwd(int, int, int); #define SSHMUX_COMMAND_OPEN 1 /* Open new connection */ #define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */ #define SSHMUX_COMMAND_TERMINATE 3 /* Ask master to exit */ -#define SSHMUX_COMMAND_PORTFORWARD 4 /* Ask master to portforward */ #define SSHMUX_FLAG_TTY (1) /* Request tty on open */ #define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */ #define SSHMUX_FLAG_X11_FWD (1<<2) /* Request X11 forwarding */ #define SSHMUX_FLAG_AGENT_FWD (1<<3) /* Request agent forwarding */ -#define SSHMUX_FLAG_PORTFORWARD (1<<4) /* Request portforward */ diff --git a/openssh/kex.c b/openssh/kex.c index d0c3265..d2fa829 100644 --- a/openssh/kex.c +++ b/openssh/kex.c @@ -68,6 +68,7 @@ static void kex_kexinit_finish(Kex *); static void kex_choose_conf(Kex *); /* put algorithm proposal into buffer */ +/* used in sshconnect.c as well as kex.c */ void kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) { @@ -395,6 +396,12 @@ kex_choose_conf(Kex *kex) u_int mode, ctos, need; int first_kex_follows, type; + int auth_flag; + + auth_flag = packet_authentication_state(); + + debug ("AUTH STATE IS %d", auth_flag); + my = kex_buf2prop(&kex->my, NULL); peer = kex_buf2prop(&kex->peer, &first_kex_follows); @@ -418,6 +425,15 @@ kex_choose_conf(Kex *kex) choose_enc (&newkeys->enc, cprop[nenc], sprop[nenc]); choose_mac (&newkeys->mac, cprop[nmac], sprop[nmac]); choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]); + debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name); + if (strcmp(newkeys->enc.name, "none") == 0) { + debug("Requesting NONE. Authflag is %d", auth_flag); + if (auth_flag == 1) { + debug("None requested post authentication."); + } else { + fatal("Pre-authentication none cipher requests are not allowed."); + } + } debug("kex: %s %s %s %s", ctos ? "client->server" : "server->client", newkeys->enc.name, diff --git a/openssh/packet.c b/openssh/packet.c index 36656ba..ff83651 100644 --- a/openssh/packet.c +++ b/openssh/packet.c @@ -1575,8 +1575,8 @@ packet_send_ignore(int nbytes) rnd >>= 8; } } -int rekey_requested = 0; +int rekey_requested = 0; void packet_request_rekeying(void) { @@ -1618,3 +1618,9 @@ packet_set_authenticated(void) { after_authentication = 1; } + +int +packet_authentication_state(void) +{ + return(after_authentication); +} diff --git a/openssh/packet.h b/openssh/packet.h index 6e5cc07..4a7b529 100644 --- a/openssh/packet.h +++ b/openssh/packet.h @@ -37,6 +37,7 @@ void packet_set_interactive(int); int packet_is_interactive(void); void packet_set_server(void); void packet_set_authenticated(void); +int packet_authentication_state(void); void packet_start(u_char); void packet_put_char(int ch); diff --git a/openssh/readconf.c b/openssh/readconf.c index 3dce5a2..6896dab 100644 --- a/openssh/readconf.c +++ b/openssh/readconf.c @@ -1262,21 +1262,23 @@ fill_default_options(Options * options) options->hpn_disabled = 0; if (options->hpn_buffer_size > -1) { + /* if a user tries to set the size to 0 set it to 1KB */ if (options->hpn_buffer_size == 0) - options->hpn_buffer_size = 1; + options->hpn_buffer_size = 1024; /*limit the buffer to 64MB*/ - if (options->hpn_buffer_size > 65536) + if (options->hpn_buffer_size > 65536) { - options->hpn_buffer_size = 65536; + options->hpn_buffer_size = 65536*1024; debug("User requested buffer larger than 64MB. Request reverted to 64MB"); } - options->hpn_buffer_size *=1024; debug("hpn_buffer_size set to %d", options->hpn_buffer_size); } if (options->tcp_rcv_buf == 0) options->tcp_rcv_buf = 1; if (options->tcp_rcv_buf > -1) options->tcp_rcv_buf *=1024; + if (options->tcp_rcv_buf_poll == -1) + options->tcp_rcv_buf_poll = 1; if (options->control_master == -1) options->control_master = 0; if (options->hash_known_hosts == -1) diff --git a/openssh/readconf.h b/openssh/readconf.h index 9ac0b3d..9862273 100644 --- a/openssh/readconf.h +++ b/openssh/readconf.h @@ -110,7 +110,7 @@ typedef struct { int enable_ssh_keysign; int rekey_limit; - int none_switch; /* use none cipher */ + int none_switch; /* Use none cipher */ int none_enabled; /* Allow none to be used */ int no_host_authentication_for_localhost; int identities_only; diff --git a/openssh/scp.c b/openssh/scp.c index e1933b1..1c17f22 100644 --- a/openssh/scp.c +++ b/openssh/scp.c @@ -321,8 +321,8 @@ main(int argc, char **argv) case '4': case '6': case 'C': - addargs(&args, "-%c", ch); - break; + addargs(&args, "-%c", ch); + break; case 'o': case 'c': case 'i': diff --git a/openssh/servconf.c b/openssh/servconf.c index fe0c9e8..34faed9 100644 --- a/openssh/servconf.c +++ b/openssh/servconf.c @@ -275,16 +275,12 @@ fill_default_server_options(ServerOptions *options) if (options->hpn_disabled == -1) options->hpn_disabled = 0; - if (options->hpn_buffer_size == -1) - { + if (options->hpn_buffer_size == -1) { /* option not explicitly set. Now we have to figure out */ /* what value to use */ - if (options->hpn_disabled == 1) - { + if (options->hpn_disabled == 1) { options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT; - } - else - { + } else { /* get the current RCV size and set it to that */ /*create a socket but don't connect it */ /* we use that the get the rcv socket size */ @@ -296,22 +292,20 @@ fill_default_server_options(ServerOptions *options) debug ("HPN Buffer Size: %d", options->hpn_buffer_size); } - } - else - { + } else { /* we have to do this incase the user sets both values in a contradictory */ /* manner. hpn_disabled overrrides hpn_buffer_size*/ - if (options->hpn_disabled <= 0) - { - if (options->hpn_buffer_size == 0) - options->hpn_buffer_size = 1; - /* limit the maximum buffer to 64MB */ - if (options->hpn_buffer_size > 64*1024) - options->hpn_buffer_size = 64*1024; - options->hpn_buffer_size *=1024; - } - else - options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT; + if (options->hpn_disabled <= 0) { + if (options->hpn_buffer_size == 0) + options->hpn_buffer_size = 1; + /* limit the maximum buffer to 64MB */ + if (options->hpn_buffer_size > 64*1024) { + options->hpn_buffer_size = 64*1024*1024; + } else { + options->hpn_buffer_size *= 1024; + } + } else + options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; } /* Turn privilege separation on by default */ diff --git a/openssh/serverloop.c b/openssh/serverloop.c index 8ca6d4c..289f806 100644 --- a/openssh/serverloop.c +++ b/openssh/serverloop.c @@ -958,9 +958,9 @@ server_request_direct_tcpip(void) if (sock < 0) return NULL; if (options.hpn_disabled) - c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING, - sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, - CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1); + c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING, + sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, + CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1); else c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING, sock, sock, -1, options.hpn_buffer_size, @@ -1000,8 +1000,8 @@ server_request_tun(void) if (sock < 0) goto done; if (options.hpn_disabled) - c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); + c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); else c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); diff --git a/openssh/session.c b/openssh/session.c index c9b9552..36b6718 100644 --- a/openssh/session.c +++ b/openssh/session.c @@ -2276,11 +2276,11 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr) if (s->chanid == -1) fatal("no channel for session %d", s->self); if(options.hpn_disabled) - channel_set_fds(s->chanid, - fdout, fdin, fderr, - fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, - 1, - CHAN_SES_WINDOW_DEFAULT); + channel_set_fds(s->chanid, + fdout, fdin, fderr, + fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, + 1, + CHAN_SES_WINDOW_DEFAULT); else channel_set_fds(s->chanid, fdout, fdin, fderr, diff --git a/openssh/ssh.c b/openssh/ssh.c index 2315fa1..296c8a1 100644 --- a/openssh/ssh.c +++ b/openssh/ssh.c @@ -1208,7 +1208,7 @@ ssh_session2_open(void) /* window the window would get stuck at the initial buffer */ /* size generally less than 96k. Therefore we need to set the */ /* maximum ssh window size to the maximum hpn buffer size */ - /* unless the user hasspecifically set the hpnrcvbufpoll */ + /* unless the user has specifically set the tcprcvbufpoll */ /* to no. In which case we *can* just set the window to the */ /* minimum of the hpn buffer size and tcp receive buffer size */ @@ -1463,24 +1463,12 @@ control_client(const char *path) flags |= SSHMUX_FLAG_X11_FWD; if (options.forward_agent) flags |= SSHMUX_FLAG_AGENT_FWD; - if (options.num_local_forwards > 0) - flags |= SSHMUX_FLAG_PORTFORWARD; buffer_init(&m); /* Send our command to server */ buffer_put_int(&m, mux_command); buffer_put_int(&m, flags); - if (options.num_local_forwards > 0) - { - if (options.local_forwards[0].listen_host == NULL) - buffer_put_string(&m,"LOCALHOST",11); - else - buffer_put_string(&m,options.local_forwards[0].listen_host,512); - buffer_put_int(&m,options.local_forwards[0].listen_port); - buffer_put_string(&m,options.local_forwards[0].connect_host,512); - buffer_put_int(&m,options.local_forwards[0].connect_port); - } if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1) fatal("%s: msg_send", __func__); buffer_clear(&m); diff --git a/openssh/sshconnect.c b/openssh/sshconnect.c index 8a6932c..17c4360 100644 --- a/openssh/sshconnect.c +++ b/openssh/sshconnect.c @@ -220,8 +220,9 @@ ssh_create_socket(int privileged, struct addrinfo *ai) if (sock < 0) error("socket: %.100s", strerror(errno)); - if (options.tcp_rcv_buf > 0) - ssh_set_socket_recvbuf(sock); + + if (options.tcp_rcv_buf > 0) + ssh_set_socket_recvbuf(sock); /* Bind the socket to an alternative local IP address */ if (options.bind_address == NULL) diff --git a/openssh/sshd.c b/openssh/sshd.c index 4954d5c..3be9a48 100644 --- a/openssh/sshd.c +++ b/openssh/sshd.c @@ -138,6 +138,9 @@ int deny_severity = LOG_WARNING; #define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3) #define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4) +int myflag = 0; + + extern char *__progname; /* Server configuration options. */ @@ -984,7 +987,7 @@ server_listen(void) error("setsockopt SO_REUSEADDR: %s", strerror(errno)); debug("Bind to port %s on %s.", strport, ntop); - + getsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &socksize, &socksizelen); debug("Server TCP RWIN socket size: %d", socksize); @@ -2169,6 +2172,8 @@ do_ssh2_kex(void) { Kex *kex; + myflag++; + debug ("MYFLAG IS %d", myflag); if (options.ciphers != NULL) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; diff --git a/openssh/sshd_config b/openssh/sshd_config index d9ede78..845e81b 100644 --- a/openssh/sshd_config +++ b/openssh/sshd_config @@ -118,8 +118,8 @@ Subsystem sftp /usr/libexec/sftp-server # the following are HPN related configuration options -# tcp receive buffer polling. enable in autotuning kernels -#TcpRcvBufPoll no +# tcp receive buffer polling. disable in non autotuning kernels +#TcpRcvBufPoll yes # allow the use of the none cipher #NoneEnabled no @@ -127,7 +127,7 @@ Subsystem sftp /usr/libexec/sftp-server # disable hpn performance boosts. #HPNDisabled no -# buffer size for hpn to non-hn connections +# buffer size for hpn to non-hpn connections #HPNBufferSize 2048 diff --git a/openssh/version.h b/openssh/version.h index 71562aa..4920906 100644 --- a/openssh/version.h +++ b/openssh/version.h @@ -18,11 +18,11 @@ #define MGLUE_VERSION "" #endif -#define NCSA_VERSION " NCSA_GSSAPI_20071004" +#define NCSA_VERSION " NCSA_GSSAPI_20071204" #define SSH_VERSION "OpenSSH_4.7" #define SSH_PORTABLE "p1" -#define SSH_HPN "-hpn12v18" +#define SSH_HPN "-hpn12v20" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN \ NCSA_VERSION GSI_VERSION KRB5_VERSION MGLUE_VERSION -- 2.45.2