svn commit: r221802 - user/brooks/openssh-hpn
Brooks Davis
brooks at FreeBSD.org
Thu May 12 03:37:04 UTC 2011
Author: brooks
Date: Thu May 12 03:37:03 2011
New Revision: 221802
URL: http://svn.freebsd.org/changeset/base/221802
Log:
Cleaned up, but untested version of openssh5.8-dynwindow_noneswitch.diff
applied.
Added:
user/brooks/openssh-hpn/HPN-README
Modified:
user/brooks/openssh-hpn/auth2.c
user/brooks/openssh-hpn/buffer.c
user/brooks/openssh-hpn/buffer.h
user/brooks/openssh-hpn/channels.c
user/brooks/openssh-hpn/channels.h
user/brooks/openssh-hpn/cipher.c
user/brooks/openssh-hpn/clientloop.c
user/brooks/openssh-hpn/compat.c
user/brooks/openssh-hpn/compat.h
user/brooks/openssh-hpn/kex.c
user/brooks/openssh-hpn/kex.h
user/brooks/openssh-hpn/myproposal.h
user/brooks/openssh-hpn/packet.c
user/brooks/openssh-hpn/packet.h
user/brooks/openssh-hpn/progressmeter.c
user/brooks/openssh-hpn/readconf.c
user/brooks/openssh-hpn/readconf.h
user/brooks/openssh-hpn/scp.c
user/brooks/openssh-hpn/servconf.c
user/brooks/openssh-hpn/servconf.h
user/brooks/openssh-hpn/serverloop.c
user/brooks/openssh-hpn/session.c
user/brooks/openssh-hpn/sftp.1
user/brooks/openssh-hpn/sftp.c
user/brooks/openssh-hpn/ssh.c
user/brooks/openssh-hpn/sshconnect.c
user/brooks/openssh-hpn/sshconnect2.c
user/brooks/openssh-hpn/sshd.c
user/brooks/openssh-hpn/sshd_config
user/brooks/openssh-hpn/version.h
Added: user/brooks/openssh-hpn/HPN-README
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/brooks/openssh-hpn/HPN-README Thu May 12 03:37:03 2011 (r221802)
@@ -0,0 +1,128 @@
+Notes:
+
+MULTI-THREADED CIPHER:
+The AES cipher in CTR mode has been multithreaded (MTR-AES-CTR). This will allow ssh installations
+on hosts with multiple cores to use more than one processing core during encryption.
+Tests have show significant throughput performance increases when using MTR-AES-CTR up
+to and including a full gigabit per second on quad core systems. It should be possible to
+achieve full line rate on dual core systems but OS and data management overhead makes this
+more difficult to achieve. The cipher stream from MTR-AES-CTR is entirely compatible with single
+thread AES-CTR (ST-AES-CTR) implementations and should be 100% backward compatible. Optimal
+performance requires the MTR-AES-CTR mode be enabled on both ends of the connection.
+The MTR-AES-CTR replaces ST-AES-CTR and is used in exactly the same way with the same
+nomenclature.
+Use examples: ssh -caes128-ctr you at host.com
+ scp -oCipher=aes256-ctr file you at host.com:~/file
+
+NONE CIPHER:
+To use the NONE option you must have the NoneEnabled switch set on the server and
+you *must* have *both* NoneEnabled and NoneSwitch set to yes on the client. The NONE
+feature works with ALL ssh subsystems (as far as we can tell) *AS LONG AS* a tty is not
+spawned. If a user uses the -T switch to prevent a tty being created the NONE cipher will
+be disabled.
+
+The performance increase will only be as good as the network and TCP stack tuning
+on the reciever side of the connection allows. As a rule of thumb a user will need
+at least 10Mb/s connection with a 100ms RTT to see a doubling of performance. The
+HPN-SSH home page describes this in greater detail.
+
+http://www.psc.edu/networking/projects/hpn-ssh
+
+BUFFER SIZES:
+
+If HPN is disabled the receive buffer size will be set to the
+OpenSSH default of 64K.
+
+If an HPN system connects to a nonHPN system the receive buffer will
+be set to the HPNBufferSize value. The default is 2MB but user adjustable.
+
+If an HPN to HPN connection is established a number of different things might
+happen based on the user options and conditions.
+
+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
+HPN Buffer Size = up to 64MB
+This is the default state. The HPN buffer size will grow to a maximum of 64MB
+as the TCP receive buffer grows. The maximum HPN Buffer size of 64MB is
+geared towards 10GigE transcontinental connections.
+
+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
+HPN Buffer Size = TCP receive buffer value.
+Users on non-autotuning systesm should disable TCPRcvBufPoll in the
+ssh_cofig and sshd_config
+
+Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
+HPN Buffer Size = minmum of TCP receive buffer and HPNBufferSize.
+This would be the system defined TCP receive buffer (RWIN).
+
+Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf SET
+HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
+Generally there is no need to set both.
+
+Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
+HPN Buffer Size = grows to HPNBufferSize
+The buffer will grow up to the maximum size specified here.
+
+Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf SET
+HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
+Generally there is no need to set both of these, especially on autotuning
+systems. However, if the users wishes to override the autotuning this would be
+one way to do it.
+
+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf SET
+HPN Buffer Size = TCPRcvBuf.
+This will override autotuning and set the TCP recieve buffer to the user defined
+value.
+
+
+HPN Specific Configuration options
+
+TcpRcvBuf=[int]KB client
+ set the TCP socket receive buffer to n Kilobytes. It can be set up to the
+maximum socket size allowed by the system. This is useful in situations where
+the tcp receive window is set low but the maximum buffer size is set
+higher (as is typical). This works on a per TCP connection basis. You can also
+use this to artifically limit the transfer rate of the connection. In these
+cases the throughput will be no more than n/RTT. The minimum buffer size is 1KB.
+Default is the current system wide tcp receive buffer size.
+
+TcpRcvBufPoll=[yes/no] client/server
+ enable of disable the polling of the tcp receive buffer through the life
+of the connection. You would want to make sure that this option is enabled
+for systems making use of autotuning kernels (linux 2.4.24+, 2.6, MS Vista)
+default is yes.
+
+NoneEnabled=[yes/no] client/server
+ enable or disable the use of the None cipher. Care must always be used
+when enabling this as it will allow users to send data in the clear. However,
+it is important to note that authentication information remains encrypted
+even if this option is enabled. Set to no by default.
+
+NoneSwitch=[yes/no] client
+ Switch the encryption cipher being used to the None cipher after
+authentication takes place. NoneEnabled must be enabled on both the client
+and server side of the connection. When the connection switches to the NONE
+cipher a warning is sent to STDERR. The connection attempt will fail with an
+error if a client requests a NoneSwitch from the server that does not explicitly
+have NoneEnabled set to yes. Note: The NONE cipher cannot be used in
+interactive (shell) sessions and it will fail silently. Set to no by default.
+
+HPNDisabled=[yes/no] client/server
+ In some situations, such as transfers on a local area network, the impact
+of the HPN code produces a net decrease in performance. In these cases it is
+helpful to disable the HPN functionality. By default HPNDisabled is set to no.
+
+HPNBufferSize=[int]KB client/server
+ This is the default buffer size the HPN functionality uses when interacting
+with nonHPN SSH installations. Conceptually this is similar to the TcpRcvBuf
+option as applied to the internal SSH flow control. This value can range from
+1KB to 64MB (1-65536). Use of oversized or undersized buffers can cause performance
+problems depending on the length of the network path. The default size of this buffer
+is 2MB.
+
+
+Credits: This patch was conceived, designed, and led by Chris Rapier (rapier at psc.edu)
+ The majority of the actual coding for versions up to HPN12v1 was performed
+ by Michael Stevens (mstevens at andrew.cmu.edu). The MT-AES-CTR cipher was
+ implemented by Ben Bennet (ben at psc.edu). This work was financed, in part,
+ by Cisco System, Inc., the National Library of Medicine,
+ and the National Science Foundation.
Modified: user/brooks/openssh-hpn/auth2.c
==============================================================================
--- user/brooks/openssh-hpn/auth2.c Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/auth2.c Thu May 12 03:37:03 2011 (r221802)
@@ -49,6 +49,7 @@
#include "dispatch.h"
#include "pathnames.h"
#include "buffer.h"
+#include "canohost.h"
#ifdef GSSAPI
#include "ssh-gss.h"
@@ -217,6 +218,7 @@ input_userauth_request(int type, u_int32
Authmethod *m = NULL;
char *user, *service, *method, *style = NULL;
int authenticated = 0;
+ static int log_flag = 0;
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
@@ -225,6 +227,11 @@ input_userauth_request(int type, u_int32
service = packet_get_cstring(NULL);
method = packet_get_cstring(NULL);
debug("userauth-request for user %s service %s method %s", user, service, method);
+ if (!log_flag) {
+ logit("SSH: Server;Ltype: Authname;Remote: %s-%d;Name: %s",
+ get_remote_ipaddr(), get_remote_port(), user);
+ log_flag = 1;
+ }
debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
if ((style = strchr(user, ':')) != NULL)
Modified: user/brooks/openssh-hpn/buffer.c
==============================================================================
--- user/brooks/openssh-hpn/buffer.c Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/buffer.c Thu May 12 03:37:03 2011 (r221802)
@@ -127,7 +127,7 @@ restart:
/* Increase the size of the buffer and retry. */
newlen = roundup(buffer->alloc + len, BUFFER_ALLOCSZ);
- if (newlen > BUFFER_MAX_LEN)
+ if (newlen > BUFFER_MAX_LEN_HPN)
fatal("buffer_append_space: alloc %u not supported",
newlen);
buffer->buf = xrealloc(buffer->buf, 1, newlen);
Modified: user/brooks/openssh-hpn/buffer.h
==============================================================================
--- user/brooks/openssh-hpn/buffer.h Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/buffer.h Thu May 12 03:37:03 2011 (r221802)
@@ -16,6 +16,9 @@
#ifndef BUFFER_H
#define BUFFER_H
+/* move the following to a more appropriate place and name */
+#define BUFFER_MAX_LEN_HPN 0x4000000 /* 64MB */
+
typedef struct {
u_char *buf; /* Buffer for data. */
u_int alloc; /* Number of bytes allocated for data. */
Modified: user/brooks/openssh-hpn/channels.c
==============================================================================
--- user/brooks/openssh-hpn/channels.c Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/channels.c Thu May 12 03:37:03 2011 (r221802)
@@ -170,6 +170,9 @@ static void port_open_helper(Channel *c,
static int connect_next(struct channel_connect *);
static void channel_connect_ctx_free(struct channel_connect *);
+static int hpn_disabled = 0;
+static int hpn_buffer_size = 2 * 1024 * 1024;
+
/* -- channel core */
Channel *
@@ -313,6 +316,7 @@ channel_new(char *ctype, int type, int r
c->local_window_max = window;
c->local_consumed = 0;
c->local_maxpacket = maxpack;
+ c->dynamic_window = 0;
c->remote_id = -1;
c->remote_name = xstrdup(remote_name);
c->remote_window = 0;
@@ -808,11 +812,35 @@ channel_pre_open_13(Channel *c, fd_set *
FD_SET(c->sock, writeset);
}
+int channel_tcpwinsz () {
+ u_int32_t tcpwinsz = 0;
+ socklen_t optsz = sizeof(tcpwinsz);
+ int ret = -1;
+
+ /* if we aren't on a socket return 128KB*/
+ if (!packet_connection_is_on_socket())
+ return(128*1024);
+ ret = getsockopt(packet_get_connection_in(),
+ SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
+ /* return no more than 64MB */
+ if ((ret == 0) && tcpwinsz > BUFFER_MAX_LEN_HPN)
+ tcpwinsz = BUFFER_MAX_LEN_HPN;
+ debug2("tcpwinsz: %d for connection: %d", tcpwinsz,
+ packet_get_connection_in());
+ return(tcpwinsz);
+}
+
static void
channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
{
u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
+ /* check buffer limits */
+ if ((!c->tcpwinsz) || (c->dynamic_window > 0))
+ c->tcpwinsz = channel_tcpwinsz();
+
+ limit = MIN(limit, 2 * c->tcpwinsz);
+
if (c->istate == CHAN_INPUT_OPEN &&
limit > 0 &&
buffer_len(&c->input) < limit &&
@@ -1789,14 +1817,24 @@ channel_check_window(Channel *c)
c->local_maxpacket*3) ||
c->local_window < c->local_window_max/2) &&
c->local_consumed > 0) {
+ u_int addition = 0;
+ /* adjust max window size if we are in a dynamic environment */
+ if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) {
+ /*
+ * Grow the window somewhat aggressively to
+ * maintain pressure.
+ */
+ addition = 1.5*(c->tcpwinsz - c->local_window_max);
+ c->local_window_max += addition;
+ }
packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
packet_put_int(c->remote_id);
- packet_put_int(c->local_consumed);
+ packet_put_int(c->local_consumed + addition);
packet_send();
debug2("channel %d: window %d sent adjust %d",
c->self, c->local_window,
c->local_consumed);
- c->local_window += c->local_consumed;
+ c->local_window += c->local_consumed + addition;
c->local_consumed = 0;
}
return 1;
@@ -2128,11 +2166,12 @@ channel_after_select(fd_set *readset, fd
/* If there is data to send to the connection, enqueue some of it now. */
-void
+int
channel_output_poll(void)
{
Channel *c;
u_int i, len;
+ int packet_length = 0;
for (i = 0; i < channels_alloc; i++) {
c = channels[i];
@@ -2180,7 +2219,7 @@ channel_output_poll(void)
packet_start(SSH2_MSG_CHANNEL_DATA);
packet_put_int(c->remote_id);
packet_put_string(data, dlen);
- packet_send();
+ packet_length = packet_send();
c->remote_window -= dlen + 4;
xfree(data);
}
@@ -2210,7 +2249,7 @@ channel_output_poll(void)
SSH2_MSG_CHANNEL_DATA : SSH_MSG_CHANNEL_DATA);
packet_put_int(c->remote_id);
packet_put_string(buffer_ptr(&c->input), len);
- packet_send();
+ packet_length = packet_send();
buffer_consume(&c->input, len);
c->remote_window -= len;
}
@@ -2245,12 +2284,13 @@ channel_output_poll(void)
packet_put_int(c->remote_id);
packet_put_int(SSH2_EXTENDED_DATA_STDERR);
packet_put_string(buffer_ptr(&c->extended), len);
- packet_send();
+ packet_length = packet_send();
buffer_consume(&c->extended, len);
c->remote_window -= len;
debug2("channel %d: sent ext data %d", c->self, len);
}
}
+ return (packet_length);
}
@@ -2634,6 +2674,14 @@ channel_set_af(int af)
IPv4or6 = af;
}
+void
+channel_set_hpn(int external_hpn_disabled, int external_hpn_buffer_size)
+{
+ hpn_disabled = external_hpn_disabled;
+ hpn_buffer_size = external_hpn_buffer_size;
+ debug("HPN Disabled: %d, HPN Buffer Size: %d", hpn_disabled, hpn_buffer_size);
+}
+
static int
channel_setup_fwd_listener(int type, const char *listen_addr,
u_short listen_port, int *allocated_listen_port,
@@ -2787,9 +2835,16 @@ channel_setup_fwd_listener(int type, con
}
/* Allocate a channel number for the socket. */
- c = channel_new("port listener", type, sock, sock, -1,
- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
- 0, "port listener", 1);
+ /* explicitly test for hpn disabled option. if true use smaller window size */
+ if (hpn_disabled) {
+ c = channel_new("port listener", type, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
+ 0, "port listener", 1);
+ } else {
+ c = channel_new("port listener", type, sock, sock, -1,
+ hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
+ 0, "port listener", 1);
+ }
c->path = xstrdup(host);
c->host_port = port_to_connect;
c->listening_port = listen_port;
@@ -3334,10 +3389,18 @@ x11_create_display_inet(int x11_display_
*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
for (n = 0; n < num_socks; n++) {
sock = socks[n];
- nc = channel_new("x11 listener",
- SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
- CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
- 0, "X11 inet listener", 1);
+ /* Is this really necassary? */
+ if (hpn_disabled) {
+ nc = channel_new("x11 listener",
+ SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
+ CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
+ 0, "X11 inet listener", 1);
+ } else {
+ nc = channel_new("x11 listener",
+ SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
+ hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
+ 0, "X11 inet listener", 1);
+ }
nc->single_connection = single_connection;
(*chanids)[n] = nc->self;
}
Modified: user/brooks/openssh-hpn/channels.h
==============================================================================
--- user/brooks/openssh-hpn/channels.h Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/channels.h Thu May 12 03:37:03 2011 (r221802)
@@ -125,8 +125,10 @@ struct Channel {
u_int local_window_max;
u_int local_consumed;
u_int local_maxpacket;
+ int dynamic_window;
int extended_usage;
int single_connection;
+ u_int tcpwinsz;
char *ctype; /* type */
@@ -161,9 +163,9 @@ struct Channel {
/* default window/packet sizes for tcp/x11-fwd-channel */
#define CHAN_SES_PACKET_DEFAULT (32*1024)
-#define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT)
+#define CHAN_SES_WINDOW_DEFAULT (4*CHAN_SES_PACKET_DEFAULT)
#define CHAN_TCP_PACKET_DEFAULT (32*1024)
-#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT)
+#define CHAN_TCP_WINDOW_DEFAULT (4*CHAN_TCP_PACKET_DEFAULT)
#define CHAN_X11_PACKET_DEFAULT (16*1024)
#define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)
@@ -237,7 +239,7 @@ void channel_input_status_confirm(int,
void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, int);
void channel_after_select(fd_set *, fd_set *);
-void channel_output_poll(void);
+int channel_output_poll(void);
int channel_not_very_much_buffered_data(void);
void channel_close_all(void);
@@ -294,4 +296,7 @@ void chan_rcvd_ieof(Channel *);
void chan_write_failed(Channel *);
void chan_obuf_empty(Channel *);
+/* hpn handler */
+void channel_set_hpn(int, int);
+
#endif
Modified: user/brooks/openssh-hpn/cipher.c
==============================================================================
--- user/brooks/openssh-hpn/cipher.c Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/cipher.c Thu May 12 03:37:03 2011 (r221802)
@@ -163,7 +163,8 @@ ciphers_valid(const char *names)
for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
(p = strsep(&cp, CIPHER_SEP))) {
c = cipher_by_name(p);
- if (c == NULL || c->number != SSH_CIPHER_SSH2) {
+ if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
+ c->number != SSH_CIPHER_NONE)) {
debug("bad cipher %s [%s]", p, names);
xfree(cipher_list);
return 0;
@@ -337,6 +338,7 @@ cipher_get_keyiv(CipherContext *cc, u_ch
int evplen;
switch (c->number) {
+ case SSH_CIPHER_NONE:
case SSH_CIPHER_SSH2:
case SSH_CIPHER_DES:
case SSH_CIPHER_BLOWFISH:
@@ -371,6 +373,7 @@ cipher_set_keyiv(CipherContext *cc, u_ch
int evplen = 0;
switch (c->number) {
+ case SSH_CIPHER_NONE:
case SSH_CIPHER_SSH2:
case SSH_CIPHER_DES:
case SSH_CIPHER_BLOWFISH:
Modified: user/brooks/openssh-hpn/clientloop.c
==============================================================================
--- user/brooks/openssh-hpn/clientloop.c Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/clientloop.c Thu May 12 03:37:03 2011 (r221802)
@@ -1768,9 +1768,18 @@ client_request_x11(const char *request_t
sock = x11_connect_display();
if (sock < 0)
return NULL;
- c = channel_new("x11",
- SSH_CHANNEL_X11_OPEN, sock, sock, -1,
- CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
+ /* again is this really necessary for X11? */
+ if (options.hpn_disabled) {
+ c = channel_new("x11",
+ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
+ 0, "x11", 1);
+ } else {
+ c = channel_new("x11",
+ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
+ options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
+ 0, "x11", 1);
+ }
c->force_drain = 1;
return c;
}
@@ -1790,10 +1799,17 @@ client_request_agent(const char *request
sock = ssh_get_authentication_socket();
if (sock < 0)
return NULL;
- c = channel_new("authentication agent connection",
- SSH_CHANNEL_OPEN, sock, sock, -1,
- CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
- "authentication agent connection", 1);
+ if (options.hpn_disabled) {
+ c = channel_new("authentication agent connection",
+ SSH_CHANNEL_OPEN, sock, sock, -1,
+ CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
+ "authentication agent connection", 1);
+ } else {
+ c = channel_new("authentication agent connection",
+ SSH_CHANNEL_OPEN, sock, sock, -1,
+ options.hpn_buffer_size, options.hpn_buffer_size, 0,
+ "authentication agent connection", 1);
+ }
c->force_drain = 1;
return c;
}
@@ -1820,8 +1836,15 @@ client_request_tun_fwd(int tun_mode, int
return -1;
}
- c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
+ if(options.hpn_disabled) {
+ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
+ 0, "tun", 1);
+ } else {
+ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+ options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
+ 0, "tun", 1);
+ }
c->datagram = 1;
#if defined(SSH_TUN_FILTER)
Modified: user/brooks/openssh-hpn/compat.c
==============================================================================
--- user/brooks/openssh-hpn/compat.c Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/compat.c Thu May 12 03:37:03 2011 (r221802)
@@ -170,6 +170,17 @@ compat_datafellows(const char *version)
strlen(check[i].pat), 0) == 1) {
debug("match: %s pat %s", version, check[i].pat);
datafellows = check[i].bugs;
+ /*
+ * Check to see if the remote side is OpenSSH and
+ * not HPN.
+ * XXX: Using the version to do this is bizzare.
+ */
+ if(strstr(version,"OpenSSH") != NULL) {
+ if (strstr(version,"hpn") == NULL) {
+ datafellows |= SSH_BUG_LARGEWINDOW;
+ debug("Remote is NON-HPN aware");
+ }
+ }
return;
}
}
Modified: user/brooks/openssh-hpn/compat.h
==============================================================================
--- user/brooks/openssh-hpn/compat.h Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/compat.h Thu May 12 03:37:03 2011 (r221802)
@@ -58,6 +58,7 @@
#define SSH_OLD_FORWARD_ADDR 0x01000000
#define SSH_BUG_RFWD_ADDR 0x02000000
#define SSH_NEW_OPENSSH 0x04000000
+#define SSH_BUG_LARGEWINDOW 0x08000000
void enable_compat13(void);
void enable_compat20(void);
Modified: user/brooks/openssh-hpn/kex.c
==============================================================================
--- user/brooks/openssh-hpn/kex.c Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/kex.c Thu May 12 03:37:03 2011 (r221802)
@@ -49,6 +49,7 @@
#include "dispatch.h"
#include "monitor.h"
#include "roaming.h"
+#include "canohost.h"
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
# if defined(HAVE_EVP_SHA256)
@@ -91,7 +92,8 @@ kex_names_valid(const char *names)
}
/* put algorithm proposal into buffer */
-static void
+/* used in sshconnect.c as well as kex.c */
+void
kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
{
u_int i;
@@ -407,6 +409,13 @@ kex_choose_conf(Kex *kex)
int nenc, nmac, ncomp;
u_int mode, ctos, need;
int first_kex_follows, type;
+ int log_flag = 0;
+
+ int auth_flag;
+
+ auth_flag = packet_authentication_state();
+
+ debug ("AUTH STATE IS %d", auth_flag);
my = kex_buf2prop(&kex->my, NULL);
peer = kex_buf2prop(&kex->peer, &first_kex_follows);
@@ -441,11 +450,37 @@ kex_choose_conf(Kex *kex)
choose_enc (&newkeys->enc, cprop[nenc], sprop[nenc]);
choose_mac (&newkeys->mac, cprop[nmac], sprop[nmac]);
choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
+ debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
+ if (strcmp(newkeys->enc.name, "none") == 0) {
+ debug("Requesting NONE. Authflag is %d", auth_flag);
+ if (auth_flag == 1)
+ debug("None requested post authentication.");
+ else
+ fatal("Pre-authentication none cipher "
+ "requests are not allowed.");
+ }
debug("kex: %s %s %s %s",
ctos ? "client->server" : "server->client",
newkeys->enc.name,
newkeys->mac.name,
newkeys->comp.name);
+ /*
+ * client starts withctos = 0 && log flag = 0 and no log
+ * 2nd client pass ctos=1 and flag = 1 so no log
+ * server starts with ctos =1 && log_flag = 0 so log
+ * 2nd sever pass ctos = 1 && log flag = 1 so no log
+ * -cjr
+ */
+ if (ctos && !log_flag) {
+ logit("SSH: Server;Ltype: Kex;Remote: %s-%d;"
+ "Enc: %s;MAC: %s;Comp: %s",
+ get_remote_ipaddr(),
+ get_remote_port(),
+ newkeys->enc.name,
+ newkeys->mac.name,
+ newkeys->comp.name);
+ }
+ log_flag = 1;
}
choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
Modified: user/brooks/openssh-hpn/kex.h
==============================================================================
--- user/brooks/openssh-hpn/kex.h Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/kex.h Thu May 12 03:37:03 2011 (r221802)
@@ -140,6 +140,8 @@ struct Kex {
int kex_names_valid(const char *);
+void kex_prop2buf(Buffer *, char *proposal[PROPOSAL_MAX]);
+
Kex *kex_setup(char *[PROPOSAL_MAX]);
void kex_finish(Kex *);
Modified: user/brooks/openssh-hpn/myproposal.h
==============================================================================
--- user/brooks/openssh-hpn/myproposal.h Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/myproposal.h Thu May 12 03:37:03 2011 (r221802)
@@ -75,6 +75,8 @@
"arcfour256,arcfour128," \
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se"
+#define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \
+ ",none"
#define KEX_DEFAULT_MAC \
"hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160," \
"hmac-ripemd160 at openssh.com," \
Modified: user/brooks/openssh-hpn/packet.c
==============================================================================
--- user/brooks/openssh-hpn/packet.c Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/packet.c Thu May 12 03:37:03 2011 (r221802)
@@ -842,7 +842,7 @@ packet_enable_delayed_compress(void)
/*
* Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
*/
-static void
+static int
packet_send2_wrapped(void)
{
u_char type, *cp, *macbuf = NULL;
@@ -961,11 +961,13 @@ packet_send2_wrapped(void)
set_newkeys(MODE_OUT);
else if (type == SSH2_MSG_USERAUTH_SUCCESS && active_state->server_side)
packet_enable_delayed_compress();
+ return(packet_length);
}
-static void
+static int
packet_send2(void)
{
+ static int packet_length = 0;
struct packet *p;
u_char type, *cp;
@@ -983,7 +985,7 @@ packet_send2(void)
sizeof(Buffer));
buffer_init(&active_state->outgoing_packet);
TAILQ_INSERT_TAIL(&active_state->outgoing, p, next);
- return;
+ return(sizeof(Buffer));
}
}
@@ -991,7 +993,7 @@ packet_send2(void)
if (type == SSH2_MSG_KEXINIT)
active_state->rekeying = 1;
- packet_send2_wrapped();
+ packet_length = packet_send2_wrapped();
/* after a NEWKEYS message we can send the complete queue */
if (type == SSH2_MSG_NEWKEYS) {
@@ -1004,19 +1006,22 @@ packet_send2(void)
sizeof(Buffer));
TAILQ_REMOVE(&active_state->outgoing, p, next);
xfree(p);
- packet_send2_wrapped();
+ packet_length += packet_send2_wrapped();
}
}
+ return(packet_length);
}
-void
+int
packet_send(void)
{
+ int packet_len = 0;
if (compat20)
- packet_send2();
+ packet_len = packet_send2();
else
packet_send1();
DBG(debug("packet_send done"));
+ return(packet_len);
}
/*
@@ -1655,7 +1660,7 @@ packet_disconnect(const char *fmt,...)
/* Checks if there is any buffered output, and tries to write some of the output. */
-void
+int
packet_write_poll(void)
{
int len = buffer_len(&active_state->output);
@@ -1668,13 +1673,14 @@ packet_write_poll(void)
if (len == -1) {
if (errno == EINTR || errno == EAGAIN ||
errno == EWOULDBLOCK)
- return;
+ return(0);
fatal("Write failed: %.100s", strerror(errno));
}
if (len == 0 && !cont)
fatal("Write connection closed");
buffer_consume(&active_state->output, len);
}
+ return(len);
}
/*
@@ -1861,12 +1867,23 @@ packet_send_ignore(int nbytes)
}
}
+int rekey_requested = 0;
+void
+packet_request_rekeying(void)
+{
+ rekey_requested = 1;
+}
+
#define MAX_PACKETS (1U<<31)
int
packet_need_rekeying(void)
{
if (datafellows & SSH_BUG_NOREKEY)
return 0;
+ if (rekey_requested == 1) {
+ rekey_requested = 0;
+ return 1;
+ }
return
(active_state->p_send.packets > MAX_PACKETS) ||
(active_state->p_read.packets > MAX_PACKETS) ||
@@ -1958,3 +1975,9 @@ packet_restore_state(void)
add_recv_bytes(len);
}
}
+
+int
+packet_authentication_state(void)
+{
+ return(active_state->after_authentication);
+}
Modified: user/brooks/openssh-hpn/packet.h
==============================================================================
--- user/brooks/openssh-hpn/packet.h Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/packet.h Thu May 12 03:37:03 2011 (r221802)
@@ -23,6 +23,9 @@
#include <openssl/ec.h>
#endif
+void
+packet_request_rekeying(void);
+
void packet_set_connection(int, int);
void packet_set_timeout(int, int);
void packet_set_nonblocking(void);
@@ -38,6 +41,7 @@ void packet_set_interactive(int, int
int packet_is_interactive(void);
void packet_set_server(void);
void packet_set_authenticated(void);
+int packet_authentication_state(void);
void packet_start(u_char);
void packet_put_char(int ch);
@@ -51,7 +55,7 @@ void packet_put_ecpoint(const EC_GRO
void packet_put_string(const void *buf, u_int len);
void packet_put_cstring(const char *str);
void packet_put_raw(const void *buf, u_int len);
-void packet_send(void);
+int packet_send(void);
int packet_read(void);
void packet_read_expect(int type);
@@ -86,7 +90,7 @@ int packet_get_ssh1_cipher(void);
void packet_set_iv(int, u_char *);
void *packet_get_newkeys(int);
-void packet_write_poll(void);
+int packet_write_poll(void);
void packet_write_wait(void);
int packet_have_data_to_write(void);
int packet_not_very_much_data_to_write(void);
Modified: user/brooks/openssh-hpn/progressmeter.c
==============================================================================
--- user/brooks/openssh-hpn/progressmeter.c Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/progressmeter.c Thu May 12 03:37:03 2011 (r221802)
@@ -68,6 +68,8 @@ static time_t last_update; /* last progr
static char *file; /* name of the file being transferred */
static off_t end_pos; /* ending position of transfer */
static off_t cur_pos; /* transfer position as of last refresh */
+static off_t last_pos;
+static off_t max_delta_pos = 0;
static volatile off_t *counter; /* progress counter */
static long stalled; /* how long we have been stalled */
static int bytes_per_second; /* current speed in bytes per second */
@@ -128,12 +130,17 @@ refresh_progress_meter(void)
int hours, minutes, seconds;
int i, len;
int file_len;
+ off_t delta_pos;
transferred = *counter - cur_pos;
cur_pos = *counter;
now = time(NULL);
bytes_left = end_pos - cur_pos;
+ delta_pos = cur_pos - last_pos;
+ if (delta_pos > max_delta_pos)
+ max_delta_pos = delta_pos;
+
if (bytes_left > 0)
elapsed = now - last_update;
else {
@@ -158,7 +165,7 @@ refresh_progress_meter(void)
/* filename */
buf[0] = '\0';
- file_len = win_size - 35;
+ file_len = win_size - 45;
if (file_len > 0) {
len = snprintf(buf, file_len + 1, "\r%s", file);
if (len < 0)
@@ -175,7 +182,7 @@ refresh_progress_meter(void)
percent = ((float)cur_pos / end_pos) * 100;
else
percent = 100;
- snprintf(buf + strlen(buf), win_size - strlen(buf),
+ snprintf(buf + strlen(buf), win_size - strlen(buf-8),
" %3d%% ", percent);
/* amount transferred */
@@ -188,6 +195,16 @@ refresh_progress_meter(void)
(off_t)bytes_per_second);
strlcat(buf, "/s ", win_size);
+ /* instantaneous rate */
+ if (bytes_left > 0) {
+ format_rate(buf + strlen(buf), win_size - strlen(buf),
+ delta_pos);
+ } else {
+ format_rate(buf + strlen(buf), win_size - strlen(buf),
+ max_delta_pos);
+ }
+ strlcat(buf, "/s ", win_size);
+
/* ETA */
if (!transferred)
stalled += elapsed;
@@ -224,6 +241,7 @@ refresh_progress_meter(void)
atomicio(vwrite, STDOUT_FILENO, buf, win_size - 1);
last_update = now;
+ last_pos = cur_pos;
}
/*ARGSUSED*/
Modified: user/brooks/openssh-hpn/readconf.c
==============================================================================
--- user/brooks/openssh-hpn/readconf.c Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/readconf.c Thu May 12 03:37:03 2011 (r221802)
@@ -135,6 +135,8 @@ typedef enum {
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
oKexAlgorithms, oIPQoS,
+ oNoneEnabled, oNoneSwitch,
+ oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
oDeprecated, oUnsupported
} OpCodes;
@@ -245,6 +247,12 @@ static struct {
#endif
{ "kexalgorithms", oKexAlgorithms },
{ "ipqos", oIPQoS },
+ { "noneenabled", oNoneEnabled },
+ { "noneswitch", oNoneSwitch },
+ { "tcprcvbufpoll", oTcpRcvBufPoll },
+ { "tcprcvbuf", oTcpRcvBuf },
+ { "hpndisabled", oHPNDisabled },
+ { "hpnbuffersize", oHPNBufferSize },
{ NULL, oBadOption }
};
@@ -491,6 +499,42 @@ parse_flag:
intptr = &options->check_host_ip;
goto parse_flag;
+ case oNoneEnabled:
+ intptr = &options->none_enabled;
+ goto parse_flag;
+
+ /*
+ * We check to see if the command comes from the command line or
+ * not. If it does then enable it otherwise fail. NONE should
+ * never be a default configuration.
+ */
+ case oNoneSwitch:
+ if(strcmp(filename,"command-line")==0)
+ {
+ intptr = &options->none_switch;
+ goto parse_flag;
+ } else {
+ error("NoneSwitch is found in %.200s.\n"
+ "You may only use this configuration option "
+ "from the command line", filename);
+ error("Continuing...");
+ debug("NoneSwitch directive found in %.200s.",
+ filename);
+ return 0;
+ }
+
+ case oHPNDisabled:
+ intptr = &options->hpn_disabled;
+ goto parse_flag;
+
+ case oHPNBufferSize:
+ intptr = &options->hpn_buffer_size;
+ goto parse_int;
+
+ case oTcpRcvBufPoll:
+ intptr = &options->tcp_rcv_buf_poll;
+ goto parse_flag;
+
case oVerifyHostKeyDNS:
intptr = &options->verify_host_key_dns;
goto parse_yesnoask;
@@ -669,6 +713,10 @@ parse_int:
intptr = &options->connection_attempts;
goto parse_int;
+ case oTcpRcvBuf:
+ intptr = &options->tcp_rcv_buf;
+ goto parse_int;
+
case oCipher:
intptr = &options->cipher;
arg = strdelim(&s);
@@ -1157,6 +1205,12 @@ initialize_options(Options * options)
options->zero_knowledge_password_authentication = -1;
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
+ options->none_switch = -1;
+ options->none_enabled = -1;
+ options->hpn_disabled = -1;
+ options->hpn_buffer_size = -1;
+ options->tcp_rcv_buf_poll = -1;
+ options->tcp_rcv_buf = -1;
}
/*
@@ -1289,6 +1343,28 @@ fill_default_options(Options * options)
options->server_alive_interval = 0;
if (options->server_alive_count_max == -1)
options->server_alive_count_max = 3;
+ if (options->none_switch == -1)
+ options->none_switch = 0;
+ if (options->hpn_disabled == -1)
+ options->hpn_disabled = 0;
+ if (options->hpn_buffer_size > -1) {
+ /* if a user tries to set the size to 0 set it to 1KB */
+ if (options->hpn_buffer_size == 0)
+ options->hpn_buffer_size = 1024;
+ /* XXX: BUFFER_SIZE */
+ if (options->hpn_buffer_size > 65536) {
+ options->hpn_buffer_size = 65536*1024;
+ debug("User requested buffer larger than 64MB. "
+ "Request reverted to 64MB");
+ }
+ debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
+ }
+ if (options->tcp_rcv_buf == 0)
+ options->tcp_rcv_buf = 1;
+ if (options->tcp_rcv_buf > -1)
+ options->tcp_rcv_buf *=1024;
+ if (options->tcp_rcv_buf_poll == -1)
+ options->tcp_rcv_buf_poll = 1;
if (options->control_master == -1)
options->control_master = 0;
if (options->control_persist == -1) {
Modified: user/brooks/openssh-hpn/readconf.h
==============================================================================
--- user/brooks/openssh-hpn/readconf.h Thu May 12 03:25:24 2011 (r221801)
+++ user/brooks/openssh-hpn/readconf.h Thu May 12 03:37:03 2011 (r221802)
@@ -59,6 +59,11 @@ typedef struct {
int compression_level; /* Compression level 1 (fast) to 9
* (best). */
int tcp_keep_alive; /* Set SO_KEEPALIVE. */
+ int tcp_rcv_buf; /* user switch to set tcp recv buffer */
+ int tcp_rcv_buf_poll; /* Option to poll recv buf every
+ * window transfer. */
+ int hpn_disabled; /* Switch to disable HPN buffer management */
+ int hpn_buffer_size; /* User definable size for HPN buffer window */
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-user
mailing list