As previously threatened, remove the HPN patch from OpenSSH.
This commit is contained in:
parent
23cbd2460d
commit
43b4a69321
4
UPDATING
4
UPDATING
@ -31,6 +31,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11.x IS SLOW:
|
||||
disable the most expensive debugging functionality run
|
||||
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
|
||||
|
||||
20160119:
|
||||
The NONE and HPN patches has been removed from OpenSSH. They are
|
||||
still available in the security/openssh-portable port.
|
||||
|
||||
20160113:
|
||||
With the addition of ypldap(8), a new _ypldap user is now required
|
||||
during installworld. "mergemaster -p" can be used to add the user
|
||||
|
@ -1,95 +0,0 @@
|
||||
Notes:
|
||||
|
||||
PERFORMANCE:
|
||||
The performance increase will only be as good as the network and TCP stack
|
||||
tuning on the reciever side of the connection allows. As a rule of thumb a
|
||||
user will need at least 10Mb/s connection with a 100ms RTT to see a doubling
|
||||
of performance.
|
||||
The HPN-SSH home page http://www.psc.edu/networking/projects/hpn-ssh
|
||||
describes this in greater detail.
|
||||
|
||||
|
||||
BUFFER SIZES:
|
||||
- if HPN is disabled the receive buffer size will be set to the OpenSSH default
|
||||
of 64K.
|
||||
|
||||
- if a HPN system connects to a non-HPN system the receive buffer will
|
||||
be set to the HPNBufferSize value. The default is 2MB but user adjustable.
|
||||
|
||||
- If a HPN to HPN connection is established a number of different things might
|
||||
happen based on the user options and conditions.
|
||||
|
||||
Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
|
||||
Result: HPN Buffer Size = up to 64MB
|
||||
This is the default state. The HPN buffer size will grow to a maximum of
|
||||
64MB as the TCP receive buffer grows. The maximum HPN Buffer size of 64MB
|
||||
is geared towards 10GigE transcontinental connections.
|
||||
|
||||
Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
|
||||
Result: HPN Buffer Size = TCP receive buffer value.
|
||||
Users on non-autotuning systesm should disable TCPRcvBufPoll in the
|
||||
ssh_cofig and sshd_config
|
||||
|
||||
Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
|
||||
Result: HPN Buffer Size = minmum of TCP receive buffer and HPNBufferSize.
|
||||
This would be the system defined TCP receive buffer (RWIN).
|
||||
|
||||
Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf SET
|
||||
Result: HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
|
||||
Generally there is no need to set both.
|
||||
|
||||
Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
|
||||
Result: HPN Buffer Size = grows to HPNBufferSize
|
||||
The buffer will grow up to the maximum size specified here.
|
||||
|
||||
Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf SET
|
||||
Result: HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
|
||||
Generally there is no need to set both of these, especially on autotuning
|
||||
systems. However, if the users wishes to override the autotuning this would
|
||||
be one way to do it.
|
||||
|
||||
Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf SET
|
||||
Result: HPN Buffer Size = TCPRcvBuf.
|
||||
This will override autotuning and set the TCP recieve buffer to the user
|
||||
defined value.
|
||||
|
||||
|
||||
HPN SPECIFIC CONFIGURATION OPTIONS:
|
||||
|
||||
- HPNDisabled=[yes/no] client/server
|
||||
In some situations, such as transfers on a local area network, the impact
|
||||
of the HPN code produces a net decrease in performance. In these cases it is
|
||||
helpful to disable the HPN functionality. By default HPNDisabled is set to no.
|
||||
|
||||
- HPNBufferSize=[int]KB client/server
|
||||
This is the default buffer size the HPN functionality uses when interacting
|
||||
with non-HPN SSH installations. Conceptually this is similar to the TcpRcvBuf
|
||||
option as applied to the internal SSH flow control. This value can range from
|
||||
1KB to 64MB (1-65536). Use of oversized or undersized buffers can cause
|
||||
performance problems depending on the roud trip time of the network path.
|
||||
The default size of this buffer is 2MB.
|
||||
|
||||
- TcpRcvBufPoll=[yes/no] client/server
|
||||
Enable or disable the polling of the TCP receive buffer through the life
|
||||
of the connection. You would want to make sure that this option is enabled
|
||||
for systems making use of autotuning kernels (linux 2.4.24+, 2.6, MS Vista,
|
||||
FreeBSD 7.x and later). Default is yes.
|
||||
|
||||
- TcpRcvBuf=[int]KB client
|
||||
Set the TCP socket receive buffer to n Kilobytes. It can be set up to the
|
||||
maximum socket size allowed by the system. This is useful in situations where
|
||||
the TCP receive window is set low but the maximum buffer size is set higher
|
||||
(as is typical). This works on a per TCP connection basis. You can also use
|
||||
this to artifically limit the transfer rate of the connection. In these cases
|
||||
the throughput will be no more than n/RTT. The minimum buffer size is 1KB.
|
||||
Default is the current system wide TCP receive buffer size.
|
||||
|
||||
|
||||
CREDITS:
|
||||
|
||||
This patch was conceived, designed, and led by Chris Rapier (rapier@psc.edu)
|
||||
The majority of the actual coding for versions up to HPN12v1 was performed
|
||||
by Michael Stevens (mstevens@andrew.cmu.edu).
|
||||
The MT-AES-CTR cipher was implemented by Ben Bennet (ben@psc.edu).
|
||||
This work was financed, in part, by Cisco System, Inc., the National Library
|
||||
of Medicine, and the National Science Foundation.
|
@ -27,7 +27,7 @@ __RCSID("$FreeBSD$");
|
||||
#include "log.h"
|
||||
|
||||
#define BUFFER_MAX_CHUNK 0x100000
|
||||
#define BUFFER_MAX_LEN 0x4000000 /* 64MB */
|
||||
#define BUFFER_MAX_LEN 0xa00000
|
||||
#define BUFFER_ALLOCSZ 0x008000
|
||||
|
||||
/* Initializes the buffer structure. */
|
||||
@ -167,13 +167,6 @@ buffer_len(const Buffer *buffer)
|
||||
return buffer->end - buffer->offset;
|
||||
}
|
||||
|
||||
/* Returns the maximum number of bytes of data that may be in the buffer. */
|
||||
u_int
|
||||
buffer_get_max_len(void)
|
||||
{
|
||||
return (BUFFER_MAX_LEN);
|
||||
}
|
||||
|
||||
/* Gets data from the beginning of the buffer. */
|
||||
|
||||
int
|
||||
|
@ -47,8 +47,6 @@ int buffer_get_ret(Buffer *, void *, u_int);
|
||||
int buffer_consume_ret(Buffer *, u_int);
|
||||
int buffer_consume_end_ret(Buffer *, u_int);
|
||||
|
||||
u_int buffer_get_max_len(void);
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
void buffer_put_bignum(Buffer *, const BIGNUM *);
|
||||
|
@ -174,11 +174,6 @@ static void port_open_helper(Channel *c, char *rtype);
|
||||
static int connect_next(struct channel_connect *);
|
||||
static void channel_connect_ctx_free(struct channel_connect *);
|
||||
|
||||
/* -- HPN */
|
||||
|
||||
static int hpn_disabled = 0;
|
||||
static u_int buffer_size = CHAN_HPN_MIN_WINDOW_DEFAULT;
|
||||
|
||||
/* -- channel core */
|
||||
|
||||
Channel *
|
||||
@ -325,7 +320,6 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
|
||||
c->self = found;
|
||||
c->type = type;
|
||||
c->ctype = ctype;
|
||||
c->dynamic_window = 0;
|
||||
c->local_window = window;
|
||||
c->local_window_max = window;
|
||||
c->local_consumed = 0;
|
||||
@ -826,45 +820,10 @@ channel_pre_open_13(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
FD_SET(c->sock, writeset);
|
||||
}
|
||||
|
||||
static u_int
|
||||
channel_tcpwinsz(void)
|
||||
{
|
||||
u_int32_t tcpwinsz;
|
||||
socklen_t optsz;
|
||||
int ret, sd;
|
||||
u_int maxlen;
|
||||
|
||||
/* If we are not on a socket return 128KB. */
|
||||
if (!packet_connection_is_on_socket())
|
||||
return (128 * 1024);
|
||||
|
||||
tcpwinsz = 0;
|
||||
optsz = sizeof(tcpwinsz);
|
||||
sd = packet_get_connection_in();
|
||||
ret = getsockopt(sd, SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
|
||||
|
||||
/* Return no more than the maximum buffer size. */
|
||||
maxlen = buffer_get_max_len();
|
||||
if ((ret == 0) && tcpwinsz > maxlen)
|
||||
tcpwinsz = maxlen;
|
||||
/* In case getsockopt() failed return a minimum. */
|
||||
if (tcpwinsz == 0)
|
||||
tcpwinsz = CHAN_TCP_WINDOW_DEFAULT;
|
||||
debug2("tcpwinsz: %d for connection: %d", tcpwinsz, sd);
|
||||
return (tcpwinsz);
|
||||
}
|
||||
|
||||
static void
|
||||
channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
u_int limit;
|
||||
|
||||
/* Check buffer limits. */
|
||||
if (!c->tcpwinsz || c->dynamic_window > 0)
|
||||
c->tcpwinsz = channel_tcpwinsz();
|
||||
|
||||
limit = MIN(compat20 ? c->remote_window : packet_get_maxsize(),
|
||||
2 * c->tcpwinsz);
|
||||
u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
|
||||
|
||||
if (c->istate == CHAN_INPUT_OPEN &&
|
||||
limit > 0 &&
|
||||
@ -1857,25 +1816,14 @@ channel_check_window(Channel *c)
|
||||
c->local_maxpacket*3) ||
|
||||
c->local_window < c->local_window_max/2) &&
|
||||
c->local_consumed > 0) {
|
||||
u_int addition = 0;
|
||||
|
||||
/* Adjust max window size if we are in a dynamic environment. */
|
||||
if (c->dynamic_window && c->tcpwinsz > c->local_window_max) {
|
||||
/*
|
||||
* Grow the window somewhat aggressively to maintain
|
||||
* pressure.
|
||||
*/
|
||||
addition = 1.5 * (c->tcpwinsz - c->local_window_max);
|
||||
c->local_window_max += addition;
|
||||
}
|
||||
packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
|
||||
packet_put_int(c->remote_id);
|
||||
packet_put_int(c->local_consumed + addition);
|
||||
packet_put_int(c->local_consumed);
|
||||
packet_send();
|
||||
debug2("channel %d: window %d sent adjust %d",
|
||||
c->self, c->local_window,
|
||||
c->local_consumed);
|
||||
c->local_window += c->local_consumed + addition;
|
||||
c->local_window += c->local_consumed;
|
||||
c->local_consumed = 0;
|
||||
}
|
||||
return 1;
|
||||
@ -2739,14 +2687,6 @@ channel_set_af(int af)
|
||||
IPv4or6 = af;
|
||||
}
|
||||
|
||||
void
|
||||
channel_set_hpn(int disabled, u_int buf_size)
|
||||
{
|
||||
hpn_disabled = disabled;
|
||||
buffer_size = buf_size;
|
||||
debug("HPN Disabled: %d, HPN Buffer Size: %d",
|
||||
hpn_disabled, buffer_size);
|
||||
}
|
||||
|
||||
/*
|
||||
* Determine whether or not a port forward listens to loopback, the
|
||||
@ -2924,18 +2864,10 @@ channel_setup_fwd_listener(int type, const char *listen_addr,
|
||||
*allocated_listen_port);
|
||||
}
|
||||
|
||||
/*
|
||||
* Allocate a channel number for the socket. Explicitly test
|
||||
* for hpn disabled option. If true use smaller window size.
|
||||
*/
|
||||
if (hpn_disabled)
|
||||
c = channel_new("port listener", type, sock, sock, -1,
|
||||
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
|
||||
0, "port listener", 1);
|
||||
else
|
||||
c = channel_new("port listener", type, sock, sock, -1,
|
||||
buffer_size, CHAN_TCP_PACKET_DEFAULT,
|
||||
0, "port listener", 1);
|
||||
/* Allocate a channel number for the socket. */
|
||||
c = channel_new("port listener", type, sock, sock, -1,
|
||||
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
|
||||
0, "port listener", 1);
|
||||
c->path = xstrdup(host);
|
||||
c->host_port = port_to_connect;
|
||||
c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
|
||||
@ -3583,16 +3515,10 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
|
||||
*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
|
||||
for (n = 0; n < num_socks; n++) {
|
||||
sock = socks[n];
|
||||
if (hpn_disabled)
|
||||
nc = channel_new("x11 listener",
|
||||
SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
|
||||
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
|
||||
0, "X11 inet listener", 1);
|
||||
else
|
||||
nc = channel_new("x11 listener",
|
||||
SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
|
||||
buffer_size, CHAN_X11_PACKET_DEFAULT,
|
||||
0, "X11 inet listener", 1);
|
||||
nc = channel_new("x11 listener",
|
||||
SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
|
||||
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
|
||||
0, "X11 inet listener", 1);
|
||||
nc->single_connection = single_connection;
|
||||
(*chanids)[n] = nc->self;
|
||||
}
|
||||
|
@ -133,8 +133,6 @@ struct Channel {
|
||||
u_int local_window_max;
|
||||
u_int local_consumed;
|
||||
u_int local_maxpacket;
|
||||
u_int tcpwinsz;
|
||||
int dynamic_window;
|
||||
int extended_usage;
|
||||
int single_connection;
|
||||
|
||||
@ -176,7 +174,6 @@ struct Channel {
|
||||
#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT)
|
||||
#define CHAN_X11_PACKET_DEFAULT (16*1024)
|
||||
#define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)
|
||||
#define CHAN_HPN_MIN_WINDOW_DEFAULT (2*1024*1024)
|
||||
|
||||
/* possible input states */
|
||||
#define CHAN_INPUT_OPEN 0
|
||||
@ -310,8 +307,4 @@ void chan_rcvd_ieof(Channel *);
|
||||
void chan_write_failed(Channel *);
|
||||
void chan_obuf_empty(Channel *);
|
||||
|
||||
/* hpn handler */
|
||||
|
||||
void channel_set_hpn(int, u_int);
|
||||
|
||||
#endif
|
||||
|
@ -1892,14 +1892,9 @@ client_request_x11(const char *request_type, int rchan)
|
||||
sock = x11_connect_display();
|
||||
if (sock < 0)
|
||||
return NULL;
|
||||
if (options.hpn_disabled)
|
||||
c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1,
|
||||
CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
|
||||
0, "x11", 1);
|
||||
else
|
||||
c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1,
|
||||
options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
|
||||
0, "x11", 1);
|
||||
c = channel_new("x11",
|
||||
SSH_CHANNEL_X11_OPEN, sock, sock, -1,
|
||||
CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
|
||||
c->force_drain = 1;
|
||||
return c;
|
||||
}
|
||||
@ -1919,16 +1914,10 @@ client_request_agent(const char *request_type, int rchan)
|
||||
sock = ssh_get_authentication_socket();
|
||||
if (sock < 0)
|
||||
return NULL;
|
||||
if (options.hpn_disabled)
|
||||
c = channel_new("authentication agent connection",
|
||||
SSH_CHANNEL_OPEN, sock, sock, -1,
|
||||
CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
|
||||
"authentication agent connection", 1);
|
||||
else
|
||||
c = channel_new("authentication agent connection",
|
||||
SSH_CHANNEL_OPEN, sock, sock, -1,
|
||||
options.hpn_buffer_size, options.hpn_buffer_size, 0,
|
||||
"authentication agent connection", 1);
|
||||
c = channel_new("authentication agent connection",
|
||||
SSH_CHANNEL_OPEN, sock, sock, -1,
|
||||
CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
|
||||
"authentication agent connection", 1);
|
||||
c->force_drain = 1;
|
||||
return c;
|
||||
}
|
||||
@ -1955,14 +1944,8 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (options.hpn_disabled)
|
||||
c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
|
||||
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
|
||||
0, "tun", 1);
|
||||
else
|
||||
c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
|
||||
options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
|
||||
0, "tun", 1);
|
||||
c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
|
||||
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
|
||||
c->datagram = 1;
|
||||
|
||||
#if defined(SSH_TUN_FILTER)
|
||||
|
@ -178,16 +178,6 @@ compat_datafellows(const char *version)
|
||||
datafellows = check[i].bugs;
|
||||
debug("match: %s pat %s compat 0x%08x",
|
||||
version, check[i].pat, datafellows);
|
||||
/*
|
||||
* Check to see if the remote side is OpenSSH and not
|
||||
* HPN. It is utterly strange to check it from the
|
||||
* version string and expose the option that way.
|
||||
*/
|
||||
if (strstr(version,"OpenSSH") != NULL &&
|
||||
strstr(version,"hpn") == NULL) {
|
||||
datafellows |= SSH_BUG_LARGEWINDOW;
|
||||
debug("Remote is not HPN-aware");
|
||||
}
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
@ -62,8 +62,6 @@
|
||||
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
|
||||
#define SSH_BUG_CURVE25519PAD 0x10000000
|
||||
|
||||
#define SSH_BUG_LARGEWINDOW 0x80000000
|
||||
|
||||
void enable_compat13(void);
|
||||
void enable_compat20(void);
|
||||
void compat_datafellows(const char *);
|
||||
|
@ -1037,34 +1037,3 @@ sock_set_v6only(int s)
|
||||
error("setsockopt IPV6_V6ONLY: %s", strerror(errno));
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
sock_get_rcvbuf(int *size, int rcvbuf)
|
||||
{
|
||||
int sock, socksize;
|
||||
socklen_t socksizelen = sizeof(socksize);
|
||||
|
||||
/*
|
||||
* Create a socket but do not connect it. We use it
|
||||
* only to get the rcv socket size.
|
||||
*/
|
||||
sock = socket(AF_INET6, SOCK_STREAM, 0);
|
||||
if (sock < 0)
|
||||
sock = socket(AF_INET, SOCK_STREAM, 0);
|
||||
if (sock < 0)
|
||||
return;
|
||||
|
||||
/*
|
||||
* If the tcp_rcv_buf option is set and passed in, attempt to set the
|
||||
* buffer size to its value.
|
||||
*/
|
||||
if (rcvbuf)
|
||||
setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&rcvbuf,
|
||||
sizeof(rcvbuf));
|
||||
|
||||
if (getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
|
||||
&socksize, &socksizelen) == 0)
|
||||
if (size != NULL)
|
||||
*size = socksize;
|
||||
close(sock);
|
||||
}
|
||||
|
@ -40,7 +40,6 @@ time_t monotime(void);
|
||||
void lowercase(char *s);
|
||||
|
||||
void sock_set_v6only(int);
|
||||
void sock_get_rcvbuf(int *, int);
|
||||
|
||||
struct passwd *pwcopy(struct passwd *);
|
||||
const char *ssh_gai_strerror(int);
|
||||
|
@ -152,9 +152,8 @@ typedef enum {
|
||||
oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
|
||||
oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
|
||||
oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
|
||||
oIgnoredUnknownOption,
|
||||
oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
|
||||
oVersionAddendum, oDeprecated, oUnsupported
|
||||
oVersionAddendum,
|
||||
oIgnoredUnknownOption, oDeprecated, oUnsupported
|
||||
} OpCodes;
|
||||
|
||||
/* Textual representations of the tokens. */
|
||||
@ -267,10 +266,6 @@ static struct {
|
||||
{ "canonicalizemaxdots", oCanonicalizeMaxDots },
|
||||
{ "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
|
||||
{ "ignoreunknown", oIgnoreUnknown },
|
||||
{ "hpndisabled", oHPNDisabled },
|
||||
{ "hpnbuffersize", oHPNBufferSize },
|
||||
{ "tcprcvbufpoll", oTcpRcvBufPoll },
|
||||
{ "tcprcvbuf", oTcpRcvBuf },
|
||||
{ "versionaddendum", oVersionAddendum },
|
||||
|
||||
{ NULL, oBadOption }
|
||||
@ -1352,22 +1347,6 @@ process_config_line(Options *options, struct passwd *pw, const char *host,
|
||||
multistate_ptr = multistate_requesttty;
|
||||
goto parse_multistate;
|
||||
|
||||
case oHPNDisabled:
|
||||
intptr = &options->hpn_disabled;
|
||||
goto parse_flag;
|
||||
|
||||
case oHPNBufferSize:
|
||||
intptr = &options->hpn_buffer_size;
|
||||
goto parse_int;
|
||||
|
||||
case oTcpRcvBufPoll:
|
||||
intptr = &options->tcp_rcv_buf_poll;
|
||||
goto parse_flag;
|
||||
|
||||
case oTcpRcvBuf:
|
||||
intptr = &options->tcp_rcv_buf;
|
||||
goto parse_int;
|
||||
|
||||
case oVersionAddendum:
|
||||
if (s == NULL)
|
||||
fatal("%.200s line %d: Missing argument.", filename,
|
||||
@ -1623,10 +1602,6 @@ initialize_options(Options * options)
|
||||
options->canonicalize_fallback_local = -1;
|
||||
options->canonicalize_hostname = -1;
|
||||
options->version_addendum = NULL;
|
||||
options->hpn_disabled = -1;
|
||||
options->hpn_buffer_size = -1;
|
||||
options->tcp_rcv_buf_poll = -1;
|
||||
options->tcp_rcv_buf = -1;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1821,31 +1796,6 @@ fill_default_options(Options * options)
|
||||
/* options->preferred_authentications will be set in ssh */
|
||||
if (options->version_addendum == NULL)
|
||||
options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
|
||||
if (options->hpn_disabled == -1)
|
||||
options->hpn_disabled = 0;
|
||||
if (options->hpn_buffer_size > -1)
|
||||
{
|
||||
u_int maxlen;
|
||||
|
||||
/* If a user tries to set the size to 0 set it to 1KB. */
|
||||
if (options->hpn_buffer_size == 0)
|
||||
options->hpn_buffer_size = 1024;
|
||||
/* Limit the buffer to BUFFER_MAX_LEN. */
|
||||
maxlen = buffer_get_max_len();
|
||||
if (options->hpn_buffer_size > (maxlen / 1024)) {
|
||||
debug("User requested buffer larger than %ub: %ub. "
|
||||
"Request reverted to %ub", maxlen,
|
||||
options->hpn_buffer_size * 1024, maxlen);
|
||||
options->hpn_buffer_size = maxlen;
|
||||
}
|
||||
debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
|
||||
}
|
||||
if (options->tcp_rcv_buf == 0)
|
||||
options->tcp_rcv_buf = 1;
|
||||
if (options->tcp_rcv_buf > -1)
|
||||
options->tcp_rcv_buf *= 1024;
|
||||
if (options->tcp_rcv_buf_poll == -1)
|
||||
options->tcp_rcv_buf_poll = 1;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -153,17 +153,9 @@ typedef struct {
|
||||
int num_permitted_cnames;
|
||||
struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
|
||||
|
||||
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
|
||||
|
||||
char *version_addendum; /* Appended to SSH banner */
|
||||
|
||||
int hpn_disabled; /* Switch to disable HPN buffer management. */
|
||||
int hpn_buffer_size; /* User definable size for HPN buffer
|
||||
* window. */
|
||||
int tcp_rcv_buf_poll; /* Option to poll recv buf every window
|
||||
* transfer. */
|
||||
int tcp_rcv_buf; /* User switch to set tcp recv buffer. */
|
||||
|
||||
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
|
||||
} Options;
|
||||
|
||||
#define SSH_CANONICALISE_NO 0
|
||||
|
@ -155,9 +155,6 @@ initialize_server_options(ServerOptions *options)
|
||||
options->ip_qos_interactive = -1;
|
||||
options->ip_qos_bulk = -1;
|
||||
options->version_addendum = NULL;
|
||||
options->hpn_disabled = -1;
|
||||
options->hpn_buffer_size = -1;
|
||||
options->tcp_rcv_buf_poll = -1;
|
||||
}
|
||||
|
||||
void
|
||||
@ -318,38 +315,6 @@ fill_default_server_options(ServerOptions *options)
|
||||
}
|
||||
#endif
|
||||
|
||||
if (options->hpn_disabled == -1)
|
||||
options->hpn_disabled = 0;
|
||||
if (options->hpn_buffer_size == -1) {
|
||||
/*
|
||||
* HPN buffer size option not explicitly set. Try to figure
|
||||
* out what value to use or resort to default.
|
||||
*/
|
||||
options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
|
||||
if (!options->hpn_disabled) {
|
||||
sock_get_rcvbuf(&options->hpn_buffer_size, 0);
|
||||
debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
|
||||
}
|
||||
} else {
|
||||
/*
|
||||
* In the case that the user sets both values in a
|
||||
* contradictory manner hpn_disabled overrrides hpn_buffer_size.
|
||||
*/
|
||||
if (options->hpn_disabled <= 0) {
|
||||
u_int maxlen;
|
||||
|
||||
maxlen = buffer_get_max_len();
|
||||
if (options->hpn_buffer_size == 0)
|
||||
options->hpn_buffer_size = 1;
|
||||
/* Limit the maximum buffer to BUFFER_MAX_LEN. */
|
||||
if (options->hpn_buffer_size > maxlen / 1024)
|
||||
options->hpn_buffer_size = maxlen;
|
||||
else
|
||||
options->hpn_buffer_size *= 1024;
|
||||
} else {
|
||||
options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Keyword tokens. */
|
||||
@ -385,7 +350,6 @@ typedef enum {
|
||||
sKexAlgorithms, sIPQoS, sVersionAddendum,
|
||||
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
|
||||
sAuthenticationMethods, sHostKeyAgent,
|
||||
sHPNDisabled, sHPNBufferSize, sTcpRcvBufPoll,
|
||||
sDeprecated, sUnsupported
|
||||
} ServerOpCodes;
|
||||
|
||||
@ -512,9 +476,6 @@ static struct {
|
||||
{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
|
||||
{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
|
||||
{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
|
||||
{ "hpndisabled", sHPNDisabled, SSHCFG_ALL },
|
||||
{ "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
|
||||
{ "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
|
||||
{ NULL, sBadOption, 0 }
|
||||
};
|
||||
|
||||
@ -1661,18 +1622,6 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
}
|
||||
return 0;
|
||||
|
||||
case sHPNDisabled:
|
||||
intptr = &options->hpn_disabled;
|
||||
goto parse_flag;
|
||||
|
||||
case sHPNBufferSize:
|
||||
intptr = &options->hpn_buffer_size;
|
||||
goto parse_int;
|
||||
|
||||
case sTcpRcvBufPoll:
|
||||
intptr = &options->tcp_rcv_buf_poll;
|
||||
goto parse_flag;
|
||||
|
||||
case sDeprecated:
|
||||
logit("%s line %d: Deprecated option %s",
|
||||
filename, linenum, arg);
|
||||
|
@ -181,10 +181,6 @@ typedef struct {
|
||||
|
||||
char *version_addendum; /* Appended to SSH banner */
|
||||
|
||||
int hpn_disabled; /* Disable HPN functionality. */
|
||||
int hpn_buffer_size; /* Set HPN buffer size - default 2MB.*/
|
||||
int tcp_rcv_buf_poll; /* Poll TCP rcv window in autotuning
|
||||
* kernels. */
|
||||
u_int num_auth_methods;
|
||||
char *auth_methods[MAX_AUTH_METHODS];
|
||||
} ServerOptions;
|
||||
|
@ -1016,14 +1016,8 @@ server_request_tun(void)
|
||||
sock = tun_open(tun, mode);
|
||||
if (sock < 0)
|
||||
goto done;
|
||||
if (options.hpn_disabled)
|
||||
c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
|
||||
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
|
||||
"tun", 1);
|
||||
else
|
||||
c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
|
||||
options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0,
|
||||
"tun", 1);
|
||||
c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
|
||||
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
|
||||
c->datagram = 1;
|
||||
#if defined(SSH_TUN_FILTER)
|
||||
if (mode == SSH_TUNMODE_POINTOPOINT)
|
||||
@ -1059,8 +1053,6 @@ server_request_session(void)
|
||||
c = channel_new("session", SSH_CHANNEL_LARVAL,
|
||||
-1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
|
||||
0, "server-session", 1);
|
||||
if (!options.hpn_disabled && options.tcp_rcv_buf_poll)
|
||||
c->dynamic_window = 1;
|
||||
if (session_open(the_authctxt, c->self) != 1) {
|
||||
debug("session open failed, free channel %d", c->self);
|
||||
channel_free(c);
|
||||
|
@ -237,10 +237,7 @@ auth_input_request_forwarding(struct passwd * pw)
|
||||
goto authsock_err;
|
||||
}
|
||||
|
||||
/*
|
||||
* Allocate a channel for the authentication agent socket.
|
||||
* Ignore HPN on that one given no improvement expected.
|
||||
*/
|
||||
/* Allocate a channel for the authentication agent socket. */
|
||||
nc = channel_new("auth socket",
|
||||
SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
|
||||
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
|
||||
@ -2346,14 +2343,10 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr,
|
||||
*/
|
||||
if (s->chanid == -1)
|
||||
fatal("no channel for session %d", s->self);
|
||||
if (options.hpn_disabled)
|
||||
channel_set_fds(s->chanid, fdout, fdin, fderr,
|
||||
ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
|
||||
1, is_tty, CHAN_SES_WINDOW_DEFAULT);
|
||||
else
|
||||
channel_set_fds(s->chanid, fdout, fdin, fderr,
|
||||
ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
|
||||
1, is_tty, options.hpn_buffer_size);
|
||||
channel_set_fds(s->chanid,
|
||||
fdout, fdin, fderr,
|
||||
ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
|
||||
1, is_tty, CHAN_SES_WINDOW_DEFAULT);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -261,8 +261,7 @@ diagnostic messages from
|
||||
Specify how many requests may be outstanding at any one time.
|
||||
Increasing this may slightly improve file transfer speed
|
||||
but will increase memory usage.
|
||||
The default is 256 outstanding requests providing for 8MB
|
||||
of outstanding data with a 32KB buffer.
|
||||
The default is 64 outstanding requests.
|
||||
.It Fl r
|
||||
Recursively copy entire directories when uploading and downloading.
|
||||
Note that
|
||||
|
@ -69,7 +69,7 @@ typedef void EditLine;
|
||||
#include "sftp-client.h"
|
||||
|
||||
#define DEFAULT_COPY_BUFLEN 32768 /* Size of buffer for up/download */
|
||||
#define DEFAULT_NUM_REQUESTS 256 /* # concurrent outstanding requests */
|
||||
#define DEFAULT_NUM_REQUESTS 64 /* # concurrent outstanding requests */
|
||||
|
||||
/* File to read commands from */
|
||||
FILE* infile;
|
||||
|
@ -35,7 +35,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd December 7, 2013
|
||||
.Dd $Mdocdate: December 7 2013 $
|
||||
.Dt SSH-AGENT 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -633,13 +633,11 @@ main(int ac, char **av)
|
||||
case 'V':
|
||||
if (options.version_addendum &&
|
||||
*options.version_addendum != '\0')
|
||||
fprintf(stderr, "%s%s %s, %s\n", SSH_RELEASE,
|
||||
options.hpn_disabled ? "" : SSH_VERSION_HPN,
|
||||
fprintf(stderr, "%s %s, %s\n", SSH_RELEASE,
|
||||
options.version_addendum,
|
||||
SSLeay_version(SSLEAY_VERSION));
|
||||
else
|
||||
fprintf(stderr, "%s%s, %s\n", SSH_RELEASE,
|
||||
options.hpn_disabled ? "" : SSH_VERSION_HPN,
|
||||
fprintf(stderr, "%s, %s\n", SSH_RELEASE,
|
||||
SSLeay_version(SSLEAY_VERSION));
|
||||
if (opt == 'V')
|
||||
exit(0);
|
||||
@ -1657,46 +1655,9 @@ ssh_session2_open(void)
|
||||
if (!isatty(err))
|
||||
set_nonblock(err);
|
||||
|
||||
/*
|
||||
* We need to check to see what to do about buffer sizes here.
|
||||
* - In an HPN to non-HPN connection we want to limit the window size to
|
||||
* something reasonable in case the far side has the large window bug.
|
||||
* - In an HPN to HPN connection we want to use the max window size but
|
||||
* allow the user to override it.
|
||||
* - Lastly if HPN is disabled then use the ssh standard window size.
|
||||
*
|
||||
* We cannot just do a getsockopt() here and set the ssh window to that
|
||||
* as in case of autotuning of socket buffers the window would get stuck
|
||||
* at the initial buffer size, generally less than 96k. Therefore we
|
||||
* need to set the maximum ssh window size to the maximum HPN buffer
|
||||
* size unless the user has set TcpRcvBufPoll to no. In that case we
|
||||
* can just set the window to the minimum of HPN buffer size and TCP
|
||||
* receive buffer size.
|
||||
*/
|
||||
if (tty_flag)
|
||||
options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
|
||||
else
|
||||
options.hpn_buffer_size = CHAN_HPN_MIN_WINDOW_DEFAULT;
|
||||
|
||||
if (datafellows & SSH_BUG_LARGEWINDOW) {
|
||||
debug("HPN to Non-HPN Connection");
|
||||
} else if (options.tcp_rcv_buf_poll <= 0) {
|
||||
sock_get_rcvbuf(&options.hpn_buffer_size, 0);
|
||||
debug("HPNBufferSize set to TCP RWIN: %d",
|
||||
options.hpn_buffer_size);
|
||||
} else if (options.tcp_rcv_buf > 0) {
|
||||
sock_get_rcvbuf(&options.hpn_buffer_size,
|
||||
options.tcp_rcv_buf);
|
||||
debug("HPNBufferSize set to user TCPRcvBuf: %d",
|
||||
options.hpn_buffer_size);
|
||||
}
|
||||
debug("Final hpn_buffer_size = %d", options.hpn_buffer_size);
|
||||
channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
|
||||
window = options.hpn_buffer_size;
|
||||
|
||||
window = CHAN_SES_WINDOW_DEFAULT;
|
||||
packetmax = CHAN_SES_PACKET_DEFAULT;
|
||||
if (tty_flag) {
|
||||
window = CHAN_SES_WINDOW_DEFAULT;
|
||||
window >>= 1;
|
||||
packetmax >>= 1;
|
||||
}
|
||||
@ -1704,10 +1665,6 @@ ssh_session2_open(void)
|
||||
"session", SSH_CHANNEL_OPENING, in, out, err,
|
||||
window, packetmax, CHAN_EXTENDED_WRITE,
|
||||
"client-session", /*nonblock*/0);
|
||||
if (!options.hpn_disabled && options.tcp_rcv_buf_poll > 0) {
|
||||
c->dynamic_window = 1;
|
||||
debug("Enabled Dynamic Window Scaling\n");
|
||||
}
|
||||
|
||||
debug3("ssh_session2_open: channel_new: %d", c->self);
|
||||
|
||||
|
@ -48,4 +48,4 @@
|
||||
# ProxyCommand ssh -q -W %h:%p gateway.example.com
|
||||
# RekeyLimit 1G 1h
|
||||
# VerifyHostKeyDNS yes
|
||||
# VersionAddendum FreeBSD-20140420
|
||||
# VersionAddendum FreeBSD-20160119
|
||||
|
@ -1423,7 +1423,7 @@ See also VERIFYING HOST KEYS in
|
||||
Specifies a string to append to the regular version string to identify
|
||||
OS- or site-specific modifications.
|
||||
The default is
|
||||
.Dq FreeBSD-20140420 .
|
||||
.Dq FreeBSD-20160119 .
|
||||
The value
|
||||
.Dq none
|
||||
may be used to disable this.
|
||||
|
@ -7,7 +7,11 @@
|
||||
*
|
||||
* A list of symbols which need munging is obtained as follows:
|
||||
*
|
||||
* nm libssh.a | awk '/[0-9a-z] [A-Z] / && $3 !~ /^ssh_/ { printf("#define %-39s ssh_%s\n", $3, $3) }' | unexpand -a | sort -u
|
||||
# nm libprivatessh.a | LC_ALL=C awk '
|
||||
/^[0-9a-z]+ [Tt] [A-Za-z_][0-9A-Za-z_]*$/ && $3 !~ /^ssh_/ {
|
||||
printf("#define %-39s ssh_%s\n", $3, $3)
|
||||
}' | unexpand -a | LC_ALL=C sort -u
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
@ -20,9 +24,13 @@
|
||||
#define a2port ssh_a2port
|
||||
#define a2tun ssh_a2tun
|
||||
#define add_host_to_hostfile ssh_add_host_to_hostfile
|
||||
#define add_p1p1 ssh_add_p1p1
|
||||
#define addargs ssh_addargs
|
||||
#define addr_match_cidr_list ssh_addr_match_cidr_list
|
||||
#define addr_match_list ssh_addr_match_list
|
||||
#define addr_netmatch ssh_addr_netmatch
|
||||
#define addr_pton ssh_addr_pton
|
||||
#define addr_pton_cidr ssh_addr_pton_cidr
|
||||
#define ask_permission ssh_ask_permission
|
||||
#define atomicio ssh_atomicio
|
||||
#define atomicio6 ssh_atomicio6
|
||||
@ -31,7 +39,10 @@
|
||||
#define auth_request_forwarding ssh_auth_request_forwarding
|
||||
#define bandwidth_limit ssh_bandwidth_limit
|
||||
#define bandwidth_limit_init ssh_bandwidth_limit_init
|
||||
#define barrett_reduce ssh_barrett_reduce
|
||||
#define bcrypt_hash ssh_bcrypt_hash
|
||||
#define bcrypt_pbkdf ssh_bcrypt_pbkdf
|
||||
#define bf_ssh1_cipher ssh_bf_ssh1_cipher
|
||||
#define blf_cbc_decrypt ssh_blf_cbc_decrypt
|
||||
#define blf_cbc_encrypt ssh_blf_cbc_encrypt
|
||||
#define blf_dec ssh_blf_dec
|
||||
@ -70,7 +81,6 @@
|
||||
#define buffer_get_int64 ssh_buffer_get_int64
|
||||
#define buffer_get_int64_ret ssh_buffer_get_int64_ret
|
||||
#define buffer_get_int_ret ssh_buffer_get_int_ret
|
||||
#define buffer_get_max_len ssh_buffer_get_max_len
|
||||
#define buffer_get_ret ssh_buffer_get_ret
|
||||
#define buffer_get_short ssh_buffer_get_short
|
||||
#define buffer_get_short_ret ssh_buffer_get_short_ret
|
||||
@ -95,6 +105,7 @@
|
||||
#define buffer_put_short ssh_buffer_put_short
|
||||
#define buffer_put_string ssh_buffer_put_string
|
||||
#define buffer_uncompress ssh_buffer_uncompress
|
||||
#define cert_free ssh_cert_free
|
||||
#define chacha_encrypt_bytes ssh_chacha_encrypt_bytes
|
||||
#define chacha_ivsetup ssh_chacha_ivsetup
|
||||
#define chacha_keysetup ssh_chacha_keysetup
|
||||
@ -109,6 +120,10 @@
|
||||
#define chan_rcvd_ieof ssh_chan_rcvd_ieof
|
||||
#define chan_rcvd_oclose ssh_chan_rcvd_oclose
|
||||
#define chan_read_failed ssh_chan_read_failed
|
||||
#define chan_send_eof2 ssh_chan_send_eof2
|
||||
#define chan_send_oclose1 ssh_chan_send_oclose1
|
||||
#define chan_shutdown_read ssh_chan_shutdown_read
|
||||
#define chan_shutdown_write ssh_chan_shutdown_write
|
||||
#define chan_write_failed ssh_chan_write_failed
|
||||
#define channel_add_adm_permitted_opens ssh_channel_add_adm_permitted_opens
|
||||
#define channel_add_permitted_opens ssh_channel_add_permitted_opens
|
||||
@ -121,6 +136,7 @@
|
||||
#define channel_clear_permitted_opens ssh_channel_clear_permitted_opens
|
||||
#define channel_close_all ssh_channel_close_all
|
||||
#define channel_close_fd ssh_channel_close_fd
|
||||
#define channel_close_fds ssh_channel_close_fds
|
||||
#define channel_connect_by_listen_address ssh_channel_connect_by_listen_address
|
||||
#define channel_connect_stdio_fwd ssh_channel_connect_stdio_fwd
|
||||
#define channel_connect_to ssh_channel_connect_to
|
||||
@ -128,6 +144,8 @@
|
||||
#define channel_find_open ssh_channel_find_open
|
||||
#define channel_free ssh_channel_free
|
||||
#define channel_free_all ssh_channel_free_all
|
||||
#define channel_fwd_bind_addr ssh_channel_fwd_bind_addr
|
||||
#define channel_handler ssh_channel_handler
|
||||
#define channel_input_close ssh_channel_input_close
|
||||
#define channel_input_close_confirmation ssh_channel_input_close_confirmation
|
||||
#define channel_input_data ssh_channel_input_data
|
||||
@ -146,11 +164,28 @@
|
||||
#define channel_open_message ssh_channel_open_message
|
||||
#define channel_output_poll ssh_channel_output_poll
|
||||
#define channel_permit_all_opens ssh_channel_permit_all_opens
|
||||
#define channel_post ssh_channel_post
|
||||
#define channel_pre ssh_channel_pre
|
||||
#define channel_post_auth_listener ssh_channel_post_auth_listener
|
||||
#define channel_post_connecting ssh_channel_post_connecting
|
||||
#define channel_post_mux_client ssh_channel_post_mux_client
|
||||
#define channel_post_mux_listener ssh_channel_post_mux_listener
|
||||
#define channel_post_open ssh_channel_post_open
|
||||
#define channel_post_output_drain_13 ssh_channel_post_output_drain_13
|
||||
#define channel_post_port_listener ssh_channel_post_port_listener
|
||||
#define channel_post_x11_listener ssh_channel_post_x11_listener
|
||||
#define channel_pre_connecting ssh_channel_pre_connecting
|
||||
#define channel_pre_dynamic ssh_channel_pre_dynamic
|
||||
#define channel_pre_input_draining ssh_channel_pre_input_draining
|
||||
#define channel_pre_listener ssh_channel_pre_listener
|
||||
#define channel_pre_mux_client ssh_channel_pre_mux_client
|
||||
#define channel_pre_open ssh_channel_pre_open
|
||||
#define channel_pre_open_13 ssh_channel_pre_open_13
|
||||
#define channel_pre_output_draining ssh_channel_pre_output_draining
|
||||
#define channel_pre_x11_open ssh_channel_pre_x11_open
|
||||
#define channel_pre_x11_open_13 ssh_channel_pre_x11_open_13
|
||||
#define channel_prepare_select ssh_channel_prepare_select
|
||||
#define channel_print_adm_permitted_opens ssh_channel_print_adm_permitted_opens
|
||||
#define channel_register_cleanup ssh_channel_register_cleanup
|
||||
#define channel_register_fds ssh_channel_register_fds
|
||||
#define channel_register_filter ssh_channel_register_filter
|
||||
#define channel_register_open_confirm ssh_channel_register_open_confirm
|
||||
#define channel_register_status_confirm ssh_channel_register_status_confirm
|
||||
@ -161,14 +196,17 @@
|
||||
#define channel_send_window_changes ssh_channel_send_window_changes
|
||||
#define channel_set_af ssh_channel_set_af
|
||||
#define channel_set_fds ssh_channel_set_fds
|
||||
#define channel_set_hpn ssh_channel_set_hpn
|
||||
#define channel_setup_fwd_listener ssh_channel_setup_fwd_listener
|
||||
#define channel_setup_local_fwd_listener ssh_channel_setup_local_fwd_listener
|
||||
#define channel_setup_remote_fwd_listener ssh_channel_setup_remote_fwd_listener
|
||||
#define channel_still_open ssh_channel_still_open
|
||||
#define channel_stop_listening ssh_channel_stop_listening
|
||||
#define channel_update_permitted_opens ssh_channel_update_permitted_opens
|
||||
#define check_crc ssh_check_crc
|
||||
#define check_hostkeys_by_key_or_type ssh_check_hostkeys_by_key_or_type
|
||||
#define check_key_in_hostkeys ssh_check_key_in_hostkeys
|
||||
#define choose_dh ssh_choose_dh
|
||||
#define choose_t ssh_choose_t
|
||||
#define chop ssh_chop
|
||||
#define cipher_alg_list ssh_cipher_alg_list
|
||||
#define cipher_authlen ssh_cipher_authlen
|
||||
@ -198,15 +236,17 @@
|
||||
#define cleanup_exit ssh_cleanup_exit
|
||||
#define clear_cached_addr ssh_clear_cached_addr
|
||||
#define colon ssh_colon
|
||||
#define compat13 ssh_compat13
|
||||
#define compat20 ssh_compat20
|
||||
#define compare ssh_compare
|
||||
#define compare_gps ssh_compare_gps
|
||||
#define compat_cipher_proposal ssh_compat_cipher_proposal
|
||||
#define compat_datafellows ssh_compat_datafellows
|
||||
#define compat_kex_proposal ssh_compat_kex_proposal
|
||||
#define compat_pkalg_proposal ssh_compat_pkalg_proposal
|
||||
#define connect_next ssh_connect_next
|
||||
#define connect_to ssh_connect_to
|
||||
#define convtime ssh_convtime
|
||||
#define crypto_hash_sha512 ssh_crypto_hash_sha512
|
||||
#define crypto_hashblocks_sha512 ssh_crypto_hashblocks_sha512
|
||||
#define crypto_scalarmult_curve25519 ssh_crypto_scalarmult_curve25519
|
||||
#define crypto_sign_ed25519 ssh_crypto_sign_ed25519
|
||||
#define crypto_sign_ed25519_keypair ssh_crypto_sign_ed25519_keypair
|
||||
#define crypto_sign_ed25519_open ssh_crypto_sign_ed25519_open
|
||||
@ -227,7 +267,6 @@
|
||||
#define crypto_sign_ed25519_ref_fe25519_square ssh_crypto_sign_ed25519_ref_fe25519_square
|
||||
#define crypto_sign_ed25519_ref_fe25519_sub ssh_crypto_sign_ed25519_ref_fe25519_sub
|
||||
#define crypto_sign_ed25519_ref_fe25519_unpack ssh_crypto_sign_ed25519_ref_fe25519_unpack
|
||||
#define crypto_sign_ed25519_ref_ge25519_base ssh_crypto_sign_ed25519_ref_ge25519_base
|
||||
#define crypto_sign_ed25519_ref_isneutral_vartime ssh_crypto_sign_ed25519_ref_isneutral_vartime
|
||||
#define crypto_sign_ed25519_ref_pack ssh_crypto_sign_ed25519_ref_pack
|
||||
#define crypto_sign_ed25519_ref_sc25519_2interleave2 ssh_crypto_sign_ed25519_ref_sc25519_2interleave2
|
||||
@ -248,8 +287,7 @@
|
||||
#define crypto_sign_ed25519_ref_shortsc25519_from16bytes ssh_crypto_sign_ed25519_ref_shortsc25519_from16bytes
|
||||
#define crypto_sign_ed25519_ref_unpackneg_vartime ssh_crypto_sign_ed25519_ref_unpackneg_vartime
|
||||
#define crypto_verify_32 ssh_crypto_verify_32
|
||||
#define current_keys ssh_current_keys
|
||||
#define datafellows ssh_datafellows
|
||||
#define dbl_p1p1 ssh_dbl_p1p1
|
||||
#define debug ssh_debug
|
||||
#define debug2 ssh_debug2
|
||||
#define debug3 ssh_debug3
|
||||
@ -264,8 +302,6 @@
|
||||
#define dh_new_group14 ssh_dh_new_group14
|
||||
#define dh_new_group_asc ssh_dh_new_group_asc
|
||||
#define dh_pub_is_valid ssh_dh_pub_is_valid
|
||||
#define digests ssh_digests
|
||||
#define dispatch ssh_dispatch
|
||||
#define dispatch_init ssh_dispatch_init
|
||||
#define dispatch_protocol_error ssh_dispatch_protocol_error
|
||||
#define dispatch_protocol_ignore ssh_dispatch_protocol_ignore
|
||||
@ -283,6 +319,7 @@
|
||||
#define explicit_bzero ssh_explicit_bzero
|
||||
#define export_dns_rr ssh_export_dns_rr
|
||||
#define fatal ssh_fatal
|
||||
#define filter_proposal ssh_filter_proposal
|
||||
#define fmt_scaled ssh_fmt_scaled
|
||||
#define free_hostkeys ssh_free_hostkeys
|
||||
#define freeargs ssh_freeargs
|
||||
@ -298,20 +335,27 @@
|
||||
#define get_remote_name_or_ip ssh_get_remote_name_or_ip
|
||||
#define get_remote_port ssh_get_remote_port
|
||||
#define get_sock_port ssh_get_sock_port
|
||||
#define get_socket_address ssh_get_socket_address
|
||||
#define get_u16 ssh_get_u16
|
||||
#define get_u32 ssh_get_u32
|
||||
#define get_u64 ssh_get_u64
|
||||
#define getrrsetbyname ssh_getrrsetbyname
|
||||
#define glob ssh_glob
|
||||
#define glob0 ssh_glob0
|
||||
#define glob2 ssh_glob2
|
||||
#define globexp1 ssh_globexp1
|
||||
#define globextend ssh_globextend
|
||||
#define globfree ssh_globfree
|
||||
#define host_hash ssh_host_hash
|
||||
#define hostfile_read_key ssh_hostfile_read_key
|
||||
#define hpdelim ssh_hpdelim
|
||||
#define incoming_stream ssh_incoming_stream
|
||||
#define init_hostkeys ssh_init_hostkeys
|
||||
#define iptos2str ssh_iptos2str
|
||||
#define ipv64_normalise_mapped ssh_ipv64_normalise_mapped
|
||||
#define is_key_revoked ssh_is_key_revoked
|
||||
#define kex_alg_by_name ssh_kex_alg_by_name
|
||||
#define kex_alg_list ssh_kex_alg_list
|
||||
#define kex_buf2prop ssh_kex_buf2prop
|
||||
#define kex_c25519_hash ssh_kex_c25519_hash
|
||||
#define kex_derive_keys ssh_kex_derive_keys
|
||||
#define kex_derive_keys_bn ssh_kex_derive_keys_bn
|
||||
@ -321,6 +365,8 @@
|
||||
#define kex_get_newkeys ssh_kex_get_newkeys
|
||||
#define kex_input_kexinit ssh_kex_input_kexinit
|
||||
#define kex_names_valid ssh_kex_names_valid
|
||||
#define kex_prop_free ssh_kex_prop_free
|
||||
#define kex_protocol_error ssh_kex_protocol_error
|
||||
#define kex_send_kexinit ssh_kex_send_kexinit
|
||||
#define kex_setup ssh_kex_setup
|
||||
#define kexc25519_client ssh_kexc25519_client
|
||||
@ -354,6 +400,7 @@
|
||||
#define key_fingerprint_raw ssh_key_fingerprint_raw
|
||||
#define key_free ssh_key_free
|
||||
#define key_from_blob ssh_key_from_blob
|
||||
#define key_from_blob2 ssh_key_from_blob2
|
||||
#define key_from_private ssh_key_from_private
|
||||
#define key_generate ssh_key_generate
|
||||
#define key_in_file ssh_key_in_file
|
||||
@ -370,9 +417,14 @@
|
||||
#define key_new ssh_key_new
|
||||
#define key_new_private ssh_key_new_private
|
||||
#define key_parse_private ssh_key_parse_private
|
||||
#define key_parse_private2 ssh_key_parse_private2
|
||||
#define key_parse_private_pem ssh_key_parse_private_pem
|
||||
#define key_parse_private_type ssh_key_parse_private_type
|
||||
#define key_parse_public_rsa1 ssh_key_parse_public_rsa1
|
||||
#define key_perm_ok ssh_key_perm_ok
|
||||
#define key_private_deserialize ssh_key_private_deserialize
|
||||
#define key_private_serialize ssh_key_private_serialize
|
||||
#define key_private_to_blob2 ssh_key_private_to_blob2
|
||||
#define key_read ssh_key_read
|
||||
#define key_save_private ssh_key_save_private
|
||||
#define key_sign ssh_key_sign
|
||||
@ -381,6 +433,7 @@
|
||||
#define key_ssh_name_plain ssh_key_ssh_name_plain
|
||||
#define key_to_blob ssh_key_to_blob
|
||||
#define key_to_certified ssh_key_to_certified
|
||||
#define key_try_load_public ssh_key_try_load_public
|
||||
#define key_type ssh_key_type
|
||||
#define key_type_from_name ssh_key_type_from_name
|
||||
#define key_type_is_cert ssh_key_type_is_cert
|
||||
@ -405,6 +458,7 @@
|
||||
#define mac_init ssh_mac_init
|
||||
#define mac_setup ssh_mac_setup
|
||||
#define mac_valid ssh_mac_valid
|
||||
#define match ssh_match
|
||||
#define match_host_and_ip ssh_match_host_and_ip
|
||||
#define match_hostname ssh_match_hostname
|
||||
#define match_list ssh_match_list
|
||||
@ -417,13 +471,16 @@
|
||||
#define monotime ssh_monotime
|
||||
#define ms_subtract_diff ssh_ms_subtract_diff
|
||||
#define ms_to_timeval ssh_ms_to_timeval
|
||||
#define mult ssh_mult
|
||||
#define mysignal ssh_mysignal
|
||||
#define outgoing_stream ssh_outgoing_stream
|
||||
#define nh_aux ssh_nh_aux
|
||||
#define nh_final ssh_nh_final
|
||||
#define packet_add_padding ssh_packet_add_padding
|
||||
#define packet_backup_state ssh_packet_backup_state
|
||||
#define packet_close ssh_packet_close
|
||||
#define packet_connection_is_on_socket ssh_packet_connection_is_on_socket
|
||||
#define packet_disconnect ssh_packet_disconnect
|
||||
#define packet_enable_delayed_compress ssh_packet_enable_delayed_compress
|
||||
#define packet_get_bignum ssh_packet_get_bignum
|
||||
#define packet_get_bignum2 ssh_packet_get_bignum2
|
||||
#define packet_get_char ssh_packet_get_char
|
||||
@ -470,6 +527,7 @@
|
||||
#define packet_remaining ssh_packet_remaining
|
||||
#define packet_restore_state ssh_packet_restore_state
|
||||
#define packet_send ssh_packet_send
|
||||
#define packet_send2_wrapped ssh_packet_send2_wrapped
|
||||
#define packet_send_debug ssh_packet_send_debug
|
||||
#define packet_send_ignore ssh_packet_send_ignore
|
||||
#define packet_set_alive_timeouts ssh_packet_set_alive_timeouts
|
||||
@ -488,20 +546,32 @@
|
||||
#define packet_set_timeout ssh_packet_set_timeout
|
||||
#define packet_start ssh_packet_start
|
||||
#define packet_start_compression ssh_packet_start_compression
|
||||
#define packet_start_discard ssh_packet_start_discard
|
||||
#define packet_stop_discard ssh_packet_stop_discard
|
||||
#define packet_write_poll ssh_packet_write_poll
|
||||
#define packet_write_wait ssh_packet_write_wait
|
||||
#define parse_ipqos ssh_parse_ipqos
|
||||
#define parse_prime ssh_parse_prime
|
||||
#define percent_expand ssh_percent_expand
|
||||
#define permanently_drop_suid ssh_permanently_drop_suid
|
||||
#define permanently_set_uid ssh_permanently_set_uid
|
||||
#define permitopen_port ssh_permitopen_port
|
||||
#define pkcs11_add_provider ssh_pkcs11_add_provider
|
||||
#define pkcs11_del_provider ssh_pkcs11_del_provider
|
||||
#define pkcs11_fetch_keys_filter ssh_pkcs11_fetch_keys_filter
|
||||
#define pkcs11_find ssh_pkcs11_find
|
||||
#define pkcs11_init ssh_pkcs11_init
|
||||
#define pkcs11_interactive ssh_pkcs11_interactive
|
||||
#define pkcs11_providers ssh_pkcs11_providers
|
||||
#define pkcs11_provider_finalize ssh_pkcs11_provider_finalize
|
||||
#define pkcs11_provider_unref ssh_pkcs11_provider_unref
|
||||
#define pkcs11_rsa_finish ssh_pkcs11_rsa_finish
|
||||
#define pkcs11_rsa_private_decrypt ssh_pkcs11_rsa_private_decrypt
|
||||
#define pkcs11_rsa_private_encrypt ssh_pkcs11_rsa_private_encrypt
|
||||
#define pkcs11_terminate ssh_pkcs11_terminate
|
||||
#define plain_key_blob ssh_plain_key_blob
|
||||
#define poly1305_auth ssh_poly1305_auth
|
||||
#define poly64 ssh_poly64
|
||||
#define poly_hash ssh_poly_hash
|
||||
#define port_open_helper ssh_port_open_helper
|
||||
#define prime_test ssh_prime_test
|
||||
#define proto_spec ssh_proto_spec
|
||||
#define put_host_port ssh_put_host_port
|
||||
@ -509,11 +579,19 @@
|
||||
#define put_u32 ssh_put_u32
|
||||
#define put_u64 ssh_put_u64
|
||||
#define pwcopy ssh_pwcopy
|
||||
#define qfileout ssh_qfileout
|
||||
#define read_keyfile_line ssh_read_keyfile_line
|
||||
#define read_mux ssh_read_mux
|
||||
#define read_passphrase ssh_read_passphrase
|
||||
#define reduce_add_sub ssh_reduce_add_sub
|
||||
#define refresh_progress_meter ssh_refresh_progress_meter
|
||||
#define replacearg ssh_replacearg
|
||||
#define restore_uid ssh_restore_uid
|
||||
#define revoke_blob ssh_revoke_blob
|
||||
#define revoked_blob_tree_RB_REMOVE ssh_revoked_blob_tree_RB_REMOVE
|
||||
#define revoked_certs_for_ca_key ssh_revoked_certs_for_ca_key
|
||||
#define revoked_serial_tree_RB_REMOVE ssh_revoked_serial_tree_RB_REMOVE
|
||||
#define rijndaelKeySetupEnc ssh_rijndaelKeySetupEnc
|
||||
#define rijndael_decrypt ssh_rijndael_decrypt
|
||||
#define rijndael_encrypt ssh_rijndael_encrypt
|
||||
#define rijndael_set_key ssh_rijndael_set_key
|
||||
@ -528,9 +606,14 @@
|
||||
#define set_nodelay ssh_set_nodelay
|
||||
#define set_nonblock ssh_set_nonblock
|
||||
#define shadow_pw ssh_shadow_pw
|
||||
#define sieve_large ssh_sieve_large
|
||||
#define sig_winch ssh_sig_winch
|
||||
#define sigdie ssh_sigdie
|
||||
#define sock_get_rcvbuf ssh_sock_get_rcvbuf
|
||||
#define sock_set_v6only ssh_sock_set_v6only
|
||||
#define square ssh_square
|
||||
#define ssh1_3des_cbc ssh_ssh1_3des_cbc
|
||||
#define ssh1_3des_cleanup ssh_ssh1_3des_cleanup
|
||||
#define ssh1_3des_init ssh_ssh1_3des_init
|
||||
#define ssh1_3des_iv ssh_ssh1_3des_iv
|
||||
#define start_progress_meter ssh_start_progress_meter
|
||||
#define stop_progress_meter ssh_stop_progress_meter
|
||||
@ -542,21 +625,21 @@
|
||||
#define temporarily_use_uid ssh_temporarily_use_uid
|
||||
#define tilde_expand_filename ssh_tilde_expand_filename
|
||||
#define timingsafe_bcmp ssh_timingsafe_bcmp
|
||||
#define to_blob ssh_to_blob
|
||||
#define tohex ssh_tohex
|
||||
#define tty_make_modes ssh_tty_make_modes
|
||||
#define tty_parse_modes ssh_tty_parse_modes
|
||||
#define tun_open ssh_tun_open
|
||||
#define umac128_ctx ssh_umac128_ctx
|
||||
#define umac128_delete ssh_umac128_delete
|
||||
#define umac128_final ssh_umac128_final
|
||||
#define umac128_new ssh_umac128_new
|
||||
#define umac128_update ssh_umac128_update
|
||||
#define umac_ctx ssh_umac_ctx
|
||||
#define umac_delete ssh_umac_delete
|
||||
#define umac_final ssh_umac_final
|
||||
#define umac_new ssh_umac_new
|
||||
#define umac_update ssh_umac_update
|
||||
#define unset_nonblock ssh_unset_nonblock
|
||||
#define update_progress_meter ssh_update_progress_meter
|
||||
#define uudecode ssh_uudecode
|
||||
#define uuencode ssh_uuencode
|
||||
#define verbose ssh_verbose
|
||||
@ -565,6 +648,7 @@
|
||||
#define x11_connect_display ssh_x11_connect_display
|
||||
#define x11_create_display_inet ssh_x11_create_display_inet
|
||||
#define x11_input_open ssh_x11_input_open
|
||||
#define x11_open_helper ssh_x11_open_helper
|
||||
#define x11_request_forwarding_with_spoofing ssh_x11_request_forwarding_with_spoofing
|
||||
#define xasprintf ssh_xasprintf
|
||||
#define xcalloc ssh_xcalloc
|
||||
|
@ -264,29 +264,6 @@ ssh_kill_proxy_command(void)
|
||||
kill(proxy_command_pid, SIGHUP);
|
||||
}
|
||||
|
||||
/*
|
||||
* Set TCP receive buffer if requested.
|
||||
* Note: tuning needs to happen after the socket is created but before the
|
||||
* connection happens so winscale is negotiated properly.
|
||||
*/
|
||||
static void
|
||||
ssh_set_socket_recvbuf(int sock)
|
||||
{
|
||||
void *buf = (void *)&options.tcp_rcv_buf;
|
||||
int socksize, sz = sizeof(options.tcp_rcv_buf);
|
||||
socklen_t len = sizeof(int);
|
||||
|
||||
debug("setsockopt attempting to set SO_RCVBUF to %d",
|
||||
options.tcp_rcv_buf);
|
||||
if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, buf, sz) >= 0) {
|
||||
getsockopt(sock, SOL_SOCKET, SO_RCVBUF, &socksize, &len);
|
||||
debug("setsockopt SO_RCVBUF: %.100s %d", strerror(errno),
|
||||
socksize);
|
||||
} else
|
||||
error("Couldn't set socket receive buffer to %d: %.100s",
|
||||
options.tcp_rcv_buf, strerror(errno));
|
||||
}
|
||||
|
||||
/*
|
||||
* Creates a (possibly privileged) socket for use as the ssh connection.
|
||||
*/
|
||||
@ -303,9 +280,6 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
|
||||
}
|
||||
fcntl(sock, F_SETFD, FD_CLOEXEC);
|
||||
|
||||
if (options.tcp_rcv_buf > 0)
|
||||
ssh_set_socket_recvbuf(sock);
|
||||
|
||||
/* Bind the socket to an alternative local IP address */
|
||||
if (options.bind_address == NULL && !privileged)
|
||||
return sock;
|
||||
@ -546,10 +520,10 @@ static void
|
||||
send_client_banner(int connection_out, int minor1)
|
||||
{
|
||||
/* Send our own protocol version identification. */
|
||||
xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s%s%s%s",
|
||||
xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s%s%s",
|
||||
compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
|
||||
compat20 ? PROTOCOL_MINOR_2 : minor1,
|
||||
SSH_VERSION, options.hpn_disabled ? "" : SSH_VERSION_HPN,
|
||||
SSH_VERSION,
|
||||
*options.version_addendum == '\0' ? "" : " ",
|
||||
options.version_addendum, compat20 ? "\r\n" : "\n");
|
||||
if (roaming_atomicio(vwrite, connection_out, client_version_string,
|
||||
|
@ -446,9 +446,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
|
||||
minor = PROTOCOL_MINOR_1;
|
||||
}
|
||||
|
||||
xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s",
|
||||
xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
|
||||
major, minor, SSH_VERSION,
|
||||
options.hpn_disabled ? "" : SSH_VERSION_HPN,
|
||||
*options.version_addendum == '\0' ? "" : " ",
|
||||
options.version_addendum, newline);
|
||||
|
||||
@ -950,13 +949,12 @@ static void
|
||||
usage(void)
|
||||
{
|
||||
if (options.version_addendum && *options.version_addendum != '\0')
|
||||
fprintf(stderr, "%s%s %s, %s\n",
|
||||
SSH_RELEASE, options.hpn_disabled ? "" : SSH_VERSION_HPN,
|
||||
fprintf(stderr, "%s %s, %s\n",
|
||||
SSH_RELEASE,
|
||||
options.version_addendum, SSLeay_version(SSLEAY_VERSION));
|
||||
else
|
||||
fprintf(stderr, "%s%s, %s\n",
|
||||
SSH_RELEASE, options.hpn_disabled ? "" : SSH_VERSION_HPN,
|
||||
SSLeay_version(SSLEAY_VERSION));
|
||||
fprintf(stderr, "%s, %s\n",
|
||||
SSH_RELEASE, SSLeay_version(SSLEAY_VERSION));
|
||||
fprintf(stderr,
|
||||
"usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n"
|
||||
" [-E log_file] [-f config_file] [-g login_grace_time]\n"
|
||||
@ -1145,7 +1143,6 @@ server_listen(void)
|
||||
len = sizeof(socksize);
|
||||
getsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &socksize, &len);
|
||||
debug("Server TCP RWIN socket size: %d", socksize);
|
||||
debug("HPN Buffer Size: %d", options.hpn_buffer_size);
|
||||
|
||||
/* Bind the socket to the desired port. */
|
||||
if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
|
||||
@ -1679,11 +1676,7 @@ main(int ac, char **av)
|
||||
exit(1);
|
||||
}
|
||||
|
||||
debug("sshd version %.100s%.100s%s%.100s, %.100s",
|
||||
SSH_RELEASE,
|
||||
options.hpn_disabled ? "" : SSH_VERSION_HPN,
|
||||
*options.version_addendum == '\0' ? "" : " ",
|
||||
options.version_addendum,
|
||||
debug("sshd version %s, %s", SSH_VERSION,
|
||||
SSLeay_version(SSLEAY_VERSION));
|
||||
|
||||
/* Store privilege separation user for later use if required. */
|
||||
@ -2114,9 +2107,6 @@ main(int ac, char **av)
|
||||
remote_ip, remote_port,
|
||||
get_local_ipaddr(sock_in), get_local_port());
|
||||
|
||||
/* Set HPN options for the child. */
|
||||
channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
|
||||
|
||||
/*
|
||||
* We don't want to listen forever unless the other side
|
||||
* successfully authenticates itself. So we set up an alarm which is
|
||||
|
@ -120,7 +120,7 @@
|
||||
#MaxStartups 10:30:100
|
||||
#PermitTunnel no
|
||||
#ChrootDirectory none
|
||||
#VersionAddendum FreeBSD-20140420
|
||||
#VersionAddendum FreeBSD-20160119
|
||||
|
||||
# no default banner path
|
||||
#Banner none
|
||||
@ -128,15 +128,6 @@
|
||||
# override default of no subsystems
|
||||
Subsystem sftp /usr/libexec/sftp-server
|
||||
|
||||
# Change to yes to disable HPN tuning improvements.
|
||||
#HPNDisabled no
|
||||
|
||||
# Buffer size for HPN to non-HPN connections.
|
||||
#HPNBufferSize 2048
|
||||
|
||||
# TCP receive socket buffer polling for HPN. Disable on non autotuning kernels.
|
||||
#TcpRcvBufPoll yes
|
||||
|
||||
# Example of overriding settings on a per-user basis
|
||||
#Match User anoncvs
|
||||
# X11Forwarding no
|
||||
|
@ -1253,7 +1253,7 @@ restrictions.
|
||||
Optionally specifies additional text to append to the SSH protocol banner
|
||||
sent by the server upon connection.
|
||||
The default is
|
||||
.Dq FreeBSD-20140420 .
|
||||
.Dq FreeBSD-20160119 .
|
||||
The value
|
||||
.Dq none
|
||||
may be used to disable this.
|
||||
|
@ -6,5 +6,4 @@
|
||||
#define SSH_PORTABLE "p1"
|
||||
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
|
||||
|
||||
#define SSH_VERSION_FREEBSD "FreeBSD-20140420"
|
||||
#define SSH_VERSION_HPN "_hpn13v11"
|
||||
#define SSH_VERSION_FREEBSD "FreeBSD-20160119"
|
||||
|
Loading…
Reference in New Issue
Block a user