d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

As previously threatened, remove the HPN patch from OpenSSH.

Browse Source
This commit is contained in:
Dag-Erling Smørgrav 2016-01-19 14:38:20 +00:00
parent 5ecdd3c4d3
commit 60c59fad88
29 changed files with 158 additions and 534 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
UPDATING
View File

@ -31,6 +31,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11.x IS SLOW:
disable the most expensive debugging functionality run
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
20160119:
The NONE and HPN patches has been removed from OpenSSH. They are
still available in the security/openssh-portable port.
20160113:
With the addition of ypldap(8), a new _ypldap user is now required
during installworld. "mergemaster -p" can be used to add the user

95
crypto/openssh/README.hpn
View File

@ -1,95 +0,0 @@
Notes:
PERFORMANCE:
The performance increase will only be as good as the network and TCP stack
tuning on the reciever side of the connection allows. As a rule of thumb a
user will need at least 10Mb/s connection with a 100ms RTT to see a doubling
of performance.
The HPN-SSH home page http://www.psc.edu/networking/projects/hpn-ssh
describes this in greater detail.
BUFFER SIZES:
- if HPN is disabled the receive buffer size will be set to the OpenSSH default
of 64K.
- if a HPN system connects to a non-HPN system the receive buffer will
be set to the HPNBufferSize value. The default is 2MB but user adjustable.
- If a HPN to HPN connection is established a number of different things might
happen based on the user options and conditions.
Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
Result: HPN Buffer Size = up to 64MB
This is the default state. The HPN buffer size will grow to a maximum of
64MB as the TCP receive buffer grows. The maximum HPN Buffer size of 64MB
is geared towards 10GigE transcontinental connections.
Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
Result: HPN Buffer Size = TCP receive buffer value.
Users on non-autotuning systesm should disable TCPRcvBufPoll in the
ssh_cofig and sshd_config
Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
Result: HPN Buffer Size = minmum of TCP receive buffer and HPNBufferSize.
This would be the system defined TCP receive buffer (RWIN).
Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf SET
Result: HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
Generally there is no need to set both.
Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
Result: HPN Buffer Size = grows to HPNBufferSize
The buffer will grow up to the maximum size specified here.
Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf SET
Result: HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
Generally there is no need to set both of these, especially on autotuning
systems. However, if the users wishes to override the autotuning this would
be one way to do it.
Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf SET
Result: HPN Buffer Size = TCPRcvBuf.
This will override autotuning and set the TCP recieve buffer to the user
defined value.
HPN SPECIFIC CONFIGURATION OPTIONS:
- HPNDisabled=[yes/no] client/server
In some situations, such as transfers on a local area network, the impact
of the HPN code produces a net decrease in performance. In these cases it is
helpful to disable the HPN functionality. By default HPNDisabled is set to no.
- HPNBufferSize=[int]KB client/server
This is the default buffer size the HPN functionality uses when interacting
with non-HPN SSH installations. Conceptually this is similar to the TcpRcvBuf
option as applied to the internal SSH flow control. This value can range from
1KB to 64MB (1-65536). Use of oversized or undersized buffers can cause
performance problems depending on the roud trip time of the network path.
The default size of this buffer is 2MB.
- TcpRcvBufPoll=[yes/no] client/server
Enable or disable the polling of the TCP receive buffer through the life
of the connection. You would want to make sure that this option is enabled
for systems making use of autotuning kernels (linux 2.4.24+, 2.6, MS Vista,
FreeBSD 7.x and later). Default is yes.
- TcpRcvBuf=[int]KB client
Set the TCP socket receive buffer to n Kilobytes. It can be set up to the
maximum socket size allowed by the system. This is useful in situations where
the TCP receive window is set low but the maximum buffer size is set higher
(as is typical). This works on a per TCP connection basis. You can also use
this to artifically limit the transfer rate of the connection. In these cases
the throughput will be no more than n/RTT. The minimum buffer size is 1KB.
Default is the current system wide TCP receive buffer size.
CREDITS:
This patch was conceived, designed, and led by Chris Rapier (rapier@psc.edu)
The majority of the actual coding for versions up to HPN12v1 was performed
by Michael Stevens (mstevens@andrew.cmu.edu).
The MT-AES-CTR cipher was implemented by Ben Bennet (ben@psc.edu).
This work was financed, in part, by Cisco System, Inc., the National Library
of Medicine, and the National Science Foundation.

9
crypto/openssh/buffer.c
View File

@ -27,7 +27,7 @@ __RCSID("$FreeBSD$");
#include "log.h"
#define BUFFER_MAX_CHUNK 0x100000
#define BUFFER_MAX_LEN 0x4000000 /* 64MB */
#define BUFFER_MAX_LEN 0xa00000
#define BUFFER_ALLOCSZ 0x008000
/* Initializes the buffer structure. */
@ -167,13 +167,6 @@ buffer_len(const Buffer *buffer)
return buffer->end - buffer->offset;
}
/* Returns the maximum number of bytes of data that may be in the buffer. */
u_int
buffer_get_max_len(void)
{
return (BUFFER_MAX_LEN);
}
/* Gets data from the beginning of the buffer. */
int

2
crypto/openssh/buffer.h
View File

@ -47,8 +47,6 @@ int buffer_get_ret(Buffer *, void *, u_int);
int buffer_consume_ret(Buffer *, u_int);
int buffer_consume_end_ret(Buffer *, u_int);
u_int buffer_get_max_len(void);
#include <openssl/bn.h>
void buffer_put_bignum(Buffer *, const BIGNUM *);

96
crypto/openssh/channels.c
View File

@ -174,11 +174,6 @@ static void port_open_helper(Channel *c, char *rtype);
static int connect_next(struct channel_connect *);
static void channel_connect_ctx_free(struct channel_connect *);
/* -- HPN */
static int hpn_disabled = 0;
static u_int buffer_size = CHAN_HPN_MIN_WINDOW_DEFAULT;
/* -- channel core */
Channel *
@ -325,7 +320,6 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
c->self = found;
c->type = type;
c->ctype = ctype;
c->dynamic_window = 0;
c->local_window = window;
c->local_window_max = window;
c->local_consumed = 0;
@ -826,45 +820,10 @@ channel_pre_open_13(Channel *c, fd_set *readset, fd_set *writeset)
FD_SET(c->sock, writeset);
}
static u_int
channel_tcpwinsz(void)
{
u_int32_t tcpwinsz;
socklen_t optsz;
int ret, sd;
u_int maxlen;
/* If we are not on a socket return 128KB. */
if (!packet_connection_is_on_socket())
return (128 * 1024);
tcpwinsz = 0;
optsz = sizeof(tcpwinsz);
sd = packet_get_connection_in();
ret = getsockopt(sd, SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
/* Return no more than the maximum buffer size. */
maxlen = buffer_get_max_len();
if ((ret == 0) && tcpwinsz > maxlen)
tcpwinsz = maxlen;
/* In case getsockopt() failed return a minimum. */
if (tcpwinsz == 0)
tcpwinsz = CHAN_TCP_WINDOW_DEFAULT;
debug2("tcpwinsz: %d for connection: %d", tcpwinsz, sd);
return (tcpwinsz);
}
static void
channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
{
u_int limit;
/* Check buffer limits. */
if (!c->tcpwinsz || c->dynamic_window > 0)
c->tcpwinsz = channel_tcpwinsz();
limit = MIN(compat20 ? c->remote_window : packet_get_maxsize(),
2 * c->tcpwinsz);
u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
if (c->istate == CHAN_INPUT_OPEN &&
limit > 0 &&
@ -1857,25 +1816,14 @@ channel_check_window(Channel *c)
c->local_maxpacket*3) ||
c->local_window < c->local_window_max/2) &&
c->local_consumed > 0) {
u_int addition = 0;
/* Adjust max window size if we are in a dynamic environment. */
if (c->dynamic_window && c->tcpwinsz > c->local_window_max) {
/*
* Grow the window somewhat aggressively to maintain
* pressure.
*/
addition = 1.5 * (c->tcpwinsz - c->local_window_max);
c->local_window_max += addition;
}
packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
packet_put_int(c->remote_id);
packet_put_int(c->local_consumed + addition);
packet_put_int(c->local_consumed);
packet_send();
debug2("channel %d: window %d sent adjust %d",
c->self, c->local_window,
c->local_consumed);
c->local_window += c->local_consumed + addition;
c->local_window += c->local_consumed;
c->local_consumed = 0;
}
return 1;
@ -2739,14 +2687,6 @@ channel_set_af(int af)
IPv4or6 = af;
}
void
channel_set_hpn(int disabled, u_int buf_size)
{
hpn_disabled = disabled;
buffer_size = buf_size;
debug("HPN Disabled: %d, HPN Buffer Size: %d",
hpn_disabled, buffer_size);
}
/*
* Determine whether or not a port forward listens to loopback, the
@ -2924,18 +2864,10 @@ channel_setup_fwd_listener(int type, const char *listen_addr,
*allocated_listen_port);
}
/*
* Allocate a channel number for the socket. Explicitly test
* for hpn disabled option. If true use smaller window size.
*/
if (hpn_disabled)
c = channel_new("port listener", type, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
0, "port listener", 1);
else
c = channel_new("port listener", type, sock, sock, -1,
buffer_size, CHAN_TCP_PACKET_DEFAULT,
0, "port listener", 1);
/* Allocate a channel number for the socket. */
c = channel_new("port listener", type, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
0, "port listener", 1);
c->path = xstrdup(host);
c->host_port = port_to_connect;
c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
@ -3583,16 +3515,10 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
for (n = 0; n < num_socks; n++) {
sock = socks[n];
if (hpn_disabled)
nc = channel_new("x11 listener",
SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
0, "X11 inet listener", 1);
else
nc = channel_new("x11 listener",
SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
buffer_size, CHAN_X11_PACKET_DEFAULT,
0, "X11 inet listener", 1);
nc = channel_new("x11 listener",
SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
0, "X11 inet listener", 1);
nc->single_connection = single_connection;
(*chanids)[n] = nc->self;
}

7
crypto/openssh/channels.h
View File

@ -133,8 +133,6 @@ struct Channel {
u_int local_window_max;
u_int local_consumed;
u_int local_maxpacket;
u_int tcpwinsz;
int dynamic_window;
int extended_usage;
int single_connection;
@ -176,7 +174,6 @@ struct Channel {
#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT)
#define CHAN_X11_PACKET_DEFAULT (16*1024)
#define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)
#define CHAN_HPN_MIN_WINDOW_DEFAULT (2*1024*1024)
/* possible input states */
#define CHAN_INPUT_OPEN 0
@ -310,8 +307,4 @@ void chan_rcvd_ieof(Channel *);
void chan_write_failed(Channel *);
void chan_obuf_empty(Channel *);
/* hpn handler */
void channel_set_hpn(int, u_int);
#endif

35
crypto/openssh/clientloop.c
View File

@ -1892,14 +1892,9 @@ client_request_x11(const char *request_type, int rchan)
sock = x11_connect_display();
if (sock < 0)
return NULL;
if (options.hpn_disabled)
c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
0, "x11", 1);
else
c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1,
options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
0, "x11", 1);
c = channel_new("x11",
SSH_CHANNEL_X11_OPEN, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
c->force_drain = 1;
return c;
}
@ -1919,16 +1914,10 @@ client_request_agent(const char *request_type, int rchan)
sock = ssh_get_authentication_socket();
if (sock < 0)
return NULL;
if (options.hpn_disabled)
c = channel_new("authentication agent connection",
SSH_CHANNEL_OPEN, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
"authentication agent connection", 1);
else
c = channel_new("authentication agent connection",
SSH_CHANNEL_OPEN, sock, sock, -1,
options.hpn_buffer_size, options.hpn_buffer_size, 0,
"authentication agent connection", 1);
c = channel_new("authentication agent connection",
SSH_CHANNEL_OPEN, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
"authentication agent connection", 1);
c->force_drain = 1;
return c;
}
@ -1955,14 +1944,8 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
return -1;
}
if (options.hpn_disabled)
c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
0, "tun", 1);
else
c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
0, "tun", 1);
c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
c->datagram = 1;
#if defined(SSH_TUN_FILTER)

10
crypto/openssh/compat.c
View File

@ -178,16 +178,6 @@ compat_datafellows(const char *version)
datafellows = check[i].bugs;
debug("match: %s pat %s compat 0x%08x",
version, check[i].pat, datafellows);
/*
* Check to see if the remote side is OpenSSH and not
* HPN. It is utterly strange to check it from the
* version string and expose the option that way.
*/
if (strstr(version,"OpenSSH") != NULL &&
strstr(version,"hpn") == NULL) {
datafellows |= SSH_BUG_LARGEWINDOW;
debug("Remote is not HPN-aware");
}
return;
}
}

2
crypto/openssh/compat.h
View File

@ -62,8 +62,6 @@
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
#define SSH_BUG_CURVE25519PAD 0x10000000
#define SSH_BUG_LARGEWINDOW 0x80000000
void enable_compat13(void);
void enable_compat20(void);
void compat_datafellows(const char *);

31
crypto/openssh/misc.c
View File

@ -1037,34 +1037,3 @@ sock_set_v6only(int s)
error("setsockopt IPV6_V6ONLY: %s", strerror(errno));
#endif
}
void
sock_get_rcvbuf(int *size, int rcvbuf)
{
int sock, socksize;
socklen_t socksizelen = sizeof(socksize);
/*
* Create a socket but do not connect it. We use it
* only to get the rcv socket size.
*/
sock = socket(AF_INET6, SOCK_STREAM, 0);
if (sock < 0)
sock = socket(AF_INET, SOCK_STREAM, 0);
if (sock < 0)
return;
/*
* If the tcp_rcv_buf option is set and passed in, attempt to set the
* buffer size to its value.
*/
if (rcvbuf)
setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&rcvbuf,
sizeof(rcvbuf));
if (getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
&socksize, &socksizelen) == 0)
if (size != NULL)
*size = socksize;
close(sock);
}

1
crypto/openssh/misc.h
View File

@ -40,7 +40,6 @@ time_t monotime(void);
void lowercase(char *s);
void sock_set_v6only(int);
void sock_get_rcvbuf(int *, int);
struct passwd *pwcopy(struct passwd *);
const char *ssh_gai_strerror(int);

54
crypto/openssh/readconf.c
View File

@ -152,9 +152,8 @@ typedef enum {
oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
oIgnoredUnknownOption,
oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
oVersionAddendum, oDeprecated, oUnsupported
oVersionAddendum,
oIgnoredUnknownOption, oDeprecated, oUnsupported
} OpCodes;
/* Textual representations of the tokens. */
@ -267,10 +266,6 @@ static struct {
{ "canonicalizemaxdots", oCanonicalizeMaxDots },
{ "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
{ "ignoreunknown", oIgnoreUnknown },
{ "hpndisabled", oHPNDisabled },
{ "hpnbuffersize", oHPNBufferSize },
{ "tcprcvbufpoll", oTcpRcvBufPoll },
{ "tcprcvbuf", oTcpRcvBuf },
{ "versionaddendum", oVersionAddendum },
{ NULL, oBadOption }
@ -1352,22 +1347,6 @@ process_config_line(Options *options, struct passwd *pw, const char *host,
multistate_ptr = multistate_requesttty;
goto parse_multistate;
case oHPNDisabled:
intptr = &options->hpn_disabled;
goto parse_flag;
case oHPNBufferSize:
intptr = &options->hpn_buffer_size;
goto parse_int;
case oTcpRcvBufPoll:
intptr = &options->tcp_rcv_buf_poll;
goto parse_flag;
case oTcpRcvBuf:
intptr = &options->tcp_rcv_buf;
goto parse_int;
case oVersionAddendum:
if (s == NULL)
fatal("%.200s line %d: Missing argument.", filename,
@ -1623,10 +1602,6 @@ initialize_options(Options * options)
options->canonicalize_fallback_local = -1;
options->canonicalize_hostname = -1;
options->version_addendum = NULL;
options->hpn_disabled = -1;
options->hpn_buffer_size = -1;
options->tcp_rcv_buf_poll = -1;
options->tcp_rcv_buf = -1;
}
/*
@ -1821,31 +1796,6 @@ fill_default_options(Options * options)
/* options->preferred_authentications will be set in ssh */
if (options->version_addendum == NULL)
options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
if (options->hpn_disabled == -1)
options->hpn_disabled = 0;
if (options->hpn_buffer_size > -1)
{
u_int maxlen;
/* If a user tries to set the size to 0 set it to 1KB. */
if (options->hpn_buffer_size == 0)
options->hpn_buffer_size = 1024;
/* Limit the buffer to BUFFER_MAX_LEN. */
maxlen = buffer_get_max_len();
if (options->hpn_buffer_size > (maxlen / 1024)) {
debug("User requested buffer larger than %ub: %ub. "
"Request reverted to %ub", maxlen,
options->hpn_buffer_size * 1024, maxlen);
options->hpn_buffer_size = maxlen;
}
debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
}
if (options->tcp_rcv_buf == 0)
options->tcp_rcv_buf = 1;
if (options->tcp_rcv_buf > -1)
options->tcp_rcv_buf *= 1024;
if (options->tcp_rcv_buf_poll == -1)
options->tcp_rcv_buf_poll = 1;
}
/*

10
crypto/openssh/readconf.h
View File

@ -153,17 +153,9 @@ typedef struct {
int num_permitted_cnames;
struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
char *version_addendum; /* Appended to SSH banner */
int hpn_disabled; /* Switch to disable HPN buffer management. */
int hpn_buffer_size; /* User definable size for HPN buffer
* window. */
int tcp_rcv_buf_poll; /* Option to poll recv buf every window
* transfer. */
int tcp_rcv_buf; /* User switch to set tcp recv buffer. */
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
} Options;
#define SSH_CANONICALISE_NO 0

51
crypto/openssh/servconf.c
View File

@ -155,9 +155,6 @@ initialize_server_options(ServerOptions *options)
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->version_addendum = NULL;
options->hpn_disabled = -1;
options->hpn_buffer_size = -1;
options->tcp_rcv_buf_poll = -1;
}
void
@ -318,38 +315,6 @@ fill_default_server_options(ServerOptions *options)
}
#endif
if (options->hpn_disabled == -1)
options->hpn_disabled = 0;
if (options->hpn_buffer_size == -1) {
/*
* HPN buffer size option not explicitly set. Try to figure
* out what value to use or resort to default.
*/
options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
if (!options->hpn_disabled) {
sock_get_rcvbuf(&options->hpn_buffer_size, 0);
debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
}
} else {
/*
* In the case that the user sets both values in a
* contradictory manner hpn_disabled overrrides hpn_buffer_size.
*/
if (options->hpn_disabled <= 0) {
u_int maxlen;
maxlen = buffer_get_max_len();
if (options->hpn_buffer_size == 0)
options->hpn_buffer_size = 1;
/* Limit the maximum buffer to BUFFER_MAX_LEN. */
if (options->hpn_buffer_size > maxlen / 1024)
options->hpn_buffer_size = maxlen;
else
options->hpn_buffer_size *= 1024;
} else {
options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
}
}
}
/* Keyword tokens. */
@ -385,7 +350,6 @@ typedef enum {
sKexAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
sAuthenticationMethods, sHostKeyAgent,
sHPNDisabled, sHPNBufferSize, sTcpRcvBufPoll,
sDeprecated, sUnsupported
} ServerOpCodes;
@ -512,9 +476,6 @@ static struct {
{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
{ "hpndisabled", sHPNDisabled, SSHCFG_ALL },
{ "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
{ "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};
@ -1661,18 +1622,6 @@ process_server_config_line(ServerOptions *options, char *line,
}
return 0;
case sHPNDisabled:
intptr = &options->hpn_disabled;
goto parse_flag;
case sHPNBufferSize:
intptr = &options->hpn_buffer_size;
goto parse_int;
case sTcpRcvBufPoll:
intptr = &options->tcp_rcv_buf_poll;
goto parse_flag;
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);

4
crypto/openssh/servconf.h
View File

@ -181,10 +181,6 @@ typedef struct {
char *version_addendum; /* Appended to SSH banner */
int hpn_disabled; /* Disable HPN functionality. */
int hpn_buffer_size; /* Set HPN buffer size - default 2MB.*/
int tcp_rcv_buf_poll; /* Poll TCP rcv window in autotuning
* kernels. */
u_int num_auth_methods;
char *auth_methods[MAX_AUTH_METHODS];
} ServerOptions;

12
crypto/openssh/serverloop.c
View File

@ -1016,14 +1016,8 @@ server_request_tun(void)
sock = tun_open(tun, mode);
if (sock < 0)
goto done;
if (options.hpn_disabled)
c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
"tun", 1);
else
c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0,
"tun", 1);
c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
c->datagram = 1;
#if defined(SSH_TUN_FILTER)
if (mode == SSH_TUNMODE_POINTOPOINT)
@ -1059,8 +1053,6 @@ server_request_session(void)
c = channel_new("session", SSH_CHANNEL_LARVAL,
-1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
0, "server-session", 1);
if (!options.hpn_disabled && options.tcp_rcv_buf_poll)
c->dynamic_window = 1;
if (session_open(the_authctxt, c->self) != 1) {
debug("session open failed, free channel %d", c->self);
channel_free(c);

17
crypto/openssh/session.c
View File

@ -237,10 +237,7 @@ auth_input_request_forwarding(struct passwd * pw)
goto authsock_err;
}
/*
* Allocate a channel for the authentication agent socket.
* Ignore HPN on that one given no improvement expected.
*/
/* Allocate a channel for the authentication agent socket. */
nc = channel_new("auth socket",
SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
@ -2346,14 +2343,10 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr,
*/
if (s->chanid == -1)
fatal("no channel for session %d", s->self);
if (options.hpn_disabled)
channel_set_fds(s->chanid, fdout, fdin, fderr,
ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
1, is_tty, CHAN_SES_WINDOW_DEFAULT);
else
channel_set_fds(s->chanid, fdout, fdin, fderr,
ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
1, is_tty, options.hpn_buffer_size);
channel_set_fds(s->chanid,
fdout, fdin, fderr,
ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
1, is_tty, CHAN_SES_WINDOW_DEFAULT);
}
/*

3
crypto/openssh/sftp.1
View File

@ -261,8 +261,7 @@ diagnostic messages from
Specify how many requests may be outstanding at any one time.
Increasing this may slightly improve file transfer speed
but will increase memory usage.
The default is 256 outstanding requests providing for 8MB
of outstanding data with a 32KB buffer.
The default is 64 outstanding requests.
.It Fl r
Recursively copy entire directories when uploading and downloading.
Note that

2
crypto/openssh/sftp.c
View File

@ -69,7 +69,7 @@ typedef void EditLine;
#include "sftp-client.h"
#define DEFAULT_COPY_BUFLEN 32768 /* Size of buffer for up/download */
#define DEFAULT_NUM_REQUESTS 256 /* # concurrent outstanding requests */
#define DEFAULT_NUM_REQUESTS 64 /* # concurrent outstanding requests */
/* File to read commands from */
FILE* infile;

2
crypto/openssh/ssh-agent.1
View File

@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd December 7, 2013
.Dd $Mdocdate: December 7 2013 $
.Dt SSH-AGENT 1
.Os
.Sh NAME

49
crypto/openssh/ssh.c
View File

@ -633,13 +633,11 @@ main(int ac, char **av)
case 'V':
if (options.version_addendum &&
*options.version_addendum != '\0')
fprintf(stderr, "%s%s %s, %s\n", SSH_RELEASE,
options.hpn_disabled ? "" : SSH_VERSION_HPN,
fprintf(stderr, "%s %s, %s\n", SSH_RELEASE,
options.version_addendum,
SSLeay_version(SSLEAY_VERSION));
else
fprintf(stderr, "%s%s, %s\n", SSH_RELEASE,
options.hpn_disabled ? "" : SSH_VERSION_HPN,
fprintf(stderr, "%s, %s\n", SSH_RELEASE,
SSLeay_version(SSLEAY_VERSION));
if (opt == 'V')
exit(0);
@ -1657,46 +1655,9 @@ ssh_session2_open(void)
if (!isatty(err))
set_nonblock(err);
/*
* We need to check to see what to do about buffer sizes here.
* - In an HPN to non-HPN connection we want to limit the window size to
* something reasonable in case the far side has the large window bug.
* - In an HPN to HPN connection we want to use the max window size but
* allow the user to override it.
* - Lastly if HPN is disabled then use the ssh standard window size.
*
* We cannot just do a getsockopt() here and set the ssh window to that
* as in case of autotuning of socket buffers the window would get stuck
* at the initial buffer size, generally less than 96k. Therefore we
* need to set the maximum ssh window size to the maximum HPN buffer
* size unless the user has set TcpRcvBufPoll to no. In that case we
* can just set the window to the minimum of HPN buffer size and TCP
* receive buffer size.
*/
if (tty_flag)
options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
else
options.hpn_buffer_size = CHAN_HPN_MIN_WINDOW_DEFAULT;
if (datafellows & SSH_BUG_LARGEWINDOW) {
debug("HPN to Non-HPN Connection");
} else if (options.tcp_rcv_buf_poll <= 0) {
sock_get_rcvbuf(&options.hpn_buffer_size, 0);
debug("HPNBufferSize set to TCP RWIN: %d",
options.hpn_buffer_size);
} else if (options.tcp_rcv_buf > 0) {
sock_get_rcvbuf(&options.hpn_buffer_size,
options.tcp_rcv_buf);
debug("HPNBufferSize set to user TCPRcvBuf: %d",
options.hpn_buffer_size);
}
debug("Final hpn_buffer_size = %d", options.hpn_buffer_size);
channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
window = options.hpn_buffer_size;
window = CHAN_SES_WINDOW_DEFAULT;
packetmax = CHAN_SES_PACKET_DEFAULT;
if (tty_flag) {
window = CHAN_SES_WINDOW_DEFAULT;
window >>= 1;
packetmax >>= 1;
}
@ -1704,10 +1665,6 @@ ssh_session2_open(void)
"session", SSH_CHANNEL_OPENING, in, out, err,
window, packetmax, CHAN_EXTENDED_WRITE,
"client-session", /*nonblock*/0);
if (!options.hpn_disabled && options.tcp_rcv_buf_poll > 0) {
c->dynamic_window = 1;
debug("Enabled Dynamic Window Scaling\n");
}
debug3("ssh_session2_open: channel_new: %d", c->self);

2
crypto/openssh/ssh_config
View File

@ -48,4 +48,4 @@
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# VerifyHostKeyDNS yes
# VersionAddendum FreeBSD-20140420
# VersionAddendum FreeBSD-20160119

2
crypto/openssh/ssh_config.5
View File

@ -1423,7 +1423,7 @@ See also VERIFYING HOST KEYS in
Specifies a string to append to the regular version string to identify
OS- or site-specific modifications.
The default is
.Dq FreeBSD-20140420 .
.Dq FreeBSD-20160119 .
The value
.Dq none
may be used to disable this.

124
crypto/openssh/ssh_namespace.h
View File

@ -7,7 +7,11 @@
*
* A list of symbols which need munging is obtained as follows:
*
* nm libssh.a | awk '/[0-9a-z] [A-Z] / && $3 !~ /^ssh_/ { printf("#define %-39s ssh_%s\n", $3, $3) }' | unexpand -a | sort -u
# nm libprivatessh.a | LC_ALL=C awk '
/^[0-9a-z]+ [Tt] [A-Za-z_][0-9A-Za-z_]*$/ && $3 !~ /^ssh_/ {
printf("#define %-39s ssh_%s\n", $3, $3)
}' | unexpand -a | LC_ALL=C sort -u
*
* $FreeBSD$
*/
@ -20,9 +24,13 @@
#define a2port ssh_a2port
#define a2tun ssh_a2tun
#define add_host_to_hostfile ssh_add_host_to_hostfile
#define add_p1p1 ssh_add_p1p1
#define addargs ssh_addargs
#define addr_match_cidr_list ssh_addr_match_cidr_list
#define addr_match_list ssh_addr_match_list
#define addr_netmatch ssh_addr_netmatch
#define addr_pton ssh_addr_pton
#define addr_pton_cidr ssh_addr_pton_cidr
#define ask_permission ssh_ask_permission
#define atomicio ssh_atomicio
#define atomicio6 ssh_atomicio6
@ -31,7 +39,10 @@
#define auth_request_forwarding ssh_auth_request_forwarding
#define bandwidth_limit ssh_bandwidth_limit
#define bandwidth_limit_init ssh_bandwidth_limit_init
#define barrett_reduce ssh_barrett_reduce
#define bcrypt_hash ssh_bcrypt_hash
#define bcrypt_pbkdf ssh_bcrypt_pbkdf
#define bf_ssh1_cipher ssh_bf_ssh1_cipher
#define blf_cbc_decrypt ssh_blf_cbc_decrypt
#define blf_cbc_encrypt ssh_blf_cbc_encrypt
#define blf_dec ssh_blf_dec
@ -70,7 +81,6 @@
#define buffer_get_int64 ssh_buffer_get_int64
#define buffer_get_int64_ret ssh_buffer_get_int64_ret
#define buffer_get_int_ret ssh_buffer_get_int_ret
#define buffer_get_max_len ssh_buffer_get_max_len
#define buffer_get_ret ssh_buffer_get_ret
#define buffer_get_short ssh_buffer_get_short
#define buffer_get_short_ret ssh_buffer_get_short_ret
@ -95,6 +105,7 @@
#define buffer_put_short ssh_buffer_put_short
#define buffer_put_string ssh_buffer_put_string
#define buffer_uncompress ssh_buffer_uncompress
#define cert_free ssh_cert_free
#define chacha_encrypt_bytes ssh_chacha_encrypt_bytes
#define chacha_ivsetup ssh_chacha_ivsetup
#define chacha_keysetup ssh_chacha_keysetup
@ -109,6 +120,10 @@
#define chan_rcvd_ieof ssh_chan_rcvd_ieof
#define chan_rcvd_oclose ssh_chan_rcvd_oclose
#define chan_read_failed ssh_chan_read_failed
#define chan_send_eof2 ssh_chan_send_eof2
#define chan_send_oclose1 ssh_chan_send_oclose1
#define chan_shutdown_read ssh_chan_shutdown_read
#define chan_shutdown_write ssh_chan_shutdown_write
#define chan_write_failed ssh_chan_write_failed
#define channel_add_adm_permitted_opens ssh_channel_add_adm_permitted_opens
#define channel_add_permitted_opens ssh_channel_add_permitted_opens
@ -121,6 +136,7 @@
#define channel_clear_permitted_opens ssh_channel_clear_permitted_opens
#define channel_close_all ssh_channel_close_all
#define channel_close_fd ssh_channel_close_fd
#define channel_close_fds ssh_channel_close_fds
#define channel_connect_by_listen_address ssh_channel_connect_by_listen_address
#define channel_connect_stdio_fwd ssh_channel_connect_stdio_fwd
#define channel_connect_to ssh_channel_connect_to
@ -128,6 +144,8 @@
#define channel_find_open ssh_channel_find_open
#define channel_free ssh_channel_free
#define channel_free_all ssh_channel_free_all
#define channel_fwd_bind_addr ssh_channel_fwd_bind_addr
#define channel_handler ssh_channel_handler
#define channel_input_close ssh_channel_input_close
#define channel_input_close_confirmation ssh_channel_input_close_confirmation
#define channel_input_data ssh_channel_input_data
@ -146,11 +164,28 @@
#define channel_open_message ssh_channel_open_message
#define channel_output_poll ssh_channel_output_poll
#define channel_permit_all_opens ssh_channel_permit_all_opens
#define channel_post ssh_channel_post
#define channel_pre ssh_channel_pre
#define channel_post_auth_listener ssh_channel_post_auth_listener
#define channel_post_connecting ssh_channel_post_connecting
#define channel_post_mux_client ssh_channel_post_mux_client
#define channel_post_mux_listener ssh_channel_post_mux_listener
#define channel_post_open ssh_channel_post_open
#define channel_post_output_drain_13 ssh_channel_post_output_drain_13
#define channel_post_port_listener ssh_channel_post_port_listener
#define channel_post_x11_listener ssh_channel_post_x11_listener
#define channel_pre_connecting ssh_channel_pre_connecting
#define channel_pre_dynamic ssh_channel_pre_dynamic
#define channel_pre_input_draining ssh_channel_pre_input_draining
#define channel_pre_listener ssh_channel_pre_listener
#define channel_pre_mux_client ssh_channel_pre_mux_client
#define channel_pre_open ssh_channel_pre_open
#define channel_pre_open_13 ssh_channel_pre_open_13
#define channel_pre_output_draining ssh_channel_pre_output_draining
#define channel_pre_x11_open ssh_channel_pre_x11_open
#define channel_pre_x11_open_13 ssh_channel_pre_x11_open_13
#define channel_prepare_select ssh_channel_prepare_select
#define channel_print_adm_permitted_opens ssh_channel_print_adm_permitted_opens
#define channel_register_cleanup ssh_channel_register_cleanup
#define channel_register_fds ssh_channel_register_fds
#define channel_register_filter ssh_channel_register_filter
#define channel_register_open_confirm ssh_channel_register_open_confirm
#define channel_register_status_confirm ssh_channel_register_status_confirm
@ -161,14 +196,17 @@
#define channel_send_window_changes ssh_channel_send_window_changes
#define channel_set_af ssh_channel_set_af
#define channel_set_fds ssh_channel_set_fds
#define channel_set_hpn ssh_channel_set_hpn
#define channel_setup_fwd_listener ssh_channel_setup_fwd_listener
#define channel_setup_local_fwd_listener ssh_channel_setup_local_fwd_listener
#define channel_setup_remote_fwd_listener ssh_channel_setup_remote_fwd_listener
#define channel_still_open ssh_channel_still_open
#define channel_stop_listening ssh_channel_stop_listening
#define channel_update_permitted_opens ssh_channel_update_permitted_opens
#define check_crc ssh_check_crc
#define check_hostkeys_by_key_or_type ssh_check_hostkeys_by_key_or_type
#define check_key_in_hostkeys ssh_check_key_in_hostkeys
#define choose_dh ssh_choose_dh
#define choose_t ssh_choose_t
#define chop ssh_chop
#define cipher_alg_list ssh_cipher_alg_list
#define cipher_authlen ssh_cipher_authlen
@ -198,15 +236,17 @@
#define cleanup_exit ssh_cleanup_exit
#define clear_cached_addr ssh_clear_cached_addr
#define colon ssh_colon
#define compat13 ssh_compat13
#define compat20 ssh_compat20
#define compare ssh_compare
#define compare_gps ssh_compare_gps
#define compat_cipher_proposal ssh_compat_cipher_proposal
#define compat_datafellows ssh_compat_datafellows
#define compat_kex_proposal ssh_compat_kex_proposal
#define compat_pkalg_proposal ssh_compat_pkalg_proposal
#define connect_next ssh_connect_next
#define connect_to ssh_connect_to
#define convtime ssh_convtime
#define crypto_hash_sha512 ssh_crypto_hash_sha512
#define crypto_hashblocks_sha512 ssh_crypto_hashblocks_sha512
#define crypto_scalarmult_curve25519 ssh_crypto_scalarmult_curve25519
#define crypto_sign_ed25519 ssh_crypto_sign_ed25519
#define crypto_sign_ed25519_keypair ssh_crypto_sign_ed25519_keypair
#define crypto_sign_ed25519_open ssh_crypto_sign_ed25519_open
@ -227,7 +267,6 @@
#define crypto_sign_ed25519_ref_fe25519_square ssh_crypto_sign_ed25519_ref_fe25519_square
#define crypto_sign_ed25519_ref_fe25519_sub ssh_crypto_sign_ed25519_ref_fe25519_sub
#define crypto_sign_ed25519_ref_fe25519_unpack ssh_crypto_sign_ed25519_ref_fe25519_unpack
#define crypto_sign_ed25519_ref_ge25519_base ssh_crypto_sign_ed25519_ref_ge25519_base
#define crypto_sign_ed25519_ref_isneutral_vartime ssh_crypto_sign_ed25519_ref_isneutral_vartime
#define crypto_sign_ed25519_ref_pack ssh_crypto_sign_ed25519_ref_pack
#define crypto_sign_ed25519_ref_sc25519_2interleave2 ssh_crypto_sign_ed25519_ref_sc25519_2interleave2
@ -248,8 +287,7 @@
#define crypto_sign_ed25519_ref_shortsc25519_from16bytes ssh_crypto_sign_ed25519_ref_shortsc25519_from16bytes
#define crypto_sign_ed25519_ref_unpackneg_vartime ssh_crypto_sign_ed25519_ref_unpackneg_vartime
#define crypto_verify_32 ssh_crypto_verify_32
#define current_keys ssh_current_keys
#define datafellows ssh_datafellows
#define dbl_p1p1 ssh_dbl_p1p1
#define debug ssh_debug
#define debug2 ssh_debug2
#define debug3 ssh_debug3
@ -264,8 +302,6 @@
#define dh_new_group14 ssh_dh_new_group14
#define dh_new_group_asc ssh_dh_new_group_asc
#define dh_pub_is_valid ssh_dh_pub_is_valid
#define digests ssh_digests
#define dispatch ssh_dispatch
#define dispatch_init ssh_dispatch_init
#define dispatch_protocol_error ssh_dispatch_protocol_error
#define dispatch_protocol_ignore ssh_dispatch_protocol_ignore
@ -283,6 +319,7 @@
#define explicit_bzero ssh_explicit_bzero
#define export_dns_rr ssh_export_dns_rr
#define fatal ssh_fatal
#define filter_proposal ssh_filter_proposal
#define fmt_scaled ssh_fmt_scaled
#define free_hostkeys ssh_free_hostkeys
#define freeargs ssh_freeargs
@ -298,20 +335,27 @@
#define get_remote_name_or_ip ssh_get_remote_name_or_ip
#define get_remote_port ssh_get_remote_port
#define get_sock_port ssh_get_sock_port
#define get_socket_address ssh_get_socket_address
#define get_u16 ssh_get_u16
#define get_u32 ssh_get_u32
#define get_u64 ssh_get_u64
#define getrrsetbyname ssh_getrrsetbyname
#define glob ssh_glob
#define glob0 ssh_glob0
#define glob2 ssh_glob2
#define globexp1 ssh_globexp1
#define globextend ssh_globextend
#define globfree ssh_globfree
#define host_hash ssh_host_hash
#define hostfile_read_key ssh_hostfile_read_key
#define hpdelim ssh_hpdelim
#define incoming_stream ssh_incoming_stream
#define init_hostkeys ssh_init_hostkeys
#define iptos2str ssh_iptos2str
#define ipv64_normalise_mapped ssh_ipv64_normalise_mapped
#define is_key_revoked ssh_is_key_revoked
#define kex_alg_by_name ssh_kex_alg_by_name
#define kex_alg_list ssh_kex_alg_list
#define kex_buf2prop ssh_kex_buf2prop
#define kex_c25519_hash ssh_kex_c25519_hash
#define kex_derive_keys ssh_kex_derive_keys
#define kex_derive_keys_bn ssh_kex_derive_keys_bn
@ -321,6 +365,8 @@
#define kex_get_newkeys ssh_kex_get_newkeys
#define kex_input_kexinit ssh_kex_input_kexinit
#define kex_names_valid ssh_kex_names_valid
#define kex_prop_free ssh_kex_prop_free
#define kex_protocol_error ssh_kex_protocol_error
#define kex_send_kexinit ssh_kex_send_kexinit
#define kex_setup ssh_kex_setup
#define kexc25519_client ssh_kexc25519_client
@ -354,6 +400,7 @@
#define key_fingerprint_raw ssh_key_fingerprint_raw
#define key_free ssh_key_free
#define key_from_blob ssh_key_from_blob
#define key_from_blob2 ssh_key_from_blob2
#define key_from_private ssh_key_from_private
#define key_generate ssh_key_generate
#define key_in_file ssh_key_in_file
@ -370,9 +417,14 @@
#define key_new ssh_key_new
#define key_new_private ssh_key_new_private
#define key_parse_private ssh_key_parse_private
#define key_parse_private2 ssh_key_parse_private2
#define key_parse_private_pem ssh_key_parse_private_pem
#define key_parse_private_type ssh_key_parse_private_type
#define key_parse_public_rsa1 ssh_key_parse_public_rsa1
#define key_perm_ok ssh_key_perm_ok
#define key_private_deserialize ssh_key_private_deserialize
#define key_private_serialize ssh_key_private_serialize
#define key_private_to_blob2 ssh_key_private_to_blob2
#define key_read ssh_key_read
#define key_save_private ssh_key_save_private
#define key_sign ssh_key_sign
@ -381,6 +433,7 @@
#define key_ssh_name_plain ssh_key_ssh_name_plain
#define key_to_blob ssh_key_to_blob
#define key_to_certified ssh_key_to_certified
#define key_try_load_public ssh_key_try_load_public
#define key_type ssh_key_type
#define key_type_from_name ssh_key_type_from_name
#define key_type_is_cert ssh_key_type_is_cert
@ -405,6 +458,7 @@
#define mac_init ssh_mac_init
#define mac_setup ssh_mac_setup
#define mac_valid ssh_mac_valid
#define match ssh_match
#define match_host_and_ip ssh_match_host_and_ip
#define match_hostname ssh_match_hostname
#define match_list ssh_match_list
@ -417,13 +471,16 @@
#define monotime ssh_monotime
#define ms_subtract_diff ssh_ms_subtract_diff
#define ms_to_timeval ssh_ms_to_timeval
#define mult ssh_mult
#define mysignal ssh_mysignal
#define outgoing_stream ssh_outgoing_stream
#define nh_aux ssh_nh_aux
#define nh_final ssh_nh_final
#define packet_add_padding ssh_packet_add_padding
#define packet_backup_state ssh_packet_backup_state
#define packet_close ssh_packet_close
#define packet_connection_is_on_socket ssh_packet_connection_is_on_socket
#define packet_disconnect ssh_packet_disconnect
#define packet_enable_delayed_compress ssh_packet_enable_delayed_compress
#define packet_get_bignum ssh_packet_get_bignum
#define packet_get_bignum2 ssh_packet_get_bignum2
#define packet_get_char ssh_packet_get_char
@ -470,6 +527,7 @@
#define packet_remaining ssh_packet_remaining
#define packet_restore_state ssh_packet_restore_state
#define packet_send ssh_packet_send
#define packet_send2_wrapped ssh_packet_send2_wrapped
#define packet_send_debug ssh_packet_send_debug
#define packet_send_ignore ssh_packet_send_ignore
#define packet_set_alive_timeouts ssh_packet_set_alive_timeouts
@ -488,20 +546,32 @@
#define packet_set_timeout ssh_packet_set_timeout
#define packet_start ssh_packet_start
#define packet_start_compression ssh_packet_start_compression
#define packet_start_discard ssh_packet_start_discard
#define packet_stop_discard ssh_packet_stop_discard
#define packet_write_poll ssh_packet_write_poll
#define packet_write_wait ssh_packet_write_wait
#define parse_ipqos ssh_parse_ipqos
#define parse_prime ssh_parse_prime
#define percent_expand ssh_percent_expand
#define permanently_drop_suid ssh_permanently_drop_suid
#define permanently_set_uid ssh_permanently_set_uid
#define permitopen_port ssh_permitopen_port
#define pkcs11_add_provider ssh_pkcs11_add_provider
#define pkcs11_del_provider ssh_pkcs11_del_provider
#define pkcs11_fetch_keys_filter ssh_pkcs11_fetch_keys_filter
#define pkcs11_find ssh_pkcs11_find
#define pkcs11_init ssh_pkcs11_init
#define pkcs11_interactive ssh_pkcs11_interactive
#define pkcs11_providers ssh_pkcs11_providers
#define pkcs11_provider_finalize ssh_pkcs11_provider_finalize
#define pkcs11_provider_unref ssh_pkcs11_provider_unref
#define pkcs11_rsa_finish ssh_pkcs11_rsa_finish
#define pkcs11_rsa_private_decrypt ssh_pkcs11_rsa_private_decrypt
#define pkcs11_rsa_private_encrypt ssh_pkcs11_rsa_private_encrypt
#define pkcs11_terminate ssh_pkcs11_terminate
#define plain_key_blob ssh_plain_key_blob
#define poly1305_auth ssh_poly1305_auth
#define poly64 ssh_poly64
#define poly_hash ssh_poly_hash
#define port_open_helper ssh_port_open_helper
#define prime_test ssh_prime_test
#define proto_spec ssh_proto_spec
#define put_host_port ssh_put_host_port
@ -509,11 +579,19 @@
#define put_u32 ssh_put_u32
#define put_u64 ssh_put_u64
#define pwcopy ssh_pwcopy
#define qfileout ssh_qfileout
#define read_keyfile_line ssh_read_keyfile_line
#define read_mux ssh_read_mux
#define read_passphrase ssh_read_passphrase
#define reduce_add_sub ssh_reduce_add_sub
#define refresh_progress_meter ssh_refresh_progress_meter
#define replacearg ssh_replacearg
#define restore_uid ssh_restore_uid
#define revoke_blob ssh_revoke_blob
#define revoked_blob_tree_RB_REMOVE ssh_revoked_blob_tree_RB_REMOVE
#define revoked_certs_for_ca_key ssh_revoked_certs_for_ca_key
#define revoked_serial_tree_RB_REMOVE ssh_revoked_serial_tree_RB_REMOVE
#define rijndaelKeySetupEnc ssh_rijndaelKeySetupEnc
#define rijndael_decrypt ssh_rijndael_decrypt
#define rijndael_encrypt ssh_rijndael_encrypt
#define rijndael_set_key ssh_rijndael_set_key
@ -528,9 +606,14 @@
#define set_nodelay ssh_set_nodelay
#define set_nonblock ssh_set_nonblock
#define shadow_pw ssh_shadow_pw
#define sieve_large ssh_sieve_large
#define sig_winch ssh_sig_winch
#define sigdie ssh_sigdie
#define sock_get_rcvbuf ssh_sock_get_rcvbuf
#define sock_set_v6only ssh_sock_set_v6only
#define square ssh_square
#define ssh1_3des_cbc ssh_ssh1_3des_cbc
#define ssh1_3des_cleanup ssh_ssh1_3des_cleanup
#define ssh1_3des_init ssh_ssh1_3des_init
#define ssh1_3des_iv ssh_ssh1_3des_iv
#define start_progress_meter ssh_start_progress_meter
#define stop_progress_meter ssh_stop_progress_meter
@ -542,21 +625,21 @@
#define temporarily_use_uid ssh_temporarily_use_uid
#define tilde_expand_filename ssh_tilde_expand_filename
#define timingsafe_bcmp ssh_timingsafe_bcmp
#define to_blob ssh_to_blob
#define tohex ssh_tohex
#define tty_make_modes ssh_tty_make_modes
#define tty_parse_modes ssh_tty_parse_modes
#define tun_open ssh_tun_open
#define umac128_ctx ssh_umac128_ctx
#define umac128_delete ssh_umac128_delete
#define umac128_final ssh_umac128_final
#define umac128_new ssh_umac128_new
#define umac128_update ssh_umac128_update
#define umac_ctx ssh_umac_ctx
#define umac_delete ssh_umac_delete
#define umac_final ssh_umac_final
#define umac_new ssh_umac_new
#define umac_update ssh_umac_update
#define unset_nonblock ssh_unset_nonblock
#define update_progress_meter ssh_update_progress_meter
#define uudecode ssh_uudecode
#define uuencode ssh_uuencode
#define verbose ssh_verbose
@ -565,6 +648,7 @@
#define x11_connect_display ssh_x11_connect_display
#define x11_create_display_inet ssh_x11_create_display_inet
#define x11_input_open ssh_x11_input_open
#define x11_open_helper ssh_x11_open_helper
#define x11_request_forwarding_with_spoofing ssh_x11_request_forwarding_with_spoofing
#define xasprintf ssh_xasprintf
#define xcalloc ssh_xcalloc

30
crypto/openssh/sshconnect.c
View File

@ -264,29 +264,6 @@ ssh_kill_proxy_command(void)
kill(proxy_command_pid, SIGHUP);
}
/*
* Set TCP receive buffer if requested.
* Note: tuning needs to happen after the socket is created but before the
* connection happens so winscale is negotiated properly.
*/
static void
ssh_set_socket_recvbuf(int sock)
{
void *buf = (void *)&options.tcp_rcv_buf;
int socksize, sz = sizeof(options.tcp_rcv_buf);
socklen_t len = sizeof(int);
debug("setsockopt attempting to set SO_RCVBUF to %d",
options.tcp_rcv_buf);
if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, buf, sz) >= 0) {
getsockopt(sock, SOL_SOCKET, SO_RCVBUF, &socksize, &len);
debug("setsockopt SO_RCVBUF: %.100s %d", strerror(errno),
socksize);
} else
error("Couldn't set socket receive buffer to %d: %.100s",
options.tcp_rcv_buf, strerror(errno));
}
/*
* Creates a (possibly privileged) socket for use as the ssh connection.
*/
@ -303,9 +280,6 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
}
fcntl(sock, F_SETFD, FD_CLOEXEC);
if (options.tcp_rcv_buf > 0)
ssh_set_socket_recvbuf(sock);
/* Bind the socket to an alternative local IP address */
if (options.bind_address == NULL && !privileged)
return sock;
@ -546,10 +520,10 @@ static void
send_client_banner(int connection_out, int minor1)
{
/* Send our own protocol version identification. */
xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s%s%s%s",
xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s%s%s",
compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
compat20 ? PROTOCOL_MINOR_2 : minor1,
SSH_VERSION, options.hpn_disabled ? "" : SSH_VERSION_HPN,
SSH_VERSION,
*options.version_addendum == '\0' ? "" : " ",
options.version_addendum, compat20 ? "\r\n" : "\n");
if (roaming_atomicio(vwrite, connection_out, client_version_string,

22
crypto/openssh/sshd.c
View File

@ -446,9 +446,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
minor = PROTOCOL_MINOR_1;
}
xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s",
xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
major, minor, SSH_VERSION,
options.hpn_disabled ? "" : SSH_VERSION_HPN,
*options.version_addendum == '\0' ? "" : " ",
options.version_addendum, newline);
@ -950,13 +949,12 @@ static void
usage(void)
{
if (options.version_addendum && *options.version_addendum != '\0')
fprintf(stderr, "%s%s %s, %s\n",
SSH_RELEASE, options.hpn_disabled ? "" : SSH_VERSION_HPN,
fprintf(stderr, "%s %s, %s\n",
SSH_RELEASE,
options.version_addendum, SSLeay_version(SSLEAY_VERSION));
else
fprintf(stderr, "%s%s, %s\n",
SSH_RELEASE, options.hpn_disabled ? "" : SSH_VERSION_HPN,
SSLeay_version(SSLEAY_VERSION));
fprintf(stderr, "%s, %s\n",
SSH_RELEASE, SSLeay_version(SSLEAY_VERSION));
fprintf(stderr,
"usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n"
" [-E log_file] [-f config_file] [-g login_grace_time]\n"
@ -1145,7 +1143,6 @@ server_listen(void)
len = sizeof(socksize);
getsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &socksize, &len);
debug("Server TCP RWIN socket size: %d", socksize);
debug("HPN Buffer Size: %d", options.hpn_buffer_size);
/* Bind the socket to the desired port. */
if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
@ -1679,11 +1676,7 @@ main(int ac, char **av)
exit(1);
}
debug("sshd version %.100s%.100s%s%.100s, %.100s",
SSH_RELEASE,
options.hpn_disabled ? "" : SSH_VERSION_HPN,
*options.version_addendum == '\0' ? "" : " ",
options.version_addendum,
debug("sshd version %s, %s", SSH_VERSION,
SSLeay_version(SSLEAY_VERSION));
/* Store privilege separation user for later use if required. */
@ -2114,9 +2107,6 @@ main(int ac, char **av)
remote_ip, remote_port,
get_local_ipaddr(sock_in), get_local_port());
/* Set HPN options for the child. */
channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
/*
* We don't want to listen forever unless the other side
* successfully authenticates itself. So we set up an alarm which is

11
crypto/openssh/sshd_config
View File

@ -120,7 +120,7 @@
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum FreeBSD-20140420
#VersionAddendum FreeBSD-20160119
# no default banner path
#Banner none
@ -128,15 +128,6 @@
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
# Change to yes to disable HPN tuning improvements.
#HPNDisabled no
# Buffer size for HPN to non-HPN connections.
#HPNBufferSize 2048
# TCP receive socket buffer polling for HPN. Disable on non autotuning kernels.
#TcpRcvBufPoll yes
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no

2
crypto/openssh/sshd_config.5
View File

@ -1253,7 +1253,7 @@ restrictions.
Optionally specifies additional text to append to the SSH protocol banner
sent by the server upon connection.
The default is
.Dq FreeBSD-20140420 .
.Dq FreeBSD-20160119 .
The value
.Dq none
may be used to disable this.

3
crypto/openssh/version.h
View File

@ -6,5 +6,4 @@
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
#define SSH_VERSION_FREEBSD "FreeBSD-20140420"
#define SSH_VERSION_HPN "_hpn13v11"
#define SSH_VERSION_FREEBSD "FreeBSD-20160119"