From owner-freebsd-security@freebsd.org Wed Nov 11 15:08:31 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 85106A2BB44; Wed, 11 Nov 2015 15:08:31 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 606761945; Wed, 11 Nov 2015 15:08:31 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (50-196-156-133-static.hfc.comcastbusiness.net [50.196.156.133]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id tABF8MkN093237 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 11 Nov 2015 07:08:25 -0800 (PST) (envelope-from julian@freebsd.org) Subject: Re: OpenSSH HPN To: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= References: <86io5a9ome.fsf@desk.des.no> <564309D8.7020307@freebsd.org> <86twos7ns9.fsf@desk.des.no> Cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org From: Julian Elischer Message-ID: <564359E0.40302@freebsd.org> Date: Wed, 11 Nov 2015 23:08:16 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <86twos7ns9.fsf@desk.des.no> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Nov 2015 15:08:31 -0000 On 11/11/15 7:56 PM, Dag-Erling Smørgrav wrote: > Julian Elischer writes: >> The inclusion of the HPN patches meant that we could drop a custom >> unsupported HPN enabled ssh from our build process. It makes ssh >> actually usable. > Define "usable". Does it actually make a measurable difference with the > latest OpenSSH? And if HPN is so important to you, is there a reason > why you can't use the port? useable.. able to use more than 5% of the available bandwidth. Our environment is not freeBSD exactly. many ports won't compile and we don't have ports in our setup (I didn't do it.. don't blame me) But we do and can compile FreeBSD sourcers so ssh from src is an easy recompile or just a binary drop in. We used to do it by hand from sources ftp'd from OpenBSD and compiled straight (no ports), but since it came to have HPN all that went away because the in-tree one worked for us. Now we'll have to resurrect all that framework and pain. have you mentioned this plan to Brooks? Didn't he add it? > > DES