From owner-freebsd-net@FreeBSD.ORG Fri Jun 13 11:02:13 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B5C481065673; Fri, 13 Jun 2008 11:02:13 +0000 (UTC) (envelope-from kris@FreeBSD.org) Received: from weak.local (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 297298FC13; Fri, 13 Jun 2008 11:02:09 +0000 (UTC) (envelope-from kris@FreeBSD.org) Message-ID: <485253AF.4000000@FreeBSD.org> Date: Fri, 13 Jun 2008 13:02:07 +0200 From: Kris Kennaway User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421) MIME-Version: 1.0 To: Brooks Davis References: <4851CC95.8070902@psg.com> <4851CD9D.3010801@isc.org> <20080613025157.GA90190@lor.one-eyed-alien.net> In-Reply-To: <20080613025157.GA90190@lor.one-eyed-alien.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Peter Losher Subject: Re: ssh window X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jun 2008 11:02:13 -0000 Brooks Davis wrote: > On Thu, Jun 12, 2008 at 06:30:05PM -0700, Peter Losher wrote: >> Randy Bush wrote: >>> this has been a cause of great pain for a loooong time. >>> >>> http://www.psc.edu/networking/projects/hpn-ssh/ >>> >>> as openssh seems not to be fixing it (and i do not consider a 2mb fixed >>> buffer to be fixed, especially not from a 100mb link here in tokyo and >>> servers in the states, europe, and africa), perhaps i could convince >>> freebsd net folk to do so? >> FYI - HPN is already a build option in the openssh-portable port. > > I do think we should strongly consider adding the rest of it to the base. > > -- Brooks There seem to be a couple of issues: 1) Connection aborts during interactive use. I started using this patch only yesterday but already a couple of times my interactive session to a machine has aborted from typing one character to the next. It doesnt seem to be affecting non-interactive use. I have not investigated this yet. 2) -c none handling is a bit weird. There is no way to shut up the warnings on non-interactive connections ("WARNING: ENABLED NONE CIPHER"; yes, I know, because I WROTE THAT SCRIPT :). Also it doesn't fall back gracefully if the other side doesn't support -c none; it just aborts the collection. This means you can't automatically interoperate with a non-HPN server if you want to use 'none' encryption. This is not related to the buffer handling but it is part of the same patch set. I really like the idea of -c none, but I think they have gone overboard with the paranoia. Kris