Date: Tue, 19 Jan 2016 14:38:20 +0000 (UTC) From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r294325 - in head: . crypto/openssh Message-ID: <201601191438.u0JEcKBZ020172@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Tue Jan 19 14:38:20 2016 New Revision: 294325 URL: https://svnweb.freebsd.org/changeset/base/294325 Log: As previously threatened, remove the HPN patch from OpenSSH. Deleted: head/crypto/openssh/README.hpn Modified: head/UPDATING head/crypto/openssh/buffer.c head/crypto/openssh/buffer.h head/crypto/openssh/channels.c head/crypto/openssh/channels.h head/crypto/openssh/clientloop.c head/crypto/openssh/compat.c head/crypto/openssh/compat.h head/crypto/openssh/misc.c head/crypto/openssh/misc.h head/crypto/openssh/readconf.c head/crypto/openssh/readconf.h head/crypto/openssh/servconf.c head/crypto/openssh/servconf.h head/crypto/openssh/serverloop.c head/crypto/openssh/session.c head/crypto/openssh/sftp.1 head/crypto/openssh/sftp.c head/crypto/openssh/ssh-agent.1 head/crypto/openssh/ssh.c head/crypto/openssh/ssh_config head/crypto/openssh/ssh_config.5 head/crypto/openssh/ssh_namespace.h head/crypto/openssh/sshconnect.c head/crypto/openssh/sshd.c head/crypto/openssh/sshd_config head/crypto/openssh/sshd_config.5 head/crypto/openssh/version.h Modified: head/UPDATING ============================================================================== --- head/UPDATING Tue Jan 19 14:25:22 2016 (r294324) +++ head/UPDATING Tue Jan 19 14:38:20 2016 (r294325) @@ -31,6 +31,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11 disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20160119: + The NONE and HPN patches has been removed from OpenSSH. They are + still available in the security/openssh-portable port. + 20160113: With the addition of ypldap(8), a new _ypldap user is now required during installworld. "mergemaster -p" can be used to add the user Modified: head/crypto/openssh/buffer.c ============================================================================== --- head/crypto/openssh/buffer.c Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/buffer.c Tue Jan 19 14:38:20 2016 (r294325) @@ -27,7 +27,7 @@ __RCSID("$FreeBSD$"); #include "log.h" #define BUFFER_MAX_CHUNK 0x100000 -#define BUFFER_MAX_LEN 0x4000000 /* 64MB */ +#define BUFFER_MAX_LEN 0xa00000 #define BUFFER_ALLOCSZ 0x008000 /* Initializes the buffer structure. */ @@ -167,13 +167,6 @@ buffer_len(const Buffer *buffer) return buffer->end - buffer->offset; } -/* Returns the maximum number of bytes of data that may be in the buffer. */ -u_int -buffer_get_max_len(void) -{ - return (BUFFER_MAX_LEN); -} - /* Gets data from the beginning of the buffer. */ int Modified: head/crypto/openssh/buffer.h ============================================================================== --- head/crypto/openssh/buffer.h Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/buffer.h Tue Jan 19 14:38:20 2016 (r294325) @@ -47,8 +47,6 @@ int buffer_get_ret(Buffer *, void *, u_ int buffer_consume_ret(Buffer *, u_int); int buffer_consume_end_ret(Buffer *, u_int); -u_int buffer_get_max_len(void); - #include <openssl/bn.h> void buffer_put_bignum(Buffer *, const BIGNUM *); Modified: head/crypto/openssh/channels.c ============================================================================== --- head/crypto/openssh/channels.c Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/channels.c Tue Jan 19 14:38:20 2016 (r294325) @@ -174,11 +174,6 @@ static void port_open_helper(Channel *c, static int connect_next(struct channel_connect *); static void channel_connect_ctx_free(struct channel_connect *); -/* -- HPN */ - -static int hpn_disabled = 0; -static u_int buffer_size = CHAN_HPN_MIN_WINDOW_DEFAULT; - /* -- channel core */ Channel * @@ -325,7 +320,6 @@ channel_new(char *ctype, int type, int r c->self = found; c->type = type; c->ctype = ctype; - c->dynamic_window = 0; c->local_window = window; c->local_window_max = window; c->local_consumed = 0; @@ -826,45 +820,10 @@ channel_pre_open_13(Channel *c, fd_set * FD_SET(c->sock, writeset); } -static u_int -channel_tcpwinsz(void) -{ - u_int32_t tcpwinsz; - socklen_t optsz; - int ret, sd; - u_int maxlen; - - /* If we are not on a socket return 128KB. */ - if (!packet_connection_is_on_socket()) - return (128 * 1024); - - tcpwinsz = 0; - optsz = sizeof(tcpwinsz); - sd = packet_get_connection_in(); - ret = getsockopt(sd, SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz); - - /* Return no more than the maximum buffer size. */ - maxlen = buffer_get_max_len(); - if ((ret == 0) && tcpwinsz > maxlen) - tcpwinsz = maxlen; - /* In case getsockopt() failed return a minimum. */ - if (tcpwinsz == 0) - tcpwinsz = CHAN_TCP_WINDOW_DEFAULT; - debug2("tcpwinsz: %d for connection: %d", tcpwinsz, sd); - return (tcpwinsz); -} - static void channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset) { - u_int limit; - - /* Check buffer limits. */ - if (!c->tcpwinsz || c->dynamic_window > 0) - c->tcpwinsz = channel_tcpwinsz(); - - limit = MIN(compat20 ? c->remote_window : packet_get_maxsize(), - 2 * c->tcpwinsz); + u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); if (c->istate == CHAN_INPUT_OPEN && limit > 0 && @@ -1857,25 +1816,14 @@ channel_check_window(Channel *c) c->local_maxpacket*3) || c->local_window < c->local_window_max/2) && c->local_consumed > 0) { - u_int addition = 0; - - /* Adjust max window size if we are in a dynamic environment. */ - if (c->dynamic_window && c->tcpwinsz > c->local_window_max) { - /* - * Grow the window somewhat aggressively to maintain - * pressure. - */ - addition = 1.5 * (c->tcpwinsz - c->local_window_max); - c->local_window_max += addition; - } packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST); packet_put_int(c->remote_id); - packet_put_int(c->local_consumed + addition); + packet_put_int(c->local_consumed); packet_send(); debug2("channel %d: window %d sent adjust %d", c->self, c->local_window, c->local_consumed); - c->local_window += c->local_consumed + addition; + c->local_window += c->local_consumed; c->local_consumed = 0; } return 1; @@ -2739,14 +2687,6 @@ channel_set_af(int af) IPv4or6 = af; } -void -channel_set_hpn(int disabled, u_int buf_size) -{ - hpn_disabled = disabled; - buffer_size = buf_size; - debug("HPN Disabled: %d, HPN Buffer Size: %d", - hpn_disabled, buffer_size); -} /* * Determine whether or not a port forward listens to loopback, the @@ -2924,18 +2864,10 @@ channel_setup_fwd_listener(int type, con *allocated_listen_port); } - /* - * Allocate a channel number for the socket. Explicitly test - * for hpn disabled option. If true use smaller window size. - */ - if (hpn_disabled) - c = channel_new("port listener", type, sock, sock, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, - 0, "port listener", 1); - else - c = channel_new("port listener", type, sock, sock, -1, - buffer_size, CHAN_TCP_PACKET_DEFAULT, - 0, "port listener", 1); + /* Allocate a channel number for the socket. */ + c = channel_new("port listener", type, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, + 0, "port listener", 1); c->path = xstrdup(host); c->host_port = port_to_connect; c->listening_addr = addr == NULL ? NULL : xstrdup(addr); @@ -3583,16 +3515,10 @@ x11_create_display_inet(int x11_display_ *chanids = xcalloc(num_socks + 1, sizeof(**chanids)); for (n = 0; n < num_socks; n++) { sock = socks[n]; - if (hpn_disabled) - nc = channel_new("x11 listener", - SSH_CHANNEL_X11_LISTENER, sock, sock, -1, - CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, - 0, "X11 inet listener", 1); - else - nc = channel_new("x11 listener", - SSH_CHANNEL_X11_LISTENER, sock, sock, -1, - buffer_size, CHAN_X11_PACKET_DEFAULT, - 0, "X11 inet listener", 1); + nc = channel_new("x11 listener", + SSH_CHANNEL_X11_LISTENER, sock, sock, -1, + CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, + 0, "X11 inet listener", 1); nc->single_connection = single_connection; (*chanids)[n] = nc->self; } Modified: head/crypto/openssh/channels.h ============================================================================== --- head/crypto/openssh/channels.h Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/channels.h Tue Jan 19 14:38:20 2016 (r294325) @@ -133,8 +133,6 @@ struct Channel { u_int local_window_max; u_int local_consumed; u_int local_maxpacket; - u_int tcpwinsz; - int dynamic_window; int extended_usage; int single_connection; @@ -176,7 +174,6 @@ struct Channel { #define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT) #define CHAN_X11_PACKET_DEFAULT (16*1024) #define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT) -#define CHAN_HPN_MIN_WINDOW_DEFAULT (2*1024*1024) /* possible input states */ #define CHAN_INPUT_OPEN 0 @@ -310,8 +307,4 @@ void chan_rcvd_ieof(Channel *); void chan_write_failed(Channel *); void chan_obuf_empty(Channel *); -/* hpn handler */ - -void channel_set_hpn(int, u_int); - #endif Modified: head/crypto/openssh/clientloop.c ============================================================================== --- head/crypto/openssh/clientloop.c Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/clientloop.c Tue Jan 19 14:38:20 2016 (r294325) @@ -1892,14 +1892,9 @@ client_request_x11(const char *request_t sock = x11_connect_display(); if (sock < 0) return NULL; - if (options.hpn_disabled) - c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, - 0, "x11", 1); - else - c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1, - options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT, - 0, "x11", 1); + c = channel_new("x11", + SSH_CHANNEL_X11_OPEN, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1); c->force_drain = 1; return c; } @@ -1919,16 +1914,10 @@ client_request_agent(const char *request sock = ssh_get_authentication_socket(); if (sock < 0) return NULL; - if (options.hpn_disabled) - c = channel_new("authentication agent connection", - SSH_CHANNEL_OPEN, sock, sock, -1, - CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, - "authentication agent connection", 1); - else - c = channel_new("authentication agent connection", - SSH_CHANNEL_OPEN, sock, sock, -1, - options.hpn_buffer_size, options.hpn_buffer_size, 0, - "authentication agent connection", 1); + c = channel_new("authentication agent connection", + SSH_CHANNEL_OPEN, sock, sock, -1, + CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, + "authentication agent connection", 1); c->force_drain = 1; return c; } @@ -1955,14 +1944,8 @@ client_request_tun_fwd(int tun_mode, int return -1; } - if (options.hpn_disabled) - c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, - 0, "tun", 1); - else - c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, - options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, - 0, "tun", 1); + c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); c->datagram = 1; #if defined(SSH_TUN_FILTER) Modified: head/crypto/openssh/compat.c ============================================================================== --- head/crypto/openssh/compat.c Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/compat.c Tue Jan 19 14:38:20 2016 (r294325) @@ -178,16 +178,6 @@ compat_datafellows(const char *version) datafellows = check[i].bugs; debug("match: %s pat %s compat 0x%08x", version, check[i].pat, datafellows); - /* - * Check to see if the remote side is OpenSSH and not - * HPN. It is utterly strange to check it from the - * version string and expose the option that way. - */ - if (strstr(version,"OpenSSH") != NULL && - strstr(version,"hpn") == NULL) { - datafellows |= SSH_BUG_LARGEWINDOW; - debug("Remote is not HPN-aware"); - } return; } } Modified: head/crypto/openssh/compat.h ============================================================================== --- head/crypto/openssh/compat.h Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/compat.h Tue Jan 19 14:38:20 2016 (r294325) @@ -62,8 +62,6 @@ #define SSH_BUG_DYNAMIC_RPORT 0x08000000 #define SSH_BUG_CURVE25519PAD 0x10000000 -#define SSH_BUG_LARGEWINDOW 0x80000000 - void enable_compat13(void); void enable_compat20(void); void compat_datafellows(const char *); Modified: head/crypto/openssh/misc.c ============================================================================== --- head/crypto/openssh/misc.c Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/misc.c Tue Jan 19 14:38:20 2016 (r294325) @@ -1037,34 +1037,3 @@ sock_set_v6only(int s) error("setsockopt IPV6_V6ONLY: %s", strerror(errno)); #endif } - -void -sock_get_rcvbuf(int *size, int rcvbuf) -{ - int sock, socksize; - socklen_t socksizelen = sizeof(socksize); - - /* - * Create a socket but do not connect it. We use it - * only to get the rcv socket size. - */ - sock = socket(AF_INET6, SOCK_STREAM, 0); - if (sock < 0) - sock = socket(AF_INET, SOCK_STREAM, 0); - if (sock < 0) - return; - - /* - * If the tcp_rcv_buf option is set and passed in, attempt to set the - * buffer size to its value. - */ - if (rcvbuf) - setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&rcvbuf, - sizeof(rcvbuf)); - - if (getsockopt(sock, SOL_SOCKET, SO_RCVBUF, - &socksize, &socksizelen) == 0) - if (size != NULL) - *size = socksize; - close(sock); -} Modified: head/crypto/openssh/misc.h ============================================================================== --- head/crypto/openssh/misc.h Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/misc.h Tue Jan 19 14:38:20 2016 (r294325) @@ -40,7 +40,6 @@ time_t monotime(void); void lowercase(char *s); void sock_set_v6only(int); -void sock_get_rcvbuf(int *, int); struct passwd *pwcopy(struct passwd *); const char *ssh_gai_strerror(int); Modified: head/crypto/openssh/readconf.c ============================================================================== --- head/crypto/openssh/readconf.c Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/readconf.c Tue Jan 19 14:38:20 2016 (r294325) @@ -152,9 +152,8 @@ typedef enum { oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, - oIgnoredUnknownOption, - oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf, - oVersionAddendum, oDeprecated, oUnsupported + oVersionAddendum, + oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; /* Textual representations of the tokens. */ @@ -267,10 +266,6 @@ static struct { { "canonicalizemaxdots", oCanonicalizeMaxDots }, { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs }, { "ignoreunknown", oIgnoreUnknown }, - { "hpndisabled", oHPNDisabled }, - { "hpnbuffersize", oHPNBufferSize }, - { "tcprcvbufpoll", oTcpRcvBufPoll }, - { "tcprcvbuf", oTcpRcvBuf }, { "versionaddendum", oVersionAddendum }, { NULL, oBadOption } @@ -1352,22 +1347,6 @@ parse_int: multistate_ptr = multistate_requesttty; goto parse_multistate; - case oHPNDisabled: - intptr = &options->hpn_disabled; - goto parse_flag; - - case oHPNBufferSize: - intptr = &options->hpn_buffer_size; - goto parse_int; - - case oTcpRcvBufPoll: - intptr = &options->tcp_rcv_buf_poll; - goto parse_flag; - - case oTcpRcvBuf: - intptr = &options->tcp_rcv_buf; - goto parse_int; - case oVersionAddendum: if (s == NULL) fatal("%.200s line %d: Missing argument.", filename, @@ -1623,10 +1602,6 @@ initialize_options(Options * options) options->canonicalize_fallback_local = -1; options->canonicalize_hostname = -1; options->version_addendum = NULL; - options->hpn_disabled = -1; - options->hpn_buffer_size = -1; - options->tcp_rcv_buf_poll = -1; - options->tcp_rcv_buf = -1; } /* @@ -1821,31 +1796,6 @@ fill_default_options(Options * options) /* options->preferred_authentications will be set in ssh */ if (options->version_addendum == NULL) options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); - if (options->hpn_disabled == -1) - options->hpn_disabled = 0; - if (options->hpn_buffer_size > -1) - { - u_int maxlen; - - /* If a user tries to set the size to 0 set it to 1KB. */ - if (options->hpn_buffer_size == 0) - options->hpn_buffer_size = 1024; - /* Limit the buffer to BUFFER_MAX_LEN. */ - maxlen = buffer_get_max_len(); - if (options->hpn_buffer_size > (maxlen / 1024)) { - debug("User requested buffer larger than %ub: %ub. " - "Request reverted to %ub", maxlen, - options->hpn_buffer_size * 1024, maxlen); - options->hpn_buffer_size = maxlen; - } - debug("hpn_buffer_size set to %d", options->hpn_buffer_size); - } - if (options->tcp_rcv_buf == 0) - options->tcp_rcv_buf = 1; - if (options->tcp_rcv_buf > -1) - options->tcp_rcv_buf *= 1024; - if (options->tcp_rcv_buf_poll == -1) - options->tcp_rcv_buf_poll = 1; } /* Modified: head/crypto/openssh/readconf.h ============================================================================== --- head/crypto/openssh/readconf.h Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/readconf.h Tue Jan 19 14:38:20 2016 (r294325) @@ -153,17 +153,9 @@ typedef struct { int num_permitted_cnames; struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS]; - char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ - char *version_addendum; /* Appended to SSH banner */ - int hpn_disabled; /* Switch to disable HPN buffer management. */ - int hpn_buffer_size; /* User definable size for HPN buffer - * window. */ - int tcp_rcv_buf_poll; /* Option to poll recv buf every window - * transfer. */ - int tcp_rcv_buf; /* User switch to set tcp recv buffer. */ - + char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ } Options; #define SSH_CANONICALISE_NO 0 Modified: head/crypto/openssh/servconf.c ============================================================================== --- head/crypto/openssh/servconf.c Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/servconf.c Tue Jan 19 14:38:20 2016 (r294325) @@ -155,9 +155,6 @@ initialize_server_options(ServerOptions options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; options->version_addendum = NULL; - options->hpn_disabled = -1; - options->hpn_buffer_size = -1; - options->tcp_rcv_buf_poll = -1; } void @@ -318,38 +315,6 @@ fill_default_server_options(ServerOption } #endif - if (options->hpn_disabled == -1) - options->hpn_disabled = 0; - if (options->hpn_buffer_size == -1) { - /* - * HPN buffer size option not explicitly set. Try to figure - * out what value to use or resort to default. - */ - options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT; - if (!options->hpn_disabled) { - sock_get_rcvbuf(&options->hpn_buffer_size, 0); - debug ("HPN Buffer Size: %d", options->hpn_buffer_size); - } - } else { - /* - * In the case that the user sets both values in a - * contradictory manner hpn_disabled overrrides hpn_buffer_size. - */ - if (options->hpn_disabled <= 0) { - u_int maxlen; - - maxlen = buffer_get_max_len(); - if (options->hpn_buffer_size == 0) - options->hpn_buffer_size = 1; - /* Limit the maximum buffer to BUFFER_MAX_LEN. */ - if (options->hpn_buffer_size > maxlen / 1024) - options->hpn_buffer_size = maxlen; - else - options->hpn_buffer_size *= 1024; - } else { - options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; - } - } } /* Keyword tokens. */ @@ -385,7 +350,6 @@ typedef enum { sKexAlgorithms, sIPQoS, sVersionAddendum, sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthenticationMethods, sHostKeyAgent, - sHPNDisabled, sHPNBufferSize, sTcpRcvBufPoll, sDeprecated, sUnsupported } ServerOpCodes; @@ -512,9 +476,6 @@ static struct { { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, - { "hpndisabled", sHPNDisabled, SSHCFG_ALL }, - { "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL }, - { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -1661,18 +1622,6 @@ process_server_config_line(ServerOptions } return 0; - case sHPNDisabled: - intptr = &options->hpn_disabled; - goto parse_flag; - - case sHPNBufferSize: - intptr = &options->hpn_buffer_size; - goto parse_int; - - case sTcpRcvBufPoll: - intptr = &options->tcp_rcv_buf_poll; - goto parse_flag; - case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); Modified: head/crypto/openssh/servconf.h ============================================================================== --- head/crypto/openssh/servconf.h Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/servconf.h Tue Jan 19 14:38:20 2016 (r294325) @@ -181,10 +181,6 @@ typedef struct { char *version_addendum; /* Appended to SSH banner */ - int hpn_disabled; /* Disable HPN functionality. */ - int hpn_buffer_size; /* Set HPN buffer size - default 2MB.*/ - int tcp_rcv_buf_poll; /* Poll TCP rcv window in autotuning - * kernels. */ u_int num_auth_methods; char *auth_methods[MAX_AUTH_METHODS]; } ServerOptions; Modified: head/crypto/openssh/serverloop.c ============================================================================== --- head/crypto/openssh/serverloop.c Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/serverloop.c Tue Jan 19 14:38:20 2016 (r294325) @@ -1016,14 +1016,8 @@ server_request_tun(void) sock = tun_open(tun, mode); if (sock < 0) goto done; - if (options.hpn_disabled) - c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, - "tun", 1); - else - c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, - options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, - "tun", 1); + c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); c->datagram = 1; #if defined(SSH_TUN_FILTER) if (mode == SSH_TUNMODE_POINTOPOINT) @@ -1059,8 +1053,6 @@ server_request_session(void) c = channel_new("session", SSH_CHANNEL_LARVAL, -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT, 0, "server-session", 1); - if (!options.hpn_disabled && options.tcp_rcv_buf_poll) - c->dynamic_window = 1; if (session_open(the_authctxt, c->self) != 1) { debug("session open failed, free channel %d", c->self); channel_free(c); Modified: head/crypto/openssh/session.c ============================================================================== --- head/crypto/openssh/session.c Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/session.c Tue Jan 19 14:38:20 2016 (r294325) @@ -237,10 +237,7 @@ auth_input_request_forwarding(struct pas goto authsock_err; } - /* - * Allocate a channel for the authentication agent socket. - * Ignore HPN on that one given no improvement expected. - */ + /* Allocate a channel for the authentication agent socket. */ nc = channel_new("auth socket", SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, @@ -2346,14 +2343,10 @@ session_set_fds(Session *s, int fdin, in */ if (s->chanid == -1) fatal("no channel for session %d", s->self); - if (options.hpn_disabled) - channel_set_fds(s->chanid, fdout, fdin, fderr, - ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, - 1, is_tty, CHAN_SES_WINDOW_DEFAULT); - else - channel_set_fds(s->chanid, fdout, fdin, fderr, - ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, - 1, is_tty, options.hpn_buffer_size); + channel_set_fds(s->chanid, + fdout, fdin, fderr, + ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, + 1, is_tty, CHAN_SES_WINDOW_DEFAULT); } /* Modified: head/crypto/openssh/sftp.1 ============================================================================== --- head/crypto/openssh/sftp.1 Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/sftp.1 Tue Jan 19 14:38:20 2016 (r294325) @@ -261,8 +261,7 @@ diagnostic messages from Specify how many requests may be outstanding at any one time. Increasing this may slightly improve file transfer speed but will increase memory usage. -The default is 256 outstanding requests providing for 8MB -of outstanding data with a 32KB buffer. +The default is 64 outstanding requests. .It Fl r Recursively copy entire directories when uploading and downloading. Note that Modified: head/crypto/openssh/sftp.c ============================================================================== --- head/crypto/openssh/sftp.c Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/sftp.c Tue Jan 19 14:38:20 2016 (r294325) @@ -69,7 +69,7 @@ typedef void EditLine; #include "sftp-client.h" #define DEFAULT_COPY_BUFLEN 32768 /* Size of buffer for up/download */ -#define DEFAULT_NUM_REQUESTS 256 /* # concurrent outstanding requests */ +#define DEFAULT_NUM_REQUESTS 64 /* # concurrent outstanding requests */ /* File to read commands from */ FILE* infile; Modified: head/crypto/openssh/ssh-agent.1 ============================================================================== --- head/crypto/openssh/ssh-agent.1 Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/ssh-agent.1 Tue Jan 19 14:38:20 2016 (r294325) @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd December 7, 2013 +.Dd $Mdocdate: December 7 2013 $ .Dt SSH-AGENT 1 .Os .Sh NAME Modified: head/crypto/openssh/ssh.c ============================================================================== --- head/crypto/openssh/ssh.c Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/ssh.c Tue Jan 19 14:38:20 2016 (r294325) @@ -633,13 +633,11 @@ main(int ac, char **av) case 'V': if (options.version_addendum && *options.version_addendum != '\0') - fprintf(stderr, "%s%s %s, %s\n", SSH_RELEASE, - options.hpn_disabled ? "" : SSH_VERSION_HPN, + fprintf(stderr, "%s %s, %s\n", SSH_RELEASE, options.version_addendum, SSLeay_version(SSLEAY_VERSION)); else - fprintf(stderr, "%s%s, %s\n", SSH_RELEASE, - options.hpn_disabled ? "" : SSH_VERSION_HPN, + fprintf(stderr, "%s, %s\n", SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); if (opt == 'V') exit(0); @@ -1657,46 +1655,9 @@ ssh_session2_open(void) if (!isatty(err)) set_nonblock(err); - /* - * We need to check to see what to do about buffer sizes here. - * - In an HPN to non-HPN connection we want to limit the window size to - * something reasonable in case the far side has the large window bug. - * - In an HPN to HPN connection we want to use the max window size but - * allow the user to override it. - * - Lastly if HPN is disabled then use the ssh standard window size. - * - * We cannot just do a getsockopt() here and set the ssh window to that - * as in case of autotuning of socket buffers the window would get stuck - * at the initial buffer size, generally less than 96k. Therefore we - * need to set the maximum ssh window size to the maximum HPN buffer - * size unless the user has set TcpRcvBufPoll to no. In that case we - * can just set the window to the minimum of HPN buffer size and TCP - * receive buffer size. - */ - if (tty_flag) - options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT; - else - options.hpn_buffer_size = CHAN_HPN_MIN_WINDOW_DEFAULT; - - if (datafellows & SSH_BUG_LARGEWINDOW) { - debug("HPN to Non-HPN Connection"); - } else if (options.tcp_rcv_buf_poll <= 0) { - sock_get_rcvbuf(&options.hpn_buffer_size, 0); - debug("HPNBufferSize set to TCP RWIN: %d", - options.hpn_buffer_size); - } else if (options.tcp_rcv_buf > 0) { - sock_get_rcvbuf(&options.hpn_buffer_size, - options.tcp_rcv_buf); - debug("HPNBufferSize set to user TCPRcvBuf: %d", - options.hpn_buffer_size); - } - debug("Final hpn_buffer_size = %d", options.hpn_buffer_size); - channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size); - window = options.hpn_buffer_size; - + window = CHAN_SES_WINDOW_DEFAULT; packetmax = CHAN_SES_PACKET_DEFAULT; if (tty_flag) { - window = CHAN_SES_WINDOW_DEFAULT; window >>= 1; packetmax >>= 1; } @@ -1704,10 +1665,6 @@ ssh_session2_open(void) "session", SSH_CHANNEL_OPENING, in, out, err, window, packetmax, CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); - if (!options.hpn_disabled && options.tcp_rcv_buf_poll > 0) { - c->dynamic_window = 1; - debug("Enabled Dynamic Window Scaling\n"); - } debug3("ssh_session2_open: channel_new: %d", c->self); Modified: head/crypto/openssh/ssh_config ============================================================================== --- head/crypto/openssh/ssh_config Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/ssh_config Tue Jan 19 14:38:20 2016 (r294325) @@ -48,4 +48,4 @@ # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h # VerifyHostKeyDNS yes -# VersionAddendum FreeBSD-20140420 +# VersionAddendum FreeBSD-20160119 Modified: head/crypto/openssh/ssh_config.5 ============================================================================== --- head/crypto/openssh/ssh_config.5 Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/ssh_config.5 Tue Jan 19 14:38:20 2016 (r294325) @@ -1423,7 +1423,7 @@ See also VERIFYING HOST KEYS in Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is -.Dq FreeBSD-20140420 . +.Dq FreeBSD-20160119 . The value .Dq none may be used to disable this. Modified: head/crypto/openssh/ssh_namespace.h ============================================================================== --- head/crypto/openssh/ssh_namespace.h Tue Jan 19 14:25:22 2016 (r294324) +++ head/crypto/openssh/ssh_namespace.h Tue Jan 19 14:38:20 2016 (r294325) @@ -7,7 +7,11 @@ * * A list of symbols which need munging is obtained as follows: * - * nm libssh.a | awk '/[0-9a-z] [A-Z] / && $3 !~ /^ssh_/ { printf("#define %-39s ssh_%s\n", $3, $3) }' | unexpand -a | sort -u + # nm libprivatessh.a | LC_ALL=C awk ' + /^[0-9a-z]+ [Tt] [A-Za-z_][0-9A-Za-z_]*$/ && $3 !~ /^ssh_/ { + printf("#define %-39s ssh_%s\n", $3, $3) + }' | unexpand -a | LC_ALL=C sort -u + * * $FreeBSD$ */ @@ -20,9 +24,13 @@ #define a2port ssh_a2port #define a2tun ssh_a2tun #define add_host_to_hostfile ssh_add_host_to_hostfile +#define add_p1p1 ssh_add_p1p1 #define addargs ssh_addargs #define addr_match_cidr_list ssh_addr_match_cidr_list #define addr_match_list ssh_addr_match_list +#define addr_netmatch ssh_addr_netmatch +#define addr_pton ssh_addr_pton +#define addr_pton_cidr ssh_addr_pton_cidr #define ask_permission ssh_ask_permission #define atomicio ssh_atomicio #define atomicio6 ssh_atomicio6 @@ -31,7 +39,10 @@ #define auth_request_forwarding ssh_auth_request_forwarding #define bandwidth_limit ssh_bandwidth_limit #define bandwidth_limit_init ssh_bandwidth_limit_init +#define barrett_reduce ssh_barrett_reduce +#define bcrypt_hash ssh_bcrypt_hash #define bcrypt_pbkdf ssh_bcrypt_pbkdf +#define bf_ssh1_cipher ssh_bf_ssh1_cipher #define blf_cbc_decrypt ssh_blf_cbc_decrypt #define blf_cbc_encrypt ssh_blf_cbc_encrypt #define blf_dec ssh_blf_dec @@ -70,7 +81,6 @@ #define buffer_get_int64 ssh_buffer_get_int64 #define buffer_get_int64_ret ssh_buffer_get_int64_ret #define buffer_get_int_ret ssh_buffer_get_int_ret -#define buffer_get_max_len ssh_buffer_get_max_len #define buffer_get_ret ssh_buffer_get_ret #define buffer_get_short ssh_buffer_get_short #define buffer_get_short_ret ssh_buffer_get_short_ret @@ -95,6 +105,7 @@ #define buffer_put_short ssh_buffer_put_short #define buffer_put_string ssh_buffer_put_string #define buffer_uncompress ssh_buffer_uncompress +#define cert_free ssh_cert_free #define chacha_encrypt_bytes ssh_chacha_encrypt_bytes #define chacha_ivsetup ssh_chacha_ivsetup #define chacha_keysetup ssh_chacha_keysetup @@ -109,6 +120,10 @@ #define chan_rcvd_ieof ssh_chan_rcvd_ieof #define chan_rcvd_oclose ssh_chan_rcvd_oclose #define chan_read_failed ssh_chan_read_failed +#define chan_send_eof2 ssh_chan_send_eof2 +#define chan_send_oclose1 ssh_chan_send_oclose1 +#define chan_shutdown_read ssh_chan_shutdown_read +#define chan_shutdown_write ssh_chan_shutdown_write #define chan_write_failed ssh_chan_write_failed #define channel_add_adm_permitted_opens ssh_channel_add_adm_permitted_opens #define channel_add_permitted_opens ssh_channel_add_permitted_opens @@ -121,6 +136,7 @@ #define channel_clear_permitted_opens ssh_channel_clear_permitted_opens #define channel_close_all ssh_channel_close_all #define channel_close_fd ssh_channel_close_fd +#define channel_close_fds ssh_channel_close_fds #define channel_connect_by_listen_address ssh_channel_connect_by_listen_address #define channel_connect_stdio_fwd ssh_channel_connect_stdio_fwd #define channel_connect_to ssh_channel_connect_to @@ -128,6 +144,8 @@ #define channel_find_open ssh_channel_find_open #define channel_free ssh_channel_free #define channel_free_all ssh_channel_free_all +#define channel_fwd_bind_addr ssh_channel_fwd_bind_addr +#define channel_handler ssh_channel_handler #define channel_input_close ssh_channel_input_close #define channel_input_close_confirmation ssh_channel_input_close_confirmation #define channel_input_data ssh_channel_input_data @@ -146,11 +164,28 @@ #define channel_open_message ssh_channel_open_message #define channel_output_poll ssh_channel_output_poll #define channel_permit_all_opens ssh_channel_permit_all_opens -#define channel_post ssh_channel_post -#define channel_pre ssh_channel_pre +#define channel_post_auth_listener ssh_channel_post_auth_listener +#define channel_post_connecting ssh_channel_post_connecting +#define channel_post_mux_client ssh_channel_post_mux_client +#define channel_post_mux_listener ssh_channel_post_mux_listener +#define channel_post_open ssh_channel_post_open +#define channel_post_output_drain_13 ssh_channel_post_output_drain_13 +#define channel_post_port_listener ssh_channel_post_port_listener +#define channel_post_x11_listener ssh_channel_post_x11_listener +#define channel_pre_connecting ssh_channel_pre_connecting +#define channel_pre_dynamic ssh_channel_pre_dynamic +#define channel_pre_input_draining ssh_channel_pre_input_draining +#define channel_pre_listener ssh_channel_pre_listener +#define channel_pre_mux_client ssh_channel_pre_mux_client +#define channel_pre_open ssh_channel_pre_open +#define channel_pre_open_13 ssh_channel_pre_open_13 +#define channel_pre_output_draining ssh_channel_pre_output_draining +#define channel_pre_x11_open ssh_channel_pre_x11_open +#define channel_pre_x11_open_13 ssh_channel_pre_x11_open_13 #define channel_prepare_select ssh_channel_prepare_select #define channel_print_adm_permitted_opens ssh_channel_print_adm_permitted_opens #define channel_register_cleanup ssh_channel_register_cleanup +#define channel_register_fds ssh_channel_register_fds #define channel_register_filter ssh_channel_register_filter #define channel_register_open_confirm ssh_channel_register_open_confirm #define channel_register_status_confirm ssh_channel_register_status_confirm @@ -161,14 +196,17 @@ #define channel_send_window_changes ssh_channel_send_window_changes #define channel_set_af ssh_channel_set_af #define channel_set_fds ssh_channel_set_fds -#define channel_set_hpn ssh_channel_set_hpn +#define channel_setup_fwd_listener ssh_channel_setup_fwd_listener #define channel_setup_local_fwd_listener ssh_channel_setup_local_fwd_listener #define channel_setup_remote_fwd_listener ssh_channel_setup_remote_fwd_listener #define channel_still_open ssh_channel_still_open #define channel_stop_listening ssh_channel_stop_listening #define channel_update_permitted_opens ssh_channel_update_permitted_opens +#define check_crc ssh_check_crc +#define check_hostkeys_by_key_or_type ssh_check_hostkeys_by_key_or_type #define check_key_in_hostkeys ssh_check_key_in_hostkeys #define choose_dh ssh_choose_dh +#define choose_t ssh_choose_t #define chop ssh_chop #define cipher_alg_list ssh_cipher_alg_list #define cipher_authlen ssh_cipher_authlen @@ -198,15 +236,17 @@ #define cleanup_exit ssh_cleanup_exit #define clear_cached_addr ssh_clear_cached_addr #define colon ssh_colon -#define compat13 ssh_compat13 -#define compat20 ssh_compat20 +#define compare ssh_compare +#define compare_gps ssh_compare_gps #define compat_cipher_proposal ssh_compat_cipher_proposal #define compat_datafellows ssh_compat_datafellows +#define compat_kex_proposal ssh_compat_kex_proposal #define compat_pkalg_proposal ssh_compat_pkalg_proposal +#define connect_next ssh_connect_next +#define connect_to ssh_connect_to #define convtime ssh_convtime #define crypto_hash_sha512 ssh_crypto_hash_sha512 #define crypto_hashblocks_sha512 ssh_crypto_hashblocks_sha512 -#define crypto_scalarmult_curve25519 ssh_crypto_scalarmult_curve25519 #define crypto_sign_ed25519 ssh_crypto_sign_ed25519 #define crypto_sign_ed25519_keypair ssh_crypto_sign_ed25519_keypair #define crypto_sign_ed25519_open ssh_crypto_sign_ed25519_open @@ -227,7 +267,6 @@ #define crypto_sign_ed25519_ref_fe25519_square ssh_crypto_sign_ed25519_ref_fe25519_square #define crypto_sign_ed25519_ref_fe25519_sub ssh_crypto_sign_ed25519_ref_fe25519_sub #define crypto_sign_ed25519_ref_fe25519_unpack ssh_crypto_sign_ed25519_ref_fe25519_unpack -#define crypto_sign_ed25519_ref_ge25519_base ssh_crypto_sign_ed25519_ref_ge25519_base #define crypto_sign_ed25519_ref_isneutral_vartime ssh_crypto_sign_ed25519_ref_isneutral_vartime #define crypto_sign_ed25519_ref_pack ssh_crypto_sign_ed25519_ref_pack #define crypto_sign_ed25519_ref_sc25519_2interleave2 ssh_crypto_sign_ed25519_ref_sc25519_2interleave2 @@ -248,8 +287,7 @@ #define crypto_sign_ed25519_ref_shortsc25519_from16bytes ssh_crypto_sign_ed25519_ref_shortsc25519_from16bytes #define crypto_sign_ed25519_ref_unpackneg_vartime ssh_crypto_sign_ed25519_ref_unpackneg_vartime #define crypto_verify_32 ssh_crypto_verify_32 -#define current_keys ssh_current_keys -#define datafellows ssh_datafellows +#define dbl_p1p1 ssh_dbl_p1p1 #define debug ssh_debug #define debug2 ssh_debug2 #define debug3 ssh_debug3 @@ -264,8 +302,6 @@ #define dh_new_group14 ssh_dh_new_group14 #define dh_new_group_asc ssh_dh_new_group_asc #define dh_pub_is_valid ssh_dh_pub_is_valid -#define digests ssh_digests -#define dispatch ssh_dispatch #define dispatch_init ssh_dispatch_init #define dispatch_protocol_error ssh_dispatch_protocol_error #define dispatch_protocol_ignore ssh_dispatch_protocol_ignore @@ -283,6 +319,7 @@ #define explicit_bzero ssh_explicit_bzero #define export_dns_rr ssh_export_dns_rr #define fatal ssh_fatal +#define filter_proposal ssh_filter_proposal #define fmt_scaled ssh_fmt_scaled #define free_hostkeys ssh_free_hostkeys #define freeargs ssh_freeargs @@ -298,20 +335,27 @@ #define get_remote_name_or_ip ssh_get_remote_name_or_ip #define get_remote_port ssh_get_remote_port #define get_sock_port ssh_get_sock_port +#define get_socket_address ssh_get_socket_address #define get_u16 ssh_get_u16 #define get_u32 ssh_get_u32 #define get_u64 ssh_get_u64 #define getrrsetbyname ssh_getrrsetbyname #define glob ssh_glob +#define glob0 ssh_glob0 +#define glob2 ssh_glob2 +#define globexp1 ssh_globexp1 +#define globextend ssh_globextend #define globfree ssh_globfree #define host_hash ssh_host_hash #define hostfile_read_key ssh_hostfile_read_key #define hpdelim ssh_hpdelim -#define incoming_stream ssh_incoming_stream #define init_hostkeys ssh_init_hostkeys #define iptos2str ssh_iptos2str #define ipv64_normalise_mapped ssh_ipv64_normalise_mapped +#define is_key_revoked ssh_is_key_revoked +#define kex_alg_by_name ssh_kex_alg_by_name #define kex_alg_list ssh_kex_alg_list +#define kex_buf2prop ssh_kex_buf2prop #define kex_c25519_hash ssh_kex_c25519_hash #define kex_derive_keys ssh_kex_derive_keys #define kex_derive_keys_bn ssh_kex_derive_keys_bn @@ -321,6 +365,8 @@ #define kex_get_newkeys ssh_kex_get_newkeys #define kex_input_kexinit ssh_kex_input_kexinit #define kex_names_valid ssh_kex_names_valid +#define kex_prop_free ssh_kex_prop_free +#define kex_protocol_error ssh_kex_protocol_error #define kex_send_kexinit ssh_kex_send_kexinit #define kex_setup ssh_kex_setup #define kexc25519_client ssh_kexc25519_client *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601191438.u0JEcKBZ020172>