diff options
| author | Damien Miller <djm@mindrot.org> | 2010-11-20 15:19:38 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2010-11-20 15:19:38 +1100 |
| commit | 0dac6fb6b228a96f4ab3717e3d73871595a291a8 (patch) | |
| tree | 7eae6f1e6a39fb7d608a05250f4749a77a914814 /servconf.c | |
| parent | 4499f4cc20eee7e0f67b35f5a5c6078bf07dcbc0 (diff) | |
- djm@cvs.openbsd.org 2010/11/13 23:27:51
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
[servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
hardcoding lowdelay/throughput.
bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 38 |
1 files changed, 35 insertions, 3 deletions
diff --git a/servconf.c b/servconf.c index 4e5fd2f04..e2f20a3d1 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: servconf.c,v 1.212 2010/09/30 11:04:51 djm Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.213 2010/11/13 23:27:50 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved | 4 | * All rights reserved |
| @@ -15,6 +15,10 @@ | |||
| 15 | #include <sys/types.h> | 15 | #include <sys/types.h> |
| 16 | #include <sys/socket.h> | 16 | #include <sys/socket.h> |
| 17 | 17 | ||
| 18 | #include <netinet/in.h> | ||
| 19 | #include <netinet/in_systm.h> | ||
| 20 | #include <netinet/ip.h> | ||
| 21 | |||
| 18 | #include <netdb.h> | 22 | #include <netdb.h> |
| 19 | #include <pwd.h> | 23 | #include <pwd.h> |
| 20 | #include <stdio.h> | 24 | #include <stdio.h> |
| @@ -133,6 +137,8 @@ initialize_server_options(ServerOptions *options) | |||
| 133 | options->revoked_keys_file = NULL; | 137 | options->revoked_keys_file = NULL; |
| 134 | options->trusted_user_ca_keys = NULL; | 138 | options->trusted_user_ca_keys = NULL; |
| 135 | options->authorized_principals_file = NULL; | 139 | options->authorized_principals_file = NULL; |
| 140 | options->ip_qos_interactive = -1; | ||
| 141 | options->ip_qos_bulk = -1; | ||
| 136 | } | 142 | } |
| 137 | 143 | ||
| 138 | void | 144 | void |
| @@ -271,6 +277,10 @@ fill_default_server_options(ServerOptions *options) | |||
| 271 | options->permit_tun = SSH_TUNMODE_NO; | 277 | options->permit_tun = SSH_TUNMODE_NO; |
| 272 | if (options->zero_knowledge_password_authentication == -1) | 278 | if (options->zero_knowledge_password_authentication == -1) |
| 273 | options->zero_knowledge_password_authentication = 0; | 279 | options->zero_knowledge_password_authentication = 0; |
| 280 | if (options->ip_qos_interactive == -1) | ||
| 281 | options->ip_qos_interactive = IPTOS_LOWDELAY; | ||
| 282 | if (options->ip_qos_bulk == -1) | ||
| 283 | options->ip_qos_bulk = IPTOS_THROUGHPUT; | ||
| 274 | 284 | ||
| 275 | /* Turn privilege separation on by default */ | 285 | /* Turn privilege separation on by default */ |
| 276 | if (use_privsep == -1) | 286 | if (use_privsep == -1) |
| @@ -317,7 +327,7 @@ typedef enum { | |||
| 317 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 327 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
| 318 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 328 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
| 319 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | 329 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
| 320 | sKexAlgorithms, | 330 | sKexAlgorithms, sIPQoS, |
| 321 | sDeprecated, sUnsupported | 331 | sDeprecated, sUnsupported |
| 322 | } ServerOpCodes; | 332 | } ServerOpCodes; |
| 323 | 333 | ||
| @@ -441,6 +451,7 @@ static struct { | |||
| 441 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, | 451 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, |
| 442 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, | 452 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, |
| 443 | { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, | 453 | { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, |
| 454 | { "ipqos", sIPQoS, SSHCFG_ALL }, | ||
| 444 | { NULL, sBadOption, 0 } | 455 | { NULL, sBadOption, 0 } |
| 445 | }; | 456 | }; |
| 446 | 457 | ||
| @@ -670,7 +681,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 670 | const char *host, const char *address) | 681 | const char *host, const char *address) |
| 671 | { | 682 | { |
| 672 | char *cp, **charptr, *arg, *p; | 683 | char *cp, **charptr, *arg, *p; |
| 673 | int cmdline = 0, *intptr, value, n; | 684 | int cmdline = 0, *intptr, value, value2, n; |
| 674 | SyslogFacility *log_facility_ptr; | 685 | SyslogFacility *log_facility_ptr; |
| 675 | LogLevel *log_level_ptr; | 686 | LogLevel *log_level_ptr; |
| 676 | ServerOpCodes opcode; | 687 | ServerOpCodes opcode; |
| @@ -1370,6 +1381,23 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1370 | charptr = &options->revoked_keys_file; | 1381 | charptr = &options->revoked_keys_file; |
| 1371 | goto parse_filename; | 1382 | goto parse_filename; |
| 1372 | 1383 | ||
| 1384 | case sIPQoS: | ||
| 1385 | arg = strdelim(&cp); | ||
| 1386 | if ((value = parse_ipqos(arg)) == -1) | ||
| 1387 | fatal("%s line %d: Bad IPQoS value: %s", | ||
| 1388 | filename, linenum, arg); | ||
| 1389 | arg = strdelim(&cp); | ||
| 1390 | if (arg == NULL) | ||
| 1391 | value2 = value; | ||
| 1392 | else if ((value2 = parse_ipqos(arg)) == -1) | ||
| 1393 | fatal("%s line %d: Bad IPQoS value: %s", | ||
| 1394 | filename, linenum, arg); | ||
| 1395 | if (*activep) { | ||
| 1396 | options->ip_qos_interactive = value; | ||
| 1397 | options->ip_qos_bulk = value2; | ||
| 1398 | } | ||
| 1399 | break; | ||
| 1400 | |||
| 1373 | case sDeprecated: | 1401 | case sDeprecated: |
| 1374 | logit("%s line %d: Deprecated option %s", | 1402 | logit("%s line %d: Deprecated option %s", |
| 1375 | filename, linenum, arg); | 1403 | filename, linenum, arg); |
| @@ -1480,6 +1508,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
| 1480 | M_CP_INTOPT(x11_use_localhost); | 1508 | M_CP_INTOPT(x11_use_localhost); |
| 1481 | M_CP_INTOPT(max_sessions); | 1509 | M_CP_INTOPT(max_sessions); |
| 1482 | M_CP_INTOPT(max_authtries); | 1510 | M_CP_INTOPT(max_authtries); |
| 1511 | M_CP_INTOPT(ip_qos_interactive); | ||
| 1512 | M_CP_INTOPT(ip_qos_bulk); | ||
| 1483 | 1513 | ||
| 1484 | M_CP_STROPT(banner); | 1514 | M_CP_STROPT(banner); |
| 1485 | if (preauth) | 1515 | if (preauth) |
| @@ -1745,5 +1775,7 @@ dump_config(ServerOptions *o) | |||
| 1745 | } | 1775 | } |
| 1746 | dump_cfg_string(sPermitTunnel, s); | 1776 | dump_cfg_string(sPermitTunnel, s); |
| 1747 | 1777 | ||
| 1778 | printf("ipqos 0x%02x 0x%02x\n", o->ip_qos_interactive, o->ip_qos_bulk); | ||
| 1779 | |||
| 1748 | channel_print_adm_permitted_opens(); | 1780 | channel_print_adm_permitted_opens(); |
| 1749 | } | 1781 | } |