diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | clientloop.c | 5 | ||||
-rw-r--r-- | misc.c | 56 | ||||
-rw-r--r-- | misc.h | 3 | ||||
-rw-r--r-- | packet.c | 9 | ||||
-rw-r--r-- | packet.h | 4 | ||||
-rw-r--r-- | readconf.c | 30 | ||||
-rw-r--r-- | readconf.h | 4 | ||||
-rw-r--r-- | servconf.c | 38 | ||||
-rw-r--r-- | servconf.h | 4 | ||||
-rw-r--r-- | session.c | 8 | ||||
-rw-r--r-- | ssh.c | 7 | ||||
-rw-r--r-- | ssh_config.5 | 41 | ||||
-rw-r--r-- | sshd_config.5 | 41 |
14 files changed, 230 insertions, 27 deletions
@@ -7,6 +7,13 @@ | |||
7 | [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] | 7 | [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] |
8 | use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. | 8 | use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. |
9 | these have been around for years by this time. ok markus | 9 | these have been around for years by this time. ok markus |
10 | - djm@cvs.openbsd.org 2010/11/13 23:27:51 | ||
11 | [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] | ||
12 | [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] | ||
13 | allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of | ||
14 | hardcoding lowdelay/throughput. | ||
15 | |||
16 | bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@ | ||
10 | 17 | ||
11 | 20101111 | 18 | 20101111 |
12 | - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on | 19 | - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on |
diff --git a/clientloop.c b/clientloop.c index 848aacd4a..52dcb4c04 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.223 2010/10/06 06:39:28 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.224 2010/11/13 23:27:50 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1973,6 +1973,9 @@ client_session2_setup(int id, int want_tty, int want_subsystem, | |||
1973 | if ((c = channel_lookup(id)) == NULL) | 1973 | if ((c = channel_lookup(id)) == NULL) |
1974 | fatal("client_session2_setup: channel %d: unknown channel", id); | 1974 | fatal("client_session2_setup: channel %d: unknown channel", id); |
1975 | 1975 | ||
1976 | packet_set_interactive(want_tty, | ||
1977 | options.ip_qos_interactive, options.ip_qos_bulk); | ||
1978 | |||
1976 | if (want_tty) { | 1979 | if (want_tty) { |
1977 | struct winsize ws; | 1980 | struct winsize ws; |
1978 | 1981 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: misc.c,v 1.82 2010/09/24 13:33:00 matthew Exp $ */ | 1 | /* $OpenBSD: misc.c,v 1.83 2010/11/13 23:27:50 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2005,2006 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2005,2006 Damien Miller. All rights reserved. |
@@ -38,6 +38,8 @@ | |||
38 | #include <unistd.h> | 38 | #include <unistd.h> |
39 | 39 | ||
40 | #include <netinet/in.h> | 40 | #include <netinet/in.h> |
41 | #include <netinet/in_systm.h> | ||
42 | #include <netinet/ip.h> | ||
41 | #include <netinet/tcp.h> | 43 | #include <netinet/tcp.h> |
42 | 44 | ||
43 | #include <errno.h> | 45 | #include <errno.h> |
@@ -913,6 +915,58 @@ bandwidth_limit(struct bwlimit *bw, size_t read_len) | |||
913 | bw->lamt = 0; | 915 | bw->lamt = 0; |
914 | gettimeofday(&bw->bwstart, NULL); | 916 | gettimeofday(&bw->bwstart, NULL); |
915 | } | 917 | } |
918 | |||
919 | static const struct { | ||
920 | const char *name; | ||
921 | int value; | ||
922 | } ipqos[] = { | ||
923 | { "af11", IPTOS_DSCP_AF11 }, | ||
924 | { "af12", IPTOS_DSCP_AF12 }, | ||
925 | { "af13", IPTOS_DSCP_AF13 }, | ||
926 | { "af14", IPTOS_DSCP_AF21 }, | ||
927 | { "af22", IPTOS_DSCP_AF22 }, | ||
928 | { "af23", IPTOS_DSCP_AF23 }, | ||
929 | { "af31", IPTOS_DSCP_AF31 }, | ||
930 | { "af32", IPTOS_DSCP_AF32 }, | ||
931 | { "af33", IPTOS_DSCP_AF33 }, | ||
932 | { "af41", IPTOS_DSCP_AF41 }, | ||
933 | { "af42", IPTOS_DSCP_AF42 }, | ||
934 | { "af43", IPTOS_DSCP_AF43 }, | ||
935 | { "cs0", IPTOS_DSCP_CS0 }, | ||
936 | { "cs1", IPTOS_DSCP_CS1 }, | ||
937 | { "cs2", IPTOS_DSCP_CS2 }, | ||
938 | { "cs3", IPTOS_DSCP_CS3 }, | ||
939 | { "cs4", IPTOS_DSCP_CS4 }, | ||
940 | { "cs5", IPTOS_DSCP_CS5 }, | ||
941 | { "cs6", IPTOS_DSCP_CS6 }, | ||
942 | { "cs7", IPTOS_DSCP_CS7 }, | ||
943 | { "ef", IPTOS_DSCP_EF }, | ||
944 | { "lowdelay", IPTOS_LOWDELAY }, | ||
945 | { "throughput", IPTOS_THROUGHPUT }, | ||
946 | { "reliability", IPTOS_RELIABILITY }, | ||
947 | { NULL, -1 } | ||
948 | }; | ||
949 | |||
950 | int | ||
951 | parse_ipqos(const char *cp) | ||
952 | { | ||
953 | u_int i; | ||
954 | char *ep; | ||
955 | long val; | ||
956 | |||
957 | if (cp == NULL) | ||
958 | return -1; | ||
959 | for (i = 0; ipqos[i].name != NULL; i++) { | ||
960 | if (strcasecmp(cp, ipqos[i].name) == 0) | ||
961 | return ipqos[i].value; | ||
962 | } | ||
963 | /* Try parsing as an integer */ | ||
964 | val = strtol(cp, &ep, 0); | ||
965 | if (*cp == '\0' || *ep != '\0' || val < 0 || val > 255) | ||
966 | return -1; | ||
967 | return val; | ||
968 | } | ||
969 | |||
916 | void | 970 | void |
917 | sock_set_v6only(int s) | 971 | sock_set_v6only(int s) |
918 | { | 972 | { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: misc.h,v 1.45 2010/09/24 13:33:00 matthew Exp $ */ | 1 | /* $OpenBSD: misc.h,v 1.46 2010/11/13 23:27:50 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -88,6 +88,7 @@ struct bwlimit { | |||
88 | void bandwidth_limit_init(struct bwlimit *, u_int64_t, size_t); | 88 | void bandwidth_limit_init(struct bwlimit *, u_int64_t, size_t); |
89 | void bandwidth_limit(struct bwlimit *, size_t); | 89 | void bandwidth_limit(struct bwlimit *, size_t); |
90 | 90 | ||
91 | int parse_ipqos(const char *); | ||
91 | 92 | ||
92 | /* readpass.c */ | 93 | /* readpass.c */ |
93 | 94 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.171 2010/11/05 02:46:47 djm Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.172 2010/11/13 23:27:50 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1750,7 +1750,7 @@ packet_not_very_much_data_to_write(void) | |||
1750 | } | 1750 | } |
1751 | 1751 | ||
1752 | static void | 1752 | static void |
1753 | packet_set_tos(int interactive) | 1753 | packet_set_tos(int tos) |
1754 | { | 1754 | { |
1755 | #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) | 1755 | #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) |
1756 | int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT; | 1756 | int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT; |
@@ -1758,6 +1758,7 @@ packet_set_tos(int interactive) | |||
1758 | if (!packet_connection_is_on_socket() || | 1758 | if (!packet_connection_is_on_socket() || |
1759 | !packet_connection_is_ipv4()) | 1759 | !packet_connection_is_ipv4()) |
1760 | return; | 1760 | return; |
1761 | debug3("%s: set IP_TOS 0x%02x", __func__, tos); | ||
1761 | if (setsockopt(active_state->connection_in, IPPROTO_IP, IP_TOS, &tos, | 1762 | if (setsockopt(active_state->connection_in, IPPROTO_IP, IP_TOS, &tos, |
1762 | sizeof(tos)) < 0) | 1763 | sizeof(tos)) < 0) |
1763 | error("setsockopt IP_TOS %d: %.100s:", | 1764 | error("setsockopt IP_TOS %d: %.100s:", |
@@ -1768,7 +1769,7 @@ packet_set_tos(int interactive) | |||
1768 | /* Informs that the current session is interactive. Sets IP flags for that. */ | 1769 | /* Informs that the current session is interactive. Sets IP flags for that. */ |
1769 | 1770 | ||
1770 | void | 1771 | void |
1771 | packet_set_interactive(int interactive) | 1772 | packet_set_interactive(int interactive, int qos_interactive, int qos_bulk) |
1772 | { | 1773 | { |
1773 | if (active_state->set_interactive_called) | 1774 | if (active_state->set_interactive_called) |
1774 | return; | 1775 | return; |
@@ -1781,7 +1782,7 @@ packet_set_interactive(int interactive) | |||
1781 | if (!packet_connection_is_on_socket()) | 1782 | if (!packet_connection_is_on_socket()) |
1782 | return; | 1783 | return; |
1783 | set_nodelay(active_state->connection_in); | 1784 | set_nodelay(active_state->connection_in); |
1784 | packet_set_tos(interactive); | 1785 | packet_set_tos(interactive ? qos_interactive : qos_bulk); |
1785 | } | 1786 | } |
1786 | 1787 | ||
1787 | /* Returns true if the current connection is interactive. */ | 1788 | /* Returns true if the current connection is interactive. */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.h,v 1.54 2010/08/31 11:54:45 djm Exp $ */ | 1 | /* $OpenBSD: packet.h,v 1.55 2010/11/13 23:27:50 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -34,7 +34,7 @@ u_int packet_get_encryption_key(u_char *); | |||
34 | void packet_set_protocol_flags(u_int); | 34 | void packet_set_protocol_flags(u_int); |
35 | u_int packet_get_protocol_flags(void); | 35 | u_int packet_get_protocol_flags(void); |
36 | void packet_start_compression(int); | 36 | void packet_start_compression(int); |
37 | void packet_set_interactive(int); | 37 | void packet_set_interactive(int, int, int); |
38 | int packet_is_interactive(void); | 38 | int packet_is_interactive(void); |
39 | void packet_set_server(void); | 39 | void packet_set_server(void); |
40 | void packet_set_authenticated(void); | 40 | void packet_set_authenticated(void); |
diff --git a/readconf.c b/readconf.c index da7efd193..eb4a8b9ee 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.189 2010/09/22 05:01:29 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.190 2010/11/13 23:27:50 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -19,6 +19,8 @@ | |||
19 | #include <sys/socket.h> | 19 | #include <sys/socket.h> |
20 | 20 | ||
21 | #include <netinet/in.h> | 21 | #include <netinet/in.h> |
22 | #include <netinet/in_systm.h> | ||
23 | #include <netinet/ip.h> | ||
22 | 24 | ||
23 | #include <ctype.h> | 25 | #include <ctype.h> |
24 | #include <errno.h> | 26 | #include <errno.h> |
@@ -132,7 +134,7 @@ typedef enum { | |||
132 | oHashKnownHosts, | 134 | oHashKnownHosts, |
133 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 135 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
134 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, | 136 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, |
135 | oKexAlgorithms, | 137 | oKexAlgorithms, oIPQoS, |
136 | oDeprecated, oUnsupported | 138 | oDeprecated, oUnsupported |
137 | } OpCodes; | 139 | } OpCodes; |
138 | 140 | ||
@@ -242,6 +244,7 @@ static struct { | |||
242 | { "zeroknowledgepasswordauthentication", oUnsupported }, | 244 | { "zeroknowledgepasswordauthentication", oUnsupported }, |
243 | #endif | 245 | #endif |
244 | { "kexalgorithms", oKexAlgorithms }, | 246 | { "kexalgorithms", oKexAlgorithms }, |
247 | { "ipqos", oIPQoS }, | ||
245 | 248 | ||
246 | { NULL, oBadOption } | 249 | { NULL, oBadOption } |
247 | }; | 250 | }; |
@@ -973,6 +976,23 @@ parse_int: | |||
973 | intptr = &options->visual_host_key; | 976 | intptr = &options->visual_host_key; |
974 | goto parse_flag; | 977 | goto parse_flag; |
975 | 978 | ||
979 | case oIPQoS: | ||
980 | arg = strdelim(&s); | ||
981 | if ((value = parse_ipqos(arg)) == -1) | ||
982 | fatal("%s line %d: Bad IPQoS value: %s", | ||
983 | filename, linenum, arg); | ||
984 | arg = strdelim(&s); | ||
985 | if (arg == NULL) | ||
986 | value2 = value; | ||
987 | else if ((value2 = parse_ipqos(arg)) == -1) | ||
988 | fatal("%s line %d: Bad IPQoS value: %s", | ||
989 | filename, linenum, arg); | ||
990 | if (*activep) { | ||
991 | options->ip_qos_interactive = value; | ||
992 | options->ip_qos_bulk = value2; | ||
993 | } | ||
994 | break; | ||
995 | |||
976 | case oUseRoaming: | 996 | case oUseRoaming: |
977 | intptr = &options->use_roaming; | 997 | intptr = &options->use_roaming; |
978 | goto parse_flag; | 998 | goto parse_flag; |
@@ -1135,6 +1155,8 @@ initialize_options(Options * options) | |||
1135 | options->use_roaming = -1; | 1155 | options->use_roaming = -1; |
1136 | options->visual_host_key = -1; | 1156 | options->visual_host_key = -1; |
1137 | options->zero_knowledge_password_authentication = -1; | 1157 | options->zero_knowledge_password_authentication = -1; |
1158 | options->ip_qos_interactive = -1; | ||
1159 | options->ip_qos_bulk = -1; | ||
1138 | } | 1160 | } |
1139 | 1161 | ||
1140 | /* | 1162 | /* |
@@ -1289,6 +1311,10 @@ fill_default_options(Options * options) | |||
1289 | options->visual_host_key = 0; | 1311 | options->visual_host_key = 0; |
1290 | if (options->zero_knowledge_password_authentication == -1) | 1312 | if (options->zero_knowledge_password_authentication == -1) |
1291 | options->zero_knowledge_password_authentication = 0; | 1313 | options->zero_knowledge_password_authentication = 0; |
1314 | if (options->ip_qos_interactive == -1) | ||
1315 | options->ip_qos_interactive = IPTOS_LOWDELAY; | ||
1316 | if (options->ip_qos_bulk == -1) | ||
1317 | options->ip_qos_bulk = IPTOS_THROUGHPUT; | ||
1292 | /* options->local_command should not be set by default */ | 1318 | /* options->local_command should not be set by default */ |
1293 | /* options->proxy_command should not be set by default */ | 1319 | /* options->proxy_command should not be set by default */ |
1294 | /* options->user will be set in the main program if appropriate */ | 1320 | /* options->user will be set in the main program if appropriate */ |
diff --git a/readconf.h b/readconf.h index ae61466df..ee160dfe7 100644 --- a/readconf.h +++ b/readconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.h,v 1.87 2010/09/22 05:01:29 djm Exp $ */ | 1 | /* $OpenBSD: readconf.h,v 1.88 2010/11/13 23:27:50 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -59,6 +59,8 @@ typedef struct { | |||
59 | int compression_level; /* Compression level 1 (fast) to 9 | 59 | int compression_level; /* Compression level 1 (fast) to 9 |
60 | * (best). */ | 60 | * (best). */ |
61 | int tcp_keep_alive; /* Set SO_KEEPALIVE. */ | 61 | int tcp_keep_alive; /* Set SO_KEEPALIVE. */ |
62 | int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ | ||
63 | int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ | ||
62 | LogLevel log_level; /* Level for logging. */ | 64 | LogLevel log_level; /* Level for logging. */ |
63 | 65 | ||
64 | int port; /* Port to connect. */ | 66 | int port; /* Port to connect. */ |
diff --git a/servconf.c b/servconf.c index 4e5fd2f04..e2f20a3d1 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.c,v 1.212 2010/09/30 11:04:51 djm Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.213 2010/11/13 23:27:50 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -15,6 +15,10 @@ | |||
15 | #include <sys/types.h> | 15 | #include <sys/types.h> |
16 | #include <sys/socket.h> | 16 | #include <sys/socket.h> |
17 | 17 | ||
18 | #include <netinet/in.h> | ||
19 | #include <netinet/in_systm.h> | ||
20 | #include <netinet/ip.h> | ||
21 | |||
18 | #include <netdb.h> | 22 | #include <netdb.h> |
19 | #include <pwd.h> | 23 | #include <pwd.h> |
20 | #include <stdio.h> | 24 | #include <stdio.h> |
@@ -133,6 +137,8 @@ initialize_server_options(ServerOptions *options) | |||
133 | options->revoked_keys_file = NULL; | 137 | options->revoked_keys_file = NULL; |
134 | options->trusted_user_ca_keys = NULL; | 138 | options->trusted_user_ca_keys = NULL; |
135 | options->authorized_principals_file = NULL; | 139 | options->authorized_principals_file = NULL; |
140 | options->ip_qos_interactive = -1; | ||
141 | options->ip_qos_bulk = -1; | ||
136 | } | 142 | } |
137 | 143 | ||
138 | void | 144 | void |
@@ -271,6 +277,10 @@ fill_default_server_options(ServerOptions *options) | |||
271 | options->permit_tun = SSH_TUNMODE_NO; | 277 | options->permit_tun = SSH_TUNMODE_NO; |
272 | if (options->zero_knowledge_password_authentication == -1) | 278 | if (options->zero_knowledge_password_authentication == -1) |
273 | options->zero_knowledge_password_authentication = 0; | 279 | options->zero_knowledge_password_authentication = 0; |
280 | if (options->ip_qos_interactive == -1) | ||
281 | options->ip_qos_interactive = IPTOS_LOWDELAY; | ||
282 | if (options->ip_qos_bulk == -1) | ||
283 | options->ip_qos_bulk = IPTOS_THROUGHPUT; | ||
274 | 284 | ||
275 | /* Turn privilege separation on by default */ | 285 | /* Turn privilege separation on by default */ |
276 | if (use_privsep == -1) | 286 | if (use_privsep == -1) |
@@ -317,7 +327,7 @@ typedef enum { | |||
317 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 327 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
318 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 328 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
319 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | 329 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
320 | sKexAlgorithms, | 330 | sKexAlgorithms, sIPQoS, |
321 | sDeprecated, sUnsupported | 331 | sDeprecated, sUnsupported |
322 | } ServerOpCodes; | 332 | } ServerOpCodes; |
323 | 333 | ||
@@ -441,6 +451,7 @@ static struct { | |||
441 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, | 451 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, |
442 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, | 452 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, |
443 | { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, | 453 | { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, |
454 | { "ipqos", sIPQoS, SSHCFG_ALL }, | ||
444 | { NULL, sBadOption, 0 } | 455 | { NULL, sBadOption, 0 } |
445 | }; | 456 | }; |
446 | 457 | ||
@@ -670,7 +681,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
670 | const char *host, const char *address) | 681 | const char *host, const char *address) |
671 | { | 682 | { |
672 | char *cp, **charptr, *arg, *p; | 683 | char *cp, **charptr, *arg, *p; |
673 | int cmdline = 0, *intptr, value, n; | 684 | int cmdline = 0, *intptr, value, value2, n; |
674 | SyslogFacility *log_facility_ptr; | 685 | SyslogFacility *log_facility_ptr; |
675 | LogLevel *log_level_ptr; | 686 | LogLevel *log_level_ptr; |
676 | ServerOpCodes opcode; | 687 | ServerOpCodes opcode; |
@@ -1370,6 +1381,23 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1370 | charptr = &options->revoked_keys_file; | 1381 | charptr = &options->revoked_keys_file; |
1371 | goto parse_filename; | 1382 | goto parse_filename; |
1372 | 1383 | ||
1384 | case sIPQoS: | ||
1385 | arg = strdelim(&cp); | ||
1386 | if ((value = parse_ipqos(arg)) == -1) | ||
1387 | fatal("%s line %d: Bad IPQoS value: %s", | ||
1388 | filename, linenum, arg); | ||
1389 | arg = strdelim(&cp); | ||
1390 | if (arg == NULL) | ||
1391 | value2 = value; | ||
1392 | else if ((value2 = parse_ipqos(arg)) == -1) | ||
1393 | fatal("%s line %d: Bad IPQoS value: %s", | ||
1394 | filename, linenum, arg); | ||
1395 | if (*activep) { | ||
1396 | options->ip_qos_interactive = value; | ||
1397 | options->ip_qos_bulk = value2; | ||
1398 | } | ||
1399 | break; | ||
1400 | |||
1373 | case sDeprecated: | 1401 | case sDeprecated: |
1374 | logit("%s line %d: Deprecated option %s", | 1402 | logit("%s line %d: Deprecated option %s", |
1375 | filename, linenum, arg); | 1403 | filename, linenum, arg); |
@@ -1480,6 +1508,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1480 | M_CP_INTOPT(x11_use_localhost); | 1508 | M_CP_INTOPT(x11_use_localhost); |
1481 | M_CP_INTOPT(max_sessions); | 1509 | M_CP_INTOPT(max_sessions); |
1482 | M_CP_INTOPT(max_authtries); | 1510 | M_CP_INTOPT(max_authtries); |
1511 | M_CP_INTOPT(ip_qos_interactive); | ||
1512 | M_CP_INTOPT(ip_qos_bulk); | ||
1483 | 1513 | ||
1484 | M_CP_STROPT(banner); | 1514 | M_CP_STROPT(banner); |
1485 | if (preauth) | 1515 | if (preauth) |
@@ -1745,5 +1775,7 @@ dump_config(ServerOptions *o) | |||
1745 | } | 1775 | } |
1746 | dump_cfg_string(sPermitTunnel, s); | 1776 | dump_cfg_string(sPermitTunnel, s); |
1747 | 1777 | ||
1778 | printf("ipqos 0x%02x 0x%02x\n", o->ip_qos_interactive, o->ip_qos_bulk); | ||
1779 | |||
1748 | channel_print_adm_permitted_opens(); | 1780 | channel_print_adm_permitted_opens(); |
1749 | } | 1781 | } |
diff --git a/servconf.h b/servconf.h index ad13f2edd..5a058a416 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.h,v 1.94 2010/09/22 05:01:29 djm Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.95 2010/11/13 23:27:50 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -70,6 +70,8 @@ typedef struct { | |||
70 | char *xauth_location; /* Location of xauth program */ | 70 | char *xauth_location; /* Location of xauth program */ |
71 | int strict_modes; /* If true, require string home dir modes. */ | 71 | int strict_modes; /* If true, require string home dir modes. */ |
72 | int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */ | 72 | int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */ |
73 | int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ | ||
74 | int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ | ||
73 | char *ciphers; /* Supported SSH2 ciphers. */ | 75 | char *ciphers; /* Supported SSH2 ciphers. */ |
74 | char *macs; /* Supported SSH2 macs. */ | 76 | char *macs; /* Supported SSH2 macs. */ |
75 | char *kex_algorithms; /* SSH2 kex methods in order of preference. */ | 77 | char *kex_algorithms; /* SSH2 kex methods in order of preference. */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.c,v 1.256 2010/06/25 07:20:04 djm Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.257 2010/11/13 23:27:50 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -585,7 +585,8 @@ do_exec_no_pty(Session *s, const char *command) | |||
585 | 585 | ||
586 | s->pid = pid; | 586 | s->pid = pid; |
587 | /* Set interactive/non-interactive mode. */ | 587 | /* Set interactive/non-interactive mode. */ |
588 | packet_set_interactive(s->display != NULL); | 588 | packet_set_interactive(s->display != NULL, |
589 | options.ip_qos_interactive, options.ip_qos_bulk); | ||
589 | 590 | ||
590 | /* | 591 | /* |
591 | * Clear loginmsg, since it's the child's responsibility to display | 592 | * Clear loginmsg, since it's the child's responsibility to display |
@@ -739,7 +740,8 @@ do_exec_pty(Session *s, const char *command) | |||
739 | 740 | ||
740 | /* Enter interactive session. */ | 741 | /* Enter interactive session. */ |
741 | s->ptymaster = ptymaster; | 742 | s->ptymaster = ptymaster; |
742 | packet_set_interactive(1); | 743 | packet_set_interactive(1, |
744 | options.ip_qos_interactive, options.ip_qos_bulk); | ||
743 | if (compat20) { | 745 | if (compat20) { |
744 | session_set_fds(s, ptyfd, fdout, -1, 1, 1); | 746 | session_set_fds(s, ptyfd, fdout, -1, 1, 1); |
745 | } else { | 747 | } else { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.353 2010/10/06 06:39:28 djm Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.354 2010/11/13 23:27:50 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1224,7 +1224,8 @@ ssh_session(void) | |||
1224 | } | 1224 | } |
1225 | } | 1225 | } |
1226 | /* Tell the packet module whether this is an interactive session. */ | 1226 | /* Tell the packet module whether this is an interactive session. */ |
1227 | packet_set_interactive(interactive); | 1227 | packet_set_interactive(interactive, |
1228 | options.ip_qos_interactive, options.ip_qos_bulk); | ||
1228 | 1229 | ||
1229 | /* Request authentication agent forwarding if appropriate. */ | 1230 | /* Request authentication agent forwarding if appropriate. */ |
1230 | check_agent_present(); | 1231 | check_agent_present(); |
@@ -1322,8 +1323,6 @@ ssh_session2_setup(int id, int success, void *arg) | |||
1322 | 1323 | ||
1323 | client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), | 1324 | client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), |
1324 | NULL, fileno(stdin), &command, environ); | 1325 | NULL, fileno(stdin), &command, environ); |
1325 | |||
1326 | packet_set_interactive(interactive); | ||
1327 | } | 1326 | } |
1328 | 1327 | ||
1329 | /* open new channel for a session */ | 1328 | /* open new channel for a session */ |
diff --git a/ssh_config.5 b/ssh_config.5 index dd39bfafb..9e82fa864 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.142 2010/10/28 18:33:28 jmc Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.143 2010/11/13 23:27:50 djm Exp $ |
37 | .Dd $Mdocdate: October 28 2010 $ | 37 | .Dd $Mdocdate: November 13 2010 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -626,6 +626,43 @@ escape characters: | |||
626 | It is possible to have | 626 | It is possible to have |
627 | multiple identity files specified in configuration files; all these | 627 | multiple identity files specified in configuration files; all these |
628 | identities will be tried in sequence. | 628 | identities will be tried in sequence. |
629 | .It Cm IPQoS | ||
630 | Specifies the IPv4 type-of-service or DSCP class for connections. | ||
631 | Accepted values are | ||
632 | .Dq af11 , | ||
633 | .Dq af12 , | ||
634 | .Dq af13 , | ||
635 | .Dq af14 , | ||
636 | .Dq af22 , | ||
637 | .Dq af23 , | ||
638 | .Dq af31 , | ||
639 | .Dq af32 , | ||
640 | .Dq af33 , | ||
641 | .Dq af41 , | ||
642 | .Dq af42 , | ||
643 | .Dq af43 , | ||
644 | .Dq cs0 , | ||
645 | .Dq cs1 , | ||
646 | .Dq cs2 , | ||
647 | .Dq cs3 , | ||
648 | .Dq cs4 , | ||
649 | .Dq cs5 , | ||
650 | .Dq cs6 , | ||
651 | .Dq cs7 , | ||
652 | .Dq ef , | ||
653 | .Dq lowdelay , | ||
654 | .Dq throughput , | ||
655 | .Dq reliability , | ||
656 | or a numeric value. | ||
657 | This option may take one or two arguments. | ||
658 | If one argument is specified, it is used as the packet class unconditionally. | ||
659 | If two values are specified, the first is automatically selected for | ||
660 | interactive sessions and the second for non-interactive sessions. | ||
661 | The default is | ||
662 | .Dq lowdelay | ||
663 | for interactive sessions and | ||
664 | .Dq throughput | ||
665 | for non-interactive sessions. | ||
629 | .It Cm KbdInteractiveAuthentication | 666 | .It Cm KbdInteractiveAuthentication |
630 | Specifies whether to use keyboard-interactive authentication. | 667 | Specifies whether to use keyboard-interactive authentication. |
631 | The argument to this keyword must be | 668 | The argument to this keyword must be |
diff --git a/sshd_config.5 b/sshd_config.5 index d0c02ca7c..60808d233 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.128 2010/10/28 18:33:28 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.129 2010/11/13 23:27:51 djm Exp $ |
37 | .Dd $Mdocdate: October 28 2010 $ | 37 | .Dd $Mdocdate: November 13 2010 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -512,6 +512,43 @@ or | |||
512 | .Cm HostbasedAuthentication . | 512 | .Cm HostbasedAuthentication . |
513 | The default is | 513 | The default is |
514 | .Dq no . | 514 | .Dq no . |
515 | .It Cm IPQoS | ||
516 | Specifies the IPv4 type-of-service or DSCP class for the connection. | ||
517 | Accepted values are | ||
518 | .Dq af11 , | ||
519 | .Dq af12 , | ||
520 | .Dq af13 , | ||
521 | .Dq af14 , | ||
522 | .Dq af22 , | ||
523 | .Dq af23 , | ||
524 | .Dq af31 , | ||
525 | .Dq af32 , | ||
526 | .Dq af33 , | ||
527 | .Dq af41 , | ||
528 | .Dq af42 , | ||
529 | .Dq af43 , | ||
530 | .Dq cs0 , | ||
531 | .Dq cs1 , | ||
532 | .Dq cs2 , | ||
533 | .Dq cs3 , | ||
534 | .Dq cs4 , | ||
535 | .Dq cs5 , | ||
536 | .Dq cs6 , | ||
537 | .Dq cs7 , | ||
538 | .Dq ef , | ||
539 | .Dq lowdelay , | ||
540 | .Dq throughput , | ||
541 | .Dq reliability , | ||
542 | or a numeric value. | ||
543 | This option may take one or two arguments. | ||
544 | If one argument is specified, it is used as the packet class unconditionally. | ||
545 | If two values are specified, the first is automatically selected for | ||
546 | interactive sessions and the second for non-interactive sessions. | ||
547 | The default is | ||
548 | .Dq lowdelay | ||
549 | for interactive sessions and | ||
550 | .Dq throughput | ||
551 | for non-interactive sessions. | ||
515 | .It Cm KerberosAuthentication | 552 | .It Cm KerberosAuthentication |
516 | Specifies whether the password provided by the user for | 553 | Specifies whether the password provided by the user for |
517 | .Cm PasswordAuthentication | 554 | .Cm PasswordAuthentication |