Bugzilla – Attachment 1810 Details for
Bug 1733
Enhance support for QoS (ToS) by supporting DSCP/CS and adding option
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
QoS fix for DSCP/CS markings with sytem-wide config restriction
openssh-qos.patch (text/plain), 26.27 KB, created by
Philip Prindeville
on 2010-03-14 05:05:47 AEDT
(
hide
)
Description:
QoS fix for DSCP/CS markings with sytem-wide config restriction
Filename:
MIME Type:
Creator:
Philip Prindeville
Created:
2010-03-14 05:05:47 AEDT
Size:
26.27 KB
patch
obsolete
>Index: defines.h >=================================================================== >RCS file: /cvs/openssh/defines.h,v >retrieving revision 1.159 >diff -u -p -r1.159 defines.h >--- defines.h 13 Jan 2010 23:44:34 -0000 1.159 >+++ defines.h 13 Mar 2010 18:03:28 -0000 >@@ -50,6 +50,35 @@ enum > # define IPTOS_MINCOST IPTOS_LOWCOST > #endif /* IPTOS_LOWDELAY */ > >+/* in glibc 2.12 */ >+#ifndef IPTOS_CLASS_CS0 >+#define IPTOS_CLASS_CS0 0x00 >+#define IPTOS_CLASS_CS1 0x20 >+#define IPTOS_CLASS_CS2 0x40 >+#define IPTOS_CLASS_CS3 0x60 >+#define IPTOS_CLASS_CS4 0x80 >+#define IPTOS_CLASS_CS5 0xa0 >+#define IPTOS_CLASS_CS6 0xc0 >+#define IPTOS_CLASS_CS7 0xe0 >+#endif >+ >+/* in glibc 2.11 */ >+#ifndef IPTOS_DSCP_AF11 >+#define IPTOS_DSCP_AF11 0x28 >+#define IPTOS_DSCP_AF12 0x30 >+#define IPTOS_DSCP_AF13 0x38 >+#define IPTOS_DSCP_AF21 0x48 >+#define IPTOS_DSCP_AF22 0x50 >+#define IPTOS_DSCP_AF23 0x58 >+#define IPTOS_DSCP_AF31 0x68 >+#define IPTOS_DSCP_AF32 0x70 >+#define IPTOS_DSCP_AF33 0x78 >+#define IPTOS_DSCP_AF41 0x88 >+#define IPTOS_DSCP_AF42 0x90 >+#define IPTOS_DSCP_AF43 0x98 >+#define IPTOS_DSCP_EF 0xb8 >+#endif >+ > #ifndef MAXPATHLEN > # ifdef PATH_MAX > # define MAXPATHLEN PATH_MAX >Index: packet.c >=================================================================== >RCS file: /cvs/openssh/packet.c,v >retrieving revision 1.169 >diff -u -p -r1.169 packet.c >--- packet.c 2 Oct 2009 01:49:04 -0000 1.169 >+++ packet.c 13 Mar 2010 18:03:29 -0000 >@@ -78,6 +78,7 @@ > #include "misc.h" > #include "ssh.h" > #include "roaming.h" >+#include "readconf.h" > > #ifdef PACKET_DEBUG > #define DBG(x) x >@@ -1728,11 +1729,9 @@ packet_not_very_much_data_to_write(void) > } > > static void >-packet_set_tos(int interactive) >+packet_set_tos(int tos) > { > #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) >- int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT; >- > if (!packet_connection_is_on_socket() || > !packet_connection_is_ipv4()) > return; >@@ -1746,7 +1745,7 @@ packet_set_tos(int interactive) > /* Informs that the current session is interactive. Sets IP flags for that. */ > > void >-packet_set_interactive(int interactive) >+packet_set_interactive(int interactive, u_char qos[2]) > { > if (active_state->set_interactive_called) > return; >@@ -1759,7 +1758,7 @@ packet_set_interactive(int interactive) > if (!packet_connection_is_on_socket()) > return; > set_nodelay(active_state->connection_in); >- packet_set_tos(interactive); >+ packet_set_tos(interactive ? qos[1] : qos[0]); > } > > /* Returns true if the current connection is interactive. */ >Index: packet.h >=================================================================== >RCS file: /cvs/openssh/packet.h,v >retrieving revision 1.54 >diff -u -p -r1.54 packet.h >--- packet.h 5 Jul 2009 21:11:13 -0000 1.54 >+++ packet.h 13 Mar 2010 18:03:29 -0000 >@@ -31,7 +31,7 @@ u_int packet_get_encryption_key(u_char > void packet_set_protocol_flags(u_int); > u_int packet_get_protocol_flags(void); > void packet_start_compression(int); >-void packet_set_interactive(int); >+void packet_set_interactive(int, u_char []); > int packet_is_interactive(void); > void packet_set_server(void); > void packet_set_authenticated(void); >Index: readconf.c >=================================================================== >RCS file: /cvs/openssh/readconf.c,v >retrieving revision 1.162 >diff -u -p -r1.162 readconf.c >--- readconf.c 11 Feb 2010 22:21:03 -0000 1.162 >+++ readconf.c 13 Mar 2010 18:03:29 -0000 >@@ -131,6 +131,7 @@ typedef enum { > oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, > oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, > oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, >+ oUseQoS, > oDeprecated, oUnsupported > } OpCodes; > >@@ -138,107 +139,109 @@ typedef enum { > > static struct { > const char *name; >+ int restricted; > OpCodes opcode; > } keywords[] = { >- { "forwardagent", oForwardAgent }, >- { "forwardx11", oForwardX11 }, >- { "forwardx11trusted", oForwardX11Trusted }, >- { "exitonforwardfailure", oExitOnForwardFailure }, >- { "xauthlocation", oXAuthLocation }, >- { "gatewayports", oGatewayPorts }, >- { "useprivilegedport", oUsePrivilegedPort }, >- { "rhostsauthentication", oDeprecated }, >- { "passwordauthentication", oPasswordAuthentication }, >- { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, >- { "kbdinteractivedevices", oKbdInteractiveDevices }, >- { "rsaauthentication", oRSAAuthentication }, >- { "pubkeyauthentication", oPubkeyAuthentication }, >- { "dsaauthentication", oPubkeyAuthentication }, /* alias */ >- { "rhostsrsaauthentication", oRhostsRSAAuthentication }, >- { "hostbasedauthentication", oHostbasedAuthentication }, >- { "challengeresponseauthentication", oChallengeResponseAuthentication }, >- { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ >- { "tisauthentication", oChallengeResponseAuthentication }, /* alias */ >- { "kerberosauthentication", oUnsupported }, >- { "kerberostgtpassing", oUnsupported }, >- { "afstokenpassing", oUnsupported }, >+ { "forwardagent", 0, oForwardAgent }, >+ { "forwardx11", 0, oForwardX11 }, >+ { "forwardx11trusted", 0, oForwardX11Trusted }, >+ { "exitonforwardfailure", 0, oExitOnForwardFailure }, >+ { "xauthlocation", 0, oXAuthLocation }, >+ { "gatewayports", 0, oGatewayPorts }, >+ { "useprivilegedport", 0, oUsePrivilegedPort }, >+ { "rhostsauthentication", 0, oDeprecated }, >+ { "passwordauthentication", 0, oPasswordAuthentication }, >+ { "kbdinteractiveauthentication", 0, oKbdInteractiveAuthentication }, >+ { "kbdinteractivedevices", 0, oKbdInteractiveDevices }, >+ { "rsaauthentication", 0, oRSAAuthentication }, >+ { "pubkeyauthentication", 0, oPubkeyAuthentication }, >+ { "dsaauthentication", 0, oPubkeyAuthentication }, /* alias */ >+ { "rhostsrsaauthentication", 0, oRhostsRSAAuthentication }, >+ { "hostbasedauthentication", 0, oHostbasedAuthentication }, >+ { "challengeresponseauthentication", 0, oChallengeResponseAuthentication }, >+ { "skeyauthentication", 0, oChallengeResponseAuthentication }, /* alias */ >+ { "tisauthentication", 0, oChallengeResponseAuthentication }, /* alias */ >+ { "kerberosauthentication", 0, oUnsupported }, >+ { "kerberostgtpassing", 0, oUnsupported }, >+ { "afstokenpassing", 0, oUnsupported }, > #if defined(GSSAPI) >- { "gssapiauthentication", oGssAuthentication }, >- { "gssapidelegatecredentials", oGssDelegateCreds }, >+ { "gssapiauthentication", 0, oGssAuthentication }, >+ { "gssapidelegatecredentials", 0, oGssDelegateCreds }, > #else >- { "gssapiauthentication", oUnsupported }, >- { "gssapidelegatecredentials", oUnsupported }, >+ { "gssapiauthentication", 0, oUnsupported }, >+ { "gssapidelegatecredentials", 0, oUnsupported }, > #endif >- { "fallbacktorsh", oDeprecated }, >- { "usersh", oDeprecated }, >- { "identityfile", oIdentityFile }, >- { "identityfile2", oIdentityFile }, /* obsolete */ >- { "identitiesonly", oIdentitiesOnly }, >- { "hostname", oHostName }, >- { "hostkeyalias", oHostKeyAlias }, >- { "proxycommand", oProxyCommand }, >- { "port", oPort }, >- { "cipher", oCipher }, >- { "ciphers", oCiphers }, >- { "macs", oMacs }, >- { "protocol", oProtocol }, >- { "remoteforward", oRemoteForward }, >- { "localforward", oLocalForward }, >- { "user", oUser }, >- { "host", oHost }, >- { "escapechar", oEscapeChar }, >- { "globalknownhostsfile", oGlobalKnownHostsFile }, >- { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, /* obsolete */ >- { "userknownhostsfile", oUserKnownHostsFile }, >- { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */ >- { "connectionattempts", oConnectionAttempts }, >- { "batchmode", oBatchMode }, >- { "checkhostip", oCheckHostIP }, >- { "stricthostkeychecking", oStrictHostKeyChecking }, >- { "compression", oCompression }, >- { "compressionlevel", oCompressionLevel }, >- { "tcpkeepalive", oTCPKeepAlive }, >- { "keepalive", oTCPKeepAlive }, /* obsolete */ >- { "numberofpasswordprompts", oNumberOfPasswordPrompts }, >- { "loglevel", oLogLevel }, >- { "dynamicforward", oDynamicForward }, >- { "preferredauthentications", oPreferredAuthentications }, >- { "hostkeyalgorithms", oHostKeyAlgorithms }, >- { "bindaddress", oBindAddress }, >+ { "fallbacktorsh", 0, oDeprecated }, >+ { "usersh", 0, oDeprecated }, >+ { "identityfile", 0, oIdentityFile }, >+ { "identityfile2", 0, oIdentityFile }, /* obsolete */ >+ { "identitiesonly", 0, oIdentitiesOnly }, >+ { "hostname", 0, oHostName }, >+ { "hostkeyalias", 0, oHostKeyAlias }, >+ { "proxycommand", 0, oProxyCommand }, >+ { "port", 0, oPort }, >+ { "cipher", 0, oCipher }, >+ { "ciphers", 0, oCiphers }, >+ { "macs", 0, oMacs }, >+ { "protocol", 0, oProtocol }, >+ { "remoteforward", 0, oRemoteForward }, >+ { "localforward", 0, oLocalForward }, >+ { "user", 0, oUser }, >+ { "host", 0, oHost }, >+ { "escapechar", 0, oEscapeChar }, >+ { "globalknownhostsfile", 0, oGlobalKnownHostsFile }, >+ { "globalknownhostsfile2", 0, oGlobalKnownHostsFile2 }, /* obsolete */ >+ { "userknownhostsfile", 0, oUserKnownHostsFile }, >+ { "userknownhostsfile2", 0, oUserKnownHostsFile2 }, /* obsolete */ >+ { "connectionattempts", 0, oConnectionAttempts }, >+ { "batchmode", 0, oBatchMode }, >+ { "checkhostip", 0, oCheckHostIP }, >+ { "stricthostkeychecking", 0, oStrictHostKeyChecking }, >+ { "compression", 0, oCompression }, >+ { "compressionlevel", 0, oCompressionLevel }, >+ { "tcpkeepalive", 0, oTCPKeepAlive }, >+ { "keepalive", 0, oTCPKeepAlive }, /* obsolete */ >+ { "numberofpasswordprompts", 0, oNumberOfPasswordPrompts }, >+ { "loglevel", 0, oLogLevel }, >+ { "dynamicforward", 0, oDynamicForward }, >+ { "preferredauthentications", 0, oPreferredAuthentications }, >+ { "hostkeyalgorithms", 0, oHostKeyAlgorithms }, >+ { "bindaddress", 0, oBindAddress }, > #ifdef ENABLE_PKCS11 >- { "smartcarddevice", oPKCS11Provider }, >- { "pkcs11provider", oPKCS11Provider }, >+ { "smartcarddevice", 0, oPKCS11Provider }, >+ { "pkcs11provider", 0, oPKCS11Provider }, > #else >- { "smartcarddevice", oUnsupported }, >- { "pkcs11provider", oUnsupported }, >+ { "smartcarddevice", 0, oUnsupported }, >+ { "pkcs11provider", 0, oUnsupported }, > #endif >- { "clearallforwardings", oClearAllForwardings }, >- { "enablesshkeysign", oEnableSSHKeysign }, >- { "verifyhostkeydns", oVerifyHostKeyDNS }, >- { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, >- { "rekeylimit", oRekeyLimit }, >- { "connecttimeout", oConnectTimeout }, >- { "addressfamily", oAddressFamily }, >- { "serveraliveinterval", oServerAliveInterval }, >- { "serveralivecountmax", oServerAliveCountMax }, >- { "sendenv", oSendEnv }, >- { "controlpath", oControlPath }, >- { "controlmaster", oControlMaster }, >- { "hashknownhosts", oHashKnownHosts }, >- { "tunnel", oTunnel }, >- { "tunneldevice", oTunnelDevice }, >- { "localcommand", oLocalCommand }, >- { "permitlocalcommand", oPermitLocalCommand }, >- { "visualhostkey", oVisualHostKey }, >- { "useroaming", oUseRoaming }, >+ { "clearallforwardings", 0, oClearAllForwardings }, >+ { "enablesshkeysign", 0, oEnableSSHKeysign }, >+ { "verifyhostkeydns", 0, oVerifyHostKeyDNS }, >+ { "nohostauthenticationforlocalhost", 0, oNoHostAuthenticationForLocalhost }, >+ { "rekeylimit", 0, oRekeyLimit }, >+ { "connecttimeout", 0, oConnectTimeout }, >+ { "addressfamily", 0, oAddressFamily }, >+ { "serveraliveinterval", 0, oServerAliveInterval }, >+ { "serveralivecountmax", 0, oServerAliveCountMax }, >+ { "sendenv", 0, oSendEnv }, >+ { "controlpath", 0, oControlPath }, >+ { "controlmaster", 0, oControlMaster }, >+ { "hashknownhosts", 0, oHashKnownHosts }, >+ { "tunnel", 0, oTunnel }, >+ { "tunneldevice", 0, oTunnelDevice }, >+ { "localcommand", 0, oLocalCommand }, >+ { "permitlocalcommand", 0, oPermitLocalCommand }, >+ { "visualhostkey", 0, oVisualHostKey }, >+ { "useroaming", 0, oUseRoaming }, >+ { "useqos", 1, oUseQoS}, > #ifdef JPAKE >- { "zeroknowledgepasswordauthentication", >+ { "zeroknowledgepasswordauthentication", 0, > oZeroKnowledgePasswordAuthentication }, > #else >- { "zeroknowledgepasswordauthentication", oUnsupported }, >+ { "zeroknowledgepasswordauthentication", 0, oUnsupported }, > #endif > >- { NULL, oBadOption } >+ { NULL, 0, oBadOption } > }; > > /* >@@ -310,19 +313,64 @@ clear_forwardings(Options *options) > */ > > static OpCodes >-parse_token(const char *cp, const char *filename, int linenum) >+parse_token(const char *cp, const char *filename, int linenum, int *restricted) > { > u_int i; > > for (i = 0; keywords[i].name; i++) >- if (strcasecmp(cp, keywords[i].name) == 0) >+ if (strcasecmp(cp, keywords[i].name) == 0) { >+ *restricted= keywords[i].restricted; > return keywords[i].opcode; >+ } > > error("%s: line %d: Bad configuration option: %s", > filename, linenum, cp); > return oBadOption; > } > >+struct { >+ const char *name; >+ int value; >+} qos[] = { >+ { "cs0", IPTOS_CLASS_CS0 }, >+ { "cs1", IPTOS_CLASS_CS1 }, >+ { "cs2", IPTOS_CLASS_CS2 }, >+ { "cs3", IPTOS_CLASS_CS3 }, >+ { "cs4", IPTOS_CLASS_CS4 }, >+ { "cs5", IPTOS_CLASS_CS5 }, >+ { "cs6", IPTOS_CLASS_CS6 }, >+ { "cs7", IPTOS_CLASS_CS7 }, >+ { "af11", IPTOS_DSCP_AF11 }, >+ { "af12", IPTOS_DSCP_AF12 }, >+ { "af13", IPTOS_DSCP_AF13 }, >+ { "af21", IPTOS_DSCP_AF21 }, >+ { "af22", IPTOS_DSCP_AF22 }, >+ { "af23", IPTOS_DSCP_AF23 }, >+ { "af31", IPTOS_DSCP_AF31 }, >+ { "af32", IPTOS_DSCP_AF32 }, >+ { "af33", IPTOS_DSCP_AF33 }, >+ { "af41", IPTOS_DSCP_AF41 }, >+ { "af42", IPTOS_DSCP_AF42 }, >+ { "af43", IPTOS_DSCP_AF43 }, >+ { "ef", IPTOS_DSCP_EF }, >+ { "lowdelay", IPTOS_LOWDELAY }, >+ { "throughput", IPTOS_THROUGHPUT }, >+ { "reliability", IPTOS_RELIABILITY }, >+ { "lowcost", IPTOS_LOWCOST }, >+ { "mincost", IPTOS_MINCOST }, >+ { NULL, -1 }, >+}; >+ >+static int parse_qos(const char *cp) >+{ >+ u_int i; >+ >+ for (i = 0; qos[i].name; i++) >+ if (strcasecmp(cp, qos[i].name) == 0) >+ return qos[i].value; >+ return -1; >+} >+ > /* > * Processes a single option line as used in the configuration files. This > * only sets those values that have not already been set. >@@ -332,10 +380,10 @@ parse_token(const char *cp, const char * > int > process_config_line(Options *options, const char *host, > char *line, const char *filename, int linenum, >- int *activep) >+ int *activep, int systemwide) > { > char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; >- int opcode, *intptr, value, value2, scale; >+ int opcode, *intptr, value, value2, scale, restricted; > LogLevel *log_level_ptr; > long long orig, val64; > size_t len; >@@ -358,7 +406,11 @@ process_config_line(Options *options, co > if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#') > return 0; > >- opcode = parse_token(keyword, filename, linenum); >+ opcode = parse_token(keyword, filename, linenum, &restricted); >+ >+ if (restricted && !systemwide) { >+ fatal("%s line %d: not permitted in user profile.", filename, linenum); >+ } > > switch (opcode) { > case oBadOption: >@@ -921,6 +973,27 @@ parse_int: > intptr = &options->use_roaming; > goto parse_flag; > >+ case oUseQoS: >+ arg = strdelim(&s); >+ if (arg == NULL || *arg == '\0') >+ fatal("%.200s line %d: Missing non-interactive QoS argument.", >+ filename, linenum); >+ >+ arg2 = strdelim(&s); >+ if (arg2 == NULL || *arg2 == '\0') >+ fatal("%.200s line %d: Missing interactive QoS argument.", >+ filename, linenum); >+ >+ value = parse_qos(arg); >+ value2 = parse_qos(arg2); >+ if (value == -1 || value2 == -1) >+ fatal("%.200s line %d: Bad QoS argument.", >+ filename, linenum); >+ >+ options->use_qos[0] = value; >+ options->use_qos[1] = value2; >+ break; >+ > case oDeprecated: > debug("%s line %d: Deprecated option \"%s\"", > filename, linenum, keyword); >@@ -952,7 +1025,7 @@ parse_int: > > int > read_config_file(const char *filename, const char *host, Options *options, >- int checkperm) >+ int checkperm, int systemwide) > { > FILE *f; > char line[1024]; >@@ -983,7 +1056,7 @@ read_config_file(const char *filename, c > while (fgets(line, sizeof(line), f)) { > /* Update line number counter. */ > linenum++; >- if (process_config_line(options, host, line, filename, linenum, &active) != 0) >+ if (process_config_line(options, host, line, filename, linenum, &active, systemwide) != 0) > bad_options++; > } > fclose(f); >@@ -1071,6 +1144,8 @@ initialize_options(Options * options) > options->local_command = NULL; > options->permit_local_command = -1; > options->use_roaming = -1; >+ options->use_qos[0] = -1; >+ options->use_qos[1] = -1; > options->visual_host_key = -1; > options->zero_knowledge_password_authentication = -1; > } >@@ -1219,6 +1294,10 @@ fill_default_options(Options * options) > /* options->hostname will be set in the main program if appropriate */ > /* options->host_key_alias should not be set by default */ > /* options->preferred_authentications will be set in ssh */ >+ if (options->use_qos[0] == -1) >+ options->use_qos[0] = IPTOS_THROUGHPUT; >+ if (options->use_qos[1] == -1) >+ options->use_qos[1] = IPTOS_LOWDELAY; > } > > /* >Index: readconf.h >=================================================================== >RCS file: /cvs/openssh/readconf.h,v >retrieving revision 1.74 >diff -u -p -r1.74 readconf.h >--- readconf.h 11 Feb 2010 22:21:03 -0000 1.74 >+++ readconf.h 13 Mar 2010 18:03:29 -0000 >@@ -125,6 +125,8 @@ typedef struct { > > int use_roaming; > >+ u_char use_qos[2]; >+ > } Options; > > #define SSHCTL_MASTER_NO 0 >@@ -135,11 +137,11 @@ typedef struct { > > void initialize_options(Options *); > void fill_default_options(Options *); >-int read_config_file(const char *, const char *, Options *, int); >+int read_config_file(const char *, const char *, Options *, int, int); > int parse_forward(Forward *, const char *, int, int); > > int >-process_config_line(Options *, const char *, char *, const char *, int, int *); >+process_config_line(Options *, const char *, char *, const char *, int, int *, int); > > void add_local_forward(Options *, const Forward *); > void add_remote_forward(Options *, const Forward *); >Index: servconf.c >=================================================================== >RCS file: /cvs/openssh/servconf.c,v >retrieving revision 1.199 >diff -u -p -r1.199 servconf.c >--- servconf.c 4 Mar 2010 10:53:35 -0000 1.199 >+++ servconf.c 13 Mar 2010 18:03:29 -0000 >@@ -131,6 +131,8 @@ initialize_server_options(ServerOptions > options->zero_knowledge_password_authentication = -1; > options->revoked_keys_file = NULL; > options->trusted_user_ca_keys = NULL; >+ options->use_qos[0] = -1; >+ options->use_qos[1] = -1; > } > > void >@@ -265,6 +267,10 @@ fill_default_server_options(ServerOption > options->permit_tun = SSH_TUNMODE_NO; > if (options->zero_knowledge_password_authentication == -1) > options->zero_knowledge_password_authentication = 0; >+ if (options->use_qos[0] == -1) >+ options->use_qos[0] = IPTOS_THROUGHPUT; >+ if (options->use_qos[1] == -1) >+ options->use_qos[1] = IPTOS_LOWDELAY; > > /* Turn privilege separation on by default */ > if (use_privsep == -1) >@@ -310,7 +316,7 @@ typedef enum { > sMatch, sPermitOpen, sForceCommand, sChrootDirectory, > sUsePrivilegeSeparation, sAllowAgentForwarding, > sZeroKnowledgePasswordAuthentication, sHostCertificate, >- sRevokedKeys, sTrustedUserCAKeys, >+ sRevokedKeys, sTrustedUserCAKeys, sUseQoS, > sDeprecated, sUnsupported > } ServerOpCodes; > >@@ -432,6 +438,7 @@ static struct { > { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, > { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, > { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, >+ { "useqos", sUseQoS, SSHCFG_ALL }, > { NULL, sBadOption, 0 } > }; > >@@ -467,6 +474,49 @@ parse_token(const char *cp, const char * > return sBadOption; > } > >+struct { >+ const char *name; >+ int value; >+} qos[] = { >+ { "cs0", IPTOS_CLASS_CS0 }, >+ { "cs1", IPTOS_CLASS_CS1 }, >+ { "cs2", IPTOS_CLASS_CS2 }, >+ { "cs3", IPTOS_CLASS_CS3 }, >+ { "cs4", IPTOS_CLASS_CS4 }, >+ { "cs5", IPTOS_CLASS_CS5 }, >+ { "cs6", IPTOS_CLASS_CS6 }, >+ { "cs7", IPTOS_CLASS_CS7 }, >+ { "af11", IPTOS_DSCP_AF11 }, >+ { "af12", IPTOS_DSCP_AF12 }, >+ { "af13", IPTOS_DSCP_AF13 }, >+ { "af21", IPTOS_DSCP_AF21 }, >+ { "af22", IPTOS_DSCP_AF22 }, >+ { "af23", IPTOS_DSCP_AF23 }, >+ { "af31", IPTOS_DSCP_AF31 }, >+ { "af32", IPTOS_DSCP_AF32 }, >+ { "af33", IPTOS_DSCP_AF33 }, >+ { "af41", IPTOS_DSCP_AF41 }, >+ { "af42", IPTOS_DSCP_AF42 }, >+ { "af43", IPTOS_DSCP_AF43 }, >+ { "ef", IPTOS_DSCP_EF }, >+ { "lowdelay", IPTOS_LOWDELAY }, >+ { "throughput", IPTOS_THROUGHPUT }, >+ { "reliability", IPTOS_RELIABILITY }, >+ { "lowcost", IPTOS_LOWCOST }, >+ { "mincost", IPTOS_MINCOST }, >+ { NULL, -1 }, >+}; >+ >+static int parse_qos(const char *cp) >+{ >+ u_int i; >+ >+ for (i = 0; qos[i].name; i++) >+ if (strcasecmp(cp, qos[i].name) == 0) >+ return qos[i].value; >+ return -1; >+} >+ > char * > derelativise_path(const char *path) > { >@@ -661,8 +711,8 @@ process_server_config_line(ServerOptions > const char *filename, int linenum, int *activep, const char *user, > const char *host, const char *address) > { >- char *cp, **charptr, *arg, *p; >- int cmdline = 0, *intptr, value, n; >+ char *cp, **charptr, *arg, *arg2, *p; >+ int cmdline = 0, *intptr, value, value2, n; > SyslogFacility *log_facility_ptr; > LogLevel *log_level_ptr; > ServerOpCodes opcode; >@@ -1335,6 +1385,27 @@ process_server_config_line(ServerOptions > case sRevokedKeys: > charptr = &options->revoked_keys_file; > goto parse_filename; >+ >+ case sUseQoS: >+ arg = strdelim(&cp); >+ if (arg == NULL || *arg == '\0') >+ fatal("%.200s line %d: Missing non-interactive QoS argument.", >+ filename, linenum); >+ >+ arg2 = strdelim(&cp); >+ if (arg2 == NULL || *arg2 == '\0') >+ fatal("%.200s line %d: Missing interactive QoS argument.", >+ filename, linenum); >+ >+ value = parse_qos(arg); >+ value2 = parse_qos(arg2); >+ if (value == -1 || value2 == -1) >+ fatal("%.200s line %d: Bad QoS argument.", >+ filename, linenum); >+ >+ options->use_qos[0] = value; >+ options->use_qos[1] = value2; >+ break; > > case sDeprecated: > logit("%s line %d: Deprecated option %s", >Index: servconf.h >=================================================================== >RCS file: /cvs/openssh/servconf.h,v >retrieving revision 1.84 >diff -u -p -r1.84 servconf.h >--- servconf.h 4 Mar 2010 10:53:35 -0000 1.84 >+++ servconf.h 13 Mar 2010 18:03:29 -0000 >@@ -156,6 +156,8 @@ typedef struct { > char *chroot_directory; > char *revoked_keys_file; > char *trusted_user_ca_keys; >+ >+ u_char use_qos[2]; > } ServerOptions; > > void initialize_server_options(ServerOptions *); >Index: session.c >=================================================================== >RCS file: /cvs/openssh/session.c,v >retrieving revision 1.393 >diff -u -p -r1.393 session.c >--- session.c 7 Mar 2010 12:05:17 -0000 1.393 >+++ session.c 13 Mar 2010 18:03:30 -0000 >@@ -579,7 +579,7 @@ do_exec_no_pty(Session *s, const char *c > > s->pid = pid; > /* Set interactive/non-interactive mode. */ >- packet_set_interactive(s->display != NULL); >+ packet_set_interactive(s->display != NULL, options.use_qos); > > /* > * Clear loginmsg, since it's the child's responsibility to display >@@ -738,7 +738,7 @@ do_exec_pty(Session *s, const char *comm > > /* Enter interactive session. */ > s->ptymaster = ptymaster; >- packet_set_interactive(1); >+ packet_set_interactive(1, options.use_qos); > if (compat20) { > session_set_fds(s, ptyfd, fdout, -1, 1); > } else { >Index: ssh-keysign.c >=================================================================== >RCS file: /cvs/openssh/ssh-keysign.c,v >retrieving revision 1.38 >diff -u -p -r1.38 ssh-keysign.c >--- ssh-keysign.c 13 Jan 2010 11:43:34 -0000 1.38 >+++ ssh-keysign.c 13 Mar 2010 18:03:30 -0000 >@@ -185,7 +185,7 @@ main(int argc, char **argv) > > /* verify that ssh-keysign is enabled by the admin */ > initialize_options(&options); >- (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0); >+ (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0, 1); > fill_default_options(&options); > if (options.enable_ssh_keysign != 1) > fatal("ssh-keysign not enabled in %s", >Index: ssh.c >=================================================================== >RCS file: /cvs/openssh/ssh.c,v >retrieving revision 1.327 >diff -u -p -r1.327 ssh.c >--- ssh.c 26 Feb 2010 20:55:06 -0000 1.327 >+++ ssh.c 13 Mar 2010 18:03:30 -0000 >@@ -533,7 +533,7 @@ main(int ac, char **av) > dummy = 1; > line = xstrdup(optarg); > if (process_config_line(&options, host ? host : "", >- line, "command-line", 0, &dummy) != 0) >+ line, "command-line", 0, &dummy, 0) != 0) > exit(255); > xfree(line); > break; >@@ -643,18 +643,18 @@ main(int ac, char **av) > * file if the user specifies a config file on the command line. > */ > if (config != NULL) { >- if (!read_config_file(config, host, &options, 0)) >+ if (!read_config_file(config, host, &options, 0, 0)) > fatal("Can't open user config file %.100s: " > "%.100s", config, strerror(errno)); > } else { > r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, > _PATH_SSH_USER_CONFFILE); > if (r > 0 && (size_t)r < sizeof(buf)) >- (void)read_config_file(buf, host, &options, 1); >+ (void)read_config_file(buf, host, &options, 1, 0); > > /* Read systemwide configuration file after use config. */ > (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, >- &options, 0); >+ &options, 0, 1); > } > > /* Fill configuration defaults. */ >@@ -1111,7 +1111,7 @@ ssh_session(void) > } > } > /* Tell the packet module whether this is an interactive session. */ >- packet_set_interactive(interactive); >+ packet_set_interactive(interactive, options.use_qos); > > /* Request authentication agent forwarding if appropriate. */ > check_agent_present(); >@@ -1205,7 +1205,7 @@ ssh_session2_setup(int id, void *arg) > client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), > NULL, fileno(stdin), &command, environ); > >- packet_set_interactive(interactive); >+ packet_set_interactive(interactive, options.use_qos); > } > > /* open new channel for a session */ >Index: ssh_config >=================================================================== >RCS file: /cvs/openssh/ssh_config,v >retrieving revision 1.28 >diff -u -p -r1.28 ssh_config >--- ssh_config 12 Jan 2010 08:40:27 -0000 1.28 >+++ ssh_config 13 Mar 2010 18:03:30 -0000 >@@ -45,3 +45,4 @@ > # PermitLocalCommand no > # VisualHostKey no > # ProxyCommand ssh -q -W %h:%p gateway.example.com >+# UseQoS throughput lowdelay >Index: sshd_config >=================================================================== >RCS file: /cvs/openssh/sshd_config,v >retrieving revision 1.83 >diff -u -p -r1.83 sshd_config >--- sshd_config 11 Oct 2009 10:51:09 -0000 1.83 >+++ sshd_config 13 Mar 2010 18:03:30 -0000 >@@ -107,6 +107,9 @@ > # no default banner path > #Banner none > >+# traditional ToS (deprecated: consider using af12 and cs2) >+#UseQoS throughput lowdelay >+ > # override default of no subsystems > Subsystem sftp /usr/libexec/sftp-server >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1810">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1733
:
1808
|
1809
| 1810 |
1880
|
1949