Bugzilla – Attachment 1949 Details for
Bug 1733
Enhance support for QoS (ToS) by supporting DSCP/CS and adding option
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
/home/djm/ssh-qos.diff
ssh-qos.diff (text/plain), 15.78 KB, created by
Damien Miller
on 2010-11-05 14:35:06 AEDT
(
hide
)
Description:
/home/djm/ssh-qos.diff
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2010-11-05 14:35:06 AEDT
Size:
15.78 KB
patch
obsolete
>Index: clientloop.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/clientloop.c,v >retrieving revision 1.223 >diff -u -p -r1.223 clientloop.c >--- clientloop.c 6 Oct 2010 06:39:28 -0000 1.223 >+++ clientloop.c 5 Nov 2010 03:32:32 -0000 >@@ -1955,6 +1955,9 @@ client_session2_setup(int id, int want_t > if ((c = channel_lookup(id)) == NULL) > fatal("client_session2_setup: channel %d: unknown channel", id); > >+ packet_set_interactive(want_tty, >+ options.ip_qos_interactive, options.ip_qos_bulk); >+ > if (want_tty) { > struct winsize ws; > >Index: misc.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/misc.c,v >retrieving revision 1.82 >diff -u -p -r1.82 misc.c >--- misc.c 24 Sep 2010 13:33:00 -0000 1.82 >+++ misc.c 5 Nov 2010 03:32:32 -0000 >@@ -31,6 +31,8 @@ > > #include <net/if.h> > #include <netinet/in.h> >+#include <netinet/in_systm.h> >+#include <netinet/ip.h> > #include <netinet/tcp.h> > > #include <errno.h> >@@ -893,3 +895,55 @@ bandwidth_limit(struct bwlimit *bw, size > bw->lamt = 0; > gettimeofday(&bw->bwstart, NULL); > } >+ >+static const struct { >+ const char *name; >+ int value; >+} ipqos[] = { >+ { "af11", IPTOS_DSCP_AF11 }, >+ { "af12", IPTOS_DSCP_AF12 }, >+ { "af13", IPTOS_DSCP_AF13 }, >+ { "af14", IPTOS_DSCP_AF21 }, >+ { "af22", IPTOS_DSCP_AF22 }, >+ { "af23", IPTOS_DSCP_AF23 }, >+ { "af31", IPTOS_DSCP_AF31 }, >+ { "af32", IPTOS_DSCP_AF32 }, >+ { "af33", IPTOS_DSCP_AF33 }, >+ { "af41", IPTOS_DSCP_AF41 }, >+ { "af42", IPTOS_DSCP_AF42 }, >+ { "af43", IPTOS_DSCP_AF43 }, >+ { "cs0", IPTOS_DSCP_CS0 }, >+ { "cs1", IPTOS_DSCP_CS1 }, >+ { "cs2", IPTOS_DSCP_CS2 }, >+ { "cs3", IPTOS_DSCP_CS3 }, >+ { "cs4", IPTOS_DSCP_CS4 }, >+ { "cs5", IPTOS_DSCP_CS5 }, >+ { "cs6", IPTOS_DSCP_CS6 }, >+ { "cs7", IPTOS_DSCP_CS7 }, >+ { "ef", IPTOS_DSCP_EF }, >+ { "lowdelay", IPTOS_LOWDELAY }, >+ { "throughput", IPTOS_THROUGHPUT }, >+ { "reliability", IPTOS_RELIABILITY }, >+ { NULL, -1 } >+}; >+ >+int >+parse_ipqos(const char *cp) >+{ >+ u_int i; >+ char *ep; >+ long val; >+ >+ if (cp == NULL) >+ return -1; >+ for (i = 0; ipqos[i].name != NULL; i++) { >+ if (strcasecmp(cp, ipqos[i].name) == 0) >+ return ipqos[i].value; >+ } >+ /* Try parsing as an integer */ >+ val = strtol(cp, &ep, 0); >+ if (*cp == '\0' || *ep != '\0' || val < 0 || val > 255) >+ return -1; >+ return val; >+} >+ >Index: misc.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/misc.h,v >retrieving revision 1.45 >diff -u -p -r1.45 misc.h >--- misc.h 24 Sep 2010 13:33:00 -0000 1.45 >+++ misc.h 5 Nov 2010 03:32:32 -0000 >@@ -87,6 +87,7 @@ struct bwlimit { > void bandwidth_limit_init(struct bwlimit *, u_int64_t, size_t); > void bandwidth_limit(struct bwlimit *, size_t); > >+int parse_ipqos(const char *); > > /* readpass.c */ > >Index: packet.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/packet.c,v >retrieving revision 1.171 >diff -u -p -r1.171 packet.c >--- packet.c 5 Nov 2010 02:46:47 -0000 1.171 >+++ packet.c 5 Nov 2010 03:32:33 -0000 >@@ -1734,13 +1734,12 @@ packet_not_very_much_data_to_write(void) > } > > static void >-packet_set_tos(int interactive) >+packet_set_tos(int tos) > { >- int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT; >- > if (!packet_connection_is_on_socket() || > !packet_connection_is_ipv4()) > return; >+ debug3("%s: set IP_TOS 0x%02x", __func__, tos); > if (setsockopt(active_state->connection_in, IPPROTO_IP, IP_TOS, &tos, > sizeof(tos)) < 0) > error("setsockopt IP_TOS %d: %.100s:", >@@ -1750,7 +1749,7 @@ packet_set_tos(int interactive) > /* Informs that the current session is interactive. Sets IP flags for that. */ > > void >-packet_set_interactive(int interactive) >+packet_set_interactive(int interactive, int qos_interactive, int qos_bulk) > { > if (active_state->set_interactive_called) > return; >@@ -1763,7 +1762,7 @@ packet_set_interactive(int interactive) > if (!packet_connection_is_on_socket()) > return; > set_nodelay(active_state->connection_in); >- packet_set_tos(interactive); >+ packet_set_tos(interactive ? qos_interactive : qos_bulk); > } > > /* Returns true if the current connection is interactive. */ >Index: packet.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/packet.h,v >retrieving revision 1.54 >diff -u -p -r1.54 packet.h >--- packet.h 31 Aug 2010 11:54:45 -0000 1.54 >+++ packet.h 5 Nov 2010 03:32:33 -0000 >@@ -32,7 +32,7 @@ u_int packet_get_encryption_key(u_char > void packet_set_protocol_flags(u_int); > u_int packet_get_protocol_flags(void); > void packet_start_compression(int); >-void packet_set_interactive(int); >+void packet_set_interactive(int, int, int); > int packet_is_interactive(void); > void packet_set_server(void); > void packet_set_authenticated(void); >Index: readconf.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/readconf.c,v >retrieving revision 1.189 >diff -u -p -r1.189 readconf.c >--- readconf.c 22 Sep 2010 05:01:29 -0000 1.189 >+++ readconf.c 5 Nov 2010 03:32:33 -0000 >@@ -17,6 +17,8 @@ > #include <sys/socket.h> > > #include <netinet/in.h> >+#include <netinet/in_systm.h> >+#include <netinet/ip.h> > > #include <ctype.h> > #include <errno.h> >@@ -129,7 +131,7 @@ typedef enum { > oHashKnownHosts, > oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, > oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, >- oKexAlgorithms, >+ oKexAlgorithms, oIPQoS, > oDeprecated, oUnsupported > } OpCodes; > >@@ -239,6 +241,7 @@ static struct { > { "zeroknowledgepasswordauthentication", oUnsupported }, > #endif > { "kexalgorithms", oKexAlgorithms }, >+ { "ipqos", oIPQoS }, > > { NULL, oBadOption } > }; >@@ -969,6 +972,23 @@ parse_int: > intptr = &options->visual_host_key; > goto parse_flag; > >+ case oIPQoS: >+ arg = strdelim(&s); >+ if ((value = parse_ipqos(arg)) == -1) >+ fatal("%s line %d: Bad IPQoS value: %s", >+ filename, linenum, arg); >+ arg = strdelim(&s); >+ if (arg == NULL) >+ value2 = value; >+ else if ((value2 = parse_ipqos(arg)) == -1) >+ fatal("%s line %d: Bad IPQoS value: %s", >+ filename, linenum, arg); >+ if (*activep) { >+ options->ip_qos_interactive = value; >+ options->ip_qos_bulk = value2; >+ } >+ break; >+ > case oUseRoaming: > intptr = &options->use_roaming; > goto parse_flag; >@@ -1131,6 +1151,8 @@ initialize_options(Options * options) > options->use_roaming = -1; > options->visual_host_key = -1; > options->zero_knowledge_password_authentication = -1; >+ options->ip_qos_interactive = -1; >+ options->ip_qos_bulk = -1; > } > > /* >@@ -1284,6 +1306,10 @@ fill_default_options(Options * options) > options->visual_host_key = 0; > if (options->zero_knowledge_password_authentication == -1) > options->zero_knowledge_password_authentication = 0; >+ if (options->ip_qos_interactive == -1) >+ options->ip_qos_interactive = IPTOS_LOWDELAY; >+ if (options->ip_qos_bulk == -1) >+ options->ip_qos_bulk = IPTOS_THROUGHPUT; > /* options->local_command should not be set by default */ > /* options->proxy_command should not be set by default */ > /* options->user will be set in the main program if appropriate */ >Index: readconf.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/readconf.h,v >retrieving revision 1.87 >diff -u -p -r1.87 readconf.h >--- readconf.h 22 Sep 2010 05:01:29 -0000 1.87 >+++ readconf.h 5 Nov 2010 03:32:33 -0000 >@@ -59,6 +59,8 @@ typedef struct { > int compression_level; /* Compression level 1 (fast) to 9 > * (best). */ > int tcp_keep_alive; /* Set SO_KEEPALIVE. */ >+ int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ >+ int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ > LogLevel log_level; /* Level for logging. */ > > int port; /* Port to connect. */ >Index: servconf.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/servconf.c,v >retrieving revision 1.212 >diff -u -p -r1.212 servconf.c >--- servconf.c 30 Sep 2010 11:04:51 -0000 1.212 >+++ servconf.c 5 Nov 2010 03:32:33 -0000 >@@ -14,6 +14,10 @@ > #include <sys/socket.h> > #include <sys/queue.h> > >+#include <netinet/in.h> >+#include <netinet/in_systm.h> >+#include <netinet/ip.h> >+ > #include <netdb.h> > #include <pwd.h> > #include <stdio.h> >@@ -126,6 +130,8 @@ initialize_server_options(ServerOptions > options->revoked_keys_file = NULL; > options->trusted_user_ca_keys = NULL; > options->authorized_principals_file = NULL; >+ options->ip_qos_interactive = -1; >+ options->ip_qos_bulk = -1; > } > > void >@@ -257,6 +263,10 @@ fill_default_server_options(ServerOption > options->permit_tun = SSH_TUNMODE_NO; > if (options->zero_knowledge_password_authentication == -1) > options->zero_knowledge_password_authentication = 0; >+ if (options->ip_qos_interactive == -1) >+ options->ip_qos_interactive = IPTOS_LOWDELAY; >+ if (options->ip_qos_bulk == -1) >+ options->ip_qos_bulk = IPTOS_THROUGHPUT; > > /* Turn privilege separation on by default */ > if (use_privsep == -1) >@@ -290,7 +300,7 @@ typedef enum { > sUsePrivilegeSeparation, sAllowAgentForwarding, > sZeroKnowledgePasswordAuthentication, sHostCertificate, > sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, >- sKexAlgorithms, >+ sKexAlgorithms, sIPQoS, > sDeprecated, sUnsupported > } ServerOpCodes; > >@@ -402,6 +412,7 @@ static struct { > { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, > { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, > { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, >+ { "ipqos", sIPQoS, SSHCFG_ALL }, > { NULL, sBadOption, 0 } > }; > >@@ -631,7 +642,7 @@ process_server_config_line(ServerOptions > const char *host, const char *address) > { > char *cp, **charptr, *arg, *p; >- int cmdline = 0, *intptr, value, n; >+ int cmdline = 0, *intptr, value, value2, n; > SyslogFacility *log_facility_ptr; > LogLevel *log_level_ptr; > ServerOpCodes opcode; >@@ -1325,6 +1336,23 @@ process_server_config_line(ServerOptions > charptr = &options->revoked_keys_file; > goto parse_filename; > >+ case sIPQoS: >+ arg = strdelim(&cp); >+ if ((value = parse_ipqos(arg)) == -1) >+ fatal("%s line %d: Bad IPQoS value: %s", >+ filename, linenum, arg); >+ arg = strdelim(&cp); >+ if (arg == NULL) >+ value2 = value; >+ else if ((value2 = parse_ipqos(arg)) == -1) >+ fatal("%s line %d: Bad IPQoS value: %s", >+ filename, linenum, arg); >+ if (*activep) { >+ options->ip_qos_interactive = value; >+ options->ip_qos_bulk = value2; >+ } >+ break; >+ > case sDeprecated: > logit("%s line %d: Deprecated option %s", > filename, linenum, arg); >@@ -1435,6 +1463,8 @@ copy_set_server_options(ServerOptions *d > M_CP_INTOPT(x11_use_localhost); > M_CP_INTOPT(max_sessions); > M_CP_INTOPT(max_authtries); >+ M_CP_INTOPT(ip_qos_interactive); >+ M_CP_INTOPT(ip_qos_bulk); > > M_CP_STROPT(banner); > if (preauth) >@@ -1694,6 +1724,8 @@ dump_config(ServerOptions *o) > break; > } > dump_cfg_string(sPermitTunnel, s); >+ >+ printf("ipqos 0x%02x 0x%02x\n", o->ip_qos_interactive, o->ip_qos_bulk); > > channel_print_adm_permitted_opens(); > } >Index: servconf.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/servconf.h,v >retrieving revision 1.94 >diff -u -p -r1.94 servconf.h >--- servconf.h 22 Sep 2010 05:01:29 -0000 1.94 >+++ servconf.h 5 Nov 2010 03:32:33 -0000 >@@ -70,6 +70,8 @@ typedef struct { > char *xauth_location; /* Location of xauth program */ > int strict_modes; /* If true, require string home dir modes. */ > int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */ >+ int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ >+ int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ > char *ciphers; /* Supported SSH2 ciphers. */ > char *macs; /* Supported SSH2 macs. */ > char *kex_algorithms; /* SSH2 kex methods in order of preference. */ >Index: session.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/session.c,v >retrieving revision 1.256 >diff -u -p -r1.256 session.c >--- session.c 25 Jun 2010 07:20:04 -0000 1.256 >+++ session.c 5 Nov 2010 03:32:34 -0000 >@@ -559,7 +559,8 @@ do_exec_no_pty(Session *s, const char *c > > s->pid = pid; > /* Set interactive/non-interactive mode. */ >- packet_set_interactive(s->display != NULL); >+ packet_set_interactive(s->display != NULL, >+ options.ip_qos_interactive, options.ip_qos_bulk); > > #ifdef USE_PIPES > /* We are the parent. Close the child sides of the pipes. */ >@@ -689,7 +690,8 @@ do_exec_pty(Session *s, const char *comm > > /* Enter interactive session. */ > s->ptymaster = ptymaster; >- packet_set_interactive(1); >+ packet_set_interactive(1, >+ options.ip_qos_interactive, options.ip_qos_bulk); > if (compat20) { > session_set_fds(s, ptyfd, fdout, -1, 1, 1); > } else { >Index: ssh.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh.c,v >retrieving revision 1.353 >diff -u -p -r1.353 ssh.c >--- ssh.c 6 Oct 2010 06:39:28 -0000 1.353 >+++ ssh.c 5 Nov 2010 03:32:34 -0000 >@@ -1186,7 +1186,8 @@ ssh_session(void) > } > } > /* Tell the packet module whether this is an interactive session. */ >- packet_set_interactive(interactive); >+ packet_set_interactive(interactive, >+ options.ip_qos_interactive, options.ip_qos_bulk); > > /* Request authentication agent forwarding if appropriate. */ > check_agent_present(); >@@ -1284,8 +1285,6 @@ ssh_session2_setup(int id, int success, > > client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), > NULL, fileno(stdin), &command, environ); >- >- packet_set_interactive(interactive); > } > > /* open new channel for a session */ >Index: ssh_config.5 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v >retrieving revision 1.142 >diff -u -p -r1.142 ssh_config.5 >--- ssh_config.5 28 Oct 2010 18:33:28 -0000 1.142 >+++ ssh_config.5 5 Nov 2010 03:32:34 -0000 >@@ -626,6 +626,38 @@ escape characters: > It is possible to have > multiple identity files specified in configuration files; all these > identities will be tried in sequence. >+.It Cm IPQoS >+Specifies the IPv4 type-of-service or DSCP class for the connection. >+Accepted values are >+.Dq af11 , >+.Dq af12 , >+.Dq af13 , >+.Dq af14 , >+.Dq af22 , >+.Dq af23 , >+.Dq af31 , >+.Dq af32 , >+.Dq af33 , >+.Dq af41 , >+.Dq af42 , >+.Dq af43 , >+.Dq cs0 , >+.Dq cs1 , >+.Dq cs2 , >+.Dq cs3 , >+.Dq cs4 , >+.Dq cs5 , >+.Dq cs6 , >+.Dq cs7 , >+.Dq ef , >+.Dq lowdelay , >+.Dq throughput , >+.Dq reliability , >+or a numeric value. >+This option may take one or two arguments. >+If one argument is specified, it is used as the packet class unconditionally. >+If two values are specified, the first is automatically selected for >+interactive sessions and the second for non-interactive sessions. > .It Cm KbdInteractiveAuthentication > Specifies whether to use keyboard-interactive authentication. > The argument to this keyword must be >Index: sshd_config.5 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v >retrieving revision 1.128 >diff -u -p -r1.128 sshd_config.5 >--- sshd_config.5 28 Oct 2010 18:33:28 -0000 1.128 >+++ sshd_config.5 5 Nov 2010 03:32:34 -0000 >@@ -513,6 +513,38 @@ or > .Cm HostbasedAuthentication . > The default is > .Dq no . >+.It Cm IPQoS >+Specifies the IPv4 type-of-service or DSCP class for the connection. >+Accepted values are >+.Dq af11 , >+.Dq af12 , >+.Dq af13 , >+.Dq af14 , >+.Dq af22 , >+.Dq af23 , >+.Dq af31 , >+.Dq af32 , >+.Dq af33 , >+.Dq af41 , >+.Dq af42 , >+.Dq af43 , >+.Dq cs0 , >+.Dq cs1 , >+.Dq cs2 , >+.Dq cs3 , >+.Dq cs4 , >+.Dq cs5 , >+.Dq cs6 , >+.Dq cs7 , >+.Dq ef , >+.Dq lowdelay , >+.Dq throughput , >+.Dq reliability , >+or a numeric value. >+This option may take one or two arguments. >+If one argument is specified, it is used as the packet class unconditionally. >+If two values are specified, the first is automatically selected for >+interactive sessions and the second for non-interactive sessions. > .It Cm KerberosAuthentication > Specifies whether the password provided by the user for > .Cm PasswordAuthentication
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1949">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1733
:
1808
|
1809
|
1810
|
1880
| 1949