mirror of
https://github.com/clearml/dropbear
synced 2025-04-03 12:30:55 +00:00
- Disable compression for non-final multihops
--HG-- extra : convert_revision : c507a2aacb9e0db4c0266891b8915c614e32857e
This commit is contained in:
Matt Johnston
parent
95a01f9002
commit
e3ca0513a0
3
algo.h
3
algo.h
@ -50,7 +50,8 @@ extern algo_type sshkex[];
|
||||
extern algo_type sshhostkey[];
|
||||
extern algo_type sshciphers[];
|
||||
extern algo_type sshhashes[];
|
||||
extern algo_type sshcompress[];
|
||||
extern algo_type ssh_compress[];
|
||||
extern algo_type ssh_nocompress[];
|
||||
|
||||
extern const struct dropbear_cipher dropbear_nocipher;
|
||||
extern const struct dropbear_cipher_mode dropbear_mode_none;
|
||||
|
||||
@ -144,6 +144,9 @@ void cli_getopts(int argc, char ** argv) {
|
||||
#endif
|
||||
#ifdef ENABLE_CLI_PROXYCMD
|
||||
cli_opts.proxycmd = NULL;
|
||||
#endif
|
||||
#ifndef DISABLE_ZLIB
|
||||
opts.enable_compress = 1;
|
||||
#endif
|
||||
/* not yet
|
||||
opts.ipv4 = 1;
|
||||
@ -530,6 +533,10 @@ static void parse_multihop_hostname(const char* orighostarg, const char* argv0)
|
||||
snprintf(cli_opts.proxycmd, cmd_len, "%s -B %s:%s %s %s",
|
||||
argv0, cli_opts.remotehost, cli_opts.remoteport,
|
||||
passthrough_args, remainder);
|
||||
#ifndef DISABLE_ZLIB
|
||||
/* The stream will be incompressible since it's encrypted. */
|
||||
opts.enable_compress = 0;
|
||||
#endif
|
||||
m_free(passthrough_args);
|
||||
}
|
||||
m_free(hostbuf);
|
||||
|
||||
@ -168,11 +168,16 @@ algo_type sshhashes[] = {
|
||||
{NULL, 0, NULL, 0, NULL}
|
||||
};
|
||||
|
||||
algo_type sshcompress[] = {
|
||||
#ifndef DISABLE_ZLIB
|
||||
algo_type ssh_compress[] = {
|
||||
{"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL},
|
||||
{"zlib@openssh.com", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL},
|
||||
{"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
|
||||
{NULL, 0, NULL, 0, NULL}
|
||||
};
|
||||
#endif
|
||||
|
||||
algo_type ssh_nocompress[] = {
|
||||
{"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
|
||||
{NULL, 0, NULL, 0, NULL}
|
||||
};
|
||||
|
||||
19
common-kex.c
19
common-kex.c
@ -33,6 +33,7 @@
|
||||
#include "packet.h"
|
||||
#include "bignum.h"
|
||||
#include "random.h"
|
||||
#include "runopts.h"
|
||||
|
||||
/* diffie-hellman-group1-sha1 value for p */
|
||||
static const unsigned char dh_p_val[] = {
|
||||
@ -91,10 +92,10 @@ void send_msg_kexinit() {
|
||||
buf_put_algolist(ses.writepayload, sshhashes);
|
||||
|
||||
/* compression_algorithms_client_to_server */
|
||||
buf_put_algolist(ses.writepayload, sshcompress);
|
||||
buf_put_algolist(ses.writepayload, ses.compress_algos);
|
||||
|
||||
/* compression_algorithms_server_to_client */
|
||||
buf_put_algolist(ses.writepayload, sshcompress);
|
||||
buf_put_algolist(ses.writepayload, ses.compress_algos);
|
||||
|
||||
/* languages_client_to_server */
|
||||
buf_putstring(ses.writepayload, "", 0);
|
||||
@ -180,8 +181,16 @@ void recv_msg_newkeys() {
|
||||
|
||||
/* Set up the kex for the first time */
|
||||
void kexfirstinitialise() {
|
||||
|
||||
ses.kexstate.donefirstkex = 0;
|
||||
|
||||
#ifndef DISABLE_ZLIB
|
||||
if (opts.enable_compress) {
|
||||
ses.compress_algos = ssh_compress;
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
ses.compress_algos = ssh_nocompress;
|
||||
}
|
||||
kexinitialise();
|
||||
}
|
||||
|
||||
@ -670,7 +679,7 @@ static void read_kex_algos() {
|
||||
TRACE(("hash s2c is %s", s2c_hash_algo->name))
|
||||
|
||||
/* compression_algorithms_client_to_server */
|
||||
c2s_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
|
||||
c2s_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess);
|
||||
if (c2s_comp_algo == NULL) {
|
||||
erralgo = "comp c->s";
|
||||
goto error;
|
||||
@ -678,7 +687,7 @@ static void read_kex_algos() {
|
||||
TRACE(("hash c2s is %s", c2s_comp_algo->name))
|
||||
|
||||
/* compression_algorithms_server_to_client */
|
||||
s2c_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
|
||||
s2c_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess);
|
||||
if (s2c_comp_algo == NULL) {
|
||||
erralgo = "comp s->c";
|
||||
goto error;
|
||||
|
||||
@ -40,6 +40,14 @@ typedef struct runopts {
|
||||
time_t keepalive_secs;
|
||||
time_t idle_timeout_secs;
|
||||
|
||||
#ifndef DISABLE_ZLIB
|
||||
/* TODO: add a commandline flag. Currently this is on by default if compression
|
||||
* is compiled in, but disabled for a client's non-final multihop stages. (The
|
||||
* intermediate stages are compressed streams, so are uncompressible. */
|
||||
int enable_compress;
|
||||
#endif
|
||||
|
||||
|
||||
} runopts;
|
||||
|
||||
extern runopts opts;
|
||||
@ -135,7 +143,6 @@ typedef struct cli_runopts {
|
||||
#ifdef ENABLE_CLI_PROXYCMD
|
||||
char *proxycmd;
|
||||
#endif
|
||||
|
||||
} cli_runopts;
|
||||
|
||||
extern cli_runopts cli_opts;
|
||||
|
||||
@ -160,6 +160,9 @@ struct sshsession {
|
||||
buffer* kexhashbuf; /* session hash buffer calculated from various packets*/
|
||||
buffer* transkexinit; /* the kexinit packet we send should be kept so we
|
||||
can add it to the hash when generating keys */
|
||||
|
||||
/* Enables/disables compression */
|
||||
algo_type *compress_algos;
|
||||
|
||||
/* a list of queued replies that should be sent after a KEX has
|
||||
concluded (ie, while dataallowed was unset)*/
|
||||
|
||||
@ -124,6 +124,9 @@ void svr_getopts(int argc, char ** argv) {
|
||||
#endif
|
||||
#ifdef ENABLE_SVR_REMOTETCPFWD
|
||||
svr_opts.noremotetcp = 0;
|
||||
#endif
|
||||
#ifndef DISABLE_ZLIB
|
||||
opts.enable_compress = 1;
|
||||
#endif
|
||||
/* not yet
|
||||
opts.ipv4 = 1;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user