ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-06-04 03:36:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- Disable compression for non-final multihops

Browse Source 
--HG--
extra : convert_revision : c507a2aacb9e0db4c0266891b8915c614e32857e
This commit is contained in:
Matt Johnston 2009-09-11 14:02:04 +00:00
parent 95a01f9002
commit e3ca0513a0
7 changed files with 43 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
algo.h
View File

@ -50,7 +50,8 @@ extern algo_type sshkex[];
extern algo_type sshhostkey[]; extern algo_type sshhostkey[];
extern algo_type sshciphers[]; extern algo_type sshciphers[];
extern algo_type sshhashes[]; extern algo_type sshhashes[];
extern algo_type sshcompress[]; extern algo_type ssh_compress[];
extern algo_type ssh_nocompress[];
extern const struct dropbear_cipher dropbear_nocipher; extern const struct dropbear_cipher dropbear_nocipher;
extern const struct dropbear_cipher_mode dropbear_mode_none; extern const struct dropbear_cipher_mode dropbear_mode_none;

7
cli-runopts.c
View File

@ -144,6 +144,9 @@ void cli_getopts(int argc, char ** argv) {
#endif #endif
#ifdef ENABLE_CLI_PROXYCMD #ifdef ENABLE_CLI_PROXYCMD
cli_opts.proxycmd = NULL; cli_opts.proxycmd = NULL;
#endif
#ifndef DISABLE_ZLIB
opts.enable_compress = 1;
#endif #endif
/* not yet /* not yet
opts.ipv4 = 1; opts.ipv4 = 1;
@ -530,6 +533,10 @@ static void parse_multihop_hostname(const char* orighostarg, const char* argv0)
snprintf(cli_opts.proxycmd, cmd_len, "%s -B %s:%s %s %s", snprintf(cli_opts.proxycmd, cmd_len, "%s -B %s:%s %s %s",
argv0, cli_opts.remotehost, cli_opts.remoteport, argv0, cli_opts.remotehost, cli_opts.remoteport,
passthrough_args, remainder); passthrough_args, remainder);
#ifndef DISABLE_ZLIB
/* The stream will be incompressible since it's encrypted. */
opts.enable_compress = 0;
#endif
m_free(passthrough_args); m_free(passthrough_args);
} }
m_free(hostbuf); m_free(hostbuf);

7
common-algo.c
View File

@ -168,11 +168,16 @@ algo_type sshhashes[] = {
{NULL, 0, NULL, 0, NULL} {NULL, 0, NULL, 0, NULL}
}; };
algo_type sshcompress[] = {
#ifndef DISABLE_ZLIB #ifndef DISABLE_ZLIB
algo_type ssh_compress[] = {
{"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL}, {"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL},
{"zlib@openssh.com", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL}, {"zlib@openssh.com", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL},
{"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
{NULL, 0, NULL, 0, NULL}
};
#endif #endif
algo_type ssh_nocompress[] = {
{"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
{NULL, 0, NULL, 0, NULL} {NULL, 0, NULL, 0, NULL}
}; };

19
common-kex.c
View File

@ -33,6 +33,7 @@
#include "packet.h" #include "packet.h"
#include "bignum.h" #include "bignum.h"
#include "random.h" #include "random.h"
#include "runopts.h"
/* diffie-hellman-group1-sha1 value for p */ /* diffie-hellman-group1-sha1 value for p */
static const unsigned char dh_p_val[] = { static const unsigned char dh_p_val[] = {
@ -91,10 +92,10 @@ void send_msg_kexinit() {
buf_put_algolist(ses.writepayload, sshhashes); buf_put_algolist(ses.writepayload, sshhashes);
/* compression_algorithms_client_to_server */ /* compression_algorithms_client_to_server */
buf_put_algolist(ses.writepayload, sshcompress); buf_put_algolist(ses.writepayload, ses.compress_algos);
/* compression_algorithms_server_to_client */ /* compression_algorithms_server_to_client */
buf_put_algolist(ses.writepayload, sshcompress); buf_put_algolist(ses.writepayload, ses.compress_algos);
/* languages_client_to_server */ /* languages_client_to_server */
buf_putstring(ses.writepayload, "", 0); buf_putstring(ses.writepayload, "", 0);
@ -180,8 +181,16 @@ void recv_msg_newkeys() {
/* Set up the kex for the first time */ /* Set up the kex for the first time */
void kexfirstinitialise() { void kexfirstinitialise() {
ses.kexstate.donefirstkex = 0; ses.kexstate.donefirstkex = 0;
#ifndef DISABLE_ZLIB
if (opts.enable_compress) {
ses.compress_algos = ssh_compress;
} else
#endif
{
ses.compress_algos = ssh_nocompress;
}
kexinitialise(); kexinitialise();
} }
@ -670,7 +679,7 @@ static void read_kex_algos() {
TRACE(("hash s2c is %s", s2c_hash_algo->name)) TRACE(("hash s2c is %s", s2c_hash_algo->name))
/* compression_algorithms_client_to_server */ /* compression_algorithms_client_to_server */
c2s_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess); c2s_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess);
if (c2s_comp_algo == NULL) { if (c2s_comp_algo == NULL) {
erralgo = "comp c->s"; erralgo = "comp c->s";
goto error; goto error;
@ -678,7 +687,7 @@ static void read_kex_algos() {
TRACE(("hash c2s is %s", c2s_comp_algo->name)) TRACE(("hash c2s is %s", c2s_comp_algo->name))
/* compression_algorithms_server_to_client */ /* compression_algorithms_server_to_client */
s2c_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess); s2c_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess);
if (s2c_comp_algo == NULL) { if (s2c_comp_algo == NULL) {
erralgo = "comp s->c"; erralgo = "comp s->c";
goto error; goto error;

9
runopts.h
View File

@ -40,6 +40,14 @@ typedef struct runopts {
time_t keepalive_secs; time_t keepalive_secs;
time_t idle_timeout_secs; time_t idle_timeout_secs;
#ifndef DISABLE_ZLIB
/* TODO: add a commandline flag. Currently this is on by default if compression
* is compiled in, but disabled for a client's non-final multihop stages. (The
* intermediate stages are compressed streams, so are uncompressible. */
int enable_compress;
#endif
} runopts; } runopts;
extern runopts opts; extern runopts opts;
@ -135,7 +143,6 @@ typedef struct cli_runopts {
#ifdef ENABLE_CLI_PROXYCMD #ifdef ENABLE_CLI_PROXYCMD
char *proxycmd; char *proxycmd;
#endif #endif
} cli_runopts; } cli_runopts;
extern cli_runopts cli_opts; extern cli_runopts cli_opts;

3
session.h
View File

@ -160,6 +160,9 @@ struct sshsession {
buffer* kexhashbuf; /* session hash buffer calculated from various packets*/ buffer* kexhashbuf; /* session hash buffer calculated from various packets*/
buffer* transkexinit; /* the kexinit packet we send should be kept so we buffer* transkexinit; /* the kexinit packet we send should be kept so we
can add it to the hash when generating keys */ can add it to the hash when generating keys */
/* Enables/disables compression */
algo_type *compress_algos;
/* a list of queued replies that should be sent after a KEX has /* a list of queued replies that should be sent after a KEX has
concluded (ie, while dataallowed was unset)*/ concluded (ie, while dataallowed was unset)*/

3
svr-runopts.c
View File

@ -124,6 +124,9 @@ void svr_getopts(int argc, char ** argv) {
#endif #endif
#ifdef ENABLE_SVR_REMOTETCPFWD #ifdef ENABLE_SVR_REMOTETCPFWD
svr_opts.noremotetcp = 0; svr_opts.noremotetcp = 0;
#endif
#ifndef DISABLE_ZLIB
opts.enable_compress = 1;
#endif #endif
/* not yet /* not yet
opts.ipv4 = 1; opts.ipv4 = 1;