- djm@cvs.openbsd.org 2010/11/13 23:27:51
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
[servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
hardcoding lowdelay/throughput.
bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
diff --git a/servconf.c b/servconf.c
index 4e5fd2f..e2f20a3 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.212 2010/09/30 11:04:51 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.213 2010/11/13 23:27:50 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -15,6 +15,10 @@
#include <sys/types.h>
#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+
#include <netdb.h>
#include <pwd.h>
#include <stdio.h>
@@ -133,6 +137,8 @@
options->revoked_keys_file = NULL;
options->trusted_user_ca_keys = NULL;
options->authorized_principals_file = NULL;
+ options->ip_qos_interactive = -1;
+ options->ip_qos_bulk = -1;
}
void
@@ -271,6 +277,10 @@
options->permit_tun = SSH_TUNMODE_NO;
if (options->zero_knowledge_password_authentication == -1)
options->zero_knowledge_password_authentication = 0;
+ if (options->ip_qos_interactive == -1)
+ options->ip_qos_interactive = IPTOS_LOWDELAY;
+ if (options->ip_qos_bulk == -1)
+ options->ip_qos_bulk = IPTOS_THROUGHPUT;
/* Turn privilege separation on by default */
if (use_privsep == -1)
@@ -317,7 +327,7 @@
sUsePrivilegeSeparation, sAllowAgentForwarding,
sZeroKnowledgePasswordAuthentication, sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
- sKexAlgorithms,
+ sKexAlgorithms, sIPQoS,
sDeprecated, sUnsupported
} ServerOpCodes;
@@ -441,6 +451,7 @@
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
+ { "ipqos", sIPQoS, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};
@@ -670,7 +681,7 @@
const char *host, const char *address)
{
char *cp, **charptr, *arg, *p;
- int cmdline = 0, *intptr, value, n;
+ int cmdline = 0, *intptr, value, value2, n;
SyslogFacility *log_facility_ptr;
LogLevel *log_level_ptr;
ServerOpCodes opcode;
@@ -1370,6 +1381,23 @@
charptr = &options->revoked_keys_file;
goto parse_filename;
+ case sIPQoS:
+ arg = strdelim(&cp);
+ if ((value = parse_ipqos(arg)) == -1)
+ fatal("%s line %d: Bad IPQoS value: %s",
+ filename, linenum, arg);
+ arg = strdelim(&cp);
+ if (arg == NULL)
+ value2 = value;
+ else if ((value2 = parse_ipqos(arg)) == -1)
+ fatal("%s line %d: Bad IPQoS value: %s",
+ filename, linenum, arg);
+ if (*activep) {
+ options->ip_qos_interactive = value;
+ options->ip_qos_bulk = value2;
+ }
+ break;
+
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
@@ -1480,6 +1508,8 @@
M_CP_INTOPT(x11_use_localhost);
M_CP_INTOPT(max_sessions);
M_CP_INTOPT(max_authtries);
+ M_CP_INTOPT(ip_qos_interactive);
+ M_CP_INTOPT(ip_qos_bulk);
M_CP_STROPT(banner);
if (preauth)
@@ -1745,5 +1775,7 @@
}
dump_cfg_string(sPermitTunnel, s);
+ printf("ipqos 0x%02x 0x%02x\n", o->ip_qos_interactive, o->ip_qos_bulk);
+
channel_print_adm_permitted_opens();
}