Merge pull request #64 from rapier1/18.3-testing

Merging 18.3-testing into release_candidates after successful review.

Author: dorrellmw

channels.c

@@ -104,6 +104,11 @@
 /* Maximum number of fake X11 displays to try. */
 #define MAX_DISPLAYS  1000
 
+/* in version of OpenSSH later than 8.8 if we advertise a window
+ * 16MB or larger is causes a pathological behaviour that reduces
+ * throughput. This is not a great solution. */
+#define NON_HPN_WINDOW_MAX (15 * 1024 * 1024)
+
 /* Per-channel callback for pre/post IO actions */
 typedef void chan_fn(struct ssh *, Channel *c);
 
@@ -1243,8 +1248,15 @@ channel_tcpwinsz(struct ssh *ssh)
 	/* return no more than SSHBUF_SIZE_MAX (currently 256MB) */
 	if ((ret == 0) && tcpwinsz > SSHBUF_SIZE_MAX)
 		tcpwinsz = SSHBUF_SIZE_MAX;
+	/* if the remote side is OpenSSH after version 8.8 we need to restrict
+	 * the size of the advertised window. Now this means that any HPN to non-HPN
+	 * connection will be window limited to 15MB of receive space. This is a
+	 * non-optimal solution.
+	 */
 
-	return tcpwinsz;
+	if ((ssh->compat & SSH_RESTRICT_WINDOW) && (tcpwinsz > NON_HPN_WINDOW_MAX))
+		tcpwinsz = NON_HPN_WINDOW_MAX;
+	return (tcpwinsz);
 }
 
 static void
@@ -2376,8 +2388,10 @@ channel_check_window(struct ssh *ssh, Channel *c)
 				addition = tcpwinsz - c->local_window_max;
 			}
 			c->local_window_max += addition;
-			sshbuf_set_window_max(c->output, c->local_window_max);
-			sshbuf_set_window_max(c->input, c->local_window_max);
+			/* doesn't look like we need these
+			 * sshbuf_set_window_max(c->output, c->local_window_max);
+			 * sshbuf_set_window_max(c->input, c->local_window_max);
+			 */
 			debug("Channel %d: Window growth to %d by %d bytes",c->self,
 			      c->local_window_max, addition);
 		}
@@ -2390,6 +2404,8 @@ channel_check_window(struct ssh *ssh, Channel *c)
 		    (r = sshpkt_send(ssh)) != 0) {
 			fatal_fr(r, "channel %i", c->self);
 		}
+		debug2("channel %d: window %d sent adjust %d", c->self,
+		       c->local_window, c->local_consumed + addition);
 		c->local_window += c->local_consumed + addition;
 		c->local_consumed = 0;
 	}

clientloop.c

@@ -2990,7 +2990,7 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem,
 		 * binaries installed. In that case we need to rewrite any
 		 * scp commands to look for hpnscp instead.
 		 */
-		if (ssh->compat & SSH_HPNSSH) {
+		if (ssh->compat & SSH_HPNSSH_PREFIX) {
 			char *new_cmd;
 			new_cmd = malloc(len+4);
 			/* read the existing command into a temp buffer */

compat.c

@@ -134,22 +134,30 @@ compat_banner(struct ssh *ssh, const char *version)
 			/* Check to see if the remote side is OpenSSH and not HPN */
 			/* TODO: See if we can work this into the new method for bug checks */
 			if (strstr(version, "OpenSSH") != NULL) {
-				if (strstr(version, "hpn") == NULL) {
-					ssh->compat |= SSH_BUG_LARGEWINDOW;
-					debug("Remote is NOT HPN enabled");
-				} else {
-					/* this checks to see if the remote
-					 * version string indicates that we
-					 * have access to hpn prefixed binaries
-					 * You'll need to change this to include
-					 * new major version numbers. Which is
-					 * why we should figure out how to make
-					 * the match pattern list work
-					 */
-					if ((strstr(version, "hpn16") != NULL) ||
-					    (strstr(version, "hpn17") != NULL))
-						ssh->compat |= SSH_HPNSSH;
-					debug("Remote is HPN Enabled");
+				if (strstr(version, "hpn")) {
+					ssh->compat |= SSH_HPNSSH;
+					debug("Remote is HPN enabled");
+				}
+				/* this checks to see if the remote
+				 * version string indicates that we
+				 * have access to hpn prefixed binaries
+				 * You'll need to change this to include
+				 * new major version numbers. Which is
+				 * why we should figure out how to make
+				 * the match pattern list work
+				 */
+				if ((strstr(version, "hpn16") != NULL) ||
+				    (strstr(version, "hpn17") != NULL) ||
+				    (strstr(version, "hpn18") != NULL)) {
+					ssh->compat |= SSH_HPNSSH_PREFIX;
+					debug("Remote uses HPNSSH prefixes.");
+					break;
+				}
+				/* if it's openssh and not hpn */
+				if ((strstr(version, "OpenSSH_8.9") != NULL) ||
+				    (strstr(version, "OpenSSH_9") != NULL)) {
+					ssh->compat |= SSH_RESTRICT_WINDOW;
+					debug("Restricting adverstised window size.");
 				}
 			}
 			debug("ssh->compat is %u", ssh->compat);

compat.h

@@ -46,18 +46,18 @@
 /* #define unused		0x00010000 */
 /* #define unused		0x00020000 */
 /* #define unused		0x00040000 */
-/* #define unused		0x00100000 */
+#define SSH_HPNSSH		0x00100000 /* basically a notice that this is HPN aware */
 #define SSH_BUG_EXTEOF		0x00200000
 #define SSH_BUG_PROBE		0x00400000
-/* #define unused		0x00800000 */
+#define SSH_RESTRICT_WINDOW	0x00800000 /* restrict adverstised window to OpenSSH clients */
 #define SSH_OLD_FORWARD_ADDR	0x01000000
-#define SSH_HPNSSH		0x02000000 /* indicates that we have hpn prefixes binaries */
+#define SSH_HPNSSH_PREFIX	0x02000000 /* indicates that we have hpn prefixes binaries */
 #define SSH_NEW_OPENSSH		0x04000000
 #define SSH_BUG_DYNAMIC_RPORT	0x08000000
 #define SSH_BUG_CURVE25519PAD	0x10000000
 #define SSH_BUG_HOSTKEYS	0x20000000
 #define SSH_BUG_DHGEX_LARGE	0x40000000
-#define SSH_BUG_LARGEWINDOW	0x80000000 /* basically a notice that this is HPN aware */
+/* #define unused	        0x80000000 */
 
 struct ssh;
 

kex.c

@@ -1600,7 +1600,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
 	if (version_addendum != NULL && *version_addendum == '\0')
 		version_addendum = NULL;
 	if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%s%s%s\r\n",
-	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
+	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
 	    version_addendum == NULL ? "" : " ",
 	    version_addendum == NULL ? "" : version_addendum)) != 0) {
 		oerrno = errno;
@@ -1747,6 +1747,13 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
 	debug("Remote protocol version %d.%d, remote software version %.100s",
 	    remote_major, remote_minor, remote_version);
 	compat_banner(ssh, remote_version);
+	if (ssh->compat & SSH_HPNSSH)
+		debug("HPN to HPN Connection.");
+	else
+		debug("Non-HPN to HPN Connection.");
+
+	if(ssh->compat & SSH_RESTRICT_WINDOW)
+		debug ("Window size restricted.");
 
 	mismatch = 0;
 	switch (remote_major) {

ssh.c

@@ -1881,7 +1881,6 @@ fork_postauth(struct ssh *ssh)
 		fatal("daemon() failed: %.200s", strerror(errno));
 	if (stdfd_devnull(1, 1, !(log_is_on_stderr() && debug_flag)) == -1)
 		error_f("stdfd_devnull failed");
-
 	/* we do the cipher switch here in the event that the client
 	   is forking or has a delayed fork */
 	cipher_switch(ssh);