Add support for dynamically adjusted buffers to allow the full use of

the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or
trans-continental links).  Bandwidth-delay products up to 64MB are
supported.

Also add support (not compiled by default) for the None cypher.  The
None cypher can only be enabled on non-interactive sessions (those
without a pty where -T was not used) and must be enabled in both
the client and server configuration files and on the client command
line.  Additionally, the None cypher will only be activated after
authentication is complete.  To enable the None cypher you must add
-DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in
/etc/make.conf.

This code is a style(9) compliant version of these features extracted
from the patches published at:

http://www.psc.edu/networking/projects/hpn-ssh/

Merging this patch has been a collaboration between me and Bjoern.

Reviewed by:	bz
Approved by:	re (kib), des (maintainer)

1 files changed, 92 insertions, 0 deletions

diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c
index 43779af..17a93a6 100644
--- a/crypto/openssh/readconf.c
+++ b/crypto/openssh/readconf.c
@@ -1,4 +1,5 @@
 /* $OpenBSD: readconf.c,v 1.190 2010/11/13 23:27:50 djm Exp $ */
+/* $FreeBSD$ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -138,6 +139,10 @@ typedef enum {
 	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
 	oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
 	oKexAlgorithms, oIPQoS,
+	oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
+#ifdef NONE_CIPHER_ENABLED
+	oNoneEnabled, oNoneSwitch,
+#endif
 	oVersionAddendum,
 	oDeprecated, oUnsupported
 } OpCodes;
@@ -249,6 +254,14 @@ static struct {
 #endif
 	{ "kexalgorithms", oKexAlgorithms },
 	{ "ipqos", oIPQoS },
+	{ "hpndisabled", oHPNDisabled },
+	{ "hpnbuffersize", oHPNBufferSize },
+	{ "tcprcvbufpoll", oTcpRcvBufPoll },
+	{ "tcprcvbuf", oTcpRcvBuf },
+#ifdef	NONE_CIPHER_ENABLED
+	{ "noneenabled", oNoneEnabled },
+	{ "noneswitch", oNoneSwitch },
+#endif
 
 	{ "versionaddendum", oVersionAddendum },
 	{ NULL, oBadOption }
@@ -1021,6 +1034,47 @@ parse_int:
 		} while (arg != NULL && *arg != '\0');
 		break;
 
+	case oHPNDisabled:
+		intptr = &options->hpn_disabled;
+		goto parse_flag;
+
+	case oHPNBufferSize:
+		intptr = &options->hpn_buffer_size;
+		goto parse_int;
+
+	case oTcpRcvBufPoll:
+		intptr = &options->tcp_rcv_buf_poll;
+		goto parse_flag;
+
+	case oTcpRcvBuf:
+		intptr = &options->tcp_rcv_buf;
+		goto parse_int;
+
+#ifdef	NONE_CIPHER_ENABLED
+	case oNoneEnabled:
+		intptr = &options->none_enabled;
+		goto parse_flag;
+ 
+	/*
+         * We check to see if the command comes from the command line or not.
+	 * If it does then enable it otherwise fail.  NONE must never be a
+	 * default configuration.
+	 */
+	case oNoneSwitch:
+		if (strcmp(filename,"command-line") == 0) {
+			intptr = &options->none_switch;
+			goto parse_flag;
+		} else {
+			debug("NoneSwitch directive found in %.200s.",
+			    filename);
+			error("NoneSwitch is found in %.200s.\n"
+			    "You may only use this configuration option "
+			    "from the command line", filename);
+			error("Continuing...");
+			return 0;
+	        }
+#endif
+
 	case oDeprecated:
 		debug("%s line %d: Deprecated option \"%s\"",
 		    filename, linenum, keyword);
@@ -1181,6 +1235,14 @@ initialize_options(Options * options)
 	options->zero_knowledge_password_authentication = -1;
 	options->ip_qos_interactive = -1;
 	options->ip_qos_bulk = -1;
+	options->hpn_disabled = -1;
+	options->hpn_buffer_size = -1;
+	options->tcp_rcv_buf_poll = -1;
+	options->tcp_rcv_buf = -1;
+#ifdef NONE_CIPHER_ENABLED
+	options->none_enabled = -1;
+	options->none_switch = -1;
+#endif
 }
 
 /*
@@ -1345,6 +1407,36 @@ fill_default_options(Options * options)
 	/* options->hostname will be set in the main program if appropriate */
 	/* options->host_key_alias should not be set by default */
 	/* options->preferred_authentications will be set in ssh */
+	if (options->hpn_disabled == -1)
+	        options->hpn_disabled = 0;
+	if (options->hpn_buffer_size > -1)
+	{
+		u_int maxlen;
+
+		/* If a user tries to set the size to 0 set it to 1KB. */
+		if (options->hpn_buffer_size == 0)
+			options->hpn_buffer_size = 1024;
+		/* Limit the buffer to BUFFER_MAX_LEN. */
+		maxlen = buffer_get_max_len();
+		if (options->hpn_buffer_size > (maxlen / 1024)) {
+			debug("User requested buffer larger than %ub: %ub. "
+			    "Request reverted to %ub", maxlen,
+			    options->hpn_buffer_size * 1024, maxlen);
+			options->hpn_buffer_size = maxlen;
+		}
+		debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
+	}
+	if (options->tcp_rcv_buf == 0)
+		options->tcp_rcv_buf = 1;
+	if (options->tcp_rcv_buf > -1) 
+		options->tcp_rcv_buf *= 1024;
+	if (options->tcp_rcv_buf_poll == -1)
+		options->tcp_rcv_buf_poll = 1;
+#ifdef	NONE_CIPHER_ENABLED
+	/* options->none_enabled must not be set by default */
+	if (options->none_switch == -1)
+		options->none_switch = 0;
+#endif
 }
 
 /*