Add support for dynamically adjusted buffers to allow the full use of

the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or
trans-continental links).  Bandwidth-delay products up to 64MB are
supported.

Also add support (not compiled by default) for the None cypher.  The
None cypher can only be enabled on non-interactive sessions (those
without a pty where -T was not used) and must be enabled in both
the client and server configuration files and on the client command
line.  Additionally, the None cypher will only be activated after
authentication is complete.  To enable the None cypher you must add
-DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in
/etc/make.conf.

This code is a style(9) compliant version of these features extracted
from the patches published at:

http://www.psc.edu/networking/projects/hpn-ssh/

Merging this patch has been a collaboration between me and Bjoern.

Reviewed by:	bz
Approved by:	re (kib), des (maintainer)

1 files changed, 52 insertions, 2 deletions

diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c
index c9b29fb..1d21f93 100644
--- a/crypto/openssh/ssh.c
+++ b/crypto/openssh/ssh.c
@@ -1,4 +1,5 @@
 /* $OpenBSD: ssh.c,v 1.356 2011/01/06 22:23:53 djm Exp $ */
+/* $FreeBSD$ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -546,6 +547,15 @@ main(int ac, char **av)
 			break;
 		case 'T':
 			no_tty_flag = 1;
+#ifdef	NONE_CIPHER_ENABLED
+			/*
+			 * Ensure that the user does not try to backdoor a
+			 * NONE cipher switch on an interactive session by
+			 * explicitly disabling it if the user asks for a
+			 * session without a tty.
+			 */
+			options.none_switch = 0;
+#endif
 			break;
 		case 'o':
 			dummy = 1;
@@ -1368,9 +1378,46 @@ ssh_session2_open(void)
 	if (!isatty(err))
 		set_nonblock(err);
 
-	window = CHAN_SES_WINDOW_DEFAULT;
+	/*
+	 * We need to check to see what to do about buffer sizes here.
+	 * - In an HPN to non-HPN connection we want to limit the window size to
+	 *   something reasonable in case the far side has the large window bug.
+	 * - In an HPN to HPN connection we want to use the max window size but
+	 *   allow the user to override it.
+	 * - Lastly if HPN is disabled then use the ssh standard window size.
+	 *
+	 * We cannot just do a getsockopt() here and set the ssh window to that
+	 * as in case of autotuning of socket buffers the window would get stuck
+	 * at the initial buffer size, generally less than 96k.  Therefore we
+	 * need to set the maximum ssh window size to the maximum HPN buffer
+	 * size unless the user has set TcpRcvBufPoll to no.  In that case we
+	 * can just set the window to the minimum of HPN buffer size and TCP
+	 * receive buffer size.
+	 */
+	if (tty_flag)
+		options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
+	else
+		options.hpn_buffer_size = CHAN_HPN_MIN_WINDOW_DEFAULT;
+
+	if (datafellows & SSH_BUG_LARGEWINDOW) {
+		debug("HPN to Non-HPN Connection");
+	} else if (options.tcp_rcv_buf_poll <= 0) {
+		sock_get_rcvbuf(&options.hpn_buffer_size, 0);
+		debug("HPNBufferSize set to TCP RWIN: %d",
+		    options.hpn_buffer_size);
+	} else if (options.tcp_rcv_buf > 0) {
+		sock_get_rcvbuf(&options.hpn_buffer_size,
+		    options.tcp_rcv_buf);
+		debug("HPNBufferSize set to user TCPRcvBuf: %d",
+		    options.hpn_buffer_size);
+	}
+	debug("Final hpn_buffer_size = %d", options.hpn_buffer_size);
+	channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
+	window = options.hpn_buffer_size;
+
 	packetmax = CHAN_SES_PACKET_DEFAULT;
 	if (tty_flag) {
+		window = CHAN_SES_WINDOW_DEFAULT;
 		window >>= 1;
 		packetmax >>= 1;
 	}
@@ -1378,7 +1425,10 @@ ssh_session2_open(void)
 	    "session", SSH_CHANNEL_OPENING, in, out, err,
 	    window, packetmax, CHAN_EXTENDED_WRITE,
 	    "client-session", /*nonblock*/0);
-
+	if (!options.hpn_disabled && options.tcp_rcv_buf_poll > 0) {
+		c->dynamic_window = 1;
+		debug("Enabled Dynamic Window Scaling\n");
+	}
 	debug3("ssh_session2_open: channel_new: %d", c->self);
 
 	channel_send_open(c->self);