dropbear: sysoptions.h annotate

annotate sysoptions.h @ 994:5c5ade336926

Prefer stronger algorithms in algorithm negotiation. Prefer diffie-hellman-group14-sha1 (2048 bit) over diffie-hellman-group1-sha1 (1024 bit). Due to meet-in-the-middle attacks the effective key length of three key 3DES is 112 bits. AES is stronger and faster then 3DES. Prefer to delay the start of compression until after authentication has completed. This avoids exposing compression code to attacks from unauthenticated users. (github pull request #9)

author	Fedor Brunner <fedor.brunner@azet.sk>
date	Fri, 23 Jan 2015 23:00:25 +0800
parents	735511a4c761
children	73ea0dce9a57 48a0ba346de4

rev	line source
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 /*******************************************************************
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 * You shouldn't edit this file unless you know you need to.
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 * This file is only included from options.h
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 *******************************************************************/
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 #ifndef DROPBEAR_VERSION
979 735511a4c761 changelog, version number bump Matt Johnston <matt@ucc.asn.au> parents: 977 diff changeset	7 #define DROPBEAR_VERSION "2014.66"
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 #define PROGNAME "dropbear"
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 /* Spec recommends after one hour or 1 gigabyte of data. One hour
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 * is a bit too verbose, so we try 8 hours */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 #ifndef KEX_REKEY_TIMEOUT
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 #define KEX_REKEY_TIMEOUT (3600 * 8)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 #ifndef KEX_REKEY_DATA
887 0459ff21e320 Back out accidentally committed files Matt Johnston <matt@ucc.asn.au> parents: 886 diff changeset	19 #define KEX_REKEY_DATA (1<<30) /* 2^30 == 1GB, this value must be < INT_MAX */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 #ifndef AUTH_TIMEOUT
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25
746 465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	26 /* A client should try and send an initial key exchange packet guessing
465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	27 * the algorithm that will match - saves a round trip connecting, has little
465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	28 * overhead if the guess was "wrong". */
465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	29 #define USE_KEX_FIRST_FOLLOWS
465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	30 /* Use protocol extension to allow "first follows" to succeed more frequently.
465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	31 * This is currently Dropbear-specific but will gracefully fallback when connecting
465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	32 * to other implementations. */
465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	33 #define USE_KEXGUESS2
465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	34
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	35 /* Minimum key sizes for DSS and RSA */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	36 #ifndef MIN_DSS_KEYLEN
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	37 #define MIN_DSS_KEYLEN 512
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	38 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	39 #ifndef MIN_RSA_KEYLEN
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	40 #define MIN_RSA_KEYLEN 512
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	41 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	42
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	43 #define MAX_BANNER_SIZE 2000 /* this is 2580 chars, any more is foolish /
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	44 #define MAX_BANNER_LINES 20 /* How many lines the client will display */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	45
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	46 /* the number of NAME=VALUE pairs to malloc for environ, if we don't have
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	47 * the clearenv() function */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	48 #define ENV_SIZE 100
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	49
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	50 #define MAX_CMD_LEN 1024 /* max length of a command */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	51 #define MAX_TERM_LEN 200 /* max length of TERM name */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	52
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	53 #define MAX_HOST_LEN 254 /* max hostname len for tcp fwding */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	54 #define MAX_IP_LEN 15 /* strlen("255.255.255.255") == 15 */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified,
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 ipv4 and ipv6 don't count twice */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59 /* Each port might have at least a v4 and a v6 address */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	60 #define MAX_LISTEN_ADDR (DROPBEAR_MAX_PORTS*3)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	62 #define _PATH_TTY "/dev/tty"
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	63
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	64 #define _PATH_CP "/bin/cp"
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	65
722 4a274f47eabd Add ~. and ~^Z handling to exit/suspend dbclient Matt Johnston <matt@ucc.asn.au> parents: 718 diff changeset	66 #define DROPBEAR_ESCAPE_CHAR '~'
4a274f47eabd Add ~. and ~^Z handling to exit/suspend dbclient Matt Johnston <matt@ucc.asn.au> parents: 718 diff changeset	67
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	68 /* success/failure defines */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69 #define DROPBEAR_SUCCESS 0
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70 #define DROPBEAR_FAILURE -1
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	71
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	72 /* Required for pubkey auth */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	73 #if defined(ENABLE_SVR_PUBKEY_AUTH) \|\| defined(DROPBEAR_CLIENT)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	74 #define DROPBEAR_SIGNKEY_VERIFY
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	75 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	76
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	77 #define SHA1_HASH_SIZE 20
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	78 #define MD5_HASH_SIZE 16
855 04ede40a529a - Some fixes for old compilers like tru64 v4 from Daniel Richard G. Matt Johnston <matt@ucc.asn.au> parents: 850 diff changeset	79 #define MAX_HASH_SIZE 64 /* sha512 */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	80
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	81 #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */
762 a78a38e402d1 - Fix various hardcoded uses of SHA1 Matt Johnston <matt@ucc.asn.au> parents: 761 diff changeset	82 #define MAX_IV_LEN 20 /* must be same as max blocksize, */
715 cd3d3c63d189 Make hmac-sha2-256 and hmac-sha2-512 work Matt Johnston <matt@ucc.asn.au> parents: 710 diff changeset	83
679 03073a27abb3 - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be Matt Johnston <matt@ucc.asn.au> parents: 668 diff changeset	84 #if defined(DROPBEAR_SHA2_512_HMAC)
715 cd3d3c63d189 Make hmac-sha2-256 and hmac-sha2-512 work Matt Johnston <matt@ucc.asn.au> parents: 710 diff changeset	85 #define MAX_MAC_LEN 64
679 03073a27abb3 - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be Matt Johnston <matt@ucc.asn.au> parents: 668 diff changeset	86 #elif defined(DROPBEAR_SHA2_256_HMAC)
715 cd3d3c63d189 Make hmac-sha2-256 and hmac-sha2-512 work Matt Johnston <matt@ucc.asn.au> parents: 710 diff changeset	87 #define MAX_MAC_LEN 32
679 03073a27abb3 - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be Matt Johnston <matt@ucc.asn.au> parents: 668 diff changeset	88 #else
715 cd3d3c63d189 Make hmac-sha2-256 and hmac-sha2-512 work Matt Johnston <matt@ucc.asn.au> parents: 710 diff changeset	89 #define MAX_MAC_LEN 20
679 03073a27abb3 - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be Matt Johnston <matt@ucc.asn.au> parents: 668 diff changeset	90 #endif
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	91
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 722 diff changeset	92 #if defined(DROPBEAR_ECDH) \|\| defined (DROPBEAR_ECDSA)
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 722 diff changeset	93 #define DROPBEAR_ECC
838 4365e12c68e6 A few small fixes for ECC compilation Matt Johnston <matt@ucc.asn.au> parents: 835 diff changeset	94 /* Debian doesn't define this in system headers */
869 c63e7644db60 Only define LTM_DESC if it isn't already Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	95 #ifndef LTM_DESC
838 4365e12c68e6 A few small fixes for ECC compilation Matt Johnston <matt@ucc.asn.au> parents: 835 diff changeset	96 #define LTM_DESC
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 722 diff changeset	97 #endif
869 c63e7644db60 Only define LTM_DESC if it isn't already Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	98 #endif
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 722 diff changeset	99
756 bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	100 #ifdef DROPBEAR_ECC
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	101 #define DROPBEAR_ECC_256
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	102 #define DROPBEAR_ECC_384
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	103 #define DROPBEAR_ECC_521
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	104 #endif
bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	105
761 ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	106 #ifdef DROPBEAR_ECC
ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	107 #define DROPBEAR_LTC_PRNG
ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	108 #endif
ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	109
850 7507b174bba0 - Make curve25519 work after fixing a typo, interoperates with OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 847 diff changeset	110 /* RSA can be vulnerable to timing attacks which use the time required for
7507b174bba0 - Make curve25519 work after fixing a typo, interoperates with OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 847 diff changeset	111 * signing to guess the private key. Blinding avoids this attack, though makes
7507b174bba0 - Make curve25519 work after fixing a typo, interoperates with OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 847 diff changeset	112 * signing operations slightly slower. */
7507b174bba0 - Make curve25519 work after fixing a typo, interoperates with OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 847 diff changeset	113 #define RSA_BLINDING
7507b174bba0 - Make curve25519 work after fixing a typo, interoperates with OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 847 diff changeset	114
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 838 diff changeset	115 /* hashes which will be linked and registered */
850 7507b174bba0 - Make curve25519 work after fixing a typo, interoperates with OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 847 diff changeset	116 #if defined(DROPBEAR_SHA2_256_HMAC) \|\| defined(DROPBEAR_ECC_256) \|\| defined(DROPBEAR_CURVE25519)
759 76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 756 diff changeset	117 #define DROPBEAR_SHA256
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 756 diff changeset	118 #endif
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 756 diff changeset	119 #if defined(DROPBEAR_ECC_384)
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 756 diff changeset	120 #define DROPBEAR_SHA384
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 756 diff changeset	121 #endif
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 838 diff changeset	122 /* LTC SHA384 depends on SHA512 */
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 838 diff changeset	123 #if defined(DROPBEAR_SHA2_512_HMAC) \|\| defined(DROPBEAR_ECC_521) \|\| defined(DROPBEAR_ECC_384)
759 76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 756 diff changeset	124 #define DROPBEAR_SHA512
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 756 diff changeset	125 #endif
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 756 diff changeset	126 #if defined(DROPBEAR_MD5_HMAC)
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 756 diff changeset	127 #define DROPBEAR_MD5
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 756 diff changeset	128 #endif
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 756 diff changeset	129
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 838 diff changeset	130 /* roughly 2x 521 bits */
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 722 diff changeset	131 #define MAX_ECC_SIZE 140
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 722 diff changeset	132
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	133 #define MAX_NAME_LEN 64 /* maximum length of a protocol name, isn't
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	134 explicitly specified for all protocols (just
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	135 for algos) but seems valid */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	136
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	137 #define MAX_PROPOSED_ALGO 20
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	138
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	139 /* size/count limits */
603 3aa74a4d83ae Refer to RFCs rather than drafts, update some section references Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	140 /* From transport rfc */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	141 #define MIN_PACKET_LEN 16
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	142
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	143 #define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100)))
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	144
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	145 /* for channel code */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	146 #define TRANS_MAX_WINDOW 500000000 /* 500MB is sufficient, stopping overflow */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	147 #define TRANS_MAX_WIN_INCR 500000000 /* overflow prevention */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	148
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	149 #define RECV_WINDOWEXTEND (opts.recv_window / 3) /* We send a "window extend" every
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	150 RECV_WINDOWEXTEND bytes */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	151 #define MAX_RECV_WINDOW (10241024) / 1 MB should be enough */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	152
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	153 #define MAX_CHANNELS 100 /* simple mem restriction, includes each tcp/x11
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	154 connection, so can't be _too_ small */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	155
977 cfac45421ba0 increae MAX_STRING_LEN for sun ssh Matt Johnston <matt@ucc.asn.au> parents: 970 diff changeset	156 #define MAX_STRING_LEN 2400 /* Sun SSH needs this long for algos */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	157
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	158 /* For a 4096 bit DSS key, empirically determined */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	159 #define MAX_PUBKEY_SIZE 1700
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	160 /* For a 4096 bit DSS key, empirically determined */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	161 #define MAX_PRIVKEY_SIZE 1700
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	162
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	163 #define MAX_HOSTKEYS 3
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	164
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	165 /* The maximum size of the bignum portion of the kexhash buffer */
603 3aa74a4d83ae Refer to RFCs rather than drafts, update some section references Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	166 /* Sect. 8 of the transport rfc 4253, K_S + e + f + K */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	167 #define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	168
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	169 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	170 in a few years time.... */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	171
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	172 #define DROPBEAR_MAX_CLI_PASS 1024
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	173
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	174 #define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80 /* The number of prompts we'll
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	175 accept for keyb-interactive
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	176 auth */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	177
883 ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	178
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 501 diff changeset	179 #if defined(DROPBEAR_AES256) \|\| defined(DROPBEAR_AES128)
43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 501 diff changeset	180 #define DROPBEAR_AES
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	181 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	182
502 43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 501 diff changeset	183 #if defined(DROPBEAR_TWOFISH256) \|\| defined(DROPBEAR_TWOFISH128)
43bbe17d6ba0 - Add Counter Mode support Matt Johnston <matt@ucc.asn.au> parents: 501 diff changeset	184 #define DROPBEAR_TWOFISH
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	185 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	186
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	187 #ifndef ENABLE_X11FWD
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	188 #define DISABLE_X11FWD
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	189 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	190
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	191 #if defined(ENABLE_CLI_REMOTETCPFWD) \|\| defined(ENABLE_CLI_LOCALTCPFWD)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	192 #define ENABLE_CLI_ANYTCPFWD
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	193 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	194
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	195 #if defined(ENABLE_CLI_LOCALTCPFWD) \|\| defined(ENABLE_SVR_REMOTETCPFWD)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	196 #define DROPBEAR_TCP_ACCEPT
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	197 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	198
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	199 #if defined(ENABLE_CLI_REMOTETCPFWD) \|\| defined(ENABLE_CLI_LOCALTCPFWD) \|\| \
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	200 defined(ENABLE_SVR_REMOTETCPFWD) \|\| defined(ENABLE_SVR_LOCALTCPFWD) \|\| \
547 cf376c696dfc Make it compile, update for changes in channel structure. Matt Johnston <matt@ucc.asn.au> parents: 521 diff changeset	201 defined(ENABLE_SVR_AGENTFWD) \|\| defined(ENABLE_X11FWD)
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	202 #define USING_LISTENERS
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	203 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	204
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	205 #if defined(ENABLE_CLI_NETCAT) && defined(ENABLE_CLI_PROXYCMD)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	206 #define ENABLE_CLI_MULTIHOP
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	207 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	208
547 cf376c696dfc Make it compile, update for changes in channel structure. Matt Johnston <matt@ucc.asn.au> parents: 521 diff changeset	209 #if defined(ENABLE_CLI_AGENTFWD) \|\| defined(DROPBEAR_PRNGD_SOCKET)
cf376c696dfc Make it compile, update for changes in channel structure. Matt Johnston <matt@ucc.asn.au> parents: 521 diff changeset	210 #define ENABLE_CONNECT_UNIX
cf376c696dfc Make it compile, update for changes in channel structure. Matt Johnston <matt@ucc.asn.au> parents: 521 diff changeset	211 #endif
cf376c696dfc Make it compile, update for changes in channel structure. Matt Johnston <matt@ucc.asn.au> parents: 521 diff changeset	212
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	213 #if defined(DROPBEAR_CLIENT) \|\| defined(ENABLE_SVR_PUBKEY_AUTH)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	214 #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	215 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	216
605 53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	217 /* Changing this is inadvisable, it appears to have problems
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	218 * with flushing compressed data */
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	219 #define DROPBEAR_ZLIB_MEM_LEVEL 8
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	220
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	221 #if defined(ENABLE_SVR_PASSWORD_AUTH) && defined(ENABLE_SVR_PAM_AUTH)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	222 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h"
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	223 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	224
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	225 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	226 * code, if we're just compiling as client or server */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	227 #if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	228
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	229 #define IS_DROPBEAR_SERVER (ses.isserver == 1)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	230 #define IS_DROPBEAR_CLIENT (ses.isserver == 0)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	231
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	232 #elif defined(DROPBEAR_SERVER)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	233
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	234 #define IS_DROPBEAR_SERVER 1
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	235 #define IS_DROPBEAR_CLIENT 0
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	236
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	237 #elif defined(DROPBEAR_CLIENT)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	238
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	239 #define IS_DROPBEAR_SERVER 0
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	240 #define IS_DROPBEAR_CLIENT 1
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	241
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	242 #else
521 cc2dff9bd671 - Allow building with neither server nor client specified Matt Johnston <matt@ucc.asn.au> parents: 516 diff changeset	243 /* Just building key utils? */
cc2dff9bd671 - Allow building with neither server nor client specified Matt Johnston <matt@ucc.asn.au> parents: 516 diff changeset	244 #define IS_DROPBEAR_SERVER 0
cc2dff9bd671 - Allow building with neither server nor client specified Matt Johnston <matt@ucc.asn.au> parents: 516 diff changeset	245 #define IS_DROPBEAR_CLIENT 0
cc2dff9bd671 - Allow building with neither server nor client specified Matt Johnston <matt@ucc.asn.au> parents: 516 diff changeset	246
667 fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	247 #endif /* neither DROPBEAR_SERVER nor DROPBEAR_CLIENT */
fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	248
fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	249 #ifndef HAVE_FORK
fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	250 #define USE_VFORK
fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	251 #endif /* don't HAVE_FORK */
fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	252
936 d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	253 #if MAX_UNAUTH_CLIENTS > MAX_CHANNELS
d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	254 #define DROPBEAR_LISTEN_BACKLOG MAX_UNAUTH_CLIENTS
d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	255 #else
d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	256 #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS
d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	257 #endif
d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	258
970 0bb16232e7c4 Make keepalive handling more robust, this should now match what OpenSSH does Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	259 /* Use this string since some implementations might special-case it */
0bb16232e7c4 Make keepalive handling more robust, this should now match what OpenSSH does Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	260 #define DROPBEAR_KEEPALIVE_STRING "[email protected]"
0bb16232e7c4 Make keepalive handling more robust, this should now match what OpenSSH does Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	261
667 fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	262 /* no include guard for this file */

Mercurial > dropbear

annotate sysoptions.h @ 994:5c5ade336926