Mercurial > dropbear
comparison netio.c @ 1857:6022df862942
Use DSCP for IP QoS traffic classes
The previous TOS values are deprecated and not used by modern traffic
classifiers. This sets AF21 for "interactive" traffic (with a tty).
Non-tty traffic sets AF11 - that indicates high throughput but is not
lowest priority (which would be CS1 or LE).
This differs from the CS1 used by OpenSSH, it lets interactive git over SSH
have higher priority than background least effort traffic. Dropbear's settings
here should be suitable with the diffservs used by CAKE qdisc.
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Tue, 25 Jan 2022 17:32:20 +0800 |
parents | 4983a6bc1f51 |
children | ed3326f21888 1d86a58fb52d |
comparison
equal
deleted
inserted
replaced
1856:8f28519e34b0 | 1857:6022df862942 |
---|---|
361 #endif | 361 #endif |
362 | 362 |
363 void set_sock_priority(int sock, enum dropbear_prio prio) { | 363 void set_sock_priority(int sock, enum dropbear_prio prio) { |
364 | 364 |
365 int rc; | 365 int rc; |
366 #ifdef IPTOS_LOWDELAY | 366 int val; |
367 int iptos_val = 0; | |
368 #endif | |
369 #ifdef HAVE_LINUX_PKT_SCHED_H | |
370 int so_prio_val = 0; | |
371 #endif | |
372 | 367 |
373 #if DROPBEAR_FUZZ | 368 #if DROPBEAR_FUZZ |
374 if (fuzz.fuzzing) { | 369 if (fuzz.fuzzing) { |
375 TRACE(("fuzzing skips set_sock_prio")) | 370 TRACE(("fuzzing skips set_sock_prio")) |
376 return; | 371 return; |
377 } | 372 } |
378 #endif | 373 #endif |
379 | |
380 /* Don't log ENOTSOCK errors so that this can harmlessly be called | 374 /* Don't log ENOTSOCK errors so that this can harmlessly be called |
381 * on a client '-J' proxy pipe */ | 375 * on a client '-J' proxy pipe */ |
382 | 376 |
383 /* set the TOS bit for either ipv4 or ipv6 */ | 377 #ifdef IPTOS_DSCP_AF21 |
384 #ifdef IPTOS_LOWDELAY | 378 /* Set the DSCP field for outbound IP packet priority. |
379 rfc4594 has some guidance to meanings. | |
380 | |
381 We set AF21 as "Low-Latency" class for interactive (tty session). | |
382 Set AF11 "High-Throughput" for bulk data (which includes things | |
383 such as git over ssh). We usually want higher priority than | |
384 CS1/LE least effort. | |
385 | |
386 OpenSSH at present uses AF21/CS1, rationale | |
387 https://cvsweb.openbsd.org/src/usr.bin/ssh/readconf.c#rev1.284 | |
388 | |
389 Old Dropbear/OpenSSH and Debian/Ubuntu OpenSSH (at Jan 2022) use | |
390 IPTOS_LOWDELAY/IPTOS_THROUGHPUT | |
391 */ | |
385 if (prio == DROPBEAR_PRIO_LOWDELAY) { | 392 if (prio == DROPBEAR_PRIO_LOWDELAY) { |
386 iptos_val = IPTOS_LOWDELAY; | 393 val = IPTOS_DSCP_AF21; |
387 } else if (prio == DROPBEAR_PRIO_BULK) { | 394 } else if (prio == DROPBEAR_PRIO_BULK) { |
388 iptos_val = IPTOS_THROUGHPUT; | 395 val = IPTOS_DSCP_AF11; |
396 } else { | |
397 val = 0; /* default */ | |
389 } | 398 } |
390 #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) | 399 #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) |
391 rc = setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS, (void*)&iptos_val, sizeof(iptos_val)); | 400 rc = setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS, (void*)&val, sizeof(val)); |
392 if (rc < 0 && errno != ENOTSOCK) { | 401 if (rc < 0 && errno != ENOTSOCK) { |
393 TRACE(("Couldn't set IPV6_TCLASS (%s)", strerror(errno))); | 402 TRACE(("Couldn't set IPV6_TCLASS (%s)", strerror(errno))); |
394 } | 403 } |
395 #endif | 404 #endif |
396 rc = setsockopt(sock, IPPROTO_IP, IP_TOS, (void*)&iptos_val, sizeof(iptos_val)); | 405 rc = setsockopt(sock, IPPROTO_IP, IP_TOS, (void*)&val, sizeof(val)); |
397 if (rc < 0 && errno != ENOTSOCK) { | 406 if (rc < 0 && errno != ENOTSOCK) { |
398 TRACE(("Couldn't set IP_TOS (%s)", strerror(errno))); | 407 TRACE(("Couldn't set IP_TOS (%s)", strerror(errno))); |
399 } | 408 } |
400 #endif | 409 #endif |
401 | 410 |
402 #ifdef HAVE_LINUX_PKT_SCHED_H | 411 #ifdef HAVE_LINUX_PKT_SCHED_H |
412 /* Set scheduling priority within the local Linux network stack */ | |
403 if (prio == DROPBEAR_PRIO_LOWDELAY) { | 413 if (prio == DROPBEAR_PRIO_LOWDELAY) { |
404 so_prio_val = TC_PRIO_INTERACTIVE; | 414 val = TC_PRIO_INTERACTIVE; |
405 } else if (prio == DROPBEAR_PRIO_BULK) { | 415 } else if (prio == DROPBEAR_PRIO_BULK) { |
406 so_prio_val = TC_PRIO_BULK; | 416 val = TC_PRIO_BULK; |
417 } else { | |
418 val = 0; | |
407 } | 419 } |
408 /* linux specific, sets QoS class. see tc-prio(8) */ | 420 /* linux specific, sets QoS class. see tc-prio(8) */ |
409 rc = setsockopt(sock, SOL_SOCKET, SO_PRIORITY, (void*) &so_prio_val, sizeof(so_prio_val)); | 421 rc = setsockopt(sock, SOL_SOCKET, SO_PRIORITY, (void*) &val, sizeof(val)); |
410 if (rc < 0 && errno != ENOTSOCK) { | 422 if (rc < 0 && errno != ENOTSOCK) { |
411 TRACE(("Couldn't set SO_PRIORITY (%s)", strerror(errno))) | 423 TRACE(("Couldn't set SO_PRIORITY (%s)", strerror(errno))) |
412 } | 424 } |
413 #endif | 425 #endif |
414 | 426 |