# HG changeset patch # User Matt Johnston # Date 1252677724 0 # Node ID f9b5dc0cba61a686c27ebba021c16029a5d2e033 # Parent b6665c1eac43b49053b7c49ed4536bbe8bcf74f3 - Disable compression for non-final multihops diff -r b6665c1eac43 -r f9b5dc0cba61 algo.h --- a/algo.h Thu Sep 10 11:12:31 2009 +0000 +++ b/algo.h Fri Sep 11 14:02:04 2009 +0000 @@ -50,7 +50,8 @@ extern algo_type sshhostkey[]; extern algo_type sshciphers[]; extern algo_type sshhashes[]; -extern algo_type sshcompress[]; +extern algo_type ssh_compress[]; +extern algo_type ssh_nocompress[]; extern const struct dropbear_cipher dropbear_nocipher; extern const struct dropbear_cipher_mode dropbear_mode_none; diff -r b6665c1eac43 -r f9b5dc0cba61 cli-runopts.c --- a/cli-runopts.c Thu Sep 10 11:12:31 2009 +0000 +++ b/cli-runopts.c Fri Sep 11 14:02:04 2009 +0000 @@ -145,6 +145,9 @@ #ifdef ENABLE_CLI_PROXYCMD cli_opts.proxycmd = NULL; #endif +#ifndef DISABLE_ZLIB + opts.enable_compress = 1; +#endif /* not yet opts.ipv4 = 1; opts.ipv6 = 1; @@ -530,6 +533,10 @@ snprintf(cli_opts.proxycmd, cmd_len, "%s -B %s:%s %s %s", argv0, cli_opts.remotehost, cli_opts.remoteport, passthrough_args, remainder); +#ifndef DISABLE_ZLIB + /* The stream will be incompressible since it's encrypted. */ + opts.enable_compress = 0; +#endif m_free(passthrough_args); } m_free(hostbuf); diff -r b6665c1eac43 -r f9b5dc0cba61 common-algo.c --- a/common-algo.c Thu Sep 10 11:12:31 2009 +0000 +++ b/common-algo.c Fri Sep 11 14:02:04 2009 +0000 @@ -168,11 +168,16 @@ {NULL, 0, NULL, 0, NULL} }; -algo_type sshcompress[] = { #ifndef DISABLE_ZLIB +algo_type ssh_compress[] = { {"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL}, {"zlib@openssh.com", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL}, + {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, + {NULL, 0, NULL, 0, NULL} +}; #endif + +algo_type ssh_nocompress[] = { {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, {NULL, 0, NULL, 0, NULL} }; diff -r b6665c1eac43 -r f9b5dc0cba61 common-kex.c --- a/common-kex.c Thu Sep 10 11:12:31 2009 +0000 +++ b/common-kex.c Fri Sep 11 14:02:04 2009 +0000 @@ -33,6 +33,7 @@ #include "packet.h" #include "bignum.h" #include "random.h" +#include "runopts.h" /* diffie-hellman-group1-sha1 value for p */ static const unsigned char dh_p_val[] = { @@ -91,10 +92,10 @@ buf_put_algolist(ses.writepayload, sshhashes); /* compression_algorithms_client_to_server */ - buf_put_algolist(ses.writepayload, sshcompress); + buf_put_algolist(ses.writepayload, ses.compress_algos); /* compression_algorithms_server_to_client */ - buf_put_algolist(ses.writepayload, sshcompress); + buf_put_algolist(ses.writepayload, ses.compress_algos); /* languages_client_to_server */ buf_putstring(ses.writepayload, "", 0); @@ -180,8 +181,16 @@ /* Set up the kex for the first time */ void kexfirstinitialise() { + ses.kexstate.donefirstkex = 0; - ses.kexstate.donefirstkex = 0; +#ifndef DISABLE_ZLIB + if (opts.enable_compress) { + ses.compress_algos = ssh_compress; + } else +#endif + { + ses.compress_algos = ssh_nocompress; + } kexinitialise(); } @@ -670,7 +679,7 @@ TRACE(("hash s2c is %s", s2c_hash_algo->name)) /* compression_algorithms_client_to_server */ - c2s_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess); + c2s_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess); if (c2s_comp_algo == NULL) { erralgo = "comp c->s"; goto error; @@ -678,7 +687,7 @@ TRACE(("hash c2s is %s", c2s_comp_algo->name)) /* compression_algorithms_server_to_client */ - s2c_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess); + s2c_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess); if (s2c_comp_algo == NULL) { erralgo = "comp s->c"; goto error; diff -r b6665c1eac43 -r f9b5dc0cba61 runopts.h --- a/runopts.h Thu Sep 10 11:12:31 2009 +0000 +++ b/runopts.h Fri Sep 11 14:02:04 2009 +0000 @@ -40,6 +40,14 @@ time_t keepalive_secs; time_t idle_timeout_secs; +#ifndef DISABLE_ZLIB + /* TODO: add a commandline flag. Currently this is on by default if compression + * is compiled in, but disabled for a client's non-final multihop stages. (The + * intermediate stages are compressed streams, so are uncompressible. */ + int enable_compress; +#endif + + } runopts; extern runopts opts; @@ -135,7 +143,6 @@ #ifdef ENABLE_CLI_PROXYCMD char *proxycmd; #endif - } cli_runopts; extern cli_runopts cli_opts; diff -r b6665c1eac43 -r f9b5dc0cba61 session.h --- a/session.h Thu Sep 10 11:12:31 2009 +0000 +++ b/session.h Fri Sep 11 14:02:04 2009 +0000 @@ -160,6 +160,9 @@ buffer* kexhashbuf; /* session hash buffer calculated from various packets*/ buffer* transkexinit; /* the kexinit packet we send should be kept so we can add it to the hash when generating keys */ + + /* Enables/disables compression */ + algo_type *compress_algos; /* a list of queued replies that should be sent after a KEX has concluded (ie, while dataallowed was unset)*/ diff -r b6665c1eac43 -r f9b5dc0cba61 svr-runopts.c --- a/svr-runopts.c Thu Sep 10 11:12:31 2009 +0000 +++ b/svr-runopts.c Fri Sep 11 14:02:04 2009 +0000 @@ -125,6 +125,9 @@ #ifdef ENABLE_SVR_REMOTETCPFWD svr_opts.noremotetcp = 0; #endif +#ifndef DISABLE_ZLIB + opts.enable_compress = 1; +#endif /* not yet opts.ipv4 = 1; opts.ipv6 = 1;