changeset 575:f9b5dc0cba61

- Disable compression for non-final multihops
author Matt Johnston <matt@ucc.asn.au>
date Fri, 11 Sep 2009 14:02:04 +0000
parents b6665c1eac43
children c470649fb627
files algo.h cli-runopts.c common-algo.c common-kex.c runopts.h session.h svr-runopts.c
diffstat 7 files changed, 43 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/algo.h	Thu Sep 10 11:12:31 2009 +0000
+++ b/algo.h	Fri Sep 11 14:02:04 2009 +0000
@@ -50,7 +50,8 @@
 extern algo_type sshhostkey[];
 extern algo_type sshciphers[];
 extern algo_type sshhashes[];
-extern algo_type sshcompress[];
+extern algo_type ssh_compress[];
+extern algo_type ssh_nocompress[];
 
 extern const struct dropbear_cipher dropbear_nocipher;
 extern const struct dropbear_cipher_mode dropbear_mode_none;
--- a/cli-runopts.c	Thu Sep 10 11:12:31 2009 +0000
+++ b/cli-runopts.c	Fri Sep 11 14:02:04 2009 +0000
@@ -145,6 +145,9 @@
 #ifdef ENABLE_CLI_PROXYCMD
 	cli_opts.proxycmd = NULL;
 #endif
+#ifndef DISABLE_ZLIB
+	opts.enable_compress = 1;
+#endif
 	/* not yet
 	opts.ipv4 = 1;
 	opts.ipv6 = 1;
@@ -530,6 +533,10 @@
 		snprintf(cli_opts.proxycmd, cmd_len, "%s -B %s:%s %s %s", 
 				argv0, cli_opts.remotehost, cli_opts.remoteport, 
 				passthrough_args, remainder);
+#ifndef DISABLE_ZLIB
+		/* The stream will be incompressible since it's encrypted. */
+		opts.enable_compress = 0;
+#endif
 		m_free(passthrough_args);
 	}
 	m_free(hostbuf);
--- a/common-algo.c	Thu Sep 10 11:12:31 2009 +0000
+++ b/common-algo.c	Fri Sep 11 14:02:04 2009 +0000
@@ -168,11 +168,16 @@
 	{NULL, 0, NULL, 0, NULL}
 };
 
-algo_type sshcompress[] = {
 #ifndef DISABLE_ZLIB
+algo_type ssh_compress[] = {
 	{"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL},
 	{"[email protected]", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL},
+	{"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
+	{NULL, 0, NULL, 0, NULL}
+};
 #endif
+
+algo_type ssh_nocompress[] = {
 	{"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
 	{NULL, 0, NULL, 0, NULL}
 };
--- a/common-kex.c	Thu Sep 10 11:12:31 2009 +0000
+++ b/common-kex.c	Fri Sep 11 14:02:04 2009 +0000
@@ -33,6 +33,7 @@
 #include "packet.h"
 #include "bignum.h"
 #include "random.h"
+#include "runopts.h"
 
 /* diffie-hellman-group1-sha1 value for p */
 static const unsigned char dh_p_val[] = {
@@ -91,10 +92,10 @@
 	buf_put_algolist(ses.writepayload, sshhashes);
 
 	/* compression_algorithms_client_to_server */
-	buf_put_algolist(ses.writepayload, sshcompress);
+	buf_put_algolist(ses.writepayload, ses.compress_algos);
 
 	/* compression_algorithms_server_to_client */
-	buf_put_algolist(ses.writepayload, sshcompress);
+	buf_put_algolist(ses.writepayload, ses.compress_algos);
 
 	/* languages_client_to_server */
 	buf_putstring(ses.writepayload, "", 0);
@@ -180,8 +181,16 @@
 
 /* Set up the kex for the first time */
 void kexfirstinitialise() {
+	ses.kexstate.donefirstkex = 0;
 
-	ses.kexstate.donefirstkex = 0;
+#ifndef DISABLE_ZLIB
+	if (opts.enable_compress) {
+		ses.compress_algos = ssh_compress;
+	} else
+#endif
+	{
+		ses.compress_algos = ssh_nocompress;
+	}
 	kexinitialise();
 }
 
@@ -670,7 +679,7 @@
 	TRACE(("hash s2c is  %s", s2c_hash_algo->name))
 
 	/* compression_algorithms_client_to_server */
-	c2s_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
+	c2s_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess);
 	if (c2s_comp_algo == NULL) {
 		erralgo = "comp c->s";
 		goto error;
@@ -678,7 +687,7 @@
 	TRACE(("hash c2s is  %s", c2s_comp_algo->name))
 
 	/* compression_algorithms_server_to_client */
-	s2c_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
+	s2c_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess);
 	if (s2c_comp_algo == NULL) {
 		erralgo = "comp s->c";
 		goto error;
--- a/runopts.h	Thu Sep 10 11:12:31 2009 +0000
+++ b/runopts.h	Fri Sep 11 14:02:04 2009 +0000
@@ -40,6 +40,14 @@
 	time_t keepalive_secs;
 	time_t idle_timeout_secs;
 
+#ifndef DISABLE_ZLIB
+	/* TODO: add a commandline flag. Currently this is on by default if compression
+	 * is compiled in, but disabled for a client's non-final multihop stages. (The
+	 * intermediate stages are compressed streams, so are uncompressible. */
+	int enable_compress;
+#endif
+
+
 } runopts;
 
 extern runopts opts;
@@ -135,7 +143,6 @@
 #ifdef ENABLE_CLI_PROXYCMD
 	char *proxycmd;
 #endif
-
 } cli_runopts;
 
 extern cli_runopts cli_opts;
--- a/session.h	Thu Sep 10 11:12:31 2009 +0000
+++ b/session.h	Fri Sep 11 14:02:04 2009 +0000
@@ -160,6 +160,9 @@
 	buffer* kexhashbuf; /* session hash buffer calculated from various packets*/
 	buffer* transkexinit; /* the kexinit packet we send should be kept so we
 							 can add it to the hash when generating keys */
+
+	/* Enables/disables compression */
+	algo_type *compress_algos;
 							
 	/* a list of queued replies that should be sent after a KEX has
 	   concluded (ie, while dataallowed was unset)*/
--- a/svr-runopts.c	Thu Sep 10 11:12:31 2009 +0000
+++ b/svr-runopts.c	Fri Sep 11 14:02:04 2009 +0000
@@ -125,6 +125,9 @@
 #ifdef ENABLE_SVR_REMOTETCPFWD
 	svr_opts.noremotetcp = 0;
 #endif
+#ifndef DISABLE_ZLIB
+	opts.enable_compress = 1;
+#endif
 	/* not yet
 	opts.ipv4 = 1;
 	opts.ipv6 = 1;