Re: openssh 4.2p1 zlib compression broken for old clients

This is a discussion on Re: openssh 4.2p1 zlib compression broken for old clients within the OpenSSH Development forums, part of the Networking and Network Related category; On Oct 26, Iain Morgan wrote: > This is spelt out pretty clearly in the ChangeLog for 4.2p1 and (...


Go Back   Usenet Forums > Networking and Network Related > OpenSSH Development

Reload this Page Re: openssh 4.2p1 zlib compression broken for old clients

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 10-27-2005
Harald Koenig
 
Posts: n/a
Default Re: openssh 4.2p1 zlib compression broken for old clients
On Oct 26, Iain Morgan wrote:

> This is spelt out pretty clearly in the ChangeLog for 4.2p1 and (if I recall
> correctly) in the release announcement on this list. Admittedly, the
> sshd_config(5) man page does not appear to call out this issue.

thanks for your pointer to the docs (and sorry for not having read/understood them all).
maybe you can answer two more open questions on that topic, please ?

> Set Compression=yes in your sshd_config and the old clients should behave.


a)
what's the reason/benefit for the new delayed compression, or otherway round:
what's the (maybe furture) drawback if I'll use "Compression yes" in sshd_conf for backward compatibility ?
is this to avoid small packets for authentication getting larger by zlib compression ?


b)
what's the reason of the different code in sshconnect2.c/ssh_kex2() and sshd.c/do_ssh2_kex()
for this setup ? sshconnect2.c/ssh_kex2() already uses

if (options.compression) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none";
} else {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
}

and thus offers a fallback to old "zlib" scheme, while sshd.c/do_ssh2_kex() reads

if (options.compression == COMP_NONE) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
} else if (options.compression == COMP_DELAYED) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
}

not offering a fallback for old clients. why not allowing a fallback for compatibility
to old "zlib" in case that an old client does not yet support the new "delayed" scheme ?


if that's not a good idea, what about a new setting "delayed+compat-fallback" for "Compression"
which would allow new ssh clients to benefit/use "delayed" compression and wouldn't break it
for old clients ?
the patch below might be a possibility to offer both ways at the same time ?!


btw: the comment for "compression" in servconf.h is no longer exact, because
with the COMP_DELAYED setting it's no longer a boolean value, so "true" might
be misleading (COMP_DELAYED==2 is true, but only _delayed_ compression is allowed):


int compression; /* If true, compression is allowed */
^^^^


suggestion for giving delayed compression with legacy fallback:
-------------------------------------------------------------------------------
diff -ur ../../orig/openssh-4.2p1/kex.h ./kex.h
--- ../../orig/openssh-4.2p1/kex.h 2005-07-26 13:54:56.000000000 +0200
+++ ./kex.h 2005-10-27 10:43:07.000000000 +0200
@@ -38,6 +38,7 @@
#define COMP_NONE 0
#define COMP_ZLIB 1
#define COMP_DELAYED 2
+#define COMP_DELAYED_COMP 3

enum kex_init_proposals {
PROPOSAL_KEX_ALGS,
Only in .: kex.h~
diff -ur ../../orig/openssh-4.2p1/servconf.c ./servconf.c
--- ../../orig/openssh-4.2p1/servconf.c 2005-08-12 14:11:37.000000000 +0200
+++ ./servconf.c 2005-10-27 10:46:55.000000000 +0200
@@ -738,6 +738,8 @@
value = 0; /* silence compiler */
if (strcmp(arg, "delayed") == 0)
value = COMP_DELAYED;
+ if (strcmp(arg, "delayed+fallback") == 0)
+ value = COMP_DELAYED_COMP;
else if (strcmp(arg, "yes") == 0)
value = COMP_ZLIB;
else if (strcmp(arg, "no") == 0)
Only in .: servconf.c~
diff -ur ../../orig/openssh-4.2p1/sshd.c ./sshd.c
--- ../../orig/openssh-4.2p1/sshd.c 2005-07-26 13:54:56.000000000 +0200
+++ ./sshd.c 2005-10-27 10:47:22.000000000 +0200
@@ -1998,6 +1998,9 @@
if (options.compression == COMP_NONE) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
+ } else if (options.compression == COMP_DELAYED_COMP) {
+ myproposal[PROPOSAL_COMP_ALGS_CTOS] =
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
} else if (options.compression == COMP_DELAYED) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
Only in .: sshd.c~
-------------------------------------------------------------------------------



thanks for your comments,

Harald Koenig
--
"I hope to die ___ _____
before I *have* to use Microsoft Word.", 0--,| /OOOOOOO\
Donald E. Knuth, 02-Oct-2001 in Tuebingen. <_/ / /OOOOOOOOOOO\
\ \/OOOOOOOOOOOOOOO\
\ OOOOOOOOOOOOOOOOO|//
Harald Koenig \/\/\/\/\/\/\/\/\/
science+computing ag // / \\ \
koenig@science-computing.de ^^^^^ ^^^^^

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 09:23 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0