Re: Patch for openssh server

This is a discussion on Re: Patch for openssh server within the OpenSSH Development forums, part of the Networking and Network Related category; Christian Iversen wrote: > Hi openssh devs. > > We submit for your review a patch we have made for ...


Go Back   Usenet Forums > Networking and Network Related > OpenSSH Development

Reload this Page Re: Patch for openssh server

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 08-15-2006
Darren Tucker
 
Posts: n/a
Default Re: Patch for openssh server
Christian Iversen wrote:
> Hi openssh devs.
>
> We submit for your review a patch we have made for sshd, regarding traffic
> accounting. The native version of openssh does not support traffic
> accounting, making it quite hard to monitor traffic usage on a per-user
> basis.
>
> The patch in question
> - Does not log anything except the total amount of data transmitted, when the
> connection is closed.
>
> - Is very simple, only a handful of lines.
>
> - Only uses extremely simple integer arithmetic, and therefore correctness is
> easily verified by reading the patch.
>
> - Is enabled by configuration option in sshd_config, and is _disabled_ by
> default.

I see no such option (I'm not sure another sshd_config option would help
your cause, though). Did you attach the version of the patch that you
intended to?

> The motivation for this patch springs from a direct need to have some overview
> over the bandwidth usage for each user on our system. We have to pay costs
> per gigabyte transferred, and although this information _could_ be gathered
> from other sources, it would be tedious and very much unusual. Users of
> proftpd, apache and postfix, do not have to use (say) iptables to log the
> amount of traffic transmitted.

Users of proftpd, apache and postfix don't usually have the option to
run other programs to generate their network traffic.

On a related note, your patch does not appear to account for traffic
sent and received from port forwards (it'll count it as it arrives in
the encrypted pipe, but not once it goes back out over the network).

>+ulong bytes_in = 0;
>+ulong bytes_out = 0;
[...]
> extern u_int max_packet_size;
> +extern u_long bytes_out;
> +extern u_long bytes_in;

These types don't exactly match (u_long is preferred).

[...]
> + logit("Accounting: Bytes in/out: %ld/%ld", bytes_in, bytes_out);

bytes_in and bytes_out are unsigned but the format string is signed.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/lis...enssh-unix-dev
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 04:22 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0