diff options
author | Damien Miller <djm@mindrot.org> | 2010-11-20 05:19:38 +0100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-11-20 05:19:38 +0100 |
commit | 0dac6fb6b228a96f4ab3717e3d73871595a291a8 (patch) | |
tree | 7eae6f1e6a39fb7d608a05250f4749a77a914814 /servconf.c | |
parent | - djm@cvs.openbsd.org 2010/11/10 01:33:07 (diff) | |
download | openssh-0dac6fb6b228a96f4ab3717e3d73871595a291a8.tar.xz openssh-0dac6fb6b228a96f4ab3717e3d73871595a291a8.zip |
- djm@cvs.openbsd.org 2010/11/13 23:27:51
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
[servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
hardcoding lowdelay/throughput.
bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 38 |
1 files changed, 35 insertions, 3 deletions
diff --git a/servconf.c b/servconf.c index 4e5fd2f04..e2f20a3d1 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.212 2010/09/30 11:04:51 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.213 2010/11/13 23:27:50 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -15,6 +15,10 @@ #include <sys/types.h> #include <sys/socket.h> +#include <netinet/in.h> +#include <netinet/in_systm.h> +#include <netinet/ip.h> + #include <netdb.h> #include <pwd.h> #include <stdio.h> @@ -133,6 +137,8 @@ initialize_server_options(ServerOptions *options) options->revoked_keys_file = NULL; options->trusted_user_ca_keys = NULL; options->authorized_principals_file = NULL; + options->ip_qos_interactive = -1; + options->ip_qos_bulk = -1; } void @@ -271,6 +277,10 @@ fill_default_server_options(ServerOptions *options) options->permit_tun = SSH_TUNMODE_NO; if (options->zero_knowledge_password_authentication == -1) options->zero_knowledge_password_authentication = 0; + if (options->ip_qos_interactive == -1) + options->ip_qos_interactive = IPTOS_LOWDELAY; + if (options->ip_qos_bulk == -1) + options->ip_qos_bulk = IPTOS_THROUGHPUT; /* Turn privilege separation on by default */ if (use_privsep == -1) @@ -317,7 +327,7 @@ typedef enum { sUsePrivilegeSeparation, sAllowAgentForwarding, sZeroKnowledgePasswordAuthentication, sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, - sKexAlgorithms, + sKexAlgorithms, sIPQoS, sDeprecated, sUnsupported } ServerOpCodes; @@ -441,6 +451,7 @@ static struct { { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, + { "ipqos", sIPQoS, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -670,7 +681,7 @@ process_server_config_line(ServerOptions *options, char *line, const char *host, const char *address) { char *cp, **charptr, *arg, *p; - int cmdline = 0, *intptr, value, n; + int cmdline = 0, *intptr, value, value2, n; SyslogFacility *log_facility_ptr; LogLevel *log_level_ptr; ServerOpCodes opcode; @@ -1370,6 +1381,23 @@ process_server_config_line(ServerOptions *options, char *line, charptr = &options->revoked_keys_file; goto parse_filename; + case sIPQoS: + arg = strdelim(&cp); + if ((value = parse_ipqos(arg)) == -1) + fatal("%s line %d: Bad IPQoS value: %s", + filename, linenum, arg); + arg = strdelim(&cp); + if (arg == NULL) + value2 = value; + else if ((value2 = parse_ipqos(arg)) == -1) + fatal("%s line %d: Bad IPQoS value: %s", + filename, linenum, arg); + if (*activep) { + options->ip_qos_interactive = value; + options->ip_qos_bulk = value2; + } + break; + case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); @@ -1480,6 +1508,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) M_CP_INTOPT(x11_use_localhost); M_CP_INTOPT(max_sessions); M_CP_INTOPT(max_authtries); + M_CP_INTOPT(ip_qos_interactive); + M_CP_INTOPT(ip_qos_bulk); M_CP_STROPT(banner); if (preauth) @@ -1745,5 +1775,7 @@ dump_config(ServerOptions *o) } dump_cfg_string(sPermitTunnel, s); + printf("ipqos 0x%02x 0x%02x\n", o->ip_qos_interactive, o->ip_qos_bulk); + channel_print_adm_permitted_opens(); } |