summaryrefslogtreecommitdiffstats
path: root/servconf.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2010-11-20 05:19:38 +0100
committerDamien Miller <djm@mindrot.org>2010-11-20 05:19:38 +0100
commit0dac6fb6b228a96f4ab3717e3d73871595a291a8 (patch)
tree7eae6f1e6a39fb7d608a05250f4749a77a914814 /servconf.c
parent - djm@cvs.openbsd.org 2010/11/10 01:33:07 (diff)
downloadopenssh-0dac6fb6b228a96f4ab3717e3d73871595a291a8.tar.xz
openssh-0dac6fb6b228a96f4ab3717e3d73871595a291a8.zip
- djm@cvs.openbsd.org 2010/11/13 23:27:51
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c38
1 files changed, 35 insertions, 3 deletions
diff --git a/servconf.c b/servconf.c
index 4e5fd2f04..e2f20a3d1 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.212 2010/09/30 11:04:51 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.213 2010/11/13 23:27:50 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -15,6 +15,10 @@
#include <sys/types.h>
#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+
#include <netdb.h>
#include <pwd.h>
#include <stdio.h>
@@ -133,6 +137,8 @@ initialize_server_options(ServerOptions *options)
options->revoked_keys_file = NULL;
options->trusted_user_ca_keys = NULL;
options->authorized_principals_file = NULL;
+ options->ip_qos_interactive = -1;
+ options->ip_qos_bulk = -1;
}
void
@@ -271,6 +277,10 @@ fill_default_server_options(ServerOptions *options)
options->permit_tun = SSH_TUNMODE_NO;
if (options->zero_knowledge_password_authentication == -1)
options->zero_knowledge_password_authentication = 0;
+ if (options->ip_qos_interactive == -1)
+ options->ip_qos_interactive = IPTOS_LOWDELAY;
+ if (options->ip_qos_bulk == -1)
+ options->ip_qos_bulk = IPTOS_THROUGHPUT;
/* Turn privilege separation on by default */
if (use_privsep == -1)
@@ -317,7 +327,7 @@ typedef enum {
sUsePrivilegeSeparation, sAllowAgentForwarding,
sZeroKnowledgePasswordAuthentication, sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
- sKexAlgorithms,
+ sKexAlgorithms, sIPQoS,
sDeprecated, sUnsupported
} ServerOpCodes;
@@ -441,6 +451,7 @@ static struct {
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
+ { "ipqos", sIPQoS, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};
@@ -670,7 +681,7 @@ process_server_config_line(ServerOptions *options, char *line,
const char *host, const char *address)
{
char *cp, **charptr, *arg, *p;
- int cmdline = 0, *intptr, value, n;
+ int cmdline = 0, *intptr, value, value2, n;
SyslogFacility *log_facility_ptr;
LogLevel *log_level_ptr;
ServerOpCodes opcode;
@@ -1370,6 +1381,23 @@ process_server_config_line(ServerOptions *options, char *line,
charptr = &options->revoked_keys_file;
goto parse_filename;
+ case sIPQoS:
+ arg = strdelim(&cp);
+ if ((value = parse_ipqos(arg)) == -1)
+ fatal("%s line %d: Bad IPQoS value: %s",
+ filename, linenum, arg);
+ arg = strdelim(&cp);
+ if (arg == NULL)
+ value2 = value;
+ else if ((value2 = parse_ipqos(arg)) == -1)
+ fatal("%s line %d: Bad IPQoS value: %s",
+ filename, linenum, arg);
+ if (*activep) {
+ options->ip_qos_interactive = value;
+ options->ip_qos_bulk = value2;
+ }
+ break;
+
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
@@ -1480,6 +1508,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
M_CP_INTOPT(x11_use_localhost);
M_CP_INTOPT(max_sessions);
M_CP_INTOPT(max_authtries);
+ M_CP_INTOPT(ip_qos_interactive);
+ M_CP_INTOPT(ip_qos_bulk);
M_CP_STROPT(banner);
if (preauth)
@@ -1745,5 +1775,7 @@ dump_config(ServerOptions *o)
}
dump_cfg_string(sPermitTunnel, s);
+ printf("ipqos 0x%02x 0x%02x\n", o->ip_qos_interactive, o->ip_qos_bulk);
+
channel_print_adm_permitted_opens();
}