40c40
< RCSID("$OpenBSD: packet.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
---
> RCSID("$OpenBSD: packet.c,v 1.110 2003/09/19 09:02:02 markus Exp $");
41a42,43
> #include "openbsd-compat/sys-queue.h"
>
109c111
< int max_packet_size = 32768;
---
> u_int max_packet_size = 32768;
119,120c121,125
< static u_int32_t read_seqnr = 0;
< static u_int32_t send_seqnr = 0;
---
> static struct packet_state {
> u_int32_t seqnr;
> u_int32_t packets;
> u_int64_t blocks;
> } p_read, p_send;
121a127,129
> static u_int64_t max_blocks_in, max_blocks_out;
> static u_int32_t rekey_limit;
>
128a137,143
> struct packet {
> TAILQ_ENTRY(packet) next;
> u_char type;
> Buffer payload;
> };
> TAILQ_HEAD(, packet) outgoing;
>
150a166
> TAILQ_INIT(&outgoing);
252c268
< packet_get_ssh1_cipher()
---
> packet_get_ssh1_cipher(void)
257,259c273,274
<
< u_int32_t
< packet_get_seqnr(int mode)
---
> void
> packet_get_state(int mode, u_int32_t *seqnr, u_int64_t *blocks, u_int32_t *packets)
261c276,281
< return (mode == MODE_IN ? read_seqnr : send_seqnr);
---
> struct packet_state *state;
>
> state = (mode == MODE_IN) ? &p_read : &p_send;
> *seqnr = state->seqnr;
> *blocks = state->blocks;
> *packets = state->packets;
265c285
< packet_set_seqnr(int mode, u_int32_t seqnr)
---
> packet_set_state(int mode, u_int32_t seqnr, u_int64_t blocks, u_int32_t packets)
267,272c287,292
< if (mode == MODE_IN)
< read_seqnr = seqnr;
< else if (mode == MODE_OUT)
< send_seqnr = seqnr;
< else
< fatal("packet_set_seqnr: bad mode %d", mode);
---
> struct packet_state *state;
>
> state = (mode == MODE_IN) ? &p_read : &p_send;
> state->seqnr = seqnr;
> state->blocks = blocks;
> state->packets = packets;
564a585
> u_int64_t *max_blocks;
571a593,594
> p_send.packets = p_send.blocks = 0;
> max_blocks = &max_blocks_out;
574a598,599
> p_read.packets = p_read.blocks = 0;
> max_blocks = &max_blocks_in;
612a638,647
> /*
> * The 2^(blocksize*2) limit is too expensive for 3DES,
> * blowfish, etc, so enforce a 1GB limit for small blocksizes.
> */
> if (enc->block_size >= 16)
> *max_blocks = (u_int64_t)1 << (enc->block_size*2);
> else
> *max_blocks = ((u_int64_t)1 << 30) / enc->block_size;
> if (rekey_limit)
> *max_blocks = MIN(*max_blocks, rekey_limit / enc->block_size);
619c654
< packet_send2(void)
---
> packet_send2_wrapped(void)
701c736
< macbuf = mac_compute(mac, send_seqnr,
---
> macbuf = mac_compute(mac, p_send.seqnr,
704c739
< DBG(debug("done calc MAC out #%d", send_seqnr));
---
> DBG(debug("done calc MAC out #%d", p_send.seqnr));
718,719c753,758
< if (++send_seqnr == 0)
< log("outgoing seqnr wraps around");
---
> if (++p_send.seqnr == 0)
> logit("outgoing seqnr wraps around");
> if (++p_send.packets == 0)
> if (!(datafellows & SSH_BUG_NOREKEY))
> fatal("XXX too many packets with same key");
> p_send.blocks += (packet_length + 4) / block_size;
725a765,810
> static void
> packet_send2(void)
> {
> static int rekeying = 0;
> struct packet *p;
> u_char type, *cp;
>
> cp = buffer_ptr(&outgoing_packet);
> type = cp[5];
>
> /* during rekeying we can only send key exchange messages */
> if (rekeying) {
> if (!((type >= SSH2_MSG_TRANSPORT_MIN) &&
> (type <= SSH2_MSG_TRANSPORT_MAX))) {
> debug("enqueue packet: %u", type);
> p = xmalloc(sizeof(*p));
> p->type = type;
> memcpy(&p->payload, &outgoing_packet, sizeof(Buffer));
> buffer_init(&outgoing_packet);
> TAILQ_INSERT_TAIL(&outgoing, p, next);
> return;
> }
> }
>
> /* rekeying starts with sending KEXINIT */
> if (type == SSH2_MSG_KEXINIT)
> rekeying = 1;
>
> packet_send2_wrapped();
>
> /* after a NEWKEYS message we can send the complete queue */
> if (type == SSH2_MSG_NEWKEYS) {
> rekeying = 0;
> while ((p = TAILQ_FIRST(&outgoing))) {
> type = p->type;
> debug("dequeue packet: %u", type);
> buffer_free(&outgoing_packet);
> memcpy(&outgoing_packet, &p->payload,
> sizeof(Buffer));
> TAILQ_REMOVE(&outgoing, p, next);
> xfree(p);
> packet_send2_wrapped();
> }
> }
> }
>
787c872
< log("Connection closed by %.200s", get_remote_ipaddr());
---
> logit("Connection closed by %.200s", get_remote_ipaddr());
937a1023
> #ifdef PACKET_DEBUG
938a1025
> #endif
969c1056
< macbuf = mac_compute(mac, read_seqnr,
---
> macbuf = mac_compute(mac, p_read.seqnr,
974c1061
< DBG(debug("MAC #%d ok", read_seqnr));
---
> DBG(debug("MAC #%d ok", p_read.seqnr));
978,980c1065,1071
< *seqnr_p = read_seqnr;
< if (++read_seqnr == 0)
< log("incoming seqnr wraps around");
---
> *seqnr_p = p_read.seqnr;
> if (++p_read.seqnr == 0)
> logit("incoming seqnr wraps around");
> if (++p_read.packets == 0)
> if (!(datafellows & SSH_BUG_NOREKEY))
> fatal("XXX too many packets with same key");
> p_read.blocks += (packet_length + 4) / block_size;
1045c1136
< log("Received disconnect from %s: %u: %.400s",
---
> logit("Received disconnect from %s: %u: %.400s",
1071c1162
< log("Received disconnect from %s: %.400s",
---
> logit("Received disconnect from %s: %.400s",
1230c1321
< log("Disconnecting: %.100s", buf);
---
> logit("Disconnecting: %.100s", buf);
1316a1408,1409
>
> #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
1329a1423
> #endif
1364,1365c1458,1459
< int
< packet_set_maxsize(int s)
---
> u_int
> packet_set_maxsize(u_int s)
1370c1464
< log("packet_set_maxsize: called twice: old %d new %d",
---
> logit("packet_set_maxsize: called twice: old %d new %d",
1375c1469
< log("packet_set_maxsize: bad size %d", s);
---
> logit("packet_set_maxsize: bad size %d", s);
1416a1511,1529
>
> #define MAX_PACKETS (1<<31)
> int
> packet_need_rekeying(void)
> {
> if (datafellows & SSH_BUG_NOREKEY)
> return 0;
> return
> (p_send.packets > MAX_PACKETS) ||
> (p_read.packets > MAX_PACKETS) ||
> (max_blocks_out && (p_send.blocks > max_blocks_out)) ||
> (max_blocks_in && (p_read.blocks > max_blocks_in));
> }
>
> void
> packet_set_rekey_limit(u_int32_t bytes)
> {
> rekey_limit = bytes;
> }
< RCSID("$OpenBSD: packet.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
---
> RCSID("$OpenBSD: packet.c,v 1.110 2003/09/19 09:02:02 markus Exp $");
41a42,43
> #include "openbsd-compat/sys-queue.h"
>
109c111
< int max_packet_size = 32768;
---
> u_int max_packet_size = 32768;
119,120c121,125
< static u_int32_t read_seqnr = 0;
< static u_int32_t send_seqnr = 0;
---
> static struct packet_state {
> u_int32_t seqnr;
> u_int32_t packets;
> u_int64_t blocks;
> } p_read, p_send;
121a127,129
> static u_int64_t max_blocks_in, max_blocks_out;
> static u_int32_t rekey_limit;
>
128a137,143
> struct packet {
> TAILQ_ENTRY(packet) next;
> u_char type;
> Buffer payload;
> };
> TAILQ_HEAD(, packet) outgoing;
>
150a166
> TAILQ_INIT(&outgoing);
252c268
< packet_get_ssh1_cipher()
---
> packet_get_ssh1_cipher(void)
257,259c273,274
<
< u_int32_t
< packet_get_seqnr(int mode)
---
> void
> packet_get_state(int mode, u_int32_t *seqnr, u_int64_t *blocks, u_int32_t *packets)
261c276,281
< return (mode == MODE_IN ? read_seqnr : send_seqnr);
---
> struct packet_state *state;
>
> state = (mode == MODE_IN) ? &p_read : &p_send;
> *seqnr = state->seqnr;
> *blocks = state->blocks;
> *packets = state->packets;
265c285
< packet_set_seqnr(int mode, u_int32_t seqnr)
---
> packet_set_state(int mode, u_int32_t seqnr, u_int64_t blocks, u_int32_t packets)
267,272c287,292
< if (mode == MODE_IN)
< read_seqnr = seqnr;
< else if (mode == MODE_OUT)
< send_seqnr = seqnr;
< else
< fatal("packet_set_seqnr: bad mode %d", mode);
---
> struct packet_state *state;
>
> state = (mode == MODE_IN) ? &p_read : &p_send;
> state->seqnr = seqnr;
> state->blocks = blocks;
> state->packets = packets;
564a585
> u_int64_t *max_blocks;
571a593,594
> p_send.packets = p_send.blocks = 0;
> max_blocks = &max_blocks_out;
574a598,599
> p_read.packets = p_read.blocks = 0;
> max_blocks = &max_blocks_in;
612a638,647
> /*
> * The 2^(blocksize*2) limit is too expensive for 3DES,
> * blowfish, etc, so enforce a 1GB limit for small blocksizes.
> */
> if (enc->block_size >= 16)
> *max_blocks = (u_int64_t)1 << (enc->block_size*2);
> else
> *max_blocks = ((u_int64_t)1 << 30) / enc->block_size;
> if (rekey_limit)
> *max_blocks = MIN(*max_blocks, rekey_limit / enc->block_size);
619c654
< packet_send2(void)
---
> packet_send2_wrapped(void)
701c736
< macbuf = mac_compute(mac, send_seqnr,
---
> macbuf = mac_compute(mac, p_send.seqnr,
704c739
< DBG(debug("done calc MAC out #%d", send_seqnr));
---
> DBG(debug("done calc MAC out #%d", p_send.seqnr));
718,719c753,758
< if (++send_seqnr == 0)
< log("outgoing seqnr wraps around");
---
> if (++p_send.seqnr == 0)
> logit("outgoing seqnr wraps around");
> if (++p_send.packets == 0)
> if (!(datafellows & SSH_BUG_NOREKEY))
> fatal("XXX too many packets with same key");
> p_send.blocks += (packet_length + 4) / block_size;
725a765,810
> static void
> packet_send2(void)
> {
> static int rekeying = 0;
> struct packet *p;
> u_char type, *cp;
>
> cp = buffer_ptr(&outgoing_packet);
> type = cp[5];
>
> /* during rekeying we can only send key exchange messages */
> if (rekeying) {
> if (!((type >= SSH2_MSG_TRANSPORT_MIN) &&
> (type <= SSH2_MSG_TRANSPORT_MAX))) {
> debug("enqueue packet: %u", type);
> p = xmalloc(sizeof(*p));
> p->type = type;
> memcpy(&p->payload, &outgoing_packet, sizeof(Buffer));
> buffer_init(&outgoing_packet);
> TAILQ_INSERT_TAIL(&outgoing, p, next);
> return;
> }
> }
>
> /* rekeying starts with sending KEXINIT */
> if (type == SSH2_MSG_KEXINIT)
> rekeying = 1;
>
> packet_send2_wrapped();
>
> /* after a NEWKEYS message we can send the complete queue */
> if (type == SSH2_MSG_NEWKEYS) {
> rekeying = 0;
> while ((p = TAILQ_FIRST(&outgoing))) {
> type = p->type;
> debug("dequeue packet: %u", type);
> buffer_free(&outgoing_packet);
> memcpy(&outgoing_packet, &p->payload,
> sizeof(Buffer));
> TAILQ_REMOVE(&outgoing, p, next);
> xfree(p);
> packet_send2_wrapped();
> }
> }
> }
>
787c872
< log("Connection closed by %.200s", get_remote_ipaddr());
---
> logit("Connection closed by %.200s", get_remote_ipaddr());
937a1023
> #ifdef PACKET_DEBUG
938a1025
> #endif
969c1056
< macbuf = mac_compute(mac, read_seqnr,
---
> macbuf = mac_compute(mac, p_read.seqnr,
974c1061
< DBG(debug("MAC #%d ok", read_seqnr));
---
> DBG(debug("MAC #%d ok", p_read.seqnr));
978,980c1065,1071
< *seqnr_p = read_seqnr;
< if (++read_seqnr == 0)
< log("incoming seqnr wraps around");
---
> *seqnr_p = p_read.seqnr;
> if (++p_read.seqnr == 0)
> logit("incoming seqnr wraps around");
> if (++p_read.packets == 0)
> if (!(datafellows & SSH_BUG_NOREKEY))
> fatal("XXX too many packets with same key");
> p_read.blocks += (packet_length + 4) / block_size;
1045c1136
< log("Received disconnect from %s: %u: %.400s",
---
> logit("Received disconnect from %s: %u: %.400s",
1071c1162
< log("Received disconnect from %s: %.400s",
---
> logit("Received disconnect from %s: %.400s",
1230c1321
< log("Disconnecting: %.100s", buf);
---
> logit("Disconnecting: %.100s", buf);
1316a1408,1409
>
> #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
1329a1423
> #endif
1364,1365c1458,1459
< int
< packet_set_maxsize(int s)
---
> u_int
> packet_set_maxsize(u_int s)
1370c1464
< log("packet_set_maxsize: called twice: old %d new %d",
---
> logit("packet_set_maxsize: called twice: old %d new %d",
1375c1469
< log("packet_set_maxsize: bad size %d", s);
---
> logit("packet_set_maxsize: bad size %d", s);
1416a1511,1529
>
> #define MAX_PACKETS (1<<31)
> int
> packet_need_rekeying(void)
> {
> if (datafellows & SSH_BUG_NOREKEY)
> return 0;
> return
> (p_send.packets > MAX_PACKETS) ||
> (p_read.packets > MAX_PACKETS) ||
> (max_blocks_out && (p_send.blocks > max_blocks_out)) ||
> (max_blocks_in && (p_read.blocks > max_blocks_in));
> }
>
> void
> packet_set_rekey_limit(u_int32_t bytes)
> {
> rekey_limit = bytes;
> }