Annotation of src/usr.bin/ssh/packet.c, Revision 1.88
1.1 deraadt 1: /*
1.15 deraadt 2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: * All rights reserved
1.35 deraadt 5: * This file contains code implementing the packet protocol and communication
6: * with the other side. This same code is used both on client and server side.
1.29 markus 7: *
1.35 deraadt 8: * As far as I am concerned, the code I have written for this software
9: * can be used freely for any purpose. Any derived versions of this
10: * software must be clearly marked as such, and if the derived work is
11: * incompatible with the protocol description in the RFC file, it must be
12: * called by a name other than "ssh" or "Secure Shell".
1.29 markus 13: *
1.25 markus 14: *
15: * SSH2 packet format added by Markus Friedl.
1.69 markus 16: * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
1.25 markus 17: *
1.35 deraadt 18: * Redistribution and use in source and binary forms, with or without
19: * modification, are permitted provided that the following conditions
20: * are met:
21: * 1. Redistributions of source code must retain the above copyright
22: * notice, this list of conditions and the following disclaimer.
23: * 2. Redistributions in binary form must reproduce the above copyright
24: * notice, this list of conditions and the following disclaimer in the
25: * documentation and/or other materials provided with the distribution.
26: *
27: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
28: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
30: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
31: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
32: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
33: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
34: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
35: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.15 deraadt 37: */
1.1 deraadt 38:
39: #include "includes.h"
1.88 ! markus 40: RCSID("$OpenBSD: packet.c,v 1.87 2002/01/24 21:13:23 stevesk Exp $");
1.1 deraadt 41:
42: #include "xmalloc.h"
43: #include "buffer.h"
44: #include "packet.h"
45: #include "bufaux.h"
46: #include "crc32.h"
47: #include "getput.h"
48:
49: #include "compress.h"
1.9 dugsong 50: #include "deattack.h"
1.64 markus 51: #include "channels.h"
1.1 deraadt 52:
1.25 markus 53: #include "compat.h"
1.45 markus 54: #include "ssh1.h"
1.25 markus 55: #include "ssh2.h"
56:
1.37 markus 57: #include "cipher.h"
1.25 markus 58: #include "kex.h"
1.50 markus 59: #include "mac.h"
1.46 markus 60: #include "log.h"
61: #include "canohost.h"
1.87 stevesk 62: #include "misc.h"
1.25 markus 63:
64: #ifdef PACKET_DEBUG
65: #define DBG(x) x
66: #else
67: #define DBG(x)
68: #endif
69:
1.16 markus 70: /*
71: * This variable contains the file descriptors used for communicating with
72: * the other side. connection_in is used for reading; connection_out for
73: * writing. These can be the same descriptor, in which case it is assumed to
74: * be a socket.
75: */
1.1 deraadt 76: static int connection_in = -1;
77: static int connection_out = -1;
78:
79: /* Protocol flags for the remote side. */
1.40 markus 80: static u_int remote_protocol_flags = 0;
1.1 deraadt 81:
82: /* Encryption context for receiving data. This is only used for decryption. */
83: static CipherContext receive_context;
1.14 markus 84:
85: /* Encryption context for sending data. This is only used for encryption. */
1.1 deraadt 86: static CipherContext send_context;
87:
88: /* Buffer for raw input data from the socket. */
89: static Buffer input;
90:
91: /* Buffer for raw output data going to the socket. */
92: static Buffer output;
93:
94: /* Buffer for the partial outgoing packet being constructed. */
95: static Buffer outgoing_packet;
96:
97: /* Buffer for the incoming packet currently being processed. */
98: static Buffer incoming_packet;
99:
100: /* Scratch buffer for packet compression/decompression. */
101: static Buffer compression_buffer;
1.60 markus 102: static int compression_buffer_ready = 0;
1.1 deraadt 103:
104: /* Flag indicating whether packet compression/decompression is enabled. */
105: static int packet_compression = 0;
106:
1.12 markus 107: /* default maximum packet size */
108: int max_packet_size = 32768;
109:
1.1 deraadt 110: /* Flag indicating whether this module has been initialized. */
111: static int initialized = 0;
112:
113: /* Set to true if the connection is interactive. */
114: static int interactive_mode = 0;
115:
1.25 markus 116: /* Session key information for Encryption and MAC */
1.57 markus 117: Newkeys *newkeys[MODE_MAX];
1.25 markus 118:
1.71 markus 119: /* roundup current message to extra_pad bytes */
120: static u_char extra_pad = 0;
121:
1.16 markus 122: /*
123: * Sets the descriptors used for communication. Disables encryption until
124: * packet_set_encryption_key is called.
125: */
1.2 provos 126: void
127: packet_set_connection(int fd_in, int fd_out)
1.1 deraadt 128: {
1.37 markus 129: Cipher *none = cipher_by_name("none");
130: if (none == NULL)
131: fatal("packet_set_connection: cannot load cipher 'none'");
1.14 markus 132: connection_in = fd_in;
133: connection_out = fd_out;
1.88 ! markus 134: cipher_init(&send_context, none, "", 0, NULL, 0, CIPHER_ENCRYPT);
! 135: cipher_init(&receive_context, none, "", 0, NULL, 0, CIPHER_DECRYPT);
1.62 markus 136: newkeys[MODE_IN] = newkeys[MODE_OUT] = NULL;
1.14 markus 137: if (!initialized) {
138: initialized = 1;
139: buffer_init(&input);
140: buffer_init(&output);
141: buffer_init(&outgoing_packet);
142: buffer_init(&incoming_packet);
143: }
144: /* Kludge: arrange the close function to be called from fatal(). */
145: fatal_add_cleanup((void (*) (void *)) packet_close, NULL);
1.1 deraadt 146: }
147:
1.19 markus 148: /* Returns 1 if remote host is connected via socket, 0 if not. */
149:
150: int
1.73 itojun 151: packet_connection_is_on_socket(void)
1.19 markus 152: {
153: struct sockaddr_storage from, to;
154: socklen_t fromlen, tolen;
155:
156: /* filedescriptors in and out are the same, so it's a socket */
157: if (connection_in == connection_out)
158: return 1;
159: fromlen = sizeof(from);
160: memset(&from, 0, sizeof(from));
1.20 markus 161: if (getpeername(connection_in, (struct sockaddr *)&from, &fromlen) < 0)
1.19 markus 162: return 0;
163: tolen = sizeof(to);
164: memset(&to, 0, sizeof(to));
1.20 markus 165: if (getpeername(connection_out, (struct sockaddr *)&to, &tolen) < 0)
1.19 markus 166: return 0;
167: if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0)
168: return 0;
169: if (from.ss_family != AF_INET && from.ss_family != AF_INET6)
170: return 0;
171: return 1;
172: }
173:
174: /* returns 1 if connection is via ipv4 */
175:
176: int
1.73 itojun 177: packet_connection_is_ipv4(void)
1.19 markus 178: {
179: struct sockaddr_storage to;
1.21 deraadt 180: socklen_t tolen = sizeof(to);
1.19 markus 181:
182: memset(&to, 0, sizeof(to));
183: if (getsockname(connection_out, (struct sockaddr *)&to, &tolen) < 0)
184: return 0;
185: if (to.ss_family != AF_INET)
186: return 0;
187: return 1;
188: }
189:
1.1 deraadt 190: /* Sets the connection into non-blocking mode. */
191:
1.2 provos 192: void
1.73 itojun 193: packet_set_nonblocking(void)
1.1 deraadt 194: {
1.14 markus 195: /* Set the socket into non-blocking mode. */
196: if (fcntl(connection_in, F_SETFL, O_NONBLOCK) < 0)
197: error("fcntl O_NONBLOCK: %.100s", strerror(errno));
198:
199: if (connection_out != connection_in) {
200: if (fcntl(connection_out, F_SETFL, O_NONBLOCK) < 0)
201: error("fcntl O_NONBLOCK: %.100s", strerror(errno));
202: }
1.1 deraadt 203: }
204:
205: /* Returns the socket used for reading. */
206:
1.2 provos 207: int
1.73 itojun 208: packet_get_connection_in(void)
1.1 deraadt 209: {
1.14 markus 210: return connection_in;
1.1 deraadt 211: }
212:
213: /* Returns the descriptor used for writing. */
214:
1.2 provos 215: int
1.73 itojun 216: packet_get_connection_out(void)
1.1 deraadt 217: {
1.14 markus 218: return connection_out;
1.1 deraadt 219: }
220:
221: /* Closes the connection and clears and frees internal data structures. */
222:
1.2 provos 223: void
1.73 itojun 224: packet_close(void)
1.1 deraadt 225: {
1.14 markus 226: if (!initialized)
227: return;
228: initialized = 0;
229: if (connection_in == connection_out) {
230: shutdown(connection_out, SHUT_RDWR);
231: close(connection_out);
232: } else {
233: close(connection_in);
234: close(connection_out);
235: }
236: buffer_free(&input);
237: buffer_free(&output);
238: buffer_free(&outgoing_packet);
239: buffer_free(&incoming_packet);
1.60 markus 240: if (compression_buffer_ready) {
1.14 markus 241: buffer_free(&compression_buffer);
242: buffer_compress_uninit();
243: }
1.88 ! markus 244: cipher_cleanup(&send_context);
! 245: cipher_cleanup(&receive_context);
1.1 deraadt 246: }
247:
248: /* Sets remote side protocol flags. */
249:
1.2 provos 250: void
1.40 markus 251: packet_set_protocol_flags(u_int protocol_flags)
1.1 deraadt 252: {
1.14 markus 253: remote_protocol_flags = protocol_flags;
1.1 deraadt 254: }
255:
256: /* Returns the remote protocol flags set earlier by the above function. */
257:
1.40 markus 258: u_int
1.73 itojun 259: packet_get_protocol_flags(void)
1.1 deraadt 260: {
1.14 markus 261: return remote_protocol_flags;
1.1 deraadt 262: }
263:
1.16 markus 264: /*
265: * Starts packet compression from the next packet on in both directions.
266: * Level is compression level 1 (fastest) - 9 (slow, best) as in gzip.
267: */
1.1 deraadt 268:
1.68 itojun 269: static void
270: packet_init_compression(void)
1.60 markus 271: {
272: if (compression_buffer_ready == 1)
273: return;
274: compression_buffer_ready = 1;
275: buffer_init(&compression_buffer);
276: }
277:
1.2 provos 278: void
279: packet_start_compression(int level)
1.1 deraadt 280: {
1.62 markus 281: if (packet_compression && !compat20)
1.14 markus 282: fatal("Compression already enabled.");
283: packet_compression = 1;
1.60 markus 284: packet_init_compression();
285: buffer_compress_init_send(level);
286: buffer_compress_init_recv();
1.1 deraadt 287: }
288:
1.16 markus 289: /*
290: * Causes any further packets to be encrypted using the given key. The same
291: * key is used for both sending and reception. However, both directions are
292: * encrypted independently of each other.
293: */
1.2 provos 294: void
1.40 markus 295: packet_set_encryption_key(const u_char *key, u_int keylen,
1.37 markus 296: int number)
1.1 deraadt 297: {
1.37 markus 298: Cipher *cipher = cipher_by_number(number);
299: if (cipher == NULL)
300: fatal("packet_set_encryption_key: unknown cipher number %d", number);
1.25 markus 301: if (keylen < 20)
1.37 markus 302: fatal("packet_set_encryption_key: keylen too small: %d", keylen);
1.88 ! markus 303: cipher_init(&send_context, cipher, key, keylen, NULL, 0, CIPHER_ENCRYPT);
! 304: cipher_init(&receive_context, cipher, key, keylen, NULL, 0, CIPHER_DECRYPT);
1.1 deraadt 305: }
306:
1.62 markus 307: /* Start constructing a packet to send. */
1.2 provos 308: void
1.62 markus 309: packet_start(u_char type)
1.1 deraadt 310: {
1.62 markus 311: u_char buf[9];
312: int len;
1.1 deraadt 313:
1.62 markus 314: DBG(debug("packet_start[%d]", type));
315: len = compat20 ? 6 : 9;
316: memset(buf, 0, len - 1);
317: buf[len - 1] = type;
1.14 markus 318: buffer_clear(&outgoing_packet);
1.62 markus 319: buffer_append(&outgoing_packet, buf, len);
1.25 markus 320: }
321:
1.62 markus 322: /* Append payload. */
1.2 provos 323: void
324: packet_put_char(int value)
1.1 deraadt 325: {
1.14 markus 326: char ch = value;
327: buffer_append(&outgoing_packet, &ch, 1);
1.1 deraadt 328: }
1.2 provos 329: void
1.40 markus 330: packet_put_int(u_int value)
1.1 deraadt 331: {
1.14 markus 332: buffer_put_int(&outgoing_packet, value);
1.1 deraadt 333: }
1.2 provos 334: void
1.76 stevesk 335: packet_put_string(const void *buf, u_int len)
1.1 deraadt 336: {
1.14 markus 337: buffer_put_string(&outgoing_packet, buf, len);
1.1 deraadt 338: }
1.24 markus 339: void
340: packet_put_cstring(const char *str)
341: {
1.65 markus 342: buffer_put_cstring(&outgoing_packet, str);
1.24 markus 343: }
344: void
1.76 stevesk 345: packet_put_raw(const void *buf, u_int len)
1.24 markus 346: {
347: buffer_append(&outgoing_packet, buf, len);
348: }
1.2 provos 349: void
1.14 markus 350: packet_put_bignum(BIGNUM * value)
1.1 deraadt 351: {
1.14 markus 352: buffer_put_bignum(&outgoing_packet, value);
1.1 deraadt 353: }
1.24 markus 354: void
355: packet_put_bignum2(BIGNUM * value)
356: {
357: buffer_put_bignum2(&outgoing_packet, value);
358: }
1.1 deraadt 359:
1.16 markus 360: /*
361: * Finalizes and sends the packet. If the encryption key has been set,
362: * encrypts the packet before sending.
363: */
1.14 markus 364:
1.68 itojun 365: static void
1.49 itojun 366: packet_send1(void)
1.1 deraadt 367: {
1.14 markus 368: char buf[8], *cp;
369: int i, padding, len;
1.40 markus 370: u_int checksum;
1.14 markus 371: u_int32_t rand = 0;
372:
1.16 markus 373: /*
374: * If using packet compression, compress the payload of the outgoing
375: * packet.
376: */
1.14 markus 377: if (packet_compression) {
378: buffer_clear(&compression_buffer);
379: /* Skip padding. */
380: buffer_consume(&outgoing_packet, 8);
381: /* padding */
382: buffer_append(&compression_buffer, "\0\0\0\0\0\0\0\0", 8);
383: buffer_compress(&outgoing_packet, &compression_buffer);
384: buffer_clear(&outgoing_packet);
385: buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer),
1.75 deraadt 386: buffer_len(&compression_buffer));
1.14 markus 387: }
388: /* Compute packet length without padding (add checksum, remove padding). */
389: len = buffer_len(&outgoing_packet) + 4 - 8;
390:
1.32 markus 391: /* Insert padding. Initialized to zero in packet_start1() */
1.14 markus 392: padding = 8 - len % 8;
1.88 ! markus 393: if (!send_context.plaintext) {
1.14 markus 394: cp = buffer_ptr(&outgoing_packet);
395: for (i = 0; i < padding; i++) {
396: if (i % 4 == 0)
397: rand = arc4random();
398: cp[7 - i] = rand & 0xff;
399: rand >>= 8;
400: }
401: }
402: buffer_consume(&outgoing_packet, 8 - padding);
403:
404: /* Add check bytes. */
1.83 stevesk 405: checksum = ssh_crc32(buffer_ptr(&outgoing_packet),
1.34 deraadt 406: buffer_len(&outgoing_packet));
1.14 markus 407: PUT_32BIT(buf, checksum);
408: buffer_append(&outgoing_packet, buf, 4);
1.1 deraadt 409:
410: #ifdef PACKET_DEBUG
1.14 markus 411: fprintf(stderr, "packet_send plain: ");
412: buffer_dump(&outgoing_packet);
1.1 deraadt 413: #endif
414:
1.14 markus 415: /* Append to output. */
416: PUT_32BIT(buf, len);
417: buffer_append(&output, buf, 4);
1.76 stevesk 418: cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
1.88 ! markus 419: cipher_crypt(&send_context, cp, buffer_ptr(&outgoing_packet),
1.75 deraadt 420: buffer_len(&outgoing_packet));
1.14 markus 421:
1.1 deraadt 422: #ifdef PACKET_DEBUG
1.14 markus 423: fprintf(stderr, "encrypted: ");
424: buffer_dump(&output);
1.1 deraadt 425: #endif
426:
1.14 markus 427: buffer_clear(&outgoing_packet);
1.1 deraadt 428:
1.16 markus 429: /*
430: * Note that the packet is now only buffered in output. It won\'t be
431: * actually sent until packet_write_wait or packet_write_poll is
432: * called.
433: */
1.1 deraadt 434: }
435:
1.68 itojun 436: static void
1.57 markus 437: set_newkeys(int mode)
438: {
439: Enc *enc;
440: Mac *mac;
441: Comp *comp;
442: CipherContext *cc;
1.88 ! markus 443: int encrypt;
1.57 markus 444:
445: debug("newkeys: mode %d", mode);
446:
1.88 ! markus 447: if (mode == MODE_OUT) {
! 448: cc = &send_context;
! 449: encrypt = CIPHER_ENCRYPT;
! 450: } else {
! 451: cc = &receive_context;
! 452: encrypt = CIPHER_DECRYPT;
! 453: }
1.57 markus 454: if (newkeys[mode] != NULL) {
455: debug("newkeys: rekeying");
1.88 ! markus 456: cipher_cleanup(cc);
1.59 markus 457: enc = &newkeys[mode]->enc;
458: mac = &newkeys[mode]->mac;
459: comp = &newkeys[mode]->comp;
1.61 markus 460: memset(mac->key, 0, mac->key_len);
1.59 markus 461: xfree(enc->name);
462: xfree(enc->iv);
463: xfree(enc->key);
464: xfree(mac->name);
465: xfree(mac->key);
466: xfree(comp->name);
1.58 markus 467: xfree(newkeys[mode]);
1.57 markus 468: }
469: newkeys[mode] = kex_get_newkeys(mode);
470: if (newkeys[mode] == NULL)
471: fatal("newkeys: no keys for mode %d", mode);
472: enc = &newkeys[mode]->enc;
473: mac = &newkeys[mode]->mac;
474: comp = &newkeys[mode]->comp;
475: if (mac->md != NULL)
476: mac->enabled = 1;
477: DBG(debug("cipher_init_context: %d", mode));
1.88 ! markus 478: cipher_init(cc, enc->cipher, enc->key, enc->key_len,
! 479: enc->iv, enc->block_size, encrypt);
! 480: memset(enc->iv, 0, enc->block_size);
! 481: memset(enc->key, 0, enc->key_len);
1.57 markus 482: if (comp->type != 0 && comp->enabled == 0) {
1.60 markus 483: packet_init_compression();
484: if (mode == MODE_OUT)
485: buffer_compress_init_send(6);
486: else
487: buffer_compress_init_recv();
1.57 markus 488: comp->enabled = 1;
489: }
490: }
491:
1.16 markus 492: /*
1.25 markus 493: * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
494: */
1.68 itojun 495: static void
1.49 itojun 496: packet_send2(void)
1.25 markus 497: {
1.50 markus 498: static u_int32_t seqnr = 0;
1.62 markus 499: u_char type, *ucp, *macbuf = NULL;
1.71 markus 500: u_char padlen, pad;
1.25 markus 501: char *cp;
1.40 markus 502: u_int packet_length = 0;
1.71 markus 503: u_int i, len;
1.25 markus 504: u_int32_t rand = 0;
505: Enc *enc = NULL;
506: Mac *mac = NULL;
507: Comp *comp = NULL;
508: int block_size;
509:
1.57 markus 510: if (newkeys[MODE_OUT] != NULL) {
511: enc = &newkeys[MODE_OUT]->enc;
512: mac = &newkeys[MODE_OUT]->mac;
513: comp = &newkeys[MODE_OUT]->comp;
1.25 markus 514: }
1.88 ! markus 515: block_size = enc ? enc->block_size : 8;
1.25 markus 516:
1.83 stevesk 517: ucp = buffer_ptr(&outgoing_packet);
1.62 markus 518: type = ucp[5];
1.25 markus 519:
520: #ifdef PACKET_DEBUG
521: fprintf(stderr, "plain: ");
522: buffer_dump(&outgoing_packet);
523: #endif
524:
525: if (comp && comp->enabled) {
526: len = buffer_len(&outgoing_packet);
527: /* skip header, compress only payload */
528: buffer_consume(&outgoing_packet, 5);
529: buffer_clear(&compression_buffer);
530: buffer_compress(&outgoing_packet, &compression_buffer);
531: buffer_clear(&outgoing_packet);
532: buffer_append(&outgoing_packet, "\0\0\0\0\0", 5);
533: buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer),
534: buffer_len(&compression_buffer));
535: DBG(debug("compression: raw %d compressed %d", len,
536: buffer_len(&outgoing_packet)));
537: }
538:
539: /* sizeof (packet_len + pad_len + payload) */
540: len = buffer_len(&outgoing_packet);
541:
542: /*
543: * calc size of padding, alloc space, get random data,
544: * minimum padding is 4 bytes
545: */
546: padlen = block_size - (len % block_size);
547: if (padlen < 4)
548: padlen += block_size;
1.71 markus 549: if (extra_pad) {
550: /* will wrap if extra_pad+padlen > 255 */
551: extra_pad = roundup(extra_pad, block_size);
552: pad = extra_pad - ((len + padlen) % extra_pad);
553: debug("packet_send2: adding %d (len %d padlen %d extra_pad %d)",
554: pad, len, padlen, extra_pad);
555: padlen += pad;
556: extra_pad = 0;
557: }
1.76 stevesk 558: cp = buffer_append_space(&outgoing_packet, padlen);
1.88 ! markus 559: if (enc && !send_context.plaintext) {
1.32 markus 560: /* random padding */
1.25 markus 561: for (i = 0; i < padlen; i++) {
562: if (i % 4 == 0)
563: rand = arc4random();
564: cp[i] = rand & 0xff;
1.52 markus 565: rand >>= 8;
1.25 markus 566: }
1.32 markus 567: } else {
568: /* clear padding */
569: memset(cp, 0, padlen);
1.25 markus 570: }
571: /* packet_length includes payload, padding and padding length field */
572: packet_length = buffer_len(&outgoing_packet) - 4;
1.83 stevesk 573: ucp = buffer_ptr(&outgoing_packet);
1.62 markus 574: PUT_32BIT(ucp, packet_length);
575: ucp[4] = padlen;
1.25 markus 576: DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen));
577:
578: /* compute MAC over seqnr and packet(length fields, payload, padding) */
579: if (mac && mac->enabled) {
1.50 markus 580: macbuf = mac_compute(mac, seqnr,
1.83 stevesk 581: buffer_ptr(&outgoing_packet),
1.50 markus 582: buffer_len(&outgoing_packet));
1.36 markus 583: DBG(debug("done calc MAC out #%d", seqnr));
1.25 markus 584: }
585: /* encrypt packet and append to output buffer. */
1.76 stevesk 586: cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
1.88 ! markus 587: cipher_crypt(&send_context, cp, buffer_ptr(&outgoing_packet),
1.25 markus 588: buffer_len(&outgoing_packet));
589: /* append unencrypted MAC */
590: if (mac && mac->enabled)
591: buffer_append(&output, (char *)macbuf, mac->mac_len);
592: #ifdef PACKET_DEBUG
593: fprintf(stderr, "encrypted: ");
594: buffer_dump(&output);
595: #endif
1.29 markus 596: /* increment sequence number for outgoing packets */
597: if (++seqnr == 0)
598: log("outgoing seqnr wraps around");
1.25 markus 599: buffer_clear(&outgoing_packet);
600:
1.57 markus 601: if (type == SSH2_MSG_NEWKEYS)
602: set_newkeys(MODE_OUT);
1.25 markus 603: }
604:
605: void
1.73 itojun 606: packet_send(void)
1.25 markus 607: {
1.62 markus 608: if (compat20)
1.25 markus 609: packet_send2();
610: else
611: packet_send1();
612: DBG(debug("packet_send done"));
613: }
614:
615: /*
1.16 markus 616: * Waits until a packet has been received, and returns its type. Note that
617: * no other data is processed until this returns, so this function should not
618: * be used during the interactive session.
619: */
1.1 deraadt 620:
1.2 provos 621: int
1.82 markus 622: packet_read_seqnr(u_int32_t *seqnr_p)
1.1 deraadt 623: {
1.14 markus 624: int type, len;
1.56 millert 625: fd_set *setp;
1.14 markus 626: char buf[8192];
1.25 markus 627: DBG(debug("packet_read()"));
1.14 markus 628:
1.56 millert 629: setp = (fd_set *)xmalloc(howmany(connection_in+1, NFDBITS) *
630: sizeof(fd_mask));
631:
1.14 markus 632: /* Since we are blocking, ensure that all written packets have been sent. */
633: packet_write_wait();
634:
635: /* Stay in the loop until we have received a complete packet. */
636: for (;;) {
637: /* Try to read a packet from the buffer. */
1.82 markus 638: type = packet_read_poll_seqnr(seqnr_p);
1.62 markus 639: if (!compat20 && (
1.32 markus 640: type == SSH_SMSG_SUCCESS
1.14 markus 641: || type == SSH_SMSG_FAILURE
642: || type == SSH_CMSG_EOF
1.32 markus 643: || type == SSH_CMSG_EXIT_CONFIRMATION))
1.79 markus 644: packet_check_eom();
1.14 markus 645: /* If we got a packet, return it. */
1.56 millert 646: if (type != SSH_MSG_NONE) {
647: xfree(setp);
1.14 markus 648: return type;
1.56 millert 649: }
1.16 markus 650: /*
651: * Otherwise, wait for some data to arrive, add it to the
652: * buffer, and try again.
653: */
1.56 millert 654: memset(setp, 0, howmany(connection_in + 1, NFDBITS) *
655: sizeof(fd_mask));
656: FD_SET(connection_in, setp);
1.16 markus 657:
1.14 markus 658: /* Wait for some data to arrive. */
1.56 millert 659: while (select(connection_in + 1, setp, NULL, NULL, NULL) == -1 &&
1.51 deraadt 660: (errno == EAGAIN || errno == EINTR))
661: ;
1.16 markus 662:
1.14 markus 663: /* Read data from the socket. */
664: len = read(connection_in, buf, sizeof(buf));
1.18 markus 665: if (len == 0) {
666: log("Connection closed by %.200s", get_remote_ipaddr());
667: fatal_cleanup();
668: }
1.14 markus 669: if (len < 0)
670: fatal("Read from socket failed: %.100s", strerror(errno));
671: /* Append it to the buffer. */
672: packet_process_incoming(buf, len);
673: }
674: /* NOTREACHED */
1.1 deraadt 675: }
676:
1.77 djm 677: int
1.82 markus 678: packet_read(void)
1.77 djm 679: {
1.82 markus 680: return packet_read_seqnr(NULL);
1.77 djm 681: }
682:
1.16 markus 683: /*
684: * Waits until a packet has been received, verifies that its type matches
685: * that given, and gives a fatal error and exits if there is a mismatch.
686: */
1.1 deraadt 687:
1.2 provos 688: void
1.82 markus 689: packet_read_expect(int expected_type)
1.1 deraadt 690: {
1.14 markus 691: int type;
1.1 deraadt 692:
1.82 markus 693: type = packet_read();
1.14 markus 694: if (type != expected_type)
695: packet_disconnect("Protocol error: expected packet type %d, got %d",
1.25 markus 696: expected_type, type);
1.1 deraadt 697: }
698:
699: /* Checks if a full packet is available in the data received so far via
1.14 markus 700: * packet_process_incoming. If so, reads the packet; otherwise returns
701: * SSH_MSG_NONE. This does not wait for data from the connection.
702: *
703: * SSH_MSG_DISCONNECT is handled specially here. Also,
704: * SSH_MSG_IGNORE messages are skipped by this function and are never returned
705: * to higher levels.
706: */
1.1 deraadt 707:
1.68 itojun 708: static int
1.82 markus 709: packet_read_poll1(void)
1.1 deraadt 710: {
1.40 markus 711: u_int len, padded_len;
1.62 markus 712: u_char *ucp, type;
713: char *cp;
1.40 markus 714: u_int checksum, stored_checksum;
1.14 markus 715:
716: /* Check if input size is less than minimum packet size. */
717: if (buffer_len(&input) < 4 + 8)
718: return SSH_MSG_NONE;
719: /* Get length of incoming packet. */
1.83 stevesk 720: ucp = buffer_ptr(&input);
1.14 markus 721: len = GET_32BIT(ucp);
722: if (len < 1 + 2 + 2 || len > 256 * 1024)
723: packet_disconnect("Bad packet length %d.", len);
724: padded_len = (len + 8) & ~7;
725:
726: /* Check if the packet has been entirely received. */
727: if (buffer_len(&input) < 4 + padded_len)
728: return SSH_MSG_NONE;
729:
730: /* The entire packet is in buffer. */
731:
732: /* Consume packet length. */
733: buffer_consume(&input, 4);
734:
1.62 markus 735: /*
736: * Cryptographic attack detector for ssh
737: * (C)1998 CORE-SDI, Buenos Aires Argentina
738: * Ariel Futoransky(futo@core-sdi.com)
739: */
1.88 ! markus 740: if (!receive_context.plaintext &&
1.62 markus 741: detect_attack(buffer_ptr(&input), padded_len, NULL) == DEATTACK_DETECTED)
742: packet_disconnect("crc32 compensation attack: network attack detected");
743:
744: /* Decrypt data to incoming_packet. */
1.14 markus 745: buffer_clear(&incoming_packet);
1.76 stevesk 746: cp = buffer_append_space(&incoming_packet, padded_len);
1.88 ! markus 747: cipher_crypt(&receive_context, cp, buffer_ptr(&input), padded_len);
1.62 markus 748:
1.14 markus 749: buffer_consume(&input, padded_len);
1.1 deraadt 750:
751: #ifdef PACKET_DEBUG
1.14 markus 752: fprintf(stderr, "read_poll plain: ");
753: buffer_dump(&incoming_packet);
1.1 deraadt 754: #endif
755:
1.14 markus 756: /* Compute packet checksum. */
1.83 stevesk 757: checksum = ssh_crc32(buffer_ptr(&incoming_packet),
1.25 markus 758: buffer_len(&incoming_packet) - 4);
1.14 markus 759:
760: /* Skip padding. */
761: buffer_consume(&incoming_packet, 8 - len % 8);
762:
763: /* Test check bytes. */
764: if (len != buffer_len(&incoming_packet))
1.77 djm 765: packet_disconnect("packet_read_poll1: len %d != buffer_len %d.",
1.25 markus 766: len, buffer_len(&incoming_packet));
1.14 markus 767:
1.83 stevesk 768: ucp = (u_char *)buffer_ptr(&incoming_packet) + len - 4;
1.14 markus 769: stored_checksum = GET_32BIT(ucp);
770: if (checksum != stored_checksum)
771: packet_disconnect("Corrupted check bytes on input.");
772: buffer_consume_end(&incoming_packet, 4);
773:
774: if (packet_compression) {
775: buffer_clear(&compression_buffer);
776: buffer_uncompress(&incoming_packet, &compression_buffer);
777: buffer_clear(&incoming_packet);
778: buffer_append(&incoming_packet, buffer_ptr(&compression_buffer),
1.25 markus 779: buffer_len(&compression_buffer));
1.14 markus 780: }
1.62 markus 781: type = buffer_get_char(&incoming_packet);
782: return type;
1.1 deraadt 783: }
1.14 markus 784:
1.68 itojun 785: static int
1.82 markus 786: packet_read_poll2(u_int32_t *seqnr_p)
1.25 markus 787: {
1.50 markus 788: static u_int32_t seqnr = 0;
789: static u_int packet_length = 0;
1.40 markus 790: u_int padlen, need;
1.62 markus 791: u_char *macbuf, *ucp, type;
1.25 markus 792: char *cp;
793: int maclen, block_size;
794: Enc *enc = NULL;
795: Mac *mac = NULL;
796: Comp *comp = NULL;
797:
1.57 markus 798: if (newkeys[MODE_IN] != NULL) {
799: enc = &newkeys[MODE_IN]->enc;
800: mac = &newkeys[MODE_IN]->mac;
801: comp = &newkeys[MODE_IN]->comp;
1.25 markus 802: }
803: maclen = mac && mac->enabled ? mac->mac_len : 0;
1.88 ! markus 804: block_size = enc ? enc->block_size : 8;
1.25 markus 805:
806: if (packet_length == 0) {
807: /*
808: * check if input size is less than the cipher block size,
809: * decrypt first block and extract length of incoming packet
810: */
811: if (buffer_len(&input) < block_size)
812: return SSH_MSG_NONE;
813: buffer_clear(&incoming_packet);
1.76 stevesk 814: cp = buffer_append_space(&incoming_packet, block_size);
1.88 ! markus 815: cipher_crypt(&receive_context, cp, buffer_ptr(&input),
1.25 markus 816: block_size);
1.83 stevesk 817: ucp = buffer_ptr(&incoming_packet);
1.25 markus 818: packet_length = GET_32BIT(ucp);
819: if (packet_length < 1 + 4 || packet_length > 256 * 1024) {
820: buffer_dump(&incoming_packet);
821: packet_disconnect("Bad packet length %d.", packet_length);
822: }
823: DBG(debug("input: packet len %d", packet_length+4));
824: buffer_consume(&input, block_size);
825: }
826: /* we have a partial packet of block_size bytes */
827: need = 4 + packet_length - block_size;
828: DBG(debug("partial packet %d, need %d, maclen %d", block_size,
829: need, maclen));
830: if (need % block_size != 0)
831: fatal("padding error: need %d block %d mod %d",
832: need, block_size, need % block_size);
833: /*
834: * check if the entire packet has been received and
835: * decrypt into incoming_packet
836: */
837: if (buffer_len(&input) < need + maclen)
838: return SSH_MSG_NONE;
839: #ifdef PACKET_DEBUG
840: fprintf(stderr, "read_poll enc/full: ");
841: buffer_dump(&input);
842: #endif
1.76 stevesk 843: cp = buffer_append_space(&incoming_packet, need);
1.88 ! markus 844: cipher_crypt(&receive_context, cp, buffer_ptr(&input), need);
1.25 markus 845: buffer_consume(&input, need);
846: /*
847: * compute MAC over seqnr and packet,
848: * increment sequence number for incoming packet
849: */
1.29 markus 850: if (mac && mac->enabled) {
1.50 markus 851: macbuf = mac_compute(mac, seqnr,
1.83 stevesk 852: buffer_ptr(&incoming_packet),
1.50 markus 853: buffer_len(&incoming_packet));
1.25 markus 854: if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
1.36 markus 855: packet_disconnect("Corrupted MAC on input.");
856: DBG(debug("MAC #%d ok", seqnr));
1.25 markus 857: buffer_consume(&input, mac->mac_len);
858: }
1.77 djm 859: if (seqnr_p != NULL)
860: *seqnr_p = seqnr;
1.29 markus 861: if (++seqnr == 0)
862: log("incoming seqnr wraps around");
1.25 markus 863:
864: /* get padlen */
1.76 stevesk 865: cp = buffer_ptr(&incoming_packet);
866: cp += 4;
1.62 markus 867: padlen = (u_char) *cp;
1.25 markus 868: DBG(debug("input: padlen %d", padlen));
869: if (padlen < 4)
870: packet_disconnect("Corrupted padlen %d on input.", padlen);
871:
872: /* skip packet size + padlen, discard padding */
873: buffer_consume(&incoming_packet, 4 + 1);
874: buffer_consume_end(&incoming_packet, padlen);
875:
876: DBG(debug("input: len before de-compress %d", buffer_len(&incoming_packet)));
877: if (comp && comp->enabled) {
878: buffer_clear(&compression_buffer);
879: buffer_uncompress(&incoming_packet, &compression_buffer);
880: buffer_clear(&incoming_packet);
881: buffer_append(&incoming_packet, buffer_ptr(&compression_buffer),
882: buffer_len(&compression_buffer));
883: DBG(debug("input: len after de-compress %d", buffer_len(&incoming_packet)));
884: }
885: /*
886: * get packet type, implies consume.
887: * return length of payload (without type field)
888: */
1.62 markus 889: type = buffer_get_char(&incoming_packet);
1.57 markus 890: if (type == SSH2_MSG_NEWKEYS)
891: set_newkeys(MODE_IN);
1.25 markus 892: #ifdef PACKET_DEBUG
1.55 deraadt 893: fprintf(stderr, "read/plain[%d]:\r\n", type);
1.25 markus 894: buffer_dump(&incoming_packet);
895: #endif
1.62 markus 896: /* reset for next packet */
897: packet_length = 0;
898: return type;
1.25 markus 899: }
900:
901: int
1.82 markus 902: packet_read_poll_seqnr(u_int32_t *seqnr_p)
1.25 markus 903: {
1.84 markus 904: int reason, seqnr;
1.62 markus 905: u_char type;
1.25 markus 906: char *msg;
1.62 markus 907:
1.25 markus 908: for (;;) {
1.62 markus 909: if (compat20) {
1.82 markus 910: type = packet_read_poll2(seqnr_p);
1.62 markus 911: if (type)
1.25 markus 912: DBG(debug("received packet type %d", type));
1.74 deraadt 913: switch (type) {
1.25 markus 914: case SSH2_MSG_IGNORE:
915: break;
916: case SSH2_MSG_DEBUG:
917: packet_get_char();
918: msg = packet_get_string(NULL);
919: debug("Remote: %.900s", msg);
920: xfree(msg);
921: msg = packet_get_string(NULL);
922: xfree(msg);
923: break;
924: case SSH2_MSG_DISCONNECT:
925: reason = packet_get_int();
926: msg = packet_get_string(NULL);
1.41 markus 927: log("Received disconnect from %s: %d: %.400s", get_remote_ipaddr(),
928: reason, msg);
1.25 markus 929: xfree(msg);
930: fatal_cleanup();
1.84 markus 931: break;
932: case SSH2_MSG_UNIMPLEMENTED:
933: seqnr = packet_get_int();
934: debug("Received SSH2_MSG_UNIMPLEMENTED for %d", seqnr);
1.25 markus 935: break;
936: default:
937: return type;
938: break;
1.48 stevesk 939: }
1.25 markus 940: } else {
1.82 markus 941: type = packet_read_poll1();
1.74 deraadt 942: switch (type) {
1.25 markus 943: case SSH_MSG_IGNORE:
944: break;
945: case SSH_MSG_DEBUG:
946: msg = packet_get_string(NULL);
947: debug("Remote: %.900s", msg);
948: xfree(msg);
949: break;
950: case SSH_MSG_DISCONNECT:
951: msg = packet_get_string(NULL);
1.41 markus 952: log("Received disconnect from %s: %.400s", get_remote_ipaddr(),
953: msg);
1.25 markus 954: fatal_cleanup();
955: xfree(msg);
956: break;
957: default:
1.62 markus 958: if (type)
1.25 markus 959: DBG(debug("received packet type %d", type));
960: return type;
961: break;
1.48 stevesk 962: }
1.25 markus 963: }
964: }
1.77 djm 965: }
966:
967: int
1.82 markus 968: packet_read_poll(void)
1.77 djm 969: {
1.82 markus 970: return packet_read_poll_seqnr(NULL);
1.25 markus 971: }
972:
1.16 markus 973: /*
974: * Buffers the given amount of input characters. This is intended to be used
975: * together with packet_read_poll.
976: */
1.1 deraadt 977:
1.2 provos 978: void
1.40 markus 979: packet_process_incoming(const char *buf, u_int len)
1.1 deraadt 980: {
1.14 markus 981: buffer_append(&input, buf, len);
1.1 deraadt 982: }
983:
984: /* Returns a character from the packet. */
985:
1.40 markus 986: u_int
1.73 itojun 987: packet_get_char(void)
1.1 deraadt 988: {
1.14 markus 989: char ch;
990: buffer_get(&incoming_packet, &ch, 1);
1.40 markus 991: return (u_char) ch;
1.1 deraadt 992: }
993:
994: /* Returns an integer from the packet data. */
995:
1.40 markus 996: u_int
1.73 itojun 997: packet_get_int(void)
1.1 deraadt 998: {
1.14 markus 999: return buffer_get_int(&incoming_packet);
1.1 deraadt 1000: }
1001:
1.16 markus 1002: /*
1003: * Returns an arbitrary precision integer from the packet data. The integer
1004: * must have been initialized before this call.
1005: */
1.1 deraadt 1006:
1.2 provos 1007: void
1.80 markus 1008: packet_get_bignum(BIGNUM * value)
1.1 deraadt 1009: {
1.81 markus 1010: buffer_get_bignum(&incoming_packet, value);
1.24 markus 1011: }
1012:
1013: void
1.80 markus 1014: packet_get_bignum2(BIGNUM * value)
1.24 markus 1015: {
1.81 markus 1016: buffer_get_bignum2(&incoming_packet, value);
1.24 markus 1017: }
1018:
1.76 stevesk 1019: void *
1.24 markus 1020: packet_get_raw(int *length_ptr)
1021: {
1022: int bytes = buffer_len(&incoming_packet);
1023: if (length_ptr != NULL)
1024: *length_ptr = bytes;
1025: return buffer_ptr(&incoming_packet);
1.28 markus 1026: }
1027:
1028: int
1029: packet_remaining(void)
1030: {
1031: return buffer_len(&incoming_packet);
1.1 deraadt 1032: }
1033:
1.16 markus 1034: /*
1035: * Returns a string from the packet data. The string is allocated using
1036: * xmalloc; it is the responsibility of the calling program to free it when
1037: * no longer needed. The length_ptr argument may be NULL, or point to an
1038: * integer into which the length of the string is stored.
1039: */
1.1 deraadt 1040:
1.76 stevesk 1041: void *
1.40 markus 1042: packet_get_string(u_int *length_ptr)
1.1 deraadt 1043: {
1.14 markus 1044: return buffer_get_string(&incoming_packet, length_ptr);
1.1 deraadt 1045: }
1046:
1.16 markus 1047: /*
1048: * Sends a diagnostic message from the server to the client. This message
1049: * can be sent at any time (but not while constructing another message). The
1050: * message is printed immediately, but only if the client is being executed
1051: * in verbose mode. These messages are primarily intended to ease debugging
1052: * authentication problems. The length of the formatted message must not
1053: * exceed 1024 bytes. This will automatically call packet_write_wait.
1054: */
1.1 deraadt 1055:
1.2 provos 1056: void
1.14 markus 1057: packet_send_debug(const char *fmt,...)
1.1 deraadt 1058: {
1.14 markus 1059: char buf[1024];
1060: va_list args;
1.39 markus 1061:
1062: if (compat20 && (datafellows & SSH_BUG_DEBUG))
1063: return;
1.14 markus 1064:
1065: va_start(args, fmt);
1066: vsnprintf(buf, sizeof(buf), fmt, args);
1067: va_end(args);
1068:
1.30 markus 1069: if (compat20) {
1070: packet_start(SSH2_MSG_DEBUG);
1071: packet_put_char(0); /* bool: always display */
1072: packet_put_cstring(buf);
1073: packet_put_cstring("");
1074: } else {
1075: packet_start(SSH_MSG_DEBUG);
1076: packet_put_cstring(buf);
1077: }
1.14 markus 1078: packet_send();
1079: packet_write_wait();
1.1 deraadt 1080: }
1081:
1.16 markus 1082: /*
1083: * Logs the error plus constructs and sends a disconnect packet, closes the
1084: * connection, and exits. This function never returns. The error message
1085: * should not contain a newline. The length of the formatted message must
1086: * not exceed 1024 bytes.
1087: */
1.1 deraadt 1088:
1.2 provos 1089: void
1.14 markus 1090: packet_disconnect(const char *fmt,...)
1.1 deraadt 1091: {
1.14 markus 1092: char buf[1024];
1093: va_list args;
1094: static int disconnecting = 0;
1095: if (disconnecting) /* Guard against recursive invocations. */
1096: fatal("packet_disconnect called recursively.");
1097: disconnecting = 1;
1098:
1.16 markus 1099: /*
1100: * Format the message. Note that the caller must make sure the
1101: * message is of limited size.
1102: */
1.14 markus 1103: va_start(args, fmt);
1104: vsnprintf(buf, sizeof(buf), fmt, args);
1105: va_end(args);
1106:
1107: /* Send the disconnect message to the other side, and wait for it to get sent. */
1.25 markus 1108: if (compat20) {
1109: packet_start(SSH2_MSG_DISCONNECT);
1110: packet_put_int(SSH2_DISCONNECT_PROTOCOL_ERROR);
1111: packet_put_cstring(buf);
1112: packet_put_cstring("");
1113: } else {
1114: packet_start(SSH_MSG_DISCONNECT);
1.65 markus 1115: packet_put_cstring(buf);
1.25 markus 1116: }
1.14 markus 1117: packet_send();
1118: packet_write_wait();
1119:
1120: /* Stop listening for connections. */
1.67 markus 1121: channel_close_all();
1.14 markus 1122:
1123: /* Close the connection. */
1124: packet_close();
1.1 deraadt 1125:
1.14 markus 1126: /* Display the error locally and exit. */
1.17 markus 1127: log("Disconnecting: %.100s", buf);
1128: fatal_cleanup();
1.1 deraadt 1129: }
1130:
1.16 markus 1131: /* Checks if there is any buffered output, and tries to write some of the output. */
1.1 deraadt 1132:
1.2 provos 1133: void
1.73 itojun 1134: packet_write_poll(void)
1.1 deraadt 1135: {
1.14 markus 1136: int len = buffer_len(&output);
1137: if (len > 0) {
1138: len = write(connection_out, buffer_ptr(&output), len);
1139: if (len <= 0) {
1140: if (errno == EAGAIN)
1141: return;
1142: else
1143: fatal("Write failed: %.100s", strerror(errno));
1144: }
1145: buffer_consume(&output, len);
1146: }
1.1 deraadt 1147: }
1148:
1.16 markus 1149: /*
1150: * Calls packet_write_poll repeatedly until all pending output data has been
1151: * written.
1152: */
1.1 deraadt 1153:
1.2 provos 1154: void
1.73 itojun 1155: packet_write_wait(void)
1.1 deraadt 1156: {
1.56 millert 1157: fd_set *setp;
1158:
1159: setp = (fd_set *)xmalloc(howmany(connection_out + 1, NFDBITS) *
1160: sizeof(fd_mask));
1.14 markus 1161: packet_write_poll();
1162: while (packet_have_data_to_write()) {
1.56 millert 1163: memset(setp, 0, howmany(connection_out + 1, NFDBITS) *
1164: sizeof(fd_mask));
1165: FD_SET(connection_out, setp);
1166: while (select(connection_out + 1, NULL, setp, NULL, NULL) == -1 &&
1.51 deraadt 1167: (errno == EAGAIN || errno == EINTR))
1168: ;
1.14 markus 1169: packet_write_poll();
1170: }
1.56 millert 1171: xfree(setp);
1.1 deraadt 1172: }
1173:
1174: /* Returns true if there is buffered data to write to the connection. */
1175:
1.2 provos 1176: int
1.73 itojun 1177: packet_have_data_to_write(void)
1.1 deraadt 1178: {
1.14 markus 1179: return buffer_len(&output) != 0;
1.1 deraadt 1180: }
1181:
1182: /* Returns true if there is not too much data to write to the connection. */
1183:
1.2 provos 1184: int
1.73 itojun 1185: packet_not_very_much_data_to_write(void)
1.1 deraadt 1186: {
1.14 markus 1187: if (interactive_mode)
1188: return buffer_len(&output) < 16384;
1189: else
1190: return buffer_len(&output) < 128 * 1024;
1.1 deraadt 1191: }
1192:
1193: /* Informs that the current session is interactive. Sets IP flags for that. */
1194:
1.2 provos 1195: void
1.43 markus 1196: packet_set_interactive(int interactive)
1.1 deraadt 1197: {
1.43 markus 1198: static int called = 0;
1.44 markus 1199: int lowdelay = IPTOS_LOWDELAY;
1200: int throughput = IPTOS_THROUGHPUT;
1201:
1.43 markus 1202: if (called)
1203: return;
1204: called = 1;
1.1 deraadt 1205:
1.14 markus 1206: /* Record that we are in interactive mode. */
1207: interactive_mode = interactive;
1.1 deraadt 1208:
1.19 markus 1209: /* Only set socket options if using a socket. */
1210: if (!packet_connection_is_on_socket())
1.14 markus 1211: return;
1.19 markus 1212: /*
1.42 markus 1213: * IPTOS_LOWDELAY and IPTOS_THROUGHPUT are IPv4 only
1.19 markus 1214: */
1.14 markus 1215: if (interactive) {
1.16 markus 1216: /*
1217: * Set IP options for an interactive connection. Use
1218: * IPTOS_LOWDELAY and TCP_NODELAY.
1219: */
1.42 markus 1220: if (packet_connection_is_ipv4()) {
1221: if (setsockopt(connection_in, IPPROTO_IP, IP_TOS,
1222: (void *) &lowdelay, sizeof(lowdelay)) < 0)
1223: error("setsockopt IPTOS_LOWDELAY: %.100s",
1224: strerror(errno));
1225: }
1.86 stevesk 1226: set_nodelay(connection_in);
1.42 markus 1227: } else if (packet_connection_is_ipv4()) {
1.16 markus 1228: /*
1229: * Set IP options for a non-interactive connection. Use
1230: * IPTOS_THROUGHPUT.
1231: */
1.14 markus 1232: if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &throughput,
1.19 markus 1233: sizeof(throughput)) < 0)
1.14 markus 1234: error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno));
1235: }
1.1 deraadt 1236: }
1237:
1238: /* Returns true if the current connection is interactive. */
1239:
1.2 provos 1240: int
1.73 itojun 1241: packet_is_interactive(void)
1.1 deraadt 1242: {
1.14 markus 1243: return interactive_mode;
1.12 markus 1244: }
1245:
1246: int
1247: packet_set_maxsize(int s)
1248: {
1.14 markus 1249: static int called = 0;
1250: if (called) {
1.25 markus 1251: log("packet_set_maxsize: called twice: old %d new %d",
1252: max_packet_size, s);
1.14 markus 1253: return -1;
1254: }
1255: if (s < 4 * 1024 || s > 1024 * 1024) {
1256: log("packet_set_maxsize: bad size %d", s);
1257: return -1;
1258: }
1.70 markus 1259: called = 1;
1.66 markus 1260: debug("packet_set_maxsize: setting to %d", s);
1.14 markus 1261: max_packet_size = s;
1262: return s;
1.53 markus 1263: }
1264:
1.71 markus 1265: /* roundup current message to pad bytes */
1266: void
1267: packet_add_padding(u_char pad)
1268: {
1269: extra_pad = pad;
1270: }
1271:
1.53 markus 1272: /*
1273: * 9.2. Ignored Data Message
1.61 markus 1274: *
1.53 markus 1275: * byte SSH_MSG_IGNORE
1276: * string data
1.61 markus 1277: *
1.53 markus 1278: * All implementations MUST understand (and ignore) this message at any
1279: * time (after receiving the protocol version). No implementation is
1280: * required to send them. This message can be used as an additional
1281: * protection measure against advanced traffic analysis techniques.
1282: */
1.54 markus 1283: void
1284: packet_send_ignore(int nbytes)
1285: {
1286: u_int32_t rand = 0;
1287: int i;
1288:
1289: packet_start(compat20 ? SSH2_MSG_IGNORE : SSH_MSG_IGNORE);
1.53 markus 1290: packet_put_int(nbytes);
1.75 deraadt 1291: for (i = 0; i < nbytes; i++) {
1.53 markus 1292: if (i % 4 == 0)
1293: rand = arc4random();
1294: packet_put_char(rand & 0xff);
1295: rand >>= 8;
1296: }
1.1 deraadt 1297: }