Annotation of src/usr.bin/ssh/packet.c, Revision 1.89
1.1 deraadt 1: /*
1.15 deraadt 2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: * All rights reserved
1.35 deraadt 5: * This file contains code implementing the packet protocol and communication
6: * with the other side. This same code is used both on client and server side.
1.29 markus 7: *
1.35 deraadt 8: * As far as I am concerned, the code I have written for this software
9: * can be used freely for any purpose. Any derived versions of this
10: * software must be clearly marked as such, and if the derived work is
11: * incompatible with the protocol description in the RFC file, it must be
12: * called by a name other than "ssh" or "Secure Shell".
1.29 markus 13: *
1.25 markus 14: *
15: * SSH2 packet format added by Markus Friedl.
1.69 markus 16: * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
1.25 markus 17: *
1.35 deraadt 18: * Redistribution and use in source and binary forms, with or without
19: * modification, are permitted provided that the following conditions
20: * are met:
21: * 1. Redistributions of source code must retain the above copyright
22: * notice, this list of conditions and the following disclaimer.
23: * 2. Redistributions in binary form must reproduce the above copyright
24: * notice, this list of conditions and the following disclaimer in the
25: * documentation and/or other materials provided with the distribution.
26: *
27: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
28: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
30: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
31: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
32: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
33: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
34: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
35: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.15 deraadt 37: */
1.1 deraadt 38:
39: #include "includes.h"
1.89 ! markus 40: RCSID("$OpenBSD: packet.c,v 1.88 2002/02/14 23:41:01 markus Exp $");
1.1 deraadt 41:
42: #include "xmalloc.h"
43: #include "buffer.h"
44: #include "packet.h"
45: #include "bufaux.h"
46: #include "crc32.h"
47: #include "getput.h"
48:
49: #include "compress.h"
1.9 dugsong 50: #include "deattack.h"
1.64 markus 51: #include "channels.h"
1.1 deraadt 52:
1.25 markus 53: #include "compat.h"
1.45 markus 54: #include "ssh1.h"
1.25 markus 55: #include "ssh2.h"
56:
1.37 markus 57: #include "cipher.h"
1.25 markus 58: #include "kex.h"
1.50 markus 59: #include "mac.h"
1.46 markus 60: #include "log.h"
61: #include "canohost.h"
1.87 stevesk 62: #include "misc.h"
1.25 markus 63:
64: #ifdef PACKET_DEBUG
65: #define DBG(x) x
66: #else
67: #define DBG(x)
68: #endif
69:
1.16 markus 70: /*
71: * This variable contains the file descriptors used for communicating with
72: * the other side. connection_in is used for reading; connection_out for
73: * writing. These can be the same descriptor, in which case it is assumed to
74: * be a socket.
75: */
1.1 deraadt 76: static int connection_in = -1;
77: static int connection_out = -1;
78:
79: /* Protocol flags for the remote side. */
1.40 markus 80: static u_int remote_protocol_flags = 0;
1.1 deraadt 81:
82: /* Encryption context for receiving data. This is only used for decryption. */
83: static CipherContext receive_context;
1.14 markus 84:
85: /* Encryption context for sending data. This is only used for encryption. */
1.1 deraadt 86: static CipherContext send_context;
87:
88: /* Buffer for raw input data from the socket. */
89: static Buffer input;
90:
91: /* Buffer for raw output data going to the socket. */
92: static Buffer output;
93:
94: /* Buffer for the partial outgoing packet being constructed. */
95: static Buffer outgoing_packet;
96:
97: /* Buffer for the incoming packet currently being processed. */
98: static Buffer incoming_packet;
99:
100: /* Scratch buffer for packet compression/decompression. */
101: static Buffer compression_buffer;
1.60 markus 102: static int compression_buffer_ready = 0;
1.1 deraadt 103:
104: /* Flag indicating whether packet compression/decompression is enabled. */
105: static int packet_compression = 0;
106:
1.12 markus 107: /* default maximum packet size */
108: int max_packet_size = 32768;
109:
1.1 deraadt 110: /* Flag indicating whether this module has been initialized. */
111: static int initialized = 0;
112:
113: /* Set to true if the connection is interactive. */
114: static int interactive_mode = 0;
115:
1.25 markus 116: /* Session key information for Encryption and MAC */
1.57 markus 117: Newkeys *newkeys[MODE_MAX];
1.25 markus 118:
1.71 markus 119: /* roundup current message to extra_pad bytes */
120: static u_char extra_pad = 0;
121:
1.16 markus 122: /*
123: * Sets the descriptors used for communication. Disables encryption until
124: * packet_set_encryption_key is called.
125: */
1.2 provos 126: void
127: packet_set_connection(int fd_in, int fd_out)
1.1 deraadt 128: {
1.37 markus 129: Cipher *none = cipher_by_name("none");
130: if (none == NULL)
131: fatal("packet_set_connection: cannot load cipher 'none'");
1.14 markus 132: connection_in = fd_in;
133: connection_out = fd_out;
1.88 markus 134: cipher_init(&send_context, none, "", 0, NULL, 0, CIPHER_ENCRYPT);
135: cipher_init(&receive_context, none, "", 0, NULL, 0, CIPHER_DECRYPT);
1.62 markus 136: newkeys[MODE_IN] = newkeys[MODE_OUT] = NULL;
1.14 markus 137: if (!initialized) {
138: initialized = 1;
139: buffer_init(&input);
140: buffer_init(&output);
141: buffer_init(&outgoing_packet);
142: buffer_init(&incoming_packet);
143: }
144: /* Kludge: arrange the close function to be called from fatal(). */
145: fatal_add_cleanup((void (*) (void *)) packet_close, NULL);
1.1 deraadt 146: }
147:
1.19 markus 148: /* Returns 1 if remote host is connected via socket, 0 if not. */
149:
150: int
1.73 itojun 151: packet_connection_is_on_socket(void)
1.19 markus 152: {
153: struct sockaddr_storage from, to;
154: socklen_t fromlen, tolen;
155:
156: /* filedescriptors in and out are the same, so it's a socket */
157: if (connection_in == connection_out)
158: return 1;
159: fromlen = sizeof(from);
160: memset(&from, 0, sizeof(from));
1.20 markus 161: if (getpeername(connection_in, (struct sockaddr *)&from, &fromlen) < 0)
1.19 markus 162: return 0;
163: tolen = sizeof(to);
164: memset(&to, 0, sizeof(to));
1.20 markus 165: if (getpeername(connection_out, (struct sockaddr *)&to, &tolen) < 0)
1.19 markus 166: return 0;
167: if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0)
168: return 0;
169: if (from.ss_family != AF_INET && from.ss_family != AF_INET6)
170: return 0;
171: return 1;
172: }
173:
174: /* returns 1 if connection is via ipv4 */
175:
176: int
1.73 itojun 177: packet_connection_is_ipv4(void)
1.19 markus 178: {
179: struct sockaddr_storage to;
1.21 deraadt 180: socklen_t tolen = sizeof(to);
1.19 markus 181:
182: memset(&to, 0, sizeof(to));
183: if (getsockname(connection_out, (struct sockaddr *)&to, &tolen) < 0)
184: return 0;
185: if (to.ss_family != AF_INET)
186: return 0;
187: return 1;
188: }
189:
1.1 deraadt 190: /* Sets the connection into non-blocking mode. */
191:
1.2 provos 192: void
1.73 itojun 193: packet_set_nonblocking(void)
1.1 deraadt 194: {
1.14 markus 195: /* Set the socket into non-blocking mode. */
196: if (fcntl(connection_in, F_SETFL, O_NONBLOCK) < 0)
197: error("fcntl O_NONBLOCK: %.100s", strerror(errno));
198:
199: if (connection_out != connection_in) {
200: if (fcntl(connection_out, F_SETFL, O_NONBLOCK) < 0)
201: error("fcntl O_NONBLOCK: %.100s", strerror(errno));
202: }
1.1 deraadt 203: }
204:
205: /* Returns the socket used for reading. */
206:
1.2 provos 207: int
1.73 itojun 208: packet_get_connection_in(void)
1.1 deraadt 209: {
1.14 markus 210: return connection_in;
1.1 deraadt 211: }
212:
213: /* Returns the descriptor used for writing. */
214:
1.2 provos 215: int
1.73 itojun 216: packet_get_connection_out(void)
1.1 deraadt 217: {
1.14 markus 218: return connection_out;
1.1 deraadt 219: }
220:
221: /* Closes the connection and clears and frees internal data structures. */
222:
1.2 provos 223: void
1.73 itojun 224: packet_close(void)
1.1 deraadt 225: {
1.14 markus 226: if (!initialized)
227: return;
228: initialized = 0;
229: if (connection_in == connection_out) {
230: shutdown(connection_out, SHUT_RDWR);
231: close(connection_out);
232: } else {
233: close(connection_in);
234: close(connection_out);
235: }
236: buffer_free(&input);
237: buffer_free(&output);
238: buffer_free(&outgoing_packet);
239: buffer_free(&incoming_packet);
1.60 markus 240: if (compression_buffer_ready) {
1.14 markus 241: buffer_free(&compression_buffer);
242: buffer_compress_uninit();
243: }
1.88 markus 244: cipher_cleanup(&send_context);
245: cipher_cleanup(&receive_context);
1.1 deraadt 246: }
247:
248: /* Sets remote side protocol flags. */
249:
1.2 provos 250: void
1.40 markus 251: packet_set_protocol_flags(u_int protocol_flags)
1.1 deraadt 252: {
1.14 markus 253: remote_protocol_flags = protocol_flags;
1.1 deraadt 254: }
255:
256: /* Returns the remote protocol flags set earlier by the above function. */
257:
1.40 markus 258: u_int
1.73 itojun 259: packet_get_protocol_flags(void)
1.1 deraadt 260: {
1.14 markus 261: return remote_protocol_flags;
1.1 deraadt 262: }
263:
1.16 markus 264: /*
265: * Starts packet compression from the next packet on in both directions.
266: * Level is compression level 1 (fastest) - 9 (slow, best) as in gzip.
267: */
1.1 deraadt 268:
1.68 itojun 269: static void
270: packet_init_compression(void)
1.60 markus 271: {
272: if (compression_buffer_ready == 1)
273: return;
274: compression_buffer_ready = 1;
275: buffer_init(&compression_buffer);
276: }
277:
1.2 provos 278: void
279: packet_start_compression(int level)
1.1 deraadt 280: {
1.62 markus 281: if (packet_compression && !compat20)
1.14 markus 282: fatal("Compression already enabled.");
283: packet_compression = 1;
1.60 markus 284: packet_init_compression();
285: buffer_compress_init_send(level);
286: buffer_compress_init_recv();
1.1 deraadt 287: }
288:
1.16 markus 289: /*
290: * Causes any further packets to be encrypted using the given key. The same
291: * key is used for both sending and reception. However, both directions are
292: * encrypted independently of each other.
293: */
1.2 provos 294: void
1.40 markus 295: packet_set_encryption_key(const u_char *key, u_int keylen,
1.37 markus 296: int number)
1.1 deraadt 297: {
1.37 markus 298: Cipher *cipher = cipher_by_number(number);
299: if (cipher == NULL)
300: fatal("packet_set_encryption_key: unknown cipher number %d", number);
1.25 markus 301: if (keylen < 20)
1.37 markus 302: fatal("packet_set_encryption_key: keylen too small: %d", keylen);
1.88 markus 303: cipher_init(&send_context, cipher, key, keylen, NULL, 0, CIPHER_ENCRYPT);
304: cipher_init(&receive_context, cipher, key, keylen, NULL, 0, CIPHER_DECRYPT);
1.1 deraadt 305: }
306:
1.62 markus 307: /* Start constructing a packet to send. */
1.2 provos 308: void
1.62 markus 309: packet_start(u_char type)
1.1 deraadt 310: {
1.62 markus 311: u_char buf[9];
312: int len;
1.1 deraadt 313:
1.62 markus 314: DBG(debug("packet_start[%d]", type));
315: len = compat20 ? 6 : 9;
316: memset(buf, 0, len - 1);
317: buf[len - 1] = type;
1.14 markus 318: buffer_clear(&outgoing_packet);
1.62 markus 319: buffer_append(&outgoing_packet, buf, len);
1.25 markus 320: }
321:
1.62 markus 322: /* Append payload. */
1.2 provos 323: void
324: packet_put_char(int value)
1.1 deraadt 325: {
1.14 markus 326: char ch = value;
327: buffer_append(&outgoing_packet, &ch, 1);
1.1 deraadt 328: }
1.2 provos 329: void
1.40 markus 330: packet_put_int(u_int value)
1.1 deraadt 331: {
1.14 markus 332: buffer_put_int(&outgoing_packet, value);
1.1 deraadt 333: }
1.2 provos 334: void
1.76 stevesk 335: packet_put_string(const void *buf, u_int len)
1.1 deraadt 336: {
1.14 markus 337: buffer_put_string(&outgoing_packet, buf, len);
1.1 deraadt 338: }
1.24 markus 339: void
340: packet_put_cstring(const char *str)
341: {
1.65 markus 342: buffer_put_cstring(&outgoing_packet, str);
1.24 markus 343: }
344: void
1.76 stevesk 345: packet_put_raw(const void *buf, u_int len)
1.24 markus 346: {
347: buffer_append(&outgoing_packet, buf, len);
348: }
1.2 provos 349: void
1.14 markus 350: packet_put_bignum(BIGNUM * value)
1.1 deraadt 351: {
1.14 markus 352: buffer_put_bignum(&outgoing_packet, value);
1.1 deraadt 353: }
1.24 markus 354: void
355: packet_put_bignum2(BIGNUM * value)
356: {
357: buffer_put_bignum2(&outgoing_packet, value);
358: }
1.1 deraadt 359:
1.16 markus 360: /*
361: * Finalizes and sends the packet. If the encryption key has been set,
362: * encrypts the packet before sending.
363: */
1.14 markus 364:
1.68 itojun 365: static void
1.49 itojun 366: packet_send1(void)
1.1 deraadt 367: {
1.89 ! markus 368: u_char buf[8], *cp;
1.14 markus 369: int i, padding, len;
1.40 markus 370: u_int checksum;
1.14 markus 371: u_int32_t rand = 0;
372:
1.16 markus 373: /*
374: * If using packet compression, compress the payload of the outgoing
375: * packet.
376: */
1.14 markus 377: if (packet_compression) {
378: buffer_clear(&compression_buffer);
379: /* Skip padding. */
380: buffer_consume(&outgoing_packet, 8);
381: /* padding */
382: buffer_append(&compression_buffer, "\0\0\0\0\0\0\0\0", 8);
383: buffer_compress(&outgoing_packet, &compression_buffer);
384: buffer_clear(&outgoing_packet);
385: buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer),
1.75 deraadt 386: buffer_len(&compression_buffer));
1.14 markus 387: }
388: /* Compute packet length without padding (add checksum, remove padding). */
389: len = buffer_len(&outgoing_packet) + 4 - 8;
390:
1.32 markus 391: /* Insert padding. Initialized to zero in packet_start1() */
1.14 markus 392: padding = 8 - len % 8;
1.88 markus 393: if (!send_context.plaintext) {
1.14 markus 394: cp = buffer_ptr(&outgoing_packet);
395: for (i = 0; i < padding; i++) {
396: if (i % 4 == 0)
397: rand = arc4random();
398: cp[7 - i] = rand & 0xff;
399: rand >>= 8;
400: }
401: }
402: buffer_consume(&outgoing_packet, 8 - padding);
403:
404: /* Add check bytes. */
1.83 stevesk 405: checksum = ssh_crc32(buffer_ptr(&outgoing_packet),
1.34 deraadt 406: buffer_len(&outgoing_packet));
1.14 markus 407: PUT_32BIT(buf, checksum);
408: buffer_append(&outgoing_packet, buf, 4);
1.1 deraadt 409:
410: #ifdef PACKET_DEBUG
1.14 markus 411: fprintf(stderr, "packet_send plain: ");
412: buffer_dump(&outgoing_packet);
1.1 deraadt 413: #endif
414:
1.14 markus 415: /* Append to output. */
416: PUT_32BIT(buf, len);
417: buffer_append(&output, buf, 4);
1.76 stevesk 418: cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
1.88 markus 419: cipher_crypt(&send_context, cp, buffer_ptr(&outgoing_packet),
1.75 deraadt 420: buffer_len(&outgoing_packet));
1.14 markus 421:
1.1 deraadt 422: #ifdef PACKET_DEBUG
1.14 markus 423: fprintf(stderr, "encrypted: ");
424: buffer_dump(&output);
1.1 deraadt 425: #endif
426:
1.14 markus 427: buffer_clear(&outgoing_packet);
1.1 deraadt 428:
1.16 markus 429: /*
430: * Note that the packet is now only buffered in output. It won\'t be
431: * actually sent until packet_write_wait or packet_write_poll is
432: * called.
433: */
1.1 deraadt 434: }
435:
1.68 itojun 436: static void
1.57 markus 437: set_newkeys(int mode)
438: {
439: Enc *enc;
440: Mac *mac;
441: Comp *comp;
442: CipherContext *cc;
1.88 markus 443: int encrypt;
1.57 markus 444:
445: debug("newkeys: mode %d", mode);
446:
1.88 markus 447: if (mode == MODE_OUT) {
448: cc = &send_context;
449: encrypt = CIPHER_ENCRYPT;
450: } else {
451: cc = &receive_context;
452: encrypt = CIPHER_DECRYPT;
453: }
1.57 markus 454: if (newkeys[mode] != NULL) {
455: debug("newkeys: rekeying");
1.88 markus 456: cipher_cleanup(cc);
1.59 markus 457: enc = &newkeys[mode]->enc;
458: mac = &newkeys[mode]->mac;
459: comp = &newkeys[mode]->comp;
1.61 markus 460: memset(mac->key, 0, mac->key_len);
1.59 markus 461: xfree(enc->name);
462: xfree(enc->iv);
463: xfree(enc->key);
464: xfree(mac->name);
465: xfree(mac->key);
466: xfree(comp->name);
1.58 markus 467: xfree(newkeys[mode]);
1.57 markus 468: }
469: newkeys[mode] = kex_get_newkeys(mode);
470: if (newkeys[mode] == NULL)
471: fatal("newkeys: no keys for mode %d", mode);
472: enc = &newkeys[mode]->enc;
473: mac = &newkeys[mode]->mac;
474: comp = &newkeys[mode]->comp;
475: if (mac->md != NULL)
476: mac->enabled = 1;
477: DBG(debug("cipher_init_context: %d", mode));
1.88 markus 478: cipher_init(cc, enc->cipher, enc->key, enc->key_len,
479: enc->iv, enc->block_size, encrypt);
480: memset(enc->iv, 0, enc->block_size);
481: memset(enc->key, 0, enc->key_len);
1.57 markus 482: if (comp->type != 0 && comp->enabled == 0) {
1.60 markus 483: packet_init_compression();
484: if (mode == MODE_OUT)
485: buffer_compress_init_send(6);
486: else
487: buffer_compress_init_recv();
1.57 markus 488: comp->enabled = 1;
489: }
490: }
491:
1.16 markus 492: /*
1.25 markus 493: * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
494: */
1.68 itojun 495: static void
1.49 itojun 496: packet_send2(void)
1.25 markus 497: {
1.50 markus 498: static u_int32_t seqnr = 0;
1.89 ! markus 499: u_char type, *cp, *macbuf = NULL;
1.71 markus 500: u_char padlen, pad;
1.40 markus 501: u_int packet_length = 0;
1.71 markus 502: u_int i, len;
1.25 markus 503: u_int32_t rand = 0;
504: Enc *enc = NULL;
505: Mac *mac = NULL;
506: Comp *comp = NULL;
507: int block_size;
508:
1.57 markus 509: if (newkeys[MODE_OUT] != NULL) {
510: enc = &newkeys[MODE_OUT]->enc;
511: mac = &newkeys[MODE_OUT]->mac;
512: comp = &newkeys[MODE_OUT]->comp;
1.25 markus 513: }
1.88 markus 514: block_size = enc ? enc->block_size : 8;
1.25 markus 515:
1.89 ! markus 516: cp = buffer_ptr(&outgoing_packet);
! 517: type = cp[5];
1.25 markus 518:
519: #ifdef PACKET_DEBUG
520: fprintf(stderr, "plain: ");
521: buffer_dump(&outgoing_packet);
522: #endif
523:
524: if (comp && comp->enabled) {
525: len = buffer_len(&outgoing_packet);
526: /* skip header, compress only payload */
527: buffer_consume(&outgoing_packet, 5);
528: buffer_clear(&compression_buffer);
529: buffer_compress(&outgoing_packet, &compression_buffer);
530: buffer_clear(&outgoing_packet);
531: buffer_append(&outgoing_packet, "\0\0\0\0\0", 5);
532: buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer),
533: buffer_len(&compression_buffer));
534: DBG(debug("compression: raw %d compressed %d", len,
535: buffer_len(&outgoing_packet)));
536: }
537:
538: /* sizeof (packet_len + pad_len + payload) */
539: len = buffer_len(&outgoing_packet);
540:
541: /*
542: * calc size of padding, alloc space, get random data,
543: * minimum padding is 4 bytes
544: */
545: padlen = block_size - (len % block_size);
546: if (padlen < 4)
547: padlen += block_size;
1.71 markus 548: if (extra_pad) {
549: /* will wrap if extra_pad+padlen > 255 */
550: extra_pad = roundup(extra_pad, block_size);
551: pad = extra_pad - ((len + padlen) % extra_pad);
552: debug("packet_send2: adding %d (len %d padlen %d extra_pad %d)",
553: pad, len, padlen, extra_pad);
554: padlen += pad;
555: extra_pad = 0;
556: }
1.76 stevesk 557: cp = buffer_append_space(&outgoing_packet, padlen);
1.88 markus 558: if (enc && !send_context.plaintext) {
1.32 markus 559: /* random padding */
1.25 markus 560: for (i = 0; i < padlen; i++) {
561: if (i % 4 == 0)
562: rand = arc4random();
563: cp[i] = rand & 0xff;
1.52 markus 564: rand >>= 8;
1.25 markus 565: }
1.32 markus 566: } else {
567: /* clear padding */
568: memset(cp, 0, padlen);
1.25 markus 569: }
570: /* packet_length includes payload, padding and padding length field */
571: packet_length = buffer_len(&outgoing_packet) - 4;
1.89 ! markus 572: cp = buffer_ptr(&outgoing_packet);
! 573: PUT_32BIT(cp, packet_length);
! 574: cp[4] = padlen;
1.25 markus 575: DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen));
576:
577: /* compute MAC over seqnr and packet(length fields, payload, padding) */
578: if (mac && mac->enabled) {
1.50 markus 579: macbuf = mac_compute(mac, seqnr,
1.83 stevesk 580: buffer_ptr(&outgoing_packet),
1.50 markus 581: buffer_len(&outgoing_packet));
1.36 markus 582: DBG(debug("done calc MAC out #%d", seqnr));
1.25 markus 583: }
584: /* encrypt packet and append to output buffer. */
1.76 stevesk 585: cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
1.88 markus 586: cipher_crypt(&send_context, cp, buffer_ptr(&outgoing_packet),
1.25 markus 587: buffer_len(&outgoing_packet));
588: /* append unencrypted MAC */
589: if (mac && mac->enabled)
590: buffer_append(&output, (char *)macbuf, mac->mac_len);
591: #ifdef PACKET_DEBUG
592: fprintf(stderr, "encrypted: ");
593: buffer_dump(&output);
594: #endif
1.29 markus 595: /* increment sequence number for outgoing packets */
596: if (++seqnr == 0)
597: log("outgoing seqnr wraps around");
1.25 markus 598: buffer_clear(&outgoing_packet);
599:
1.57 markus 600: if (type == SSH2_MSG_NEWKEYS)
601: set_newkeys(MODE_OUT);
1.25 markus 602: }
603:
604: void
1.73 itojun 605: packet_send(void)
1.25 markus 606: {
1.62 markus 607: if (compat20)
1.25 markus 608: packet_send2();
609: else
610: packet_send1();
611: DBG(debug("packet_send done"));
612: }
613:
614: /*
1.16 markus 615: * Waits until a packet has been received, and returns its type. Note that
616: * no other data is processed until this returns, so this function should not
617: * be used during the interactive session.
618: */
1.1 deraadt 619:
1.2 provos 620: int
1.82 markus 621: packet_read_seqnr(u_int32_t *seqnr_p)
1.1 deraadt 622: {
1.14 markus 623: int type, len;
1.56 millert 624: fd_set *setp;
1.14 markus 625: char buf[8192];
1.25 markus 626: DBG(debug("packet_read()"));
1.14 markus 627:
1.56 millert 628: setp = (fd_set *)xmalloc(howmany(connection_in+1, NFDBITS) *
629: sizeof(fd_mask));
630:
1.14 markus 631: /* Since we are blocking, ensure that all written packets have been sent. */
632: packet_write_wait();
633:
634: /* Stay in the loop until we have received a complete packet. */
635: for (;;) {
636: /* Try to read a packet from the buffer. */
1.82 markus 637: type = packet_read_poll_seqnr(seqnr_p);
1.62 markus 638: if (!compat20 && (
1.32 markus 639: type == SSH_SMSG_SUCCESS
1.14 markus 640: || type == SSH_SMSG_FAILURE
641: || type == SSH_CMSG_EOF
1.32 markus 642: || type == SSH_CMSG_EXIT_CONFIRMATION))
1.79 markus 643: packet_check_eom();
1.14 markus 644: /* If we got a packet, return it. */
1.56 millert 645: if (type != SSH_MSG_NONE) {
646: xfree(setp);
1.14 markus 647: return type;
1.56 millert 648: }
1.16 markus 649: /*
650: * Otherwise, wait for some data to arrive, add it to the
651: * buffer, and try again.
652: */
1.56 millert 653: memset(setp, 0, howmany(connection_in + 1, NFDBITS) *
654: sizeof(fd_mask));
655: FD_SET(connection_in, setp);
1.16 markus 656:
1.14 markus 657: /* Wait for some data to arrive. */
1.56 millert 658: while (select(connection_in + 1, setp, NULL, NULL, NULL) == -1 &&
1.51 deraadt 659: (errno == EAGAIN || errno == EINTR))
660: ;
1.16 markus 661:
1.14 markus 662: /* Read data from the socket. */
663: len = read(connection_in, buf, sizeof(buf));
1.18 markus 664: if (len == 0) {
665: log("Connection closed by %.200s", get_remote_ipaddr());
666: fatal_cleanup();
667: }
1.14 markus 668: if (len < 0)
669: fatal("Read from socket failed: %.100s", strerror(errno));
670: /* Append it to the buffer. */
671: packet_process_incoming(buf, len);
672: }
673: /* NOTREACHED */
1.1 deraadt 674: }
675:
1.77 djm 676: int
1.82 markus 677: packet_read(void)
1.77 djm 678: {
1.82 markus 679: return packet_read_seqnr(NULL);
1.77 djm 680: }
681:
1.16 markus 682: /*
683: * Waits until a packet has been received, verifies that its type matches
684: * that given, and gives a fatal error and exits if there is a mismatch.
685: */
1.1 deraadt 686:
1.2 provos 687: void
1.82 markus 688: packet_read_expect(int expected_type)
1.1 deraadt 689: {
1.14 markus 690: int type;
1.1 deraadt 691:
1.82 markus 692: type = packet_read();
1.14 markus 693: if (type != expected_type)
694: packet_disconnect("Protocol error: expected packet type %d, got %d",
1.25 markus 695: expected_type, type);
1.1 deraadt 696: }
697:
698: /* Checks if a full packet is available in the data received so far via
1.14 markus 699: * packet_process_incoming. If so, reads the packet; otherwise returns
700: * SSH_MSG_NONE. This does not wait for data from the connection.
701: *
702: * SSH_MSG_DISCONNECT is handled specially here. Also,
703: * SSH_MSG_IGNORE messages are skipped by this function and are never returned
704: * to higher levels.
705: */
1.1 deraadt 706:
1.68 itojun 707: static int
1.82 markus 708: packet_read_poll1(void)
1.1 deraadt 709: {
1.40 markus 710: u_int len, padded_len;
1.89 ! markus 711: u_char *cp, type;
1.40 markus 712: u_int checksum, stored_checksum;
1.14 markus 713:
714: /* Check if input size is less than minimum packet size. */
715: if (buffer_len(&input) < 4 + 8)
716: return SSH_MSG_NONE;
717: /* Get length of incoming packet. */
1.89 ! markus 718: cp = buffer_ptr(&input);
! 719: len = GET_32BIT(cp);
1.14 markus 720: if (len < 1 + 2 + 2 || len > 256 * 1024)
721: packet_disconnect("Bad packet length %d.", len);
722: padded_len = (len + 8) & ~7;
723:
724: /* Check if the packet has been entirely received. */
725: if (buffer_len(&input) < 4 + padded_len)
726: return SSH_MSG_NONE;
727:
728: /* The entire packet is in buffer. */
729:
730: /* Consume packet length. */
731: buffer_consume(&input, 4);
732:
1.62 markus 733: /*
734: * Cryptographic attack detector for ssh
735: * (C)1998 CORE-SDI, Buenos Aires Argentina
736: * Ariel Futoransky(futo@core-sdi.com)
737: */
1.88 markus 738: if (!receive_context.plaintext &&
1.62 markus 739: detect_attack(buffer_ptr(&input), padded_len, NULL) == DEATTACK_DETECTED)
740: packet_disconnect("crc32 compensation attack: network attack detected");
741:
742: /* Decrypt data to incoming_packet. */
1.14 markus 743: buffer_clear(&incoming_packet);
1.76 stevesk 744: cp = buffer_append_space(&incoming_packet, padded_len);
1.88 markus 745: cipher_crypt(&receive_context, cp, buffer_ptr(&input), padded_len);
1.62 markus 746:
1.14 markus 747: buffer_consume(&input, padded_len);
1.1 deraadt 748:
749: #ifdef PACKET_DEBUG
1.14 markus 750: fprintf(stderr, "read_poll plain: ");
751: buffer_dump(&incoming_packet);
1.1 deraadt 752: #endif
753:
1.14 markus 754: /* Compute packet checksum. */
1.83 stevesk 755: checksum = ssh_crc32(buffer_ptr(&incoming_packet),
1.25 markus 756: buffer_len(&incoming_packet) - 4);
1.14 markus 757:
758: /* Skip padding. */
759: buffer_consume(&incoming_packet, 8 - len % 8);
760:
761: /* Test check bytes. */
762: if (len != buffer_len(&incoming_packet))
1.77 djm 763: packet_disconnect("packet_read_poll1: len %d != buffer_len %d.",
1.25 markus 764: len, buffer_len(&incoming_packet));
1.14 markus 765:
1.89 ! markus 766: cp = (u_char *)buffer_ptr(&incoming_packet) + len - 4;
! 767: stored_checksum = GET_32BIT(cp);
1.14 markus 768: if (checksum != stored_checksum)
769: packet_disconnect("Corrupted check bytes on input.");
770: buffer_consume_end(&incoming_packet, 4);
771:
772: if (packet_compression) {
773: buffer_clear(&compression_buffer);
774: buffer_uncompress(&incoming_packet, &compression_buffer);
775: buffer_clear(&incoming_packet);
776: buffer_append(&incoming_packet, buffer_ptr(&compression_buffer),
1.25 markus 777: buffer_len(&compression_buffer));
1.14 markus 778: }
1.62 markus 779: type = buffer_get_char(&incoming_packet);
780: return type;
1.1 deraadt 781: }
1.14 markus 782:
1.68 itojun 783: static int
1.82 markus 784: packet_read_poll2(u_int32_t *seqnr_p)
1.25 markus 785: {
1.50 markus 786: static u_int32_t seqnr = 0;
787: static u_int packet_length = 0;
1.40 markus 788: u_int padlen, need;
1.89 ! markus 789: u_char *macbuf, *cp, type;
1.25 markus 790: int maclen, block_size;
791: Enc *enc = NULL;
792: Mac *mac = NULL;
793: Comp *comp = NULL;
794:
1.57 markus 795: if (newkeys[MODE_IN] != NULL) {
796: enc = &newkeys[MODE_IN]->enc;
797: mac = &newkeys[MODE_IN]->mac;
798: comp = &newkeys[MODE_IN]->comp;
1.25 markus 799: }
800: maclen = mac && mac->enabled ? mac->mac_len : 0;
1.88 markus 801: block_size = enc ? enc->block_size : 8;
1.25 markus 802:
803: if (packet_length == 0) {
804: /*
805: * check if input size is less than the cipher block size,
806: * decrypt first block and extract length of incoming packet
807: */
808: if (buffer_len(&input) < block_size)
809: return SSH_MSG_NONE;
810: buffer_clear(&incoming_packet);
1.76 stevesk 811: cp = buffer_append_space(&incoming_packet, block_size);
1.88 markus 812: cipher_crypt(&receive_context, cp, buffer_ptr(&input),
1.25 markus 813: block_size);
1.89 ! markus 814: cp = buffer_ptr(&incoming_packet);
! 815: packet_length = GET_32BIT(cp);
1.25 markus 816: if (packet_length < 1 + 4 || packet_length > 256 * 1024) {
817: buffer_dump(&incoming_packet);
818: packet_disconnect("Bad packet length %d.", packet_length);
819: }
820: DBG(debug("input: packet len %d", packet_length+4));
821: buffer_consume(&input, block_size);
822: }
823: /* we have a partial packet of block_size bytes */
824: need = 4 + packet_length - block_size;
825: DBG(debug("partial packet %d, need %d, maclen %d", block_size,
826: need, maclen));
827: if (need % block_size != 0)
828: fatal("padding error: need %d block %d mod %d",
829: need, block_size, need % block_size);
830: /*
831: * check if the entire packet has been received and
832: * decrypt into incoming_packet
833: */
834: if (buffer_len(&input) < need + maclen)
835: return SSH_MSG_NONE;
836: #ifdef PACKET_DEBUG
837: fprintf(stderr, "read_poll enc/full: ");
838: buffer_dump(&input);
839: #endif
1.76 stevesk 840: cp = buffer_append_space(&incoming_packet, need);
1.88 markus 841: cipher_crypt(&receive_context, cp, buffer_ptr(&input), need);
1.25 markus 842: buffer_consume(&input, need);
843: /*
844: * compute MAC over seqnr and packet,
845: * increment sequence number for incoming packet
846: */
1.29 markus 847: if (mac && mac->enabled) {
1.50 markus 848: macbuf = mac_compute(mac, seqnr,
1.83 stevesk 849: buffer_ptr(&incoming_packet),
1.50 markus 850: buffer_len(&incoming_packet));
1.25 markus 851: if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
1.36 markus 852: packet_disconnect("Corrupted MAC on input.");
853: DBG(debug("MAC #%d ok", seqnr));
1.25 markus 854: buffer_consume(&input, mac->mac_len);
855: }
1.77 djm 856: if (seqnr_p != NULL)
857: *seqnr_p = seqnr;
1.29 markus 858: if (++seqnr == 0)
859: log("incoming seqnr wraps around");
1.25 markus 860:
861: /* get padlen */
1.76 stevesk 862: cp = buffer_ptr(&incoming_packet);
1.89 ! markus 863: padlen = cp[4];
1.25 markus 864: DBG(debug("input: padlen %d", padlen));
865: if (padlen < 4)
866: packet_disconnect("Corrupted padlen %d on input.", padlen);
867:
868: /* skip packet size + padlen, discard padding */
869: buffer_consume(&incoming_packet, 4 + 1);
870: buffer_consume_end(&incoming_packet, padlen);
871:
872: DBG(debug("input: len before de-compress %d", buffer_len(&incoming_packet)));
873: if (comp && comp->enabled) {
874: buffer_clear(&compression_buffer);
875: buffer_uncompress(&incoming_packet, &compression_buffer);
876: buffer_clear(&incoming_packet);
877: buffer_append(&incoming_packet, buffer_ptr(&compression_buffer),
878: buffer_len(&compression_buffer));
879: DBG(debug("input: len after de-compress %d", buffer_len(&incoming_packet)));
880: }
881: /*
882: * get packet type, implies consume.
883: * return length of payload (without type field)
884: */
1.62 markus 885: type = buffer_get_char(&incoming_packet);
1.57 markus 886: if (type == SSH2_MSG_NEWKEYS)
887: set_newkeys(MODE_IN);
1.25 markus 888: #ifdef PACKET_DEBUG
1.55 deraadt 889: fprintf(stderr, "read/plain[%d]:\r\n", type);
1.25 markus 890: buffer_dump(&incoming_packet);
891: #endif
1.62 markus 892: /* reset for next packet */
893: packet_length = 0;
894: return type;
1.25 markus 895: }
896:
897: int
1.82 markus 898: packet_read_poll_seqnr(u_int32_t *seqnr_p)
1.25 markus 899: {
1.84 markus 900: int reason, seqnr;
1.62 markus 901: u_char type;
1.25 markus 902: char *msg;
1.62 markus 903:
1.25 markus 904: for (;;) {
1.62 markus 905: if (compat20) {
1.82 markus 906: type = packet_read_poll2(seqnr_p);
1.62 markus 907: if (type)
1.25 markus 908: DBG(debug("received packet type %d", type));
1.74 deraadt 909: switch (type) {
1.25 markus 910: case SSH2_MSG_IGNORE:
911: break;
912: case SSH2_MSG_DEBUG:
913: packet_get_char();
914: msg = packet_get_string(NULL);
915: debug("Remote: %.900s", msg);
916: xfree(msg);
917: msg = packet_get_string(NULL);
918: xfree(msg);
919: break;
920: case SSH2_MSG_DISCONNECT:
921: reason = packet_get_int();
922: msg = packet_get_string(NULL);
1.41 markus 923: log("Received disconnect from %s: %d: %.400s", get_remote_ipaddr(),
924: reason, msg);
1.25 markus 925: xfree(msg);
926: fatal_cleanup();
1.84 markus 927: break;
928: case SSH2_MSG_UNIMPLEMENTED:
929: seqnr = packet_get_int();
930: debug("Received SSH2_MSG_UNIMPLEMENTED for %d", seqnr);
1.25 markus 931: break;
932: default:
933: return type;
934: break;
1.48 stevesk 935: }
1.25 markus 936: } else {
1.82 markus 937: type = packet_read_poll1();
1.74 deraadt 938: switch (type) {
1.25 markus 939: case SSH_MSG_IGNORE:
940: break;
941: case SSH_MSG_DEBUG:
942: msg = packet_get_string(NULL);
943: debug("Remote: %.900s", msg);
944: xfree(msg);
945: break;
946: case SSH_MSG_DISCONNECT:
947: msg = packet_get_string(NULL);
1.41 markus 948: log("Received disconnect from %s: %.400s", get_remote_ipaddr(),
949: msg);
1.25 markus 950: fatal_cleanup();
951: xfree(msg);
952: break;
953: default:
1.62 markus 954: if (type)
1.25 markus 955: DBG(debug("received packet type %d", type));
956: return type;
957: break;
1.48 stevesk 958: }
1.25 markus 959: }
960: }
1.77 djm 961: }
962:
963: int
1.82 markus 964: packet_read_poll(void)
1.77 djm 965: {
1.82 markus 966: return packet_read_poll_seqnr(NULL);
1.25 markus 967: }
968:
1.16 markus 969: /*
970: * Buffers the given amount of input characters. This is intended to be used
971: * together with packet_read_poll.
972: */
1.1 deraadt 973:
1.2 provos 974: void
1.40 markus 975: packet_process_incoming(const char *buf, u_int len)
1.1 deraadt 976: {
1.14 markus 977: buffer_append(&input, buf, len);
1.1 deraadt 978: }
979:
980: /* Returns a character from the packet. */
981:
1.40 markus 982: u_int
1.73 itojun 983: packet_get_char(void)
1.1 deraadt 984: {
1.14 markus 985: char ch;
986: buffer_get(&incoming_packet, &ch, 1);
1.40 markus 987: return (u_char) ch;
1.1 deraadt 988: }
989:
990: /* Returns an integer from the packet data. */
991:
1.40 markus 992: u_int
1.73 itojun 993: packet_get_int(void)
1.1 deraadt 994: {
1.14 markus 995: return buffer_get_int(&incoming_packet);
1.1 deraadt 996: }
997:
1.16 markus 998: /*
999: * Returns an arbitrary precision integer from the packet data. The integer
1000: * must have been initialized before this call.
1001: */
1.1 deraadt 1002:
1.2 provos 1003: void
1.80 markus 1004: packet_get_bignum(BIGNUM * value)
1.1 deraadt 1005: {
1.81 markus 1006: buffer_get_bignum(&incoming_packet, value);
1.24 markus 1007: }
1008:
1009: void
1.80 markus 1010: packet_get_bignum2(BIGNUM * value)
1.24 markus 1011: {
1.81 markus 1012: buffer_get_bignum2(&incoming_packet, value);
1.24 markus 1013: }
1014:
1.76 stevesk 1015: void *
1.24 markus 1016: packet_get_raw(int *length_ptr)
1017: {
1018: int bytes = buffer_len(&incoming_packet);
1019: if (length_ptr != NULL)
1020: *length_ptr = bytes;
1021: return buffer_ptr(&incoming_packet);
1.28 markus 1022: }
1023:
1024: int
1025: packet_remaining(void)
1026: {
1027: return buffer_len(&incoming_packet);
1.1 deraadt 1028: }
1029:
1.16 markus 1030: /*
1031: * Returns a string from the packet data. The string is allocated using
1032: * xmalloc; it is the responsibility of the calling program to free it when
1033: * no longer needed. The length_ptr argument may be NULL, or point to an
1034: * integer into which the length of the string is stored.
1035: */
1.1 deraadt 1036:
1.76 stevesk 1037: void *
1.40 markus 1038: packet_get_string(u_int *length_ptr)
1.1 deraadt 1039: {
1.14 markus 1040: return buffer_get_string(&incoming_packet, length_ptr);
1.1 deraadt 1041: }
1042:
1.16 markus 1043: /*
1044: * Sends a diagnostic message from the server to the client. This message
1045: * can be sent at any time (but not while constructing another message). The
1046: * message is printed immediately, but only if the client is being executed
1047: * in verbose mode. These messages are primarily intended to ease debugging
1048: * authentication problems. The length of the formatted message must not
1049: * exceed 1024 bytes. This will automatically call packet_write_wait.
1050: */
1.1 deraadt 1051:
1.2 provos 1052: void
1.14 markus 1053: packet_send_debug(const char *fmt,...)
1.1 deraadt 1054: {
1.14 markus 1055: char buf[1024];
1056: va_list args;
1.39 markus 1057:
1058: if (compat20 && (datafellows & SSH_BUG_DEBUG))
1059: return;
1.14 markus 1060:
1061: va_start(args, fmt);
1062: vsnprintf(buf, sizeof(buf), fmt, args);
1063: va_end(args);
1064:
1.30 markus 1065: if (compat20) {
1066: packet_start(SSH2_MSG_DEBUG);
1067: packet_put_char(0); /* bool: always display */
1068: packet_put_cstring(buf);
1069: packet_put_cstring("");
1070: } else {
1071: packet_start(SSH_MSG_DEBUG);
1072: packet_put_cstring(buf);
1073: }
1.14 markus 1074: packet_send();
1075: packet_write_wait();
1.1 deraadt 1076: }
1077:
1.16 markus 1078: /*
1079: * Logs the error plus constructs and sends a disconnect packet, closes the
1080: * connection, and exits. This function never returns. The error message
1081: * should not contain a newline. The length of the formatted message must
1082: * not exceed 1024 bytes.
1083: */
1.1 deraadt 1084:
1.2 provos 1085: void
1.14 markus 1086: packet_disconnect(const char *fmt,...)
1.1 deraadt 1087: {
1.14 markus 1088: char buf[1024];
1089: va_list args;
1090: static int disconnecting = 0;
1091: if (disconnecting) /* Guard against recursive invocations. */
1092: fatal("packet_disconnect called recursively.");
1093: disconnecting = 1;
1094:
1.16 markus 1095: /*
1096: * Format the message. Note that the caller must make sure the
1097: * message is of limited size.
1098: */
1.14 markus 1099: va_start(args, fmt);
1100: vsnprintf(buf, sizeof(buf), fmt, args);
1101: va_end(args);
1102:
1103: /* Send the disconnect message to the other side, and wait for it to get sent. */
1.25 markus 1104: if (compat20) {
1105: packet_start(SSH2_MSG_DISCONNECT);
1106: packet_put_int(SSH2_DISCONNECT_PROTOCOL_ERROR);
1107: packet_put_cstring(buf);
1108: packet_put_cstring("");
1109: } else {
1110: packet_start(SSH_MSG_DISCONNECT);
1.65 markus 1111: packet_put_cstring(buf);
1.25 markus 1112: }
1.14 markus 1113: packet_send();
1114: packet_write_wait();
1115:
1116: /* Stop listening for connections. */
1.67 markus 1117: channel_close_all();
1.14 markus 1118:
1119: /* Close the connection. */
1120: packet_close();
1.1 deraadt 1121:
1.14 markus 1122: /* Display the error locally and exit. */
1.17 markus 1123: log("Disconnecting: %.100s", buf);
1124: fatal_cleanup();
1.1 deraadt 1125: }
1126:
1.16 markus 1127: /* Checks if there is any buffered output, and tries to write some of the output. */
1.1 deraadt 1128:
1.2 provos 1129: void
1.73 itojun 1130: packet_write_poll(void)
1.1 deraadt 1131: {
1.14 markus 1132: int len = buffer_len(&output);
1133: if (len > 0) {
1134: len = write(connection_out, buffer_ptr(&output), len);
1135: if (len <= 0) {
1136: if (errno == EAGAIN)
1137: return;
1138: else
1139: fatal("Write failed: %.100s", strerror(errno));
1140: }
1141: buffer_consume(&output, len);
1142: }
1.1 deraadt 1143: }
1144:
1.16 markus 1145: /*
1146: * Calls packet_write_poll repeatedly until all pending output data has been
1147: * written.
1148: */
1.1 deraadt 1149:
1.2 provos 1150: void
1.73 itojun 1151: packet_write_wait(void)
1.1 deraadt 1152: {
1.56 millert 1153: fd_set *setp;
1154:
1155: setp = (fd_set *)xmalloc(howmany(connection_out + 1, NFDBITS) *
1156: sizeof(fd_mask));
1.14 markus 1157: packet_write_poll();
1158: while (packet_have_data_to_write()) {
1.56 millert 1159: memset(setp, 0, howmany(connection_out + 1, NFDBITS) *
1160: sizeof(fd_mask));
1161: FD_SET(connection_out, setp);
1162: while (select(connection_out + 1, NULL, setp, NULL, NULL) == -1 &&
1.51 deraadt 1163: (errno == EAGAIN || errno == EINTR))
1164: ;
1.14 markus 1165: packet_write_poll();
1166: }
1.56 millert 1167: xfree(setp);
1.1 deraadt 1168: }
1169:
1170: /* Returns true if there is buffered data to write to the connection. */
1171:
1.2 provos 1172: int
1.73 itojun 1173: packet_have_data_to_write(void)
1.1 deraadt 1174: {
1.14 markus 1175: return buffer_len(&output) != 0;
1.1 deraadt 1176: }
1177:
1178: /* Returns true if there is not too much data to write to the connection. */
1179:
1.2 provos 1180: int
1.73 itojun 1181: packet_not_very_much_data_to_write(void)
1.1 deraadt 1182: {
1.14 markus 1183: if (interactive_mode)
1184: return buffer_len(&output) < 16384;
1185: else
1186: return buffer_len(&output) < 128 * 1024;
1.1 deraadt 1187: }
1188:
1189: /* Informs that the current session is interactive. Sets IP flags for that. */
1190:
1.2 provos 1191: void
1.43 markus 1192: packet_set_interactive(int interactive)
1.1 deraadt 1193: {
1.43 markus 1194: static int called = 0;
1.44 markus 1195: int lowdelay = IPTOS_LOWDELAY;
1196: int throughput = IPTOS_THROUGHPUT;
1197:
1.43 markus 1198: if (called)
1199: return;
1200: called = 1;
1.1 deraadt 1201:
1.14 markus 1202: /* Record that we are in interactive mode. */
1203: interactive_mode = interactive;
1.1 deraadt 1204:
1.19 markus 1205: /* Only set socket options if using a socket. */
1206: if (!packet_connection_is_on_socket())
1.14 markus 1207: return;
1.19 markus 1208: /*
1.42 markus 1209: * IPTOS_LOWDELAY and IPTOS_THROUGHPUT are IPv4 only
1.19 markus 1210: */
1.14 markus 1211: if (interactive) {
1.16 markus 1212: /*
1213: * Set IP options for an interactive connection. Use
1214: * IPTOS_LOWDELAY and TCP_NODELAY.
1215: */
1.42 markus 1216: if (packet_connection_is_ipv4()) {
1217: if (setsockopt(connection_in, IPPROTO_IP, IP_TOS,
1218: (void *) &lowdelay, sizeof(lowdelay)) < 0)
1219: error("setsockopt IPTOS_LOWDELAY: %.100s",
1220: strerror(errno));
1221: }
1.86 stevesk 1222: set_nodelay(connection_in);
1.42 markus 1223: } else if (packet_connection_is_ipv4()) {
1.16 markus 1224: /*
1225: * Set IP options for a non-interactive connection. Use
1226: * IPTOS_THROUGHPUT.
1227: */
1.14 markus 1228: if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &throughput,
1.19 markus 1229: sizeof(throughput)) < 0)
1.14 markus 1230: error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno));
1231: }
1.1 deraadt 1232: }
1233:
1234: /* Returns true if the current connection is interactive. */
1235:
1.2 provos 1236: int
1.73 itojun 1237: packet_is_interactive(void)
1.1 deraadt 1238: {
1.14 markus 1239: return interactive_mode;
1.12 markus 1240: }
1241:
1242: int
1243: packet_set_maxsize(int s)
1244: {
1.14 markus 1245: static int called = 0;
1246: if (called) {
1.25 markus 1247: log("packet_set_maxsize: called twice: old %d new %d",
1248: max_packet_size, s);
1.14 markus 1249: return -1;
1250: }
1251: if (s < 4 * 1024 || s > 1024 * 1024) {
1252: log("packet_set_maxsize: bad size %d", s);
1253: return -1;
1254: }
1.70 markus 1255: called = 1;
1.66 markus 1256: debug("packet_set_maxsize: setting to %d", s);
1.14 markus 1257: max_packet_size = s;
1258: return s;
1.53 markus 1259: }
1260:
1.71 markus 1261: /* roundup current message to pad bytes */
1262: void
1263: packet_add_padding(u_char pad)
1264: {
1265: extra_pad = pad;
1266: }
1267:
1.53 markus 1268: /*
1269: * 9.2. Ignored Data Message
1.61 markus 1270: *
1.53 markus 1271: * byte SSH_MSG_IGNORE
1272: * string data
1.61 markus 1273: *
1.53 markus 1274: * All implementations MUST understand (and ignore) this message at any
1275: * time (after receiving the protocol version). No implementation is
1276: * required to send them. This message can be used as an additional
1277: * protection measure against advanced traffic analysis techniques.
1278: */
1.54 markus 1279: void
1280: packet_send_ignore(int nbytes)
1281: {
1282: u_int32_t rand = 0;
1283: int i;
1284:
1285: packet_start(compat20 ? SSH2_MSG_IGNORE : SSH_MSG_IGNORE);
1.53 markus 1286: packet_put_int(nbytes);
1.75 deraadt 1287: for (i = 0; i < nbytes; i++) {
1.53 markus 1288: if (i % 4 == 0)
1289: rand = arc4random();
1290: packet_put_char(rand & 0xff);
1291: rand >>= 8;
1292: }
1.1 deraadt 1293: }