Attachment 'uto_userland.diff'
Download 1 --- //depot/vendor/freebsd/src/contrib/netcat/nc.1 2011-05-11 22:36:59.000000000 0000
2 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/contrib/netcat/nc.1 2011-08-05 23:01:13.000000000 0000
3 @@ -27,7 +27,7 @@
4 .\"
5 .\" $FreeBSD: src/contrib/netcat/nc.1,v 1.21 2011/05/11 21:52:26 delphij Exp $
6 .\"
7 -.Dd January 8, 2011
8 +.Dd July 19, 2011
9 .Dt NC 1
10 .Os
11 .Sh NAME
12 @@ -175,6 +175,9 @@
13 Specifies that source and/or destination ports should be chosen randomly
14 instead of sequentially within a range or in the order that the system
15 assigns them.
16 +.It Fl -rcv-uto
17 +Specifies that the UTO value sent by the peer should be accepted when TCP
18 +computes the local User Timeout.
19 .It Fl S
20 Enables the RFC 2385 TCP MD5 signature option.
21 .It Fl s Ar source
22 @@ -240,6 +243,9 @@
23 .Fl w
24 flag.
25 The default is no timeout.
26 +.Tf
27 +This timeout also controls the User Timeout advertised to the peer by
28 +TCP.
29 .It Fl X Ar proxy_protocol
30 Requests that
31 .Nm
32 --- //depot/vendor/freebsd/src/contrib/netcat/netcat.c 2011-05-11 22:36:59.000000000 0000
33 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/contrib/netcat/netcat.c 2011-08-05 23:01:13.000000000 0000
34 @@ -83,6 +83,7 @@
35 char *Pflag; /* Proxy username */
36 char *pflag; /* Localport flag */
37 int rflag; /* Random ports flag */
38 +int utoflag; /* Accept peer UTO. */
39 char *sflag; /* Source Address */
40 int tflag; /* Telnet Emulation */
41 int uflag; /* UDP - Default to TCP */
42 @@ -140,6 +141,7 @@
43 char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
44 struct option longopts[] = {
45 { "no-tcpopt", no_argument, &FreeBSD_Oflag, 1 },
46 + { "rcv-uto", no_argument, &utoflag, 1 },
47 { NULL, 0, NULL, 0 }
48 };
49
50 @@ -250,7 +252,6 @@
51 timeout = strtonum(optarg, 0, INT_MAX / 1000, &errstr);
52 if (errstr)
53 errx(1, "timeout %s: %s", errstr, optarg);
54 - timeout *= 1000;
55 break;
56 case 'x':
57 xflag = 1;
58 @@ -283,6 +284,9 @@
59 case 'T':
60 Tflag = parse_iptos(optarg);
61 break;
62 + case 0:
63 + /* getopt_long returns 0 for --long-options. */
64 + break;
65 default:
66 usage(1);
67 }
68 @@ -742,7 +746,7 @@
69 if (iflag)
70 sleep(iflag);
71
72 - if ((n = poll(pfd, 2 - dflag, timeout)) < 0) {
73 + if ((n = poll(pfd, 2 - dflag, timeout * 1000)) < 0) {
74 close(nfd);
75 err(1, "Polling Error");
76 }
77 @@ -938,6 +942,19 @@
78 &FreeBSD_Oflag, sizeof(FreeBSD_Oflag)) == -1)
79 err(1, "disable TCP options");
80 }
81 + /*
82 + * Try to set the sent timeout but don't die on error. The timeout
83 + * option was here before UTO so this would break existing
84 + * applications on systems where UTO is disabled.
85 + */
86 + if (timeout > 0 && setsockopt(s, IPPROTO_TCP, TCP_SNDUTO_TIMEOUT,
87 + &timeout, sizeof(timeout)))
88 + perror("setsokopt send TCP UTO");
89 +
90 + /* Set the disposition to accept the timeout of the peer. */
91 + if (utoflag && setsockopt(s, IPPROTO_TCP, TCP_RCVUTO_TIMEOUT,
92 + &utoflag, sizeof(utoflag)))
93 + err(1, "setsokopt receive TCP UTO");
94 }
95
96 int
97 @@ -983,6 +1000,7 @@
98 \t-P proxyuser\tUsername for proxy authentication\n\
99 \t-p port\t Specify local port for remote connects\n\
100 \t-r Randomize remote ports\n\
101 + \t--rcv-uto Accept peer User Timeout\n\
102 \t-S Enable the TCP MD5 signature option\n\
103 \t-s addr\t Local source address\n\
104 \t-T ToS\t Set IP Type of Service\n\
105 --- //depot/vendor/freebsd/src/contrib/telnet/telnet/commands.c 2010-04-30 20:35:27.000000000 0000
106 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/contrib/telnet/telnet/commands.c 2011-08-20 12:28:18.000000000 0000
107 @@ -78,6 +78,7 @@
108 #include <netinet/in_systm.h>
109 #include <netinet/ip.h>
110 #include <netinet/ip6.h>
111 +#include <netinet/tcp.h>
112
113 #ifndef MAXHOSTNAMELEN
114 #define MAXHOSTNAMELEN 256
115 @@ -877,6 +878,7 @@
116 { "escape", "character to escape back to telnet command mode", NULL, &escape },
117 { "rlogin", "rlogin escape character", 0, &rlogin },
118 { "tracefile", "file to write trace information to", SetNetTrace, (cc_t *)NetTraceFile},
119 + { "timeout", "tcp timeout for this connection", set_timeout, NULL},
120 { " ", "", NULL, NULL },
121 { " ", "The following need 'localchars' to be toggled true", NULL, NULL },
122 { "flushoutput", "character to cause an Abort Output", NULL, termFlushCharp },
123 @@ -919,6 +921,25 @@
124 }
125 }
126
127 +void
128 +set_timeout(char *s)
129 +{
130 +#ifdef TCP_SNDUTO_TIMEOUT
131 + if (s == NULL) {
132 + uto = 0;
133 + /* There is not way to "take it back". */
134 + return;
135 + }
136 + /* Setting the timeout if net is a valid descriptor. */
137 + uto = strtonum(s, 0, INT_MAX, NULL);
138 + if (uto && net > 0 && setsockopt(net, IPPROTO_TCP, TCP_SNDUTO_TIMEOUT,
139 + &uto, sizeof(uto)))
140 + perror("setsockopt UTO");
141 +#else
142 + fprintf(stderr, "Warning: UTO not supported. timeout ignored\n");
143 +#endif
144 +}
145 +
146 static int
147 setcmd(int argc, char *argv[])
148 {
149 @@ -976,7 +997,8 @@
150 return 0;
151 } else if (ct->handler) {
152 (*ct->handler)(argv[2]);
153 - printf("%s set to \"%s\".\n", ct->name, (char *)ct->charp);
154 + if (ct->charp)
155 + printf("%s set to \"%s\".\n", ct->name, (char *)ct->charp);
156 } else {
157 if (strcmp("off", argv[2])) {
158 value = special(argv[2]);
159 @@ -1042,7 +1064,8 @@
160 return 0;
161 } else if (ct->handler) {
162 (*ct->handler)(0);
163 - printf("%s reset to \"%s\".\n", ct->name, (char *)ct->charp);
164 + if (ct->charp)
165 + printf("%s reset to \"%s\".\n", ct->name, (char *)ct->charp);
166 } else {
167 *(ct->charp) = _POSIX_VDISABLE;
168 printf("%s character is '%s'.\n", ct->name, control(*(ct->charp)));
169 @@ -2442,6 +2465,9 @@
170 goto fail;
171 }
172 #endif
173 + if (uto && setsockopt(net, IPPROTO_TCP, TCP_SNDUTO_TIMEOUT, &uto,
174 + sizeof(uto)))
175 + perror("setsockopt UTO");
176
177 if (connect(net, res->ai_addr, res->ai_addrlen) < 0) {
178 struct addrinfo *next;
179 --- //depot/vendor/freebsd/src/contrib/telnet/telnet/externs.h 2010-04-30 20:35:27.000000000 0000
180 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/contrib/telnet/telnet/externs.h 2011-08-05 23:43:09.000000000 0000
181 @@ -129,6 +129,7 @@
182 termdata, /* Print out terminal data flow */
183 telnet_debug, /* Debug level */
184 doaddrlookup, /* do a reverse lookup? */
185 + uto, /* Request User Timeout. */
186 clienteof; /* Client received EOF */
187
188 extern cc_t escape; /* Escape to command mode */
189 @@ -260,6 +261,7 @@
190 setcommandmode(void),
191 set_escape_char(char *s),
192 setneturg(void),
193 + set_timeout(char *s),
194 sys_telnet_init(void),
195 telnet(char *),
196 tel_enter_binary(int),
197 --- //depot/vendor/freebsd/src/contrib/telnet/telnet/main.c 2005-01-09 11:38:01.000000000 0000
198 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/contrib/telnet/telnet/main.c 2011-08-05 23:43:09.000000000 0000
199 @@ -97,7 +97,7 @@
200 "[-4] [-6] [-8] [-E] [-L] [-N] [-S tos] [-c] [-d]",
201 "\n\t[-e char] [-l user] [-n tracefile] ",
202 #endif
203 - "[-r] [-s src_addr] [-u] ",
204 + "[-r] [-s src_addr] [-t timeout] [-u] ",
205 #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
206 "[-P policy] "
207 #endif
208 @@ -154,7 +154,7 @@
209 #define IPSECOPT
210 #endif
211 while ((ch = getopt(argc, argv,
212 - "468EKLNS:X:acde:fFk:l:n:rs:uxy" IPSECOPT)) != -1)
213 + "468EKLNS:X:acde:fFk:l:n:rs:ut:xy" IPSECOPT)) != -1)
214 #undef IPSECOPT
215 {
216 switch(ch) {
217 @@ -303,6 +303,12 @@
218 case 's':
219 src_addr = optarg;
220 break;
221 + case 't':
222 + set_timeout(optarg);
223 + if (!uto)
224 + fprintf(stderr, "Warning: timeout `%s'"
225 + " ignored\n", optarg);
226 + break;
227 case 'u':
228 family = AF_UNIX;
229 break;
230 --- //depot/vendor/freebsd/src/contrib/telnet/telnet/telnet.1 2006-09-30 00:41:04.000000000 0000
231 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/contrib/telnet/telnet/telnet.1 2011-08-05 23:43:09.000000000 0000
232 @@ -50,6 +50,7 @@
233 .Op Fl l Ar user
234 .Op Fl n Ar tracefile
235 .Op Fl s Ar src_addr
236 +.Op Fl t Ar timeout
237 .Oo
238 .Ar host
239 .Op Ar port
240 @@ -203,6 +204,14 @@
241 connection to
242 .Ar src_addr ,
243 which can be an IP address or a host name.
244 +.It Fl t Ar timeout
245 +Sets the requested timeout (UTO) for the connection.
246 +If the server accepts this value, the connection will be kept for
247 +.Ar timeout
248 +seconds in the absence of network connectivity.
249 +.Pp
250 +This is server-dependent, but usually it only works with authentication,
251 +for security reasons.
252 .It Fl u
253 Forces
254 .Nm
255 --- //depot/vendor/freebsd/src/contrib/telnet/telnet/telnet.c 2010-04-30 20:35:27.000000000 0000
256 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/contrib/telnet/telnet/telnet.c 2011-08-05 23:43:09.000000000 0000
257 @@ -112,6 +112,7 @@
258 dontlecho, /* do we suppress local echoing right now? */
259 globalmode,
260 doaddrlookup = 1, /* do a reverse address lookup? */
261 + uto = 0, /* Request User Timeout. */
262 clienteof = 0;
263
264 char *prompt = 0;
265 --- //depot/vendor/freebsd/src/contrib/telnet/telnetd/telnetd.8 2008-08-29 00:37:52.000000000 0000
266 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/contrib/telnet/telnetd/telnetd.8 2011-08-05 23:43:09.000000000 0000
267 @@ -32,7 +32,7 @@
268 .\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94
269 .\" $FreeBSD: src/contrib/telnet/telnetd/telnetd.8,v 1.22 2008/08/29 00:04:37 trhodes Exp $
270 .\"
271 -.Dd August 28, 2008
272 +.Dd August 05, 2011
273 .Dt TELNETD 8
274 .Os
275 .Sh NAME
276 @@ -42,7 +42,7 @@
277 protocol server
278 .Sh SYNOPSIS
279 .Nm /usr/libexec/telnetd
280 -.Op Fl 46BUhlkn
281 +.Op Fl 46BUhlknt
282 .Op Fl D Ar debugmode
283 .Op Fl S Ar tos
284 .Op Fl X Ar authtype
285 @@ -263,6 +263,14 @@
286 TOS name found in the
287 .Pa /etc/iptos
288 file.
289 +.It Fl t
290 +Accepts UTO (User Timeout) suggestion from client.
291 +Normally a TCP connection is dropped if data is not acknowledged for a period
292 +of time.
293 +A client may influnce this period by advertising a timeout value.
294 +.Pp
295 +The value sent by the client is only accepted after successful authentication,
296 +for security reasons.
297 .It Fl u Ar len
298 This option is used to specify the size of the field
299 in the
300 --- //depot/vendor/freebsd/src/contrib/telnet/telnetd/telnetd.c 2010-01-13 19:35:37.000000000 0000
301 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/contrib/telnet/telnetd/telnetd.c 2011-08-20 12:28:18.000000000 0000
302 @@ -49,6 +49,7 @@
303 #include <termcap.h>
304
305 #include <arpa/inet.h>
306 +#include <netinet/tcp.h> /* For UTO. */
307
308 #ifdef AUTHENTICATION
309 #include <libtelnet/auth.h>
310 @@ -80,6 +81,7 @@
311 static int debug = 0;
312 int keepalive = 1;
313 const char *altlogin;
314 +int uto = 0; /* Accept advertised timeout. */
315
316 void doit(struct sockaddr *);
317 int terminaltypeok(char *);
318 @@ -93,7 +95,7 @@
319 * passed off to getopt().
320 */
321 char valid_opts[] = {
322 - 'd', ':', 'h', 'k', 'n', 'p', ':', 'S', ':', 'u', ':', 'U',
323 + 'd', ':', 'h', 'k', 'n', 'p', ':', 'S', ':', 't', 'u', ':', 'U',
324 '4', '6',
325 #ifdef AUTHENTICATION
326 'a', ':', 'X', ':',
327 @@ -285,6 +287,15 @@
328 #endif
329 break;
330
331 + case 't':
332 +#ifdef TCP_RCVUTO_TIMEOUT
333 + /* Enable TCP_RCVUTO_TIMEOUT after authentication.*/
334 + uto = 1;
335 +#else
336 + warnx("UTO not supported.");
337 +#endif
338 + break;
339 +
340 case 'u':
341 utmp_len = (size_t)atoi(optarg);
342 if (utmp_len >= sizeof(remote_hostname))
343 @@ -445,6 +456,7 @@
344 #ifdef HAS_GETTOS
345 fprintf(stderr, " [-S tos]");
346 #endif
347 + fprintf(stderr, " [-t]");
348 #ifdef AUTHENTICATION
349 fprintf(stderr, " [-X auth-type]");
350 #endif
351 @@ -931,6 +943,11 @@
352
353 DIAG(TD_REPORT, output_data("td: Entering processing loop\r\n"));
354
355 + /* If authenticated we'll accept the received UTO. */
356 + if (uto && level && setsockopt(net, IPPROTO_TCP, TCP_RCVUTO_TIMEOUT, &uto,
357 + sizeof(uto)))
358 + perror("setsockopt UTO");
359 +
360 /*
361 * Startup the login process on the slave side of the terminal
362 * now. We delay this until here to insure option negotiation
363 --- //depot/vendor/freebsd/src/crypto/openssh/readconf.c 2011-05-04 08:35:39.000000000 0000
364 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/readconf.c 2011-08-20 11:56:07.000000000 0000
365 @@ -138,7 +138,7 @@
366 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
367 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
368 oKexAlgorithms, oIPQoS,
369 - oVersionAddendum,
370 + oVersionAddendum, oUserTimeout,
371 oDeprecated, oUnsupported
372 } OpCodes;
373
374 @@ -227,6 +227,11 @@
375 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
376 { "rekeylimit", oRekeyLimit },
377 { "connecttimeout", oConnectTimeout },
378 +#ifdef TCP_SNDUTO_TIMEOUT
379 + { "usertimeout", oUserTimeout },
380 +#else
381 + { "usertimeout", oUnsupported },
382 +#endif
383 { "addressfamily", oAddressFamily },
384 { "serveraliveinterval", oServerAliveInterval },
385 { "serveralivecountmax", oServerAliveCountMax },
386 @@ -415,6 +420,10 @@
387 *intptr = value;
388 break;
389
390 + case oUserTimeout:
391 + intptr = &options->user_timeout;
392 + goto parse_time;
393 +
394 case oForwardAgent:
395 intptr = &options->forward_agent;
396 parse_flag:
397 @@ -1132,6 +1141,7 @@
398 options->address_family = -1;
399 options->connection_attempts = -1;
400 options->connection_timeout = -1;
401 + options->user_timeout = -1;
402 options->number_of_password_prompts = -1;
403 options->cipher = -1;
404 options->ciphers = NULL;
405 --- //depot/vendor/freebsd/src/crypto/openssh/readconf.h 2011-05-04 08:35:39.000000000 0000
406 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/readconf.h 2011-08-05 22:38:23.000000000 0000
407 @@ -69,6 +69,7 @@
408 * giving up */
409 int connection_timeout; /* Max time (seconds) before
410 * aborting connection attempt */
411 + int user_timeout; /* Timeout value (seconds) sent to server. */
412 int number_of_password_prompts; /* Max number of password
413 * prompts. */
414 int cipher; /* Cipher to use. */
415 --- //depot/vendor/freebsd/src/crypto/openssh/servconf.c 2011-05-04 08:35:39.000000000 0000
416 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/servconf.c 2011-08-20 11:56:07.000000000 0000
417 @@ -109,6 +109,7 @@
418 options->compression = -1;
419 options->allow_tcp_forwarding = -1;
420 options->allow_agent_forwarding = -1;
421 + options->allow_user_timeout = -1;
422 options->num_allow_users = 0;
423 options->num_deny_users = 0;
424 options->num_allow_groups = 0;
425 @@ -326,7 +327,7 @@
426 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
427 sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
428 sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
429 - sUsePrivilegeSeparation, sAllowAgentForwarding,
430 + sUsePrivilegeSeparation, sAllowAgentForwarding, sAllowUserTimeout,
431 sZeroKnowledgePasswordAuthentication, sHostCertificate,
432 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
433 sKexAlgorithms, sIPQoS,
434 @@ -422,6 +423,11 @@
435 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */
436 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
437 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
438 +#ifdef TCP_RCVUTO_TIMEOUT
439 + { "allowusertimeout", sAllowUserTimeout, SSHCFG_ALL },
440 +#else
441 + { "allowusertimeout", sUnsupported, SSHCFG_ALL },
442 +#endif
443 { "allowusers", sAllowUsers, SSHCFG_GLOBAL },
444 { "denyusers", sDenyUsers, SSHCFG_GLOBAL },
445 { "allowgroups", sAllowGroups, SSHCFG_GLOBAL },
446 @@ -1085,6 +1091,10 @@
447 case sAllowAgentForwarding:
448 intptr = &options->allow_agent_forwarding;
449 goto parse_flag;
450 +
451 + case sAllowUserTimeout:
452 + intptr = &options->allow_user_timeout;
453 + goto parse_flag;
454
455 case sUsePrivilegeSeparation:
456 intptr = &use_privsep;
457 --- //depot/vendor/freebsd/src/crypto/openssh/servconf.h 2011-05-04 08:35:39.000000000 0000
458 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/servconf.h 2011-08-05 22:38:23.000000000 0000
459 @@ -111,6 +111,7 @@
460 int compression; /* If true, compression is allowed */
461 int allow_tcp_forwarding;
462 int allow_agent_forwarding;
463 + int allow_user_timeout; /* Accept the client timeout if true. */
464 u_int num_allow_users;
465 char *allow_users[MAX_ALLOW_USERS];
466 u_int num_deny_users;
467 --- //depot/vendor/freebsd/src/crypto/openssh/ssh.1 2011-05-04 08:35:39.000000000 0000
468 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/ssh.1 2011-08-05 22:38:23.000000000 0000
469 @@ -35,7 +35,7 @@
470 .\"
471 .\" $OpenBSD: ssh.1,v 1.316 2010/11/18 15:01:00 jmc Exp $
472 .\" $FreeBSD: src/crypto/openssh/ssh.1,v 1.44 2011/05/04 07:34:44 des Exp $
473 -.Dd November 18, 2010
474 +.Dd August 05, 2011
475 .Dt SSH 1
476 .Os
477 .Sh NAME
478 @@ -60,6 +60,7 @@
479 .Op Fl p Ar port
480 .Op Fl R Oo Ar bind_address : Oc Ns Ar port : Ns Ar host : Ns Ar hostport
481 .Op Fl S Ar ctl_path
482 +.Op Fl u Ar timeout
483 .Op Fl W Ar host : Ns Ar port
484 .Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun
485 .Oo Ar user Ns @ Oc Ns Ar hostname
486 @@ -466,6 +467,7 @@
487 .It TunnelDevice
488 .It UsePrivilegedPort
489 .It User
490 +.It UserTimeout
491 .It UserKnownHostsFile
492 .It VerifyHostKeyDNS
493 .It VersionAddendum
494 @@ -557,6 +559,14 @@
495 options force tty allocation, even if
496 .Nm
497 has no local tty.
498 +.It Fl u Ar timeout
499 +Sets the requested timeout (UTO) for the connection.
500 +If the option is accepted by the server, the connection will be kept for
501 +the specified time in the absence of network connectivity.
502 +.Pp
503 +This option can also be enabled using the UserTimeout directive as described
504 +in
505 +.Xr ssh_config 5 .
506 .It Fl V
507 Display the version number and exit.
508 .It Fl v
509 --- //depot/vendor/freebsd/src/crypto/openssh/ssh.c 2011-05-04 08:35:39.000000000 0000
510 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/ssh.c 2011-08-20 11:56:07.000000000 0000
511 @@ -70,6 +70,7 @@
512 #include <unistd.h>
513
514 #include <netinet/in.h>
515 +#include <netinet/tcp.h>
516 #include <arpa/inet.h>
517
518 #include <openssl/evp.h>
519 @@ -200,7 +201,7 @@
520 " [-L [bind_address:]port:host:hostport]\n"
521 " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
522 " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"
523 -" [-W host:port] [-w local_tun[:remote_tun]]\n"
524 +" [-u timeout] [-W host:port] [-w local_tun[:remote_tun]]\n"
525 " [user@]hostname [command]\n"
526 );
527 exit(255);
528 @@ -297,7 +298,7 @@
529 argv0 = av[0];
530
531 again:
532 - while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
533 + while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstu:vx"
534 "ACD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) {
535 switch (opt) {
536 case '1':
537 @@ -392,6 +393,16 @@
538 force_tty_flag = 1;
539 tty_flag = 1;
540 break;
541 + case 'u':
542 +#ifdef TCP_SNDUTO_TIMEOUT
543 + options.user_timeout = convtime(optarg);
544 + if (options.user_timeout == -1)
545 + fatal("Invalid User Timeout value");
546 +#else
547 + fprintf(stderr, "Warning, TCP_SNDUTO_TIMEOUT not"
548 + " supported, timeout ignored\n");
549 +#endif
550 + break;
551 case 'v':
552 if (debug_flag == 0) {
553 debug_flag = 1;
554 @@ -905,6 +916,15 @@
555 } else {
556 verbose("Authenticated to %s (via proxy).", host);
557 }
558 +
559 + /*
560 + * Attempt to send the option after authenticating. If the server
561 + * didn't record it at SYN, it should now.
562 + */
563 + if (options.user_timeout && setsockopt(packet_get_connection_in(),
564 + IPPROTO_TCP, TCP_SNDUTO_TIMEOUT, &options.user_timeout,
565 + sizeof(options.user_timeout)))
566 + error("setsockopt TCP_SNDUTO_TIMEOUT: %.100s", strerror(errno));
567
568 /* We no longer need the private host keys. Clear them now. */
569 if (sensitive_data.nkeys != 0) {
570 --- //depot/vendor/freebsd/src/crypto/openssh/ssh_config.5 2011-05-04 08:35:39.000000000 0000
571 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/ssh_config.5 2011-08-05 22:38:23.000000000 0000
572 @@ -35,7 +35,7 @@
573 .\"
574 .\" $OpenBSD: ssh_config.5,v 1.146 2010/12/08 04:02:47 djm Exp $
575 .\" $FreeBSD: src/crypto/openssh/ssh_config.5,v 1.32 2011/05/04 07:34:44 des Exp $
576 -.Dd December 8, 2010
577 +.Dd July 19, 2011
578 .Dt SSH_CONFIG 5
579 .Os
580 .Sh NAME
581 @@ -1137,6 +1137,20 @@
582 This can be useful when a different user name is used on different machines.
583 This saves the trouble of
584 having to remember to give the user name on the command line.
585 +.It Cm UserTimeout
586 +Specifies the UserTimeout (TCP UTO) for this connection.
587 +If the server accepts this option, the connection will be kept for the
588 +specified time in the absence of network connectivity.
589 +.Pp
590 +Usually a server will only allow certain users to use this option, due to
591 +the security risks involved.
592 +.Pp
593 +The values that can be specified are subject to
594 +.Dv net.inet.tcp.uto.min_timeout
595 +and
596 +.Dv net.inet.tcp.uto.max_timeout .
597 +.Pp
598 +By default no timeout is used.
599 .It Cm UserKnownHostsFile
600 Specifies a file to use for the user
601 host key database instead of
602 --- //depot/vendor/freebsd/src/crypto/openssh/sshconnect.c 2011-05-04 08:35:39.000000000 0000
603 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/sshconnect.c 2011-08-05 22:38:23.000000000 0000
604 @@ -25,6 +25,7 @@
605 #endif
606
607 #include <netinet/in.h>
608 +#include <netinet/tcp.h>
609 #include <arpa/inet.h>
610
611 #include <ctype.h>
612 @@ -389,6 +390,17 @@
613 /* Any error is already output */
614 continue;
615
616 + /*
617 + * Attempt to set the UTO value before connecting.
618 + * Some hosts might not accept it if we send it later.
619 + */
620 + if (options.user_timeout > 0 &&
621 + setsockopt(sock, IPPROTO_TCP, TCP_SNDUTO_TIMEOUT,
622 + &options.user_timeout,
623 + sizeof(options.user_timeout)) < 0)
624 + error("setsockopt TCP_SNDUTO_TIMEOUT: %.100s",
625 + strerror(errno));
626 +
627 if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen,
628 timeout_ms) >= 0) {
629 /* Successful connection. */
630 --- //depot/vendor/freebsd/src/crypto/openssh/sshd.c 2011-05-04 08:35:39.000000000 0000
631 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/sshd.c 2011-08-05 22:38:23.000000000 0000
632 @@ -59,6 +59,8 @@
633 #include "openbsd-compat/sys-queue.h"
634 #include <sys/wait.h>
635
636 +#include <netinet/tcp.h>
637 +
638 #include <errno.h>
639 #include <fcntl.h>
640 #include <netdb.h>
641 @@ -2027,6 +2029,17 @@
642 startup_pipe = -1;
643 }
644
645 + /*
646 + * After authentication it's safe to enable User Timeout. The
647 + * connection will not be dropped for this period of time even if
648 + * the client stays silent (doesn't ACK our data).
649 + */
650 + if (options.allow_user_timeout && packet_connection_is_on_socket() &&
651 + setsockopt(sock_in, IPPROTO_TCP, TCP_RCVUTO_TIMEOUT, &on,
652 + sizeof(on)) < 0)
653 + error("setsockopt TCP_RCVUTO_TIMEOUT: %.100s", strerror(errno));
654 +
655 +
656 #ifdef SSH_AUDIT_EVENTS
657 audit_event(SSH_AUTH_SUCCESS);
658 #endif
659 --- //depot/vendor/freebsd/src/crypto/openssh/sshd_config.5 2011-05-04 08:35:39.000000000 0000
660 +++ //depot/projects/soc2011/cnicutar_tcputo_9/src/crypto/openssh/sshd_config.5 2011-08-05 22:38:23.000000000 0000
661 @@ -35,7 +35,7 @@
662 .\"
663 .\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $
664 .\" $FreeBSD: src/crypto/openssh/sshd_config.5,v 1.38 2011/05/04 07:34:44 des Exp $
665 -.Dd December 8, 2010
666 +.Dd July 19, 2011
667 .Dt SSHD_CONFIG 5
668 .Os
669 .Sh NAME
670 @@ -152,6 +152,22 @@
671 in
672 .Xr ssh_config 5
673 for more information on patterns.
674 +.It Cm AllowUserTimeout
675 +This directive specifies that the UserTimeout requested by the client will
676 +be accepted after authentication.
677 +When a UserTimeout is accepted TCP will not drop the connection for the
678 +specified time even if the client remains silent (doesn't ACK data).
679 +.Pp
680 +The values that can be accepted are subject to the system-wide
681 +.Dv net.inet.tcp.uto.min_timeout
682 +and
683 +.Dv net.inet.tcp.uto.max_timeout .
684 +.Pp
685 +A server should only allow trusted users to use this option, due to
686 +the security risks involved.
687 +.Pp
688 +The default value is
689 +.Dq no .
690 .It Cm AuthorizedKeysFile
691 Specifies the file that contains the public keys that can be used
692 for user authentication.
Attached Files
To refer to attachments on a page, use attachment:filename, as shown below in the list of files. Do NOT use the URL of the [get] link, since this is subject to change and can break easily.You are not allowed to attach a file to this page.