Commit 64292058 authored by Matt Johnston's avatar Matt Johnston
Browse files

Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets

(from keepalives)

--HG--
extra : convert_revision : a46ca9204de0df58d8701df0d79b6b8ec601b9ce
parent 66371f99
......@@ -53,6 +53,8 @@ void write_packet() {
int len, written;
buffer * writebuf = NULL;
time_t now;
unsigned packet_type;
TRACE(("enter write_packet"))
dropbear_assert(!isempty(&ses.writequeue));
......@@ -60,7 +62,10 @@ void write_packet() {
/* Get the next buffer in the queue of encrypted packets to write*/
writebuf = (buffer*)examine(&ses.writequeue);
len = writebuf->len - writebuf->pos;
/* The last byte of the buffer is not to be transmitted, but is
* a cleartext packet_type indicator */
packet_type = writebuf->data[writebuf->len-1];
len = writebuf->len - 1 - writebuf->pos;
dropbear_assert(len > 0);
/* Try to write as much as possible */
written = write(ses.sock_out, buf_getptr(writebuf, len), len);
......@@ -74,8 +79,12 @@ void write_packet() {
}
}
ses.last_trx_packet_time = time(NULL);
ses.last_packet_time = time(NULL);
now = time(NULL);
ses.last_trx_packet_time = now;
if (packet_type != SSH_MSG_IGNORE) {
ses.last_packet_time = now;
}
if (written == 0) {
ses.remoteclosed();
......@@ -420,17 +429,21 @@ void encrypt_packet() {
unsigned char blocksize, mac_size;
buffer * writebuf; /* the packet which will go on the wire. This is
encrypted in-place. */
unsigned char type;
unsigned char packet_type;
unsigned int len, encrypt_buf_size;
unsigned char mac_bytes[MAX_MAC_LEN];
type = ses.writepayload->data[0];
TRACE(("enter encrypt_packet()"))
TRACE(("encrypt_packet type is %d", type))
buf_setpos(ses.writepayload, 0);
packet_type = buf_getbyte(ses.writepayload);
buf_setpos(ses.writepayload, 0);
TRACE(("encrypt_packet type is %d", packet_type))
if (!ses.dataallowed && !packet_is_okay_kex(type)) {
if (!ses.dataallowed && !packet_is_okay_kex(packet_type)) {
/* During key exchange only particular packets are allowed.
Since this type isn't OK we just enqueue it to send
Since this packet_type isn't OK we just enqueue it to send
after the KEX, see maybe_flush_reply_queue */
enqueue_reply_packet();
return;
......@@ -442,19 +455,21 @@ void encrypt_packet() {
/* Encrypted packet len is payload+5, then worst case is if we are 3 away
* from a blocksize multiple. In which case we need to pad to the
* multiple, then add another blocksize (or MIN_PACKET_LEN) */
encrypt_buf_size = (ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3;
encrypt_buf_size = (ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3
/* add space for the MAC at the end */
encrypt_buf_size += mac_size;
+ mac_size
#ifndef DISABLE_ZLIB
encrypt_buf_size += ZLIB_COMPRESS_INCR; /* bit of a kludge, but we can't know len*/
/* zlib compression could lengthen the payload in some cases */
+ ZLIB_COMPRESS_INCR
#endif
/* and an extra cleartext (stripped before transmission) byte for the
* packet type */
+ 1;
writebuf = buf_new(encrypt_buf_size);
buf_setlen(writebuf, PACKET_PAYLOAD_OFF);
buf_setpos(writebuf, PACKET_PAYLOAD_OFF);
buf_setpos(ses.writepayload, 0);
#ifndef DISABLE_ZLIB
/* compression */
if (is_compress_trans()) {
......@@ -512,6 +527,9 @@ void encrypt_packet() {
/* stick the MAC on it */
buf_putbytes(writebuf, mac_bytes, mac_size);
/* The last byte of the buffer stores the cleartext packet_type. It is not
* transmitted but is used for transmit timeout purposes */
buf_putbyte(writebuf, packet_type);
/* enqueue the packet for sending. It will get freed after transmission. */
buf_setpos(writebuf, 0);
enqueue(&ses.writequeue, (void*)writebuf);
......
......@@ -52,6 +52,8 @@ void process_packet() {
ses.lastpacket = type;
ses.last_packet_time = time(NULL);
/* These packets we can receive at any time */
switch(type) {
......@@ -70,8 +72,6 @@ void process_packet() {
dropbear_close("Disconnect received");
}
ses.last_packet_time = time(NULL);
/* This applies for KEX, where the spec says the next packet MUST be
* NEWKEYS */
if (ses.requirenext != 0) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment