- Disable compression for non-final multihops

--HG-- extra : convert_revision : c507a2aacb9e0db4c0266891b8915c614e32857e

- Disable compression for non-final multihops
--HG-- extra : convert_revision : c507a2aacb9e0db4c0266891b8915c614e32857e
e3ca0513 · Matt Johnston · 95a01f90 · e3ca0513 · e3ca0513 · e3ca0513
Commit e3ca0513 authored 15 years ago by Matt Johnston
--- a/algo.h
+++ b/algo.h
@@ -50,7 +50,8 @@ extern algo_type sshkex[];
 extern algo_type sshhostkey[];
 extern algo_type sshciphers[];
 extern algo_type sshhashes[];
-extern algo_type sshcompress[];
+extern algo_type ssh_compress[];
+extern algo_type ssh_nocompress[];
 extern const struct dropbear_cipher dropbear_nocipher;
 extern const struct dropbear_cipher_mode dropbear_mode_none;

--- a/cli-runopts.c
+++ b/cli-runopts.c
@@ -144,6 +144,9 @@ void cli_getopts(int argc, char ** argv) {
 #endif
 #ifdef ENABLE_CLI_PROXYCMD
 	cli_opts.proxycmd = NULL;
+#endif
+#ifndef DISABLE_ZLIB
+	opts.enable_compress = 1;
 #endif
 	/* not yet
 	opts.ipv4 = 1;
@@ -530,6 +533,10 @@ static void parse_multihop_hostname(const char* orighostarg, const char* argv0)
 		snprintf(cli_opts.proxycmd, cmd_len, "%s -B %s:%s %s %s", 
 				argv0, cli_opts.remotehost, cli_opts.remoteport, 
 				passthrough_args, remainder);
+#ifndef DISABLE_ZLIB
+		/* The stream will be incompressible since it's encrypted. */
+		opts.enable_compress = 0;
+#endif
 		m_free(passthrough_args);
 	}
 	m_free(hostbuf);

--- a/common-algo.c
+++ b/common-algo.c
@@ -168,11 +168,16 @@ algo_type sshhashes[] = {
 	{NULL, 0, NULL, 0, NULL}
 };
-algo_type sshcompress[] = {
 #ifndef DISABLE_ZLIB
+algo_type ssh_compress[] = {
 	{"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL},
 	{"zlib@openssh.com", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL},
+	{"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
+	{NULL, 0, NULL, 0, NULL}
+};
 #endif
+algo_type ssh_nocompress[] = {
 	{"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
 	{NULL, 0, NULL, 0, NULL}
 };

--- a/common-kex.c
+++ b/common-kex.c
@@ -33,6 +33,7 @@
 #include "packet.h"
 #include "bignum.h"
 #include "random.h"
+#include "runopts.h"
 /* diffie-hellman-group1-sha1 value for p */
 static const unsigned char dh_p_val[] = {
@@ -91,10 +92,10 @@ void send_msg_kexinit() {
 	buf_put_algolist(ses.writepayload, sshhashes);
 	/* compression_algorithms_client_to_server */
-	buf_put_algolist(ses.writepayload, sshcompress);
+	buf_put_algolist(ses.writepayload, ses.compress_algos);
 	/* compression_algorithms_server_to_client */
-	buf_put_algolist(ses.writepayload, sshcompress);
+	buf_put_algolist(ses.writepayload, ses.compress_algos);
 	/* languages_client_to_server */
 	buf_putstring(ses.writepayload, "", 0);
@@ -180,8 +181,16 @@ void recv_msg_newkeys() {
 /* Set up the kex for the first time */
 void kexfirstinitialise() {
 	ses.kexstate.donefirstkex = 0;
+#ifndef DISABLE_ZLIB
+	if (opts.enable_compress) {
+		ses.compress_algos = ssh_compress;
+	} else
+#endif
+	{
+		ses.compress_algos = ssh_nocompress;
+	}
 	kexinitialise();
 }
@@ -670,7 +679,7 @@ static void read_kex_algos() {
 	TRACE(("hash s2c is  %s", s2c_hash_algo->name))
 	/* compression_algorithms_client_to_server */
-	c2s_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
+	c2s_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess);
 	if (c2s_comp_algo == NULL) {
 		erralgo = "comp c->s";
 		goto error;
@@ -678,7 +687,7 @@ static void read_kex_algos() {
 	TRACE(("hash c2s is  %s", c2s_comp_algo->name))
 	/* compression_algorithms_server_to_client */
-	s2c_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
+	s2c_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess);
 	if (s2c_comp_algo == NULL) {
 		erralgo = "comp s->c";
 		goto error;

--- a/runopts.h
+++ b/runopts.h
@@ -40,6 +40,14 @@ typedef struct runopts {
 	time_t keepalive_secs;
 	time_t idle_timeout_secs;
+#ifndef DISABLE_ZLIB
+	/* TODO: add a commandline flag. Currently this is on by default if compression
+	 * is compiled in, but disabled for a client's non-final multihop stages. (The
+	 * intermediate stages are compressed streams, so are uncompressible. */
+	int enable_compress;
+#endif
 } runopts;
 extern runopts opts;
@@ -135,7 +143,6 @@ typedef struct cli_runopts {
 #ifdef ENABLE_CLI_PROXYCMD
 	char *proxycmd;
 #endif
 } cli_runopts;
 extern cli_runopts cli_opts;

--- a/session.h
+++ b/session.h
@@ -160,6 +160,9 @@ struct sshsession {
 	buffer* kexhashbuf; /* session hash buffer calculated from various packets*/
 	buffer* transkexinit; /* the kexinit packet we send should be kept so we
 							 can add it to the hash when generating keys */
+	/* Enables/disables compression */
+	algo_type *compress_algos;
 	/* a list of queued replies that should be sent after a KEX has
 	   concluded (ie, while dataallowed was unset)*/

--- a/svr-runopts.c
+++ b/svr-runopts.c
@@ -124,6 +124,9 @@ void svr_getopts(int argc, char ** argv) {
 #endif
 #ifdef ENABLE_SVR_REMOTETCPFWD
 	svr_opts.noremotetcp = 0;
+#endif
+#ifndef DISABLE_ZLIB
+	opts.enable_compress = 1;
 #endif
 	/* not yet
 	opts.ipv4 = 1;