upstream: Set the specified TOS/DSCP for interactive use prior to

TCP connect. The connection phase of the SSH session is time-sensitive (due to server side login grace periods) and is frequently interactive (e.g. entering passwords). The ultimate interactive/bulk TOS/DSCP will be set after authentication completes. ok dtucker@ OpenBSD-Commit-ID: f31ab10d9233363a6d2c9996007083ba43a093f1
2020-11-27 00:49:58 +00:00 · 2020-11-27 00:49:58 +00:00 · 33313ebc1c
parent b2bcec13f1
commit 33313ebc1c
4 changed files with 68 additions and 41 deletions
--- a/misc.c
+++ b/misc.c
@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.155 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: misc.c,v 1.156 2020/11/27 00:49:58 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2005-2020 Damien Miller.  All rights reserved.
@ -231,6 +231,60 @@ set_rdomain(int fd, const char *name)
 #endif
 }

+int
+get_sock_af(int fd)
+{
+	struct sockaddr_storage to;
+	socklen_t tolen = sizeof(to);
+
+	memset(&to, 0, sizeof(to));
+	if (getsockname(fd, (struct sockaddr *)&to, &tolen) == -1)
+		return -1;
+#ifdef IPV4_IN_IPV6
+	if (to.ss_family == AF_INET6 &&
+	    IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&to)->sin6_addr))
+		return AF_INET;
+#endif
+	return to.ss_family;
+}
+
+void
+set_sock_tos(int fd, int tos)
+{
+#ifndef IP_TOS_IS_BROKEN
+	int af;
+
+	switch ((af = get_sock_af(fd))) {
+	case -1:
+		/* assume not a socket */
+		break;
+	case AF_INET:
+# ifdef IP_TOS
+		debug3_f("set socket %d IP_TOS 0x%02x", fd, tos);
+		if (setsockopt(fd, IPPROTO_IP, IP_TOS,
+		    &tos, sizeof(tos)) == -1) {
+			error("setsockopt socket %d IP_TOS %d: %s:",
+			    fd, tos, strerror(errno));
+		}
+# endif /* IP_TOS */
+		break;
+	case AF_INET6:
+# ifdef IPV6_TCLASS
+		debug3_f("set socket %d IPV6_TCLASS 0x%02x", fd, tos);
+		if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS,
+		    &tos, sizeof(tos)) == -1) {
+			error("setsockopt socket %d IPV6_TCLASS %d: %.100s:",
+			    fd, tos, strerror(errno));
+		}
+# endif /* IPV6_TCLASS */
+		break;
+	default:
+		debug2_f("unsupported socket family %d", af);
+		break;
+	}
+#endif /* IP_TOS_IS_BROKEN */
+}
+
 /*
 * Wait up to *timeoutp milliseconds for events on fd. Updates
 * *timeoutp with time remaining.
--- a/misc.h
+++ b/misc.h
@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.89 2020/11/08 22:37:24 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.90 2020/11/27 00:49:58 djm Exp $ */

 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -53,6 +53,8 @@ void	 set_nodelay(int);
 int	 set_reuseaddr(int);
 char	*get_rdomain(int);
 int	 set_rdomain(int, const char *);
+int	 get_sock_af(int);
+void	 set_sock_tos(int, int);
 int	 waitrfd(int, int *);
 int	 timeout_connect(int, const struct sockaddr *, socklen_t, int *);
 int	 a2port(const char *);
--- a/packet.c
+++ b/packet.c
@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.297 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.298 2020/11/27 00:49:58 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -475,19 +475,7 @@ ssh_packet_get_bytes(struct ssh *ssh, u_int64_t *ibytes, u_int64_t *obytes)
 int
 ssh_packet_connection_af(struct ssh *ssh)
 {
-	struct sockaddr_storage to;
-	socklen_t tolen = sizeof(to);
-
-	memset(&to, 0, sizeof(to));
-	if (getsockname(ssh->state->connection_out, (struct sockaddr *)&to,
-	    &tolen) == -1)
-		return 0;
-#ifdef IPV4_IN_IPV6
-	if (to.ss_family == AF_INET6 &&
-	    IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&to)->sin6_addr))
-		return AF_INET;
-#endif
-	return to.ss_family;
+	return get_sock_af(ssh->state->connection_out);
 }

 /* Sets the connection into non-blocking mode. */
@ -2069,30 +2057,9 @@ ssh_packet_not_very_much_data_to_write(struct ssh *ssh)
 void
 ssh_packet_set_tos(struct ssh *ssh, int tos)
 {
-#ifndef IP_TOS_IS_BROKEN
 	if (!ssh_packet_connection_is_on_socket(ssh) || tos == INT_MAX)
 		return;
-	switch (ssh_packet_connection_af(ssh)) {
-# ifdef IP_TOS
-	case AF_INET:
-		debug3_f("set IP_TOS 0x%02x", tos);
-		if (setsockopt(ssh->state->connection_in,
-		    IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1)
-			error("setsockopt IP_TOS %d: %.100s:",
-			    tos, strerror(errno));
-		break;
-# endif /* IP_TOS */
-# ifdef IPV6_TCLASS
-	case AF_INET6:
-		debug3_f("set IPV6_TCLASS 0x%02x", tos);
-		if (setsockopt(ssh->state->connection_in,
-		    IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) == -1)
-			error("setsockopt IPV6_TCLASS %d: %.100s:",
-			    tos, strerror(errno));
-		break;
-# endif /* IPV6_TCLASS */
-	}
-#endif /* IP_TOS_IS_BROKEN */
+	set_sock_tos(ssh->state->connection_in, tos);
 }

 /* Informs that the current session is interactive.  Sets IP flags for that. */
@ -2113,8 +2080,7 @@ ssh_packet_set_interactive(struct ssh *ssh, int interactive, int qos_interactive
 	if (!ssh_packet_connection_is_on_socket(ssh))
 		return;
 	set_nodelay(state->connection_in);
-	ssh_packet_set_tos(ssh, interactive ? qos_interactive :
-	    qos_bulk);
+	ssh_packet_set_tos(ssh, interactive ? qos_interactive : qos_bulk);
 }

 /* Returns true if the current connection is interactive. */
--- a/sshconnect.c
+++ b/sshconnect.c
@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.344 2020/11/22 22:37:11 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.345 2020/11/27 00:49:58 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -30,6 +30,7 @@
 #include <ctype.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <limits.h>
 #include <netdb.h>
 #ifdef HAVE_PATHS_H
 #include <paths.h>
@ -363,6 +364,10 @@ ssh_create_socket(struct addrinfo *ai)
 	}
 	fcntl(sock, F_SETFD, FD_CLOEXEC);

+	/* Use interactive QOS (if specified) until authentication completed */
+	if (options.ip_qos_interactive != INT_MAX)
+		set_sock_tos(sock, options.ip_qos_interactive);
+
 	/* Bind the socket to an alternative local IP address */
 	if (options.bind_address == NULL && options.bind_interface == NULL)
 		return sock;