upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for

interactive and CS1 for bulk AF21 was selected as this is the highest priority within the low-latency service class (and it is higher than what we have today). SSH is elastic and time-sensitive data, where a user is waiting for a response via the network in order to continue with a task at hand. As such, these flows should be considered foreground traffic, with delays or drops to such traffic directly impacting user-productivity. For bulk SSH traffic, the CS1 "Lower Effort" marker was chosen to enable networks implementing a scavanger/lower-than-best effort class to discriminate scp(1) below normal activities, such as web surfing. In general this type of bulk SSH traffic is a background activity. An advantage of using "AF21" for interactive SSH and "CS1" for bulk SSH is that they are recognisable values on all common platforms (IANA https://www.iana.org/assignments/dscp-registry/dscp-registry.xml), and for AF21 specifically a definition of the intended behavior exists https://tools.ietf.org/html/rfc4594#section-4.7 in addition to the definition of the Assured Forwarding PHB group https://tools.ietf.org/html/rfc2597, and for CS1 (Lower Effort) there is https://tools.ietf.org/html/rfc3662 The first three bits of "AF21" map to the equivalent IEEEE 802.1D PCP, IEEE 802.11e, MPLS EXP/CoS and IP Precedence value of 2 (also known as "Immediate", or "AC_BE"), and CS1's first 3 bits map to IEEEE 802.1D PCP, IEEE 802.11e, MPLS/CoS and IP Precedence value 1 ("Background" or "AC_BK"). OK deraadt@, "no objection" djm@ OpenBSD-Commit-ID: d11d2a4484f461524ef0c20870523dfcdeb52181
2018-04-04 15:12:17 +00:00 · 2018-04-04 15:12:17 +00:00 · 5ee8448ad7
parent 424b544fbd
commit 5ee8448ad7
4 changed files with 18 additions and 14 deletions
--- a/readconf.c
+++ b/readconf.c
@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.283 2018/02/23 15:58:37 markus Exp $ */
+/* $OpenBSD: readconf.c,v 1.284 2018/04/04 15:12:17 job Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1998,9 +1998,9 @@ fill_default_options(Options * options)
 	if (options->visual_host_key == -1)
 		options->visual_host_key = 0;
 	if (options->ip_qos_interactive == -1)
-		options->ip_qos_interactive = IPTOS_LOWDELAY;
+		options->ip_qos_interactive = IPTOS_DSCP_AF21;
 	if (options->ip_qos_bulk == -1)
-		options->ip_qos_bulk = IPTOS_THROUGHPUT;
+		options->ip_qos_bulk = IPTOS_DSCP_CS1;
 	if (options->request_tty == -1)
 		options->request_tty = REQUEST_TTY_AUTO;
 	if (options->proxy_use_fdpass == -1)
--- a/servconf.c
+++ b/servconf.c
@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.326 2018/03/01 20:32:16 markus Exp $ */
+/* $OpenBSD: servconf.c,v 1.327 2018/04/04 15:12:17 job Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@ -372,9 +372,9 @@ fill_default_server_options(ServerOptions *options)
 	if (options->permit_tun == -1)
 		options->permit_tun = SSH_TUNMODE_NO;
 	if (options->ip_qos_interactive == -1)
-		options->ip_qos_interactive = IPTOS_LOWDELAY;
+		options->ip_qos_interactive = IPTOS_DSCP_AF21;
 	if (options->ip_qos_bulk == -1)
-		options->ip_qos_bulk = IPTOS_THROUGHPUT;
+		options->ip_qos_bulk = IPTOS_DSCP_CS1;
 	if (options->version_addendum == NULL)
 		options->version_addendum = xstrdup("");
 	if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
--- a/ssh_config.5
+++ b/ssh_config.5
@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.268 2018/02/23 07:38:09 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.269 2018/04/04 15:12:17 job Exp $
-.Dd $Mdocdate: February 23 2018 $
+.Dd $Mdocdate: April 4 2018 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@ -984,9 +984,11 @@ If one argument is specified, it is used as the packet class unconditionally.
 If two values are specified, the first is automatically selected for
 interactive sessions and the second for non-interactive sessions.
 The default is
-.Cm lowdelay
+.Cm af21
 .Ar (Low-Latency Data)
 for interactive sessions and
-.Cm throughput
+.Cm cs1
 .Ar (Lower Effort)
 for non-interactive sessions.
 .It Cm KbdInteractiveAuthentication
 Specifies whether to use keyboard-interactive authentication.
--- a/sshd_config.5
+++ b/sshd_config.5
@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.263 2018/02/16 02:40:45 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.264 2018/04/04 15:12:17 job Exp $
-.Dd $Mdocdate: February 16 2018 $
+.Dd $Mdocdate: April 4 2018 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@ -816,9 +816,11 @@ If one argument is specified, it is used as the packet class unconditionally.
 If two values are specified, the first is automatically selected for
 interactive sessions and the second for non-interactive sessions.
 The default is
-.Cm lowdelay
+.Cm af21
 .Ar (Low-Latency Data)
 for interactive sessions and
-.Cm throughput
+.Cm cs1
 .Ar (Lower Effort)
 for non-interactive sessions.
 .It Cm KbdInteractiveAuthentication
 Specifies whether to allow keyboard-interactive authentication.