diff options
| author |   djm <djm@openbsd.org> | 2010-11-13 23:27:50 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2010-11-13 23:27:50 +0000 |
| commit | 86c6b38240c85da373ab1e4db9ebd5a766003c0f (patch) | |
| tree | 2c7ac312fd478848f482c0ccc53fae0847f379c5 | |
| parent | backout 1.86 (diff) | |
| download | wireguard-openbsd-86c6b38240c85da373ab1e4db9ebd5a766003c0f.tar.xz wireguard-openbsd-86c6b38240c85da373ab1e4db9ebd5a766003c0f.zip | |
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
hardcoding lowdelay/throughput.
bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
| -rw-r--r-- | usr.bin/ssh/clientloop.c | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/misc.c | 56 | ||||
| -rw-r--r-- | usr.bin/ssh/misc.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/packet.c | 11 | ||||
| -rw-r--r-- | usr.bin/ssh/packet.h | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/readconf.c | 30 | ||||
| -rw-r--r-- | usr.bin/ssh/readconf.h | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.c | 38 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.h | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/session.c | 8 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh_config.5 | 41 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 41 |
13 files changed, 223 insertions, 29 deletions
diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index 3a315ec01c8..ee12c8f0444 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.223 2010/10/06 06:39:28 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.224 2010/11/13 23:27:50 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1955,6 +1955,9 @@ client_session2_setup(int id, int want_tty, int want_subsystem, if ((c = channel_lookup(id)) == NULL) fatal("client_session2_setup: channel %d: unknown channel", id); + packet_set_interactive(want_tty, + options.ip_qos_interactive, options.ip_qos_bulk); + if (want_tty) { struct winsize ws; diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c index 6a128902617..fadf839517d 100644 --- a/usr.bin/ssh/misc.c +++ b/usr.bin/ssh/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.82 2010/09/24 13:33:00 matthew Exp $ */ +/* $OpenBSD: misc.c,v 1.83 2010/11/13 23:27:50 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -31,6 +31,8 @@ #include <net/if.h> #include <netinet/in.h> +#include <netinet/in_systm.h> +#include <netinet/ip.h> #include <netinet/tcp.h> #include <errno.h> @@ -893,3 +895,55 @@ bandwidth_limit(struct bwlimit *bw, size_t read_len) bw->lamt = 0; gettimeofday(&bw->bwstart, NULL); } + +static const struct { + const char *name; + int value; +} ipqos[] = { + { "af11", IPTOS_DSCP_AF11 }, + { "af12", IPTOS_DSCP_AF12 }, + { "af13", IPTOS_DSCP_AF13 }, + { "af14", IPTOS_DSCP_AF21 }, + { "af22", IPTOS_DSCP_AF22 }, + { "af23", IPTOS_DSCP_AF23 }, + { "af31", IPTOS_DSCP_AF31 }, + { "af32", IPTOS_DSCP_AF32 }, + { "af33", IPTOS_DSCP_AF33 }, + { "af41", IPTOS_DSCP_AF41 }, + { "af42", IPTOS_DSCP_AF42 }, + { "af43", IPTOS_DSCP_AF43 }, + { "cs0", IPTOS_DSCP_CS0 }, + { "cs1", IPTOS_DSCP_CS1 }, + { "cs2", IPTOS_DSCP_CS2 }, + { "cs3", IPTOS_DSCP_CS3 }, + { "cs4", IPTOS_DSCP_CS4 }, + { "cs5", IPTOS_DSCP_CS5 }, + { "cs6", IPTOS_DSCP_CS6 }, + { "cs7", IPTOS_DSCP_CS7 }, + { "ef", IPTOS_DSCP_EF }, + { "lowdelay", IPTOS_LOWDELAY }, + { "throughput", IPTOS_THROUGHPUT }, + { "reliability", IPTOS_RELIABILITY }, + { NULL, -1 } +}; + +int +parse_ipqos(const char *cp) +{ + u_int i; + char *ep; + long val; + + if (cp == NULL) + return -1; + for (i = 0; ipqos[i].name != NULL; i++) { + if (strcasecmp(cp, ipqos[i].name) == 0) + return ipqos[i].value; + } + /* Try parsing as an integer */ + val = strtol(cp, &ep, 0); + if (*cp == '\0' || *ep != '\0' || val < 0 || val > 255) + return -1; + return val; +} + diff --git a/usr.bin/ssh/misc.h b/usr.bin/ssh/misc.h index f7887a18613..4571d9bf4b7 100644 --- a/usr.bin/ssh/misc.h +++ b/usr.bin/ssh/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.45 2010/09/24 13:33:00 matthew Exp $ */ +/* $OpenBSD: misc.h,v 1.46 2010/11/13 23:27:50 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -87,6 +87,7 @@ struct bwlimit { void bandwidth_limit_init(struct bwlimit *, u_int64_t, size_t); void bandwidth_limit(struct bwlimit *, size_t); +int parse_ipqos(const char *); /* readpass.c */ diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index 190af2990d9..d14e0982389 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.171 2010/11/05 02:46:47 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.172 2010/11/13 23:27:50 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1734,13 +1734,12 @@ packet_not_very_much_data_to_write(void) } static void -packet_set_tos(int interactive) +packet_set_tos(int tos) { - int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT; - if (!packet_connection_is_on_socket() || !packet_connection_is_ipv4()) return; + debug3("%s: set IP_TOS 0x%02x", __func__, tos); if (setsockopt(active_state->connection_in, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) < 0) error("setsockopt IP_TOS %d: %.100s:", @@ -1750,7 +1749,7 @@ packet_set_tos(int interactive) /* Informs that the current session is interactive. Sets IP flags for that. */ void -packet_set_interactive(int interactive) +packet_set_interactive(int interactive, int qos_interactive, int qos_bulk) { if (active_state->set_interactive_called) return; @@ -1763,7 +1762,7 @@ packet_set_interactive(int interactive) if (!packet_connection_is_on_socket()) return; set_nodelay(active_state->connection_in); - packet_set_tos(interactive); + packet_set_tos(interactive ? qos_interactive : qos_bulk); } /* Returns true if the current connection is interactive. */ diff --git a/usr.bin/ssh/packet.h b/usr.bin/ssh/packet.h index 827561cdb5d..30bbf98731c 100644 --- a/usr.bin/ssh/packet.h +++ b/usr.bin/ssh/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.54 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: packet.h,v 1.55 2010/11/13 23:27:50 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -32,7 +32,7 @@ u_int packet_get_encryption_key(u_char *); void packet_set_protocol_flags(u_int); u_int packet_get_protocol_flags(void); void packet_start_compression(int); -void packet_set_interactive(int); +void packet_set_interactive(int, int, int); int packet_is_interactive(void); void packet_set_server(void); void packet_set_authenticated(void); diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index ee9e17d5e2a..6a9d176cd80 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.189 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.190 2010/11/13 23:27:50 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -17,6 +17,8 @@ #include <sys/socket.h> #include <netinet/in.h> +#include <netinet/in_systm.h> +#include <netinet/ip.h> #include <ctype.h> #include <errno.h> @@ -129,7 +131,7 @@ typedef enum { oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, - oKexAlgorithms, + oKexAlgorithms, oIPQoS, oDeprecated, oUnsupported } OpCodes; @@ -239,6 +241,7 @@ static struct { { "zeroknowledgepasswordauthentication", oUnsupported }, #endif { "kexalgorithms", oKexAlgorithms }, + { "ipqos", oIPQoS }, { NULL, oBadOption } }; @@ -969,6 +972,23 @@ parse_int: intptr = &options->visual_host_key; goto parse_flag; + case oIPQoS: + arg = strdelim(&s); + if ((value = parse_ipqos(arg)) == -1) + fatal("%s line %d: Bad IPQoS value: %s", + filename, linenum, arg); + arg = strdelim(&s); + if (arg == NULL) + value2 = value; + else if ((value2 = parse_ipqos(arg)) == -1) + fatal("%s line %d: Bad IPQoS value: %s", + filename, linenum, arg); + if (*activep) { + options->ip_qos_interactive = value; + options->ip_qos_bulk = value2; + } + break; + case oUseRoaming: intptr = &options->use_roaming; goto parse_flag; @@ -1131,6 +1151,8 @@ initialize_options(Options * options) options->use_roaming = -1; options->visual_host_key = -1; options->zero_knowledge_password_authentication = -1; + options->ip_qos_interactive = -1; + options->ip_qos_bulk = -1; } /* @@ -1284,6 +1306,10 @@ fill_default_options(Options * options) options->visual_host_key = 0; if (options->zero_knowledge_password_authentication == -1) options->zero_knowledge_password_authentication = 0; + if (options->ip_qos_interactive == -1) + options->ip_qos_interactive = IPTOS_LOWDELAY; + if (options->ip_qos_bulk == -1) + options->ip_qos_bulk = IPTOS_THROUGHPUT; /* options->local_command should not be set by default */ /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index ae61466df2f..ee160dfe7b1 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.87 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.88 2010/11/13 23:27:50 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -59,6 +59,8 @@ typedef struct { int compression_level; /* Compression level 1 (fast) to 9 * (best). */ int tcp_keep_alive; /* Set SO_KEEPALIVE. */ + int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ + int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ LogLevel log_level; /* Level for logging. */ int port; /* Port to connect. */ diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 1c77e938d01..116235d4697 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.212 2010/09/30 11:04:51 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.213 2010/11/13 23:27:50 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -14,6 +14,10 @@ #include <sys/socket.h> #include <sys/queue.h> +#include <netinet/in.h> +#include <netinet/in_systm.h> +#include <netinet/ip.h> + #include <netdb.h> #include <pwd.h> #include <stdio.h> @@ -126,6 +130,8 @@ initialize_server_options(ServerOptions *options) options->revoked_keys_file = NULL; options->trusted_user_ca_keys = NULL; options->authorized_principals_file = NULL; + options->ip_qos_interactive = -1; + options->ip_qos_bulk = -1; } void @@ -257,6 +263,10 @@ fill_default_server_options(ServerOptions *options) options->permit_tun = SSH_TUNMODE_NO; if (options->zero_knowledge_password_authentication == -1) options->zero_knowledge_password_authentication = 0; + if (options->ip_qos_interactive == -1) + options->ip_qos_interactive = IPTOS_LOWDELAY; + if (options->ip_qos_bulk == -1) + options->ip_qos_bulk = IPTOS_THROUGHPUT; /* Turn privilege separation on by default */ if (use_privsep == -1) @@ -290,7 +300,7 @@ typedef enum { sUsePrivilegeSeparation, sAllowAgentForwarding, sZeroKnowledgePasswordAuthentication, sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, - sKexAlgorithms, + sKexAlgorithms, sIPQoS, sDeprecated, sUnsupported } ServerOpCodes; @@ -402,6 +412,7 @@ static struct { { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, + { "ipqos", sIPQoS, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -631,7 +642,7 @@ process_server_config_line(ServerOptions *options, char *line, const char *host, const char *address) { char *cp, **charptr, *arg, *p; - int cmdline = 0, *intptr, value, n; + int cmdline = 0, *intptr, value, value2, n; SyslogFacility *log_facility_ptr; LogLevel *log_level_ptr; ServerOpCodes opcode; @@ -1325,6 +1336,23 @@ process_server_config_line(ServerOptions *options, char *line, charptr = &options->revoked_keys_file; goto parse_filename; + case sIPQoS: + arg = strdelim(&cp); + if ((value = parse_ipqos(arg)) == -1) + fatal("%s line %d: Bad IPQoS value: %s", + filename, linenum, arg); + arg = strdelim(&cp); + if (arg == NULL) + value2 = value; + else if ((value2 = parse_ipqos(arg)) == -1) + fatal("%s line %d: Bad IPQoS value: %s", + filename, linenum, arg); + if (*activep) { + options->ip_qos_interactive = value; + options->ip_qos_bulk = value2; + } + break; + case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); @@ -1435,6 +1463,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) M_CP_INTOPT(x11_use_localhost); M_CP_INTOPT(max_sessions); M_CP_INTOPT(max_authtries); + M_CP_INTOPT(ip_qos_interactive); + M_CP_INTOPT(ip_qos_bulk); M_CP_STROPT(banner); if (preauth) @@ -1695,5 +1725,7 @@ dump_config(ServerOptions *o) } dump_cfg_string(sPermitTunnel, s); + printf("ipqos 0x%02x 0x%02x\n", o->ip_qos_interactive, o->ip_qos_bulk); + channel_print_adm_permitted_opens(); } diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h index 1bdccb12375..70dba668b28 100644 --- a/usr.bin/ssh/servconf.h +++ b/usr.bin/ssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.94 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.95 2010/11/13 23:27:50 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -70,6 +70,8 @@ typedef struct { char *xauth_location; /* Location of xauth program */ int strict_modes; /* If true, require string home dir modes. */ int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */ + int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ + int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ char *ciphers; /* Supported SSH2 ciphers. */ char *macs; /* Supported SSH2 macs. */ char *kex_algorithms; /* SSH2 kex methods in order of preference. */ diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 63526e20f95..4aa3cde56ad 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.256 2010/06/25 07:20:04 djm Exp $ */ +/* $OpenBSD: session.c,v 1.257 2010/11/13 23:27:50 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -559,7 +559,8 @@ do_exec_no_pty(Session *s, const char *command) s->pid = pid; /* Set interactive/non-interactive mode. */ - packet_set_interactive(s->display != NULL); + packet_set_interactive(s->display != NULL, + options.ip_qos_interactive, options.ip_qos_bulk); #ifdef USE_PIPES /* We are the parent. Close the child sides of the pipes. */ @@ -689,7 +690,8 @@ do_exec_pty(Session *s, const char *command) /* Enter interactive session. */ s->ptymaster = ptymaster; - packet_set_interactive(1); + packet_set_interactive(1, + options.ip_qos_interactive, options.ip_qos_bulk); if (compat20) { session_set_fds(s, ptyfd, fdout, -1, 1, 1); } else { diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 741c08c4fa8..244ed4b5fe9 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.353 2010/10/06 06:39:28 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.354 2010/11/13 23:27:50 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1186,7 +1186,8 @@ ssh_session(void) } } /* Tell the packet module whether this is an interactive session. */ - packet_set_interactive(interactive); + packet_set_interactive(interactive, + options.ip_qos_interactive, options.ip_qos_bulk); /* Request authentication agent forwarding if appropriate. */ check_agent_present(); @@ -1284,8 +1285,6 @@ ssh_session2_setup(int id, int success, void *arg) client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), NULL, fileno(stdin), &command, environ); - - packet_set_interactive(interactive); } /* open new channel for a session */ diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index dd39bfafbc3..9e82fa864a3 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.142 2010/10/28 18:33:28 jmc Exp $ -.Dd $Mdocdate: October 28 2010 $ +.\" $OpenBSD: ssh_config.5,v 1.143 2010/11/13 23:27:50 djm Exp $ +.Dd $Mdocdate: November 13 2010 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -626,6 +626,43 @@ escape characters: It is possible to have multiple identity files specified in configuration files; all these identities will be tried in sequence. +.It Cm IPQoS +Specifies the IPv4 type-of-service or DSCP class for connections. +Accepted values are +.Dq af11 , +.Dq af12 , +.Dq af13 , +.Dq af14 , +.Dq af22 , +.Dq af23 , +.Dq af31 , +.Dq af32 , +.Dq af33 , +.Dq af41 , +.Dq af42 , +.Dq af43 , +.Dq cs0 , +.Dq cs1 , +.Dq cs2 , +.Dq cs3 , +.Dq cs4 , +.Dq cs5 , +.Dq cs6 , +.Dq cs7 , +.Dq ef , +.Dq lowdelay , +.Dq throughput , +.Dq reliability , +or a numeric value. +This option may take one or two arguments. +If one argument is specified, it is used as the packet class unconditionally. +If two values are specified, the first is automatically selected for +interactive sessions and the second for non-interactive sessions. +The default is +.Dq lowdelay +for interactive sessions and +.Dq throughput +for non-interactive sessions. .It Cm KbdInteractiveAuthentication Specifies whether to use keyboard-interactive authentication. The argument to this keyword must be diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 3e9ca227b53..b074ddc6ba8 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.128 2010/10/28 18:33:28 jmc Exp $ -.Dd $Mdocdate: October 28 2010 $ +.\" $OpenBSD: sshd_config.5,v 1.129 2010/11/13 23:27:51 djm Exp $ +.Dd $Mdocdate: November 13 2010 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -513,6 +513,43 @@ or .Cm HostbasedAuthentication . The default is .Dq no . +.It Cm IPQoS +Specifies the IPv4 type-of-service or DSCP class for the connection. +Accepted values are +.Dq af11 , +.Dq af12 , +.Dq af13 , +.Dq af14 , +.Dq af22 , +.Dq af23 , +.Dq af31 , +.Dq af32 , +.Dq af33 , +.Dq af41 , +.Dq af42 , +.Dq af43 , +.Dq cs0 , +.Dq cs1 , +.Dq cs2 , +.Dq cs3 , +.Dq cs4 , +.Dq cs5 , +.Dq cs6 , +.Dq cs7 , +.Dq ef , +.Dq lowdelay , +.Dq throughput , +.Dq reliability , +or a numeric value. +This option may take one or two arguments. +If one argument is specified, it is used as the packet class unconditionally. +If two values are specified, the first is automatically selected for +interactive sessions and the second for non-interactive sessions. +The default is +.Dq lowdelay +for interactive sessions and +.Dq throughput +for non-interactive sessions. .It Cm KerberosAuthentication Specifies whether the password provided by the user for .Cm PasswordAuthentication |