diff options
| author |   djm <djm@openbsd.org> | 2016-02-08 10:57:07 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2016-02-08 10:57:07 +0000 |
| commit | 5dce5bc0ed1a240435ee5d80d30c9ec16624caa6 (patch) | |
| tree | a9a677a7d5412709615810140f5f6a4bad1be981 /usr.bin/ssh/serverloop.c | |
| parent | Align with reality, and with POSIX: For this particular function, (diff) | |
| download | wireguard-openbsd-5dce5bc0ed1a240435ee5d80d30c9ec16624caa6.tar.xz wireguard-openbsd-5dce5bc0ed1a240435ee5d80d30c9ec16624caa6.zip | |
refactor activation of rekeying
This makes automatic rekeying internal to the packet code (previously
the server and client loops needed to assist). In doing to it makes
application of rekey limits more accurate by accounting for packets
about to be sent as well as packets queued during rekeying events
themselves.
Based on a patch from dtucker@ which was in turn based on a patch
Aleksander Adamowski in bz#2521; ok markus@
Diffstat (limited to 'usr.bin/ssh/serverloop.c')
| -rw-r--r-- | usr.bin/ssh/serverloop.c | 20 |
1 files changed, 7 insertions, 13 deletions
diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index bd1de6e6022..19f67ccf858 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.181 2016/01/14 16:17:40 markus Exp $ */ +/* $OpenBSD: serverloop.c,v 1.182 2016/02/08 10:57:07 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -788,7 +788,7 @@ void server_loop2(Authctxt *authctxt) { fd_set *readset = NULL, *writeset = NULL; - int rekeying = 0, max_fd; + int max_fd; u_int nalloc = 0; u_int64_t rekey_timeout_ms = 0; @@ -815,11 +815,11 @@ server_loop2(Authctxt *authctxt) for (;;) { process_buffered_input_packets(); - rekeying = (active_state->kex != NULL && !active_state->kex->done); - - if (!rekeying && packet_not_very_much_data_to_write()) + if (!ssh_packet_is_rekeying(active_state) && + packet_not_very_much_data_to_write()) channel_output_poll(); - if (options.rekey_interval > 0 && compat20 && !rekeying) + if (options.rekey_interval > 0 && compat20 && + !ssh_packet_is_rekeying(active_state)) rekey_timeout_ms = packet_get_rekey_timeout() * 1000; else rekey_timeout_ms = 0; @@ -834,14 +834,8 @@ server_loop2(Authctxt *authctxt) } collect_children(); - if (!rekeying) { + if (!ssh_packet_is_rekeying(active_state)) channel_after_select(readset, writeset); - if (packet_need_rekeying()) { - debug("need rekeying"); - active_state->kex->done = 0; - kex_send_kexinit(active_state); - } - } process_input(readset); if (connection_closed) break; |