main/openssh: fix patches

fix hpn patches which was unintentionally disabled with commit
756f181a5 (main/openssh: support cross building and use default_prepare)

rename *.diff to *.patch because *.diff are ignored by default_prepare

1 files changed, 0 insertions, 871 deletions

diff --git a/main/openssh/openssh7.1-dynwindows.diff b/main/openssh/openssh7.1-dynwindows.diff
deleted file mode 100644
index 933623ab2c..0000000000
--- a/main/openssh/openssh7.1-dynwindows.diff
+++ /dev/null
@@ -1,871 +0,0 @@
-diff --git a/buffer.h b/buffer.h
-index df1aebc..898ecef 100644
---- a/buffer.h
-+++ b/buffer.h
-@@ -16,6 +16,9 @@
-  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-  */
- 
-+/* move the following to a more appropriate place and name */
-+#define BUFFER_MAX_LEN_HPN          0x4000000  /* 64MB */
-+
- /* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */
- 
- #ifndef BUFFER_H
-diff --git a/channels.c b/channels.c
-index a84b487..d4568ae 100644
---- a/channels.c
-+++ b/channels.c
-@@ -186,8 +186,14 @@ static void port_open_helper(Channel *c, char *rtype);
- static int connect_next(struct channel_connect *);
- static void channel_connect_ctx_free(struct channel_connect *);
- 
-+
-+static int hpn_disabled = 0;
-+static int hpn_buffer_size = 2 * 1024 * 1024;
-+
- /* -- channel core */
- 
-+
-+
- Channel *
- channel_by_id(int id)
- {
-@@ -336,6 +342,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
- 	c->local_window_max = window;
- 	c->local_consumed = 0;
- 	c->local_maxpacket = maxpack;
-+	c->dynamic_window = 0;
- 	c->remote_id = -1;
- 	c->remote_name = xstrdup(remote_name);
- 	c->remote_window = 0;
-@@ -840,11 +847,35 @@ channel_pre_open_13(Channel *c, fd_set *readset, fd_set *writeset)
- 		FD_SET(c->sock, writeset);
- }
- 
-+int channel_tcpwinsz () {
-+        u_int32_t tcpwinsz = 0;
-+        socklen_t optsz = sizeof(tcpwinsz);
-+	int ret = -1;
-+
-+	/* if we aren't on a socket return 128KB*/
-+	if(!packet_connection_is_on_socket())
-+	    return(128*1024);
-+	ret = getsockopt(packet_get_connection_in(),
-+			 SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
-+	/* return no more than 64MB */
-+	if ((ret == 0) && tcpwinsz > BUFFER_MAX_LEN_HPN)
-+	    tcpwinsz = BUFFER_MAX_LEN_HPN;
-+	debug2("tcpwinsz: %d for connection: %d", tcpwinsz,
-+	       packet_get_connection_in());
-+	return(tcpwinsz);
-+}
-+
- static void
- channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
- {
- 	u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
- 
-+	/* check buffer limits */
-+	if ((!c->tcpwinsz) || (c->dynamic_window > 0))
-+		c->tcpwinsz = channel_tcpwinsz();
-+
-+	limit = MIN(limit, 2 * c->tcpwinsz);
-+
- 	if (c->istate == CHAN_INPUT_OPEN &&
- 	    limit > 0 &&
- 	    buffer_len(&c->input) < limit &&
-@@ -1862,14 +1893,21 @@ channel_check_window(Channel *c)
- 	    c->local_maxpacket*3) ||
- 	    c->local_window < c->local_window_max/2) &&
- 	    c->local_consumed > 0) {
-+		u_int addition = 0;
-+		/* adjust max window size if we are in a dynamic environment */
-+		if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) {
-+			/* grow the window somewhat aggressively to maintain pressure */
-+			addition = 1.5*(c->tcpwinsz - c->local_window_max);
-+			c->local_window_max += addition;
-+		}
- 		packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
- 		packet_put_int(c->remote_id);
--		packet_put_int(c->local_consumed);
-+		packet_put_int(c->local_consumed + addition);
- 		packet_send();
- 		debug2("channel %d: window %d sent adjust %d",
- 		    c->self, c->local_window,
- 		    c->local_consumed);
--		c->local_window += c->local_consumed;
-+		c->local_window += c->local_consumed + addition;
- 		c->local_consumed = 0;
- 	}
- 	return 1;
-@@ -2813,6 +2851,15 @@ channel_fwd_bind_addr(const char *listen_addr, int *wildcardp,
- 	return addr;
- }
- 
-+
-+void
-+channel_set_hpn(int external_hpn_disabled, int external_hpn_buffer_size)
-+{
-+	hpn_disabled = external_hpn_disabled;
-+	hpn_buffer_size = external_hpn_buffer_size;
-+	debug("HPN Disabled: %d, HPN Buffer Size: %d", hpn_disabled, hpn_buffer_size);
-+}
-+
- static int
- channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd,
-     int *allocated_listen_port, struct ForwardOptions *fwd_opts)
-@@ -2941,9 +2988,15 @@ channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd,
- 		}
- 
- 		/* Allocate a channel number for the socket. */
-+		/* explicitly test for hpn disabled option. if true use smaller window size */
-+		if (hpn_disabled)
- 		c = channel_new("port listener", type, sock, sock, -1,
- 		    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
- 		    0, "port listener", 1);
-+ 		else
-+ 			c = channel_new("port listener", type, sock, sock, -1,
-+ 			  hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
-+ 			  0, "port listener", 1);
- 		c->path = xstrdup(host);
- 		c->host_port = fwd->connect_port;
- 		c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
-@@ -3975,10 +4028,17 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
- 	*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
- 	for (n = 0; n < num_socks; n++) {
- 		sock = socks[n];
-+		/* Is this really necassary? */
-+		if (hpn_disabled)
- 		nc = channel_new("x11 listener",
- 		    SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
- 		    CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
- 		    0, "X11 inet listener", 1);
-+		else
-+			nc = channel_new("x11 listener",
-+			    SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
-+			    hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
-+			    0, "X11 inet listener", 1);
- 		nc->single_connection = single_connection;
- 		(*chanids)[n] = nc->self;
- 	}
-diff --git a/channels.h b/channels.h
-index 9d76c9d..ecece7f 100644
---- a/channels.h
-+++ b/channels.h
-@@ -134,8 +134,10 @@ struct Channel {
- 	u_int	local_window_max;
- 	u_int	local_consumed;
- 	u_int	local_maxpacket;
-+	int	dynamic_window;
- 	int     extended_usage;
- 	int	single_connection;
-+	u_int	tcpwinsz;
- 
- 	char   *ctype;		/* type */
- 
-@@ -171,8 +173,10 @@ struct Channel {
- /* default window/packet sizes for tcp/x11-fwd-channel */
- #define CHAN_SES_PACKET_DEFAULT	(32*1024)
- #define CHAN_SES_WINDOW_DEFAULT	(64*CHAN_SES_PACKET_DEFAULT)
-+
- #define CHAN_TCP_PACKET_DEFAULT	(32*1024)
- #define CHAN_TCP_WINDOW_DEFAULT	(64*CHAN_TCP_PACKET_DEFAULT)
-+
- #define CHAN_X11_PACKET_DEFAULT	(16*1024)
- #define CHAN_X11_WINDOW_DEFAULT	(4*CHAN_X11_PACKET_DEFAULT)
- 
-@@ -312,4 +316,7 @@ void	 chan_rcvd_ieof(Channel *);
- void	 chan_write_failed(Channel *);
- void	 chan_obuf_empty(Channel *);
- 
-+/* hpn handler */
-+void     channel_set_hpn(int, int);
-+
- #endif
-diff --git a/clientloop.c b/clientloop.c
-index 87ceb3d..33c59cc 100644
---- a/clientloop.c
-+++ b/clientloop.c
-@@ -1923,9 +1923,15 @@ client_request_x11(const char *request_type, int rchan)
- 	sock = x11_connect_display();
- 	if (sock < 0)
- 		return NULL;
-+	/* again is this really necessary for X11? */
-+	if (options.hpn_disabled)
- 	c = channel_new("x11",
- 	    SSH_CHANNEL_X11_OPEN, sock, sock, -1,
- 	    CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
-+	else
-+		c = channel_new("x11",
-+		    SSH_CHANNEL_X11_OPEN, sock, sock, -1,
-+		    options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
- 	c->force_drain = 1;
- 	return c;
- }
-@@ -1948,10 +1954,16 @@ client_request_agent(const char *request_type, int rchan)
- 			    __func__, ssh_err(r));
- 		return NULL;
- 	}
-+	if (options.hpn_disabled)
- 	c = channel_new("authentication agent connection",
- 	    SSH_CHANNEL_OPEN, sock, sock, -1,
--	    CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
-+	    CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
- 	    "authentication agent connection", 1);
-+	else
-+	c = channel_new("authentication agent connection",
-+	    SSH_CHANNEL_OPEN, sock, sock, -1,
-+	    options.hpn_buffer_size, options.hpn_buffer_size, 0,
-+ 	    "authentication agent connection", 1);
- 	c->force_drain = 1;
- 	return c;
- }
-@@ -1978,10 +1990,18 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
- 		return -1;
- 	}
- 
-+	if(options.hpn_disabled)
- 	c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
--	    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
-+				CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
-+				0, "tun", 1);
-+	else
-+	c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
-+				options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
-+				0, "tun", 1);
- 	c->datagram = 1;
- 
-+
-+
- #if defined(SSH_TUN_FILTER)
- 	if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
- 		channel_register_filter(c->self, sys_tun_infilter,
-diff --git a/compat.c b/compat.c
-index 5583804..9b3d672 100644
---- a/compat.c
-+++ b/compat.c
-@@ -40,7 +40,7 @@
- 
- int compat13 = 0;
- int compat20 = 0;
--int datafellows = 0;
-+unsigned int datafellows = 0;
- 
- void
- enable_compat20(void)
-@@ -63,7 +63,7 @@ compat_datafellows(const char *version)
- 	int i;
- 	static struct {
- 		char	*pat;
--		int	bugs;
-+		unsigned int	bugs;
- 	} check[] = {
- 		{ "OpenSSH-2.0*,"
- 		  "OpenSSH-2.1*,"
-@@ -210,6 +210,12 @@ compat_datafellows(const char *version)
- 			debug("match: %s pat %s compat 0x%08x",
- 			    version, check[i].pat, check[i].bugs);
- 			datafellows = check[i].bugs;	/* XXX for now */
-+			/* Check to see if the remote side is OpenSSH and not HPN */
-+			if (strstr(version,"OpenSSH") != NULL &&
-+			    strstr(version,"hpn") == NULL) {
-+				datafellows |= SSH_BUG_LARGEWINDOW;
-+				debug("Remote is NON-HPN aware");
-+			}
- 			return check[i].bugs;
- 		}
- 	}
-diff --git a/compat.h b/compat.h
-index 2be290a..453c85e 100644
---- a/compat.h
-+++ b/compat.h
-@@ -62,6 +62,7 @@
- #define SSH_BUG_CURVE25519PAD	0x10000000
- #define SSH_BUG_HOSTKEYS	0x20000000
- #define SSH_BUG_DHGEX_LARGE	0x40000000
-+#define SSH_BUG_LARGEWINDOW     0x80000000
- 
- void     enable_compat13(void);
- void     enable_compat20(void);
-@@ -73,5 +74,5 @@ char	*compat_kex_proposal(char *);
- 
- extern int compat13;
- extern int compat20;
--extern int datafellows;
-+extern unsigned int datafellows;
- #endif
-diff --git a/readconf.c b/readconf.c
-index 1d03bdf..78d815a 100644
---- a/readconf.c
-+++ b/readconf.c
-@@ -158,6 +158,7 @@ typedef enum {
- 	oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
- 	oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
- 	oPubkeyAcceptedKeyTypes,
-+	oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
- 	oIgnoredUnknownOption, oDeprecated, oUnsupported
- } OpCodes;
- 
-@@ -279,6 +280,11 @@ static struct {
- 	{ "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
- 	{ "ignoreunknown", oIgnoreUnknown },
- 
-+	{ "tcprcvbufpoll", oTcpRcvBufPoll },
-+	{ "tcprcvbuf", oTcpRcvBuf },
-+	{ "hpndisabled", oHPNDisabled },
-+	{ "hpnbuffersize", oHPNBufferSize },
-+
- 	{ NULL, oBadOption }
- };
- 
-@@ -906,6 +912,18 @@ parse_time:
- 		intptr = &options->check_host_ip;
- 		goto parse_flag;
- 
-+	case oHPNDisabled:
-+		intptr = &options->hpn_disabled;
-+		goto parse_flag;
-+
-+	case oHPNBufferSize:
-+		intptr = &options->hpn_buffer_size;
-+		goto parse_int;
-+
-+	case oTcpRcvBufPoll:
-+		intptr = &options->tcp_rcv_buf_poll;
-+		goto parse_flag;
-+
- 	case oVerifyHostKeyDNS:
- 		intptr = &options->verify_host_key_dns;
- 		multistate_ptr = multistate_yesnoask;
-@@ -1069,6 +1087,10 @@ parse_int:
- 		intptr = &options->connection_attempts;
- 		goto parse_int;
- 
-+	case oTcpRcvBuf:
-+		intptr = &options->tcp_rcv_buf;
-+		goto parse_int;
-+
- 	case oCipher:
- 		intptr = &options->cipher;
- 		arg = strdelim(&s);
-@@ -1665,6 +1687,10 @@ initialize_options(Options * options)
- 	options->ip_qos_interactive = -1;
- 	options->ip_qos_bulk = -1;
- 	options->request_tty = -1;
-+	options->hpn_disabled = -1;
-+	options->hpn_buffer_size = -1;
-+	options->tcp_rcv_buf_poll = -1;
-+	options->tcp_rcv_buf = -1;
- 	options->proxy_use_fdpass = -1;
- 	options->ignored_unknown = NULL;
- 	options->num_canonical_domains = 0;
-@@ -1817,6 +1843,28 @@ fill_default_options(Options * options)
- 		options->server_alive_interval = 0;
- 	if (options->server_alive_count_max == -1)
- 		options->server_alive_count_max = 3;
-+	if (options->hpn_disabled == -1)
-+	        options->hpn_disabled = 0;
-+	if (options->hpn_buffer_size > -1)
-+	{
-+	  /* if a user tries to set the size to 0 set it to 1KB */
-+		if (options->hpn_buffer_size == 0)
-+		options->hpn_buffer_size = 1;
-+		/*limit the buffer to 64MB*/
-+		if (options->hpn_buffer_size > 64*1024)
-+		{
-+			options->hpn_buffer_size = 64*1024*1024;
-+			debug("User requested buffer larger than 64MB. Request reverted to 64MB");
-+		}
-+		else options->hpn_buffer_size *= 1024;
-+		debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
-+	}
-+	if (options->tcp_rcv_buf == 0)
-+		options->tcp_rcv_buf = 1;
-+	if (options->tcp_rcv_buf > -1)
-+		options->tcp_rcv_buf *=1024;
-+	if (options->tcp_rcv_buf_poll == -1)
-+		options->tcp_rcv_buf_poll = 1;
- 	if (options->control_master == -1)
- 		options->control_master = 0;
- 	if (options->control_persist == -1) {
-diff --git a/readconf.h b/readconf.h
-index bb2d552..6aec47e 100644
---- a/readconf.h
-+++ b/readconf.h
-@@ -57,6 +57,10 @@ typedef struct {
- 	int     compression_level;	/* Compression level 1 (fast) to 9
- 					 * (best). */
- 	int     tcp_keep_alive;	/* Set SO_KEEPALIVE. */
-+	int     tcp_rcv_buf; /* user switch to set tcp recv buffer */
-+	int     tcp_rcv_buf_poll; /* Option to poll recv buf every window transfer */
-+	int     hpn_disabled;    /* Switch to disable HPN buffer management */
-+	int     hpn_buffer_size; /* User definable size for HPN buffer window */
- 	int	ip_qos_interactive;	/* IP ToS/DSCP/class for interactive */
- 	int	ip_qos_bulk;		/* IP ToS/DSCP/class for bulk traffic */
- 	LogLevel log_level;	/* Level for logging. */
-diff --git a/scp.c b/scp.c
-index 593fe89..c6922ee 100644
---- a/scp.c
-+++ b/scp.c
-@@ -750,7 +750,7 @@ source(int argc, char **argv)
- 	off_t i, statbytes;
- 	size_t amt, nr;
- 	int fd = -1, haderr, indx;
--	char *last, *name, buf[2048], encname[PATH_MAX];
-+	char *last, *name, buf[16384], encname[PATH_MAX];
- 	int len;
- 
- 	for (indx = 0; indx < argc; ++indx) {
-@@ -919,7 +919,7 @@ sink(int argc, char **argv)
- 	off_t size, statbytes;
- 	unsigned long long ull;
- 	int setimes, targisdir, wrerrno = 0;
--	char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
-+	char ch, *cp, *np, *targ, *why, *vect[1], buf[16384];
- 	struct timeval tv[2];
- 
- #define	atime	tv[0]
-diff --git a/servconf.c b/servconf.c
-index 6c7a91e..1499b6f 100644
---- a/servconf.c
-+++ b/servconf.c
-@@ -165,6 +165,9 @@ initialize_server_options(ServerOptions *options)
- 	options->authorized_principals_file = NULL;
- 	options->authorized_principals_command = NULL;
- 	options->authorized_principals_command_user = NULL;
-+	options->tcp_rcv_buf_poll = -1;
-+	options->hpn_disabled = -1;
-+	options->hpn_buffer_size = -1;
- 	options->ip_qos_interactive = -1;
- 	options->ip_qos_bulk = -1;
- 	options->version_addendum = NULL;
-@@ -181,6 +184,7 @@ option_clear_or_none(const char *o)
- void
- fill_default_server_options(ServerOptions *options)
- {
-+	int sock, socksize, socksizelen = sizeof(int);
- 	int i;
- 
- 	/* Portable-specific options */
-@@ -329,6 +333,41 @@ fill_default_server_options(ServerOptions *options)
- 	}
- 	if (options->permit_tun == -1)
- 		options->permit_tun = SSH_TUNMODE_NO;
-+       if (options->hpn_disabled == -1)
-+               options->hpn_disabled = 0;
-+
-+       if (options->hpn_buffer_size == -1) {
-+		/* option not explicitly set. Now we have to figure out */
-+		/* what value to use */
-+		if (options->hpn_disabled == 1) {
-+			options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
-+		} else {
-+			/* get the current RCV size and set it to that */
-+			/*create a socket but don't connect it */
-+			/* we use that the get the rcv socket size */
-+			sock = socket(AF_INET, SOCK_STREAM, 0);
-+			getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-+				   &socksize, &socksizelen);
-+			close(sock);
-+			options->hpn_buffer_size = socksize;
-+			debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
-+		}
-+	} else {
-+		/* we have to do this incase the user sets both values in a contradictory */
-+		/* manner. hpn_disabled overrrides hpn_buffer_size*/
-+		if (options->hpn_disabled <= 0) {
-+			if (options->hpn_buffer_size == 0)
-+				options->hpn_buffer_size = 1;
-+			/* limit the maximum buffer to 64MB */
-+			if (options->hpn_buffer_size > 64*1024) {
-+				options->hpn_buffer_size = 64*1024*1024;
-+			} else {
-+				options->hpn_buffer_size *= 1024;
-+			}
-+		} else
-+			options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
-+	}
-+
- 	if (options->ip_qos_interactive == -1)
- 		options->ip_qos_interactive = IPTOS_LOWDELAY;
- 	if (options->ip_qos_bulk == -1)
-@@ -418,6 +457,7 @@ typedef enum {
- 	sHostCertificate,
- 	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
- 	sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
-+	sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
- 	sKexAlgorithms, sIPQoS, sVersionAddendum,
- 	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
- 	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
-@@ -549,6 +589,9 @@ static struct {
- 	{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
- 	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
- 	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
-+	{ "hpndisabled", sHPNDisabled, SSHCFG_ALL },
-+	{ "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
-+	{ "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
- 	{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
- 	{ "ipqos", sIPQoS, SSHCFG_ALL },
- 	{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
-@@ -587,6 +630,7 @@ parse_token(const char *cp, const char *filename,
- 
- 	for (i = 0; keywords[i].name; i++)
- 		if (strcasecmp(cp, keywords[i].name) == 0) {
-+			debug ("Config token is %s", keywords[i].name);
- 			*flags = keywords[i].flags;
- 			return keywords[i].opcode;
- 		}
-@@ -1165,6 +1209,19 @@ process_server_config_line(ServerOptions *options, char *line,
- 			*intptr = value;
- 		break;
- 
-+
-+	case sTcpRcvBufPoll:
-+		intptr = &options->tcp_rcv_buf_poll;
-+		goto parse_flag;
-+
-+	case sHPNDisabled:
-+		intptr = &options->hpn_disabled;
-+		goto parse_flag;
-+
-+	case sHPNBufferSize:
-+		intptr = &options->hpn_buffer_size;
-+		goto parse_int;
-+
- 	case sIgnoreUserKnownHosts:
- 		intptr = &options->ignore_user_known_hosts;
- 		goto parse_flag;
-diff --git a/servconf.h b/servconf.h
-index f4137af..cd6e8ad 100644
---- a/servconf.h
-+++ b/servconf.h
-@@ -172,6 +172,9 @@ typedef struct {
- 	char   *adm_forced_command;
- 
- 	int	use_pam;		/* Enable auth via PAM */
-+        int     tcp_rcv_buf_poll;       /* poll tcp rcv window in autotuning kernels*/
-+	int	hpn_disabled;		/* disable hpn functionality. false by default */
-+	int	hpn_buffer_size;	/* set the hpn buffer size - default 3MB */
- 
- 	int	permit_tun;
- 
-diff --git a/serverloop.c b/serverloop.c
-index 306ac36..2fd1ad5 100644
---- a/serverloop.c
-+++ b/serverloop.c
-@@ -1051,8 +1051,12 @@ server_request_tun(void)
- 	sock = tun_open(tun, mode);
- 	if (sock < 0)
- 		goto done;
-+	if (options.hpn_disabled)
- 	c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
- 	    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
-+	else
-+		c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
-+		    options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
- 	c->datagram = 1;
- #if defined(SSH_TUN_FILTER)
- 	if (mode == SSH_TUNMODE_POINTOPOINT)
-@@ -1088,6 +1092,8 @@ server_request_session(void)
- 	c = channel_new("session", SSH_CHANNEL_LARVAL,
- 	    -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
- 	    0, "server-session", 1);
-+	if ((options.tcp_rcv_buf_poll) && (!options.hpn_disabled))
-+		c->dynamic_window = 1;
- 	if (session_open(the_authctxt, c->self) != 1) {
- 		debug("session open failed, free channel %d", c->self);
- 		channel_free(c);
-diff --git a/session.c b/session.c
-index 5a64715..00856ea 100644
---- a/session.c
-+++ b/session.c
-@@ -220,6 +220,7 @@ auth_input_request_forwarding(struct passwd * pw)
- 		goto authsock_err;
- 
- 	/* Allocate a channel for the authentication agent socket. */
-+	/* this shouldn't matter if its hpn or not - cjr */
- 	nc = channel_new("auth socket",
- 	    SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
- 	    CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
-@@ -2329,10 +2330,16 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr,
- 	 */
- 	if (s->chanid == -1)
- 		fatal("no channel for session %d", s->self);
-+	if (options.hpn_disabled)
- 	channel_set_fds(s->chanid,
- 	    fdout, fdin, fderr,
- 	    ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
- 	    1, is_tty, CHAN_SES_WINDOW_DEFAULT);
-+	else
-+		channel_set_fds(s->chanid,
-+		    fdout, fdin, fderr,
-+		    ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
-+		    1, is_tty, options.hpn_buffer_size);
- }
- 
- /*
-diff --git a/sftp.1 b/sftp.1
-index 214f011..55d6eec 100644
---- a/sftp.1
-+++ b/sftp.1
-@@ -263,7 +263,8 @@ diagnostic messages from
- Specify how many requests may be outstanding at any one time.
- Increasing this may slightly improve file transfer speed
- but will increase memory usage.
--The default is 64 outstanding requests.
-+The default is 256 outstanding requests providing for 8MB
-+of outstanding data with a 32KB buffer.
- .It Fl r
- Recursively copy entire directories when uploading and downloading.
- Note that
-diff --git a/sftp.c b/sftp.c
-index 788601a..e749945 100644
---- a/sftp.c
-+++ b/sftp.c
-@@ -71,7 +71,7 @@ typedef void EditLine;
- #include "sftp-client.h"
- 
- #define DEFAULT_COPY_BUFLEN	32768	/* Size of buffer for up/download */
--#define DEFAULT_NUM_REQUESTS	64	/* # concurrent outstanding requests */
-+#define DEFAULT_NUM_REQUESTS	256	/* # concurrent outstanding requests */
- 
- /* File to read commands from */
- FILE* infile;
-diff --git a/ssh.c b/ssh.c
-index 59c1f93..9eab41f 100644
---- a/ssh.c
-+++ b/ssh.c
-@@ -1814,6 +1814,9 @@ ssh_session2_open(void)
- {
- 	Channel *c;
- 	int window, packetmax, in, out, err;
-+	int sock;
-+	int socksize;
-+	int socksizelen = sizeof(int);
- 
- 	if (stdin_null_flag) {
- 		in = open(_PATH_DEVNULL, O_RDONLY);
-@@ -1834,9 +1837,74 @@ ssh_session2_open(void)
- 	if (!isatty(err))
- 		set_nonblock(err);
- 
--	window = CHAN_SES_WINDOW_DEFAULT;
-+	/* we need to check to see if what they want to do about buffer */
-+	/* sizes here. In a hpn to nonhpn connection we want to limit */
-+	/* the window size to something reasonable in case the far side */
-+	/* has the large window bug. In hpn to hpn connection we want to */
-+	/* use the max window size but allow the user to override it */
-+	/* lastly if they disabled hpn then use the ssh std window size */
-+
-+	/* so why don't we just do a getsockopt() here and set the */
-+	/* ssh window to that? In the case of a autotuning receive */
-+	/* window the window would get stuck at the initial buffer */
-+	/* size generally less than 96k. Therefore we need to set the */
-+	/* maximum ssh window size to the maximum hpn buffer size */
-+	/* unless the user has specifically set the tcprcvbufpoll */
-+	/* to no. In which case we *can* just set the window to the */
-+	/* minimum of the hpn buffer size and tcp receive buffer size */
-+
-+	if (tty_flag)
-+		options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
-+	else
-+		options.hpn_buffer_size = 2*1024*1024;
-+
-+	if (datafellows & SSH_BUG_LARGEWINDOW)
-+	{
-+		debug("HPN to Non-HPN Connection");
-+	}
-+	else
-+	{
-+		if (options.tcp_rcv_buf_poll <= 0)
-+		{
-+			sock = socket(AF_INET, SOCK_STREAM, 0);
-+			getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-+				   &socksize, &socksizelen);
-+			close(sock);
-+			debug("socksize %d", socksize);
-+			options.hpn_buffer_size = socksize;
-+			debug ("HPNBufferSize set to TCP RWIN: %d", options.hpn_buffer_size);
-+		}
-+		else
-+		{
-+			if (options.tcp_rcv_buf > 0)
-+			{
-+				/*create a socket but don't connect it */
-+				/* we use that the get the rcv socket size */
-+				sock = socket(AF_INET, SOCK_STREAM, 0);
-+				/* if they are using the tcp_rcv_buf option */
-+				/* attempt to set the buffer size to that */
-+				if (options.tcp_rcv_buf)
-+					setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&options.tcp_rcv_buf,
-+						   sizeof(options.tcp_rcv_buf));
-+				getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-+					   &socksize, &socksizelen);
-+				close(sock);
-+				debug("socksize %d", socksize);
-+				options.hpn_buffer_size = socksize;
-+				debug ("HPNBufferSize set to user TCPRcvBuf: %d", options.hpn_buffer_size);
-+			}
-+ 		}
-+	}
-+
-+	debug("Final hpn_buffer_size = %d", options.hpn_buffer_size);
-+
-+	window = options.hpn_buffer_size;
-+
-+	channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
-+
- 	packetmax = CHAN_SES_PACKET_DEFAULT;
- 	if (tty_flag) {
-+		window = 4*CHAN_SES_PACKET_DEFAULT;
- 		window >>= 1;
- 		packetmax >>= 1;
- 	}
-@@ -1845,6 +1913,10 @@ ssh_session2_open(void)
- 	    window, packetmax, CHAN_EXTENDED_WRITE,
- 	    "client-session", /*nonblock*/0);
- 
-+	if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled)) {
-+		c->dynamic_window = 1;
-+		debug ("Enabled Dynamic Window Scaling");
-+	}
- 	debug3("ssh_session2_open: channel_new: %d", c->self);
- 
- 	channel_send_open(c->self);
-diff --git a/sshconnect.c b/sshconnect.c
-index 17fbe39..a965d7a 100644
---- a/sshconnect.c
-+++ b/sshconnect.c
-@@ -267,6 +267,31 @@ ssh_kill_proxy_command(void)
- }
- 
- /*
-+ * Set TCP receive buffer if requested.
-+ * Note: tuning needs to happen after the socket is
-+ * created but before the connection happens
-+ * so winscale is negotiated properly -cjr
-+ */
-+static void
-+ssh_set_socket_recvbuf(int sock)
-+{
-+	void *buf = (void *)&options.tcp_rcv_buf;
-+	int sz = sizeof(options.tcp_rcv_buf);
-+	int socksize;
-+	int socksizelen = sizeof(int);
-+
-+	debug("setsockopt Attempting to set SO_RCVBUF to %d", options.tcp_rcv_buf);
-+	if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, buf, sz) >= 0) {
-+	  getsockopt(sock, SOL_SOCKET, SO_RCVBUF, &socksize, &socksizelen);
-+	  debug("setsockopt SO_RCVBUF: %.100s %d", strerror(errno), socksize);
-+	}
-+	else
-+		error("Couldn't set socket receive buffer to %d: %.100s",
-+		    options.tcp_rcv_buf, strerror(errno));
-+}
-+
-+
-+/*
-  * Creates a (possibly privileged) socket for use as the ssh connection.
-  */
- static int
-@@ -282,6 +307,9 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
- 	}
- 	fcntl(sock, F_SETFD, FD_CLOEXEC);
- 
-+	if (options.tcp_rcv_buf > 0)
-+		ssh_set_socket_recvbuf(sock);
-+
- 	/* Bind the socket to an alternative local IP address */
- 	if (options.bind_address == NULL && !privileged)
- 		return sock;
-@@ -524,10 +552,10 @@ send_client_banner(int connection_out, int minor1)
- 	/* Send our own protocol version identification. */
- 	if (compat20) {
- 		xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
--		    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
-+		    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
- 	} else {
- 		xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
--		    PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
-+		    PROTOCOL_MAJOR_1, minor1, SSH_RELEASE);
- 	}
- 	if (roaming_atomicio(vwrite, connection_out, client_version_string,
- 	    strlen(client_version_string)) != strlen(client_version_string))
-diff --git a/sshd.c b/sshd.c
-index 65ef7e8..893a0ab 100644
---- a/sshd.c
-+++ b/sshd.c
-@@ -432,7 +432,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
- 	}
- 
- 	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
--	    major, minor, SSH_VERSION,
-+	    major, minor, SSH_RELEASE,
- 	    *options.version_addendum == '\0' ? "" : " ",
- 	    options.version_addendum, newline);
- 
-@@ -1155,6 +1155,8 @@ server_listen(void)
- 	int ret, listen_sock, on = 1;
- 	struct addrinfo *ai;
- 	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
-+	int socksize;
-+	int socksizelen = sizeof(int);
- 
- 	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
- 		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
-@@ -1195,6 +1197,11 @@ server_listen(void)
- 
- 		debug("Bind to port %s on %s.", strport, ntop);
- 
-+		getsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF,
-+				   &socksize, &socksizelen);
-+		debug("Server TCP RWIN socket size: %d", socksize);
-+		debug("HPN Buffer Size: %d", options.hpn_buffer_size);
-+
- 		/* Bind the socket to the desired port. */
- 		if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
- 			error("Bind to port %s on %s failed: %.200s.",
-@@ -2145,6 +2152,9 @@ main(int ac, char **av)
- 	    remote_ip, remote_port, laddr,  get_local_port());
- 	free(laddr);
- 
-+	/* set the HPN options for the child */
-+	channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
-+
- 	/*
- 	 * We don't want to listen forever unless the other side
- 	 * successfully authenticates itself.  So we set up an alarm which is
-diff --git a/sshd_config b/sshd_config
-index 4d77f05..3153ffc 100644
---- a/sshd_config
-+++ b/sshd_config
-@@ -125,6 +125,17 @@ UsePrivilegeSeparation sandbox		# Default for new installations.
- # override default of no subsystems
- Subsystem	sftp	/usr/libexec/sftp-server
- 
-+# the following are HPN related configuration options
-+# tcp receive buffer polling. disable in non autotuning kernels
-+#TcpRcvBufPoll yes
-+ 
-+# disable hpn performance boosts
-+#HPNDisabled no
-+
-+# buffer size for hpn to non-hpn connections
-+#HPNBufferSize 2048
-+
-+
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- #	X11Forwarding no
-diff --git a/version.h b/version.h
-index d917ca1..41a6023 100644
---- a/version.h
-+++ b/version.h
-@@ -3,4 +3,5 @@
- #define SSH_VERSION	"OpenSSH_7.2"
- 
- #define SSH_PORTABLE	"p2"
--#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
-+#define SSH_HPN         "-hpn14v4"
-+#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE SSH_HPN