On Fri, 20 May 2022, rapier wrote:> > I don't understand the problem and I don't understand the fix, sorry. > > I don't really understand the problem either whcih means the fix really is a > band aid at this point. > > > The sshbuf_read() in packet.c will always reserve PACKET_MAX_SIZE (256k) > > in addition to whatever is in the buffer currently and will greedily try to > > fill it (up to max_size). > > The problem is that I'm not seeing that behaviour. It's pretty easy to see > though - just up the default window and drop that debug into sshbuf.c. It's > easier to see if you ramp up the delay with netem but even with no delay it's > there. Either way, I'm only seeing it ramp up by 32K at a time.Are you sure that it's the packet receive buffer in this case? I'd recommend instrumenting sshbuf_read() first and seeing what what it's doing, e.g. how much data the read() is returning. You can set SSHBUF_DEBUG at compile time to get a lot more info. A strace or similar might be helpful too. -d
On 5/20/22 9:08 PM, Damien Miller wrote:> Are you sure that it's the packet receive buffer in this case? > > I'd recommend instrumenting sshbuf_read() first and seeing what what it's > doing, e.g. how much data the read() is returning. > > You can set SSHBUF_DEBUG at compile time to get a lot more info. > A strace or similar might be helpful too.So I tried this and I'm getting the following from the client rapier at iztli:~$ ssh -p2289 192.168.1.102 kex_exchange_identification: No SSH version received in first 1024 lines from server Turns out the banner is getting filled with the SSHBUF_DBG lines: debug1: kex_exchange_identification: banner line 0: sshbuf.c:34 sshbuf_check_sanity: sanity size 0 alloc 256 off 0 max 134217728 debug1: kex_exchange_identification: banner line 1: sshbuf.c:354 sshbuf_reserve: reserve buf = 0x556d1a798160 len = 3125 debug1: kex_exchange_identification: banner line 2: sshbuf.c:309 sshbuf_allocate: allocate buf = 0x556d1a798160 len = 3125 Am I missing a step? This is with 9.0p1 with the default sshd_config. I've also tried it with 8.8 and 8.2 with the same results so I feel like I am missing something. Client is 8.2p1. Thanks, Chris