* size-based rekeys.
*/
unsigned long incoming_data_size, outgoing_data_size, deferred_data_size;
+ unsigned long max_data_size;
int kex_in_progress;
long next_rekey;
};
-#define MAX_DATA_BEFORE_REKEY (0x40000000UL)
-#define REKEY_TIMEOUT (3600 * TICKSPERSEC)
-
#define logevent(s) logevent(ssh->frontend, s)
/* logevent, only printf-formatted. */
ssh->outgoing_data_size += pkt->encrypted_len;
if (!ssh->kex_in_progress &&
- ssh->outgoing_data_size > MAX_DATA_BEFORE_REKEY)
+ ssh->max_data_size != 0 &&
+ ssh->outgoing_data_size > ssh->max_data_size)
do_ssh2_transport(ssh, "Initiating key re-exchange "
"(too much data sent)", -1, NULL);
ssh->outgoing_data_size += ssh->deferred_data_size;
if (!ssh->kex_in_progress &&
- ssh->outgoing_data_size > MAX_DATA_BEFORE_REKEY)
+ ssh->max_data_size != 0 &&
+ ssh->outgoing_data_size > ssh->max_data_size)
do_ssh2_transport(ssh, "Initiating key re-exchange "
"(too much data sent)", -1, NULL);
ssh->deferred_data_size = 0;
* Key exchange is over. Schedule a timer for our next rekey.
*/
ssh->kex_in_progress = FALSE;
- ssh->next_rekey = schedule_timer(REKEY_TIMEOUT, ssh2_timer, ssh);
-
+ if (ssh->cfg.ssh_rekey_time != 0)
+ ssh->next_rekey = schedule_timer(ssh->cfg.ssh_rekey_time*60*TICKSPERSEC,
+ ssh2_timer, ssh);
+
/*
* If this is the first key exchange phase, we must pass the
* SSH2_MSG_NEWKEYS packet to the next layer, not because it
if (pktin) {
ssh->incoming_data_size += pktin->encrypted_len;
if (!ssh->kex_in_progress &&
- ssh->incoming_data_size > MAX_DATA_BEFORE_REKEY)
+ ssh->max_data_size != 0 &&
+ ssh->incoming_data_size > ssh->max_data_size)
do_ssh2_transport(ssh, "Initiating key re-exchange "
"(too much data received)", -1, NULL);
}
ssh->incoming_data_size = ssh->outgoing_data_size =
ssh->deferred_data_size = 0L;
+ ssh->max_data_size = parse_blocksize(ssh->cfg.ssh_rekey_data);
ssh->kex_in_progress = FALSE;
p = connect_to_host(ssh, host, port, realhost, nodelay, keepalive);
*/
static const struct telnet_special *ssh_get_specials(void *handle)
{
- static const struct telnet_special ignore_special[] = {
+ static const struct telnet_special ssh1_ignore_special[] = {
+ {"IGNORE message", TS_NOP}
+ };
+ static const struct telnet_special ssh2_transport_specials[] = {
{"IGNORE message", TS_NOP},
{"Repeat key exchange", TS_REKEY},
};
static const struct telnet_special ssh2_session_specials[] = {
{NULL, TS_SEP},
{"Break", TS_BRK},
- /* These are the signal names defined by draft-ietf-secsh-connect-19.
+ /* These are the signal names defined by draft-ietf-secsh-connect-23.
* They include all the ISO C signals, but are a subset of the POSIX
* required signals. */
{"SIGINT (Interrupt)", TS_SIGINT},
static const struct telnet_special specials_end[] = {
{NULL, TS_EXITMENU}
};
- static struct telnet_special ssh_specials[lenof(ignore_special) +
+ /* XXX review this length for any changes: */
+ static struct telnet_special ssh_specials[lenof(ssh2_transport_specials) +
lenof(ssh2_session_specials) +
lenof(specials_end)];
Ssh ssh = (Ssh) handle;
* won't cope with it, since we wouldn't bother sending it if
* asked anyway. */
if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
- ADD_SPECIALS(ignore_special);
+ ADD_SPECIALS(ssh1_ignore_special);
} else if (ssh->version == 2) {
- ADD_SPECIALS(ignore_special);
+ ADD_SPECIALS(ssh2_transport_specials);
if (ssh->mainchan)
ADD_SPECIALS(ssh2_session_specials);
} /* else we're not ready yet */