svn commit: r383231 - in head/security/openssh-portable: . files
Bryan Drewery
bdrewery at FreeBSD.org
Sat Apr 4 17:17:00 UTC 2015
Author: bdrewery
Date: Sat Apr 4 17:16:58 2015
New Revision: 383231
URL: https://svnweb.freebsd.org/changeset/ports/383231
Log:
- Update to 6.8p1
- Fix 'make test'
- HPN:
- NONECIPHER is no longer default. This is not default in base and should not
be default here as it introduces security holes.
- HPN: I've audited the patch and included it in the port directory for
transparency. I identified several bugs and submitted them to the new
upstream: https://github.com/rapier1/openssh-portable/pull/2
- HPN: The entire patch is now ifdef'd to ensure various bits are properly
removed depending on the OPTIONS selected.
- AES_THREADED is removed. It has questionable benefit on modern HW and is not
stable.
- The "enhanced logging" was removed from the patch as it is too
intrusive and difficult to maintain in the port.
- The progress meter "peak throughput" patch was removed.
- Fixed HPN version showing in client/server version string when HPN
was disabled in the config.
- KERB_GSSAPI is currently BROKEN as it does not apply.
- Update X509 to 8.3
Changelog: http://www.openssh.com/txt/release-6.8
Added:
head/security/openssh-portable/files/extra-patch-hpn (contents, props changed)
head/security/openssh-portable/files/patch-regress__test-exec.sh (contents, props changed)
head/security/openssh-portable/files/patch-sshconnect.c (contents, props changed)
Deleted:
head/security/openssh-portable/files/extra-patch-hpn-build-options
head/security/openssh-portable/files/extra-patch-hpn-no-hpn
head/security/openssh-portable/files/extra-patch-hpn-window-size
Modified:
head/security/openssh-portable/Makefile
head/security/openssh-portable/distinfo
head/security/openssh-portable/files/extra-patch-sshd-utmp-size
head/security/openssh-portable/files/extra-patch-tcpwrappers
head/security/openssh-portable/files/patch-servconf.c
head/security/openssh-portable/files/patch-ssh-agent.c
Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile Sat Apr 4 16:23:55 2015 (r383230)
+++ head/security/openssh-portable/Makefile Sat Apr 4 17:16:58 2015 (r383231)
@@ -2,8 +2,8 @@
# $FreeBSD$
PORTNAME= openssh
-DISTVERSION= 6.7p1
-PORTREVISION= 5
+DISTVERSION= 6.8p1
+PORTREVISION= 0
PORTEPOCH= 1
CATEGORIES= security ipv6
MASTER_SITES= ${MASTER_SITE_OPENBSD}
@@ -27,13 +27,10 @@ CONFIGURE_ARGS= --prefix=${PREFIX} --wi
--without-zlib-version-check --with-ssl-engine
ETCOLD= ${PREFIX}/etc
-SUDO?= # empty
-MAKE_ENV+= SUDO="${SUDO}"
-
OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT BSM \
HPN X509 KERB_GSSAPI \
- OVERWRITE_BASE SCTP AES_THREADED LDNS NONECIPHER
-OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS HPN LDNS NONECIPHER
+ OVERWRITE_BASE SCTP LDNS NONECIPHER
+OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS HPN LDNS
OPTIONS_RADIO= KERBEROS
OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE
TCP_WRAPPERS_DESC= tcp_wrappers support
@@ -47,7 +44,6 @@ OVERWRITE_BASE_DESC= EOL, No longer supp
HEIMDAL_DESC= Heimdal Kerberos (security/heimdal)
HEIMDAL_BASE_DESC= Heimdal Kerberos (base)
MIT_DESC= MIT Kerberos (security/krb5)
-AES_THREADED_DESC= Threaded AES-CTR
NONECIPHER_DESC= NONE Cipher support
OPTIONS_SUB= yes
@@ -61,18 +57,17 @@ LDNS_CFLAGS= -I${LOCALBASE}/include
LDNS_CONFIGURE_ON= --with-ldflags='-L${LOCALBASE}/lib'
# http://www.psc.edu/index.php/hpn-ssh
-HPN_EXTRA_PATCHES= ${FILESDIR}/extra-patch-hpn-window-size
HPN_CONFIGURE_WITH= hpn
NONECIPHER_CONFIGURE_WITH= nonecipher
-AES_THREADED_CONFIGURE_WITH= aes-threaded
# See http://www.roumenpetrov.info/openssh/
-X509_VERSION= 8.2
+X509_VERSION= 8.3
X509_PATCH_SITES= http://www.roumenpetrov.info/openssh/x509-${X509_VERSION}/:x509
-X509_PATCHFILES= ${PORTNAME}-6.7p1+x509-${X509_VERSION}.diff.gz:-p1:x509
+X509_PATCHFILES= ${PORTNAME}-6.8p1+x509-${X509_VERSION}.diff.gz:-p1:x509
# See https://bugzilla.mindrot.org/show_bug.cgi?id=2016
-SCTP_PATCHFILES= ${PORTNAME}-6.7p1-sctp-2496.patch.gz:-p1
+# and https://bugzilla.mindrot.org/show_bug.cgi?id=1604
+SCTP_PATCHFILES= ${PORTNAME}-6.8p1-sctp-2573.patch.gz:-p1
SCTP_CONFIGURE_WITH= sctp
MIT_LIB_DEPENDS= libkrb5.so.3:${PORTSDIR}/security/krb5
@@ -93,19 +88,15 @@ PATCH_SITES+= http://mirror.shatow.net/
EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}}
.endif
-# http://www.psc.edu/index.php/hpn-ssh
-.if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MAES_THREADED} || ${PORT_OPTIONS:MNONECIPHER}
+# http://www.psc.edu/index.php/hpn-ssh https://github.com/rapier1/hpn-ssh https://github.com/rapier1/openssh-portable
+.if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
PORTDOCS+= HPN-README
HPN_VERSION= 14v5
HPN_DISTVERSION= 6.7p1
#PATCH_SITES+= ${MASTER_SITE_SOURCEFORGE:S/$/:hpn/}
#PATCH_SITE_SUBDIR+= hpnssh/HPN-SSH%20${HPN_VERSION}%20${HPN_DISTVERSION}/:hpn
-PATCHFILES+= ${PORTNAME}-${HPN_DISTVERSION}-hpnssh${HPN_VERSION}.diff.gz:-p1:hpn
-EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-build-options
-# Remove HPN if only AES requested
-. if !${PORT_OPTIONS:MHPN}
-EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-no-hpn
-. endif
+#PATCHFILES+= ${PORTNAME}-${HPN_DISTVERSION}-hpnssh${HPN_VERSION}.diff.gz:-p1:hpn
+EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn:-p2
.endif
# Must add this patch after HPN due to conflicts
@@ -133,7 +124,7 @@ EXTRA_PATCHES+= ${FILESDIR}/extra-patch
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-version-addendum
.if ${PORT_OPTIONS:MX509}
-. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MAES_THREADED} || ${PORT_OPTIONS:MNONECIPHER}
+. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
BROKEN= X509 patch and HPN patch do not apply cleanly together
. endif
@@ -147,6 +138,10 @@ BROKEN= X509 patch incompatible with KE
.endif
+. if ${PORT_OPTIONS:MKERB_GSSAPI}
+BROKEN= Does not apply to 6.8
+. endif
+
.if ${PORT_OPTIONS:MHEIMDAL_BASE} && ${PORT_OPTIONS:MKERB_GSSAPI}
BROKEN= KERB_GSSAPI Requires either MIT or HEMIDAL, does not build with base Heimdal currently
.endif
@@ -218,14 +213,17 @@ post-install:
${STAGEDIR}${ETCDIR}//ssh_config.sample
${MV} ${STAGEDIR}${ETCDIR}/sshd_config \
${STAGEDIR}${ETCDIR}/sshd_config.sample
-.if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MAES_THREADED} || ${PORT_OPTIONS:MNONECIPHER}
+.if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
${MKDIR} ${STAGEDIR}${DOCSDIR}
${INSTALL_DATA} ${WRKSRC}/HPN-README ${STAGEDIR}${DOCSDIR}
.endif
-test: build
- (cd ${WRKSRC}/regress && ${SETENV} OBJ=${WRKDIR} ${MAKE_ENV} TEST_SHELL=/bin/sh \
+test: build
+ cd ${WRKSRC} && ${SETENV} -i \
+ OBJ=${WRKDIR} ${MAKE_ENV} \
+ TEST_SHELL=${SH} \
+ SUDO="${SUDO}" \
PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \
- ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS})
+ ${MAKE_CMD} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} tests
.include <bsd.port.post.mk>
Modified: head/security/openssh-portable/distinfo
==============================================================================
--- head/security/openssh-portable/distinfo Sat Apr 4 16:23:55 2015 (r383230)
+++ head/security/openssh-portable/distinfo Sat Apr 4 17:16:58 2015 (r383231)
@@ -1,12 +1,8 @@
-SHA256 (openssh-6.7p1.tar.gz) = b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507
-SIZE (openssh-6.7p1.tar.gz) = 1351367
-SHA256 (openssh-6.7p1-hpnssh14v5.diff.gz) = 846ad51577de8308d60dbfaa58ba18d112d0732fdf21063ebc78407fc8e4a7b6
-SIZE (openssh-6.7p1-hpnssh14v5.diff.gz) = 24326
-SHA256 (openssh-6.7p1+x509-8.2.diff.gz) = 85acfcd560b40d4533b82a4e3f443b7137b377868bab424dacdf00581c83240f
-SIZE (openssh-6.7p1+x509-8.2.diff.gz) = 241798
+SHA256 (openssh-6.8p1.tar.gz) = 3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e
+SIZE (openssh-6.8p1.tar.gz) = 1475953
+SHA256 (openssh-6.8p1+x509-8.3.diff.gz) = 34dbefcce8509d3c876be3e7d8966455c7c3589a6872bdfb1f8ce3d133f4d304
+SIZE (openssh-6.8p1+x509-8.3.diff.gz) = 347942
SHA256 (openssh-6.7p1-gsskex-all-20141021-284f364.patch.gz) = 9a361408269a542d28dae77320f30e94a44098acdbbbc552efb0bdeac6270dc8
SIZE (openssh-6.7p1-gsskex-all-20141021-284f364.patch.gz) = 25825
-SHA256 (openssh-lpk-6.3p1.patch.gz) = d2a8b7da7acebac2afc4d0a3dffe8fca2e49900cf733af2e7012f2449b3668e1
-SIZE (openssh-lpk-6.3p1.patch.gz) = 17815
-SHA256 (openssh-6.7p1-sctp-2496.patch.gz) = ec2b6aa8a6d65a2c11d4453a25294ae5082e7ed7c9f418ec081f750bfba022db
-SIZE (openssh-6.7p1-sctp-2496.patch.gz) = 8052
+SHA256 (openssh-6.8p1-sctp-2573.patch.gz) = 0348713ad4cb4463e90cf5202ed41c8f726d7d604f3f93922a9aa55b86abf04a
+SIZE (openssh-6.8p1-sctp-2573.patch.gz) = 8531
Added: head/security/openssh-portable/files/extra-patch-hpn
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/openssh-portable/files/extra-patch-hpn Sat Apr 4 17:16:58 2015 (r383231)
@@ -0,0 +1,1296 @@
+diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/openssh-6.8p1/HPN-README work/openssh-6.8p1/HPN-README
+--- work.clean/openssh-6.8p1/HPN-README 1969-12-31 18:00:00.000000000 -0600
++++ work/openssh-6.8p1/HPN-README 2015-04-01 22:16:49.869215000 -0500
+@@ -0,0 +1,129 @@
++Notes:
++
++MULTI-THREADED CIPHER:
++The AES cipher in CTR mode has been multithreaded (MTR-AES-CTR). This will allow ssh installations
++on hosts with multiple cores to use more than one processing core during encryption.
++Tests have show significant throughput performance increases when using MTR-AES-CTR up
++to and including a full gigabit per second on quad core systems. It should be possible to
++achieve full line rate on dual core systems but OS and data management overhead makes this
++more difficult to achieve. The cipher stream from MTR-AES-CTR is entirely compatible with single
++thread AES-CTR (ST-AES-CTR) implementations and should be 100% backward compatible. Optimal
++performance requires the MTR-AES-CTR mode be enabled on both ends of the connection.
++The MTR-AES-CTR replaces ST-AES-CTR and is used in exactly the same way with the same
++nomenclature.
++Use examples: ssh -caes128-ctr you at host.com
++ scp -oCipher=aes256-ctr file you at host.com:~/file
++
++NONE CIPHER:
++To use the NONE option you must have the NoneEnabled switch set on the server and
++you *must* have *both* NoneEnabled and NoneSwitch set to yes on the client. The NONE
++feature works with ALL ssh subsystems (as far as we can tell) *AS LONG AS* a tty is not
++spawned. If a user uses the -T switch to prevent a tty being created the NONE cipher will
++be disabled.
++
++The performance increase will only be as good as the network and TCP stack tuning
++on the reciever side of the connection allows. As a rule of thumb a user will need
++at least 10Mb/s connection with a 100ms RTT to see a doubling of performance. The
++HPN-SSH home page describes this in greater detail.
++
++http://www.psc.edu/networking/projects/hpn-ssh
++
++BUFFER SIZES:
++
++If HPN is disabled the receive buffer size will be set to the
++OpenSSH default of 64K.
++
++If an HPN system connects to a nonHPN system the receive buffer will
++be set to the HPNBufferSize value. The default is 2MB but user adjustable.
++
++If an HPN to HPN connection is established a number of different things might
++happen based on the user options and conditions.
++
++Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
++HPN Buffer Size = up to 64MB
++This is the default state. The HPN buffer size will grow to a maximum of 64MB
++as the TCP receive buffer grows. The maximum HPN Buffer size of 64MB is
++geared towards 10GigE transcontinental connections.
++
++Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
++HPN Buffer Size = TCP receive buffer value.
++Users on non-autotuning systesm should disable TCPRcvBufPoll in the
++ssh_cofig and sshd_config
++
++Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
++HPN Buffer Size = minmum of TCP receive buffer and HPNBufferSize.
++This would be the system defined TCP receive buffer (RWIN).
++
++Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf SET
++HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
++Generally there is no need to set both.
++
++Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
++HPN Buffer Size = grows to HPNBufferSize
++The buffer will grow up to the maximum size specified here.
++
++Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf SET
++HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
++Generally there is no need to set both of these, especially on autotuning
++systems. However, if the users wishes to override the autotuning this would be
++one way to do it.
++
++Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf SET
++HPN Buffer Size = TCPRcvBuf.
++This will override autotuning and set the TCP recieve buffer to the user defined
++value.
++
++
++HPN Specific Configuration options
++
++TcpRcvBuf=[int]KB client
++ set the TCP socket receive buffer to n Kilobytes. It can be set up to the
++maximum socket size allowed by the system. This is useful in situations where
++the tcp receive window is set low but the maximum buffer size is set
++higher (as is typical). This works on a per TCP connection basis. You can also
++use this to artifically limit the transfer rate of the connection. In these
++cases the throughput will be no more than n/RTT. The minimum buffer size is 1KB.
++Default is the current system wide tcp receive buffer size.
++
++TcpRcvBufPoll=[yes/no] client/server
++ enable of disable the polling of the tcp receive buffer through the life
++of the connection. You would want to make sure that this option is enabled
++for systems making use of autotuning kernels (linux 2.4.24+, 2.6, MS Vista)
++default is yes.
++
++NoneEnabled=[yes/no] client/server
++ enable or disable the use of the None cipher. Care must always be used
++when enabling this as it will allow users to send data in the clear. However,
++it is important to note that authentication information remains encrypted
++even if this option is enabled. Set to no by default.
++
++NoneSwitch=[yes/no] client
++ Switch the encryption cipher being used to the None cipher after
++authentication takes place. NoneEnabled must be enabled on both the client
++and server side of the connection. When the connection switches to the NONE
++cipher a warning is sent to STDERR. The connection attempt will fail with an
++error if a client requests a NoneSwitch from the server that does not explicitly
++have NoneEnabled set to yes. Note: The NONE cipher cannot be used in
++interactive (shell) sessions and it will fail silently. Set to no by default.
++
++HPNDisabled=[yes/no] client/server
++ In some situations, such as transfers on a local area network, the impact
++of the HPN code produces a net decrease in performance. In these cases it is
++helpful to disable the HPN functionality. By default HPNDisabled is set to no.
++
++HPNBufferSize=[int]KB client/server
++ This is the default buffer size the HPN functionality uses when interacting
++with nonHPN SSH installations. Conceptually this is similar to the TcpRcvBuf
++option as applied to the internal SSH flow control. This value can range from
++1KB to 64MB (1-65536). Use of oversized or undersized buffers can cause performance
++problems depending on the length of the network path. The default size of this buffer
++is 2MB.
++
++
++Credits: This patch was conceived, designed, and led by Chris Rapier (rapier at psc.edu)
++ The majority of the actual coding for versions up to HPN12v1 was performed
++ by Michael Stevens (mstevens at andrew.cmu.edu). The MT-AES-CTR cipher was
++ implemented by Ben Bennet (ben at psc.edu) and improved by Mike Tasota
++ (tasota at gmail.com) an NSF REU grant recipient for 2013.
++ This work was financed, in part, by Cisco System, Inc., the National
++ Library of Medicine, and the National Science Foundation.
+--- work.clean/openssh-6.8p1/channels.c 2015-03-17 00:49:20.000000000 -0500
++++ work/openssh-6.8p1/channels.c 2015-04-03 15:51:59.599537000 -0500
+@@ -183,8 +183,14 @@
+ static int connect_next(struct channel_connect *);
+ static void channel_connect_ctx_free(struct channel_connect *);
+
++
++#ifdef HPN_ENABLED
++static int hpn_disabled = 0;
++static int hpn_buffer_size = 2 * 1024 * 1024;
++#endif
++
+ /* -- channel core */
+
+ Channel *
+ channel_by_id(int id)
+ {
+@@ -333,6 +339,9 @@
+ c->local_window_max = window;
+ c->local_consumed = 0;
+ c->local_maxpacket = maxpack;
++#ifdef HPN_ENABLED
++ c->dynamic_window = 0;
++#endif
+ c->remote_id = -1;
+ c->remote_name = xstrdup(remote_name);
+ c->remote_window = 0;
+@@ -837,11 +846,41 @@
+ FD_SET(c->sock, writeset);
+ }
+
++#ifdef HPN_ENABLED
++static u_int
++channel_tcpwinsz(void)
++{
++ u_int32_t tcpwinsz = 0;
++ socklen_t optsz = sizeof(tcpwinsz);
++ int ret = -1;
++
++ /* if we aren't on a socket return 128KB */
++ if (!packet_connection_is_on_socket())
++ return (128*1024);
++ ret = getsockopt(packet_get_connection_in(),
++ SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
++ /* return no more than SSHBUF_SIZE_MAX */
++ if (ret == 0 && tcpwinsz > SSHBUF_SIZE_MAX)
++ tcpwinsz = SSHBUF_SIZE_MAX;
++ debug2("tcpwinsz: %d for connection: %d", tcpwinsz,
++ packet_get_connection_in());
++ return (tcpwinsz);
++}
++#endif
++
+ static void
+ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
+ {
+ u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
+
++#ifdef HPN_ENABLED
++ /* check buffer limits */
++ if (!c->tcpwinsz || c->dynamic_window > 0)
++ c->tcpwinsz = channel_tcpwinsz();
++
++ limit = MIN(limit, 2 * c->tcpwinsz);
++#endif
++
+ if (c->istate == CHAN_INPUT_OPEN &&
+ limit > 0 &&
+ buffer_len(&c->input) < limit &&
+@@ -1846,6 +1885,20 @@
+ c->local_maxpacket*3) ||
+ c->local_window < c->local_window_max/2) &&
+ c->local_consumed > 0) {
++#ifdef HPN_ENABLED
++ /* adjust max window size if we are in a dynamic environment */
++ if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) {
++ u_int addition = 0;
++
++ /*
++ * grow the window somewhat aggressively to maintain
++ * pressure
++ */
++ addition = 1.5*(c->tcpwinsz - c->local_window_max);
++ c->local_window_max += addition;
++ c->local_consumed += addition;
++ }
++#endif
+ packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
+ packet_put_int(c->remote_id);
+ packet_put_int(c->local_consumed);
+@@ -2794,6 +2847,17 @@
+ return addr;
+ }
+
++#ifdef HPN_ENABLED
++void
++channel_set_hpn(int external_hpn_disabled, int external_hpn_buffer_size)
++{
++ hpn_disabled = external_hpn_disabled;
++ hpn_buffer_size = external_hpn_buffer_size;
++ debug("HPN Disabled: %d, HPN Buffer Size: %d", hpn_disabled,
++ hpn_buffer_size);
++}
++#endif
++
+ static int
+ channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd,
+ int *allocated_listen_port, struct ForwardOptions *fwd_opts)
+@@ -2918,9 +2982,20 @@
+ }
+
+ /* Allocate a channel number for the socket. */
++#ifdef HPN_ENABLED
++ /*
++ * explicitly test for hpn disabled option. if true use smaller
++ * window size.
++ */
++ if (!hpn_disabled)
++ c = channel_new("port listener", type, sock, sock, -1,
++ hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
++ 0, "port listener", 1);
++ else
++#endif
+ c = channel_new("port listener", type, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
+ 0, "port listener", 1);
+ c->path = xstrdup(host);
+ c->host_port = fwd->connect_port;
+ c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
+@@ -3952,6 +4027,14 @@
+ *chanids = xcalloc(num_socks + 1, sizeof(**chanids));
+ for (n = 0; n < num_socks; n++) {
+ sock = socks[n];
++#ifdef HPN_ENABLED
++ if (!hpn_disabled)
++ nc = channel_new("x11 listener",
++ SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
++ hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
++ 0, "X11 inet listener", 1);
++ else
++#endif
+ nc = channel_new("x11 listener",
+ SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
+ CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
+--- work.clean/openssh-6.8p1/channels.h 2015-03-17 00:49:20.000000000 -0500
++++ work/openssh-6.8p1/channels.h 2015-04-03 13:58:44.472717000 -0500
+@@ -136,6 +136,10 @@
+ u_int local_maxpacket;
+ int extended_usage;
+ int single_connection;
++#ifdef HPN_ENABLED
++ int dynamic_window;
++ u_int tcpwinsz;
++#endif
+
+ char *ctype; /* type */
+
+@@ -311,4 +315,9 @@
+ void chan_write_failed(Channel *);
+ void chan_obuf_empty(Channel *);
+
++#ifdef HPN_ENABLED
++/* hpn handler */
++void channel_set_hpn(int, int);
++#endif
++
+ #endif
+--- work.clean/openssh-6.8p1/cipher.c 2015-03-17 00:49:20.000000000 -0500
++++ work/openssh-6.8p1/cipher.c 2015-04-03 16:22:04.972592000 -0500
+@@ -244,7 +244,13 @@
+ for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
+ (p = strsep(&cp, CIPHER_SEP))) {
+ c = cipher_by_name(p);
+- if (c == NULL || c->number != SSH_CIPHER_SSH2) {
++ if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
++#ifdef NONE_CIPHER_ENABLED
++ c->number != SSH_CIPHER_NONE
++#else
++ 1
++#endif
++ )) {
+ free(cipher_list);
+ return 0;
+ }
+@@ -545,6 +551,9 @@
+
+ switch (c->number) {
+ #ifdef WITH_OPENSSL
++#ifdef NONE_CIPHER_ENABLED
++ case SSH_CIPHER_NONE:
++#endif
+ case SSH_CIPHER_SSH2:
+ case SSH_CIPHER_DES:
+ case SSH_CIPHER_BLOWFISH:
+@@ -593,6 +602,9 @@
+
+ switch (c->number) {
+ #ifdef WITH_OPENSSL
++#ifdef NONE_CIPHER_ENABLED
++ case SSH_CIPHER_NONE:
++#endif
+ case SSH_CIPHER_SSH2:
+ case SSH_CIPHER_DES:
+ case SSH_CIPHER_BLOWFISH:
+--- work.clean/openssh-6.8p1/clientloop.c 2015-03-17 00:49:20.000000000 -0500
++++ work/openssh-6.8p1/clientloop.c 2015-04-03 17:29:40.618489000 -0500
+@@ -1909,6 +1909,15 @@
+ sock = x11_connect_display();
+ if (sock < 0)
+ return NULL;
++#ifdef HPN_ENABLED
++ /* again is this really necessary for X11? */
++ if (!options.hpn_disabled)
++ c = channel_new("x11",
++ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
++ options.hpn_buffer_size,
++ CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
++ else
++#endif
+ c = channel_new("x11",
+ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
+@@ -1934,6 +1943,14 @@
+ __func__, ssh_err(r));
+ return NULL;
+ }
++#ifdef HPN_ENABLED
++ if (!options.hpn_disabled)
++ c = channel_new("authentication agent connection",
++ SSH_CHANNEL_OPEN, sock, sock, -1,
++ options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0,
++ "authentication agent connection", 1);
++ else
++#endif
+ c = channel_new("authentication agent connection",
+ SSH_CHANNEL_OPEN, sock, sock, -1,
+ CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
+@@ -1964,6 +1981,12 @@
+ return -1;
+ }
+
++#ifdef HPN_ENABLED
++ if (!options.hpn_disabled)
++ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
++ options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
++ else
++#endif
+ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
+ c->datagram = 1;
+--- work.clean/openssh-6.8p1/compat.c 2015-03-17 00:49:20.000000000 -0500
++++ work/openssh-6.8p1/compat.c 2015-04-03 16:39:57.665699000 -0500
+@@ -177,6 +177,14 @@
+ debug("match: %s pat %s compat 0x%08x",
+ version, check[i].pat, check[i].bugs);
+ datafellows = check[i].bugs; /* XXX for now */
++#ifdef HPN_ENABLED
++ /* Check to see if the remote side is OpenSSH and not HPN */
++ if (strstr(version,"OpenSSH") != NULL &&
++ strstr(version,"hpn") == NULL) {
++ datafellows |= SSH_BUG_LARGEWINDOW;
++ debug("Remote is NON-HPN aware");
++ }
++#endif
+ return check[i].bugs;
+ }
+ }
+--- work.clean/openssh-6.8p1/compat.h 2015-03-17 00:49:20.000000000 -0500
++++ work/openssh-6.8p1/compat.h 2015-04-03 16:39:34.780416000 -0500
+@@ -60,6 +60,9 @@
+ #define SSH_NEW_OPENSSH 0x04000000
+ #define SSH_BUG_DYNAMIC_RPORT 0x08000000
+ #define SSH_BUG_CURVE25519PAD 0x10000000
++#ifdef HPN_ENABLED
++#define SSH_BUG_LARGEWINDOW 0x20000000
++#endif
+
+ void enable_compat13(void);
+ void enable_compat20(void);
+--- work.clean/openssh-6.8p1/configure.ac 2015-03-17 00:49:20.000000000 -0500
++++ work/openssh-6.8p1/configure.ac 2015-04-03 16:36:28.916502000 -0500
+@@ -4238,6 +4238,25 @@
+ ]
+ ) # maildir
+
++#check whether user wants HPN support
++HPN_MSG="no"
++AC_ARG_WITH(hpn,
++ [ --with-hpn Enable HPN support],
++ [ if test "x$withval" != "xno" ; then
++ AC_DEFINE(HPN_ENABLED,1,[Define if you want HPN support.])
++ HPN_MSG="yes"
++ fi ]
++)
++#check whether user wants NONECIPHER support
++NONECIPHER_MSG="no"
++AC_ARG_WITH(nonecipher,
++ [ --with-nonecipher Enable NONECIPHER support],
++ [ if test "x$withval" != "xno" ; then
++ AC_DEFINE(NONE_CIPHER_ENABLED,1,[Define if you want NONECIPHER support.])
++ NONECIPHER_MSG="yes"
++ fi ]
++)
++
+ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
+ AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
+ disable_ptmx_check=yes
+@@ -4905,6 +4924,8 @@
+ echo " BSD Auth support: $BSD_AUTH_MSG"
+ echo " Random number source: $RAND_MSG"
+ echo " Privsep sandbox style: $SANDBOX_STYLE"
++echo " HPN support: $HPN_MSG"
++echo " NONECIPHER support: $NONECIPHER_MSG"
+
+ echo ""
+
+--- work.clean/openssh-6.8p1/kex.c 2015-03-17 00:49:20.000000000 -0500
++++ work/openssh-6.8p1/kex.c 2015-04-03 17:06:44.032682000 -0500
+@@ -587,6 +587,13 @@
+ int nenc, nmac, ncomp;
+ u_int mode, ctos, need, dh_need, authlen;
+ int r, first_kex_follows;
++#ifdef NONE_CIPHER_ENABLED
++ /* XXX: Could this move into the lower block? */
++ int auth_flag;
++
++ auth_flag = ssh_packet_authentication_state(ssh);
++ debug ("AUTH STATE IS %d", auth_flag);
++#endif
+
+ if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0 ||
+ (r = kex_buf2prop(kex->peer, &first_kex_follows, &peer)) != 0)
+@@ -635,6 +642,17 @@
+ if ((r = choose_comp(&newkeys->comp, cprop[ncomp],
+ sprop[ncomp])) != 0)
+ goto out;
++#ifdef NONE_CIPHER_ENABLED
++ debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
++ if (strcmp(newkeys->enc.name, "none") == 0) {
++ debug("Requesting NONE. Authflag is %d", auth_flag);
++ if (auth_flag == 1) {
++ debug("None requested post authentication.");
++ } else {
++ fatal("Pre-authentication none cipher requests are not allowed.");
++ }
++ }
++#endif
+ debug("kex: %s %s %s %s",
+ ctos ? "client->server" : "server->client",
+ newkeys->enc.name,
+--- work.clean/openssh-6.8p1/myproposal.h 2015-03-17 00:49:20.000000000 -0500
++++ work/openssh-6.8p1/myproposal.h 2015-04-03 16:43:33.747402000 -0500
+@@ -171,6 +171,10 @@
+ #define KEX_DEFAULT_COMP "none,zlib at openssh.com,zlib"
+ #define KEX_DEFAULT_LANG ""
+
++#ifdef NONE_CIPHER_ENABLED
++#define KEX_ENCRYPT_INCLUDE_NONE KEX_SERVER_ENCRYPT ",none"
++#endif
++
+ #define KEX_CLIENT \
+ KEX_CLIENT_KEX, \
+ KEX_DEFAULT_PK_ALG, \
+--- work.clean/openssh-6.8p1/packet.c 2015-03-17 00:49:20.000000000 -0500
++++ work/openssh-6.8p1/packet.c 2015-04-03 16:10:57.002066000 -0500
+@@ -2199,6 +2199,24 @@
+ }
+ }
+
++#ifdef NONE_CIPHER_ENABLED
++/* this supports the forced rekeying required for the NONE cipher */
++int rekey_requested = 0;
++void
++packet_request_rekeying(void)
++{
++ rekey_requested = 1;
++}
++
++int
++ssh_packet_authentication_state(struct ssh *ssh)
++{
++ struct session_state *state = ssh->state;
++
++ return(state->after_authentication);
++}
++#endif
++
+ #define MAX_PACKETS (1U<<31)
+ int
+ ssh_packet_need_rekeying(struct ssh *ssh)
+@@ -2207,6 +2225,12 @@
+
+ if (ssh->compat & SSH_BUG_NOREKEY)
+ return 0;
++#ifdef NONE_CIPHER_ENABLED
++ if (rekey_requested == 1) {
++ rekey_requested = 0;
++ return 1;
++ }
++#endif
+ return
+ (state->p_send.packets > MAX_PACKETS) ||
+ (state->p_read.packets > MAX_PACKETS) ||
+--- work.clean/openssh-6.8p1/packet.h 2015-03-17 00:49:20.000000000 -0500
++++ work/openssh-6.8p1/packet.h 2015-04-03 16:10:34.728161000 -0500
+@@ -188,6 +188,11 @@
+ int sshpkt_get_end(struct ssh *ssh);
+ const u_char *sshpkt_ptr(struct ssh *, size_t *lenp);
+
++#ifdef NONE_CIPHER_ENABLED
++void packet_request_rekeying(void);
++int ssh_packet_authentication_state(struct ssh *ssh);
++#endif
++
+ /* OLD API */
+ extern struct ssh *active_state;
+ #include "opacket.h"
+--- work.clean/openssh-6.8p1/readconf.c 2015-04-01 22:07:18.135435000 -0500
++++ work/openssh-6.8p1/readconf.c 2015-04-03 15:10:44.188916000 -0500
+@@ -154,6 +154,12 @@
+ oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
+ oVisualHostKey, oUseRoaming,
+ oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
++#ifdef HPN_ENABLED
++ oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
++#endif
++#ifdef NONE_CIPHER_ENABLED
++ oNoneSwitch, oNoneEnabled,
++#endif
+ oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
+ oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
+ oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
+@@ -276,6 +282,16 @@
+ { "fingerprinthash", oFingerprintHash },
+ { "updatehostkeys", oUpdateHostkeys },
+ { "hostbasedkeytypes", oHostbasedKeyTypes },
++#ifdef NONE_CIPHER_ENABLED
++ { "noneenabled", oNoneEnabled },
++ { "noneswitch", oNoneSwitch },
++#endif
++#ifdef HPN_ENABLED
++ { "tcprcvbufpoll", oTcpRcvBufPoll },
++ { "tcprcvbuf", oTcpRcvBuf },
++ { "hpndisabled", oHPNDisabled },
++ { "hpnbuffersize", oHPNBufferSize },
++#endif
+ { "ignoreunknown", oIgnoreUnknown },
+
+ { NULL, oBadOption }
+@@ -917,6 +933,44 @@
+ intptr = &options->check_host_ip;
+ goto parse_flag;
+
++#ifdef HPN_ENABLED
++ case oHPNDisabled:
++ intptr = &options->hpn_disabled;
++ goto parse_flag;
++
++ case oHPNBufferSize:
++ intptr = &options->hpn_buffer_size;
++ goto parse_int;
++
++ case oTcpRcvBufPoll:
++ intptr = &options->tcp_rcv_buf_poll;
++ goto parse_flag;
++
++ case oTcpRcvBuf:
++ intptr = &options->tcp_rcv_buf;
++ goto parse_int;
++#endif
++
++#ifdef NONE_CIPHER_ENABLED
++ case oNoneEnabled:
++ intptr = &options->none_enabled;
++ goto parse_flag;
++
++ /* we check to see if the command comes from the */
++ /* command line or not. If it does then enable it */
++ /* otherwise fail. NONE should never be a default configuration */
++ case oNoneSwitch:
++ if(strcmp(filename,"command-line") == 0) {
++ intptr = &options->none_switch;
++ goto parse_flag;
++ } else {
++ error("NoneSwitch is found in %.200s.\nYou may only use this configuration option from the command line", filename);
++ error("Continuing...");
++ debug("NoneSwitch directive found in %.200s.", filename);
++ return 0;
++ }
++#endif
++
+ case oVerifyHostKeyDNS:
+ intptr = &options->verify_host_key_dns;
+ multistate_ptr = multistate_yesnoask;
+@@ -1678,6 +1732,16 @@
+ options->ip_qos_interactive = -1;
+ options->ip_qos_bulk = -1;
+ options->request_tty = -1;
++#ifdef NONE_CIPHER_ENABLED
++ options->none_switch = -1;
++ options->none_enabled = -1;
++#endif
++#ifdef HPN_ENABLED
++ options->hpn_disabled = -1;
++ options->hpn_buffer_size = -1;
++ options->tcp_rcv_buf_poll = -1;
++ options->tcp_rcv_buf = -1;
++#endif
+ options->proxy_use_fdpass = -1;
+ options->ignored_unknown = NULL;
+ options->num_canonical_domains = 0;
+@@ -1838,6 +1902,35 @@
+ options->server_alive_interval = 0;
+ if (options->server_alive_count_max == -1)
+ options->server_alive_count_max = 3;
++#ifdef NONE_CIPHER_ENABLED
++ if (options->none_switch == -1)
++ options->none_switch = 0;
++ if (options->none_enabled == -1)
++ options->none_enabled = 0;
++#endif
++#ifdef HPN_ENABLED
++ if (options->hpn_disabled == -1)
++ options->hpn_disabled = 0;
++ if (options->hpn_buffer_size > -1) {
++ /* if a user tries to set the size to 0 set it to 1KB */
++ if (options->hpn_buffer_size == 0)
++ options->hpn_buffer_size = 1;
++ /* limit the buffer to 64MB */
++ if (options->hpn_buffer_size > 64*1024) {
++ options->hpn_buffer_size = 64*1024*1024;
++ debug("User requested buffer larger than 64MB. Request"
++ " reverted to 64MB");
++ } else
++ options->hpn_buffer_size *= 1024;
++ debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
++ }
++ if (options->tcp_rcv_buf == 0)
++ options->tcp_rcv_buf = 1;
++ if (options->tcp_rcv_buf > -1)
++ options->tcp_rcv_buf *=1024;
++ if (options->tcp_rcv_buf_poll == -1)
++ options->tcp_rcv_buf_poll = 1;
++#endif
+ if (options->control_master == -1)
+ options->control_master = 0;
+ if (options->control_persist == -1) {
+--- work.clean/openssh-6.8p1/readconf.h 2015-03-17 00:49:20.000000000 -0500
++++ work/openssh-6.8p1/readconf.h 2015-04-03 13:47:45.670125000 -0500
+@@ -105,6 +105,16 @@
+ int clear_forwardings;
+
+ int enable_ssh_keysign;
++#ifdef NONE_CIPHER_ENABLED
++ int none_switch; /* Use none cipher */
++ int none_enabled; /* Allow none to be used */
++#endif
++#ifdef HPN_ENABLED
++ int tcp_rcv_buf; /* user switch to set tcp recv buffer */
++ int tcp_rcv_buf_poll; /* Option to poll recv buf every window transfer */
++ int hpn_disabled; /* Switch to disable HPN buffer management */
++ int hpn_buffer_size; /* User definable size for HPN buffer window */
++#endif
+ int64_t rekey_limit;
+ int rekey_interval;
+ int no_host_authentication_for_localhost;
+--- work.clean/openssh-6.8p1/scp.c 2015-03-17 00:49:20.000000000 -0500
++++ work/openssh-6.8p1/scp.c 2015-04-02 16:51:25.108407000 -0500
+@@ -750,7 +750,7 @@
+ off_t i, statbytes;
+ size_t amt, nr;
+ int fd = -1, haderr, indx;
+- char *last, *name, buf[2048], encname[PATH_MAX];
++ char *last, *name, buf[16384], encname[PATH_MAX];
+ int len;
+
+ for (indx = 0; indx < argc; ++indx) {
+@@ -919,7 +919,7 @@
+ off_t size, statbytes;
+ unsigned long long ull;
+ int setimes, targisdir, wrerrno = 0;
+- char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
++ char ch, *cp, *np, *targ, *why, *vect[1], buf[16384];
+ struct timeval tv[2];
+
+ #define atime tv[0]
+--- work.clean/openssh-6.8p1/servconf.c 2015-04-01 22:07:18.142441000 -0500
++++ work/openssh-6.8p1/servconf.c 2015-04-03 16:32:16.114236000 -0500
+@@ -160,6 +160,14 @@
+ options->revoked_keys_file = NULL;
+ options->trusted_user_ca_keys = NULL;
+ options->authorized_principals_file = NULL;
++#ifdef NONE_CIPHER_ENABLED
++ options->none_enabled = -1;
++#endif
++#ifdef HPN_ENABLED
++ options->tcp_rcv_buf_poll = -1;
++ options->hpn_disabled = -1;
++ options->hpn_buffer_size = -1;
++#endif
+ options->ip_qos_interactive = -1;
+ options->ip_qos_bulk = -1;
+ options->version_addendum = NULL;
+@@ -326,6 +334,57 @@
+ }
+ if (options->permit_tun == -1)
+ options->permit_tun = SSH_TUNMODE_NO;
++#ifdef NONE_CIPHER_ENABLED
++ if (options->none_enabled == -1)
++ options->none_enabled = 0;
++#endif
++#ifdef HPN_ENABLED
++ if (options->hpn_disabled == -1)
++ options->hpn_disabled = 0;
++
++ if (options->hpn_buffer_size == -1) {
++ /*
++ * option not explicitly set. Now we have to figure out
++ * what value to use.
++ */
++ if (options->hpn_disabled == 1) {
++ options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
++ } else {
++ int sock, socksize;
++ socklen_t socksizelen = sizeof(socksize);
++
++ /*
++ * get the current RCV size and set it to that
++ * create a socket but don't connect it
++ * we use that the get the rcv socket size
++ */
++ sock = socket(AF_INET, SOCK_STREAM, 0);
++ getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
++ &socksize, &socksizelen);
++ close(sock);
++ options->hpn_buffer_size = socksize;
++ debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
++ }
++ } else {
++ /*
++ * we have to do this incase the user sets both values in a
++ * contradictory manner. hpn_disabled overrrides
++ * hpn_buffer_size
++ */
++ if (options->hpn_disabled <= 0) {
++ if (options->hpn_buffer_size == 0)
++ options->hpn_buffer_size = 1;
++ /* limit the maximum buffer to 64MB */
++ if (options->hpn_buffer_size > 64*1024) {
++ options->hpn_buffer_size = 64*1024*1024;
++ } else {
++ options->hpn_buffer_size *= 1024;
++ }
++ } else
++ options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
++ }
++#endif
++
+ if (options->ip_qos_interactive == -1)
+ options->ip_qos_interactive = IPTOS_LOWDELAY;
+ if (options->ip_qos_bulk == -1)
+@@ -401,6 +460,12 @@
+ sUsePrivilegeSeparation, sAllowAgentForwarding,
+ sHostCertificate,
+ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
++#ifdef NONE_CIPHER_ENABLED
++ sNoneEnabled,
++#endif
++#ifdef HPN_ENABLED
++ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
++#endif
+ sKexAlgorithms, sIPQoS, sVersionAddendum,
+ sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
+ sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
+@@ -529,6 +594,14 @@
+ { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
+ { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
+ { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
++#ifdef NONE_CIPHER_ENABLED
++ { "noneenabled", sNoneEnabled, SSHCFG_ALL },
++#endif
++#ifdef HPN_ENABLED
++ { "hpndisabled", sHPNDisabled, SSHCFG_ALL },
++ { "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
++ { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
++#endif
+ { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
+ { "ipqos", sIPQoS, SSHCFG_ALL },
+ { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
+@@ -1113,6 +1186,25 @@
+ intptr = &options->ignore_user_known_hosts;
+ goto parse_flag;
+
++#ifdef NONE_CIPHER_ENABLED
++ case sNoneEnabled:
++ intptr = &options->none_enabled;
++ goto parse_flag;
++#endif
++#ifdef HPN_ENABLED
++ case sTcpRcvBufPoll:
++ intptr = &options->tcp_rcv_buf_poll;
++ goto parse_flag;
++
++ case sHPNDisabled:
++ intptr = &options->hpn_disabled;
++ goto parse_flag;
++
++ case sHPNBufferSize:
++ intptr = &options->hpn_buffer_size;
++ goto parse_int;
++#endif
++
+ case sRhostsRSAAuthentication:
+ intptr = &options->rhosts_rsa_authentication;
+ goto parse_flag;
+--- work.clean/openssh-6.8p1/servconf.h 2015-03-17 00:49:20.000000000 -0500
++++ work/openssh-6.8p1/servconf.h 2015-04-03 13:48:37.316827000 -0500
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-ports-head
mailing list