diff options
| author | Konstantin Demin <rockdrilla@gmail.com> | 2024-01-09 03:40:02 +0300 |
|---|---|---|
| committer | Rui Salvaterra <rsalvaterra@gmail.com> | 2024-02-09 09:13:05 +0000 |
| commit | 865ae1c10c65001813413da95eb1b8cd06a7e1c1 (patch) | |
| tree | 11c293aa4e20bcadcc4f2ed3f18e467c1157212a /package/network/services/dropbear | |
| parent | 05100d865158a5d6eaf8b34a8deb0d447cc73301 (diff) | |
dropbear: better handle receive window size
- correct maximum receive window size
- adjust receive window size against maximum allowed value
- warn about too high receive window size in syslog
improves f95eecfb
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Diffstat (limited to 'package/network/services/dropbear')
| -rwxr-xr-x | package/network/services/dropbear/files/dropbear.init | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init index 6a0fc67351..34d3b8a31d 100755 --- a/package/network/services/dropbear/files/dropbear.init +++ b/package/network/services/dropbear/files/dropbear.init @@ -178,7 +178,7 @@ validate_section_dropbear() 'SSHKeepAlive:uinteger:300' \ 'IdleTimeout:uinteger:0' \ 'MaxAuthTries:uinteger:3' \ - 'RecvWindowSize:uinteger:0' \ + 'RecvWindowSize:uinteger:262144' \ 'mdns:bool:1' } @@ -204,12 +204,6 @@ dropbear_instance() PIDCOUNT="$(( ${PIDCOUNT} + 1))" local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid" - # Increase default receive window size to increase - # throughput on high latency links - if [ "${RecvWindowSize}" -eq "0" ]; then - RecvWindowSize="262144" - fi - procd_open_instance procd_set_param command "$PROG" -F -P "$pid_file" [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s @@ -232,8 +226,23 @@ dropbear_instance() [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}" [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}" [ "${MaxAuthTries}" -ne 0 ] && procd_append_param command -T "${MaxAuthTries}" - [ "${RecvWindowSize}" -gt 0 -a "${RecvWindowSize}" -le 1048576 ] && \ + [ "${RecvWindowSize}" -gt 0 ] && { + # NB: OpenWrt increases receive window size to increase throughput on high latency links + # ref: validate_section_dropbear() + # default receive window size is 24576 (DEFAULT_RECV_WINDOW in default_options.h) + + # sysoptions.h + local MAX_RECV_WINDOW=10485760 + if [ "${RecvWindowSize}" -gt ${MAX_RECV_WINDOW} ] ; then + # separate logging is required because syslog misses dropbear's message + # Bad recv window '${RecvWindowSize}', using ${MAX_RECV_WINDOW} + # it's probably dropbear issue but we should handle this and notify user + logger -s -t "${NAME}" -p daemon.warn \ + "Option 'RecvWindowSize' is too high (${RecvWindowSize}), limiting to ${MAX_RECV_WINDOW}" + RecvWindowSize=${MAX_RECV_WINDOW} + fi procd_append_param command -W "${RecvWindowSize}" + } [ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear" procd_set_param respawn procd_close_instance |