summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatt Johnston <matt@ucc.asn.au>2008-09-22 15:28:52 +0000
committerMatt Johnston <matt@ucc.asn.au>2008-09-22 15:28:52 +0000
commitf8ac549a49a4cd9f2d704c8c6b0ac9eab42ce941 (patch)
tree9b28099ad9ce33e6e61d44074e466989e99cc95f
parent1fe94f62f3f1a1f04517d8b8b49a73e2afa23157 (diff)
downloaddropbear-idle-timeout.tar.gz
Idle-timeout patch from Farrell Aultman, need to figure whether to onlyidle-timeout
account DATA packets and whether server->client data makes sense too.
-rw-r--r--cli-runopts.c12
-rw-r--r--common-session.c20
-rw-r--r--options.h4
-rw-r--r--process-packet.c1
-rw-r--r--runopts.h2
-rw-r--r--session.h6
-rw-r--r--svr-runopts.c19
7 files changed, 52 insertions, 12 deletions
diff --git a/cli-runopts.c b/cli-runopts.c
index ca58899..c8f2d7e 100644
--- a/cli-runopts.c
+++ b/cli-runopts.c
@@ -70,6 +70,7 @@ static void printhelp() {
#endif
"-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
"-K <keepalive> (0 is never, default %d)\n"
+ "-I <idle_timeout> (0 is never, default %d)\n"
#ifdef ENABLE_CLI_NETCAT
"-B <endhost:endport> Netcat-alike bouncing\n"
#endif
@@ -80,7 +81,7 @@ static void printhelp() {
"-v verbose\n"
#endif
,DROPBEAR_VERSION, cli_opts.progname,
- DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE);
+ DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
}
@@ -105,6 +106,7 @@ void cli_getopts(int argc, char ** argv) {
char* recv_window_arg = NULL;
char* keepalive_arg = NULL;
+ char* idle_timeout_arg = NULL;
/* see printhelp() for options */
cli_opts.progname = argv[0];
@@ -252,6 +254,9 @@ void cli_getopts(int argc, char ** argv) {
case 'K':
next = &keepalive_arg;
break;
+ case 'I':
+ next = &idle_timeout_arg;
+ break;
#ifdef DEBUG_TRACE
case 'v':
debug_trace = 1;
@@ -359,6 +364,11 @@ void cli_getopts(int argc, char ** argv) {
dropbear_exit("Bad keepalive '%s'", keepalive_arg);
}
}
+ if (idle_timeout_arg) {
+ if (m_str_to_uint(idle_timeout_arg, &opts.idle_timeout_secs) == DROPBEAR_FAILURE) {
+ dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg);
+ }
+ }
#ifdef ENABLE_CLI_NETCAT
if (cli_opts.cmd && cli_opts.netcat_host) {
diff --git a/common-session.c b/common-session.c
index 3d759b5..8b882e1 100644
--- a/common-session.c
+++ b/common-session.c
@@ -64,6 +64,7 @@ void common_session_init(int sock_in, int sock_out, char* remotehost) {
ses.connect_time = 0;
ses.last_packet_time = 0;
+ ses.last_recv_packet_time = 0;
if (pipe(ses.signal_pipe) < 0) {
dropbear_exit("signal pipe failed");
@@ -256,7 +257,7 @@ void session_identification() {
ses.remoteclosed();
}
- /* If they send more than 50 lines, something is wrong */
+ /* If they send more than 50 lines, something is wrong */
for (i = 0; i < 50; i++) {
len = ident_readln(ses.sock_in, linebuf, sizeof(linebuf));
@@ -281,11 +282,11 @@ void session_identification() {
memcpy(ses.remoteident, linebuf, len);
}
- /* Shall assume that 2.x will be backwards compatible. */
- if (strncmp(ses.remoteident, "SSH-2.", 6) != 0
- && strncmp(ses.remoteident, "SSH-1.99-", 9) != 0) {
- dropbear_exit("Incompatible remote version '%s'", ses.remoteident);
- }
+ /* Shall assume that 2.x will be backwards compatible. */
+ if (strncmp(ses.remoteident, "SSH-2.", 6) != 0
+ && strncmp(ses.remoteident, "SSH-1.99-", 9) != 0) {
+ dropbear_exit("Incompatible remote version '%s'", ses.remoteident);
+ }
TRACE(("remoteident: %s", ses.remoteident))
@@ -400,6 +401,11 @@ static void checktimeouts() {
&& now - ses.last_packet_time >= opts.keepalive_secs) {
send_msg_ignore();
}
+
+ if (opts.idle_timeout_secs > 0 && ses.last_recv_packet_time > 0
+ && now - ses.last_recv_packet_time >= opts.idle_timeout_secs) {
+ dropbear_close("Idle timeout");
+ }
}
static long select_timeout() {
@@ -412,6 +418,8 @@ static long select_timeout() {
ret = MIN(AUTH_TIMEOUT, ret);
if (opts.keepalive_secs > 0)
ret = MIN(opts.keepalive_secs, ret);
+ if (opts.idle_timeout_secs > 0)
+ ret = MIN(opts.idle_timeout_secs, ret);
return ret;
}
diff --git a/options.h b/options.h
index 8878d66..f649040 100644
--- a/options.h
+++ b/options.h
@@ -243,6 +243,10 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
be overridden at runtime with -K. 0 disables keepalives */
#define DEFAULT_KEEPALIVE 0
+/* Ensure that data is received within IDLE_TIMEOUT seconds. This can
+be overridden at runtime with -I. 0 disables idle timeouts */
+#define DEFAULT_IDLE_TIMEOUT 0
+
/*******************************************************************
* You shouldn't edit below here unless you know you need to.
*******************************************************************/
diff --git a/process-packet.c b/process-packet.c
index d96c1cb..d8daeef 100644
--- a/process-packet.c
+++ b/process-packet.c
@@ -70,6 +70,7 @@ void process_packet() {
dropbear_close("Disconnect received");
}
+ ses.last_recv_packet_time = time(NULL);
/* This applies for KEX, where the spec says the next packet MUST be
* NEWKEYS */
diff --git a/runopts.h b/runopts.h
index e9d2363..44c3b5e 100644
--- a/runopts.h
+++ b/runopts.h
@@ -38,7 +38,7 @@ typedef struct runopts {
#endif
unsigned int recv_window;
unsigned int keepalive_secs;
-
+ unsigned int idle_timeout_secs;
} runopts;
extern runopts opts;
diff --git a/session.h b/session.h
index b63a258..aa90457 100644
--- a/session.h
+++ b/session.h
@@ -134,12 +134,16 @@ struct sshsession {
unsigned char lastpacket; /* What the last received packet type was */
- int signal_pipe[2]; /* stores endpoints of a self-pipe used for
+ int signal_pipe[2]; /* stores endpoints of a self-pipe used for
race-free signal handling */
time_t last_packet_time; /* time of the last packet transmission, for
keepalive purposes */
+ time_t last_recv_packet_time; /* time of the last packet received, for
+ idle timeout purposes */
+
+
/* KEX/encryption related */
struct KEXState kexstate;
struct key_context *keys;
diff --git a/svr-runopts.c b/svr-runopts.c
index c8b6585..9886695 100644
--- a/svr-runopts.c
+++ b/svr-runopts.c
@@ -82,6 +82,7 @@ static void printhelp(const char * progname) {
#endif
"-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
"-K <keepalive> (0 is never, default %d)\n"
+ "-I <idle_timeout> (0 is never, default %d)\n"
#ifdef DEBUG_TRACE
"-v verbose\n"
#endif
@@ -93,7 +94,7 @@ static void printhelp(const char * progname) {
RSA_PRIV_FILENAME,
#endif
DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE,
- DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE);
+ DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
}
void svr_getopts(int argc, char ** argv) {
@@ -103,6 +104,7 @@ void svr_getopts(int argc, char ** argv) {
int nextisport = 0;
char* recv_window_arg = NULL;
char* keepalive_arg = NULL;
+ char* idle_timeout_arg = NULL;
/* see printhelp() for options */
svr_opts.rsakeyfile = NULL;
@@ -134,7 +136,8 @@ void svr_getopts(int argc, char ** argv) {
svr_opts.usingsyslog = 1;
#endif
opts.recv_window = DEFAULT_RECV_WINDOW;
- opts.keepalive_secs = DEFAULT_KEEPALIVE;
+ opts.keepalive_secs = DEFAULT_KEEPALIVE;
+ opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT;
#ifdef ENABLE_SVR_REMOTETCPFWD
opts.listen_fwd_all = 0;
@@ -218,6 +221,9 @@ void svr_getopts(int argc, char ** argv) {
case 'K':
next = &keepalive_arg;
break;
+ case 'I':
+ next = &idle_timeout_arg;
+ break;
#if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
case 's':
svr_opts.noauthpass = 1;
@@ -253,7 +259,7 @@ void svr_getopts(int argc, char ** argv) {
svr_opts.addresses[0] = m_strdup(DROPBEAR_DEFADDRESS);
svr_opts.portcount = 1;
}
-
+
if (svr_opts.dsskeyfile == NULL) {
svr_opts.dsskeyfile = DSS_PRIV_FILENAME;
}
@@ -294,6 +300,13 @@ void svr_getopts(int argc, char ** argv) {
dropbear_exit("Bad keepalive '%s'", keepalive_arg);
}
}
+
+ if (idle_timeout_arg) {
+ opts.idle_timeout_secs = strtoul(idle_timeout_arg, NULL, 10);
+ if (opts.idle_timeout_secs == 0 && errno == EINVAL) {
+ dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg);
+ }
+ }
}
static void addportandaddress(char* spec) {