diff options
| author | Fredrik Gustafsson <[email protected]> | 2012-11-21 16:07:27 +0100 | 
|---|---|---|
| committer | Fredrik Gustafsson <[email protected]> | 2012-11-23 14:52:06 +0100 | 
| commit | 3f671b2da7634f2f5c53c6622abb0eb6bf9938fb (patch) | |
| tree | 3686b89b4323fd080524e09c403da9e0db830935 /lib/ssh | |
| parent | 19bc00736ee2621f4016d53d3270334dd998cb34 (diff) | |
| download | otp-3f671b2da7634f2f5c53c6622abb0eb6bf9938fb.tar.gz otp-3f671b2da7634f2f5c53c6622abb0eb6bf9938fb.tar.bz2 otp-3f671b2da7634f2f5c53c6622abb0eb6bf9938fb.zip | |
Renegotiating every hour and every gb sent, can be decreased with option {rekey_limit, integer()}
Diffstat (limited to 'lib/ssh')
| -rw-r--r-- | lib/ssh/src/ssh.erl | 4 | ||||
| -rw-r--r-- | lib/ssh/src/ssh_connection_handler.erl | 22 | ||||
| -rw-r--r-- | lib/ssh/src/ssh_connection_manager.erl | 22 | 
3 files changed, 42 insertions, 6 deletions
| diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 719c97e940..de52913194 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -364,6 +364,8 @@ handle_option([{quiet_mode, _} = Opt|Rest], SocketOptions, SshOptions) ->      handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]);  handle_option([{idle_time, _} = Opt | Rest], SocketOptions, SshOptions) ->      handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{rekey_limit, _} = Opt|Rest], SocketOptions, SshOptions) -> +    handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]);  handle_option([Opt | Rest], SocketOptions, SshOptions) ->      handle_option(Rest, [handle_inet_option(Opt) | SocketOptions], SshOptions). @@ -440,6 +442,8 @@ handle_ssh_option({quiet_mode, Value} = Opt) when Value == true;      Opt;  handle_ssh_option({idle_time, Value} = Opt) when is_integer(Value), Value > 0 ->      Opt; +handle_ssh_option({rekey_limit, Value} = Opt) when is_integer(Value) ->  +    Opt;  handle_ssh_option(Opt) ->      throw({error, {eoptions, Opt}}). diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index d8950a7b67..e429d3e835 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -35,7 +35,8 @@  -export([start_link/4, send/2, renegotiate/1, send_event/2,  	 connection_info/3, -	 peer_address/1]). +	 peer_address/1, +	 renegotiate_data/1]).  %% gen_fsm callbacks  -export([hello/2, kexinit/2, key_exchange/2, new_keys/2, @@ -85,6 +86,8 @@ send(ConnectionHandler, Data) ->  renegotiate(ConnectionHandler) ->      send_all_state_event(ConnectionHandler, renegotiate). +renegotiate_data(ConnectionHandler) -> +    send_all_state_event(ConnectionHandler, data_size).  connection_info(ConnectionHandler, From, Options) ->       send_all_state_event(ConnectionHandler, {info, From, Options}). @@ -500,7 +503,22 @@ handle_event(renegotiate, StateName, State) ->  handle_event({info, From, Options}, StateName,  #state{ssh_params = Ssh} = State) ->      spawn(?MODULE, ssh_info_handler, [Options, Ssh, From]),       {next_state, StateName, State}; - +handle_event(data_size, connected, #state{ssh_params = Ssh0} = State) -> +    Sent = inet:getstat(State#state.socket, [send_oct]), +    MaxSent = proplists:get_value(rekey_limit, State#state.opts, 1024000000), +    case Sent >= MaxSent of +	true -> +	    {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), +	    send_msg(SshPacket, State), +	    {next_state, connected,  +	     next_packet(State#state{ssh_params = Ssh, +			     key_exchange_init_msg = KeyInitMsg, +				     renegotiate = true})}; +	_ -> +	    {next_state, connected, next_packet(State)} +    end; +handle_event(data_size, StateName, State) -> +    {next_state, StateName, State};  handle_event({unknown, Data}, StateName, State) ->      Msg = #ssh_msg_unimplemented{sequence = Data},      send_msg(Msg, State), diff --git a/lib/ssh/src/ssh_connection_manager.erl b/lib/ssh/src/ssh_connection_manager.erl index 0c1eee5186..94a9ed505f 100644 --- a/lib/ssh/src/ssh_connection_manager.erl +++ b/lib/ssh/src/ssh_connection_manager.erl @@ -125,7 +125,8 @@ info(ConnectionManager, ChannelProcess) ->  %% or amount of data sent counter!   renegotiate(ConnectionManager) ->      cast(ConnectionManager, renegotiate). - +renegotiate_data(ConnectionManager) -> +    cast(ConnectionManager, renegotiate_data).  connection_info(ConnectionManager, Options) ->      call(ConnectionManager, {connection_info, Options}). @@ -481,7 +482,9 @@ handle_cast({global_request, _, _, _, _} = Request, State0) ->  handle_cast(renegotiate, #state{connection = Pid} = State) ->      ssh_connection_handler:renegotiate(Pid),      {noreply, State}; - +handle_cast(renegotiate_data, #state{connection = Pid} = State) -> +    ssh_connection_handler:renegotiate_data(Pid), +    {noreply, State};  handle_cast({adjust_window, ChannelId, Bytes},   	    #state{connection = Pid, connection_state =  		   #connection{channel_cache = Cache}} = State) -> @@ -520,6 +523,8 @@ handle_info({start_connection, server,      Exec = proplists:get_value(exec, Options),      CliSpec = proplists:get_value(ssh_cli, Options, {ssh_cli, [Shell]}),      ssh_connection_handler:send_event(Connection, socket_control), +    erlang:send_after(3600000, self(), rekey), +    erlang:send_after(60000, self(), rekey_data),      {noreply, State#state{connection = Connection,  			  connection_state =   			  CState#connection{address = Address, @@ -536,6 +541,8 @@ handle_info({start_connection, client,      case (catch ssh_transport:connect(Parent, Address,   				      Port, SocketOpts, Options)) of  	{ok, Connection} -> +	    erlang:send_after(60000, self(), rekey_data), +	    erlang:send_after(3600000, self(), rekey),  	    {noreply, State#state{connection = Connection}};  	Reason ->  	    Pid ! {self(), not_connected, Reason}, @@ -568,8 +575,15 @@ handle_info({'DOWN', _Ref, process, ChannelPid, _Reason}, State) ->  %%% So that terminate will be run when supervisor is shutdown  handle_info({'EXIT', _Sup, Reason}, State) -> -    {stop, Reason, State}. - +    {stop, Reason, State}; +handle_info(rekey, State) -> +    renegotiate(self()), +    erlang:send_after(3600000, self(), rekey), +    {noreply, State}; +handle_info(rekey_data, State) -> +    renegotiate_data(self()), +    erlang:send_after(60000, self(), rekey_data), +    {noreply, State}.  handle_password(Opts) ->      handle_rsa_password(handle_dsa_password(handle_normal_password(Opts))).  handle_normal_password(Opts) -> | 
