Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: OpenSSH: Dev

SCTP support for OpenSSH

 

 

OpenSSH dev RSS feed   Index | Next | Previous | View Threaded


seggelmann at fh-muenster

May 30, 2012, 7:43 AM

Post #1 of 6 (1034 views)
Permalink
SCTP support for OpenSSH

Hi,

I have written a patch to add SCTP support for OpenSSH on systems with SCTP capabilities with the following features:

- SCTP support can be configured with --with-sctp, but is disabled by default
- use SCTP for SSH connections instead of TCP
- SCTP's multi-homing is activated for all available addresses by default, if SCTP is used
- the sshd can be configured to listen with TCP, SCTP, or both with the "Transport" keyword for sshd_config
- the sshd listens on single addresses given with each "ListenAddress" and on multiple addresses multi-homed given with each "ListenMultipleAddresses" (with SCTP)
- the ssh client can use SCTP to connected to a server with the -z cmd parameter or the "Transport" keyword for ssh_config
- updated man pages
- the patch is prepared to add multi-streaming support for SSH channels later

I would like to submit the patch if you're interested in SCTP support. Should the patch be created for the latest stable release or the current CVS version? Do you prefer the mailing list or the bug tracker for a submission?

Best regards
Robin





_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


saku at ytti

May 30, 2012, 8:41 AM

Post #2 of 6 (994 views)
Permalink
Re: SCTP support for OpenSSH [In reply to]

On 30 May 2012 17:43, Robin Seggelmann <seggelmann [at] fh-muenster> wrote:

> I have written a patch to add SCTP support for OpenSSH on systems with SCTP capabilities with the following features:

Cool. Forgive me if this is silly question. Does client dynamically
runtime add/remove SCTP sessions when end points come available and
unavailable? How about when DNS information changes runtime?

--
  ++ytti
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


seggelmann at fh-muenster

May 30, 2012, 2:26 PM

Post #3 of 6 (990 views)
Permalink
Re: SCTP support for OpenSSH [In reply to]

On 30.05.2012, at 17:41, Saku Ytti wrote:

> On 30 May 2012 17:43, Robin Seggelmann <seggelmann [at] fh-muenster> wrote:
>
>> I have written a patch to add SCTP support for OpenSSH on systems with SCTP capabilities with the following features:
>
> Cool. Forgive me if this is silly question. Does client dynamically
> runtime add/remove SCTP sessions when end points come available and
> unavailable? How about when DNS information changes runtime?

I'm not sure what you meant to ask. The client uses all available IP addresses to connect to a server. After the connection establishment, all addresses are tested with a HEARTBEAT message to determine with which of them the other endpoint is reachable. If addresses are not available anymore during the connection lifetime, for example because the network interface went down, they are marked as inactive and aren't used for this connection until they are available again. In the meantime another address is used as a fallback. If new addresses are available, they won't be used. This is only possible by monitoring the interfaces and using the ADD-IP extension to add the additional address "manually".

Regarding DNS, if you're using a hostname to connect to a server, it will be resolved and the connection will be established. If the DNS information changes during the connection lifetime, this has no effect, because the connection is already up and running and so no additional DNS lookup will be done. To have changing DNS information affecting the SCTP connection, you have to look the hostname up periodically and use the ADD-IP extension to add new addresses and remove old ones.

While these things are basically possible, they are quite complex and partially system dependent. So if these are often requested features, I could add this functionality later on, but I currently don't consider them as high priority. The first step right now is to have SCTP support at all, i.e. the first patch with the basic support has to be applied to the official source.

Best regards
Robin



> --
> ++ytti
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev [at] mindrot
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


saku at ytti

May 30, 2012, 11:37 PM

Post #4 of 6 (990 views)
Permalink
Re: SCTP support for OpenSSH [In reply to]

On 31 May 2012 00:26, Robin Seggelmann <seggelmann [at] fh-muenster> wrote:

Hi Robin,

> If new addresses are available, they won't be used. This is only possible by monitoring the interfaces and using the ADD-IP extension to add the additional address "manually".

I think this would be exceptionally important to sell this feature.
This would allow you to traverse home<->office with WLAN->3G->WLAN
without getting disconnected.

Only thing that wouldn't work, is if client's last IP disappears, even
if new IP appears the second after. But that is SCTP short-coming.

> Regarding DNS, if you're using a hostname to connect to a server, it will be resolved and the connection will be established. If the DNS information changes during the connection lifetime, this has no effect, because the connection is already up and running and so no additional DNS lookup will be done. To have changing DNS information affecting the SCTP connection, you have to look the hostname up periodically and use the ADD-IP extension to add new addresses and remove old ones.

I think periodic DNS lookup would be interesting, you could do major
designs, without disrupting services. It doesn't have to be done
often, as it is always planned change.

> While these things are basically possible, they are quite complex and partially system dependent. So if these are often requested features, I could add this functionality later on, but I currently don't consider them as high priority. The first step right now is to have SCTP support at all, i.e. the first patch with the basic support has to be applied to the official source.

Fully agreed, release little, release often. But seeing how other
projects are lagging with SCTP, I think practical scenarios what the
new feature will give would help selling it. And without ADD-IP the
benefits are somewhat limited. The DNS definitely is just bonus.
But I understand that platform dependency (how will you learn about
new IP) is non-trivial problem.


--
  ++ytti
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


djm at mindrot

May 31, 2012, 1:55 AM

Post #5 of 6 (990 views)
Permalink
Re: SCTP support for OpenSSH [In reply to]

On Wed, 30 May 2012, Robin Seggelmann wrote:

> Hi,
>
> I have written a patch to add SCTP support for OpenSSH on systems with SCTP capabilities with the following features:
>
> - SCTP support can be configured with --with-sctp, but is disabled by default
> - use SCTP for SSH connections instead of TCP
> - SCTP's multi-homing is activated for all available addresses by default, if SCTP is used
> - the sshd can be configured to listen with TCP, SCTP, or both with the "Transport" keyword for sshd_config
> - the sshd listens on single addresses given with each "ListenAddress" and on multiple addresses multi-homed given with each "ListenMultipleAddresses" (with SCTP)
> - the ssh client can use SCTP to connected to a server with the -z cmd parameter or the "Transport" keyword for ssh_config
> - updated man pages
> - the patch is prepared to add multi-streaming support for SSH channels later
>
> I would like to submit the patch if you're interested in SCTP support.
> Should the patch be created for the latest stable release or the
> current CVS version? Do you prefer the mailing list or the bug tracker
> for a submission?

Cool - we strongly prefer https://bugzilla.mindrot.org/ for patch submissions.
If you upload it there then we will not lose it.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


Michael.Tuexen at lurchi

May 31, 2012, 1:02 PM

Post #6 of 6 (987 views)
Permalink
SCTP support for OpenSSH [In reply to]

Dear all,

I just subscribed, therefore I can't answer inline the earlier messages...

The FreeBSD SCTP implementation (and I think also the Linux implementation) support
a feature called AUTO-ASCONF. If a node gets a new IP-address, or gives up one,
it is automatically added or removed from the association. So you don't need
to involve DNS in this. And you do not need to write OS specific code to deal
with local address changes.

Best regards
Michael


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

OpenSSH dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.