On 11/12/15 3:28 AM, Brooks Davis wrote:
On Tue, Nov 10, 2015 at 04:40:42PM -0800, Bryan Drewery wrote:
On 11/10/15 1:42 AM, Dag-Erling Sm??rgrav wrote:
Some of you may have noticed that OpenSSH in base is lagging far behind
the upstream code.
The main reason for this is the burden of maintaining the HPN patches.
They are extensive, very intrusive, and touch parts of the OpenSSH code
that change significantly in every release. Since they are not
regularly updated, I have to choose between trying to resolve the
conflicts myself (hoping I don't break anything) or waiting for them to
catch up and then figuring out how to apply the new version.
Therefore, I would like to remove the HPN patches from base and refer
anyone who really needs them to the openssh-portable port, which has
them as a default option. I would also like to remove the NONE cipher
patch, which is also available in the port (off by default, just like in
base).
I had this same problem as well, but have since reworked the HPN patch
for ports to be more easily maintained. I've considered offering or
just updating the base SSH, but have not since we have random changes in
the HPN functionality in base that would be lost. We for some reason
decided we were going to maintain our own version and not even upstream
the changes to the HPN authors which has contributed to this situation.
We had ever intention of upstreaming our cleaned up HPN patches and some
interest from OpenSSH devs to take the window scaling portion of the
patch upstream, but other things intruded and we never found time to
complete that work. I think both the window scaling and NONE cipher
changes are useful, but do not have time to do anything with them. I'm
fine with them being removed from base and replaced or just dropped if
they are in the way of progress.
it would be nice if the outcome of this thread was that HPN patches
(or something equivalent) were available by default in OpenSSH.
WE also have our own patch we add to give a NODELAY option.
It made a huge difference with tunnels where lots of small RPC packets
were being sent.
I'll look at getting it into upstream.
-- Brooks
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
