On 2/10/11 5:00 AM, Peter Wagner wrote:
Hi,
i'm the maintainer of openssh. and if your patches for openssh are accepted
they will make it into the source - but i dont see why i should change default
values in the config file.
Well, the patch I had sent to Damien languished for 10 months, and when it was
finally merged it had been seriously mangled. So don't wait for things to be
done timely or even correctly upstream.
Also, as I said in detail, the RFC-791 markings that Openssh uses have been
obsolete 13 years.
Just because Openssh is broken doesn't mean we can't fix the parts that we know
to be broken.
If you're forced to interoperate with some seriously braindead gear like a
10 year-old bargain Taiwanese firewall or router that discards traffic
with these bits set (extremely rare but not unheard of), then your best
bet is to turn off QoS marking all together as:
maybe thats the cause why this part of the patch was left out? so everyone who
needs the new values can change it.
The number of braindead routers not handling QoS is less than 1%.
However, for users having OpenWRT co-existing in a VoIP environment, there's
significant benefit for having proper modern markings... and that's
substantially more than the number of people having the above broken routers.
-Philip
kind regards,
Peter Wagner
Am Donnerstag, 10. Februar 2011, 03:34:32 schrieb Philip Prindeville:
The default values for OpenSSH QoS markings are wrong.
They use 'lowdelay' and 'throughput' for interactive and bulk traffic,
respectively.
Unfortunately, these values were retired in 1998 when the low-order 2 bits
of ToS field were repurposed for DSCP: originally RFC-2474 marked the
lower 2 bits as 'CU' (currently unused), but they were eventually
designated as ECT and CE in RFC-2481 and then as ECT0 and ECT1 in Explicit
Congestion Notification (RFC-3168).
The upshot of all this is that marking traffic with these obsolete markings
could mean that not only is the traffic not handled as desired, but it's
handled in a highly detrimental fashion (for instance, the RFC-791
designation of 'lowcost' collides with the ECT0 and CE values of RFC-3168
as well as that of obsolete RFC-2481).
I'm surprised that this wasn't fixed a lot sooner (like a decade ago).
For whatever reason, while OpenSSH has accepted my patches for allowing the
configuration of QoS, the default values are still the obsolete ToS fields
from RFC-791 which is dangerously ancient (that part of the patch was left
out).
The patch here itself is fortunately trivial.
DSCP markings will be ignored in the majority of equipment not implementing
it or where it has not been enabled.
If you're forced to interoperate with some seriously braindead gear like a
10 year-old bargain Taiwanese firewall or router that discards traffic
with these bits set (extremely rare but not unheard of), then your best
bet is to turn off QoS marking all together as:
IPQoS CS0 CS0
in both /etc/ssh/ssh_config and sshd_config.
A fix has been submitted for OpenSSH:
https://bugzilla.mindrot.org/show_bug.cgi?id=1856
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
