dropbear: better handle receive window size
authorKonstantin Demin <rockdrilla@gmail.com>
Tue, 9 Jan 2024 00:40:02 +0000 (03:40 +0300)
committerRui Salvaterra <rsalvaterra@gmail.com>
Fri, 9 Feb 2024 09:13:05 +0000 (09:13 +0000)
- correct maximum receive window size
- adjust receive window size against maximum allowed value
- warn about too high receive window size in syslog

improves f95eecfb

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
package/network/services/dropbear/files/dropbear.init

index 6a0fc673512eaf758637e65139aa9255142785fe..34d3b8a31d942ad45323691f7259738118e85ae9 100755 (executable)
@@ -178,7 +178,7 @@ validate_section_dropbear()
                'SSHKeepAlive:uinteger:300' \
                'IdleTimeout:uinteger:0' \
                'MaxAuthTries:uinteger:3' \
-               'RecvWindowSize:uinteger:0' \
+               'RecvWindowSize:uinteger:262144' \
                'mdns:bool:1'
 }
 
@@ -204,12 +204,6 @@ dropbear_instance()
        PIDCOUNT="$(( ${PIDCOUNT} + 1))"
        local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid"
 
-       # Increase default receive window size to increase
-       # throughput on high latency links
-       if [ "${RecvWindowSize}" -eq "0" ]; then
-               RecvWindowSize="262144"
-       fi
-
        procd_open_instance
        procd_set_param command "$PROG" -F -P "$pid_file"
        [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s
@@ -232,8 +226,23 @@ dropbear_instance()
        [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}"
        [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}"
        [ "${MaxAuthTries}" -ne 0 ] && procd_append_param command -T "${MaxAuthTries}"
-       [ "${RecvWindowSize}" -gt 0 -a "${RecvWindowSize}" -le 1048576 ] && \
+       [ "${RecvWindowSize}" -gt 0 ] && {
+               # NB: OpenWrt increases receive window size to increase throughput on high latency links
+               # ref: validate_section_dropbear()
+               # default receive window size is 24576 (DEFAULT_RECV_WINDOW in default_options.h)
+
+               # sysoptions.h
+               local MAX_RECV_WINDOW=10485760
+               if [ "${RecvWindowSize}" -gt ${MAX_RECV_WINDOW} ] ; then
+                       # separate logging is required because syslog misses dropbear's message
+                       #   Bad recv window '${RecvWindowSize}', using ${MAX_RECV_WINDOW}
+                       # it's probably dropbear issue but we should handle this and notify user
+                       logger -s -t "${NAME}" -p daemon.warn \
+                         "Option 'RecvWindowSize' is too high (${RecvWindowSize}), limiting to ${MAX_RECV_WINDOW}"
+                       RecvWindowSize=${MAX_RECV_WINDOW}
+               fi
                procd_append_param command -W "${RecvWindowSize}"
+       }
        [ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear"
        procd_set_param respawn
        procd_close_instance