diff -NuwpB openssh-5.1p1/auth2.c openssh-log/auth2.c --- openssh-5.1p1/auth2.c 2008-07-04 19:44:53.000000000 -0400 +++ openssh-log/auth2.c 2008-07-23 17:19:43.000000000 -0400 @@ -49,6 +49,7 @@ #include "dispatch.h" #include "pathnames.h" #include "buffer.h" +#include "canohost.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -72,6 +73,9 @@ extern Authmethod method_hostbased; extern Authmethod method_gssapi; #endif +static int log_flag = 0; + + Authmethod *authmethods[] = { &method_none, &method_pubkey, @@ -219,6 +223,11 @@ input_userauth_request(int type, u_int32 service = packet_get_string(NULL); method = packet_get_string(NULL); debug("userauth-request for user %s service %s method %s", user, service, method); + if (!log_flag) { + logit("SSH: Server;Ltype: Authname;Remote: %s-%d;Name: %s", + get_remote_ipaddr(), get_remote_port(), user); + log_flag = 1; + } debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); if ((style = strchr(user, ':')) != NULL) diff -NuwpB openssh-5.1p1/channels.c openssh-log/channels.c --- openssh-5.1p1/channels.c 2008-07-16 08:42:06.000000000 -0400 +++ openssh-log/channels.c 2008-07-23 17:19:43.000000000 -0400 @@ -1918,11 +1918,12 @@ channel_after_select(fd_set *readset, fd /* If there is data to send to the connection, enqueue some of it now. */ -void +int channel_output_poll(void) { Channel *c; u_int i, len; + int packet_length = 0; for (i = 0; i < channels_alloc; i++) { c = channels[i]; @@ -1962,7 +1963,7 @@ channel_output_poll(void) packet_start(SSH2_MSG_CHANNEL_DATA); packet_put_int(c->remote_id); packet_put_string(data, dlen); - packet_send(); + packet_length = packet_send(); c->remote_window -= dlen + 4; xfree(data); } @@ -1992,7 +1993,7 @@ channel_output_poll(void) SSH2_MSG_CHANNEL_DATA : SSH_MSG_CHANNEL_DATA); packet_put_int(c->remote_id); packet_put_string(buffer_ptr(&c->input), len); - packet_send(); + packet_length = packet_send(); buffer_consume(&c->input, len); c->remote_window -= len; } @@ -2027,12 +2028,13 @@ channel_output_poll(void) packet_put_int(c->remote_id); packet_put_int(SSH2_EXTENDED_DATA_STDERR); packet_put_string(buffer_ptr(&c->extended), len); - packet_send(); + packet_length = packet_send(); buffer_consume(&c->extended, len); c->remote_window -= len; debug2("channel %d: sent ext data %d", c->self, len); } } + return (packet_length); } diff -NuwpB openssh-5.1p1/channels.h openssh-log/channels.h --- openssh-5.1p1/channels.h 2008-06-15 17:59:23.000000000 -0400 +++ openssh-log/channels.h 2008-07-23 17:19:43.000000000 -0400 @@ -223,7 +223,7 @@ void channel_input_status_confirm(int, void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, int); void channel_after_select(fd_set *, fd_set *); -void channel_output_poll(void); +int channel_output_poll(void); int channel_not_very_much_buffered_data(void); void channel_close_all(void); Common subdirectories: openssh-5.1p1/contrib and openssh-log/contrib diff -NuwpB openssh-5.1p1/kex.c openssh-log/kex.c --- openssh-5.1p1/kex.c 2007-06-05 04:30:18.000000000 -0400 +++ openssh-log/kex.c 2008-07-23 17:19:43.000000000 -0400 @@ -48,6 +48,7 @@ #include "match.h" #include "dispatch.h" #include "monitor.h" +#include "canohost.h" #define KEX_COOKIE_LEN 16 @@ -376,6 +377,7 @@ kex_choose_conf(Kex *kex) int nenc, nmac, ncomp; u_int mode, ctos, need; int first_kex_follows, type; + int log_flag = 0; my = kex_buf2prop(&kex->my, NULL); peer = kex_buf2prop(&kex->peer, &first_kex_follows); @@ -405,6 +407,20 @@ kex_choose_conf(Kex *kex) newkeys->enc.name, newkeys->mac.name, newkeys->comp.name); + /* client starts withctos = 0 && log flag = 0 and no log*/ + /* 2nd client pass ctos=1 and flag = 1 so no log*/ + /* server starts with ctos =1 && log_flag = 0 so log */ + /* 2nd sever pass ctos = 1 && log flag = 1 so no log*/ + /* -cjr*/ + if (ctos && !log_flag) { + logit("SSH: Server;Ltype: Kex;Remote: %s-%d;Enc: %s;MAC: %s;Comp: %s", + get_remote_ipaddr(), + get_remote_port(), + newkeys->enc.name, + newkeys->mac.name, + newkeys->comp.name); + } + log_flag = 1; } choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]); choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], Common subdirectories: openssh-5.1p1/openbsd-compat and openssh-log/openbsd-compat diff -NuwpB openssh-5.1p1/packet.c openssh-log/packet.c --- openssh-5.1p1/packet.c 2008-07-11 03:36:48.000000000 -0400 +++ openssh-log/packet.c 2008-07-23 17:20:25.000000000 -0400 @@ -739,7 +739,7 @@ packet_enable_delayed_compress(void) /* * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) */ -static void +static int packet_send2_wrapped(void) { u_char type, *cp, *macbuf = NULL; @@ -852,11 +852,13 @@ packet_send2_wrapped(void) set_newkeys(MODE_OUT); else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side) packet_enable_delayed_compress(); + return(packet_length); } -static void +static int packet_send2(void) { + static int packet_length = 0; static int rekeying = 0; struct packet *p; u_char type, *cp; @@ -874,7 +876,7 @@ packet_send2(void) memcpy(&p->payload, &outgoing_packet, sizeof(Buffer)); buffer_init(&outgoing_packet); TAILQ_INSERT_TAIL(&outgoing, p, next); - return; + return(sizeof(Buffer)); } } @@ -882,7 +884,7 @@ packet_send2(void) if (type == SSH2_MSG_KEXINIT) rekeying = 1; - packet_send2_wrapped(); + packet_length = packet_send2_wrapped(); /* after a NEWKEYS message we can send the complete queue */ if (type == SSH2_MSG_NEWKEYS) { @@ -895,19 +897,22 @@ packet_send2(void) sizeof(Buffer)); TAILQ_REMOVE(&outgoing, p, next); xfree(p); - packet_send2_wrapped(); + packet_length += packet_send2_wrapped(); } } + return(packet_length); } -void +int packet_send(void) { + int packet_len = 0; if (compat20) - packet_send2(); + packet_len = packet_send2(); else packet_send1(); DBG(debug("packet_send done")); + return(packet_len); } /* @@ -1483,23 +1488,25 @@ packet_disconnect(const char *fmt,...) /* Checks if there is any buffered output, and tries to write some of the output. */ -void +int packet_write_poll(void) { - int len = buffer_len(&output); + int len = 0; + len = buffer_len(&output); if (len > 0) { len = write(connection_out, buffer_ptr(&output), len); if (len == -1) { if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) - return; + return (0); fatal("Write failed: %.100s", strerror(errno)); } if (len == 0) fatal("Write connection closed"); buffer_consume(&output, len); } + return(len); } @@ -1508,16 +1515,17 @@ packet_write_poll(void) * written. */ -void +int packet_write_wait(void) { fd_set *setp; int ret, ms_remain; struct timeval start, timeout, *timeoutp = NULL; + u_int bytes_sent = 0; setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS), sizeof(fd_mask)); - packet_write_poll(); + bytes_sent += packet_write_poll(); while (packet_have_data_to_write()) { memset(setp, 0, howmany(connection_out + 1, NFDBITS) * sizeof(fd_mask)); @@ -1551,7 +1559,7 @@ packet_write_wait(void) "waiting to write", get_remote_ipaddr()); cleanup_exit(255); } - packet_write_poll(); + bytes_sent += packet_write_poll(); } xfree(setp); } diff -NuwpB openssh-5.1p1/packet.h openssh-log/packet.h --- openssh-5.1p1/packet.h 2008-07-11 03:36:48.000000000 -0400 +++ openssh-log/packet.h 2008-07-23 17:19:43.000000000 -0400 @@ -44,7 +44,7 @@ void packet_put_bignum2(BIGNUM * val void packet_put_string(const void *buf, u_int len); void packet_put_cstring(const char *str); void packet_put_raw(const void *buf, u_int len); -void packet_send(void); +int packet_send(void); int packet_read(void); void packet_read_expect(int type); @@ -73,8 +73,8 @@ void packet_set_state(int, u_int32_t, u int packet_get_ssh1_cipher(void); void packet_set_iv(int, u_char *); -void packet_write_poll(void); -void packet_write_wait(void); +int packet_write_poll(void); +int packet_write_wait(void); int packet_have_data_to_write(void); int packet_not_very_much_data_to_write(void); Common subdirectories: openssh-5.1p1/regress and openssh-log/regress Common subdirectories: openssh-5.1p1/scard and openssh-log/scard diff -NuwpB openssh-5.1p1/serverloop.c openssh-log/serverloop.c --- openssh-5.1p1/serverloop.c 2008-07-04 09:10:49.000000000 -0400 +++ openssh-log/serverloop.c 2008-07-23 17:19:43.000000000 -0400 @@ -93,10 +93,10 @@ static int fdin; /* Descriptor for stdi static int fdout; /* Descriptor for stdout (for reading); May be same number as fdin. */ static int fderr; /* Descriptor for stderr. May be -1. */ -static long stdin_bytes = 0; /* Number of bytes written to stdin. */ -static long stdout_bytes = 0; /* Number of stdout bytes sent to client. */ -static long stderr_bytes = 0; /* Number of stderr bytes sent to client. */ -static long fdout_bytes = 0; /* Number of stdout bytes read from program. */ +static u_long stdin_bytes = 0; /* Number of bytes written to stdin. */ +static u_long stdout_bytes = 0; /* Number of stdout bytes sent to client. */ +static u_long stderr_bytes = 0; /* Number of stderr bytes sent to client. */ +static u_long fdout_bytes = 0; /* Number of stdout bytes read from program. */ static int stdin_eof = 0; /* EOF message received from client. */ static int fdout_eof = 0; /* EOF encountered reading from fdout. */ static int fderr_eof = 0; /* EOF encountered readung from fderr. */ @@ -121,6 +121,20 @@ static volatile sig_atomic_t received_si static void server_init_dispatch(void); /* + * Returns current time in seconds from Jan 1, 1970 with the maximum + * available resolution. + */ + +static double +get_current_time(void) +{ + struct timeval tv; + gettimeofday(&tv, NULL); + return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0; +} + + +/* * we write to this pipe if a SIGCHLD is caught in order to avoid * the race between select() and child_terminated */ @@ -410,6 +424,7 @@ process_input(fd_set *readset) } else { /* Buffer any received data. */ packet_process_incoming(buf, len); + fdout_bytes += len; } } if (compat20) @@ -432,6 +447,7 @@ process_input(fd_set *readset) } else { buffer_append(&stdout_buffer, buf, len); fdout_bytes += len; + debug ("FD out now: %ld", fdout_bytes); } } /* Read and buffer any available stderr data from the program. */ @@ -499,7 +515,7 @@ process_output(fd_set *writeset) } /* Send any buffered packet data to the client. */ if (FD_ISSET(connection_out, writeset)) - packet_write_poll(); + stdin_bytes += packet_write_poll(); } /* @@ -816,8 +832,10 @@ server_loop2(Authctxt *authctxt) { fd_set *readset = NULL, *writeset = NULL; int rekeying = 0, max_fd, nalloc = 0; + double start_time, total_time; debug("Entering interactive session for SSH2."); + start_time = get_current_time(); mysignal(SIGCHLD, sigchld_handler); child_terminated = 0; @@ -879,6 +897,11 @@ server_loop2(Authctxt *authctxt) /* free remaining sessions, e.g. remove wtmp entries */ session_destroy_all(NULL); + total_time = get_current_time() - start_time; + logit("SSH: Server;LType: Throughput;Remote: %s-%d;IN: %lu;OUT: %lu;Duration: %.1f;tPut_in: %.1f;tPut_out: %.1f", + get_remote_ipaddr(), get_remote_port(), + stdin_bytes, fdout_bytes, total_time, stdin_bytes / total_time, + fdout_bytes / total_time); } static void diff -NuwpB openssh-5.1p1/sshd.c openssh-log/sshd.c --- openssh-5.1p1/sshd.c 2008-07-11 03:36:49.000000000 -0400 +++ openssh-log/sshd.c 2008-07-23 17:19:43.000000000 -0400 @@ -467,6 +467,9 @@ sshd_exchange_identification(int sock_in } debug("Client protocol version %d.%d; client software version %.100s", remote_major, remote_minor, remote_version); + logit("SSH: Server;Ltype: Version;Remote: %s-%d;Protocol: %d.%d;Client: %.100s", + get_remote_ipaddr(), get_remote_port(), + remote_major, remote_minor, remote_version); compat_datafellows(remote_version);