SSH_MSG_UNIMPLEMENTED

To: ietf-ssh%netbsd.org@localhost
Subject: SSH_MSG_UNIMPLEMENTED
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: 09 Nov 2003 12:35:06 +0100

I found by accident that my implementation didn't implement sending of
SSH_MSG_UNIMPLEMENTED properly. When fixing it, I also came to the
conclusion that SSH_MSG_UNIMPLEMENTED is quite suboptimal. The spec
says:

  byte      SSH_MSG_UNIMPLEMENTED
  uint32    packet sequence number of rejected message

Except for this usage of the sequence number, sequence numbers are
purely a part of the transport protocol. (The bug in my code would
cause it to always send zero for the sequence number).

1. An example of what this implies: Say I split the implementation
   into one process that implements the transport and userauth
   protocol, and a separate process that implements the connection
   protocol, and let the first process forward all incoming ssh
   messages with types >= 80 (connection, channel, and reserved types)
   to the second process. Then if a message of the unimplemented type
   100 (say) is received, this is forwarded to the second process,
   which must then produce a SSH_MSG_UNIMPLEMENTED message, and to do
   this, it needs to know the sequence number from the transport. This
   seems to violate the otherwise nice modularization.

   One solution is to attached the sequence number to all incoming
   packets, and include the sequence number also when forwarding
   messages between processes.

2. And even worse, if I want to *send* a channel-related message of
   some type that might potentially be unimplemented at the other end.
   Then it seems tricky to match the resulting SSH_MSG_UNIMPLEMENTED
   to the right message, because when generating the message, I don't
   know what sequence number it will get, and then transmitting the
   message (which is the code where the sequence number is known), I
   don't know who's interested in SSH_MSG_UNIMPLEMENTED responses.

The SSH_MSG_UNIMPLEMENTED message would be more useful if it included
the message type, instead of the sequence number.

  byte      SSH_MSG_UNIMPLEMENTED
  byte      type of the rejected message

or included both (which would solve 2, but not 1),

  byte      SSH_MSG_UNIMPLEMENTED
  uint32    packet sequence number of rejected message
  byte      type of the rejected message

I don't know if it's too late to do anything about this, and I don't
know if anybody is using this feature of the protocol at all. But I
hope it's still meaningful to note the problem.

Regards,
/Niels

PS. I'm not been very active on this list for a while, but a month ago
    I tried to catch up with the last couple of years of messages.
    What's the current status? I saw several last calls come and go,
    so what are the remaining obstacles for the core drafts?

Follow-Ups:
- Re: SSH_MSG_UNIMPLEMENTED
  - From: Bill Sommerfeld

Prev by Date: WG Last Call on draft-ietf-secsh-break-01.txt
Next by Date: Re: SSH_MSG_UNIMPLEMENTED
Previous by Thread: WG Last Call on draft-ietf-secsh-break-01.txt
Next by Thread: Re: SSH_MSG_UNIMPLEMENTED
Indexes:

Home | Main Index | Thread Index | Old Index