Re: Definition of "packet"

To: Henrick Hellström <henrick%streamsec.se@localhost>
Subject: Re: Definition of "packet"
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: 02 Nov 2005 12:35:10 +0100

Henrick Hellström <henrick%streamsec.se@localhost> writes:

> This ought to be a simple question, but it seems it is not spelled out
> anywhere in specification:
> 
> Exactly what is to be included in the calculation of the length of a
> "packet", when checking if it exceeds the Maximum Packet Size
> parameter sent during SSH Connection establishment?

If we're talking about CHANNEL_OPEN / CHANNEL_OPEN_CONFIRM, I think
it's best to interpret the max pcket size as the maximum amount of
channel "upper layer" data in a CHANNEL_DATE or CHANNEL_EXTENDED_DATA
message.

I think this has been discussed earlier, and I think that was the
conclusion.

When reading data to be sent over an ssh channel, the length for the
underlying read call can be selected as MIN(channel max packet size,
current channel window size), which is nice and simple. I have earlier
thought that the channel's max packet size should be interpreted as a
the payload size for the ssh *transport* layer, but that makes the
read logic unnecessarily complicated.

This means that if you want to limit the ssh transport layer payload
size of sent or received transport packets to 32768 bytes, then you
need to limit the received or sent max packet size for a channel to
32768 - transport overhead.

I agree a clarification would be nice, but perhaps it's too late.

Regards,
/Niels

References:
- Definition of "packet"
  - From: Henrick Hellström

Prev by Date: Re: DSA keys larger than 1024 bits
Next by Date: Re: Definition of "packet"
Previous by Thread: Re: Definition of "packet"
Next by Thread: Consistency of references in core ids
Indexes:

Home | Main Index | Thread Index | Old Index