Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/ssh: should avoid window adjustment on every Channel.Read #57424

Closed
willmo opened this issue Dec 21, 2022 · 3 comments
Closed

x/crypto/ssh: should avoid window adjustment on every Channel.Read #57424

willmo opened this issue Dec 21, 2022 · 3 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. Performance
Milestone
Unreleased

Comments

@willmo
Copy link

willmo commented Dec 21, 2022
edited
Loading

What version of Go are you using (go version)?

$ go version
go version go1.18.4 linux/amd64

golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90

Does this issue reproduce with the latest release?

Yes, channel.go is unchanged since 2017.

What did you do?

Used tcpdump/Wireshark to observe packets on a long-lived SSH connection where the only application-level activity is sporadic small writes or a long stream of writes in the same direction, or other easy-to-understand patterns.

What did you expect to see?

TCP segments with data generally correspond to application-level writes, with only occasional window adjustments sent in the other direction (and rarely a rekeying, etc.).

What did you see instead?

A window adjustment is sent after every Channel.Read on the receiving end, which wastes bandwidth.

Solution

OpenSSH has logic for deferring window adjustments, which I think usually waits until about 5% of the window has been consumed. It seemingly hasn't changed since 2007, so I assume it works well enough for them.

I added similar logic to channel.adjustWindow and it seems to work as expected in local testing. If this sounds like a reasonable change, I'll see about signing the CLA and submitting a patch.
@gopherbot gopherbot added this to the Unreleased milestone Dec 21, 2022
@dr2chase dr2chase added NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Dec 22, 2022
@gopherbot gopherbot removed the NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. label Dec 22, 2022
@dr2chase
Copy link
Contributor

@golang/security
if this is a bug, it has a proposed fix.

@rolandshoemaker
Copy link
Member

Seems like a reasonable optimization, I'd be happy to take a look if you'd like to send a CL.

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/459915 mentions this issue: ssh: defer channel window adjustment

@dmitshur dmitshur added NeedsFix The path to resolution is known, but the work has not been done. Performance and removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Nov 27, 2023
@golang golang locked and limited conversation to collaborators Nov 26, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. Performance
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
5 participants
@willmo @dmitshur @dr2chase @rolandshoemaker @gopherbot