From: job@openbsd.org Date: Tue, 5 Aug 2025 09:08:16 +0000 (+0000) Subject: upstream: Use the operating system default DSCP marking for X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=2a31009c36eb2da412c2784fe131fcb6ba800978;p=thirdparty%2Fopenssh-portable.git upstream: Use the operating system default DSCP marking for non-interactive traffic It seems the CS1 traffic class mark is considered ambiguous and therefore somewhat unhelpful (see RFC 8622 for more considerations). But, the new 'LE' scavenger class (also proposed in RFC 8622) offers high probability of excessive delays & high packet loss, which would be inappropriate for use with, for example, X11 forwardings. In fact, it is not known to SSH what's appropriate because SSH is not aware of the content of what passing through session forwardings. Therefore, no marking is appropriate. Non-interactive traffic simply is best effort. OK djm@ deraadt@ OpenBSD-Commit-ID: db1da1a432ecd53fc28feb84287aedb6bec80b01 --- diff --git a/readconf.c b/readconf.c index 02452edbf..781e5b004 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.403 2025/07/31 11:23:39 job Exp $ */ +/* $OpenBSD: readconf.c,v 1.404 2025/08/05 09:08:16 job Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2961,7 +2961,7 @@ fill_default_options(Options * options) if (options->ip_qos_interactive == -1) options->ip_qos_interactive = IPTOS_DSCP_EF; if (options->ip_qos_bulk == -1) - options->ip_qos_bulk = IPTOS_DSCP_CS1; + options->ip_qos_bulk = IPTOS_DSCP_CS0; if (options->request_tty == -1) options->request_tty = REQUEST_TTY_AUTO; if (options->session_type == -1) diff --git a/servconf.c b/servconf.c index 2bd9d1191..92f924e60 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.429 2025/07/31 11:23:39 job Exp $ */ +/* $OpenBSD: servconf.c,v 1.430 2025/08/05 09:08:16 job Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -474,7 +474,7 @@ fill_default_server_options(ServerOptions *options) if (options->ip_qos_interactive == -1) options->ip_qos_interactive = IPTOS_DSCP_EF; if (options->ip_qos_bulk == -1) - options->ip_qos_bulk = IPTOS_DSCP_CS1; + options->ip_qos_bulk = IPTOS_DSCP_CS0; if (options->version_addendum == NULL) options->version_addendum = xstrdup(""); if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) diff --git a/ssh_config.5 b/ssh_config.5 index 390bc44ab..f1673e014 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.416 2025/07/31 11:23:39 job Exp $ -.Dd $Mdocdate: July 31 2025 $ +.\" $OpenBSD: ssh_config.5,v 1.417 2025/08/05 09:08:16 job Exp $ +.Dd $Mdocdate: August 5 2025 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1279,8 +1279,8 @@ The default is .Cm ef (Expedited Forwarding) for interactive sessions and -.Cm cs1 -(Lower Effort) +.Cm none +(the operating system default) for non-interactive sessions. .It Cm KbdInteractiveAuthentication Specifies whether to use keyboard-interactive authentication. diff --git a/sshd_config.5 b/sshd_config.5 index ee1b29341..4536286b7 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.383 2025/07/31 11:23:39 job Exp $ -.Dd $Mdocdate: July 31 2025 $ +.\" $OpenBSD: sshd_config.5,v 1.384 2025/08/05 09:08:16 job Exp $ +.Dd $Mdocdate: August 5 2025 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -960,8 +960,8 @@ The default is .Cm ef (Expedited Forwarding) for interactive sessions and -.Cm cs1 -(Lower Effort) +.Cm none +(the operating system default) for non-interactive sessions. .It Cm KbdInteractiveAuthentication Specifies whether to allow keyboard-interactive authentication.