From owner-freebsd-questions@FreeBSD.ORG Sun Feb 6 13:42:29 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD097106564A for ; Sun, 6 Feb 2011 13:42:29 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from mail.potentialtech.com (internet.potentialtech.com [66.167.251.6]) by mx1.freebsd.org (Postfix) with ESMTP id 99E5E8FC1D for ; Sun, 6 Feb 2011 13:42:29 +0000 (UTC) Received: from overdrive.ws.pitbpa0.priv.collaborativefusion.com (pr40.pitbpa0.pub.collaborativefusion.com [206.210.89.202]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.potentialtech.com (Postfix) with ESMTPSA id 4D0B1F7419; Sun, 6 Feb 2011 08:42:28 -0500 (EST) Date: Sun, 6 Feb 2011 08:42:27 -0500 From: Bill Moran To: kellyremo Message-Id: <20110206084227.639b10af.wmoran@potentialtech.com> In-Reply-To: <12dfaeab98c.2320661712861783787.-8492260798816855817@zoho.com> References: <12dfaeab98c.2320661712861783787.-8492260798816855817@zoho.com> Organization: Bill Moran X-Mailer: Sylpheed 3.0.3 (GTK+ 2.20.1; amd64-portbld-freebsd8.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: FreeBSD Subject: Re: OpenSSH could be faster...then why don't they path it?? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Feb 2011 13:42:29 -0000 In response to kellyremo : > https://www.psc.edu/networking/projects/hpn-ssh/hpn-v-ssh-tput.jpg > > "SCP and the underlying SSH2 protocol implementation in OpenSSH is network performance limited by statically defined internal flow control buffers. These buffers often end up acting as a bottleneck for network throughput of SCP, especially on long and high bandwith network links. Modifying the ssh code to allow the buffers to be defined at run time eliminates this bottleneck. We have created a patch that will remove the bottlenecks in OpenSSH and is fully interoperable with other servers and clients. In addition HPN clients will be able to download faster from non HPN servers, and HPN servers will be able to receive uploads faster from non HPN clients. However, the host receiving the data must have a properly tuned TCP/IP stack." > > My question is: So Why Does the original OpenSSH has "limited statically defined internal flow control buffers"?? It could be way faster, even 10x!! Because it's unstable?: "If you are experiencing disconnects due to a failure in buffer_append_space please let us know. We're currently tracking some problems with this and we're trying to gather more information to help resolve it." Also, I'm having trouble understanding how people like that get grants to do work like that. On the one hand, they obviously know enough about cryptography to make improvements. On the other hand, they can't seem to get a grip on the fact that the code will need to have a license before anyone can grab it and incorporate it. I can't find anywhere on that page where it tells me what terms I am allowed to use those patches under. Also, it would be nice if those folks kept track of dates. Like, how long have those patches be available? There's not a single date on any of those pages or the files involved. The reason I point this out is because OpenSSL is _extremely_ sensitive software. I don't want to see any large changes to it released until they've been in testing for months, if not years. For all we know, these speed improvements are riddled with dozens of security flaws. Also, any reason why you're asking these questions of FreeBSD and not of the OpenSSL project? -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/