<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[144686] trunk/dports/net/openssh/files</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="https://trac.macports.org/changeset/144686">144686</a></dd>
<dt>Author</dt> <dd>raimue@macports.org</dd>
<dt>Date</dt> <dd>2016-01-15 02:05:27 -0800 (Fri, 15 Jan 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>net/openssh:
Rename +hpn patch for new version, closes #50336</pre>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkdportsnetopensshfilesopenssh71p2hpnssh14v5diff">trunk/dports/net/openssh/files/openssh-7.1p2-hpnssh14v5.diff</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li><a href="#trunkdportsnetopensshfilesopenssh71p1hpnssh14v5diff">trunk/dports/net/openssh/files/openssh-7.1p1-hpnssh14v5.diff</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkdportsnetopensshfilesopenssh71p1hpnssh14v5diff"></a>
<div class="delfile"><h4>Deleted: trunk/dports/net/openssh/files/openssh-7.1p1-hpnssh14v5.diff (144685 => 144686)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/dports/net/openssh/files/openssh-7.1p1-hpnssh14v5.diff        2016-01-15 10:04:51 UTC (rev 144685)
+++ trunk/dports/net/openssh/files/openssh-7.1p1-hpnssh14v5.diff        2016-01-15 10:05:27 UTC (rev 144686)
</span><span class="lines">@@ -1,1292 +0,0 @@
</span><del>---- /dev/null        1970-01-01 00:00:00.000000000 +0000
-+++ b/HPN-README        2015-10-24 07:22:39.000000000 +0200
-@@ -0,0 +1,129 @@
-+Notes:
-+
-+MULTI-THREADED CIPHER:
-+The AES cipher in CTR mode has been multithreaded (MTR-AES-CTR). This will allow ssh installations
-+on hosts with multiple cores to use more than one processing core during encryption.
-+Tests have show significant throughput performance increases when using MTR-AES-CTR up
-+to and including a full gigabit per second on quad core systems. It should be possible to
-+achieve full line rate on dual core systems but OS and data management overhead makes this
-+more difficult to achieve. The cipher stream from MTR-AES-CTR is entirely compatible with single
-+thread AES-CTR (ST-AES-CTR) implementations and should be 100% backward compatible. Optimal
-+performance requires the MTR-AES-CTR mode be enabled on both ends of the connection.
-+The MTR-AES-CTR replaces ST-AES-CTR and is used in exactly the same way with the same
-+nomenclature.
-+Use examples: ssh -caes128-ctr you@host.com
-+ scp -oCipher=aes256-ctr file you@host.com:~/file
-+
-+NONE CIPHER:
-+To use the NONE option you must have the NoneEnabled switch set on the server and
-+you *must* have *both* NoneEnabled and NoneSwitch set to yes on the client. The NONE
-+feature works with ALL ssh subsystems (as far as we can tell) *AS LONG AS* a tty is not
-+spawned. If a user uses the -T switch to prevent a tty being created the NONE cipher will
-+be disabled.
-+
-+The performance increase will only be as good as the network and TCP stack tuning
-+on the receiver side of the connection allows. As a rule of thumb a user will need
-+at least 10Mb/s connection with a 100ms RTT to see a doubling of performance. The
-+HPN-SSH home page describes this in greater detail.
-+
-+http://www.psc.edu/networking/projects/hpn-ssh
-+
-+BUFFER SIZES:
-+
-+If HPN is disabled the receive buffer size will be set to the
-+OpenSSH default of 64K.
-+
-+If an HPN system connects to a nonHPN system the receive buffer will
-+be set to the HPNBufferSize value. The default is 2MB but user adjustable.
-+
-+If an HPN to HPN connection is established a number of different things might
-+happen based on the user options and conditions.
-+
-+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
-+HPN Buffer Size = up to 64MB
-+This is the default state. The HPN buffer size will grow to a maximum of 64MB
-+as the TCP receive buffer grows. The maximum HPN Buffer size of 64MB is
-+geared towards 10GigE transcontinental connections.
-+
-+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
-+HPN Buffer Size = TCP receive buffer value.
-+Users on non-autotuning systesm should disable TCPRcvBufPoll in the
-+ssh_cofig and sshd_config
-+
-+Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
-+HPN Buffer Size = minmum of TCP receive buffer and HPNBufferSize.
-+This would be the system defined TCP receive buffer (RWIN).
-+
-+Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf SET
-+HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
-+Generally there is no need to set both.
-+
-+Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
-+HPN Buffer Size = grows to HPNBufferSize
-+The buffer will grow up to the maximum size specified here.
-+
-+Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf SET
-+HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
-+Generally there is no need to set both of these, especially on autotuning
-+systems. However, if the users wishes to override the autotuning this would be
-+one way to do it.
-+
-+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf SET
-+HPN Buffer Size = TCPRcvBuf.
-+This will override autotuning and set the TCP recieve buffer to the user defined
-+value.
-+
-+
-+HPN Specific Configuration options
-+
-+TcpRcvBuf=[int]KB client
-+ set the TCP socket receive buffer to n Kilobytes. It can be set up to the
-+maximum socket size allowed by the system. This is useful in situations where
-+the tcp receive window is set low but the maximum buffer size is set
-+higher (as is typical). This works on a per TCP connection basis. You can also
-+use this to artifically limit the transfer rate of the connection. In these
-+cases the throughput will be no more than n/RTT. The minimum buffer size is 1KB.
-+Default is the current system wide tcp receive buffer size.
-+
-+TcpRcvBufPoll=[yes/no] client/server
-+ enable of disable the polling of the tcp receive buffer through the life
-+of the connection. You would want to make sure that this option is enabled
-+for systems making use of autotuning kernels (linux 2.4.24+, 2.6, MS Vista)
-+default is yes.
-+
-+NoneEnabled=[yes/no] client/server
-+ enable or disable the use of the None cipher. Care must always be used
-+when enabling this as it will allow users to send data in the clear. However,
-+it is important to note that authentication information remains encrypted
-+even if this option is enabled. Set to no by default.
-+
-+NoneSwitch=[yes/no] client
-+ Switch the encryption cipher being used to the None cipher after
-+authentication takes place. NoneEnabled must be enabled on both the client
-+and server side of the connection. When the connection switches to the NONE
-+cipher a warning is sent to STDERR. The connection attempt will fail with an
-+error if a client requests a NoneSwitch from the server that does not explicitly
-+have NoneEnabled set to yes. Note: The NONE cipher cannot be used in
-+interactive (shell) sessions and it will fail silently. Set to no by default.
-+
-+HPNDisabled=[yes/no] client/server
-+ In some situations, such as transfers on a local area network, the impact
-+of the HPN code produces a net decrease in performance. In these cases it is
-+helpful to disable the HPN functionality. By default HPNDisabled is set to no.
-+
-+HPNBufferSize=[int]KB client/server
-+ This is the default buffer size the HPN functionality uses when interacting
-+with nonHPN SSH installations. Conceptually this is similar to the TcpRcvBuf
-+option as applied to the internal SSH flow control. This value can range from
-+1KB to 64MB (1-65536). Use of oversized or undersized buffers can cause performance
-+problems depending on the length of the network path. The default size of this buffer
-+is 2MB.
-+
-+
-+Credits: This patch was conceived, designed, and led by Chris Rapier (rapier@psc.edu)
-+ The majority of the actual coding for versions up to HPN12v1 was performed
-+ by Michael Stevens (mstevens@andrew.cmu.edu). The MT-AES-CTR cipher was
-+ implemented by Ben Bennet (ben@psc.edu) and improved by Mike Tasota
-+ (tasota@gmail.com) an NSF REU grant recipient for 2013.
-+ This work was financed, in part, by Cisco System, Inc., the National
-+ Library of Medicine, and the National Science Foundation.
---- a/channels.c        2015-10-24 04:53:18.000000000 +0200
-+++ b/channels.c        2015-10-24 05:07:01.000000000 +0200
-@@ -186,6 +186,12 @@ static void port_open_helper(Channel *c,
- static int connect_next(struct channel_connect *);
- static void channel_connect_ctx_free(struct channel_connect *);
-
-+
-+#ifdef HPN_ENABLED
-+static int hpn_disabled = 0;
-+static int hpn_buffer_size = 2 * 1024 * 1024;
-+#endif
-+
- /* -- channel core */
-
- Channel *
-@@ -336,6 +342,9 @@ channel_new(char *ctype, int type, int r
-         c->local_window_max = window;
-         c->local_consumed = 0;
-         c->local_maxpacket = maxpack;
-+#ifdef HPN_ENABLED
-+        c->dynamic_window = 0;
-+#endif
-         c->remote_id = -1;
-         c->remote_name = xstrdup(remote_name);
-         c->remote_window = 0;
-@@ -840,11 +849,41 @@ channel_pre_open_13(Channel *c, fd_set *
-                 FD_SET(c->sock, writeset);
- }
-
-+#ifdef HPN_ENABLED
-+static u_int
-+channel_tcpwinsz(void)
-+{
-+        u_int32_t tcpwinsz = 0;
-+        socklen_t optsz = sizeof(tcpwinsz);
-+        int ret = -1;
-+
-+        /* if we aren't on a socket return 128KB */
-+        if (!packet_connection_is_on_socket())
-+                return (128*1024);
-+        ret = getsockopt(packet_get_connection_in(),
-+         SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
-+        /* return no more than SSHBUF_SIZE_MAX */
-+        if (ret == 0 && tcpwinsz > SSHBUF_SIZE_MAX)
-+                tcpwinsz = SSHBUF_SIZE_MAX;
-+        debug2("tcpwinsz: %d for connection: %d", tcpwinsz,
-+         packet_get_connection_in());
-+        return (tcpwinsz);
-+}
-+#endif
-+
- static void
- channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
- {
-         u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
-
-+#ifdef HPN_ENABLED
-+        /* check buffer limits */
-+        if (!c->tcpwinsz || c->dynamic_window > 0)
-+                c->tcpwinsz = channel_tcpwinsz();
-+
-+        limit = MIN(limit, 2 * c->tcpwinsz);
-+#endif
-+
-         if (c->istate == CHAN_INPUT_OPEN &&
-          limit > 0 &&
-          buffer_len(&c->input) < limit &&
-@@ -1862,6 +1901,20 @@ channel_check_window(Channel *c)
-          c->local_maxpacket*3) ||
-          c->local_window < c->local_window_max/2) &&
-          c->local_consumed > 0) {
-+#ifdef HPN_ENABLED
-+                /* adjust max window size if we are in a dynamic environment */
-+                if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) {
-+                        u_int addition = 0;
-+
-+                        /*
-+                         * grow the window somewhat aggressively to maintain
-+                         * pressure
-+                         */
-+                        addition = 1.5*(c->tcpwinsz - c->local_window_max);
-+                        c->local_window_max += addition;
-+                        c->local_consumed += addition;
-+                }
-+#endif
-                 packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
-                 packet_put_int(c->remote_id);
-                 packet_put_int(c->local_consumed);
-@@ -2813,6 +2866,17 @@ channel_fwd_bind_addr(const char *listen
-         return addr;
- }
-
-+#ifdef HPN_ENABLED
-+void
-+channel_set_hpn(int external_hpn_disabled, int external_hpn_buffer_size)
-+{
-+        hpn_disabled = external_hpn_disabled;
-+        hpn_buffer_size = external_hpn_buffer_size;
-+        debug("HPN Disabled: %d, HPN Buffer Size: %d", hpn_disabled,
-+         hpn_buffer_size);
-+}
-+#endif
-+
- static int
- channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd,
- int *allocated_listen_port, struct ForwardOptions *fwd_opts)
-@@ -2941,6 +3005,17 @@ channel_setup_fwd_listener_tcpip(int typ
-                 }
-
-                 /* Allocate a channel number for the socket. */
-+#ifdef HPN_ENABLED
-+                /*
-+                 * explicitly test for hpn disabled option. if true use smaller
-+                 * window size.
-+                 */
-+                if (!hpn_disabled)
-+                        c = channel_new("port listener", type, sock, sock, -1,
-+                         hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
-+                         0, "port listener", 1);
-+                else
-+#endif
-                 c = channel_new("port listener", type, sock, sock, -1,
-                  CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
-                  0, "port listener", 1);
-@@ -3975,6 +4050,14 @@ x11_create_display_inet(int x11_display_
-         *chanids = xcalloc(num_socks + 1, sizeof(**chanids));
-         for (n = 0; n < num_socks; n++) {
-                 sock = socks[n];
-+#ifdef HPN_ENABLED
-+                if (!hpn_disabled)
-+                        nc = channel_new("x11 listener",
-+                         SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
-+                         hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
-+                         0, "X11 inet listener", 1);
-+                else
-+#endif
-                 nc = channel_new("x11 listener",
-                  SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
-                  CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
---- a/channels.h        2015-10-24 04:53:18.000000000 +0200
-+++ b/channels.h        2015-10-24 05:07:01.000000000 +0200
-@@ -136,6 +136,10 @@ struct Channel {
-         u_int        local_maxpacket;
-         int extended_usage;
-         int        single_connection;
-+#ifdef HPN_ENABLED
-+        int        dynamic_window;
-+        u_int        tcpwinsz;
-+#endif
-
-         char *ctype;                /* type */
-
-@@ -312,4 +316,9 @@ void         chan_rcvd_ieof(Channel *);
- void         chan_write_failed(Channel *);
- void         chan_obuf_empty(Channel *);
-
-+#ifdef HPN_ENABLED
-+/* hpn handler */
-+void channel_set_hpn(int, int);
-+#endif
-+
- #endif
---- a/cipher.c        2015-10-24 04:53:18.000000000 +0200
-+++ b/cipher.c        2015-10-24 05:07:01.000000000 +0200
-@@ -244,7 +244,13 @@ ciphers_valid(const char *names)
-         for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
-          (p = strsep(&cp, CIPHER_SEP))) {
-                 c = cipher_by_name(p);
--                if (c == NULL || c->number != SSH_CIPHER_SSH2) {
-+                if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
-+#ifdef NONE_CIPHER_ENABLED
-+                                 c->number != SSH_CIPHER_NONE
-+#else
-+                                 1
-+#endif
-+                                 )) {
-                         free(cipher_list);
-                         return 0;
-                 }
-@@ -545,6 +551,9 @@ cipher_get_keyiv(struct sshcipher_ctx *c
-
-         switch (c->number) {
- #ifdef WITH_OPENSSL
-+#ifdef NONE_CIPHER_ENABLED
-+        case SSH_CIPHER_NONE:
-+#endif
-         case SSH_CIPHER_SSH2:
-         case SSH_CIPHER_DES:
-         case SSH_CIPHER_BLOWFISH:
-@@ -593,6 +602,9 @@ cipher_set_keyiv(struct sshcipher_ctx *c
-
-         switch (c->number) {
- #ifdef WITH_OPENSSL
-+#ifdef NONE_CIPHER_ENABLED
-+        case SSH_CIPHER_NONE:
-+#endif
-         case SSH_CIPHER_SSH2:
-         case SSH_CIPHER_DES:
-         case SSH_CIPHER_BLOWFISH:
---- a/clientloop.c        2015-10-24 04:53:18.000000000 +0200
-+++ b/clientloop.c        2015-10-24 05:07:01.000000000 +0200
-@@ -1957,6 +1957,15 @@ client_request_x11(const char *request_t
-         sock = x11_connect_display();
-         if (sock < 0)
-                 return NULL;
-+#ifdef HPN_ENABLED
-+        /* again is this really necessary for X11? */
-+        if (!options.hpn_disabled)
-+                c = channel_new("x11",
-+                 SSH_CHANNEL_X11_OPEN, sock, sock, -1,
-+                 options.hpn_buffer_size,
-+                 CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
-+        else
-+#endif
-         c = channel_new("x11",
-          SSH_CHANNEL_X11_OPEN, sock, sock, -1,
-          CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
-@@ -1982,6 +1991,14 @@ client_request_agent(const char *request
-                          __func__, ssh_err(r));
-                 return NULL;
-         }
-+#ifdef HPN_ENABLED
-+        if (!options.hpn_disabled)
-+                c = channel_new("authentication agent connection",
-+                 SSH_CHANNEL_OPEN, sock, sock, -1,
-+                 options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0,
-+                 "authentication agent connection", 1);
-+        else
-+#endif
-         c = channel_new("authentication agent connection",
-          SSH_CHANNEL_OPEN, sock, sock, -1,
-          CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
-@@ -2012,6 +2029,12 @@ client_request_tun_fwd(int tun_mode, int
-                 return -1;
-         }
-
-+#ifdef HPN_ENABLED
-+        if (!options.hpn_disabled)
-+                c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
-+                 options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
-+        else
-+#endif
-         c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
-          CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
-         c->datagram = 1;
---- a/compat.c        2015-10-24 04:53:18.000000000 +0200
-+++ b/compat.c        2015-10-24 05:07:02.000000000 +0200
-@@ -210,6 +210,14 @@ compat_datafellows(const char *version)
-                         debug("match: %s pat %s compat 0x%08x",
-                          version, check[i].pat, check[i].bugs);
-                         datafellows = check[i].bugs;        /* XXX for now */
-+#ifdef HPN_ENABLED
-+                        /* Check to see if the remote side is OpenSSH and not HPN */
-+                        if (strstr(version,"OpenSSH") != NULL &&
-+                         strstr(version,"hpn") == NULL) {
-+                                datafellows |= SSH_BUG_LARGEWINDOW;
-+                                debug("Remote is NON-HPN aware");
-+                        }
-+#endif
-                         return check[i].bugs;
-                 }
-         }
---- a/compat.h        2015-10-24 04:53:18.000000000 +0200
-+++ b/compat.h        2015-10-24 06:01:31.000000000 +0200
-@@ -62,6 +62,9 @@
- #define SSH_BUG_CURVE25519PAD        0x10000000
- #define SSH_BUG_HOSTKEYS        0x20000000
- #define SSH_BUG_DHGEX_LARGE        0x40000000
-+#ifdef HPN_ENABLED
-+#define SSH_BUG_LARGEWINDOW 0x80000000
-+#endif
-
- void enable_compat13(void);
- void enable_compat20(void);
---- a/configure.ac        2015-10-24 04:53:18.000000000 +0200
-+++ b/configure.ac        2015-10-24 05:07:02.000000000 +0200
-@@ -4271,6 +4271,25 @@ AC_ARG_WITH([maildir],
- ]
- ) # maildir
-
-+#check whether user wants HPN support
-+HPN_MSG="no"
-+AC_ARG_WITH(hpn,
-+        [ --with-hpn Enable HPN support],
-+        [ if test "x$withval" != "xno" ; then
-+                AC_DEFINE(HPN_ENABLED,1,[Define if you want HPN support.])
-+                HPN_MSG="yes"
-+        fi ]
-+)
-+#check whether user wants NONECIPHER support
-+NONECIPHER_MSG="no"
-+AC_ARG_WITH(nonecipher,
-+        [ --with-nonecipher Enable NONECIPHER support],
-+        [ if test "x$withval" != "xno" ; then
-+                AC_DEFINE(NONE_CIPHER_ENABLED,1,[Define if you want NONECIPHER support.])
-+                NONECIPHER_MSG="yes"
-+        fi ]
-+)
-+
- if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
-         AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
-         disable_ptmx_check=yes
-@@ -4938,6 +4957,8 @@ echo " Translate v4 in v6 hack
- echo " BSD Auth support: $BSD_AUTH_MSG"
- echo " Random number source: $RAND_MSG"
- echo " Privsep sandbox style: $SANDBOX_STYLE"
-+echo " HPN support: $HPN_MSG"
-+echo " NONECIPHER support: $NONECIPHER_MSG"
-
- echo ""
-
---- a/kex.c        2015-10-24 04:53:18.000000000 +0200
-+++ b/kex.c        2015-10-24 05:19:11.000000000 +0200
-@@ -652,6 +652,13 @@ kex_choose_conf(struct ssh *ssh)
-         int nenc, nmac, ncomp;
-         u_int mode, ctos, need, dh_need, authlen;
-         int r, first_kex_follows;
-+#ifdef NONE_CIPHER_ENABLED
-+        /* XXX: Could this move into the lower block? */
-+        int auth_flag;
-+
-+        auth_flag = ssh_packet_authentication_state(ssh);
-+        debug ("AUTH STATE IS %d", auth_flag);
-+#endif
-
-         if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0 ||
-          (r = kex_buf2prop(kex->peer, &first_kex_follows, &peer)) != 0)
-@@ -709,6 +716,17 @@ kex_choose_conf(struct ssh *ssh)
-                         peer[ncomp] = NULL;
-                         goto out;
-                 }
-+#ifdef NONE_CIPHER_ENABLED
-+                debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
-+                if (strcmp(newkeys->enc.name, "none") == 0) {
-+                        debug("Requesting NONE. Authflag is %d", auth_flag);
-+                        if (auth_flag == 1) {
-+                                debug("None requested post authentication.");
-+                        } else {
-+                                fatal("Pre-authentication none cipher requests are not allowed.");
-+                        }
-+                }
-+#endif
-                 debug("kex: %s %s %s %s",
-                  ctos ? "client->server" : "server->client",
-                  newkeys->enc.name,
---- a/myproposal.h        2015-10-24 04:53:18.000000000 +0200
-+++ b/myproposal.h        2015-10-24 05:07:02.000000000 +0200
-@@ -169,6 +169,10 @@
- #define        KEX_DEFAULT_COMP        "none,zlib@openssh.com,zlib"
- #define        KEX_DEFAULT_LANG        ""
-
-+#ifdef NONE_CIPHER_ENABLED
-+#define KEX_ENCRYPT_INCLUDE_NONE KEX_SERVER_ENCRYPT ",none"
-+#endif
-+
- #define KEX_CLIENT \
-         KEX_CLIENT_KEX, \
-         KEX_DEFAULT_PK_ALG, \
---- a/packet.c        2015-10-24 04:53:18.000000000 +0200
-+++ b/packet.c        2015-10-24 05:07:02.000000000 +0200
-@@ -2228,6 +2228,24 @@ ssh_packet_send_ignore(struct ssh *ssh,
-         }
- }
-
-+#ifdef NONE_CIPHER_ENABLED
-+/* this supports the forced rekeying required for the NONE cipher */
-+int rekey_requested = 0;
-+void
-+packet_request_rekeying(void)
-+{
-+        rekey_requested = 1;
-+}
-+
-+int
-+ssh_packet_authentication_state(struct ssh *ssh)
-+{
-+        struct session_state *state = ssh->state;
-+
-+        return(state->after_authentication);
-+}
-+#endif
-+
- #define MAX_PACKETS        (1U<<31)
- int
- ssh_packet_need_rekeying(struct ssh *ssh)
-@@ -2236,6 +2254,12 @@ ssh_packet_need_rekeying(struct ssh *ssh
-
-         if (ssh->compat & SSH_BUG_NOREKEY)
-                 return 0;
-+#ifdef NONE_CIPHER_ENABLED
-+ if (rekey_requested == 1) {
-+ rekey_requested = 0;
-+ return 1;
-+ }
-+#endif
-         return
-          (state->p_send.packets > MAX_PACKETS) ||
-          (state->p_read.packets > MAX_PACKETS) ||
---- a/packet.h        2015-10-24 04:53:18.000000000 +0200
-+++ b/packet.h        2015-10-24 05:07:02.000000000 +0200
-@@ -188,6 +188,11 @@ int        sshpkt_get_bignum2(struct ssh *ssh,
- int        sshpkt_get_end(struct ssh *ssh);
- const u_char        *sshpkt_ptr(struct ssh *, size_t *lenp);
-
-+#ifdef NONE_CIPHER_ENABLED
-+void packet_request_rekeying(void);
-+int ssh_packet_authentication_state(struct ssh *ssh);
-+#endif
-+
- /* OLD API */
- extern struct ssh *active_state;
- #include "opacket.h"
---- a/readconf.c        2015-10-24 04:53:18.000000000 +0200
-+++ b/readconf.c        2015-10-24 06:10:34.000000000 +0200
-@@ -153,6 +153,12 @@ typedef enum {
-         oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
-         oVisualHostKey, oUseRoaming,
-         oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
-+#ifdef HPN_ENABLED
-+        oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
-+#endif
-+#ifdef NONE_CIPHER_ENABLED
-+        oNoneSwitch, oNoneEnabled,
-+#endif
-         oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
-         oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
-         oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
-@@ -277,6 +283,16 @@ static struct {
-         { "updatehostkeys", oUpdateHostkeys },
-         { "hostbasedkeytypes", oHostbasedKeyTypes },
-         { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
-+#ifdef NONE_CIPHER_ENABLED
-+        { "noneenabled", oNoneEnabled },
-+        { "noneswitch", oNoneSwitch },
-+#endif
-+#ifdef HPN_ENABLED
-+        { "tcprcvbufpoll", oTcpRcvBufPoll },
-+        { "tcprcvbuf", oTcpRcvBuf },
-+        { "hpndisabled", oHPNDisabled },
-+        { "hpnbuffersize", oHPNBufferSize },
-+#endif
-         { "ignoreunknown", oIgnoreUnknown },
-
-         { NULL, oBadOption }
-@@ -906,6 +922,44 @@ parse_time:
-                 intptr = &options->check_host_ip;
-                 goto parse_flag;
-
-+#ifdef HPN_ENABLED
-+        case oHPNDisabled:
-+                intptr = &options->hpn_disabled;
-+                goto parse_flag;
-+
-+        case oHPNBufferSize:
-+                intptr = &options->hpn_buffer_size;
-+                goto parse_int;
-+
-+        case oTcpRcvBufPoll:
-+                intptr = &options->tcp_rcv_buf_poll;
-+                goto parse_flag;
-+
-+        case oTcpRcvBuf:
-+                intptr = &options->tcp_rcv_buf;
-+                goto parse_int;
-+#endif
-+
-+#ifdef NONE_CIPHER_ENABLED
-+ case oNoneEnabled:
-+ intptr = &options->none_enabled;
-+ goto parse_flag;
-+
-+ /* we check to see if the command comes from the */
-+ /* command line or not. If it does then enable it */
-+ /* otherwise fail. NONE should never be a default configuration */
-+ case oNoneSwitch:
-+ if(strcmp(filename,"command-line") == 0) {
-+ intptr = &options->none_switch;
-+ goto parse_flag;
-+ } else {
-+ error("NoneSwitch is found in %.200s.\nYou may only use this configuration option from the command line", filename);
-+ error("Continuing...");
-+ debug("NoneSwitch directive found in %.200s.", filename);
-+ return 0;
-+ }
-+#endif
-+
-         case oVerifyHostKeyDNS:
-                 intptr = &options->verify_host_key_dns;
-                 multistate_ptr = multistate_yesnoask;
-@@ -1665,6 +1719,16 @@ initialize_options(Options * options)
-         options->ip_qos_interactive = -1;
-         options->ip_qos_bulk = -1;
-         options->request_tty = -1;
-+#ifdef NONE_CIPHER_ENABLED
-+        options->none_switch = -1;
-+        options->none_enabled = -1;
-+#endif
-+#ifdef HPN_ENABLED
-+        options->hpn_disabled = -1;
-+        options->hpn_buffer_size = -1;
-+        options->tcp_rcv_buf_poll = -1;
-+        options->tcp_rcv_buf = -1;
-+#endif
-         options->proxy_use_fdpass = -1;
-         options->ignored_unknown = NULL;
-         options->num_canonical_domains = 0;
-@@ -1817,6 +1881,35 @@ fill_default_options(Options * options)
-                 options->server_alive_interval = 0;
-         if (options->server_alive_count_max == -1)
-                 options->server_alive_count_max = 3;
-+#ifdef NONE_CIPHER_ENABLED
-+        if (options->none_switch == -1)
-+                options->none_switch = 0;
-+        if (options->none_enabled == -1)
-+                options->none_enabled = 0;
-+#endif
-+#ifdef HPN_ENABLED
-+        if (options->hpn_disabled == -1)
-+                options->hpn_disabled = 0;
-+        if (options->hpn_buffer_size > -1) {
-+                /* if a user tries to set the size to 0 set it to 1KB */
-+                if (options->hpn_buffer_size == 0)
-+                        options->hpn_buffer_size = 1;
-+                /* limit the buffer to 64MB */
-+                if (options->hpn_buffer_size > 64*1024) {
-+                        options->hpn_buffer_size = 64*1024*1024;
-+                        debug("User requested buffer larger than 64MB. Request"
-+                         " reverted to 64MB");
-+                } else
-+                        options->hpn_buffer_size *= 1024;
-+                debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
-+        }
-+        if (options->tcp_rcv_buf == 0)
-+                options->tcp_rcv_buf = 1;
-+        if (options->tcp_rcv_buf > -1)
-+                options->tcp_rcv_buf *=1024;
-+        if (options->tcp_rcv_buf_poll == -1)
-+                options->tcp_rcv_buf_poll = 1;
-+#endif
-         if (options->control_master == -1)
-                 options->control_master = 0;
-         if (options->control_persist == -1) {
---- a/readconf.h        2015-10-24 04:53:18.000000000 +0200
-+++ b/readconf.h        2015-10-24 06:17:07.000000000 +0200
-@@ -105,6 +105,16 @@ typedef struct {
-         int        clear_forwardings;
-
-         int        enable_ssh_keysign;
-+#ifdef NONE_CIPHER_ENABLED
-+        int none_switch; /* Use none cipher */
-+        int none_enabled; /* Allow none to be used */
-+#endif
-+#ifdef HPN_ENABLED
-+        int tcp_rcv_buf; /* user switch to set tcp recv buffer */
-+        int tcp_rcv_buf_poll; /* Option to poll recv buf every window transfer */
-+        int hpn_disabled; /* Switch to disable HPN buffer management */
-+        int hpn_buffer_size; /* User definable size for HPN buffer window */
-+#endif
-         int64_t rekey_limit;
-         int        rekey_interval;
-         int        no_host_authentication_for_localhost;
---- a/scp.c        2015-10-24 04:53:18.000000000 +0200
-+++ b/scp.c        2015-10-24 05:07:02.000000000 +0200
-@@ -750,7 +750,7 @@ source(int argc, char **argv)
-         off_t i, statbytes;
-         size_t amt, nr;
-         int fd = -1, haderr, indx;
--        char *last, *name, buf[2048], encname[PATH_MAX];
-+        char *last, *name, buf[16384], encname[PATH_MAX];
-         int len;
-
-         for (indx = 0; indx < argc; ++indx) {
-@@ -919,7 +919,7 @@ sink(int argc, char **argv)
-         off_t size, statbytes;
-         unsigned long long ull;
-         int setimes, targisdir, wrerrno = 0;
--        char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
-+        char ch, *cp, *np, *targ, *why, *vect[1], buf[16384];
-         struct timeval tv[2];
-
- #define        atime        tv[0]
---- a/servconf.c        2015-10-24 04:53:18.000000000 +0200
-+++ b/servconf.c        2015-10-24 06:21:38.000000000 +0200
-@@ -165,6 +165,14 @@ initialize_server_options(ServerOptions
-         options->authorized_principals_file = NULL;
-         options->authorized_principals_command = NULL;
-         options->authorized_principals_command_user = NULL;
-+#ifdef NONE_CIPHER_ENABLED
-+        options->none_enabled = -1;
-+#endif
-+#ifdef HPN_ENABLED
-+        options->tcp_rcv_buf_poll = -1;
-+        options->hpn_disabled = -1;
-+        options->hpn_buffer_size = -1;
-+#endif
-         options->ip_qos_interactive = -1;
-         options->ip_qos_bulk = -1;
-         options->version_addendum = NULL;
-@@ -329,6 +337,57 @@ fill_default_server_options(ServerOption
-         }
-         if (options->permit_tun == -1)
-                 options->permit_tun = SSH_TUNMODE_NO;
-+#ifdef NONE_CIPHER_ENABLED
-+        if (options->none_enabled == -1)
-+                options->none_enabled = 0;
-+#endif
-+#ifdef HPN_ENABLED
-+        if (options->hpn_disabled == -1)
-+                options->hpn_disabled = 0;
-+
-+        if (options->hpn_buffer_size == -1) {
-+                /*
-+                 * option not explicitly set. Now we have to figure out
-+                 * what value to use.
-+                 */
-+                if (options->hpn_disabled == 1) {
-+                        options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
-+                } else {
-+                        int sock, socksize;
-+                        socklen_t socksizelen = sizeof(socksize);
-+
-+                        /*
-+                         * get the current RCV size and set it to that
-+                         * create a socket but don't connect it
-+                         * we use that the get the rcv socket size
-+                         */
-+                        sock = socket(AF_INET, SOCK_STREAM, 0);
-+                        getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-+                         &socksize, &socksizelen);
-+                        close(sock);
-+                        options->hpn_buffer_size = socksize;
-+                        debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
-+                }
-+        } else {
-+                /*
-+                 * we have to do this incase the user sets both values in a
-+                 * contradictory manner. hpn_disabled overrrides
-+                 * hpn_buffer_size
-+                 */
-+                if (options->hpn_disabled <= 0) {
-+                        if (options->hpn_buffer_size == 0)
-+                                options->hpn_buffer_size = 1;
-+                        /* limit the maximum buffer to 64MB */
-+                        if (options->hpn_buffer_size > 64*1024) {
-+                                options->hpn_buffer_size = 64*1024*1024;
-+                        } else {
-+                                options->hpn_buffer_size *= 1024;
-+                        }
-+                } else
-+                        options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
-+        }
-+#endif
-+
-         if (options->ip_qos_interactive == -1)
-                 options->ip_qos_interactive = IPTOS_LOWDELAY;
-         if (options->ip_qos_bulk == -1)
-@@ -418,6 +477,12 @@ typedef enum {
-         sHostCertificate,
-         sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
-         sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
-+#ifdef NONE_CIPHER_ENABLED
-+        sNoneEnabled,
-+#endif
-+#ifdef HPN_ENABLED
-+        sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
-+#endif
-         sKexAlgorithms, sIPQoS, sVersionAddendum,
-         sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
-         sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
-@@ -549,6 +614,14 @@ static struct {
-         { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
-         { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
-         { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
-+#ifdef NONE_CIPHER_ENABLED
-+        { "noneenabled", sNoneEnabled, SSHCFG_ALL },
-+#endif
-+#ifdef HPN_ENABLED
-+        { "hpndisabled", sHPNDisabled, SSHCFG_ALL },
-+        { "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
-+        { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
-+#endif
-         { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
-         { "ipqos", sIPQoS, SSHCFG_ALL },
-         { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
-@@ -1169,6 +1242,25 @@ process_server_config_line(ServerOptions
-                 intptr = &options->ignore_user_known_hosts;
-                 goto parse_flag;
-
-+#ifdef NONE_CIPHER_ENABLED
-+        case sNoneEnabled:
-+                intptr = &options->none_enabled;
-+                goto parse_flag;
-+#endif
-+#ifdef HPN_ENABLED
-+        case sTcpRcvBufPoll:
-+                intptr = &options->tcp_rcv_buf_poll;
-+                goto parse_flag;
-+
-+        case sHPNDisabled:
-+                intptr = &options->hpn_disabled;
-+                goto parse_flag;
-+
-+        case sHPNBufferSize:
-+                intptr = &options->hpn_buffer_size;
-+                goto parse_int;
-+#endif
-+
-         case sRhostsRSAAuthentication:
-                 intptr = &options->rhosts_rsa_authentication;
-                 goto parse_flag;
---- a/servconf.h        2015-10-24 04:53:18.000000000 +0200
-+++ b/servconf.h        2015-10-24 07:22:48.000000000 +0200
-@@ -173,6 +173,15 @@ typedef struct {
-
-         int        use_pam;                /* Enable auth via PAM */
-
-+#ifdef NONE_CIPHER_ENABLED
-+        int        none_enabled;                /* enable NONE cipher switch */
-+#endif
-+#ifdef HPN_ENABLED
-+        int tcp_rcv_buf_poll; /* poll tcp rcv window in autotuning kernels*/
-+        int        hpn_disabled;                /* disable hpn functionality. false by default */
-+        int        hpn_buffer_size;        /* set the hpn buffer size - default 3MB */
-+#endif
-+
-         int        permit_tun;
-
-         int        num_permitted_opens;
---- a/serverloop.c        2015-10-24 04:53:18.000000000 +0200
-+++ b/serverloop.c        2015-10-24 05:07:02.000000000 +0200
-@@ -1051,6 +1051,12 @@ server_request_tun(void)
-         sock = tun_open(tun, mode);
-         if (sock < 0)
-                 goto done;
-+#ifdef HPN_ENABLED
-+        if (!options.hpn_disabled)
-+                c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
-+                 options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
-+        else
-+#endif
-         c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
-          CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
-         c->datagram = 1;
-@@ -1088,6 +1094,10 @@ server_request_session(void)
-         c = channel_new("session", SSH_CHANNEL_LARVAL,
-          -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
-          0, "server-session", 1);
-+#ifdef HPN_ENABLED
-+        if (options.tcp_rcv_buf_poll && !options.hpn_disabled)
-+                c->dynamic_window = 1;
-+#endif
-         if (session_open(the_authctxt, c->self) != 1) {
-                 debug("session open failed, free channel %d", c->self);
-                 channel_free(c);
---- a/session.c        2015-10-24 04:53:18.000000000 +0200
-+++ b/session.c        2015-10-24 05:07:02.000000000 +0200
-@@ -2329,6 +2329,14 @@ session_set_fds(Session *s, int fdin, in
-          */
-         if (s->chanid == -1)
-                 fatal("no channel for session %d", s->self);
-+#ifdef HPN_ENABLED
-+        if (!options.hpn_disabled)
-+                channel_set_fds(s->chanid,
-+                 fdout, fdin, fderr,
-+                 ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
-+                 1, is_tty, options.hpn_buffer_size);
-+        else
-+#endif
-         channel_set_fds(s->chanid,
-          fdout, fdin, fderr,
-          ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
---- a/sftp.1        2015-10-24 04:53:18.000000000 +0200
-+++ b/sftp.1        2015-10-24 05:07:02.000000000 +0200
-@@ -263,7 +263,8 @@ diagnostic messages from
- Specify how many requests may be outstanding at any one time.
- Increasing this may slightly improve file transfer speed
- but will increase memory usage.
--The default is 64 outstanding requests.
-+The default is 256 outstanding requests providing for 8MB
-+of outstanding data with a 32KB buffer.
- .It Fl r
- Recursively copy entire directories when uploading and downloading.
- Note that
---- a/sftp.c        2015-10-24 04:53:18.000000000 +0200
-+++ b/sftp.c        2015-10-24 05:07:02.000000000 +0200
-@@ -71,7 +71,11 @@ typedef void EditLine;
- #include "sftp-client.h"
-
- #define DEFAULT_COPY_BUFLEN        32768        /* Size of buffer for up/download */
-+#ifdef HPN_ENABLED
-+#define DEFAULT_NUM_REQUESTS        256        /* # concurrent outstanding requests */
-+#else
- #define DEFAULT_NUM_REQUESTS        64        /* # concurrent outstanding requests */
-+#endif
-
- /* File to read commands from */
- FILE* infile;
---- a/ssh.c        2015-10-24 04:53:18.000000000 +0200
-+++ b/ssh.c        2015-10-24 05:07:02.000000000 +0200
-@@ -884,6 +884,14 @@ main(int ac, char **av)
-                         break;
-                 case 'T':
-                         options.request_tty = REQUEST_TTY_NO;
-+#ifdef NONE_CIPHER_ENABLED
-+                        /*
-+                         * ensure that the user doesn't try to backdoor a
-+                         * null cipher switch on an interactive session
-+                         * so explicitly disable it no matter what.
-+                         */
-+                        options.none_switch = 0;
-+#endif
-                         break;
-                 case 'o':
-                         line = xstrdup(optarg);
-@@ -1834,9 +1842,85 @@ ssh_session2_open(void)
-         if (!isatty(err))
-                 set_nonblock(err);
-
-+#ifdef HPN_ENABLED
-+        /*
-+         * we need to check to see if what they want to do about buffer
-+         * sizes here. In a hpn to nonhpn connection we want to limit
-+         * the window size to something reasonable in case the far side
-+         * has the large window bug. In hpn to hpn connection we want to
-+         * use the max window size but allow the user to override it
-+         * lastly if they disabled hpn then use the ssh std window size
-+
-+         * so why don't we just do a getsockopt() here and set the
-+         * ssh window to that? In the case of a autotuning receive
-+         * window the window would get stuck at the initial buffer
-+         * size generally less than 96k. Therefore we need to set the
-+         * maximum ssh window size to the maximum hpn buffer size
-+         * unless the user has specifically set the tcprcvbufpoll
-+         * to no. In which case we *can* just set the window to the
-+         * minimum of the hpn buffer size and tcp receive buffer size
-+         */
-+
-+        if (tty_flag)
-+                options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
-+        else
-+                options.hpn_buffer_size = 2*1024*1024;
-+
-+        if (datafellows & SSH_BUG_LARGEWINDOW) {
-+                debug("HPN to Non-HPN Connection");
-+        } else {
-+                int sock, socksize;
-+                socklen_t socksizelen = sizeof(socksize);
-+
-+                if (options.tcp_rcv_buf_poll <= 0) {
-+                        sock = socket(AF_INET, SOCK_STREAM, 0);
-+                        getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-+                         &socksize, &socksizelen);
-+                        close(sock);
-+                        debug("socksize %d", socksize);
-+                        options.hpn_buffer_size = socksize;
-+                        debug ("HPNBufferSize set to TCP RWIN: %d",
-+                         options.hpn_buffer_size);
-+                } else {
-+                        if (options.tcp_rcv_buf > 0) {
-+                                /*
-+                                 * create a socket but don't connect it.
-+                                 * we use that the get the rcv socket size
-+                                 */
-+                                sock = socket(AF_INET, SOCK_STREAM, 0);
-+                                /*
-+                                 * if they are using the tcp_rcv_buf option
-+                                 * attempt to set the buffer size to that
-+                                 */
-+                                if (options.tcp_rcv_buf)
-+                                        setsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-+                                         (void *)&options.tcp_rcv_buf,
-+                                         sizeof(options.tcp_rcv_buf));
-+                                getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-+                                 &socksize, &socksizelen);
-+                                close(sock);
-+                                debug("socksize %d", socksize);
-+                                options.hpn_buffer_size = socksize;
-+                                debug ("HPNBufferSize set to user TCPRcvBuf: "
-+                                 "%d", options.hpn_buffer_size);
-+                        }
-+                }
-+        }
-+
-+        debug("Final hpn_buffer_size = %d", options.hpn_buffer_size);
-+
-+        window = options.hpn_buffer_size;
-+
-+        channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
-+#else
-         window = CHAN_SES_WINDOW_DEFAULT;
-+#endif
-+
-         packetmax = CHAN_SES_PACKET_DEFAULT;
-         if (tty_flag) {
-+#ifdef HPN_ENABLED
-+                window = CHAN_SES_WINDOW_DEFAULT;
-+#endif
-                 window >>= 1;
-                 packetmax >>= 1;
-         }
-@@ -1845,6 +1929,12 @@ ssh_session2_open(void)
-          window, packetmax, CHAN_EXTENDED_WRITE,
-          "client-session", /*nonblock*/0);
-
-+#ifdef HPN_ENABLED
-+        if (options.tcp_rcv_buf_poll > 0 && !options.hpn_disabled) {
-+                c->dynamic_window = 1;
-+                debug ("Enabled Dynamic Window Scaling");
-+        }
-+#endif
-         debug3("ssh_session2_open: channel_new: %d", c->self);
-
-         channel_send_open(c->self);
---- a/sshconnect.c        2015-10-24 04:53:18.000000000 +0200
-+++ b/sshconnect.c        2015-10-24 05:07:02.000000000 +0200
-@@ -266,6 +266,31 @@ ssh_kill_proxy_command(void)
-                 kill(proxy_command_pid, SIGHUP);
- }
-
-+#ifdef HPN_ENABLED
-+/*
-+ * Set TCP receive buffer if requested.
-+ * Note: tuning needs to happen after the socket is
-+ * created but before the connection happens
-+ * so winscale is negotiated properly -cjr
-+ */
-+static void
-+ssh_set_socket_recvbuf(int sock)
-+{
-+        void *buf = (void *)&options.tcp_rcv_buf;
-+        int sz = sizeof(options.tcp_rcv_buf);
-+        int socksize;
-+        socklen_t socksizelen = sizeof(socksize);
-+
-+        debug("setsockopt Attempting to set SO_RCVBUF to %d", options.tcp_rcv_buf);
-+        if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, buf, sz) >= 0) {
-+         getsockopt(sock, SOL_SOCKET, SO_RCVBUF, &socksize, &socksizelen);
-+         debug("setsockopt SO_RCVBUF: %.100s %d", strerror(errno), socksize);
-+        } else
-+                error("Couldn't set socket receive buffer to %d: %.100s",
-+                 options.tcp_rcv_buf, strerror(errno));
-+}
-+#endif
-+
- /*
- * Creates a (possibly privileged) socket for use as the ssh connection.
- */
-@@ -282,6 +307,11 @@ ssh_create_socket(int privileged, struct
-         }
-         fcntl(sock, F_SETFD, FD_CLOEXEC);
-
-+#ifdef HPN_ENABLED
-+        if (options.tcp_rcv_buf > 0)
-+                ssh_set_socket_recvbuf(sock);
-+#endif
-+
-         /* Bind the socket to an alternative local IP address */
-         if (options.bind_address == NULL && !privileged)
-                 return sock;
-@@ -523,11 +553,23 @@ send_client_banner(int connection_out, i
- {
-         /* Send our own protocol version identification. */
-         if (compat20) {
--                xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
--                 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
-+                xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s\r\n",
-+                 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
-+#ifdef HPN_ENABLED
-+                 options.hpn_disabled ? "" : SSH_HPN
-+#else
-+                 ""
-+#endif
-+                 );
-         } else {
--                xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
--                 PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
-+                xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s\n",
-+                 PROTOCOL_MAJOR_1, minor1, SSH_VERSION,
-+#ifdef HPN_ENABLED
-+                 options.hpn_disabled ? "" : SSH_HPN
-+#else
-+                 ""
-+#endif
-+                 );
-         }
-         if (roaming_atomicio(vwrite, connection_out, client_version_string,
-          strlen(client_version_string)) != strlen(client_version_string))
---- a/sshconnect2.c        2015-10-24 04:53:18.000000000 +0200
-+++ b/sshconnect2.c        2015-10-24 05:07:02.000000000 +0200
-@@ -80,6 +80,14 @@
- extern char *client_version_string;
- extern char *server_version_string;
- extern Options options;
-+#ifdef NONE_CIPHER_ENABLED
-+struct kex *xxx_kex;
-+
-+/* tty_flag is set in ssh.c. use this in ssh_userauth2 */
-+/* if it is set then prevent the switch to the null cipher */
-+
-+extern int tty_flag;
-+#endif
-
- /*
- * SSH2 key exchange
-@@ -153,13 +161,16 @@ order_hostkeyalgs(char *host, struct soc
-         return ret;
- }
-
-+static char *myproposal[PROPOSAL_MAX];
-+static const char *myproposal_default[PROPOSAL_MAX] = { KEX_CLIENT };
- void
- ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
- {
--        char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
-         struct kex *kex;
-         int r;
-
-+        memcpy(&myproposal, &myproposal_default, sizeof(myproposal));
-+
-         xxx_host = host;
-         xxx_hostaddr = hostaddr;
-
-@@ -215,6 +226,10 @@ ssh_kex2(char *host, struct sockaddr *ho
-         kex->server_version_string=server_version_string;
-         kex->verify_host_key=&verify_host_key_callback;
-
-+#ifdef NONE_CIPHER_ENABLED
-+        xxx_kex = kex;
-+#endif
-+
-         dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
-
-         if (options.use_roaming && !kex->roaming) {
-@@ -416,6 +431,29 @@ ssh_userauth2(const char *local_user, co
-         pubkey_cleanup(&authctxt);
-         dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
-
-+#ifdef NONE_CIPHER_ENABLED
-+        /*
-+         * if the user wants to use the none cipher do it
-+         * post authentication and only if the right conditions are met
-+         * both of the NONE commands must be true and there must be no
-+         * tty allocated.
-+         */
-+        if ((options.none_switch == 1) && (options.none_enabled == 1)) {
-+                if (!tty_flag) { /* no null on tty sessions */
-+                        debug("Requesting none rekeying...");
-+                        myproposal[PROPOSAL_ENC_ALGS_STOC] = "none";
-+                        myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none";
-+                        kex_prop2buf(xxx_kex->my, myproposal);
-+                        packet_request_rekeying();
-+                        fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n");
-+                } else {
-+                        /* requested NONE cipher when in a tty */
-+                        debug("Cannot switch to NONE cipher with tty allocated");
-+                        fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n");
-+                }
-+        }
-+#endif
-+
-         debug("Authentication succeeded (%s).", authctxt.method->name);
- }
-
---- a/sshd.c        2015-10-24 04:53:18.000000000 +0200
-+++ b/sshd.c        2015-10-24 05:36:38.000000000 +0200
-@@ -431,8 +431,11 @@ sshd_exchange_identification(int sock_in
-                 minor = PROTOCOL_MINOR_1;
-         }
-
--        xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
-+        xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s",
-          major, minor, SSH_VERSION,
-+#ifdef HPN_ENABLED
-+         options.hpn_disabled ? "" : SSH_HPN,
-+#endif
-          *options.version_addendum == '\0' ? "" : " ",
-          options.version_addendum, newline);
-
-@@ -1162,6 +1165,10 @@ server_listen(void)
-         int ret, listen_sock, on = 1;
-         struct addrinfo *ai;
-         char ntop[NI_MAXHOST], strport[NI_MAXSERV];
-+#ifdef HPN_ENABLED
-+        int socksize;
-+        socklen_t socksizelen = sizeof(socksize);
-+#endif
-
-         for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
-                 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
-@@ -1202,6 +1209,13 @@ server_listen(void)
-
-                 debug("Bind to port %s on %s.", strport, ntop);
-
-+#ifdef HPN_ENABLED
-+                getsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF,
-+                                 &socksize, &socksizelen);
-+                debug("Server TCP RWIN socket size: %d", socksize);
-+                debug("HPN Buffer Size: %d", options.hpn_buffer_size);
-+#endif
-+
-                 /* Bind the socket to the desired port. */
-                 if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
-                         error("Bind to port %s on %s failed: %.200s.",
-@@ -2152,6 +2166,11 @@ main(int ac, char **av)
-          remote_ip, remote_port, laddr, get_local_port());
-         free(laddr);
-
-+#ifdef HPN_ENABLED
-+        /* set the HPN options for the child */
-+        channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
-+#endif
-+
-         /*
-          * We don't want to listen forever unless the other side
-          * successfully authenticates itself. So we set up an alarm which is
-@@ -2555,6 +2574,14 @@ do_ssh2_kex(void)
-         myproposal[PROPOSAL_MAC_ALGS_CTOS] =
-          myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
-
-+#ifdef NONE_CIPHER_ENABLED
-+ if (options.none_enabled == 1) {
-+ debug ("WARNING: None cipher enabled");
-+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
-+ myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(KEX_ENCRYPT_INCLUDE_NONE);
-+ }
-+#endif
-+
-         if (options.compression == COMP_NONE) {
-                 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
-                 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
---- a/sshd_config        2015-10-24 04:53:18.000000000 +0200
-+++ b/sshd_config        2015-10-24 07:19:47.000000000 +0200
-@@ -125,6 +125,20 @@ UsePrivilegeSeparation sandbox                # Defaul
- # override default of no subsystems
- Subsystem        sftp        /usr/libexec/sftp-server
-
-+# the following are HPN related configuration options
-+# tcp receive buffer polling. disable in non autotuning kernels
-+#TcpRcvBufPoll yes
-+
-+# disable hpn performance boosts
-+#HPNDisabled no
-+
-+# buffer size for hpn to non-hpn connections
-+#HPNBufferSize 2048
-+
-+
-+# allow the use of the none cipher
-+#NoneEnabled no
-+
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- #        X11Forwarding no
---- a/version.h        2015-10-24 04:53:19.000000000 +0200
-+++ b/version.h        2015-10-24 05:07:02.000000000 +0200
-@@ -4,3 +4,4 @@
-
- #define SSH_PORTABLE        "p1"
- #define SSH_RELEASE        SSH_VERSION SSH_PORTABLE
-+#define SSH_HPN "-hpn14v5"
</del></span></pre></div>
<a id="trunkdportsnetopensshfilesopenssh71p2hpnssh14v5difffromrev144685trunkdportsnetopensshfilesopenssh71p1hpnssh14v5diff"></a>
<div class="copfile"><h4>Copied: trunk/dports/net/openssh/files/openssh-7.1p2-hpnssh14v5.diff (from rev 144685, trunk/dports/net/openssh/files/openssh-7.1p1-hpnssh14v5.diff) (0 => 144686)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/dports/net/openssh/files/openssh-7.1p2-hpnssh14v5.diff         (rev 0)
+++ trunk/dports/net/openssh/files/openssh-7.1p2-hpnssh14v5.diff        2016-01-15 10:05:27 UTC (rev 144686)
</span><span class="lines">@@ -0,0 +1,1292 @@
</span><ins>+--- /dev/null        1970-01-01 00:00:00.000000000 +0000
++++ b/HPN-README        2015-10-24 07:22:39.000000000 +0200
+@@ -0,0 +1,129 @@
++Notes:
++
++MULTI-THREADED CIPHER:
++The AES cipher in CTR mode has been multithreaded (MTR-AES-CTR). This will allow ssh installations
++on hosts with multiple cores to use more than one processing core during encryption.
++Tests have show significant throughput performance increases when using MTR-AES-CTR up
++to and including a full gigabit per second on quad core systems. It should be possible to
++achieve full line rate on dual core systems but OS and data management overhead makes this
++more difficult to achieve. The cipher stream from MTR-AES-CTR is entirely compatible with single
++thread AES-CTR (ST-AES-CTR) implementations and should be 100% backward compatible. Optimal
++performance requires the MTR-AES-CTR mode be enabled on both ends of the connection.
++The MTR-AES-CTR replaces ST-AES-CTR and is used in exactly the same way with the same
++nomenclature.
++Use examples: ssh -caes128-ctr you@host.com
++ scp -oCipher=aes256-ctr file you@host.com:~/file
++
++NONE CIPHER:
++To use the NONE option you must have the NoneEnabled switch set on the server and
++you *must* have *both* NoneEnabled and NoneSwitch set to yes on the client. The NONE
++feature works with ALL ssh subsystems (as far as we can tell) *AS LONG AS* a tty is not
++spawned. If a user uses the -T switch to prevent a tty being created the NONE cipher will
++be disabled.
++
++The performance increase will only be as good as the network and TCP stack tuning
++on the receiver side of the connection allows. As a rule of thumb a user will need
++at least 10Mb/s connection with a 100ms RTT to see a doubling of performance. The
++HPN-SSH home page describes this in greater detail.
++
++http://www.psc.edu/networking/projects/hpn-ssh
++
++BUFFER SIZES:
++
++If HPN is disabled the receive buffer size will be set to the
++OpenSSH default of 64K.
++
++If an HPN system connects to a nonHPN system the receive buffer will
++be set to the HPNBufferSize value. The default is 2MB but user adjustable.
++
++If an HPN to HPN connection is established a number of different things might
++happen based on the user options and conditions.
++
++Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
++HPN Buffer Size = up to 64MB
++This is the default state. The HPN buffer size will grow to a maximum of 64MB
++as the TCP receive buffer grows. The maximum HPN Buffer size of 64MB is
++geared towards 10GigE transcontinental connections.
++
++Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
++HPN Buffer Size = TCP receive buffer value.
++Users on non-autotuning systesm should disable TCPRcvBufPoll in the
++ssh_cofig and sshd_config
++
++Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
++HPN Buffer Size = minmum of TCP receive buffer and HPNBufferSize.
++This would be the system defined TCP receive buffer (RWIN).
++
++Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf SET
++HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
++Generally there is no need to set both.
++
++Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
++HPN Buffer Size = grows to HPNBufferSize
++The buffer will grow up to the maximum size specified here.
++
++Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf SET
++HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
++Generally there is no need to set both of these, especially on autotuning
++systems. However, if the users wishes to override the autotuning this would be
++one way to do it.
++
++Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf SET
++HPN Buffer Size = TCPRcvBuf.
++This will override autotuning and set the TCP recieve buffer to the user defined
++value.
++
++
++HPN Specific Configuration options
++
++TcpRcvBuf=[int]KB client
++ set the TCP socket receive buffer to n Kilobytes. It can be set up to the
++maximum socket size allowed by the system. This is useful in situations where
++the tcp receive window is set low but the maximum buffer size is set
++higher (as is typical). This works on a per TCP connection basis. You can also
++use this to artifically limit the transfer rate of the connection. In these
++cases the throughput will be no more than n/RTT. The minimum buffer size is 1KB.
++Default is the current system wide tcp receive buffer size.
++
++TcpRcvBufPoll=[yes/no] client/server
++ enable of disable the polling of the tcp receive buffer through the life
++of the connection. You would want to make sure that this option is enabled
++for systems making use of autotuning kernels (linux 2.4.24+, 2.6, MS Vista)
++default is yes.
++
++NoneEnabled=[yes/no] client/server
++ enable or disable the use of the None cipher. Care must always be used
++when enabling this as it will allow users to send data in the clear. However,
++it is important to note that authentication information remains encrypted
++even if this option is enabled. Set to no by default.
++
++NoneSwitch=[yes/no] client
++ Switch the encryption cipher being used to the None cipher after
++authentication takes place. NoneEnabled must be enabled on both the client
++and server side of the connection. When the connection switches to the NONE
++cipher a warning is sent to STDERR. The connection attempt will fail with an
++error if a client requests a NoneSwitch from the server that does not explicitly
++have NoneEnabled set to yes. Note: The NONE cipher cannot be used in
++interactive (shell) sessions and it will fail silently. Set to no by default.
++
++HPNDisabled=[yes/no] client/server
++ In some situations, such as transfers on a local area network, the impact
++of the HPN code produces a net decrease in performance. In these cases it is
++helpful to disable the HPN functionality. By default HPNDisabled is set to no.
++
++HPNBufferSize=[int]KB client/server
++ This is the default buffer size the HPN functionality uses when interacting
++with nonHPN SSH installations. Conceptually this is similar to the TcpRcvBuf
++option as applied to the internal SSH flow control. This value can range from
++1KB to 64MB (1-65536). Use of oversized or undersized buffers can cause performance
++problems depending on the length of the network path. The default size of this buffer
++is 2MB.
++
++
++Credits: This patch was conceived, designed, and led by Chris Rapier (rapier@psc.edu)
++ The majority of the actual coding for versions up to HPN12v1 was performed
++ by Michael Stevens (mstevens@andrew.cmu.edu). The MT-AES-CTR cipher was
++ implemented by Ben Bennet (ben@psc.edu) and improved by Mike Tasota
++ (tasota@gmail.com) an NSF REU grant recipient for 2013.
++ This work was financed, in part, by Cisco System, Inc., the National
++ Library of Medicine, and the National Science Foundation.
+--- a/channels.c        2015-10-24 04:53:18.000000000 +0200
++++ b/channels.c        2015-10-24 05:07:01.000000000 +0200
+@@ -186,6 +186,12 @@ static void port_open_helper(Channel *c,
+ static int connect_next(struct channel_connect *);
+ static void channel_connect_ctx_free(struct channel_connect *);
+
++
++#ifdef HPN_ENABLED
++static int hpn_disabled = 0;
++static int hpn_buffer_size = 2 * 1024 * 1024;
++#endif
++
+ /* -- channel core */
+
+ Channel *
+@@ -336,6 +342,9 @@ channel_new(char *ctype, int type, int r
+         c->local_window_max = window;
+         c->local_consumed = 0;
+         c->local_maxpacket = maxpack;
++#ifdef HPN_ENABLED
++        c->dynamic_window = 0;
++#endif
+         c->remote_id = -1;
+         c->remote_name = xstrdup(remote_name);
+         c->remote_window = 0;
+@@ -840,11 +849,41 @@ channel_pre_open_13(Channel *c, fd_set *
+                 FD_SET(c->sock, writeset);
+ }
+
++#ifdef HPN_ENABLED
++static u_int
++channel_tcpwinsz(void)
++{
++        u_int32_t tcpwinsz = 0;
++        socklen_t optsz = sizeof(tcpwinsz);
++        int ret = -1;
++
++        /* if we aren't on a socket return 128KB */
++        if (!packet_connection_is_on_socket())
++                return (128*1024);
++        ret = getsockopt(packet_get_connection_in(),
++         SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
++        /* return no more than SSHBUF_SIZE_MAX */
++        if (ret == 0 && tcpwinsz > SSHBUF_SIZE_MAX)
++                tcpwinsz = SSHBUF_SIZE_MAX;
++        debug2("tcpwinsz: %d for connection: %d", tcpwinsz,
++         packet_get_connection_in());
++        return (tcpwinsz);
++}
++#endif
++
+ static void
+ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
+ {
+         u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
+
++#ifdef HPN_ENABLED
++        /* check buffer limits */
++        if (!c->tcpwinsz || c->dynamic_window > 0)
++                c->tcpwinsz = channel_tcpwinsz();
++
++        limit = MIN(limit, 2 * c->tcpwinsz);
++#endif
++
+         if (c->istate == CHAN_INPUT_OPEN &&
+          limit > 0 &&
+          buffer_len(&c->input) < limit &&
+@@ -1862,6 +1901,20 @@ channel_check_window(Channel *c)
+          c->local_maxpacket*3) ||
+          c->local_window < c->local_window_max/2) &&
+          c->local_consumed > 0) {
++#ifdef HPN_ENABLED
++                /* adjust max window size if we are in a dynamic environment */
++                if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) {
++                        u_int addition = 0;
++
++                        /*
++                         * grow the window somewhat aggressively to maintain
++                         * pressure
++                         */
++                        addition = 1.5*(c->tcpwinsz - c->local_window_max);
++                        c->local_window_max += addition;
++                        c->local_consumed += addition;
++                }
++#endif
+                 packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
+                 packet_put_int(c->remote_id);
+                 packet_put_int(c->local_consumed);
+@@ -2813,6 +2866,17 @@ channel_fwd_bind_addr(const char *listen
+         return addr;
+ }
+
++#ifdef HPN_ENABLED
++void
++channel_set_hpn(int external_hpn_disabled, int external_hpn_buffer_size)
++{
++        hpn_disabled = external_hpn_disabled;
++        hpn_buffer_size = external_hpn_buffer_size;
++        debug("HPN Disabled: %d, HPN Buffer Size: %d", hpn_disabled,
++         hpn_buffer_size);
++}
++#endif
++
+ static int
+ channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd,
+ int *allocated_listen_port, struct ForwardOptions *fwd_opts)
+@@ -2941,6 +3005,17 @@ channel_setup_fwd_listener_tcpip(int typ
+                 }
+
+                 /* Allocate a channel number for the socket. */
++#ifdef HPN_ENABLED
++                /*
++                 * explicitly test for hpn disabled option. if true use smaller
++                 * window size.
++                 */
++                if (!hpn_disabled)
++                        c = channel_new("port listener", type, sock, sock, -1,
++                         hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
++                         0, "port listener", 1);
++                else
++#endif
+                 c = channel_new("port listener", type, sock, sock, -1,
+                  CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
+                  0, "port listener", 1);
+@@ -3975,6 +4050,14 @@ x11_create_display_inet(int x11_display_
+         *chanids = xcalloc(num_socks + 1, sizeof(**chanids));
+         for (n = 0; n < num_socks; n++) {
+                 sock = socks[n];
++#ifdef HPN_ENABLED
++                if (!hpn_disabled)
++                        nc = channel_new("x11 listener",
++                         SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
++                         hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
++                         0, "X11 inet listener", 1);
++                else
++#endif
+                 nc = channel_new("x11 listener",
+                  SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
+                  CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
+--- a/channels.h        2015-10-24 04:53:18.000000000 +0200
++++ b/channels.h        2015-10-24 05:07:01.000000000 +0200
+@@ -136,6 +136,10 @@ struct Channel {
+         u_int        local_maxpacket;
+         int extended_usage;
+         int        single_connection;
++#ifdef HPN_ENABLED
++        int        dynamic_window;
++        u_int        tcpwinsz;
++#endif
+
+         char *ctype;                /* type */
+
+@@ -312,4 +316,9 @@ void         chan_rcvd_ieof(Channel *);
+ void         chan_write_failed(Channel *);
+ void         chan_obuf_empty(Channel *);
+
++#ifdef HPN_ENABLED
++/* hpn handler */
++void channel_set_hpn(int, int);
++#endif
++
+ #endif
+--- a/cipher.c        2015-10-24 04:53:18.000000000 +0200
++++ b/cipher.c        2015-10-24 05:07:01.000000000 +0200
+@@ -244,7 +244,13 @@ ciphers_valid(const char *names)
+         for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
+          (p = strsep(&cp, CIPHER_SEP))) {
+                 c = cipher_by_name(p);
+-                if (c == NULL || c->number != SSH_CIPHER_SSH2) {
++                if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
++#ifdef NONE_CIPHER_ENABLED
++                                 c->number != SSH_CIPHER_NONE
++#else
++                                 1
++#endif
++                                 )) {
+                         free(cipher_list);
+                         return 0;
+                 }
+@@ -545,6 +551,9 @@ cipher_get_keyiv(struct sshcipher_ctx *c
+
+         switch (c->number) {
+ #ifdef WITH_OPENSSL
++#ifdef NONE_CIPHER_ENABLED
++        case SSH_CIPHER_NONE:
++#endif
+         case SSH_CIPHER_SSH2:
+         case SSH_CIPHER_DES:
+         case SSH_CIPHER_BLOWFISH:
+@@ -593,6 +602,9 @@ cipher_set_keyiv(struct sshcipher_ctx *c
+
+         switch (c->number) {
+ #ifdef WITH_OPENSSL
++#ifdef NONE_CIPHER_ENABLED
++        case SSH_CIPHER_NONE:
++#endif
+         case SSH_CIPHER_SSH2:
+         case SSH_CIPHER_DES:
+         case SSH_CIPHER_BLOWFISH:
+--- a/clientloop.c        2015-10-24 04:53:18.000000000 +0200
++++ b/clientloop.c        2015-10-24 05:07:01.000000000 +0200
+@@ -1957,6 +1957,15 @@ client_request_x11(const char *request_t
+         sock = x11_connect_display();
+         if (sock < 0)
+                 return NULL;
++#ifdef HPN_ENABLED
++        /* again is this really necessary for X11? */
++        if (!options.hpn_disabled)
++                c = channel_new("x11",
++                 SSH_CHANNEL_X11_OPEN, sock, sock, -1,
++                 options.hpn_buffer_size,
++                 CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
++        else
++#endif
+         c = channel_new("x11",
+          SSH_CHANNEL_X11_OPEN, sock, sock, -1,
+          CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
+@@ -1982,6 +1991,14 @@ client_request_agent(const char *request
+                          __func__, ssh_err(r));
+                 return NULL;
+         }
++#ifdef HPN_ENABLED
++        if (!options.hpn_disabled)
++                c = channel_new("authentication agent connection",
++                 SSH_CHANNEL_OPEN, sock, sock, -1,
++                 options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0,
++                 "authentication agent connection", 1);
++        else
++#endif
+         c = channel_new("authentication agent connection",
+          SSH_CHANNEL_OPEN, sock, sock, -1,
+          CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
+@@ -2012,6 +2029,12 @@ client_request_tun_fwd(int tun_mode, int
+                 return -1;
+         }
+
++#ifdef HPN_ENABLED
++        if (!options.hpn_disabled)
++                c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
++                 options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
++        else
++#endif
+         c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+          CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
+         c->datagram = 1;
+--- a/compat.c        2015-10-24 04:53:18.000000000 +0200
++++ b/compat.c        2015-10-24 05:07:02.000000000 +0200
+@@ -210,6 +210,14 @@ compat_datafellows(const char *version)
+                         debug("match: %s pat %s compat 0x%08x",
+                          version, check[i].pat, check[i].bugs);
+                         datafellows = check[i].bugs;        /* XXX for now */
++#ifdef HPN_ENABLED
++                        /* Check to see if the remote side is OpenSSH and not HPN */
++                        if (strstr(version,"OpenSSH") != NULL &&
++                         strstr(version,"hpn") == NULL) {
++                                datafellows |= SSH_BUG_LARGEWINDOW;
++                                debug("Remote is NON-HPN aware");
++                        }
++#endif
+                         return check[i].bugs;
+                 }
+         }
+--- a/compat.h        2015-10-24 04:53:18.000000000 +0200
++++ b/compat.h        2015-10-24 06:01:31.000000000 +0200
+@@ -62,6 +62,9 @@
+ #define SSH_BUG_CURVE25519PAD        0x10000000
+ #define SSH_BUG_HOSTKEYS        0x20000000
+ #define SSH_BUG_DHGEX_LARGE        0x40000000
++#ifdef HPN_ENABLED
++#define SSH_BUG_LARGEWINDOW 0x80000000
++#endif
+
+ void enable_compat13(void);
+ void enable_compat20(void);
+--- a/configure.ac        2015-10-24 04:53:18.000000000 +0200
++++ b/configure.ac        2015-10-24 05:07:02.000000000 +0200
+@@ -4271,6 +4271,25 @@ AC_ARG_WITH([maildir],
+ ]
+ ) # maildir
+
++#check whether user wants HPN support
++HPN_MSG="no"
++AC_ARG_WITH(hpn,
++        [ --with-hpn Enable HPN support],
++        [ if test "x$withval" != "xno" ; then
++                AC_DEFINE(HPN_ENABLED,1,[Define if you want HPN support.])
++                HPN_MSG="yes"
++        fi ]
++)
++#check whether user wants NONECIPHER support
++NONECIPHER_MSG="no"
++AC_ARG_WITH(nonecipher,
++        [ --with-nonecipher Enable NONECIPHER support],
++        [ if test "x$withval" != "xno" ; then
++                AC_DEFINE(NONE_CIPHER_ENABLED,1,[Define if you want NONECIPHER support.])
++                NONECIPHER_MSG="yes"
++        fi ]
++)
++
+ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
+         AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
+         disable_ptmx_check=yes
+@@ -4938,6 +4957,8 @@ echo " Translate v4 in v6 hack
+ echo " BSD Auth support: $BSD_AUTH_MSG"
+ echo " Random number source: $RAND_MSG"
+ echo " Privsep sandbox style: $SANDBOX_STYLE"
++echo " HPN support: $HPN_MSG"
++echo " NONECIPHER support: $NONECIPHER_MSG"
+
+ echo ""
+
+--- a/kex.c        2015-10-24 04:53:18.000000000 +0200
++++ b/kex.c        2015-10-24 05:19:11.000000000 +0200
+@@ -652,6 +652,13 @@ kex_choose_conf(struct ssh *ssh)
+         int nenc, nmac, ncomp;
+         u_int mode, ctos, need, dh_need, authlen;
+         int r, first_kex_follows;
++#ifdef NONE_CIPHER_ENABLED
++        /* XXX: Could this move into the lower block? */
++        int auth_flag;
++
++        auth_flag = ssh_packet_authentication_state(ssh);
++        debug ("AUTH STATE IS %d", auth_flag);
++#endif
+
+         if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0 ||
+          (r = kex_buf2prop(kex->peer, &first_kex_follows, &peer)) != 0)
+@@ -709,6 +716,17 @@ kex_choose_conf(struct ssh *ssh)
+                         peer[ncomp] = NULL;
+                         goto out;
+                 }
++#ifdef NONE_CIPHER_ENABLED
++                debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
++                if (strcmp(newkeys->enc.name, "none") == 0) {
++                        debug("Requesting NONE. Authflag is %d", auth_flag);
++                        if (auth_flag == 1) {
++                                debug("None requested post authentication.");
++                        } else {
++                                fatal("Pre-authentication none cipher requests are not allowed.");
++                        }
++                }
++#endif
+                 debug("kex: %s %s %s %s",
+                  ctos ? "client->server" : "server->client",
+                  newkeys->enc.name,
+--- a/myproposal.h        2015-10-24 04:53:18.000000000 +0200
++++ b/myproposal.h        2015-10-24 05:07:02.000000000 +0200
+@@ -169,6 +169,10 @@
+ #define        KEX_DEFAULT_COMP        "none,zlib@openssh.com,zlib"
+ #define        KEX_DEFAULT_LANG        ""
+
++#ifdef NONE_CIPHER_ENABLED
++#define KEX_ENCRYPT_INCLUDE_NONE KEX_SERVER_ENCRYPT ",none"
++#endif
++
+ #define KEX_CLIENT \
+         KEX_CLIENT_KEX, \
+         KEX_DEFAULT_PK_ALG, \
+--- a/packet.c        2015-10-24 04:53:18.000000000 +0200
++++ b/packet.c        2015-10-24 05:07:02.000000000 +0200
+@@ -2228,6 +2228,24 @@ ssh_packet_send_ignore(struct ssh *ssh,
+         }
+ }
+
++#ifdef NONE_CIPHER_ENABLED
++/* this supports the forced rekeying required for the NONE cipher */
++int rekey_requested = 0;
++void
++packet_request_rekeying(void)
++{
++        rekey_requested = 1;
++}
++
++int
++ssh_packet_authentication_state(struct ssh *ssh)
++{
++        struct session_state *state = ssh->state;
++
++        return(state->after_authentication);
++}
++#endif
++
+ #define MAX_PACKETS        (1U<<31)
+ int
+ ssh_packet_need_rekeying(struct ssh *ssh)
+@@ -2236,6 +2254,12 @@ ssh_packet_need_rekeying(struct ssh *ssh
+
+         if (ssh->compat & SSH_BUG_NOREKEY)
+                 return 0;
++#ifdef NONE_CIPHER_ENABLED
++ if (rekey_requested == 1) {
++ rekey_requested = 0;
++ return 1;
++ }
++#endif
+         return
+          (state->p_send.packets > MAX_PACKETS) ||
+          (state->p_read.packets > MAX_PACKETS) ||
+--- a/packet.h        2015-10-24 04:53:18.000000000 +0200
++++ b/packet.h        2015-10-24 05:07:02.000000000 +0200
+@@ -188,6 +188,11 @@ int        sshpkt_get_bignum2(struct ssh *ssh,
+ int        sshpkt_get_end(struct ssh *ssh);
+ const u_char        *sshpkt_ptr(struct ssh *, size_t *lenp);
+
++#ifdef NONE_CIPHER_ENABLED
++void packet_request_rekeying(void);
++int ssh_packet_authentication_state(struct ssh *ssh);
++#endif
++
+ /* OLD API */
+ extern struct ssh *active_state;
+ #include "opacket.h"
+--- a/readconf.c        2015-10-24 04:53:18.000000000 +0200
++++ b/readconf.c        2015-10-24 06:10:34.000000000 +0200
+@@ -153,6 +153,12 @@ typedef enum {
+         oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
+         oVisualHostKey, oUseRoaming,
+         oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
++#ifdef HPN_ENABLED
++        oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
++#endif
++#ifdef NONE_CIPHER_ENABLED
++        oNoneSwitch, oNoneEnabled,
++#endif
+         oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
+         oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
+         oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
+@@ -277,6 +283,16 @@ static struct {
+         { "updatehostkeys", oUpdateHostkeys },
+         { "hostbasedkeytypes", oHostbasedKeyTypes },
+         { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
++#ifdef NONE_CIPHER_ENABLED
++        { "noneenabled", oNoneEnabled },
++        { "noneswitch", oNoneSwitch },
++#endif
++#ifdef HPN_ENABLED
++        { "tcprcvbufpoll", oTcpRcvBufPoll },
++        { "tcprcvbuf", oTcpRcvBuf },
++        { "hpndisabled", oHPNDisabled },
++        { "hpnbuffersize", oHPNBufferSize },
++#endif
+         { "ignoreunknown", oIgnoreUnknown },
+
+         { NULL, oBadOption }
+@@ -906,6 +922,44 @@ parse_time:
+                 intptr = &options->check_host_ip;
+                 goto parse_flag;
+
++#ifdef HPN_ENABLED
++        case oHPNDisabled:
++                intptr = &options->hpn_disabled;
++                goto parse_flag;
++
++        case oHPNBufferSize:
++                intptr = &options->hpn_buffer_size;
++                goto parse_int;
++
++        case oTcpRcvBufPoll:
++                intptr = &options->tcp_rcv_buf_poll;
++                goto parse_flag;
++
++        case oTcpRcvBuf:
++                intptr = &options->tcp_rcv_buf;
++                goto parse_int;
++#endif
++
++#ifdef NONE_CIPHER_ENABLED
++ case oNoneEnabled:
++ intptr = &options->none_enabled;
++ goto parse_flag;
++
++ /* we check to see if the command comes from the */
++ /* command line or not. If it does then enable it */
++ /* otherwise fail. NONE should never be a default configuration */
++ case oNoneSwitch:
++ if(strcmp(filename,"command-line") == 0) {
++ intptr = &options->none_switch;
++ goto parse_flag;
++ } else {
++ error("NoneSwitch is found in %.200s.\nYou may only use this configuration option from the command line", filename);
++ error("Continuing...");
++ debug("NoneSwitch directive found in %.200s.", filename);
++ return 0;
++ }
++#endif
++
+         case oVerifyHostKeyDNS:
+                 intptr = &options->verify_host_key_dns;
+                 multistate_ptr = multistate_yesnoask;
+@@ -1665,6 +1719,16 @@ initialize_options(Options * options)
+         options->ip_qos_interactive = -1;
+         options->ip_qos_bulk = -1;
+         options->request_tty = -1;
++#ifdef NONE_CIPHER_ENABLED
++        options->none_switch = -1;
++        options->none_enabled = -1;
++#endif
++#ifdef HPN_ENABLED
++        options->hpn_disabled = -1;
++        options->hpn_buffer_size = -1;
++        options->tcp_rcv_buf_poll = -1;
++        options->tcp_rcv_buf = -1;
++#endif
+         options->proxy_use_fdpass = -1;
+         options->ignored_unknown = NULL;
+         options->num_canonical_domains = 0;
+@@ -1817,6 +1881,35 @@ fill_default_options(Options * options)
+                 options->server_alive_interval = 0;
+         if (options->server_alive_count_max == -1)
+                 options->server_alive_count_max = 3;
++#ifdef NONE_CIPHER_ENABLED
++        if (options->none_switch == -1)
++                options->none_switch = 0;
++        if (options->none_enabled == -1)
++                options->none_enabled = 0;
++#endif
++#ifdef HPN_ENABLED
++        if (options->hpn_disabled == -1)
++                options->hpn_disabled = 0;
++        if (options->hpn_buffer_size > -1) {
++                /* if a user tries to set the size to 0 set it to 1KB */
++                if (options->hpn_buffer_size == 0)
++                        options->hpn_buffer_size = 1;
++                /* limit the buffer to 64MB */
++                if (options->hpn_buffer_size > 64*1024) {
++                        options->hpn_buffer_size = 64*1024*1024;
++                        debug("User requested buffer larger than 64MB. Request"
++                         " reverted to 64MB");
++                } else
++                        options->hpn_buffer_size *= 1024;
++                debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
++        }
++        if (options->tcp_rcv_buf == 0)
++                options->tcp_rcv_buf = 1;
++        if (options->tcp_rcv_buf > -1)
++                options->tcp_rcv_buf *=1024;
++        if (options->tcp_rcv_buf_poll == -1)
++                options->tcp_rcv_buf_poll = 1;
++#endif
+         if (options->control_master == -1)
+                 options->control_master = 0;
+         if (options->control_persist == -1) {
+--- a/readconf.h        2015-10-24 04:53:18.000000000 +0200
++++ b/readconf.h        2015-10-24 06:17:07.000000000 +0200
+@@ -105,6 +105,16 @@ typedef struct {
+         int        clear_forwardings;
+
+         int        enable_ssh_keysign;
++#ifdef NONE_CIPHER_ENABLED
++        int none_switch; /* Use none cipher */
++        int none_enabled; /* Allow none to be used */
++#endif
++#ifdef HPN_ENABLED
++        int tcp_rcv_buf; /* user switch to set tcp recv buffer */
++        int tcp_rcv_buf_poll; /* Option to poll recv buf every window transfer */
++        int hpn_disabled; /* Switch to disable HPN buffer management */
++        int hpn_buffer_size; /* User definable size for HPN buffer window */
++#endif
+         int64_t rekey_limit;
+         int        rekey_interval;
+         int        no_host_authentication_for_localhost;
+--- a/scp.c        2015-10-24 04:53:18.000000000 +0200
++++ b/scp.c        2015-10-24 05:07:02.000000000 +0200
+@@ -750,7 +750,7 @@ source(int argc, char **argv)
+         off_t i, statbytes;
+         size_t amt, nr;
+         int fd = -1, haderr, indx;
+-        char *last, *name, buf[2048], encname[PATH_MAX];
++        char *last, *name, buf[16384], encname[PATH_MAX];
+         int len;
+
+         for (indx = 0; indx < argc; ++indx) {
+@@ -919,7 +919,7 @@ sink(int argc, char **argv)
+         off_t size, statbytes;
+         unsigned long long ull;
+         int setimes, targisdir, wrerrno = 0;
+-        char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
++        char ch, *cp, *np, *targ, *why, *vect[1], buf[16384];
+         struct timeval tv[2];
+
+ #define        atime        tv[0]
+--- a/servconf.c        2015-10-24 04:53:18.000000000 +0200
++++ b/servconf.c        2015-10-24 06:21:38.000000000 +0200
+@@ -165,6 +165,14 @@ initialize_server_options(ServerOptions
+         options->authorized_principals_file = NULL;
+         options->authorized_principals_command = NULL;
+         options->authorized_principals_command_user = NULL;
++#ifdef NONE_CIPHER_ENABLED
++        options->none_enabled = -1;
++#endif
++#ifdef HPN_ENABLED
++        options->tcp_rcv_buf_poll = -1;
++        options->hpn_disabled = -1;
++        options->hpn_buffer_size = -1;
++#endif
+         options->ip_qos_interactive = -1;
+         options->ip_qos_bulk = -1;
+         options->version_addendum = NULL;
+@@ -329,6 +337,57 @@ fill_default_server_options(ServerOption
+         }
+         if (options->permit_tun == -1)
+                 options->permit_tun = SSH_TUNMODE_NO;
++#ifdef NONE_CIPHER_ENABLED
++        if (options->none_enabled == -1)
++                options->none_enabled = 0;
++#endif
++#ifdef HPN_ENABLED
++        if (options->hpn_disabled == -1)
++                options->hpn_disabled = 0;
++
++        if (options->hpn_buffer_size == -1) {
++                /*
++                 * option not explicitly set. Now we have to figure out
++                 * what value to use.
++                 */
++                if (options->hpn_disabled == 1) {
++                        options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
++                } else {
++                        int sock, socksize;
++                        socklen_t socksizelen = sizeof(socksize);
++
++                        /*
++                         * get the current RCV size and set it to that
++                         * create a socket but don't connect it
++                         * we use that the get the rcv socket size
++                         */
++                        sock = socket(AF_INET, SOCK_STREAM, 0);
++                        getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
++                         &socksize, &socksizelen);
++                        close(sock);
++                        options->hpn_buffer_size = socksize;
++                        debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
++                }
++        } else {
++                /*
++                 * we have to do this incase the user sets both values in a
++                 * contradictory manner. hpn_disabled overrrides
++                 * hpn_buffer_size
++                 */
++                if (options->hpn_disabled <= 0) {
++                        if (options->hpn_buffer_size == 0)
++                                options->hpn_buffer_size = 1;
++                        /* limit the maximum buffer to 64MB */
++                        if (options->hpn_buffer_size > 64*1024) {
++                                options->hpn_buffer_size = 64*1024*1024;
++                        } else {
++                                options->hpn_buffer_size *= 1024;
++                        }
++                } else
++                        options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
++        }
++#endif
++
+         if (options->ip_qos_interactive == -1)
+                 options->ip_qos_interactive = IPTOS_LOWDELAY;
+         if (options->ip_qos_bulk == -1)
+@@ -418,6 +477,12 @@ typedef enum {
+         sHostCertificate,
+         sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+         sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
++#ifdef NONE_CIPHER_ENABLED
++        sNoneEnabled,
++#endif
++#ifdef HPN_ENABLED
++        sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
++#endif
+         sKexAlgorithms, sIPQoS, sVersionAddendum,
+         sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
+         sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
+@@ -549,6 +614,14 @@ static struct {
+         { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
+         { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
+         { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
++#ifdef NONE_CIPHER_ENABLED
++        { "noneenabled", sNoneEnabled, SSHCFG_ALL },
++#endif
++#ifdef HPN_ENABLED
++        { "hpndisabled", sHPNDisabled, SSHCFG_ALL },
++        { "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
++        { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
++#endif
+         { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
+         { "ipqos", sIPQoS, SSHCFG_ALL },
+         { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
+@@ -1169,6 +1242,25 @@ process_server_config_line(ServerOptions
+                 intptr = &options->ignore_user_known_hosts;
+                 goto parse_flag;
+
++#ifdef NONE_CIPHER_ENABLED
++        case sNoneEnabled:
++                intptr = &options->none_enabled;
++                goto parse_flag;
++#endif
++#ifdef HPN_ENABLED
++        case sTcpRcvBufPoll:
++                intptr = &options->tcp_rcv_buf_poll;
++                goto parse_flag;
++
++        case sHPNDisabled:
++                intptr = &options->hpn_disabled;
++                goto parse_flag;
++
++        case sHPNBufferSize:
++                intptr = &options->hpn_buffer_size;
++                goto parse_int;
++#endif
++
+         case sRhostsRSAAuthentication:
+                 intptr = &options->rhosts_rsa_authentication;
+                 goto parse_flag;
+--- a/servconf.h        2015-10-24 04:53:18.000000000 +0200
++++ b/servconf.h        2015-10-24 07:22:48.000000000 +0200
+@@ -173,6 +173,15 @@ typedef struct {
+
+         int        use_pam;                /* Enable auth via PAM */
+
++#ifdef NONE_CIPHER_ENABLED
++        int        none_enabled;                /* enable NONE cipher switch */
++#endif
++#ifdef HPN_ENABLED
++        int tcp_rcv_buf_poll; /* poll tcp rcv window in autotuning kernels*/
++        int        hpn_disabled;                /* disable hpn functionality. false by default */
++        int        hpn_buffer_size;        /* set the hpn buffer size - default 3MB */
++#endif
++
+         int        permit_tun;
+
+         int        num_permitted_opens;
+--- a/serverloop.c        2015-10-24 04:53:18.000000000 +0200
++++ b/serverloop.c        2015-10-24 05:07:02.000000000 +0200
+@@ -1051,6 +1051,12 @@ server_request_tun(void)
+         sock = tun_open(tun, mode);
+         if (sock < 0)
+                 goto done;
++#ifdef HPN_ENABLED
++        if (!options.hpn_disabled)
++                c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
++                 options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
++        else
++#endif
+         c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
+          CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
+         c->datagram = 1;
+@@ -1088,6 +1094,10 @@ server_request_session(void)
+         c = channel_new("session", SSH_CHANNEL_LARVAL,
+          -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
+          0, "server-session", 1);
++#ifdef HPN_ENABLED
++        if (options.tcp_rcv_buf_poll && !options.hpn_disabled)
++                c->dynamic_window = 1;
++#endif
+         if (session_open(the_authctxt, c->self) != 1) {
+                 debug("session open failed, free channel %d", c->self);
+                 channel_free(c);
+--- a/session.c        2015-10-24 04:53:18.000000000 +0200
++++ b/session.c        2015-10-24 05:07:02.000000000 +0200
+@@ -2329,6 +2329,14 @@ session_set_fds(Session *s, int fdin, in
+          */
+         if (s->chanid == -1)
+                 fatal("no channel for session %d", s->self);
++#ifdef HPN_ENABLED
++        if (!options.hpn_disabled)
++                channel_set_fds(s->chanid,
++                 fdout, fdin, fderr,
++                 ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
++                 1, is_tty, options.hpn_buffer_size);
++        else
++#endif
+         channel_set_fds(s->chanid,
+          fdout, fdin, fderr,
+          ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
+--- a/sftp.1        2015-10-24 04:53:18.000000000 +0200
++++ b/sftp.1        2015-10-24 05:07:02.000000000 +0200
+@@ -263,7 +263,8 @@ diagnostic messages from
+ Specify how many requests may be outstanding at any one time.
+ Increasing this may slightly improve file transfer speed
+ but will increase memory usage.
+-The default is 64 outstanding requests.
++The default is 256 outstanding requests providing for 8MB
++of outstanding data with a 32KB buffer.
+ .It Fl r
+ Recursively copy entire directories when uploading and downloading.
+ Note that
+--- a/sftp.c        2015-10-24 04:53:18.000000000 +0200
++++ b/sftp.c        2015-10-24 05:07:02.000000000 +0200
+@@ -71,7 +71,11 @@ typedef void EditLine;
+ #include "sftp-client.h"
+
+ #define DEFAULT_COPY_BUFLEN        32768        /* Size of buffer for up/download */
++#ifdef HPN_ENABLED
++#define DEFAULT_NUM_REQUESTS        256        /* # concurrent outstanding requests */
++#else
+ #define DEFAULT_NUM_REQUESTS        64        /* # concurrent outstanding requests */
++#endif
+
+ /* File to read commands from */
+ FILE* infile;
+--- a/ssh.c        2015-10-24 04:53:18.000000000 +0200
++++ b/ssh.c        2015-10-24 05:07:02.000000000 +0200
+@@ -884,6 +884,14 @@ main(int ac, char **av)
+                         break;
+                 case 'T':
+                         options.request_tty = REQUEST_TTY_NO;
++#ifdef NONE_CIPHER_ENABLED
++                        /*
++                         * ensure that the user doesn't try to backdoor a
++                         * null cipher switch on an interactive session
++                         * so explicitly disable it no matter what.
++                         */
++                        options.none_switch = 0;
++#endif
+                         break;
+                 case 'o':
+                         line = xstrdup(optarg);
+@@ -1834,9 +1842,85 @@ ssh_session2_open(void)
+         if (!isatty(err))
+                 set_nonblock(err);
+
++#ifdef HPN_ENABLED
++        /*
++         * we need to check to see if what they want to do about buffer
++         * sizes here. In a hpn to nonhpn connection we want to limit
++         * the window size to something reasonable in case the far side
++         * has the large window bug. In hpn to hpn connection we want to
++         * use the max window size but allow the user to override it
++         * lastly if they disabled hpn then use the ssh std window size
++
++         * so why don't we just do a getsockopt() here and set the
++         * ssh window to that? In the case of a autotuning receive
++         * window the window would get stuck at the initial buffer
++         * size generally less than 96k. Therefore we need to set the
++         * maximum ssh window size to the maximum hpn buffer size
++         * unless the user has specifically set the tcprcvbufpoll
++         * to no. In which case we *can* just set the window to the
++         * minimum of the hpn buffer size and tcp receive buffer size
++         */
++
++        if (tty_flag)
++                options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
++        else
++                options.hpn_buffer_size = 2*1024*1024;
++
++        if (datafellows & SSH_BUG_LARGEWINDOW) {
++                debug("HPN to Non-HPN Connection");
++        } else {
++                int sock, socksize;
++                socklen_t socksizelen = sizeof(socksize);
++
++                if (options.tcp_rcv_buf_poll <= 0) {
++                        sock = socket(AF_INET, SOCK_STREAM, 0);
++                        getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
++                         &socksize, &socksizelen);
++                        close(sock);
++                        debug("socksize %d", socksize);
++                        options.hpn_buffer_size = socksize;
++                        debug ("HPNBufferSize set to TCP RWIN: %d",
++                         options.hpn_buffer_size);
++                } else {
++                        if (options.tcp_rcv_buf > 0) {
++                                /*
++                                 * create a socket but don't connect it.
++                                 * we use that the get the rcv socket size
++                                 */
++                                sock = socket(AF_INET, SOCK_STREAM, 0);
++                                /*
++                                 * if they are using the tcp_rcv_buf option
++                                 * attempt to set the buffer size to that
++                                 */
++                                if (options.tcp_rcv_buf)
++                                        setsockopt(sock, SOL_SOCKET, SO_RCVBUF,
++                                         (void *)&options.tcp_rcv_buf,
++                                         sizeof(options.tcp_rcv_buf));
++                                getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
++                                 &socksize, &socksizelen);
++                                close(sock);
++                                debug("socksize %d", socksize);
++                                options.hpn_buffer_size = socksize;
++                                debug ("HPNBufferSize set to user TCPRcvBuf: "
++                                 "%d", options.hpn_buffer_size);
++                        }
++                }
++        }
++
++        debug("Final hpn_buffer_size = %d", options.hpn_buffer_size);
++
++        window = options.hpn_buffer_size;
++
++        channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
++#else
+         window = CHAN_SES_WINDOW_DEFAULT;
++#endif
++
+         packetmax = CHAN_SES_PACKET_DEFAULT;
+         if (tty_flag) {
++#ifdef HPN_ENABLED
++                window = CHAN_SES_WINDOW_DEFAULT;
++#endif
+                 window >>= 1;
+                 packetmax >>= 1;
+         }
+@@ -1845,6 +1929,12 @@ ssh_session2_open(void)
+          window, packetmax, CHAN_EXTENDED_WRITE,
+          "client-session", /*nonblock*/0);
+
++#ifdef HPN_ENABLED
++        if (options.tcp_rcv_buf_poll > 0 && !options.hpn_disabled) {
++                c->dynamic_window = 1;
++                debug ("Enabled Dynamic Window Scaling");
++        }
++#endif
+         debug3("ssh_session2_open: channel_new: %d", c->self);
+
+         channel_send_open(c->self);
+--- a/sshconnect.c        2015-10-24 04:53:18.000000000 +0200
++++ b/sshconnect.c        2015-10-24 05:07:02.000000000 +0200
+@@ -266,6 +266,31 @@ ssh_kill_proxy_command(void)
+                 kill(proxy_command_pid, SIGHUP);
+ }
+
++#ifdef HPN_ENABLED
++/*
++ * Set TCP receive buffer if requested.
++ * Note: tuning needs to happen after the socket is
++ * created but before the connection happens
++ * so winscale is negotiated properly -cjr
++ */
++static void
++ssh_set_socket_recvbuf(int sock)
++{
++        void *buf = (void *)&options.tcp_rcv_buf;
++        int sz = sizeof(options.tcp_rcv_buf);
++        int socksize;
++        socklen_t socksizelen = sizeof(socksize);
++
++        debug("setsockopt Attempting to set SO_RCVBUF to %d", options.tcp_rcv_buf);
++        if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, buf, sz) >= 0) {
++         getsockopt(sock, SOL_SOCKET, SO_RCVBUF, &socksize, &socksizelen);
++         debug("setsockopt SO_RCVBUF: %.100s %d", strerror(errno), socksize);
++        } else
++                error("Couldn't set socket receive buffer to %d: %.100s",
++                 options.tcp_rcv_buf, strerror(errno));
++}
++#endif
++
+ /*
+ * Creates a (possibly privileged) socket for use as the ssh connection.
+ */
+@@ -282,6 +307,11 @@ ssh_create_socket(int privileged, struct
+         }
+         fcntl(sock, F_SETFD, FD_CLOEXEC);
+
++#ifdef HPN_ENABLED
++        if (options.tcp_rcv_buf > 0)
++                ssh_set_socket_recvbuf(sock);
++#endif
++
+         /* Bind the socket to an alternative local IP address */
+         if (options.bind_address == NULL && !privileged)
+                 return sock;
+@@ -523,11 +553,23 @@ send_client_banner(int connection_out, i
+ {
+         /* Send our own protocol version identification. */
+         if (compat20) {
+-                xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
+-                 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
++                xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s\r\n",
++                 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
++#ifdef HPN_ENABLED
++                 options.hpn_disabled ? "" : SSH_HPN
++#else
++                 ""
++#endif
++                 );
+         } else {
+-                xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
+-                 PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
++                xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s\n",
++                 PROTOCOL_MAJOR_1, minor1, SSH_VERSION,
++#ifdef HPN_ENABLED
++                 options.hpn_disabled ? "" : SSH_HPN
++#else
++                 ""
++#endif
++                 );
+         }
+         if (roaming_atomicio(vwrite, connection_out, client_version_string,
+          strlen(client_version_string)) != strlen(client_version_string))
+--- a/sshconnect2.c        2015-10-24 04:53:18.000000000 +0200
++++ b/sshconnect2.c        2015-10-24 05:07:02.000000000 +0200
+@@ -80,6 +80,14 @@
+ extern char *client_version_string;
+ extern char *server_version_string;
+ extern Options options;
++#ifdef NONE_CIPHER_ENABLED
++struct kex *xxx_kex;
++
++/* tty_flag is set in ssh.c. use this in ssh_userauth2 */
++/* if it is set then prevent the switch to the null cipher */
++
++extern int tty_flag;
++#endif
+
+ /*
+ * SSH2 key exchange
+@@ -153,13 +161,16 @@ order_hostkeyalgs(char *host, struct soc
+         return ret;
+ }
+
++static char *myproposal[PROPOSAL_MAX];
++static const char *myproposal_default[PROPOSAL_MAX] = { KEX_CLIENT };
+ void
+ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
+ {
+-        char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
+         struct kex *kex;
+         int r;
+
++        memcpy(&myproposal, &myproposal_default, sizeof(myproposal));
++
+         xxx_host = host;
+         xxx_hostaddr = hostaddr;
+
+@@ -215,6 +226,10 @@ ssh_kex2(char *host, struct sockaddr *ho
+         kex->server_version_string=server_version_string;
+         kex->verify_host_key=&verify_host_key_callback;
+
++#ifdef NONE_CIPHER_ENABLED
++        xxx_kex = kex;
++#endif
++
+         dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
+
+         if (options.use_roaming && !kex->roaming) {
+@@ -416,6 +431,29 @@ ssh_userauth2(const char *local_user, co
+         pubkey_cleanup(&authctxt);
+         dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
+
++#ifdef NONE_CIPHER_ENABLED
++        /*
++         * if the user wants to use the none cipher do it
++         * post authentication and only if the right conditions are met
++         * both of the NONE commands must be true and there must be no
++         * tty allocated.
++         */
++        if ((options.none_switch == 1) && (options.none_enabled == 1)) {
++                if (!tty_flag) { /* no null on tty sessions */
++                        debug("Requesting none rekeying...");
++                        myproposal[PROPOSAL_ENC_ALGS_STOC] = "none";
++                        myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none";
++                        kex_prop2buf(xxx_kex->my, myproposal);
++                        packet_request_rekeying();
++                        fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n");
++                } else {
++                        /* requested NONE cipher when in a tty */
++                        debug("Cannot switch to NONE cipher with tty allocated");
++                        fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n");
++                }
++        }
++#endif
++
+         debug("Authentication succeeded (%s).", authctxt.method->name);
+ }
+
+--- a/sshd.c        2015-10-24 04:53:18.000000000 +0200
++++ b/sshd.c        2015-10-24 05:36:38.000000000 +0200
+@@ -431,8 +431,11 @@ sshd_exchange_identification(int sock_in
+                 minor = PROTOCOL_MINOR_1;
+         }
+
+-        xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
++        xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s",
+          major, minor, SSH_VERSION,
++#ifdef HPN_ENABLED
++         options.hpn_disabled ? "" : SSH_HPN,
++#endif
+          *options.version_addendum == '\0' ? "" : " ",
+          options.version_addendum, newline);
+
+@@ -1162,6 +1165,10 @@ server_listen(void)
+         int ret, listen_sock, on = 1;
+         struct addrinfo *ai;
+         char ntop[NI_MAXHOST], strport[NI_MAXSERV];
++#ifdef HPN_ENABLED
++        int socksize;
++        socklen_t socksizelen = sizeof(socksize);
++#endif
+
+         for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
+                 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+@@ -1202,6 +1209,13 @@ server_listen(void)
+
+                 debug("Bind to port %s on %s.", strport, ntop);
+
++#ifdef HPN_ENABLED
++                getsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF,
++                                 &socksize, &socksizelen);
++                debug("Server TCP RWIN socket size: %d", socksize);
++                debug("HPN Buffer Size: %d", options.hpn_buffer_size);
++#endif
++
+                 /* Bind the socket to the desired port. */
+                 if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+                         error("Bind to port %s on %s failed: %.200s.",
+@@ -2152,6 +2166,11 @@ main(int ac, char **av)
+          remote_ip, remote_port, laddr, get_local_port());
+         free(laddr);
+
++#ifdef HPN_ENABLED
++        /* set the HPN options for the child */
++        channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
++#endif
++
+         /*
+          * We don't want to listen forever unless the other side
+          * successfully authenticates itself. So we set up an alarm which is
+@@ -2555,6 +2574,14 @@ do_ssh2_kex(void)
+         myproposal[PROPOSAL_MAC_ALGS_CTOS] =
+          myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
+
++#ifdef NONE_CIPHER_ENABLED
++ if (options.none_enabled == 1) {
++ debug ("WARNING: None cipher enabled");
++ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
++ myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(KEX_ENCRYPT_INCLUDE_NONE);
++ }
++#endif
++
+         if (options.compression == COMP_NONE) {
+                 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
+                 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
+--- a/sshd_config        2015-10-24 04:53:18.000000000 +0200
++++ b/sshd_config        2015-10-24 07:19:47.000000000 +0200
+@@ -125,6 +125,20 @@ UsePrivilegeSeparation sandbox                # Defaul
+ # override default of no subsystems
+ Subsystem        sftp        /usr/libexec/sftp-server
+
++# the following are HPN related configuration options
++# tcp receive buffer polling. disable in non autotuning kernels
++#TcpRcvBufPoll yes
++
++# disable hpn performance boosts
++#HPNDisabled no
++
++# buffer size for hpn to non-hpn connections
++#HPNBufferSize 2048
++
++
++# allow the use of the none cipher
++#NoneEnabled no
++
+ # Example of overriding settings on a per-user basis
+ #Match User anoncvs
+ #        X11Forwarding no
+--- a/version.h        2015-10-24 04:53:19.000000000 +0200
++++ b/version.h        2015-10-24 05:07:02.000000000 +0200
+@@ -4,3 +4,4 @@
+
+ #define SSH_PORTABLE        "p1"
+ #define SSH_RELEASE        SSH_VERSION SSH_PORTABLE
++#define SSH_HPN "-hpn14v5"
</ins></span></pre>
</div>
</div>
</body>
</html>