Update MINA SSHD to SVN 891122 As of 891122 MINA SSHD the SVN trunk revision has two major fixes on top of 0.3.0 that we need in Gerrit: - Revision 890632: allows writes to be sent to the client as soon as the packet is full, rather than delaying until all data has been fully materialized. Cloning any reasonably sized project without this fix is impractical as the entire project must be held in JVM heap memory as a single byte[]. - Revision 891122: fixes the receive socket buffer to be larger. Raw push throughput went from <4 MB/s to ~25 MB/s. Actual push throughput is lower due to JGit data stream validation and local disk IO, but we were really hurting on upload partly due to this really bad raw throughput. Change-Id: If92198a8c436da3752134764931a85e7efd3bc6f Signed-off-by: Shawn O. Pearce <sop@google.com>
diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java index 3e4e28e..b3f9714 100644 --- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java +++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
@@ -28,7 +28,6 @@ import org.apache.mina.core.service.IoAcceptor; import org.apache.mina.core.session.IoSession; import org.apache.mina.transport.socket.SocketSessionConfig; -import org.apache.mina.transport.socket.nio.NioSocketAcceptor; import org.apache.sshd.SshServer; import org.apache.sshd.common.Channel; import org.apache.sshd.common.Cipher; @@ -57,8 +56,8 @@ import org.apache.sshd.common.util.SecurityUtils; import org.apache.sshd.server.Command; import org.apache.sshd.server.CommandFactory; +import org.apache.sshd.server.ForwardingFilter; import org.apache.sshd.server.PublickeyAuthenticator; -import org.apache.sshd.server.TcpIpForwardFilter; import org.apache.sshd.server.UserAuth; import org.apache.sshd.server.auth.UserAuthPublicKey; import org.apache.sshd.server.channel.ChannelDirectTcpip; @@ -136,7 +135,6 @@ } private final List<SocketAddress> listen; - private final boolean reuseAddress; private final boolean keepAlive; private final List<HostKey> hostKeys; private volatile IoAcceptor acceptor; @@ -161,7 +159,7 @@ initMacs(cfg); initSignatures(); initChannels(); - initTcpIpForwardFilter(); + initForwardingFilter(); initSubsystems(); initCompression(); initUserAuth(userAuth); @@ -202,17 +200,18 @@ if (acceptor == null) { checkConfig(); - final NioSocketAcceptor ain = new NioSocketAcceptor(); + acceptor = createAcceptor(); + configure(acceptor); + final SessionFactory handler = getSessionFactory(); handler.setServer(this); - ain.setHandler(handler); - ain.setReuseAddress(reuseAddress); + acceptor.setHandler(handler); + try { - ain.bind(listen); + acceptor.bind(listen); } catch (IOException e) { throw new IllegalStateException("Cannot bind to " + addressList(), e); } - acceptor = ain; log.info("Started Gerrit SSHD on " + addressList()); } @@ -243,7 +242,7 @@ final ArrayList<HostKey> r = new ArrayList<HostKey>(); for (final PublicKey pub : keys) { final Buffer buf = new Buffer(); - buf.putPublicKey(pub); + buf.putRawPublicKey(pub); final byte[] keyBin = buf.getCompactData(); for (final SocketAddress addr : listen) { @@ -518,8 +517,18 @@ setPublickeyAuthenticator(pubkey); } - private void initTcpIpForwardFilter() { - setTcpIpForwardFilter(new TcpIpForwardFilter() { + private void initForwardingFilter() { + setForwardingFilter(new ForwardingFilter() { + @Override + public boolean canForwardAgent(ServerSession session) { + return false; + } + + @Override + public boolean canForwardX11(ServerSession session) { + return false; + } + @Override public boolean canConnect(InetSocketAddress address, ServerSession session) { return false;
diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshUtil.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshUtil.java index d7fc293..e87946b 100644 --- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshUtil.java +++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshUtil.java
@@ -19,6 +19,7 @@ import org.apache.commons.codec.binary.Base64; import org.apache.sshd.common.KeyPairProvider; +import org.apache.sshd.common.SshException; import org.apache.sshd.common.Session.AttributeKey; import org.apache.sshd.common.util.Buffer; import org.eclipse.jgit.lib.Constants; @@ -66,9 +67,11 @@ throw new InvalidKeySpecException("No key string"); } final byte[] bin = Base64.decodeBase64(Constants.encodeASCII(s)); - return new Buffer(bin).getPublicKey(); + return new Buffer(bin).getRawPublicKey(); } catch (RuntimeException re) { throw new InvalidKeySpecException("Cannot parse key", re); + } catch (SshException e) { + throw new InvalidKeySpecException("Cannot parse key", e); } } @@ -104,7 +107,7 @@ final PublicKey key = new Buffer(Base64.decodeBase64(Constants.encodeASCII(strBuf - .toString()))).getPublicKey(); + .toString()))).getRawPublicKey(); if (key instanceof RSAPublicKey) { strBuf.insert(0, KeyPairProvider.SSH_RSA + " "); @@ -122,12 +125,6 @@ return keyStr; } catch (RuntimeException re) { return keyStr; - } catch (NoSuchAlgorithmException e) { - return keyStr; - } catch (InvalidKeySpecException e) { - return keyStr; - } catch (NoSuchProviderException e) { - return keyStr; } } }
diff --git a/pom.xml b/pom.xml index 85c7aa0..fe36666 100644 --- a/pom.xml +++ b/pom.xml
@@ -534,7 +534,7 @@ <dependency> <groupId>org.apache.sshd</groupId> <artifactId>sshd-core</artifactId> - <version>0.3.0</version> + <version>0.4.0-r891122</version> </dependency> <dependency>