From nobody@FreeBSD.org  Thu Oct 25 07:09:09 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 8426C37B405
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 25 Oct 2001 07:09:09 -0700 (PDT)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f9PE99f29088;
	Thu, 25 Oct 2001 07:09:09 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200110251409.f9PE99f29088@freefall.freebsd.org>
Date: Thu, 25 Oct 2001 07:09:09 -0700 (PDT)
From: Colin Legendre <sudz@ns3g.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Conflict Between BPF and ssh2 protocol in openssh
X-Send-Pr-Version: www-1.0

>Number:         31489
>Category:       misc
>Synopsis:       Conflict Between BPF and ssh2 protocol in openssh
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Oct 25 07:10:02 PDT 2001
>Closed-Date:    Thu Mar 28 09:04:58 PST 2002
>Last-Modified:  Thu Mar 28 09:04:58 PST 2002
>Originator:     Colin Legendre
>Release:        FreeBSD 4.4-STABLE
>Organization:
NS3G.COM
>Environment:
FreeBSD sudz.ns3g.com 4.4-STABLE FreeBSD 4.4-STABLE #0: Wed Oct 24 15:54:08 EDT 2001     sudz@sudz.ns3g.com:/usr/obj/usr/src/sys/CUSTOM7  i386
>Description:
There seems to be a conflict between the bpf and the ssh2 protocol within openssh.  When running trafshow or tcpdump on a connection to a openssh server using ssh2 protocol the traffic flow increases to 25-75K per sec.  Doing the same thing using ssh1 protocol the connection is 1-2K per sec.
>How-To-Repeat:
1. from any client connect to a FreeBSD 4.4-STABLE box using ssh protocol version 2.  su to root and run 'trafshow port 22'.  Notice the high volume of traffic.
2. do the same thing as step 1 but use ssh protocol version 1. Notice the much lowere volume of traffic.
3. Connect to the remote box using ssh2, do not run trafshow.  now on the originating box run trafshow.  Notice the traffic is still low.  But if you start trafshow on the remote box the trafic increases dramaticaly.

You can swap trafshow with tcpdump and get the same problem.
>Fix:

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: bmah 
State-Changed-When: Sat Nov 10 11:47:18 PST 2001 
State-Changed-Why:  
Some discussion on -stable implies that the results you're 
seeing could be an artifact of running tcpdump remotely over SSH 
(see Message-Id: <200110251751.f9PHpds33147@c527597-a.cstvl1.sfba.home.com>). 
If this is *not* in fact the case, maybe you could clarify your setup? 


http://www.FreeBSD.org/cgi/query-pr.cgi?pr=31489 
State-Changed-From-To: feedback->closed 
State-Changed-By: bmah 
State-Changed-When: Thu Mar 28 09:04:20 PST 2002 
State-Changed-Why:  
Feedback timeout (4+ months). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=31489 
>Unformatted:
