Hi,

I am facing an issue with openssh-4.5p1. While copying a file of
around 1GB using sftp/scp I am getting a send:Message too long error.

I did a bit of debugging and found that ssh code was sending packet of
size greater than 131072 bytes from the application level and hence
the issue.




On going through the code

In client_loop( in clientloop.c)

if (packet_not_very_much_data_to_write())
channel_output_poll();

In packet.c

packet_not_very_much_data_to_write(void)
{
if (interactive_mode)
{
fprintf(stderr,"interactive mode buffer len %d\n",
buffer_len(&output));
return buffer_len(&output) < 16384;
}
else
{
fprintf(stderr,"non interactive mode buffer len %d\n",
buffer_len(&output));
return buffer_len(&output) < 128 * 1024;
}
}

which allows more data to be buffered if buffersize is less than
128*1024 ie 131072 bytes.
and as can be seen from debug

In channel_output_poll(void) in channels.c

if (compat20) {
if (len > c->remote_window)
len = c->remote_window;
if (len > c->remote_maxpacket)
len = c->remote_maxpacket;
fprintf(stderr,"Remote window size %d Remote
max packet %d\n",c->remote_window,c->remote_maxpacket);
} else {
if (packet_is_interactive()) {
if (len > 1024)
len = 512;
} else {
/* Keep the packets at
reasonable size. */
if (len > packet_get_maxsize()/
2)
len =
packet_get_maxsize()/2;
}
}

if (len > 0) {
packet_start(compat20 ?
SSH2_MSG_CHANNEL_DATA :
SSH_MSG_CHANNEL_DATA);
packet_put_int(c->remote_id);
packet_put_string(buffer_ptr(&c-
>input), len);

packet_send();
buffer_consume(&c->input, len);
c->remote_window -= len;



The length of data only (and excludes padding,mac,headers etc)is
reduced from the remote window


In packet_send() in packet.c

we add padding ,mac and other headers which increase the packet size
(another 48 bytes as I see ) and hence the buffer_len(&output)
increases by datalength+48.
and hence I feel theoretically size can go more than 131071


Please correct me if I am wrong.Also where my understanding is wrong.


Debug data (I have inserted)

Remote window size 131072 Remote max packet 32768
send: len 16416 ( padding length 18)
Inon interactive mode buffer len 16432

Remote window size 114688 Remote max packet 32768
send: len 16416 (includes payload, padding and padding length 18)
non interactive mode buffer len 32864

Remote window size 98304 Remote max packet 32768
send: len 16416 (includes payload, padding and padding length 18)
non interactive mode buffer len 49296

Remote window size 81920 Remote max packet 32768
send: len 16416 (includes payload, padding and padding length 18)
non interactive mode buffer len 65728

Remote window size 65536 Remote max packet 32768
send: len 16416 (includes payload, padding and padding length 18)
non interactive mode buffer len 82160

Remote window size 49152 Remote max packet 32768
send: len 16416 (includes payload, padding and padding length 18)
non interactive mode buffer len 98592

Remote window size 32768 Remote max packet 32768
send: len 16304 (includes payload, padding and padding length 11)
non interactive mode buffer len 114912

Remote window size 16489 Remote max packet 32768
send: len 16416 (includes payload, padding and padding length 18)
non interactive mode buffer len 131344
Before packet_write_poll
length before calling systemcall write 131344
Write failed: Message too long
Couldn't send packet: Broken pipe

Thanks
Reji Thomas