[openssh-commits] [openssh] 02/03: upstream: Deprecate support for IPv4 type-of-service (TOS) IPQoS

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Aug 5 14:05:46 AEST 2025 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit ec3465f59c651405e395092f3ad606f8992328d8
Author: job at openbsd.org <job at openbsd.org>
AuthorDate: Thu Jul 31 11:23:39 2025 +0000

    upstream: Deprecate support for IPv4 type-of-service (TOS) IPQoS
    
    keywords
    
    Type of Service (ToS) was deprecated in the late nineties and replaced
    with the Differentiated Services architecture. Diffserv has significant
    advantages for operators because this mechanism offers more granularity.
    
    OpenSSH switched its default IPQoS from ToS to DSCP values in 2018.
    
    IPQoS configurations with 'lowdelay', 'reliability', or 'throughput' will be
    ignored and instead the system default QoS settings apply. Additionally, a
    debug message is logged about the deprecation with a suggestion to use DSCP.
    
    with/OK deraadt@ sthen@ djm@
    
    OpenBSD-Commit-ID: 40c8c0c5cb20151a348728703536af2ec1c754ba
---
 misc.c        |  8 ++++----
 readconf.c    | 14 +++++++++++++-
 readconf.h    |  6 +++---
 servconf.c    | 14 +++++++++++++-
 ssh_config.5  |  9 ++++-----
 sshd_config.5 |  9 ++++-----
 6 files changed, 41 insertions(+), 19 deletions(-)

diff --git a/misc.c b/misc.c
index f4e02bd04..838a7f788 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.200 2025/05/22 03:53:46 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.201 2025/07/31 11:23:39 job Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005-2020 Damien Miller.  All rights reserved.
@@ -1885,9 +1885,9 @@ static const struct {
 	{ "cs7", IPTOS_DSCP_CS7 },
 	{ "ef", IPTOS_DSCP_EF },
 	{ "le", IPTOS_DSCP_LE },
-	{ "lowdelay", IPTOS_LOWDELAY },
-	{ "throughput", IPTOS_THROUGHPUT },
-	{ "reliability", IPTOS_RELIABILITY },
+	{ "lowdelay", INT_MIN },	/* deprecated */
+	{ "throughput", INT_MIN },	/* deprecated */
+	{ "reliability", INT_MIN },	/* deprecated */
 	{ NULL, -1 }
 };
 
diff --git a/readconf.c b/readconf.c
index 5e97d710e..02452edbf 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.402 2025/07/31 09:38:41 job Exp $ */
+/* $OpenBSD: readconf.c,v 1.403 2025/07/31 11:23:39 job Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -2160,6 +2160,12 @@ parse_pubkey_algos:
 			    filename, linenum, arg);
 			goto out;
 		}
+		if (value == INT_MIN) {
+			debug("%s line %d: Deprecated IPQoS value \"%s\" "
+			    "ignored - using system default instead. Consider"
+			    " using DSCP values.", filename, linenum, arg);
+			value = INT_MAX;
+		}
 		arg = argv_next(&ac, &av);
 		if (arg == NULL)
 			value2 = value;
@@ -2168,6 +2174,12 @@ parse_pubkey_algos:
 			    filename, linenum, arg);
 			goto out;
 		}
+		if (value2 == INT_MIN) {
+			debug("%s line %d: Deprecated IPQoS value \"%s\" "
+			    "ignored - using system default instead. Consider"
+			    " using DSCP values.", filename, linenum, arg);
+			value2 = INT_MAX;
+		}
 		if (*activep && options->ip_qos_interactive == -1) {
 			options->ip_qos_interactive = value;
 			options->ip_qos_bulk = value2;
diff --git a/readconf.h b/readconf.h
index cd49139b1..153fa6226 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.159 2025/02/15 01:48:30 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.160 2025/07/31 11:23:39 job Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -49,8 +49,8 @@ typedef struct {
 	int     strict_host_key_checking;	/* Strict host key checking. */
 	int     compression;	/* Compress packets in both directions. */
 	int     tcp_keep_alive;	/* Set SO_KEEPALIVE. */
-	int	ip_qos_interactive;	/* IP ToS/DSCP/class for interactive */
-	int	ip_qos_bulk;		/* IP ToS/DSCP/class for bulk traffic */
+	int	ip_qos_interactive;	/* DSCP value for interactive */
+	int	ip_qos_bulk;		/* DSCP value for bulk traffic */
 	SyslogFacility log_facility;	/* Facility for system logging. */
 	LogLevel log_level;	/* Level for logging. */
 	u_int	num_log_verbose;	/* Verbose log overrides */
diff --git a/servconf.c b/servconf.c
index 63176d0d0..2bd9d1191 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.428 2025/07/31 09:38:41 job Exp $ */
+/* $OpenBSD: servconf.c,v 1.429 2025/07/31 11:23:39 job Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -2512,12 +2512,24 @@ process_server_config_line_depth(ServerOptions *options, char *line,
 		if ((value = parse_ipqos(arg)) == -1)
 			fatal("%s line %d: Bad %s value: %s",
 			    filename, linenum, keyword, arg);
+		if (value == INT_MIN) {
+			debug("%s line %d: Deprecated IPQoS value \"%s\" "
+			    "ignored - using system default instead. Consider"
+			    " using DSCP values.", filename, linenum, arg);
+			value = INT_MAX;
+		}
 		arg = argv_next(&ac, &av);
 		if (arg == NULL)
 			value2 = value;
 		else if ((value2 = parse_ipqos(arg)) == -1)
 			fatal("%s line %d: Bad %s value: %s",
 			    filename, linenum, keyword, arg);
+		if (value2 == INT_MIN) {
+			debug("%s line %d: Deprecated IPQoS value \"%s\" "
+			    "ignored - using system default instead. Consider"
+			    " using DSCP values.", filename, linenum, arg);
+			value2 = INT_MAX;
+		}
 		if (*activep) {
 			options->ip_qos_interactive = value;
 			options->ip_qos_bulk = value2;
diff --git a/ssh_config.5 b/ssh_config.5
index 4b5b62408..390bc44ab 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.415 2025/07/31 09:38:41 job Exp $
+.\" $OpenBSD: ssh_config.5,v 1.416 2025/07/31 11:23:39 job Exp $
 .Dd $Mdocdate: July 31 2025 $
 .Dt SSH_CONFIG 5
 .Os
@@ -1242,7 +1242,9 @@ or
 block
 to perform conditional inclusion.
 .It Cm IPQoS
-Specifies the IPv4 type-of-service or DSCP class for connections.
+Specifies the
+.Em Differentiated Services Field Codepoint Pq DSCP
+value for connections.
 Accepted values are
 .Cm af11 ,
 .Cm af12 ,
@@ -1266,9 +1268,6 @@ Accepted values are
 .Cm cs7 ,
 .Cm ef ,
 .Cm le ,
-.Cm lowdelay ,
-.Cm throughput ,
-.Cm reliability ,
 a numeric value, or
 .Cm none
 to use the operating system default.
diff --git a/sshd_config.5 b/sshd_config.5
index ae57d0cb9..ee1b29341 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.382 2025/07/31 09:38:41 job Exp $
+.\" $OpenBSD: sshd_config.5,v 1.383 2025/07/31 11:23:39 job Exp $
 .Dd $Mdocdate: July 31 2025 $
 .Dt SSHD_CONFIG 5
 .Os
@@ -923,7 +923,9 @@ directive may appear inside a
 block
 to perform conditional inclusion.
 .It Cm IPQoS
-Specifies the IPv4 type-of-service or DSCP class for the connection.
+Specifies the
+.Em Differentiated Services Field Codepoint Pq DSCP
+value for the connection.
 Accepted values are
 .Cm af11 ,
 .Cm af12 ,
@@ -947,9 +949,6 @@ Accepted values are
 .Cm cs7 ,
 .Cm ef ,
 .Cm le ,
-.Cm lowdelay ,
-.Cm throughput ,
-.Cm reliability ,
 a numeric value, or
 .Cm none
 to use the operating system default.

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list