Patch for openssh server

Christian Iversen chrivers at iversen-net.dk
Fri Aug 11 05:19:28 EST 2006 

Hi openssh devs.

We submit for your review a patch we have made for sshd, regarding traffic 
accounting. The native version of openssh does not support traffic 
accounting, making it quite hard to monitor traffic usage on a per-user 
basis.

The patch in question 
- Does not log anything except the total amount of data transmitted, when the
  connection is closed.

- Is very simple, only a handful of lines.

- Only uses extremely simple integer arithmetic, and therefore correctness is
  easily verified by reading the patch.

- Is enabled by configuration option in sshd_config, and is _disabled_ by
  default.

The motivation for this patch springs from a direct need to have some overview 
over the bandwidth usage for each user on our system. We have to pay costs 
per gigabyte transferred, and although this information _could_ be gathered 
from other sources, it would be tedious and very much unusual. Users of  
proftpd, apache and postfix, do not have to use (say) iptables to log the 
amount of traffic transmitted.

In the discussion of traffic accounting, one question naturally arises. Why is 
it that no one has made this patch before? Actually, this patch has been made 
several times over, by different sources. Most by people who run their own 
(patched) version of sshd. A few times, a patch similar to the attached one 
has been sent to this mailing list. However, for a variety of reasons, they 
never got in ssh.

We would very much like to hear your opinion on our patch, and wether you 
think it's possible to have it included in ssh or not.


(the actual patch sent lacks the config-file support. We would like to hear 
your opinion before we spend time on the final version. We also send a unit 
test (run.sh), which can be used to test the traffic accounting system. The 
expected amounts given in the file, are approximate)

Thank you for your time.

-- 
Regards,
Christian Iversen,
Thomas Damgaard Nielsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-traffic-accounting-patch-3.8.1p1.sarge4.patch
Type: text/x-diff
Size: 1989 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20060810/3f23c565/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: run.sh
Type: application/x-shellscript
Size: 1346 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20060810/3f23c565/attachment-0001.bin

More information about the openssh-unix-dev mailing list