Contributed by Peter N. M. Hansteen on from the ssh! QoS vadis? dept.
djm@) introduced a significant change,
which enables ssh
and sshd
to set the IP QoS based on what connections
and sessions are active.
The commit message says,
List: openbsd-cvs Subject: CVS: cvs.openbsd.org: src From: Damien Miller <djm () cvs ! openbsd ! org> Date: 2025-08-18 3:43:01 CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2025/08/17 21:43:01 Modified files: usr.bin/ssh : sshd-session.c sshd-auth.c ssh.c session.c serverloop.c packet.h packet.c mux.c misc.c clientloop.c channels.h channels.c Log message: Make ssh(1) and sshd(8) set IP QoS (aka IP_TOS, IPV6_TCLASS) continually at runtime based on what sessions/channels are open.
Previously, ssh(1) and sshd(8) would pick a QoS value when they were started and use it for the whole connection. This could produce suboptimal choices for the QoS value, e.g. for multiplexed sessions that started interactive but picked up a sftp client, or sessions that moved large amounts of data via port forwarding. Now the QoS value will change to the non-interactive IPQoS whenever a "non-interactive" channel is open; basically any channel that lacks a tty other than agent forwarding. This is important now that the default interactive IPQoS is EF (Expedited Forwarding), as many networks are configured to allow only relatively small amounts of traffic of this class and they will aggressively deprioritise the entire connection if this is exceeded. NB. because ssh(1) and sshd(8) now change IP_TOS/IPV6_TCLASS continually via setsockopt(), this commit requires a recent pledge(2) change that landed recently in the OpenBSD kernel. Please ensure you have updated to a kernel from within the last two weeks before updating OpenSSH. with job@ deraadt@
Note the last part -- once again, the easiest way to test this change will be to upgrade to a snapshot that has this code integrated.
Also new: ssh(1) and sshd(8) now
dump
active
channel/session information on receiving
SIGINFO.