Changes to update Tomato RAF.
[tomato.git] / release / src / router / dropbear / sysoptions.h
blob283229e9b3abe6533f9fcced74c26db0aa6f9d7d
1 /*******************************************************************
2 * You shouldn't edit this file unless you know you need to.
3 * This file is only included from options.h
4 *******************************************************************/
6 #ifndef DROPBEAR_VERSION
7 #define DROPBEAR_VERSION "2012.55"
8 #endif
10 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
11 #define PROGNAME "dropbear"
13 /* Spec recommends after one hour or 1 gigabyte of data. One hour
14 * is a bit too verbose, so we try 8 hours */
15 #ifndef KEX_REKEY_TIMEOUT
16 #define KEX_REKEY_TIMEOUT (3600 * 8)
17 #endif
18 #ifndef KEX_REKEY_DATA
19 #define KEX_REKEY_DATA (1<<30) /* 2^30 == 1GB, this value must be < INT_MAX */
20 #endif
21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */
22 #ifndef AUTH_TIMEOUT
23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */
24 #endif
26 /* Minimum key sizes for DSS and RSA */
27 #ifndef MIN_DSS_KEYLEN
28 #define MIN_DSS_KEYLEN 512
29 #endif
30 #ifndef MIN_RSA_KEYLEN
31 #define MIN_RSA_KEYLEN 512
32 #endif
34 #define MAX_BANNER_SIZE 2000 /* this is 25*80 chars, any more is foolish */
35 #define MAX_BANNER_LINES 20 /* How many lines the client will display */
37 /* the number of NAME=VALUE pairs to malloc for environ, if we don't have
38 * the clearenv() function */
39 #define ENV_SIZE 100
41 #define MAX_CMD_LEN 1024 /* max length of a command */
42 #define MAX_TERM_LEN 200 /* max length of TERM name */
44 #define MAX_HOST_LEN 254 /* max hostname len for tcp fwding */
45 #define MAX_IP_LEN 15 /* strlen("255.255.255.255") == 15 */
47 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified,
48 ipv4 and ipv6 don't count twice */
50 /* Each port might have at least a v4 and a v6 address */
51 #define MAX_LISTEN_ADDR (DROPBEAR_MAX_PORTS*3)
53 #define _PATH_TTY "/dev/tty"
55 #define _PATH_CP "/bin/cp"
57 /* success/failure defines */
58 #define DROPBEAR_SUCCESS 0
59 #define DROPBEAR_FAILURE -1
61 /* various algorithm identifiers */
62 #define DROPBEAR_KEX_DH_GROUP1 0
63 #define DROPBEAR_KEX_DH_GROUP14 1
65 #define DROPBEAR_SIGNKEY_ANY 0
66 #define DROPBEAR_SIGNKEY_RSA 1
67 #define DROPBEAR_SIGNKEY_DSS 2
68 #define DROPBEAR_SIGNKEY_NONE 3
70 #define DROPBEAR_COMP_NONE 0
71 #define DROPBEAR_COMP_ZLIB 1
72 #define DROPBEAR_COMP_ZLIB_DELAY 2
74 /* Required for pubkey auth */
75 #if defined(ENABLE_SVR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT)
76 #define DROPBEAR_SIGNKEY_VERIFY
77 #endif
79 /* SHA1 is 20 bytes == 160 bits */
80 #define SHA1_HASH_SIZE 20
81 /* SHA512 is 64 bytes == 512 bits */
82 #define SHA512_HASH_SIZE 64
83 /* MD5 is 16 bytes = 128 bits */
84 #define MD5_HASH_SIZE 16
86 /* largest of MD5 and SHA1 */
87 #define MAX_MAC_LEN SHA1_HASH_SIZE
90 #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */
91 #define MAX_IV_LEN 20 /* must be same as max blocksize,
92 and >= SHA1_HASH_SIZE */
93 #define MAX_MAC_KEY 20
95 #define MAX_NAME_LEN 64 /* maximum length of a protocol name, isn't
96 explicitly specified for all protocols (just
97 for algos) but seems valid */
99 #define MAX_PROPOSED_ALGO 20
101 /* size/count limits */
102 /* From transport rfc */
103 #define MIN_PACKET_LEN 16
105 #define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100)))
107 /* for channel code */
108 #define TRANS_MAX_WINDOW 500000000 /* 500MB is sufficient, stopping overflow */
109 #define TRANS_MAX_WIN_INCR 500000000 /* overflow prevention */
111 #define RECV_WINDOWEXTEND (opts.recv_window / 3) /* We send a "window extend" every
112 RECV_WINDOWEXTEND bytes */
113 #define MAX_RECV_WINDOW (1024*1024) /* 1 MB should be enough */
115 #define MAX_CHANNELS 100 /* simple mem restriction, includes each tcp/x11
116 connection, so can't be _too_ small */
118 #define MAX_STRING_LEN 1400 /* ~= MAX_PROPOSED_ALGO * MAX_NAME_LEN, also
119 is the max length for a password etc */
121 /* For a 4096 bit DSS key, empirically determined */
122 #define MAX_PUBKEY_SIZE 1700
123 /* For a 4096 bit DSS key, empirically determined */
124 #define MAX_PRIVKEY_SIZE 1700
126 /* The maximum size of the bignum portion of the kexhash buffer */
127 /* Sect. 8 of the transport rfc 4253, K_S + e + f + K */
128 #define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130)
130 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit
131 in a few years time.... */
133 #define DROPBEAR_MAX_CLI_PASS 1024
135 #define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80 /* The number of prompts we'll
136 accept for keyb-interactive
137 auth */
139 #if defined(DROPBEAR_AES256) || defined(DROPBEAR_AES128)
140 #define DROPBEAR_AES
141 #endif
143 #if defined(DROPBEAR_TWOFISH256) || defined(DROPBEAR_TWOFISH128)
144 #define DROPBEAR_TWOFISH
145 #endif
147 #ifndef ENABLE_X11FWD
148 #define DISABLE_X11FWD
149 #endif
151 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD)
152 #define ENABLE_CLI_ANYTCPFWD
153 #endif
155 #if defined(ENABLE_CLI_LOCALTCPFWD) || defined(ENABLE_SVR_REMOTETCPFWD)
156 #define DROPBEAR_TCP_ACCEPT
157 #endif
159 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD) || \
160 defined(ENABLE_SVR_REMOTETCPFWD) || defined(ENABLE_SVR_LOCALTCPFWD) || \
161 defined(ENABLE_SVR_AGENTFWD) || defined(ENABLE_X11FWD)
162 #define USING_LISTENERS
163 #endif
165 #if defined(ENABLE_SVR_AGENTFWD) || defined(ENABLE_CLI_LOCALTCPFWD)
166 #define ENABLE_AGENTFWD
167 #endif
169 #if defined(ENABLE_CLI_NETCAT) && defined(ENABLE_CLI_PROXYCMD)
170 #define ENABLE_CLI_MULTIHOP
171 #endif
173 #if defined(ENABLE_CLI_AGENTFWD) || defined(DROPBEAR_PRNGD_SOCKET)
174 #define ENABLE_CONNECT_UNIX
175 #endif
177 #if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
178 #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
179 #endif
181 /* Changing this is inadvisable, it appears to have problems
182 * with flushing compressed data */
183 #define DROPBEAR_ZLIB_MEM_LEVEL 8
185 #if defined(ENABLE_SVR_PASSWORD_AUTH) && defined(ENABLE_SVR_PAM_AUTH)
186 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h"
187 #endif
189 #if defined(DROPBEAR_RANDOM_DEV) && defined(DROPBEAR_PRNGD_SOCKET)
190 #error "You can't turn on DROPBEAR_PRNGD_SOCKET and DROPBEAR_RANDOM_DEV at once"
191 #endif
193 #if !defined(DROPBEAR_RANDOM_DEV) && !defined(DROPBEAR_PRNGD_SOCKET)
194 #error "You must choose one of DROPBEAR_PRNGD_SOCKET or DROPBEAR_RANDOM_DEV in options.h"
195 #endif
197 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
198 * code, if we're just compiling as client or server */
199 #if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT)
201 #define IS_DROPBEAR_SERVER (ses.isserver == 1)
202 #define IS_DROPBEAR_CLIENT (ses.isserver == 0)
204 #elif defined(DROPBEAR_SERVER)
206 #define IS_DROPBEAR_SERVER 1
207 #define IS_DROPBEAR_CLIENT 0
209 #elif defined(DROPBEAR_CLIENT)
211 #define IS_DROPBEAR_SERVER 0
212 #define IS_DROPBEAR_CLIENT 1
214 #else
215 /* Just building key utils? */
216 #define IS_DROPBEAR_SERVER 0
217 #define IS_DROPBEAR_CLIENT 0
219 #endif