1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/ssh/ssh-conn.c ssh-in

    From Deuc¿@VERT to Git commit to main/sbbs/m on Wednesday, April 01, 2026 16:21:00
    https://gitlab.synchro.net/main/sbbs/-/commit/a07679f5629813e780f84764
    Modified Files:
    src/ssh/ssh-conn.c ssh-internal.h ssh-trans.c ssh-trans.h ssh.c src/ssh/test/dssh_test_internal.h test_alloc.c test_chan.c
    Log Message:
    Replace TX queue linked list with pre-allocated slot buffers

    Eliminate all malloc/free from the demux thread's fire-and-forget
    send path by replacing the linked-list TX queue with pre-allocated, algorithm-correctly-sized packet buffers ("slots").

    Session-level slots: global_reply (REQUEST_SUCCESS/FAILURE, 1B),
    open_fail (CHANNEL_OPEN_FAILURE, 16B). Channel-level slots:
    wa (WINDOW_ADJUST, 9B), chan_fail (CHANNEL_FAILURE, 8B).

    Each slot buffer is sized to hold a complete wire packet for its
    max payload using the negotiated block_size and MAC digest, computed
    by tx_slot_buf_size(). Buffers are allocated in newkeys() after derive_and_apply_keys() and resized on rekey if algorithms change.

    tx_finalize() parameterized to operate on arbitrary buffers (not
    just sess->trans.tx_packet), enabling zero-copy finalize+send
    directly from slot buffers.

    send_to_slot() provides RX backpressure: fast path tries tx_mtx
    and sends immediately; slow path stalls the demux thread on
    tx_slot_cnd until the slot is drained, blocking recv_packet and
    causing TCP backpressure on a misbehaving peer.

    send_to_wa_slot() coalesces WINDOW_ADJUST via saturating add on
    the bytes field when the slot is already occupied Ä no stall needed.

    Accept queue converted from unbounded malloc'd linked list to
    fixed-capacity ring buffer (DSSH_ACCEPT_QUEUE_CAP=8) embedded in
    the session struct. Demux stalls on accept_cnd when full, closing
    the memory starvation vector from CHANNEL_OPEN floods.

    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/m on Wednesday, April 01, 2026 16:21:00
    https://gitlab.synchro.net/main/sbbs/-/commit/d8696971bcb38dc0585f957b
    Modified Files:
    src/ssh/ssh-conn.c ssh-internal.h src/ssh/test/dssh_test_internal.h test_alloc.c test_chan.c test_conn.c
    Log Message:
    Remove dead old-API code (signal queue, msgqueue, DSSH_IO_OLD)

    No channel creation path sets io_model=DSSH_IO_OLD Ä every channel
    is DSSH_IO_STREAM or DSSH_IO_ZC. Remove all unreachable old-API
    code: signal queue, message queue, raw channel type, window_change
    callback, and old-API branches in demux handlers.

    Deleted: msgqueue_free/push, sigqueue_init/free/push, session_readable, dssh_msgqueue_entry, dssh_msgqueue, dssh_signal_mark, dssh_signal_queue, DSSH_CHAN_RAW, DSSH_IO_OLD, window_change_cb, stdout/stderr_consumed. Simplified buf union to plain struct.

    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/m on Tuesday, May 05, 2026 09:31:00
    https://gitlab.synchro.net/main/sbbs/-/commit/fce249c31b7afd2d8930933f
    Modified Files:
    src/ssh/ssh-conn.c ssh-internal.h src/ssh/test/test_conn.c
    Log Message:
    DeuceSSH: setup_complete becomes atomic_bool to close a visibility race

    The DSSH_PARAM_ACCEPT_EARLY_DATA bypass condition reads ch->setup_
    complete in handle_channel_data / handle_channel_extended_data
    under buf_mtx, but the writer (app thread, end of dssh_chan_open / dssh_chan_zc_open) was setting it as a plain bool with no mutex
    held -- so the demux's mtx_lock(buf_mtx) acquire was synchronizing
    with the previous send_window_adjust unlock, not with the
    setup_complete = true store. Visibility was eventually established
    once the app thread next called any buf_mtx-acquiring API, but
    between those points the demux could see stale setup_complete ==
    false and bypass-deliver data that should have gone through normal
    window enforcement.

    Switch to atomic_bool with explicit release-store on the writer
    side and acquire-load on the reader side. Same publish/subscribe
    guarantee the mutex would give us, no contention, and the demux's
    existing buf_mtx acquire still covers all the other channel state
    it reads.

    accept_pre_window_data stays a plain bool: it's set BEFORE
    register_channel, and register_channel's channel_mtx release
    publishes it to any later find_channel acquire.

    The four rx_truncation/bypass tests in test_conn.c that poke
    setup_complete directly switch to atomic_store (relaxed
    default; the ordering doesn't matter for synthetic test setup).

    OpenSSL: 3410/3410 pass. Botan: 3411/3411 pass.

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net