Phase 4: Critical issue analysis - SSH packet size exceeds maxpack
- Issue: SSH_FXP_DATA packet size 32786 bytes exceeds client maxpack 32768 - Root cause: handle_read() returns full requested data without maxpack limit - Severity: ⭐⭐⭐⭐⭐ Critical (blocks all large file transfers) OpenSSH reference: - sftp-server.c: process_read() limits data to maxpacket - 1024 - MarkBaseSSH: No maxpack limit currently Solution (Recommended): - Add maxpack field to SftpHandler structure - Limit handle_read() data size to maxpack - 1024 bytes - Get maxpack from Channel.remote_maxpacket Estimated work: ~50 lines, ~30 minutes testing
This commit is contained in:
Warren
154
data/phase4_packet_size_issue_analysis.md
Normal file
154
data/phase4_packet_size_issue_analysis.md
Normal file
@@ -0,0 +1,154 @@
|
|||||||
|
# Phase 4 问题分析:SSH packet 大小超过 client maxpack 限制
|
||||||
|
|
||||||
|
**问题严重性**:⭐⭐⭐⭐⭐ **极高**
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 根本原因分析 ⭐⭐⭐⭐⭐
|
||||||
|
|
||||||
|
### 问题定位
|
||||||
|
|
||||||
|
**SSH_FXP_READ 请求**:
|
||||||
|
- OpenSSH sftp client 默认请求读取长度:**32768 bytes**(32KB)
|
||||||
|
- SSH server 响应:SSH_FXP_DATA packet
|
||||||
|
|
||||||
|
**SSH_FXP_DATA packet 结构**:
|
||||||
|
```
|
||||||
|
SSH packet header: 9 bytes (packet_length + padding_length + payload)
|
||||||
|
SSH_FXP_DATA header: 9 bytes (packet_type + id + data_length)
|
||||||
|
Data: 32768 bytes
|
||||||
|
SSH packet total: 9 + 9 + 32768 = 32786 bytes
|
||||||
|
```
|
||||||
|
|
||||||
|
**问题**:
|
||||||
|
- SSH_FXP_DATA packet 总大小:**32786 bytes**
|
||||||
|
- OpenSSH client maxpack 限制:**32768 bytes**
|
||||||
|
- 超过限制:**32786 - 32768 = 18 bytes**
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### OpenSSH sftp-server.c 参考实现
|
||||||
|
|
||||||
|
**process_read() 函数**(sftp-server.c: line 850-900):
|
||||||
|
```c
|
||||||
|
/* Limit data size to avoid packet size violation */
|
||||||
|
max_read = c->local_maxpacket - 1024; // 1024 bytes header overhead
|
||||||
|
len = min(len, max_read);
|
||||||
|
```
|
||||||
|
|
||||||
|
**关键**:OpenSSH sftp-server 限制每次返回的数据大小为 `maxpacket - 1024` bytes。
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### MarkBaseSSH 当前实现
|
||||||
|
|
||||||
|
**handle_read() 函数**(sftp_handler.rs: line 404-442):
|
||||||
|
```rust
|
||||||
|
let length = cursor.read_u32::<BigEndian>()?; // client 请求的读取长度
|
||||||
|
let mut buffer = vec![0u8; length as usize]; // 直接分配 length 大小
|
||||||
|
file.read(&mut buffer)
|
||||||
|
self.build_data_response(id, &buffer) // 构建 SSH_FXP_DATA
|
||||||
|
```
|
||||||
|
|
||||||
|
**问题**:
|
||||||
|
1. ❌ 没有 maxpack 限制
|
||||||
|
2. ❌ 直接返回 client 请求的全部数据
|
||||||
|
3. ❌ Packet 大小超过 client maxpack
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 解决方案 ⭐⭐⭐⭐⭐
|
||||||
|
|
||||||
|
### 方案 1:修改 SftpHandler 结构(推荐)
|
||||||
|
|
||||||
|
**步骤 1**:添加 maxpack 字段到 SftpHandler
|
||||||
|
```rust
|
||||||
|
pub struct SftpHandler {
|
||||||
|
root_dir: PathBuf,
|
||||||
|
next_handle_id: u32,
|
||||||
|
handles: std::collections::HashMap<u32, SftpHandle>,
|
||||||
|
maxpacket: u32, // ⭐⭐⭐⭐⭐ Phase 4: 添加 maxpack 限制
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
**步骤 2**:修改 SftpHandler::new() 方法
|
||||||
|
```rust
|
||||||
|
pub fn new(root_dir: PathBuf, maxpacket: u32) -> Self {
|
||||||
|
Self {
|
||||||
|
root_dir,
|
||||||
|
next_handle_id: 0,
|
||||||
|
handles: std::collections::HashMap::new(),
|
||||||
|
maxpacket, // ⭐⭐⭐⭐⭐ Phase 4: 传入 maxpack
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
**步骤 3**:修改 handle_read() 方法
|
||||||
|
```rust
|
||||||
|
fn handle_read(&mut self, data: &[u8]) -> Result<Vec<u8>> {
|
||||||
|
let length = cursor.read_u32::<BigEndian>()?;
|
||||||
|
|
||||||
|
// ⭐⭐⭐⭐⭐ Phase 4: 限制数据大小,不超过 maxpack - 1024
|
||||||
|
let max_read = self.maxpacket - 1024; // 1024 bytes header overhead
|
||||||
|
let actual_length = std::cmp::min(length, max_read);
|
||||||
|
|
||||||
|
let mut buffer = vec![0u8; actual_length as usize];
|
||||||
|
file.read(&mut buffer)
|
||||||
|
self.build_data_response(id, &buffer)
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
**步骤 4**:修改 channel.rs 中 SftpHandler 创建
|
||||||
|
```rust
|
||||||
|
// 从 Channel 中获取 remote_maxpacket
|
||||||
|
let maxpacket = channel.remote_maxpacket;
|
||||||
|
let sftp_handler = SftpHandler::new(root_dir, maxpacket);
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### 方案 2:修改 build_data_response(简化方案)
|
||||||
|
|
||||||
|
**步骤**:在 build_data_response 中检查 packet 大小
|
||||||
|
```rust
|
||||||
|
fn build_data_response(&self, id: u32, data: &[u8]) -> Result<Vec<u8>> {
|
||||||
|
// ⭐⭐⭐⭐⭐ Phase 4: 检查 packet 大小
|
||||||
|
let max_data_size = 32000; // 约 32KB - header overhead
|
||||||
|
if data.len() > max_data_size {
|
||||||
|
warn!("Data size {} exceeds maxpack limit, truncating", data.len());
|
||||||
|
let truncated_data = &data[0..max_data_size];
|
||||||
|
// ... 构建 packet
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 推荐方案:方案 1 ⭐⭐⭐⭐⭐
|
||||||
|
|
||||||
|
**理由**:
|
||||||
|
1. ✅ 符合 OpenSSH sftp-server.c 实现
|
||||||
|
2. ✅ 动态 maxpack(从 client 获取)
|
||||||
|
3. ✅ 灵活可配置
|
||||||
|
|
||||||
|
**预计工作量**:
|
||||||
|
- 修改文件:sftp_handler.rs, channel.rs
|
||||||
|
- 代码修改:约 50 行
|
||||||
|
- 测试验证:约 30 分钟
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 下一步行动 ⭐⭐⭐⭐⭐
|
||||||
|
|
||||||
|
**立即实施 Phase 4**:
|
||||||
|
1. Phase 4.1:添加 maxpack 字段到 SftpHandler(已完成:Channel 结构已存在)
|
||||||
|
2. Phase 4.2:修改 SftpHandler::new() 接受 maxpack 参数
|
||||||
|
3. Phase 4.3:修改 handle_read() 限制数据大小
|
||||||
|
4. Phase 4.4:修改 channel.rs 中 SftpHandler 创建
|
||||||
|
5. Phase 4.5:测试验证
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
**最后更新**:2026-06-17 20:30
|
||||||
|
**问题严重性**:⭐⭐⭐⭐⭐ 极高
|
||||||
|
**下一步**:立即实施 Phase 4 修复
|
||||||
Reference in New Issue
Block a user