Bug 31489

Summary: Conflict Between BPF and ssh2 protocol in openssh
Product: Base System Reporter: Colin Legendre <sudz>
Component: miscAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.4-STABLE   
Hardware: Any   
OS: Any   

Description Colin Legendre 2001-10-25 15:10:02 UTC 
There seems to be a conflict between the bpf and the ssh2 protocol within openssh.  When running trafshow or tcpdump on a connection to a openssh server using ssh2 protocol the traffic flow increases to 25-75K per sec.  Doing the same thing using ssh1 protocol the connection is 1-2K per sec.

How-To-Repeat: 1. from any client connect to a FreeBSD 4.4-STABLE box using ssh protocol version 2.  su to root and run 'trafshow port 22'.  Notice the high volume of traffic.
2. do the same thing as step 1 but use ssh protocol version 1. Notice the much lowere volume of traffic.
3. Connect to the remote box using ssh2, do not run trafshow.  now on the originating box run trafshow.  Notice the traffic is still low.  But if you start trafshow on the remote box the trafic increases dramaticaly.

You can swap trafshow with tcpdump and get the same problem.
Comment 1 Bruce A. Mah freebsd_committer freebsd_triage 2001-11-10 19:47:18 UTC 
State Changed
From-To: open->feedback

Some discussion on -stable implies that the results you're 
seeing could be an artifact of running tcpdump remotely over SSH 
(see Message-Id: <200110251751.f9PHpds33147@c527597-a.cstvl1.sfba.home.com>). 
If this is *not* in fact the case, maybe you could clarify your setup?
Comment 2 Bruce A. Mah freebsd_committer freebsd_triage 2002-03-28 17:04:20 UTC 
State Changed
From-To: feedback->closed

Feedback timeout (4+ months).