Bug 804156

Summary: libssh2 fails key re-exchange when write channel is saturated
Product: [Fedora] Fedora Reporter: Matthew Booth <mbooth>
Component: libssh2Assignee: Paul Howarth <paul>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: djuran, kdudka, paul
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libssh2-1.4.0-2.fc17 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 804145 Environment:
Last Closed: 2012-03-21 18:43:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matthew Booth 2012-03-16 17:01:35 UTC 
+++ This bug was initially created as a clone of Bug #804145 +++

Description of problem:
This bug is fixed upstream:
http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0106.shtml

It's a blocker for virt-p2v. virt-p2v sends a large amount of data over ssh using libssh2. When it has sent enough data (about 64G), the peer will request key re-exchange. Because virt-p2v sends data continuously, it will hit this bug with almost 100% reliability, making it impossible to transfer more than 64G of data.

Version-Release number of selected component (if applicable):
libssh2-1.2.2-7.el6_1.1.x86_64

--- Additional comment from mbooth on 2012-03-16 12:08:23 EDT ---

Created attachment 570649 [details]
Patch to openssh to aid testing

It takes about 45-60 mins of sending data on my system to hit this bug. I'm using a version of openssh with this patch to aid testing. It causes openssh to force a rekey 32x sooner than normal.

--- Additional comment from mbooth on 2012-03-16 12:43:26 EDT ---

Created attachment 570652 [details]
Backport of upstream fix

This is a backport of upstream commit cc4f9d5679278ce41cd5480fab3f5e71dba163ed. The backport was uncomplicated: code has shifted a bit, but nothing close to the affected lines has been altered.

--- Additional comment from mbooth on 2012-03-16 12:54:28 EDT ---

Created attachment 570653 [details]
Backport of upstream fix (V2)

Spoke too soon! libssh2_kex_exchange was renamed to _libssh2_kex_exchange, so the above doesn't compile. This version is fixed.
Comment 1 Fedora Update System 2012-03-16 22:00:59 UTC 
libssh2-1.4.0-2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/libssh2-1.4.0-2.fc17
Comment 2 Fedora Update System 2012-03-17 16:51:20 UTC 
Package libssh2-1.4.0-2.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libssh2-1.4.0-2.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-3987/libssh2-1.4.0-2.fc17
then log in and leave karma (feedback).
Comment 3 Fedora Update System 2012-03-21 18:43:03 UTC 
libssh2-1.4.0-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.