search

jbremer / honeyd

Automatically exported from code.google.com/p/honeyd
0 stars 0 forks source link

Slow transfer to SSH behind Honeyd proxy #12

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Set up an emulated Honeyd configuration file which proxies data to a
local SSH daemon. For example:

create linux.192.168.1.101
set linux.192.168.1.101 default tcp action reset
set linux.192.168.1.101 default udp action block
set linux.192.168.1.101 default icmp action open
set linux.192.168.1.101 maxfds 1024
set linux.192.168.1.101 uptime 79239
add linux.192.168.1.101 tcp port 22 proxy localhost:22
set linux.192.168.1.101 personality "Linux 2.4.7 (X86)"
bind 192.168.1.101 linux.192.168.1.101

2. Create a larger file to transfer over scp:

# dd if=/dev/zero of=testfile bs=1024 count=5000

3. Copy the file to the emulated Honeyd system:

# scp testfile user@192.168.1.101:/tmp

What is the expected output? What do you see instead?

Expect transfer to complete quickly similar to the same speed when
transferring without using Honeyd. Instead I see a short burst where approx
2112 kb are transferred, followed by several shorter bursts and a long
delay at shutdown.

What version of the product are you using? On what operating system?

1.5c and SVN trunk.

Please provide any additional information below.

The systems are on the same 100mb ethernet lan. Transferring the same file
and bypassing Honeyd takes 1 second (4.9MB/s). Transferring through Honeyd
proxy takes 32 seconds at 156 KB/s.

Original issue reported on code.google.com by pkwar...@gmail.com on 4 Jun 2009 at 1:57

GoogleCodeExporter commented 8 years ago 
Here is a patch that fixed the majority of the performance issues I was seeing 
with Honeyd. The primary problem I found was that out of order TCP packets are 
dropped instead of buffered.

This patch makes the following changes:
- Increases the default window and TCP buffer sizes.
- Buffers out of order packets instead of dropping them.
- Responds to keep alive packets with an ACK.
- Handles TCP packet checksums set to 0xffff.
- Sets checksums on packets received on lookback device to allow Honeyd to run 
on the loopback interface.
- Allows up to 8192 byte UDP packets (from 2048).

Original comment by pkwar...@gmail.com on 3 Sep 2010 at 9:42

Attachments: