85a827d1bc
The default channel window size used until now was 256KB. This value is too small and results on a bottleneck on real-life networks where round-trip delays can easily reach 300ms. The issue was not visible because the configured channel window size was being ignored and a hard-coded value of ~22MB being used instead, but that was fixed on a previous commit. This patch just changes the default window size (LIBSSH2_CHANNEL_WINDOW_DEFAULT) to 2MB. It is the same value used by OpenSSH and in our opinion represents a good compromise between memory used and transfer speed. Performance tests were run to determine the optimum value. The details and related discussion are available from the following thread on the libssh2 mailing-list: http://www.libssh2.org/mail/libssh2-devel-archive-2013-10/0018.shtml http://article.gmane.org/gmane.network.ssh.libssh2.devel/6543 An excerpt follows: "I have been running some transfer test and measuring their speed. My setup was composed of a quad-core Linux machine running Ubuntu 13.10 x86_64 with a LXC container inside. The data transfers were performed from the container to the host (never crossing through a physical network device). Network delays were simulated using the tc tool. And ping was used to verify that they worked as intended during the tests. The operation performed was the equivalent to the following ssh command: $ ssh container "dd bs=16K count=8K if=/dev/zero" >/dev/null Though, establishment and closing of the SSH connection was excluded from the timings. I run the tests several times transferring files of sizes up to 128MB and the results were consistent between runs. The results corresponding to the 128MB transfer are available here: https://docs.google.com/spreadsheet/ccc?key=0Ao1yRmX6PQQzdG5wSFlrZl9HRWNET3ZyN0hnaGo5ZFE&usp=sharing It clearly shows that 256KB is too small as the default window size. Moving to a 512MB generates a great improvement and after the 1MB mark the returns rapidly diminish. Other factors (TCP window size, probably) become more limiting than the channel window size For comparison I also performed the same transfers using OpenSSH. Its speed is usually on par with that of libssh2 using a window size of 1MB (even if it uses a 2MB window, maybe it is less aggressive sending the window adjust msgs)." Signed-off-by: Salvador Fandino <sfandino@yahoo.com>
libssh2 - SSH2 library ====================== libssh2 is a library implementing the SSH2 protocol, available under the revised BSD license. Web site: http://www.libssh2.org/ Mailing list: http://cool.haxx.se/mailman/listinfo/libssh2-devel Generic installation instructions are in INSTALL. Some ./configure options deserve additional comments: * --enable-crypt-none The SSH2 Transport allows for unencrypted data transmission using the "none" cipher. Because this is such a huge security hole, it is typically disabled on SSH2 implementations and is disabled in libssh2 by default as well. Enabling this option will allow for "none" as a negotiable method, however it still requires that the method be advertized by the remote end and that no more-preferable methods are available. * --enable-mac-none The SSH2 Transport also allows implementations to forego a message authentication code. While this is less of a security risk than using a "none" cipher, it is still not recommended as disabling MAC hashes removes a layer of security. Enabling this option will allow for "none" as a negotiable method, however it still requires that the method be advertized by the remote end and that no more-preferable methods are available. * --disable-gex-new The diffie-hellman-group-exchange-sha1 (dh-gex) key exchange method originally defined an exchange negotiation using packet type 30 to request a generation pair based on a single target value. Later refinement of dh-gex provided for range and target values. By default libssh2 will use the newer range method. If you experience trouble connecting to an old SSH server using dh-gex, try this option to fallback on the older more reliable method. * --with-libgcrypt * --without-libgcrypt * --with-libgcrypt-prefix=DIR libssh2 can use the Libgcrypt library (http://www.gnupg.org/) for cryptographic operations. Either Libgcrypt or OpenSSL is required. Configure will attempt to locate Libgcrypt automatically. If your installation of Libgcrypt is in another location, specify it using --with-libgcrypt-prefix. * --with-openssl * --without-openssl * --with-libssl-prefix=[DIR] libssh2 can use the OpenSSL library (http://www.openssl.org) for cryptographic operations. Either Libgcrypt or OpenSSL is required. Configure will attempt to locate OpenSSL in the default location. If your installation of OpenSSL is in another location, specify it using --with-libssl-prefix. * --with-libz * --without-libz * --with-libz-prefix=[DIR] If present, libssh2 will attempt to use the zlib (http://www.zlib.org) for payload compression, however zlib is not required. If your installation of Libz is in another location, specify it using --with-libz-prefix. * --enable-debug Will make the build use more pedantic and strict compiler options as well as enable the libssh2_trace() function (for showing debug traces).