New system for tracking data-limit-based rekeys.

I've removed the encrypted_len fields from PktIn and PktOut, which
were used to communicate from the BPP to ssh.c how much each packet
contributed to the amount of data encrypted with a given set of cipher
keys. It seems more sensible to have the BPP itself keep that counter
- especially since only one of the three BPPs even needs to count it
at all. So now there's a new DataTransferStats structure which the BPP
updates, and ssh.c only needs to check it for overflow and reset the
limits.

ssh2bpp.c

@@ -24,6 +24,7 @@ struct ssh2_bpp_state {
     unsigned char *data;
     unsigned cipherblk;
     PktIn *pktin;
+    struct DataTransferStats *stats;
 
     struct ssh2_bpp_direction in, out;
     /* comp and decomp logically belong in the per-direction
@@ -48,11 +49,12 @@ const struct BinaryPacketProtocolVtable ssh2_bpp_vtable = {
     ssh2_bpp_format_packet,
 };
 
-BinaryPacketProtocol *ssh2_bpp_new(void)
+BinaryPacketProtocol *ssh2_bpp_new(struct DataTransferStats *stats)
 {
     struct ssh2_bpp_state *s = snew(struct ssh2_bpp_state);
     memset(s, 0, sizeof(*s));
     s->bpp.vt = &ssh2_bpp_vtable;
+    s->stats = stats;
     return &s->bpp;
 }
 
@@ -407,7 +409,8 @@ static void ssh2_bpp_handle_input(BinaryPacketProtocol *bpp)
         s->payload = s->len - s->pad - 1;
 
         s->length = s->payload + 5;
-        s->pktin->encrypted_len = s->packetlen;
+
+        DTS_CONSUME(s->stats, in, s->packetlen);
 
         s->pktin->sequence = s->in.sequence++;
 
@@ -601,7 +604,8 @@ static void ssh2_bpp_format_packet_inner(struct ssh2_bpp_state *s, PktOut *pkt)
     }
 
     s->out.sequence++;       /* whether or not we MACed */
-    pkt->encrypted_len = origlen + padding;
+
+    DTS_CONSUME(s->stats, out, origlen + padding);
 
 }