- stevesk@cvs.openbsd.org 2001/08/29 23:13:10

     [ssh.1 ssh.c]
     document -D and DynamicForward; ok markus

3 files changed, 32 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 5316a52f5..4855b0eaa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -49,6 +49,9 @@
    - stevesk@cvs.openbsd.org 2001/08/29 23:02:21
      [sshd.8]
      add text about -u0 preventing DNS requests; ok markus@
+   - stevesk@cvs.openbsd.org 2001/08/29 23:13:10
+     [ssh.1 ssh.c]
+     document -D and DynamicForward; ok markus@
 
 20010815
  - (bal) Fixed stray code in readconf.c that went in by mistake.
@@ -6372,4 +6375,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1499 2001/09/12 17:51:55 mouring Exp $
+$Id: ChangeLog,v 1.1500 2001/09/12 17:54:24 mouring Exp $
diff --git a/ssh.1 b/ssh.1
index 02c6ce6f9..dfd38a6b8 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.132 2001/08/28 15:39:48 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.133 2001/08/29 23:13:11 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -606,6 +606,20 @@ Privileged ports can be forwarded only when
 logging in as root on the remote machine.
 IPv6 addresses can be specified with an alternative syntax:
 .Ar port/host/hostport
+.It Fl D Ar port
+Specifies a local
+.Dq dynamic
+application-level port forwarding.
+This works by allocating a socket to listen to
+.Ar port
+on the local side, and whenever a connection is made to this port, the
+connection is forwarded over the secure channel, and the application
+protocol is then used to determine where to connect to from the
+remote machine.  Currently the SOCKS4 protocol is supported, and
+.Nm
+will act as a SOCKS4 server.
+Only root can forward privileged ports.
+Dynamic port forwardings can also be specified in the configuration file.
 .It Fl 1
 Forces
 .Nm
@@ -773,6 +787,17 @@ back to rsh or exiting.
 The argument must be an integer.
 This may be useful in scripts if the connection sometimes fails.
 The default is 1.
+.It Cm DynamicForward
+Specifies that a TCP/IP port on the local machine be forwarded
+over the secure channel, and the application
+protocol is then used to determine where to connect to from the
+remote machine.  The argument must be a port number.
+Currently the SOCKS4 protocol is supported, and
+.Nm
+will act as a SOCKS4 server.
+Multiple forwardings may be specified, and
+additional forwardings can be given on the command line.  Only
+the superuser can forward privileged ports.
 .It Cm EscapeChar
 Sets the escape character (default:
 .Ql ~ ) .
diff --git a/ssh.c b/ssh.c
index e20758785..4fcaaeae5 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.139 2001/08/28 15:39:48 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.140 2001/08/29 23:13:10 stevesk Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -194,6 +194,7 @@ usage(void)
         fprintf(stderr, "  -R listen-port:host:port   Forward remote port to local address\n");
         fprintf(stderr, "              These cause %s to listen for connections on a port, and\n", __progname);
         fprintf(stderr, "              forward them to the other side by connecting to host:port.\n");
+        fprintf(stderr, "  -D port     Enable dynamic application-level port forwarding.\n");
         fprintf(stderr, "  -C          Enable compression.\n");
         fprintf(stderr, "  -N          Do not execute a shell or command.\n");
         fprintf(stderr, "  -g          Allow remote hosts to connect to forwarded ports.\n");