- dtucker@cvs.openbsd.org 2010/01/09 23:04:13

     [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
     ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
     readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
     Remove RoutingDomain from ssh since it's now not needed.  It can be
     replaced with "route exec" or "nc -V" as a proxycommand.  "route exec"
     also ensures that trafic such as DNS lookups stays withing the specified
     routingdomain.  For example (from reyk):
     # route -T 2 exec /usr/sbin/sshd
     or inherited from the parent process
     $ route -T 2 exec sh
     $ ssh 10.1.2.3
     ok deraadt@ markus@ stevesk@ reyk@

19 files changed, 53 insertions, 167 deletions

diff --git a/ChangeLog b/ChangeLog
index e38cd5108..ca189f943 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,19 @@
 20091210
  - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]
    Remove hacks add for RoutingDomain in preparation for its removal.
+   - dtucker@cvs.openbsd.org 2010/01/09 23:04:13
+     [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
+     ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
+     readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
+     Remove RoutingDomain from ssh since it's now not needed.  It can be
+     replaced with "route exec" or "nc -V" as a proxycommand.  "route exec"
+     also ensures that trafic such as DNS lookups stays withing the specified
+     routingdomain.  For example (from reyk):
+     # route -T 2 exec /usr/sbin/sshd
+     or inherited from the parent process
+     $ route -T 2 exec sh
+     $ ssh 10.1.2.3
+     ok deraadt@ markus@ stevesk@ reyk@
 
 20091209
  - (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don't
diff --git a/channels.c b/channels.c
index 949392390..87dbe96d3 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.299 2009/11/11 21:37:03 markus Exp $ */
+/* $OpenBSD: channels.c,v 1.300 2010/01/09 23:04:13 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -163,9 +163,6 @@ static u_int x11_fake_data_len;
 /* AF_UNSPEC or AF_INET or AF_INET6 */
 static int IPv4or6 = AF_UNSPEC;
 
-/* Set the routing domain a.k.a. VRF */
-static int channel_rdomain = -1;
-
 /* helper */
 static void port_open_helper(Channel *c, char *rtype);
 
@@ -2466,12 +2463,6 @@ channel_set_af(int af)
         IPv4or6 = af;
 }
 
-void
-channel_set_rdomain(int rdomain)
-{
-        channel_rdomain = rdomain;
-}
-
 static int
 channel_setup_fwd_listener(int type, const char *listen_addr,
     u_short listen_port, int *allocated_listen_port,
@@ -2580,8 +2571,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr,
                         continue;
                 }
                 /* Create a port to listen for the host. */
-                sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
-                    ai->ai_protocol, channel_rdomain);
+                sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
                 if (sock < 0) {
                         /* this is no error since kernel may not support ipv6 */
                         verbose("socket: %.100s", strerror(errno));
@@ -2922,9 +2912,8 @@ connect_next(struct channel_connect *cctx)
                         error("connect_next: getnameinfo failed");
                         continue;
                 }
-                if ((sock = socket_rdomain(cctx->ai->ai_family,
-                    cctx->ai->ai_socktype, cctx->ai->ai_protocol,
-                    channel_rdomain)) == -1) {
+                if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype,
+                    cctx->ai->ai_protocol)) == -1) {
                         if (cctx->ai->ai_next == NULL)
                                 error("socket: %.100s", strerror(errno));
                         else
@@ -3110,8 +3099,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
                 for (ai = aitop; ai; ai = ai->ai_next) {
                         if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
                                 continue;
-                        sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
-                            ai->ai_protocol, channel_rdomain);
+                        sock = socket(ai->ai_family, ai->ai_socktype,
+                            ai->ai_protocol);
                         if (sock < 0) {
                                 if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) {
                                         error("socket: %.100s", strerror(errno));
@@ -3286,8 +3275,7 @@ x11_connect_display(void)
         }
         for (ai = aitop; ai; ai = ai->ai_next) {
                 /* Create a socket. */
-                sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
-                    ai->ai_protocol, channel_rdomain);
+                sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
                 if (sock < 0) {
                         debug2("socket: %.100s", strerror(errno));
                         continue;
diff --git a/channels.h b/channels.h
index 4dbeeb6e1..f65a311dc 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.100 2009/11/11 21:37:03 markus Exp $ */
+/* $OpenBSD: channels.h,v 1.101 2010/01/09 23:04:13 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -235,7 +235,6 @@ int	 channel_find_open(void);
 
 /* tcp forwarding */
 void     channel_set_af(int af);
-void     channel_set_rdomain(int);
 void     channel_permit_all_opens(void);
 void     channel_add_permitted_opens(char *, int);
 int      channel_add_adm_permitted_opens(char *, int);
diff --git a/misc.c b/misc.c
index 550b03cad..e1f723123 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.74 2009/12/25 19:40:21 stevesk Exp $ */
+/* $OpenBSD: misc.c,v 1.75 2010/01/09 23:04:13 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -151,43 +151,6 @@ set_nodelay(int fd)
                 error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
 }
 
-/* open a socket in the specified routing domain */
-int
-socket_rdomain(int domain, int type, int protocol, int rdomain)
-{
-        int sock, ipproto = IPPROTO_IP;
-
-        if ((sock = socket(domain, type, protocol)) == -1)
-                return (-1);
-
-        if (rdomain == -1)
-                return (sock);
-
-        switch (domain) {
-        case AF_INET6:
-                ipproto = IPPROTO_IPV6;
-                /* FALLTHROUGH */
-        case AF_INET:
-                debug2("socket %d af %d setting rdomain %d",
-                    sock, domain, rdomain);
-                if (setsockopt(sock, ipproto, SO_RDOMAIN, &rdomain,
-                    sizeof(rdomain)) == -1) {
-                        debug("setsockopt SO_RDOMAIN: %.100s",
-                            strerror(errno));
-                        close(sock);
-                        return (-1);
-                }
-                break;
-        default:
-                debug("socket %d af %d does not support rdomain %d",
-                    sock, domain, rdomain);
-                close(sock);
-                return (-1);
-        }
-
-        return (sock);
-}
-
 /* Characters considered whitespace in strsep calls. */
 #define WHITESPACE " \t\r\n"
 #define QUOTE   "\""
@@ -274,18 +237,6 @@ a2port(const char *s)
 }
 
 int
-a2rdomain(const char *s)
-{
-        long long rdomain;
-        const char *errstr;
-
-        rdomain = strtonum(s, 0, RT_TABLEID_MAX, &errstr);
-        if (errstr != NULL)
-                return -1;
-        return (int)rdomain;
-}
-
-int
 a2tun(const char *s, int *remote)
 {
         const char *errstr = NULL;
diff --git a/misc.h b/misc.h
index 1e859e255..32073acd4 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.40 2009/12/25 19:40:21 stevesk Exp $ */
+/* $OpenBSD: misc.h,v 1.41 2010/01/09 23:04:13 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -23,7 +23,6 @@ int	 set_nonblock(int);
 int      unset_nonblock(int);
 void     set_nodelay(int);
 int      a2port(const char *);
-int      a2rdomain(const char *);
 int      a2tun(const char *, int *);
 char    *put_host_port(const char *, u_short);
 char    *hpdelim(char **);
@@ -55,8 +54,6 @@ void	 freeargs(arglist *);
 
 int      tun_open(int, int);
 
-int      socket_rdomain(int, int, int, int);
-
 /* Common definitions for ssh tunnel device forwarding */
 #define SSH_TUNMODE_NO          0x00
 #define SSH_TUNMODE_POINTOPOINT 0x01
diff --git a/readconf.c b/readconf.c
index 40fe8f694..d424c1697 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.181 2009/12/29 16:38:41 stevesk Exp $ */
+/* $OpenBSD: readconf.c,v 1.182 2010/01/09 23:04:13 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -130,8 +130,8 @@ typedef enum {
         oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
         oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
         oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
-        oVisualHostKey, oUseRoaming, oRDomain,
-        oZeroKnowledgePasswordAuthentication, oDeprecated, oUnsupported
+        oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
+        oDeprecated, oUnsupported
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -229,7 +229,6 @@ static struct {
         { "permitlocalcommand", oPermitLocalCommand },
         { "visualhostkey", oVisualHostKey },
         { "useroaming", oUseRoaming },
-        { "routingdomain", oRDomain },
 #ifdef JPAKE
         { "zeroknowledgepasswordauthentication",
             oZeroKnowledgePasswordAuthentication },
@@ -920,19 +919,6 @@ parse_int:
                 intptr = &options->use_roaming;
                 goto parse_flag;
 
-        case oRDomain:
-                arg = strdelim(&s);
-                if (!arg || *arg == '\0')
-                        fatal("%.200s line %d: Missing argument.",
-                            filename, linenum);
-                value = a2rdomain(arg);
-                if (value == -1)
-                        fatal("%.200s line %d: Bad rdomain.",
-                            filename, linenum);
-                if (*activep)
-                        options->rdomain = value;
-                break;
-
         case oDeprecated:
                 debug("%s line %d: Deprecated option \"%s\"",
                     filename, linenum, keyword);
@@ -1083,7 +1069,6 @@ initialize_options(Options * options)
         options->local_command = NULL;
         options->permit_local_command = -1;
         options->use_roaming = -1;
-        options->rdomain = -1;
         options->visual_host_key = -1;
         options->zero_knowledge_password_authentication = -1;
 }
@@ -1232,7 +1217,6 @@ fill_default_options(Options * options)
         /* options->hostname will be set in the main program if appropriate */
         /* options->host_key_alias should not be set by default */
         /* options->preferred_authentications will be set in ssh */
-        /* options->rdomain should not be set by default */
 }
 
 /*
diff --git a/readconf.h b/readconf.h
index 6edc2eeda..f7c0b9c6d 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.80 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: readconf.h,v 1.81 2010/01/09 23:04:13 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -125,8 +125,6 @@ typedef struct {
 
         int     use_roaming;
 
-        int     rdomain;        /* routing domain a.k.a. VRF */
-
 }       Options;
 
 #define SSHCTL_MASTER_NO        0
diff --git a/scp.1 b/scp.1
index 1d1cad0b0..74ee5db13 100644
--- a/scp.1
+++ b/scp.1
@@ -9,9 +9,9 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.48 2009/12/29 16:38:41 stevesk Exp $
+.\" $OpenBSD: scp.1,v 1.49 2010/01/09 23:04:13 dtucker Exp $
 .\"
-.Dd $Mdocdate: December 29 2009 $
+.Dd $Mdocdate: January 9 2010 $
 .Dt SCP 1
 .Os
 .Sh NAME
@@ -160,7 +160,6 @@ For full details of the options listed below, and their possible values, see
 .It PubkeyAuthentication
 .It RekeyLimit
 .It RhostsRSAAuthentication
-.It RoutingDomain
 .It RSAAuthentication
 .It SendEnv
 .It ServerAliveInterval
diff --git a/servconf.c b/servconf.c
index 2cdc480e6..fc3e479bd 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.199 2009/12/29 16:38:41 stevesk Exp $ */
+/* $OpenBSD: servconf.c,v 1.200 2010/01/09 23:04:13 dtucker Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -128,7 +128,6 @@ initialize_server_options(ServerOptions *options)
         options->adm_forced_command = NULL;
         options->chroot_directory = NULL;
         options->zero_knowledge_password_authentication = -1;
-        options->rdomain = -1;
 }
 
 void
@@ -305,7 +304,7 @@ typedef enum {
         sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
         sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
         sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
-        sUsePrivilegeSeparation, sAllowAgentForwarding, sRDomain,
+        sUsePrivilegeSeparation, sAllowAgentForwarding,
         sZeroKnowledgePasswordAuthentication,
         sDeprecated, sUnsupported
 } ServerOpCodes;
@@ -424,7 +423,6 @@ static struct {
         { "match", sMatch, SSHCFG_ALL },
         { "permitopen", sPermitOpen, SSHCFG_ALL },
         { "forcecommand", sForceCommand, SSHCFG_ALL },
-        { "routingdomain", sRDomain, SSHCFG_GLOBAL },
         { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
         { NULL, sBadOption, 0 }
 };
@@ -1296,19 +1294,6 @@ process_server_config_line(ServerOptions *options, char *line,
                         *charptr = xstrdup(arg);
                 break;
 
-        case sRDomain:
-                intptr = &options->rdomain;
-                arg = strdelim(&cp);
-                if (!arg || *arg == '\0')
-                        fatal("%s line %d: missing rdomain value.",
-                            filename, linenum);
-                if ((value = a2rdomain(arg)) == -1)
-                        fatal("%s line %d: invalid rdomain value.",
-                            filename, linenum);
-                if (*intptr == -1)
-                        *intptr = value;
-                break;
-
         case sDeprecated:
                 logit("%s line %d: Deprecated option %s",
                     filename, linenum, arg);
@@ -1585,7 +1570,6 @@ dump_config(ServerOptions *o)
         dump_cfg_int(sMaxSessions, o->max_sessions);
         dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
         dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
-        dump_cfg_int(sRDomain, o->rdomain);
 
         /* formatted integer arguments */
         dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
diff --git a/servconf.h b/servconf.h
index 19c7ae609..25a3f1b21 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.88 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: servconf.h,v 1.89 2010/01/09 23:04:13 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -150,8 +150,6 @@ typedef struct {
 
         int     num_permitted_opens;
 
-        int     rdomain;
-
         char   *chroot_directory;
 }       ServerOptions;
 
diff --git a/sftp.1 b/sftp.1
index 81d87680d..3ec7a0234 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.79 2009/12/29 16:38:41 stevesk Exp $
+.\" $OpenBSD: sftp.1,v 1.80 2010/01/09 23:04:13 dtucker Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 29 2009 $
+.Dd $Mdocdate: January 9 2010 $
 .Dt SFTP 1
 .Os
 .Sh NAME
@@ -209,7 +209,6 @@ For full details of the options listed below, and their possible values, see
 .It PubkeyAuthentication
 .It RekeyLimit
 .It RhostsRSAAuthentication
-.It RoutingDomain
 .It RSAAuthentication
 .It SendEnv
 .It ServerAliveInterval
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index c9fb597ed..78255ff79 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keyscan.1,v 1.27 2009/10/28 16:38:18 reyk Exp $
+.\"     $OpenBSD: ssh-keyscan.1,v 1.28 2010/01/09 23:04:13 dtucker Exp $
 .\"
 .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
 .\"
@@ -6,7 +6,7 @@
 .\" permitted provided that due credit is given to the author and the
 .\" OpenBSD project by leaving this copyright notice intact.
 .\"
-.Dd $Mdocdate: October 28 2009 $
+.Dd $Mdocdate: January 9 2010 $
 .Dt SSH-KEYSCAN 1
 .Os
 .Sh NAME
@@ -20,7 +20,6 @@
 .Op Fl p Ar port
 .Op Fl T Ar timeout
 .Op Fl t Ar type
-.Op Fl V Ar rdomain
 .Op Ar host | addrlist namelist
 .Ar ...
 .Ek
@@ -96,8 +95,6 @@ for protocol version 2.
 Multiple values may be specified by separating them with commas.
 The default is
 .Dq rsa .
-.It Fl V Ar rdomain
-Set the routing domain.
 .It Fl v
 Verbose mode.
 Causes
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index faeb9e13e..7afe446ae 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.80 2009/12/25 19:40:21 stevesk Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.81 2010/01/09 23:04:13 dtucker Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -68,9 +68,6 @@ int timeout = 5;
 int maxfd;
 #define MAXCON (maxfd - 10)
 
-/* The default routing domain */
-int scan_rdomain = -1;
-
 extern char *__progname;
 fd_set *read_wait;
 size_t read_wait_nfdset;
@@ -415,8 +412,7 @@ tcpconnect(char *host)
         if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
                 fatal("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr));
         for (ai = aitop; ai; ai = ai->ai_next) {
-                s = socket_rdomain(ai->ai_family, ai->ai_socktype,
-                    ai->ai_protocol, scan_rdomain);
+                s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
                 if (s < 0) {
                         error("socket: %s", strerror(errno));
                         continue;
@@ -719,7 +715,7 @@ usage(void)
 {
         fprintf(stderr,
             "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n"
-            "\t\t   [-V rdomain] [host | addrlist namelist] ...\n",
+            "\t\t   [host | addrlist namelist] ...\n",
             __progname);
         exit(1);
 }
@@ -745,7 +741,7 @@ main(int argc, char **argv)
         if (argc <= 1)
                 usage();
 
-        while ((opt = getopt(argc, argv, "Hv46p:T:t:f:V:")) != -1) {
+        while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) {
                 switch (opt) {
                 case 'H':
                         hash_hosts = 1;
@@ -806,13 +802,6 @@ main(int argc, char **argv)
                 case '6':
                         IPv4or6 = AF_INET6;
                         break;
-                case 'V':
-                        scan_rdomain = a2rdomain(optarg);
-                        if (scan_rdomain == -1) {
-                                fprintf(stderr, "Bad rdomain '%s'\n", optarg);
-                                exit(1);
-                        }
-                        break;
                 case '?':
                 default:
                         usage();
diff --git a/ssh.1 b/ssh.1
index 2f6ef5fff..8b228fcdf 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.288 2009/12/29 16:38:41 stevesk Exp $
-.Dd $Mdocdate: December 29 2009 $
+.\" $OpenBSD: ssh.1,v 1.289 2010/01/09 23:04:13 dtucker Exp $
+.Dd $Mdocdate: January 9 2010 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -478,7 +478,6 @@ For full details of the options listed below, and their possible values, see
 .It RekeyLimit
 .It RemoteForward
 .It RhostsRSAAuthentication
-.It RoutingDomain
 .It RSAAuthentication
 .It SendEnv
 .It ServerAliveInterval
diff --git a/ssh.c b/ssh.c
index 6abf31b52..ee30e2b27 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.329 2009/12/20 07:28:36 guenther Exp $ */
+/* $OpenBSD: ssh.c,v 1.330 2010/01/09 23:04:13 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -630,7 +630,6 @@ main(int ac, char **av)
         fill_default_options(&options);
 
         channel_set_af(options.address_family);
-        channel_set_rdomain(options.rdomain);
 
         /* reinit */
         log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog);
diff --git a/ssh_config.5 b/ssh_config.5
index 3ffc469c2..01f5f4304 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.125 2009/12/29 18:03:32 jmc Exp $
-.Dd $Mdocdate: December 29 2009 $
+.\" $OpenBSD: ssh_config.5,v 1.126 2010/01/09 23:04:13 dtucker Exp $
+.Dd $Mdocdate: January 9 2010 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -857,9 +857,6 @@ The default is
 This option applies to protocol version 1 only and requires
 .Xr ssh 1
 to be setuid root.
-.It Cm RoutingDomain
-Set the routing domain number.
-The default routing domain is set by the system.
 .It Cm RSAAuthentication
 Specifies whether to try RSA authentication.
 The argument to this keyword must be
diff --git a/sshconnect.c b/sshconnect.c
index 3c8308ffb..5cfc3c16a 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.216 2009/11/10 04:30:45 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.217 2010/01/09 23:04:13 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -191,8 +191,7 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
                         debug("Allocated local port %d.", p);
                 return sock;
         }
-        sock = socket_rdomain(ai->ai_family, ai->ai_socktype, ai->ai_protocol,
-            options.rdomain);
+        sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
         if (sock < 0) {
                 error("socket: %.100s", strerror(errno));
                 return -1;
diff --git a/sshd.c b/sshd.c
index bdaf1574a..4e34f2439 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.369 2010/01/09 11:17:56 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.370 2010/01/09 23:04:13 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -961,8 +961,8 @@ server_listen(void)
                         continue;
                 }
                 /* Create socket for listening. */
-                listen_sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
-                    ai->ai_protocol, options.rdomain);
+                listen_sock = socket(ai->ai_family, ai->ai_socktype,
+                    ai->ai_protocol);
                 if (listen_sock < 0) {
                         /* kernel may not support ipv6 */
                         verbose("socket: %.100s", strerror(errno));
@@ -1470,9 +1470,8 @@ main(int ac, char **av)
         if (options.challenge_response_authentication)
                 options.kbd_interactive_authentication = 1;
 
-        /* set default channel AF and routing domain */
+        /* set default channel AF */
         channel_set_af(options.address_family);
-        channel_set_rdomain(options.rdomain);
 
         /* Check that there are no remaining arguments. */
         if (optind < ac) {
diff --git a/sshd_config.5 b/sshd_config.5
index a3326447f..bf3319c4d 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.115 2009/12/29 18:03:32 jmc Exp $
-.Dd $Mdocdate: December 29 2009 $
+.\" $OpenBSD: sshd_config.5,v 1.116 2010/01/09 23:04:13 dtucker Exp $
+.Dd $Mdocdate: January 9 2010 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -812,9 +812,6 @@ with successful RSA host authentication is allowed.
 The default is
 .Dq no .
 This option applies to protocol version 1 only.
-.It Cm RoutingDomain
-Set the routing domain number.
-The default routing domain is set by the system.
 .It Cm RSAAuthentication
 Specifies whether pure RSA authentication is allowed.
 The default is