- stevesk@cvs.openbsd.org 2006/07/02 17:12:58

     [ssh.1 ssh.c ssh_config.5 sshd_config.5]
     more details and clarity for tun(4) device forwarding; ok and help
     jmc@

5 files changed, 72 insertions, 29 deletions

diff --git a/ChangeLog b/ChangeLog
index 4a3ee6670..f31d44bcd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,10 @@
      [clientloop.c]
      mention optional bind_address in runtime port forwarding setup
      command-line help. patch from santhi.amirta AT gmail.com
+   - stevesk@cvs.openbsd.org 2006/07/02 17:12:58
+     [ssh.1 ssh.c ssh_config.5 sshd_config.5]
+     more details and clarity for tun(4) device forwarding; ok and help
+     jmc@
 
 20060706
  - (dtucker) [configure.ac] Try AIX blibpath test in different order when
@@ -4741,4 +4745,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4361 2006/07/10 10:16:12 djm Exp $
+$Id: ChangeLog,v 1.4362 2006/07/10 10:16:27 djm Exp $
diff --git a/ssh.1 b/ssh.1
index 874a5d2fe..4067a9362 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.260 2006/05/29 16:13:23 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.261 2006/07/02 17:12:58 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -78,7 +78,8 @@
 .Oc
 .Op Fl S Ar ctl_path
 .Bk -words
-.Op Fl w Ar tunnel : Ns Ar tunnel
+.Oo Fl w Ar local_tun Ns
+.Op : Ns Ar remote_tun Oc
 .Oo Ar user Ns @ Oc Ns Ar hostname
 .Op Ar command
 .Ek
@@ -588,24 +589,35 @@ Multiple
 .Fl v
 options increase the verbosity.
 The maximum is 3.
-.It Fl w Ar tunnel : Ns Ar tunnel
-Requests a
+.It Fl w Xo
+.Ar local_tun Ns Op : Ns Ar remote_tun
+.Xc
+Requests
+tunnel
+device forwarding with the specified
 .Xr tun 4
-device on the client
-(first
-.Ar tunnel
-arg)
-and server
-(second
-.Ar tunnel
-arg).
+devices between the client
+.Pq Ar local_tun
+and the server
+.Pq Ar remote_tun .
+.Pp
 The devices may be specified by numerical ID or the keyword
 .Dq any ,
 which uses the next available tunnel device.
+If
+.Ar remote_tun
+is not specified, it defaults to
+.Dq any .
 See also the
 .Cm Tunnel
-directive in
+and
+.Cm TunnelDevice
+directives in
 .Xr ssh_config 5 .
+If the
+.Cm Tunnel
+directive is unset, it is set to the default tunnel mode, which is
+.Dq point-to-point .
 .It Fl X
 Enables X11 forwarding.
 This can also be specified on a per-host basis in a configuration file.
diff --git a/ssh.c b/ssh.c
index 01303dc97..9d50e42fd 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.276 2006/04/25 08:02:27 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.277 2006/07/02 17:12:58 stevesk Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -176,7 +176,7 @@ usage(void)
 "           [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
 "           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
 "           [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"
-"           [-w tunnel:tunnel] [user@]hostname [command]\n"
+"           [-w local_tun[:remote_tun]] [user@]hostname [command]\n"
         );
         exit(255);
 }
diff --git a/ssh_config.5 b/ssh_config.5
index 0d40fd63e..68ec311b2 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.94 2006/05/29 16:10:03 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.95 2006/07/02 17:12:58 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -931,24 +931,44 @@ This is important in scripts, and many users want it too.
 To disable TCP keepalive messages, the value should be set to
 .Dq no .
 .It Cm Tunnel
-Request starting
+Request
 .Xr tun 4
 device forwarding between the client and the server.
-This option also allows requesting layer 2 (ethernet)
-instead of layer 3 (point-to-point) tunneling from the server.
 The argument must be
 .Dq yes ,
-.Dq point-to-point ,
-.Dq ethernet ,
+.Dq point-to-point
+(layer 3),
+.Dq ethernet
+(layer 2),
 or
 .Dq no .
+Specifying
+.Dq yes
+requests the default tunnel mode, which is
+.Dq point-to-point .
 The default is
 .Dq no .
 .It Cm TunnelDevice
-Force a specified
+Specifies the
 .Xr tun 4
-device on the client.
-Without this option, the next available device will be used.
+devices to open on the client
+.Pq Ar local_tun
+and the server
+.Pq Ar remote_tun .
+.Pp
+The argument must be
+.Sm off
+.Ar local_tun Op : Ar remote_tun .
+.Sm on
+The devices may be specified by numerical ID or the keyword
+.Dq any ,
+which uses the next available tunnel device.
+If
+.Ar remote_tun
+is not specified, it defaults to
+.Dq any .
+The default is
+.Dq any:any .
 .It Cm UsePrivilegedPort
 Specifies whether to use a privileged port for outgoing connections.
 The argument must be
diff --git a/sshd_config.5 b/sshd_config.5
index aad28f4c8..836add94f 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.57 2006/03/14 16:32:48 markus Exp $
+.\" $OpenBSD: sshd_config.5,v 1.58 2006/07/02 17:12:58 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -537,10 +537,17 @@ Specifies whether
 device forwarding is allowed.
 The argument must be
 .Dq yes ,
-.Dq point-to-point ,
-.Dq ethernet ,
-or
+.Dq point-to-point
+(layer 3),
+.Dq ethernet
+(layer 2), or
 .Dq no .
+Specifying
+.Dq yes
+permits both
+.Dq point-to-point
+and
+.Dq ethernet .
 The default is
 .Dq no .
 .It Cm PermitUserEnvironment