diff options
author | Darren Tucker <dtucker@zip.com.au> | 2008-06-13 04:53:27 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2008-06-13 04:53:27 +1000 |
commit | e5d98290a6bff2352c47bb54b769a605f0794d5d (patch) | |
tree | ffb3e5f7c023dfb31f7006b4d64968cadfc7ec51 /PROTOCOL | |
parent | d6173c0bd7acf5880640bb3a89cf19cb5d4e092d (diff) |
- djm@cvs.openbsd.org 2008/06/12 05:15:41
[PROTOCOL]
document tun@openssh.com forwarding method
Diffstat (limited to 'PROTOCOL')
-rw-r--r-- | PROTOCOL | 72 |
1 files changed, 66 insertions, 6 deletions
@@ -84,7 +84,68 @@ connection. | |||
84 | Note that this is not a general defence against compromised clients | 84 | Note that this is not a general defence against compromised clients |
85 | (that is impossible), but it thwarts a simple attack. | 85 | (that is impossible), but it thwarts a simple attack. |
86 | 86 | ||
87 | 5. sftp: Reversal of arguments to SSH_FXP_SYMLINK | 87 | 5. connection: Tunnel forward extension "tun@openssh.com" |
88 | |||
89 | OpenSSH supports layer 2 and layer 3 tunneling via the "tun@openssh.com" | ||
90 | channel type. This channel type supports forwarding of network packets | ||
91 | with datagram boundaries entact between endpoints equipped with | ||
92 | interfaces like the BSD tun(4) device. Tunnel forwarding channels are | ||
93 | requested by the client with the following packet: | ||
94 | |||
95 | byte SSH_MSG_CHANNEL_OPEN | ||
96 | string "tun@openssh.com" | ||
97 | uint32 sender channel | ||
98 | uint32 initial window size | ||
99 | uint32 maximum packet size | ||
100 | uint32 tunnel mode | ||
101 | uint32 remote unit number | ||
102 | |||
103 | The "tunnel mode" parameter specifies whether the tunnel should forward | ||
104 | layer 2 frames or layer 3 packets. It may take one of the following values: | ||
105 | |||
106 | SSH_TUNMODE_POINTOPOINT 1 /* layer 3 packets */ | ||
107 | SSH_TUNMODE_ETHERNET 2 /* layer 2 frames */ | ||
108 | |||
109 | The "tunnel unit number" specifies the remote interface number, or may | ||
110 | be zero to allow the server to automatically chose an interface. A server | ||
111 | that is not willing to open a client-specified unit should refuse the | ||
112 | request with a SSH_MSG_CHANNEL_OPEN_FAILURE error. On successful open, | ||
113 | the server should reply with SSH_MSG_CHANNEL_OPEN_SUCCESS. | ||
114 | |||
115 | Once established the client and server may exchange packet or frames | ||
116 | over the tunnel channel by encapsulating them in SSH protocol strings | ||
117 | and sending them as channel data. This ensures that packet boundaries | ||
118 | are kept intact. Specifically, packets are transmitted using normal | ||
119 | SSH_MSG_CHANNEL_DATA packets: | ||
120 | |||
121 | byte SSH_MSG_CHANNEL_DATA | ||
122 | uint32 recipient channel | ||
123 | string data | ||
124 | |||
125 | The contents of the "data" field for layer 3 packets is: | ||
126 | |||
127 | uint32 packet length | ||
128 | uint32 address family | ||
129 | byte[packet length - 4] packet data | ||
130 | |||
131 | The "address family" field identifies the type of packet in the message. | ||
132 | It may be one of: | ||
133 | |||
134 | SSH_TUN_AF_INET 2 /* IPv4 */ | ||
135 | SSH_TUN_AF_INET6 24 /* IPv6 */ | ||
136 | |||
137 | The "packet data" field consists of the IPv4/IPv6 datagram itself | ||
138 | without any link layer header. | ||
139 | |||
140 | The contents of the "data" field for layer 3 packets is: | ||
141 | |||
142 | uint32 packet length | ||
143 | byte[packet length] frame | ||
144 | |||
145 | The "frame" field contains an IEEE 802.3 ethernet frame, including | ||
146 | header. | ||
147 | |||
148 | 6. sftp: Reversal of arguments to SSH_FXP_SYMLINK | ||
88 | 149 | ||
89 | When OpenSSH's sftp-server was implemented, the order of the arguments | 150 | When OpenSSH's sftp-server was implemented, the order of the arguments |
90 | to the SSH_FXP_SYMLINK method was inadvertendly reversed. Unfortunately, | 151 | to the SSH_FXP_SYMLINK method was inadvertendly reversed. Unfortunately, |
@@ -97,7 +158,7 @@ SSH_FXP_SYMLINK as follows: | |||
97 | string targetpath | 158 | string targetpath |
98 | string linkpath | 159 | string linkpath |
99 | 160 | ||
100 | 6. sftp: Server extension announcement in SSH_FXP_VERSION | 161 | 7. sftp: Server extension announcement in SSH_FXP_VERSION |
101 | 162 | ||
102 | OpenSSH's sftp-server lists the extensions it supports using the | 163 | OpenSSH's sftp-server lists the extensions it supports using the |
103 | standard extension announcement mechanism in the SSH_FXP_VERSION server | 164 | standard extension announcement mechanism in the SSH_FXP_VERSION server |
@@ -118,7 +179,7 @@ ever changed in an incompatible way. The server MAY advertise the same | |||
118 | extension with multiple versions (though this is unlikely). Clients MUST | 179 | extension with multiple versions (though this is unlikely). Clients MUST |
119 | check the version number before attemping to use the extension. | 180 | check the version number before attemping to use the extension. |
120 | 181 | ||
121 | 7. sftp: Extension request "posix-rename@openssh.com" | 182 | 8. sftp: Extension request "posix-rename@openssh.com" |
122 | 183 | ||
123 | This operation provides a rename operation with POSIX semantics, which | 184 | This operation provides a rename operation with POSIX semantics, which |
124 | are different to those provided by the standard SSH_FXP_RENAME in | 185 | are different to those provided by the standard SSH_FXP_RENAME in |
@@ -135,7 +196,7 @@ rename(oldpath, newpath) and will respond with a SSH_FXP_STATUS message. | |||
135 | This extension is advertised in the SSH_FXP_VERSION hello with version | 196 | This extension is advertised in the SSH_FXP_VERSION hello with version |
136 | "1". | 197 | "1". |
137 | 198 | ||
138 | 8. sftp: Extension requests "statvfs@openssh.com" and | 199 | 9. sftp: Extension requests "statvfs@openssh.com" and |
139 | "fstatvfs@openssh.com" | 200 | "fstatvfs@openssh.com" |
140 | 201 | ||
141 | These requests correspond to the statvfs and fstatvfs POSIX system | 202 | These requests correspond to the statvfs and fstatvfs POSIX system |
@@ -176,5 +237,4 @@ The values of the f_flag bitmask are as follows: | |||
176 | This extension is advertised in the SSH_FXP_VERSION hello with version | 237 | This extension is advertised in the SSH_FXP_VERSION hello with version |
177 | "2". | 238 | "2". |
178 | 239 | ||
179 | $OpenBSD: PROTOCOL,v 1.6 2008/06/10 22:15:23 djm Exp $ | 240 | $OpenBSD: PROTOCOL,v 1.7 2008/06/12 05:15:41 djm Exp $ |
180 | |||