summaryrefslogtreecommitdiff
path: root/channels.c
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2010-01-10 10:31:12 +1100
committerDarren Tucker <dtucker@zip.com.au>2010-01-10 10:31:12 +1100
commit7bd98e7f74ebd8bd32157b607acedcb68201b7de (patch)
treeb62a62fcc4def0b22e48f6dde5e414a77e4d2244 /channels.c
parent8c65f646a93ed2f61da65ba0ecf65a99bd585b79 (diff)
- dtucker@cvs.openbsd.org 2010/01/09 23:04:13
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c readconf.h scp.1 sftp.1 ssh_config.5 misc.h] Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
Diffstat (limited to 'channels.c')
-rw-r--r--channels.c26
1 files changed, 7 insertions, 19 deletions
diff --git a/channels.c b/channels.c
index 949392390..87dbe96d3 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.c,v 1.299 2009/11/11 21:37:03 markus Exp $ */ 1/* $OpenBSD: channels.c,v 1.300 2010/01/09 23:04:13 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -163,9 +163,6 @@ static u_int x11_fake_data_len;
163/* AF_UNSPEC or AF_INET or AF_INET6 */ 163/* AF_UNSPEC or AF_INET or AF_INET6 */
164static int IPv4or6 = AF_UNSPEC; 164static int IPv4or6 = AF_UNSPEC;
165 165
166/* Set the routing domain a.k.a. VRF */
167static int channel_rdomain = -1;
168
169/* helper */ 166/* helper */
170static void port_open_helper(Channel *c, char *rtype); 167static void port_open_helper(Channel *c, char *rtype);
171 168
@@ -2466,12 +2463,6 @@ channel_set_af(int af)
2466 IPv4or6 = af; 2463 IPv4or6 = af;
2467} 2464}
2468 2465
2469void
2470channel_set_rdomain(int rdomain)
2471{
2472 channel_rdomain = rdomain;
2473}
2474
2475static int 2466static int
2476channel_setup_fwd_listener(int type, const char *listen_addr, 2467channel_setup_fwd_listener(int type, const char *listen_addr,
2477 u_short listen_port, int *allocated_listen_port, 2468 u_short listen_port, int *allocated_listen_port,
@@ -2580,8 +2571,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr,
2580 continue; 2571 continue;
2581 } 2572 }
2582 /* Create a port to listen for the host. */ 2573 /* Create a port to listen for the host. */
2583 sock = socket_rdomain(ai->ai_family, ai->ai_socktype, 2574 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2584 ai->ai_protocol, channel_rdomain);
2585 if (sock < 0) { 2575 if (sock < 0) {
2586 /* this is no error since kernel may not support ipv6 */ 2576 /* this is no error since kernel may not support ipv6 */
2587 verbose("socket: %.100s", strerror(errno)); 2577 verbose("socket: %.100s", strerror(errno));
@@ -2922,9 +2912,8 @@ connect_next(struct channel_connect *cctx)
2922 error("connect_next: getnameinfo failed"); 2912 error("connect_next: getnameinfo failed");
2923 continue; 2913 continue;
2924 } 2914 }
2925 if ((sock = socket_rdomain(cctx->ai->ai_family, 2915 if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype,
2926 cctx->ai->ai_socktype, cctx->ai->ai_protocol, 2916 cctx->ai->ai_protocol)) == -1) {
2927 channel_rdomain)) == -1) {
2928 if (cctx->ai->ai_next == NULL) 2917 if (cctx->ai->ai_next == NULL)
2929 error("socket: %.100s", strerror(errno)); 2918 error("socket: %.100s", strerror(errno));
2930 else 2919 else
@@ -3110,8 +3099,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
3110 for (ai = aitop; ai; ai = ai->ai_next) { 3099 for (ai = aitop; ai; ai = ai->ai_next) {
3111 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 3100 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
3112 continue; 3101 continue;
3113 sock = socket_rdomain(ai->ai_family, ai->ai_socktype, 3102 sock = socket(ai->ai_family, ai->ai_socktype,
3114 ai->ai_protocol, channel_rdomain); 3103 ai->ai_protocol);
3115 if (sock < 0) { 3104 if (sock < 0) {
3116 if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) { 3105 if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) {
3117 error("socket: %.100s", strerror(errno)); 3106 error("socket: %.100s", strerror(errno));
@@ -3286,8 +3275,7 @@ x11_connect_display(void)
3286 } 3275 }
3287 for (ai = aitop; ai; ai = ai->ai_next) { 3276 for (ai = aitop; ai; ai = ai->ai_next) {
3288 /* Create a socket. */ 3277 /* Create a socket. */
3289 sock = socket_rdomain(ai->ai_family, ai->ai_socktype, 3278 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
3290 ai->ai_protocol, channel_rdomain);
3291 if (sock < 0) { 3279 if (sock < 0) {
3292 debug2("socket: %.100s", strerror(errno)); 3280 debug2("socket: %.100s", strerror(errno));
3293 continue; 3281 continue;