diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2010-01-10 10:31:12 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2010-01-10 10:31:12 +1100 |
| commit | 7bd98e7f74ebd8bd32157b607acedcb68201b7de (patch) | |
| tree | b62a62fcc4def0b22e48f6dde5e414a77e4d2244 /channels.c | |
| parent | 8c65f646a93ed2f61da65ba0ecf65a99bd585b79 (diff) | |
- dtucker@cvs.openbsd.org 2010/01/09 23:04:13
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
Remove RoutingDomain from ssh since it's now not needed. It can be
replaced with "route exec" or "nc -V" as a proxycommand. "route exec"
also ensures that trafic such as DNS lookups stays withing the specified
routingdomain. For example (from reyk):
# route -T 2 exec /usr/sbin/sshd
or inherited from the parent process
$ route -T 2 exec sh
$ ssh 10.1.2.3
ok deraadt@ markus@ stevesk@ reyk@
Diffstat (limited to 'channels.c')
| -rw-r--r-- | channels.c | 26 |
1 files changed, 7 insertions, 19 deletions
diff --git a/channels.c b/channels.c index 949392390..87dbe96d3 100644 --- a/channels.c +++ b/channels.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: channels.c,v 1.299 2009/11/11 21:37:03 markus Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.300 2010/01/09 23:04:13 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -163,9 +163,6 @@ static u_int x11_fake_data_len; | |||
| 163 | /* AF_UNSPEC or AF_INET or AF_INET6 */ | 163 | /* AF_UNSPEC or AF_INET or AF_INET6 */ |
| 164 | static int IPv4or6 = AF_UNSPEC; | 164 | static int IPv4or6 = AF_UNSPEC; |
| 165 | 165 | ||
| 166 | /* Set the routing domain a.k.a. VRF */ | ||
| 167 | static int channel_rdomain = -1; | ||
| 168 | |||
| 169 | /* helper */ | 166 | /* helper */ |
| 170 | static void port_open_helper(Channel *c, char *rtype); | 167 | static void port_open_helper(Channel *c, char *rtype); |
| 171 | 168 | ||
| @@ -2466,12 +2463,6 @@ channel_set_af(int af) | |||
| 2466 | IPv4or6 = af; | 2463 | IPv4or6 = af; |
| 2467 | } | 2464 | } |
| 2468 | 2465 | ||
| 2469 | void | ||
| 2470 | channel_set_rdomain(int rdomain) | ||
| 2471 | { | ||
| 2472 | channel_rdomain = rdomain; | ||
| 2473 | } | ||
| 2474 | |||
| 2475 | static int | 2466 | static int |
| 2476 | channel_setup_fwd_listener(int type, const char *listen_addr, | 2467 | channel_setup_fwd_listener(int type, const char *listen_addr, |
| 2477 | u_short listen_port, int *allocated_listen_port, | 2468 | u_short listen_port, int *allocated_listen_port, |
| @@ -2580,8 +2571,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, | |||
| 2580 | continue; | 2571 | continue; |
| 2581 | } | 2572 | } |
| 2582 | /* Create a port to listen for the host. */ | 2573 | /* Create a port to listen for the host. */ |
| 2583 | sock = socket_rdomain(ai->ai_family, ai->ai_socktype, | 2574 | sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); |
| 2584 | ai->ai_protocol, channel_rdomain); | ||
| 2585 | if (sock < 0) { | 2575 | if (sock < 0) { |
| 2586 | /* this is no error since kernel may not support ipv6 */ | 2576 | /* this is no error since kernel may not support ipv6 */ |
| 2587 | verbose("socket: %.100s", strerror(errno)); | 2577 | verbose("socket: %.100s", strerror(errno)); |
| @@ -2922,9 +2912,8 @@ connect_next(struct channel_connect *cctx) | |||
| 2922 | error("connect_next: getnameinfo failed"); | 2912 | error("connect_next: getnameinfo failed"); |
| 2923 | continue; | 2913 | continue; |
| 2924 | } | 2914 | } |
| 2925 | if ((sock = socket_rdomain(cctx->ai->ai_family, | 2915 | if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype, |
| 2926 | cctx->ai->ai_socktype, cctx->ai->ai_protocol, | 2916 | cctx->ai->ai_protocol)) == -1) { |
| 2927 | channel_rdomain)) == -1) { | ||
| 2928 | if (cctx->ai->ai_next == NULL) | 2917 | if (cctx->ai->ai_next == NULL) |
| 2929 | error("socket: %.100s", strerror(errno)); | 2918 | error("socket: %.100s", strerror(errno)); |
| 2930 | else | 2919 | else |
| @@ -3110,8 +3099,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, | |||
| 3110 | for (ai = aitop; ai; ai = ai->ai_next) { | 3099 | for (ai = aitop; ai; ai = ai->ai_next) { |
| 3111 | if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) | 3100 | if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) |
| 3112 | continue; | 3101 | continue; |
| 3113 | sock = socket_rdomain(ai->ai_family, ai->ai_socktype, | 3102 | sock = socket(ai->ai_family, ai->ai_socktype, |
| 3114 | ai->ai_protocol, channel_rdomain); | 3103 | ai->ai_protocol); |
| 3115 | if (sock < 0) { | 3104 | if (sock < 0) { |
| 3116 | if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) { | 3105 | if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) { |
| 3117 | error("socket: %.100s", strerror(errno)); | 3106 | error("socket: %.100s", strerror(errno)); |
| @@ -3286,8 +3275,7 @@ x11_connect_display(void) | |||
| 3286 | } | 3275 | } |
| 3287 | for (ai = aitop; ai; ai = ai->ai_next) { | 3276 | for (ai = aitop; ai; ai = ai->ai_next) { |
| 3288 | /* Create a socket. */ | 3277 | /* Create a socket. */ |
| 3289 | sock = socket_rdomain(ai->ai_family, ai->ai_socktype, | 3278 | sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); |
| 3290 | ai->ai_protocol, channel_rdomain); | ||
| 3291 | if (sock < 0) { | 3279 | if (sock < 0) { |
| 3292 | debug2("socket: %.100s", strerror(errno)); | 3280 | debug2("socket: %.100s", strerror(errno)); |
| 3293 | continue; | 3281 | continue; |