diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | configure.ac | 5 | ||||
-rw-r--r-- | openbsd-compat/Makefile.in | 4 | ||||
-rw-r--r-- | openbsd-compat/openbsd-compat.h | 3 | ||||
-rw-r--r-- | openbsd-compat/port-tun.c | 155 | ||||
-rw-r--r-- | openbsd-compat/port-tun.h | 33 | ||||
-rw-r--r-- | serverloop.c | 5 | ||||
-rw-r--r-- | ssh.c | 5 |
8 files changed, 211 insertions, 5 deletions
@@ -16,6 +16,10 @@ | |||
16 | - stevesk@cvs.openbsd.org 2005/12/31 01:38:45 | 16 | - stevesk@cvs.openbsd.org 2005/12/31 01:38:45 |
17 | [ssh.1] | 17 | [ssh.1] |
18 | document -MM; ok djm@ | 18 | document -MM; ok djm@ |
19 | - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac] | ||
20 | [serverloop.c ssh.c openbsd-compat/Makefile.in] | ||
21 | [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding | ||
22 | compatability support for Linux, diff from reyk@ | ||
19 | 23 | ||
20 | 20051229 | 24 | 20051229 |
21 | - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd | 25 | - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd |
@@ -3571,4 +3575,4 @@ | |||
3571 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 3575 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
3572 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 3576 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
3573 | 3577 | ||
3574 | $Id: ChangeLog,v 1.4056 2005/12/31 05:23:15 djm Exp $ | 3578 | $Id: ChangeLog,v 1.4057 2005/12/31 05:33:36 djm Exp $ |
diff --git a/configure.ac b/configure.ac index 9325c4364..64046759f 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.316 2005/12/19 06:40:40 dtucker Exp $ | 1 | # $Id: configure.ac,v 1.317 2005/12/31 05:33:37 djm Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -326,6 +326,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
326 | [Define if cmsg_type is not passed correctly]) | 326 | [Define if cmsg_type is not passed correctly]) |
327 | ;; | 327 | ;; |
328 | esac | 328 | esac |
329 | AC_DEFINE(SSH_TUN_LINUX, 1, [Open tunnel devices the Linux tun/tap way]) | ||
330 | AC_DEFINE(SSH_TUN_COMPAT_AF, 1, [Use tunnel device compatibility to OpenBSD]) | ||
331 | AC_DEFINE(SSH_TUN_PREPEND_AF, 1, [Prepend the address family to IP tunnel traffic]) | ||
329 | ;; | 332 | ;; |
330 | mips-sony-bsd|mips-sony-newsos4) | 333 | mips-sony-bsd|mips-sony-newsos4) |
331 | AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty]) | 334 | AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty]) |
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 89ac6cdaf..3a8703bc1 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.36 2005/11/24 08:58:21 djm Exp $ | 1 | # $Id: Makefile.in,v 1.37 2005/12/31 05:33:37 djm Exp $ |
2 | 2 | ||
3 | sysconfdir=@sysconfdir@ | 3 | sysconfdir=@sysconfdir@ |
4 | piddir=@piddir@ | 4 | piddir=@piddir@ |
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgroupl | |||
20 | 20 | ||
21 | COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o | 21 | COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o |
22 | 22 | ||
23 | PORTS=port-irix.o port-aix.o port-uw.o | 23 | PORTS=port-irix.o port-aix.o port-uw.o port-tun.o |
24 | 24 | ||
25 | .c.o: | 25 | .c.o: |
26 | $(CC) $(CFLAGS) $(CPPFLAGS) -c $< | 26 | $(CC) $(CFLAGS) $(CPPFLAGS) -c $< |
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index fe0c36dcd..1a3027353 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: openbsd-compat.h,v 1.32 2005/11/24 08:58:21 djm Exp $ */ | 1 | /* $Id: openbsd-compat.h,v 1.33 2005/12/31 05:33:37 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 1999-2003 Damien Miller. All rights reserved. | 4 | * Copyright (c) 1999-2003 Damien Miller. All rights reserved. |
@@ -186,5 +186,6 @@ char *shadow_pw(struct passwd *pw); | |||
186 | #include "port-irix.h" | 186 | #include "port-irix.h" |
187 | #include "port-aix.h" | 187 | #include "port-aix.h" |
188 | #include "port-uw.h" | 188 | #include "port-uw.h" |
189 | #include "port-tun.h" | ||
189 | 190 | ||
190 | #endif /* _OPENBSD_COMPAT_H */ | 191 | #endif /* _OPENBSD_COMPAT_H */ |
diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c new file mode 100644 index 000000000..479b46b7a --- /dev/null +++ b/openbsd-compat/port-tun.c | |||
@@ -0,0 +1,155 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2005 Reyk Floeter <reyk@openbsd.org> | ||
3 | * | ||
4 | * Permission to use, copy, modify, and distribute this software for any | ||
5 | * purpose with or without fee is hereby granted, provided that the above | ||
6 | * copyright notice and this permission notice appear in all copies. | ||
7 | * | ||
8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
15 | */ | ||
16 | |||
17 | #include "includes.h" | ||
18 | |||
19 | #include "log.h" | ||
20 | #include "misc.h" | ||
21 | #include "bufaux.h" | ||
22 | |||
23 | /* | ||
24 | * This is the portable version of the SSH tunnel forwarding, it | ||
25 | * uses some preprocessor definitions for various platform-specific | ||
26 | * settings. | ||
27 | * | ||
28 | * SSH_TUN_LINUX Use the (newer) Linux tun/tap device | ||
29 | * SSH_TUN_COMPAT_AF Translate the OpenBSD address family | ||
30 | * SSH_TUN_PREPEND_AF Prepend/remove the address family | ||
31 | */ | ||
32 | |||
33 | /* | ||
34 | * System-specific tunnel open function | ||
35 | */ | ||
36 | |||
37 | #if defined(SSH_TUN_LINUX) | ||
38 | #include <linux/if_tun.h> | ||
39 | |||
40 | int | ||
41 | sys_tun_open(int tun, int mode) | ||
42 | { | ||
43 | struct ifreq ifr; | ||
44 | int fd = -1; | ||
45 | const char *name = NULL; | ||
46 | |||
47 | if ((fd = open("/dev/net/tun", O_RDWR)) == -1) { | ||
48 | debug("%s: failed to open tunnel control interface: %s", | ||
49 | __func__, strerror(errno)); | ||
50 | return (-1); | ||
51 | } | ||
52 | |||
53 | bzero(&ifr, sizeof(ifr)); | ||
54 | |||
55 | if (mode == SSH_TUNMODE_ETHERNET) { | ||
56 | ifr.ifr_flags = IFF_TAP; | ||
57 | name = "tap%d"; | ||
58 | } else { | ||
59 | ifr.ifr_flags = IFF_TUN; | ||
60 | name = "tun%d"; | ||
61 | } | ||
62 | ifr.ifr_flags |= IFF_NO_PI; | ||
63 | |||
64 | if (tun != SSH_TUNID_ANY) { | ||
65 | if (tun > SSH_TUNID_MAX) { | ||
66 | debug("%s: invalid tunnel id %x: %s", __func__, | ||
67 | tun, strerror(errno)); | ||
68 | goto failed; | ||
69 | } | ||
70 | snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), name, tun); | ||
71 | } | ||
72 | |||
73 | if (ioctl(fd, TUNSETIFF, &ifr) == -1) { | ||
74 | debug("%s: failed to configure tunnel (mode %d): %s", __func__, | ||
75 | mode, strerror(errno)); | ||
76 | goto failed; | ||
77 | } | ||
78 | |||
79 | if (tun == SSH_TUNID_ANY) | ||
80 | debug("%s: tunnel mode %d fd %d", __func__, mode, fd); | ||
81 | else | ||
82 | debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd); | ||
83 | |||
84 | return (fd); | ||
85 | |||
86 | failed: | ||
87 | close(fd); | ||
88 | return (-1); | ||
89 | } | ||
90 | #endif /* SSH_TUN_LINUX */ | ||
91 | |||
92 | /* | ||
93 | * System-specific channel filters | ||
94 | */ | ||
95 | |||
96 | #if defined(SSH_TUN_FILTER) | ||
97 | #define OPENBSD_AF_INET 2 | ||
98 | #define OPENBSD_AF_INET6 24 | ||
99 | |||
100 | int | ||
101 | sys_tun_infilter(struct Channel *c, char *buf, int len) | ||
102 | { | ||
103 | #if defined(SSH_TUN_PREPEND_AF) | ||
104 | char rbuf[CHAN_RBUF]; | ||
105 | #endif | ||
106 | u_int32_t *af; | ||
107 | char *ptr = buf; | ||
108 | |||
109 | #if defined(SSH_TUN_PREPEND_AF) | ||
110 | if (len > (int)(sizeof(rbuf) - sizeof(*af))) | ||
111 | return (-1); | ||
112 | ptr = (char *)&rbuf[0]; | ||
113 | bcopy(buf, ptr + sizeof(u_int32_t), len); | ||
114 | len += sizeof(u_int32_t); | ||
115 | #endif | ||
116 | |||
117 | #if defined(SSH_TUN_COMPAT_AF) | ||
118 | if (len < (int)sizeof(u_int32_t)) | ||
119 | return (-1); | ||
120 | |||
121 | af = (u_int32_t *)ptr; | ||
122 | if (*af == htonl(AF_INET6)) | ||
123 | *af = htonl(OPENBSD_AF_INET6); | ||
124 | else | ||
125 | *af = htonl(OPENBSD_AF_INET); | ||
126 | #endif | ||
127 | buffer_put_string(&c->input, ptr, len); | ||
128 | return (0); | ||
129 | } | ||
130 | |||
131 | u_char * | ||
132 | sys_tun_outfilter(struct Channel *c, u_char **data, u_int *dlen) | ||
133 | { | ||
134 | u_char *buf; | ||
135 | u_int32_t *af; | ||
136 | |||
137 | *data = buffer_get_string(&c->output, dlen); | ||
138 | if (*dlen < sizeof(*af)) | ||
139 | return (NULL); | ||
140 | buf = *data; | ||
141 | |||
142 | #if defined(SSH_TUN_PREPEND_AF) | ||
143 | *dlen -= sizeof(u_int32_t); | ||
144 | buf = *data + sizeof(u_int32_t); | ||
145 | #elif defined(SSH_TUN_COMPAT_AF) | ||
146 | af = ntohl(*(u_int32_t *)buf); | ||
147 | if (*af == OPENBSD_AF_INET6) | ||
148 | *af = htonl(AF_INET6); | ||
149 | else | ||
150 | *af = htonl(AF_INET); | ||
151 | #endif | ||
152 | |||
153 | return (buf); | ||
154 | } | ||
155 | #endif /* SSH_TUN_FILTER */ | ||
diff --git a/openbsd-compat/port-tun.h b/openbsd-compat/port-tun.h new file mode 100644 index 000000000..942610c6d --- /dev/null +++ b/openbsd-compat/port-tun.h | |||
@@ -0,0 +1,33 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2005 Reyk Floeter <reyk@openbsd.org> | ||
3 | * | ||
4 | * Permission to use, copy, modify, and distribute this software for any | ||
5 | * purpose with or without fee is hereby granted, provided that the above | ||
6 | * copyright notice and this permission notice appear in all copies. | ||
7 | * | ||
8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
15 | */ | ||
16 | |||
17 | #ifndef _PORT_TUN_H | ||
18 | #define _PORT_TUN_H | ||
19 | |||
20 | #include "channels.h" | ||
21 | |||
22 | #if defined(SSH_TUN_LINUX) | ||
23 | # define CUSTOM_SYS_TUN_OPEN | ||
24 | int sys_tun_open(int, int); | ||
25 | #endif | ||
26 | |||
27 | #if defined(SSH_TUN_COMPAT_AF) || defined(SSH_TUN_PREPEND_AF) | ||
28 | # define SSH_TUN_FILTER | ||
29 | int sys_tun_infilter(struct Channel *, char *, int); | ||
30 | u_char *sys_tun_outfilter(struct Channel *, u_char **, u_int *); | ||
31 | #endif | ||
32 | |||
33 | #endif | ||
diff --git a/serverloop.c b/serverloop.c index a575ce0d1..3d8e7cfb5 100644 --- a/serverloop.c +++ b/serverloop.c | |||
@@ -947,6 +947,11 @@ server_request_tun(void) | |||
947 | c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, | 947 | c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, |
948 | CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); | 948 | CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); |
949 | c->datagram = 1; | 949 | c->datagram = 1; |
950 | #if defined(SSH_TUN_FILTER) | ||
951 | if (mode == SSH_TUNMODE_POINTOPOINT) | ||
952 | channel_register_filter(c->self, sys_tun_infilter, | ||
953 | sys_tun_outfilter); | ||
954 | #endif | ||
950 | 955 | ||
951 | done: | 956 | done: |
952 | if (c == NULL) | 957 | if (c == NULL) |
@@ -1079,6 +1079,11 @@ ssh_session2_setup(int id, void *arg) | |||
1079 | CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, | 1079 | CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, |
1080 | 0, "tun", 1); | 1080 | 0, "tun", 1); |
1081 | c->datagram = 1; | 1081 | c->datagram = 1; |
1082 | #if defined(SSH_TUN_FILTER) | ||
1083 | if (options.tun_open == SSH_TUNMODE_POINTOPOINT) | ||
1084 | channel_register_filter(c->self, sys_tun_infilter, | ||
1085 | sys_tun_outfilter); | ||
1086 | #endif | ||
1082 | packet_start(SSH2_MSG_CHANNEL_OPEN); | 1087 | packet_start(SSH2_MSG_CHANNEL_OPEN); |
1083 | packet_put_cstring("tun@openssh.com"); | 1088 | packet_put_cstring("tun@openssh.com"); |
1084 | packet_put_int(c->self); | 1089 | packet_put_int(c->self); |