summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--configure.ac5
-rw-r--r--openbsd-compat/Makefile.in4
-rw-r--r--openbsd-compat/openbsd-compat.h3
-rw-r--r--openbsd-compat/port-tun.c155
-rw-r--r--openbsd-compat/port-tun.h33
-rw-r--r--serverloop.c5
-rw-r--r--ssh.c5
8 files changed, 211 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 94e3f6e5a..ad7cd52fa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,10 @@
16 - stevesk@cvs.openbsd.org 2005/12/31 01:38:45 16 - stevesk@cvs.openbsd.org 2005/12/31 01:38:45
17 [ssh.1] 17 [ssh.1]
18 document -MM; ok djm@ 18 document -MM; ok djm@
19 - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
20 [serverloop.c ssh.c openbsd-compat/Makefile.in]
21 [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
22 compatability support for Linux, diff from reyk@
19 23
2020051229 2420051229
21 - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd 25 - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd
@@ -3571,4 +3575,4 @@
3571 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 3575 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
3572 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 3576 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
3573 3577
3574$Id: ChangeLog,v 1.4056 2005/12/31 05:23:15 djm Exp $ 3578$Id: ChangeLog,v 1.4057 2005/12/31 05:33:36 djm Exp $
diff --git a/configure.ac b/configure.ac
index 9325c4364..64046759f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.316 2005/12/19 06:40:40 dtucker Exp $ 1# $Id: configure.ac,v 1.317 2005/12/31 05:33:37 djm Exp $
2# 2#
3# Copyright (c) 1999-2004 Damien Miller 3# Copyright (c) 1999-2004 Damien Miller
4# 4#
@@ -326,6 +326,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
326 [Define if cmsg_type is not passed correctly]) 326 [Define if cmsg_type is not passed correctly])
327 ;; 327 ;;
328 esac 328 esac
329 AC_DEFINE(SSH_TUN_LINUX, 1, [Open tunnel devices the Linux tun/tap way])
330 AC_DEFINE(SSH_TUN_COMPAT_AF, 1, [Use tunnel device compatibility to OpenBSD])
331 AC_DEFINE(SSH_TUN_PREPEND_AF, 1, [Prepend the address family to IP tunnel traffic])
329 ;; 332 ;;
330mips-sony-bsd|mips-sony-newsos4) 333mips-sony-bsd|mips-sony-newsos4)
331 AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty]) 334 AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty])
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 89ac6cdaf..3a8703bc1 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
1# $Id: Makefile.in,v 1.36 2005/11/24 08:58:21 djm Exp $ 1# $Id: Makefile.in,v 1.37 2005/12/31 05:33:37 djm Exp $
2 2
3sysconfdir=@sysconfdir@ 3sysconfdir=@sysconfdir@
4piddir=@piddir@ 4piddir=@piddir@
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgroupl
20 20
21COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o 21COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22 22
23PORTS=port-irix.o port-aix.o port-uw.o 23PORTS=port-irix.o port-aix.o port-uw.o port-tun.o
24 24
25.c.o: 25.c.o:
26 $(CC) $(CFLAGS) $(CPPFLAGS) -c $< 26 $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index fe0c36dcd..1a3027353 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
1/* $Id: openbsd-compat.h,v 1.32 2005/11/24 08:58:21 djm Exp $ */ 1/* $Id: openbsd-compat.h,v 1.33 2005/12/31 05:33:37 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1999-2003 Damien Miller. All rights reserved. 4 * Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@@ -186,5 +186,6 @@ char *shadow_pw(struct passwd *pw);
186#include "port-irix.h" 186#include "port-irix.h"
187#include "port-aix.h" 187#include "port-aix.h"
188#include "port-uw.h" 188#include "port-uw.h"
189#include "port-tun.h"
189 190
190#endif /* _OPENBSD_COMPAT_H */ 191#endif /* _OPENBSD_COMPAT_H */
diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c
new file mode 100644
index 000000000..479b46b7a
--- /dev/null
+++ b/openbsd-compat/port-tun.c
@@ -0,0 +1,155 @@
1/*
2 * Copyright (c) 2005 Reyk Floeter <reyk@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#include "includes.h"
18
19#include "log.h"
20#include "misc.h"
21#include "bufaux.h"
22
23/*
24 * This is the portable version of the SSH tunnel forwarding, it
25 * uses some preprocessor definitions for various platform-specific
26 * settings.
27 *
28 * SSH_TUN_LINUX Use the (newer) Linux tun/tap device
29 * SSH_TUN_COMPAT_AF Translate the OpenBSD address family
30 * SSH_TUN_PREPEND_AF Prepend/remove the address family
31 */
32
33/*
34 * System-specific tunnel open function
35 */
36
37#if defined(SSH_TUN_LINUX)
38#include <linux/if_tun.h>
39
40int
41sys_tun_open(int tun, int mode)
42{
43 struct ifreq ifr;
44 int fd = -1;
45 const char *name = NULL;
46
47 if ((fd = open("/dev/net/tun", O_RDWR)) == -1) {
48 debug("%s: failed to open tunnel control interface: %s",
49 __func__, strerror(errno));
50 return (-1);
51 }
52
53 bzero(&ifr, sizeof(ifr));
54
55 if (mode == SSH_TUNMODE_ETHERNET) {
56 ifr.ifr_flags = IFF_TAP;
57 name = "tap%d";
58 } else {
59 ifr.ifr_flags = IFF_TUN;
60 name = "tun%d";
61 }
62 ifr.ifr_flags |= IFF_NO_PI;
63
64 if (tun != SSH_TUNID_ANY) {
65 if (tun > SSH_TUNID_MAX) {
66 debug("%s: invalid tunnel id %x: %s", __func__,
67 tun, strerror(errno));
68 goto failed;
69 }
70 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), name, tun);
71 }
72
73 if (ioctl(fd, TUNSETIFF, &ifr) == -1) {
74 debug("%s: failed to configure tunnel (mode %d): %s", __func__,
75 mode, strerror(errno));
76 goto failed;
77 }
78
79 if (tun == SSH_TUNID_ANY)
80 debug("%s: tunnel mode %d fd %d", __func__, mode, fd);
81 else
82 debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd);
83
84 return (fd);
85
86 failed:
87 close(fd);
88 return (-1);
89}
90#endif /* SSH_TUN_LINUX */
91
92/*
93 * System-specific channel filters
94 */
95
96#if defined(SSH_TUN_FILTER)
97#define OPENBSD_AF_INET 2
98#define OPENBSD_AF_INET6 24
99
100int
101sys_tun_infilter(struct Channel *c, char *buf, int len)
102{
103#if defined(SSH_TUN_PREPEND_AF)
104 char rbuf[CHAN_RBUF];
105#endif
106 u_int32_t *af;
107 char *ptr = buf;
108
109#if defined(SSH_TUN_PREPEND_AF)
110 if (len > (int)(sizeof(rbuf) - sizeof(*af)))
111 return (-1);
112 ptr = (char *)&rbuf[0];
113 bcopy(buf, ptr + sizeof(u_int32_t), len);
114 len += sizeof(u_int32_t);
115#endif
116
117#if defined(SSH_TUN_COMPAT_AF)
118 if (len < (int)sizeof(u_int32_t))
119 return (-1);
120
121 af = (u_int32_t *)ptr;
122 if (*af == htonl(AF_INET6))
123 *af = htonl(OPENBSD_AF_INET6);
124 else
125 *af = htonl(OPENBSD_AF_INET);
126#endif
127 buffer_put_string(&c->input, ptr, len);
128 return (0);
129}
130
131u_char *
132sys_tun_outfilter(struct Channel *c, u_char **data, u_int *dlen)
133{
134 u_char *buf;
135 u_int32_t *af;
136
137 *data = buffer_get_string(&c->output, dlen);
138 if (*dlen < sizeof(*af))
139 return (NULL);
140 buf = *data;
141
142#if defined(SSH_TUN_PREPEND_AF)
143 *dlen -= sizeof(u_int32_t);
144 buf = *data + sizeof(u_int32_t);
145#elif defined(SSH_TUN_COMPAT_AF)
146 af = ntohl(*(u_int32_t *)buf);
147 if (*af == OPENBSD_AF_INET6)
148 *af = htonl(AF_INET6);
149 else
150 *af = htonl(AF_INET);
151#endif
152
153 return (buf);
154}
155#endif /* SSH_TUN_FILTER */
diff --git a/openbsd-compat/port-tun.h b/openbsd-compat/port-tun.h
new file mode 100644
index 000000000..942610c6d
--- /dev/null
+++ b/openbsd-compat/port-tun.h
@@ -0,0 +1,33 @@
1/*
2 * Copyright (c) 2005 Reyk Floeter <reyk@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#ifndef _PORT_TUN_H
18#define _PORT_TUN_H
19
20#include "channels.h"
21
22#if defined(SSH_TUN_LINUX)
23# define CUSTOM_SYS_TUN_OPEN
24int sys_tun_open(int, int);
25#endif
26
27#if defined(SSH_TUN_COMPAT_AF) || defined(SSH_TUN_PREPEND_AF)
28# define SSH_TUN_FILTER
29int sys_tun_infilter(struct Channel *, char *, int);
30u_char *sys_tun_outfilter(struct Channel *, u_char **, u_int *);
31#endif
32
33#endif
diff --git a/serverloop.c b/serverloop.c
index a575ce0d1..3d8e7cfb5 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -947,6 +947,11 @@ server_request_tun(void)
947 c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, 947 c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
948 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); 948 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
949 c->datagram = 1; 949 c->datagram = 1;
950#if defined(SSH_TUN_FILTER)
951 if (mode == SSH_TUNMODE_POINTOPOINT)
952 channel_register_filter(c->self, sys_tun_infilter,
953 sys_tun_outfilter);
954#endif
950 955
951 done: 956 done:
952 if (c == NULL) 957 if (c == NULL)
diff --git a/ssh.c b/ssh.c
index cdfc91633..3940dabfd 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1079,6 +1079,11 @@ ssh_session2_setup(int id, void *arg)
1079 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 1079 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
1080 0, "tun", 1); 1080 0, "tun", 1);
1081 c->datagram = 1; 1081 c->datagram = 1;
1082#if defined(SSH_TUN_FILTER)
1083 if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
1084 channel_register_filter(c->self, sys_tun_infilter,
1085 sys_tun_outfilter);
1086#endif
1082 packet_start(SSH2_MSG_CHANNEL_OPEN); 1087 packet_start(SSH2_MSG_CHANNEL_OPEN);
1083 packet_put_cstring("tun@openssh.com"); 1088 packet_put_cstring("tun@openssh.com");
1084 packet_put_int(c->self); 1089 packet_put_int(c->self);