5 files changed, 56 insertions, 21 deletions
diff --git a/ChangeLog b/ChangeLog
index b31ee81cd..d1c4b3e65 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -56,6 +56,10 @@
     support for cancelling local and remote port forwards via the multiplex
     socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
     the cancellation of the specified forwardings; ok markus@
+   - markus@cvs.openbsd.org 2011/09/10 22:26:34
+     [channels.c channels.h clientloop.c ssh.1]
+     support cancellation of local/dynamic forwardings from ~C commandline;
+     ok & feedback djm@
 20110909
 - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng.  From
diff --git a/channels.c b/channels.c
index 0f7e1a872..b6663de8f 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.312 2011/09/09 22:46:44 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.313 2011/09/10 22:26:34 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2844,7 +2844,7 @@ channel_cancel_rport_listener(const char *host, u_short port)
 int
 channel_cancel_lport_listener(const char *lhost, u_short lport,
-    u_short cport, int gateway_ports)
+    int cport, int gateway_ports)
 {
        u_int i;
        int found = 0;
@@ -2854,8 +2854,16 @@ channel_cancel_lport_listener(const char *lhost, u_short lport,
                Channel *c = channels[i];
                if (c == NULL || c->type != SSH_CHANNEL_PORT_LISTENER)
                        continue;
-                if (c->listening_port != lport || c->host_port != cport)
+                if (c->listening_port != lport)
                        continue;
+                if (cport == CHANNEL_CANCEL_PORT_STATIC) {
+                        /* skip dynamic forwardings */
+                        if (c->host_port == 0)
+                                continue;
+                } else {
+                        if (c->host_port != cport)
+                                continue;
+                }
                if ((c->listening_addr == NULL && addr != NULL) ||
                    (c->listening_addr != NULL && addr == NULL))
                        continue;
diff --git a/channels.h b/channels.h
index 37af32289..ff84ea54f 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.106 2011/09/09 22:46:44 djm Exp $ */
+/* $OpenBSD: channels.h,v 1.107 2011/09/10 22:26:34 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -57,6 +57,8 @@
 #define SSH_CHANNEL_MUX_CLIENT          16      /* Conn. to mux slave */
 #define SSH_CHANNEL_MAX_TYPE            17
+#define CHANNEL_CANCEL_PORT_STATIC      -1
 struct Channel;
 typedef struct Channel Channel;
@@ -265,7 +267,7 @@ int	 channel_setup_local_fwd_listener(const char *, u_short,
 int      channel_request_rforward_cancel(const char *host, u_short port);
 int      channel_setup_remote_fwd_listener(const char *, u_short, int *, int);
 int      channel_cancel_rport_listener(const char *, u_short);
-int      channel_cancel_lport_listener(const char *, u_short, u_short, int);
+int      channel_cancel_lport_listener(const char *, u_short, int, int);
 /* x11 forwarding */
diff --git a/clientloop.c b/clientloop.c
index c19b01f19..1339521f4 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.236 2011/06/22 22:08:42 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.237 2011/09/10 22:26:34 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -839,9 +839,8 @@ process_cmdline(void)
 {
        void (*handler)(int);
        char *s, *cmd, *cancel_host;
-        int delete = 0;
+        int delete = 0, local = 0, remote = 0, dynamic = 0;
-        int local = 0, remote = 0, dynamic = 0;
+        int cancel_port, ok;
-        int cancel_port;
        Forward fwd;
        bzero(&fwd, sizeof(fwd));
@@ -867,8 +866,12 @@ process_cmdline(void)
                    "Request remote forward");
                logit("      -D[bind_address:]port                  "
                    "Request dynamic forward");
+                logit("      -KL[bind_address:]port                 "
+                    "Cancel local forward");
                logit("      -KR[bind_address:]port                 "
                    "Cancel remote forward");
+                logit("      -KD[bind_address:]port                 "
+                    "Cancel dynamic forward");
                if (!options.permit_local_command)
                        goto out;
                logit("      !args                                  "
@@ -897,11 +900,7 @@ process_cmdline(void)
                goto out;
        }
-        if ((local || dynamic) && delete) {
+        if (delete && !compat20) {
-                logit("Not supported.");
-                goto out;
-        }
-        if (remote && delete && !compat20) {
                logit("Not supported for SSH protocol version 1.");
                goto out;
        }
@@ -924,7 +923,21 @@ process_cmdline(void)
                        logit("Bad forwarding close port");
                        goto out;
                }
-                channel_request_rforward_cancel(cancel_host, cancel_port);
+                if (remote)
+                        ok = channel_request_rforward_cancel(cancel_host,
+                            cancel_port) == 0;
+                else if (dynamic)
+                        ok = channel_cancel_lport_listener(cancel_host,
+                            cancel_port, 0, options.gateway_ports) > 0;
+                else
+                        ok = channel_cancel_lport_listener(cancel_host,
+                            cancel_port, CHANNEL_CANCEL_PORT_STATIC,
+                            options.gateway_ports) > 0;
+                if (!ok) {
+                        logit("Unkown port forwarding.");
+                        goto out;
+                }
+                logit("Canceled forwarding.");
        } else {
                if (!parse_forward(&fwd, s, dynamic, remote)) {
                        logit("Bad forwarding specification.");
@@ -945,7 +958,6 @@ process_cmdline(void)
                                goto out;
                        }
                }
                logit("Forwarding port.");
        }
diff --git a/ssh.1 b/ssh.1
index fbdddc7d1..67a42cb5d 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.321 2011/08/26 01:45:15 djm Exp $
+.\" $OpenBSD: ssh.1,v 1.322 2011/09/10 22:26:34 markus Exp $
-.Dd $Mdocdate: August 26 2011 $
+.Dd $Mdocdate: September 10 2011 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -899,11 +899,20 @@ Currently this allows the addition of port forwardings using the
 and
 .Fl D
 options (see above).
-It also allows the cancellation of existing remote port-forwardings
+It also allows the cancellation of existing port-forwardings
-using
+with
+.Sm off
+.Fl KL Oo Ar bind_address : Oc Ar port
+.Sm on
+for local,
+.Sm off
+.Fl KR Oo Ar bind_address : Oc Ar port
+.Sm on
+for remote and
 .Sm off
-.Fl KR Oo Ar bind_address : Oc Ar port .
+.Fl KD Oo Ar bind_address : Oc Ar port
 .Sm on
+for dynamic port-forwardings.
 .Ic !\& Ns Ar command
 allows the user to execute a local command if the
 .Ic PermitLocalCommand