Attachment #2423 for bug #2016




AC_SUBST([SSHLIBS])
AC_SUBST([SSHDLIBS])

#check whether user wants SCTP support
SCTP_MSG="no"
AC_ARG_WITH(sctp,
	[  --with-sctp             Enable SCTP support],
	[ if test "x$withval" != "xno" ; then
		AC_DEFINE(SCTP,1,[Define if you want SCTP support.])
		AC_CHECK_FUNCS(sctp_recvmsg, , AC_CHECK_LIB(sctp, sctp_recvmsg, ,
			       [AC_MSG_ERROR([*** Can not use SCTP - maybe libsctp-dev is missing ***])]
			       ))
		SCTP_MSG="yes"
	fi ]
)

# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH([kerberos5],

echo "                   OSF SIA support: $SIA_MSG"
echo "                 KerberosV support: $KRB5_MSG"
echo "                   SELinux support: $SELINUX_MSG"
echo "                      SCTP support: $SCTP_MSG"
echo "                 Smartcard support: $SCARD_MSG"
echo "                     S/KEY support: $SKEY_MSG"
echo "              TCP Wrappers support: $TCPW_MSG"

Lines 60-65 Link Here

(-)openssh-6.6p1.orig/misc.c (-5 / +34 lines)
60	#include "log.h"	60	#include "log.h"
61	#include "ssh.h"	61	#include "ssh.h"
62		62
		63	#ifdef SCTP
		64	#include <netinet/sctp.h>
		65	#endif
		66
63	/* remove newline at end of string */	67	/* remove newline at end of string */
64	char *	68	char *
65	chop(char *s)	69	chop(char *s)
Lines 138-158 void Link Here
138	set_nodelay(int fd)	142	set_nodelay(int fd)
139	{	143	{
140	int opt;	144	int opt;
		145	int is_tcp = 1;
		146	int ret;
141	socklen_t optlen;	147	socklen_t optlen;
142		148
143	optlen = sizeof opt;	149	optlen = sizeof opt;
144	if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) {	150	if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) {
145	debug("getsockopt TCP_NODELAY: %.100s", strerror(errno));	151	#ifdef SCTP
		152	/* TCP_NODELAY failed, try SCTP_NODELAY */
		153	if (getsockopt(fd, IPPROTO_SCTP, SCTP_NODELAY, &opt, &optlen) == -1) {
		154	debug("getsockopt TCP_NODELAY/SCTP_NODELAY: %.100s", strerror(errno));
		155	return;
		156	}
		157	is_tcp = 0;
		158	#else
146	return;	159	return;
		160	#endif
147	}	161	}
148	if (opt == 1) {	162	if (opt == 1) {
149	debug2("fd %d is TCP_NODELAY", fd);	163	debug2("fd %d is TCP_NODELAY/SCTP_NODELAY", fd);
150	return;	164	return;
151	}	165	}
152	opt = 1;	166	opt = 1;
153	debug2("fd %d setting TCP_NODELAY", fd);	167	debug2("fd %d setting TCP_NODELAY/SCTP_NODELAY", fd);
154	if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1)	168
155	error("setsockopt TCP_NODELAY: %.100s", strerror(errno));	169	if (is_tcp) {
		170	ret = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt,
		171	sizeof(opt));
		172	if (ret < 0)
		173	error("setsockopt TCP_NODELAY: %.100s",
		174	strerror(errno));
		175	}
		176	#ifdef SCTP
		177	else {
		178	ret = setsockopt(fd, IPPROTO_SCTP, SCTP_NODELAY, &opt,
		179	sizeof(opt));
		180	if (ret < 0)
		181	error("setsockopt SCTP_NODELAY: %.100s",
		182	strerror(errno));
		183	}
		184	#endif
156	}	185	}
157		186
158	/* Characters considered whitespace in strsep calls. */	187	/* Characters considered whitespace in strsep calls. */

Lines 129-134 typedef enum { Link Here

(-)openssh-6.6p1.orig/readconf.c (+29 lines)
129	oPasswordAuthentication, oRSAAuthentication,	129	oPasswordAuthentication, oRSAAuthentication,
130	oChallengeResponseAuthentication, oXAuthLocation,	130	oChallengeResponseAuthentication, oXAuthLocation,
131	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,	131	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
		132	#ifdef SCTP
		133	oTransport,
		134	#endif
132	oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,	135	oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
133	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,	136	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
134	oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,	137	oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
Lines 196-201 static struct { Link Here
196	{ "hostname", oHostName },	199	{ "hostname", oHostName },
197	{ "hostkeyalias", oHostKeyAlias },	200	{ "hostkeyalias", oHostKeyAlias },
198	{ "proxycommand", oProxyCommand },	201	{ "proxycommand", oProxyCommand },
		202	#ifdef SCTP
		203	{ "transport", oTransport },
		204	#endif
199	{ "port", oPort },	205	{ "port", oPort },
200	{ "cipher", oCipher },	206	{ "cipher", oCipher },
201	{ "ciphers", oCiphers },	207	{ "ciphers", oCiphers },
Lines 994-999 parse_command: Link Here
994	*charptr = xstrdup(s + len);	1000	*charptr = xstrdup(s + len);
995	return 0;	1001	return 0;
996		1002
		1003	#ifdef SCTP
		1004	case oTransport:
		1005	arg = strdelim(&s);
		1006	if (!arg \|\| *arg == '\0')
		1007	fatal("%s line %d: missing transport protocol specification",
		1008	filename, linenum);
		1009	if (strcasecmp(arg, "tcp") == 0)
		1010	options->transport = TRANSPORT_TCP;
		1011	else if (strcasecmp(arg, "sctp") == 0)
		1012	options->transport = TRANSPORT_SCTP;
		1013	else
		1014	fatal("%s line %d: unknown transport protocol specified",
		1015	filename, linenum);
		1016	break;
		1017	#endif
		1018
997	case oPort:	1019	case oPort:
998	intptr = &options->port;	1020	intptr = &options->port;
999	parse_int:	1021	parse_int:
Lines 1509-1514 initialize_options(Options * options) Link Here
1509	options->compression = -1;	1531	options->compression = -1;
1510	options->tcp_keep_alive = -1;	1532	options->tcp_keep_alive = -1;
1511	options->compression_level = -1;	1533	options->compression_level = -1;
		1534	#ifdef SCTP
		1535	options->transport = -1;
		1536	#endif
1512	options->port = -1;	1537	options->port = -1;
1513	options->address_family = -1;	1538	options->address_family = -1;
1514	options->connection_attempts = -1;	1539	options->connection_attempts = -1;
Lines 1638-1643 fill_default_options(Options * options) Link Here
1638	options->tcp_keep_alive = 1;	1663	options->tcp_keep_alive = 1;
1639	if (options->compression_level == -1)	1664	if (options->compression_level == -1)
1640	options->compression_level = 6;	1665	options->compression_level = 6;
		1666	#ifdef SCTP
		1667	if (options->transport == -1)
		1668	options->transport = TRANSPORT_TCP;
		1669	#endif
1641	if (options->port == -1)	1670	if (options->port == -1)
1642	options->port = 0; /* Filled in ssh_connect. */	1671	options->port = 0; /* Filled in ssh_connect. */
1643	if (options->address_family == -1)	1672	if (options->address_family == -1)

Lines 37-42 struct allowed_cname { Link Here

(-)openssh-6.6p1.orig/readconf.h (+7 lines)
37	char *target_list;	37	char *target_list;
38	};	38	};
39		39
		40	/* Transport protocols */
		41	#define TRANSPORT_TCP 1
		42	#define TRANSPORT_SCTP 2
		43
40	typedef struct {	44	typedef struct {
41	int forward_agent; /* Forward authentication agent. */	45	int forward_agent; /* Forward authentication agent. */
42	int forward_x11; /* Forward X11 display. */	46	int forward_x11; /* Forward X11 display. */
Lines 70-75 typedef struct { Link Here
70	int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */	74	int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
71	LogLevel log_level; /* Level for logging. */	75	LogLevel log_level; /* Level for logging. */
72		76
		77	#ifdef SCTP
		78	int transport; /* Transport protocol used. */
		79	#endif
73	int port; /* Port to connect. */	80	int port; /* Port to connect. */
74	int address_family;	81	int address_family;
75	int connection_attempts; /* Max attempts (seconds) before	82	int connection_attempts; /* Max attempts (seconds) before

Lines 19-25 Link Here

(-)openssh-6.6p1.orig/scp.1 (-1 / +4 lines)
19	.Sh SYNOPSIS	19	.Sh SYNOPSIS
20	.Nm scp	20	.Nm scp
21	.Bk -words	21	.Bk -words
22	.Op Fl 12346BCpqrv	22	.Op Fl 12346BCpqrvz
23	.Op Fl c Ar cipher	23	.Op Fl c Ar cipher
24	.Op Fl F Ar ssh_config	24	.Op Fl F Ar ssh_config
25	.Op Fl i Ar identity_file	25	.Op Fl i Ar identity_file
Lines 180-185 For full details of the options listed b Link Here
180	.It ServerAliveCountMax	180	.It ServerAliveCountMax
181	.It StrictHostKeyChecking	181	.It StrictHostKeyChecking
182	.It TCPKeepAlive	182	.It TCPKeepAlive
		183	.It Transport
183	.It UsePrivilegedPort	184	.It UsePrivilegedPort
184	.It User	185	.It User
185	.It UserKnownHostsFile	186	.It UserKnownHostsFile
Lines 221-226 and Link Here
221	to print debugging messages about their progress.	222	to print debugging messages about their progress.
222	This is helpful in	223	This is helpful in
223	debugging connection, authentication, and configuration problems.	224	debugging connection, authentication, and configuration problems.
		225	.It Fl z
		226	Use the SCTP protocol for connection instead of TCP which is the default.
224	.El	227	.El
225	.Sh EXIT STATUS	228	.Sh EXIT STATUS
226	.Ex -std scp	229	.Ex -std scp

Lines 395-401 main(int argc, char **argv) Link Here

(-)openssh-6.6p1.orig/scp.c (+7 lines)
395	addargs(&args, "-oClearAllForwardings=yes");	395	addargs(&args, "-oClearAllForwardings=yes");
396		396
397	fflag = tflag = 0;	397	fflag = tflag = 0;
		398	#ifdef SCTP
		399	while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:z")) != -1)
		400	#else
398	while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1)	401	while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1)
		402	#endif
399	switch (ch) {	403	switch (ch) {
400	/* User-visible flags. */	404	/* User-visible flags. */
401	case '1':	405	case '1':
Lines 403-408 main(int argc, char **argv) Link Here
403	case '4':	407	case '4':
404	case '6':	408	case '6':
405	case 'C':	409	case 'C':
		410	#ifdef SCTP
		411	case 'z':
		412	#endif
406	addargs(&args, "-%c", ch);	413	addargs(&args, "-%c", ch);
407	addargs(&remote_remote_args, "-%c", ch);	414	addargs(&remote_remote_args, "-%c", ch);
408	break;	415	break;

Lines 127-132 initialize_server_options(ServerOptions Link Here

(-)openssh-6.6p1.orig/servconf.c (+135 lines)
127	options->ciphers = NULL;	127	options->ciphers = NULL;
128	options->macs = NULL;	128	options->macs = NULL;
129	options->kex_algorithms = NULL;	129	options->kex_algorithms = NULL;
		130	#ifdef SCTP
		131	options->transport = -1;
		132	#endif
130	options->protocol = SSH_PROTO_UNKNOWN;	133	options->protocol = SSH_PROTO_UNKNOWN;
131	options->gateway_ports = -1;	134	options->gateway_ports = -1;
132	options->num_subsystems = 0;	135	options->num_subsystems = 0;
Lines 268-273 fill_default_server_options(ServerOption Link Here
268	options->allow_tcp_forwarding = FORWARD_ALLOW;	271	options->allow_tcp_forwarding = FORWARD_ALLOW;
269	if (options->allow_agent_forwarding == -1)	272	if (options->allow_agent_forwarding == -1)
270	options->allow_agent_forwarding = 1;	273	options->allow_agent_forwarding = 1;
		274	#ifdef SCTP
		275	if (options->transport == -1)
		276	options->transport = TRANSPORT_TCP;
		277	#endif
271	if (options->gateway_ports == -1)	278	if (options->gateway_ports == -1)
272	options->gateway_ports = 0;	279	options->gateway_ports = 0;
273	if (options->max_startups == -1)	280	if (options->max_startups == -1)
Lines 329-334 typedef enum { Link Here
329	sKerberosTgtPassing, sChallengeResponseAuthentication,	336	sKerberosTgtPassing, sChallengeResponseAuthentication,
330	sPasswordAuthentication, sKbdInteractiveAuthentication,	337	sPasswordAuthentication, sKbdInteractiveAuthentication,
331	sListenAddress, sAddressFamily,	338	sListenAddress, sAddressFamily,
		339	#ifdef SCTP
		340	sTransport, sListenMultipleAddresses,
		341	#endif
332	sPrintMotd, sPrintLastLog, sIgnoreRhosts,	342	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
333	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,	343	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
334	sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,	344	sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
Lines 417-422 static struct { Link Here
417	{ "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */	427	{ "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
418	{ "checkmail", sDeprecated, SSHCFG_GLOBAL },	428	{ "checkmail", sDeprecated, SSHCFG_GLOBAL },
419	{ "listenaddress", sListenAddress, SSHCFG_GLOBAL },	429	{ "listenaddress", sListenAddress, SSHCFG_GLOBAL },
		430	#ifdef SCTP
		431	{ "listenmultipleaddresses", sListenMultipleAddresses, SSHCFG_GLOBAL },
		432	#endif
420	{ "addressfamily", sAddressFamily, SSHCFG_GLOBAL },	433	{ "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
421	{ "printmotd", sPrintMotd, SSHCFG_GLOBAL },	434	{ "printmotd", sPrintMotd, SSHCFG_GLOBAL },
422	{ "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },	435	{ "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
Lines 442-447 static struct { Link Here
442	{ "denygroups", sDenyGroups, SSHCFG_ALL },	455	{ "denygroups", sDenyGroups, SSHCFG_ALL },
443	{ "ciphers", sCiphers, SSHCFG_GLOBAL },	456	{ "ciphers", sCiphers, SSHCFG_GLOBAL },
444	{ "macs", sMacs, SSHCFG_GLOBAL },	457	{ "macs", sMacs, SSHCFG_GLOBAL },
		458	#ifdef SCTP
		459	{ "transport", sTransport, SSHCFG_GLOBAL },
		460	#endif
445	{ "protocol", sProtocol, SSHCFG_GLOBAL },	461	{ "protocol", sProtocol, SSHCFG_GLOBAL },
446	{ "gatewayports", sGatewayPorts, SSHCFG_ALL },	462	{ "gatewayports", sGatewayPorts, SSHCFG_ALL },
447	{ "subsystem", sSubsystem, SSHCFG_GLOBAL },	463	{ "subsystem", sSubsystem, SSHCFG_GLOBAL },
Lines 576-581 get_connection_info(int populate, int us Link Here
576	return &ci;	592	return &ci;
577	}	593	}
578		594
		595	#ifdef SCTP
		596	static void
		597	add_one_listen_multiple_addr(ServerOptions options, char addr, int port, int last)
		598	{
		599	struct addrinfo hints, ai, aitop;
		600	char strport[NI_MAXSERV];
		601	int gaierr;
		602
		603	memset(&hints, 0, sizeof(hints));
		604	hints.ai_family = options->address_family;
		605	hints.ai_socktype = SOCK_STREAM;
		606	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
		607	snprintf(strport, sizeof strport, "%d", port);
		608	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
		609	fatal("bad addr or host: %s (%s)",
		610	addr ? addr : "<NULL>",
		611	ssh_gai_strerror(gaierr));
		612	/* Mark addresses as multihomed */
		613	for (ai = aitop; ai->ai_next; ai = ai->ai_next)
		614	ai->ai_flags = IS_MULTIPLE_ADDR;
		615	ai->ai_flags = IS_MULTIPLE_ADDR;
		616	ai->ai_next = options->listen_addrs;
		617	options->listen_addrs = aitop;
		618
		619	if (last) {
		620	aitop->ai_flags = 0;
		621	}
		622	}
		623
		624	static void
		625	add_listen_multiple_addrs(ServerOptions options, char addrs, int port)
		626	{
		627	u_int i, num_addrs;
		628	char *addrsptr, p;
		629
		630	if (options->num_ports == 0)
		631	options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
		632	if (options->address_family == -1)
		633	options->address_family = AF_UNSPEC;
		634
		635	num_addrs = 1;
		636	p = addrs;
		637	while ((p = strchr(p, ',')) != NULL) {
		638	num_addrs++;
		639	p++;
		640	}
		641	debug("found %d addresses for multi-homing", num_addrs);
		642
		643	addrsptr = xmalloc(num_addrs * sizeof(char*));
		644	p = addrs;
		645	for (i = 0; i < num_addrs; i++) {
		646	addrsptr[i] = p;
		647	p = strchr(p+1, ',');
		648	if (p != NULL)
		649	*(p++) = '\0';
		650	}
		651
		652	if (port == 0)
		653	for (i = 0; i < options->num_ports; i++) {
		654	while (--num_addrs) {
		655	add_one_listen_multiple_addr(options, addrsptr[num_addrs], options->ports[i], 0);
		656	}
		657	add_one_listen_multiple_addr(options, addrs, options->ports[i], 1);
		658	}
659	else {
660	while (--num_addrs) {
661	add_one_listen_multiple_addr(options, addrsptr[num_addrs], port, 0);
662	}
663	add_one_listen_multiple_addr(options, addrs, port, 1);
664	}
665
666	free(addrsptr);
667	}
668	#endif
669
579	/*	670	/*
580	* The strategy for the Match blocks is that the config file is parsed twice.	671	* The strategy for the Match blocks is that the config file is parsed twice.
581	*	672	*
Lines 924-929 process_server_config_line(ServerOptions Link Here
924	intptr = &options->key_regeneration_time;	1015	intptr = &options->key_regeneration_time;
925	goto parse_time;	1016	goto parse_time;
926		1017
		1018	#ifdef SCTP
		1019	case sListenMultipleAddresses:
		1020	arg = strdelim(&cp);
		1021	if (arg == NULL \|\| *arg == '\0')
		1022	fatal("%s line %d: missing addresses",
		1023	filename, linenum);
		1024
		1025	/* Check for appended port */
		1026	p = strchr(arg, ';');
		1027	if (p != NULL) {
		1028	if ((port = a2port(p + 1)) <= 0)
		1029	fatal("%s line %d: bad port number", filename, linenum);
		1030	*p = '\0';
		1031	} else {
		1032	port = 0;
		1033	}
		1034	add_listen_multiple_addrs(options, arg, port);
		1035	break;
		1036	#endif
		1037
927	case sListenAddress:	1038	case sListenAddress:
928	arg = strdelim(&cp);	1039	arg = strdelim(&cp);
929	if (arg == NULL \|\| *arg == '\0')	1040	if (arg == NULL \|\| *arg == '\0')
Lines 1313-1318 process_server_config_line(ServerOptions Link Here
1313	options->kex_algorithms = xstrdup(arg);	1424	options->kex_algorithms = xstrdup(arg);
1314	break;	1425	break;
1315		1426
		1427	#ifdef SCTP
		1428	case sTransport:
		1429	arg = strdelim(&cp);
		1430	if (!arg \|\| *arg == '\0')
		1431	fatal("%s line %d: missing transport protocol specification",
		1432	filename, linenum);
		1433	if (strcasecmp(arg, "all") == 0)
		1434	options->transport = TRANSPORT_ALL;
		1435	else if (strcasecmp(arg, "tcp") == 0)
		1436	options->transport = TRANSPORT_TCP;
		1437	else if (strcasecmp(arg, "sctp") == 0)
		1438	options->transport = TRANSPORT_SCTP;
		1439	else
		1440	fatal("%s line %d: unknown transport protocol specified",
		1441	filename, linenum);
		1442	break;
		1443	#endif
		1444
1316	case sProtocol:	1445	case sProtocol:
1317	intptr = &options->protocol;	1446	intptr = &options->protocol;
1318	arg = strdelim(&cp);	1447	arg = strdelim(&cp);
Lines 1761-1766 copy_set_server_options(ServerOptions *d Link Here
1761	M_CP_INTOPT(allow_tcp_forwarding);	1890	M_CP_INTOPT(allow_tcp_forwarding);
1762	M_CP_INTOPT(allow_agent_forwarding);	1891	M_CP_INTOPT(allow_agent_forwarding);
1763	M_CP_INTOPT(permit_tun);	1892	M_CP_INTOPT(permit_tun);
		1893	#ifdef SCTP
		1894	M_CP_INTOPT(transport);
		1895	#endif
1764	M_CP_INTOPT(gateway_ports);	1896	M_CP_INTOPT(gateway_ports);
1765	M_CP_INTOPT(x11_display_offset);	1897	M_CP_INTOPT(x11_display_offset);
1766	M_CP_INTOPT(x11_forwarding);	1898	M_CP_INTOPT(x11_forwarding);
Lines 2013-2018 dump_config(ServerOptions *o) Link Here
2013	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);	2145	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
2014	dump_cfg_fmtint(sUseLogin, o->use_login);	2146	dump_cfg_fmtint(sUseLogin, o->use_login);
2015	dump_cfg_fmtint(sCompression, o->compression);	2147	dump_cfg_fmtint(sCompression, o->compression);
		2148	#ifdef SCTP
		2149	dump_cfg_fmtint(sTransport, o->transport);
		2150	#endif
2016	dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);	2151	dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
2017	dump_cfg_fmtint(sUseDNS, o->use_dns);	2152	dump_cfg_fmtint(sUseDNS, o->use_dns);
2018	dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);	2153	dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);

Lines 54-59 Link Here

(-)openssh-6.6p1.orig/servconf.h (+12 lines)
54	/* Magic name for internal sftp-server */	54	/* Magic name for internal sftp-server */
55	#define INTERNAL_SFTP_NAME "internal-sftp"	55	#define INTERNAL_SFTP_NAME "internal-sftp"
56		56
		57	#ifdef SCTP
		58	/* Transport protocols */
		59	#define TRANSPORT_TCP 1
		60	#define TRANSPORT_SCTP 2
		61	#define TRANSPORT_ALL (TRANSPORT_TCP \| TRANSPORT_SCTP)
		62
		63	#define IS_MULTIPLE_ADDR 0x1000
		64	#endif
		65
57	typedef struct {	66	typedef struct {
58	u_int num_ports;	67	u_int num_ports;
59	u_int ports_from_cmdline;	68	u_int ports_from_cmdline;
Lines 90-95 typedef struct { Link Here
90	char ciphers; / Supported SSH2 ciphers. */	99	char ciphers; / Supported SSH2 ciphers. */
91	char macs; / Supported SSH2 macs. */	100	char macs; / Supported SSH2 macs. */
92	char kex_algorithms; / SSH2 kex methods in order of preference. */	101	char kex_algorithms; / SSH2 kex methods in order of preference. */
		102	#ifdef SCTP
		103	int transport; /* Transport protocol(s) used */
		104	#endif
93	int protocol; /* Supported protocol versions. */	105	int protocol; /* Supported protocol versions. */
94	int gateway_ports; /* If true, allow remote connects to forwarded ports. */	106	int gateway_ports; /* If true, allow remote connects to forwarded ports. */
95	SyslogFacility log_facility; /* Facility for system logging. */	107	SyslogFacility log_facility; /* Facility for system logging. */

Lines 43-49 Link Here

(-)openssh-6.6p1.orig/ssh.1 (-1 / +4 lines)
43	.Sh SYNOPSIS	43	.Sh SYNOPSIS
44	.Nm ssh	44	.Nm ssh
45	.Bk -words	45	.Bk -words
46	.Op Fl 1246AaCfgKkMNnqsTtVvXxYy	46	.Op Fl 1246AaCfgKkMNnqsTtVvXxYyz
47	.Op Fl b Ar bind_address	47	.Op Fl b Ar bind_address
48	.Op Fl c Ar cipher_spec	48	.Op Fl c Ar cipher_spec
49	.Op Fl D Oo Ar bind_address : Oc Ns Ar port	49	.Op Fl D Oo Ar bind_address : Oc Ns Ar port
Lines 483-488 For full details of the options listed b Link Here
483	.It ServerAliveCountMax	483	.It ServerAliveCountMax
484	.It StrictHostKeyChecking	484	.It StrictHostKeyChecking
485	.It TCPKeepAlive	485	.It TCPKeepAlive
		486	.It Transport
486	.It Tunnel	487	.It Tunnel
487	.It TunnelDevice	488	.It TunnelDevice
488	.It UsePrivilegedPort	489	.It UsePrivilegedPort
Lines 675-680 Trusted X11 forwardings are not subjecte Link Here
675	controls.	676	controls.
676	.It Fl y	677	.It Fl y
677	Send log information using the	678	Send log information using the
		679	.It Fl z
		680	Use the SCTP protocol for connection instead of TCP which is the default.
678	.Xr syslog 3	681	.Xr syslog 3
679	system module.	682	system module.
680	By default this information is sent to stderr.	683	By default this information is sent to stderr.




extern u_int muxclient_command;

/* Prints a help message to the user.  This function never returns. */
#ifdef SCTP
#define SCTP_OPT	"z"
#else
#define SCTP_OPT	""
#endif

static void
usage(void)
{
	fprintf(stderr,
"usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] "
							"[-c cipher_spec]\n"
"           [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
"           [-F configfile] [-I pkcs11] [-i identity_file]\n"
"           [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n"

	argv0 = av[0];

 again:
	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
	    "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
		switch (opt) {
		case '1':

			else
				options.control_master = SSHCTL_MASTER_YES;
			break;
#ifdef SCTP
		case 'z':
			options.transport = TRANSPORT_SCTP;
			break;
#endif
		case 'p':
			options.port = a2port(optarg);
			if (options.port <= 0) {

Lines 1322-1327 This is important in scripts, and many u Link Here

(-)openssh-6.6p1.orig/ssh_config.5 (+6 lines)
1322	.Pp	1322	.Pp
1323	To disable TCP keepalive messages, the value should be set to	1323	To disable TCP keepalive messages, the value should be set to
1324	.Dq no .	1324	.Dq no .
		1325	.It Cm Transport
		1326	Specifies the transport protocol while connecting. Valid values are
		1327	.Dq TCP
		1328	and
		1329	.Dq SCTP .
		1330	The default is TCP.
1325	.It Cm Tunnel	1331	.It Cm Tunnel
1326	Request	1332	Request
1327	.Xr tun 4	1333	.Xr tun 4

Lines 63-68 Link Here

(-)openssh-6.6p1.orig/sshconnect.c (+55 lines)
63	#include "ssh2.h"	63	#include "ssh2.h"
64	#include "version.h"	64	#include "version.h"
65		65
		66	#ifdef SCTP
		67	#include <netinet/sctp.h>
		68	#endif
		69
66	char *client_version_string = NULL;	70	char *client_version_string = NULL;
67	char *server_version_string = NULL;	71	char *server_version_string = NULL;
68		72
Lines 270-275 ssh_create_socket(int privileged, struct Link Here
270	{	274	{
271	int sock, r, gaierr;	275	int sock, r, gaierr;
272	struct addrinfo hints, *res = NULL;	276	struct addrinfo hints, *res = NULL;
		277	#ifdef SCTP
		278	char more_addrs, next_addr;
		279	#endif
273		280
274	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);	281	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
275	if (sock < 0) {	282	if (sock < 0) {
Lines 283-292 ssh_create_socket(int privileged, struct Link Here
283	return sock;	290	return sock;
284		291
285	if (options.bind_address) {	292	if (options.bind_address) {
		293	#ifdef SCTP
		294	/* Check if multiple addresses have been specified */
		295	if ((more_addrs = strchr(options.bind_address, ',')) != NULL) {
		296	*(more_addrs++) = '\0';
		297	}
		298	#endif
286	memset(&hints, 0, sizeof(hints));	299	memset(&hints, 0, sizeof(hints));
287	hints.ai_family = ai->ai_family;	300	hints.ai_family = ai->ai_family;
288	hints.ai_socktype = ai->ai_socktype;	301	hints.ai_socktype = ai->ai_socktype;
		302	#ifndef SCTP
		303	/* Only specify protocol if SCTP is not used, due
		304	* to the lack of SCTP support for getaddrinfo()
		305	*/
289	hints.ai_protocol = ai->ai_protocol;	306	hints.ai_protocol = ai->ai_protocol;
		307	#endif
290	hints.ai_flags = AI_PASSIVE;	308	hints.ai_flags = AI_PASSIVE;
291	gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);	309	gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
292	if (gaierr) {	310	if (gaierr) {
Lines 319-324 ssh_create_socket(int privileged, struct Link Here
319	return -1;	337	return -1;
320	}	338	}
321	}	339	}
		340	#ifdef SCTP
		341	/* If there are multiple addresses, bind them too */
		342	if (more_addrs) {
		343	do {
		344	next_addr = strchr(more_addrs, ',');
		345	if (next_addr != NULL) {
		346	*(next_addr++) = '\0';
		347	}
		348
		349	gaierr = getaddrinfo(more_addrs, NULL, &hints, &res);
		350	if (gaierr) {
		351	error("getaddrinfo: %s: %s", more_addrs,
		352	ssh_gai_strerror(gaierr));
		353	close(sock);
		354	return -1;
		355	}
		356	if (sctp_bindx(sock, (struct sockaddr *)res->ai_addr,
		357	1, SCTP_BINDX_ADD_ADDR) != 0) {
		358	error("bind: %s: %s", options.bind_address, strerror(errno));
		359	close(sock);
		360	freeaddrinfo(res);
		361	return -1;
		362	}
		363
		364	more_addrs = next_addr;
		365	} while (next_addr != NULL);
		366	}
		367	#endif
322	if (res != NULL)	368	if (res != NULL)
323	freeaddrinfo(res);	369	freeaddrinfo(res);
324	return sock;	370	return sock;
Lines 430-435 ssh_connect_direct(const char *host, str Link Here
430		476
431	debug2("ssh_connect: needpriv %d", needpriv);	477	debug2("ssh_connect: needpriv %d", needpriv);
432		478
		479	#ifdef SCTP
		480	/* Use SCTP if requested */
		481	if (options.transport == TRANSPORT_SCTP) {
		482	for (ai = aitop; ai; ai = ai->ai_next) {
		483	ai->ai_protocol = IPPROTO_SCTP;
		484	}
		485	}
		486	#endif
		487
433	for (attempt = 0; attempt < connection_attempts; attempt++) {	488	for (attempt = 0; attempt < connection_attempts; attempt++) {
434	if (attempt > 0) {	489	if (attempt > 0) {
435	/* Sleep a moment before retrying. */	490	/* Sleep a moment before retrying. */

Lines 129-134 int allow_severity; Link Here

(-)openssh-6.6p1.orig/sshd.c (-1 / +139 lines)
129	int deny_severity;	129	int deny_severity;
130	#endif /* LIBWRAP */	130	#endif /* LIBWRAP */
131		131
		132	#ifdef SCTP
		133	#include <netinet/sctp.h>
		134	#endif
		135
132	#ifndef O_NOCTTY	136	#ifndef O_NOCTTY
133	#define O_NOCTTY 0	137	#define O_NOCTTY 0
134	#endif	138	#endif
Lines 1086-1091 server_listen(void) Link Here
1086	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {	1090	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
1087	if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)	1091	if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1088	continue;	1092	continue;
		1093	#ifdef SCTP
		1094	/* Ignore multi-homing addresses for TCP */
		1095	if (ai->ai_flags & IS_MULTIPLE_ADDR \|\|
		1096	(ai->ai_next != NULL && ai->ai_next->ai_flags & IS_MULTIPLE_ADDR))
		1097	continue;
		1098	#endif
1089	if (num_listen_socks >= MAX_LISTEN_SOCKS)	1099	if (num_listen_socks >= MAX_LISTEN_SOCKS)
1090	fatal("Too many listen sockets. "	1100	fatal("Too many listen sockets. "
1091	"Enlarge MAX_LISTEN_SOCKS");	1101	"Enlarge MAX_LISTEN_SOCKS");
Lines 1144-1149 server_listen(void) Link Here
1144	fatal("Cannot bind any address.");	1154	fatal("Cannot bind any address.");
1145	}	1155	}
1146		1156
		1157	#ifdef SCTP
		1158	/*
		1159	* Listen for SCTP connections
		1160	*/
		1161	static void
		1162	server_listen_sctp(void)
		1163	{
		1164	int ret, listen_sock, on = 1;
		1165	struct addrinfo ai, aiv6;
		1166	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
		1167
		1168	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
		1169	if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
		1170	continue;
		1171	/* Ignore multi-homing addresses at this point */
		1172	if (ai->ai_flags & IS_MULTIPLE_ADDR)
		1173	continue;
		1174	if (num_listen_socks >= MAX_LISTEN_SOCKS)
		1175	fatal("Too many listen sockets. "
		1176	"Enlarge MAX_LISTEN_SOCKS");
		1177	if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,
		1178	ntop, sizeof(ntop), strport, sizeof(strport),
		1179	NI_NUMERICHOST\|NI_NUMERICSERV)) != 0) {
		1180	error("getnameinfo failed: %.100s",
		1181	ssh_gai_strerror(ret));
		1182	continue;
		1183	}
		1184	/* Check for multi-homed IPv6 addresses if family is IPv4 */
		1185	if (ai->ai_family == AF_INET) {
		1186	aiv6 = ai->ai_next;
		1187	while (aiv6 != NULL && aiv6->ai_flags & IS_MULTIPLE_ADDR) {
		1188	if (aiv6->ai_family == AF_INET6) {
		1189	ai->ai_family = AF_INET6;
		1190	break;
		1191	}
		1192	aiv6 = aiv6->ai_next;
		1193	}
		1194	}
		1195
		1196	/* Create socket for listening. */
		1197	listen_sock = socket(ai->ai_family, ai->ai_socktype,
		1198	IPPROTO_SCTP);
		1199	if (listen_sock < 0) {
		1200	/* kernel may not support ipv6 */
		1201	verbose("SCTP socket: %.100s", strerror(errno));
		1202	continue;
		1203	}
		1204	if (set_nonblock(listen_sock) == -1) {
		1205	close(listen_sock);
		1206	continue;
		1207	}
		1208	/*
		1209	* Set socket options.
		1210	* Allow local port reuse in TIME_WAIT.
		1211	*/
		1212	if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,
		1213	&on, sizeof(on)) == -1)
		1214	error("SCTP setsockopt SO_REUSEADDR: %s", strerror(errno));
		1215
		1216	/* Only communicate in IPv6 over AF_INET6 sockets if not multi-homed. */
		1217	if (ai->ai_family == AF_INET6 && (ai->ai_next == NULL \|\|
		1218	(ai->ai_next != NULL && ai->ai_next->ai_flags == 0)))
		1219	sock_set_v6only(listen_sock);
		1220
1221	if (ai->ai_next != NULL && ai->ai_next->ai_flags & IS_MULTIPLE_ADDR)
1222	debug("Bind multi-homed to SCTP port %s on %s.", strport, ntop);
1223	else
1224	debug("Bind to SCTP port %s on %s.", strport, ntop);
1225
1226	/* Bind the socket to the desired port. */
1227	if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1228	error("Bind to SCTP port %s on %s failed: %.200s.",
1229	strport, ntop, strerror(errno));
1230	close(listen_sock);
1231	continue;
1232	}
1233
1234	/* Bind multi-homing addresses */
1235	while (ai->ai_next != NULL &&
1236	ai->ai_next->ai_flags & IS_MULTIPLE_ADDR) {
1237	ai = ai->ai_next;
1238
1239	if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,
1240	ntop, sizeof(ntop), strport, sizeof(strport),
1241	NI_NUMERICHOST\|NI_NUMERICSERV)) != 0) {
1242	error("getnameinfo failed: %.100s",
1243	ssh_gai_strerror(ret));
1244	continue;
1245	}
1246
1247	debug("Bind multi-homed to SCTP port %s on %s.", strport, ntop);
1248
1249	if (sctp_bindx(listen_sock, (struct sockaddr *)ai->ai_addr, 1, SCTP_BINDX_ADD_ADDR) != 0) {
1250	error("Bind to SCTP port %s on %s failed: %.200s.",
1251	strport, ntop, strerror(errno));
1252	close(listen_sock);
1253	continue;
1254	}
1255	}
1256
1257	listen_socks[num_listen_socks] = listen_sock;
1258	num_listen_socks++;
1259
1260	/* Start listening on the port. */
1261	if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0)
1262	fatal("SCTP listen on [%s]:%s: %.100s",
1263	ntop, strport, strerror(errno));
1264	if (ai->ai_flags & IS_MULTIPLE_ADDR)
1265	logit("Server listening multi-homed with SCTP on port %s.", strport);
1266	else
1267	logit("Server listening with SCTP on %s port %s.", ntop, strport);
1268	}
1269	/* Only free addresses if SCTP is the only used protocol */
1270	if (options.transport == TRANSPORT_SCTP)
1271	freeaddrinfo(options.listen_addrs);
1272
1273	if (!num_listen_socks)
1274	fatal("Cannot bind any address for SCTP.");
1275	}
1276	#endif
1277
1147	/*	1278	/*
1148	* The main TCP accept loop. Note that, for the non-debug case, returns	1279	* The main TCP accept loop. Note that, for the non-debug case, returns
1149	* from this function are in a forked subprocess.	1280	* from this function are in a forked subprocess.
Lines 1897-1903 main(int ac, char **av) Link Here
1897	server_accept_inetd(&sock_in, &sock_out);	2028	server_accept_inetd(&sock_in, &sock_out);
1898	} else {	2029	} else {
1899	platform_pre_listen();	2030	platform_pre_listen();
1900	server_listen();	2031
		2032	#ifdef SCTP
		2033	if (options.transport & TRANSPORT_SCTP)
		2034	server_listen_sctp();
		2035
		2036	if (options.transport & TRANSPORT_TCP)
		2037	#endif
		2038	server_listen();
1901		2039
1902	if (options.protocol & SSH_PROTO_1)	2040	if (options.protocol & SSH_PROTO_1)
1903	generate_ephemeral_server_key();	2041	generate_ephemeral_server_key();




.Pp
To disable TCP keepalive messages, the value should be set to
.Dq no .
.It Cm Transport
Specifies the transport protocol that should be used by
.Xr sshd 8 .
Valid values are
.Dq TCP ,
.Dq SCTP ,
.Dq all.
The value
.Dq all
means to listen on TCP and SCTP sockets. The default is to listen only on
TCP sockets.
.It Cm TrustedUserCAKeys
Specifies a file containing public keys of certificate authorities that are
trusted to sign user certificates for authentication.

Return to bug 2016

Lines 3919-3924 AC_ARG_WITH([selinux], Link Here

(-)openssh-6.6p1.orig/configure.ac (+14 lines)
3919	AC_SUBST([SSHLIBS])	3919	AC_SUBST([SSHLIBS])
3920	AC_SUBST([SSHDLIBS])	3920	AC_SUBST([SSHDLIBS])
3921		3921
		3922	#check whether user wants SCTP support
		3923	SCTP_MSG="no"
		3924	AC_ARG_WITH(sctp,
		3925	[ --with-sctp Enable SCTP support],
		3926	[ if test "x$withval" != "xno" ; then
		3927	AC_DEFINE(SCTP,1,[Define if you want SCTP support.])
		3928	AC_CHECK_FUNCS(sctp_recvmsg, , AC_CHECK_LIB(sctp, sctp_recvmsg, ,
		3929	[AC_MSG_ERROR([* Can not use SCTP - maybe libsctp-dev is missing *])]
		3930	))
		3931	SCTP_MSG="yes"
		3932	fi ]
		3933	)
		3934
3922	# Check whether user wants Kerberos 5 support	3935	# Check whether user wants Kerberos 5 support
3923	KRB5_MSG="no"	3936	KRB5_MSG="no"
3924	AC_ARG_WITH([kerberos5],	3937	AC_ARG_WITH([kerberos5],
Lines 4842-4847 echo " PAM support Link Here
4842	echo " OSF SIA support: $SIA_MSG"	4855	echo " OSF SIA support: $SIA_MSG"
4843	echo " KerberosV support: $KRB5_MSG"	4856	echo " KerberosV support: $KRB5_MSG"
4844	echo " SELinux support: $SELINUX_MSG"	4857	echo " SELinux support: $SELINUX_MSG"
		4858	echo " SCTP support: $SCTP_MSG"
4845	echo " Smartcard support: $SCARD_MSG"	4859	echo " Smartcard support: $SCARD_MSG"
4846	echo " S/KEY support: $SKEY_MSG"	4860	echo " S/KEY support: $SKEY_MSG"
4847	echo " TCP Wrappers support: $TCPW_MSG"	4861	echo " TCP Wrappers support: $TCPW_MSG"

Lines 191-202 extern int muxserver_sock; Link Here

(-)openssh-6.6p1.orig/ssh.c (-2 / +13 lines)
191	extern u_int muxclient_command;	191	extern u_int muxclient_command;
192		192
193	/* Prints a help message to the user. This function never returns. */	193	/* Prints a help message to the user. This function never returns. */
		194	#ifdef SCTP
		195	#define SCTP_OPT "z"
		196	#else
		197	#define SCTP_OPT ""
		198	#endif
194		199
195	static void	200	static void
196	usage(void)	201	usage(void)
197	{	202	{
198	fprintf(stderr,	203	fprintf(stderr,
199	"usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"	204	"usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] "
		205	"[-c cipher_spec]\n"
200	" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"	206	" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
201	" [-F configfile] [-I pkcs11] [-i identity_file]\n"	207	" [-F configfile] [-I pkcs11] [-i identity_file]\n"
202	" [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n"	208	" [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n"
Lines 500-506 main(int ac, char **av) Link Here
500	argv0 = av[0];	506	argv0 = av[0];
501		507
502	again:	508	again:
503	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"	509	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
504	"ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {	510	"ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
505	switch (opt) {	511	switch (opt) {
506	case '1':	512	case '1':
Lines 720-725 main(int ac, char **av) Link Here
720	else	726	else
721	options.control_master = SSHCTL_MASTER_YES;	727	options.control_master = SSHCTL_MASTER_YES;
722	break;	728	break;
		729	#ifdef SCTP
		730	case 'z':
		731	options.transport = TRANSPORT_SCTP;
		732	break;
		733	#endif
723	case 'p':	734	case 'p':
724	options.port = a2port(optarg);	735	options.port = a2port(optarg);
725	if (options.port <= 0) {	736	if (options.port <= 0) {

Lines 1155-1160 This avoids infinitely hanging sessions. Link Here

(-)openssh-6.6p1.orig/sshd_config.5 (+11 lines)
1155	.Pp	1155	.Pp
1156	To disable TCP keepalive messages, the value should be set to	1156	To disable TCP keepalive messages, the value should be set to
1157	.Dq no .	1157	.Dq no .
		1158	.It Cm Transport
		1159	Specifies the transport protocol that should be used by
		1160	.Xr sshd 8 .
		1161	Valid values are
		1162	.Dq TCP ,
		1163	.Dq SCTP ,
		1164	.Dq all.
		1165	The value
		1166	.Dq all
		1167	means to listen on TCP and SCTP sockets. The default is to listen only on
		1168	TCP sockets.
1158	.It Cm TrustedUserCAKeys	1169	.It Cm TrustedUserCAKeys
1159	Specifies a file containing public keys of certificate authorities that are	1170	Specifies a file containing public keys of certificate authorities that are
1160	trusted to sign user certificates for authentication.	1171	trusted to sign user certificates for authentication.