Attachment #2496 for bug #2016




AC_SUBST([SSHLIBS])
AC_SUBST([SSHDLIBS])

#check whether user wants SCTP support
SCTP_MSG="no"
AC_ARG_WITH(sctp,
	[  --with-sctp             Enable SCTP support],
	[ if test "x$withval" != "xno" ; then
		AC_DEFINE(SCTP,1,[Define if you want SCTP support.])
		AC_CHECK_FUNCS(sctp_recvmsg, , AC_CHECK_LIB(sctp, sctp_recvmsg, ,
			       [AC_MSG_ERROR([*** Can not use SCTP - maybe libsctp-dev is missing ***])]
			       ))
		SCTP_MSG="yes"
	fi ]
)

# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH([kerberos5],

echo "                   OSF SIA support: $SIA_MSG"
echo "                 KerberosV support: $KRB5_MSG"
echo "                   SELinux support: $SELINUX_MSG"
echo "                      SCTP support: $SCTP_MSG"
echo "                 Smartcard support: $SCARD_MSG"
echo "                     S/KEY support: $SKEY_MSG"
echo "              MD5 password support: $MD5_MSG"

Lines 61-66 Link Here

(-)openssh-6.7p1.orig/misc.c (-5 / +34 lines)
61	#include "log.h"	61	#include "log.h"
62	#include "ssh.h"	62	#include "ssh.h"
63		63
		64	#ifdef SCTP
		65	#include <netinet/sctp.h>
		66	#endif
		67
64	/* remove newline at end of string */	68	/* remove newline at end of string */
65	char *	69	char *
66	chop(char *s)	70	chop(char *s)
Lines 139-159 void Link Here
139	set_nodelay(int fd)	143	set_nodelay(int fd)
140	{	144	{
141	int opt;	145	int opt;
		146	int is_tcp = 1;
		147	int ret;
142	socklen_t optlen;	148	socklen_t optlen;
143		149
144	optlen = sizeof opt;	150	optlen = sizeof opt;
145	if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) {	151	if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) {
146	debug("getsockopt TCP_NODELAY: %.100s", strerror(errno));	152	#ifdef SCTP
		153	/* TCP_NODELAY failed, try SCTP_NODELAY */
		154	if (getsockopt(fd, IPPROTO_SCTP, SCTP_NODELAY, &opt, &optlen) == -1) {
		155	debug("getsockopt TCP_NODELAY/SCTP_NODELAY: %.100s", strerror(errno));
		156	return;
		157	}
		158	is_tcp = 0;
		159	#else
147	return;	160	return;
		161	#endif
148	}	162	}
149	if (opt == 1) {	163	if (opt == 1) {
150	debug2("fd %d is TCP_NODELAY", fd);	164	debug2("fd %d is TCP_NODELAY/SCTP_NODELAY", fd);
151	return;	165	return;
152	}	166	}
153	opt = 1;	167	opt = 1;
154	debug2("fd %d setting TCP_NODELAY", fd);	168	debug2("fd %d setting TCP_NODELAY/SCTP_NODELAY", fd);
155	if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1)	169
156	error("setsockopt TCP_NODELAY: %.100s", strerror(errno));	170	if (is_tcp) {
		171	ret = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt,
		172	sizeof(opt));
		173	if (ret < 0)
		174	error("setsockopt TCP_NODELAY: %.100s",
		175	strerror(errno));
		176	}
		177	#ifdef SCTP
		178	else {
		179	ret = setsockopt(fd, IPPROTO_SCTP, SCTP_NODELAY, &opt,
		180	sizeof(opt));
		181	if (ret < 0)
		182	error("setsockopt SCTP_NODELAY: %.100s",
		183	strerror(errno));
		184	}
		185	#endif
157	}	186	}
158		187
159	/* Characters considered whitespace in strsep calls. */	188	/* Characters considered whitespace in strsep calls. */

Lines 130-135 typedef enum { Link Here

(-)openssh-6.7p1.orig/readconf.c (+29 lines)
130	oPasswordAuthentication, oRSAAuthentication,	130	oPasswordAuthentication, oRSAAuthentication,
131	oChallengeResponseAuthentication, oXAuthLocation,	131	oChallengeResponseAuthentication, oXAuthLocation,
132	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,	132	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
		133	#ifdef SCTP
		134	oTransport,
		135	#endif
133	oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,	136	oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
134	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,	137	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
135	oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,	138	oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
Lines 198-203 static struct { Link Here
198	{ "hostname", oHostName },	201	{ "hostname", oHostName },
199	{ "hostkeyalias", oHostKeyAlias },	202	{ "hostkeyalias", oHostKeyAlias },
200	{ "proxycommand", oProxyCommand },	203	{ "proxycommand", oProxyCommand },
		204	#ifdef SCTP
		205	{ "transport", oTransport },
		206	#endif
201	{ "port", oPort },	207	{ "port", oPort },
202	{ "cipher", oCipher },	208	{ "cipher", oCipher },
203	{ "ciphers", oCiphers },	209	{ "ciphers", oCiphers },
Lines 1018-1023 parse_command: Link Here
1018	*charptr = xstrdup(s + len);	1024	*charptr = xstrdup(s + len);
1019	return 0;	1025	return 0;
1020		1026
		1027	#ifdef SCTP
		1028	case oTransport:
		1029	arg = strdelim(&s);
		1030	if (!arg \|\| *arg == '\0')
		1031	fatal("%s line %d: missing transport protocol specification",
		1032	filename, linenum);
		1033	if (strcasecmp(arg, "tcp") == 0)
		1034	options->transport = TRANSPORT_TCP;
		1035	else if (strcasecmp(arg, "sctp") == 0)
		1036	options->transport = TRANSPORT_SCTP;
		1037	else
		1038	fatal("%s line %d: unknown transport protocol specified",
		1039	filename, linenum);
		1040	break;
		1041	#endif
		1042
1021	case oPort:	1043	case oPort:
1022	intptr = &options->port;	1044	intptr = &options->port;
1023	parse_int:	1045	parse_int:
Lines 1550-1555 initialize_options(Options * options) Link Here
1550	options->compression = -1;	1572	options->compression = -1;
1551	options->tcp_keep_alive = -1;	1573	options->tcp_keep_alive = -1;
1552	options->compression_level = -1;	1574	options->compression_level = -1;
		1575	#ifdef SCTP
		1576	options->transport = -1;
		1577	#endif
1553	options->port = -1;	1578	options->port = -1;
1554	options->address_family = -1;	1579	options->address_family = -1;
1555	options->connection_attempts = -1;	1580	options->connection_attempts = -1;
Lines 1683-1688 fill_default_options(Options * options) Link Here
1683	options->tcp_keep_alive = 1;	1708	options->tcp_keep_alive = 1;
1684	if (options->compression_level == -1)	1709	if (options->compression_level == -1)
1685	options->compression_level = 6;	1710	options->compression_level = 6;
		1711	#ifdef SCTP
		1712	if (options->transport == -1)
		1713	options->transport = TRANSPORT_TCP;
		1714	#endif
1686	if (options->port == -1)	1715	if (options->port == -1)
1687	options->port = 0; /* Filled in ssh_connect. */	1716	options->port = 0; /* Filled in ssh_connect. */
1688	if (options->address_family == -1)	1717	if (options->address_family == -1)

Lines 28-33 struct allowed_cname { Link Here

(-)openssh-6.7p1.orig/readconf.h (+7 lines)
28	char *target_list;	28	char *target_list;
29	};	29	};
30		30
		31	/* Transport protocols */
		32	#define TRANSPORT_TCP 1
		33	#define TRANSPORT_SCTP 2
		34
31	typedef struct {	35	typedef struct {
32	int forward_agent; /* Forward authentication agent. */	36	int forward_agent; /* Forward authentication agent. */
33	int forward_x11; /* Forward X11 display. */	37	int forward_x11; /* Forward X11 display. */
Lines 61-66 typedef struct { Link Here
61	int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */	65	int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
62	LogLevel log_level; /* Level for logging. */	66	LogLevel log_level; /* Level for logging. */
63		67
		68	#ifdef SCTP
		69	int transport; /* Transport protocol used. */
		70	#endif
64	int port; /* Port to connect. */	71	int port; /* Port to connect. */
65	int address_family;	72	int address_family;
66	int connection_attempts; /* Max attempts (seconds) before	73	int connection_attempts; /* Max attempts (seconds) before

Lines 19-25 Link Here

(-)openssh-6.7p1.orig/scp.1 (-1 / +4 lines)
19	.Sh SYNOPSIS	19	.Sh SYNOPSIS
20	.Nm scp	20	.Nm scp
21	.Bk -words	21	.Bk -words
22	.Op Fl 12346BCpqrv	22	.Op Fl 12346BCpqrvz
23	.Op Fl c Ar cipher	23	.Op Fl c Ar cipher
24	.Op Fl F Ar ssh_config	24	.Op Fl F Ar ssh_config
25	.Op Fl i Ar identity_file	25	.Op Fl i Ar identity_file
Lines 178-183 For full details of the options listed b Link Here
178	.It ServerAliveCountMax	178	.It ServerAliveCountMax
179	.It StrictHostKeyChecking	179	.It StrictHostKeyChecking
180	.It TCPKeepAlive	180	.It TCPKeepAlive
		181	.It Transport
181	.It UsePrivilegedPort	182	.It UsePrivilegedPort
182	.It User	183	.It User
183	.It UserKnownHostsFile	184	.It UserKnownHostsFile
Lines 218-223 and Link Here
218	to print debugging messages about their progress.	219	to print debugging messages about their progress.
219	This is helpful in	220	This is helpful in
220	debugging connection, authentication, and configuration problems.	221	debugging connection, authentication, and configuration problems.
		222	.It Fl z
		223	Use the SCTP protocol for connection instead of TCP which is the default.
221	.El	224	.El
222	.Sh EXIT STATUS	225	.Sh EXIT STATUS
223	.Ex -std scp	226	.Ex -std scp

Lines 395-401 main(int argc, char **argv) Link Here

(-)openssh-6.7p1.orig/scp.c (+7 lines)
395	addargs(&args, "-oClearAllForwardings=yes");	395	addargs(&args, "-oClearAllForwardings=yes");
396		396
397	fflag = tflag = 0;	397	fflag = tflag = 0;
		398	#ifdef SCTP
		399	while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:z")) != -1)
		400	#else
398	while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1)	401	while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1)
		402	#endif
399	switch (ch) {	403	switch (ch) {
400	/* User-visible flags. */	404	/* User-visible flags. */
401	case '1':	405	case '1':
Lines 403-408 main(int argc, char **argv) Link Here
403	case '4':	407	case '4':
404	case '6':	408	case '6':
405	case 'C':	409	case 'C':
		410	#ifdef SCTP
		411	case 'z':
		412	#endif
406	addargs(&args, "-%c", ch);	413	addargs(&args, "-%c", ch);
407	addargs(&remote_remote_args, "-%c", ch);	414	addargs(&remote_remote_args, "-%c", ch);
408	break;	415	break;

Lines 129-134 initialize_server_options(ServerOptions Link Here

(-)openssh-6.7p1.orig/servconf.c (+135 lines)
129	options->ciphers = NULL;	129	options->ciphers = NULL;
130	options->macs = NULL;	130	options->macs = NULL;
131	options->kex_algorithms = NULL;	131	options->kex_algorithms = NULL;
		132	#ifdef SCTP
		133	options->transport = -1;
		134	#endif
132	options->protocol = SSH_PROTO_UNKNOWN;	135	options->protocol = SSH_PROTO_UNKNOWN;
133	options->fwd_opts.gateway_ports = -1;	136	options->fwd_opts.gateway_ports = -1;
134	options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;	137	options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
Lines 276-281 fill_default_server_options(ServerOption Link Here
276	options->allow_streamlocal_forwarding = FORWARD_ALLOW;	279	options->allow_streamlocal_forwarding = FORWARD_ALLOW;
277	if (options->allow_agent_forwarding == -1)	280	if (options->allow_agent_forwarding == -1)
278	options->allow_agent_forwarding = 1;	281	options->allow_agent_forwarding = 1;
		282	#ifdef SCTP
		283	if (options->transport == -1)
		284	options->transport = TRANSPORT_TCP;
		285	#endif
279	if (options->fwd_opts.gateway_ports == -1)	286	if (options->fwd_opts.gateway_ports == -1)
280	options->fwd_opts.gateway_ports = 0;	287	options->fwd_opts.gateway_ports = 0;
281	if (options->max_startups == -1)	288	if (options->max_startups == -1)
Lines 341-346 typedef enum { Link Here
341	sKerberosTgtPassing, sChallengeResponseAuthentication,	348	sKerberosTgtPassing, sChallengeResponseAuthentication,
342	sPasswordAuthentication, sKbdInteractiveAuthentication,	349	sPasswordAuthentication, sKbdInteractiveAuthentication,
343	sListenAddress, sAddressFamily,	350	sListenAddress, sAddressFamily,
		351	#ifdef SCTP
		352	sTransport, sListenMultipleAddresses,
		353	#endif
344	sPrintMotd, sPrintLastLog, sIgnoreRhosts,	354	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
345	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,	355	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
346	sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,	356	sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
Lines 431-436 static struct { Link Here
431	{ "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */	441	{ "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
432	{ "checkmail", sDeprecated, SSHCFG_GLOBAL },	442	{ "checkmail", sDeprecated, SSHCFG_GLOBAL },
433	{ "listenaddress", sListenAddress, SSHCFG_GLOBAL },	443	{ "listenaddress", sListenAddress, SSHCFG_GLOBAL },
		444	#ifdef SCTP
		445	{ "listenmultipleaddresses", sListenMultipleAddresses, SSHCFG_GLOBAL },
		446	#endif
434	{ "addressfamily", sAddressFamily, SSHCFG_GLOBAL },	447	{ "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
435	{ "printmotd", sPrintMotd, SSHCFG_GLOBAL },	448	{ "printmotd", sPrintMotd, SSHCFG_GLOBAL },
436	{ "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },	449	{ "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
Lines 456-461 static struct { Link Here
456	{ "denygroups", sDenyGroups, SSHCFG_ALL },	469	{ "denygroups", sDenyGroups, SSHCFG_ALL },
457	{ "ciphers", sCiphers, SSHCFG_GLOBAL },	470	{ "ciphers", sCiphers, SSHCFG_GLOBAL },
458	{ "macs", sMacs, SSHCFG_GLOBAL },	471	{ "macs", sMacs, SSHCFG_GLOBAL },
		472	#ifdef SCTP
		473	{ "transport", sTransport, SSHCFG_GLOBAL },
		474	#endif
459	{ "protocol", sProtocol, SSHCFG_GLOBAL },	475	{ "protocol", sProtocol, SSHCFG_GLOBAL },
460	{ "gatewayports", sGatewayPorts, SSHCFG_ALL },	476	{ "gatewayports", sGatewayPorts, SSHCFG_ALL },
461	{ "subsystem", sSubsystem, SSHCFG_GLOBAL },	477	{ "subsystem", sSubsystem, SSHCFG_GLOBAL },
Lines 594-599 get_connection_info(int populate, int us Link Here
594	return &ci;	610	return &ci;
595	}	611	}
596		612
		613	#ifdef SCTP
		614	static void
		615	add_one_listen_multiple_addr(ServerOptions options, char addr, int port, int last)
		616	{
		617	struct addrinfo hints, ai, aitop;
		618	char strport[NI_MAXSERV];
		619	int gaierr;
		620
		621	memset(&hints, 0, sizeof(hints));
		622	hints.ai_family = options->address_family;
		623	hints.ai_socktype = SOCK_STREAM;
		624	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
		625	snprintf(strport, sizeof strport, "%d", port);
		626	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
		627	fatal("bad addr or host: %s (%s)",
		628	addr ? addr : "<NULL>",
		629	ssh_gai_strerror(gaierr));
		630	/* Mark addresses as multihomed */
		631	for (ai = aitop; ai->ai_next; ai = ai->ai_next)
		632	ai->ai_flags = IS_MULTIPLE_ADDR;
		633	ai->ai_flags = IS_MULTIPLE_ADDR;
		634	ai->ai_next = options->listen_addrs;
		635	options->listen_addrs = aitop;
		636
		637	if (last) {
		638	aitop->ai_flags = 0;
		639	}
		640	}
		641
		642	static void
		643	add_listen_multiple_addrs(ServerOptions options, char addrs, int port)
		644	{
		645	u_int i, num_addrs;
		646	char *addrsptr, p;
		647
		648	if (options->num_ports == 0)
		649	options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
		650	if (options->address_family == -1)
		651	options->address_family = AF_UNSPEC;
		652
		653	num_addrs = 1;
		654	p = addrs;
		655	while ((p = strchr(p, ',')) != NULL) {
		656	num_addrs++;
		657	p++;
		658	}
		659	debug("found %d addresses for multi-homing", num_addrs);
		660
		661	addrsptr = xmalloc(num_addrs * sizeof(char*));
		662	p = addrs;
		663	for (i = 0; i < num_addrs; i++) {
		664	addrsptr[i] = p;
		665	p = strchr(p+1, ',');
		666	if (p != NULL)
		667	*(p++) = '\0';
		668	}
		669
		670	if (port == 0)
		671	for (i = 0; i < options->num_ports; i++) {
		672	while (--num_addrs) {
		673	add_one_listen_multiple_addr(options, addrsptr[num_addrs], options->ports[i], 0);
		674	}
		675	add_one_listen_multiple_addr(options, addrs, options->ports[i], 1);
		676	}
677	else {
678	while (--num_addrs) {
679	add_one_listen_multiple_addr(options, addrsptr[num_addrs], port, 0);
680	}
681	add_one_listen_multiple_addr(options, addrs, port, 1);
682	}
683
684	free(addrsptr);
685	}
686	#endif
687
597	/*	688	/*
598	* The strategy for the Match blocks is that the config file is parsed twice.	689	* The strategy for the Match blocks is that the config file is parsed twice.
599	*	690	*
Lines 942-947 process_server_config_line(ServerOptions Link Here
942	intptr = &options->key_regeneration_time;	1033	intptr = &options->key_regeneration_time;
943	goto parse_time;	1034	goto parse_time;
944		1035
		1036	#ifdef SCTP
		1037	case sListenMultipleAddresses:
		1038	arg = strdelim(&cp);
		1039	if (arg == NULL \|\| *arg == '\0')
		1040	fatal("%s line %d: missing addresses",
		1041	filename, linenum);
		1042
		1043	/* Check for appended port */
		1044	p = strchr(arg, ';');
		1045	if (p != NULL) {
		1046	if ((port = a2port(p + 1)) <= 0)
		1047	fatal("%s line %d: bad port number", filename, linenum);
		1048	*p = '\0';
		1049	} else {
		1050	port = 0;
		1051	}
		1052	add_listen_multiple_addrs(options, arg, port);
		1053	break;
		1054	#endif
		1055
945	case sListenAddress:	1056	case sListenAddress:
946	arg = strdelim(&cp);	1057	arg = strdelim(&cp);
947	if (arg == NULL \|\| *arg == '\0')	1058	if (arg == NULL \|\| *arg == '\0')
Lines 1340-1345 process_server_config_line(ServerOptions Link Here
1340	options->kex_algorithms = xstrdup(arg);	1451	options->kex_algorithms = xstrdup(arg);
1341	break;	1452	break;
1342		1453
		1454	#ifdef SCTP
		1455	case sTransport:
		1456	arg = strdelim(&cp);
		1457	if (!arg \|\| *arg == '\0')
		1458	fatal("%s line %d: missing transport protocol specification",
		1459	filename, linenum);
		1460	if (strcasecmp(arg, "all") == 0)
		1461	options->transport = TRANSPORT_ALL;
		1462	else if (strcasecmp(arg, "tcp") == 0)
		1463	options->transport = TRANSPORT_TCP;
		1464	else if (strcasecmp(arg, "sctp") == 0)
		1465	options->transport = TRANSPORT_SCTP;
		1466	else
		1467	fatal("%s line %d: unknown transport protocol specified",
		1468	filename, linenum);
		1469	break;
		1470	#endif
		1471
1343	case sProtocol:	1472	case sProtocol:
1344	intptr = &options->protocol;	1473	intptr = &options->protocol;
1345	arg = strdelim(&cp);	1474	arg = strdelim(&cp);
Lines 1805-1810 copy_set_server_options(ServerOptions *d Link Here
1805	M_CP_INTOPT(allow_streamlocal_forwarding);	1934	M_CP_INTOPT(allow_streamlocal_forwarding);
1806	M_CP_INTOPT(allow_agent_forwarding);	1935	M_CP_INTOPT(allow_agent_forwarding);
1807	M_CP_INTOPT(permit_tun);	1936	M_CP_INTOPT(permit_tun);
		1937	#ifdef SCTP
		1938	M_CP_INTOPT(transport);
		1939	#endif
1808	M_CP_INTOPT(fwd_opts.gateway_ports);	1940	M_CP_INTOPT(fwd_opts.gateway_ports);
1809	M_CP_INTOPT(x11_display_offset);	1941	M_CP_INTOPT(x11_display_offset);
1810	M_CP_INTOPT(x11_forwarding);	1942	M_CP_INTOPT(x11_forwarding);
Lines 2061-2066 dump_config(ServerOptions *o) Link Here
2061	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);	2193	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
2062	dump_cfg_fmtint(sUseLogin, o->use_login);	2194	dump_cfg_fmtint(sUseLogin, o->use_login);
2063	dump_cfg_fmtint(sCompression, o->compression);	2195	dump_cfg_fmtint(sCompression, o->compression);
		2196	#ifdef SCTP
		2197	dump_cfg_fmtint(sTransport, o->transport);
		2198	#endif
2064	dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);	2199	dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
2065	dump_cfg_fmtint(sUseDNS, o->use_dns);	2200	dump_cfg_fmtint(sUseDNS, o->use_dns);
2066	dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);	2201	dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);

Lines 54-59 Link Here

(-)openssh-6.7p1.orig/servconf.h (+12 lines)
54	/* Magic name for internal sftp-server */	54	/* Magic name for internal sftp-server */
55	#define INTERNAL_SFTP_NAME "internal-sftp"	55	#define INTERNAL_SFTP_NAME "internal-sftp"
56		56
		57	#ifdef SCTP
		58	/* Transport protocols */
		59	#define TRANSPORT_TCP 1
		60	#define TRANSPORT_SCTP 2
		61	#define TRANSPORT_ALL (TRANSPORT_TCP \| TRANSPORT_SCTP)
		62
		63	#define IS_MULTIPLE_ADDR 0x1000
		64	#endif
		65
57	typedef struct {	66	typedef struct {
58	u_int num_ports;	67	u_int num_ports;
59	u_int ports_from_cmdline;	68	u_int ports_from_cmdline;
Lines 91-96 typedef struct { Link Here
91	char ciphers; / Supported SSH2 ciphers. */	100	char ciphers; / Supported SSH2 ciphers. */
92	char macs; / Supported SSH2 macs. */	101	char macs; / Supported SSH2 macs. */
93	char kex_algorithms; / SSH2 kex methods in order of preference. */	102	char kex_algorithms; / SSH2 kex methods in order of preference. */
		103	#ifdef SCTP
		104	int transport; /* Transport protocol(s) used */
		105	#endif
94	int protocol; /* Supported protocol versions. */	106	int protocol; /* Supported protocol versions. */
95	struct ForwardOptions fwd_opts; /* forwarding options */	107	struct ForwardOptions fwd_opts; /* forwarding options */
96	SyslogFacility log_facility; /* Facility for system logging. */	108	SyslogFacility log_facility; /* Facility for system logging. */

Lines 43-49 Link Here

(-)openssh-6.7p1.orig/ssh.1 (-1 / +4 lines)
43	.Sh SYNOPSIS	43	.Sh SYNOPSIS
44	.Nm ssh	44	.Nm ssh
45	.Bk -words	45	.Bk -words
46	.Op Fl 1246AaCfgKkMNnqsTtVvXxYy	46	.Op Fl 1246AaCfgKkMNnqsTtVvXxYyz
47	.Op Fl b Ar bind_address	47	.Op Fl b Ar bind_address
48	.Op Fl c Ar cipher_spec	48	.Op Fl c Ar cipher_spec
49	.Op Fl D Oo Ar bind_address : Oc Ns Ar port	49	.Op Fl D Oo Ar bind_address : Oc Ns Ar port
Lines 473-478 For full details of the options listed b Link Here
473	.It StreamLocalBindUnlink	473	.It StreamLocalBindUnlink
474	.It StrictHostKeyChecking	474	.It StrictHostKeyChecking
475	.It TCPKeepAlive	475	.It TCPKeepAlive
		476	.It Transport
476	.It Tunnel	477	.It Tunnel
477	.It TunnelDevice	478	.It TunnelDevice
478	.It UsePrivilegedPort	479	.It UsePrivilegedPort
Lines 665-670 Trusted X11 forwardings are not subjecte Link Here
665	controls.	666	controls.
666	.It Fl y	667	.It Fl y
667	Send log information using the	668	Send log information using the
		669	.It Fl z
		670	Use the SCTP protocol for connection instead of TCP which is the default.
668	.Xr syslog 3	671	.Xr syslog 3
669	system module.	672	system module.
670	By default this information is sent to stderr.	673	By default this information is sent to stderr.




extern u_int muxclient_command;

/* Prints a help message to the user.  This function never returns. */
#ifdef SCTP
#define SCTP_OPT	"z"
#else
#define SCTP_OPT	""
#endif

static void
usage(void)
{
	fprintf(stderr,
"usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] "
							"[-c cipher_spec]\n"
"           [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
"           [-F configfile] [-I pkcs11] [-i identity_file]\n"
"           [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n"

	argv0 = av[0];

 again:
	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
	    "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
		switch (opt) {
		case '1':

			else
				options.control_master = SSHCTL_MASTER_YES;
			break;
#ifdef SCTP
		case 'z':
			options.transport = TRANSPORT_SCTP;
			break;
#endif
		case 'p':
			options.port = a2port(optarg);
			if (options.port <= 0) {

Lines 1380-1385 This is important in scripts, and many u Link Here

(-)openssh-6.7p1.orig/ssh_config.5 (+6 lines)
1380	.Pp	1380	.Pp
1381	To disable TCP keepalive messages, the value should be set to	1381	To disable TCP keepalive messages, the value should be set to
1382	.Dq no .	1382	.Dq no .
		1383	.It Cm Transport
		1384	Specifies the transport protocol while connecting. Valid values are
		1385	.Dq TCP
		1386	and
		1387	.Dq SCTP .
		1388	The default is TCP.
1383	.It Cm Tunnel	1389	.It Cm Tunnel
1384	Request	1390	Request
1385	.Xr tun 4	1391	.Xr tun 4

Lines 63-68 Link Here

(-)openssh-6.7p1.orig/sshconnect.c (+55 lines)
63	#include "ssh2.h"	63	#include "ssh2.h"
64	#include "version.h"	64	#include "version.h"
65		65
		66	#ifdef SCTP
		67	#include <netinet/sctp.h>
		68	#endif
		69
66	char *client_version_string = NULL;	70	char *client_version_string = NULL;
67	char *server_version_string = NULL;	71	char *server_version_string = NULL;
68	Key *previous_host_key = NULL;	72	Key *previous_host_key = NULL;
Lines 271-276 ssh_create_socket(int privileged, struct Link Here
271	{	275	{
272	int sock, r, gaierr;	276	int sock, r, gaierr;
273	struct addrinfo hints, *res = NULL;	277	struct addrinfo hints, *res = NULL;
		278	#ifdef SCTP
		279	char more_addrs, next_addr;
		280	#endif
274		281
275	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);	282	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
276	if (sock < 0) {	283	if (sock < 0) {
Lines 284-293 ssh_create_socket(int privileged, struct Link Here
284	return sock;	291	return sock;
285		292
286	if (options.bind_address) {	293	if (options.bind_address) {
		294	#ifdef SCTP
		295	/* Check if multiple addresses have been specified */
		296	if ((more_addrs = strchr(options.bind_address, ',')) != NULL) {
		297	*(more_addrs++) = '\0';
		298	}
		299	#endif
287	memset(&hints, 0, sizeof(hints));	300	memset(&hints, 0, sizeof(hints));
288	hints.ai_family = ai->ai_family;	301	hints.ai_family = ai->ai_family;
289	hints.ai_socktype = ai->ai_socktype;	302	hints.ai_socktype = ai->ai_socktype;
		303	#ifndef SCTP
		304	/* Only specify protocol if SCTP is not used, due
		305	* to the lack of SCTP support for getaddrinfo()
		306	*/
290	hints.ai_protocol = ai->ai_protocol;	307	hints.ai_protocol = ai->ai_protocol;
		308	#endif
291	hints.ai_flags = AI_PASSIVE;	309	hints.ai_flags = AI_PASSIVE;
292	gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);	310	gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
293	if (gaierr) {	311	if (gaierr) {
Lines 320-325 ssh_create_socket(int privileged, struct Link Here
320	return -1;	338	return -1;
321	}	339	}
322	}	340	}
		341	#ifdef SCTP
		342	/* If there are multiple addresses, bind them too */
		343	if (more_addrs) {
		344	do {
		345	next_addr = strchr(more_addrs, ',');
		346	if (next_addr != NULL) {
		347	*(next_addr++) = '\0';
		348	}
		349
		350	gaierr = getaddrinfo(more_addrs, NULL, &hints, &res);
		351	if (gaierr) {
		352	error("getaddrinfo: %s: %s", more_addrs,
		353	ssh_gai_strerror(gaierr));
		354	close(sock);
		355	return -1;
		356	}
		357	if (sctp_bindx(sock, (struct sockaddr *)res->ai_addr,
		358	1, SCTP_BINDX_ADD_ADDR) != 0) {
		359	error("bind: %s: %s", options.bind_address, strerror(errno));
		360	close(sock);
		361	freeaddrinfo(res);
		362	return -1;
		363	}
		364
		365	more_addrs = next_addr;
		366	} while (next_addr != NULL);
		367	}
		368	#endif
323	if (res != NULL)	369	if (res != NULL)
324	freeaddrinfo(res);	370	freeaddrinfo(res);
325	return sock;	371	return sock;
Lines 431-436 ssh_connect_direct(const char *host, str Link Here
431		477
432	debug2("ssh_connect: needpriv %d", needpriv);	478	debug2("ssh_connect: needpriv %d", needpriv);
433		479
		480	#ifdef SCTP
		481	/* Use SCTP if requested */
		482	if (options.transport == TRANSPORT_SCTP) {
		483	for (ai = aitop; ai; ai = ai->ai_next) {
		484	ai->ai_protocol = IPPROTO_SCTP;
		485	}
		486	}
		487	#endif
		488
434	for (attempt = 0; attempt < connection_attempts; attempt++) {	489	for (attempt = 0; attempt < connection_attempts; attempt++) {
435	if (attempt > 0) {	490	if (attempt > 0) {
436	/* Sleep a moment before retrying. */	491	/* Sleep a moment before retrying. */

Lines 123-128 Link Here

(-)openssh-6.7p1.orig/sshd.c (-1 / +139 lines)
123	#include "ssh-sandbox.h"	123	#include "ssh-sandbox.h"
124	#include "version.h"	124	#include "version.h"
125		125
		126	#ifdef SCTP
		127	#include <netinet/sctp.h>
		128	#endif
		129
126	#ifndef O_NOCTTY	130	#ifndef O_NOCTTY
127	#define O_NOCTTY 0	131	#define O_NOCTTY 0
128	#endif	132	#endif
Lines 1096-1101 server_listen(void) Link Here
1096	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {	1100	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
1097	if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)	1101	if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1098	continue;	1102	continue;
		1103	#ifdef SCTP
		1104	/* Ignore multi-homing addresses for TCP */
		1105	if (ai->ai_flags & IS_MULTIPLE_ADDR \|\|
		1106	(ai->ai_next != NULL && ai->ai_next->ai_flags & IS_MULTIPLE_ADDR))
		1107	continue;
		1108	#endif
1099	if (num_listen_socks >= MAX_LISTEN_SOCKS)	1109	if (num_listen_socks >= MAX_LISTEN_SOCKS)
1100	fatal("Too many listen sockets. "	1110	fatal("Too many listen sockets. "
1101	"Enlarge MAX_LISTEN_SOCKS");	1111	"Enlarge MAX_LISTEN_SOCKS");
Lines 1154-1159 server_listen(void) Link Here
1154	fatal("Cannot bind any address.");	1164	fatal("Cannot bind any address.");
1155	}	1165	}
1156		1166
		1167	#ifdef SCTP
		1168	/*
		1169	* Listen for SCTP connections
		1170	*/
		1171	static void
		1172	server_listen_sctp(void)
		1173	{
		1174	int ret, listen_sock, on = 1;
		1175	struct addrinfo ai, aiv6;
		1176	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
		1177
		1178	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
		1179	if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
		1180	continue;
		1181	/* Ignore multi-homing addresses at this point */
		1182	if (ai->ai_flags & IS_MULTIPLE_ADDR)
		1183	continue;
		1184	if (num_listen_socks >= MAX_LISTEN_SOCKS)
		1185	fatal("Too many listen sockets. "
		1186	"Enlarge MAX_LISTEN_SOCKS");
		1187	if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,
		1188	ntop, sizeof(ntop), strport, sizeof(strport),
		1189	NI_NUMERICHOST\|NI_NUMERICSERV)) != 0) {
		1190	error("getnameinfo failed: %.100s",
		1191	ssh_gai_strerror(ret));
		1192	continue;
		1193	}
		1194	/* Check for multi-homed IPv6 addresses if family is IPv4 */
		1195	if (ai->ai_family == AF_INET) {
		1196	aiv6 = ai->ai_next;
		1197	while (aiv6 != NULL && aiv6->ai_flags & IS_MULTIPLE_ADDR) {
		1198	if (aiv6->ai_family == AF_INET6) {
		1199	ai->ai_family = AF_INET6;
		1200	break;
		1201	}
		1202	aiv6 = aiv6->ai_next;
		1203	}
		1204	}
		1205
		1206	/* Create socket for listening. */
		1207	listen_sock = socket(ai->ai_family, ai->ai_socktype,
		1208	IPPROTO_SCTP);
		1209	if (listen_sock < 0) {
		1210	/* kernel may not support ipv6 */
		1211	verbose("SCTP socket: %.100s", strerror(errno));
		1212	continue;
		1213	}
		1214	if (set_nonblock(listen_sock) == -1) {
		1215	close(listen_sock);
		1216	continue;
		1217	}
		1218	/*
		1219	* Set socket options.
		1220	* Allow local port reuse in TIME_WAIT.
		1221	*/
		1222	if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,
		1223	&on, sizeof(on)) == -1)
		1224	error("SCTP setsockopt SO_REUSEADDR: %s", strerror(errno));
		1225
		1226	/* Only communicate in IPv6 over AF_INET6 sockets if not multi-homed. */
		1227	if (ai->ai_family == AF_INET6 && (ai->ai_next == NULL \|\|
		1228	(ai->ai_next != NULL && ai->ai_next->ai_flags == 0)))
		1229	sock_set_v6only(listen_sock);
		1230
1231	if (ai->ai_next != NULL && ai->ai_next->ai_flags & IS_MULTIPLE_ADDR)
1232	debug("Bind multi-homed to SCTP port %s on %s.", strport, ntop);
1233	else
1234	debug("Bind to SCTP port %s on %s.", strport, ntop);
1235
1236	/* Bind the socket to the desired port. */
1237	if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1238	error("Bind to SCTP port %s on %s failed: %.200s.",
1239	strport, ntop, strerror(errno));
1240	close(listen_sock);
1241	continue;
1242	}
1243
1244	/* Bind multi-homing addresses */
1245	while (ai->ai_next != NULL &&
1246	ai->ai_next->ai_flags & IS_MULTIPLE_ADDR) {
1247	ai = ai->ai_next;
1248
1249	if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,
1250	ntop, sizeof(ntop), strport, sizeof(strport),
1251	NI_NUMERICHOST\|NI_NUMERICSERV)) != 0) {
1252	error("getnameinfo failed: %.100s",
1253	ssh_gai_strerror(ret));
1254	continue;
1255	}
1256
1257	debug("Bind multi-homed to SCTP port %s on %s.", strport, ntop);
1258
1259	if (sctp_bindx(listen_sock, (struct sockaddr *)ai->ai_addr, 1, SCTP_BINDX_ADD_ADDR) != 0) {
1260	error("Bind to SCTP port %s on %s failed: %.200s.",
1261	strport, ntop, strerror(errno));
1262	close(listen_sock);
1263	continue;
1264	}
1265	}
1266
1267	listen_socks[num_listen_socks] = listen_sock;
1268	num_listen_socks++;
1269
1270	/* Start listening on the port. */
1271	if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0)
1272	fatal("SCTP listen on [%s]:%s: %.100s",
1273	ntop, strport, strerror(errno));
1274	if (ai->ai_flags & IS_MULTIPLE_ADDR)
1275	logit("Server listening multi-homed with SCTP on port %s.", strport);
1276	else
1277	logit("Server listening with SCTP on %s port %s.", ntop, strport);
1278	}
1279	/* Only free addresses if SCTP is the only used protocol */
1280	if (options.transport == TRANSPORT_SCTP)
1281	freeaddrinfo(options.listen_addrs);
1282
1283	if (!num_listen_socks)
1284	fatal("Cannot bind any address for SCTP.");
1285	}
1286	#endif
1287
1157	/*	1288	/*
1158	* The main TCP accept loop. Note that, for the non-debug case, returns	1289	* The main TCP accept loop. Note that, for the non-debug case, returns
1159	* from this function are in a forked subprocess.	1290	* from this function are in a forked subprocess.
Lines 1917-1923 main(int ac, char **av) Link Here
1917	server_accept_inetd(&sock_in, &sock_out);	2048	server_accept_inetd(&sock_in, &sock_out);
1918	} else {	2049	} else {
1919	platform_pre_listen();	2050	platform_pre_listen();
1920	server_listen();	2051
		2052	#ifdef SCTP
		2053	if (options.transport & TRANSPORT_SCTP)
		2054	server_listen_sctp();
		2055
		2056	if (options.transport & TRANSPORT_TCP)
		2057	#endif
		2058	server_listen();
1921		2059
1922	if (options.protocol & SSH_PROTO_1)	2060	if (options.protocol & SSH_PROTO_1)
1923	generate_ephemeral_server_key();	2061	generate_ephemeral_server_key();




.Pp
To disable TCP keepalive messages, the value should be set to
.Dq no .
.It Cm Transport
Specifies the transport protocol that should be used by
.Xr sshd 8 .
Valid values are
.Dq TCP ,
.Dq SCTP ,
.Dq all.
The value
.Dq all
means to listen on TCP and SCTP sockets. The default is to listen only on
TCP sockets.
.It Cm TrustedUserCAKeys
Specifies a file containing public keys of certificate authorities that are
trusted to sign user certificates for authentication.

Return to bug 2016

Lines 3904-3909 AC_ARG_WITH([selinux], Link Here

(-)openssh-6.7p1.orig/configure.ac (+14 lines)
3904	AC_SUBST([SSHLIBS])	3904	AC_SUBST([SSHLIBS])
3905	AC_SUBST([SSHDLIBS])	3905	AC_SUBST([SSHDLIBS])
3906		3906
		3907	#check whether user wants SCTP support
		3908	SCTP_MSG="no"
		3909	AC_ARG_WITH(sctp,
		3910	[ --with-sctp Enable SCTP support],
		3911	[ if test "x$withval" != "xno" ; then
		3912	AC_DEFINE(SCTP,1,[Define if you want SCTP support.])
		3913	AC_CHECK_FUNCS(sctp_recvmsg, , AC_CHECK_LIB(sctp, sctp_recvmsg, ,
		3914	[AC_MSG_ERROR([* Can not use SCTP - maybe libsctp-dev is missing *])]
		3915	))
		3916	SCTP_MSG="yes"
		3917	fi ]
		3918	)
		3919
3907	# Check whether user wants Kerberos 5 support	3920	# Check whether user wants Kerberos 5 support
3908	KRB5_MSG="no"	3921	KRB5_MSG="no"
3909	AC_ARG_WITH([kerberos5],	3922	AC_ARG_WITH([kerberos5],
Lines 4827-4832 echo " PAM support Link Here
4827	echo " OSF SIA support: $SIA_MSG"	4840	echo " OSF SIA support: $SIA_MSG"
4828	echo " KerberosV support: $KRB5_MSG"	4841	echo " KerberosV support: $KRB5_MSG"
4829	echo " SELinux support: $SELINUX_MSG"	4842	echo " SELinux support: $SELINUX_MSG"
		4843	echo " SCTP support: $SCTP_MSG"
4830	echo " Smartcard support: $SCARD_MSG"	4844	echo " Smartcard support: $SCARD_MSG"
4831	echo " S/KEY support: $SKEY_MSG"	4845	echo " S/KEY support: $SKEY_MSG"
4832	echo " MD5 password support: $MD5_MSG"	4846	echo " MD5 password support: $MD5_MSG"

Lines 194-205 extern int muxserver_sock; Link Here

(-)openssh-6.7p1.orig/ssh.c (-2 / +13 lines)
194	extern u_int muxclient_command;	194	extern u_int muxclient_command;
195		195
196	/* Prints a help message to the user. This function never returns. */	196	/* Prints a help message to the user. This function never returns. */
		197	#ifdef SCTP
		198	#define SCTP_OPT "z"
		199	#else
		200	#define SCTP_OPT ""
		201	#endif
197		202
198	static void	203	static void
199	usage(void)	204	usage(void)
200	{	205	{
201	fprintf(stderr,	206	fprintf(stderr,
202	"usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"	207	"usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] "
		208	"[-c cipher_spec]\n"
203	" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"	209	" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
204	" [-F configfile] [-I pkcs11] [-i identity_file]\n"	210	" [-F configfile] [-I pkcs11] [-i identity_file]\n"
205	" [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n"	211	" [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n"
Lines 506-512 main(int ac, char **av) Link Here
506	argv0 = av[0];	512	argv0 = av[0];
507		513
508	again:	514	again:
509	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"	515	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
510	"ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {	516	"ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
511	switch (opt) {	517	switch (opt) {
512	case '1':	518	case '1':
Lines 732-737 main(int ac, char **av) Link Here
732	else	738	else
733	options.control_master = SSHCTL_MASTER_YES;	739	options.control_master = SSHCTL_MASTER_YES;
734	break;	740	break;
		741	#ifdef SCTP
		742	case 'z':
		743	options.transport = TRANSPORT_SCTP;
		744	break;
		745	#endif
735	case 'p':	746	case 'p':
736	options.port = a2port(optarg);	747	options.port = a2port(optarg);
737	if (options.port <= 0) {	748	if (options.port <= 0) {

Lines 1279-1284 This avoids infinitely hanging sessions. Link Here

(-)openssh-6.7p1.orig/sshd_config.5 (+11 lines)
1279	.Pp	1279	.Pp
1280	To disable TCP keepalive messages, the value should be set to	1280	To disable TCP keepalive messages, the value should be set to
1281	.Dq no .	1281	.Dq no .
		1282	.It Cm Transport
		1283	Specifies the transport protocol that should be used by
		1284	.Xr sshd 8 .
		1285	Valid values are
		1286	.Dq TCP ,
		1287	.Dq SCTP ,
		1288	.Dq all.
		1289	The value
		1290	.Dq all
		1291	means to listen on TCP and SCTP sockets. The default is to listen only on
		1292	TCP sockets.
1282	.It Cm TrustedUserCAKeys	1293	.It Cm TrustedUserCAKeys
1283	Specifies a file containing public keys of certificate authorities that are	1294	Specifies a file containing public keys of certificate authorities that are
1284	trusted to sign user certificates for authentication.	1295	trusted to sign user certificates for authentication.