Attachment #3078 for bug #2784

Lines 156-162 typedef enum { Link Here

(-)a/readconf.c (-1 / +8 lines)
156	oPubkeyAuthentication,	156	oPubkeyAuthentication,
157	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,	157	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
158	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,	158	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
159	oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,	159	oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, oRDomain,
160	oClearAllForwardings, oNoHostAuthenticationForLocalhost,	160	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
161	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,	161	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
162	oAddressFamily, oGssAuthentication, oGssDelegateCreds,	162	oAddressFamily, oGssAuthentication, oGssDelegateCreds,
Lines 305-310 static struct { Link Here
305	{ "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },	305	{ "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
306	{ "ignoreunknown", oIgnoreUnknown },	306	{ "ignoreunknown", oIgnoreUnknown },
307	{ "proxyjump", oProxyJump },	307	{ "proxyjump", oProxyJump },
		308	{ "rdomain", oRDomain },
308		309
309	{ NULL, oBadOption }	310	{ NULL, oBadOption }
310	};	311	};
Lines 1645-1650 parse_keytypes: Link Here
1645	charptr = &options->identity_agent;	1646	charptr = &options->identity_agent;
1646	goto parse_string;	1647	goto parse_string;
1647		1648
		1649	case oRDomain:
		1650	charptr = &options->rdomain;
		1651	goto parse_string;
		1652
1648	case oDeprecated:	1653	case oDeprecated:
1649	debug("%s line %d: Deprecated option \"%s\"",	1654	debug("%s line %d: Deprecated option \"%s\"",
1650	filename, linenum, keyword);	1655	filename, linenum, keyword);
Lines 1845-1850 initialize_options(Options * options) Link Here
1845	options->update_hostkeys = -1;	1850	options->update_hostkeys = -1;
1846	options->hostbased_key_types = NULL;	1851	options->hostbased_key_types = NULL;
1847	options->pubkey_key_types = NULL;	1852	options->pubkey_key_types = NULL;
		1853	options->rdomain = NULL;
1848	}	1854	}
1849		1855
1850	/*	1856	/*
Lines 2534-2539 dump_client_config(Options o, const char host) Link Here
2534	dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types);	2540	dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types);
2535	dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys);	2541	dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys);
2536	dump_cfg_string(oXAuthLocation, o->xauth_location);	2542	dump_cfg_string(oXAuthLocation, o->xauth_location);
		2543	dump_cfg_string(oRDomain, o->rdomain);
2537		2544
2538	/* Forwards */	2545	/* Forwards */
2539	dump_cfg_forwards(oDynamicForward, o->num_local_forwards, o->local_forwards);	2546	dump_cfg_forwards(oDynamicForward, o->num_local_forwards, o->local_forwards);

Lines 163-168 typedef struct { Link Here

(-)a/readconf.h (+2 lines)
163	int jump_port;	163	int jump_port;
164	char *jump_extra;	164	char *jump_extra;
165		165
		166	char rdomain; / routing domain to bind to */
		167
166	char ignored_unknown; / Pattern list of unknown tokens to ignore */	168	char ignored_unknown; / Pattern list of unknown tokens to ignore */
167	} Options;	169	} Options;
168		170

Lines 45-50 Link Here

(-)a/ssh.1 (+6 lines)
45	.Bk -words	45	.Bk -words
46	.Op Fl 46AaCfGgKkMNnqsTtVvXxYy	46	.Op Fl 46AaCfGgKkMNnqsTtVvXxYy
47	.Op Fl b Ar bind_address	47	.Op Fl b Ar bind_address
		48	.Op Fl r Ar routing_domain
48	.Op Fl c Ar cipher_spec	49	.Op Fl c Ar cipher_spec
49	.Op Fl D Oo Ar bind_address : Oc Ns Ar port	50	.Op Fl D Oo Ar bind_address : Oc Ns Ar port
50	.Op Fl E Ar log_file	51	.Op Fl E Ar log_file
Lines 650-655 When used together with Link Here
650	.Ic -O forward	651	.Ic -O forward
651	the allocated port will be printed to the standard output.	652	the allocated port will be printed to the standard output.
652	.Pp	653	.Pp
		654	.It Fl r Ar routing_domain
		655	Specifies an explicit routing domain that is applied to the connection.
		656	The user session will be bound to this
		657	.Xr rdomain 4 .
		658	.Pp
653	.It Fl S Ar ctl_path	659	.It Fl S Ar ctl_path
654	Specifies the location of a control socket for connection sharing,	660	Specifies the location of a control socket for connection sharing,
655	or the string	661	or the string

Lines 201-207 static void Link Here

(-)a/ssh.c (-2 / +5 lines)
201	usage(void)	201	usage(void)
202	{	202	{
203	fprintf(stderr,	203	fprintf(stderr,
204	"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"	204	"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-r routing_domain] [-c cipher_spec]\n"
205	" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"	205	" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
206	" [-F configfile] [-I pkcs11] [-i identity_file]\n"	206	" [-F configfile] [-I pkcs11] [-i identity_file]\n"
207	" [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]\n"	207	" [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]\n"
Lines 614-620 main(int ac, char **av) Link Here
614	argv0 = av[0];	614	argv0 = av[0];
615		615
616	again:	616	again:
617	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"	617	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qr:stvx"
618	"ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {	618	"ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
619	switch (opt) {	619	switch (opt) {
620	case '1':	620	case '1':
Lines 925-930 main(int ac, char **av) Link Here
925	case 'b':	925	case 'b':
926	options.bind_address = optarg;	926	options.bind_address = optarg;
927	break;	927	break;
		928	case 'r':
		929	options.rdomain = optarg;
		930	break;
928	case 'F':	931	case 'F':
929	config = optarg;	932	config = optarg;
930	break;	933	break;

Lines 1261-1266 The argument to this keyword must be Link Here

(-)a/ssh_config.5 (+4 lines)
1261	(the default)	1261	(the default)
1262	or	1262	or
1263	.Cm no .	1263	.Cm no .
		1264	.It Cm RDomain
		1265	Specifies an explicit routing domain that is applied to the connection.
		1266	The user session will be bound to this
		1267	.Xr rdomain 4 .
1264	.It Cm RekeyLimit	1268	.It Cm RekeyLimit
1265	Specifies the maximum amount of data that may be transmitted before the	1269	Specifies the maximum amount of data that may be transmitted before the
1266	session key is renegotiated, optionally followed a maximum amount of	1270	session key is renegotiated, optionally followed a maximum amount of




	}
	fcntl(sock, F_SETFD, FD_CLOEXEC);

	if (options.rdomain != NULL) {
		int rtable;
		const char *errstr;

		rtable = (int)strtonum(options.rdomain, 0, 255, &errstr);
		if (errstr != NULL) {
			/* Shouldn't happen */
			error("Invalid routing domain \"%s\": %s",
			    options.rdomain, errstr);
			close(sock);
			return -1;
		}
		if (setsockopt(sock, SOL_SOCKET, SO_RTABLE,
		    &rtable, sizeof(rtable)) == -1) {
			error("Failed to set routing domain %d on fd %d: %s",
			    rtable, sock, strerror(errno));
			close(sock);
			return -1;
		}
		debug("Bound to routing domain: %d", rtable);
	}


	/* Bind the socket to an alternative local IP address */
	if (options.bind_address == NULL && !privileged)
		return sock;
- 

Return to bug 2784

Lines 286-291 ssh_create_socket(int privileged, struct addrinfo *ai) Link Here

(-)a/sshconnect.c (-1 / +23 lines)
286	}	286	}
287	fcntl(sock, F_SETFD, FD_CLOEXEC);	287	fcntl(sock, F_SETFD, FD_CLOEXEC);
288		288
		289	if (options.rdomain != NULL) {
		290	int rtable;
		291	const char *errstr;
		292
		293	rtable = (int)strtonum(options.rdomain, 0, 255, &errstr);
		294	if (errstr != NULL) {
		295	/* Shouldn't happen */
		296	error("Invalid routing domain \"%s\": %s",
		297	options.rdomain, errstr);
		298	close(sock);
		299	return -1;
		300	}
		301	if (setsockopt(sock, SOL_SOCKET, SO_RTABLE,
		302	&rtable, sizeof(rtable)) == -1) {
		303	error("Failed to set routing domain %d on fd %d: %s",
		304	rtable, sock, strerror(errno));
		305	close(sock);
		306	return -1;
		307	}
		308	debug("Bound to routing domain: %d", rtable);
		309	}
		310
		311
289	/* Bind the socket to an alternative local IP address */	312	/* Bind the socket to an alternative local IP address */
290	if (options.bind_address == NULL && !privileged)	313	if (options.bind_address == NULL && !privileged)
291	return sock;	314	return sock;
292	-