|
Line
Link Here
|
| 0 |
-- a/configure.ac |
0 |
++ b/configure.ac |
|
Lines 3904-3909
AC_ARG_WITH([selinux],
Link Here
|
| 3904 |
AC_SUBST([SSHLIBS]) |
3904 |
AC_SUBST([SSHLIBS]) |
| 3905 |
AC_SUBST([SSHDLIBS]) |
3905 |
AC_SUBST([SSHDLIBS]) |
| 3906 |
|
3906 |
|
|
|
3907 |
#check whether user wants SCTP support |
| 3908 |
SCTP_MSG="no" |
| 3909 |
AC_ARG_WITH(sctp, |
| 3910 |
[ --with-sctp Enable SCTP support], |
| 3911 |
[ if test "x$withval" != "xno" ; then |
| 3912 |
AC_DEFINE(SCTP,1,[Define if you want SCTP support.]) |
| 3913 |
AC_CHECK_FUNCS(sctp_recvmsg, , AC_CHECK_LIB(sctp, sctp_recvmsg, , |
| 3914 |
[AC_MSG_ERROR([*** Can not use SCTP - maybe libsctp-dev is missing ***])] |
| 3915 |
)) |
| 3916 |
SCTP_MSG="yes" |
| 3917 |
fi ] |
| 3918 |
) |
| 3919 |
|
| 3907 |
# Check whether user wants Kerberos 5 support |
3920 |
# Check whether user wants Kerberos 5 support |
| 3908 |
KRB5_MSG="no" |
3921 |
KRB5_MSG="no" |
| 3909 |
AC_ARG_WITH([kerberos5], |
3922 |
AC_ARG_WITH([kerberos5], |
|
Lines 4827-4832
echo " PAM support
Link Here
|
| 4827 |
echo " OSF SIA support: $SIA_MSG" |
4840 |
echo " OSF SIA support: $SIA_MSG" |
| 4828 |
echo " KerberosV support: $KRB5_MSG" |
4841 |
echo " KerberosV support: $KRB5_MSG" |
| 4829 |
echo " SELinux support: $SELINUX_MSG" |
4842 |
echo " SELinux support: $SELINUX_MSG" |
|
|
4843 |
echo " SCTP support: $SCTP_MSG" |
| 4830 |
echo " Smartcard support: $SCARD_MSG" |
4844 |
echo " Smartcard support: $SCARD_MSG" |
| 4831 |
echo " S/KEY support: $SKEY_MSG" |
4845 |
echo " S/KEY support: $SKEY_MSG" |
| 4832 |
echo " MD5 password support: $MD5_MSG" |
4846 |
echo " MD5 password support: $MD5_MSG" |
| 4833 |
-- a/misc.c |
4847 |
++ b/misc.c |
|
Lines 61-66
Link Here
|
| 61 |
#include "log.h" |
61 |
#include "log.h" |
| 62 |
#include "ssh.h" |
62 |
#include "ssh.h" |
| 63 |
|
63 |
|
|
|
64 |
#ifdef SCTP |
| 65 |
#include <netinet/sctp.h> |
| 66 |
#endif |
| 67 |
|
| 64 |
/* remove newline at end of string */ |
68 |
/* remove newline at end of string */ |
| 65 |
char * |
69 |
char * |
| 66 |
chop(char *s) |
70 |
chop(char *s) |
|
Lines 139-159
void
Link Here
|
| 139 |
set_nodelay(int fd) |
143 |
set_nodelay(int fd) |
| 140 |
{ |
144 |
{ |
| 141 |
int opt; |
145 |
int opt; |
|
|
146 |
int is_tcp = 1; |
| 147 |
int ret; |
| 142 |
socklen_t optlen; |
148 |
socklen_t optlen; |
| 143 |
|
149 |
|
| 144 |
optlen = sizeof opt; |
150 |
optlen = sizeof opt; |
| 145 |
if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) { |
151 |
if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) { |
| 146 |
debug("getsockopt TCP_NODELAY: %.100s", strerror(errno)); |
152 |
#ifdef SCTP |
|
|
153 |
/* TCP_NODELAY failed, try SCTP_NODELAY */ |
| 154 |
if (getsockopt(fd, IPPROTO_SCTP, SCTP_NODELAY, &opt, &optlen) == -1) { |
| 155 |
debug("getsockopt TCP_NODELAY/SCTP_NODELAY: %.100s", strerror(errno)); |
| 156 |
return; |
| 157 |
} |
| 158 |
is_tcp = 0; |
| 159 |
#else |
| 147 |
return; |
160 |
return; |
|
|
161 |
#endif |
| 148 |
} |
162 |
} |
| 149 |
if (opt == 1) { |
163 |
if (opt == 1) { |
| 150 |
debug2("fd %d is TCP_NODELAY", fd); |
164 |
debug2("fd %d is TCP_NODELAY/SCTP_NODELAY", fd); |
| 151 |
return; |
165 |
return; |
| 152 |
} |
166 |
} |
| 153 |
opt = 1; |
167 |
opt = 1; |
| 154 |
debug2("fd %d setting TCP_NODELAY", fd); |
168 |
debug2("fd %d setting TCP_NODELAY/SCTP_NODELAY", fd); |
| 155 |
if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1) |
169 |
|
| 156 |
error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); |
170 |
if (is_tcp) { |
|
|
171 |
ret = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, |
| 172 |
sizeof(opt)); |
| 173 |
if (ret < 0) |
| 174 |
error("setsockopt TCP_NODELAY: %.100s", |
| 175 |
strerror(errno)); |
| 176 |
} |
| 177 |
#ifdef SCTP |
| 178 |
else { |
| 179 |
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_NODELAY, &opt, |
| 180 |
sizeof(opt)); |
| 181 |
if (ret < 0) |
| 182 |
error("setsockopt SCTP_NODELAY: %.100s", |
| 183 |
strerror(errno)); |
| 184 |
} |
| 185 |
#endif |
| 157 |
} |
186 |
} |
| 158 |
|
187 |
|
| 159 |
/* Characters considered whitespace in strsep calls. */ |
188 |
/* Characters considered whitespace in strsep calls. */ |
| 160 |
-- a/readconf.c |
189 |
++ b/readconf.c |
|
Lines 130-135
typedef enum {
Link Here
|
| 130 |
oPasswordAuthentication, oRSAAuthentication, |
130 |
oPasswordAuthentication, oRSAAuthentication, |
| 131 |
oChallengeResponseAuthentication, oXAuthLocation, |
131 |
oChallengeResponseAuthentication, oXAuthLocation, |
| 132 |
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, |
132 |
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, |
|
|
133 |
#ifdef SCTP |
| 134 |
oTransport, |
| 135 |
#endif |
| 133 |
oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, |
136 |
oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, |
| 134 |
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, |
137 |
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, |
| 135 |
oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, |
138 |
oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, |
|
Lines 198-203
static struct {
Link Here
|
| 198 |
{ "hostname", oHostName }, |
201 |
{ "hostname", oHostName }, |
| 199 |
{ "hostkeyalias", oHostKeyAlias }, |
202 |
{ "hostkeyalias", oHostKeyAlias }, |
| 200 |
{ "proxycommand", oProxyCommand }, |
203 |
{ "proxycommand", oProxyCommand }, |
|
|
204 |
#ifdef SCTP |
| 205 |
{ "transport", oTransport }, |
| 206 |
#endif |
| 201 |
{ "port", oPort }, |
207 |
{ "port", oPort }, |
| 202 |
{ "cipher", oCipher }, |
208 |
{ "cipher", oCipher }, |
| 203 |
{ "ciphers", oCiphers }, |
209 |
{ "ciphers", oCiphers }, |
|
Lines 1018-1023
parse_command:
Link Here
|
| 1018 |
*charptr = xstrdup(s + len); |
1024 |
*charptr = xstrdup(s + len); |
| 1019 |
return 0; |
1025 |
return 0; |
| 1020 |
|
1026 |
|
|
|
1027 |
#ifdef SCTP |
| 1028 |
case oTransport: |
| 1029 |
arg = strdelim(&s); |
| 1030 |
if (!arg || *arg == '\0') |
| 1031 |
fatal("%s line %d: missing transport protocol specification", |
| 1032 |
filename, linenum); |
| 1033 |
if (strcasecmp(arg, "tcp") == 0) |
| 1034 |
options->transport = TRANSPORT_TCP; |
| 1035 |
else if (strcasecmp(arg, "sctp") == 0) |
| 1036 |
options->transport = TRANSPORT_SCTP; |
| 1037 |
else |
| 1038 |
fatal("%s line %d: unknown transport protocol specified", |
| 1039 |
filename, linenum); |
| 1040 |
break; |
| 1041 |
#endif |
| 1042 |
|
| 1021 |
case oPort: |
1043 |
case oPort: |
| 1022 |
intptr = &options->port; |
1044 |
intptr = &options->port; |
| 1023 |
parse_int: |
1045 |
parse_int: |
|
Lines 1550-1555
initialize_options(Options * options)
Link Here
|
| 1550 |
options->compression = -1; |
1572 |
options->compression = -1; |
| 1551 |
options->tcp_keep_alive = -1; |
1573 |
options->tcp_keep_alive = -1; |
| 1552 |
options->compression_level = -1; |
1574 |
options->compression_level = -1; |
|
|
1575 |
#ifdef SCTP |
| 1576 |
options->transport = -1; |
| 1577 |
#endif |
| 1553 |
options->port = -1; |
1578 |
options->port = -1; |
| 1554 |
options->address_family = -1; |
1579 |
options->address_family = -1; |
| 1555 |
options->connection_attempts = -1; |
1580 |
options->connection_attempts = -1; |
|
Lines 1683-1688
fill_default_options(Options * options)
Link Here
|
| 1683 |
options->tcp_keep_alive = 1; |
1708 |
options->tcp_keep_alive = 1; |
| 1684 |
if (options->compression_level == -1) |
1709 |
if (options->compression_level == -1) |
| 1685 |
options->compression_level = 6; |
1710 |
options->compression_level = 6; |
|
|
1711 |
#ifdef SCTP |
| 1712 |
if (options->transport == -1) |
| 1713 |
options->transport = TRANSPORT_TCP; |
| 1714 |
#endif |
| 1686 |
if (options->port == -1) |
1715 |
if (options->port == -1) |
| 1687 |
options->port = 0; /* Filled in ssh_connect. */ |
1716 |
options->port = 0; /* Filled in ssh_connect. */ |
| 1688 |
if (options->address_family == -1) |
1717 |
if (options->address_family == -1) |
| 1689 |
-- a/readconf.h |
1718 |
++ b/readconf.h |
|
Lines 28-33
struct allowed_cname {
Link Here
|
| 28 |
char *target_list; |
28 |
char *target_list; |
| 29 |
}; |
29 |
}; |
| 30 |
|
30 |
|
|
|
31 |
/* Transport protocols */ |
| 32 |
#define TRANSPORT_TCP 1 |
| 33 |
#define TRANSPORT_SCTP 2 |
| 34 |
|
| 31 |
typedef struct { |
35 |
typedef struct { |
| 32 |
int forward_agent; /* Forward authentication agent. */ |
36 |
int forward_agent; /* Forward authentication agent. */ |
| 33 |
int forward_x11; /* Forward X11 display. */ |
37 |
int forward_x11; /* Forward X11 display. */ |
|
Lines 61-66
typedef struct {
Link Here
|
| 61 |
int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ |
65 |
int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ |
| 62 |
LogLevel log_level; /* Level for logging. */ |
66 |
LogLevel log_level; /* Level for logging. */ |
| 63 |
|
67 |
|
|
|
68 |
#ifdef SCTP |
| 69 |
int transport; /* Transport protocol used. */ |
| 70 |
#endif |
| 64 |
int port; /* Port to connect. */ |
71 |
int port; /* Port to connect. */ |
| 65 |
int address_family; |
72 |
int address_family; |
| 66 |
int connection_attempts; /* Max attempts (seconds) before |
73 |
int connection_attempts; /* Max attempts (seconds) before |
| 67 |
-- a/scp.1 |
74 |
++ b/scp.1 |
|
Lines 19-25
Link Here
|
| 19 |
.Sh SYNOPSIS |
19 |
.Sh SYNOPSIS |
| 20 |
.Nm scp |
20 |
.Nm scp |
| 21 |
.Bk -words |
21 |
.Bk -words |
| 22 |
.Op Fl 12346BCpqrv |
22 |
.Op Fl 12346BCpqrvz |
| 23 |
.Op Fl c Ar cipher |
23 |
.Op Fl c Ar cipher |
| 24 |
.Op Fl F Ar ssh_config |
24 |
.Op Fl F Ar ssh_config |
| 25 |
.Op Fl i Ar identity_file |
25 |
.Op Fl i Ar identity_file |
|
Lines 178-183
For full details of the options listed b
Link Here
|
| 178 |
.It ServerAliveCountMax |
178 |
.It ServerAliveCountMax |
| 179 |
.It StrictHostKeyChecking |
179 |
.It StrictHostKeyChecking |
| 180 |
.It TCPKeepAlive |
180 |
.It TCPKeepAlive |
|
|
181 |
.It Transport |
| 181 |
.It UpdateHostKeys |
182 |
.It UpdateHostKeys |
| 182 |
.It UsePrivilegedPort |
183 |
.It UsePrivilegedPort |
| 183 |
.It User |
184 |
.It User |
|
Lines 218-223
and
Link Here
|
| 218 |
to print debugging messages about their progress. |
219 |
to print debugging messages about their progress. |
| 219 |
This is helpful in |
220 |
This is helpful in |
| 220 |
debugging connection, authentication, and configuration problems. |
221 |
debugging connection, authentication, and configuration problems. |
|
|
222 |
.It Fl z |
| 223 |
Use the SCTP protocol for connection instead of TCP which is the default. |
| 221 |
.El |
224 |
.El |
| 222 |
.Sh EXIT STATUS |
225 |
.Sh EXIT STATUS |
| 223 |
.Ex -std scp |
226 |
.Ex -std scp |
| 224 |
-- a/scp.c |
227 |
++ b/scp.c |
|
Lines 395-401
main(int argc, char **argv)
Link Here
|
| 395 |
addargs(&args, "-oClearAllForwardings=yes"); |
395 |
addargs(&args, "-oClearAllForwardings=yes"); |
| 396 |
|
396 |
|
| 397 |
fflag = tflag = 0; |
397 |
fflag = tflag = 0; |
|
|
398 |
#ifdef SCTP |
| 399 |
while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:z")) != -1) |
| 400 |
#else |
| 398 |
while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1) |
401 |
while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1) |
|
|
402 |
#endif |
| 399 |
switch (ch) { |
403 |
switch (ch) { |
| 400 |
/* User-visible flags. */ |
404 |
/* User-visible flags. */ |
| 401 |
case '1': |
405 |
case '1': |
|
Lines 403-408
main(int argc, char **argv)
Link Here
|
| 403 |
case '4': |
407 |
case '4': |
| 404 |
case '6': |
408 |
case '6': |
| 405 |
case 'C': |
409 |
case 'C': |
|
|
410 |
#ifdef SCTP |
| 411 |
case 'z': |
| 412 |
#endif |
| 406 |
addargs(&args, "-%c", ch); |
413 |
addargs(&args, "-%c", ch); |
| 407 |
addargs(&remote_remote_args, "-%c", ch); |
414 |
addargs(&remote_remote_args, "-%c", ch); |
| 408 |
break; |
415 |
break; |
| 409 |
-- a/servconf.c |
416 |
++ b/servconf.c |
|
Lines 129-134
initialize_server_options(ServerOptions
Link Here
|
| 129 |
options->ciphers = NULL; |
129 |
options->ciphers = NULL; |
| 130 |
options->macs = NULL; |
130 |
options->macs = NULL; |
| 131 |
options->kex_algorithms = NULL; |
131 |
options->kex_algorithms = NULL; |
|
|
132 |
#ifdef SCTP |
| 133 |
options->transport = -1; |
| 134 |
#endif |
| 132 |
options->protocol = SSH_PROTO_UNKNOWN; |
135 |
options->protocol = SSH_PROTO_UNKNOWN; |
| 133 |
options->fwd_opts.gateway_ports = -1; |
136 |
options->fwd_opts.gateway_ports = -1; |
| 134 |
options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; |
137 |
options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; |
|
Lines 276-281
fill_default_server_options(ServerOption
Link Here
|
| 276 |
options->allow_streamlocal_forwarding = FORWARD_ALLOW; |
279 |
options->allow_streamlocal_forwarding = FORWARD_ALLOW; |
| 277 |
if (options->allow_agent_forwarding == -1) |
280 |
if (options->allow_agent_forwarding == -1) |
| 278 |
options->allow_agent_forwarding = 1; |
281 |
options->allow_agent_forwarding = 1; |
|
|
282 |
#ifdef SCTP |
| 283 |
if (options->transport == -1) |
| 284 |
options->transport = TRANSPORT_TCP; |
| 285 |
#endif |
| 279 |
if (options->fwd_opts.gateway_ports == -1) |
286 |
if (options->fwd_opts.gateway_ports == -1) |
| 280 |
options->fwd_opts.gateway_ports = 0; |
287 |
options->fwd_opts.gateway_ports = 0; |
| 281 |
if (options->max_startups == -1) |
288 |
if (options->max_startups == -1) |
|
Lines 341-346
typedef enum {
Link Here
|
| 341 |
sKerberosTgtPassing, sChallengeResponseAuthentication, |
348 |
sKerberosTgtPassing, sChallengeResponseAuthentication, |
| 342 |
sPasswordAuthentication, sKbdInteractiveAuthentication, |
349 |
sPasswordAuthentication, sKbdInteractiveAuthentication, |
| 343 |
sListenAddress, sAddressFamily, |
350 |
sListenAddress, sAddressFamily, |
|
|
351 |
#ifdef SCTP |
| 352 |
sTransport, sListenMultipleAddresses, |
| 353 |
#endif |
| 344 |
sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
354 |
sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
| 345 |
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
355 |
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
| 346 |
sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, |
356 |
sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, |
|
Lines 431-436
static struct {
Link Here
|
| 431 |
{ "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ |
441 |
{ "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ |
| 432 |
{ "checkmail", sDeprecated, SSHCFG_GLOBAL }, |
442 |
{ "checkmail", sDeprecated, SSHCFG_GLOBAL }, |
| 433 |
{ "listenaddress", sListenAddress, SSHCFG_GLOBAL }, |
443 |
{ "listenaddress", sListenAddress, SSHCFG_GLOBAL }, |
|
|
444 |
#ifdef SCTP |
| 445 |
{ "listenmultipleaddresses", sListenMultipleAddresses, SSHCFG_GLOBAL }, |
| 446 |
#endif |
| 434 |
{ "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, |
447 |
{ "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, |
| 435 |
{ "printmotd", sPrintMotd, SSHCFG_GLOBAL }, |
448 |
{ "printmotd", sPrintMotd, SSHCFG_GLOBAL }, |
| 436 |
{ "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, |
449 |
{ "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, |
|
Lines 456-461
static struct {
Link Here
|
| 456 |
{ "denygroups", sDenyGroups, SSHCFG_ALL }, |
469 |
{ "denygroups", sDenyGroups, SSHCFG_ALL }, |
| 457 |
{ "ciphers", sCiphers, SSHCFG_GLOBAL }, |
470 |
{ "ciphers", sCiphers, SSHCFG_GLOBAL }, |
| 458 |
{ "macs", sMacs, SSHCFG_GLOBAL }, |
471 |
{ "macs", sMacs, SSHCFG_GLOBAL }, |
|
|
472 |
#ifdef SCTP |
| 473 |
{ "transport", sTransport, SSHCFG_GLOBAL }, |
| 474 |
#endif |
| 459 |
{ "protocol", sProtocol, SSHCFG_GLOBAL }, |
475 |
{ "protocol", sProtocol, SSHCFG_GLOBAL }, |
| 460 |
{ "gatewayports", sGatewayPorts, SSHCFG_ALL }, |
476 |
{ "gatewayports", sGatewayPorts, SSHCFG_ALL }, |
| 461 |
{ "subsystem", sSubsystem, SSHCFG_GLOBAL }, |
477 |
{ "subsystem", sSubsystem, SSHCFG_GLOBAL }, |
|
Lines 594-599
get_connection_info(int populate, int us
Link Here
|
| 594 |
return &ci; |
610 |
return &ci; |
| 595 |
} |
611 |
} |
| 596 |
|
612 |
|
|
|
613 |
#ifdef SCTP |
| 614 |
static void |
| 615 |
add_one_listen_multiple_addr(ServerOptions *options, char *addr, int port, int last) |
| 616 |
{ |
| 617 |
struct addrinfo hints, *ai, *aitop; |
| 618 |
char strport[NI_MAXSERV]; |
| 619 |
int gaierr; |
| 620 |
|
| 621 |
memset(&hints, 0, sizeof(hints)); |
| 622 |
hints.ai_family = options->address_family; |
| 623 |
hints.ai_socktype = SOCK_STREAM; |
| 624 |
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; |
| 625 |
snprintf(strport, sizeof strport, "%d", port); |
| 626 |
if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) |
| 627 |
fatal("bad addr or host: %s (%s)", |
| 628 |
addr ? addr : "<NULL>", |
| 629 |
ssh_gai_strerror(gaierr)); |
| 630 |
/* Mark addresses as multihomed */ |
| 631 |
for (ai = aitop; ai->ai_next; ai = ai->ai_next) |
| 632 |
ai->ai_flags = IS_MULTIPLE_ADDR; |
| 633 |
ai->ai_flags = IS_MULTIPLE_ADDR; |
| 634 |
ai->ai_next = options->listen_addrs; |
| 635 |
options->listen_addrs = aitop; |
| 636 |
|
| 637 |
if (last) { |
| 638 |
aitop->ai_flags = 0; |
| 639 |
} |
| 640 |
} |
| 641 |
|
| 642 |
static void |
| 643 |
add_listen_multiple_addrs(ServerOptions *options, char *addrs, int port) |
| 644 |
{ |
| 645 |
u_int i, num_addrs; |
| 646 |
char **addrsptr, *p; |
| 647 |
|
| 648 |
if (options->num_ports == 0) |
| 649 |
options->ports[options->num_ports++] = SSH_DEFAULT_PORT; |
| 650 |
if (options->address_family == -1) |
| 651 |
options->address_family = AF_UNSPEC; |
| 652 |
|
| 653 |
num_addrs = 1; |
| 654 |
p = addrs; |
| 655 |
while ((p = strchr(p, ',')) != NULL) { |
| 656 |
num_addrs++; |
| 657 |
p++; |
| 658 |
} |
| 659 |
debug("found %d addresses for multi-homing", num_addrs); |
| 660 |
|
| 661 |
addrsptr = xmalloc(num_addrs * sizeof(char*)); |
| 662 |
p = addrs; |
| 663 |
for (i = 0; i < num_addrs; i++) { |
| 664 |
addrsptr[i] = p; |
| 665 |
p = strchr(p+1, ','); |
| 666 |
if (p != NULL) |
| 667 |
*(p++) = '\0'; |
| 668 |
} |
| 669 |
|
| 670 |
if (port == 0) |
| 671 |
for (i = 0; i < options->num_ports; i++) { |
| 672 |
while (--num_addrs) { |
| 673 |
add_one_listen_multiple_addr(options, addrsptr[num_addrs], options->ports[i], 0); |
| 674 |
} |
| 675 |
add_one_listen_multiple_addr(options, addrs, options->ports[i], 1); |
| 676 |
} |
| 677 |
else { |
| 678 |
while (--num_addrs) { |
| 679 |
add_one_listen_multiple_addr(options, addrsptr[num_addrs], port, 0); |
| 680 |
} |
| 681 |
add_one_listen_multiple_addr(options, addrs, port, 1); |
| 682 |
} |
| 683 |
|
| 684 |
free(addrsptr); |
| 685 |
} |
| 686 |
#endif |
| 687 |
|
| 597 |
/* |
688 |
/* |
| 598 |
* The strategy for the Match blocks is that the config file is parsed twice. |
689 |
* The strategy for the Match blocks is that the config file is parsed twice. |
| 599 |
* |
690 |
* |
|
Lines 942-947
process_server_config_line(ServerOptions
Link Here
|
| 942 |
intptr = &options->key_regeneration_time; |
1033 |
intptr = &options->key_regeneration_time; |
| 943 |
goto parse_time; |
1034 |
goto parse_time; |
| 944 |
|
1035 |
|
|
|
1036 |
#ifdef SCTP |
| 1037 |
case sListenMultipleAddresses: |
| 1038 |
arg = strdelim(&cp); |
| 1039 |
if (arg == NULL || *arg == '\0') |
| 1040 |
fatal("%s line %d: missing addresses", |
| 1041 |
filename, linenum); |
| 1042 |
|
| 1043 |
/* Check for appended port */ |
| 1044 |
p = strchr(arg, ';'); |
| 1045 |
if (p != NULL) { |
| 1046 |
if ((port = a2port(p + 1)) <= 0) |
| 1047 |
fatal("%s line %d: bad port number", filename, linenum); |
| 1048 |
*p = '\0'; |
| 1049 |
} else { |
| 1050 |
port = 0; |
| 1051 |
} |
| 1052 |
add_listen_multiple_addrs(options, arg, port); |
| 1053 |
break; |
| 1054 |
#endif |
| 1055 |
|
| 945 |
case sListenAddress: |
1056 |
case sListenAddress: |
| 946 |
arg = strdelim(&cp); |
1057 |
arg = strdelim(&cp); |
| 947 |
if (arg == NULL || *arg == '\0') |
1058 |
if (arg == NULL || *arg == '\0') |
|
Lines 1340-1345
process_server_config_line(ServerOptions
Link Here
|
| 1340 |
options->kex_algorithms = xstrdup(arg); |
1451 |
options->kex_algorithms = xstrdup(arg); |
| 1341 |
break; |
1452 |
break; |
| 1342 |
|
1453 |
|
|
|
1454 |
#ifdef SCTP |
| 1455 |
case sTransport: |
| 1456 |
arg = strdelim(&cp); |
| 1457 |
if (!arg || *arg == '\0') |
| 1458 |
fatal("%s line %d: missing transport protocol specification", |
| 1459 |
filename, linenum); |
| 1460 |
if (strcasecmp(arg, "all") == 0) |
| 1461 |
options->transport = TRANSPORT_ALL; |
| 1462 |
else if (strcasecmp(arg, "tcp") == 0) |
| 1463 |
options->transport = TRANSPORT_TCP; |
| 1464 |
else if (strcasecmp(arg, "sctp") == 0) |
| 1465 |
options->transport = TRANSPORT_SCTP; |
| 1466 |
else |
| 1467 |
fatal("%s line %d: unknown transport protocol specified", |
| 1468 |
filename, linenum); |
| 1469 |
break; |
| 1470 |
#endif |
| 1471 |
|
| 1343 |
case sProtocol: |
1472 |
case sProtocol: |
| 1344 |
intptr = &options->protocol; |
1473 |
intptr = &options->protocol; |
| 1345 |
arg = strdelim(&cp); |
1474 |
arg = strdelim(&cp); |
|
Lines 1805-1810
copy_set_server_options(ServerOptions *d
Link Here
|
| 1805 |
M_CP_INTOPT(allow_streamlocal_forwarding); |
1934 |
M_CP_INTOPT(allow_streamlocal_forwarding); |
| 1806 |
M_CP_INTOPT(allow_agent_forwarding); |
1935 |
M_CP_INTOPT(allow_agent_forwarding); |
| 1807 |
M_CP_INTOPT(permit_tun); |
1936 |
M_CP_INTOPT(permit_tun); |
|
|
1937 |
#ifdef SCTP |
| 1938 |
M_CP_INTOPT(transport); |
| 1939 |
#endif |
| 1808 |
M_CP_INTOPT(fwd_opts.gateway_ports); |
1940 |
M_CP_INTOPT(fwd_opts.gateway_ports); |
| 1809 |
M_CP_INTOPT(x11_display_offset); |
1941 |
M_CP_INTOPT(x11_display_offset); |
| 1810 |
M_CP_INTOPT(x11_forwarding); |
1942 |
M_CP_INTOPT(x11_forwarding); |
|
Lines 2061-2066
dump_config(ServerOptions *o)
Link Here
|
| 2061 |
dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); |
2193 |
dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); |
| 2062 |
dump_cfg_fmtint(sUseLogin, o->use_login); |
2194 |
dump_cfg_fmtint(sUseLogin, o->use_login); |
| 2063 |
dump_cfg_fmtint(sCompression, o->compression); |
2195 |
dump_cfg_fmtint(sCompression, o->compression); |
|
|
2196 |
#ifdef SCTP |
| 2197 |
dump_cfg_fmtint(sTransport, o->transport); |
| 2198 |
#endif |
| 2064 |
dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); |
2199 |
dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); |
| 2065 |
dump_cfg_fmtint(sUseDNS, o->use_dns); |
2200 |
dump_cfg_fmtint(sUseDNS, o->use_dns); |
| 2066 |
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); |
2201 |
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); |
| 2067 |
-- a/servconf.h |
2202 |
++ b/servconf.h |
|
Lines 54-59
Link Here
|
| 54 |
/* Magic name for internal sftp-server */ |
54 |
/* Magic name for internal sftp-server */ |
| 55 |
#define INTERNAL_SFTP_NAME "internal-sftp" |
55 |
#define INTERNAL_SFTP_NAME "internal-sftp" |
| 56 |
|
56 |
|
|
|
57 |
#ifdef SCTP |
| 58 |
/* Transport protocols */ |
| 59 |
#define TRANSPORT_TCP 1 |
| 60 |
#define TRANSPORT_SCTP 2 |
| 61 |
#define TRANSPORT_ALL (TRANSPORT_TCP | TRANSPORT_SCTP) |
| 62 |
|
| 63 |
#define IS_MULTIPLE_ADDR 0x1000 |
| 64 |
#endif |
| 65 |
|
| 57 |
typedef struct { |
66 |
typedef struct { |
| 58 |
u_int num_ports; |
67 |
u_int num_ports; |
| 59 |
u_int ports_from_cmdline; |
68 |
u_int ports_from_cmdline; |
|
Lines 91-96
typedef struct {
Link Here
|
| 91 |
char *ciphers; /* Supported SSH2 ciphers. */ |
100 |
char *ciphers; /* Supported SSH2 ciphers. */ |
| 92 |
char *macs; /* Supported SSH2 macs. */ |
101 |
char *macs; /* Supported SSH2 macs. */ |
| 93 |
char *kex_algorithms; /* SSH2 kex methods in order of preference. */ |
102 |
char *kex_algorithms; /* SSH2 kex methods in order of preference. */ |
|
|
103 |
#ifdef SCTP |
| 104 |
int transport; /* Transport protocol(s) used */ |
| 105 |
#endif |
| 94 |
int protocol; /* Supported protocol versions. */ |
106 |
int protocol; /* Supported protocol versions. */ |
| 95 |
struct ForwardOptions fwd_opts; /* forwarding options */ |
107 |
struct ForwardOptions fwd_opts; /* forwarding options */ |
| 96 |
SyslogFacility log_facility; /* Facility for system logging. */ |
108 |
SyslogFacility log_facility; /* Facility for system logging. */ |
| 97 |
-- a/ssh.1 |
109 |
++ b/ssh.1 |
|
Lines 43-49
Link Here
|
| 43 |
.Sh SYNOPSIS |
43 |
.Sh SYNOPSIS |
| 44 |
.Nm ssh |
44 |
.Nm ssh |
| 45 |
.Bk -words |
45 |
.Bk -words |
| 46 |
.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy |
46 |
.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz |
| 47 |
.Op Fl b Ar bind_address |
47 |
.Op Fl b Ar bind_address |
| 48 |
.Op Fl c Ar cipher_spec |
48 |
.Op Fl c Ar cipher_spec |
| 49 |
.Op Fl D Oo Ar bind_address : Oc Ns Ar port |
49 |
.Op Fl D Oo Ar bind_address : Oc Ns Ar port |
|
Lines 473-478
For full details of the options listed b
Link Here
|
| 473 |
.It StreamLocalBindUnlink |
473 |
.It StreamLocalBindUnlink |
| 474 |
.It StrictHostKeyChecking |
474 |
.It StrictHostKeyChecking |
| 475 |
.It TCPKeepAlive |
475 |
.It TCPKeepAlive |
|
|
476 |
.It Transport |
| 476 |
.It Tunnel |
477 |
.It Tunnel |
| 477 |
.It TunnelDevice |
478 |
.It TunnelDevice |
| 478 |
.It UsePrivilegedPort |
479 |
.It UsePrivilegedPort |
|
Lines 665-670
Trusted X11 forwardings are not subjecte
Link Here
|
| 665 |
controls. |
666 |
controls. |
| 666 |
.It Fl y |
667 |
.It Fl y |
| 667 |
Send log information using the |
668 |
Send log information using the |
|
|
669 |
.It Fl z |
| 670 |
Use the SCTP protocol for connection instead of TCP which is the default. |
| 668 |
.Xr syslog 3 |
671 |
.Xr syslog 3 |
| 669 |
system module. |
672 |
system module. |
| 670 |
By default this information is sent to stderr. |
673 |
By default this information is sent to stderr. |
| 671 |
-- a/ssh.c |
674 |
++ b/ssh.c |
|
Lines 194-205
extern int muxserver_sock;
Link Here
|
| 194 |
extern u_int muxclient_command; |
194 |
extern u_int muxclient_command; |
| 195 |
|
195 |
|
| 196 |
/* Prints a help message to the user. This function never returns. */ |
196 |
/* Prints a help message to the user. This function never returns. */ |
|
|
197 |
#ifdef SCTP |
| 198 |
#define SCTP_OPT "z" |
| 199 |
#else |
| 200 |
#define SCTP_OPT "" |
| 201 |
#endif |
| 197 |
|
202 |
|
| 198 |
static void |
203 |
static void |
| 199 |
usage(void) |
204 |
usage(void) |
| 200 |
{ |
205 |
{ |
| 201 |
fprintf(stderr, |
206 |
fprintf(stderr, |
| 202 |
"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" |
207 |
"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n" |
| 203 |
" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" |
208 |
" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" |
| 204 |
" [-F configfile] [-I pkcs11] [-i identity_file]\n" |
209 |
" [-F configfile] [-I pkcs11] [-i identity_file]\n" |
| 205 |
" [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n" |
210 |
" [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n" |
|
Lines 506-512
main(int ac, char **av)
Link Here
|
| 506 |
argv0 = av[0]; |
512 |
argv0 = av[0]; |
| 507 |
|
513 |
|
| 508 |
again: |
514 |
again: |
| 509 |
while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" |
515 |
while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT |
| 510 |
"ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { |
516 |
"ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { |
| 511 |
switch (opt) { |
517 |
switch (opt) { |
| 512 |
case '1': |
518 |
case '1': |
|
Lines 732-737
main(int ac, char **av)
Link Here
|
| 732 |
else |
738 |
else |
| 733 |
options.control_master = SSHCTL_MASTER_YES; |
739 |
options.control_master = SSHCTL_MASTER_YES; |
| 734 |
break; |
740 |
break; |
|
|
741 |
#ifdef SCTP |
| 742 |
case 'z': |
| 743 |
options.transport = TRANSPORT_SCTP; |
| 744 |
break; |
| 745 |
#endif |
| 735 |
case 'p': |
746 |
case 'p': |
| 736 |
options.port = a2port(optarg); |
747 |
options.port = a2port(optarg); |
| 737 |
if (options.port <= 0) { |
748 |
if (options.port <= 0) { |
| 738 |
-- a/ssh_config.5 |
749 |
++ b/ssh_config.5 |
|
Lines 1380-1385
This is important in scripts, and many u
Link Here
|
| 1380 |
.Pp |
1380 |
.Pp |
| 1381 |
To disable TCP keepalive messages, the value should be set to |
1381 |
To disable TCP keepalive messages, the value should be set to |
| 1382 |
.Dq no . |
1382 |
.Dq no . |
|
|
1383 |
.It Cm Transport |
| 1384 |
Specifies the transport protocol while connecting. Valid values are |
| 1385 |
.Dq TCP |
| 1386 |
and |
| 1387 |
.Dq SCTP . |
| 1388 |
The default is TCP. |
| 1383 |
.It Cm Tunnel |
1389 |
.It Cm Tunnel |
| 1384 |
Request |
1390 |
Request |
| 1385 |
.Xr tun 4 |
1391 |
.Xr tun 4 |
| 1386 |
-- a/sshconnect.c |
1392 |
++ b/sshconnect.c |
|
Lines 63-68
Link Here
|
| 63 |
#include "ssh2.h" |
63 |
#include "ssh2.h" |
| 64 |
#include "version.h" |
64 |
#include "version.h" |
| 65 |
|
65 |
|
|
|
66 |
#ifdef SCTP |
| 67 |
#include <netinet/sctp.h> |
| 68 |
#endif |
| 69 |
|
| 66 |
char *client_version_string = NULL; |
70 |
char *client_version_string = NULL; |
| 67 |
char *server_version_string = NULL; |
71 |
char *server_version_string = NULL; |
| 68 |
Key *previous_host_key = NULL; |
72 |
Key *previous_host_key = NULL; |
|
Lines 271-276
ssh_create_socket(int privileged, struct
Link Here
|
| 271 |
{ |
275 |
{ |
| 272 |
int sock, r, gaierr; |
276 |
int sock, r, gaierr; |
| 273 |
struct addrinfo hints, *res = NULL; |
277 |
struct addrinfo hints, *res = NULL; |
|
|
278 |
#ifdef SCTP |
| 279 |
char *more_addrs, *next_addr; |
| 280 |
#endif |
| 274 |
|
281 |
|
| 275 |
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); |
282 |
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); |
| 276 |
if (sock < 0) { |
283 |
if (sock < 0) { |
|
Lines 284-293
ssh_create_socket(int privileged, struct
Link Here
|
| 284 |
return sock; |
291 |
return sock; |
| 285 |
|
292 |
|
| 286 |
if (options.bind_address) { |
293 |
if (options.bind_address) { |
|
|
294 |
#ifdef SCTP |
| 295 |
/* Check if multiple addresses have been specified */ |
| 296 |
if ((more_addrs = strchr(options.bind_address, ',')) != NULL) { |
| 297 |
*(more_addrs++) = '\0'; |
| 298 |
} |
| 299 |
#endif |
| 287 |
memset(&hints, 0, sizeof(hints)); |
300 |
memset(&hints, 0, sizeof(hints)); |
| 288 |
hints.ai_family = ai->ai_family; |
301 |
hints.ai_family = ai->ai_family; |
| 289 |
hints.ai_socktype = ai->ai_socktype; |
302 |
hints.ai_socktype = ai->ai_socktype; |
|
|
303 |
#ifndef SCTP |
| 304 |
/* Only specify protocol if SCTP is not used, due |
| 305 |
* to the lack of SCTP support for getaddrinfo() |
| 306 |
*/ |
| 290 |
hints.ai_protocol = ai->ai_protocol; |
307 |
hints.ai_protocol = ai->ai_protocol; |
|
|
308 |
#endif |
| 291 |
hints.ai_flags = AI_PASSIVE; |
309 |
hints.ai_flags = AI_PASSIVE; |
| 292 |
gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res); |
310 |
gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res); |
| 293 |
if (gaierr) { |
311 |
if (gaierr) { |
|
Lines 320-325
ssh_create_socket(int privileged, struct
Link Here
|
| 320 |
return -1; |
338 |
return -1; |
| 321 |
} |
339 |
} |
| 322 |
} |
340 |
} |
|
|
341 |
#ifdef SCTP |
| 342 |
/* If there are multiple addresses, bind them too */ |
| 343 |
if (more_addrs) { |
| 344 |
do { |
| 345 |
next_addr = strchr(more_addrs, ','); |
| 346 |
if (next_addr != NULL) { |
| 347 |
*(next_addr++) = '\0'; |
| 348 |
} |
| 349 |
|
| 350 |
gaierr = getaddrinfo(more_addrs, NULL, &hints, &res); |
| 351 |
if (gaierr) { |
| 352 |
error("getaddrinfo: %s: %s", more_addrs, |
| 353 |
ssh_gai_strerror(gaierr)); |
| 354 |
close(sock); |
| 355 |
return -1; |
| 356 |
} |
| 357 |
if (sctp_bindx(sock, (struct sockaddr *)res->ai_addr, |
| 358 |
1, SCTP_BINDX_ADD_ADDR) != 0) { |
| 359 |
error("bind: %s: %s", options.bind_address, strerror(errno)); |
| 360 |
close(sock); |
| 361 |
freeaddrinfo(res); |
| 362 |
return -1; |
| 363 |
} |
| 364 |
|
| 365 |
more_addrs = next_addr; |
| 366 |
} while (next_addr != NULL); |
| 367 |
} |
| 368 |
#endif |
| 323 |
if (res != NULL) |
369 |
if (res != NULL) |
| 324 |
freeaddrinfo(res); |
370 |
freeaddrinfo(res); |
| 325 |
return sock; |
371 |
return sock; |
|
Lines 431-436
ssh_connect_direct(const char *host, str
Link Here
|
| 431 |
|
477 |
|
| 432 |
debug2("ssh_connect: needpriv %d", needpriv); |
478 |
debug2("ssh_connect: needpriv %d", needpriv); |
| 433 |
|
479 |
|
|
|
480 |
#ifdef SCTP |
| 481 |
/* Use SCTP if requested */ |
| 482 |
if (options.transport == TRANSPORT_SCTP) { |
| 483 |
for (ai = aitop; ai; ai = ai->ai_next) { |
| 484 |
ai->ai_protocol = IPPROTO_SCTP; |
| 485 |
} |
| 486 |
} |
| 487 |
#endif |
| 488 |
|
| 434 |
for (attempt = 0; attempt < connection_attempts; attempt++) { |
489 |
for (attempt = 0; attempt < connection_attempts; attempt++) { |
| 435 |
if (attempt > 0) { |
490 |
if (attempt > 0) { |
| 436 |
/* Sleep a moment before retrying. */ |
491 |
/* Sleep a moment before retrying. */ |
| 437 |
-- a/sshd.c |
492 |
++ b/sshd.c |
|
Lines 123-128
Link Here
|
| 123 |
#include "ssh-sandbox.h" |
123 |
#include "ssh-sandbox.h" |
| 124 |
#include "version.h" |
124 |
#include "version.h" |
| 125 |
|
125 |
|
|
|
126 |
#ifdef SCTP |
| 127 |
#include <netinet/sctp.h> |
| 128 |
#endif |
| 129 |
|
| 126 |
#ifndef O_NOCTTY |
130 |
#ifndef O_NOCTTY |
| 127 |
#define O_NOCTTY 0 |
131 |
#define O_NOCTTY 0 |
| 128 |
#endif |
132 |
#endif |
|
Lines 1096-1101
server_listen(void)
Link Here
|
| 1096 |
for (ai = options.listen_addrs; ai; ai = ai->ai_next) { |
1100 |
for (ai = options.listen_addrs; ai; ai = ai->ai_next) { |
| 1097 |
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) |
1101 |
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) |
| 1098 |
continue; |
1102 |
continue; |
|
|
1103 |
#ifdef SCTP |
| 1104 |
/* Ignore multi-homing addresses for TCP */ |
| 1105 |
if (ai->ai_flags & IS_MULTIPLE_ADDR || |
| 1106 |
(ai->ai_next != NULL && ai->ai_next->ai_flags & IS_MULTIPLE_ADDR)) |
| 1107 |
continue; |
| 1108 |
#endif |
| 1099 |
if (num_listen_socks >= MAX_LISTEN_SOCKS) |
1109 |
if (num_listen_socks >= MAX_LISTEN_SOCKS) |
| 1100 |
fatal("Too many listen sockets. " |
1110 |
fatal("Too many listen sockets. " |
| 1101 |
"Enlarge MAX_LISTEN_SOCKS"); |
1111 |
"Enlarge MAX_LISTEN_SOCKS"); |
|
Lines 1154-1159
server_listen(void)
Link Here
|
| 1154 |
fatal("Cannot bind any address."); |
1164 |
fatal("Cannot bind any address."); |
| 1155 |
} |
1165 |
} |
| 1156 |
|
1166 |
|
|
|
1167 |
#ifdef SCTP |
| 1168 |
/* |
| 1169 |
* Listen for SCTP connections |
| 1170 |
*/ |
| 1171 |
static void |
| 1172 |
server_listen_sctp(void) |
| 1173 |
{ |
| 1174 |
int ret, listen_sock, on = 1; |
| 1175 |
struct addrinfo *ai, *aiv6; |
| 1176 |
char ntop[NI_MAXHOST], strport[NI_MAXSERV]; |
| 1177 |
|
| 1178 |
for (ai = options.listen_addrs; ai; ai = ai->ai_next) { |
| 1179 |
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) |
| 1180 |
continue; |
| 1181 |
/* Ignore multi-homing addresses at this point */ |
| 1182 |
if (ai->ai_flags & IS_MULTIPLE_ADDR) |
| 1183 |
continue; |
| 1184 |
if (num_listen_socks >= MAX_LISTEN_SOCKS) |
| 1185 |
fatal("Too many listen sockets. " |
| 1186 |
"Enlarge MAX_LISTEN_SOCKS"); |
| 1187 |
if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, |
| 1188 |
ntop, sizeof(ntop), strport, sizeof(strport), |
| 1189 |
NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { |
| 1190 |
error("getnameinfo failed: %.100s", |
| 1191 |
ssh_gai_strerror(ret)); |
| 1192 |
continue; |
| 1193 |
} |
| 1194 |
/* Check for multi-homed IPv6 addresses if family is IPv4 */ |
| 1195 |
if (ai->ai_family == AF_INET) { |
| 1196 |
aiv6 = ai->ai_next; |
| 1197 |
while (aiv6 != NULL && aiv6->ai_flags & IS_MULTIPLE_ADDR) { |
| 1198 |
if (aiv6->ai_family == AF_INET6) { |
| 1199 |
ai->ai_family = AF_INET6; |
| 1200 |
break; |
| 1201 |
} |
| 1202 |
aiv6 = aiv6->ai_next; |
| 1203 |
} |
| 1204 |
} |
| 1205 |
|
| 1206 |
/* Create socket for listening. */ |
| 1207 |
listen_sock = socket(ai->ai_family, ai->ai_socktype, |
| 1208 |
IPPROTO_SCTP); |
| 1209 |
if (listen_sock < 0) { |
| 1210 |
/* kernel may not support ipv6 */ |
| 1211 |
verbose("SCTP socket: %.100s", strerror(errno)); |
| 1212 |
continue; |
| 1213 |
} |
| 1214 |
if (set_nonblock(listen_sock) == -1) { |
| 1215 |
close(listen_sock); |
| 1216 |
continue; |
| 1217 |
} |
| 1218 |
/* |
| 1219 |
* Set socket options. |
| 1220 |
* Allow local port reuse in TIME_WAIT. |
| 1221 |
*/ |
| 1222 |
if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, |
| 1223 |
&on, sizeof(on)) == -1) |
| 1224 |
error("SCTP setsockopt SO_REUSEADDR: %s", strerror(errno)); |
| 1225 |
|
| 1226 |
/* Only communicate in IPv6 over AF_INET6 sockets if not multi-homed. */ |
| 1227 |
if (ai->ai_family == AF_INET6 && (ai->ai_next == NULL || |
| 1228 |
(ai->ai_next != NULL && ai->ai_next->ai_flags == 0))) |
| 1229 |
sock_set_v6only(listen_sock); |
| 1230 |
|
| 1231 |
if (ai->ai_next != NULL && ai->ai_next->ai_flags & IS_MULTIPLE_ADDR) |
| 1232 |
debug("Bind multi-homed to SCTP port %s on %s.", strport, ntop); |
| 1233 |
else |
| 1234 |
debug("Bind to SCTP port %s on %s.", strport, ntop); |
| 1235 |
|
| 1236 |
/* Bind the socket to the desired port. */ |
| 1237 |
if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { |
| 1238 |
error("Bind to SCTP port %s on %s failed: %.200s.", |
| 1239 |
strport, ntop, strerror(errno)); |
| 1240 |
close(listen_sock); |
| 1241 |
continue; |
| 1242 |
} |
| 1243 |
|
| 1244 |
/* Bind multi-homing addresses */ |
| 1245 |
while (ai->ai_next != NULL && |
| 1246 |
ai->ai_next->ai_flags & IS_MULTIPLE_ADDR) { |
| 1247 |
ai = ai->ai_next; |
| 1248 |
|
| 1249 |
if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, |
| 1250 |
ntop, sizeof(ntop), strport, sizeof(strport), |
| 1251 |
NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { |
| 1252 |
error("getnameinfo failed: %.100s", |
| 1253 |
ssh_gai_strerror(ret)); |
| 1254 |
continue; |
| 1255 |
} |
| 1256 |
|
| 1257 |
debug("Bind multi-homed to SCTP port %s on %s.", strport, ntop); |
| 1258 |
|
| 1259 |
if (sctp_bindx(listen_sock, (struct sockaddr *)ai->ai_addr, 1, SCTP_BINDX_ADD_ADDR) != 0) { |
| 1260 |
error("Bind to SCTP port %s on %s failed: %.200s.", |
| 1261 |
strport, ntop, strerror(errno)); |
| 1262 |
close(listen_sock); |
| 1263 |
continue; |
| 1264 |
} |
| 1265 |
} |
| 1266 |
|
| 1267 |
listen_socks[num_listen_socks] = listen_sock; |
| 1268 |
num_listen_socks++; |
| 1269 |
|
| 1270 |
/* Start listening on the port. */ |
| 1271 |
if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0) |
| 1272 |
fatal("SCTP listen on [%s]:%s: %.100s", |
| 1273 |
ntop, strport, strerror(errno)); |
| 1274 |
if (ai->ai_flags & IS_MULTIPLE_ADDR) |
| 1275 |
logit("Server listening multi-homed with SCTP on port %s.", strport); |
| 1276 |
else |
| 1277 |
logit("Server listening with SCTP on %s port %s.", ntop, strport); |
| 1278 |
} |
| 1279 |
/* Only free addresses if SCTP is the only used protocol */ |
| 1280 |
if (options.transport == TRANSPORT_SCTP) |
| 1281 |
freeaddrinfo(options.listen_addrs); |
| 1282 |
|
| 1283 |
if (!num_listen_socks) |
| 1284 |
fatal("Cannot bind any address for SCTP."); |
| 1285 |
} |
| 1286 |
#endif |
| 1287 |
|
| 1157 |
/* |
1288 |
/* |
| 1158 |
* The main TCP accept loop. Note that, for the non-debug case, returns |
1289 |
* The main TCP accept loop. Note that, for the non-debug case, returns |
| 1159 |
* from this function are in a forked subprocess. |
1290 |
* from this function are in a forked subprocess. |
|
Lines 1917-1923
main(int ac, char **av)
Link Here
|
| 1917 |
server_accept_inetd(&sock_in, &sock_out); |
2048 |
server_accept_inetd(&sock_in, &sock_out); |
| 1918 |
} else { |
2049 |
} else { |
| 1919 |
platform_pre_listen(); |
2050 |
platform_pre_listen(); |
| 1920 |
server_listen(); |
2051 |
|
|
|
2052 |
#ifdef SCTP |
| 2053 |
if (options.transport & TRANSPORT_SCTP) |
| 2054 |
server_listen_sctp(); |
| 2055 |
|
| 2056 |
if (options.transport & TRANSPORT_TCP) |
| 2057 |
#endif |
| 2058 |
server_listen(); |
| 1921 |
|
2059 |
|
| 1922 |
if (options.protocol & SSH_PROTO_1) |
2060 |
if (options.protocol & SSH_PROTO_1) |
| 1923 |
generate_ephemeral_server_key(); |
2061 |
generate_ephemeral_server_key(); |
| 1924 |
-- a/sshd_config.5 |
2062 |
++ b/sshd_config.5 |
|
Lines 1279-1284
This avoids infinitely hanging sessions.
Link Here
|
| 1279 |
.Pp |
1279 |
.Pp |
| 1280 |
To disable TCP keepalive messages, the value should be set to |
1280 |
To disable TCP keepalive messages, the value should be set to |
| 1281 |
.Dq no . |
1281 |
.Dq no . |
|
|
1282 |
.It Cm Transport |
| 1283 |
Specifies the transport protocol that should be used by |
| 1284 |
.Xr sshd 8 . |
| 1285 |
Valid values are |
| 1286 |
.Dq TCP , |
| 1287 |
.Dq SCTP , |
| 1288 |
.Dq all. |
| 1289 |
The value |
| 1290 |
.Dq all |
| 1291 |
means to listen on TCP and SCTP sockets. The default is to listen only on |
| 1292 |
TCP sockets. |
| 1282 |
.It Cm TrustedUserCAKeys |
1293 |
.It Cm TrustedUserCAKeys |
| 1283 |
Specifies a file containing public keys of certificate authorities that are |
1294 |
Specifies a file containing public keys of certificate authorities that are |
| 1284 |
trusted to sign user certificates for authentication. |
1295 |
trusted to sign user certificates for authentication. |