Bugzilla – Attachment 3072 Details for
Bug 2784
Add native support for routing domains / VRF
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
add rdomain match criteria
0003-match-rdomain.patch (text/plain), 5.02 KB, created by
Damien Miller
on 2017-10-21 15:33:50 AEDT
(
hide
)
Description:
add rdomain match criteria
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2017-10-21 15:33:50 AEDT
Size:
5.02 KB
patch
obsolete
>From 8d2fec8a1abdcf09d1350eacaa1a24ae275accb5 Mon Sep 17 00:00:00 2001 >From: Damien Miller <djm@mindrot.org> >Date: Sat, 21 Oct 2017 15:02:14 +1100 >Subject: [PATCH 3/3] match rdomain > >--- > misc.c | 18 +++++++++++++++++- > misc.h | 1 + > packet.c | 12 ++++++++++++ > packet.h | 2 ++ > servconf.c | 13 +++++++++++++ > servconf.h | 1 + > sshd.c | 10 +++++++--- > 7 files changed, 53 insertions(+), 4 deletions(-) > >diff --git a/misc.c b/misc.c >index 14b4735..3a633ab 100644 >--- a/misc.c >+++ b/misc.c >@@ -168,7 +168,23 @@ set_reuseaddr(int fd) > return 0; > } > >-/* Set routing table */ >+/* Get/set routing domain */ >+char * >+get_rdomain(int fd) >+{ >+ int rtable; >+ char *ret; >+ socklen_t len = sizeof(rtable); >+ >+ if (getsockopt(fd, SOL_SOCKET, SO_RTABLE, &rtable, &len) == -1) { >+ error("Failed to get routing domain for fd %d: %s", >+ fd, strerror(errno)); >+ return NULL; >+ } >+ xasprintf(&ret, "%d", rtable); >+ return ret; >+} >+ > int > set_rdomain(int fd, const char *name) > { >diff --git a/misc.h b/misc.h >index 14a59c8..3f14cea 100644 >--- a/misc.h >+++ b/misc.h >@@ -49,6 +49,7 @@ int set_nonblock(int); > int unset_nonblock(int); > void set_nodelay(int); > int set_reuseaddr(int); >+char *get_rdomain(int); > int set_rdomain(int, const char *); > int a2port(const char *); > int a2tun(const char *, int *); >diff --git a/packet.c b/packet.c >index 1353ccf..7d98b6e 100644 >--- a/packet.c >+++ b/packet.c >@@ -546,6 +546,18 @@ ssh_local_port(struct ssh *ssh) > return ssh->local_port; > } > >+/* Returns the routing domain of the input socket, or NULL if unavailable */ >+const char * >+ssh_packet_rdomain_in(struct ssh *ssh) >+{ >+ if (ssh->rdomain_in != NULL) >+ return ssh->rdomain_in; >+ if (!ssh_packet_connection_is_on_socket(ssh)) >+ return NULL; >+ ssh->rdomain_in = get_rdomain(ssh->state->connection_in); >+ return ssh->rdomain_in; >+} >+ > /* Closes the connection and clears and frees internal data structures. */ > > static void >diff --git a/packet.h b/packet.h >index a6b132c..a1d83b4 100644 >--- a/packet.h >+++ b/packet.h >@@ -47,6 +47,7 @@ struct ssh { > int remote_port; > char *local_ipaddr; > int local_port; >+ char *rdomain_in; > > /* Optional preamble for log messages (e.g. username) */ > char *log_preamble; >@@ -148,6 +149,7 @@ const char *ssh_remote_ipaddr(struct ssh *); > int ssh_remote_port(struct ssh *); > const char *ssh_local_ipaddr(struct ssh *); > int ssh_local_port(struct ssh *); >+const char *ssh_packet_rdomain_in(struct ssh *); > > void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, u_int32_t); > time_t ssh_packet_get_rekey_timeout(struct ssh *); >diff --git a/servconf.c b/servconf.c >index 57f08ba..3338fe8 100644 >--- a/servconf.c >+++ b/servconf.c >@@ -805,6 +805,7 @@ get_connection_info(int populate, int use_dns) > ci.address = ssh_remote_ipaddr(ssh); > ci.laddress = ssh_local_ipaddr(ssh); > ci.lport = ssh_local_port(ssh); >+ ci.rdomain = ssh_packet_rdomain_in(ssh); > return &ci; > } > >@@ -988,6 +989,16 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) > ci->laddress, port, line); > else > result = 0; >+ } else if (strcasecmp(attrib, "rdomain") == 0) { >+ if (ci == NULL || ci->rdomain == NULL) { >+ result = 0; >+ continue; >+ } >+ if (match_pattern_list(ci->rdomain, arg, 0) != 1) >+ result = 0; >+ else >+ debug("user %.100s matched 'RDomain %.100s' at " >+ "line %d", ci->rdomain, arg, line); > } else { > error("Unsupported Match attribute %s", attrib); > return -1; >@@ -2024,6 +2035,8 @@ int parse_server_match_testspec(struct connection_info *ci, char *spec) > ci->user = xstrdup(p + 5); > } else if (strncmp(p, "laddr=", 6) == 0) { > ci->laddress = xstrdup(p + 6); >+ } else if (strncmp(p, "rdomain=", 8) == 0) { >+ ci->rdomain = xstrdup(p + 8); > } else if (strncmp(p, "lport=", 6) == 0) { > ci->lport = a2port(p + 6); > if (ci->lport == -1) { >diff --git a/servconf.h b/servconf.h >index 8fc816f..29a156b 100644 >--- a/servconf.h >+++ b/servconf.h >@@ -216,6 +216,7 @@ struct connection_info { > const char *address; /* remote address */ > const char *laddress; /* local address */ > int lport; /* local port */ >+ const char *rdomain; /* routing domain if available */ > }; > > >diff --git a/sshd.c b/sshd.c >index e417e2c..10e71c1 100644 >--- a/sshd.c >+++ b/sshd.c >@@ -1328,7 +1328,7 @@ main(int ac, char **av) > extern int optind; > int r, opt, on = 1, already_daemon, remote_port; > int sock_in = -1, sock_out = -1, newsock = -1; >- const char *remote_ip; >+ const char *remote_ip, *rdomain; > char *fp, *line, *laddr, *logfile = NULL; > int config_s[2] = { -1 , -1 }; > u_int i, j; >@@ -1866,10 +1866,14 @@ main(int ac, char **av) > */ > remote_ip = ssh_remote_ipaddr(ssh); > >+ rdomain = ssh_packet_rdomain_in(ssh); >+ > /* Log the connection. */ > laddr = get_local_ipaddr(sock_in); >- verbose("Connection from %s port %d on %s port %d", >- remote_ip, remote_port, laddr, ssh_local_port(ssh)); >+ verbose("Connection from %s port %d on %s port %d%s%s", >+ remote_ip, remote_port, laddr, ssh_local_port(ssh), >+ rdomain == NULL ? "" : " rdomain ", >+ rdomain == NULL ? "" : rdomain); > free(laddr); > > /* >-- >2.14.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3072">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2784
:
3061
|
3064
|
3070
|
3071
|
3072
|
3075
|
3076
|
3077
|
3078
|
3079
|
3080
|
3081
|
3082