Attachment #3075 for bug #2784




	free(local_ipaddr);
}

static void
channel_set_reuseaddr(int fd)
{
	int on = 1;

	/*
	 * Set socket options.
	 * Allow local port reuse in TIME_WAIT.
	 */
	if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1)
		error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno));
}

void
channel_set_x11_refuse_time(struct ssh *ssh, u_int refuse_time)
{

			continue;
		}

		set_reuseaddr(sock);

		debug("Local forwarding listening on %s port %s.",
		    ntop, strport);

				freeaddrinfo(aitop);
				return -1;
			}
			set_reuseaddr(sock);
			if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
				debug2("%s: bind port %d: %.100s", __func__,
				    port, strerror(errno));




		error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
}

/* Allow local port reuse in TIME_WAIT */
int
set_reuseaddr(int fd)
{
	int on = 1;

	if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) {
		error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno));
		return -1;
	}
	return 0;
}

/* Set routing table */
int
set_rdomain(int fd, const char *name)
{
	int rtable;
	const char *errstr;

	if (name == NULL)
		return 0; /* default table */

	rtable = (int)strtonum(name, 0, 255, &errstr);
	if (errstr != NULL) {
		/* Shouldn't happen */
		error("Invalid routing domain \"%s\": %s", name, errstr);
		return -1;
	}
	if (setsockopt(fd, SOL_SOCKET, SO_RTABLE,
	    &rtable, sizeof(rtable)) == -1) {
		error("Failed to set routing domain %d on fd %d: %s",
		    rtable, fd, strerror(errno));
		return -1;
	}
	return 0;
}

/* Characters considered whitespace in strsep calls. */
#define WHITESPACE " \t\r\n"
#define QUOTE	"\""

Lines 48-53 char strdelim(char *); Link Here

(-)a/misc.h (+2 lines)
48	int set_nonblock(int);	48	int set_nonblock(int);
49	int unset_nonblock(int);	49	int unset_nonblock(int);
50	void set_nodelay(int);	50	void set_nodelay(int);
		51	int set_reuseaddr(int);
		52	int set_rdomain(int, const char *);
51	int a2port(const char *);	53	int a2port(const char *);
52	int a2tun(const char , int );	54	int a2tun(const char , int );
53	char put_host_port(const char , u_short);	55	char put_host_port(const char , u_short);

Lines 14-22 Link Here

(-)a/servconf.c (-66 / +157 lines)
14	#include <sys/types.h>	14	#include <sys/types.h>
15	#include <sys/socket.h>	15	#include <sys/socket.h>
16	#include <sys/queue.h>	16	#include <sys/queue.h>
		17	#include <sys/sysctl.h>
17		18
18	#include <netinet/in.h>	19	#include <netinet/in.h>
19	#include <netinet/ip.h>	20	#include <netinet/ip.h>
		21	#include <net/route.h>
20		22
21	#include <ctype.h>	23	#include <ctype.h>
22	#include <netdb.h>	24	#include <netdb.h>
Lines 53-60 Link Here
53	#include "myproposal.h"	55	#include "myproposal.h"
54	#include "digest.h"	56	#include "digest.h"
55		57
56	static void add_listen_addr(ServerOptions , char , int);	58	static void add_listen_addr(ServerOptions , const char ,
57	static void add_one_listen_addr(ServerOptions , char , int);	59	const char *, int);
		60	static void add_one_listen_addr(ServerOptions , const char ,
		61	const char *, int);
58		62
59	/* Use of privilege separation or not */	63	/* Use of privilege separation or not */
60	extern int use_privsep;	64	extern int use_privsep;
Lines 71-76 initialize_server_options(ServerOptions *options) Link Here
71	options->queued_listen_addrs = NULL;	75	options->queued_listen_addrs = NULL;
72	options->num_queued_listens = 0;	76	options->num_queued_listens = 0;
73	options->listen_addrs = NULL;	77	options->listen_addrs = NULL;
		78	options->num_listen_addrs = 0;
74	options->address_family = -1;	79	options->address_family = -1;
75	options->num_host_key_files = 0;	80	options->num_host_key_files = 0;
76	options->num_host_cert_files = 0;	81	options->num_host_cert_files = 0;
Lines 235-241 fill_default_server_options(ServerOptions *options) Link Here
235	if (options->address_family == -1)	240	if (options->address_family == -1)
236	options->address_family = AF_UNSPEC;	241	options->address_family = AF_UNSPEC;
237	if (options->listen_addrs == NULL)	242	if (options->listen_addrs == NULL)
238	add_listen_addr(options, NULL, 0);	243	add_listen_addr(options, NULL, NULL, 0);
239	if (options->pid_file == NULL)	244	if (options->pid_file == NULL)
240	options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);	245	options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
241	if (options->login_grace_time == -1)	246	if (options->login_grace_time == -1)
Lines 612-634 derelativise_path(const char *path) Link Here
612	}	617	}
613		618
614	static void	619	static void
615	add_listen_addr(ServerOptions options, char addr, int port)	620	add_listen_addr(ServerOptions options, const char addr,
		621	const char *rdomain, int port)
616	{	622	{
617	u_int i;	623	u_int i;
618		624
619	if (port == 0)	625	if (port > 0)
620	for (i = 0; i < options->num_ports; i++)	626	add_one_listen_addr(options, addr, rdomain, port);
621	add_one_listen_addr(options, addr, options->ports[i]);	627	else {
622	else	628	for (i = 0; i < options->num_ports; i++) {
623	add_one_listen_addr(options, addr, port);	629	add_one_listen_addr(options, addr, rdomain,
		630	options->ports[i]);
		631	}
		632	}
624	}	633	}
625		634
626	static void	635	static void
627	add_one_listen_addr(ServerOptions options, char addr, int port)	636	add_one_listen_addr(ServerOptions options, const char addr,
		637	const char *rdomain, int port)
628	{	638	{
629	struct addrinfo hints, ai, aitop;	639	struct addrinfo hints, ai, aitop;
630	char strport[NI_MAXSERV];	640	char strport[NI_MAXSERV];
631	int gaierr;	641	int gaierr;
		642	u_int i;
		643
		644	/* Find listen_addrs entry for this rdomain */
		645	for (i = 0; i < options->num_listen_addrs; i++) {
		646	if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL)
		647	break;
		648	if (rdomain == NULL \|\| options->listen_addrs[i].rdomain == NULL)
		649	continue;
		650	if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0)
		651	break;
		652	}
		653	if (i >= options->num_listen_addrs) {
		654	/* No entry for this rdomain; allocate one */
		655	if (i >= INT_MAX)
		656	fatal("%s: too many listen addresses", __func__);
		657	options->listen_addrs = xrecallocarray(options->listen_addrs,
		658	options->num_listen_addrs, options->num_listen_addrs + 1,
		659	sizeof(*options->listen_addrs));
		660	i = options->num_listen_addrs++;
		661	if (rdomain != NULL)
		662	options->listen_addrs[i].rdomain = xstrdup(rdomain);
		663	}
		664	/* options->listen_addrs[i] points to the addresses for this rdomain */
632		665
633	memset(&hints, 0, sizeof(hints));	666	memset(&hints, 0, sizeof(hints));
634	hints.ai_family = options->address_family;	667	hints.ai_family = options->address_family;
Lines 641-648 add_one_listen_addr(ServerOptions options, char addr, int port) Link Here
641	ssh_gai_strerror(gaierr));	674	ssh_gai_strerror(gaierr));
642	for (ai = aitop; ai->ai_next; ai = ai->ai_next)	675	for (ai = aitop; ai->ai_next; ai = ai->ai_next)
643	;	676	;
644	ai->ai_next = options->listen_addrs;	677	ai->ai_next = options->listen_addrs[i].addrs;
645	options->listen_addrs = aitop;	678	options->listen_addrs[i].addrs = aitop;
		679	}
		680
		681	/* Returns nonzero if the routing domain name is valid */
		682	static int
		683	valid_rdomain(const char *name)
		684	{
		685	const char *errstr;
		686	long long num;
		687	struct rt_tableinfo info;
		688	int mib[6];
		689	size_t miblen = sizeof(mib);
		690
		691	if (name == NULL)
		692	return 1;
		693
		694	num = strtonum(name, 0, 255, &errstr);
		695	if (errstr != NULL)
		696	return 0;
		697
		698	/* Check whether the table actually exists */
		699	memset(mib, 0, sizeof(mib));
		700	mib[0] = CTL_NET;
		701	mib[1] = PF_ROUTE;
		702	mib[4] = NET_RT_TABLE;
		703	mib[5] = (int)num;
		704	if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1)
		705	return 0;
		706
		707	return 1;
646	}	708	}
647		709
648	/*	710	/*
Lines 650-667 add_one_listen_addr(ServerOptions options, char addr, int port) Link Here
650	* and AddressFamily options.	712	* and AddressFamily options.
651	*/	713	*/
652	static void	714	static void
653	queue_listen_addr(ServerOptions options, char addr, int port)	715	queue_listen_addr(ServerOptions options, const char addr,
		716	const char *rdomain, int port)
654	{	717	{
655	options->queued_listen_addrs = xreallocarray(	718	struct queued_listenaddr *qla;
656	options->queued_listen_addrs, options->num_queued_listens + 1,	719
657	sizeof(addr));	720	options->queued_listen_addrs = xrecallocarray(
658	options->queued_listen_ports = xreallocarray(	721	options->queued_listen_addrs,
659	options->queued_listen_ports, options->num_queued_listens + 1,	722	options->num_queued_listens, options->num_queued_listens + 1,
660	sizeof(port));	723	sizeof(*options->queued_listen_addrs));
661	options->queued_listen_addrs[options->num_queued_listens] =	724	qla = &options->queued_listen_addrs[options->num_queued_listens++];
662	xstrdup(addr);	725	qla->addr = xstrdup(addr);
663	options->queued_listen_ports[options->num_queued_listens] = port;	726	qla->port = port;
664	options->num_queued_listens++;	727	qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain);
665	}	728	}
666		729
667	/*	730	/*
Lines 671-676 static void Link Here
671	process_queued_listen_addrs(ServerOptions *options)	734	process_queued_listen_addrs(ServerOptions *options)
672	{	735	{
673	u_int i;	736	u_int i;
		737	struct queued_listenaddr *qla;
674		738
675	if (options->num_ports == 0)	739	if (options->num_ports == 0)
676	options->ports[options->num_ports++] = SSH_DEFAULT_PORT;	740	options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
Lines 678-692 process_queued_listen_addrs(ServerOptions *options) Link Here
678	options->address_family = AF_UNSPEC;	742	options->address_family = AF_UNSPEC;
679		743
680	for (i = 0; i < options->num_queued_listens; i++) {	744	for (i = 0; i < options->num_queued_listens; i++) {
681	add_listen_addr(options, options->queued_listen_addrs[i],	745	qla = &options->queued_listen_addrs[i];
682	options->queued_listen_ports[i]);	746	add_listen_addr(options, qla->addr, qla->rdomain, qla->port);
683	free(options->queued_listen_addrs[i]);	747	free(qla->addr);
684	options->queued_listen_addrs[i] = NULL;	748	free(qla->rdomain);
685	}	749	}
686	free(options->queued_listen_addrs);	750	free(options->queued_listen_addrs);
687	options->queued_listen_addrs = NULL;	751	options->queued_listen_addrs = NULL;
688	free(options->queued_listen_ports);
689	options->queued_listen_ports = NULL;
690	options->num_queued_listens = 0;	752	options->num_queued_listens = 0;
691	}	753	}
692		754
Lines 1075-1094 process_server_config_line(ServerOptions options, char line, Link Here
1075	/* check for bare IPv6 address: no "[]" and 2 or more ":" */	1137	/* check for bare IPv6 address: no "[]" and 2 or more ":" */
1076	if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL	1138	if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL
1077	&& strchr(p+1, ':') != NULL) {	1139	&& strchr(p+1, ':') != NULL) {
1078	queue_listen_addr(options, arg, 0);
1079	break;
1080	}
1081	p = hpdelim(&arg);
1082	if (p == NULL)
1083	fatal("%s line %d: bad address:port usage",
1084	filename, linenum);
1085	p = cleanhostname(p);
1086	if (arg == NULL)
1087	port = 0;	1140	port = 0;
1088	else if ((port = a2port(arg)) <= 0)	1141	p = arg;
1089	fatal("%s line %d: bad port number", filename, linenum);	1142	} else {
		1143	p = hpdelim(&arg);
		1144	if (p == NULL)
		1145	fatal("%s line %d: bad address:port usage",
		1146	filename, linenum);
		1147	p = cleanhostname(p);
		1148	if (arg == NULL)
		1149	port = 0;
		1150	else if ((port = a2port(arg)) <= 0)
		1151	fatal("%s line %d: bad port number",
		1152	filename, linenum);
		1153	}
		1154	/* Optional routing table */
		1155	arg2 = NULL;
		1156	if ((arg = strdelim(&cp)) != NULL) {
		1157	if (strcmp(arg, "rdomain") != 0 \|\|
		1158	(arg2 = strdelim(&cp)) == NULL)
		1159	fatal("%s line %d: bad ListenAddress syntax",
		1160	filename, linenum);
		1161	if (!valid_rdomain(arg2))
		1162	fatal("%s line %d: bad routing domain",
		1163	filename, linenum);
		1164	}
1090		1165
1091	queue_listen_addr(options, p, port);	1166	queue_listen_addr(options, p, arg2, port);
1092		1167
1093	break;	1168	break;
1094		1169
Lines 2199-2243 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) Link Here
2199	printf("\n");	2274	printf("\n");
2200	}	2275	}
2201		2276
2202	void	2277	static char *
2203	dump_config(ServerOptions *o)	2278	format_listen_addrs(struct listenaddr *la)
2204	{	2279	{
2205	u_int i;	2280	int r;
2206	int ret;
2207	struct addrinfo *ai;	2281	struct addrinfo *ai;
2208	char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL;	2282	char addr[NI_MAXHOST], port[NI_MAXSERV];
2209	char laddr1 = xstrdup(""), laddr2 = NULL;	2283	char laddr1 = xstrdup(""), laddr2 = NULL;
2210		2284
2211	/* these are usually at the top of the config */
2212	for (i = 0; i < o->num_ports; i++)
2213	printf("port %d\n", o->ports[i]);
2214	dump_cfg_fmtint(sAddressFamily, o->address_family);
2215
2216	/*	2285	/*
2217	* ListenAddress must be after Port. add_one_listen_addr pushes	2286	* ListenAddress must be after Port. add_one_listen_addr pushes
2218	* addresses onto a stack, so to maintain ordering we need to	2287	* addresses onto a stack, so to maintain ordering we need to
2219	* print these in reverse order.	2288	* print these in reverse order.
2220	*/	2289	*/
2221	for (ai = o->listen_addrs; ai; ai = ai->ai_next) {	2290	for (ai = la->addrs; ai; ai = ai->ai_next) {
2222	if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,	2291	if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
2223	sizeof(addr), port, sizeof(port),	2292	sizeof(addr), port, sizeof(port),
2224	NI_NUMERICHOST\|NI_NUMERICSERV)) != 0) {	2293	NI_NUMERICHOST\|NI_NUMERICSERV)) != 0) {
2225	error("getnameinfo failed: %.100s",	2294	error("getnameinfo: %.100s", ssh_gai_strerror(r));
2226	(ret != EAI_SYSTEM) ? gai_strerror(ret) :	2295	continue;
2227	strerror(errno));	2296	}
		2297	laddr2 = laddr1;
		2298	if (ai->ai_family == AF_INET6) {
		2299	xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s",
		2300	addr, port,
		2301	la->rdomain == NULL ? "" : " rdomain ",
		2302	la->rdomain == NULL ? "" : la->rdomain,
		2303	laddr2);
2228	} else {	2304	} else {
2229	laddr2 = laddr1;	2305	xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s",
2230	if (ai->ai_family == AF_INET6)	2306	addr, port,
2231	xasprintf(&laddr1, "listenaddress [%s]:%s\n%s",	2307	la->rdomain == NULL ? "" : " rdomain ",
2232	addr, port, laddr2);	2308	la->rdomain == NULL ? "" : la->rdomain,
2233	else	2309	laddr2);
2234	xasprintf(&laddr1, "listenaddress %s:%s\n%s",
2235	addr, port, laddr2);
2236	free(laddr2);
2237	}	2310	}
		2311	free(laddr2);
		2312	}
		2313	return laddr1;
		2314	}
		2315
		2316	void
		2317	dump_config(ServerOptions *o)
		2318	{
		2319	char *s;
		2320	u_int i;
		2321
		2322	/* these are usually at the top of the config */
		2323	for (i = 0; i < o->num_ports; i++)
		2324	printf("port %d\n", o->ports[i]);
		2325	dump_cfg_fmtint(sAddressFamily, o->address_family);
		2326
		2327	for (i = 0; i < o->num_listen_addrs; i++) {
		2328	s = format_listen_addrs(&o->listen_addrs[i]);
		2329	printf("%s", s);
		2330	free(s);
2238	}	2331	}
2239	printf("%s", laddr1);
2240	free(laddr1);
2241		2332
2242	/* integer arguments */	2333	/* integer arguments */
2243	dump_cfg_int(sLoginGraceTime, o->login_grace_time);	2334	dump_cfg_int(sLoginGraceTime, o->login_grace_time);




struct ssh;
struct fwd_perm_list;

/*
 * Used to store addresses from ListenAddr directives. These may be
 * incomplete, as they may specify addresses that need to be merged
 * with any ports requested by ListenPort.
 */
struct queued_listenaddr {
	char *addr;
	int port; /* <=0 if unspecified */
	char *rdomain;
};

/* Resolved listen addresses, grouped by optional routing domain */
struct listenaddr {
	char *rdomain;
	struct addrinfo *addrs;
};

typedef struct {
	u_int	num_ports;
	u_int	ports_from_cmdline;
	int	ports[MAX_PORTS];	/* Port number to listen on. */
	struct queued_listenaddr *queued_listen_addrs;
	u_int	num_queued_listens;
	struct listenaddr *listen_addrs;
	u_int	num_listen_addrs;
	struct addrinfo *listen_addrs;	/* Addresses for server to listen. */
	int	address_family;		/* Address family used by the server. */

	char   **host_key_files;	/* Files containing host keys. */




 * Listen for TCP connections
 */
static void
listen_on_addrs(struct listenaddr *la)
{
	int ret, listen_sock;
	struct addrinfo *ai;
	char ntop[NI_MAXHOST], strport[NI_MAXSERV];

	for (ai = la->addrs; ai; ai = ai->ai_next) {
		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
			continue;
		if (num_listen_socks >= MAX_LISTEN_SOCKS)

			close(listen_sock);
			continue;
		}
		/* Socket options */
		set_reuseaddr(listen_sock);
		if (la->rdomain != NULL &&
		    set_rdomain(listen_sock, la->rdomain) == -1) {
			close(listen_sock);
			continue;
		}

		debug("Bind to port %s on %s.", strport, ntop);


		if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0)
			fatal("listen on [%s]:%s: %.100s",
			    ntop, strport, strerror(errno));
		logit("Server listening on %s port %s%s%s.",
		    ntop, strport,
		    la->rdomain == NULL ? "" : " rdomain ",
		    la->rdomain == NULL ? "" : la->rdomain);
	}
}

static void
server_listen(void)
{
	u_int i;

	for (i = 0; i < options.num_listen_addrs; i++) {
		listen_on_addrs(&options.listen_addrs[i]);
		freeaddrinfo(options.listen_addrs[i].addrs);
		free(options.listen_addrs[i].rdomain);
		memset(&options.listen_addrs[i], 0,
		    sizeof(options.listen_addrs[i]));
	}
	free(options.listen_addrs);
	options.listen_addrs = NULL;
	options.num_listen_addrs = 0;

	if (!num_listen_socks)
		fatal("Cannot bind any address.");




.It
.Cm ListenAddress
.Sm off
.Ar hostname | Ar address
.Sm on
.Oo rdomain Ar domain Oc
.It
.Cm ListenAddress
.Sm off
.Ar hostname : Ar port
.Sm on
.Oo rdomain Ar domain Oc
.It
.Cm ListenAddress
.Sm off
.Ar IPv4_address : Ar port
.Sm on
.Oo rdomain Ar domain Oc
.It
.Cm ListenAddress
.Sm off
.Oo
.Ar hostname | address Oc : Ar port
.Sm on
.Oo rdomain Ar domain Oc
.El
.Pp
The optional
.Cm rdomain
qualifier requests
.Xr sshd 8
listen in an explicit routing domain.
If
.Ar port
is not specified,
sshd will listen on the address and all
.Cm Port
options specified.
The default is to listen on all local addresses on the current default
routing domain.
Multiple
.Cm ListenAddress
options are permitted.
For more information on routing domains, see
.Xr rdomain 4.
.It Cm LoginGraceTime
The server disconnects after this time if the user has not
successfully logged in.
- 

Return to bug 2784

Lines 1658-1676 port_open_helper(struct ssh ssh, Channel c, char *rtype) Link Here

(-)a/channels.c (-15 / +2 lines)
1658	free(local_ipaddr);	1658	free(local_ipaddr);
1659	}	1659	}
1660		1660
1661	static void
1662	channel_set_reuseaddr(int fd)
1663	{
1664	int on = 1;
1665
1666	/*
1667	* Set socket options.
1668	* Allow local port reuse in TIME_WAIT.
1669	*/
1670	if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1)
1671	error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno));
1672	}
1673
1674	void	1661	void
1675	channel_set_x11_refuse_time(struct ssh *ssh, u_int refuse_time)	1662	channel_set_x11_refuse_time(struct ssh *ssh, u_int refuse_time)
1676	{	1663	{
Lines 3337-3343 channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, Link Here
3337	continue;	3324	continue;
3338	}	3325	}
3339		3326
3340	channel_set_reuseaddr(sock);	3327	set_reuseaddr(sock);
3341		3328
3342	debug("Local forwarding listening on %s port %s.",	3329	debug("Local forwarding listening on %s port %s.",
3343	ntop, strport);	3330	ntop, strport);
Lines 4389-4395 x11_create_display_inet(struct ssh *ssh, int x11_display_offset, Link Here
4389	freeaddrinfo(aitop);	4376	freeaddrinfo(aitop);
4390	return -1;	4377	return -1;
4391	}	4378	}
4392	channel_set_reuseaddr(sock);	4379	set_reuseaddr(sock);
4393	if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {	4380	if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
4394	debug2("%s: bind port %d: %.100s", __func__,	4381	debug2("%s: bind port %d: %.100s", __func__,
4395	port, strerror(errno));	4382	port, strerror(errno));

Lines 962-974 server_accept_inetd(int sock_in, int sock_out) Link Here

(-)a/sshd.c (-12 / +31 lines)
962	* Listen for TCP connections	962	* Listen for TCP connections
963	*/	963	*/
964	static void	964	static void
965	server_listen(void)	965	listen_on_addrs(struct listenaddr *la)
966	{	966	{
967	int ret, listen_sock, on = 1;	967	int ret, listen_sock;
968	struct addrinfo *ai;	968	struct addrinfo *ai;
969	char ntop[NI_MAXHOST], strport[NI_MAXSERV];	969	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
970		970
971	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {	971	for (ai = la->addrs; ai; ai = ai->ai_next) {
972	if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)	972	if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
973	continue;	973	continue;
974	if (num_listen_socks >= MAX_LISTEN_SOCKS)	974	if (num_listen_socks >= MAX_LISTEN_SOCKS)
Lines 998-1010 server_listen(void) Link Here
998	close(listen_sock);	998	close(listen_sock);
999	continue;	999	continue;
1000	}	1000	}
1001	/*	1001	/* Socket options */
1002	* Set socket options.	1002	set_reuseaddr(listen_sock);
1003	* Allow local port reuse in TIME_WAIT.	1003	if (la->rdomain != NULL &&
1004	*/	1004	set_rdomain(listen_sock, la->rdomain) == -1) {
1005	if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,	1005	close(listen_sock);
1006	&on, sizeof(on)) == -1)	1006	continue;
1007	error("setsockopt SO_REUSEADDR: %s", strerror(errno));	1007	}
1008		1008
1009	debug("Bind to port %s on %s.", strport, ntop);	1009	debug("Bind to port %s on %s.", strport, ntop);
1010		1010
Lines 1022-1030 server_listen(void) Link Here
1022	if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0)	1022	if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0)
1023	fatal("listen on [%s]:%s: %.100s",	1023	fatal("listen on [%s]:%s: %.100s",
1024	ntop, strport, strerror(errno));	1024	ntop, strport, strerror(errno));
1025	logit("Server listening on %s port %s.", ntop, strport);	1025	logit("Server listening on %s port %s%s%s.",
		1026	ntop, strport,
		1027	la->rdomain == NULL ? "" : " rdomain ",
		1028	la->rdomain == NULL ? "" : la->rdomain);
1026	}	1029	}
1027	freeaddrinfo(options.listen_addrs);	1030	}
		1031
		1032	static void
		1033	server_listen(void)
		1034	{
		1035	u_int i;
		1036
		1037	for (i = 0; i < options.num_listen_addrs; i++) {
		1038	listen_on_addrs(&options.listen_addrs[i]);
		1039	freeaddrinfo(options.listen_addrs[i].addrs);
		1040	free(options.listen_addrs[i].rdomain);
		1041	memset(&options.listen_addrs[i], 0,
		1042	sizeof(options.listen_addrs[i]));
		1043	}
		1044	free(options.listen_addrs);
		1045	options.listen_addrs = NULL;
		1046	options.num_listen_addrs = 0;
1028		1047
1029	if (!num_listen_socks)	1048	if (!num_listen_socks)
1030	fatal("Cannot bind any address.");	1049	fatal("Cannot bind any address.");

Lines 910-940 The following forms may be used: Link Here

(-)a/sshd_config.5 (-5 / +21 lines)
910	.It	910	.It
911	.Cm ListenAddress	911	.Cm ListenAddress
912	.Sm off	912	.Sm off
913	.Ar host \| Ar IPv4_addr \| Ar IPv6_addr	913	.Ar hostname \| Ar address
914	.Sm on	914	.Sm on
		915	.Oo rdomain Ar domain Oc
915	.It	916	.It
916	.Cm ListenAddress	917	.Cm ListenAddress
917	.Sm off	918	.Sm off
918	.Ar host \| Ar IPv4_addr : Ar port	919	.Ar hostname : Ar port
919	.Sm on	920	.Sm on
		921	.Oo rdomain Ar domain Oc
		922	.It
		923	.Cm ListenAddress
		924	.Sm off
		925	.Ar IPv4_address : Ar port
		926	.Sm on
		927	.Oo rdomain Ar domain Oc
920	.It	928	.It
921	.Cm ListenAddress	929	.Cm ListenAddress
922	.Sm off	930	.Sm off
923	.Oo	931	.Oo
924	.Ar host \| Ar IPv6_addr Oc : Ar port	932	.Ar hostname \| address Oc : Ar port
925	.Sm on	933	.Sm on
		934	.Oo rdomain Ar domain Oc
926	.El	935	.El
927	.Pp	936	.Pp
		937	The optional
		938	.Cm rdomain
		939	qualifier requests
		940	.Xr sshd 8
		941	listen in an explicit routing domain.
928	If	942	If
929	.Ar port	943	.Ar port
930	is not specified,	944	is not specified,
931	sshd will listen on the address and all	945	sshd will listen on the address and all
932	.Cm Port	946	.Cm Port
933	options specified.	947	options specified.
934	The default is to listen on all local addresses.	948	The default is to listen on all local addresses on the current default
		949	routing domain.
935	Multiple	950	Multiple
936	.Cm ListenAddress	951	.Cm ListenAddress
937	options are permitted.	952	options are permitted.
		953	For more information on routing domains, see
		954	.Xr rdomain 4.
938	.It Cm LoginGraceTime	955	.It Cm LoginGraceTime
939	The server disconnects after this time if the user has not	956	The server disconnects after this time if the user has not
940	successfully logged in.	957	successfully logged in.
941	-

Lines 155-160 set_nodelay(int fd) Link Here

(-)a/misc.c (+38 lines)
155	error("setsockopt TCP_NODELAY: %.100s", strerror(errno));	155	error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
156	}	156	}
157		157
		158	/* Allow local port reuse in TIME_WAIT */
		159	int
		160	set_reuseaddr(int fd)
		161	{
		162	int on = 1;
		163
		164	if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) {
		165	error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno));
		166	return -1;
		167	}
		168	return 0;
		169	}
		170
		171	/* Set routing table */
		172	int
		173	set_rdomain(int fd, const char *name)
		174	{
		175	int rtable;
		176	const char *errstr;
		177
		178	if (name == NULL)
		179	return 0; /* default table */
		180
		181	rtable = (int)strtonum(name, 0, 255, &errstr);
		182	if (errstr != NULL) {
		183	/* Shouldn't happen */
		184	error("Invalid routing domain \"%s\": %s", name, errstr);
		185	return -1;
		186	}
		187	if (setsockopt(fd, SOL_SOCKET, SO_RTABLE,
		188	&rtable, sizeof(rtable)) == -1) {
		189	error("Failed to set routing domain %d on fd %d: %s",
		190	rtable, fd, strerror(errno));
		191	return -1;
		192	}
		193	return 0;
		194	}
		195
158	/* Characters considered whitespace in strsep calls. */	196	/* Characters considered whitespace in strsep calls. */
159	#define WHITESPACE " \t\r\n"	197	#define WHITESPACE " \t\r\n"
160	#define QUOTE "\""	198	#define QUOTE "\""

Lines 51-64 Link Here

(-)a/servconf.h (-3 / +20 lines)
51	struct ssh;	51	struct ssh;
52	struct fwd_perm_list;	52	struct fwd_perm_list;
53		53
		54	/*
		55	* Used to store addresses from ListenAddr directives. These may be
		56	* incomplete, as they may specify addresses that need to be merged
		57	* with any ports requested by ListenPort.
		58	*/
		59	struct queued_listenaddr {
		60	char *addr;
		61	int port; /* <=0 if unspecified */
		62	char *rdomain;
		63	};
		64
		65	/* Resolved listen addresses, grouped by optional routing domain */
		66	struct listenaddr {
		67	char *rdomain;
		68	struct addrinfo *addrs;
		69	};
		70
54	typedef struct {	71	typedef struct {
55	u_int num_ports;	72	u_int num_ports;
56	u_int ports_from_cmdline;	73	u_int ports_from_cmdline;
57	int ports[MAX_PORTS]; /* Port number to listen on. */	74	int ports[MAX_PORTS]; /* Port number to listen on. */
		75	struct queued_listenaddr *queued_listen_addrs;
58	u_int num_queued_listens;	76	u_int num_queued_listens;
59	char **queued_listen_addrs;	77	struct listenaddr *listen_addrs;
60	int *queued_listen_ports;	78	u_int num_listen_addrs;
61	struct addrinfo listen_addrs; / Addresses for server to listen. */
62	int address_family; /* Address family used by the server. */	79	int address_family; /* Address family used by the server. */
63		80
64	char *host_key_files; / Files containing host keys. */	81	char *host_key_files; / Files containing host keys. */