Bugzilla – Attachment 3078 Details for
Bug 2784
Add native support for routing domains / VRF
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
rdomain support for ssh client
0001-ssh-rdomain-support.patch (text/plain), 5.62 KB, created by
Luca Boccassi
on 2017-10-24 04:12:59 AEDT
(
hide
)
Description:
rdomain support for ssh client
Filename:
MIME Type:
Creator:
Luca Boccassi
Created:
2017-10-24 04:12:59 AEDT
Size:
5.62 KB
patch
obsolete
>From fb1425460d4eb42ae193b73ed686d347dc5b0e46 Mon Sep 17 00:00:00 2001 >From: Luca Boccassi <luca.boccassi@gmail.com> >Date: Mon, 23 Oct 2017 17:41:50 +0100 >Subject: [PATCH 1/2] ssh: rdomain support > >Add support for BSD routing domains to ssh via a new -r command line >option and a RDomain ssh_config file option like for sshd. >--- > readconf.c | 9 ++++++++- > readconf.h | 2 ++ > ssh.1 | 6 ++++++ > ssh.c | 7 +++++-- > ssh_config.5 | 4 ++++ > sshconnect.c | 23 +++++++++++++++++++++++ > 6 files changed, 48 insertions(+), 3 deletions(-) > >diff --git a/readconf.c b/readconf.c >index 63baa7d7..0421aa2d 100644 >--- a/readconf.c >+++ b/readconf.c >@@ -156,7 +156,7 @@ typedef enum { > oPubkeyAuthentication, > oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, > oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, >- oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, >+ oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, oRDomain, > oClearAllForwardings, oNoHostAuthenticationForLocalhost, > oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, > oAddressFamily, oGssAuthentication, oGssDelegateCreds, >@@ -305,6 +305,7 @@ static struct { > { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, > { "ignoreunknown", oIgnoreUnknown }, > { "proxyjump", oProxyJump }, >+ { "rdomain", oRDomain }, > > { NULL, oBadOption } > }; >@@ -1645,6 +1646,10 @@ parse_keytypes: > charptr = &options->identity_agent; > goto parse_string; > >+ case oRDomain: >+ charptr = &options->rdomain; >+ goto parse_string; >+ > case oDeprecated: > debug("%s line %d: Deprecated option \"%s\"", > filename, linenum, keyword); >@@ -1845,6 +1850,7 @@ initialize_options(Options * options) > options->update_hostkeys = -1; > options->hostbased_key_types = NULL; > options->pubkey_key_types = NULL; >+ options->rdomain = NULL; > } > > /* >@@ -2534,6 +2540,7 @@ dump_client_config(Options *o, const char *host) > dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types); > dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); > dump_cfg_string(oXAuthLocation, o->xauth_location); >+ dump_cfg_string(oRDomain, o->rdomain); > > /* Forwards */ > dump_cfg_forwards(oDynamicForward, o->num_local_forwards, o->local_forwards); >diff --git a/readconf.h b/readconf.h >index 34aad83c..a46f871f 100644 >--- a/readconf.h >+++ b/readconf.h >@@ -163,6 +163,8 @@ typedef struct { > int jump_port; > char *jump_extra; > >+ char *rdomain; /* routing domain to bind to */ >+ > char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ > } Options; > >diff --git a/ssh.1 b/ssh.1 >index 093f1770..32dd6b7d 100644 >--- a/ssh.1 >+++ b/ssh.1 >@@ -45,6 +45,7 @@ > .Bk -words > .Op Fl 46AaCfGgKkMNnqsTtVvXxYy > .Op Fl b Ar bind_address >+.Op Fl r Ar routing_domain > .Op Fl c Ar cipher_spec > .Op Fl D Oo Ar bind_address : Oc Ns Ar port > .Op Fl E Ar log_file >@@ -650,6 +651,11 @@ When used together with > .Ic -O forward > the allocated port will be printed to the standard output. > .Pp >+.It Fl r Ar routing_domain >+Specifies an explicit routing domain that is applied to the connection. >+The user session will be bound to this >+.Xr rdomain 4 . >+.Pp > .It Fl S Ar ctl_path > Specifies the location of a control socket for connection sharing, > or the string >diff --git a/ssh.c b/ssh.c >index 74056985..7ebd8a1e 100644 >--- a/ssh.c >+++ b/ssh.c >@@ -201,7 +201,7 @@ static void > usage(void) > { > fprintf(stderr, >-"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" >+"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-r routing_domain] [-c cipher_spec]\n" > " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" > " [-F configfile] [-I pkcs11] [-i identity_file]\n" > " [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]\n" >@@ -614,7 +614,7 @@ main(int ac, char **av) > argv0 = av[0]; > > again: >- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" >+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qr:stvx" > "ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { > switch (opt) { > case '1': >@@ -925,6 +925,9 @@ main(int ac, char **av) > case 'b': > options.bind_address = optarg; > break; >+ case 'r': >+ options.rdomain = optarg; >+ break; > case 'F': > config = optarg; > break; >diff --git a/ssh_config.5 b/ssh_config.5 >index 4d3fc342..252dfb36 100644 >--- a/ssh_config.5 >+++ b/ssh_config.5 >@@ -1261,6 +1261,10 @@ The argument to this keyword must be > (the default) > or > .Cm no . >+.It Cm RDomain >+Specifies an explicit routing domain that is applied to the connection. >+The user session will be bound to this >+.Xr rdomain 4 . > .It Cm RekeyLimit > Specifies the maximum amount of data that may be transmitted before the > session key is renegotiated, optionally followed a maximum amount of >diff --git a/sshconnect.c b/sshconnect.c >index dc7a704d..9d39e28a 100644 >--- a/sshconnect.c >+++ b/sshconnect.c >@@ -286,6 +286,29 @@ ssh_create_socket(int privileged, struct addrinfo *ai) > } > fcntl(sock, F_SETFD, FD_CLOEXEC); > >+ if (options.rdomain != NULL) { >+ int rtable; >+ const char *errstr; >+ >+ rtable = (int)strtonum(options.rdomain, 0, 255, &errstr); >+ if (errstr != NULL) { >+ /* Shouldn't happen */ >+ error("Invalid routing domain \"%s\": %s", >+ options.rdomain, errstr); >+ close(sock); >+ return -1; >+ } >+ if (setsockopt(sock, SOL_SOCKET, SO_RTABLE, >+ &rtable, sizeof(rtable)) == -1) { >+ error("Failed to set routing domain %d on fd %d: %s", >+ rtable, sock, strerror(errno)); >+ close(sock); >+ return -1; >+ } >+ debug("Bound to routing domain: %d", rtable); >+ } >+ >+ > /* Bind the socket to an alternative local IP address */ > if (options.bind_address == NULL && !privileged) > return sock; >-- >2.11.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3078">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2784
:
3061
|
3064
|
3070
|
3071
|
3072
|
3075
|
3076
|
3077
|
3078
|
3079
|
3080
|
3081
|
3082