Bugzilla – Attachment 3081 Details for
Bug 2784
Add native support for routing domains / VRF
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
rdomain support for ssh client local-forward sockets
0002-ssh-add-routing-domain-support-to-local-forwarding.patch (text/plain), 6.95 KB, created by
Luca Boccassi
on 2017-10-28 03:24:28 AEDT
(
hide
)
Description:
rdomain support for ssh client local-forward sockets
Filename:
MIME Type:
Creator:
Luca Boccassi
Created:
2017-10-28 03:24:28 AEDT
Size:
6.95 KB
patch
obsolete
>From 981823b0bda0ba310c4a1c8d32d11ac5aa2eeda9 Mon Sep 17 00:00:00 2001 >From: Luca Boccassi <luca.boccassi@gmail.com> >Date: Fri, 27 Oct 2017 13:12:39 +0100 >Subject: [PATCH 2/3] ssh: add routing domain support to local forwarding > >Add a 5th parameter to the LocalForward config and command line option. >It will be used as a Routing Domain to bind the local socket >--- > channels.c | 10 ++++++++-- > misc.h | 1 + > readconf.c | 22 +++++++++++++++++++--- > ssh.1 | 10 ++++++++++ > ssh.c | 6 +++++- > ssh_config.5 | 4 ++++ > 6 files changed, 47 insertions(+), 6 deletions(-) > >diff --git a/channels.c b/channels.c >index 07dc9577..db0b3829 100644 >--- a/channels.c >+++ b/channels.c >@@ -3358,9 +3358,15 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, > set_reuseaddr(sock); > if (ai->ai_family == AF_INET6) > sock_set_v6only(sock); >+ if (fwd->rdomain != NULL && >+ set_rdomain(sock, fwd->rdomain) == -1) { >+ close(sock); >+ continue; >+ } > >- debug("Local forwarding listening on %s port %s.", >- ntop, strport); >+ debug("Local forwarding listening on %s port %s %s%s.", >+ ntop, strport, fwd->rdomain == NULL ? "" : " rdomain ", >+ fwd->rdomain == NULL ? "" : fwd->rdomain); > > /* Bind the socket to the address. */ > if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { >diff --git a/misc.h b/misc.h >index e2f7fb69..b6af903c 100644 >--- a/misc.h >+++ b/misc.h >@@ -26,6 +26,7 @@ struct Forward { > char *connect_host; /* Host to connect. */ > int connect_port; /* Port to connect on connect_host. */ > char *connect_path; /* Path to connect domain socket. */ >+ char *rdomain; /* Routing Domain to listen in. */ > int allocated_port; /* Dynamically allocated listen port */ > int handle; /* Handle for dynamic listen ports */ > }; >diff --git a/readconf.c b/readconf.c >index 0421aa2d..09fdc4b5 100644 >--- a/readconf.c >+++ b/readconf.c >@@ -341,6 +341,7 @@ add_local_forward(Options *options, const struct Forward *newfwd) > fwd->connect_host = newfwd->connect_host; > fwd->connect_port = newfwd->connect_port; > fwd->connect_path = newfwd->connect_path; >+ fwd->rdomain = newfwd->rdomain; > } > > /* >@@ -370,6 +371,7 @@ add_remote_forward(Options *options, const struct Forward *newfwd) > fwd->connect_host = newfwd->connect_host; > fwd->connect_port = newfwd->connect_port; > fwd->connect_path = newfwd->connect_path; >+ fwd->rdomain = newfwd->rdomain; > fwd->handle = newfwd->handle; > fwd->allocated_port = 0; > } >@@ -384,6 +386,7 @@ clear_forwardings(Options *options) > free(options->local_forwards[i].listen_path); > free(options->local_forwards[i].connect_host); > free(options->local_forwards[i].connect_path); >+ free(options->local_forwards[i].rdomain); > } > if (options->num_local_forwards > 0) { > free(options->local_forwards); >@@ -2129,7 +2132,7 @@ done: > int > parse_forward(struct Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd) > { >- struct fwdarg fwdargs[4]; >+ struct fwdarg fwdargs[5]; > char *p, *cp; > int i; > >@@ -2142,7 +2145,7 @@ parse_forward(struct Forward *fwd, const char *fwdspec, int dynamicfwd, int remo > while (isspace((u_char)*cp)) > cp++; > >- for (i = 0; i < 4; ++i) { >+ for (i = 0; i < 5; ++i) { > if (parse_fwd_field(&cp, &fwdargs[i]) != 0) > break; > } >@@ -2207,6 +2210,14 @@ parse_forward(struct Forward *fwd, const char *fwdspec, int dynamicfwd, int remo > fwd->connect_host = xstrdup(fwdargs[2].arg); > fwd->connect_port = a2port(fwdargs[3].arg); > break; >+ >+ case 5: >+ fwd->listen_host = xstrdup(fwdargs[0].arg); >+ fwd->listen_port = a2port(fwdargs[1].arg); >+ fwd->connect_host = xstrdup(fwdargs[2].arg); >+ fwd->connect_port = a2port(fwdargs[3].arg); >+ fwd->rdomain = xstrdup(fwdargs[4].arg); >+ break; > default: > i = 0; /* failure */ > } >@@ -2217,7 +2228,7 @@ parse_forward(struct Forward *fwd, const char *fwdspec, int dynamicfwd, int remo > if (!(i == 1 || i == 2)) > goto fail_free; > } else { >- if (!(i == 3 || i == 4)) { >+ if (!(i == 3 || i == 4 || i == 5)) { > if (fwd->connect_path == NULL && > fwd->listen_path == NULL) > goto fail_free; >@@ -2242,6 +2253,9 @@ parse_forward(struct Forward *fwd, const char *fwdspec, int dynamicfwd, int remo > if (fwd->listen_path != NULL && > strlen(fwd->listen_path) >= PATH_MAX_SUN) > goto fail_free; >+ if (fwd->rdomain != NULL && >+ !valid_rdomain(fwd->rdomain)) >+ goto fail_free; > > return (i); > >@@ -2254,6 +2268,8 @@ parse_forward(struct Forward *fwd, const char *fwdspec, int dynamicfwd, int remo > fwd->listen_host = NULL; > free(fwd->listen_path); > fwd->listen_path = NULL; >+ free(fwd->rdomain); >+ fwd->rdomain = NULL; > return (0); > } > >diff --git a/ssh.1 b/ssh.1 >index 76683364..a7e8beaa 100644 >--- a/ssh.1 >+++ b/ssh.1 >@@ -323,6 +323,11 @@ Disables forwarding (delegation) of GSSAPI credentials to the server. > .Xc > .It Fl L Xo > .Sm off >+.Ar bind_address : port : host : hostport : routing_domain >+.Sm on >+.Xc >+.It Fl L Xo >+.Sm off > .Oo Ar bind_address : Oc > .Ar port : remote_socket > .Sm on >@@ -374,6 +379,11 @@ empty address or > .Sq * > indicates that the port should be available from all interfaces. > .Pp >+.Ar routing_domain >+can also be specified, which makes the >+.Ar bind_address >+mandatory, to bind the local port in a specific Routing Domain. >+.Pp > .It Fl l Ar login_name > Specifies the user to log in as on the remote machine. > This also may be specified on a per-host basis in the configuration file. >diff --git a/ssh.c b/ssh.c >index 2c0ee674..c92b7043 100644 >--- a/ssh.c >+++ b/ssh.c >@@ -1655,7 +1655,7 @@ ssh_init_forwarding(struct ssh *ssh, char **ifname) > > /* Initiate local TCP/IP port forwardings. */ > for (i = 0; i < options.num_local_forwards; i++) { >- debug("Local connections to %.200s:%d forwarded to remote " >+ debug("Local connections to %.200s:%d%s%s forwarded to remote " > "address %.200s:%d", > (options.local_forwards[i].listen_path != NULL) ? > options.local_forwards[i].listen_path : >@@ -1663,6 +1663,10 @@ ssh_init_forwarding(struct ssh *ssh, char **ifname) > (options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") : > options.local_forwards[i].listen_host, > options.local_forwards[i].listen_port, >+ options.local_forwards[i].rdomain != NULL ? >+ " rdomain " : "", >+ options.local_forwards[i].rdomain != NULL ? >+ options.local_forwards[i].rdomain : "", > (options.local_forwards[i].connect_path != NULL) ? > options.local_forwards[i].connect_path : > options.local_forwards[i].connect_host, >diff --git a/ssh_config.5 b/ssh_config.5 >index cdfcd707..087deb96 100644 >--- a/ssh_config.5 >+++ b/ssh_config.5 >@@ -1068,6 +1068,10 @@ indicates that the listening port be bound for local use only, while an > empty address or > .Sq * > indicates that the port should be available from all interfaces. >+.Ar bind_address : Ns Ar port : Ns Ar host : Ns Ar hostport : Ns Ar routing_domain >+can also be used, which makes the >+.Ar bind_address >+mandatory, to bind the local port in a specific Routing Domain. > .It Cm LogLevel > Gives the verbosity level that is used when logging messages from > .Xr ssh 1 . >-- >2.11.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3081">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2784
:
3061
|
3064
|
3070
|
3071
|
3072
|
3075
|
3076
|
3077
|
3078
|
3079
|
3080
| 3081 |
3082