diff options
author | Reyk Floeter <reyk@cvs.openbsd.org> | 2005-12-08 18:34:12 +0000 |
---|---|---|
committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2005-12-08 18:34:12 +0000 |
commit | 71e9c1668d8823e2153147c31d4d55045ff4112c (patch) | |
tree | 4add4b6e62b561c08001e9bd96fed4da3229880c /usr.bin/ssh/serverloop.c | |
parent | b0e765b15c8ba03873c4d8f9a97dc1bc518b24f2 (diff) |
two changes to the new ssh tunnel support. this breaks compatibility
with the initial commit but is required for a portable approach.
- make the tunnel id u_int and platform friendly, use predefined types.
- support configuration of layer 2 (ethernet) or layer 3
(point-to-point, default) modes. configuration is done using the
Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
in sshd_config(5).
ok djm@, man page bits by jmc@
Diffstat (limited to 'usr.bin/ssh/serverloop.c')
-rw-r--r-- | usr.bin/ssh/serverloop.c | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index 651ba0a3fc9..d0130b088a8 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.122 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.123 2005/12/08 18:34:11 reyk Exp $"); #include "xmalloc.h" #include "packet.h" @@ -915,20 +915,31 @@ static Channel * server_request_tun(void) { Channel *c = NULL; - int sock, tun; + int mode, tun; + int sock; - if (!options.permit_tun) { - packet_send_debug("Server has disabled tunnel device forwarding."); + mode = packet_get_int(); + switch (mode) { + case SSH_TUNMODE_POINTOPOINT: + case SSH_TUNMODE_ETHERNET: + break; + default: + packet_send_debug("Unsupported tunnel device mode."); + return NULL; + } + if ((options.permit_tun & mode) == 0) { + packet_send_debug("Server has rejected tunnel device " + "forwarding"); return NULL; } tun = packet_get_int(); - if (forced_tun_device != -1) { - if (tun != -1 && forced_tun_device != tun) + if (forced_tun_device != SSH_TUNID_ANY) { + if (tun != SSH_TUNID_ANY && forced_tun_device != tun) goto done; tun = forced_tun_device; } - sock = tun_open(tun); + sock = tun_open(tun, mode); if (sock < 0) goto done; c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, |