summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/serverloop.c
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2005-12-08 18:34:12 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2005-12-08 18:34:12 +0000
commit71e9c1668d8823e2153147c31d4d55045ff4112c (patch)
tree4add4b6e62b561c08001e9bd96fed4da3229880c /usr.bin/ssh/serverloop.c
parentb0e765b15c8ba03873c4d8f9a97dc1bc518b24f2 (diff)
two changes to the new ssh tunnel support. this breaks compatibility
with the initial commit but is required for a portable approach. - make the tunnel id u_int and platform friendly, use predefined types. - support configuration of layer 2 (ethernet) or layer 3 (point-to-point, default) modes. configuration is done using the Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option in sshd_config(5). ok djm@, man page bits by jmc@
Diffstat (limited to 'usr.bin/ssh/serverloop.c')
-rw-r--r--usr.bin/ssh/serverloop.c25
1 files changed, 18 insertions, 7 deletions
diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c
index 651ba0a3fc9..d0130b088a8 100644
--- a/usr.bin/ssh/serverloop.c
+++ b/usr.bin/ssh/serverloop.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.122 2005/12/06 22:38:27 reyk Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.123 2005/12/08 18:34:11 reyk Exp $");
#include "xmalloc.h"
#include "packet.h"
@@ -915,20 +915,31 @@ static Channel *
server_request_tun(void)
{
Channel *c = NULL;
- int sock, tun;
+ int mode, tun;
+ int sock;
- if (!options.permit_tun) {
- packet_send_debug("Server has disabled tunnel device forwarding.");
+ mode = packet_get_int();
+ switch (mode) {
+ case SSH_TUNMODE_POINTOPOINT:
+ case SSH_TUNMODE_ETHERNET:
+ break;
+ default:
+ packet_send_debug("Unsupported tunnel device mode.");
+ return NULL;
+ }
+ if ((options.permit_tun & mode) == 0) {
+ packet_send_debug("Server has rejected tunnel device "
+ "forwarding");
return NULL;
}
tun = packet_get_int();
- if (forced_tun_device != -1) {
- if (tun != -1 && forced_tun_device != tun)
+ if (forced_tun_device != SSH_TUNID_ANY) {
+ if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
goto done;
tun = forced_tun_device;
}
- sock = tun_open(tun);
+ sock = tun_open(tun, mode);
if (sock < 0)
goto done;
c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,