Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / d27b947178df3689bfb7fdfb62a5f1337ef73481^! / . / serverloop.c
commitd27b947178df3689bfb7fdfb62a5f1337ef73481[log] [tgz]
authorDamien Miller <djm@mindrot.org>Tue Dec 13 19:29:02 2005 +1100
committerDamien Miller <djm@mindrot.org>Tue Dec 13 19:29:02 2005 +1100
treec8678325c355b3602bdabca16da1baa8707818eb
parent6dbdb6afeec1820b2799c2693fc8e8b364be8228 [diff] [blame]
   - reyk@cvs.openbsd.org 2005/12/06 22:38:28
     [auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others

diff --git a/serverloop.c b/serverloop.c
index 03376ba..199f769 100644
--- a/serverloop.c
+++ b/serverloop.c

@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.121 2005/10/31 11:48:29 djm Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.122 2005/12/06 22:38:27 reyk Exp $");
 
 #include "xmalloc.h"
 #include "packet.h"
@@ -914,6 +914,36 @@
 }
 
 static Channel *
+server_request_tun(void)
+{
+	Channel *c = NULL;
+	int sock, tun;
+
+	if (!options.permit_tun) {
+		packet_send_debug("Server has disabled tunnel device forwarding.");
+		return NULL;
+	}
+
+	tun = packet_get_int();
+	if (forced_tun_device != -1) {
+	 	if (tun != -1 && forced_tun_device != tun)
+			goto done;
+		tun = forced_tun_device;
+	}
+	sock = tun_open(tun);
+	if (sock < 0)
+		goto done;
+	c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
+	    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
+	c->datagram = 1;
+
+ done:
+	if (c == NULL)
+		packet_send_debug("Failed to open the tunnel device.");
+	return c;
+}
+
+static Channel *
 server_request_session(void)
 {
 	Channel *c;
@@ -958,6 +988,8 @@
 		c = server_request_session();
 	} else if (strcmp(ctype, "direct-tcpip") == 0) {
 		c = server_request_direct_tcpip();
+	} else if (strcmp(ctype, "tun@openssh.com") == 0) {
+		c = server_request_tun();
 	}
 	if (c != NULL) {
 		debug("server_input_channel_open: confirm %s", ctype);