diff options
| author |   reyk <reyk@openbsd.org> | 2005-12-06 22:38:27 +0000 |
|---|---|---|
| committer | reyk <reyk@openbsd.org> | 2005-12-06 22:38:27 +0000 |
| commit | a7fea580ec3fb14761466dad6f7721314ad6c499 (patch) | |
| tree | 58020ec93411472077b43fd3e14a478afcdf6080 /usr.bin/ssh/serverloop.c | |
| parent | avoid variable aliasing (diff) | |
| download | wireguard-openbsd-a7fea580ec3fb14761466dad6f7721314ad6c499.tar.xz wireguard-openbsd-a7fea580ec3fb14761466dad6f7721314ad6c499.zip | |
Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
Diffstat (limited to 'usr.bin/ssh/serverloop.c')
| -rw-r--r-- | usr.bin/ssh/serverloop.c | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index f31baaadc79..651ba0a3fc9 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.121 2005/10/31 11:48:29 djm Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.122 2005/12/06 22:38:27 reyk Exp $"); #include "xmalloc.h" #include "packet.h" @@ -912,6 +912,36 @@ server_request_direct_tcpip(void) } static Channel * +server_request_tun(void) +{ + Channel *c = NULL; + int sock, tun; + + if (!options.permit_tun) { + packet_send_debug("Server has disabled tunnel device forwarding."); + return NULL; + } + + tun = packet_get_int(); + if (forced_tun_device != -1) { + if (tun != -1 && forced_tun_device != tun) + goto done; + tun = forced_tun_device; + } + sock = tun_open(tun); + if (sock < 0) + goto done; + c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); + c->datagram = 1; + + done: + if (c == NULL) + packet_send_debug("Failed to open the tunnel device."); + return c; +} + +static Channel * server_request_session(void) { Channel *c; @@ -956,6 +986,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) c = server_request_session(); } else if (strcmp(ctype, "direct-tcpip") == 0) { c = server_request_direct_tcpip(); + } else if (strcmp(ctype, "tun@openssh.com") == 0) { + c = server_request_tun(); } if (c != NULL) { debug("server_input_channel_open: confirm %s", ctype); |