upstream commit

Add optional rdomain qualifier to sshd_config's ListenAddress option to allow listening on a different rdomain(4), e.g. ListenAddress 0.0.0.0 rdomain 4 Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
chuck1182001 · Oct 25, 2017 · acf559e · acf559e
1 parent b9903ee
commit acf559e
Show file tree

Hide file tree

Showing 7 changed files with 283 additions and 108 deletions.
diff --git a/channels.c b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.375 2017/09/24 13:45:34 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.376 2017/10/25 00:15:35 djm Exp $ */
 /*
  * Author: Tatu Ylonen <[email protected]>
  * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
@@ -1668,19 +1668,6 @@ port_open_helper(struct ssh *ssh, Channel *c, char *rtype)
 	free(local_ipaddr);
 }
 
-static void
-channel_set_reuseaddr(int fd)
-{
-	int on = 1;
-
-	/*
-	 * Set socket options.
-	 * Allow local port reuse in TIME_WAIT.
-	 */
-	if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1)
-		error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno));
-}
-
 void
 channel_set_x11_refuse_time(struct ssh *ssh, u_int refuse_time)
 {
@@ -3368,7 +3355,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type,
 			continue;
 		}
 
-		channel_set_reuseaddr(sock);
+		set_reuseaddr(sock);
 		if (ai->ai_family == AF_INET6)
 			sock_set_v6only(sock);
 
@@ -4439,7 +4426,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset,
 			if (ai->ai_family == AF_INET6)
 				sock_set_v6only(sock);
 			if (x11_use_localhost)
-				channel_set_reuseaddr(sock);
+				set_reuseaddr(sock);
 			if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
 				debug2("%s: bind port %d: %.100s", __func__,
 				    port, strerror(errno));

diff --git a/misc.c b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.116 2017/10/24 19:41:45 millert Exp $ */
+/* $OpenBSD: misc.c,v 1.117 2017/10/25 00:15:35 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -167,6 +167,44 @@ set_nodelay(int fd)
 		error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
 }
 
+/* Allow local port reuse in TIME_WAIT */
+int
+set_reuseaddr(int fd)
+{
+	int on = 1;
+
+	if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) {
+		error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno));
+		return -1;
+	}
+	return 0;
+}
+
+/* Set routing table */
+int
+set_rdomain(int fd, const char *name)
+{
+	int rtable;
+	const char *errstr;
+
+	if (name == NULL)
+		return 0; /* default table */
+
+	rtable = (int)strtonum(name, 0, 255, &errstr);
+	if (errstr != NULL) {
+		/* Shouldn't happen */
+		error("Invalid routing domain \"%s\": %s", name, errstr);
+		return -1;
+	}
+	if (setsockopt(fd, SOL_SOCKET, SO_RTABLE,
+	    &rtable, sizeof(rtable)) == -1) {
+		error("Failed to set routing domain %d on fd %d: %s",
+		    rtable, fd, strerror(errno));
+		return -1;
+	}
+	return 0;
+}
+
 /* Characters considered whitespace in strsep calls. */
 #define WHITESPACE " \t\r\n"
 #define QUOTE	"\""

diff --git a/misc.h b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.65 2017/10/23 05:08:00 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.66 2017/10/25 00:15:35 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <[email protected]>
@@ -48,6 +48,8 @@ char	*strdelim(char **);
 int	 set_nonblock(int);
 int	 unset_nonblock(int);
 void	 set_nodelay(int);
+int	 set_reuseaddr(int);
+int	 set_rdomain(int, const char *);
 int	 a2port(const char *);
 int	 a2tun(const char *, int *);
 char	*put_host_port(const char *, u_short);