unsigned sport, dport;
char *saddr, *daddr;
struct ssh_rportfwd *remote;
+ int addressfamily;
void *local;
};
#define free_portfwd(pf) ( \
unsigned long incoming_data_size, outgoing_data_size, deferred_data_size;
unsigned long max_data_size;
int kex_in_progress;
- long next_rekey;
+ long next_rekey, last_rekey;
};
#define logevent(s) logevent(ssh->frontend, s)
/*
* Try to find host.
*/
- logeventf(ssh, "Looking up host \"%s\"", host);
- addr = name_lookup(host, port, realhost, &ssh->cfg);
+ logeventf(ssh, "Looking up host \"%s\"%s", host,
+ (ssh->cfg.addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" :
+ (ssh->cfg.addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : "")));
+ addr = name_lookup(host, port, realhost, &ssh->cfg,
+ ssh->cfg.addressfamily);
if ((err = sk_addr_error(addr)) != NULL) {
sk_addr_free(addr);
return err;
static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)
{
- char type;
+ char address_family, type;
int n;
int sport,dport,sserv,dserv;
char sports[256], dports[256], saddr[256], host[256];
}
while (*portfwd_strptr) {
- type = *portfwd_strptr++;
+ address_family = 'A';
+ type = 'L';
+ while (*portfwd_strptr && *portfwd_strptr != '\t') {
+ if (*portfwd_strptr == 'A' ||
+ *portfwd_strptr == '4' ||
+ *portfwd_strptr == '6')
+ address_family = *portfwd_strptr;
+ else if (*portfwd_strptr == 'L' ||
+ *portfwd_strptr == 'R' ||
+ *portfwd_strptr == 'D')
+ type = *portfwd_strptr;
+ portfwd_strptr++;
+ }
+
saddr[0] = '\0';
+
n = 0;
while (*portfwd_strptr && *portfwd_strptr != '\t') {
if (*portfwd_strptr == ':') {
pfrec->dport = dport;
pfrec->local = NULL;
pfrec->remote = NULL;
+ pfrec->addressfamily = (address_family == '4' ? ADDRTYPE_IPV4 :
+ address_family == '6' ? ADDRTYPE_IPV6 :
+ ADDRTYPE_UNSPEC);
epfrec = add234(ssh->portfwds, pfrec);
if (epfrec != pfrec) {
const char *err = pfd_addforward(host, dport,
*saddr ? saddr : NULL,
sport, ssh, &ssh->cfg,
- &pfrec->local);
- if (err) {
- logeventf(ssh, "Local port %s forward to %s"
- " failed: %s", sportdesc, dportdesc, err);
- } else {
- logeventf(ssh, "Local port %s forwarding to %s",
- sportdesc, dportdesc);
- }
+ &pfrec->local,
+ pfrec->addressfamily);
+
+ logeventf(ssh, "Local %sport %s forward to %s%s%s",
+ pfrec->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
+ pfrec->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
+ sportdesc, dportdesc,
+ err ? " failed: " : "", err);
+
sfree(dportdesc);
} else if (type == 'D') {
const char *err = pfd_addforward(NULL, -1,
*saddr ? saddr : NULL,
sport, ssh, &ssh->cfg,
- &pfrec->local);
- if (err) {
- logeventf(ssh, "Local port %s SOCKS dynamic forward"
- " setup failed: %s", sportdesc, err);
- } else {
- logeventf(ssh, "Local port %s doing SOCKS"
- " dynamic forwarding", sportdesc);
- }
+ &pfrec->local,
+ pfrec->addressfamily);
+
+ logeventf(ssh, "Local %sport %s SOCKS dynamic forward%s%s",
+ pfrec->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
+ pfrec->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
+ sportdesc,
+ err ? " setup failed: " : "", err);
} else {
struct ssh_rportfwd *pf;
/* Remote side is trying to open a channel to talk to a
* forwarded port. Give them back a local channel number. */
struct ssh_channel *c;
- struct ssh_rportfwd pf;
+ struct ssh_rportfwd pf, *pfp;
int remoteid;
int hostsize, port;
char *host, buf[1024];
memcpy(pf.dhost, host, hostsize);
pf.dhost[hostsize] = '\0';
pf.dport = port;
+ pfp = find234(ssh->rportfwds, &pf, NULL);
- if (find234(ssh->rportfwds, &pf, NULL) == NULL) {
+ if (pfp == NULL) {
sprintf(buf, "Rejected remote port open request for %s:%d",
pf.dhost, port);
logevent(buf);
pf.dhost, port);
logevent(buf);
e = pfd_newconnect(&c->u.pfd.s, pf.dhost, port,
- c, &ssh->cfg);
+ c, &ssh->cfg, pfp->pfrec->addressfamily);
if (e != NULL) {
char buf[256];
sprintf(buf, "Port open failed: %s", e);
/* Data sent down one of our channels. */
int i = ssh_pkt_getuint32(pktin);
char *p;
- int len;
+ unsigned int len;
struct ssh_channel *c;
ssh_pkt_getstring(pktin, &p, &len);
/* Data for an agent message. Buffer it. */
while (len > 0) {
if (c->u.a.lensofar < 4) {
- int l = min(4 - c->u.a.lensofar, len);
+ unsigned int l = min(4 - c->u.a.lensofar, len);
memcpy(c->u.a.msglen + c->u.a.lensofar, p,
l);
p += l;
memcpy(c->u.a.message, c->u.a.msglen, 4);
}
if (c->u.a.lensofar >= 4 && len > 0) {
- int l =
+ unsigned int l =
min(c->u.a.totallen - c->u.a.lensofar,
len);
memcpy(c->u.a.message + c->u.a.lensofar, p,
* Key exchange is over. Schedule a timer for our next rekey.
*/
ssh->kex_in_progress = FALSE;
+ ssh->last_rekey = GETTICKCOUNT();
if (ssh->cfg.ssh_rekey_time != 0)
ssh->next_rekey = schedule_timer(ssh->cfg.ssh_rekey_time*60*TICKSPERSEC,
ssh2_timer, ssh);
static void ssh2_msg_channel_data(Ssh ssh, struct Packet *pktin)
{
char *data;
- int length;
+ unsigned int length;
unsigned i = ssh_pkt_getuint32(pktin);
struct ssh_channel *c;
c = find234(ssh->channels, &i, ssh_channelfind);
case CHAN_AGENT:
while (length > 0) {
if (c->u.a.lensofar < 4) {
- int l = min(4 - c->u.a.lensofar, length);
+ unsigned int l = min(4 - c->u.a.lensofar, length);
memcpy(c->u.a.msglen + c->u.a.lensofar,
data, l);
data += l;
memcpy(c->u.a.message, c->u.a.msglen, 4);
}
if (c->u.a.lensofar >= 4 && length > 0) {
- int l =
+ unsigned int l =
min(c->u.a.totallen - c->u.a.lensofar,
length);
memcpy(c->u.a.message + c->u.a.lensofar,
const char *e = pfd_newconnect(&c->u.pfd.s,
realpf->dhost,
realpf->dport, c,
- &ssh->cfg);
+ &ssh->cfg,
+ realpf->pfrec->addressfamily);
logeventf(ssh, "Attempting to forward remote port to "
"%s:%d", realpf->dhost, realpf->dport);
if (e != NULL) {
{
Ssh ssh = (Ssh)ctx;
- if (!ssh->kex_in_progress &&
+ if (!ssh->kex_in_progress && ssh->cfg.ssh_rekey_time != 0 &&
now - ssh->next_rekey >= 0) {
do_ssh2_transport(ssh, "Initiating key re-exchange (timeout)",
-1, NULL);
ssh->channels = NULL;
ssh->rportfwds = NULL;
+ ssh->portfwds = NULL;
ssh->send_ok = 0;
ssh->editing = 0;
static void ssh_reconfig(void *handle, Config *cfg)
{
Ssh ssh = (Ssh) handle;
+ char *rekeying = NULL;
+ unsigned long old_max_data_size;
+
pinger_reconfig(ssh->pinger, &ssh->cfg, cfg);
ssh_setup_portfwd(ssh, cfg);
+
+ if (ssh->cfg.ssh_rekey_time != cfg->ssh_rekey_time &&
+ cfg->ssh_rekey_time != 0) {
+ long new_next = ssh->last_rekey + cfg->ssh_rekey_time*60*TICKSPERSEC;
+ long now = GETTICKCOUNT();
+
+ if (new_next - now < 0) {
+ rekeying = "Initiating key re-exchange (timeout shortened)";
+ } else {
+ ssh->next_rekey = schedule_timer(new_next - now, ssh2_timer, ssh);
+ }
+ }
+
+ old_max_data_size = ssh->max_data_size;
+ ssh->max_data_size = parse_blocksize(cfg->ssh_rekey_data);
+ if (old_max_data_size != ssh->max_data_size &&
+ ssh->max_data_size != 0) {
+ if (ssh->outgoing_data_size > ssh->max_data_size ||
+ ssh->incoming_data_size > ssh->max_data_size)
+ rekeying = "Initiating key re-exchange (data limit lowered)";
+ }
+
+ if (rekeying && !ssh->kex_in_progress) {
+ do_ssh2_transport(ssh, rekeying, -1, NULL);
+ }
+
ssh->cfg = *cfg; /* STRUCTURE COPY */
}
PKT_INT, c->localid,
PKT_STR, hostname,
PKT_INT, port,
- //PKT_STR, <org:orgport>,
+ /* PKT_STR, <org:orgport>, */
PKT_END);
} else {
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
}
/*
+ * cfg_info for SSH is the currently running version of the
+ * protocol. (1 for 1; 2 for 2; 0 for not-decided-yet.)
+ */
+static int ssh_cfg_info(void *handle)
+{
+ Ssh ssh = (Ssh) handle;
+ return ssh->version;
+}
+
+/*
* Gross hack: pscp will try to start SFTP but fall back to scp1 if
* that fails. This variable is the means by which scp.c can reach
* into the SSH code and find out which one it got.
ssh_provide_ldisc,
ssh_provide_logctx,
ssh_unthrottle,
+ ssh_cfg_info,
22
};