- dtucker@cvs.openbsd.org 2010/01/09 23:04:13

[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
     ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
     readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
     Remove RoutingDomain from ssh since it's now not needed.  It can be
     replaced with "route exec" or "nc -V" as a proxycommand.  "route exec"
     also ensures that trafic such as DNS lookups stays withing the specified
     routingdomain.  For example (from reyk):
     # route -T 2 exec /usr/sbin/sshd
     or inherited from the parent process
     $ route -T 2 exec sh
     $ ssh 10.1.2.3
     ok deraadt@ markus@ stevesk@ reyk@

ChangeLog

@@ -1,6 +1,19 @@
 20091210
  - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]
    Remove hacks add for RoutingDomain in preparation for its removal.
+   - dtucker@cvs.openbsd.org 2010/01/09 23:04:13
+     [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
+     ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
+     readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
+     Remove RoutingDomain from ssh since it's now not needed.  It can be
+     replaced with "route exec" or "nc -V" as a proxycommand.  "route exec"
+     also ensures that trafic such as DNS lookups stays withing the specified
+     routingdomain.  For example (from reyk):
+     # route -T 2 exec /usr/sbin/sshd
+     or inherited from the parent process
+     $ route -T 2 exec sh
+     $ ssh 10.1.2.3
+     ok deraadt@ markus@ stevesk@ reyk@
 
 20091209
  - (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don't

channels.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.299 2009/11/11 21:37:03 markus Exp $ */
+/* $OpenBSD: channels.c,v 1.300 2010/01/09 23:04:13 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -163,9 +163,6 @@ static u_int x11_fake_data_len;
 /* AF_UNSPEC or AF_INET or AF_INET6 */
 static int IPv4or6 = AF_UNSPEC;
 
-/* Set the routing domain a.k.a. VRF */
-static int channel_rdomain = -1;
-
 /* helper */
 static void port_open_helper(Channel *c, char *rtype);
 
@@ -2466,12 +2463,6 @@ channel_set_af(int af)
 	IPv4or6 = af;
 }
 
-void
-channel_set_rdomain(int rdomain)
-{
-	channel_rdomain = rdomain;
-}
-
 static int
 channel_setup_fwd_listener(int type, const char *listen_addr,
     u_short listen_port, int *allocated_listen_port,
@@ -2580,8 +2571,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr,
 			continue;
 		}
 		/* Create a port to listen for the host. */
-		sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
+		sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-		    ai->ai_protocol, channel_rdomain);
 		if (sock < 0) {
 			/* this is no error since kernel may not support ipv6 */
 			verbose("socket: %.100s", strerror(errno));
@@ -2922,9 +2912,8 @@ connect_next(struct channel_connect *cctx)
 			error("connect_next: getnameinfo failed");
 			continue;
 		}
-		if ((sock = socket_rdomain(cctx->ai->ai_family,
+		if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype,
-		    cctx->ai->ai_socktype, cctx->ai->ai_protocol,
+		    cctx->ai->ai_protocol)) == -1) {
-		    channel_rdomain)) == -1) {
 			if (cctx->ai->ai_next == NULL)
 				error("socket: %.100s", strerror(errno));
 			else
@@ -3110,8 +3099,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
 		for (ai = aitop; ai; ai = ai->ai_next) {
 			if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
 				continue;
-			sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
+			sock = socket(ai->ai_family, ai->ai_socktype,
-			    ai->ai_protocol, channel_rdomain);
+			    ai->ai_protocol);
 			if (sock < 0) {
 				if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) {
 					error("socket: %.100s", strerror(errno));
@@ -3286,8 +3275,7 @@ x11_connect_display(void)
 	}
 	for (ai = aitop; ai; ai = ai->ai_next) {
 		/* Create a socket. */
-		sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
+		sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-		    ai->ai_protocol, channel_rdomain);
 		if (sock < 0) {
 			debug2("socket: %.100s", strerror(errno));
 			continue;

channels.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.100 2009/11/11 21:37:03 markus Exp $ */
+/* $OpenBSD: channels.h,v 1.101 2010/01/09 23:04:13 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -235,7 +235,6 @@ int	 channel_find_open(void);
 
 /* tcp forwarding */
 void	 channel_set_af(int af);
-void	 channel_set_rdomain(int);
 void     channel_permit_all_opens(void);
 void	 channel_add_permitted_opens(char *, int);
 int	 channel_add_adm_permitted_opens(char *, int);

misc.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.74 2009/12/25 19:40:21 stevesk Exp $ */
+/* $OpenBSD: misc.c,v 1.75 2010/01/09 23:04:13 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -151,43 +151,6 @@ set_nodelay(int fd)
 		error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
 }
 
-/* open a socket in the specified routing domain */
-int
-socket_rdomain(int domain, int type, int protocol, int rdomain)
-{
-	int sock, ipproto = IPPROTO_IP;
-
-	if ((sock = socket(domain, type, protocol)) == -1)
-		return (-1);
-
-	if (rdomain == -1)
-		return (sock);
-
-	switch (domain) {
-	case AF_INET6:
-		ipproto = IPPROTO_IPV6;
-		/* FALLTHROUGH */
-	case AF_INET:
-		debug2("socket %d af %d setting rdomain %d",
-		    sock, domain, rdomain);
-		if (setsockopt(sock, ipproto, SO_RDOMAIN, &rdomain,
-		    sizeof(rdomain)) == -1) {
-			debug("setsockopt SO_RDOMAIN: %.100s",
-			    strerror(errno));
-			close(sock);
-			return (-1);
-		}
-		break;
-	default:
-		debug("socket %d af %d does not support rdomain %d",
-		    sock, domain, rdomain);
-		close(sock);
-		return (-1);
-	}
-
-	return (sock);
-}
-
 /* Characters considered whitespace in strsep calls. */
 #define WHITESPACE " \t\r\n"
 #define QUOTE	"\""
@@ -273,18 +236,6 @@ a2port(const char *s)
 	return (int)port;
 }
 
-int
-a2rdomain(const char *s)
-{
-	long long rdomain;
-	const char *errstr;
-
-	rdomain = strtonum(s, 0, RT_TABLEID_MAX, &errstr);
-	if (errstr != NULL)
-		return -1;
-	return (int)rdomain;
-}
-
 int
 a2tun(const char *s, int *remote)
 {

misc.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.40 2009/12/25 19:40:21 stevesk Exp $ */
+/* $OpenBSD: misc.h,v 1.41 2010/01/09 23:04:13 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -23,7 +23,6 @@ int	 set_nonblock(int);
 int	 unset_nonblock(int);
 void	 set_nodelay(int);
 int	 a2port(const char *);
-int	 a2rdomain(const char *);
 int	 a2tun(const char *, int *);
 char	*put_host_port(const char *, u_short);
 char	*hpdelim(char **);
@@ -55,8 +54,6 @@ void	 freeargs(arglist *);
 
 int	 tun_open(int, int);
 
-int	 socket_rdomain(int, int, int, int);
-
 /* Common definitions for ssh tunnel device forwarding */
 #define SSH_TUNMODE_NO		0x00
 #define SSH_TUNMODE_POINTOPOINT	0x01

readconf.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.181 2009/12/29 16:38:41 stevesk Exp $ */
+/* $OpenBSD: readconf.c,v 1.182 2010/01/09 23:04:13 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -130,8 +130,8 @@ typedef enum {
 	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
 	oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
 	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
-	oVisualHostKey, oUseRoaming, oRDomain,
+	oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
-	oZeroKnowledgePasswordAuthentication, oDeprecated, oUnsupported
+	oDeprecated, oUnsupported
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -229,7 +229,6 @@ static struct {
 	{ "permitlocalcommand", oPermitLocalCommand },
 	{ "visualhostkey", oVisualHostKey },
 	{ "useroaming", oUseRoaming },
-	{ "routingdomain", oRDomain },
 #ifdef JPAKE
 	{ "zeroknowledgepasswordauthentication",
 	    oZeroKnowledgePasswordAuthentication },
@@ -920,19 +919,6 @@ parse_int:
 		intptr = &options->use_roaming;
 		goto parse_flag;
 
-	case oRDomain:
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.",
-			    filename, linenum);
-		value = a2rdomain(arg);
-		if (value == -1)
-			fatal("%.200s line %d: Bad rdomain.",
-			    filename, linenum);
-		if (*activep)
-			options->rdomain = value;
-		break;
-
 	case oDeprecated:
 		debug("%s line %d: Deprecated option \"%s\"",
 		    filename, linenum, keyword);
@@ -1083,7 +1069,6 @@ initialize_options(Options * options)
 	options->local_command = NULL;
 	options->permit_local_command = -1;
 	options->use_roaming = -1;
-	options->rdomain = -1;
 	options->visual_host_key = -1;
 	options->zero_knowledge_password_authentication = -1;
 }
@@ -1232,7 +1217,6 @@ fill_default_options(Options * options)
 	/* options->hostname will be set in the main program if appropriate */
 	/* options->host_key_alias should not be set by default */
 	/* options->preferred_authentications will be set in ssh */
-	/* options->rdomain should not be set by default */
 }
 
 /*

readconf.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.80 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: readconf.h,v 1.81 2010/01/09 23:04:13 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -125,8 +125,6 @@ typedef struct {
 
 	int	use_roaming;
 
-	int	rdomain;	/* routing domain a.k.a. VRF */
-
 }       Options;
 
 #define SSHCTL_MASTER_NO	0

scp.1

@@ -9,9 +9,9 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.48 2009/12/29 16:38:41 stevesk Exp $
+.\" $OpenBSD: scp.1,v 1.49 2010/01/09 23:04:13 dtucker Exp $
 .\"
-.Dd $Mdocdate: December 29 2009 $
+.Dd $Mdocdate: January 9 2010 $
 .Dt SCP 1
 .Os
 .Sh NAME
@@ -160,7 +160,6 @@ For full details of the options listed below, and their possible values, see
 .It PubkeyAuthentication
 .It RekeyLimit
 .It RhostsRSAAuthentication
-.It RoutingDomain
 .It RSAAuthentication
 .It SendEnv
 .It ServerAliveInterval

servconf.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.199 2009/12/29 16:38:41 stevesk Exp $ */
+/* $OpenBSD: servconf.c,v 1.200 2010/01/09 23:04:13 dtucker Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -128,7 +128,6 @@ initialize_server_options(ServerOptions *options)
 	options->adm_forced_command = NULL;
 	options->chroot_directory = NULL;
 	options->zero_knowledge_password_authentication = -1;
-	options->rdomain = -1;
 }
 
 void
@@ -305,7 +304,7 @@ typedef enum {
 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
 	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
 	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
-	sUsePrivilegeSeparation, sAllowAgentForwarding, sRDomain,
+	sUsePrivilegeSeparation, sAllowAgentForwarding,
 	sZeroKnowledgePasswordAuthentication,
 	sDeprecated, sUnsupported
 } ServerOpCodes;
@@ -424,7 +423,6 @@ static struct {
 	{ "match", sMatch, SSHCFG_ALL },
 	{ "permitopen", sPermitOpen, SSHCFG_ALL },
 	{ "forcecommand", sForceCommand, SSHCFG_ALL },
-	{ "routingdomain", sRDomain, SSHCFG_GLOBAL },
 	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
 	{ NULL, sBadOption, 0 }
 };
@@ -1296,19 +1294,6 @@ process_server_config_line(ServerOptions *options, char *line,
 			*charptr = xstrdup(arg);
 		break;
 
-	case sRDomain:
-		intptr = &options->rdomain;
-		arg = strdelim(&cp);
-		if (!arg || *arg == '\0')
-			fatal("%s line %d: missing rdomain value.",
-			    filename, linenum);
-		if ((value = a2rdomain(arg)) == -1)
-			fatal("%s line %d: invalid rdomain value.",
-			    filename, linenum);
-		if (*intptr == -1)
-			*intptr = value;
-		break;
-
 	case sDeprecated:
 		logit("%s line %d: Deprecated option %s",
 		    filename, linenum, arg);
@@ -1585,7 +1570,6 @@ dump_config(ServerOptions *o)
 	dump_cfg_int(sMaxSessions, o->max_sessions);
 	dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
 	dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
-	dump_cfg_int(sRDomain, o->rdomain);
 
 	/* formatted integer arguments */
 	dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);

servconf.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.88 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: servconf.h,v 1.89 2010/01/09 23:04:13 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -150,8 +150,6 @@ typedef struct {
 
 	int	num_permitted_opens;
 
-	int	rdomain;
-
 	char   *chroot_directory;
 }       ServerOptions;
 

sftp.1

@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.79 2009/12/29 16:38:41 stevesk Exp $
+.\" $OpenBSD: sftp.1,v 1.80 2010/01/09 23:04:13 dtucker Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 29 2009 $
+.Dd $Mdocdate: January 9 2010 $
 .Dt SFTP 1
 .Os
 .Sh NAME
@@ -209,7 +209,6 @@ For full details of the options listed below, and their possible values, see
 .It PubkeyAuthentication
 .It RekeyLimit
 .It RhostsRSAAuthentication
-.It RoutingDomain
 .It RSAAuthentication
 .It SendEnv
 .It ServerAliveInterval

ssh-keyscan.1

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keyscan.1,v 1.27 2009/10/28 16:38:18 reyk Exp $
+.\"	$OpenBSD: ssh-keyscan.1,v 1.28 2010/01/09 23:04:13 dtucker Exp $
 .\"
 .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
 .\"
@@ -6,7 +6,7 @@
 .\" permitted provided that due credit is given to the author and the
 .\" OpenBSD project by leaving this copyright notice intact.
 .\"
-.Dd $Mdocdate: October 28 2009 $
+.Dd $Mdocdate: January 9 2010 $
 .Dt SSH-KEYSCAN 1
 .Os
 .Sh NAME
@@ -20,7 +20,6 @@
 .Op Fl p Ar port
 .Op Fl T Ar timeout
 .Op Fl t Ar type
-.Op Fl V Ar rdomain
 .Op Ar host | addrlist namelist
 .Ar ...
 .Ek
@@ -96,8 +95,6 @@ for protocol version 2.
 Multiple values may be specified by separating them with commas.
 The default is
 .Dq rsa .
-.It Fl V Ar rdomain
-Set the routing domain.
 .It Fl v
 Verbose mode.
 Causes

ssh-keyscan.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.80 2009/12/25 19:40:21 stevesk Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.81 2010/01/09 23:04:13 dtucker Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -68,9 +68,6 @@ int timeout = 5;
 int maxfd;
 #define MAXCON (maxfd - 10)
 
-/* The default routing domain */
-int scan_rdomain = -1;
-
 extern char *__progname;
 fd_set *read_wait;
 size_t read_wait_nfdset;
@@ -415,8 +412,7 @@ tcpconnect(char *host)
 	if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
 		fatal("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr));
 	for (ai = aitop; ai; ai = ai->ai_next) {
-		s = socket_rdomain(ai->ai_family, ai->ai_socktype,
+		s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-		    ai->ai_protocol, scan_rdomain);
 		if (s < 0) {
 			error("socket: %s", strerror(errno));
 			continue;
@@ -719,7 +715,7 @@ usage(void)
 {
 	fprintf(stderr,
 	    "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n"
-	    "\t\t   [-V rdomain] [host | addrlist namelist] ...\n",
+	    "\t\t   [host | addrlist namelist] ...\n",
 	    __progname);
 	exit(1);
 }
@@ -745,7 +741,7 @@ main(int argc, char **argv)
 	if (argc <= 1)
 		usage();
 
-	while ((opt = getopt(argc, argv, "Hv46p:T:t:f:V:")) != -1) {
+	while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) {
 		switch (opt) {
 		case 'H':
 			hash_hosts = 1;
@@ -806,13 +802,6 @@ main(int argc, char **argv)
 		case '6':
 			IPv4or6 = AF_INET6;
 			break;
-		case 'V':
-			scan_rdomain = a2rdomain(optarg);
-			if (scan_rdomain == -1) {
-				fprintf(stderr, "Bad rdomain '%s'\n", optarg);
-				exit(1);
-			}
-			break;
 		case '?':
 		default:
 			usage();

ssh.1

@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.288 2009/12/29 16:38:41 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.289 2010/01/09 23:04:13 dtucker Exp $
-.Dd $Mdocdate: December 29 2009 $
+.Dd $Mdocdate: January 9 2010 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -478,7 +478,6 @@ For full details of the options listed below, and their possible values, see
 .It RekeyLimit
 .It RemoteForward
 .It RhostsRSAAuthentication
-.It RoutingDomain
 .It RSAAuthentication
 .It SendEnv
 .It ServerAliveInterval

ssh.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.329 2009/12/20 07:28:36 guenther Exp $ */
+/* $OpenBSD: ssh.c,v 1.330 2010/01/09 23:04:13 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -630,7 +630,6 @@ main(int ac, char **av)
 	fill_default_options(&options);
 
 	channel_set_af(options.address_family);
-	channel_set_rdomain(options.rdomain);
 
 	/* reinit */
 	log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog);

ssh_config.5

@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.125 2009/12/29 18:03:32 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.126 2010/01/09 23:04:13 dtucker Exp $
-.Dd $Mdocdate: December 29 2009 $
+.Dd $Mdocdate: January 9 2010 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -857,9 +857,6 @@ The default is
 This option applies to protocol version 1 only and requires
 .Xr ssh 1
 to be setuid root.
-.It Cm RoutingDomain
-Set the routing domain number.
-The default routing domain is set by the system.
 .It Cm RSAAuthentication
 Specifies whether to try RSA authentication.
 The argument to this keyword must be

sshconnect.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.216 2009/11/10 04:30:45 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.217 2010/01/09 23:04:13 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -191,8 +191,7 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
 			debug("Allocated local port %d.", p);
 		return sock;
 	}
-	sock = socket_rdomain(ai->ai_family, ai->ai_socktype, ai->ai_protocol,
+	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-	    options.rdomain);
 	if (sock < 0) {
 		error("socket: %.100s", strerror(errno));
 		return -1;

sshd.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.369 2010/01/09 11:17:56 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.370 2010/01/09 23:04:13 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -961,8 +961,8 @@ server_listen(void)
 			continue;
 		}
 		/* Create socket for listening. */
-		listen_sock = socket_rdomain(ai->ai_family, ai->ai_socktype,
+		listen_sock = socket(ai->ai_family, ai->ai_socktype,
-		    ai->ai_protocol, options.rdomain);
+		    ai->ai_protocol);
 		if (listen_sock < 0) {
 			/* kernel may not support ipv6 */
 			verbose("socket: %.100s", strerror(errno));
@@ -1470,9 +1470,8 @@ main(int ac, char **av)
 	if (options.challenge_response_authentication)
 		options.kbd_interactive_authentication = 1;
 
-	/* set default channel AF and routing domain */
+	/* set default channel AF */
 	channel_set_af(options.address_family);
-	channel_set_rdomain(options.rdomain);
 
 	/* Check that there are no remaining arguments. */
 	if (optind < ac) {

sshd_config.5

@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.115 2009/12/29 18:03:32 jmc Exp $
+.\" $OpenBSD: sshd_config.5,v 1.116 2010/01/09 23:04:13 dtucker Exp $
-.Dd $Mdocdate: December 29 2009 $
+.Dd $Mdocdate: January 9 2010 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -812,9 +812,6 @@ with successful RSA host authentication is allowed.
 The default is
 .Dq no .
 This option applies to protocol version 1 only.
-.It Cm RoutingDomain
-Set the routing domain number.
-The default routing domain is set by the system.
 .It Cm RSAAuthentication
 Specifies whether pure RSA authentication is allowed.
 The default is