- markus@cvs.openbsd.org 2011/09/10 22:26:34

[channels.c channels.h clientloop.c ssh.1]
     support cancellation of local/dynamic forwardings from ~C commandline;
     ok & feedback djm@

ChangeLog

@@ -56,6 +56,10 @@
      support for cancelling local and remote port forwards via the multiplex
      socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
      the cancellation of the specified forwardings; ok markus@
+   - markus@cvs.openbsd.org 2011/09/10 22:26:34
+     [channels.c channels.h clientloop.c ssh.1]
+     support cancellation of local/dynamic forwardings from ~C commandline;
+     ok & feedback djm@
 
 20110909
  - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng.  From

channels.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.312 2011/09/09 22:46:44 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.313 2011/09/10 22:26:34 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2844,7 +2844,7 @@ channel_cancel_rport_listener(const char *host, u_short port)
 
 int
 channel_cancel_lport_listener(const char *lhost, u_short lport,
-    u_short cport, int gateway_ports)
+    int cport, int gateway_ports)
 {
 	u_int i;
 	int found = 0;
@@ -2854,8 +2854,16 @@ channel_cancel_lport_listener(const char *lhost, u_short lport,
 		Channel *c = channels[i];
 		if (c == NULL || c->type != SSH_CHANNEL_PORT_LISTENER)
 			continue;
-		if (c->listening_port != lport || c->host_port != cport)
+		if (c->listening_port != lport)
 			continue;
+		if (cport == CHANNEL_CANCEL_PORT_STATIC) {
+			/* skip dynamic forwardings */
+			if (c->host_port == 0)
+				continue;
+		} else {
+			if (c->host_port != cport)
+				continue;
+		}
 		if ((c->listening_addr == NULL && addr != NULL) ||
 		    (c->listening_addr != NULL && addr == NULL))
 			continue;

channels.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.106 2011/09/09 22:46:44 djm Exp $ */
+/* $OpenBSD: channels.h,v 1.107 2011/09/10 22:26:34 markus Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -57,6 +57,8 @@
 #define SSH_CHANNEL_MUX_CLIENT		16	/* Conn. to mux slave */
 #define SSH_CHANNEL_MAX_TYPE		17
 
+#define CHANNEL_CANCEL_PORT_STATIC	-1
+
 struct Channel;
 typedef struct Channel Channel;
 
@@ -265,7 +267,7 @@ int	 channel_setup_local_fwd_listener(const char *, u_short,
 int	 channel_request_rforward_cancel(const char *host, u_short port);
 int	 channel_setup_remote_fwd_listener(const char *, u_short, int *, int);
 int	 channel_cancel_rport_listener(const char *, u_short);
-int	 channel_cancel_lport_listener(const char *, u_short, u_short, int);
+int	 channel_cancel_lport_listener(const char *, u_short, int, int);
 
 /* x11 forwarding */
 

clientloop.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.236 2011/06/22 22:08:42 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.237 2011/09/10 22:26:34 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -839,9 +839,8 @@ process_cmdline(void)
 {
 	void (*handler)(int);
 	char *s, *cmd, *cancel_host;
-	int delete = 0;
-	int local = 0, remote = 0, dynamic = 0;
-	int cancel_port;
+	int delete = 0, local = 0, remote = 0, dynamic = 0;
+	int cancel_port, ok;
 	Forward fwd;
 
 	bzero(&fwd, sizeof(fwd));
@@ -867,8 +866,12 @@ process_cmdline(void)
 		    "Request remote forward");
 		logit("      -D[bind_address:]port                  "
 		    "Request dynamic forward");
+		logit("      -KL[bind_address:]port                 "
+		    "Cancel local forward");
 		logit("      -KR[bind_address:]port                 "
 		    "Cancel remote forward");
+		logit("      -KD[bind_address:]port                 "
+		    "Cancel dynamic forward");
 		if (!options.permit_local_command)
 			goto out;
 		logit("      !args                                  "
@@ -897,11 +900,7 @@ process_cmdline(void)
 		goto out;
 	}
 
-	if ((local || dynamic) && delete) {
-		logit("Not supported.");
-		goto out;
-	}
-	if (remote && delete && !compat20) {
+	if (delete && !compat20) {
 		logit("Not supported for SSH protocol version 1.");
 		goto out;
 	}
@@ -924,7 +923,21 @@ process_cmdline(void)
 			logit("Bad forwarding close port");
 			goto out;
 		}
-		channel_request_rforward_cancel(cancel_host, cancel_port);
+		if (remote)
+			ok = channel_request_rforward_cancel(cancel_host,
+			    cancel_port) == 0;
+		else if (dynamic)
+                	ok = channel_cancel_lport_listener(cancel_host,
+			    cancel_port, 0, options.gateway_ports) > 0;
+		else
+                	ok = channel_cancel_lport_listener(cancel_host,
+			    cancel_port, CHANNEL_CANCEL_PORT_STATIC,
+			    options.gateway_ports) > 0;
+		if (!ok) {
+			logit("Unkown port forwarding.");
+			goto out;
+		}
+		logit("Canceled forwarding.");
 	} else {
 		if (!parse_forward(&fwd, s, dynamic, remote)) {
 			logit("Bad forwarding specification.");
@@ -945,7 +958,6 @@ process_cmdline(void)
 				goto out;
 			}
 		}
-
 		logit("Forwarding port.");
 	}
 

ssh.1

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.321 2011/08/26 01:45:15 djm Exp $
-.Dd $Mdocdate: August 26 2011 $
+.\" $OpenBSD: ssh.1,v 1.322 2011/09/10 22:26:34 markus Exp $
+.Dd $Mdocdate: September 10 2011 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -899,11 +899,20 @@ Currently this allows the addition of port forwardings using the
 and
 .Fl D
 options (see above).
-It also allows the cancellation of existing remote port-forwardings
-using
+It also allows the cancellation of existing port-forwardings
+with
 .Sm off
-.Fl KR Oo Ar bind_address : Oc Ar port .
+.Fl KL Oo Ar bind_address : Oc Ar port
 .Sm on
+for local,
+.Sm off
+.Fl KR Oo Ar bind_address : Oc Ar port
+.Sm on
+for remote and
+.Sm off
+.Fl KD Oo Ar bind_address : Oc Ar port
+.Sm on
+for dynamic port-forwardings.
 .Ic !\& Ns Ar command
 allows the user to execute a local command if the
 .Ic PermitLocalCommand