openSSH 5.8p2 BindPort patch

Rory McNamara pink.banana.fish at gmail.com
Mon Jul 18 06:10:16 EST 2011


Hi, i have written a patch for openSSH 5.8p2 which allows the user to
set the local source port. The patch is as follows:


diff -rupN openssh-5.8p2//readconf.c openssh-5.8p2-srcport//readconf.c
--- openssh-5.8p2//readconf.c	2010-11-20 04:19:38.000000000 +0000
+++ openssh-5.8p2-srcport//readconf.c	2011-07-17 20:57:52.385044096 +0100
@@ -125,7 +125,7 @@ typedef enum {
 	oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
 	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
 	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
-	oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
+	oHostKeyAlgorithms, oBindAddress, oBindPort, oPKCS11Provider,
 	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
 	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
 	oAddressFamily, oGssAuthentication, oGssDelegateCreds,
@@ -210,6 +210,7 @@ static struct {
 	{ "preferredauthentications", oPreferredAuthentications },
 	{ "hostkeyalgorithms", oHostKeyAlgorithms },
 	{ "bindaddress", oBindAddress },
+	{ "bindport", oBindPort },
 #ifdef ENABLE_PKCS11
 	{ "smartcarddevice", oPKCS11Provider },
 	{ "pkcs11provider", oPKCS11Provider },
@@ -634,6 +635,10 @@ parse_string:
 		charptr = &options->bind_address;
 		goto parse_string;

+	case oBindPort:
+		charptr = &options->bind_port;
+		goto parse_string;
+
 	case oPKCS11Provider:
 		charptr = &options->pkcs11_provider;
 		goto parse_string;
@@ -1133,6 +1138,7 @@ initialize_options(Options * options)
 	options->log_level = SYSLOG_LEVEL_NOT_SET;
 	options->preferred_authentications = NULL;
 	options->bind_address = NULL;
+	options->bind_port = NULL;
 	options->pkcs11_provider = NULL;
 	options->enable_ssh_keysign = - 1;
 	options->no_host_authentication_for_localhost = - 1;
diff -rupN openssh-5.8p2//readconf.h openssh-5.8p2-srcport//readconf.h
--- openssh-5.8p2//readconf.h	2010-11-20 04:19:38.000000000 +0000
+++ openssh-5.8p2-srcport//readconf.h	2011-07-17 19:23:57.797387390 +0100
@@ -89,6 +89,7 @@ typedef struct {
 	char   *user_hostfile2;
 	char   *preferred_authentications;
 	char   *bind_address;	/* local socket address for connection to sshd */
+	char   *bind_port;
 	char   *pkcs11_provider; /* PKCS#11 provider */
 	int	verify_host_key_dns;	/* Verify host key using DNS */

diff -rupN openssh-5.8p2//ssh.0 openssh-5.8p2-srcport//ssh.0
--- openssh-5.8p2//ssh.0	2011-05-05 02:58:10.000000000 +0100
+++ openssh-5.8p2-srcport//ssh.0	2011-07-17 21:00:05.153358189 +0100
@@ -4,7 +4,7 @@ NAME
      ssh - OpenSSH SSH client (remote login program)

 SYNOPSIS
-     ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
+     ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-B bind_port
] [-c cipher_spec]
          [-D [bind_address:]port] [-e escape_char] [-F configfile] [-I pkcs11]
          [-i identity_file] [-L [bind_address:]port:host:hostport]
          [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
@@ -55,6 +55,10 @@ DESCRIPTION
              the connection.  Only useful on systems with more than one
              address.

+     -B bind_port
+             Use bind_port port on the local machine as the source port of
+             the connection.address.
+
      -C      Requests compression of all data (including stdin, stdout,
              stderr, and data for forwarded X11 and TCP connections).  The
              compression algorithm is the same used by gzip(1), and the
@@ -215,6 +219,7 @@ DESCRIPTION
                    AddressFamily
                    BatchMode
                    BindAddress
+                   BindPort
                    ChallengeResponseAuthentication
                    CheckHostIP
                    Cipher
diff -rupN openssh-5.8p2//ssh.1 openssh-5.8p2-srcport//ssh.1
--- openssh-5.8p2//ssh.1	2010-11-20 04:21:03.000000000 +0000
+++ openssh-5.8p2-srcport//ssh.1	2011-07-17 20:56:13.265387325 +0100
@@ -45,6 +45,7 @@
 .Bk -words
 .Op Fl 1246AaCfgKkMNnqsTtVvXxYy
 .Op Fl b Ar bind_address
+.Op Fl B Ar bind_port
 .Op Fl c Ar cipher_spec
 .Op Fl D Oo Ar bind_address : Oc Ns Ar port
 .Op Fl e Ar escape_char
@@ -127,6 +128,9 @@ Use
 on the local machine as the source address
 of the connection.
 Only useful on systems with more than one address.
+.It Fl B Ar bind_port
+Use bind_port port on the local machine as the source port of
+the connection.
 .It Fl C
 Requests compression of all data (including stdin, stdout, stderr, and
 data for forwarded X11 and TCP connections).
@@ -406,6 +410,7 @@ For full details of the options listed b
 .It AddressFamily
 .It BatchMode
 .It BindAddress
+.It BindPort
 .It ChallengeResponseAuthentication
 .It CheckHostIP
 .It Cipher
diff -rupN openssh-5.8p2//ssh.c openssh-5.8p2-srcport//ssh.c
--- openssh-5.8p2//ssh.c	2011-02-04 00:42:15.000000000 +0000
+++ openssh-5.8p2-srcport//ssh.c	2011-07-17 20:15:48.613053886 +0100
@@ -193,7 +193,7 @@ static void
 usage(void)
 {
 	fprintf(stderr,
-"usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
+"usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-B
bind_port ] [-c cipher_spec]\n"
 "           [-D [bind_address:]port] [-e escape_char] [-F configfile]\n"
 "           [-I pkcs11] [-i identity_file]\n"
 "           [-L [bind_address:]port:host:hostport]\n"
@@ -297,7 +297,7 @@ main(int ac, char **av)

  again:
 	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
-	    "ACD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) {
+	    "AB:CD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) {
 		switch (opt) {
 		case '1':
 			options.protocol = SSH_PROTO_1;
@@ -568,6 +568,9 @@ main(int ac, char **av)
 		case 'F':
 			config = optarg;
 			break;
+		case 'B':
+			options.bind_port = optarg;
+			break;
 		default:
 			usage();
 		}
diff -rupN openssh-5.8p2//ssh_config.0 openssh-5.8p2-srcport//ssh_config.0
--- openssh-5.8p2//ssh_config.0	2011-05-05 02:58:10.000000000 +0100
+++ openssh-5.8p2-srcport//ssh_config.0	2011-07-17 20:50:26.881386898 +0100
@@ -66,6 +66,10 @@ DESCRIPTION
              one address.  Note that this option does not work if
              UsePrivilegedPort is set to ``yes''.

+     BindPort
+             Use bind_port port on the local machine as the source port of the
+             connection.
+
      ChallengeResponseAuthentication
              Specifies whether to use challenge-response authentication.  The
              argument to this keyword must be ``yes'' or ``no''.  The default
diff -rupN openssh-5.8p2//ssh_config.5 openssh-5.8p2-srcport//ssh_config.5
--- openssh-5.8p2//ssh_config.5	2010-12-26 03:26:48.000000000 +0000
+++ openssh-5.8p2-srcport//ssh_config.5	2011-07-17 20:54:48.829387482 +0100
@@ -143,6 +143,9 @@ Note that this option does not work if
 .Cm UsePrivilegedPort
 is set to
 .Dq yes .
+.It Cm BindPort
+Use the specified port on the local machine as the
+source port of the connection.
 .It Cm ChallengeResponseAuthentication
 Specifies whether to use challenge-response authentication.
 The argument to this keyword must be
diff -rupN openssh-5.8p2//sshconnect.c openssh-5.8p2-srcport//sshconnect.c
--- openssh-5.8p2//sshconnect.c	2011-01-16 12:17:59.000000000 +0000
+++ openssh-5.8p2-srcport//sshconnect.c	2011-07-17 20:19:20.093054511 +0100
@@ -214,7 +214,7 @@ ssh_create_socket(int privileged, struct
 	fcntl(sock, F_SETFD, FD_CLOEXEC);

 	/* Bind the socket to an alternative local IP address */
-	if (options.bind_address == NULL)
+	if (options.bind_address == NULL && options.bind_port == NULL)
 		return sock;

 	memset(&hints, 0, sizeof(hints));
@@ -222,7 +222,7 @@ ssh_create_socket(int privileged, struct
 	hints.ai_socktype = ai->ai_socktype;
 	hints.ai_protocol = ai->ai_protocol;
 	hints.ai_flags = AI_PASSIVE;
-	gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
+	gaierr = getaddrinfo(options.bind_address, options.bind_port, &hints, &res);
 	if (gaierr) {
 		error("getaddrinfo: %s: %s", options.bind_address,
 		    ssh_gai_strerror(gaierr));


More information about the openssh-unix-dev mailing list