Changeset 01073f7

Timestamp:

Sep 22, 2008 2:15:46 PM (16 years ago)

Author:

Ted Faber <faber@…>

Branches:

axis_example, compt_changes, info-ops, master, version-1.30, version-2.00, version-3.01, version-3.02

Children:

19cc408

Parents:

7a8d667

Message:

FreeBSD 7.0 compatibility

Location:

fedkit

Files:

• fed-tun.pl (modified) (6 diffs)
• fed-tun.ucb.pl (modified) (6 diffs)

fedkit/fed-tun.pl

@@ -25 +25 @@
 my $IFCONFIG = "/sbin/ifconfig";
 my $TMCC = "/usr/local/etc/emulab/tmcc";
-my $SSH = "/usr/local/bin/ssh";
+# If a special version of ssh is required, it will be installed in
+# /usr/local/bin/ssh.  Otherwise use the usual one.
+my $SSH = -x "/usr/local/bin/ssh" ? "/usr/local/bin/ssh" : "/usr/bin/ssh";
 my $NC = "/usr/bin/nc";
 my $SSH_PORT = 22;
@@ -43 +45 @@
                                             # dodge the port on the
                                             # remote tunnel node.
+die "Cannot exec $SSH" unless -x $SSH;
+
 sub setup_bridging;
 sub setup_tunnel_cfg;
@@ -140 +144 @@
 }
 
-# Both sides need to have GatewayPorts to be set.  Copy the existing
-# sshd_config, making sure GatewayPorts is set to yes, replace the original,
-# and restart sshd.
+# Both sides need to have GatewayPorts and PermitTunnel set.  Copy the existing
+# sshd_config, making sure GatewayPorts and PermitTunnel are set to yes,
+# replace the original, and restart sshd.
 my $ports_on = 0;
+my $tunnel_on = 0;
 
 my $conf = new IO::File($sshd_config) || die "Can't open $sshd_config: $!\n";
@@ -154 +159 @@
         next;
     };
+    s/^\s*PermitTunnel.*/PermitTunnel yes/ && do {
+        print $new_conf $_ unless $tunnel_on++;
+        next;
+    };
     print $new_conf $_;
 }
 print $new_conf "GatewayPorts yes\n" unless $ports_on;
+print $new_conf "PermitTunnel yes\n" unless $tunnel_on;
 $conf->close();
 $new_conf->close();
@@ -166 +176 @@
 
 # Need these to make the Ethernet tap and bridge to work...
-
+system("kldload /boot/kernel/bridgestp.ko") 
+    if -r "/boot/kernel/bridgestp.ko";
 system("kldload /boot/kernel/if_bridge.ko");
 system("kldload /boot/kernel/if_tap.ko");
@@ -240 +251 @@
             system("$cmd"); # or die "Failed to run ssh";
         }
-        $cmd =  "$SSH -w $count:$count -o \"StrictHostKeyChecking no\" " . 
+        # The Tunnel option specifies the level to tunnel at.  Ethernet creates
+        # a tap device rather than a tun device.  Strict host key checking
+        # avoids asking the user to OK a strange host key.
+        $cmd =  "$SSH -w $count:$count -o \"Tunnel ethernet\" " . 
+            "-o \"StrictHostKeyChecking no\" " . 
             "$opts{'peer'}  \"$remote_script_dir/fed-tun.pl " . 
             "$remote_config_file -r $addr $count\" & |";

fedkit/fed-tun.ucb.pl

@@ -22 +22 @@
 use IO::File;
 use IO::Pipe;
+use File::Copy;
 
 my $IFCONFIG = "/sbin/ifconfig";
 my $TMCC = "/usr/local/etc/emulab/tmcc";
-my $SSH = "/usr/local/bin/ssh";
+# If a special version of ssh is required, it will be installed in
+# /usr/local/bin/ssh.  Otherwise use the usual one.
+my $SSH = -x "/usr/local/bin/ssh" ? "/usr/local/bin/ssh" : "/usr/bin/ssh";
 my $NC = "/usr/bin/nc";
 my $SSH_PORT = 22;
@@ -42 +45 @@
                                             # dodge the port on the
                                             # remote tunnel node.
+                                            
+die "Cannot exec $SSH" unless -x $SSH;
+
 sub setup_bridging;
 sub setup_tunnel_cfg;
@@ -132 +138 @@
 }
 
-# Both sides need to have GatewayPorts to be set.  Copy the existing
-# sshd_config, making sure GatewayPorts is set to yes, replace the original,
-# and restart sshd.
+
+# Both sides need to have GatewayPorts and PermitTunnel set.  Copy the existing
+# sshd_config, making sure GatewayPorts and PermitTunnel are set to yes,
+# replace the original, and restart sshd.
 my $ports_on = 0;
+my $tunnel_on = 0;
 
 my $conf = new IO::File($sshd_config) || die "Can't open $sshd_config: $!\n";
@@ -146 +154 @@
         next;
     };
+    s/^\s*PermitTunnel.*/PermitTunnel yes/ && do {
+        print $new_conf $_ unless $tunnel_on++;
+        next;
+    };
     print $new_conf $_;
 }
 print $new_conf "GatewayPorts yes\n" unless $ports_on;
+print $new_conf "PermitTunnel yes\n" unless $tunnel_on;
 $conf->close();
 $new_conf->close();
@@ -159 +172 @@
 
 # Need these to make the Ethernet tap and bridge to work...
-
+system("kldload /boot/kernel/bridgestp.ko") 
+    if -r "/boot/kernel/bridgestp.ko";
 system("kldload /boot/kernel/if_bridge.ko");
 system("kldload /boot/kernel/if_tap.ko");
@@ -220 +234 @@
         # the expected single line of output when the tunnel is connected.
 
-        print "$SSH -w $count:$count $ssh_port_fwds -o \"StrictHostKeyChecking no\" $opts{'peer'}  \"$remote_script_dir/fed-tun.pl $remote_config_file -r $addr $count\"\n" if $debug;
-        open($SSHCMD[$count], "$SSH -w $count:$count $ssh_port_fwds -o \"StrictHostKeyChecking no\" $opts{'peer'}  \"$remote_script_dir/fed-tun.pl $remote_config_file -r $addr $count\" |") or die "Failed to run ssh";
+        # The Tunnel option specifies the level to tunnel at.  Ethernet creates
+        # a tap device rather than a tun device.  Strict host key checking
+        # avoids asking the user to OK a strange host key.
+        my $cmd =  "$SSH -w $count:$count -o \"Tunnel ethernet\" " . 
+            "-o \"StrictHostKeyChecking no\" " . 
+            "$opts{'peer'}  \"$remote_script_dir/fed-tun.pl " . 
+            "$remote_config_file -r $addr $count\" & |";
+
+        print "$cmd\n" if $debug;
+        open($SSHCMD[$count], $cmd) or die "Failed to run ssh";
 
         my $check = <$SSHCMD[$count]>;  # Make sure something ran...