Annotation of src/usr.bin/ssh/PROTOCOL.mux, Revision 1.7
1.1 djm 1: This document describes the multiplexing protocol used by ssh(1)'s
2: ControlMaster connection-sharing.
3:
4: Most messages from the client to the server contain a "request id" field.
5: This field is returned in replies as "client request id" to facilitate
6: matching of responses to requests.
7:
8: 1. Connection setup
9:
10: When a multiplexing connection is made to a ssh(1) operating as a
11: ControlMaster from a ssh(1) in multiplex slave mode, the first
12: action of each is to exchange hello messages:
13:
14: uint32 MUX_MSG_HELLO
15: uint32 protocol version
16: string extension name [optional]
17: string extension value [optional]
18: ...
19:
20: The current version of the mux protocol is 4. A slave should refuse
21: to connect to a master that speaks an unsupported protocol version.
22: Following the version identifier are zero or more extensions
23: represented as a name/value pair. No extensions are currently
24: defined.
25:
26: 2. Opening sessions
27:
28: To open a new multiplexed session, a client may send the following
29: request:
30:
1.3 djm 31: uint32 MUX_C_NEW_SESSION
1.1 djm 32: uint32 request id
33: string reserved
34: bool want tty flag
35: bool want X11 forwarding flag
36: bool want agent flag
37: bool subsystem flag
38: uint32 escape char
39: string terminal type
40: string command
41: string environment string 0 [optional]
42: ...
43:
44: To disable the use of an escape character, "escape char" may be set
45: to 0xffffffff. "terminal type" is generally set to the value of
46: $TERM. zero or more environment strings may follow the command.
47:
48: The client then sends its standard input, output and error file
49: descriptors (in that order) using Unix domain socket control messages.
50:
51: The contents of "reserved" are currently ignored.
52:
53: If successful, the server will reply with MUX_S_SESSION_OPENED
54:
55: uint32 MUX_S_SESSION_OPENED
56: uint32 client request id
57: uint32 session id
58:
59: Otherwise it will reply with an error: MUX_S_PERMISSION_DENIED or
60: MUX_S_FAILURE.
61:
62: Once the server has received the fds, it will respond with MUX_S_OK
63: indicating that the session is up. The client now waits for the
64: session to end. When it does, the server will send an exit status
65: message:
66:
67: uint32 MUX_S_EXIT_MESSAGE
68: uint32 session id
69: uint32 exit value
70:
71: The client should exit with this value to mimic the behaviour of a
72: non-multiplexed ssh(1) connection. Two additional cases that the
73: client must cope with are it receiving a signal itself and the
74: server disconnecting without sending an exit message.
75:
1.7 ! djm 76: A master may also send a MUX_S_TTY_ALLOC_FAIL before MUX_S_EXIT_MESSAGE
! 77: if remote TTY allocation was unsuccessful. The client may use this to
! 78: return its local tty to "cooked" mode.
! 79:
! 80: uint32 MUX_S_TTY_ALLOC_FAIL
! 81: uint32 session id
! 82:
1.1 djm 83: 3. Health checks
84:
85: The client may request a health check/PID report from a server:
86:
87: uint32 MUX_C_ALIVE_CHECK
88: uint32 request id
89:
90: The server replies with:
91:
92: uint32 MUX_S_ALIVE
93: uint32 client request id
94: uint32 server pid
95:
96: 4. Remotely terminating a master
97:
98: A client may request that a master terminate immediately:
99:
100: uint32 MUX_C_TERMINATE
101: uint32 request id
102:
103: The server will reply with one of MUX_S_OK or MUX_S_PERMISSION_DENIED.
104:
105: 5. Requesting establishment of port forwards
106:
107: A client may request the master to establish a port forward:
108:
1.3 djm 109: uint32 MUX_C_OPEN_FWD
1.1 djm 110: uint32 request id
111: uint32 forwarding type
112: string listen host
113: string listen port
114: string connect host
115: string connect port
116:
117: forwarding type may be MUX_FWD_LOCAL, MUX_FWD_REMOTE, MUX_FWD_DYNAMIC.
118:
1.2 markus 119: A server may reply with a MUX_S_OK, a MUX_S_REMOTE_PORT, a
120: MUX_S_PERMISSION_DENIED or a MUX_S_FAILURE.
121:
122: For dynamically allocated listen port the server replies with
123:
124: uint32 MUX_S_REMOTE_PORT
125: uint32 client request id
126: uint32 allocated remote listen port
1.1 djm 127:
1.3 djm 128: 6. Requesting closure of port forwards
129:
130: Note: currently unimplemented (server will always reply with MUX_S_FAILURE).
1.1 djm 131:
1.4 djm 132: A client may request the master to close a port forward:
1.1 djm 133:
1.3 djm 134: uint32 MUX_C_CLOSE_FWD
1.1 djm 135: uint32 request id
136: string listen host
137: string listen port
138: string connect host
139: string connect port
140:
141: A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a
142: MUX_S_FAILURE.
143:
1.3 djm 144: 7. Requesting stdio forwarding
1.1 djm 145:
146: A client may request the master to establish a stdio forwarding:
147:
148: uint32 MUX_C_NEW_STDIO_FWD
149: uint32 request id
150: string reserved
151: string connect host
152: string connect port
153:
154: The client then sends its standard input and output file descriptors
155: (in that order) using Unix domain socket control messages.
156:
157: The contents of "reserved" are currently ignored.
158:
1.5 djm 159: A server may reply with a MUX_S_SESSION_OPENED, a MUX_S_PERMISSION_DENIED
1.1 djm 160: or a MUX_S_FAILURE.
161:
1.5 djm 162: 8. Requesting shutdown of mux listener
163:
164: A client may request the master to stop accepting new multiplexing requests
165: and remove its listener socket.
166:
167: uint32 MUX_C_STOP_LISTENING
168: uint32 request id
169:
170: A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a
171: MUX_S_FAILURE.
172:
173: 9. Status messages
1.1 djm 174:
175: The MUX_S_OK message is empty:
176:
177: uint32 MUX_S_OK
178: uint32 client request id
179:
180: The MUX_S_PERMISSION_DENIED and MUX_S_FAILURE include a reason:
181:
182: uint32 MUX_S_PERMISSION_DENIED
183: uint32 client request id
184: string reason
185:
186: uint32 MUX_S_FAILURE
187: uint32 client request id
188: string reason
189:
1.6 djm 190: 10. Protocol numbers
1.1 djm 191:
192: #define MUX_MSG_HELLO 0x00000001
193: #define MUX_C_NEW_SESSION 0x10000002
194: #define MUX_C_ALIVE_CHECK 0x10000004
195: #define MUX_C_TERMINATE 0x10000005
1.3 djm 196: #define MUX_C_OPEN_FWD 0x10000006
197: #define MUX_C_CLOSE_FWD 0x10000007
198: #define MUX_C_NEW_STDIO_FWD 0x10000008
1.5 djm 199: #define MUX_C_STOP_LISTENING 0x10000009
1.1 djm 200: #define MUX_S_OK 0x80000001
201: #define MUX_S_PERMISSION_DENIED 0x80000002
202: #define MUX_S_FAILURE 0x80000003
203: #define MUX_S_EXIT_MESSAGE 0x80000004
204: #define MUX_S_ALIVE 0x80000005
205: #define MUX_S_SESSION_OPENED 0x80000006
1.2 markus 206: #define MUX_S_REMOTE_PORT 0x80000007
1.7 ! djm 207: #define MUX_S_TTY_ALLOC_FAIL 0x80000008
1.1 djm 208:
209: #define MUX_FWD_LOCAL 1
210: #define MUX_FWD_REMOTE 2
211: #define MUX_FWD_DYNAMIC 3
212:
213: XXX TODO
214: XXX extended status (e.g. report open channels / forwards)
215: XXX lock (maybe)
216: XXX watch in/out traffic (pre/post crypto)
217: XXX inject packet (what about replies)
218: XXX server->client error/warning notifications
219: XXX send signals via mux
220:
1.7 ! djm 221: $OpenBSD: PROTOCOL.mux,v 1.6 2011/05/06 22:20:10 djm Exp $