- djm@cvs.openbsd.org 2010/01/30 02:54:53

[openssh.git] / PROTOCOL

diff --git a/PROTOCOL b/PROTOCOL
index 3283b81e2740db4b7d58574c95615cdbee77c0ac..9b74b94754fdc19d08e84c8876e6d8eb3fec3cad 100644 (file)
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -6,8 +6,8 @@ filexfer protocol described in:
 
 http://www.openssh.com/txt/draft-ietf-secsh-filexfer-02.txt
 
-Features from newer versions of the draft are not supported, unless
-explicitly implemented as extensions described below.
+Newer versions of the draft will not be supported, though some features
+are individually implemented as extensions described below.
 
 The protocol used by OpenSSH's ssh-agent is described in the file
 PROTOCOL.agent
@@ -64,6 +64,12 @@ remain open after a "eow@openssh.com" has been sent and more data may
 still be sent in the other direction. This message does not consume
 window space and may be sent even if no window space is available.
 
+NB. due to certain broken SSH implementations aborting upon receipt
+of this message (in contravention of RFC4254 section 5.4), this
+message is only sent to OpenSSH peers (identified by banner).
+Other SSH implementations may be whitelisted to receive this message
+upon request.
+
 4. connection: disallow additional sessions extension
    "no-more-sessions@openssh.com"
 
@@ -87,6 +93,11 @@ connection.
 Note that this is not a general defence against compromised clients
 (that is impossible), but it thwarts a simple attack.
 
+NB. due to certain broken SSH implementations aborting upon receipt
+of this message, the no-more-sessions request is only sent to OpenSSH
+servers (identified by banner). Other SSH implementations may be
+whitelisted to receive this message upon request.
+
 5. connection: Tunnel forward extension "tun@openssh.com"
 
 OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com"
@@ -110,10 +121,10 @@ layer 2 frames or layer 3 packets. It may take one of the following values:
        SSH_TUNMODE_ETHERNET     2              /* layer 2 frames */
 
 The "tunnel unit number" specifies the remote interface number, or may
-be zero to allow the server to automatically chose an interface. A server
-that is not willing to open a client-specified unit should refuse the
-request with a SSH_MSG_CHANNEL_OPEN_FAILURE error. On successful open,
-the server should reply with SSH_MSG_CHANNEL_OPEN_SUCCESS.
+be 0x7fffffff to allow the server to automatically chose an interface. A
+server that is not willing to open a client-specified unit should refuse
+the request with a SSH_MSG_CHANNEL_OPEN_FAILURE error. On successful
+open, the server should reply with SSH_MSG_CHANNEL_OPEN_SUCCESS.
 
 Once established the client and server may exchange packet or frames
 over the tunnel channel by encapsulating them in SSH protocol strings
@@ -140,7 +151,7 @@ It may be one of:
 The "packet data" field consists of the IPv4/IPv6 datagram itself
 without any link layer header.
 
-The contents of the "data" field for layer 3 packets is:
+The contents of the "data" field for layer 2 packets is:
 
        uint32                  packet length
        byte[packet length]     frame
@@ -237,7 +248,7 @@ The values of the f_flag bitmask are as follows:
        #define SSH_FXE_STATVFS_ST_RDONLY       0x1     /* read-only */
        #define SSH_FXE_STATVFS_ST_NOSUID       0x2     /* no setuid */
 
-This extension is advertised in the SSH_FXP_VERSION hello with version
-"2".
+Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are
+advertised in the SSH_FXP_VERSION hello with version "2".
 
-$OpenBSD: PROTOCOL,v 1.10 2008/06/30 12:18:34 djm Exp $
+$OpenBSD: PROTOCOL,v 1.14 2010/01/09 00:57:10 djm Exp $