RE: Global Request for tcpip reverse forward

[Martín Fernández <fmartin91@xxxxxxxxx>]

Meng,

Thanks! 

Will try that and report back. I was not building libssh myself so I will need to tweak my setup for testing.

Thanks!

Martín

On Wed, Apr 18, 2018 at 10:14 AM Meng Hourk Tan < Meng Hourk Tan ( Meng Hourk Tan <mtan@xxxxxxxxxx> ) > wrote:

> 
> 
> 
> 
> 
> 
> 
> Hi Martin,
> 
> 
> 
> 
> 
> 
> 
> 
> I just saw that the current api (in master branch) does not have callback
> for openning reverse tcpip forwarding channel.
> 
> 
> 
> Can you try the attached patch, add a callback for " channel_open_request_forwarded_tcpip_function
> " in client session callback struct.
> 
> 
> 
> We might ask for a pull request of this patch if it works better.
> 
> 
> 
> 
> 
> 
> 
> 
> Regards,
> 
> 
> 
> 
> 
> 
> Meng
> 
> 
> 
> 
> 
> 
> *De :* Martín Fernández <fmartin91@xxxxxxxxx>
> *Envoyé :* lundi 16 avril 2018 22:35:23
> *À :* Meng Hourk Tan; libssh@xxxxxxxxxx
> *Objet :* RE: Global Request for tcpip reverse forward
>  
> 
> Meng,
> 
> 
> Any change you can take a look at my last email ?
> 
> 
> Thanks a lot!
> 
> 
> Martín
> 
> On Fri, Mar 30, 2018 at 2:00 PM "Martín Fernández" < ">"Martín Fernández" >
> wrote:
> 
> 
>> 
>> Meng,
>> 
>> 
>> Thanks again for the reply, seriously!
>> 
>> 
>> So, I have to admit that I get really confused with the semantics of
>> remote_port between client and server. I know that in my example code the
>> ports are probably wrong. Client is requesting port 2000 that is being
>> used by my ssh server. When server receives request for port 2000 it just
>> ignores it and replies with “I will use port 8080”. Then the reverse
>> channel is opened on port 8080. I’m not sure what are the semantics of
>> this port when calling open_reverse really.
>> 
>> 
>> I added an event loop that same way I have on my server but in the client.
>> Every time the poll returns a status is -2 (SSH_AGAIN) so I don’t
>> understand why the client is not logging the `SSH_MSG_CHANNEL_OPEN`
>> message from server. Maybe the open_reverse ports have something to do
>> with this ? Not sure really.
>> 
>> 
>> Regarding the socket and binding, yes, I understand what you are saying.
>> I’m completely responsible for opening socket and forwarding data when
>> connection arrives. I first want to get the other part working. It should
>> be possible to open the channel on the server and send information to the
>> client simulating that a connection arrived in the server. That is what
>> I’m trying to achieve first!
>> 
>> 
>> Thanks a lot for all the help! 
>> 
>> 
>> Martín
>> 
>> On Fri, Mar 30, 2018 at 7:06 AM Meng Hourk Tan < Meng Hourk Tan (
>> Meng%20Hourk%20Tan%20<mtan@xxxxxxxxxx> ) > wrote:
>> 
>> 
>>> 
>>> 
>>> Hi Martin,
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> First, your port requested in the global request (2000, the bind_port in
>>> the reply was ignored since the port you requested was not 0) is
>>> inconsistent with the port you asked in the ssh_channel_open_reverse_forward
>>> () (8080)
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> You should at least receive a tcpip-forward channel open request from
>>> server on the client in ssh_channel_accept_forward but your logs doesn't
>>> show it.
>>> 
>>> 
>>> 
>>> I would advice to use a event object with callback also on client side and
>>> use a callback instead of ssh_channel_accept_forward.
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> Beware that your server tcpip-forward channel is bind to nothing, so even
>>> if the open request is successful, there won't be any data transfering.
>>> 
>>> The regular way is to start to bind and listen a socket on a local port
>>> when receiving the global request on server and then opening the channel
>>> when something connects to the socket.
>>> 
>>> 
>>> 
>>> Regards,
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> Meng
>>> 
>>> 
>>> 
>>> *De :* Martín Fernández <fmartin91@xxxxxxxxx>
>>> *Envoyé :* jeudi 29 mars 2018 18:45:49
>>> *À :* Meng Hourk Tan; libssh@xxxxxxxxxx
>>> *Objet :* RE: Global Request for tcpip reverse forward
>>>  
>>> 
>>> Meng,
>>> 
>>> 
>>> Thank you very much for your response!
>>> 
>>> 
>>> Actually, I have tried that before. After sending the global response,
>>> calling `ssh_channel_open_reverse_forward`. Problem is that after calling
>>> the function, client and server get blocked. I’m sending a snippet of what
>>> I changed. Also, just for providing more information, this is the log from
>>> the server and client.
>>> 
>>> 
>>> 
>>> 
>>> Server:
>>> [2018/03/29 13:41:32.810991, 2] ssh_packet_global_request:  Calling
>>> callback for SSH_MSG_GLOBAL_REQUEST tcpip-forward 1 0.0.0.0:2000
>>> [2018/03/29 13:41:32.811025, 3] ssh_socket_unbuffered_write:  Enabling
>>> POLLOUT for socket
>>> [2018/03/29 13:41:32.811036, 3] packet_send2:  packet: wrote
>>> [len=12,padding=10,comp=1,payload=1]
>>> [2018/03/29 13:41:32.811077, 2] channel_open:  Creating a channel 43 with
>>> 64000 window and 32768 max packet
>>> [2018/03/29 13:41:32.811104, 3] packet_send2:  packet: wrote
>>> [len=76,padding=9,comp=66,payload=66]
>>> [2018/03/29 13:41:32.811114, 3] channel_open:  Sent a SSH_MSG_CHANNEL_OPEN
>>> type forwarded-tcpip for channel 43
>>> 
>>> 
>>> Client:
>>> [2018/03/29 13:41:32.810891, 3] global_request:  Sent a
>>> SSH_MSG_GLOBAL_REQUEST tcpip-forward
>>> [2018/03/29 13:41:32.811106, 3] ssh_packet_socket_callback:  packet: read
>>> type 81 [len=12,padding=10,comp=1,payload=1]
>>> [2018/03/29 13:41:32.811121, 3] ssh_packet_process:  Dispatching handler
>>> for packet type 81
>>> [2018/03/29 13:41:32.811130, 3] ssh_request_success:  Received
>>> SSH_REQUEST_SUCCESS
>>> [2018/03/29 13:41:32.811139, 2] global_request:  Global request
>>> tcpip-forward success
>>> 
>>> 
>>> 
>>> 
>>> /**
>>> * @brief Global request callback
>>> *
>>> * @param session
>>> * @param message
>>> * @param userdata
>>> */
>>> static void handle_global_request (ssh_session session, ssh_message
>>> message, void *userdata) {
>>> ssh_message_global_request_reply_success (message, 8080 );
>>> 
>>> ssh_channel channel = ssh_channel_new (session);
>>> int result = ssh_channel_open_reverse_forward (channel, "localhost" , 8080
>>> , "localhost" , 8080 );
>>> 
>>> printf ( "RESULT %d \n " , result);
>>> }
>>> 
>>> 
>>> Thanks before hand!
>>> 
>>> 
>>> Martín
>>> 
>>> On Thu, Mar 29, 2018 at 7:22 AM Meng Hourk Tan < Meng Hourk Tan (
>>> Meng%20Hourk%20Tan%20<mtan@xxxxxxxxxx> ) > wrote:
>>> 
>>> 
>>>> 
>>>> 
>>>> Hi Martin,
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> I think your code lacks one step on server side:
>>>> 
>>>> 
>>>> 
>>>> After the Server handles the request using callback global_request_function
>>>> and responds with ssh_message_global_request_reply_success,
>>>> 
>>>> 
>>>> 
>>>> You need to create a new channel and call
>>>> ssh_channel_open_reverse_forward() on this channel.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Then the client will receive the opening request of the reverse port
>>>> forwarding channel.
>>>> 
>>>> 
>>>> Hope it helps,
>>>> 
>>>> Regards,
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Meng
>>>> 
>>>> 
>>>> 
>>>> *De :* Martín Fernández <fmartin91@xxxxxxxxx>
>>>> *Envoyé :* lundi 26 mars 2018 08:20:23
>>>> *À :* libssh@xxxxxxxxxx
>>>> *Objet :* Global Request for tcpip reverse forward
>>>>  
>>>> 
>>>> Hello!
>>>> 
>>>> 
>>>> This is my first time writing in the mailing list, I’m really new to
>>>> libssh.
>>>> 
>>>> 
>>>> I’m trying to get a server and client implementation for reverse port
>>>> forwarding. 
>>>> 
>>>> 
>>>> My understanding it that client requests the server for reverse port
>>>> forwarding in a given port, server handles the petition and is responsible
>>>> for managing the socket and redirecting data from socket to ssh channel.
>>>> Client is responsible for reading ssh channel and sending data to the
>>>> local server.
>>>> 
>>>> 
>>>> I have successfully managed to get authentication between client and
>>>> server work correctly.
>>>> 
>>>> 
>>>> The part I’m probably missing something is on how to handle the global
>>>> request from client and how to pull for data in the client.
>>>> 
>>>> 
>>>> Basic pseudo code that I’m doing.
>>>> 
>>>> 
>>>> - Client send global request to server using `ssh_channel_listen_forward`.
>>>> 
>>>> - Server handles the request using callback global_request_function and
>>>> responds with ssh_message_global_request_reply_success
>>>> - Client calls ssh_channel_accept_forward to get a new channel
>>>> 
>>>> 
>>>> My problem is that `ssh_channel_accept_forward` never returns. I’m not
>>>> sure If I’m missing something on the server side to initiate the channel.
>>>> I know that I then need to redirect data between socket and channel but
>>>> first I think I need to get a valid channel for forwarding right ?
>>>> 
>>>> 
>>>> My complete code can be found here:
>>>> https://gist.github.com/bilby91/22d5cc5db0e6118f06d6d35051c32cc6
>>>> 
>>>> 
>>>> Thanks before hand!
>>>> 
>>>> 
>>>> Martín
>>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>> 
>> 
> 
> 
> 
> 
>