Re: opening multiply reverse tunnels in one session

[Oleksandr Shneyder <o.shneyder@xxxxxxxxxxxxx>]

Hallo Andreas,

Am 10.01.2014 14:20, schrieb Andreas Schneider:
> On Friday 10 January 2014 13:26:28 Oleksandr Shneyder wrote:
>> Hm, I think I got it. Is there an error in libssh-0.5.4 provided with
>> debian wheezy?
>>
>> I've found this in channels.c global_request:
>>
>>   switch(session->global_req_state){
>>     case SSH_CHANNEL_REQ_STATE_ACCEPTED:
>>       ssh_log(session, SSH_LOG_PROTOCOL, "Global request %s
>> success",request);
>>       rc=SSH_OK;
>>       break;
>> ......................................
>>   }
>>   leave_function();
>>   return rc;
>>
>> It seems, that after executing of global_request
>> session->global_req_state will not reseted to
>> SSH_CHANNEL_REQ_STATE_NONE; Does it mean that we would not be able to
>> execute global_request once again and that why I can execute
>> ssh_forward_listen only once?
>>
>> In code from git we have:
>>
>>   switch(session->global_req_state){
>>     case SSH_CHANNEL_REQ_STATE_ACCEPTED:
>>       SSH_LOG(SSH_LOG_PROTOCOL, "Global request %s success",request);
>>       rc=SSH_OK;
>>       break;
>> ........................................
>>   }
>>   session->global_req_state = SSH_CHANNEL_REQ_STATE_NONE;
>>
>> I'll try to open more as one reverse tunnel with ssh version from GIT.
> 
> You should use libssh 0.6.0 we released on Wednesday :)
> 
> 
> http://www.libssh.org/2014/01/08/libssh-0-6-0/
> 
> 

I would like to use a newest version of libssh, but my project
(www.x2go.org) is a part of Debian and other Linux distributions. So it
should work with versions of libssh which provided by this distributions.
Now about my problem. I was right about error in libssh-0.5.4. I have
tried a version from GIT and was able to listen more as one port.
However there is steel one problem that make using of this feature
impossible. I can accept incoming channels from multiply reverse tunnels
with channel=ssh_forward_accept(session), but I can not identify to
which port this channel correspond. Without it this feature is really
unusable, as I don't know to which service I should forward  incoming
connections. I have not found the way to identify channels destination
port from user application. Can you help me with it? If there is no
possibility to find destination port of channel, then it is error in
libssh, which make using of multiply tunnels impossible.

It can be easily fixed without breaking API compatibility to older
version by providing an alternative to function
ssh_forward_accept(session), for example something like
ssh_forward_accept_ex(session, *struct open_channel_info)
where open_channel_info will consist additional information from
http://tools.ietf.org/html/rfc4254#page-16(7.2):

string    address that was connected
uint32    port that was connected
string    originator IP address
uint32    originator port

this information is available in channels.c static ssh_channel
ssh_channel_accept(ssh_session session, int channeltype, int timeout_ms)
in msg->channel_request_open and we only need to make it available for
user application.

If you want, I can implement this and send a patch to you.

regards,
Alex
-- 
----------------------------------------------------
Oleksandr Shneyder  | Email: o.shneyder@xxxxxxxxxxxxx
phoca GmbH          | Tel. : 0911 - 14870374 0
Bräuhausgasse 9     | Fax. : 0911 - 14870374 9
D-82205 Gilching    | Mobil: 0163 - 49 64 461

Geschäftsführung:
Dipl.-Inf. Oleksandr Shneyder

Amtsgericht München | http://www.phoca-gmbh.de
HRB 196 658         | http://www.x2go.org
USt-IdNr.: DE281977973
----------------------------------------------------

Attachment: signature.asc
Description: OpenPGP digital signature