C coding: Hacking ssh: dynamic local port forwarding implementation?
From this thread I've decided to try add a feature of removing local port forwardings in ssh.
Here are some very ugly and not-yet working hacks what I made so far:
* Patch for channels.c
* Patch for channels.h
* Patch for clientloop.c
Apply these to sources of 5.3p1( http://ftp.arcane-networks.fr/pub/Op...h-5.3p1.tar.gz ), MD5 13563dbf61f36ca9a1e4254260131041
I was clearly expecting this to work without any troubles-everything seem to be logically correct, but I made a programming mistake somewhere: don't know where, maybe you will point me to this?
Many sites say there is a WAY AROUND with -D param(starting socks proxy as a tunnel-generator), added since 5.2, but I don't need that way around. I need a way through. I use exact ports for exact services and if I want to change it runtime I'd like to have ability to do so.
If you have other ideas or points instead of coding this, please share them here & here(original question).
Here is what I get so far when I run rebuilt ./ssh -vvv root@fs:
Wait... looks like I fixed it. The problem was with line 2660 of a patched channels.c: if we comment host it works.
I can't really guarantee this is going to work without memory leaks: I am not sure it really frees everything but it's made as in same rport function.
here is what it issues now(running ./ssh -vvv root@fs, port 80 on fs is nginx webserver):
No segfaults now.
I'll post full patches a bit later here and in original question when I will finally get that to work.
It also works well with cancellation of forwarding 10222 to 127.0.0.1:80 and reforwarding it then to 22.214.171.124:80 (example.org IP) and correctly addresses traffic to example.org after it.
So, after some tests it looks like I did that.
By using option -KL while running you can remove local tunnel now. By using -L again you can forward freed port to another destination.
Grab patches for 5.3p1 sources(this must only be applied to 5.3p1 version from official OpenSSH site, other versions may not work): http://stat.web31337.org/etc/openssh-patch/
Direct links for files:
* MD5 sum | SHA1 sum
Apply patches for each file:
WARNING: I do not guarantee this solution will work 100% for you, as well as I do not guarantee it won't cause any damage(physical or virtual). USE AT YOUR OWN RISK!
I don't also guarantee this solution is unique, but still, googling a bit does not give me anything but -D parameter as a way around. I see no way to remove tunnel while connected. That's why I tried to implement it myself.
|All times are GMT -5. The time now is 02:42 PM.|