You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "tomaswolf (via GitHub)" <gi...@apache.org> on 2023/05/24 11:47:19 UTC

[GitHub] [mina-sshd] tomaswolf commented on issue #379: Handling Encryption and TCP Handshake Timing in TCP/IP Port Forwarding with Mina-sshd for SSH Proxy to Web Service

tomaswolf commented on issue #379:
URL: https://github.com/apache/mina-sshd/issues/379#issuecomment-1560970807

   Take a look at the diagrams at [TCP/IP Forwarding](https://github.com/apache/mina-sshd/blob/master/docs/technical/tcpip-forwarding.md): the TCP/IP connection between the ssh-server and the web service has to be established first, and then ssh-server can tell the client SSH_MSG_CHANNEL_OPEN_SUCCESS, and only then the client sends data.
   
   To change this, we would have to allow the client to write data before it received SSH_MSG_CHANNEL_OPEN_SUCCESS, but that is impossible because the channel window size is announced only in that message.
   
   So ssh-server would have to send that SSH_MSG_CHANNEL_OPEN_SUCCESS message early, claiming the channel was open when in fact it hasn't yet made the connection to the web service. Then, ssh-server would have to buffer data received from the client (up to that channel window, which therefore should not be too large yet). Once the connection to the web service is successful, it could then forward the buffered data, and once that buffer is forwarded, possibly increase the channel window size. If the connection to the web service fails, ssh-server would have to close the channel like on any other connection failure.
   
   Sounds not impossible, but is a lot of work.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org