Bug 756 - sshd does not support global request cancel-tcpip-forward
Summary: sshd does not support global request cancel-tcpip-forward
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: -current
Hardware: All Linux
: P2 enhancement
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2003-11-08 19:57 AEDT by Paul Swartz
Modified: 2004-09-11 13:18 AEST (History)
0 users

See Also:

Attachments
Attempt at cancel-tcpip-forward support (2.31 KB, patch)
2003-11-08 21:32 AEDT, Damien Miller 		no flags Details | Diff
Log of a connection with cancel-tcpip-forwarding (8.71 KB, text/plain)
2003-11-21 09:31 AEDT, Paul Swartz 		no flags Details
Patch with more debugging (2.86 KB, patch)
2004-03-30 15:58 AEST, Damien Miller 		no flags Details | Diff
Fixed cancel-tcpip-forward patch (7.63 KB, patch)
2004-03-30 22:34 AEST, Damien Miller 		no flags Details | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Paul Swartz 2003-11-08 19:57:41 AEDT 
The SSHv2 connection draft specifies a global request 'cancel-tcpip-forward'
which will cancel a remote->local TCP/IP forwarding connection.  sshd does not
understand this request.
Comment 1 Damien Miller 2003-11-08 21:32:34 AEDT 
Created attachment 494 [details]
Attempt at cancel-tcpip-forward support

Please give this diff a try.
Comment 2 Paul Swartz 2003-11-09 17:35:59 AEDT 
Nope.  It appears that the issue is that channel_cancel_rport_listener only
closes open remote->local forwarding channels.  If there are no channels open
for forwarding, then nothing happens.  What should happen is that the socket
listening on the remote port should be closed so that attempts to connect to
that port fail.  As it stands, remote->local forwarding requests are still
passed on to the client even after cancel-tcpip-forward.
Comment 3 Markus Friedl 2003-11-11 14:33:52 AEDT 
are you sure? the patch looks ok to me, since
only the listen socket will
have type SSH_CHANNEL_RPORT_LISTENER.
forwarded connections will have a different type.
Comment 4 Paul Swartz 2003-11-11 15:59:14 AEDT 
Yes, I've tried the patch and the problem still exists.  Netstat shows the
listening socket before and after the cancel-tcpip-forward, and the server still
passes on a forwarded-tcpip request to the client.
Comment 5 Damien Miller 2003-11-17 04:44:36 AEDT 
Please attach a debug output "sshd -d -d -d" from a patch sshd, receiving a
cancel message.
Comment 6 Paul Swartz 2003-11-21 09:31:14 AEDT 
Created attachment 505 [details]
Log of a connection with cancel-tcpip-forwarding
Comment 7 Damien Miller 2003-11-21 16:56:23 AEDT 
hm, try cancelling 127.0.0.1:8080 - unless you have GatewayPorts=yes
Comment 8 Paul Swartz 2003-11-22 00:01:22 AEDT 
The log shows that I ask for forwarding to be listening on all  interfaces by
binding to '0.0.0.0'.  If sshd ignores this and binds to 127.0.0.1, how else do
I indicate ports to listen on all interfaces?
Comment 9 Damien Miller 2003-11-22 00:06:56 AEDT 
You specify GatewayPorts=yes on the server. This is off by default as server
administrators may not want random users to be able to listen on arbitrary
high-numbered ports.

I'll probably correct the patch so that it closes the forwardings based on the
original forward request rather than the listening address, but I'd like to see
if it works first. Does it work if you ask to cancel 127.0.0.1:8080?
Comment 10 Paul Swartz 2003-11-22 00:48:09 AEDT 
Nope, doesn't work even I cancel forwarding for 127.0.0.1:1080.
Comment 11 Damien Miller 2004-03-30 15:58:00 AEST 
Created attachment 579 [details]
Patch with more debugging

Please try this patch and attach the debug output on trying to close a port
forward.
Comment 12 Damien Miller 2004-03-30 22:34:04 AEST 
Created attachment 580 [details]
Fixed cancel-tcpip-forward patch

This one seems to work better - it also extends the process_cmdline (~C) escape
with some help and the ability to cancel rforward connections.
Comment 13 Paul Swartz 2004-03-30 23:37:33 AEST 
The new attachment works great with the latest version of Conch.  Thanks!
Comment 14 Damien Miller 2004-05-21 21:31:22 AEST 
patch comitted. thanks for the report.