upstream commit

Add 'reverse' dynamic forwarding which combines dynamic forwarding (-D) with remote forwarding (-R) where the remote-forwarded port expects SOCKS-requests. The SSH server code is unchanged and the parsing happens at the SSH clients side. Thus the full SOCKS-request is sent over the forwarded channel and the client parses c->output. Parsing happens in channel_before_prepare_select(), _before_ the select bitmask is computed in the pre[] handlers, but after network input processing in the post[] handlers. help and ok djm@ Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
author: markus@openbsd.org <markus@openbsd.org> 2017-09-21 19:16:53 +0000
committer: Damien Miller <djm@mindrot.org> 2017-09-22 09:14:53 +1000
commit: 609d7a66ce578abf259da2d5f6f68795c2bda731 (patch)
tree: fa0c5a5d6f04f69a6cd15bd4d3954412c4a1480c /ssh.1
parent: 36945fa103176c00b39731e1fc1919a0d0808b81 (diff)
1 files changed, 15 insertions, 6 deletions
diff --git a/ssh.1 b/ssh.1
index 3aacec415..2ab1697f9 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.383 2017/06/09 06:43:01 djm Exp $
+.\" $OpenBSD: ssh.1,v 1.384 2017/09/21 19:16:53 markus Exp $
-.Dd $Mdocdate: June 9 2017 $
+.Dd $Mdocdate: September 21 2017 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -592,21 +592,30 @@ Causes most warning and diagnostic messages to be suppressed.
 .Ar remote_socket : local_socket
 .Sm on
 .Xc
+.It Fl R Xo
+.Sm off
+.Oo Ar bind_address : Oc
+.Ar port
+.Sm on
+.Xc
 Specifies that connections to the given TCP port or Unix socket on the remote
-(server) host are to be forwarded to the given host and port, or Unix socket,
+(server) host are to be forwarded to the local side.
-on the local side.
+.Pp
 This works by allocating a socket to listen to either a TCP
 .Ar port
 or to a Unix socket on the remote side.
 Whenever a connection is made to this port or Unix socket, the
 connection is forwarded over the secure channel, and a connection
-is made to either
+is made from the local machine to either an explicit destination specified by
 .Ar host
 port
 .Ar hostport ,
 or
 .Ar local_socket ,
-from the local machine.
+or, if no explicit destination was specified,
+.Nm
+will act as a SOCKS 4/5 proxy and forward connections to the destinations
+requested by the remote SOCKS client.
 .Pp
 Port forwardings can also be specified in the configuration file.
 Privileged ports can be forwarded only when
author	markus@openbsd.org <markus@openbsd.org>	2017-09-21 19:16:53 +0000
committer	Damien Miller <djm@mindrot.org>	2017-09-22 09:14:53 +1000
commit	609d7a66ce578abf259da2d5f6f68795c2bda731 (patch)
tree	fa0c5a5d6f04f69a6cd15bd4d3954412c4a1480c /ssh.1
parent	36945fa103176c00b39731e1fc1919a0d0808b81 (diff)

diff --git a/ssh.1 b/ssh.1 index 3aacec415..2ab1697f9 100644 --- a/ssh.1 +++ b/ssh.1
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh.1,v 1.383 2017/06/09 06:43:01 djm Exp $	36	.\" $OpenBSD: ssh.1,v 1.384 2017/09/21 19:16:53 markus Exp $
37	.Dd $Mdocdate: June 9 2017 $	37	.Dd $Mdocdate: September 21 2017 $
38	.Dt SSH 1	38	.Dt SSH 1
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -592,21 +592,30 @@ Causes most warning and diagnostic messages to be suppressed.
592	.Ar remote_socket : local_socket	592	.Ar remote_socket : local_socket
593	.Sm on	593	.Sm on
594	.Xc	594	.Xc
		595	.It Fl R Xo
		596	.Sm off
		597	.Oo Ar bind_address : Oc
		598	.Ar port
		599	.Sm on
		600	.Xc
595	Specifies that connections to the given TCP port or Unix socket on the remote	601	Specifies that connections to the given TCP port or Unix socket on the remote
596	(server) host are to be forwarded to the given host and port, or Unix socket,	602	(server) host are to be forwarded to the local side.
597	on the local side.	603	.Pp
598	This works by allocating a socket to listen to either a TCP	604	This works by allocating a socket to listen to either a TCP
599	.Ar port	605	.Ar port
600	or to a Unix socket on the remote side.	606	or to a Unix socket on the remote side.
601	Whenever a connection is made to this port or Unix socket, the	607	Whenever a connection is made to this port or Unix socket, the
602	connection is forwarded over the secure channel, and a connection	608	connection is forwarded over the secure channel, and a connection
603	is made to either	609	is made from the local machine to either an explicit destination specified by
604	.Ar host	610	.Ar host
605	port	611	port
606	.Ar hostport ,	612	.Ar hostport ,
607	or	613	or
608	.Ar local_socket ,	614	.Ar local_socket ,
609	from the local machine.	615	or, if no explicit destination was specified,
		616	.Nm
		617	will act as a SOCKS 4/5 proxy and forward connections to the destinations
		618	requested by the remote SOCKS client.
610	.Pp	619	.Pp
611	Port forwardings can also be specified in the configuration file.	620	Port forwardings can also be specified in the configuration file.
612	Privileged ports can be forwarded only when	621	Privileged ports can be forwarded only when