Patch for a port forwarding problem in serverloop.c

jam at McQuil.Com jam at McQuil.Com
Sun Feb 23 08:58:27 EST 2003 

On Sat, 22 Feb 2003, Markus Friedl wrote:

> hm, ssh protocol messages should be used and the
> client should close the connection, not the server.

Yes, that makes perfect sense, but how does the client know that the 
server is unable to bind to that port ?

I see in the code, that the 'want_reply' is tested, and if
true, it will send either a SUCCESS or FAILURE packet.

But, the 'want-reply' is false.  Well, at least it is when
using a 3.1p1 client.

I just tried it with a 3.4p1 and a 3.5p1 client, and they both
set want_reply = 1.  Seems good.

Except... the client prints:

 'Warning: remote port forwarding failed for listen port 5000'

But doesn't exit.

So, seems like a bug in the client.

In my opinion, if you set '-N', to NOT get a tty, any failure
like a port already in use, should cause the client to fail, rather
than print a warning, and just hang there.


I found in ssh.c, this snippet of code:

    if (type == SSH2_MSG_REQUEST_FAILURE)
          log("Warning: remote port forwarding failed for listen port %d",
              options.remote_forwards[i].port);


Should it then check whether a tty was requested, and if NOT,
call 'fatal()' instead of 'log()' ?

What if multiple port forwarding requests are made ?  Would it
be Ok for the ssh client to exit if any one of them fail ?

I have 2 goals here:

1)  Get the thing working for a particular customer.  Using my
    original patch does that.

2)  Fix it the "right" way, which helps to make OpenSSH even better.  
    For that, I need a bit of help.


Thanks,

Jim McQuillan
jam at Ltsp.org


> 
> thanks!
> 
> On Sat, Feb 22, 2003 at 11:37:31AM -0500, jam at McQuil.Com wrote:
> > Hello all,
> > 
> > I encountered a problem when trying to setup a remote portforward
> > using OpenSSH 3.5p1.
> > 
> > If the port that I was trying to listen to on the remote side
> > was already in use, a message 'cannot bind to port: 5000' was
> > written to the syslog, but the connection still persisted.
> > 
> > I had no way on the client side to know that the listening
> > wasn't taking place.  that is, the portforwarding of port 5000
> > failed, but the ssh connection on port 22 was still there.
> > 
> > I found the spot in serverloop.c, where it seemed to be
> > ignoring the return status from the 'channel_setup_remote_fwd_listener'
> > call.
> > 
> > The fix for me was a simple testing of the success, and calling
> > fatal() to indicate that the port forwarding failed.
> > 
> > Here is the patch:
> > 
> > 
> > --- serverloop.c.orig	Sat Feb 22 11:35:39 2003
> > +++ serverloop.c	Sat Feb 22 11:19:29 2003
> > @@ -989,6 +989,9 @@
> >  			/* Start listening on the port */
> >  			success = channel_setup_remote_fwd_listener(
> >  			    listen_address, listen_port, options.gateway_ports);
> > +                        if( !success ){
> > +				fatal("Cannot bind to the remote port");
> > +			}
> >  		}
> >  		xfree(listen_address);
> >  	}
> > 
> > 
> > And, here is the commandline that I used to initiate the connection:
> > 
> > 
> > while :; do
> > 
> >    ssh -N -R 5000:localhost:5000  user at remotesystem
> > 
> >    sleep 10
> > 
> > done  
> > 
> > 
> > My patch is not terribly robust.  I suppose that if you didn't use
> > the '-N' option, you may not want the connection to disappear, but
> > in my case, if the port forwarding fails, I really need the
> > connection to drop, so I can go into a loop and retry it.
> > 
> > The reason I need this, is that i'm setting up a forwarded port
> > when I boot the client.  If I reboot the client, the old connection
> > lingers for a couple of minutes on the remote machine, before
> > it realizes that the client has gone away.  When the client comes
> > back up, and tries to re-establish the forwarded port, it can't.
> > 
> > So, now with my patch, the client will realize that the port forward
> > request failed, and it will sit in a loop, and try every 10 seconds,
> > until the connection succeeds.
> > 
> > Anyway, thanks, and I hope you find my patch useful.
> > 
> > Jim McQuillan
> > jam at Ltsp.org
> 
> > --- serverloop.c.orig	Sat Feb 22 11:35:39 2003
> > +++ serverloop.c	Sat Feb 22 11:19:29 2003
> > @@ -989,6 +989,9 @@
> >  			/* Start listening on the port */
> >  			success = channel_setup_remote_fwd_listener(
> >  			    listen_address, listen_port, options.gateway_ports);
> > +                        if( !success ){
> > +				fatal("Cannot bind to the remote port");
> > +			}
> >  		}
> >  		xfree(listen_address);
> >  	}
> 

--

More information about the openssh-unix-dev mailing list