-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lack of information about the address of the connected node when exposing tcp #2
Comments
For example, you can not only connect yggstack to a port, but also send information about the public key of the connected node |
or expand the functionality of socks proxy and add the bind feature. I'm not sure that the socks5 protocol is responsible for informing about the client's address but that would be nice |
AFAIK the x-forwarded-for header is HTTP header. I need to check how to pass this imfo to generic TCP socket. |
The only thing I can think of is to simply send a package with the client's address. Doesn't look good, but I don't know how to do it better |
I’m not good at Go and so far I’ve added |
Well, the key issue here is that the listening application must know how to handle this additional info. However, there is |
oh yeah of course I completely forgot. Is there really a sockopt field that can be used for this? |
Yup. https://man7.org/linux/man-pages/man7/ip.7.html states than PKTINFO is only for UDP sockets but IP_OPTIONS can be used for TCP or UDP. Not sure about Windows support of this header but 40 bytes can contain ipv6 address which you can map for the key. |
Also this gist shows how to set IP_OPTIONS before connect. We can use this approach with Yggdrasil or implement Proxy Protocol that Nginx, Apache etc do support. |
Or completely different single-binary SSH server implementation from GitLab; https://gitlab.com/gitlab-org/gitlab-shell/-/tree/main/internal/sshd |
what about socks proxy? If I'm not mistaken, the protocol describes the purpose (bind) of the TCP/IP port. but as I understand it, this is not implemented in yggstack. socks5 doesn't provide client ip either? and this might be more convenient than a command line argument. Is this necessary if the program cannot work through a proxy? |
From what I am reading about BIND SOCKS request, first the client sets primary SOCKS connection via CONNECT and then issues separate BIND request to make a second reverse tunnel. This is not equal to traditional bind/listen/accept used by server. I think adding configurable Proxy Protocol support is best here. And the non-proxy aware apps can be made proxy-aware with library injection. |
The downside of the proxy protocol is that it does not allow re-using the same port for proxied and non-proxied connections simultaneously:
|
I would like to somehow find out the IP of the connected node. As far as I understand, yggstack simply connects locally from 127.0.0.1 to the listening port. in this case, information about the address of the connected person is lost
The text was updated successfully, but these errors were encountered: