feat(cli): implement ssh remote forward #8515
Remote forward
- Loading branch information
commit 9f5e5003be7994a756286a792cbf381b5af96094
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,104 @@ | ||
| package cli | ||
|
|
||
| import ( | ||
| "context" | ||
| "fmt" | ||
| "io" | ||
| "net" | ||
| "regexp" | ||
| "strconv" | ||
|
|
||
| gossh "golang.org/x/crypto/ssh" | ||
| "golang.org/x/xerrors" | ||
|
|
||
| "github.com/coder/coder/agent/agentssh" | ||
| ) | ||
|
|
||
| // cookieAddr is a special net.Addr accepted by sshRemoteForward() which includes a | ||
| // cookie which is written to the connection before forwarding. | ||
| type cookieAddr struct { | ||
| net.Addr | ||
| cookie []byte | ||
| } | ||
|
|
||
| var remoteForwardRegex = regexp.MustCompile(`^(\d+):(.+):(\d+)$`) | ||
|
|
||
| func validateRemoteForward(flag string) bool { | ||
| return remoteForwardRegex.MatchString(flag) | ||
| } | ||
mtojek marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| func parseRemoteForward(flag string) (net.Addr, net.Addr, error) { | ||
| matches := remoteForwardRegex.FindStringSubmatch(flag) | ||
|
|
||
| // Format: | ||
| // remote_port:local_address:local_port | ||
| remotePort, err := strconv.Atoi(matches[1]) | ||
| if err != nil { | ||
| return nil, nil, xerrors.Errorf("remote port is invalid: %w", err) | ||
| } | ||
| localAddress, err := net.ResolveIPAddr("ip", matches[2]) | ||
| if err != nil { | ||
| return nil, nil, xerrors.Errorf("local address is invalid: %w", err) | ||
| } | ||
| localPort, err := strconv.Atoi(matches[3]) | ||
| if err != nil { | ||
| return nil, nil, xerrors.Errorf("local port is invalid: %w", err) | ||
| } | ||
|
|
||
| localAddr := &net.TCPAddr{ | ||
| IP: localAddress.IP, | ||
| Port: localPort, | ||
| } | ||
|
|
||
| remoteAddr := &net.TCPAddr{ | ||
| IP: net.ParseIP("127.0.0.1"), | ||
| Port: remotePort, | ||
| } | ||
| return localAddr, remoteAddr, nil | ||
| } | ||
|
|
||
| // sshRemoteForward starts forwarding connections from a remote listener to a | ||
| // local address via SSH in a goroutine. | ||
| // | ||
| // Accepts a `cookieAddr` as the local address. | ||
| func sshRemoteForward(ctx context.Context, stderr io.Writer, sshClient *gossh.Client, localAddr, remoteAddr net.Addr) (io.Closer, error) { | ||
|
There was a problem hiding this comment. for reviewers: moved from |
||
| listener, err := sshClient.Listen(remoteAddr.Network(), remoteAddr.String()) | ||
| if err != nil { | ||
| return nil, xerrors.Errorf("listen on remote SSH address %s: %w", remoteAddr.String(), err) | ||
| } | ||
|
|
||
| go func() { | ||
| for { | ||
| remoteConn, err := listener.Accept() | ||
| if err != nil { | ||
| if ctx.Err() == nil { | ||
| _, _ = fmt.Fprintf(stderr, "Accept SSH listener connection: %+v\n", err) | ||
| } | ||
| return | ||
| } | ||
|
|
||
| go func() { | ||
| defer remoteConn.Close() | ||
|
|
||
| localConn, err := net.Dial(localAddr.Network(), localAddr.String()) | ||
| if err != nil { | ||
| _, _ = fmt.Fprintf(stderr, "Dial local address %s: %+v\n", localAddr.String(), err) | ||
| return | ||
| } | ||
| defer localConn.Close() | ||
|
|
||
| if c, ok := localAddr.(cookieAddr); ok { | ||
| _, err = localConn.Write(c.cookie) | ||
| if err != nil { | ||
| _, _ = fmt.Fprintf(stderr, "Write cookie to local connection: %+v\n", err) | ||
| return | ||
| } | ||
| } | ||
|
|
||
| agentssh.Bicopy(ctx, localConn, remoteConn) | ||
| }() | ||
| } | ||
| }() | ||
|
|
||
| return listener, nil | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: add a comment to clarify what this should match
This could also be done with a simple
strings.Split()There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Right, but with regexp we can check if ports are numbers :)