mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Goldstein Lyor (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SSHD-800) SSHD port forwarding. Wrong SSH_MSG_CHANNEL_FAILURE
Date Thu, 01 Feb 2018 17:34:00 GMT

    [ https://issues.apache.org/jira/browse/SSHD-800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16348961#comment-16348961
] 

Goldstein Lyor commented on SSHD-800:
-------------------------------------

I am not comfortable with this hardwired change so let me suggest the following: let's make
it **configurable** with the default being what it is today:

{code:java}
public static final String SEND_REPLY_FOR_CHANNEL_DATA = "send-unknown-channel-data-reply";
public static final boolean DEFAULT_SEND_REPLY_FOR_CHANNEL_DATA = true;

case SshConstants.SSH_MSG_CHANNEL_EXTENDED_DATA:
    // Not sure if entirely compliant with RFC4254, but try to stem the flood
    wantReply = PropertyResolverUtils.getBooleanProperty(session, SEND_REPLY_FOR_CHANNEL_DATA
, DEFAULT_SEND_REPLY_FOR_CHANNEL_DATA);
    break;
{code}

And then in your server setup simply use:

{code:java}

SshServer sshd = ...setup server...
PropertyResolverUtils.updateProperty(sshd, DefaultUnknownChannelReferenceHandler.SEND_REPLY_FOR_CHANNEL_DATA
, false);
{code}


> SSHD port forwarding. Wrong SSH_MSG_CHANNEL_FAILURE
> ---------------------------------------------------
>
>                 Key: SSHD-800
>                 URL: https://issues.apache.org/jira/browse/SSHD-800
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 1.7.0
>            Reporter: Fulvio Cavarretta
>            Priority: Critical
>
> Hi in case the SSHD server receives a message for a not existing channel, it sends back
a _SSH_MSG_CHANNEL_FAILURE_.
> This behaviour is not described in RFC4254, which, I agree, is unclear about what should
be do in this case.
> Since the current SSHD implementation send back a _SSH_MSG_CHANNEL_FAILURE_ message
(with the local channel id), in our environment, it put the receipient in an inconsistent
state. 
> In out enviroment happened that the receipient has sent a _SSH_MSG_CHANNEL_DATA_ while SSHD
had already closed the channel.
> I fully agree that this should not happen (I will open another issue about this) but
the _SSH_MSG_CHANNEL_FAILURE_ further complicates things.
>  
> The problem can be overcome modifying line 78 of _org.apache.sshd.common.session.helpers.DefaultUnknownChannelReferenceHandler_
>  
> letting
> {code:java}
> case SshConstants.SSH_MSG_CHANNEL_EXTENDED_DATA:
> // Not sure if entirely compliant with RFC4254, but try to stem the flood	
> wantReply = false;
> break;
> default: // do nothing{code}
>  
> instead of
>  
> {code:java}
> case SshConstants.SSH_MSG_CHANNEL_EXTENDED_DATA:
> // Not sure if entirely compliant with RFC4254, but try to stem the flood	
> wantReply = true;
> break;
> default: // do nothing{code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message