Implement server channel proxy: direct, SOCKS5, and HTTP CONNECT outbound connections

- Add channel_proxy.rs with connect_outbound() supporting Direct, Socks5, and HttpConnect proxy modes - Implement proxy_channel() with bidirectional copy between SSH channel and outbound TCP - Channel errors close individual channels without affecting SSH session (ADR-006) - Remove destination logging from handler to comply with ADR-006 - Add ForwardError to error.rs (was missing, needed by forward.rs) - Fix TcpListener type annotation in forward.rs - Add 11 unit tests: direct, SOCKS5 handshake, HTTP CONNECT, proxy rejection, unreachable targets
2026-06-02 11:24:32 +00:00
parent 992d478630
commit 49fe2b699f
5 changed files with 618 additions and 17 deletions
--- a/crates/wraith-core/src/error.rs
+++ b/crates/wraith-core/src/error.rs
@@ -60,6 +60,27 @@ pub enum ConfigError {
    IncompatibleOptions,
 }

+#[derive(Debug, thiserror::Error)]
+pub enum ForwardError {
+    #[error("invalid port forward spec: {spec}")]
+    InvalidSpec { spec: String },
+    #[error("bind failed")]
+    BindFailed {
+        #[source]
+        source: io::Error,
+    },
+    #[error("channel open failed")]
+    ChannelOpenFailed {
+        #[source]
+        source: Box<dyn std::error::Error + Send + Sync>,
+    },
+    #[error("connect to local target failed")]
+    LocalConnectFailed {
+        #[source]
+        source: io::Error,
+    },
+}
+
 #[cfg(test)]
 mod tests {
    use super::*;
@@ -150,4 +171,36 @@ mod tests {
        let plain = AuthError::KeyRejected;
        assert!(plain.source().is_none());
    }
+
+    #[test]
+    fn forward_error_display() {
+        assert_eq!(
+            ForwardError::InvalidSpec { spec: "bad".to_string() }.to_string(),
+            "invalid port forward spec: bad"
+        );
+        assert_eq!(
+            ForwardError::BindFailed {
+                source: io::Error::new(io::ErrorKind::AddrInUse, "in use")
+            }
+            .to_string(),
+            "bind failed"
+        );
+        assert_eq!(
+            ForwardError::LocalConnectFailed {
+                source: io::Error::new(io::ErrorKind::ConnectionRefused, "refused")
+            }
+            .to_string(),
+            "connect to local target failed"
+        );
+    }
+
+    #[test]
+    fn forward_error_source_chaining() {
+        let io_err = io::Error::new(io::ErrorKind::AddrInUse, "in use");
+        let forward_err = ForwardError::BindFailed { source: io_err };
+        assert!(forward_err.source().is_some());
+
+        let plain = ForwardError::InvalidSpec { spec: "bad".to_string() };
+        assert!(plain.source().is_none());
+    }
 }