alkdev/alknet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8eb687afc0402cf672935c7c329c1556b11c4c23
alknet/tasks/client/port-forwarding.md
glm-5.1 5c820a41e9 tasks: decompose Phase 0a ADR foundation and mark prior tasks completed 
Add 10 new tasks under tasks/architecture/ for Phase 0a (ADR writing):
- 9 ADR tasks (026-034) with dependency-ordered structure
- 1 review checkpoint task before Phase 0b spec writing

ADR dependency graph (3 generations):
  Gen 1 (parallel): 026, 029, 030, 031, 032, 034
  Gen 2 (depends on 029): 027, 028
  Gen 3 (depends on 027+028): 033
  Gen 4: review checkpoint

Also mark all 34 prior implementation tasks as completed — they
were finished but still showing as pending in the taskgraph.
2026-06-07 08:55:33 +00:00

2.1 KiB
Raw Blame History

id, name, status, depends_on, scope, risk, impact, level
id name status depends_on scope risk impact level
client/port-forwarding Implement port forwarding — local (-L) and remote (-R) forwards completed
auth/client-auth-handler
transport/trait-and-types
auth/error-types
moderate medium component implementation

Description

Implement SSH port forwarding per client.md:

Local port forwards (-L local_addr:local_port:remote_host:remote_port):

  1. Bind TcpListener on local_addr:local_port
  2. For each accepted connection, open channel_open_direct_tcpip(remote_host, remote_port, ...)
  3. Proxy bytes bidirectionally via copy_bidirectional

Remote port forwards (-R remote_addr:remote_port:local_host:local_port):

  1. Send tcpip_forward(remote_addr, remote_port) to request the server listen on a port
  2. When the handler receives server_channel_open_forwarded_tcpip, connect to local_host:local_port
  3. Proxy bytes bidirectionally

Both types are specified as repeatable --forward / --remote-forward CLI options.

Acceptance Criteria

  • crates/alknet-core/src/client/forward.rs exports PortForwardSpec, LocalForwarder, RemoteForwarder
  • PortForwardSpec parses -L / -R spec strings: local_addr:local_port:remote_host:remote_port
  • LocalForwarder binds TcpListener, accepts connections, opens SSH direct-tcpip channel for each, proxies bidirectionally
  • RemoteForwarder sends tcpip_forward request, handles forwarded-tcpip channel opens, connects to local target, proxies bidirectionally
  • Both forwarders handle their accept loops concurrently with the SOCKS5 server
  • Connection errors close the individual channel without affecting other forwards or the SSH session
  • Port forward listeners are re-registered after SSH reconnection (depends on channel-manager)
  • Unit tests: spec parsing, local forward proxy, remote forward request handling

References

  • docs/architecture/client.md — Port Forwarding section
  • docs/architecture/decisions/005-socks5-before-tun.md — port forwarding as optional complement to SOCKS5

Notes

To be filled by implementation agent

Summary

To be filled on completion

Reference in New Issue View Git Blame Copy Permalink