alkdev/wraith
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d6a49a07d74f38204c637205dabbf51de709ff82
wraith/tasks/client/port-forwarding.md

2.1 KiB
Raw Blame History

id, name, status, depends_on, scope, risk, impact, level
id name status depends_on scope risk impact level
client/port-forwarding Implement port forwarding — local (-L) and remote (-R) forwards pending
auth/client-auth-handler
transport/trait-and-types
auth/error-types
moderate medium component implementation

Description

Implement SSH port forwarding per client.md:

Local port forwards (-L local_addr:local_port:remote_host:remote_port):

  1. Bind TcpListener on local_addr:local_port
  2. For each accepted connection, open channel_open_direct_tcpip(remote_host, remote_port, ...)
  3. Proxy bytes bidirectionally via copy_bidirectional

Remote port forwards (-R remote_addr:remote_port:local_host:local_port):

  1. Send tcpip_forward(remote_addr, remote_port) to request the server listen on a port
  2. When the handler receives server_channel_open_forwarded_tcpip, connect to local_host:local_port
  3. Proxy bytes bidirectionally

Both types are specified as repeatable --forward / --remote-forward CLI options.

Acceptance Criteria

  • crates/wraith-core/src/client/forward.rs exports PortForwardSpec, LocalForwarder, RemoteForwarder
  • PortForwardSpec parses -L / -R spec strings: local_addr:local_port:remote_host:remote_port
  • LocalForwarder binds TcpListener, accepts connections, opens SSH direct-tcpip channel for each, proxies bidirectionally
  • RemoteForwarder sends tcpip_forward request, handles forwarded-tcpip channel opens, connects to local target, proxies bidirectionally
  • Both forwarders handle their accept loops concurrently with the SOCKS5 server
  • Connection errors close the individual channel without affecting other forwards or the SSH session
  • Port forward listeners are re-registered after SSH reconnection (depends on channel-manager)
  • Unit tests: spec parsing, local forward proxy, remote forward request handling

References

  • docs/architecture/client.md — Port Forwarding section
  • docs/architecture/decisions/005-socks5-before-tun.md — port forwarding as optional complement to SOCKS5

Notes

To be filled by implementation agent

Summary

To be filled on completion

Reference in New Issue View Git Blame Copy Permalink