Fix remote port forwarding reporting wrong hostname #48831
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This pull request is automatically being deployed by Amplify Hosting (learn more). |
Joerger
approved these changes
Nov 12, 2024
rosstimothy
reviewed
Nov 13, 2024
lib/srv/regular/sshserver_test.go
Outdated
| // Dial the test server over the SSH connection. | ||
| ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) | ||
| t.Cleanup(cancel) | ||
| req, err := http.NewRequestWithContext(ctx, http.MethodGet, ts.URL, &bytes.Buffer{}) |
There was a problem hiding this comment.
Suggested change
| req, err := http.NewRequestWithContext(ctx, http.MethodGet, ts.URL, &bytes.Buffer{}) | |
| req, err := http.NewRequestWithContext(ctx, http.MethodGet, ts.URL, nil) |
lib/srv/regular/sshserver_test.go
Outdated
Comment on lines
752
to
753
| client := &http.Client{} | ||
| resp, err := client.Do(req) |
There was a problem hiding this comment.
Suggested change
| client := &http.Client{} | |
| resp, err := client.Do(req) | |
| resp, err := ts.Client().Do(req) |
lib/srv/regular/sshserver.go
Outdated
| @@ -2194,8 +2194,17 @@ func (s *Server) handleTCPIPForwardRequest(ctx context.Context, ccx *sshutils.Co | |||
| return trace.Wrap(err) | |||
| } | |||
|
|
|||
| // Set the src addr again since it may have been updated with a new port. | |||
| scx.SrcAddr = listener.Addr().String() | |||
| // Update the src addr port. | |||
There was a problem hiding this comment.
Suggestion: expand this comment to include why this needs to happen.
eriktate
approved these changes
Nov 13, 2024
rosstimothy
approved these changes
Nov 14, 2024
public-teleport-github-review-bot
bot
removed the request for review
from zmb3
This change fixes a bug in remote port forwarding where Teleport reports the hostname from the created remote listener, rather than the hostname requested in the tcpip-forward request.
atburke
force-pushed
the
atburke/rpf-addr-fix
branch
from
66dbb95 to
ba6abfe
Compare
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
This was referenced Nov 14, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change fixes a bug in remote port forwarding where Teleport reports the hostname from the created remote listener, rather than the hostname requested in the
tcpip-forwardrequest. In particular, clients that request a listener atlocalhostwould eventually receive aforwarded-tcpipchannel request from127.0.0.1, which the client would not be able to map to the listener it requested.Fixes #48254.
Changelog: Fixed OpenSSH remote port forwarding not working for localhost