用于端口转发的 libssh2 示例代码

Posted 2023-02-25

【中文标题】用于端口转发的 libssh2 示例代码

【英文标题】：Example code of libssh2 being used for port forwarding

【发布时间】：2010-12-07 12:50:33

【问题描述】：

我正在寻找如何使用libssh2 设置 ssh 端口转发的示例。我查看了 API，但在端口转发领域的文档很少。

例如，当使用 PuTTY 的 plink 时，有要监听的远程端口，还有应该发送流量的本地端口。设置它是开发人员的责任吗？有人可以举例说明如何做到这一点吗？

此外，将远程端口连接到本地端口的示例也很有用。我使用libssh2_channel_direct_tcpip_ex() 吗？

如果需要的话，我愿意提供赏金来获得几个这样的工作示例。

【参考方案1】：

使 libssh2 端口转发工作的关键是发现它基本上只是为您提供进入该端口的数据。您必须将数据实际发送到您打开的本地端口：

（请注意，此代码尚未完成，没有错误检查，线程屈服也不正确，但它给出了如何完成此操作的大致轮廓。）

void reverse_port_forward(CMainDlg* dlg, addrinfo * hubaddr, std::string username, std::string password, int port)

  int iretval;
  unsigned long mode = 1;
  int last_socket_err = 0;
  int other_port = 0;
  fd_set read_set, write_set;

  SOCKET sshsock = socket(AF_INET, SOCK_STREAM, 0);
  iretval = connect(sshsock, hubaddr->ai_addr, hubaddr->ai_addrlen);
  if (iretval != 0)
    ::PostQuitMessage(0);

  LIBSSH2_SESSION * session = NULL;
  session = libssh2_session_init();

  iretval = libssh2_session_startup(session, sshsock);
  if (iretval)
    ::PostQuitMessage(0);

  iretval = libssh2_userauth_password(session, username.c_str(), password.c_str());

  dlg->m_track_status(dlg, 1, 0, "Authorized");

  LIBSSH2_LISTENER* listener = NULL;
  listener = libssh2_channel_forward_listen_ex(session, "127.0.0.1", port, &other_port, 1);
  if (!listener)
    ::PostQuitMessage(0);

  LIBSSH2_CHANNEL* channel = NULL;

  ioctlsocket(sshsock, FIONBIO, &mode);
  libssh2_session_set_blocking(session, 0); // non-blocking
  int err = LIBSSH2_ERROR_EAGAIN;
  while (err == LIBSSH2_ERROR_EAGAIN)
  
    channel = libssh2_channel_forward_accept(listener);
    if (channel) break;
    err = libssh2_session_last_errno(session);
    boost::this_thread::yield();
  

  if (channel)
  
    char buf[MAX_BUF_LEN];
    char* chunk;
    long bytes_read = 0;
    long bytes_written = 0;
    int total_set = 0;
    timeval wait;
    wait.tv_sec = 0;
    wait.tv_usec = 2000;

    sockaddr_in localhost;
    localhost.sin_family = AF_INET;
    localhost.sin_addr.s_addr = inet_addr("127.0.0.1");
    localhost.sin_port = htons(5900);
    SOCKET local_sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    ioctlsocket(local_sock, FIONBIO, &mode);
    iretval = connect(local_sock, (sockaddr*) &localhost, sizeof(localhost) );
    if (iretval == SOCKET_ERROR)
      iretval = WSAGetLastError();

    while (1)
    
      bytes_read = libssh2_channel_read(channel, buf, MAX_BUF_LEN);
      if (bytes_read >= 0)
        FD_ZERO(&read_set);
        FD_ZERO(&write_set);
        FD_SET(local_sock, &write_set);

        // wait until the socket can be written to
        while (select(0, &read_set, &write_set, NULL, &wait) < 1)
          boost::this_thread::yield();

        if (FD_ISSET(local_sock, &write_set))
        
          FD_CLR(local_sock, &write_set);
          chunk = buf;

          // everything may not get written in this call because we're non blocking.  So
          // keep writing more data until we've emptied the buffer pointer.
          while ((bytes_written = send(local_sock, chunk, bytes_read, 0)) < bytes_read)
          
            // if it couldn't write anything because the buffer is full, bytes_written
            // will be negative which won't help our pointer math much
            if (bytes_written > 0)
            
              chunk = buf + bytes_written;
              bytes_read -= bytes_written;
              if (bytes_read == 0)
                break;
            
            FD_ZERO(&read_set);
            FD_ZERO(&write_set);
            FD_SET(local_sock, &write_set);

            // wait until the socket can be written to
            while (select(0, &read_set, &write_set, NULL, &wait) < 1)
              boost::this_thread::yield();
          

        
      

      FD_ZERO(&read_set);
      FD_ZERO(&write_set);
      FD_SET(local_sock, &read_set);
      select(0, &read_set, &write_set, NULL, &wait);
      if (FD_ISSET(local_sock, &read_set))
      
        FD_CLR(local_sock, &read_set);
        bytes_read = recv(local_sock, buf, MAX_BUF_LEN, 0);
        if (bytes_read >= 0)
        
          while ((bytes_written = libssh2_channel_write_ex(channel, 0, buf, bytes_read)) == LIBSSH2_ERROR_EAGAIN)
            boost::this_thread::yield();
        
      
      boost::this_thread::yield();
     // while
   // if channel

附：要完成这项工作，需要最新的 SVN 版本的 libssh2。以前的版本中存在导致端口转发无法使用的错误。

【讨论】：

他似乎在要求一个端口转发，但你的函数显然标题为“reverse_port_forward”。此示例代码是将本地端口带到服务器端口，还是将服务器端口带到本地端口？

【参考方案2】：

libssh2 源代码包括几年前的一个 direct_tcpip.c 示例，该示例演示如何创建 direct-tcpip SSH 通道，以及自上周以来的一个 forward-tcpip.c 示例，该示例演示如何创建 forward-tcpip SSH 通道。

direct-tcpip 是 ssh -L 使用的，forward-tcpip 是 ssh -R 使用的。

处理实际数据始终是 libssh2 用户的责任。 libssh2 只负责 SSH 通道，仅此而已。您可以从研究 SSH RFC（尤其是 RFC 4254）中受益匪浅，了解更多关于每种通道类型对您的承诺以及您对 libssh2 的期望。