Le mardi 17 janvier 2017 ? 9:20 +1100, Darren Tucker a ?crit
:> On Tue, Jan 17, 2017 at 1:30 AM, Romain Vimont <rom at rom1v.com>
wrote:
> [...]
> > As a consequence, in particular, a SOCKS5 server started with
"ssh -D"
> > cannot proxify UDP packets.
> >
> > Are there deep reasons why OpenSSH does not implement them (security,
or
> > whatever)?
>
> ssh -D accepts SOCKS CONNECT requests and maps them to SSH
> "direct-tcpip" requests (see RFC4254 section 7.2). These are
only
> defined for TCP, there's no equivalent for UDP.
Thank you for your answer.
So if I understand correctly, making "ssh -D" create a
"full" SOCKS5
server, including UDP relay?, would require to add a new SSH request
type (like "relay-udp")?
Here is some context: I would like to provide a reverse tethering tool
for Android that redirects all the packets to a SOCKS5 server. Since
"ssh -D" is the simplest way to create a SOCKS5 server (and everyone
has
an ssh client), starting a reverse tethering would have been easy.
Unfortunately, if UDP packets are not relayed, it does not work.
An alternative would be to use a tun device on the host and forward the
packets (what SimpleRT? does), but this requires root access on the
host.
Regards,
?om
? <https://tools.ietf.org/html/rfc1928#section-7>
? <https://github.com/vvviperrr/SimpleRT>