Balazs Scheidler <[EMAIL PROTECTED]> writes:
> Attached you'll find my latest proxy patches along with some flow control
> modifications. I'm afraid they are a bit ugly, suggestions, improvements
> welcome. (My changes are: sent method in ssh_connection,
> connection_flow_control class in channel.c)
I'm sorry I haven't had much time to read your code lately. But I'll
try to look into it some evening.
> My proxy is now able to proxy X11, agent, TCP and session channels with
> password authentication. Each of these can be disabled, so firewalls may
> make use of this feature. (enabling telnet-like access, but disabling TCP
> forwarding is quite useful)
Sounds cool.
> As it seems I've found yet another ssh2 bug (yasb), now with flow control.
> Sometimes it sends packets even if they are over the incoming window size.
> When running netscape over the proxied X11 channel messages like these are
> generated:
>
> Channel data overflow. Extra data ignored (data->length=1024, rec_window_size=216).
> Channel data overflow. Extra data ignored (data->length=68, rec_window_size=0).
That's bad... I think we're getting to the point were
bug-compatibility needs to be configurable. I think we'd need at least
three levels,
x Strict. Try to follow the spec by the letter.
� Default. Enable some of the workarounds that seems safe.
� Tolerant. Allow as many deviations for the spec as feasible.
FYI, I've been spending some time looking into builtin rsync-style
file transfers. And I'm also hacking on support for remote command
execution (which will let you use cvs and rsync to machines on which
you have a real account).
Builtin rsync support is mostly orthogonal to using the rsync program
over lsh. It could be useful for delegation of limited access to some
spki names or principals.
/Niels
