Le mardi 17 janvier 2017 à 9:20 +1100, Darren Tucker a écrit : > On Tue, Jan 17, 2017 at 1:30 AM, Romain Vimont <rom@xxxxxxxxx> wrote: > [...] > > As a consequence, in particular, a SOCKS5 server started with "ssh -D" > > cannot proxify UDP packets. > > > > Are there deep reasons why OpenSSH does not implement them (security, or > > whatever)? > > ssh -D accepts SOCKS CONNECT requests and maps them to SSH > "direct-tcpip" requests (see RFC4254 section 7.2). These are only > defined for TCP, there's no equivalent for UDP. Thank you for your answer. So if I understand correctly, making "ssh -D" create a "full" SOCKS5 server, including UDP relay¹, would require to add a new SSH request type (like "relay-udp")? Here is some context: I would like to provide a reverse tethering tool for Android that redirects all the packets to a SOCKS5 server. Since "ssh -D" is the simplest way to create a SOCKS5 server (and everyone has an ssh client), starting a reverse tethering would have been easy. Unfortunately, if UDP packets are not relayed, it does not work. An alternative would be to use a tun device on the host and forward the packets (what SimpleRT² does), but this requires root access on the host. Regards, ®om ¹ <https://tools.ietf.org/html/rfc1928#section-7> ² <https://github.com/vvviperrr/SimpleRT> _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
