src/dst order wrong

Question

src/dst order wrong

rofl0r opened this issue 7 years ago · comments

trying to redirect ssh service to port 2222

usage text:

Usage: redir [-hinspv] [-b IP]  [-f TYPE] [-I NAME] [-l LEVEL] [-t SEC]
                       [-x STR] [-m BPS] [-o FLAG] [-w MSEC] [-z BYTES]
                       [SRC]:PORT [DST]:PORT

so src should come first, followed by dst, and the ips are optional

# redir :22 :2222
# echo $?
0
# pgrep redir
#

no output, success exit status, but nothing running.

next try:

# redir -n :22 :2222
redir[12124]: Failed binding server socket: Address in use
#

ah, that's better. at least we got a clue.

# redir -n :2222 :22

finally works, but the src and dst are reversed.

Joachim Wiberg · Answer 1 · Wed Aug 23 2017 13:47:05 GMT+0800 (China Standard Time)

So, if I read your report correctly you have an SSH daemon running on port 22. With redir you can take connections coming in (source) on port 2222 and redirect them to port 22 (destination for connections).

From my perspective the arguments are not reversed, although it can be a bit confusing to wrap your head around at first ...

rofl0r · Answer 2 · Wed Aug 23 2017 21:56:57 GMT+0800 (China Standard Time)

this program redirects ports. i.e. you redirect from 22 to 2222.
clearly if seen like that, the source is 22.
defining source and dest in terms of incoming connections is completely counter-intuitive (that's viewing the program from the outside instead from the inside).

maybe in order to avoid such possible misinterpration, the original redir used the terms
"cport (port to connect to) and lport (port to listen on)" - which makes it 100% clear what is meant.

so imo bests solution would be (in descending order):

switch meaning of src and dst as i suggested
rename src and dst into "to" and "from"
clarify in usage text prominently that SRC refers to the port that redir listens on, and DST the port it connects to

Joachim Wiberg · Answer 3 · Wed Aug 23 2017 22:15:00 GMT+0800 (China Standard Time)

I'm having a really hard time agreeing with you. Maybe because I didn't fully understand your original report. Could you please just calm down and start by describing your setup and discuss this for a bit?

In my remark above I'm assuming your SSH daemon already runs on port 22, in your last comment it seems to be instead running on port 2222, what is it?

Example:

To use a neutral example, here I assume a completely clean machine, no running SSH daemon or redir service:

  sshd -p 222
  redirect eth0:22 :222

Here we redirect incoming (SRC) requests on eth0 port 22 to (DST) port 222. Just like the first line of the description in the man page states.

rofl0r · Answer 4 · Wed Aug 23 2017 22:16:56 GMT+0800 (China Standard Time)

yes, i have ssh running on 22 (source) and want to redirect it to 2222 (dest).

rofl0r · Answer 5 · Wed Aug 23 2017 22:31:30 GMT+0800 (China Standard Time)

the motivation behind this is that i want to help this guy tinyproxy/tinyproxy#109 ...

Joachim Wiberg · Answer 6 · Wed Aug 23 2017 22:40:07 GMT+0800 (China Standard Time)

OK.

Well, since you are redirecting connections, and not the server, I still don't see your point in switching the meaning as you suggest. The source of the connection is not the ssh daemon.

redir clearly redirects inbound connections. The source of the client connection is port 2222 in your case, which should be redirected to the destination, 22 in your case.

Sure, the outside client connects to a destination port 2222, but that's beside the point. From the context of redir the source of the connection is the client and the destination is the actual service.

Joachim Wiberg · Answer 7 · Thu Aug 24 2017 00:28:40 GMT+0800 (China Standard Time)

Since it is evident we have very opposing views on this matter I am now closing this and propose you do all the changes you need in your own fork.

rofl0r · Answer 8 · Thu Aug 24 2017 00:38:12 GMT+0800 (China Standard Time)

don't you think you should at least document what SRC and DST actually are?
i'm certainly not the only one who is surprised about your interpretation.

Joachim Wiberg · Answer 9 · Thu Aug 24 2017 02:26:45 GMT+0800 (China Standard Time)

OK, this is my final entry in this saga.

Have you even read the man page? First sentence in the Description reads:

redir redirects TCP connections coming in on a local port, [SRC]:PORT, to a specified address/port combination, [DST]:PORT.

There is even a Bugs section which reads:

Command line syntax changed in v3.0. Compatibility with v2.x can be enabled using the --enable-compat configure option. This enables the following options: --laddr=ADDR --lport=PORT --caddr=ADDR --cport=PORT which in v3.0 were been replaced with [SRC]:PORT
and [DST]:PORT.

For full compatibility, using any of these options will implicitly also enable -n. There is currently no way to tell redir to background itself in this mode of operation.

So, I've really gone above and beyond to try to accommodate all users. Except those who don't bother to actually take the time to read the documentation but instead whack at the command line options until it sort of works and then bitch about it.