Open fasmide opened 1 month ago
Big ➕1 on this one... I have an HTTP reverse proxy (i.e. httputil.ReverseProxy
) behind an SSH tunnel. Can't do WebSockets over that because the ssh Conn does not support deadlines....
It seems to me like adding setting/checking deadlines to the SSH channel objects (i.e. here) wouldn't be too hard?
Change https://go.dev/cl/562756 mentions this issue: ssh: add deadlines support for channels
Go version
go version go1.22.2 linux/amd64
Output of
go env
in your module/workspace:What did you do?
I was trying to have a web server forwarded through an SSH tunnel - I've made an example of this bug in fasmide/the-thing-about-websockets-and-ssh-tunnels
This all works out really well until web sockets are introduced.
This is because the http.response, which does Hijacking, tries to set its net.Conn's deadline to the past to have it unblock its current Read() - but x/crypto/ssh's implementation of net.Conn does not support this.
Furthermore, the http.response does not do any error checking when setting the deadline - so effectively the conn locks up without any indication to anyone about whats going on.
What did you see happen?
Using the example, one should find that using a local net.Listener — everything is fine; however, forwarding the listener through SSH tunnel's, the browser (both Chrome and Firefox) hangs indefinitely trying to connect.
Example of a working local listener:
When opening the webpage, look in the debugger for messages:![image](https://github.com/golang/go/assets/1194937/af1fc215-a345-4015-baaa-116a84466814)
Example of a broken forwarded listener:
Now, when opening the same webpage, the websocket is stuck in![image](https://github.com/golang/go/assets/1194937/03447de5-166c-449c-b98b-8f79587b482d)
(pending)
:What did you expect to see?
I did not expect there to be any differences :)
I don't know if this bug is in net/http or x/crypto/ssh - but given that HTTP hijack'ing usually returns an error if it is unable to hijack a connection, I would imagine some error checking is to be expected in net/http when SetReadDeadline returns an error