francoismichel
Reverse port forwarding implementation
The reverse port forwarding feature provides a proxy for service within reach of the machine executing the SSH3 client, which is deployed into the SSH3 server machine. This allows any incoming communication request arriving at the proxy deployed on the SSH3 server to be forwarded to the SSH3 client.
In this implementation, the SSH3 client generates a request to the server to open a new channel through RequestTCPReverseChannel() and includes in the additional bytes the information regarding reverse port forwarding. Then, the server listens to the defined socket and waits for incoming connections. Once they occur, the server opens a new channel through OpenTCPReverseForwardingChannel(), which is used to forward the communications back to the client to act as a reverse proxy.
Thanks for the PR ! Reverse port forwarding is a feature I would love to add indeed.
Would you mind adding unit tests that verify the correct behaviour of the feature ?
There are already a few tests for TCP/UDP classical port forwarding in integration_tests/ssh3_test.go. Adding a few for reserve forwarding would help us ensuring it works well and avoid regression when implementing new features.
Thanks !
Sure! I have included the tests in this pull already. To implement the tests, I used your testTCPPortForwarding function for the reverse testing to make both direct and reverse tests on the same "TCP port forwarding" context. This works because the SSH3 client and the server are in the same container during the testing process.
The reverse port forwarding for UDP still needs to be implemented, but I intend to work on that as well.
The SSH3 reverse port forwarding feature now supports UDP traffic by deploying a UDP proxy on the SSH3 server for a UDP service reachable by the SSH3 client. This allows any incoming UDP datagram arriving at the proxy on the SSH3 server to be forwarded to the SSH3 client’s UDP service (and its responses sent back), effectively extending reverse port forwarding to UDP-based services.
In this implementation, the SSH3 client initiates the reverse UDP forwarding by sending a request to open a new channel via RequestUDPReverseChannel(), including in the additional bytes the information (UDP addresses/port) for the reverse forwarding. The SSH3 server then listens on the specified UDP socket and waits for incoming datagrams. When a datagram arrives (from some source), the server opens a new channel through OpenUDPReverseForwardingChannel(), which is used to forward the UDP communication back to the client, acting as a reverse proxy. The server continues to relay any further UDP packets from that source through the channel, while also listening for datagrams from the client on the channel (via the datagram API) to send back out to the UDP socket.
On the client side, when the server opens the reverse-UDP channel (identified by type "open-request-reverse-udp"), the client connects to the target UDP service (using DialUDP) and starts forwarding datagrams in both directions: incoming channel datagrams are written to the local UDP service, and any replies are sent back over the channel (SendDatagram). This end-to-end flow enables reverse port forwarding for UDP, similarly to how it works for TCP, allowing external UDP clients to communicate with the UDP service accessible to the SSH3 client through the SSH3 server.
@jdhozdiego Hi, the reverse UDP forwarding doesn't seem to work.
Example: (forwarding local udp port 1053 to remote 5053)
ssh3 -reverse-udp 5053/127.0.0.1@1053/127.0.0.1 user@host
For testing ncat is used to listen on UDP (ncat -v -u -l 127.0.0.1 1053) and on the remote, echo -e 'hello\nworld\n123' | ncat -uv 127.0.0.1 5053 used to send the data.
After the first packet is sent, this error is logged by ssh3, and data could not be sent through again.
ERR could not add datagram to conv id 0: Channel not found: 1
Testing with real UDP protocols such as DNS reveals similar issues.
It looks like the integration tests doesn't past on linux either for port forwarding: https://github.com/h4sh5/ssh3/actions/runs/18700814455/job/53328947370
Running Suite: Integration Test Suite - /home/runner/work/ssh3/ssh3/integration_tests
=====================================================================================
Random Seed: 1761090382
Will run 18 of 18 specs
•••••••••
------------------------------
• [FAILED] [1.212 seconds]
Testing the ssh3 cli With running server Insecure Client behaviour TCP port forwarding [It] works with small messages
/home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:369
Timeline >>
{"level":"info","time":"2025-10-21T23:46:42Z","message":"plugin privkey_auth successfully registered"}
{"level":"info","time":"2025-10-21T23:46:42Z","message":"plugin pubkey_auth successfully registered"}
{"level":"debug","time":"2025-10-21T23:46:42Z","message":"Adding plugin-provided CLI arg: \"privkey\""}
{"level":"debug","time":"2025-10-21T23:46:42Z","message":"Adding plugin-provided CLI arg: \"pubkey-for-agent\""}
11:46PM DBG version francoismichel/ssh3 0.1.7
panic: runtime error: index out of range [1] with length 1
goroutine 1 [running]:
github.com/francoismichel/ssh3/cmd.parseAddrPort({0x7ffef0ffcc35?, 0x1?})
/home/runner/work/ssh3/ssh3/cmd/ssh3.go:224 +0x5fa
github.com/francoismichel/ssh3/cmd.ClientMain()
/home/runner/work/ssh3/ssh3/cmd/ssh3.go:478 +0xebc
main.main()
/home/runner/work/ssh3/ssh3/cmd/ssh3/main.go:12 +0x13
[FAILED] in [It] - /home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:342 @ 10/21/25 23:46:43.971
<< Timeline
[FAILED] Timed out after 1.001s.
Unexpected error:
<*net.OpError | 0xc00030c4b0>:
dial tcp 127.0.0.1:8080: connect: connection refused
{
Op: "dial",
Net: "tcp",
Source: nil,
Addr: <*net.TCPAddr | 0xc00030acf0>{
IP: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 127, 0, 0, 1],
Port: 8080,
Zone: "",
},
Err: <*os.SyscallError | 0xc00029e8c0>{
Syscall: "connect",
Err: <syscall.Errno>0x6f,
},
}
occurred
In [It] at: /home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:342 @ 10/21/25 23:46:43.971
------------------------------
• [FAILED] [0.221 seconds]
Testing the ssh3 cli With running server Insecure Client behaviour TCP port forwarding [It] works through proxy jump
/home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:374
[FAILED] Unexpected error:
<*net.OpError | 0xc000557860>:
listen tcp 127.0.0.1:9090: bind: address already in use
{
Op: "listen",
Net: "tcp",
Source: nil,
Addr: <*net.TCPAddr | 0xc0003b1830>{
IP: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 127, 0, 0, 1],
Port: 9090,
Zone: "",
},
Err: <*os.SyscallError | 0xc0003d4bc0>{
Syscall: "bind",
Err: <syscall.Errno>0x62,
},
}
occurred
In [It] at: /home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:294 @ 10/21/25 23:46:44.193
------------------------------
• [FAILED] [0.221 seconds]
Testing the ssh3 cli With running server Insecure Client behaviour TCP port forwarding [It] works with messages larger than a typical MTU
/home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:379
[FAILED] Unexpected error:
<*net.OpError | 0xc00030cc30>:
listen tcp 127.0.0.1:9090: bind: address already in use
{
Op: "listen",
Net: "tcp",
Source: nil,
Addr: <*net.TCPAddr | 0xc00030aff0>{
IP: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 127, 0, 0, 1],
Port: 9090,
Zone: "",
},
Err: <*os.SyscallError | 0xc00029eaa0>{
Syscall: "bind",
Err: <syscall.Errno>0x62,
},
}
occurred
In [It] at: /home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:294 @ 10/21/25 23:46:44.414
------------------------------
• [FAILED] [1.212 seconds]
Testing the ssh3 cli With running server Insecure Client behaviour TCP port forwarding [It] works with IPv6 addresses
/home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:393
Timeline >>
{"level":"info","time":"2025-10-21T23:46:44Z","message":"plugin privkey_auth successfully registered"}
{"level":"info","time":"2025-10-21T23:46:44Z","message":"plugin pubkey_auth successfully registered"}
{"level":"debug","time":"2025-10-21T23:46:44Z","message":"Adding plugin-provided CLI arg: \"privkey\""}
{"level":"debug","time":"2025-10-21T23:46:44Z","message":"Adding plugin-provided CLI arg: \"pubkey-for-agent\""}
11:46PM DBG version francoismichel/ssh3 0.1.7
panic: runtime error: index out of range [1] with length 1
goroutine 1 [running]:
github.com/francoismichel/ssh3/cmd.parseAddrPort({0x7ffee2b6cc3b?, 0x1?})
/home/runner/work/ssh3/ssh3/cmd/ssh3.go:224 +0x5fa
github.com/francoismichel/ssh3/cmd.ClientMain()
/home/runner/work/ssh3/ssh3/cmd/ssh3.go:478 +0xebc
main.main()
/home/runner/work/ssh3/ssh3/cmd/ssh3/main.go:12 +0x13
[FAILED] in [It] - /home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:342 @ 10/21/25 23:46:45.626
<< Timeline
[FAILED] Timed out after 1.001s.
Unexpected error:
<*net.OpError | 0xc00030dea0>:
dial tcp [::1]:8082: connect: connection refused
{
Op: "dial",
Net: "tcp",
Source: nil,
Addr: <*net.TCPAddr | 0xc00030b1d0>{
IP: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1],
Port: 8082,
Zone: "",
},
Err: <*os.SyscallError | 0xc00029e840>{
Syscall: "connect",
Err: <syscall.Errno>0x6f,
},
}
occurred
In [It] at: /home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:342 @ 10/21/25 23:46:45.626
------------------------------
• [FAILED] [2.211 seconds]
Testing the ssh3 cli With running server Insecure UDP port forwarding [It] works with small messages
/home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:487
Timeline >>
{"level":"info","time":"2025-10-21T23:46:45Z","message":"plugin privkey_auth successfully registered"}
{"level":"info","time":"2025-10-21T23:46:45Z","message":"plugin pubkey_auth successfully registered"}
{"level":"debug","time":"2025-10-21T23:46:45Z","message":"Adding plugin-provided CLI arg: \"privkey\""}
{"level":"debug","time":"2025-10-21T23:46:45Z","message":"Adding plugin-provided CLI arg: \"pubkey-for-agent\""}
11:46PM DBG version francoismichel/ssh3 0.1.7
11:46PM DBG no OIDC config file specified, use default file: /root/.ssh3/oidc_config.json
11:46PM DBG /root/.ssh3/oidc_config.json does not exist
11:46PM DBG dialing QUIC host at 127.0.0.1:4433
11:46PM DBG QUIC handshake complete
11:46PM WRN no SSH agent is connected
11:46PM DBG try file-based privkey auth using file /testuser_id_rsa
11:46PM DBG fetching singing method from crypto.PublicKey SigningMethodType=*rsa.PublicKey
11:46PM DBG found suitable auth plugin
11:46PM DBG establish conversation with the server
11:46PM DBG send CONNECT request on URL https://127.0.0.1:4433/ssh3-tests?user=ssh3-testuser, User-Agent="SSH 3.0 francoismichel/ssh3 0.1.7 experimental_spec_version=alpha-00"
11:46PM DBG received request from User-Agent SSH 3.0 francoismichel/ssh3 0.1.7 experimental_spec_version=alpha-00
11:46PM DBG peer version: protocol version 3.0_alpha-00, software version francoismichel/ssh3 0.1.7
11:46PM INF /home/ssh3-testuser/.ssh3/authorized_identities:1: skip commented identity
11:46PM DBG pubkey auth plugin: parse identity string
11:46PM DBG parsing ssh authorized key
11:46PM DBG parsing ssh-rsa identity
11:46PM DBG found an identity for plugin github.com/francoismichel/ssh3-server_pubkey_auth
11:46PM DBG found 1 identities from plugins
11:46PM DBG pubkey auth plugin: parse identity string
11:46PM DBG parsing ssh authorized key
11:46PM DBG parsing ssh-ed25519 identity
11:46PM DBG found an identity for plugin github.com/francoismichel/ssh3-server_pubkey_auth
11:46PM DBG found 1 identities from plugins
11:46PM DBG token method: RS256, pubkey = *rsa.PublicKey &{N:+646914779529432897299574840997361543863495715919009855372573731865583107223182808032118869030629839183287416957059610292245367432351782579956640480773105554742834271932360823727603004361525341183952683897047950390212550904485038065370771283888680344335550865471290754231164882313742836432372238178973510142373149500475171005850677381005207581114774127431688352803857458487229961603986536959397296800756672814992674143964476045800397462472072269125960537181427031821381114923903300811459910374069765767658507358383404793548211461515763044073135389356778337559234551290994169072054036084843363021423837917448708500670750341852992491867244073129878098222522552321790438735537492603979059679260234163924195601940619919333976582423381508351957432683498459386688601645948563619664738906192166116724156040616020221706308239664801234517164974477324292538446625177071722761647624815202086636138581162971946464566743762162310544852645609612306092238709710331369057198098750337534778054908710698798074138415919403689800688259114718252004993500245573648287598782239224239648987548120086603201749215144579374057234695680239044654354652642338551664318920684955893092115178247813387035491339983162204442354969319752948507923456094928369190670368867 E:65537}
11:46PM DBG request for user ssh3-testuser successfully verified by plugin
11:46PM INF got request: method: CONNECT, URL: https://127.0.0.1:4433/ssh3-tests?user=ssh3-testuser
11:46PM DBG got response with 200 OK status code
11:46PM DBG server has valid version "SSH 3.0 francoismichel/ssh3 0.1.7 experimental_spec_version=alpha-00" (protocol version = 3.0_alpha-00, software version = francoismichel/ssh3 0.1.7)
11:46PM DBG forwardUDP p: 8080/127.0.0.1@9090
panic: runtime error: index out of range [1] with length 1
goroutine 1 [running]:
github.com/francoismichel/ssh3/cmd.parseAddrPort({0x7fffe1cb8c35?, 0x1?})
/home/runner/work/ssh3/ssh3/cmd/ssh3.go:224 +0x5fa
github.com/francoismichel/ssh3/cmd.ClientMain()
/home/runner/work/ssh3/ssh3/cmd/ssh3.go:829 +0x4032
main.main()
/home/runner/work/ssh3/ssh3/cmd/ssh3/main.go:12 +0x13
[FAILED] in [It] - /home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:482 @ 10/21/25 23:46:47.838
<< Timeline
[FAILED] Unexpected error:
<*net.OpError | 0xc0003e03c0>:
read udp 127.0.0.1:49889->127.0.0.1:8080: read: connection refused
{
Op: "read",
Net: "udp",
Source: <*net.UDPAddr | 0xc0003b14a0>{IP: [127, 0, 0, 1], Port: 49889, Zone: ""},
Addr: <*net.UDPAddr | 0xc0003b14d0>{IP: [127, 0, 0, 1], Port: 8080, Zone: ""},
Err: <*os.SyscallError | 0xc0003d48e0>{
Syscall: "read",
Err: <syscall.Errno>0x6f,
},
}
occurred
In [It] at: /home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:482 @ 10/21/25 23:46:47.838
------------------------------
• [FAILED] [0.221 seconds]
Testing the ssh3 cli With running server Insecure UDP port forwarding [It] works through proxy jump
/home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:492
[FAILED] Unexpected error:
<*net.OpError | 0xc0003e0c30>:
listen udp 127.0.0.1:9090: bind: address already in use
{
Op: "listen",
Net: "udp",
Source: nil,
Addr: <*net.UDPAddr | 0xc0003b1830>{
IP: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 127, 0, 0, 1],
Port: 9090,
Zone: "",
},
Err: <*os.SyscallError | 0xc0003d4b60>{
Syscall: "bind",
Err: <syscall.Errno>0x62,
},
}
occurred
In [It] at: /home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:428 @ 10/21/25 23:46:48.059
------------------------------
• [FAILED] [0.222 seconds]
Testing the ssh3 cli With running server Insecure UDP port forwarding [It] works with messages of 1150 bytes
/home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:499
[FAILED] Unexpected error:
<*net.OpError | 0xc0003e1310>:
listen udp 127.0.0.1:9090: bind: address already in use
{
Op: "listen",
Net: "udp",
Source: nil,
Addr: <*net.UDPAddr | 0xc0003b1aa0>{
IP: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 127, 0, 0, 1],
Port: 9090,
Zone: "",
},
Err: <*os.SyscallError | 0xc0003d4d40>{
Syscall: "bind",
Err: <syscall.Errno>0x62,
},
}
occurred
In [It] at: /home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:428 @ 10/21/25 23:46:48.281
------------------------------
• [FAILED] [2.213 seconds]
Testing the ssh3 cli With running server Insecure UDP port forwarding [It] works with IPv6 addresses
/home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:513
Timeline >>
{"level":"info","time":"2025-10-21T23:46:48Z","message":"plugin privkey_auth successfully registered"}
{"level":"info","time":"2025-10-21T23:46:48Z","message":"plugin pubkey_auth successfully registered"}
{"level":"debug","time":"2025-10-21T23:46:48Z","message":"Adding plugin-provided CLI arg: \"privkey\""}
{"level":"debug","time":"2025-10-21T23:46:48Z","message":"Adding plugin-provided CLI arg: \"pubkey-for-agent\""}
11:46PM DBG version francoismichel/ssh3 0.1.7
11:46PM DBG no OIDC config file specified, use default file: /root/.ssh3/oidc_config.json
11:46PM DBG /root/.ssh3/oidc_config.json does not exist
11:46PM DBG dialing QUIC host at 127.0.0.1:4433
11:46PM DBG QUIC handshake complete
11:46PM DBG try file-based privkey auth using file /testuser_id_rsa
11:46PM DBG fetching singing method from crypto.PublicKey SigningMethodType=*rsa.PublicKey
11:46PM DBG found suitable auth plugin
11:46PM WRN no SSH agent is connected
11:46PM DBG establish conversation with the server
11:46PM DBG send CONNECT request on URL https://127.0.0.1:4433/ssh3-tests?user=ssh3-testuser, User-Agent="SSH 3.0 francoismichel/ssh3 0.1.7 experimental_spec_version=alpha-00"
11:46PM DBG received request from User-Agent SSH 3.0 francoismichel/ssh3 0.1.7 experimental_spec_version=alpha-00
11:46PM DBG peer version: protocol version 3.0_alpha-00, software version francoismichel/ssh3 0.1.7
11:46PM INF /home/ssh3-testuser/.ssh3/authorized_identities:1: skip commented identity
11:46PM DBG pubkey auth plugin: parse identity string
11:46PM DBG parsing ssh authorized key
11:46PM DBG parsing ssh-rsa identity
11:46PM DBG found an identity for plugin github.com/francoismichel/ssh3-server_pubkey_auth
11:46PM DBG found 1 identities from plugins
11:46PM DBG pubkey auth plugin: parse identity string
11:46PM DBG parsing ssh authorized key
11:46PM DBG parsing ssh-ed25519 identity
11:46PM DBG found an identity for plugin github.com/francoismichel/ssh3-server_pubkey_auth
11:46PM DBG found 1 identities from plugins
11:46PM DBG token method: RS256, pubkey = *rsa.PublicKey &{N:+646914779529432897299574840997361543863495715919009855372573731865583107223182808032118869030629839183287416957059610292245367432351782579956640480773105554742834271932360823727603004361525341183952683897047950390212550904485038065370771283888680344335550865471290754231164882313742836432372238178973510142373149500475171005850677381005207581114774127431688352803857458487229961603986536959397296800756672814992674143964476045800397462472072269125960537181427031821381114923903300811459910374069765767658507358383404793548211461515763044073135389356778337559234551290994169072054036084843363021423837917448708500670750341852992491867244073129878098222522552321790438735537492603979059679260234163924195601940619919333976582423381508351957432683498459386688601645948563619664738906192166116724156040616020221706308239664801234517164974477324292538446625177071722761647624815202086636138581162971946464566743762162310544852645609612306092238709710331369057198098750337534778054908710698798074138415919403689800688259114718252004993500245573648287598782239224239648987548120086603201749215144579374057234695680239044654354652642338551664318920684955893092115178247813387035491339983162204442354969319752948507923456094928369190670368867 E:65537}
11:46PM DBG request for user ssh3-testuser successfully verified by plugin
11:46PM INF got request: method: CONNECT, URL: https://127.0.0.1:4433/ssh3-tests?user=ssh3-testuser
11:46PM DBG got response with 200 OK status code
11:46PM DBG server has valid version "SSH 3.0 francoismichel/ssh3 0.1.7 experimental_spec_version=alpha-00" (protocol version = 3.0_alpha-00, software version = francoismichel/ssh3 0.1.7)
11:46PM DBG forwardUDP p: 8082/::1@9090
panic: runtime error: index out of range [1] with length 1
goroutine 1 [running]:
github.com/francoismichel/ssh3/cmd.parseAddrPort({0x7fff087d4c3b?, 0x1?})
/home/runner/work/ssh3/ssh3/cmd/ssh3.go:224 +0x5fa
github.com/francoismichel/ssh3/cmd.ClientMain()
/home/runner/work/ssh3/ssh3/cmd/ssh3.go:829 +0x4032
main.main()
/home/runner/work/ssh3/ssh3/cmd/ssh3/main.go:12 +0x13
[FAILED] in [It] - /home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:482 @ 10/21/25 23:46:50.494
<< Timeline
[FAILED] Unexpected error:
<*net.OpError | 0xc0002d40f0>:
read udp [::1]:38224->[::1]:8082: read: connection refused
{
Op: "read",
Net: "udp",
Source: <*net.UDPAddr | 0xc0002d60c0>{
IP: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1],
Port: 38224,
Zone: "",
},
Addr: <*net.UDPAddr | 0xc0002d6120>{
IP: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1],
Port: 8082,
Zone: "",
},
Err: <*os.SyscallError | 0xc00003c0a0>{
Syscall: "read",
Err: <syscall.Errno>0x6f,
},
}
occurred
In [It] at: /home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:482 @ 10/21/25 23:46:50.494
------------------------------
•
Summarizing 8 Failures:
[FAIL] Testing the ssh3 cli With running server Insecure Client behaviour TCP port forwarding [It] works with small messages
/home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:342
[FAIL] Testing the ssh3 cli With running server Insecure Client behaviour TCP port forwarding [It] works through proxy jump
/home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:294
[FAIL] Testing the ssh3 cli With running server Insecure Client behaviour TCP port forwarding [It] works with messages larger than a typical MTU
/home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:294
[FAIL] Testing the ssh3 cli With running server Insecure Client behaviour TCP port forwarding [It] works with IPv6 addresses
/home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:342
[FAIL] Testing the ssh3 cli With running server Insecure UDP port forwarding [It] works with small messages
/home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:482
[FAIL] Testing the ssh3 cli With running server Insecure UDP port forwarding [It] works through proxy jump
/home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:428
[FAIL] Testing the ssh3 cli With running server Insecure UDP port forwarding [It] works with messages of 1150 bytes
/home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:428
[FAIL] Testing the ssh3 cli With running server Insecure UDP port forwarding [It] works with IPv6 addresses
/home/runner/work/ssh3/ssh3/integration_tests/ssh3_test.go:482
Ran 18 of 18 Specs in 22.496 seconds
FAIL! -- 10 Passed | 8 Failed | 0 Pending | 0 Skipped
--- FAIL: TestMessage (22.50s)
FAIL
Hi @h4sh5,
Thank you for the feedback!
I tested the ncat tests you prepared with a newer version of my fork (https://github.com/jdhozdiego/ssh3/commit/97afcc700635ffdd43269b6ece45c81cab45fc0b) and the problem is already resolved. Nevertheless, I will isolate the fix into a single commit so that the UDP reverse port forwarding is fully functional without incorporating other functionalities.
I also tested reverse UDP port forwarding using real DNS protocol by first forwarding Google DNS to local port 5353 and then reverse-forwarding that port to 5454 as follows:
-forward-udp 53/8.8.8.8@5353/127.0.0.1
-reverse-udp 5454/127.0.0.1@5353/127.0.0.1
If we run nslookup at 127.0.0.1:5454, DNS works as expected.
nslookup -port=5454 github.com 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#5454
Non-authoritative answer:
Name: github.com
Address: 140.82.121.4
The integration tests seem to be also failing because I assigned wrong port numbers and there are bind: address already in use errors. I will try to address that as well.