extcap: add option to set proxycommand to ssh sessions.

sshdump and ciscodump have been updated to use it.

Change-Id: I4e1e0d35f086d76c13264939bc4f14308cc88cfb
Reviewed-on: https://code.wireshark.org/review/30496
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

4 files changed, 43 insertions, 11 deletions

diff --git a/extcap/ciscodump.c b/extcap/ciscodump.c
index 5ec4fbe74f..d0893c86c0 100644
--- a/extcap/ciscodump.c
+++ b/extcap/ciscodump.c
@@ -66,6 +66,7 @@ enum {
 	OPT_REMOTE_FILTER,
 	OPT_SSHKEY,
 	OPT_SSHKEY_PASSPHRASE,
+	OPT_PROXYCOMMAND,
 	OPT_REMOTE_COUNT
 };
 
@@ -405,7 +406,7 @@ error:
 }
 
 static int ssh_open_remote_connection(const char* hostname, const unsigned int port, const char* username, const char* password,
-	const char* sshkey, const char* sshkey_passphrase, const char* iface, const char* cfilter,
+	const char* sshkey, const char* sshkey_passphrase, const char* proxycommand, const char* iface, const char* cfilter,
 	const guint32 count, const char* fifo)
 {
 	ssh_session sshs;
@@ -425,7 +426,7 @@ static int ssh_open_remote_connection(const char* hostname, const unsigned int p
 		}
 	}
 
-	sshs = create_ssh_connection(hostname, port, username, password, sshkey, sshkey_passphrase, &err_info);
+	sshs = create_ssh_connection(hostname, port, username, password, sshkey, sshkey_passphrase, proxycommand, &err_info);
 	if (!sshs) {
 		g_warning("Error creating connection: %s", err_info);
 		goto cleanup;
@@ -488,6 +489,9 @@ static int list_config(char *interface, unsigned int remote_port)
 	printf("arg {number=%u}{call=--sshkey}{display=Path to SSH private key}"
 		"{type=fileselect}{tooltip=The path on the local filesystem of the private ssh key}"
 		"{group=Authentication}\n", inc++);
+	printf("arg {number=%u}{call=--proxycommand}{display=ProxyCommand}"
+		"{type=string}{tooltip=The command to use as proxy for the SSH connection}"
+		"{group=Authentication}\n", inc++);
 	printf("arg {number=%u}{call--sshkey-passphrase}{display=SSH key passphrase}"
 		"{type=password}{tooltip=Passphrase to unlock the SSH private key}"
 		"{group=Authentication\n", inc++);
@@ -521,6 +525,7 @@ int real_main(int argc, char **argv)
 	char* remote_interface = NULL;
 	char* sshkey = NULL;
 	char* sshkey_passphrase = NULL;
+	char* proxycommand = NULL;
 	char* remote_filter = NULL;
 	guint32 count = 0;
 	int ret = EXIT_FAILURE;
@@ -558,6 +563,7 @@ int real_main(int argc, char **argv)
 		"If not specified, ssh-agent and ssh-key are used");
 	extcap_help_add_option(extcap_conf, "--sshkey <public key path>", "the path of the ssh key");
 	extcap_help_add_option(extcap_conf, "--sshkey-passphrase <public key passphrase>", "the passphrase to unlock public ssh");
+	extcap_help_add_option(extcap_conf, "--proxycommand <proxy command>", "the command to use as proxy the the ssh connection");
 	extcap_help_add_option(extcap_conf, "--remote-interface <iface>", "the remote capture interface");
 	extcap_help_add_option(extcap_conf, "--remote-filter <filter>", "a filter for remote capture "
 		"(default: don't capture data for lal interfaces IPs)");
@@ -617,6 +623,11 @@ int real_main(int argc, char **argv)
 			memset(optarg, 'X', strlen(optarg));
 			break;
 
+		case OPT_PROXYCOMMAND:
+			g_free(proxycommand);
+			proxycommand = g_strdup(optarg);
+			break;
+
 		case OPT_REMOTE_INTERFACE:
 			g_free(remote_interface);
 			remote_interface = g_strdup(optarg);
@@ -686,9 +697,8 @@ int real_main(int argc, char **argv)
 			g_warning("ERROR: count of packets must be specified (--remote-count)");
 			goto end;
 		}
-
 		ret = ssh_open_remote_connection(remote_host, remote_port, remote_username,
-			remote_password, sshkey, sshkey_passphrase, remote_interface,
+			remote_password, sshkey, sshkey_passphrase, proxycommand, remote_interface,
 			remote_filter, count, extcap_conf->fifo);
 	} else {
 		g_debug("You should not come here... maybe some parameter missing?");
diff --git a/extcap/ssh-base.c b/extcap/ssh-base.c
index ac39134b20..3ba11cc7eb 100644
--- a/extcap/ssh-base.c
+++ b/extcap/ssh-base.c
@@ -19,7 +19,8 @@
 #include <string.h>
 
 ssh_session create_ssh_connection(const char* hostname, const guint16 port, const char* username,
-	const char* password, const char* sshkey_path, const char* sshkey_passphrase, char** err_info)
+	const char* password, const char* sshkey_path, const char* sshkey_passphrase, const char* proxycommand,
+	char** err_info)
 {
 	ssh_session sshs;
 
@@ -55,6 +56,13 @@ ssh_session create_ssh_connection(const char* hostname, const guint16 port, cons
 		goto failure;
 	}
 
+	if (proxycommand) {
+		if (ssh_options_set(sshs, SSH_OPTIONS_PROXYCOMMAND, proxycommand)) {
+			*err_info = g_strdup_printf("Can't set the ProxyCommand: %s", proxycommand);
+			goto failure;
+		}
+	}
+
 	g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, "Opening ssh connection to %s@%s:%u", username, hostname, port);
 
 	/* Connect to server */
diff --git a/extcap/ssh-base.h b/extcap/ssh-base.h
index 8c81ac5c50..bd1f7b3f82 100644
--- a/extcap/ssh-base.h
+++ b/extcap/ssh-base.h
@@ -34,11 +34,13 @@
 	{ "remote-filter", required_argument, NULL, OPT_REMOTE_FILTER}, \
 	{ "remote-count", required_argument, NULL, OPT_REMOTE_COUNT}, \
 	{ "sshkey", required_argument, NULL, OPT_SSHKEY}, \
-	{ "sshkey-passphrase", required_argument, NULL, OPT_SSHKEY_PASSPHRASE}
+	{ "sshkey-passphrase", required_argument, NULL, OPT_SSHKEY_PASSPHRASE}, \
+	{ "proxycommand", required_argument, NULL, OPT_PROXYCOMMAND}
 
 /* Create a ssh connection using all the possible authentication menthods */
 ssh_session create_ssh_connection(const char* hostname, const guint16 port, const char* username,
-	const char* password, const char* sshkey_path, const char* sshkey_passphrase, char** err_info);
+	const char* password, const char* sshkey_path, const char* sshkey_passphrase, const char* proxycommand,
+	char** err_info);
 
 /* Write a formatted message in the channel */
 int ssh_channel_printf(ssh_channel channel, const char* fmt, ...);
diff --git a/extcap/sshdump.c b/extcap/sshdump.c
index a4b23c81c3..dee9b16568 100644
--- a/extcap/sshdump.c
+++ b/extcap/sshdump.c
@@ -43,6 +43,7 @@ enum {
 	OPT_REMOTE_FILTER,
 	OPT_SSHKEY,
 	OPT_SSHKEY_PASSPHRASE,
+	OPT_PROXYCOMMAND,
 	OPT_REMOTE_COUNT,
 	OPT_REMOTE_SUDO,
 	OPT_REMOTE_NOPROM
@@ -176,8 +177,8 @@ static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command
 }
 
 static int ssh_open_remote_connection(const char* hostname, const unsigned int port, const char* username, const char* password,
-	const char* sshkey, const char* sshkey_passphrase, const char* iface, const char* cfilter, const char* capture_command,
-	const gboolean use_sudo, gboolean noprom, const guint32 count, const char* fifo)
+	const char* sshkey, const char* sshkey_passphrase, const char* proxycommand, const char* iface, const char* cfilter,
+	const char* capture_command, const gboolean use_sudo, gboolean noprom, const guint32 count, const char* fifo)
 {
 	ssh_session sshs = NULL;
 	ssh_channel channel = NULL;
@@ -194,7 +195,7 @@ static int ssh_open_remote_connection(const char* hostname, const unsigned int p
 		}
 	}
 
-	sshs = create_ssh_connection(hostname, port, username, password, sshkey, sshkey_passphrase, &err_info);
+	sshs = create_ssh_connection(hostname, port, username, password, sshkey, sshkey_passphrase, proxycommand, &err_info);
 
 	if (!sshs) {
 		g_warning("Error creating connection: %s", err_info);
@@ -283,6 +284,9 @@ static int list_config(char *interface, unsigned int remote_port)
 	printf("arg {number=%u}{call=--sshkey-passphrase}{display=SSH key passphrase}"
 		"{type=password}{tooltip=Passphrase to unlock the SSH private key}{group=Authentication}\n",
 		inc++);
+	printf("arg {number=%u}{call=--proxycommand}{display=ProxyCommand}"
+		"{type=string}{tooltip=The command to use as proxy for the SSH connection}"
+		"{group=Authentication}\n", inc++);
 	printf("arg {number=%u}{call=--remote-interface}{display=Remote interface}"
 		"{type=string}{default=eth0}{tooltip=The remote network interface used for capture"
 		"}{group=Capture}\n", inc++);
@@ -336,6 +340,7 @@ int real_main(int argc, char **argv)
 	char* remote_capture_command = NULL;
 	char* sshkey = NULL;
 	char* sshkey_passphrase = NULL;
+	char* proxycommand = NULL;
 	char* remote_filter = NULL;
 	guint32 count = 0;
 	int ret = EXIT_FAILURE;
@@ -373,6 +378,7 @@ int real_main(int argc, char **argv)
 	extcap_help_add_option(extcap_conf, "--remote-password <password>", "the remote SSH password. If not specified, ssh-agent and ssh-key are used");
 	extcap_help_add_option(extcap_conf, "--sshkey <public key path>", "the path of the ssh key");
 	extcap_help_add_option(extcap_conf, "--sshkey-passphrase <public key passphrase>", "the passphrase to unlock public ssh");
+	extcap_help_add_option(extcap_conf, "--proxycommand <proxy command>", "the command to use as proxy the the ssh connection");
 	extcap_help_add_option(extcap_conf, "--remote-interface <iface>", "the remote capture interface (default: eth0)");
 	extcap_help_add_option(extcap_conf, "--remote-capture-command <capture command>", "the remote capture command");
 	extcap_help_add_option(extcap_conf, "--remote-sudo yes", "use sudo on the remote machine to capture");
@@ -437,6 +443,11 @@ int real_main(int argc, char **argv)
 			memset(optarg, 'X', strlen(optarg));
 			break;
 
+		case OPT_PROXYCOMMAND:
+			g_free(proxycommand);
+			proxycommand = g_strdup(optarg);
+			break;
+
 		case OPT_REMOTE_INTERFACE:
 			g_free(remote_interface);
 			remote_interface = g_strdup(optarg);
@@ -509,7 +520,7 @@ int real_main(int argc, char **argv)
 		}
 		filter = concat_filters(extcap_conf->capture_filter, remote_filter);
 		ret = ssh_open_remote_connection(remote_host, remote_port, remote_username,
-			remote_password, sshkey, sshkey_passphrase, remote_interface,
+			remote_password, sshkey, sshkey_passphrase, proxycommand, remote_interface,
 			filter, remote_capture_command, use_sudo, noprom, count, extcap_conf->fifo);
 		g_free(filter);
 	} else {
@@ -526,6 +537,7 @@ end:
 	g_free(remote_capture_command);
 	g_free(sshkey);
 	g_free(sshkey_passphrase);
+	g_free(proxycommand);
 	g_free(remote_filter);
 	extcap_base_cleanup(&extcap_conf);
 	return ret;