diff options
author | Dario Lombardo <lomato@gmail.com> | 2018-11-03 15:15:43 +0100 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2018-11-05 05:59:38 +0000 |
commit | 0a5770a78a82147142bb7e2ead914eef1b254724 (patch) | |
tree | d34c02f9274f92bac3c4f78103db435300f657f0 /extcap | |
parent | 2be2febfc6dd606ef667e05a323a1b0bdc726f62 (diff) |
extcap: add option to set proxycommand to ssh sessions.
sshdump and ciscodump have been updated to use it.
Change-Id: I4e1e0d35f086d76c13264939bc4f14308cc88cfb
Reviewed-on: https://code.wireshark.org/review/30496
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'extcap')
-rw-r--r-- | extcap/ciscodump.c | 18 | ||||
-rw-r--r-- | extcap/ssh-base.c | 10 | ||||
-rw-r--r-- | extcap/ssh-base.h | 6 | ||||
-rw-r--r-- | extcap/sshdump.c | 20 |
4 files changed, 43 insertions, 11 deletions
diff --git a/extcap/ciscodump.c b/extcap/ciscodump.c index 5ec4fbe74f..d0893c86c0 100644 --- a/extcap/ciscodump.c +++ b/extcap/ciscodump.c @@ -66,6 +66,7 @@ enum { OPT_REMOTE_FILTER, OPT_SSHKEY, OPT_SSHKEY_PASSPHRASE, + OPT_PROXYCOMMAND, OPT_REMOTE_COUNT }; @@ -405,7 +406,7 @@ error: } static int ssh_open_remote_connection(const char* hostname, const unsigned int port, const char* username, const char* password, - const char* sshkey, const char* sshkey_passphrase, const char* iface, const char* cfilter, + const char* sshkey, const char* sshkey_passphrase, const char* proxycommand, const char* iface, const char* cfilter, const guint32 count, const char* fifo) { ssh_session sshs; @@ -425,7 +426,7 @@ static int ssh_open_remote_connection(const char* hostname, const unsigned int p } } - sshs = create_ssh_connection(hostname, port, username, password, sshkey, sshkey_passphrase, &err_info); + sshs = create_ssh_connection(hostname, port, username, password, sshkey, sshkey_passphrase, proxycommand, &err_info); if (!sshs) { g_warning("Error creating connection: %s", err_info); goto cleanup; @@ -488,6 +489,9 @@ static int list_config(char *interface, unsigned int remote_port) printf("arg {number=%u}{call=--sshkey}{display=Path to SSH private key}" "{type=fileselect}{tooltip=The path on the local filesystem of the private ssh key}" "{group=Authentication}\n", inc++); + printf("arg {number=%u}{call=--proxycommand}{display=ProxyCommand}" + "{type=string}{tooltip=The command to use as proxy for the SSH connection}" + "{group=Authentication}\n", inc++); printf("arg {number=%u}{call--sshkey-passphrase}{display=SSH key passphrase}" "{type=password}{tooltip=Passphrase to unlock the SSH private key}" "{group=Authentication\n", inc++); @@ -521,6 +525,7 @@ int real_main(int argc, char **argv) char* remote_interface = NULL; char* sshkey = NULL; char* sshkey_passphrase = NULL; + char* proxycommand = NULL; char* remote_filter = NULL; guint32 count = 0; int ret = EXIT_FAILURE; @@ -558,6 +563,7 @@ int real_main(int argc, char **argv) "If not specified, ssh-agent and ssh-key are used"); extcap_help_add_option(extcap_conf, "--sshkey <public key path>", "the path of the ssh key"); extcap_help_add_option(extcap_conf, "--sshkey-passphrase <public key passphrase>", "the passphrase to unlock public ssh"); + extcap_help_add_option(extcap_conf, "--proxycommand <proxy command>", "the command to use as proxy the the ssh connection"); extcap_help_add_option(extcap_conf, "--remote-interface <iface>", "the remote capture interface"); extcap_help_add_option(extcap_conf, "--remote-filter <filter>", "a filter for remote capture " "(default: don't capture data for lal interfaces IPs)"); @@ -617,6 +623,11 @@ int real_main(int argc, char **argv) memset(optarg, 'X', strlen(optarg)); break; + case OPT_PROXYCOMMAND: + g_free(proxycommand); + proxycommand = g_strdup(optarg); + break; + case OPT_REMOTE_INTERFACE: g_free(remote_interface); remote_interface = g_strdup(optarg); @@ -686,9 +697,8 @@ int real_main(int argc, char **argv) g_warning("ERROR: count of packets must be specified (--remote-count)"); goto end; } - ret = ssh_open_remote_connection(remote_host, remote_port, remote_username, - remote_password, sshkey, sshkey_passphrase, remote_interface, + remote_password, sshkey, sshkey_passphrase, proxycommand, remote_interface, remote_filter, count, extcap_conf->fifo); } else { g_debug("You should not come here... maybe some parameter missing?"); diff --git a/extcap/ssh-base.c b/extcap/ssh-base.c index ac39134b20..3ba11cc7eb 100644 --- a/extcap/ssh-base.c +++ b/extcap/ssh-base.c @@ -19,7 +19,8 @@ #include <string.h> ssh_session create_ssh_connection(const char* hostname, const guint16 port, const char* username, - const char* password, const char* sshkey_path, const char* sshkey_passphrase, char** err_info) + const char* password, const char* sshkey_path, const char* sshkey_passphrase, const char* proxycommand, + char** err_info) { ssh_session sshs; @@ -55,6 +56,13 @@ ssh_session create_ssh_connection(const char* hostname, const guint16 port, cons goto failure; } + if (proxycommand) { + if (ssh_options_set(sshs, SSH_OPTIONS_PROXYCOMMAND, proxycommand)) { + *err_info = g_strdup_printf("Can't set the ProxyCommand: %s", proxycommand); + goto failure; + } + } + g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, "Opening ssh connection to %s@%s:%u", username, hostname, port); /* Connect to server */ diff --git a/extcap/ssh-base.h b/extcap/ssh-base.h index 8c81ac5c50..bd1f7b3f82 100644 --- a/extcap/ssh-base.h +++ b/extcap/ssh-base.h @@ -34,11 +34,13 @@ { "remote-filter", required_argument, NULL, OPT_REMOTE_FILTER}, \ { "remote-count", required_argument, NULL, OPT_REMOTE_COUNT}, \ { "sshkey", required_argument, NULL, OPT_SSHKEY}, \ - { "sshkey-passphrase", required_argument, NULL, OPT_SSHKEY_PASSPHRASE} + { "sshkey-passphrase", required_argument, NULL, OPT_SSHKEY_PASSPHRASE}, \ + { "proxycommand", required_argument, NULL, OPT_PROXYCOMMAND} /* Create a ssh connection using all the possible authentication menthods */ ssh_session create_ssh_connection(const char* hostname, const guint16 port, const char* username, - const char* password, const char* sshkey_path, const char* sshkey_passphrase, char** err_info); + const char* password, const char* sshkey_path, const char* sshkey_passphrase, const char* proxycommand, + char** err_info); /* Write a formatted message in the channel */ int ssh_channel_printf(ssh_channel channel, const char* fmt, ...); diff --git a/extcap/sshdump.c b/extcap/sshdump.c index a4b23c81c3..dee9b16568 100644 --- a/extcap/sshdump.c +++ b/extcap/sshdump.c @@ -43,6 +43,7 @@ enum { OPT_REMOTE_FILTER, OPT_SSHKEY, OPT_SSHKEY_PASSPHRASE, + OPT_PROXYCOMMAND, OPT_REMOTE_COUNT, OPT_REMOTE_SUDO, OPT_REMOTE_NOPROM @@ -176,8 +177,8 @@ static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command } static int ssh_open_remote_connection(const char* hostname, const unsigned int port, const char* username, const char* password, - const char* sshkey, const char* sshkey_passphrase, const char* iface, const char* cfilter, const char* capture_command, - const gboolean use_sudo, gboolean noprom, const guint32 count, const char* fifo) + const char* sshkey, const char* sshkey_passphrase, const char* proxycommand, const char* iface, const char* cfilter, + const char* capture_command, const gboolean use_sudo, gboolean noprom, const guint32 count, const char* fifo) { ssh_session sshs = NULL; ssh_channel channel = NULL; @@ -194,7 +195,7 @@ static int ssh_open_remote_connection(const char* hostname, const unsigned int p } } - sshs = create_ssh_connection(hostname, port, username, password, sshkey, sshkey_passphrase, &err_info); + sshs = create_ssh_connection(hostname, port, username, password, sshkey, sshkey_passphrase, proxycommand, &err_info); if (!sshs) { g_warning("Error creating connection: %s", err_info); @@ -283,6 +284,9 @@ static int list_config(char *interface, unsigned int remote_port) printf("arg {number=%u}{call=--sshkey-passphrase}{display=SSH key passphrase}" "{type=password}{tooltip=Passphrase to unlock the SSH private key}{group=Authentication}\n", inc++); + printf("arg {number=%u}{call=--proxycommand}{display=ProxyCommand}" + "{type=string}{tooltip=The command to use as proxy for the SSH connection}" + "{group=Authentication}\n", inc++); printf("arg {number=%u}{call=--remote-interface}{display=Remote interface}" "{type=string}{default=eth0}{tooltip=The remote network interface used for capture" "}{group=Capture}\n", inc++); @@ -336,6 +340,7 @@ int real_main(int argc, char **argv) char* remote_capture_command = NULL; char* sshkey = NULL; char* sshkey_passphrase = NULL; + char* proxycommand = NULL; char* remote_filter = NULL; guint32 count = 0; int ret = EXIT_FAILURE; @@ -373,6 +378,7 @@ int real_main(int argc, char **argv) extcap_help_add_option(extcap_conf, "--remote-password <password>", "the remote SSH password. If not specified, ssh-agent and ssh-key are used"); extcap_help_add_option(extcap_conf, "--sshkey <public key path>", "the path of the ssh key"); extcap_help_add_option(extcap_conf, "--sshkey-passphrase <public key passphrase>", "the passphrase to unlock public ssh"); + extcap_help_add_option(extcap_conf, "--proxycommand <proxy command>", "the command to use as proxy the the ssh connection"); extcap_help_add_option(extcap_conf, "--remote-interface <iface>", "the remote capture interface (default: eth0)"); extcap_help_add_option(extcap_conf, "--remote-capture-command <capture command>", "the remote capture command"); extcap_help_add_option(extcap_conf, "--remote-sudo yes", "use sudo on the remote machine to capture"); @@ -437,6 +443,11 @@ int real_main(int argc, char **argv) memset(optarg, 'X', strlen(optarg)); break; + case OPT_PROXYCOMMAND: + g_free(proxycommand); + proxycommand = g_strdup(optarg); + break; + case OPT_REMOTE_INTERFACE: g_free(remote_interface); remote_interface = g_strdup(optarg); @@ -509,7 +520,7 @@ int real_main(int argc, char **argv) } filter = concat_filters(extcap_conf->capture_filter, remote_filter); ret = ssh_open_remote_connection(remote_host, remote_port, remote_username, - remote_password, sshkey, sshkey_passphrase, remote_interface, + remote_password, sshkey, sshkey_passphrase, proxycommand, remote_interface, filter, remote_capture_command, use_sudo, noprom, count, extcap_conf->fifo); g_free(filter); } else { @@ -526,6 +537,7 @@ end: g_free(remote_capture_command); g_free(sshkey); g_free(sshkey_passphrase); + g_free(proxycommand); g_free(remote_filter); extcap_base_cleanup(&extcap_conf); return ret; |