[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Is it possible to forward unix sockets?
I think that one (or both!) of us has a misunderstanding about unix sockets.
Based on my (limited) knowledge, it simply does not make sense to say "binds a
socket that I need to forward to a remote machine". For example,
bind() is typically used on the server side
Let's put it this way: what are the ultimate endpoints of this communication?
Without any mention of spiped or socat. As far as I understand it, you have:
- local machine binds a unix domain socket.
- remote machine wants to connect to that socket.
? If that's the case, you would want to have
- local spiped decryption
- remote spiped encryption
You wrote "so decrypting on my local machine doesn't make sense", but I don't
On Thu, Jun 08, 2017 at 10:18:43AM +0800, JunglHilt wrote:
> Yes I tried that...my local machine is behind NAT and it wouldn't be
> desirable any way to have a connection back to my machine. I have a
> process on my local machine that binds a socket that I need to forward
> to a remote machine, so decrypting on my local machine doesn't make
> sense - it needs to encrypt on my machine but that won't work as the
> source socket is already bound (obviously).
> At the moment I have socat performing the unix domain functions and
> spiped doing network and encryption / decryption functions...I just
> wondered if it was possible without socat, which I don't think it is,
> On 8 June 2017 at 00:04, Graham Percival <firstname.lastname@example.org>
> Yes, spiped is trying to bind the /tmp/blah socket, yet the file
> already exists. Please delete that file, then run your spiped -e
> command, and
> then run the other program which you want to send data to /tmp/blah.
> (if that other program is also trying to bind /tmp/blah, then it
> probably needs
> to be re-thought. The "server" program is the one which binds the
> socket; the
> "client" program merely connects to it.)
> - Graham
> On Wed, Jun 07, 2017 at 10:14:11PM +0800, JunglHilt wrote:
> > ok so I have the following :
> > A process which created a unix domain socket (/tmp/blah) on my
> > machine that I want to send to a remote machine
> 220.127.116.11:9999 and end
> > up as /tmp/blah on which side has another process that wants
> to read
> > from the socket.
> > On the sending side I have :
> > spiped -e -F -s /tmp/blah -t 18.104.22.168:9999 -k key.key
> > yet it complains that the address is already in use...I thought
> > the intent of the source directive is to read from given source
> > perhaps it is trying to bind to that socket?
> > I'm not that familiar with sockets so please excuse any
> paradigms that
> > I have gotten wrong.
> > H
> > On 7 June 2017 at 20:07, Colin Percival
> > wrote:
> > On 06/07/17 01:17, JunglHilt wrote:
> > > I'm trying to forward a unix domain socket securely over
> > internet and was
> > > wondering if this is possible with spiped?
> > Yes.
> > > I have tried specifying a socket as the source(on one side)
> > target on the
> > > other yet the target socket doesn't get created, so not
> sure if
> > this is
> > > possible..?
> > spiped doesn't create the target socket. spiped connects to
> the target
> > socket, which should have been created by whatever process you
> want to
> > connect to.
> > --
> > Colin Percival
> > Security Officer Emeritus, FreeBSD | The power to serve
> > Founder, Tarsnap | www.tarsnap.com | Online backups for
> the truly
> > paranoid
> > References
> > 1. http://22.214.171.124:9999/
> > 2. http://126.96.36.199:9999/
> > 3. mailto:email@example.com
> > 4. http://www.tarsnap.com/
> 1. mailto:firstname.lastname@example.org
> 2. http://188.8.131.52:9999/
> 3. http://184.108.40.206:9999/
> 4. mailto:email@example.com
> 5. http://www.tarsnap.com/
> 6. http://220.127.116.11:9999/
> 7. http://18.104.22.168:9999/
> 8. mailto:firstname.lastname@example.org
> 9. http://www.tarsnap.com/