Skip to content

Raw socket forwarding #6003

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 5, 2025
Merged

Raw socket forwarding #6003

merged 3 commits into from
Jun 5, 2025

Conversation

cpuguy83
Copy link
Member

No description provided.

@cpuguy83 cpuguy83 force-pushed the raw_socket_forwarding branch 9 times, most recently from b8722d2 to abfefed Compare June 2, 2025 15:07
tonistiigi
tonistiigi reviewed Jun 2, 2025
View reviewed changes
@cpuguy83 cpuguy83 force-pushed the raw_socket_forwarding branch from abfefed to ad589dd Compare June 2, 2025 16:18
@cpuguy83
sshforward: Add support for forwarding raw connections
125f494 
This commit implements a new SSH provider in terms of ID and dialer
functions and then implements the existing SSH provider using this.

None of the SSH connection string parsing is updated to specifically
support fraw mode. This will be handled in a follow-up commit.

Signed-off-by: Brian Goff <[email protected]>
@cpuguy83 cpuguy83 force-pushed the raw_socket_forwarding branch from ad589dd to 7b0eab6 Compare June 2, 2025 16:55
@cpuguy83 cpuguy83 marked this pull request as ready for review June 2, 2025 16:55
tonistiigi
tonistiigi reviewed Jun 2, 2025
View reviewed changes
session/sshforward/sshprovider/raw_provider.go Outdated
Dialer func(context.Context) (net.Conn, error)
}

func newRawProvider(confs []rawConfig) (session.Attachable, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If rawConfig renamed to dialer as described in other comment then this can just be new SSHProvider or newSocketProvider.

tonistiigi
tonistiigi reviewed Jun 2, 2025
View reviewed changes
@cpuguy83 cpuguy83 force-pushed the raw_socket_forwarding branch from 1e36a0c to 5944a97 Compare June 3, 2025 01:20
AkihiroSuda
AkihiroSuda reviewed Jun 3, 2025
View reviewed changes
cpuguy83 added 2 commits June 3, 2025 09:03
@cpuguy83
Add support for raw mode in the SSH agent provider.
96447a8 
In fraw mode it just does a raw proxy on the connection.
There's no internal SSH agent or anything.

Signed-off-by: Brian Goff <[email protected]>
@cpuguy83
Remove intermediate type RawConfig
c39de5e 
This is not needed since we are not exporting the the underlying raw
provider.
Instead just convert the AgentConfig directly to a dialer.

Signed-off-by: Brian Goff <[email protected]>
@cpuguy83 cpuguy83 force-pushed the raw_socket_forwarding branch from 5944a97 to c39de5e Compare June 3, 2025 16:03
tonistiigi
tonistiigi approved these changes Jun 3, 2025
View reviewed changes
Copy link
Member

@tonistiigi tonistiigi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might need to consider adding another entitlement for this in buildx bake so, maybe instead of --allow ssh, in case raw=true then --allow socket would be required.

@tonistiigi tonistiigi merged commit 265279d into moby:master Jun 5, 2025
194 of 195 checks passed
@cpuguy83 cpuguy83 deleted the raw_socket_forwarding branch June 18, 2025 16:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees

@cpuguy83 cpuguy83

Labels
area/buildctl area/client area/docs area/session area/testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cpuguy83 @tonistiigi @AkihiroSuda