[prev in list] [next in list] [prev in thread] [next in thread]
List: netbsd-users
Subject: Re: builtin httpd + pub dirs = snafu
From: Chuck Swiger <cswiger () mac ! com>
Date: 2011-06-22 17:45:43
Message-ID: FB8D6E0E-77FF-4BD5-BB92-621DD7B69E95 () mac ! com
[Download RAW message or body]
On Jun 22, 2011, at 4:10 AM, Rhialto wrote:
> What I imagine is a little program that sits on the https or http port,
> accepts connections, determines whether it is ssh or http, does some
> plumbing[1] and gets out of the way.
You could start with plug-gw from the TIS FWTK. Of course, if the local
firewall was doing it's job, it would already be forcing HTTP and HTTPS
through an HTTP-aware proxy which would block attempts to put other
protocols like SSH through.
> Determining the protocol ought to be possible. HTTP servers expect an
> immediate GET request. SSH servers first issue a prompt before a client
> reply is due. So if the little program first waits for half a second or
> so to see if a HTTP request comes in, and otherwise assumes SSH, this
> should be good enough.
Indeed. Just make sure you don't upset the locals by violating their
security policies. :-)
> [1] as far as I know there is no way to plumb two file descriptors
> together, a read and a write one, both open in the current program, such
> that the current process gets taken out of the loop and data written to
> the one are immediately available on the other. That would be very
> useful for a utility like this[2].
Unix domain sockets?
> [2] and while we're thinking up new plumbing operations, a pipe cutter
> that interposes a process into the data stream of a single existing pipe
> or other file descriptor would be useful too.
tee(1)
Regards,
--
-Chuck
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic