xpra icon
Bug tracker and wiki

Opened 3 years ago

Last modified 11 months ago

#1022 assigned enhancement

Xpra Client in Listen Mode

Reported by: adarrab Owned by: Antoine Martin
Priority: minor Milestone: future
Component: core Version: trunk
Keywords: Listen Mode Cc:

Description (last modified by Antoine Martin)

It would be nice to have those two additional options (--listen, --client) e.g.

Xpra_cmd.exe attach [ssh/tcp]: EMPTY --listen=[IP:PORT] (Waits for server ready msg, with optional timeout. IP is provided in case a machine has more than 1 active address, otherwise not needed)

xpra --start :XX --start-child=CMD  --client=IP:PORT


Once server is initiated successfully, it sends a triggering tcp msg to the client containing USER@SERVER :XX to be used by the client to initiate ssh/tcp connection.
One useful option with client listen mode is continues listing, so that it exec clients once server msg received and keeps listing for more servers as they become ready, instead of launching clients manually for each application

  • The main driver for this is to mimic the Xserver behavior where it listens and accepts connections from remote hosts
  • But another benefit of this listen option is that you can have servers that are NATed, unreachable from regular clients, since they will be the ones initiating the connection.

Thank you,

Change History (8)

comment:1 Changed 3 years ago by Antoine Martin

Description: modified (diff)
Milestone: 0.160.17
Owner: changed from Antoine Martin to adarrab
Type: taskenhancement

As per this original mailing list thread: Xpra Client in Listen Mode Enquiry

I think it would be better, safer and more useful to simply reverse the connection so that the server connects to the client: no need for passing the user+host to connect to using a new magic message to trigger yet another connection. (with the inherent security risks every time - and new connections cannot traverse NAT back to the server).

The "listen" mode should probably be a new subcommand, rather than overloading "attach", ie:

xpra listen tcp:host:port

I really don't see much point at all in the listen via SSH option: if you can SSH to the client, you might as well start the client command via SSH, which is also much safer.

Pointers:

  • the Protocol is quite well abstracted and is used by both client and server, it does not care about which end initiates the connection
  • the client (and its subclasses / superclasses) will need a bit of work to be able to start:
    • without timing out
    • create a tray icon (or not?) and handle menus that are not meant to be used yet
    • create the socket in listen mode (same code as the server) - when the connection is received, it just goes through the normal startup sequence: send hello and everything else should fall into place
  • the Server Base Class (and sub/super classes) will just need a new bit of code to create a new TCP connection and add it to its "sources" list. This should be available via "xpra control" and the dbus server so we can initiate new ones after the server is started if necessary. Think about timeouts, and retries..
  • authentication / encryption: the client should authenticate the server if the password option is used - and maybe we should be doing this anyway in all cases? (which we sort of do when you have encryption)

@adarrab: if you can take a look at the comments above and maybe even play with the code a little bit, I should be able to take a look at this for the next release

comment:2 Changed 3 years ago by adarrab

Sorry for the confusion, client doesn't listen through SSH, the [SSH/TCP] in the command line is to instruct the client to use [SSH/TCP] connection to the server (like attach [ssh/tcp]:....), once the server is ready. Listening is going to be always over tcp, since clients mostly do not run ssh server.

comment:3 Changed 3 years ago by Antoine Martin

Milestone: 0.170.18

comment:4 Changed 3 years ago by Antoine Martin

May be related / useful for #983 since vsock connections go from guest to host only. (AFAICT)

Edit: that was incorrect.

Last edited 2 years ago by Antoine Martin (previous) (diff)

comment:5 Changed 2 years ago by Antoine Martin

Milestone: 0.181.0

Milestone renamed

comment:6 Changed 2 years ago by Antoine Martin

Milestone: 1.0future

I don't have time for this.

comment:7 Changed 12 months ago by Antoine Martin

Milestone: future2.3
Owner: changed from adarrab to Antoine Martin
Status: newassigned

Should be easy enough to implement.

There are security implications.. I don't think we want to resurrect #1660

Last edited 12 months ago by Antoine Martin (previous) (diff)

comment:8 Changed 11 months ago by Antoine Martin

Milestone: 2.3future

Actually not that easy to implement, and no real need for it.
Re-scheduling.

Note: See TracTickets for help on using tickets.