net: XDMCP reverse-proxy ALG for remote X login into the guest (NAT mode)#43
Open
danifunker wants to merge 2 commits into
Open
net: XDMCP reverse-proxy ALG for remote X login into the guest (NAT mode)#43danifunker wants to merge 2 commits into
danifunker wants to merge 2 commits into
Conversation
… core) New src/xdmcp.rs: the pure, unit-tested core of the XDMCP reverse-proxy ALG. rewrite_request_ipv4() swaps the IPv4 connection-addresses in an XDMCP Request to the NAT gateway (length-preserving) and reports the display number + the X server's real address, so net.rs can wire up the X11 session proxy. Mirrors the FTP PASV ALG pattern. 4 unit tests pass. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- net.rs: on the XDMCP UDP forward (-> guest:177), rewrite the Request's connection-addresses to the gateway and record display->X-server in a new xdmcp_sessions table (poll_udp_fwd_listeners). - net.rs: nfs_remap_dst/nfs_unmap_src consult that table so the guest's X11 session to gateway:(6000+display) is relayed to the real X server -- localhost rides the existing gateway->loopback DNAT; a LAN X server uses the recorded address. Cleared on machine reset. - iris-gui: '+ Add forward' preset 'XDMCP (host 11177 to guest 177, UDP)', binds all interfaces. - docs/xdmcp.md: setup (forward, guest xdm, 177->11177 redirect, X server TCP). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds an XDMCP (X Display Manager Control Protocol, UDP/177) application-layer
gateway so a modern X server can display the guest's IRIX login screen and desktop
by querying its
xdmthrough the software NAT — the XDMCP analog of the existingFTP PASV ALG. Verified against IRIX 5.3 and 6.5 (both speak XDMCP 1.0).
Applies to NAT mode. In PCAP bridged mode the guest is a real L2 host, so no
proxy is needed.
Why
In NAT mode the guest isn't directly addressable, and the XDMCP
Requestcarriesthe X server's connection-addresses (where the session should connect back) —
not reachable as-is from behind the NAT (e.g.
127.0.0.1for an X server on theIRIS host).
How
src/xdmcp.rs— pure, unit-tested XDMCP-1.0 parser +rewrite_request_ipv4():rewrites the
Request's IPv4 connection-addresses to the gateway(length-preserving — IPv4→IPv4, so only the UDP checksum changes) and reports
the display number + the X server's original address(es).
net.rs— on a UDP forward to guest:177, rewrite theRequestand recorddisplay → X-serverin a newxdmcp_sessionstable.nfs_remap_dst/nfs_unmap_srcconsult it so the guest's X11 session togateway:(6000+display)is relayed to the real X server: a same-host server rides the existing
gateway→loopback DNAT, a LAN server uses the recorded address. Cleared on reset.
docs/xdmcp.md— setup (forward, guestxdm, the 177→11177 redirect, Xserver TCP listening).
Testing
cargo testgreen (incl. 4 newxdmcpunit tests).Xephyr :1 -query <host> -ac -listen tcpvia asocat177→11177 bridge → the IRIX
xdmgreeter displayed and login to the fulldesktop worked.
Notes
Stock X servers hardcode UDP 177, so a one-time 177→11177 redirect (pf/iptables)
is documented in
docs/xdmcp.md.MIT-MAGIC-COOKIE-1/ none are supported (address-independent).XDM-AUTHORIZATION-1cryptographically binds the addresses, so the rewritewould break it — it's detected and left unrewritten.
🤖 Generated with Claude Code