Skip to content

wsssh
wsssh
Commit 8bd04b0a authored by Stefy Lanza (nextime / spora )'s avatar Stefy Lanza (nextime / spora )
Browse files
Options

Version 1.6.5: Flexible data encoding support for wsssht 

- Added --enc option to wsssht with hex/base64/bin encoding modes
- Updated tunnel request messages to include encoding specification
- Enhanced wssshc to parse and handle different encoding formats
- Added configuration file support for encoding option
- Updated documentation, man pages, and changelog
- Maintained backward compatibility with hex encoding as default
parent 13104c97
Show whitespace changes
Inline Side-by-side
Showing with 1798 additions and 337 deletions
CHANGELOG.md
View file @ 8bd04b0a
...@@ -5,6 +5,35 @@ All notable changes to this project will be documented in this file. ...@@ -5,6 +5,35 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [1.6.5] - 2025-09-19
### Added
- **Flexible Data Encoding Support**: New `--enc` option for wsssht with multiple encoding modes
- `--enc hex`: Hexadecimal encoding of binary data (default, backward compatible)
- `--enc base64`: Base64 encoding of binary data for better efficiency
- `--enc bin`: Direct binary data transmission without encoding
- Configuration file support with `enc = hex` option in `wsssht.conf`
- Automatic encoding negotiation between wsssht and wssshc clients
### Enhanced
- **Tunnel Data Handling**: Improved data channel message processing
- wssshc now parses `enc` attribute from tunnel requests
- Support for multiple encoding formats in tunnel data messages
- Backward compatibility maintained with existing hex encoding
- Enhanced error handling for unsupported encoding modes
### Technical Details
- **Encoding Architecture**: Extensible encoding system with weight-based selection
- Clean separation between encoding modes and data transmission
- Efficient binary data handling for high-performance applications
- JSON message format updates to include encoding specifications
- Server-side forwarding maintains data integrity across all encoding modes
### Security
- **Data Integrity**: All encoding modes preserve data integrity during transmission
- **Protocol Compliance**: Proper JSON message formatting for all encoding types
- **Backward Compatibility**: Existing installations continue to work without changes
## [1.6.2] - 2025-09-19 ## [1.6.2] - 2025-09-19
### Fixed ### Fixed
......
DOCUMENTATION.md
View file @ 8bd04b0a
...@@ -658,6 +658,14 @@ python3 -m pytest tests/integration/ ...@@ -658,6 +658,14 @@ python3 -m pytest tests/integration/
## Recent Updates ## Recent Updates
### Version 1.6.5
- **Flexible Data Encoding Support**: New `--enc` option for wsssht with multiple encoding modes
- `--enc hex`: Hexadecimal encoding of binary data (default, backward compatible)
- `--enc base64`: Base64 encoding of binary data for better efficiency
- `--enc bin`: Direct binary data transmission without encoding
- Configuration file support with `enc = hex` option in `wsssht.conf`
- Automatic encoding negotiation between wsssht and wssshc clients
### Version 1.6.2 ### Version 1.6.2
- **Tunnel Close Forwarding**: Critical fix for tunnel closure synchronization between wssshc, server, and wsssht - **Tunnel Close Forwarding**: Critical fix for tunnel closure synchronization between wssshc, server, and wsssht
- **Web Terminal JavaScript Fixes**: Comprehensive fixes for web interface terminal functionality - **Web Terminal JavaScript Fixes**: Comprehensive fixes for web interface terminal functionality
......
TODO.md
View file @ 8bd04b0a
# WSSSH: Warp-Powered Stefy's Spatial Secure Hyperdrive - Future Enhancements Roadmap # WSSSH: Warp-Powered Stefy's Spatial Secure Hyperdrive - Future Enhancements Roadmap
## Recently Completed (v1.6.5)
- [x] **Flexible Data Encoding Support**: New `--enc` option for wsssht with multiple encoding modes
- `--enc hex`: Hexadecimal encoding of binary data (default, backward compatible)
- `--enc base64`: Base64 encoding of binary data for better efficiency
- `--enc bin`: Direct binary data transmission without encoding
- Configuration file support with `enc = hex` option in `wsssht.conf`
- Automatic encoding negotiation between wsssht and wssshc clients
- Updated tunnel request messages to include encoding specification
- Enhanced data channel message processing for all encoding formats
- Maintained backward compatibility with existing hex encoding
## Recently Completed (v1.6.2)
- [x] **Tunnel Close Forwarding**: Critical fix for tunnel closure synchronization between wssshc, server, and wsssht
- [x] **Web Terminal JavaScript Fixes**: Comprehensive fixes for web interface terminal functionality
- [x] **Fullscreen Terminal Support**: Enhanced web terminal with fullscreen toggle functionality
- [x] **Logo Serving Path**: Fixed web interface logo loading from correct directory
## Recently Completed (v1.6.1) ## Recently Completed (v1.6.1)
- [x] **Major Code Refactoring**: Complete modularization of `wsssht.c` for improved maintainability - [x] **Major Code Refactoring**: Complete modularization of `wsssht.c` for improved maintainability
- Split monolithic 2769-line `wsssht.c` into modular components in `libwsssht/` directory - Split monolithic 2769-line `wsssht.c` into modular components in `libwsssht/` directory
......
wssshd2/websocket.c
View file @ 8bd04b0a
...@@ -35,11 +35,11 @@ ...@@ -35,11 +35,11 @@
#include "ssl.h" #include "ssl.h"
// Pre-computed JSON message templates // Pre-computed JSON message templates
static const char *REGISTERED_MSG = "{\"type\": \"registered\", \"id\": \"%s\"}"; static const char *REGISTERED_MSG = "{\"type\":\"registered\",\"client_id\":\"%s\"}";
static const char *REGISTRATION_ERROR_MSG = "{\"type\": \"registration_error\", \"error\": \"%s\"}"; static const char *REGISTRATION_ERROR_MSG = "{\"type\":\"registration_error\",\"error\":\"%s\"}";
static const char *TUNNEL_REQUEST_MSG = "{\"type\": \"tunnel_request\", \"request_id\": \"%s\"}"; static const char *TUNNEL_REQUEST_MSG = "{\"type\":\"tunnel_request\",\"request_id\":\"%s\"}";
static const char *TUNNEL_ACK_MSG = "{\"type\": \"tunnel_ack\", \"request_id\": \"%s\"}"; static const char *TUNNEL_ACK_MSG = "{\"type\":\"tunnel_ack\",\"request_id\":\"%s\"}";
static const char *TUNNEL_ERROR_MSG = "{\"type\": \"tunnel_error\", \"request_id\": \"%s\", \"error\": \"%s\"}"; static const char *TUNNEL_ERROR_MSG = "{\"type\":\"tunnel_error\",\"request_id\":\"%s\",\"error\":\"%s\"}";
wssshd_state_t *websocket_init_state(bool debug, const char *server_password) { wssshd_state_t *websocket_init_state(bool debug, const char *server_password) {
wssshd_state_t *state = calloc(1, sizeof(wssshd_state_t)); wssshd_state_t *state = calloc(1, sizeof(wssshd_state_t));
...@@ -233,16 +233,25 @@ int websocket_handle_message(wssshd_state_t *state, ws_connection_t *conn __attr ...@@ -233,16 +233,25 @@ int websocket_handle_message(wssshd_state_t *state, ws_connection_t *conn __attr
// Simple string-based JSON parsing for basic functionality // Simple string-based JSON parsing for basic functionality
// This is a simplified implementation - a full JSON parser would be better // This is a simplified implementation - a full JSON parser would be better
char msg_copy[4096]; #define MSG_BUFFER_SIZE 2097152 // 2MB buffer for large messages
if (message_len >= sizeof(msg_copy)) { char *msg_copy = malloc(MSG_BUFFER_SIZE);
if (!msg_copy) {
if (state->debug) {
printf("[DEBUG] Failed to allocate message buffer\n");
}
return -1;
}
if (message_len >= MSG_BUFFER_SIZE) {
if (state->debug) { if (state->debug) {
printf("[DEBUG] Message too long: %zu bytes\n", message_len); printf("[DEBUG] Message too long: %zu bytes\n", message_len);
} }
free(msg_copy);
return -1; return -1;
} }
memcpy(msg_copy, message, message_len); memcpy(msg_copy, message, message_len);
msg_copy[message_len] = '\0'; msg_copy[message_len] = '\0';
int result = 0; int result = 0;
// Check for registration message // Check for registration message
...@@ -385,6 +394,9 @@ int websocket_handle_message(wssshd_state_t *state, ws_connection_t *conn __attr ...@@ -385,6 +394,9 @@ int websocket_handle_message(wssshd_state_t *state, ws_connection_t *conn __attr
if (client && client->active) { if (client && client->active) {
tunnel_t *tunnel = websocket_add_tunnel(state, request_id, client_id); tunnel_t *tunnel = websocket_add_tunnel(state, request_id, client_id);
if (tunnel) { if (tunnel) {
// Store the wsssht connection in the tunnel for data forwarding
tunnel->wsssh_ws = conn;
tunnel_update_status(tunnel, TUNNEL_STATUS_ACTIVE, NULL); tunnel_update_status(tunnel, TUNNEL_STATUS_ACTIVE, NULL);
// Send tunnel request to client (wssshc) // Send tunnel request to client (wssshc)
...@@ -406,6 +418,10 @@ int websocket_handle_message(wssshd_state_t *state, ws_connection_t *conn __attr ...@@ -406,6 +418,10 @@ int websocket_handle_message(wssshd_state_t *state, ws_connection_t *conn __attr
snprintf(error_msg, sizeof(error_msg), TUNNEL_ERROR_MSG, request_id, "Client not registered or disconnected"); snprintf(error_msg, sizeof(error_msg), TUNNEL_ERROR_MSG, request_id, "Client not registered or disconnected");
ws_send_frame(conn, WS_OPCODE_TEXT, error_msg, strlen(error_msg)); ws_send_frame(conn, WS_OPCODE_TEXT, error_msg, strlen(error_msg));
if (state->debug) printf("[DEBUG] Tunnel request failed: client %s not found or inactive\n", client_id); if (state->debug) printf("[DEBUG] Tunnel request failed: client %s not found or inactive\n", client_id);
// Close the connection that sent the invalid tunnel request
if (state->debug) printf("[DEBUG] Closing connection due to invalid tunnel request from unregistered client %s\n", client_id);
conn->state = WS_STATE_CLOSED;
} }
} }
...@@ -414,6 +430,224 @@ int websocket_handle_message(wssshd_state_t *state, ws_connection_t *conn __attr ...@@ -414,6 +430,224 @@ int websocket_handle_message(wssshd_state_t *state, ws_connection_t *conn __attr
printf("[DEBUG] Freeing tunnel request strings: client_id=%p, request_id=%p\n", client_id, request_id); printf("[DEBUG] Freeing tunnel request strings: client_id=%p, request_id=%p\n", client_id, request_id);
} }
if (client_id) free(client_id); if (client_id) free(client_id);
if (request_id) free(request_id);
} else if (strstr(msg_copy, "\"type\":\"tunnel_ack\"") || strstr(msg_copy, "\"type\": \"tunnel_ack\"")) {
if (state->debug) {
printf("[DEBUG] Processing tunnel acknowledgment\n");
}
// Handle tunnel acknowledgment from wssshc
char *request_id = NULL;
char *ack_request_id_start = strstr(msg_copy, "\"request_id\":\"");
if (ack_request_id_start) {
ack_request_id_start += strlen("\"request_id\":\"");
char *ack_request_id_end = strchr(ack_request_id_start, '"');
if (ack_request_id_end) {
size_t ack_request_id_len = ack_request_id_end - ack_request_id_start;
char *ack_request_id_copy = malloc(ack_request_id_len + 1);
if (ack_request_id_copy) {
memcpy(ack_request_id_copy, ack_request_id_start, ack_request_id_len);
ack_request_id_copy[ack_request_id_len] = '\0';
request_id = ack_request_id_copy;
if (state->debug) printf("[DEBUG] Extracted tunnel_ack request_id: '%s'\n", request_id);
}
}
}
if (request_id) {
// Find the tunnel and mark it as acknowledged
// This is a simple acknowledgment - in a full implementation,
// you might want to track tunnel state more thoroughly
if (state->debug) printf("[DEBUG] Tunnel %s acknowledged by client\n", request_id);
}
if (request_id) free(request_id);
} else if (strstr(msg_copy, "\"type\":\"tunnel_data\"") || strstr(msg_copy, "\"type\": \"tunnel_data\"")) {
if (state->debug) {
printf("[DEBUG] Processing tunnel data\n");
}
// Handle tunnel data from wssshc to wsssht
char *request_id = NULL;
char *data = NULL;
// Extract request_id
char *data_request_id_start = strstr(msg_copy, "\"request_id\":\"");
if (data_request_id_start) {
data_request_id_start += strlen("\"request_id\":\"");
char *data_request_id_end = strchr(data_request_id_start, '"');
if (data_request_id_end) {
size_t data_request_id_len = data_request_id_end - data_request_id_start;
char *data_request_id_copy = malloc(data_request_id_len + 1);
if (data_request_id_copy) {
memcpy(data_request_id_copy, data_request_id_start, data_request_id_len);
data_request_id_copy[data_request_id_len] = '\0';
request_id = data_request_id_copy;
}
}
}
// Extract data
char *data_start = strstr(msg_copy, "\"data\":\"");
if (data_start) {
data_start += strlen("\"data\":\"");
char *data_end = strchr(data_start, '"');
if (data_end) {
size_t data_len = data_end - data_start;
char *data_copy = malloc(data_len + 1);
if (data_copy) {
memcpy(data_copy, data_start, data_len);
data_copy[data_len] = '\0';
data = data_copy;
}
}
}
if (request_id && data) {
// Find the tunnel and forward data to wsssht
tunnel_t *tunnel = websocket_find_tunnel(state, request_id);
if (tunnel && tunnel->wsssh_ws) {
// Calculate binary size from hex data length
size_t hex_len = strlen(data);
size_t binary_size = hex_len / 2;
// Forward hex data directly without decode/re-encode cycle
size_t request_id_len = strlen(request_id);
size_t data_len = strlen(data);
size_t json_overhead = strlen("{\"type\":\"tunnel_data\",\"request_id\":\"\",\"size\":,\"data\":\"\"}");
size_t total_size = json_overhead + request_id_len + 20 + data_len + 1;
// Allocate buffer dynamically to handle large messages
char *forward_msg = malloc(total_size);
if (forward_msg) {
int msg_len = snprintf(forward_msg, total_size, "{\"type\":\"tunnel_data\",\"request_id\":\"%s\",\"size\":%zu,\"data\":\"%s\"}", request_id, binary_size, data);
if (msg_len > 0 && (size_t)msg_len < total_size) {
ws_send_frame(tunnel->wsssh_ws, WS_OPCODE_TEXT, forward_msg, msg_len);
if (state->debug) printf("[DEBUG] Forwarded tunnel data for request %s to wsssht, hex length: %zu bytes (binary size: %zu bytes)\n", request_id, data_len, binary_size);
} else {
if (state->debug) printf("[DEBUG] Failed to format forward message\n");
}
free(forward_msg);
} else {
if (state->debug) printf("[DEBUG] Failed to allocate buffer for forward message\n");
}
} else {
if (state->debug) printf("[DEBUG] Could not find tunnel or wsssht connection for request %s\n", request_id);
}
}
if (request_id) free(request_id);
if (data) free(data);
} else if (strstr(msg_copy, "\"type\":\"tunnel_response\"") || strstr(msg_copy, "\"type\": \"tunnel_response\"")) {
if (state->debug) {
printf("[DEBUG] Processing tunnel response\n");
}
// Handle tunnel response from wssshc to wsssht
char *request_id = NULL;
char *data = NULL;
// Extract request_id
char *resp_request_id_start = strstr(msg_copy, "\"request_id\":\"");
if (resp_request_id_start) {
resp_request_id_start += strlen("\"request_id\":\"");
char *resp_request_id_end = strchr(resp_request_id_start, '"');
if (resp_request_id_end) {
size_t resp_request_id_len = resp_request_id_end - resp_request_id_start;
char *resp_request_id_copy = malloc(resp_request_id_len + 1);
if (resp_request_id_copy) {
memcpy(resp_request_id_copy, resp_request_id_start, resp_request_id_len);
resp_request_id_copy[resp_request_id_len] = '\0';
request_id = resp_request_id_copy;
}
}
}
// Extract data
char *resp_data_start = strstr(msg_copy, "\"data\":\"");
if (resp_data_start) {
resp_data_start += strlen("\"data\":\"");
char *resp_data_end = strchr(resp_data_start, '"');
if (resp_data_end) {
size_t resp_data_len = resp_data_end - resp_data_start;
char *resp_data_copy = malloc(resp_data_len + 1);
if (resp_data_copy) {
memcpy(resp_data_copy, resp_data_start, resp_data_len);
resp_data_copy[resp_data_len] = '\0';
data = resp_data_copy;
}
}
}
if (request_id && data) {
// Find the tunnel and forward response to wsssht
tunnel_t *tunnel = websocket_find_tunnel(state, request_id);
if (tunnel && tunnel->wsssh_ws) {
// Forward hex data directly without decode/re-encode cycle
size_t request_id_len = strlen(request_id);
size_t data_len = strlen(data);
size_t json_overhead = strlen("{\"type\":\"tunnel_response\",\"request_id\":\"\",\"data\":\"\"}");
size_t total_size = json_overhead + request_id_len + data_len + 1;
// Allocate buffer dynamically to handle large messages
char *forward_msg = malloc(total_size);
if (forward_msg) {
int msg_len = snprintf(forward_msg, total_size, "{\"type\":\"tunnel_response\",\"request_id\":\"%s\",\"data\":\"%s\"}", request_id, data);
if (msg_len > 0 && (size_t)msg_len < total_size) {
ws_send_frame(tunnel->wsssh_ws, WS_OPCODE_TEXT, forward_msg, msg_len);
if (state->debug) printf("[DEBUG] Forwarded tunnel response for request %s to wsssht, hex length: %zu bytes\n", request_id, data_len);
} else {
if (state->debug) printf("[DEBUG] Failed to format forward message\n");
}
free(forward_msg);
} else {
if (state->debug) printf("[DEBUG] Failed to allocate buffer for forward message\n");
}
} else {
if (state->debug) printf("[DEBUG] Could not find tunnel or wsssht connection for request %s\n", request_id);
}
}
if (request_id) free(request_id);
if (data) free(data);
} else if (strstr(msg_copy, "\"type\":\"tunnel_close\"") || strstr(msg_copy, "\"type\": \"tunnel_close\"")) {
if (state->debug) {
printf("[DEBUG] Processing tunnel close\n");
}
// Handle tunnel close from wssshc
char *request_id = NULL;
char *close_request_id_start = strstr(msg_copy, "\"request_id\":\"");
if (close_request_id_start) {
close_request_id_start += strlen("\"request_id\":\"");
char *close_request_id_end = strchr(close_request_id_start, '"');
if (close_request_id_end) {
size_t close_request_id_len = close_request_id_end - close_request_id_start;
char *close_request_id_copy = malloc(close_request_id_len + 1);
if (close_request_id_copy) {
memcpy(close_request_id_copy, close_request_id_start, close_request_id_len);
close_request_id_copy[close_request_id_len] = '\0';
request_id = close_request_id_copy;
if (state->debug) printf("[DEBUG] Extracted tunnel_close request_id: '%s'\n", request_id);
}
}
}
if (request_id) {
// Find the tunnel and forward close to wsssht
tunnel_t *tunnel = websocket_find_tunnel(state, request_id);
if (tunnel && tunnel->wsssh_ws) {
// Forward the close message to wsssht
char close_msg[256];
snprintf(close_msg, sizeof(close_msg), "{\"type\":\"tunnel_close\",\"request_id\":\"%s\"}", request_id);
ws_send_frame(tunnel->wsssh_ws, WS_OPCODE_TEXT, close_msg, strlen(close_msg));
if (state->debug) printf("[DEBUG] Forwarded tunnel_close for request %s to wsssht\n", request_id);
}
// Remove the tunnel
websocket_remove_tunnel(state, request_id);
if (state->debug) printf("[DEBUG] Closed tunnel %s\n", request_id);
if (!state->debug) printf("[EVENT] Tunnel %s closed\n", request_id);
}
if (request_id) free(request_id); if (request_id) free(request_id);
} else { } else {
if (state->debug) { if (state->debug) {
...@@ -422,6 +656,7 @@ int websocket_handle_message(wssshd_state_t *state, ws_connection_t *conn __attr ...@@ -422,6 +656,7 @@ int websocket_handle_message(wssshd_state_t *state, ws_connection_t *conn __attr
} }
// TODO: Handle other message types with similar string parsing // TODO: Handle other message types with similar string parsing
free(msg_copy);
return result; return result;
} }
......
wsssht.conf.example
View file @ 8bd04b0a
...@@ -34,3 +34,6 @@ tunnel-host = 127.0.0.1 ...@@ -34,3 +34,6 @@ tunnel-host = 127.0.0.1
# Connection retry interval in seconds (default: 5) # Connection retry interval in seconds (default: 5)
interval = 5 interval = 5
# Data encoding: hex, base64, or bin (default: hex)
enc = hex
\ No newline at end of file
wssshtools/debian/changelog
View file @ 8bd04b0a
wsssh-tools (1.6.1-1) unstable; urgency=medium wsssh-tools (1.6.5-1) unstable; urgency=medium
* Version 1.6.1: Major code refactoring and documentation updates * Version 1.6.5: Flexible data encoding support for wsssht
* Complete modularization of wsssht.c into libwsssht/ components * Added --enc option with hex/base64/bin encoding modes
* Enhanced tunnel data handling with multiple encoding formats
* Improved data channel message processing and negotiation
* Split monolithic 2769-line wsssht.c into modular structure: * Split monolithic 2769-line wsssht.c into modular structure:
- utils.h/c: Utility functions (print_usage, parse_connection_string, parse_args) - utils.h/c: Utility functions (print_usage, parse_connection_string, parse_args)
- modes.h/c: Operating mode implementations (bridge, script, daemon modes) - modes.h/c: Operating mode implementations (bridge, script, daemon modes)
......
wssshtools/libwsssht/control_messages.c
View file @ 8bd04b0a
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
#include <time.h> #include <time.h>
#include <unistd.h> #include <unistd.h>
#define BUFFER_SIZE 8192 #define BUFFER_SIZE 1048576
int send_json_message(SSL *ssl, const char *type, const char *client_id, const char *request_id) { int send_json_message(SSL *ssl, const char *type, const char *client_id, const char *request_id) {
char message[1024]; char message[1024];
...@@ -88,22 +88,43 @@ int send_registration_message(SSL *ssl, const char *client_id, const char *passw ...@@ -88,22 +88,43 @@ int send_registration_message(SSL *ssl, const char *client_id, const char *passw
} }
int send_tunnel_request_message(SSL *ssl, const char *client_id, const char *request_id, const char *tunnel, const char *tunnel_control, const char *service) { int send_tunnel_request_message(SSL *ssl, const char *client_id, const char *request_id, const char *tunnel, const char *tunnel_control, const char *service) {
return send_tunnel_request_message_with_enc(ssl, client_id, request_id, tunnel, tunnel_control, service, ENCODING_HEX);
}
int send_tunnel_request_message_with_enc(SSL *ssl, const char *client_id, const char *request_id, const char *tunnel, const char *tunnel_control, const char *service, wsssh_encoding_t encoding) {
const char *enc_str;
switch (encoding) {
case ENCODING_HEX:
enc_str = "hex";
break;
case ENCODING_BASE64:
enc_str = "base64";
break;
case ENCODING_BINARY:
enc_str = "bin";
break;
default:
enc_str = "hex";
break;
}
char message[1024]; char message[1024];
if (service) { if (service) {
snprintf(message, sizeof(message), snprintf(message, sizeof(message),
"{\"type\":\"tunnel_request\",\"client_id\":\"%s\",\"request_id\":\"%s\",\"tunnel\":\"%s\",\"tunnel_control\":\"%s\",\"service\":\"%s\",\"version\":\"%s\"}", "{\"type\":\"tunnel_request\",\"client_id\":\"%s\",\"request_id\":\"%s\",\"tunnel\":\"%s\",\"tunnel_control\":\"%s\",\"service\":\"%s\",\"enc\":\"%s\",\"version\":\"%s\"}",
client_id, request_id, tunnel, tunnel_control, service, WSSSH_VERSION); client_id, request_id, tunnel, tunnel_control, service, enc_str, WSSSH_VERSION);
} else { } else {
snprintf(message, sizeof(message), snprintf(message, sizeof(message),
"{\"type\":\"tunnel_request\",\"client_id\":\"%s\",\"request_id\":\"%s\",\"tunnel\":\"%s\",\"tunnel_control\":\"%s\",\"version\":\"%s\"}", "{\"type\":\"tunnel_request\",\"client_id\":\"%s\",\"request_id\":\"%s\",\"tunnel\":\"%s\",\"tunnel_control\":\"%s\",\"enc\":\"%s\",\"version\":\"%s\"}",
client_id, request_id, tunnel, tunnel_control, WSSSH_VERSION); client_id, request_id, tunnel, tunnel_control, enc_str, WSSSH_VERSION);
} }
// Send as WebSocket frame // Send as WebSocket frame
return send_websocket_frame(ssl, message); return send_websocket_frame(ssl, message);
} }
int send_tunnel_close_message(SSL *ssl, const char *request_id, int debug) { int send_tunnel_close_message(SSL *ssl, const char *request_id, int debug) {
char close_msg[256]; char close_msg[256];
snprintf(close_msg, sizeof(close_msg), "{\"type\":\"tunnel_close\",\"request_id\":\"%s\"}", request_id); snprintf(close_msg, sizeof(close_msg), "{\"type\":\"tunnel_close\",\"request_id\":\"%s\"}", request_id);
......
wssshtools/libwsssht/control_messages.h
View file @ 8bd04b0a
...@@ -21,12 +21,14 @@ ...@@ -21,12 +21,14 @@
#define CONTROL_MESSAGES_H #define CONTROL_MESSAGES_H
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include "wssshlib.h"
#include "tunnel.h" #include "tunnel.h"
// Function declarations for control channel messages // Function declarations for control channel messages
int send_json_message(SSL *ssl, const char *type, const char *client_id, const char *request_id); int send_json_message(SSL *ssl, const char *type, const char *client_id, const char *request_id);
int send_registration_message(SSL *ssl, const char *client_id, const char *password, const char *tunnel, const char *tunnel_control, const char *wssshd_private_ip); int send_registration_message(SSL *ssl, const char *client_id, const char *password, const char *tunnel, const char *tunnel_control, const char *wssshd_private_ip);
int send_tunnel_request_message(SSL *ssl, const char *client_id, const char *request_id, const char *tunnel, const char *tunnel_control, const char *service); int send_tunnel_request_message(SSL *ssl, const char *client_id, const char *request_id, const char *tunnel, const char *tunnel_control, const char *service);
int send_tunnel_request_message_with_enc(SSL *ssl, const char *client_id, const char *request_id, const char *tunnel, const char *tunnel_control, const char *service, wsssh_encoding_t encoding);
int send_tunnel_close_message(SSL *ssl, const char *request_id, int debug); int send_tunnel_close_message(SSL *ssl, const char *request_id, int debug);
int send_tunnel_keepalive_message(SSL *ssl, tunnel_t *tunnel, int debug); int send_tunnel_keepalive_message(SSL *ssl, tunnel_t *tunnel, int debug);
int send_tunnel_keepalive_ack_message(SSL *ssl, const char *request_id, int debug); int send_tunnel_keepalive_ack_message(SSL *ssl, const char *request_id, int debug);
......
wssshtools/libwsssht/data_messages.c
View file @ 8bd04b0a
...@@ -18,16 +18,23 @@ ...@@ -18,16 +18,23 @@
*/ */
#include "data_messages.h" #include "data_messages.h"
#include "wssshlib.h"
#include "websocket.h" #include "websocket.h"
#include "tunnel.h" #include "tunnel.h"
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <zlib.h>
#include <zlib.h> // For CRC32
#include <time.h>
#include <pthread.h>
int send_tunnel_data_message(SSL *ssl, const char *request_id, const char *data_hex, int debug) { int send_tunnel_data_message(SSL *ssl, const char *request_id, const char *data_hex, int debug) {
// Send as tunnel_data // Send as tunnel_data with size information
size_t msg_size = strlen("{\"type\":\"tunnel_data\",\"request_id\":\"\",\"data\":\"\"}") + strlen(request_id) + strlen(data_hex) + 1; size_t hex_len = strlen(data_hex);
size_t binary_size = hex_len / 2; // Size of actual binary data
size_t msg_size = strlen("{\"type\":\"tunnel_data\",\"request_id\":\"\",\"size\":,\"data\":\"\"}") + strlen(request_id) + 20 + hex_len + 1;
char *message = malloc(msg_size); char *message = malloc(msg_size);
if (!message) { if (!message) {
if (debug) { if (debug) {
...@@ -37,8 +44,8 @@ int send_tunnel_data_message(SSL *ssl, const char *request_id, const char *data_ ...@@ -37,8 +44,8 @@ int send_tunnel_data_message(SSL *ssl, const char *request_id, const char *data_
return 0; return 0;
} }
snprintf(message, msg_size, snprintf(message, msg_size,
"{\"type\":\"tunnel_data\",\"request_id\":\"%s\",\"data\":\"%s\"}", "{\"type\":\"tunnel_data\",\"request_id\":\"%s\",\"size\":%zu,\"data\":\"%s\"}",
request_id, data_hex); request_id, binary_size, data_hex);
if (!send_websocket_frame(ssl, message)) { if (!send_websocket_frame(ssl, message)) {
if (debug) { if (debug) {
...@@ -53,9 +60,371 @@ int send_tunnel_data_message(SSL *ssl, const char *request_id, const char *data_ ...@@ -53,9 +60,371 @@ int send_tunnel_data_message(SSL *ssl, const char *request_id, const char *data_
return 1; return 1;
} }
int send_tunnel_data_binary_message(SSL *ssl, const char *request_id, const unsigned char *data, size_t data_len, int debug) {
// Send binary data directly in tunnel_data message
// First, base64 encode the binary data
size_t b64_len = ((data_len + 2) / 3) * 4 + 1; // Base64 encoded length + null terminator
char *b64_data = malloc(b64_len);
if (!b64_data) {
if (debug) {
printf("[DEBUG] Failed to allocate memory for base64 encoding (%zu bytes)\n", b64_len);
fflush(stdout);
}
return 0;
}
// Simple base64 encoding
static const char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
size_t i = 0, j = 0;
while (i < data_len) {
uint32_t octet_a = i < data_len ? data[i++] : 0;
uint32_t octet_b = i < data_len ? data[i++] : 0;
uint32_t octet_c = i < data_len ? data[i++] : 0;
uint32_t triple = (octet_a << 16) | (octet_b << 8) | octet_c;
b64_data[j++] = base64_chars[(triple >> 18) & 0x3F];
b64_data[j++] = base64_chars[(triple >> 12) & 0x3F];
b64_data[j++] = base64_chars[(triple >> 6) & 0x3F];
b64_data[j++] = base64_chars[triple & 0x3F];
}
// Add padding
size_t padding = (3 - (data_len % 3)) % 3;
for (size_t p = 0; p < padding; p++) {
b64_data[j - 1 - p] = '=';
}
b64_data[j] = '\0';
// Create JSON message
size_t msg_size = strlen("{\"type\":\"tunnel_data\",\"request_id\":\"\",\"data\":\"\"}") + strlen(request_id) + b64_len + 1;
char *message = malloc(msg_size);
if (!message) {
if (debug) {
printf("[DEBUG] Failed to allocate memory for binary tunnel_data message (%zu bytes)\n", msg_size);
fflush(stdout);
}
free(b64_data);
return 0;
}
snprintf(message, msg_size, "{\"type\":\"tunnel_data\",\"request_id\":\"%s\",\"data\":\"%s\"}", request_id, b64_data);
if (!send_websocket_frame(ssl, message)) {
if (debug) {
printf("[DEBUG] Failed to send binary tunnel_data WebSocket frame\n");
fflush(stdout);
}
free(message);
free(b64_data);
return 0;
}
free(message);
free(b64_data);
return 1;
}
// CRC32 checksum calculation
uint32_t crc32_checksum(const unsigned char *data, size_t len) {
return crc32(0L, data, len);
}
// Retransmission buffer functions
retransmission_buffer_t *retransmission_buffer_init(void) {
retransmission_buffer_t *buffer = malloc(sizeof(retransmission_buffer_t));
if (!buffer) return NULL;
buffer->count = 0;
buffer->next_frame_id = 1; // Start from 1
pthread_mutex_init(&buffer->mutex, NULL);
// Initialize all entries as empty
for (int i = 0; i < RETRANSMISSION_BUFFER_SIZE; i++) {
buffer->entries[i].frame_id = 0;
buffer->entries[i].message = NULL;
buffer->entries[i].message_len = 0;
buffer->entries[i].timestamp = 0;
buffer->entries[i].retries = 0;
}
return buffer;
}
void retransmission_buffer_free(retransmission_buffer_t *buffer) {
if (!buffer) return;
pthread_mutex_lock(&buffer->mutex);
for (int i = 0; i < RETRANSMISSION_BUFFER_SIZE; i++) {
if (buffer->entries[i].message) {
free(buffer->entries[i].message);
}
}
pthread_mutex_unlock(&buffer->mutex);
pthread_mutex_destroy(&buffer->mutex);
free(buffer);
}
int retransmission_buffer_add(retransmission_buffer_t *buffer, uint32_t frame_id, const char *message, size_t message_len) {
if (!buffer || !message) return 0;
pthread_mutex_lock(&buffer->mutex);
// Find empty slot or evict oldest
int slot = -1;
time_t oldest_time = time(NULL) + 1; // Future time
for (int i = 0; i < RETRANSMISSION_BUFFER_SIZE; i++) {
if (buffer->entries[i].frame_id == 0) {
// Empty slot
slot = i;
break;
} else if (buffer->entries[i].timestamp < oldest_time) {
// Track oldest for eviction
oldest_time = buffer->entries[i].timestamp;
slot = i;
}
}
if (slot == -1) {
// Should not happen, but just in case
pthread_mutex_unlock(&buffer->mutex);
return 0;
}
// Free old message if any
if (buffer->entries[slot].message) {
free(buffer->entries[slot].message);
}
// Add new entry
buffer->entries[slot].frame_id = frame_id;
buffer->entries[slot].message = malloc(message_len + 1);
if (!buffer->entries[slot].message) {
pthread_mutex_unlock(&buffer->mutex);
return 0;
}
memcpy(buffer->entries[slot].message, message, message_len);
buffer->entries[slot].message[message_len] = '\0';
buffer->entries[slot].message_len = message_len;
buffer->entries[slot].timestamp = time(NULL);
buffer->entries[slot].retries = 0;
if (buffer->count < RETRANSMISSION_BUFFER_SIZE) {
buffer->count++;
}
pthread_mutex_unlock(&buffer->mutex);
return 1;
}
void retransmission_buffer_ack(retransmission_buffer_t *buffer, uint32_t frame_id) {
if (!buffer) return;
pthread_mutex_lock(&buffer->mutex);
for (int i = 0; i < RETRANSMISSION_BUFFER_SIZE; i++) {
if (buffer->entries[i].frame_id == frame_id) {
// Remove the entry
if (buffer->entries[i].message) {
free(buffer->entries[i].message);
}
buffer->entries[i].frame_id = 0;
buffer->entries[i].message = NULL;
buffer->entries[i].message_len = 0;
buffer->entries[i].timestamp = 0;
buffer->entries[i].retries = 0;
buffer->count--;
break;
}
}
pthread_mutex_unlock(&buffer->mutex);
}
void retransmission_buffer_ko(retransmission_buffer_t *buffer, uint32_t frame_id) {
if (!buffer) return;
pthread_mutex_lock(&buffer->mutex);
for (int i = 0; i < RETRANSMISSION_BUFFER_SIZE; i++) {
if (buffer->entries[i].frame_id == frame_id) {
// Increment retry count
buffer->entries[i].retries++;
if (buffer->entries[i].retries >= MAX_RETRIES) {
// Max retries reached, remove entry
if (buffer->entries[i].message) {
free(buffer->entries[i].message);
}
buffer->entries[i].frame_id = 0;
buffer->entries[i].message = NULL;
buffer->entries[i].message_len = 0;
buffer->entries[i].timestamp = 0;
buffer->entries[i].retries = 0;
buffer->count--;
} else {
// Update timestamp for retransmission
buffer->entries[i].timestamp = time(NULL);
}
break;
}
}
pthread_mutex_unlock(&buffer->mutex);
}
void retransmission_buffer_gc(retransmission_buffer_t *buffer) {
if (!buffer) return;
time_t current_time = time(NULL);
pthread_mutex_lock(&buffer->mutex);
for (int i = 0; i < RETRANSMISSION_BUFFER_SIZE; i++) {
if (buffer->entries[i].frame_id != 0 &&
current_time - buffer->entries[i].timestamp > RETRANSMISSION_TIMEOUT) {
// Timeout, remove entry
if (buffer->entries[i].message) {
free(buffer->entries[i].message);
}
buffer->entries[i].frame_id = 0;
buffer->entries[i].message = NULL;
buffer->entries[i].message_len = 0;
buffer->entries[i].timestamp = 0;
buffer->entries[i].retries = 0;
buffer->count--;
}
}
pthread_mutex_unlock(&buffer->mutex);
}
uint32_t retransmission_buffer_get_next_frame_id(retransmission_buffer_t *buffer) {
if (!buffer) return 0;
pthread_mutex_lock(&buffer->mutex);
uint32_t frame_id = buffer->next_frame_id++;
if (buffer->next_frame_id == 0) { // Wrap around
buffer->next_frame_id = 1;
}
pthread_mutex_unlock(&buffer->mutex);
return frame_id;
}
// Reliable tunnel data message with frame_id and checksum
int send_tunnel_data_reliable_message(SSL *ssl, const char *request_id, const unsigned char *data, size_t data_len, retransmission_buffer_t *buffer, int debug) {
if (!buffer) return 0;
// Calculate checksum
uint32_t checksum = crc32_checksum(data, data_len);
// Get next frame ID
uint32_t frame_id = retransmission_buffer_get_next_frame_id(buffer);
// Base64 encode the binary data
size_t b64_len = ((data_len + 2) / 3) * 4 + 1;
char *b64_data = malloc(b64_len);
if (!b64_data) {
if (debug) {
printf("[DEBUG] Failed to allocate memory for base64 encoding (%zu bytes)\n", b64_len);
fflush(stdout);
}
return 0;
}
// Simple base64 encoding
static const char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
size_t i = 0, j = 0;
while (i < data_len) {
uint32_t octet_a = i < data_len ? data[i++] : 0;
uint32_t octet_b = i < data_len ? data[i++] : 0;
uint32_t octet_c = i < data_len ? data[i++] : 0;
uint32_t triple = (octet_a << 16) | (octet_b << 8) | octet_c;
b64_data[j++] = base64_chars[(triple >> 18) & 0x3F];
b64_data[j++] = base64_chars[(triple >> 12) & 0x3F];
b64_data[j++] = base64_chars[(triple >> 6) & 0x3F];
b64_data[j++] = base64_chars[triple & 0x3F];
}
// Add padding
size_t padding = (3 - (data_len % 3)) % 3;
for (size_t p = 0; p < padding; p++) {
b64_data[j - 1 - p] = '=';
}
b64_data[j] = '\0';
// Create JSON message with frame_id and checksum
size_t msg_size = strlen("{\"type\":\"tunnel_data\",\"request_id\":\"\",\"frame_id\":,\"checksum\":,\"data\":\"\"}") +
strlen(request_id) + 20 + 10 + b64_len + 1; // frame_id (10) + checksum (10)
char *message = malloc(msg_size);
if (!message) {
if (debug) {
printf("[DEBUG] Failed to allocate memory for reliable tunnel_data message (%zu bytes)\n", msg_size);
fflush(stdout);
}
free(b64_data);
return 0;
}
snprintf(message, msg_size, "{\"type\":\"tunnel_data\",\"request_id\":\"%s\",\"frame_id\":%u,\"checksum\":%u,\"data\":\"%s\"}",
request_id, frame_id, checksum, b64_data);
// Add to retransmission buffer
if (!retransmission_buffer_add(buffer, frame_id, message, strlen(message))) {
if (debug) {
printf("[DEBUG] Failed to add message to retransmission buffer\n");
fflush(stdout);
}
free(message);
free(b64_data);
return 0;
}
if (!send_websocket_frame(ssl, message)) {
if (debug) {
printf("[DEBUG] Failed to send reliable tunnel_data WebSocket frame\n");
fflush(stdout);
}
free(message);
free(b64_data);
return 0;
}
free(message);
free(b64_data);
return 1;
}
// ACK message
int send_tunnel_ack_message(SSL *ssl, const char *request_id, uint32_t frame_id, int debug) {
char message[256];
snprintf(message, sizeof(message), "{\"type\":\"tunnel_ack\",\"request_id\":\"%s\",\"frame_id\":%u}", request_id, frame_id);
if (debug) {
printf("[DEBUG] Sending tunnel_ack: %s\n", message);
fflush(stdout);
}
return send_websocket_frame(ssl, message);
}
// KO (error) message
int send_tunnel_ko_message(SSL *ssl, const char *request_id, uint32_t frame_id, int debug) {
char message[256];
snprintf(message, sizeof(message), "{\"type\":\"tunnel_ko\",\"request_id\":\"%s\",\"frame_id\":%u}", request_id, frame_id);
if (debug) {
printf("[DEBUG] Sending tunnel_ko: %s\n", message);
fflush(stdout);
}
return send_websocket_frame(ssl, message);
}
int send_tunnel_response_message(SSL *ssl, const char *request_id, const char *data_hex, int debug) { int send_tunnel_response_message(SSL *ssl, const char *request_id, const char *data_hex, int debug) {
// Send as tunnel_response (from target back to WebSocket) // Send as tunnel_response (from target back to WebSocket) with size information
size_t msg_size = strlen("{\"type\":\"tunnel_response\",\"request_id\":\"\",\"data\":\"\"}") + strlen(request_id) + strlen(data_hex) + 1; size_t hex_len = strlen(data_hex);
size_t binary_size = hex_len / 2; // Size of actual binary data
size_t msg_size = strlen("{\"type\":\"tunnel_response\",\"request_id\":\"\",\"size\":,\"data\":\"\"}") + strlen(request_id) + 20 + hex_len + 1;
char *message = malloc(msg_size); char *message = malloc(msg_size);
if (!message) { if (!message) {
if (debug) { if (debug) {
...@@ -65,8 +434,8 @@ int send_tunnel_response_message(SSL *ssl, const char *request_id, const char *d ...@@ -65,8 +434,8 @@ int send_tunnel_response_message(SSL *ssl, const char *request_id, const char *d
return 0; return 0;
} }
snprintf(message, msg_size, snprintf(message, msg_size,
"{\"type\":\"tunnel_response\",\"request_id\":\"%s\",\"data\":\"%s\"}", "{\"type\":\"tunnel_response\",\"request_id\":\"%s\",\"size\":%zu,\"data\":\"%s\"}",
request_id, data_hex); request_id, binary_size, data_hex);
if (!send_websocket_frame(ssl, message)) { if (!send_websocket_frame(ssl, message)) {
if (debug) { if (debug) {
......
wssshtools/libwsssht/data_messages.h
View file @ 8bd04b0a
...@@ -22,8 +22,47 @@ ...@@ -22,8 +22,47 @@
#include <openssl/ssl.h> #include <openssl/ssl.h>
// Retransmission buffer entry
typedef struct {
uint32_t frame_id;
char *message;
size_t message_len;
time_t timestamp;
int retries;
} retransmission_entry_t;
// Retransmission buffer
#define RETRANSMISSION_BUFFER_SIZE 10
#define MAX_FRAME_SIZE 1048576 // 1MB max frame size
#define RETRANSMISSION_TIMEOUT 30 // 30 seconds timeout
#define MAX_RETRIES 3
typedef struct {
retransmission_entry_t entries[RETRANSMISSION_BUFFER_SIZE];
int count;
uint32_t next_frame_id;
pthread_mutex_t mutex;
} retransmission_buffer_t;
// Function declarations for data channel messages // Function declarations for data channel messages
int send_tunnel_data_message(SSL *ssl, const char *request_id, const char *data_hex, int debug); int send_tunnel_data_message(SSL *ssl, const char *request_id, const char *data_hex, int debug);
int send_tunnel_data_binary_message(SSL *ssl, const char *request_id, const unsigned char *data, size_t data_len, int debug);
int send_tunnel_data_reliable_message(SSL *ssl, const char *request_id, const unsigned char *data, size_t data_len, retransmission_buffer_t *buffer, int debug);
int send_tunnel_response_message(SSL *ssl, const char *request_id, const char *data_hex, int debug); int send_tunnel_response_message(SSL *ssl, const char *request_id, const char *data_hex, int debug);
int send_tunnel_ack_message(SSL *ssl, const char *request_id, uint32_t frame_id, int debug);
int send_tunnel_ko_message(SSL *ssl, const char *request_id, uint32_t frame_id, int debug);
// Retransmission buffer functions
retransmission_buffer_t *retransmission_buffer_init(void);
void retransmission_buffer_free(retransmission_buffer_t *buffer);
int retransmission_buffer_add(retransmission_buffer_t *buffer, uint32_t frame_id, const char *message, size_t message_len);
void retransmission_buffer_ack(retransmission_buffer_t *buffer, uint32_t frame_id);
void retransmission_buffer_ko(retransmission_buffer_t *buffer, uint32_t frame_id);
void retransmission_buffer_gc(retransmission_buffer_t *buffer);
uint32_t retransmission_buffer_get_next_frame_id(retransmission_buffer_t *buffer);
// Checksum functions
uint32_t crc32_checksum(const unsigned char *data, size_t len);
int send_tunnel_data_binary_message(SSL *ssl, const char *request_id, const unsigned char *data, size_t data_len, int debug);
#endif // DATA_MESSAGES_H #endif // DATA_MESSAGES_H
\ No newline at end of file
wssshtools/libwsssht/modes.c
View file @ 8bd04b0a
...@@ -55,16 +55,14 @@ int run_bridge_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -55,16 +55,14 @@ int run_bridge_mode(wsssh_config_t *config, const char *client_id, const char *w
} }
// Send initial status // Send initial status
printf("{\"type\":\"bridge_started\",\"client_id\":\"%s\",\"host\":\"%s\",\"port\":%d,\"timestamp\":%ld}\n", fprintf(stderr, "{\"type\":\"bridge_started\",\"client_id\":\"%s\",\"host\":\"%s\",\"port\":%d,\"timestamp\":%ld}\n",
client_id, wssshd_host, wssshd_port, time(NULL)); client_id, wssshd_host, wssshd_port, time(NULL));
fflush(stdout);
// Establish WebSocket connection (no tunnel setup) // Establish WebSocket connection (no tunnel setup)
SSL_CTX *ws_ctx = NULL; SSL_CTX *ws_ctx = NULL;
int ws_sock = setup_websocket_connection(wssshd_host, wssshd_port, client_id, config->debug, &ws_ctx); int ws_sock = setup_websocket_connection(wssshd_host, wssshd_port, client_id, config->debug, &ws_ctx);
if (ws_sock < 0) { if (ws_sock < 0) {
printf("{\"type\":\"error\",\"message\":\"Failed to establish WebSocket connection\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"error\",\"message\":\"Failed to establish WebSocket connection\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
if (ws_ctx) SSL_CTX_free(ws_ctx); if (ws_ctx) SSL_CTX_free(ws_ctx);
return 1; return 1;
} }
...@@ -72,16 +70,14 @@ int run_bridge_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -72,16 +70,14 @@ int run_bridge_mode(wsssh_config_t *config, const char *client_id, const char *w
// Get the SSL connection for sending messages // Get the SSL connection for sending messages
SSL *ws_ssl = active_tunnel ? active_tunnel->ssl : NULL; SSL *ws_ssl = active_tunnel ? active_tunnel->ssl : NULL;
if (!ws_ssl) { if (!ws_ssl) {
printf("{\"type\":\"error\",\"message\":\"Failed to get SSL connection\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"error\",\"message\":\"Failed to get SSL connection\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
close(ws_sock); close(ws_sock);
if (ws_ctx) SSL_CTX_free(ws_ctx); if (ws_ctx) SSL_CTX_free(ws_ctx);
return 1; return 1;
} }
// Send connection established message // Send connection established message
printf("{\"type\":\"websocket_connected\",\"socket\":%d,\"timestamp\":%ld}\n", ws_sock, time(NULL)); fprintf(stderr, "{\"type\":\"websocket_connected\",\"socket\":%d,\"timestamp\":%ld}\n", ws_sock, time(NULL));
fflush(stdout);
// Main bridge loop - pure transport layer // Main bridge loop - pure transport layer
char buffer[BUFFER_SIZE]; char buffer[BUFFER_SIZE];
...@@ -92,8 +88,7 @@ int run_bridge_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -92,8 +88,7 @@ int run_bridge_mode(wsssh_config_t *config, const char *client_id, const char *w
static char frame_buffer[BUFFER_SIZE * 4]; static char frame_buffer[BUFFER_SIZE * 4];
static int frame_buffer_used = 0; static int frame_buffer_used = 0;
printf("{\"type\":\"bridge_ready\",\"message\":\"Pure transport layer active\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"bridge_ready\",\"message\":\"Pure transport layer active\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
while (1) { while (1) {
// Check for stdin input (messages to send to server) // Check for stdin input (messages to send to server)
...@@ -112,8 +107,7 @@ int run_bridge_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -112,8 +107,7 @@ int run_bridge_mode(wsssh_config_t *config, const char *client_id, const char *w
if (FD_ISSET(STDIN_FILENO, &readfds)) { if (FD_ISSET(STDIN_FILENO, &readfds)) {
if (fgets(buffer, sizeof(buffer), stdin) == NULL) { if (fgets(buffer, sizeof(buffer), stdin) == NULL) {
// EOF or error on stdin // EOF or error on stdin
printf("{\"type\":\"stdin_closed\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"stdin_closed\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
break; break;
} }
...@@ -133,12 +127,10 @@ int run_bridge_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -133,12 +127,10 @@ int run_bridge_mode(wsssh_config_t *config, const char *client_id, const char *w
// Send message to appropriate WebSocket channel using SSL // Send message to appropriate WebSocket channel using SSL
if (send_websocket_frame(ws_ssl, buffer)) { if (send_websocket_frame(ws_ssl, buffer)) {
printf("{\"type\":\"message_sent\",\"channel\":\"%s\",\"message\":\"%s\",\"timestamp\":%ld}\n", fprintf(stderr, "{\"type\":\"message_sent\",\"channel\":\"%s\",\"message\":\"%s\",\"timestamp\":%ld}\n",
channel, buffer, time(NULL)); channel, buffer, time(NULL));
fflush(stdout);
} else { } else {
printf("{\"type\":\"send_error\",\"channel\":\"%s\",\"timestamp\":%ld}\n", channel, time(NULL)); fprintf(stderr, "{\"type\":\"send_error\",\"channel\":\"%s\",\"timestamp\":%ld}\n", channel, time(NULL));
fflush(stdout);
} }
} }
} }
...@@ -177,25 +169,20 @@ int run_bridge_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -177,25 +169,20 @@ int run_bridge_mode(wsssh_config_t *config, const char *client_id, const char *w
channel = "data"; channel = "data";
} }
printf("{\"type\":\"message_received\",\"channel\":\"%s\",\"message\":\"%s\",\"timestamp\":%ld}\n", fprintf(stderr, "{\"type\":\"message_received\",\"channel\":\"%s\",\"message\":\"%s\",\"timestamp\":%ld}\n",
channel, buffer, time(NULL)); channel, buffer, time(NULL));
fflush(stdout);
} }
} else if (frame_type == 0x88) { // Close frame } else if (frame_type == 0x88) { // Close frame
printf("{\"type\":\"websocket_close\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"websocket_close\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
break; break;
} else if (frame_type == 0x89) { // Ping frame } else if (frame_type == 0x89) { // Ping frame
printf("{\"type\":\"ping_received\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"ping_received\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
// Send pong // Send pong
if (!send_pong_frame(ws_ssl, payload, payload_len)) { if (!send_pong_frame(ws_ssl, payload, payload_len)) {
printf("{\"type\":\"pong_send_error\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"pong_send_error\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
} }
} else if (frame_type == 0x8A) { // Pong frame } else if (frame_type == 0x8A) { // Pong frame
printf("{\"type\":\"pong_received\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"pong_received\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
} }
// Remove processed frame from buffer // Remove processed frame from buffer
...@@ -209,13 +196,11 @@ int run_bridge_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -209,13 +196,11 @@ int run_bridge_mode(wsssh_config_t *config, const char *client_id, const char *w
} }
} else if (bytes_read == 0) { } else if (bytes_read == 0) {
// Connection closed // Connection closed
printf("{\"type\":\"websocket_connection_closed\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"websocket_connection_closed\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
break; break;
} else { } else {
// Error // Error
printf("{\"type\":\"websocket_error\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"websocket_error\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
break; break;
} }
} }
...@@ -239,8 +224,7 @@ int run_bridge_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -239,8 +224,7 @@ int run_bridge_mode(wsssh_config_t *config, const char *client_id, const char *w
ws_ctx = NULL; ws_ctx = NULL;
} }
printf("{\"type\":\"bridge_ended\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"bridge_ended\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
return 0; return 0;
} }
...@@ -254,27 +238,24 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -254,27 +238,24 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w
} }
// Send initial status for scripting // Send initial status for scripting
printf("{\"type\":\"script_started\",\"client_id\":\"%s\",\"host\":\"%s\",\"port\":%d,\"tunnel_host\":\"%s\",\"tunnel_port\":\"%s\",\"service\":\"%s\",\"timestamp\":%ld}\n", fprintf(stderr, "{\"type\":\"script_started\",\"client_id\":\"%s\",\"host\":\"%s\",\"port\":%d,\"tunnel_host\":\"%s\",\"tunnel_port\":\"%s\",\"service\":\"%s\",\"timestamp\":%ld}\n",
client_id, wssshd_host, wssshd_port, client_id, wssshd_host, wssshd_port,
config->tunnel_host ? config->tunnel_host : "127.0.0.1", config->tunnel_host ? config->tunnel_host : "127.0.0.1",
config->local_port ? config->local_port : "auto", config->local_port ? config->local_port : "auto",
config->service ? config->service : "ssh", config->service ? config->service : "ssh",
time(NULL)); time(NULL));
fflush(stdout);
// Establish tunnel // Establish tunnel
int listen_sock = setup_tunnel(wssshd_host, wssshd_port, client_id, config->local_port ? atoi(config->local_port) : find_available_port(), int listen_sock = setup_tunnel(wssshd_host, wssshd_port, client_id, config->local_port ? atoi(config->local_port) : find_available_port(),
config->debug, 0, config->tunnel_host); config->debug, 0, config->tunnel_host, config->encoding);
if (listen_sock < 0) { if (listen_sock < 0) {
printf("{\"type\":\"script_error\",\"message\":\"Failed to establish tunnel\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"script_error\",\"message\":\"Failed to establish tunnel\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
return 1; return 1;
} }
// Send tunnel established message // Send tunnel established message
printf("{\"type\":\"tunnel_ready\",\"listen_sock\":%d,\"timestamp\":%ld}\n", listen_sock, time(NULL)); fprintf(stderr, "{\"type\":\"tunnel_ready\",\"listen_sock\":%d,\"timestamp\":%ld}\n", listen_sock, time(NULL));
fflush(stdout);
// Wait for connection // Wait for connection
struct sockaddr_in client_addr; struct sockaddr_in client_addr;
...@@ -282,8 +263,7 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -282,8 +263,7 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w
int accepted_sock = accept(listen_sock, (struct sockaddr *)&client_addr, &client_len); int accepted_sock = accept(listen_sock, (struct sockaddr *)&client_addr, &client_len);
if (accepted_sock < 0) { if (accepted_sock < 0) {
printf("{\"type\":\"script_error\",\"message\":\"Failed to accept connection\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"script_error\",\"message\":\"Failed to accept connection\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
close(listen_sock); close(listen_sock);
return 1; return 1;
} }
...@@ -291,21 +271,18 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -291,21 +271,18 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w
close(listen_sock); close(listen_sock);
// Send connection accepted message // Send connection accepted message
printf("{\"type\":\"connection_established\",\"socket\":%d,\"timestamp\":%ld}\n", accepted_sock, time(NULL)); fprintf(stderr, "{\"type\":\"connection_established\",\"socket\":%d,\"timestamp\":%ld}\n", accepted_sock, time(NULL));
fflush(stdout);
// Send tunnel status information // Send tunnel status information
printf("{\"type\":\"tunnel_status\",\"status\":\"active\",\"local_socket\":%d,\"request_id\":\"%s\",\"timestamp\":%ld}\n", fprintf(stderr, "{\"type\":\"tunnel_status\",\"status\":\"active\",\"local_socket\":%d,\"request_id\":\"%s\",\"timestamp\":%ld}\n",
accepted_sock, active_tunnel->request_id, time(NULL)); accepted_sock, active_tunnel->request_id, time(NULL));
fflush(stdout);
// Send transport information if available // Send transport information if available
if (active_tunnel) { if (active_tunnel) {
printf("{\"type\":\"transport_info\",\"data_channel\":\"%s\",\"control_channel\":\"%s\",\"timestamp\":%ld}\n", fprintf(stderr, "{\"type\":\"transport_info\",\"data_channel\":\"%s\",\"control_channel\":\"%s\",\"timestamp\":%ld}\n",
config->tunnel ? config->tunnel : "any", config->tunnel ? config->tunnel : "any",
config->tunnel_control ? config->tunnel_control : "any", config->tunnel_control ? config->tunnel_control : "any",
time(NULL)); time(NULL));
fflush(stdout);
} }
// Set up tunnel for accepted connection // Set up tunnel for accepted connection
...@@ -314,8 +291,7 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -314,8 +291,7 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w
// Send any buffered data info // Send any buffered data info
if (active_tunnel->incoming_buffer && active_tunnel->incoming_buffer->used > 0) { if (active_tunnel->incoming_buffer && active_tunnel->incoming_buffer->used > 0) {
printf("{\"type\":\"buffer_available\",\"bytes\":%zu,\"timestamp\":%ld}\n", active_tunnel->incoming_buffer->used, time(NULL)); fprintf(stderr, "{\"type\":\"buffer_available\",\"bytes\":%zu,\"timestamp\":%ld}\n", active_tunnel->incoming_buffer->used, time(NULL));
fflush(stdout);
} }
pthread_mutex_unlock(&tunnel_mutex); pthread_mutex_unlock(&tunnel_mutex);
...@@ -333,8 +309,7 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -333,8 +309,7 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w
} }
// Script mode main loop - handle WebSocket messages and script commands // Script mode main loop - handle WebSocket messages and script commands
printf("{\"type\":\"script_ready\",\"message\":\"Script mode active\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"script_ready\",\"message\":\"Script mode active\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
// Frame accumulation buffer for handling partial WebSocket frames // Frame accumulation buffer for handling partial WebSocket frames
static char frame_buffer[BUFFER_SIZE * 4]; static char frame_buffer[BUFFER_SIZE * 4];
...@@ -356,19 +331,17 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -356,19 +331,17 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w
if (!tunnel_active) { if (!tunnel_active) {
if (tunnel_broken) { if (tunnel_broken) {
printf("{\"type\":\"tunnel_broken\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"tunnel_broken\",\"timestamp\":%ld}\n", time(NULL));
} else { } else {
printf("{\"type\":\"tunnel_closed\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"tunnel_closed\",\"timestamp\":%ld}\n", time(NULL));
} }
fflush(stdout);
break; break;
} }
// Send periodic status updates every 30 seconds // Send periodic status updates every 30 seconds
int current_time = time(NULL); int current_time = time(NULL);
if (current_time - last_status_time >= 30) { if (current_time - last_status_time >= 30) {
printf("{\"type\":\"status\",\"message\":\"Tunnel active\",\"uptime\":%d,\"timestamp\":%d}\n", fprintf(stderr, "{\"type\":\"status\",\"message\":\"Tunnel active\",\"uptime\":%d,\"timestamp\":%d}\n", current_time - last_status_time, current_time);
current_time - last_status_time, (int)current_time);
fflush(stdout); fflush(stdout);
last_status_time = current_time; last_status_time = current_time;
} }
...@@ -391,8 +364,7 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -391,8 +364,7 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w
if (FD_ISSET(STDIN_FILENO, &readfds)) { if (FD_ISSET(STDIN_FILENO, &readfds)) {
if (fgets(buffer, sizeof(buffer), stdin) == NULL) { if (fgets(buffer, sizeof(buffer), stdin) == NULL) {
// EOF or error on stdin // EOF or error on stdin
printf("{\"type\":\"script_input_closed\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"script_input_closed\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
break; break;
} }
...@@ -403,23 +375,19 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -403,23 +375,19 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w
} }
// Process script command // Process script command
printf("{\"type\":\"script_command\",\"command\":\"%s\",\"timestamp\":%ld}\n", buffer, time(NULL)); fprintf(stderr, "{\"type\":\"script_command\",\"command\":\"%s\",\"timestamp\":%ld}\n", buffer, time(NULL));
fflush(stdout);
// Handle basic script commands // Handle basic script commands
if (strcmp(buffer, "status") == 0) { if (strcmp(buffer, "status") == 0) {
printf("{\"type\":\"tunnel_status\",\"active\":%s,\"timestamp\":%ld}\n", fprintf(stderr, "{\"type\":\"tunnel_status\",\"active\":%d,\"timestamp\":%ld}\n", tunnel_active, time(NULL));
tunnel_active ? "true" : "false", time(NULL));
fflush(stdout); fflush(stdout);
} else if (strcmp(buffer, "close") == 0 || strcmp(buffer, "quit") == 0 || strcmp(buffer, "exit") == 0) { } else if (strcmp(buffer, "close") == 0 || strcmp(buffer, "quit") == 0 || strcmp(buffer, "exit") == 0) {
// Send tunnel_close message before exiting // Send tunnel_close message before exiting
if (current_ssl && active_tunnel) { if (current_ssl && active_tunnel) {
printf("{\"type\":\"sending_tunnel_close\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"sending_tunnel_close\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
send_tunnel_close(current_ssl, active_tunnel->request_id, config->debug); send_tunnel_close(current_ssl, active_tunnel->request_id, config->debug);
} }
printf("{\"type\":\"script_ending\",\"reason\":\"user_request\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"script_ending\",\"reason\":\"user_request\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
break; break;
} }
} }
...@@ -461,18 +429,16 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -461,18 +429,16 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w
// In script mode, only print control channel messages (not data channel) // In script mode, only print control channel messages (not data channel)
if (strcmp(channel, "control") == 0) { if (strcmp(channel, "control") == 0) {
printf("{\"type\":\"message_received\",\"channel\":\"%s\",\"message\":\"%s\",\"timestamp\":%ld}\n", fprintf(stderr, "{\"type\":\"message_received\",\"channel\":\"%s\",\"message\":\"%s\",\"timestamp\":%ld}\n",
channel, buffer, time(NULL)); channel, buffer, time(NULL));
fflush(stdout); fflush(stdout);
} }
// Handle all message types // Handle all message types
if (strstr(buffer, "tunnel_request")) { if (strstr(buffer, "tunnel_request")) {
printf("{\"type\":\"tunnel_request_received\",\"message\":\"Server requested tunnel\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"tunnel_request_received\",\"message\":\"Server requested tunnel\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
} else if (strstr(buffer, "tunnel_ack")) { } else if (strstr(buffer, "tunnel_ack")) {
printf("{\"type\":\"tunnel_ack_received\",\"message\":\"Tunnel acknowledged by server\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"tunnel_ack_received\",\"message\":\"Tunnel acknowledged by server\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
} else if (strstr(buffer, "tunnel_data")) { } else if (strstr(buffer, "tunnel_data")) {
// In script mode, suppress data channel message notifications // In script mode, suppress data channel message notifications
// Extract request_id and data for processing (but don't print) // Extract request_id and data for processing (but don't print)
...@@ -486,7 +452,13 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -486,7 +452,13 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w
id_start = open_quote + 1; id_start = open_quote + 1;
char *close_quote = strchr(id_start, '"'); char *close_quote = strchr(id_start, '"');
if (close_quote) { if (close_quote) {
*close_quote = '\0'; // Make a copy of the request_id to avoid corrupting the buffer
size_t id_len = close_quote - id_start;
char *request_id_copy = malloc(id_len + 1);
if (request_id_copy) {
memcpy(request_id_copy, id_start, id_len);
request_id_copy[id_len] = '\0';
char *data_colon = strchr(data_start, ':'); char *data_colon = strchr(data_start, ':');
if (data_colon) { if (data_colon) {
char *data_quote = strchr(data_colon, '"'); char *data_quote = strchr(data_colon, '"');
...@@ -494,10 +466,19 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -494,10 +466,19 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w
data_start = data_quote + 1; data_start = data_quote + 1;
char *data_end = strchr(data_start, '"'); char *data_end = strchr(data_start, '"');
if (data_end) { if (data_end) {
*data_end = '\0'; // Make a copy of the hex data to avoid corrupting the buffer
handle_tunnel_data(current_ssl, id_start, data_start, config->debug); size_t hex_len = data_end - data_start;
char *hex_data_copy = malloc(hex_len + 1);
if (hex_data_copy) {
memcpy(hex_data_copy, data_start, hex_len);
hex_data_copy[hex_len] = '\0';
handle_tunnel_data(current_ssl, request_id_copy, hex_data_copy, config->debug);
free(hex_data_copy);
}
}
} }
} }
free(request_id_copy);
} }
} }
} }
...@@ -516,7 +497,13 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -516,7 +497,13 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w
id_start = open_quote + 1; id_start = open_quote + 1;
char *close_quote = strchr(id_start, '"'); char *close_quote = strchr(id_start, '"');
if (close_quote) { if (close_quote) {
*close_quote = '\0'; // Make a copy of the request_id to avoid corrupting the buffer
size_t id_len = close_quote - id_start;
char *request_id_copy = malloc(id_len + 1);
if (request_id_copy) {
memcpy(request_id_copy, id_start, id_len);
request_id_copy[id_len] = '\0';
char *data_colon = strchr(data_start, ':'); char *data_colon = strchr(data_start, ':');
if (data_colon) { if (data_colon) {
char *data_quote = strchr(data_colon, '"'); char *data_quote = strchr(data_colon, '"');
...@@ -524,18 +511,26 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -524,18 +511,26 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w
data_start = data_quote + 1; data_start = data_quote + 1;
char *data_end = strchr(data_start, '"'); char *data_end = strchr(data_start, '"');
if (data_end) { if (data_end) {
*data_end = '\0'; // Make a copy of the hex data to avoid corrupting the buffer
handle_tunnel_data(current_ssl, id_start, data_start, config->debug); size_t hex_len = data_end - data_start;
char *hex_data_copy = malloc(hex_len + 1);
if (hex_data_copy) {
memcpy(hex_data_copy, data_start, hex_len);
hex_data_copy[hex_len] = '\0';
handle_tunnel_data(current_ssl, request_id_copy, hex_data_copy, config->debug);
free(hex_data_copy);
} }
} }
} }
} }
free(request_id_copy);
}
}
} }
} }
} }
} else if (strstr(buffer, "tunnel_close")) { } else if (strstr(buffer, "tunnel_close")) {
printf("{\"type\":\"tunnel_close_received\",\"message\":\"Server closed tunnel\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"tunnel_close_received\",\"message\":\"Server closed tunnel\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
// Extract request_id and handle tunnel close // Extract request_id and handle tunnel close
char *id_start = strstr(buffer, "\"request_id\""); char *id_start = strstr(buffer, "\"request_id\"");
if (id_start) { if (id_start) {
...@@ -553,28 +548,22 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -553,28 +548,22 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w
} }
} }
} else if (strstr(buffer, "tunnel_error")) { } else if (strstr(buffer, "tunnel_error")) {
printf("{\"type\":\"tunnel_error_received\",\"message\":\"Tunnel error from server\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"tunnel_error_received\",\"message\":\"Tunnel error from server\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
} else { } else {
printf("{\"type\":\"unknown_message_received\",\"message\":\"%s\",\"timestamp\":%ld}\n", buffer, time(NULL)); fprintf(stderr, "{\"type\":\"unknown_message_received\",\"message\":\"%s\",\"timestamp\":%ld}\n", buffer, time(NULL));
fflush(stdout);
} }
} }
} else if (frame_type == 0x88) { // Close frame } else if (frame_type == 0x88) { // Close frame
printf("{\"type\":\"websocket_close\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"websocket_close\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
break; break;
} else if (frame_type == 0x89) { // Ping frame } else if (frame_type == 0x89) { // Ping frame
printf("{\"type\":\"ping_received\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"ping_received\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
// Send pong // Send pong
if (!send_pong_frame(current_ssl, payload, payload_len)) { if (!send_pong_frame(current_ssl, payload, payload_len)) {
printf("{\"type\":\"pong_send_error\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"pong_send_error\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
} }
} else if (frame_type == 0x8A) { // Pong frame } else if (frame_type == 0x8A) { // Pong frame
printf("{\"type\":\"pong_received\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"pong_received\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
} }
// Remove processed frame from buffer // Remove processed frame from buffer
...@@ -588,13 +577,11 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -588,13 +577,11 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w
} }
} else if (bytes_read == 0) { } else if (bytes_read == 0) {
// Connection closed // Connection closed
printf("{\"type\":\"websocket_connection_closed\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"websocket_connection_closed\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
break; break;
} else { } else {
// Error // Error
printf("{\"type\":\"websocket_error\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"websocket_error\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
break; break;
} }
} }
...@@ -606,8 +593,7 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -606,8 +593,7 @@ int run_script_mode(wsssh_config_t *config, const char *client_id, const char *w
} }
// Cleanup // Cleanup
printf("{\"type\":\"script_ended\",\"timestamp\":%ld}\n", time(NULL)); fprintf(stderr, "{\"type\":\"script_ended\",\"timestamp\":%ld}\n", time(NULL));
fflush(stdout);
return 0; return 0;
} }
...@@ -886,15 +872,23 @@ int run_pipe_mode(wsssh_config_t *config, const char *client_id, const char *wss ...@@ -886,15 +872,23 @@ int run_pipe_mode(wsssh_config_t *config, const char *client_id, const char *wss
continue; continue;
} }
// Convert binary data to hex string // Convert binary data to hex string with validation
char *hex_ptr = hex_data;
for (ssize_t i = 0; i < bytes_read; i++) { for (ssize_t i = 0; i < bytes_read; i++) {
sprintf(hex_data + i * 2, "%02x", (unsigned char)buffer[i]); sprintf(hex_ptr, "%02x", (unsigned char)buffer[i]);
hex_ptr += 2;
} }
hex_data[bytes_read * 2] = '\0'; *hex_ptr = '\0';
// Create tunnel_data message if (config->debug) {
size_t msg_size = strlen("{\"type\":\"tunnel_data\",\"request_id\":\"\",\"data\":\"\"}") + fprintf(stderr, "[DEBUG] Encoded %zd bytes to hex: %.50s...\n", bytes_read, hex_data);
strlen(request_id) + strlen(hex_data) + 1; }
// Create tunnel_data message with size information
size_t hex_len = strlen(hex_data);
size_t binary_size = hex_len / 2; // Size of actual binary data
size_t msg_size = strlen("{\"type\":\"tunnel_data\",\"request_id\":\"\",\"size\":,\"data\":\"\"}") +
strlen(request_id) + 20 + hex_len + 1;
char *message = malloc(msg_size); char *message = malloc(msg_size);
if (!message) { if (!message) {
if (config->debug) { if (config->debug) {
...@@ -904,8 +898,8 @@ int run_pipe_mode(wsssh_config_t *config, const char *client_id, const char *wss ...@@ -904,8 +898,8 @@ int run_pipe_mode(wsssh_config_t *config, const char *client_id, const char *wss
continue; continue;
} }
snprintf(message, msg_size, "{\"type\":\"tunnel_data\",\"request_id\":\"%s\",\"data\":\"%s\"}", snprintf(message, msg_size, "{\"type\":\"tunnel_data\",\"request_id\":\"%s\",\"size\":%zu,\"data\":\"%s\"}",
request_id, hex_data); request_id, binary_size, hex_data);
// Send message via WebSocket // Send message via WebSocket
if (send_websocket_frame(ws_ssl, message)) { if (send_websocket_frame(ws_ssl, message)) {
...@@ -961,32 +955,52 @@ int run_pipe_mode(wsssh_config_t *config, const char *client_id, const char *wss ...@@ -961,32 +955,52 @@ int run_pipe_mode(wsssh_config_t *config, const char *client_id, const char *wss
data_start = open_quote + 1; data_start = open_quote + 1;
char *data_end = strchr(data_start, '"'); char *data_end = strchr(data_start, '"');
if (data_end) { if (data_end) {
*data_end = '\0'; // Make a copy of the hex data to avoid corrupting the buffer
size_t hex_len = data_end - data_start;
char *hex_data = malloc(hex_len + 1);
if (hex_data) {
memcpy(hex_data, data_start, hex_len);
hex_data[hex_len] = '\0';
if (config->debug) {
fprintf(stderr, "[DEBUG] Received hex data (len=%zu): %.50s...\n", hex_len, hex_data);
}
// Convert hex data back to binary // Convert hex data back to binary
size_t hex_len = strlen(data_start);
if (hex_len % 2 == 0) { if (hex_len % 2 == 0) {
size_t binary_len = hex_len / 2; size_t binary_len = hex_len / 2;
char *binary_data = malloc(binary_len); char *binary_data = malloc(binary_len);
if (binary_data) { if (binary_data) {
// Convert hex to binary // Convert hex to binary with better error handling
int conversion_success = 1;
for (size_t i = 0; i < binary_len; i++) { for (size_t i = 0; i < binary_len; i++) {
unsigned int byte_val; char hex_pair[3] = {hex_data[i * 2], hex_data[i * 2 + 1], '\0'};
if (sscanf(data_start + i * 2, "%2x", &byte_val) == 1) { char *endptr;
unsigned long byte_val = strtoul(hex_pair, &endptr, 16);
if (endptr == hex_pair + 2) {
binary_data[i] = (char)byte_val; binary_data[i] = (char)byte_val;
} else { } else {
binary_data[i] = 0; binary_data[i] = 0;
conversion_success = 0;
} }
} }
if (conversion_success) {
// Write binary data to stdout // Write binary data to stdout
ssize_t written = write(STDOUT_FILENO, binary_data, binary_len); ssize_t written = write(STDOUT_FILENO, binary_data, binary_len);
if (written > 0 && config->debug) { if (written > 0 && config->debug) {
fprintf(stderr, "[DEBUG] Wrote %zd bytes to stdout\n", written); fprintf(stderr, "[DEBUG] Wrote %zd bytes to stdout\n", written);
} }
} else if (config->debug) {
fprintf(stderr, "[DEBUG] Hex conversion failed, skipping write\n");
}
free(binary_data); free(binary_data);
} }
} else if (config->debug) {
fprintf(stderr, "[DEBUG] Hex data length %zu is not even, skipping conversion\n", hex_len);
}
free(hex_data);
} }
} }
} }
...@@ -1641,7 +1655,13 @@ void *handle_connection(void *arg) { ...@@ -1641,7 +1655,13 @@ void *handle_connection(void *arg) {
id_start = open_quote + 1; id_start = open_quote + 1;
char *close_quote = strchr(id_start, '"'); char *close_quote = strchr(id_start, '"');
if (close_quote) { if (close_quote) {
*close_quote = '\0'; // Make a copy of the request_id to avoid corrupting the buffer
size_t id_len = close_quote - id_start;
char *request_id_copy = malloc(id_len + 1);
if (request_id_copy) {
memcpy(request_id_copy, id_start, id_len);
request_id_copy[id_len] = '\0';
char *data_colon = strchr(data_start, ':'); char *data_colon = strchr(data_start, ':');
if (data_colon) { if (data_colon) {
char *data_quote = strchr(data_colon, '"'); char *data_quote = strchr(data_colon, '"');
...@@ -1649,11 +1669,20 @@ void *handle_connection(void *arg) { ...@@ -1649,11 +1669,20 @@ void *handle_connection(void *arg) {
data_start = data_quote + 1; data_start = data_quote + 1;
char *data_end = strchr(data_start, '"'); char *data_end = strchr(data_start, '"');
if (data_end) { if (data_end) {
*data_end = '\0'; // Make a copy of the hex data to avoid corrupting the buffer
handle_tunnel_data(current_ssl, id_start, data_start, config->debug); size_t hex_len = data_end - data_start;
char *hex_data_copy = malloc(hex_len + 1);
if (hex_data_copy) {
memcpy(hex_data_copy, data_start, hex_len);
hex_data_copy[hex_len] = '\0';
handle_tunnel_data(current_ssl, request_id_copy, hex_data_copy, config->debug);
free(hex_data_copy);
}
} }
} }
} }
free(request_id_copy);
}
} }
} }
} }
...@@ -1672,8 +1701,15 @@ void *handle_connection(void *arg) { ...@@ -1672,8 +1701,15 @@ void *handle_connection(void *arg) {
id_start = open_quote + 1; id_start = open_quote + 1;
char *close_quote = strchr(id_start, '"'); char *close_quote = strchr(id_start, '"');
if (close_quote) { if (close_quote) {
*close_quote = '\0'; // Make a copy of the request_id to avoid corrupting the buffer
handle_tunnel_close(current_ssl, id_start, config->debug); size_t id_len = close_quote - id_start;
char *request_id_copy = malloc(id_len + 1);
if (request_id_copy) {
memcpy(request_id_copy, id_start, id_len);
request_id_copy[id_len] = '\0';
handle_tunnel_close(current_ssl, request_id_copy, config->debug);
free(request_id_copy);
}
} }
} }
} }
...@@ -1812,7 +1848,6 @@ int run_daemon_mode(wsssh_config_t *config, const char *client_id, const char *w ...@@ -1812,7 +1848,6 @@ int run_daemon_mode(wsssh_config_t *config, const char *client_id, const char *w
if (config->mode != MODE_SILENT) { if (config->mode != MODE_SILENT) {
printf("Daemon mode: Listening on port %d, waiting for connection...\n", local_port); printf("Daemon mode: Listening on port %d, waiting for connection...\n", local_port);
printf("Tunnel will be established on first connection attempt.\n");
fflush(stdout); fflush(stdout);
} }
......
wssshtools/libwsssht/threads.c
View file @ 8bd04b0a
...@@ -46,7 +46,7 @@ void *run_tunnel_thread(void *arg) { ...@@ -46,7 +46,7 @@ void *run_tunnel_thread(void *arg) {
tunnel_thread_args_t *args = (tunnel_thread_args_t *)arg; tunnel_thread_args_t *args = (tunnel_thread_args_t *)arg;
// Establish the tunnel for this connection // Establish the tunnel for this connection
int tunnel_sock = setup_tunnel(args->wssshd_host, args->wssshd_port, args->client_id, 0, args->config->debug, 0, args->tunnel_host); int tunnel_sock = setup_tunnel(args->wssshd_host, args->wssshd_port, args->client_id, 0, args->config->debug, 0, args->tunnel_host, args->config->encoding);
if (tunnel_sock < 0) { if (tunnel_sock < 0) {
fprintf(stderr, "Failed to establish tunnel for connection\n"); fprintf(stderr, "Failed to establish tunnel for connection\n");
close(args->accepted_sock); close(args->accepted_sock);
......
wssshtools/libwsssht/tunnel.c
View file @ 8bd04b0a
...@@ -17,8 +17,8 @@ ...@@ -17,8 +17,8 @@
* along with this program. If not, see <https://www.gnu.org/licenses/>. * along with this program. If not, see <https://www.gnu.org/licenses/>.
*/ */
#include "tunnel.h"
#include "wssshlib.h" #include "wssshlib.h"
#include "tunnel.h"
#include "websocket.h" #include "websocket.h"
#include "wssh_ssl.h" #include "wssh_ssl.h"
#include "control_messages.h" #include "control_messages.h"
...@@ -36,6 +36,7 @@ ...@@ -36,6 +36,7 @@
#include <sched.h> #include <sched.h>
#include <pthread.h> #include <pthread.h>
#include <sys/wait.h> #include <sys/wait.h>
#include <ctype.h>
#define INITIAL_FRAME_BUFFER_SIZE 8192 #define INITIAL_FRAME_BUFFER_SIZE 8192
...@@ -349,6 +350,150 @@ static int execute_service_command(const char *command, int debug) { ...@@ -349,6 +350,150 @@ static int execute_service_command(const char *command, int debug) {
} }
void handle_tunnel_request_with_service(SSL *ssl, const char *request_id, service_config_t *service, int debug) { void handle_tunnel_request_with_service(SSL *ssl, const char *request_id, service_config_t *service, int debug) {
handle_tunnel_request_with_service_and_enc(ssl, request_id, service, debug, ENCODING_HEX);
}
void handle_tunnel_request_with_enc(SSL *ssl, const char *request_id, int debug, const char *ssh_host, int ssh_port, wsssh_encoding_t encoding) {
char actual_request_id[37];
strcpy(actual_request_id, request_id);
pthread_mutex_lock(&tunnel_mutex);
// Check if tunnel with this request_id already exists
tunnel_t *existing_tunnel = find_tunnel_by_request_id(actual_request_id);
if (existing_tunnel) {
if (existing_tunnel->active) {
if (debug) {
printf("[DEBUG - Tunnel] Tunnel with request_id %s already exists and is active, ignoring duplicate request\n", actual_request_id);
}
pthread_mutex_unlock(&tunnel_mutex);
return;
} else {
// Tunnel exists but is inactive - generate a new request_id for the new tunnel
if (debug) {
printf("[DEBUG - Tunnel] Tunnel with request_id %s exists but is inactive, will create new tunnel with new request_id\n", actual_request_id);
}
// Generate a new unique request_id for this new tunnel request
generate_request_id(actual_request_id, sizeof(actual_request_id));
if (debug) {
printf("[DEBUG - Tunnel] Generated new request_id %s for tunnel recreation\n", actual_request_id);
}
}
}
tunnel_t *new_tunnel = malloc(sizeof(tunnel_t));
if (!new_tunnel) {
perror("Memory allocation failed");
pthread_mutex_unlock(&tunnel_mutex);
return;
}
// For wssshc: Connect to target TCP endpoint and forward raw TCP data
struct sockaddr_in target_addr;
int target_sock = socket(AF_INET, SOCK_STREAM, 0);
if (target_sock < 0) {
perror("Target socket creation failed");
pthread_mutex_unlock(&tunnel_mutex);
return;
}
memset(&target_addr, 0, sizeof(target_addr));
target_addr.sin_family = AF_INET;
target_addr.sin_port = htons(ssh_port); // Target port
// Resolve target host
struct hostent *target_he;
if ((target_he = gethostbyname(ssh_host)) == NULL) {
herror("Target host resolution failed");
close(target_sock);
pthread_mutex_unlock(&tunnel_mutex);
return;
}
target_addr.sin_addr = *((struct in_addr *)target_he->h_addr); // Target host
if (connect(target_sock, (struct sockaddr *)&target_addr, sizeof(target_addr)) < 0) {
perror("Connection to target endpoint failed");
close(target_sock);
pthread_mutex_unlock(&tunnel_mutex);
return;
}
new_tunnel->sock = target_sock; // TCP connection to target
new_tunnel->local_sock = -1; // Not used in wssshc
strcpy(new_tunnel->request_id, actual_request_id);
new_tunnel->active = 1;
new_tunnel->broken = 0;
new_tunnel->ssl = ssl;
new_tunnel->outgoing_buffer = NULL; // wssshc doesn't use buffer
new_tunnel->incoming_buffer = NULL; // wssshc doesn't need incoming buffer
new_tunnel->server_version_sent = 0; // Not used for raw TCP
new_tunnel->bin = (encoding == ENCODING_BINARY); // Set binary mode based on encoding
// Initialize retransmission buffer for reliable transmission
new_tunnel->retransmission_buffer = retransmission_buffer_init();
if (!new_tunnel->retransmission_buffer) {
perror("Failed to initialize retransmission buffer");
free(new_tunnel);
pthread_mutex_unlock(&tunnel_mutex);
return;
}
// Initialize keep-alive statistics
time_t current_time = time(NULL);
new_tunnel->last_keepalive_sent = current_time;
new_tunnel->last_keepalive_received = current_time;
new_tunnel->total_bytes_sent = 0;
new_tunnel->total_bytes_received = 0;
new_tunnel->bytes_last_period = 0;
new_tunnel->last_stats_reset = current_time;
// Add the new tunnel to the array
if (!add_tunnel(new_tunnel)) {
if (target_sock >= 0) close(target_sock);
free(new_tunnel);
pthread_mutex_unlock(&tunnel_mutex);
return;
}
pthread_mutex_unlock(&tunnel_mutex);
if (debug) {
const char *enc_str = "hex";
if (encoding == ENCODING_BASE64) enc_str = "base64";
else if (encoding == ENCODING_BINARY) enc_str = "bin";
printf("[DEBUG - Tunnel] wssshc connected to target %s:%d (encoding: %s)\n", ssh_host, ssh_port, enc_str);
fflush(stdout);
}
// Send tunnel_ack back to server
char ack_msg[256];
snprintf(ack_msg, sizeof(ack_msg), "{\"type\":\"tunnel_ack\",\"request_id\":\"%s\"}", actual_request_id);
if (debug) {
printf("[DEBUG - WebSockets] Sending tunnel_ack: %s\n", ack_msg);
fflush(stdout);
}
// send_websocket_frame already uses SSL mutex internally
if (!send_websocket_frame(ssl, ack_msg)) {
fprintf(stderr, "Send tunnel_ack failed\n");
return;
}
// Start bidirectional forwarding between WebSocket and target TCP endpoint
thread_args_t *thread_args = malloc(sizeof(thread_args_t));
if (thread_args) {
thread_args->ssl = ssl;
thread_args->tunnel = new_tunnel;
thread_args->debug = debug;
pthread_t thread;
pthread_create(&thread, NULL, forward_ws_to_ssh_server, thread_args);
set_thread_cpu_affinity(thread); // Distribute thread across CPU cores
pthread_detach(thread);
}
}
void handle_tunnel_request_with_service_and_enc(SSL *ssl, const char *request_id, service_config_t *service, int debug, wsssh_encoding_t encoding) {
char actual_request_id[37]; char actual_request_id[37];
strcpy(actual_request_id, request_id); strcpy(actual_request_id, request_id);
pthread_mutex_lock(&tunnel_mutex); pthread_mutex_lock(&tunnel_mutex);
...@@ -459,6 +604,16 @@ void handle_tunnel_request_with_service(SSL *ssl, const char *request_id, servic ...@@ -459,6 +604,16 @@ void handle_tunnel_request_with_service(SSL *ssl, const char *request_id, servic
new_tunnel->outgoing_buffer = NULL; // wssshc doesn't use buffer new_tunnel->outgoing_buffer = NULL; // wssshc doesn't use buffer
new_tunnel->incoming_buffer = NULL; // wssshc doesn't need incoming buffer new_tunnel->incoming_buffer = NULL; // wssshc doesn't need incoming buffer
new_tunnel->server_version_sent = 0; // Not used for raw TCP/UDP new_tunnel->server_version_sent = 0; // Not used for raw TCP/UDP
new_tunnel->bin = (encoding == ENCODING_BINARY); // Set binary mode based on encoding
// Initialize retransmission buffer for reliable transmission
new_tunnel->retransmission_buffer = retransmission_buffer_init();
if (!new_tunnel->retransmission_buffer) {
perror("Failed to initialize retransmission buffer");
free(new_tunnel);
pthread_mutex_unlock(&tunnel_mutex);
return;
}
// Initialize keep-alive statistics // Initialize keep-alive statistics
time_t current_time = time(NULL); time_t current_time = time(NULL);
...@@ -480,8 +635,11 @@ void handle_tunnel_request_with_service(SSL *ssl, const char *request_id, servic ...@@ -480,8 +635,11 @@ void handle_tunnel_request_with_service(SSL *ssl, const char *request_id, servic
pthread_mutex_unlock(&tunnel_mutex); pthread_mutex_unlock(&tunnel_mutex);
if (debug) { if (debug) {
printf("[DEBUG - Tunnel] wssshc connected to target %s:%d (%s)\n", const char *enc_str = "hex";
target_host, target_port, use_udp ? "UDP" : "TCP"); if (encoding == ENCODING_BASE64) enc_str = "base64";
else if (encoding == ENCODING_BINARY) enc_str = "bin";
printf("[DEBUG - Tunnel] wssshc connected to target %s:%d (%s, encoding: %s)\n",
target_host, target_port, use_udp ? "UDP" : "TCP", enc_str);
} }
// Send tunnel_ack back to server // Send tunnel_ack back to server
...@@ -564,6 +722,10 @@ void cleanup_tunnel(int debug) { ...@@ -564,6 +722,10 @@ void cleanup_tunnel(int debug) {
frame_buffer_free(active_tunnels[i]->incoming_buffer); frame_buffer_free(active_tunnels[i]->incoming_buffer);
active_tunnels[i]->incoming_buffer = NULL; active_tunnels[i]->incoming_buffer = NULL;
} }
if (active_tunnels[i]->retransmission_buffer) {
retransmission_buffer_free(active_tunnels[i]->retransmission_buffer);
active_tunnels[i]->retransmission_buffer = NULL;
}
// Clear backward compatibility pointer if it points to this tunnel // Clear backward compatibility pointer if it points to this tunnel
if (active_tunnel == active_tunnels[i]) { if (active_tunnel == active_tunnels[i]) {
...@@ -711,6 +873,38 @@ void *forward_tcp_to_ws(void *arg) { ...@@ -711,6 +873,38 @@ void *forward_tcp_to_ws(void *arg) {
fflush(stdout); fflush(stdout);
} }
// Check if binary mode is enabled for this tunnel
int use_binary = 0;
pthread_mutex_lock(&tunnel_mutex);
tunnel_t *bin_tunnel = find_tunnel_by_request_id(request_id);
if (bin_tunnel) {
use_binary = bin_tunnel->bin;
}
pthread_mutex_unlock(&tunnel_mutex);
// Track sent bytes for statistics
size_t data_len = bytes_read;
pthread_mutex_lock(&tunnel_mutex);
tunnel_t *stats_tunnel = find_tunnel_by_request_id(request_id);
if (stats_tunnel) {
stats_tunnel->total_bytes_sent += data_len;
stats_tunnel->bytes_last_period += data_len;
}
pthread_mutex_unlock(&tunnel_mutex);
// Use reliable transmission
if (tunnel->retransmission_buffer) {
if (!send_tunnel_data_reliable_message(ssl, request_id, (unsigned char *)buffer, bytes_read, tunnel->retransmission_buffer, debug)) {
break;
}
} else {
// Fallback to regular transmission if no retransmission buffer
if (use_binary) {
// Send binary data directly
if (!send_tunnel_data_binary_message(ssl, request_id, (unsigned char *)buffer, bytes_read, debug)) {
break;
}
} else {
// Convert to hex with dynamic allocation // Convert to hex with dynamic allocation
size_t hex_size = (size_t)bytes_read * 2 + 1; size_t hex_size = (size_t)bytes_read * 2 + 1;
char *hex_data = malloc(hex_size); char *hex_data = malloc(hex_size);
...@@ -728,16 +922,6 @@ void *forward_tcp_to_ws(void *arg) { ...@@ -728,16 +922,6 @@ void *forward_tcp_to_ws(void *arg) {
} }
hex_data[actual_hex_len] = '\0'; hex_data[actual_hex_len] = '\0';
// Track sent bytes for statistics
size_t data_len = bytes_read;
pthread_mutex_lock(&tunnel_mutex);
tunnel_t *stats_tunnel = find_tunnel_by_request_id(request_id);
if (stats_tunnel) {
stats_tunnel->total_bytes_sent += data_len;
stats_tunnel->bytes_last_period += data_len;
}
pthread_mutex_unlock(&tunnel_mutex);
// Send as tunnel_data // Send as tunnel_data
if (!send_tunnel_data_message(ssl, request_id, hex_data, debug)) { if (!send_tunnel_data_message(ssl, request_id, hex_data, debug)) {
free(hex_data); free(hex_data);
...@@ -746,6 +930,8 @@ void *forward_tcp_to_ws(void *arg) { ...@@ -746,6 +930,8 @@ void *forward_tcp_to_ws(void *arg) {
free(hex_data); free(hex_data);
} }
} }
}
}
if (debug) { if (debug) {
printf("[DEBUG - TCPConnection] TCP to WebSocket forwarding thread exiting\n"); printf("[DEBUG - TCPConnection] TCP to WebSocket forwarding thread exiting\n");
...@@ -880,7 +1066,7 @@ void *forward_ws_to_ssh_server(void *arg) { ...@@ -880,7 +1066,7 @@ void *forward_ws_to_ssh_server(void *arg) {
return NULL; return NULL;
} }
void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id, const char *data_hex, int debug __attribute__((unused))) { void handle_tunnel_data(SSL *ssl, const char *request_id, const char *data_hex, int debug) {
pthread_mutex_lock(&tunnel_mutex); pthread_mutex_lock(&tunnel_mutex);
tunnel_t *tunnel = find_tunnel_by_request_id(request_id); tunnel_t *tunnel = find_tunnel_by_request_id(request_id);
if (!tunnel) { if (!tunnel) {
...@@ -888,18 +1074,194 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id ...@@ -888,18 +1074,194 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id
return; return;
} }
// Track received bytes for statistics // Check if tunnel is in binary mode
int is_binary = tunnel->bin;
// Check if this is a reliable transmission message (has frame_id and checksum)
uint32_t frame_id = 0;
uint32_t expected_checksum = 0;
int is_reliable = 0;
// Parse JSON to extract frame_id and checksum if present
// Simple parsing for frame_id and checksum fields
const char *frame_id_str = strstr(data_hex, "\"frame_id\":");
const char *checksum_str = strstr(data_hex, "\"checksum\":");
if (frame_id_str && checksum_str) {
// Extract frame_id
frame_id_str += strlen("\"frame_id\":");
if (sscanf(frame_id_str, "%u", &frame_id) == 1) {
// Extract checksum
checksum_str += strlen("\"checksum\":");
if (sscanf(checksum_str, "%u", &expected_checksum) == 1) {
is_reliable = 1;
}
}
}
// Get data length for processing
size_t hex_len = strlen(data_hex); size_t hex_len = strlen(data_hex);
if (hex_len % 2 == 0) {
size_t data_len = hex_len / 2; // For reliable transmission, validate checksum and send ACK/KO
if (is_reliable) {
// Extract the actual data part (after checksum field)
const char *data_start = strstr(data_hex, "\"data\":\"");
if (!data_start) {
// Invalid format, send KO
send_tunnel_ko_message(ssl, request_id, frame_id, debug);
pthread_mutex_unlock(&tunnel_mutex);
return;
}
data_start += strlen("\"data\":\"");
// Find the end of data
const char *data_end = strstr(data_start, "\"");
if (!data_end) {
send_tunnel_ko_message(ssl, request_id, frame_id, debug);
pthread_mutex_unlock(&tunnel_mutex);
return;
}
size_t data_part_len = data_end - data_start;
char *data_part = malloc(data_part_len + 1);
if (!data_part) {
send_tunnel_ko_message(ssl, request_id, frame_id, debug);
pthread_mutex_unlock(&tunnel_mutex);
return;
}
memcpy(data_part, data_start, data_part_len);
data_part[data_part_len] = '\0';
// Calculate checksum of the data part
uint32_t calculated_checksum = crc32_checksum((const unsigned char *)data_part, data_part_len);
if (calculated_checksum == expected_checksum) {
// Checksum valid, send ACK
send_tunnel_ack_message(ssl, request_id, frame_id, debug);
// Use the extracted data for further processing
data_hex = data_part;
hex_len = data_part_len;
} else {
// Checksum invalid, send KO
if (debug) {
printf("[DEBUG] Checksum validation failed: expected %u, got %u\n", expected_checksum, calculated_checksum);
fflush(stdout);
}
send_tunnel_ko_message(ssl, request_id, frame_id, debug);
free(data_part);
pthread_mutex_unlock(&tunnel_mutex);
return;
}
// Note: data_part will be freed later in the function
}
size_t data_len = 0;
char *data = NULL;
if (is_binary) {
// Binary mode: use data as-is (no decoding)
data_len = hex_len;
data = malloc(data_len);
if (!data) {
if (debug) {
printf("[DEBUG] Failed to allocate memory for %zu bytes of binary data\n", data_len);
fflush(stdout);
}
pthread_mutex_unlock(&tunnel_mutex);
return;
}
memcpy(data, data_hex, data_len);
if (debug) {
printf("[DEBUG] Using %zu bytes of binary data\n", data_len);
fflush(stdout);
}
// Update statistics
tunnel->total_bytes_received += data_len;
tunnel->bytes_last_period += data_len;
} else {
// Legacy mode: try base64 decoding first (for compatibility with Python wssshd)
// Check if data looks like base64 (contains only valid base64 chars)
int looks_like_base64 = 1;
for (size_t i = 0; i < hex_len; i++) {
char c = data_hex[i];
if (!(isalnum(c) || c == '+' || c == '/' || c == '=')) {
looks_like_base64 = 0;
break;
}
}
if (looks_like_base64 && hex_len % 4 == 0) {
// Try base64 decoding
data_len = (hex_len * 3) / 4;
if (data_hex[hex_len - 1] == '=') data_len--;
if (data_hex[hex_len - 2] == '=') data_len--;
data = malloc(data_len);
if (!data) {
if (debug) {
printf("[DEBUG] Failed to allocate memory for %zu bytes of base64 decoded data\n", data_len);
fflush(stdout);
}
pthread_mutex_unlock(&tunnel_mutex);
return;
}
// Simple base64 decoding
static const char base64_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
size_t i = 0, j = 0;
int decode_success = 1;
while (i < hex_len && data_hex[i] != '=') {
// Find indices in base64 table
int a = -1, b = -1, c = -1, d = -1;
for (int k = 0; k < 64; k++) {
if (base64_table[k] == data_hex[i]) a = k;
if (i + 1 < hex_len && base64_table[k] == data_hex[i + 1]) b = k;
if (i + 2 < hex_len && base64_table[k] == data_hex[i + 2]) c = k;
if (i + 3 < hex_len && base64_table[k] == data_hex[i + 3]) d = k;
}
if (a == -1 || b == -1) {
decode_success = 0;
break;
}
data[j++] = (a << 2) | (b >> 4);
if (c != -1 && j < data_len) {
data[j++] = (b << 4) | (c >> 2);
}
if (d != -1 && j < data_len) {
data[j++] = (c << 6) | d;
}
i += 4;
}
if (!decode_success) {
// Base64 decoding failed, free data and fall back to hex
free(data);
data = NULL;
} else {
data_len = j; // Actual decoded length
if (debug) {
printf("[DEBUG] Successfully decoded %zu bytes using base64\n", data_len);
fflush(stdout);
}
// Update statistics
tunnel->total_bytes_received += data_len; tunnel->total_bytes_received += data_len;
tunnel->bytes_last_period += data_len; tunnel->bytes_last_period += data_len;
} }
}
// Validate hex data length // If base64 failed or wasn't attempted, fall back to hex decoding
if (!data) {
// Fall back to hex decoding
if (hex_len % 2 != 0) { if (hex_len % 2 != 0) {
if (debug) { if (debug) {
printf("[DEBUG] Invalid hex data length: %zu (must be even), data_hex: %.50s...\n", hex_len, data_hex); printf("[DEBUG] Invalid hex data length: %zu (must be even), data: %.50s...\n", hex_len, data_hex);
fflush(stdout); fflush(stdout);
} }
pthread_mutex_unlock(&tunnel_mutex); pthread_mutex_unlock(&tunnel_mutex);
...@@ -920,12 +1282,11 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id ...@@ -920,12 +1282,11 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id
expected_data_len = hex_len / 2; expected_data_len = hex_len / 2;
} }
// Decode hex data data_len = expected_data_len;
size_t data_len = hex_len / 2; data = malloc(data_len);
char *data = malloc(data_len);
if (!data) { if (!data) {
if (debug) { if (debug) {
printf("[DEBUG] Failed to allocate memory for %zu bytes of decoded data\n", data_len); printf("[DEBUG] Failed to allocate memory for %zu bytes of hex decoded data\n", data_len);
fflush(stdout); fflush(stdout);
} }
pthread_mutex_unlock(&tunnel_mutex); pthread_mutex_unlock(&tunnel_mutex);
...@@ -933,6 +1294,7 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id ...@@ -933,6 +1294,7 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id
} }
// Use more efficient hex decoding // Use more efficient hex decoding
int hex_decode_success = 1;
for (size_t i = 0; i < data_len; i++) { for (size_t i = 0; i < data_len; i++) {
unsigned int byte_val; unsigned int byte_val;
if (i * 2 >= hex_len || sscanf(data_hex + i * 2, "%2x", &byte_val) != 1) { if (i * 2 >= hex_len || sscanf(data_hex + i * 2, "%2x", &byte_val) != 1) {
...@@ -940,11 +1302,27 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id ...@@ -940,11 +1302,27 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id
printf("[DEBUG] Failed to decode hex byte at position %zu\n", i * 2); printf("[DEBUG] Failed to decode hex byte at position %zu\n", i * 2);
fflush(stdout); fflush(stdout);
} }
hex_decode_success = 0;
break;
}
data[i] = (char)byte_val;
}
if (!hex_decode_success) {
free(data); free(data);
pthread_mutex_unlock(&tunnel_mutex); pthread_mutex_unlock(&tunnel_mutex);
return; return;
} }
data[i] = (char)byte_val;
if (debug) {
printf("[DEBUG] Successfully decoded %zu bytes using hex\n", data_len);
fflush(stdout);
}
// Update statistics
tunnel->total_bytes_received += data_len;
tunnel->bytes_last_period += data_len;
}
} }
int target_sock = -1; int target_sock = -1;
...@@ -1000,6 +1378,7 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id ...@@ -1000,6 +1378,7 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id
// Check if target socket is valid // Check if target socket is valid
if (target_sock < 0) { if (target_sock < 0) {
// Suppress tunnel_data debug messages in debug mode // Suppress tunnel_data debug messages in debug mode
free(data);
pthread_mutex_unlock(&tunnel_mutex); pthread_mutex_unlock(&tunnel_mutex);
return; return;
} }
...@@ -1024,20 +1403,17 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id ...@@ -1024,20 +1403,17 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id
fflush(stdout); fflush(stdout);
} }
ssize_t sent = send(target_sock, data, data_len, 0); size_t total_sent = 0;
while (total_sent < data_len) {
ssize_t sent = send(target_sock, data + total_sent, data_len - total_sent, 0);
if (sent < 0) { if (sent < 0) {
if (debug) { if (debug) {
printf("[DEBUG] Failed to send %zu bytes to target socket %d: %s (errno=%d)\n", printf("[DEBUG] Failed to send %zu bytes to target socket %d: %s (errno=%d)\n",
data_len, target_sock, strerror(errno), errno); data_len - total_sent, target_sock, strerror(errno), errno);
fflush(stdout); fflush(stdout);
} }
// Only mark tunnel inactive for fatal connection errors // Mark tunnel inactive for any send error
if (errno == EPIPE || errno == ECONNRESET || errno == EBADF) {
if (debug) {
printf("[DEBUG] Fatal connection error, marking tunnel inactive\n");
fflush(stdout);
}
pthread_mutex_lock(&tunnel_mutex); pthread_mutex_lock(&tunnel_mutex);
if (tunnel) { if (tunnel) {
tunnel->active = 0; tunnel->active = 0;
...@@ -1045,15 +1421,14 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id ...@@ -1045,15 +1421,14 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id
send_tunnel_close(tunnel->ssl, tunnel->request_id, debug); send_tunnel_close(tunnel->ssl, tunnel->request_id, debug);
} }
pthread_mutex_unlock(&tunnel_mutex); pthread_mutex_unlock(&tunnel_mutex);
free(data);
return;
} }
// For EAGAIN/EWOULDBLOCK and other errors, don't mark tunnel inactive total_sent += sent;
// The data will be lost but the tunnel can continue
} else if (debug) {
if ((size_t)sent != data_len) {
printf("[DEBUG] Partial send: sent %zd of %zu bytes\n", sent, data_len);
} else {
printf("[DEBUG] Successfully sent %zu bytes to target\n", data_len);
} }
if (debug) {
printf("[DEBUG] Successfully sent %zu bytes to target\n", data_len);
fflush(stdout); fflush(stdout);
} }
} }
...@@ -1144,6 +1519,42 @@ void handle_tunnel_keepalive_ack(SSL *ssl __attribute__((unused)), const char *r ...@@ -1144,6 +1519,42 @@ void handle_tunnel_keepalive_ack(SSL *ssl __attribute__((unused)), const char *r
pthread_mutex_unlock(&tunnel_mutex); pthread_mutex_unlock(&tunnel_mutex);
} }
void handle_tunnel_ack(SSL *ssl __attribute__((unused)), const char *request_id, uint32_t frame_id, int debug) {
pthread_mutex_lock(&tunnel_mutex);
tunnel_t *tunnel = find_tunnel_by_request_id(request_id);
if (tunnel && tunnel->retransmission_buffer) {
retransmission_buffer_ack(tunnel->retransmission_buffer, frame_id);
if (debug) {
printf("[DEBUG - Tunnel] ACK received for frame %u in tunnel %s\n", frame_id, request_id);
fflush(stdout);
}
} else {
if (debug) {
printf("[DEBUG - Tunnel] ACK received for unknown tunnel %s or no retransmission buffer\n", request_id);
fflush(stdout);
}
}
pthread_mutex_unlock(&tunnel_mutex);
}
void handle_tunnel_ko(SSL *ssl __attribute__((unused)), const char *request_id, uint32_t frame_id, int debug) {
pthread_mutex_lock(&tunnel_mutex);
tunnel_t *tunnel = find_tunnel_by_request_id(request_id);
if (tunnel && tunnel->retransmission_buffer) {
retransmission_buffer_ko(tunnel->retransmission_buffer, frame_id);
if (debug) {
printf("[DEBUG - Tunnel] KO received for frame %u in tunnel %s\n", frame_id, request_id);
fflush(stdout);
}
} else {
if (debug) {
printf("[DEBUG - Tunnel] KO received for unknown tunnel %s or no retransmission buffer\n", request_id);
fflush(stdout);
}
}
pthread_mutex_unlock(&tunnel_mutex);
}
void send_tunnel_keepalive(SSL *ssl, tunnel_t *tunnel, int debug) { void send_tunnel_keepalive(SSL *ssl, tunnel_t *tunnel, int debug) {
if (!tunnel || !tunnel->active) return; if (!tunnel || !tunnel->active) return;
...@@ -1202,6 +1613,11 @@ void check_keepalive_timeouts(int debug) { ...@@ -1202,6 +1613,11 @@ void check_keepalive_timeouts(int debug) {
tunnel->broken = 1; tunnel->broken = 1;
send_tunnel_close(tunnel->ssl, tunnel->request_id, debug); send_tunnel_close(tunnel->ssl, tunnel->request_id, debug);
} }
// Garbage collect retransmission buffer
if (tunnel->retransmission_buffer) {
retransmission_buffer_gc(tunnel->retransmission_buffer);
}
} }
} }
pthread_mutex_unlock(&tunnel_mutex); pthread_mutex_unlock(&tunnel_mutex);
...@@ -1269,7 +1685,6 @@ int reconnect_websocket(tunnel_t *tunnel, const char *wssshd_host, int wssshd_po ...@@ -1269,7 +1685,6 @@ int reconnect_websocket(tunnel_t *tunnel, const char *wssshd_host, int wssshd_po
} }
// Send detailed tunnel request with transport information // Send detailed tunnel request with transport information
char tunnel_request_msg[1024];
char *expanded_tunnel = expand_transport_list("any", 0); // Data channel transports char *expanded_tunnel = expand_transport_list("any", 0); // Data channel transports
char *expanded_tunnel_control = expand_transport_list("any", 1); // Control channel transports char *expanded_tunnel_control = expand_transport_list("any", 1); // Control channel transports
...@@ -1277,11 +1692,7 @@ int reconnect_websocket(tunnel_t *tunnel, const char *wssshd_host, int wssshd_po ...@@ -1277,11 +1692,7 @@ int reconnect_websocket(tunnel_t *tunnel, const char *wssshd_host, int wssshd_po
char *best_tunnel = select_best_transport(expanded_tunnel); char *best_tunnel = select_best_transport(expanded_tunnel);
char *best_tunnel_control = select_best_transport(expanded_tunnel_control); char *best_tunnel_control = select_best_transport(expanded_tunnel_control);
snprintf(tunnel_request_msg, sizeof(tunnel_request_msg), if (!send_tunnel_request_message_with_enc(ssl, client_id, request_id, best_tunnel ? best_tunnel : expanded_tunnel, best_tunnel_control ? best_tunnel_control : expanded_tunnel_control, "ssh", tunnel->bin ? ENCODING_BINARY : ENCODING_HEX)) {
"{\"type\":\"tunnel_request\",\"client_id\":\"%s\",\"request_id\":\"%s\",\"tunnel\":\"%s\",\"tunnel_control\":\"%s\",\"service\":\"ssh\",\"version\":\"%s\"}",
client_id, request_id, best_tunnel ? best_tunnel : expanded_tunnel, best_tunnel_control ? best_tunnel_control : expanded_tunnel_control, WSSSH_VERSION);
if (!send_websocket_frame(ssl, tunnel_request_msg)) {
free(expanded_tunnel); free(expanded_tunnel);
free(expanded_tunnel_control); free(expanded_tunnel_control);
if (best_tunnel) free(best_tunnel); if (best_tunnel) free(best_tunnel);
...@@ -1358,7 +1769,7 @@ int reconnect_websocket(tunnel_t *tunnel, const char *wssshd_host, int wssshd_po ...@@ -1358,7 +1769,7 @@ int reconnect_websocket(tunnel_t *tunnel, const char *wssshd_host, int wssshd_po
return 0; return 0;
} }
int setup_tunnel(const char *wssshd_host, int wssshd_port, const char *client_id, int local_port, int debug, int use_buffer, const char *tunnel_host) { int setup_tunnel(const char *wssshd_host, int wssshd_port, const char *client_id, int local_port, int debug, int use_buffer, const char *tunnel_host, wsssh_encoding_t encoding) {
struct sockaddr_in server_addr; struct sockaddr_in server_addr;
struct hostent *he; struct hostent *he;
int sock; int sock;
...@@ -1427,7 +1838,6 @@ int setup_tunnel(const char *wssshd_host, int wssshd_port, const char *client_id ...@@ -1427,7 +1838,6 @@ int setup_tunnel(const char *wssshd_host, int wssshd_port, const char *client_id
} }
// Send detailed tunnel request with transport information // Send detailed tunnel request with transport information
char tunnel_request_msg[1024];
char *expanded_tunnel = expand_transport_list("any", 0); // Data channel transports char *expanded_tunnel = expand_transport_list("any", 0); // Data channel transports
char *expanded_tunnel_control = expand_transport_list("any", 1); // Control channel transports char *expanded_tunnel_control = expand_transport_list("any", 1); // Control channel transports
...@@ -1435,11 +1845,7 @@ int setup_tunnel(const char *wssshd_host, int wssshd_port, const char *client_id ...@@ -1435,11 +1845,7 @@ int setup_tunnel(const char *wssshd_host, int wssshd_port, const char *client_id
char *best_tunnel = select_best_transport(expanded_tunnel); char *best_tunnel = select_best_transport(expanded_tunnel);
char *best_tunnel_control = select_best_transport(expanded_tunnel_control); char *best_tunnel_control = select_best_transport(expanded_tunnel_control);
snprintf(tunnel_request_msg, sizeof(tunnel_request_msg), if (!send_tunnel_request_message_with_enc(ssl, client_id, request_id, best_tunnel ? best_tunnel : expanded_tunnel, best_tunnel_control ? best_tunnel_control : expanded_tunnel_control, "ssh", encoding)) {
"{\"type\":\"tunnel_request\",\"client_id\":\"%s\",\"request_id\":\"%s\",\"tunnel\":\"%s\",\"tunnel_control\":\"%s\",\"service\":\"ssh\",\"version\":\"%s\"}",
client_id, request_id, best_tunnel ? best_tunnel : expanded_tunnel, best_tunnel_control ? best_tunnel_control : expanded_tunnel_control, WSSSH_VERSION);
if (!send_websocket_frame(ssl, tunnel_request_msg)) {
free(expanded_tunnel); free(expanded_tunnel);
free(expanded_tunnel_control); free(expanded_tunnel_control);
if (best_tunnel) free(best_tunnel); if (best_tunnel) free(best_tunnel);
...@@ -1597,6 +2003,21 @@ int setup_tunnel(const char *wssshd_host, int wssshd_port, const char *client_id ...@@ -1597,6 +2003,21 @@ int setup_tunnel(const char *wssshd_host, int wssshd_port, const char *client_id
new_tunnel->broken = 0; new_tunnel->broken = 0;
new_tunnel->ssl = ssl; new_tunnel->ssl = ssl;
new_tunnel->server_version_sent = 0; new_tunnel->server_version_sent = 0;
new_tunnel->bin = (encoding == ENCODING_BINARY);
// Initialize retransmission buffer for reliable transmission
new_tunnel->retransmission_buffer = retransmission_buffer_init();
if (!new_tunnel->retransmission_buffer) {
perror("Failed to initialize retransmission buffer");
if (use_buffer) frame_buffer_free(new_tunnel->outgoing_buffer);
frame_buffer_free(new_tunnel->incoming_buffer);
free(new_tunnel);
pthread_mutex_unlock(&tunnel_mutex);
SSL_free(ssl);
SSL_CTX_free(ssl_ctx);
close(sock);
return -1;
}
// Add the new tunnel to the array for multiple tunnel support // Add the new tunnel to the array for multiple tunnel support
pthread_mutex_lock(&tunnel_mutex); pthread_mutex_lock(&tunnel_mutex);
......
wssshtools/libwsssht/tunnel.h
View file @ 8bd04b0a
...@@ -22,6 +22,7 @@ ...@@ -22,6 +22,7 @@
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <pthread.h> #include <pthread.h>
#include "data_messages.h"
// Frame buffer for wsscp // Frame buffer for wsscp
typedef struct { typedef struct {
...@@ -50,6 +51,10 @@ typedef struct { ...@@ -50,6 +51,10 @@ typedef struct {
unsigned long long total_bytes_received; // Total bytes received through tunnel unsigned long long total_bytes_received; // Total bytes received through tunnel
unsigned long long bytes_last_period; // Bytes transferred in last 30-second period unsigned long long bytes_last_period; // Bytes transferred in last 30-second period
time_t last_stats_reset; // When we last reset the period stats time_t last_stats_reset; // When we last reset the period stats
int bin; // Binary mode flag - if true, transmit data as binary instead of hex
// Reliable transmission
retransmission_buffer_t *retransmission_buffer; // Buffer for reliable message retransmission
} tunnel_t; } tunnel_t;
// Service configuration structure // Service configuration structure
...@@ -94,17 +99,21 @@ void *forward_ws_to_local(void *arg); ...@@ -94,17 +99,21 @@ void *forward_ws_to_local(void *arg);
void *forward_ws_to_ssh_server(void *arg); void *forward_ws_to_ssh_server(void *arg);
void *tunnel_thread(void *arg); void *tunnel_thread(void *arg);
void handle_tunnel_request(SSL *ssl, const char *request_id, int debug, const char *ssh_host, int ssh_port); void handle_tunnel_request(SSL *ssl, const char *request_id, int debug, const char *ssh_host, int ssh_port);
void handle_tunnel_request_with_enc(SSL *ssl, const char *request_id, int debug, const char *ssh_host, int ssh_port, wsssh_encoding_t encoding);
void handle_tunnel_request_with_service(SSL *ssl, const char *request_id, service_config_t *service, int debug); void handle_tunnel_request_with_service(SSL *ssl, const char *request_id, service_config_t *service, int debug);
void handle_tunnel_request_with_service_and_enc(SSL *ssl, const char *request_id, service_config_t *service, int debug, wsssh_encoding_t encoding);
void handle_tunnel_data(SSL *ssl, const char *request_id, const char *data_hex, int debug); void handle_tunnel_data(SSL *ssl, const char *request_id, const char *data_hex, int debug);
void handle_tunnel_close(SSL *ssl, const char *request_id, int debug); void handle_tunnel_close(SSL *ssl, const char *request_id, int debug);
void send_tunnel_close(SSL *ssl, const char *request_id, int debug); void send_tunnel_close(SSL *ssl, const char *request_id, int debug);
void handle_tunnel_keepalive(SSL *ssl, const char *request_id, unsigned long long total_bytes, double rate_bps, int debug); void handle_tunnel_keepalive(SSL *ssl, const char *request_id, unsigned long long total_bytes, double rate_bps, int debug);
void handle_tunnel_keepalive_ack(SSL *ssl, const char *request_id, int debug); void handle_tunnel_keepalive_ack(SSL *ssl, const char *request_id, int debug);
void handle_tunnel_ack(SSL *ssl, const char *request_id, uint32_t frame_id, int debug);
void handle_tunnel_ko(SSL *ssl, const char *request_id, uint32_t frame_id, int debug);
void send_tunnel_keepalive(SSL *ssl, tunnel_t *tunnel, int debug); void send_tunnel_keepalive(SSL *ssl, tunnel_t *tunnel, int debug);
void check_keepalive_timeouts(int debug); void check_keepalive_timeouts(int debug);
void cleanup_tunnel(int debug); void cleanup_tunnel(int debug);
int reconnect_websocket(tunnel_t *tunnel, const char *wssshd_host, int wssshd_port, const char *client_id, const char *request_id, int debug); int reconnect_websocket(tunnel_t *tunnel, const char *wssshd_host, int wssshd_port, const char *client_id, const char *request_id, int debug);
int setup_tunnel(const char *wssshd_host, int wssshd_port, const char *client_id, int local_port, int debug, int use_buffer, const char *tunnel_host); int setup_tunnel(const char *wssshd_host, int wssshd_port, const char *client_id, int local_port, int debug, int use_buffer, const char *tunnel_host, wsssh_encoding_t encoding);
// CPU affinity functions // CPU affinity functions
void init_cpu_affinity(void); void init_cpu_affinity(void);
......
wssshtools/libwsssht/utils.c
View file @ 8bd04b0a
...@@ -87,6 +87,7 @@ void print_usage(const char *program_name) { ...@@ -87,6 +87,7 @@ void print_usage(const char *program_name) {
fprintf(stderr, " --tunnel TRANSPORT Transport for data channel (comma-separated or 'any', or 'websocket' default: any)\n"); fprintf(stderr, " --tunnel TRANSPORT Transport for data channel (comma-separated or 'any', or 'websocket' default: any)\n");
fprintf(stderr, " --tunnel-control TYPES Transport types for control channel (comma-separated or 'any', default: any)\n"); fprintf(stderr, " --tunnel-control TYPES Transport types for control channel (comma-separated or 'any', default: any)\n");
fprintf(stderr, " --service SERVICE Service type (default: ssh)\n"); fprintf(stderr, " --service SERVICE Service type (default: ssh)\n");
fprintf(stderr, " --enc ENCODING Data encoding: hex, base64, or bin (default: hex)\n");
fprintf(stderr, " --mode MODE Operating mode: interactive, silent, bridge, script, pipe (default: interactive)\n"); fprintf(stderr, " --mode MODE Operating mode: interactive, silent, bridge, script, pipe (default: interactive)\n");
fprintf(stderr, " --silent Shortcut for --mode silent\n"); fprintf(stderr, " --silent Shortcut for --mode silent\n");
fprintf(stderr, " --bridge Shortcut for --mode bridge\n"); fprintf(stderr, " --bridge Shortcut for --mode bridge\n");
...@@ -148,6 +149,18 @@ int wsssht_parse_args(int argc, char *argv[], wsssh_config_t *config, int *remai ...@@ -148,6 +149,18 @@ int wsssht_parse_args(int argc, char *argv[], wsssh_config_t *config, int *remai
if (config->service) free(config->service); if (config->service) free(config->service);
config->service = strdup(argv[i + 1]); config->service = strdup(argv[i + 1]);
i++; // Skip the argument i++; // Skip the argument
} else if (strcmp(argv[i], "--enc") == 0 && i + 1 < argc) {
if (strcmp(argv[i + 1], "hex") == 0) {
config->encoding = ENCODING_HEX;
} else if (strcmp(argv[i + 1], "base64") == 0) {
config->encoding = ENCODING_BASE64;
} else if (strcmp(argv[i + 1], "bin") == 0) {
config->encoding = ENCODING_BINARY;
} else {
fprintf(stderr, "Error: Invalid encoding: %s (must be hex, base64, or bin)\n", argv[i + 1]);
return 0;
}
i++; // Skip the argument
} else if (strcmp(argv[i], "--debug") == 0) { } else if (strcmp(argv[i], "--debug") == 0) {
config->debug = 1; config->debug = 1;
} else if (strcmp(argv[i], "--mode") == 0 && i + 1 < argc) { } else if (strcmp(argv[i], "--mode") == 0 && i + 1 < argc) {
......
wssshtools/libwsssht/websocket.c
View file @ 8bd04b0a
...@@ -39,8 +39,7 @@ int websocket_handshake(SSL *ssl, const char *host, int port, const char *path, ...@@ -39,8 +39,7 @@ int websocket_handshake(SSL *ssl, const char *host, int port, const char *path,
int bytes_read; int bytes_read;
if (debug) { if (debug) {
printf("[DEBUG] Starting WebSocket handshake to %s:%d\n", host, port); fprintf(stderr, "[DEBUG] Starting WebSocket handshake to %s:%d\n", host, port);
fflush(stdout);
} }
// Send WebSocket handshake // Send WebSocket handshake
...@@ -55,8 +54,7 @@ int websocket_handshake(SSL *ssl, const char *host, int port, const char *path, ...@@ -55,8 +54,7 @@ int websocket_handshake(SSL *ssl, const char *host, int port, const char *path,
path, host, port); path, host, port);
if (debug) { if (debug) {
printf("[DEBUG] Sending WebSocket handshake request...\n"); fprintf(stderr, "[DEBUG] Sending WebSocket handshake request...\n");
fflush(stdout);
} }
// Lock SSL mutex for write operation // Lock SSL mutex for write operation
...@@ -69,8 +67,7 @@ int websocket_handshake(SSL *ssl, const char *host, int port, const char *path, ...@@ -69,8 +67,7 @@ int websocket_handshake(SSL *ssl, const char *host, int port, const char *path,
} }
if (debug) { if (debug) {
printf("[DEBUG] WebSocket handshake request sent, waiting for response...\n"); fprintf(stderr, "[DEBUG] WebSocket handshake request sent, waiting for response...\n");
fflush(stdout);
} }
// Read response // Read response
...@@ -84,20 +81,18 @@ int websocket_handshake(SSL *ssl, const char *host, int port, const char *path, ...@@ -84,20 +81,18 @@ int websocket_handshake(SSL *ssl, const char *host, int port, const char *path,
response[bytes_read] = '\0'; response[bytes_read] = '\0';
if (debug) { if (debug) {
printf("[DEBUG] Received WebSocket handshake response (%d bytes)\n", bytes_read); fprintf(stderr, "[DEBUG] Received WebSocket handshake response (%d bytes)\n", bytes_read);
} }
// Check for successful handshake // Check for successful handshake
if (strstr(response, "101 Switching Protocols") == NULL) { if (strstr(response, "101 Switching Protocols") == NULL) {
fprintf(stderr, "WebSocket handshake failed - no 101 response\n"); fprintf(stderr, "WebSocket handshake failed - no 101 response\n");
printf("[DEBUG] Response: %.200s\n", response); fprintf(stderr, "[DEBUG] Response: %.200s\n", response);
fflush(stdout);
return 0; return 0;
} }
if (debug) { if (debug) {
printf("[DEBUG] WebSocket handshake successful\n"); fprintf(stderr, "[DEBUG] WebSocket handshake successful\n");
fflush(stdout);
} }
return 1; return 1;
} }
...@@ -212,6 +207,114 @@ int send_websocket_frame(SSL *ssl, const char *data) { ...@@ -212,6 +207,114 @@ int send_websocket_frame(SSL *ssl, const char *data) {
return 1; return 1;
} }
int send_websocket_binary_frame(SSL *ssl, const unsigned char *data, size_t data_len) {
// Lock SSL mutex to prevent concurrent SSL operations
pthread_mutex_lock(&ssl_mutex);
int header_len = 2;
if (data_len <= 125) {
header_len = 6; // 2 + 4 for mask
} else if (data_len <= 65535) {
header_len = 8; // 4 + 4 for mask
} else {
header_len = 14; // 10 + 4 for mask
}
int frame_len = header_len + data_len;
char *frame = malloc(frame_len);
if (!frame) {
pthread_mutex_unlock(&ssl_mutex);
return 0;
}
frame[0] = 0x82; // FIN + binary opcode
if (data_len <= 125) {
frame[1] = 0x80 | data_len; // MASK + length
} else if (data_len <= 65535) {
frame[1] = 0x80 | 126; // MASK + extended length
frame[2] = (data_len >> 8) & 0xFF;
frame[3] = data_len & 0xFF;
} else {
frame[1] = 0x80 | 127; // MASK + extended length
frame[2] = 0;
frame[3] = 0;
frame[4] = 0;
frame[5] = 0;
frame[6] = (data_len >> 24) & 0xFF;
frame[7] = (data_len >> 16) & 0xFF;
frame[8] = (data_len >> 8) & 0xFF;
frame[9] = data_len & 0xFF;
}
// Add mask key
char mask_key[4];
for (int i = 0; i < 4; i++) {
mask_key[i] = rand() % 256;
frame[header_len - 4 + i] = mask_key[i];
}
// Mask payload
for (size_t i = 0; i < data_len; i++) {
frame[header_len + i] = data[i] ^ mask_key[i % 4];
}
// Handle partial writes for large frames with SIGINT checking
int total_written = 0;
int retry_count = 0;
const int max_retries = 3;
while (total_written < frame_len && retry_count < max_retries) {
// Check for SIGINT to allow interruption
if (sigint_received) {
fprintf(stderr, "[DEBUG] SIGINT received during WebSocket send, aborting\n");
fflush(stderr);
free(frame);
pthread_mutex_unlock(&ssl_mutex);
return 0;
}
int to_write = frame_len - total_written;
// Limit to BUFFER_SIZE to avoid issues with very large frames
if (to_write > BUFFER_SIZE) {
to_write = BUFFER_SIZE;
}
int written = SSL_write(ssl, frame + total_written, to_write);
if (written <= 0) {
int ssl_error = SSL_get_error(ssl, written);
// Handle transient SSL errors with retry
if ((ssl_error == SSL_ERROR_WANT_READ || ssl_error == SSL_ERROR_WANT_WRITE) && retry_count < max_retries - 1) {
retry_count++;
usleep(10000); // Wait 10ms before retry
continue; // Retry the write operation
}
fprintf(stderr, "WebSocket binary frame SSL_write failed: %d (after %d retries)\n", ssl_error, retry_count);
char error_buf[256];
ERR_error_string_n(ssl_error, error_buf, sizeof(error_buf));
fprintf(stderr, "SSL write error details: %s\n", error_buf);
free(frame);
pthread_mutex_unlock(&ssl_mutex);
return 0; // Write failed
}
total_written += written;
retry_count = 0; // Reset retry count on successful write
}
if (total_written < frame_len) {
fprintf(stderr, "WebSocket binary frame write incomplete: %d/%d bytes written\n", total_written, frame_len);
free(frame);
pthread_mutex_unlock(&ssl_mutex);
return 0;
}
free(frame);
pthread_mutex_unlock(&ssl_mutex);
return 1;
}
// Bridge mode transport layer functions - Pure WebSocket connection without tunnel setup // Bridge mode transport layer functions - Pure WebSocket connection without tunnel setup
int setup_websocket_connection(const char *host, int port, const char *client_id, int debug, SSL_CTX **ctx_out) { int setup_websocket_connection(const char *host, int port, const char *client_id, int debug, SSL_CTX **ctx_out) {
int sock; int sock;
...@@ -220,8 +323,7 @@ int setup_websocket_connection(const char *host, int port, const char *client_id ...@@ -220,8 +323,7 @@ int setup_websocket_connection(const char *host, int port, const char *client_id
SSL *ssl; SSL *ssl;
if (debug) { if (debug) {
printf("[DEBUG] Setting up pure WebSocket connection to %s:%d for client %s\n", host, port, client_id); fprintf(stderr, "[DEBUG] Setting up pure WebSocket connection to %s:%d for client %s\n", host, port, client_id);
fflush(stdout);
} }
// Create socket // Create socket
...@@ -313,8 +415,7 @@ int setup_websocket_connection(const char *host, int port, const char *client_id ...@@ -313,8 +415,7 @@ int setup_websocket_connection(const char *host, int port, const char *client_id
// For now, we'll handle cleanup in the calling function // For now, we'll handle cleanup in the calling function
if (debug) { if (debug) {
printf("[DEBUG] Pure WebSocket connection established successfully\n"); fprintf(stderr, "[DEBUG] Pure WebSocket connection established successfully\n");
fflush(stdout);
} }
// Return the SSL context for proper cleanup // Return the SSL context for proper cleanup
......
wssshtools/libwsssht/websocket.h
View file @ 8bd04b0a
...@@ -23,11 +23,12 @@ ...@@ -23,11 +23,12 @@
#include <openssl/ssl.h> #include <openssl/ssl.h>
// WSSSH version // WSSSH version
#define WSSSH_VERSION "1.6.1" #define WSSSH_VERSION "1.6.5"
// Function declarations // Function declarations
int websocket_handshake(SSL *ssl, const char *host, int port, const char *path, int debug); int websocket_handshake(SSL *ssl, const char *host, int port, const char *path, int debug);
int send_websocket_frame(SSL *ssl, const char *data); int send_websocket_frame(SSL *ssl, const char *data);
int send_websocket_binary_frame(SSL *ssl, const unsigned char *data, size_t data_len);
int parse_websocket_frame(const char *buffer, int bytes_read, char **payload, int *payload_len); int parse_websocket_frame(const char *buffer, int bytes_read, char **payload, int *payload_len);
// Bridge mode transport layer functions // Bridge mode transport layer functions
......
wssshtools/libwsssht/wssh_ssl.c
View file @ 8bd04b0a
...@@ -46,8 +46,7 @@ SSL *create_ssl_connection(SSL_CTX *ssl_ctx, int sock, int debug) { ...@@ -46,8 +46,7 @@ SSL *create_ssl_connection(SSL_CTX *ssl_ctx, int sock, int debug) {
SSL_set_fd(ssl, sock); SSL_set_fd(ssl, sock);
if (debug) { if (debug) {
printf("[DEBUG] Establishing SSL connection...\n"); fprintf(stderr, "[DEBUG] Establishing SSL connection...\n");
fflush(stdout);
} }
if (SSL_connect(ssl) <= 0) { if (SSL_connect(ssl) <= 0) {
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stderr);
...@@ -56,8 +55,7 @@ SSL *create_ssl_connection(SSL_CTX *ssl_ctx, int sock, int debug) { ...@@ -56,8 +55,7 @@ SSL *create_ssl_connection(SSL_CTX *ssl_ctx, int sock, int debug) {
return NULL; return NULL;
} }
if (debug) { if (debug) {
printf("[DEBUG] SSL connection established\n"); fprintf(stderr, "[DEBUG] SSL connection established\n");
fflush(stdout);
} }
return ssl; return ssl;
......
wssshtools/libwsssht/wssshlib.h
View file @ 8bd04b0a
...@@ -61,6 +61,13 @@ typedef enum { ...@@ -61,6 +61,13 @@ typedef enum {
MODE_PIPE // ProxyCommand mode: stdin/stdout proxy MODE_PIPE // ProxyCommand mode: stdin/stdout proxy
} wsssh_mode_t; } wsssh_mode_t;
// Data encoding modes
typedef enum {
ENCODING_HEX = 0, // Default: hex encoding
ENCODING_BASE64, // Base64 encoding
ENCODING_BINARY // Binary (no encoding)
} wsssh_encoding_t;
// Config structures // Config structures
typedef struct { typedef struct {
char *local_port; char *local_port;
...@@ -75,6 +82,7 @@ typedef struct { ...@@ -75,6 +82,7 @@ typedef struct {
char *tunnel_control; // Transport types for control channel (comma-separated or "any") char *tunnel_control; // Transport types for control channel (comma-separated or "any")
char *service; // Service type (default: "ssh") char *service; // Service type (default: "ssh")
wsssh_mode_t mode; // Operating mode wsssh_mode_t mode; // Operating mode
wsssh_encoding_t encoding; // Data encoding mode
int daemon; // Daemon mode: lazy initialization int daemon; // Daemon mode: lazy initialization
} wsssh_config_t; } wsssh_config_t;
......
wssshtools/man/wsssht.1
View file @ 8bd04b0a
...@@ -14,6 +14,7 @@ wsssht \- WSSH Tunnel Setup Tool ...@@ -14,6 +14,7 @@ wsssht \- WSSH Tunnel Setup Tool
[\fB\-\-tunnel\fR \fITRANSPORT\fR] [\fB\-\-tunnel\fR \fITRANSPORT\fR]
[\fB\-\-tunnel\-control\fR \fITYPES\fR] [\fB\-\-tunnel\-control\fR \fITYPES\fR]
[\fB\-\-service\fR \fISERVICE\fR] [\fB\-\-service\fR \fISERVICE\fR]
[\fB\-\-enc\fR \fIENCODING\fR]
[\fB\-\-mode\fR \fIMODE\fR] [\fB\-\-mode\fR \fIMODE\fR]
[\fB\-\-silent\fR] [\fB\-\-silent\fR]
[\fB\-\-bridge\fR] [\fB\-\-bridge\fR]
...@@ -66,6 +67,9 @@ Transport types for control channel (comma\-separated or 'any', default: any) ...@@ -66,6 +67,9 @@ Transport types for control channel (comma\-separated or 'any', default: any)
.BR \-\-service " \fISERVICE\fR" .BR \-\-service " \fISERVICE\fR"
Service type (default: ssh) Service type (default: ssh)
.TP .TP
.BR \-\-enc " \fIENCODING\fR"
Data encoding: hex, base64, or bin (default: hex)
.TP
.BR \-\-mode " \fIMODE\fR" .BR \-\-mode " \fIMODE\fR"
Operating mode: interactive, silent, bridge, script (default: interactive) Operating mode: interactive, silent, bridge, script (default: interactive)
.TP .TP
...@@ -180,6 +184,7 @@ tunnel-host=127.0.0.1 ...@@ -180,6 +184,7 @@ tunnel-host=127.0.0.1
tunnel=websocket tunnel=websocket
tunnel-control=websocket tunnel-control=websocket
service=ssh service=ssh
enc=hex
interval=5 interval=5
.fi .fi
.RE .RE
......
wssshtools/wssshc.c
View file @ 8bd04b0a
...@@ -52,19 +52,16 @@ volatile sig_atomic_t reload_config = 0; ...@@ -52,19 +52,16 @@ volatile sig_atomic_t reload_config = 0;
void sigint_handler(int sig __attribute__((unused))) { void sigint_handler(int sig __attribute__((unused))) {
sigint_count++; sigint_count++;
if (sigint_count == 1) { if (sigint_count == 1) {
fprintf(stderr, "\nReceived SIGINT, attempting graceful shutdown...\n"); // Set flag for graceful shutdown - main thread will handle logging
fflush(stderr);
graceful_shutdown = 1; graceful_shutdown = 1;
} else if (sigint_count >= 2) { } else if (sigint_count >= 2) {
fprintf(stderr, "\nReceived second SIGINT, exiting immediately...\n"); // Force immediate exit on second SIGINT
fflush(stderr); _exit(1); // Use _exit() instead of exit() for signal safety
exit(1);
} }
} }
void sighup_handler(int sig __attribute__((unused))) { void sighup_handler(int sig __attribute__((unused))) {
fprintf(stderr, "\nReceived SIGHUP, reloading configuration...\n"); // Set flag for configuration reload - main thread will handle logging
fflush(stderr);
reload_config = 1; reload_config = 1;
} }
...@@ -78,8 +75,13 @@ void print_status() { ...@@ -78,8 +75,13 @@ void print_status() {
int minutes = (uptime % 3600) / 60; int minutes = (uptime % 3600) / 60;
int seconds = uptime % 60; int seconds = uptime % 60;
// Protect access to active_tunnels_count with mutex
pthread_mutex_lock(&tunnel_mutex);
int tunnel_count = active_tunnels_count;
pthread_mutex_unlock(&tunnel_mutex);
printf("[STATUS] Uptime: %02d:%02d:%02d | Active tunnels: %d\n", printf("[STATUS] Uptime: %02d:%02d:%02d | Active tunnels: %d\n",
hours, minutes, seconds, active_tunnels_count); hours, minutes, seconds, tunnel_count);
} }
...@@ -1343,10 +1345,12 @@ int connect_to_server(const wssshc_config_t *config, service_config_t ***service ...@@ -1343,10 +1345,12 @@ int connect_to_server(const wssshc_config_t *config, service_config_t ***service
// Parse JSON message // Parse JSON message
if (strstr(buffer, "tunnel_request")) { if (strstr(buffer, "tunnel_request")) {
// Extract request_id // Extract request_id, service, and enc
char *id_start = strstr(buffer, "\"request_id\""); char *id_start = strstr(buffer, "\"request_id\"");
char *service_start = strstr(buffer, "\"service\""); char *service_start = strstr(buffer, "\"service\"");
char *enc_start = strstr(buffer, "\"enc\"");
char service_name[256] = ""; char service_name[256] = "";
wsssh_encoding_t encoding = ENCODING_HEX; // Default to hex
if (id_start) { if (id_start) {
char *colon = strchr(id_start, ':'); char *colon = strchr(id_start, ':');
if (colon) { if (colon) {
...@@ -1371,8 +1375,32 @@ int connect_to_server(const wssshc_config_t *config, service_config_t ***service ...@@ -1371,8 +1375,32 @@ int connect_to_server(const wssshc_config_t *config, service_config_t ***service
} }
} }
} }
// Extract enc mode if present
if (enc_start) {
char *enc_colon = strchr(enc_start, ':');
if (enc_colon) {
char *enc_quote = strchr(enc_colon, '"');
if (enc_quote) {
enc_start = enc_quote + 1;
char *enc_end = strchr(enc_start, '"');
if (enc_end) {
*enc_end = '\0';
if (strcmp(enc_start, "hex") == 0) {
encoding = ENCODING_HEX;
} else if (strcmp(enc_start, "base64") == 0) {
encoding = ENCODING_BASE64;
} else if (strcmp(enc_start, "bin") == 0) {
encoding = ENCODING_BINARY;
}
}
}
}
}
if (config->debug) { if (config->debug) {
printf("[DEBUG - WebSockets] Received tunnel_request for ID: %s, service: %s\n", id_start, service_name[0] ? service_name : "(default)"); const char *enc_str = "hex";
if (encoding == ENCODING_BASE64) enc_str = "base64";
else if (encoding == ENCODING_BINARY) enc_str = "bin";
printf("[DEBUG - WebSockets] Received tunnel_request for ID: %s, service: %s, enc: %s\n", id_start, service_name[0] ? service_name : "(default)", enc_str);
fflush(stdout); fflush(stdout);
} else { } else {
printf("[EVENT] New tunnel request: %s\n", id_start); printf("[EVENT] New tunnel request: %s\n", id_start);
...@@ -1392,13 +1420,13 @@ int connect_to_server(const wssshc_config_t *config, service_config_t ***service ...@@ -1392,13 +1420,13 @@ int connect_to_server(const wssshc_config_t *config, service_config_t ***service
printf("[DEBUG] Using service configuration: %s (host: %s, port: %d, proto: %s)\n", printf("[DEBUG] Using service configuration: %s (host: %s, port: %d, proto: %s)\n",
service->name, service->tunnel_host, service->tunnel_port, service->proto); service->name, service->tunnel_host, service->tunnel_port, service->proto);
} }
handle_tunnel_request_with_service(ssl, id_start, service, config->debug); handle_tunnel_request_with_service_and_enc(ssl, id_start, service, config->debug, encoding);
} else { } else {
if (config->debug) { if (config->debug) {
printf("[DEBUG] No service configuration found for '%s', using default tunnel settings\n", printf("[DEBUG] No service configuration found for '%s', using default tunnel settings\n",
requested_service ? requested_service : "(none)"); requested_service ? requested_service : "(none)");
} }
handle_tunnel_request(ssl, id_start, config->debug, config->tunnel_host, config->tunnel_port); handle_tunnel_request_with_enc(ssl, id_start, config->debug, config->tunnel_host, config->tunnel_port, encoding);
} }
} }
} }
...@@ -1516,6 +1544,52 @@ int connect_to_server(const wssshc_config_t *config, service_config_t ***service ...@@ -1516,6 +1544,52 @@ int connect_to_server(const wssshc_config_t *config, service_config_t ***service
} }
} }
} }
} else if (strstr(buffer, "tunnel_ack")) {
// Extract request_id and frame_id
char *id_start = strstr(buffer, "\"request_id\"");
char *frame_start = strstr(buffer, "\"frame_id\"");
if (id_start && frame_start) {
char *colon = strchr(id_start, ':');
if (colon) {
char *open_quote = strchr(colon, '"');
if (open_quote) {
id_start = open_quote + 1;
char *close_quote = strchr(id_start, '"');
if (close_quote) {
*close_quote = '\0';
// Extract frame_id
char *frame_colon = strchr(frame_start, ':');
if (frame_colon) {
uint32_t frame_id = (uint32_t)atoi(frame_colon + 1);
handle_tunnel_ack(ssl, id_start, frame_id, config->debug);
}
}
}
}
}
} else if (strstr(buffer, "tunnel_ko")) {
// Extract request_id and frame_id
char *id_start = strstr(buffer, "\"request_id\"");
char *frame_start = strstr(buffer, "\"frame_id\"");
if (id_start && frame_start) {
char *colon = strchr(id_start, ':');
if (colon) {
char *open_quote = strchr(colon, '"');
if (open_quote) {
id_start = open_quote + 1;
char *close_quote = strchr(id_start, '"');
if (close_quote) {
*close_quote = '\0';
// Extract frame_id
char *frame_colon = strchr(frame_start, ':');
if (frame_colon) {
uint32_t frame_id = (uint32_t)atoi(frame_colon + 1);
handle_tunnel_ko(ssl, id_start, frame_id, config->debug);
}
}
}
}
}
} }
} }
...@@ -1666,6 +1740,8 @@ int main(int argc, char *argv[]) { ...@@ -1666,6 +1740,8 @@ int main(int argc, char *argv[]) {
while (1) { while (1) {
// Check for graceful shutdown before attempting to reconnect // Check for graceful shutdown before attempting to reconnect
if (graceful_shutdown) { if (graceful_shutdown) {
fprintf(stderr, "\nReceived SIGINT, attempting graceful shutdown...\n");
fflush(stderr);
printf("Graceful shutdown requested, exiting...\n"); printf("Graceful shutdown requested, exiting...\n");
cleanup_tunnel(config.debug); cleanup_tunnel(config.debug);
break; break;
...@@ -1674,6 +1750,8 @@ int main(int argc, char *argv[]) { ...@@ -1674,6 +1750,8 @@ int main(int argc, char *argv[]) {
// Check for configuration reload // Check for configuration reload
if (reload_config) { if (reload_config) {
reload_config = 0; // Reset flag reload_config = 0; // Reset flag
fprintf(stderr, "\nReceived SIGHUP, reloading configuration...\n");
fflush(stderr);
reload_configuration(&config, &services, &num_services); reload_configuration(&config, &services, &num_services);
} }
......
wssshtools/wsssht.c
View file @ 8bd04b0a
...@@ -51,14 +51,12 @@ volatile sig_atomic_t tunnel_close_sent = 0; ...@@ -51,14 +51,12 @@ volatile sig_atomic_t tunnel_close_sent = 0;
void signal_handler(int sig __attribute__((unused))) { void signal_handler(int sig __attribute__((unused))) {
sigint_count++; sigint_count++;
if (sigint_count == 1) { if (sigint_count == 1) {
fprintf(stderr, "\nReceived signal %d, attempting graceful shutdown...\n", sig); // Set flag for graceful shutdown - main thread will handle logging
fflush(stderr);
graceful_shutdown = 1; graceful_shutdown = 1;
} else if (sigint_count >= 2) { } else if (sigint_count >= 2) {
fprintf(stderr, "\nReceived second signal, exiting immediately...\n"); // Force immediate exit on second signal
fflush(stderr);
force_exit = 1; force_exit = 1;
exit(1); _exit(1); // Use _exit() instead of exit() for signal safety
} }
} }
...@@ -67,15 +65,14 @@ void cleanup_on_exit(void) { ...@@ -67,15 +65,14 @@ void cleanup_on_exit(void) {
if (!force_exit && !tunnel_close_sent) { if (!force_exit && !tunnel_close_sent) {
pthread_mutex_lock(&tunnel_mutex); pthread_mutex_lock(&tunnel_mutex);
if (active_tunnel && active_tunnel->active && active_tunnel->ssl) { if (active_tunnel && active_tunnel->active && active_tunnel->ssl) {
fprintf(stderr, "Sending tunnel_close on exit...\n"); // Send tunnel_close without debug output for cleaner exit
send_tunnel_close(active_tunnel->ssl, active_tunnel->request_id, 0); // debug=0 for cleaner output send_tunnel_close(active_tunnel->ssl, active_tunnel->request_id, 0);
tunnel_close_sent = 1; tunnel_close_sent = 1;
// Wait up to 3 seconds for tunnel close to complete, but allow interruption // Wait up to 3 seconds for tunnel close to complete, but allow interruption
time_t shutdown_start = time(NULL); time_t shutdown_start = time(NULL);
while (time(NULL) - shutdown_start < 3 && !force_exit) { while (time(NULL) - shutdown_start < 3 && !force_exit) {
if (!active_tunnel->active) { if (!active_tunnel->active) {
fprintf(stderr, "Tunnel closed gracefully\n");
break; break;
} }
usleep(100000); // Sleep 100ms before checking again usleep(100000); // Sleep 100ms before checking again
...@@ -97,6 +94,7 @@ int main(int argc, char *argv[]) { ...@@ -97,6 +94,7 @@ int main(int argc, char *argv[]) {
char *config_service = read_config_value_from_file("service", "wsssht"); char *config_service = read_config_value_from_file("service", "wsssht");
char *config_tunnel_host = read_config_value_from_file("tunnel-host", "wsssht"); char *config_tunnel_host = read_config_value_from_file("tunnel-host", "wsssht");
char *config_interval = read_config_value_from_file("interval", "wsssht"); char *config_interval = read_config_value_from_file("interval", "wsssht");
char *config_enc = read_config_value_from_file("enc", "wsssht");
// Parse mode from config // Parse mode from config
wsssh_mode_t initial_mode = MODE_INTERACTIVE; wsssh_mode_t initial_mode = MODE_INTERACTIVE;
...@@ -122,6 +120,21 @@ int main(int argc, char *argv[]) { ...@@ -122,6 +120,21 @@ int main(int argc, char *argv[]) {
free(config_daemon); free(config_daemon);
} }
// Parse encoding from config
wsssh_encoding_t initial_encoding = ENCODING_HEX;
if (config_enc) {
if (strcmp(config_enc, "hex") == 0) {
initial_encoding = ENCODING_HEX;
} else if (strcmp(config_enc, "base64") == 0) {
initial_encoding = ENCODING_BASE64;
} else if (strcmp(config_enc, "bin") == 0) {
initial_encoding = ENCODING_BINARY;
} else {
fprintf(stderr, "Warning: Invalid encoding in config: %s, using hex\n", config_enc);
}
free(config_enc);
}
wsssh_config_t config = { wsssh_config_t config = {
.local_port = NULL, .local_port = NULL,
.tunnel_host = config_tunnel_host ? strdup(config_tunnel_host) : NULL, .tunnel_host = config_tunnel_host ? strdup(config_tunnel_host) : NULL,
...@@ -135,6 +148,7 @@ int main(int argc, char *argv[]) { ...@@ -135,6 +148,7 @@ int main(int argc, char *argv[]) {
.tunnel_control = config_tunnel_control ? strdup(config_tunnel_control) : NULL, .tunnel_control = config_tunnel_control ? strdup(config_tunnel_control) : NULL,
.service = config_service ? strdup(config_service) : NULL, .service = config_service ? strdup(config_service) : NULL,
.mode = initial_mode, .mode = initial_mode,
.encoding = initial_encoding,
.daemon = initial_daemon .daemon = initial_daemon
}; };
...@@ -244,10 +258,9 @@ int main(int argc, char *argv[]) { ...@@ -244,10 +258,9 @@ int main(int argc, char *argv[]) {
int wssshd_port = config.wssshd_port; int wssshd_port = config.wssshd_port;
if (config.debug) { if (config.debug) {
printf("[DEBUG - Tunnel] Client ID: %s\n", client_id); fprintf(stderr, "[DEBUG - Tunnel] Client ID: %s\n", client_id);
printf("[DEBUG - Tunnel] WSSSHD Host: %s\n", wssshd_host); fprintf(stderr, "[DEBUG - Tunnel] WSSSHD Host: %s\n", wssshd_host);
printf("[DEBUG - Tunnel] WSSSHD Port: %d\n", wssshd_port); fprintf(stderr, "[DEBUG - Tunnel] WSSSHD Port: %d\n", wssshd_port);
fflush(stdout);
} }
// Handle different operating modes // Handle different operating modes
...@@ -297,7 +310,7 @@ int main(int argc, char *argv[]) { ...@@ -297,7 +310,7 @@ int main(int argc, char *argv[]) {
fflush(stdout); fflush(stdout);
} }
listen_sock = setup_tunnel(wssshd_host, wssshd_port, client_id, local_port, config.debug, 0, config.tunnel_host); listen_sock = setup_tunnel(wssshd_host, wssshd_port, client_id, local_port, config.debug, 0, config.tunnel_host, config.encoding);
if (listen_sock < 0) { if (listen_sock < 0) {
setup_attempts++; setup_attempts++;
...@@ -363,8 +376,10 @@ int main(int argc, char *argv[]) { ...@@ -363,8 +376,10 @@ int main(int argc, char *argv[]) {
if (accepted_sock < 0) { if (accepted_sock < 0) {
perror("Local accept failed"); perror("Local accept failed");
close(listen_sock); close(listen_sock);
pthread_mutex_lock(&tunnel_mutex);
free(active_tunnel); free(active_tunnel);
active_tunnel = NULL; active_tunnel = NULL;
pthread_mutex_unlock(&tunnel_mutex);
free(config.local_port); free(config.local_port);
pthread_mutex_destroy(&tunnel_mutex); pthread_mutex_destroy(&tunnel_mutex);
return 1; return 1;
...@@ -408,9 +423,11 @@ int main(int argc, char *argv[]) { ...@@ -408,9 +423,11 @@ int main(int argc, char *argv[]) {
thread_args_t *thread_args = malloc(sizeof(thread_args_t)); thread_args_t *thread_args = malloc(sizeof(thread_args_t));
if (!thread_args) { if (!thread_args) {
perror("Memory allocation failed for thread args"); perror("Memory allocation failed for thread args");
pthread_mutex_lock(&tunnel_mutex);
close(active_tunnel->local_sock); close(active_tunnel->local_sock);
free(active_tunnel); free(active_tunnel);
active_tunnel = NULL; active_tunnel = NULL;
pthread_mutex_unlock(&tunnel_mutex);
free(config.local_port); free(config.local_port);
pthread_mutex_destroy(&tunnel_mutex); pthread_mutex_destroy(&tunnel_mutex);
return 1; return 1;
...@@ -445,6 +462,8 @@ int main(int argc, char *argv[]) { ...@@ -445,6 +462,8 @@ int main(int argc, char *argv[]) {
while (1) { while (1) {
// Check for graceful shutdown // Check for graceful shutdown
if (graceful_shutdown) { if (graceful_shutdown) {
fprintf(stderr, "\nReceived signal, attempting graceful shutdown...\n");
fflush(stderr);
fprintf(stderr, "Attempting graceful shutdown of active tunnel...\n"); fprintf(stderr, "Attempting graceful shutdown of active tunnel...\n");
// Send tunnel_close message for the active tunnel // Send tunnel_close message for the active tunnel
...@@ -802,17 +821,17 @@ int main(int argc, char *argv[]) { ...@@ -802,17 +821,17 @@ int main(int argc, char *argv[]) {
} }
// Handle tunnel messages // Handle tunnel messages
if (strstr(buffer, "tunnel_data") || strstr(buffer, "tunnel_response")) { if (strstr(payload, "tunnel_data") || strstr(payload, "tunnel_response")) {
if (config.debug) { if (config.debug) {
// Suppress tunnel_data debug messages in debug mode // Suppress tunnel_data debug messages in debug mode
if (!strstr(buffer, "tunnel_data")) { if (!strstr(payload, "tunnel_data")) {
printf("[DEBUG - Tunnel] Received tunnel_response message\n"); printf("[DEBUG - Tunnel] Received tunnel_response message\n");
fflush(stdout); fflush(stdout);
} }
} }
// Extract request_id and data // Extract request_id and data
char *id_start = strstr(buffer, "\"request_id\""); char *id_start = strstr(payload, "\"request_id\"");
char *data_start = strstr(buffer, "\"data\""); char *data_start = strstr(payload, "\"data\"");
if (id_start && data_start) { if (id_start && data_start) {
char *colon = strchr(id_start, ':'); char *colon = strchr(id_start, ':');
if (colon) { if (colon) {
...@@ -838,12 +857,12 @@ int main(int argc, char *argv[]) { ...@@ -838,12 +857,12 @@ int main(int argc, char *argv[]) {
} }
} }
} }
} else if (strstr(buffer, "tunnel_close")) { } else if (strstr(payload, "tunnel_close")) {
if (config.debug) { if (config.debug) {
printf("[DEBUG - Tunnel] Received tunnel_close message\n"); printf("[DEBUG - Tunnel] Received tunnel_close message\n");
fflush(stdout); fflush(stdout);
} }
char *id_start = strstr(buffer, "\"request_id\""); char *id_start = strstr(payload, "\"request_id\"");
if (id_start) { if (id_start) {
char *colon = strchr(id_start, ':'); char *colon = strchr(id_start, ':');
if (colon) { if (colon) {
...@@ -858,11 +877,11 @@ int main(int argc, char *argv[]) { ...@@ -858,11 +877,11 @@ int main(int argc, char *argv[]) {
} }
} }
} }
} else if (strstr(buffer, "tunnel_keepalive")) { } else if (strstr(payload, "tunnel_keepalive")) {
// Extract request_id, total_bytes, and rate_bps // Extract request_id, total_bytes, and rate_bps
char *id_start = strstr(buffer, "\"request_id\""); char *id_start = strstr(payload, "\"request_id\"");
char *total_start = strstr(buffer, "\"total_bytes\""); char *total_start = strstr(payload, "\"total_bytes\"");
char *rate_start = strstr(buffer, "\"rate_bps\""); char *rate_start = strstr(payload, "\"rate_bps\"");
if (id_start) { if (id_start) {
char *colon = strchr(id_start, ':'); char *colon = strchr(id_start, ':');
...@@ -898,9 +917,9 @@ int main(int argc, char *argv[]) { ...@@ -898,9 +917,9 @@ int main(int argc, char *argv[]) {
} }
} }
} }
} else if (strstr(buffer, "tunnel_keepalive_ack")) { } else if (strstr(payload, "tunnel_keepalive_ack")) {
// Extract request_id // Extract request_id
char *id_start = strstr(buffer, "\"request_id\""); char *id_start = strstr(payload, "\"request_id\"");
if (id_start) { if (id_start) {
char *colon = strchr(id_start, ':'); char *colon = strchr(id_start, ':');
if (colon) { if (colon) {
...@@ -915,9 +934,55 @@ int main(int argc, char *argv[]) { ...@@ -915,9 +934,55 @@ int main(int argc, char *argv[]) {
} }
} }
} }
} else if (strstr(payload, "tunnel_ack")) {
// Extract request_id and frame_id
char *id_start = strstr(payload, "\"request_id\"");
char *frame_start = strstr(payload, "\"frame_id\"");
if (id_start && frame_start) {
char *colon = strchr(id_start, ':');
if (colon) {
char *open_quote = strchr(colon, '"');
if (open_quote) {
id_start = open_quote + 1;
char *close_quote = strchr(id_start, '"');
if (close_quote) {
*close_quote = '\0';
// Extract frame_id
char *frame_colon = strchr(frame_start, ':');
if (frame_colon) {
uint32_t frame_id = (uint32_t)atoi(frame_colon + 1);
handle_tunnel_ack(current_ssl, id_start, frame_id, config.debug);
}
}
}
}
}
} else if (strstr(payload, "tunnel_ko")) {
// Extract request_id and frame_id
char *id_start = strstr(payload, "\"request_id\"");
char *frame_start = strstr(payload, "\"frame_id\"");
if (id_start && frame_start) {
char *colon = strchr(id_start, ':');
if (colon) {
char *open_quote = strchr(colon, '"');
if (open_quote) {
id_start = open_quote + 1;
char *close_quote = strchr(id_start, '"');
if (close_quote) {
*close_quote = '\0';
// Extract frame_id
char *frame_colon = strchr(frame_start, ':');
if (frame_colon) {
uint32_t frame_id = (uint32_t)atoi(frame_colon + 1);
handle_tunnel_ko(current_ssl, id_start, frame_id, config.debug);
}
}
}
}
}
} else { } else {
if (config.debug) { if (config.debug) {
printf("[DEBUG - WebSockets] Received unknown message type: %s\n", buffer); printf("[DEBUG - WebSockets] Received unknown message type: %.*s\n", payload_len, payload);
fflush(stdout); fflush(stdout);
} }
} }
...@@ -946,6 +1011,7 @@ cleanup_and_exit: ...@@ -946,6 +1011,7 @@ cleanup_and_exit:
} }
// Cleanup // Cleanup
pthread_mutex_lock(&tunnel_mutex);
if (active_tunnel) { if (active_tunnel) {
if (active_tunnel->local_sock >= 0) { if (active_tunnel->local_sock >= 0) {
close(active_tunnel->local_sock); close(active_tunnel->local_sock);
...@@ -956,6 +1022,7 @@ cleanup_and_exit: ...@@ -956,6 +1022,7 @@ cleanup_and_exit:
free(active_tunnel); free(active_tunnel);
active_tunnel = NULL; active_tunnel = NULL;
} }
pthread_mutex_unlock(&tunnel_mutex);
free(config.local_port); free(config.local_port);
free(config.tunnel); free(config.tunnel);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment