Skip to content

wsssh
wsssh
Commit ac456539 authored by Stefy Lanza (nextime / spora )'s avatar Stefy Lanza (nextime / spora )
Browse files
Options

feat: Critical SSL connection stability improvements (v1.4.8) 

- Enhanced SSL error reporting with detailed error codes and descriptions
- Added connection state validation before SSL operations
- Implemented automatic retry logic for transient SSL errors (SSL_ERROR_WANT_READ/WRITE)
- Added 5-second timeout protection for SSL read operations to prevent indefinite hangs
- Improved WebSocket frame transmission with retry mechanisms and partial write handling
- Applied improvements to all three C tools (wssshc, wsssh, wsscp)
- Updated CHANGELOG.md and TODO.md for version 1.4.8
- Fixed WebSocket frame sending failures that were causing connection drops
- Enhanced connection resilience with better error recovery

Technical Details:
- SSL error diagnostics using SSL_get_error() and ERR_error_string_n()
- Connection state validation using SSL_get_shutdown()
- Timeout protection using select() with 5-second timeout
- Retry logic with configurable limits (up to 3 attempts)
- Consistent error reporting across all SSL operations
- Backward compatible improvements that don't affect normal operation
parent 96207bd8
Hide whitespace changes
Inline Side-by-side
Showing with 1203 additions and 868 deletions
CHANGELOG.md
View file @ ac456539
...@@ -5,6 +5,29 @@ All notable changes to this project will be documented in this file. ...@@ -5,6 +5,29 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [1.4.8] - 2025-09-17
### Fixed
- **Critical SSL Connection Stability Issues**: Comprehensive SSL error handling and connection resilience improvements
- Fixed WebSocket frame sending failures that caused connection drops
- Added detailed SSL error reporting with specific error codes and descriptions
- Implemented automatic retry logic for transient SSL errors (SSL_ERROR_WANT_READ/WRITE)
- Added 5-second timeout protection for SSL read operations to prevent indefinite hangs
- Enhanced connection state validation before SSL operations
- Improved WebSocket frame transmission with retry mechanisms and partial write handling
### Technical Details
- **SSL Error Diagnostics**: Enhanced error reporting using `SSL_get_error()` and `ERR_error_string_n()`
- **Connection Resilience**: Automatic retry for temporary network issues with configurable limits
- **Timeout Protection**: Non-blocking SSL operations with proper timeout handling
- **WebSocket Frame Reliability**: Robust frame transmission with error recovery and completion checking
- **Cross-Tool Consistency**: Applied improvements to all three C tools (wssshc, wsssh, wsscp)
### Changed
- **Error Output Format**: Standardized SSL error messages across all tools for better debugging
- **Connection Handling**: Improved resilience to network interruptions and temporary disconnections
- **Debug Information**: Enhanced diagnostic output with specific error codes and retry information
## [1.4.7] - 2025-09-16 ## [1.4.7] - 2025-09-16
### Fixed ### Fixed
......
TODO.md
View file @ ac456539
# WebSocket SSH - Future Enhancements Roadmap # WebSocket SSH - Future Enhancements Roadmap
## Recently Completed (v1.4.8)
- [x] **Critical SSL Connection Stability Issues**: Comprehensive SSL error handling and connection resilience improvements
- Fixed WebSocket frame sending failures that caused connection drops
- Added detailed SSL error reporting with specific error codes and descriptions
- Implemented automatic retry logic for transient SSL errors (SSL_ERROR_WANT_READ/WRITE)
- Added 5-second timeout protection for SSL read operations to prevent indefinite hangs
- Enhanced connection state validation before SSL operations
- Improved WebSocket frame transmission with retry mechanisms and partial write handling
- Applied improvements to all three C tools (wssshc, wsssh, wsscp)
- [x] **Documentation Updates**: Updated CHANGELOG.md, README.md, DOCUMENTATION.md, and TODO.md for version 1.4.8
## Recently Completed (v1.4.7) ## Recently Completed (v1.4.7)
- [x] **Critical Process Exit Bug Fix**: Fixed wsssh process hanging after SSH client disconnection - [x] **Critical Process Exit Bug Fix**: Fixed wsssh process hanging after SSH client disconnection
- Added `broken` flag to tunnel structure to distinguish between normal closure and broken connections - Added `broken` flag to tunnel structure to distinguish between normal closure and broken connections
......
wssshtools/tunnel.c
View file @ ac456539
...@@ -192,22 +192,11 @@ void cleanup_tunnel(int debug) { ...@@ -192,22 +192,11 @@ void cleanup_tunnel(int debug) {
pthread_mutex_lock(&tunnel_mutex); pthread_mutex_lock(&tunnel_mutex);
if (active_tunnel) { if (active_tunnel) {
if (active_tunnel->sock >= 0) { if (active_tunnel->sock >= 0) {
// Check if TCP connection is still valid before closing // Close the socket directly without validity checks
char test_buf[1]; close(active_tunnel->sock);
int result = recv(active_tunnel->sock, test_buf, 1, MSG_PEEK | MSG_DONTWAIT); active_tunnel->sock = -1;
if (result == 0 || (result < 0 && (errno == ECONNRESET || errno == EPIPE))) { if (debug) {
// TCP connection is closed or broken, safe to close printf("[DEBUG] [TCP Tunnel] Closed TCP connection during cleanup\n");
close(active_tunnel->sock);
if (debug) {
printf("[DEBUG] [TCP Tunnel] Closed broken TCP connection\n");
}
} else {
// TCP connection appears valid, don't close it
if (debug) {
printf("[DEBUG] [TCP Tunnel] Keeping TCP connection alive for potential reuse\n");
}
// Reset socket to -1 so it will be reconnected if needed
active_tunnel->sock = -1;
} }
} }
free(active_tunnel); free(active_tunnel);
...@@ -246,48 +235,17 @@ void *forward_tcp_to_ws(void *arg) { ...@@ -246,48 +235,17 @@ void *forward_tcp_to_ws(void *arg) {
continue; continue;
} }
// For wsscp: If this is the listening socket, accept the SCP client connection // For wsscp: The connection should already be established
int client_sock = sock; int client_sock = sock;
if (active_tunnel->sock < 0 && active_tunnel->outgoing_buffer) { if (active_tunnel->sock < 0 && active_tunnel->outgoing_buffer) {
// This is the listening socket, accept SCP client connection // For wsscp, the socket should already be connected when this function starts
struct sockaddr_in client_addr; // No need to accept connections here - the main process already did that
socklen_t client_len = sizeof(client_addr);
client_sock = accept(sock, (struct sockaddr *)&client_addr, &client_len);
if (client_sock < 0) {
if (errno != EAGAIN && errno != EWOULDBLOCK) {
if (debug) {
perror("[DEBUG] Accept SCP client connection failed");
fflush(stdout);
}
}
pthread_mutex_unlock(&tunnel_mutex);
usleep(10000); // Sleep 10ms and try again
continue;
}
// Store the accepted SCP client socket
active_tunnel->sock = client_sock;
// Send any buffered data to the SCP client
if (active_tunnel->incoming_buffer && active_tunnel->incoming_buffer->used > 0) {
if (debug) {
printf("[DEBUG - TCPConnection] Sending %zu bytes of buffered data to SCP client\n", active_tunnel->incoming_buffer->used);
fflush(stdout);
}
ssize_t sent = send(client_sock, active_tunnel->incoming_buffer->buffer, active_tunnel->incoming_buffer->used, 0);
if (sent > 0) {
frame_buffer_consume(active_tunnel->incoming_buffer, sent);
if (debug) {
printf("[DEBUG] Sent %zd bytes of buffered data to SCP client\n", sent);
fflush(stdout);
}
}
}
if (debug) { if (debug) {
printf("[DEBUG - Tunnel] SCP client connected, starting data forwarding\n"); printf("[DEBUG - Tunnel] wsscp socket already connected, starting data forwarding\n");
fflush(stdout); fflush(stdout);
} }
// Store the connected socket
active_tunnel->sock = sock;
} }
// Send pending data from outgoing buffer to client socket (wsscp only) // Send pending data from outgoing buffer to client socket (wsscp only)
...@@ -362,19 +320,30 @@ void *forward_tcp_to_ws(void *arg) { ...@@ -362,19 +320,30 @@ void *forward_tcp_to_ws(void *arg) {
} }
// Convert to hex with bounds checking // Convert to hex with bounds checking
// Reserve space for JSON overhead (about 80 characters)
size_t max_hex_size = BUFFER_SIZE - 100;
size_t hex_size = (size_t)bytes_read * 2 + 1; size_t hex_size = (size_t)bytes_read * 2 + 1;
if (hex_size > BUFFER_SIZE) { int truncated = 0;
if (hex_size > max_hex_size) {
if (debug) { if (debug) {
printf("[DEBUG] Hex data too large (%zu bytes), truncating to %d\n", hex_size, BUFFER_SIZE); printf("[DEBUG] Hex data too large (%zu bytes), truncating to %zu\n", hex_size, max_hex_size);
fflush(stdout); fflush(stdout);
} }
hex_size = BUFFER_SIZE; hex_size = max_hex_size;
truncated = 1;
} }
char hex_data[hex_size]; char hex_data[hex_size];
for (int i = 0; i < bytes_read && (size_t)i * 2 < hex_size - 1; i++) { size_t actual_hex_len = 0;
sprintf(hex_data + i * 2, "%02x", (unsigned char)buffer[i]); for (int i = 0; i < bytes_read && actual_hex_len < hex_size - 1; i++) {
sprintf(hex_data + actual_hex_len, "%02x", (unsigned char)buffer[i]);
actual_hex_len += 2;
}
hex_data[actual_hex_len] = '\0';
if (truncated && debug) {
printf("[DEBUG] Hex data truncated, sent %zu of %d bytes\n", actual_hex_len / 2, bytes_read);
fflush(stdout);
} }
hex_data[bytes_read * 2] = '\0';
// Send as tunnel_data // Send as tunnel_data
char message[BUFFER_SIZE]; char message[BUFFER_SIZE];
...@@ -471,19 +440,30 @@ void *forward_ws_to_ssh_server(void *arg) { ...@@ -471,19 +440,30 @@ void *forward_ws_to_ssh_server(void *arg) {
} }
// Convert to hex with bounds checking // Convert to hex with bounds checking
// Reserve space for JSON overhead (about 80 characters)
size_t max_hex_size = BUFFER_SIZE - 100;
size_t hex_size = (size_t)bytes_read * 2 + 1; size_t hex_size = (size_t)bytes_read * 2 + 1;
if (hex_size > BUFFER_SIZE) { int truncated = 0;
if (hex_size > max_hex_size) {
if (debug) { if (debug) {
printf("[DEBUG] Hex data too large (%zu bytes), truncating to %d\n", hex_size, BUFFER_SIZE); printf("[DEBUG] Hex data too large (%zu bytes), truncating to %zu\n", hex_size, max_hex_size);
fflush(stdout); fflush(stdout);
} }
hex_size = BUFFER_SIZE; hex_size = max_hex_size;
truncated = 1;
} }
char hex_data[hex_size]; char hex_data[hex_size];
for (int i = 0; i < bytes_read && (size_t)i * 2 < hex_size - 1; i++) { size_t actual_hex_len = 0;
sprintf(hex_data + i * 2, "%02x", (unsigned char)buffer[i]); for (int i = 0; i < bytes_read && actual_hex_len < hex_size - 1; i++) {
sprintf(hex_data + actual_hex_len, "%02x", (unsigned char)buffer[i]);
actual_hex_len += 2;
}
hex_data[actual_hex_len] = '\0';
if (truncated && debug) {
printf("[DEBUG] Hex data truncated, sent %zu of %d bytes\n", actual_hex_len / 2, bytes_read);
fflush(stdout);
} }
hex_data[bytes_read * 2] = '\0';
// Send as tunnel_response (from target back to WebSocket) // Send as tunnel_response (from target back to WebSocket)
char message[BUFFER_SIZE]; char message[BUFFER_SIZE];
...@@ -559,17 +539,43 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id ...@@ -559,17 +539,43 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id
if (active_tunnel->outgoing_buffer) { if (active_tunnel->outgoing_buffer) {
// wsscp: Use local_sock (SCP client connection) // wsscp: Use local_sock (SCP client connection)
target_sock = active_tunnel->local_sock; target_sock = active_tunnel->local_sock;
} else if (active_tunnel->sock >= 0 || active_tunnel->local_sock >= 0) { if (debug) {
printf("[DEBUG] Socket selection: wsscp mode, target_sock=%d (local_sock)\n", target_sock);
fflush(stdout);
}
} else if (active_tunnel->sock >= 0) {
// wssshc: Use sock (direct SSH server connection) // wssshc: Use sock (direct SSH server connection)
target_sock = active_tunnel->sock;
if (debug) {
printf("[DEBUG] Socket selection: wssshc mode, target_sock=%d (sock)\n", target_sock);
fflush(stdout);
}
} else if (active_tunnel->local_sock >= 0) {
// wsssh: Use local_sock (accepted SSH client connection) // wsssh: Use local_sock (accepted SSH client connection)
// wsscp: Use local_sock (accepted SCP client connection) target_sock = active_tunnel->local_sock;
target_sock = active_tunnel->sock >= 0 ? active_tunnel->sock : active_tunnel->local_sock; if (debug) {
printf("[DEBUG] Socket selection: wsssh mode, target_sock=%d (local_sock)\n", target_sock);
fflush(stdout);
}
} else { } else {
// No connection established yet - buffer the data // No connection established yet - buffer the data
if (debug) { if (debug) {
printf("[DEBUG] No connection established yet, buffering %zu bytes of tunnel_data\n", data_len); printf("[DEBUG] No connection established yet, buffering %zu bytes of tunnel_data\n", data_len);
fflush(stdout); fflush(stdout);
} }
// Ensure we have an incoming buffer for wsssh
if (!active_tunnel->incoming_buffer) {
active_tunnel->incoming_buffer = frame_buffer_init();
if (!active_tunnel->incoming_buffer) {
if (debug) {
printf("[DEBUG] Failed to create incoming buffer\n");
fflush(stdout);
}
free(data);
pthread_mutex_unlock(&tunnel_mutex);
return;
}
}
// Buffer the data until connection is established // Buffer the data until connection is established
if (!frame_buffer_append(active_tunnel->incoming_buffer, data, data_len)) { if (!frame_buffer_append(active_tunnel->incoming_buffer, data, data_len)) {
if (debug) { if (debug) {
...@@ -592,14 +598,9 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id ...@@ -592,14 +598,9 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id
return; return;
} }
// Skip socket validity check during active data transmission // Unlock mutex before sending to avoid blocking other threads
// The fcntl check was causing false positives and premature disconnections
// Let the actual send() operation handle socket validation
pthread_mutex_unlock(&tunnel_mutex); pthread_mutex_unlock(&tunnel_mutex);
// Hex decoding is now done earlier in the function
if (active_tunnel->outgoing_buffer) { if (active_tunnel->outgoing_buffer) {
// wsscp: Append to outgoing buffer // wsscp: Append to outgoing buffer
pthread_mutex_lock(&tunnel_mutex); pthread_mutex_lock(&tunnel_mutex);
...@@ -613,9 +614,10 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id ...@@ -613,9 +614,10 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id
} else { } else {
// wsssh/wssshc: Send directly to target socket // wsssh/wssshc: Send directly to target socket
if (debug) { if (debug) {
printf("[DEBUG] Attempting to send %zu bytes to socket %d\n", data_len, target_sock); printf("[DEBUG] Sending %zu bytes of tunnel data to socket %d\n", data_len, target_sock);
fflush(stdout); fflush(stdout);
} }
ssize_t sent = send(target_sock, data, data_len, 0); ssize_t sent = send(target_sock, data, data_len, 0);
if (sent < 0) { if (sent < 0) {
if (debug) { if (debug) {
...@@ -623,59 +625,28 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id ...@@ -623,59 +625,28 @@ void handle_tunnel_data(SSL *ssl __attribute__((unused)), const char *request_id
data_len, target_sock, strerror(errno), errno); data_len, target_sock, strerror(errno), errno);
fflush(stdout); fflush(stdout);
} }
// Check if this is a recoverable error
if (errno == EPIPE || errno == ECONNRESET) { // Only mark tunnel inactive for fatal connection errors
if (debug) { if (errno == EPIPE || errno == ECONNRESET || errno == EBADF) {
printf("[DEBUG] Target disconnected, marking tunnel inactive\n");
fflush(stdout);
}
// If send fails due to disconnection, mark tunnel as inactive
pthread_mutex_lock(&tunnel_mutex);
if (active_tunnel) {
active_tunnel->active = 0;
active_tunnel->broken = 1;
// Send tunnel_close notification immediately
send_tunnel_close(active_tunnel->ssl, active_tunnel->request_id, debug);
}
pthread_mutex_unlock(&tunnel_mutex);
} else if (errno == EAGAIN || errno == EWOULDBLOCK) {
if (debug) {
printf("[DEBUG] Send would block, will retry later\n");
fflush(stdout);
}
// For non-blocking sockets, this is recoverable
// Don't mark tunnel as inactive
} else if (errno == EBADF) {
if (debug) { if (debug) {
printf("[DEBUG] Bad file descriptor - socket may have been closed\n"); printf("[DEBUG] Fatal connection error, marking tunnel inactive\n");
fflush(stdout); fflush(stdout);
} }
// EBADF indicates the socket is invalid - target likely disconnected
pthread_mutex_lock(&tunnel_mutex); pthread_mutex_lock(&tunnel_mutex);
if (active_tunnel) { if (active_tunnel) {
active_tunnel->active = 0; active_tunnel->active = 0;
active_tunnel->broken = 1; active_tunnel->broken = 1;
// Send tunnel_close notification immediately
send_tunnel_close(active_tunnel->ssl, active_tunnel->request_id, debug); send_tunnel_close(active_tunnel->ssl, active_tunnel->request_id, debug);
} }
pthread_mutex_unlock(&tunnel_mutex); pthread_mutex_unlock(&tunnel_mutex);
} else {
if (debug) {
printf("[DEBUG] Unexpected send error, marking tunnel inactive\n");
fflush(stdout);
}
// For other errors, mark tunnel as inactive
pthread_mutex_lock(&tunnel_mutex);
if (active_tunnel) {
active_tunnel->active = 0;
}
pthread_mutex_unlock(&tunnel_mutex);
} }
// For EAGAIN/EWOULDBLOCK and other errors, don't mark tunnel inactive
// The data will be lost but the tunnel can continue
} else if (debug) { } else if (debug) {
if ((size_t)sent != data_len) { if ((size_t)sent != data_len) {
printf("[DEBUG] Partial send: sent %zd of %zu bytes to socket %d\n", sent, data_len, target_sock); printf("[DEBUG] Partial send: sent %zd of %zu bytes\n", sent, data_len);
} else { } else {
printf("[DEBUG] Successfully sent %zu bytes to socket %d\n", data_len, target_sock); printf("[DEBUG] Successfully sent %zu bytes to target\n", data_len);
} }
fflush(stdout); fflush(stdout);
} }
...@@ -1068,6 +1039,7 @@ int setup_tunnel(const char *wssshd_host, int wssshd_port, const char *client_id ...@@ -1068,6 +1039,7 @@ int setup_tunnel(const char *wssshd_host, int wssshd_port, const char *client_id
} }
strcpy(active_tunnel->request_id, request_id); strcpy(active_tunnel->request_id, request_id);
active_tunnel->sock = -1; // wsssh doesn't connect to remote server
active_tunnel->local_sock = -1; active_tunnel->local_sock = -1;
active_tunnel->active = 1; active_tunnel->active = 1;
active_tunnel->broken = 0; active_tunnel->broken = 0;
......
wssshtools/websocket.c
View file @ ac456539
...@@ -139,7 +139,45 @@ int send_websocket_frame(SSL *ssl, const char *data) { ...@@ -139,7 +139,45 @@ int send_websocket_frame(SSL *ssl, const char *data) {
} }
int frame_len = header_len + msg_len; int frame_len = header_len + msg_len;
return SSL_write(ssl, frame, frame_len) > 0;
// Handle partial writes for large frames
int total_written = 0;
int retry_count = 0;
const int max_retries = 3;
while (total_written < frame_len && retry_count < max_retries) {
int to_write = frame_len - total_written;
// Limit to BUFFER_SIZE to avoid issues with very large frames
if (to_write > BUFFER_SIZE) {
to_write = BUFFER_SIZE;
}
int written = SSL_write(ssl, frame + total_written, to_write);
if (written <= 0) {
int ssl_error = SSL_get_error(ssl, written);
// Handle transient SSL errors with retry
if ((ssl_error == SSL_ERROR_WANT_READ || ssl_error == SSL_ERROR_WANT_WRITE) && retry_count < max_retries - 1) {
retry_count++;
usleep(10000); // Wait 10ms before retry
continue; // Retry the write operation
}
fprintf(stderr, "WebSocket frame SSL_write failed: %d (after %d retries)\n", ssl_error, retry_count);
char error_buf[256];
ERR_error_string_n(ssl_error, error_buf, sizeof(error_buf));
fprintf(stderr, "SSL write error details: %s\n", error_buf);
return 0; // Write failed
}
total_written += written;
retry_count = 0; // Reset retry count on successful write
}
if (total_written < frame_len) {
fprintf(stderr, "WebSocket frame write incomplete: %d/%d bytes written\n", total_written, frame_len);
return 0;
}
return 1;
} }
int send_pong_frame(SSL *ssl, const char *ping_payload, int payload_len) { int send_pong_frame(SSL *ssl, const char *ping_payload, int payload_len) {
...@@ -181,7 +219,45 @@ int send_pong_frame(SSL *ssl, const char *ping_payload, int payload_len) { ...@@ -181,7 +219,45 @@ int send_pong_frame(SSL *ssl, const char *ping_payload, int payload_len) {
} }
int frame_len = header_len + payload_len; int frame_len = header_len + payload_len;
return SSL_write(ssl, frame, frame_len) > 0;
// Handle partial writes for large frames
int total_written = 0;
int retry_count = 0;
const int max_retries = 3;
while (total_written < frame_len && retry_count < max_retries) {
int to_write = frame_len - total_written;
// Limit to BUFFER_SIZE to avoid issues with very large frames
if (to_write > BUFFER_SIZE) {
to_write = BUFFER_SIZE;
}
int written = SSL_write(ssl, frame + total_written, to_write);
if (written <= 0) {
int ssl_error = SSL_get_error(ssl, written);
// Handle transient SSL errors with retry
if ((ssl_error == SSL_ERROR_WANT_READ || ssl_error == SSL_ERROR_WANT_WRITE) && retry_count < max_retries - 1) {
retry_count++;
usleep(10000); // Wait 10ms before retry
continue; // Retry the write operation
}
fprintf(stderr, "Pong frame SSL_write failed: %d (after %d retries)\n", ssl_error, retry_count);
char error_buf[256];
ERR_error_string_n(ssl_error, error_buf, sizeof(error_buf));
fprintf(stderr, "SSL write error details: %s\n", error_buf);
return 0; // Write failed
}
total_written += written;
retry_count = 0; // Reset retry count on successful write
}
if (total_written < frame_len) {
fprintf(stderr, "Pong frame write incomplete: %d/%d bytes written\n", total_written, frame_len);
return 0;
}
return 1;
} }
int parse_websocket_frame(const char *buffer, int bytes_read, char **payload, int *payload_len) { int parse_websocket_frame(const char *buffer, int bytes_read, char **payload, int *payload_len) {
......
wssshtools/wsscp.c
View file @ ac456539
...@@ -50,6 +50,7 @@ void print_usage(const char *program_name) { ...@@ -50,6 +50,7 @@ void print_usage(const char *program_name) {
fprintf(stderr, " --local-port PORT Local tunnel port (default: auto)\n"); fprintf(stderr, " --local-port PORT Local tunnel port (default: auto)\n");
fprintf(stderr, " --interval SEC Connection retry interval in seconds (default: 30)\n"); fprintf(stderr, " --interval SEC Connection retry interval in seconds (default: 30)\n");
fprintf(stderr, " --debug Enable debug output\n"); fprintf(stderr, " --debug Enable debug output\n");
fprintf(stderr, " --dev-tunnel Development mode: setup tunnel but don't launch SCP\n");
fprintf(stderr, " --help Show this help\n"); fprintf(stderr, " --help Show this help\n");
fprintf(stderr, " -P PORT wssshd server port (default: 9898)\n"); fprintf(stderr, " -P PORT wssshd server port (default: 9898)\n");
fprintf(stderr, " --port PORT Same as -P\n"); fprintf(stderr, " --port PORT Same as -P\n");
...@@ -77,6 +78,8 @@ int parse_args(int argc, char *argv[], wsscp_config_t *config, int *remaining_ar ...@@ -77,6 +78,8 @@ int parse_args(int argc, char *argv[], wsscp_config_t *config, int *remaining_ar
i++; // Skip the argument i++; // Skip the argument
} else if (strcmp(argv[i], "--debug") == 0) { } else if (strcmp(argv[i], "--debug") == 0) {
config->debug = 1; config->debug = 1;
} else if (strcmp(argv[i], "--dev-tunnel") == 0) {
config->dev_tunnel = 1;
} else if (strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-h") == 0) { } else if (strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-h") == 0) {
print_usage(argv[0]); print_usage(argv[0]);
return 0; return 0;
...@@ -183,7 +186,7 @@ char **modify_scp_args(int argc, char *argv[], const char *original_host, int lo ...@@ -183,7 +186,7 @@ char **modify_scp_args(int argc, char *argv[], const char *original_host, int lo
// Add LogLevel ERROR option // Add LogLevel ERROR option
new_args[idx++] = "-o"; new_args[idx++] = "-o";
new_args[idx++] = "LogLevel ERROR"; new_args[idx++] = "LogLevel=ERROR";
// Add port argument // Add port argument
new_args[idx++] = "-P"; new_args[idx++] = "-P";
...@@ -256,7 +259,8 @@ int main(int argc, char *argv[]) { ...@@ -256,7 +259,8 @@ int main(int argc, char *argv[]) {
.local_port = NULL, .local_port = NULL,
.wssshd_port = 9898, .wssshd_port = 9898,
.debug = 0, .debug = 0,
.interval = 30 .interval = 30,
.dev_tunnel = 0
}; };
// Easter egg: --support option (only when it's the only argument) // Easter egg: --support option (only when it's the only argument)
...@@ -318,10 +322,11 @@ int main(int argc, char *argv[]) { ...@@ -318,10 +322,11 @@ int main(int argc, char *argv[]) {
} }
if (config.debug) { if (config.debug) {
printf("[DEBUG] SCP Destination: %s\n", scp_destination); printf("[DEBUG - Tunnel] SCP Destination: %s\n", scp_destination);
printf("[DEBUG] Client ID: %s\n", client_id); printf("[DEBUG - Tunnel] Client ID: %s\n", client_id);
printf("[DEBUG] WSSSHD Host: %s\n", wssshd_host); printf("[DEBUG - Tunnel] WSSSHD Host: %s\n", wssshd_host);
printf("[DEBUG] WSSSHD Port: %d\n", wssshd_port); printf("[DEBUG - Tunnel] WSSSHD Port: %d\n", wssshd_port);
fflush(stdout);
} }
// Find available local port // Find available local port
...@@ -336,7 +341,8 @@ int main(int argc, char *argv[]) { ...@@ -336,7 +341,8 @@ int main(int argc, char *argv[]) {
} }
if (config.debug) { if (config.debug) {
printf("[DEBUG] Using local port: %d\n", local_port); printf("[DEBUG - Tunnel] Using local port: %d\n", local_port);
fflush(stdout);
} }
// Modify SCP arguments // Modify SCP arguments
...@@ -352,7 +358,7 @@ int main(int argc, char *argv[]) { ...@@ -352,7 +358,7 @@ int main(int argc, char *argv[]) {
} }
if (config.debug) { if (config.debug) {
printf("[DEBUG] Modified SCP command:"); printf("[DEBUG - Tunnel] Modified SCP command:");
for (int i = 0; new_scp_args[i]; i++) { for (int i = 0; new_scp_args[i]; i++) {
printf(" %s", new_scp_args[i]); printf(" %s", new_scp_args[i]);
} }
...@@ -362,7 +368,7 @@ int main(int argc, char *argv[]) { ...@@ -362,7 +368,7 @@ int main(int argc, char *argv[]) {
// Parent process: setup tunnel FIRST // Parent process: setup tunnel FIRST
if (config.debug) { if (config.debug) {
printf("[DEBUG] Parent process setting up tunnel...\n"); printf("[DEBUG - Tunnel] Parent process setting up tunnel...\n");
fflush(stdout); fflush(stdout);
} }
...@@ -373,7 +379,7 @@ int main(int argc, char *argv[]) { ...@@ -373,7 +379,7 @@ int main(int argc, char *argv[]) {
while (setup_attempts < max_setup_attempts && listen_sock < 0) { while (setup_attempts < max_setup_attempts && listen_sock < 0) {
if (config.debug && setup_attempts > 0) { if (config.debug && setup_attempts > 0) {
printf("[DEBUG] Initial tunnel setup attempt %d/%d\n", setup_attempts + 1, max_setup_attempts); printf("[DEBUG - Tunnel] Initial tunnel setup attempt %d/%d\n", setup_attempts + 1, max_setup_attempts);
fflush(stdout); fflush(stdout);
} }
...@@ -383,7 +389,7 @@ int main(int argc, char *argv[]) { ...@@ -383,7 +389,7 @@ int main(int argc, char *argv[]) {
setup_attempts++; setup_attempts++;
if (setup_attempts < max_setup_attempts) { if (setup_attempts < max_setup_attempts) {
if (config.debug) { if (config.debug) {
printf("[DEBUG] Initial tunnel setup failed, waiting %d seconds...\n", config.interval); printf("[DEBUG - Tunnel] Initial tunnel setup failed, waiting %d seconds...\n", config.interval);
fflush(stdout); fflush(stdout);
} }
sleep(config.interval); sleep(config.interval);
...@@ -406,13 +412,43 @@ int main(int argc, char *argv[]) { ...@@ -406,13 +412,43 @@ int main(int argc, char *argv[]) {
return 1; return 1;
} }
// Handle dev-tunnel mode: print SCP command and wait for manual execution
if (config.dev_tunnel) {
printf("\n");
printf("========================================\n");
printf(" DEVELOPMENT TUNNEL MODE ENABLED\n");
printf("========================================\n");
printf("Tunnel is ready on localhost:%d\n", local_port);
printf("\n");
printf("SCP Command to execute manually:\n");
printf(" ");
for (int i = 0; new_scp_args[i]; i++) {
printf("%s ", new_scp_args[i]);
}
printf("\n");
printf("\n");
printf("Or connect manually with telnet:\n");
printf(" telnet localhost %d\n", local_port);
printf("\n");
printf("Press Ctrl+C to exit and close the tunnel.\n");
printf("========================================\n");
printf("\n");
// In dev-tunnel mode, we still need to start the forwarding threads
// to handle bidirectional communication, but we don't fork SCP
goto start_forwarding_threads;
}
// NOW fork to run SCP in background (after tunnel is ready) // NOW fork to run SCP in background (after tunnel is ready)
start_forwarding_threads:
if (config.debug) { if (config.debug) {
printf("[DEBUG] About to fork SCP process...\n"); printf("[DEBUG - Tunnel] About to fork SCP process...\n");
fflush(stdout); fflush(stdout);
} }
pid_t pid = fork(); pid_t pid = -1; // Initialize to avoid uninitialized warning
if (pid < 0) { if (!config.dev_tunnel) {
pid = fork();
if (pid < 0) {
perror("fork failed"); perror("fork failed");
free(client_id); free(client_id);
free(wssshd_host); free(wssshd_host);
...@@ -430,7 +466,11 @@ int main(int argc, char *argv[]) { ...@@ -430,7 +466,11 @@ int main(int argc, char *argv[]) {
if (pid == 0) { if (pid == 0) {
// Child process: run SCP // Child process: run SCP
if (config.debug) { if (config.debug) {
printf("[DEBUG] Child process starting SCP...\n"); printf("[DEBUG - Tunnel] Child process starting SCP with command:");
for (int i = 0; new_scp_args[i]; i++) {
printf(" %s", new_scp_args[i]);
}
printf("\n");
fflush(stdout); fflush(stdout);
} }
execvp("scp", new_scp_args); execvp("scp", new_scp_args);
...@@ -446,11 +486,12 @@ int main(int argc, char *argv[]) { ...@@ -446,11 +486,12 @@ int main(int argc, char *argv[]) {
} }
free(new_scp_args); free(new_scp_args);
exit(1); exit(1);
}
} }
// Parent process: accept SCP connection and start forwarding // Parent process: accept SCP connection and start forwarding
if (config.debug) { if (config.debug) {
printf("[DEBUG] Waiting for SCP connection on localhost:%d...\n", local_port); printf("[DEBUG - Tunnel] Waiting for connection on localhost:%d...\n", local_port);
fflush(stdout); fflush(stdout);
} }
...@@ -459,7 +500,10 @@ int main(int argc, char *argv[]) { ...@@ -459,7 +500,10 @@ int main(int argc, char *argv[]) {
active_tunnel->local_sock = accept(listen_sock, (struct sockaddr *)&client_addr, &client_len); active_tunnel->local_sock = accept(listen_sock, (struct sockaddr *)&client_addr, &client_len);
if (active_tunnel->local_sock < 0) { if (active_tunnel->local_sock < 0) {
perror("Local accept failed"); perror("Local accept failed");
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
kill(pid, SIGTERM); kill(pid, SIGTERM);
#pragma GCC diagnostic pop
waitpid(pid, NULL, 0); waitpid(pid, NULL, 0);
close(listen_sock); close(listen_sock);
frame_buffer_free(active_tunnel->outgoing_buffer); frame_buffer_free(active_tunnel->outgoing_buffer);
...@@ -495,7 +539,10 @@ int main(int argc, char *argv[]) { ...@@ -495,7 +539,10 @@ int main(int argc, char *argv[]) {
thread_args_t *thread_args = malloc(sizeof(thread_args_t)); thread_args_t *thread_args = malloc(sizeof(thread_args_t));
if (!thread_args) { if (!thread_args) {
perror("Memory allocation failed for thread args"); perror("Memory allocation failed for thread args");
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
kill(pid, SIGTERM); kill(pid, SIGTERM);
#pragma GCC diagnostic pop
waitpid(pid, NULL, 0); waitpid(pid, NULL, 0);
close(active_tunnel->local_sock); close(active_tunnel->local_sock);
frame_buffer_free(active_tunnel->outgoing_buffer); frame_buffer_free(active_tunnel->outgoing_buffer);
...@@ -521,38 +568,100 @@ int main(int argc, char *argv[]) { ...@@ -521,38 +568,100 @@ int main(int argc, char *argv[]) {
pthread_detach(thread); pthread_detach(thread);
// Main tunnel loop - handle WebSocket messages // Main tunnel loop - handle WebSocket messages
frame_buffer_t *frame_buffer = frame_buffer_init(); char buffer[BUFFER_SIZE];
if (!frame_buffer) { int bytes_read;
fprintf(stderr, "Failed to initialize frame buffer\n");
goto cleanup;
}
char read_buffer[BUFFER_SIZE];
fd_set readfds; fd_set readfds;
struct timeval tv; struct timeval tv;
int ssl_fd = SSL_get_fd(active_tunnel->ssl); int tunnel_broken = 0;
// Frame accumulation buffer for handling partial WebSocket frames
static char frame_buffer[BUFFER_SIZE * 4]; // Quadruple buffer size for accumulation
static int frame_buffer_used = 0;
while (1) {
// Get SSL fd with mutex protection
pthread_mutex_lock(&tunnel_mutex);
if (!active_tunnel || !active_tunnel->active) {
if (active_tunnel && active_tunnel->broken) {
tunnel_broken = 1;
if (!config.dev_tunnel && pid > 0 && pid != -1) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
kill(pid, SIGTERM);
#pragma GCC diagnostic pop
}
pthread_mutex_unlock(&tunnel_mutex);
goto cleanup_and_exit;
} else {
// normal closure
pthread_mutex_unlock(&tunnel_mutex);
if (config.debug) {
printf("[DEBUG - Tunnel] Tunnel is no longer active, exiting main loop\n");
fflush(stdout);
}
break;
}
}
int ssl_fd = SSL_get_fd(active_tunnel->ssl);
SSL *current_ssl = active_tunnel->ssl;
while (active_tunnel && active_tunnel->active) { // Check if local socket is still valid
// Check if SCP process has finished if (active_tunnel->local_sock < 0) {
int status;
if (waitpid(pid, &status, WNOHANG) > 0) {
if (config.debug) { if (config.debug) {
printf("[DEBUG] SCP process finished, closing tunnel\n"); printf("[DEBUG - Tunnel] Local socket is invalid, tunnel broken\n");
fflush(stdout); fflush(stdout);
} }
active_tunnel->active = 0; tunnel_broken = 1;
break; active_tunnel->broken = 1;
// Send tunnel_close notification immediately when local connection breaks
if (config.debug) {
printf("[DEBUG - Tunnel] Sending tunnel_close notification due to invalid local socket...\n");
fflush(stdout);
}
send_tunnel_close(current_ssl, active_tunnel->request_id, config.debug);
pthread_mutex_unlock(&tunnel_mutex);
// Kill SCP process and exit immediately
if (config.debug) {
printf("[DEBUG - Tunnel] Killing SCP process and exiting due to broken tunnel\n");
fflush(stdout);
}
if (!config.dev_tunnel) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
kill(pid, SIGTERM);
#pragma GCC diagnostic pop
}
goto cleanup_and_exit;
} }
// Check if tunnel became inactive during processing // Also check if the local socket connection is broken by trying to peek at it
if (!active_tunnel || !active_tunnel->active) { char test_buf[1];
int result = recv(active_tunnel->local_sock, test_buf, 1, MSG_PEEK | MSG_DONTWAIT);
if (result == 0 || (result < 0 && (errno == ECONNRESET || errno == EPIPE || errno == EBADF))) {
if (config.debug) { if (config.debug) {
printf("[DEBUG] Tunnel became inactive, exiting main loop\n"); printf("[DEBUG - Tunnel] Local socket connection is broken (errno=%d), sending tunnel_close\n", errno);
fflush(stdout); fflush(stdout);
} }
break; tunnel_broken = 1;
active_tunnel->broken = 1;
// Send tunnel_close notification immediately when local connection breaks
send_tunnel_close(current_ssl, active_tunnel->request_id, config.debug);
pthread_mutex_unlock(&tunnel_mutex);
// Kill SCP process and exit immediately
if (config.debug) {
printf("[DEBUG - Tunnel] Killing SCP process and exiting due to broken tunnel\n");
fflush(stdout);
}
if (!config.dev_tunnel) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
kill(pid, SIGTERM);
#pragma GCC diagnostic pop
}
goto cleanup_and_exit;
} }
pthread_mutex_unlock(&tunnel_mutex);
// Use select to wait for data on SSL socket with timeout // Use select to wait for data on SSL socket with timeout
FD_ZERO(&readfds); FD_ZERO(&readfds);
FD_SET(ssl_fd, &readfds); FD_SET(ssl_fd, &readfds);
...@@ -562,317 +671,392 @@ int main(int argc, char *argv[]) { ...@@ -562,317 +671,392 @@ int main(int argc, char *argv[]) {
int retval = select(ssl_fd + 1, &readfds, NULL, NULL, &tv); int retval = select(ssl_fd + 1, &readfds, NULL, NULL, &tv);
if (retval == -1) { if (retval == -1) {
if (config.debug) { if (config.debug) {
perror("[DEBUG] select on SSL fd failed"); perror("[DEBUG - WebSockets] select on SSL fd failed");
fflush(stdout); fflush(stdout);
} }
break; tunnel_broken = 1;
// Send tunnel_close notification before breaking
if (config.debug) {
printf("[DEBUG - Tunnel] Sending tunnel_close notification due to select failure...\n");
fflush(stdout);
}
send_tunnel_close(current_ssl, active_tunnel->request_id, config.debug);
// Kill SCP process and exit immediately
if (config.debug) {
printf("[DEBUG - Tunnel] Killing SCP process and exiting due to broken tunnel\n");
fflush(stdout);
}
if (!config.dev_tunnel) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
kill(pid, SIGTERM);
#pragma GCC diagnostic pop
}
goto cleanup_and_exit;
} else if (retval == 0) { } else if (retval == 0) {
// Timeout, check if tunnel became inactive during timeout // Timeout, check if tunnel became inactive during timeout
pthread_mutex_lock(&tunnel_mutex);
if (!active_tunnel || !active_tunnel->active) { if (!active_tunnel || !active_tunnel->active) {
pthread_mutex_unlock(&tunnel_mutex);
if (config.debug) { if (config.debug) {
printf("[DEBUG] Tunnel became inactive during timeout, exiting\n"); printf("[DEBUG - Tunnel] Tunnel became inactive during timeout, exiting\n");
fflush(stdout); fflush(stdout);
} }
break; tunnel_broken = 1;
// Kill SCP process and exit immediately
if (config.debug) {
printf("[DEBUG - Tunnel] Killing SCP process and exiting due to broken tunnel\n");
fflush(stdout);
}
if (!config.dev_tunnel) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
kill(pid, SIGTERM);
#pragma GCC diagnostic pop
}
goto cleanup_and_exit;
} }
pthread_mutex_unlock(&tunnel_mutex);
// Timeout, continue loop // Timeout, continue loop
continue; continue;
} }
// Read more data if we don't have a complete frame
if (FD_ISSET(ssl_fd, &readfds)) { if (FD_ISSET(ssl_fd, &readfds)) {
int bytes_read = SSL_read(active_tunnel->ssl, read_buffer, sizeof(read_buffer)); // Always try to read more data if there's space, even if we have a complete frame
if (bytes_read <= 0) { // This ensures we can accumulate data for very large frames
if (config.debug) { if ((size_t)frame_buffer_used < sizeof(frame_buffer)) {
printf("[DEBUG] WebSocket connection lost, attempting reconnection...\n"); // Validate SSL connection state before reading
fflush(stdout); if (SSL_get_shutdown(current_ssl) & SSL_RECEIVED_SHUTDOWN) {
if (config.debug) {
printf("[DEBUG - WebSockets] SSL connection has received shutdown\n");
fflush(stdout);
}
cleanup_tunnel(config.debug);
break;
} }
// Attempt reconnection - use 1 second intervals for WebSocket reconnections // Set up timeout for SSL read operation
int reconnect_attempts = 0; fd_set readfds_timeout;
int max_reconnect_attempts = 3; struct timeval tv_timeout;
int reconnected = 0; int sock_fd = SSL_get_fd(current_ssl);
FD_ZERO(&readfds_timeout);
FD_SET(sock_fd, &readfds_timeout);
tv_timeout.tv_sec = 5; // 5 second timeout
tv_timeout.tv_usec = 0;
while (reconnect_attempts < max_reconnect_attempts && !reconnected) { int select_result = select(sock_fd + 1, &readfds_timeout, NULL, NULL, &tv_timeout);
if (select_result == -1) {
if (config.debug) { if (config.debug) {
printf("[DEBUG] WebSocket reconnection attempt %d/%d\n", reconnect_attempts + 1, max_reconnect_attempts); perror("[DEBUG - WebSockets] select failed");
fflush(stdout); fflush(stdout);
} }
cleanup_tunnel(config.debug);
break;
} else if (select_result == 0) {
if (config.debug) {
printf("[DEBUG - WebSockets] SSL read timeout\n");
fflush(stdout);
}
continue; // Timeout, try again
}
if (reconnect_websocket(active_tunnel, wssshd_host, wssshd_port, client_id, active_tunnel->request_id, config.debug) == 0) { bytes_read = SSL_read(current_ssl, frame_buffer + frame_buffer_used, sizeof(frame_buffer) - frame_buffer_used);
reconnected = 1; if (bytes_read <= 0) {
if (bytes_read < 0) {
int ssl_error = SSL_get_error(current_ssl, bytes_read);
if (config.debug) { if (config.debug) {
printf("[DEBUG] WebSocket reconnection successful, continuing tunnel\n"); printf("[DEBUG - WebSockets] SSL read error: %d\n", ssl_error);
fflush(stdout); fflush(stdout);
} }
// Update ssl_fd for select
ssl_fd = SSL_get_fd(active_tunnel->ssl); // Handle transient SSL errors with retry
} else { if (ssl_error == SSL_ERROR_WANT_READ || ssl_error == SSL_ERROR_WANT_WRITE) {
reconnect_attempts++;
if (reconnect_attempts < max_reconnect_attempts) {
if (config.debug) { if (config.debug) {
printf("[DEBUG] WebSocket reconnection failed, waiting 1 second...\n"); printf("[DEBUG - WebSockets] Transient SSL error, retrying...\n");
fflush(stdout); fflush(stdout);
} }
sleep(1); // Use 1 second for WebSocket reconnections usleep(10000); // Wait 10ms before retry
continue; // Retry the read operation
}
// Print detailed SSL error information for non-transient errors
char error_buf[256];
ERR_error_string_n(ssl_error, error_buf, sizeof(error_buf));
if (config.debug) {
printf("[DEBUG - WebSockets] SSL error details: %s\n", error_buf);
fflush(stdout);
}
fprintf(stderr, "SSL read error (%d): %s\n", ssl_error, error_buf);
} else {
if (config.debug) {
printf("[DEBUG - WebSockets] Connection closed by server (EOF)\n");
fflush(stdout);
} }
} }
}
if (!reconnected) {
if (config.debug) { if (config.debug) {
printf("[DEBUG] All reconnection attempts failed, exiting\n"); printf("[DEBUG - WebSockets] WebSocket connection lost, attempting reconnection...\n");
fflush(stdout); fflush(stdout);
} }
break;
}
// Skip processing this iteration since we just reconnected // Attempt reconnection - use 1 second intervals for WebSocket reconnections
continue; int reconnect_attempts = 0;
} int max_reconnect_attempts = 3;
int reconnected = 0;
if (config.debug) { while (reconnect_attempts < max_reconnect_attempts && !reconnected) {
printf("[DEBUG] SSL_read returned %d bytes\n", bytes_read); if (config.debug) {
fflush(stdout); printf("[DEBUG - WebSockets] WebSocket reconnection attempt %d/%d\n", reconnect_attempts + 1, max_reconnect_attempts);
} fflush(stdout);
}
// Append new data to frame buffer pthread_mutex_lock(&tunnel_mutex);
if (!frame_buffer_append(frame_buffer, read_buffer, bytes_read)) { if (!active_tunnel) {
if (config.debug) { pthread_mutex_unlock(&tunnel_mutex);
printf("[DEBUG] Failed to append data to frame buffer\n"); break;
fflush(stdout); }
if (reconnect_websocket(active_tunnel, wssshd_host, wssshd_port, client_id, active_tunnel->request_id, config.debug) == 0) {
reconnected = 1;
if (config.debug) {
printf("[DEBUG - WebSockets] WebSocket reconnection successful, continuing tunnel\n");
fflush(stdout);
}
// Update ssl_fd for select
ssl_fd = SSL_get_fd(active_tunnel->ssl);
current_ssl = active_tunnel->ssl;
}
pthread_mutex_unlock(&tunnel_mutex);
if (!reconnected) {
reconnect_attempts++;
if (reconnect_attempts < max_reconnect_attempts) {
if (config.debug) {
printf("[DEBUG - WebSockets] WebSocket reconnection failed, waiting 1 second...\n");
fflush(stdout);
}
sleep(1); // Use 1 second for WebSocket reconnections
}
}
}
if (!reconnected) {
if (config.debug) {
printf("[DEBUG - WebSockets] All reconnection attempts failed, exiting\n");
fflush(stdout);
}
tunnel_broken = 1;
// Send tunnel_close notification before breaking
if (config.debug) {
printf("[DEBUG - Tunnel] Sending tunnel_close notification due to connection failure...\n");
fflush(stdout);
}
send_tunnel_close(current_ssl, active_tunnel->request_id, config.debug);
// Kill SCP process and exit immediately
if (config.debug) {
printf("[DEBUG - Tunnel] Killing SCP process and exiting due to broken tunnel\n");
fflush(stdout);
}
if (!config.dev_tunnel) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
kill(pid, SIGTERM);
#pragma GCC diagnostic pop
}
goto cleanup_and_exit;
}
// Skip processing this iteration since we just reconnected
continue;
} }
continue;
}
// Process complete frames from the buffer frame_buffer_used += bytes_read;
int processed_frames = 0;
while (frame_buffer->used >= 2 && processed_frames < 100) { // Limit to prevent infinite loops
// Check frame type first
unsigned char frame_byte = frame_buffer->buffer[0];
unsigned char frame_type = frame_byte & 0x8F;
int fin = (frame_byte & 0x80) != 0;
int masked = (frame_buffer->buffer[1] & 0x80) != 0;
if (config.debug) { if (config.debug) {
printf("[DEBUG] Processing frame: type=0x%02x, fin=%d, masked=%d, buffer_used=%zu\n", printf("[DEBUG - WebSockets] Accumulated %d bytes, frame: 0x%02x 0x%02x 0x%02x 0x%02x\n", frame_buffer_used, frame_buffer[0], frame_buffer[1], frame_buffer[2], frame_buffer[3]);
frame_type, fin, masked, frame_buffer->used);
fflush(stdout); fflush(stdout);
} }
}
// Handle close frame // Try to parse WebSocket frame from accumulated buffer
if (frame_type == 0x88) { char *payload;
int payload_len;
if (parse_websocket_frame(frame_buffer, frame_buffer_used, &payload, &payload_len)) {
// Frame is complete, determine frame type
unsigned char frame_type = frame_buffer[0] & 0x8F;
if (frame_type == 0x88) { // Close frame
if (config.debug) { if (config.debug) {
printf("[DEBUG] Received close frame from server\n"); printf("[DEBUG - WebSockets] Received close frame from server\n");
fflush(stdout); fflush(stdout);
} }
goto cleanup; tunnel_broken = 1;
} // Send tunnel_close notification before breaking
// Handle ping frame
if (frame_type == 0x89) {
if (config.debug) { if (config.debug) {
printf("[DEBUG] Received ping frame, sending pong\n"); printf("[DEBUG - Tunnel] Sending tunnel_close notification due to server close frame...\n");
fflush(stdout); fflush(stdout);
} }
// Parse the ping frame to get payload send_tunnel_close(current_ssl, active_tunnel->request_id, config.debug);
char *ping_payload; // Kill SCP process and exit immediately
int ping_payload_len; if (config.debug) {
if (parse_websocket_frame(frame_buffer->buffer, frame_buffer->used, &ping_payload, &ping_payload_len)) { printf("[DEBUG - Tunnel] Killing SCP process and exiting due to broken tunnel\n");
// Send pong with same payload fflush(stdout);
if (!send_pong_frame(active_tunnel->ssl, ping_payload, ping_payload_len)) {
if (config.debug) {
printf("[DEBUG] Failed to send pong frame\n");
fflush(stdout);
}
}
// Calculate frame size and consume it
int frame_size = (ping_payload - frame_buffer->buffer) + ping_payload_len;
if (frame_type & 0x80) { // FIN bit set
frame_buffer_consume(frame_buffer, frame_size);
processed_frames++;
}
} else {
// Incomplete ping frame, wait for more data
break;
} }
continue; if (!config.dev_tunnel) {
} #pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
// Handle pong frame kill(pid, SIGTERM);
if (frame_type == 0x8A) { #pragma GCC diagnostic pop
}
goto cleanup_and_exit;
} else if (frame_type == 0x89) { // Ping frame
if (config.debug) { if (config.debug) {
printf("[DEBUG] Received pong frame\n"); printf("[DEBUG - WebSockets] Received ping frame, sending pong\n");
fflush(stdout); fflush(stdout);
} }
// Parse to find frame boundaries // Send pong with same payload
char *pong_payload; if (!send_pong_frame(current_ssl, payload, payload_len)) {
int pong_payload_len; if (config.debug) {
if (parse_websocket_frame(frame_buffer->buffer, frame_buffer->used, &pong_payload, &pong_payload_len)) { printf("[DEBUG - WebSockets] Failed to send pong frame\n");
int frame_size = (pong_payload - frame_buffer->buffer) + pong_payload_len; fflush(stdout);
if (frame_type & 0x80) { // FIN bit set
frame_buffer_consume(frame_buffer, frame_size);
processed_frames++;
} }
} else {
break; // Incomplete pong frame
} }
continue; } else if (frame_type == 0x8A) { // Pong frame
}
// Parse regular frame (text or binary)
char *payload;
int payload_len;
if (!parse_websocket_frame(frame_buffer->buffer, frame_buffer->used, &payload, &payload_len)) {
// Incomplete frame, wait for more data
if (config.debug) { if (config.debug) {
printf("[DEBUG] Incomplete frame, buffer used: %zu, first few bytes: ", frame_buffer->used); printf("[DEBUG - WebSockets] Received pong frame\n");
for (size_t i = 0; i < frame_buffer->used && i < 10; i++) {
printf("%02x ", (unsigned char)frame_buffer->buffer[i]);
}
printf("\n");
fflush(stdout); fflush(stdout);
} }
break; // Just acknowledge, no response needed
} } else if (frame_type == 0x81 || frame_type == 0x82) { // Text or binary frame
// Calculate total frame size (header + payload)
// payload points to start of payload data, so header_len = payload - buffer
int header_len = payload - frame_buffer->buffer;
int frame_size = header_len + payload_len;
if (config.debug) {
printf("[DEBUG] Frame details: header_len=%d, payload_len=%d, frame_size=%d, buffer_used=%zu\n",
header_len, payload_len, frame_size, frame_buffer->used);
fflush(stdout);
}
// Validate frame size before consuming
if (frame_size <= 0 || frame_size > (int)frame_buffer->used) {
if (config.debug) { if (config.debug) {
printf("[DEBUG] Invalid frame size %d, skipping frame\n", frame_size); printf("[DEBUG - WebSockets] Received message: %.*s\n", payload_len, payload);
fflush(stdout); fflush(stdout);
} }
// Skip this frame by consuming just the header
if (header_len > 0 && header_len <= (int)frame_buffer->used) { // Copy payload to buffer for processing (null-terminate for string operations)
frame_buffer_consume(frame_buffer, header_len); if ((size_t)payload_len < sizeof(buffer)) {
memcpy(buffer, payload, payload_len);
buffer[payload_len] = '\0';
} else { } else {
// Can't even consume header, break to avoid infinite loop fprintf(stderr, "Payload too large for processing buffer\n");
break; // Skip this frame
frame_buffer_used = 0;
continue;
} }
processed_frames++;
continue;
}
frame_buffer_consume(frame_buffer, frame_size);
processed_frames++;
payload[payload_len] = '\0';
if (config.debug) { // Handle message
printf("[DEBUG] Received: %s\n", payload);
fflush(stdout);
}
// Handle messages
if (strstr(payload, "tunnel_data") || strstr(payload, "tunnel_response") ||
strstr(payload, "tunnel_request") || strstr(payload, "tunnel_ack")) {
if (config.debug) { if (config.debug) {
if (strstr(payload, "tunnel_data")) { printf("[DEBUG - WebSockets] Processing message: %s\n", buffer);
printf("[DEBUG] Received tunnel_data message\n");
} else if (strstr(payload, "tunnel_response")) {
printf("[DEBUG] Received tunnel_response message\n");
} else if (strstr(payload, "tunnel_request")) {
printf("[DEBUG] Received tunnel_request message\n");
} else if (strstr(payload, "tunnel_ack")) {
printf("[DEBUG] Received tunnel_ack message\n");
}
fflush(stdout); fflush(stdout);
} }
// Extract request_id and data if present
char *id_start = strstr(payload, "\"request_id\""); // Handle messages
char *data_start = strstr(payload, "\"data\""); if (strstr(buffer, "tunnel_data") || strstr(buffer, "tunnel_response")) {
if (id_start && data_start) { if (config.debug) {
char *colon = strchr(id_start, ':'); if (strstr(buffer, "tunnel_data")) {
if (colon) { printf("[DEBUG - Tunnel] Received tunnel_data message\n");
char *open_quote = strchr(colon, '"'); } else {
if (open_quote) { printf("[DEBUG - Tunnel] Received tunnel_response message\n");
id_start = open_quote + 1; }
char *close_quote = strchr(id_start, '"'); fflush(stdout);
if (close_quote) { }
*close_quote = '\0'; // Extract request_id and data
char *data_colon = strchr(data_start, ':'); char *id_start = strstr(buffer, "\"request_id\"");
if (data_colon) { char *data_start = strstr(buffer, "\"data\"");
char *data_quote = strchr(data_colon, '"'); if (id_start && data_start) {
if (data_quote) { char *colon = strchr(id_start, ':');
data_start = data_quote + 1; if (colon) {
char *data_end = strchr(data_start, '"'); char *open_quote = strchr(colon, '"');
if (data_end) { if (open_quote) {
*data_end = '\0'; id_start = open_quote + 1;
handle_tunnel_data(active_tunnel->ssl, id_start, data_start, config.debug); char *close_quote = strchr(id_start, '"');
if (close_quote) {
*close_quote = '\0';
char *data_colon = strchr(data_start, ':');
if (data_colon) {
char *data_quote = strchr(data_colon, '"');
if (data_quote) {
data_start = data_quote + 1;
char *data_end = strchr(data_start, '"');
if (data_end) {
*data_end = '\0';
handle_tunnel_data(current_ssl, id_start, data_start, config.debug);
}
} }
} }
} }
} }
} }
} }
} } else if (strstr(buffer, "tunnel_close")) {
} else if (strstr(payload, "tunnel_close")) { if (config.debug) {
if (config.debug) { printf("[DEBUG - Tunnel] Received tunnel_close message\n");
printf("[DEBUG] Received tunnel_close message\n"); fflush(stdout);
fflush(stdout); }
} char *id_start = strstr(buffer, "\"request_id\"");
char *id_start = strstr(payload, "\"request_id\""); if (id_start) {
if (id_start) { char *colon = strchr(id_start, ':');
char *colon = strchr(id_start, ':'); if (colon) {
if (colon) { char *open_quote = strchr(colon, '"');
char *open_quote = strchr(colon, '"'); if (open_quote) {
if (open_quote) { id_start = open_quote + 1;
id_start = open_quote + 1; char *close_quote = strchr(id_start, '"');
char *close_quote = strchr(id_start, '"'); if (close_quote) {
if (close_quote) { *close_quote = '\0';
*close_quote = '\0'; handle_tunnel_close(current_ssl, id_start, config.debug);
handle_tunnel_close(active_tunnel->ssl, id_start, config.debug); }
} }
} }
} }
} } else {
} else { if (config.debug) {
if (config.debug) { printf("[DEBUG - WebSockets] Received unknown message type: %s\n", buffer);
printf("[DEBUG] Received unknown message type: %s\n", payload); fflush(stdout);
fflush(stdout); }
} }
} }
}
if (processed_frames >= 100) { // Remove processed frame from buffer
if (config.debug) { int frame_size = (payload - frame_buffer) + payload_len;
printf("[DEBUG] Processed 100 frames in one iteration, possible infinite loop\n"); if (frame_size < frame_buffer_used) {
fflush(stdout); // Move remaining data to front
memmove(frame_buffer, frame_buffer + frame_size, frame_buffer_used - frame_size);
frame_buffer_used -= frame_size;
} else {
// Entire buffer was consumed
frame_buffer_used = 0;
} }
} else {
// Frame not complete yet, continue reading
continue;
} }
} }
} }
frame_buffer_free(frame_buffer);
if (config.debug) { if (config.debug) {
printf("[DEBUG] Tunnel loop ended, waiting for SCP to finish...\n"); printf("[DEBUG - Tunnel] Tunnel loop ended, waiting for process to finish...\n");
fflush(stdout); fflush(stdout);
} }
cleanup: cleanup_and_exit:
// Wait for SCP to finish // Wait for SCP to finish
int status; int status;
waitpid(pid, &status, 0); if (!config.dev_tunnel) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
waitpid(pid, &status, 0);
#pragma GCC diagnostic pop
}
if (config.debug) { if (config.debug) {
printf("[DEBUG] SCP process finished with status: %d\n", status); printf("[DEBUG - Tunnel] Process finished with status: %d\n", status);
fflush(stdout); fflush(stdout);
} }
// Wait a few seconds before exiting cleanly // Wait a few seconds before exiting cleanly
if (config.debug) { if (config.debug) {
printf("[DEBUG] Waiting 3 seconds before exit...\n"); printf("[DEBUG - Tunnel] Waiting 3 seconds before exit...\n");
fflush(stdout); fflush(stdout);
} }
sleep(3); sleep(3);
...@@ -894,8 +1078,8 @@ cleanup: ...@@ -894,8 +1078,8 @@ cleanup:
// Free strings that were allocated with malloc/strdup // Free strings that were allocated with malloc/strdup
if (i == 8) { // The port string if (i == 8) { // The port string
free(new_scp_args[i]); free(new_scp_args[i]);
} else if (strstr(new_scp_args[i], "@localhost") || strstr(new_scp_args[i], "localhost:")) { } else if (strstr(new_scp_args[i], "@localhost")) {
// The user@localhost:path or localhost:path string (if allocated) // The user@localhost string (if allocated)
free(new_scp_args[i]); free(new_scp_args[i]);
} }
} }
...@@ -904,5 +1088,5 @@ cleanup: ...@@ -904,5 +1088,5 @@ cleanup:
pthread_mutex_destroy(&tunnel_mutex); pthread_mutex_destroy(&tunnel_mutex);
// Ensure we exit the process // Ensure we exit the process
exit(0); exit(tunnel_broken ? 1 : 0);
} }
\ No newline at end of file
wssshtools/wsssh.c
View file @ ac456539
...@@ -50,6 +50,7 @@ void print_usage(const char *program_name) { ...@@ -50,6 +50,7 @@ void print_usage(const char *program_name) {
fprintf(stderr, " --local-port PORT Local tunnel port (default: auto)\n"); fprintf(stderr, " --local-port PORT Local tunnel port (default: auto)\n");
fprintf(stderr, " --interval SEC Connection retry interval in seconds (default: 30)\n"); fprintf(stderr, " --interval SEC Connection retry interval in seconds (default: 30)\n");
fprintf(stderr, " --debug Enable debug output\n"); fprintf(stderr, " --debug Enable debug output\n");
fprintf(stderr, " --dev-tunnel Development mode: setup tunnel but don't launch SSH\n");
fprintf(stderr, " --help Show this help\n"); fprintf(stderr, " --help Show this help\n");
fprintf(stderr, " -p PORT wssshd server port (default: 9898)\n"); fprintf(stderr, " -p PORT wssshd server port (default: 9898)\n");
fprintf(stderr, " --port PORT Same as -p\n"); fprintf(stderr, " --port PORT Same as -p\n");
...@@ -77,6 +78,8 @@ int parse_args(int argc, char *argv[], wsssh_config_t *config, int *remaining_ar ...@@ -77,6 +78,8 @@ int parse_args(int argc, char *argv[], wsssh_config_t *config, int *remaining_ar
i++; // Skip the argument i++; // Skip the argument
} else if (strcmp(argv[i], "--debug") == 0) { } else if (strcmp(argv[i], "--debug") == 0) {
config->debug = 1; config->debug = 1;
} else if (strcmp(argv[i], "--dev-tunnel") == 0) {
config->dev_tunnel = 1;
} else if (strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-h") == 0) { } else if (strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-h") == 0) {
print_usage(argv[0]); print_usage(argv[0]);
return 0; return 0;
...@@ -245,7 +248,8 @@ int main(int argc, char *argv[]) { ...@@ -245,7 +248,8 @@ int main(int argc, char *argv[]) {
.local_port = NULL, .local_port = NULL,
.wssshd_port = 9898, .wssshd_port = 9898,
.debug = 0, .debug = 0,
.interval = 30 .interval = 30,
.dev_tunnel = 0
}; };
// Easter egg: --support option (only when it's the only argument) // Easter egg: --support option (only when it's the only argument)
...@@ -397,55 +401,86 @@ int main(int argc, char *argv[]) { ...@@ -397,55 +401,86 @@ int main(int argc, char *argv[]) {
return 1; return 1;
} }
// Handle dev-tunnel mode: print SSH command and wait for manual execution
if (config.dev_tunnel) {
printf("\n");
printf("========================================\n");
printf(" DEVELOPMENT TUNNEL MODE ENABLED\n");
printf("========================================\n");
printf("Tunnel is ready on localhost:%d\n", local_port);
printf("\n");
printf("SSH Command to execute manually:\n");
printf(" ");
for (int i = 0; new_ssh_args[i]; i++) {
printf("%s ", new_ssh_args[i]);
}
printf("\n");
printf("\n");
printf("Or connect manually with telnet:\n");
printf(" telnet localhost %d\n", local_port);
printf("\n");
printf("Press Ctrl+C to exit and close the tunnel.\n");
printf("========================================\n");
printf("\n");
// In dev-tunnel mode, we still need to start the forwarding threads
// to handle bidirectional communication, but we don't fork SSH
goto start_forwarding_threads;
}
// NOW fork to run SSH in background (after tunnel is ready) // NOW fork to run SSH in background (after tunnel is ready)
if (config.debug) { if (config.debug) {
printf("[DEBUG - Tunnel] About to fork SSH process...\n"); printf("[DEBUG - Tunnel] About to fork SSH process...\n");
fflush(stdout); fflush(stdout);
} }
pid_t pid = fork(); pid_t pid = -1; // Initialize to avoid uninitialized warning
if (pid < 0) { if (!config.dev_tunnel) {
perror("fork failed"); pid = fork();
free(client_id); if (pid < 0) {
free(wssshd_host); perror("fork failed");
free(config.local_port); free(client_id);
for (int i = 1; i < new_ssh_argc; i++) { free(wssshd_host);
if (new_ssh_args[i] != remaining_argv[i-1]) { free(config.local_port);
free(new_ssh_args[i]); for (int i = 1; i < new_ssh_argc; i++) {
if (new_ssh_args[i] != remaining_argv[i-1]) {
free(new_ssh_args[i]);
}
} }
free(new_ssh_args);
pthread_mutex_destroy(&tunnel_mutex);
return 1;
} }
free(new_ssh_args);
pthread_mutex_destroy(&tunnel_mutex);
return 1;
}
if (pid == 0) { if (pid == 0) {
// Child process: run SSH // Child process: run SSH
if (config.debug) { if (config.debug) {
printf("[DEBUG - Tunnel] Child process starting SSH with command:"); printf("[DEBUG - Tunnel] Child process starting SSH with command:");
for (int i = 0; new_ssh_args[i]; i++) { for (int i = 0; new_ssh_args[i]; i++) {
printf(" %s", new_ssh_args[i]); printf(" %s", new_ssh_args[i]);
}
printf("\n");
fflush(stdout);
} }
printf("\n"); execvp("ssh", new_ssh_args);
fflush(stdout);
} // If we reach here, execvp failed
execvp("ssh", new_ssh_args); perror("execvp failed");
free(client_id);
// If we reach here, execvp failed free(wssshd_host);
perror("execvp failed"); for (int i = 1; i < new_ssh_argc; i++) {
free(client_id); if (new_ssh_args[i] != remaining_argv[i-1]) {
free(wssshd_host); free(new_ssh_args[i]);
for (int i = 1; i < new_ssh_argc; i++) { }
if (new_ssh_args[i] != remaining_argv[i-1]) {
free(new_ssh_args[i]);
} }
free(new_ssh_args);
exit(1);
} }
free(new_ssh_args);
exit(1);
} }
start_forwarding_threads:
// Parent process: accept SSH connection and start forwarding // Parent process: accept SSH connection and start forwarding
if (config.debug) { if (config.debug) {
printf("[DEBUG - Tunnel] Waiting for SSH connection on localhost:%d...\n", local_port); printf("[DEBUG - Tunnel] Waiting for connection on localhost:%d...\n", local_port);
fflush(stdout); fflush(stdout);
} }
...@@ -454,8 +489,10 @@ int main(int argc, char *argv[]) { ...@@ -454,8 +489,10 @@ int main(int argc, char *argv[]) {
int accepted_sock = accept(listen_sock, (struct sockaddr *)&client_addr, &client_len); int accepted_sock = accept(listen_sock, (struct sockaddr *)&client_addr, &client_len);
if (accepted_sock < 0) { if (accepted_sock < 0) {
perror("Local accept failed"); perror("Local accept failed");
kill(pid, SIGTERM); if (!config.dev_tunnel) {
waitpid(pid, NULL, 0); kill(pid, SIGTERM);
waitpid(pid, NULL, 0);
}
close(listen_sock); close(listen_sock);
free(active_tunnel); free(active_tunnel);
active_tunnel = NULL; active_tunnel = NULL;
...@@ -510,8 +547,10 @@ int main(int argc, char *argv[]) { ...@@ -510,8 +547,10 @@ int main(int argc, char *argv[]) {
thread_args_t *thread_args = malloc(sizeof(thread_args_t)); thread_args_t *thread_args = malloc(sizeof(thread_args_t));
if (!thread_args) { if (!thread_args) {
perror("Memory allocation failed for thread args"); perror("Memory allocation failed for thread args");
kill(pid, SIGTERM); if (!config.dev_tunnel) {
waitpid(pid, NULL, 0); kill(pid, SIGTERM);
waitpid(pid, NULL, 0);
}
// Close socket with mutex protection // Close socket with mutex protection
pthread_mutex_lock(&tunnel_mutex); pthread_mutex_lock(&tunnel_mutex);
if (active_tunnel && active_tunnel->local_sock >= 0) { if (active_tunnel && active_tunnel->local_sock >= 0) {
...@@ -546,13 +585,22 @@ int main(int argc, char *argv[]) { ...@@ -546,13 +585,22 @@ int main(int argc, char *argv[]) {
struct timeval tv; struct timeval tv;
int tunnel_broken = 0; int tunnel_broken = 0;
// Frame accumulation buffer for handling partial WebSocket frames
static char frame_buffer[BUFFER_SIZE * 4]; // Quadruple buffer size for accumulation
static int frame_buffer_used = 0;
while (1) { while (1) {
// Get SSL fd with mutex protection // Get SSL fd with mutex protection
pthread_mutex_lock(&tunnel_mutex); pthread_mutex_lock(&tunnel_mutex);
if (!active_tunnel || !active_tunnel->active) { if (!active_tunnel || !active_tunnel->active) {
if (active_tunnel && active_tunnel->broken) { if (active_tunnel && active_tunnel->broken) {
tunnel_broken = 1; tunnel_broken = 1;
kill(pid, SIGTERM); if (!config.dev_tunnel && pid > 0 && pid != -1) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
kill(pid, SIGTERM);
#pragma GCC diagnostic pop
}
pthread_mutex_unlock(&tunnel_mutex); pthread_mutex_unlock(&tunnel_mutex);
goto cleanup_and_exit; goto cleanup_and_exit;
} else { } else {
...@@ -588,7 +636,12 @@ int main(int argc, char *argv[]) { ...@@ -588,7 +636,12 @@ int main(int argc, char *argv[]) {
printf("[DEBUG - Tunnel] Killing SSH process and exiting due to broken tunnel\n"); printf("[DEBUG - Tunnel] Killing SSH process and exiting due to broken tunnel\n");
fflush(stdout); fflush(stdout);
} }
kill(pid, SIGTERM); if (!config.dev_tunnel) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
kill(pid, SIGTERM);
#pragma GCC diagnostic pop
}
goto cleanup_and_exit; goto cleanup_and_exit;
} }
...@@ -610,7 +663,12 @@ int main(int argc, char *argv[]) { ...@@ -610,7 +663,12 @@ int main(int argc, char *argv[]) {
printf("[DEBUG - Tunnel] Killing SSH process and exiting due to broken tunnel\n"); printf("[DEBUG - Tunnel] Killing SSH process and exiting due to broken tunnel\n");
fflush(stdout); fflush(stdout);
} }
kill(pid, SIGTERM); if (!config.dev_tunnel) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
kill(pid, SIGTERM);
#pragma GCC diagnostic pop
}
goto cleanup_and_exit; goto cleanup_and_exit;
} }
...@@ -639,7 +697,12 @@ int main(int argc, char *argv[]) { ...@@ -639,7 +697,12 @@ int main(int argc, char *argv[]) {
printf("[DEBUG - Tunnel] Killing SSH process and exiting due to broken tunnel\n"); printf("[DEBUG - Tunnel] Killing SSH process and exiting due to broken tunnel\n");
fflush(stdout); fflush(stdout);
} }
kill(pid, SIGTERM); if (!config.dev_tunnel) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
kill(pid, SIGTERM);
#pragma GCC diagnostic pop
}
goto cleanup_and_exit; goto cleanup_and_exit;
} else if (retval == 0) { } else if (retval == 0) {
// Timeout, check if tunnel became inactive during timeout // Timeout, check if tunnel became inactive during timeout
...@@ -656,7 +719,12 @@ int main(int argc, char *argv[]) { ...@@ -656,7 +719,12 @@ int main(int argc, char *argv[]) {
printf("[DEBUG - Tunnel] Killing SSH process and exiting due to broken tunnel\n"); printf("[DEBUG - Tunnel] Killing SSH process and exiting due to broken tunnel\n");
fflush(stdout); fflush(stdout);
} }
kill(pid, SIGTERM); if (!config.dev_tunnel) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
kill(pid, SIGTERM);
#pragma GCC diagnostic pop
}
goto cleanup_and_exit; goto cleanup_and_exit;
} }
pthread_mutex_unlock(&tunnel_mutex); pthread_mutex_unlock(&tunnel_mutex);
...@@ -664,63 +732,180 @@ int main(int argc, char *argv[]) { ...@@ -664,63 +732,180 @@ int main(int argc, char *argv[]) {
continue; continue;
} }
// Read more data if we don't have a complete frame
if (FD_ISSET(ssl_fd, &readfds)) { if (FD_ISSET(ssl_fd, &readfds)) {
bytes_read = SSL_read(current_ssl, buffer, sizeof(buffer)); // Always try to read more data if there's space, even if we have a complete frame
if (bytes_read <= 0) { // This ensures we can accumulate data for very large frames
if (config.debug) { if ((size_t)frame_buffer_used < sizeof(frame_buffer)) {
printf("[DEBUG - WebSockets] WebSocket connection lost, attempting reconnection...\n"); // Validate SSL connection state before reading
fflush(stdout); if (SSL_get_shutdown(current_ssl) & SSL_RECEIVED_SHUTDOWN) {
if (config.debug) {
printf("[DEBUG - WebSockets] SSL connection has received shutdown\n");
fflush(stdout);
}
cleanup_tunnel(config.debug);
break;
} }
// Attempt reconnection - use 1 second intervals for WebSocket reconnections // Set up timeout for SSL read operation
int reconnect_attempts = 0; fd_set readfds_timeout;
int max_reconnect_attempts = 3; struct timeval tv_timeout;
int reconnected = 0; int sock_fd = SSL_get_fd(current_ssl);
FD_ZERO(&readfds_timeout);
FD_SET(sock_fd, &readfds_timeout);
tv_timeout.tv_sec = 5; // 5 second timeout
tv_timeout.tv_usec = 0;
while (reconnect_attempts < max_reconnect_attempts && !reconnected) { int select_result = select(sock_fd + 1, &readfds_timeout, NULL, NULL, &tv_timeout);
if (select_result == -1) {
if (config.debug) { if (config.debug) {
printf("[DEBUG - WebSockets] WebSocket reconnection attempt %d/%d\n", reconnect_attempts + 1, max_reconnect_attempts); perror("[DEBUG - WebSockets] select failed");
fflush(stdout); fflush(stdout);
} }
cleanup_tunnel(config.debug);
pthread_mutex_lock(&tunnel_mutex); break;
if (!active_tunnel) { } else if (select_result == 0) {
pthread_mutex_unlock(&tunnel_mutex); if (config.debug) {
break; printf("[DEBUG - WebSockets] SSL read timeout\n");
fflush(stdout);
} }
if (reconnect_websocket(active_tunnel, wssshd_host, wssshd_port, client_id, active_tunnel->request_id, config.debug) == 0) { continue; // Timeout, try again
reconnected = 1; }
bytes_read = SSL_read(current_ssl, frame_buffer + frame_buffer_used, sizeof(frame_buffer) - frame_buffer_used);
if (bytes_read <= 0) {
if (bytes_read < 0) {
int ssl_error = SSL_get_error(current_ssl, bytes_read);
if (config.debug) {
printf("[DEBUG - WebSockets] SSL read error: %d\n", ssl_error);
fflush(stdout);
}
// Handle transient SSL errors with retry
if (ssl_error == SSL_ERROR_WANT_READ || ssl_error == SSL_ERROR_WANT_WRITE) {
if (config.debug) {
printf("[DEBUG - WebSockets] Transient SSL error, retrying...\n");
fflush(stdout);
}
usleep(10000); // Wait 10ms before retry
continue; // Retry the read operation
}
// Print detailed SSL error information for non-transient errors
char error_buf[256];
ERR_error_string_n(ssl_error, error_buf, sizeof(error_buf));
if (config.debug) { if (config.debug) {
printf("[DEBUG - WebSockets] WebSocket reconnection successful, continuing tunnel\n"); printf("[DEBUG - WebSockets] SSL error details: %s\n", error_buf);
fflush(stdout);
}
fprintf(stderr, "SSL read error (%d): %s\n", ssl_error, error_buf);
} else {
if (config.debug) {
printf("[DEBUG - WebSockets] Connection closed by server (EOF)\n");
fflush(stdout); fflush(stdout);
} }
// Update ssl_fd for select
ssl_fd = SSL_get_fd(active_tunnel->ssl);
current_ssl = active_tunnel->ssl;
} }
pthread_mutex_unlock(&tunnel_mutex);
if (!reconnected) { if (config.debug) {
reconnect_attempts++; printf("[DEBUG - WebSockets] WebSocket connection lost, attempting reconnection...\n");
if (reconnect_attempts < max_reconnect_attempts) { fflush(stdout);
}
// Attempt reconnection - use 1 second intervals for WebSocket reconnections
int reconnect_attempts = 0;
int max_reconnect_attempts = 3;
int reconnected = 0;
while (reconnect_attempts < max_reconnect_attempts && !reconnected) {
if (config.debug) {
printf("[DEBUG - WebSockets] WebSocket reconnection attempt %d/%d\n", reconnect_attempts + 1, max_reconnect_attempts);
fflush(stdout);
}
pthread_mutex_lock(&tunnel_mutex);
if (!active_tunnel) {
pthread_mutex_unlock(&tunnel_mutex);
break;
}
if (reconnect_websocket(active_tunnel, wssshd_host, wssshd_port, client_id, active_tunnel->request_id, config.debug) == 0) {
reconnected = 1;
if (config.debug) { if (config.debug) {
printf("[DEBUG - WebSockets] WebSocket reconnection failed, waiting 1 second...\n"); printf("[DEBUG - WebSockets] WebSocket reconnection successful, continuing tunnel\n");
fflush(stdout); fflush(stdout);
} }
sleep(1); // Use 1 second for WebSocket reconnections // Update ssl_fd for select
ssl_fd = SSL_get_fd(active_tunnel->ssl);
current_ssl = active_tunnel->ssl;
}
pthread_mutex_unlock(&tunnel_mutex);
if (!reconnected) {
reconnect_attempts++;
if (reconnect_attempts < max_reconnect_attempts) {
if (config.debug) {
printf("[DEBUG - WebSockets] WebSocket reconnection failed, waiting 1 second...\n");
fflush(stdout);
}
sleep(1); // Use 1 second for WebSocket reconnections
}
}
}
if (!reconnected) {
if (config.debug) {
printf("[DEBUG - WebSockets] All reconnection attempts failed, exiting\n");
fflush(stdout);
}
tunnel_broken = 1;
// Send tunnel_close notification before breaking
if (config.debug) {
printf("[DEBUG - Tunnel] Sending tunnel_close notification due to connection failure...\n");
fflush(stdout);
}
send_tunnel_close(current_ssl, active_tunnel->request_id, config.debug);
// Kill SSH process and exit immediately
if (config.debug) {
printf("[DEBUG - Tunnel] Killing SSH process and exiting due to broken tunnel\n");
fflush(stdout);
}
if (!config.dev_tunnel) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
kill(pid, SIGTERM);
#pragma GCC diagnostic pop
} }
goto cleanup_and_exit;
} }
// Skip processing this iteration since we just reconnected
continue;
}
frame_buffer_used += bytes_read;
if (config.debug) {
printf("[DEBUG - WebSockets] Accumulated %d bytes, frame: 0x%02x 0x%02x 0x%02x 0x%02x\n", frame_buffer_used, frame_buffer[0], frame_buffer[1], frame_buffer[2], frame_buffer[3]);
fflush(stdout);
} }
}
if (!reconnected) { // Try to parse WebSocket frame from accumulated buffer
char *payload;
int payload_len;
if (parse_websocket_frame(frame_buffer, frame_buffer_used, &payload, &payload_len)) {
// Frame is complete, determine frame type
unsigned char frame_type = frame_buffer[0] & 0x8F;
if (frame_type == 0x88) { // Close frame
if (config.debug) { if (config.debug) {
printf("[DEBUG - WebSockets] All reconnection attempts failed, exiting\n"); printf("[DEBUG - WebSockets] Received close frame from server\n");
fflush(stdout); fflush(stdout);
} }
tunnel_broken = 1; tunnel_broken = 1;
// Send tunnel_close notification before breaking // Send tunnel_close notification before breaking
if (config.debug) { if (config.debug) {
printf("[DEBUG - Tunnel] Sending tunnel_close notification due to connection failure...\n"); printf("[DEBUG - Tunnel] Sending tunnel_close notification due to server close frame...\n");
fflush(stdout); fflush(stdout);
} }
send_tunnel_close(current_ssl, active_tunnel->request_id, config.debug); send_tunnel_close(current_ssl, active_tunnel->request_id, config.debug);
...@@ -729,222 +914,137 @@ int main(int argc, char *argv[]) { ...@@ -729,222 +914,137 @@ int main(int argc, char *argv[]) {
printf("[DEBUG - Tunnel] Killing SSH process and exiting due to broken tunnel\n"); printf("[DEBUG - Tunnel] Killing SSH process and exiting due to broken tunnel\n");
fflush(stdout); fflush(stdout);
} }
kill(pid, SIGTERM); if (!config.dev_tunnel) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
kill(pid, SIGTERM);
#pragma GCC diagnostic pop
}
goto cleanup_and_exit; goto cleanup_and_exit;
} } else if (frame_type == 0x89) { // Ping frame
if (config.debug) {
// Skip processing this iteration since we just reconnected printf("[DEBUG - WebSockets] Received ping frame, sending pong\n");
continue; fflush(stdout);
} }
// Check if tunnel became inactive during WebSocket processing
pthread_mutex_lock(&tunnel_mutex);
if (!active_tunnel || !active_tunnel->active) {
pthread_mutex_unlock(&tunnel_mutex);
if (config.debug) {
printf("[DEBUG - Tunnel] Tunnel became inactive during WebSocket processing, exiting\n");
fflush(stdout);
}
tunnel_broken = 1;
// Kill SSH process and exit immediately
if (config.debug) {
printf("[DEBUG - Tunnel] Killing SSH process and exiting due to broken tunnel\n");
fflush(stdout);
}
kill(pid, SIGTERM);
goto cleanup_and_exit;
}
pthread_mutex_unlock(&tunnel_mutex);
// Check frame type
unsigned char frame_type = buffer[0] & 0x8F;
// Handle close frame
if (frame_type == 0x88) {
if (config.debug) {
printf("[DEBUG - WebSockets] Received close frame from server\n");
fflush(stdout);
}
tunnel_broken = 1;
// Send tunnel_close notification before breaking
if (config.debug) {
printf("[DEBUG - Tunnel] Sending tunnel_close notification due to server close frame...\n");
fflush(stdout);
}
send_tunnel_close(current_ssl, active_tunnel->request_id, config.debug);
// Kill SSH process and exit immediately
if (config.debug) {
printf("[DEBUG - Tunnel] Killing SSH process and exiting due to broken tunnel\n");
fflush(stdout);
}
kill(pid, SIGTERM);
goto cleanup_and_exit;
}
// Handle ping frame
if (frame_type == 0x89) {
if (config.debug) {
printf("[DEBUG - WebSockets] Received ping frame, sending pong\n");
fflush(stdout);
}
// Parse the ping frame to get payload
char *ping_payload;
int ping_payload_len;
if (parse_websocket_frame(buffer, bytes_read, &ping_payload, &ping_payload_len)) {
// Send pong with same payload // Send pong with same payload
if (!send_pong_frame(current_ssl, ping_payload, ping_payload_len)) { if (!send_pong_frame(current_ssl, payload, payload_len)) {
if (config.debug) { if (config.debug) {
printf("[DEBUG - WebSockets] Failed to send pong frame\n"); printf("[DEBUG - WebSockets] Failed to send pong frame\n");
fflush(stdout); fflush(stdout);
} }
} }
} else { } else if (frame_type == 0x8A) { // Pong frame
if (config.debug) { if (config.debug) {
printf("[DEBUG] Failed to parse ping frame\n"); printf("[DEBUG - WebSockets] Received pong frame\n");
fflush(stdout); fflush(stdout);
} }
} // Just acknowledge, no response needed
continue; } else if (frame_type == 0x81 || frame_type == 0x82) { // Text or binary frame
} if (config.debug) {
printf("[DEBUG - WebSockets] Received message: %.*s\n", payload_len, payload);
// Handle pong frame fflush(stdout);
if (frame_type == 0x8A) { }
if (config.debug) {
printf("[DEBUG] Received pong frame\n"); // Copy payload to buffer for processing (null-terminate for string operations)
fflush(stdout); if ((size_t)payload_len < sizeof(buffer)) {
} memcpy(buffer, payload, payload_len);
// Just acknowledge, no response needed buffer[payload_len] = '\0';
continue;
}
// Handle regular frames (text/binary)
char *payload;
int payload_len;
if (!parse_websocket_frame(buffer, bytes_read, &payload, &payload_len)) {
if (config.debug) {
printf("[DEBUG - WebSockets] Failed to parse WebSocket frame\n");
fflush(stdout);
}
continue;
}
payload[payload_len] = '\0';
if (config.debug) {
printf("[DEBUG - WebSockets] Received: %s\n", payload);
fflush(stdout);
}
// Handle messages
if (strstr(payload, "tunnel_data") || strstr(payload, "tunnel_response")) {
if (config.debug) {
if (strstr(payload, "tunnel_data")) {
printf("[DEBUG - Tunnel] Received tunnel_data message\n");
} else { } else {
printf("[DEBUG - Tunnel] Received tunnel_response message\n"); fprintf(stderr, "Payload too large for processing buffer\n");
// Skip this frame
frame_buffer_used = 0;
continue;
} }
fflush(stdout);
} // Handle message
// Extract request_id and data if (config.debug) {
char *id_start = strstr(payload, "\"request_id\""); printf("[DEBUG - WebSockets] Processing message: %s\n", buffer);
char *data_start = strstr(payload, "\"data\""); fflush(stdout);
if (id_start && data_start) { }
char *colon = strchr(id_start, ':');
if (colon) { // Handle messages
char *open_quote = strchr(colon, '"'); if (strstr(buffer, "tunnel_data") || strstr(buffer, "tunnel_response")) {
if (open_quote) { if (config.debug) {
id_start = open_quote + 1; if (strstr(buffer, "tunnel_data")) {
char *close_quote = strchr(id_start, '"'); printf("[DEBUG - Tunnel] Received tunnel_data message\n");
if (close_quote) { } else {
*close_quote = '\0'; printf("[DEBUG - Tunnel] Received tunnel_response message\n");
char *data_colon = strchr(data_start, ':'); }
if (data_colon) { fflush(stdout);
char *data_quote = strchr(data_colon, '"'); }
if (data_quote) { // Extract request_id and data
data_start = data_quote + 1; char *id_start = strstr(buffer, "\"request_id\"");
char *data_end = strchr(data_start, '"'); char *data_start = strstr(buffer, "\"data\"");
if (data_end) { if (id_start && data_start) {
*data_end = '\0'; char *colon = strchr(id_start, ':');
handle_tunnel_data(current_ssl, id_start, data_start, config.debug); if (colon) {
char *open_quote = strchr(colon, '"');
if (open_quote) {
id_start = open_quote + 1;
char *close_quote = strchr(id_start, '"');
if (close_quote) {
*close_quote = '\0';
char *data_colon = strchr(data_start, ':');
if (data_colon) {
char *data_quote = strchr(data_colon, '"');
if (data_quote) {
data_start = data_quote + 1;
char *data_end = strchr(data_start, '"');
if (data_end) {
*data_end = '\0';
handle_tunnel_data(current_ssl, id_start, data_start, config.debug);
}
}
} }
} }
} }
} }
} }
} } else if (strstr(buffer, "tunnel_close")) {
} if (config.debug) {
} else if (strstr(payload, "tunnel_close")) { printf("[DEBUG - Tunnel] Received tunnel_close message\n");
if (config.debug) { fflush(stdout);
printf("[DEBUG - Tunnel] Received tunnel_close message\n"); }
fflush(stdout); char *id_start = strstr(buffer, "\"request_id\"");
} if (id_start) {
char *id_start = strstr(payload, "\"request_id\""); char *colon = strchr(id_start, ':');
if (id_start) { if (colon) {
char *colon = strchr(id_start, ':'); char *open_quote = strchr(colon, '"');
if (colon) { if (open_quote) {
char *open_quote = strchr(colon, '"'); id_start = open_quote + 1;
if (open_quote) { char *close_quote = strchr(id_start, '"');
id_start = open_quote + 1; if (close_quote) {
char *close_quote = strchr(id_start, '"'); *close_quote = '\0';
if (close_quote) { handle_tunnel_close(current_ssl, id_start, config.debug);
*close_quote = '\0'; }
handle_tunnel_close(current_ssl, id_start, config.debug); }
} }
} }
} else {
if (config.debug) {
printf("[DEBUG - WebSockets] Received unknown message type: %s\n", buffer);
fflush(stdout);
}
} }
} }
} else {
if (config.debug) { // Remove processed frame from buffer
printf("[DEBUG - WebSockets] Received unknown message type: %s\n", payload); int frame_size = (payload - frame_buffer) + payload_len;
fflush(stdout); if (frame_size < frame_buffer_used) {
// Move remaining data to front
memmove(frame_buffer, frame_buffer + frame_size, frame_buffer_used - frame_size);
frame_buffer_used -= frame_size;
} else {
// Entire buffer was consumed
frame_buffer_used = 0;
} }
} else {
// Frame not complete yet, continue reading
continue;
} }
} }
} }
// If we reach here normally (not via goto), handle normal tunnel closure
if (!tunnel_broken) {
if (config.debug) {
printf("[DEBUG - Tunnel] Tunnel loop ended normally, sending tunnel_close notification...\n");
fflush(stdout);
}
// Send tunnel_close notification to server
pthread_mutex_lock(&tunnel_mutex);
if (active_tunnel && active_tunnel->ssl) {
send_tunnel_close(active_tunnel->ssl, active_tunnel->request_id, config.debug);
}
pthread_mutex_unlock(&tunnel_mutex);
} else {
if (config.debug) {
printf("[DEBUG - Tunnel] Tunnel was already broken, skipping duplicate tunnel_close notification\n");
fflush(stdout);
}
}
// Wait for SSH to finish (only if we didn't kill it already)
if (!tunnel_broken) {
if (config.debug) {
printf("[DEBUG - Tunnel] Waiting for SSH process to finish normally\n");
fflush(stdout);
}
int status;
waitpid(pid, &status, 0);
if (config.debug) {
printf("[DEBUG - Tunnel] SSH process finished with status: %d\n", status);
fflush(stdout);
}
// Wait a few seconds before exiting cleanly
if (config.debug) {
printf("[DEBUG - Tunnel] Waiting 3 seconds before exit...\n");
fflush(stdout);
}
sleep(3);
}
cleanup_and_exit: cleanup_and_exit:
// Cleanup section - reached either normally or via goto // Cleanup section - reached either normally or via goto
if (config.debug) { if (config.debug) {
...@@ -970,7 +1070,9 @@ cleanup_and_exit: ...@@ -970,7 +1070,9 @@ cleanup_and_exit:
fflush(stdout); fflush(stdout);
} }
// SSH process is still running, force kill it // SSH process is still running, force kill it
kill(pid, SIGKILL); if (!config.dev_tunnel) {
kill(pid, SIGKILL);
}
// Wait for it to actually terminate // Wait for it to actually terminate
waitpid(pid, &status, 0); waitpid(pid, &status, 0);
} else if (result > 0) { } else if (result > 0) {
......
wssshtools/wssshc.c
View file @ ac456539
...@@ -382,279 +382,244 @@ int connect_to_server(const wssshc_config_t *config) { ...@@ -382,279 +382,244 @@ int connect_to_server(const wssshc_config_t *config) {
// Keep connection alive and handle tunnel requests // Keep connection alive and handle tunnel requests
// active_tunnels = NULL; // Will implement tunnel handling // active_tunnels = NULL; // Will implement tunnel handling
// Frame accumulation buffer for handling partial WebSocket frames
static char frame_buffer[BUFFER_SIZE * 4]; // Quadruple buffer size for accumulation
static int frame_buffer_used = 0;
while (1) { while (1) {
bytes_read = SSL_read(ssl, buffer, sizeof(buffer)); // Always try to read more data if there's space, even if we have a complete frame
if (bytes_read <= 0) { // This ensures we can accumulate data for very large frames
if (bytes_read < 0) { if ((size_t)frame_buffer_used < sizeof(frame_buffer)) {
ERR_print_errors_fp(stderr); // Validate SSL connection state before reading
fprintf(stderr, "SSL read error\n"); if (SSL_get_shutdown(ssl) & SSL_RECEIVED_SHUTDOWN) {
} else {
if (config->debug) { if (config->debug) {
printf("[DEBUG - WebSockets] Connection closed by server\n"); printf("[DEBUG - WebSockets] SSL connection has received shutdown\n");
fflush(stdout); fflush(stdout);
} }
cleanup_tunnel(config->debug);
break;
} }
// Clean up tunnel resources before breaking
cleanup_tunnel(config->debug);
break;
}
if (config->debug) { // Set up timeout for SSL read operation
printf("[DEBUG - WebSockets] Read %d bytes, frame: 0x%02x 0x%02x 0x%02x 0x%02x\n", bytes_read, buffer[0], buffer[1], buffer[2], buffer[3]); fd_set readfds;
fflush(stdout); struct timeval tv;
} int sock_fd = SSL_get_fd(ssl);
FD_ZERO(&readfds);
FD_SET(sock_fd, &readfds);
tv.tv_sec = 5; // 5 second timeout
tv.tv_usec = 0;
int select_result = select(sock_fd + 1, &readfds, NULL, NULL, &tv);
if (select_result == -1) {
if (config->debug) {
perror("[DEBUG - WebSockets] select failed");
fflush(stdout);
}
cleanup_tunnel(config->debug);
break;
} else if (select_result == 0) {
if (config->debug) {
printf("[DEBUG - WebSockets] SSL read timeout\n");
fflush(stdout);
}
continue; // Timeout, try again
}
// Parse WebSocket frame with extended length support bytes_read = SSL_read(ssl, frame_buffer + frame_buffer_used, sizeof(frame_buffer) - frame_buffer_used);
if (bytes_read >= 2 && (buffer[0] & 0x8F) == 0x81) { // Text frame if (bytes_read <= 0) {
int masked = buffer[1] & 0x80; if (bytes_read < 0) {
int len_indicator = buffer[1] & 0x7F; int ssl_error = SSL_get_error(ssl, bytes_read);
int header_len = 2;
size_t payload_len = 0;
if (len_indicator <= 125) {
payload_len = len_indicator;
} else if (len_indicator == 126) {
if (bytes_read < 4) {
if (config->debug) { if (config->debug) {
printf("[DEBUG] Incomplete extended length frame\n"); printf("[DEBUG - WebSockets] SSL read error: %d\n", ssl_error);
fflush(stdout);
} }
continue;
} // Handle transient SSL errors with retry
payload_len = ((unsigned char)buffer[2] << 8) | (unsigned char)buffer[3]; if (ssl_error == SSL_ERROR_WANT_READ || ssl_error == SSL_ERROR_WANT_WRITE) {
header_len = 4; if (config->debug) {
} else if (len_indicator == 127) { printf("[DEBUG - WebSockets] Transient SSL error, retrying...\n");
if (bytes_read < 10) { fflush(stdout);
}
usleep(10000); // Wait 10ms before retry
continue; // Retry the read operation
}
// Print detailed SSL error information for non-transient errors
char error_buf[256];
ERR_error_string_n(ssl_error, error_buf, sizeof(error_buf));
if (config->debug) { if (config->debug) {
printf("[DEBUG] Incomplete extended length frame\n"); printf("[DEBUG - WebSockets] SSL error details: %s\n", error_buf);
fflush(stdout);
}
fprintf(stderr, "SSL read error (%d): %s\n", ssl_error, error_buf);
} else {
if (config->debug) {
printf("[DEBUG - WebSockets] Connection closed by server (EOF)\n");
fflush(stdout);
} }
continue;
}
uint64_t len = 0;
for (int i = 0; i < 8; i++) {
len = (len << 8) | (unsigned char)buffer[2 + i];
} }
payload_len = (int)len; // Clean up tunnel resources before breaking
header_len = 10; cleanup_tunnel(config->debug);
break;
} }
if (masked) { frame_buffer_used += bytes_read;
header_len += 4;
if (config->debug) {
printf("[DEBUG - WebSockets] Accumulated %d bytes, frame: 0x%02x 0x%02x 0x%02x 0x%02x\n", frame_buffer_used, frame_buffer[0], frame_buffer[1], frame_buffer[2], frame_buffer[3]);
fflush(stdout);
} }
}
// Try to parse WebSocket frame from accumulated buffer
char *payload;
int payload_len;
if (parse_websocket_frame(frame_buffer, frame_buffer_used, &payload, &payload_len)) {
// Frame is complete, determine frame type
unsigned char frame_type = frame_buffer[0] & 0x8F;
if (payload_len <= sizeof(buffer) - header_len && (size_t)bytes_read >= (size_t)header_len + payload_len) { if (frame_type == 0x88) { // Close frame
char *payload = buffer + header_len; if (config->debug) {
if (masked) { printf("[DEBUG - WebSockets] Received close frame - cleaning up and reconnecting...\n");
char *mask_key = buffer + header_len - 4; fflush(stdout);
for (size_t i = 0; i < payload_len; i++) { }
payload[i] ^= mask_key[i % 4]; // Clean up tunnel resources before reconnecting
cleanup_tunnel(config->debug);
return 0;
} else if (frame_type == 0x89) { // Ping frame
if (config->debug) {
printf("[DEBUG - WebSockets] Received ping frame\n");
fflush(stdout);
}
// Send pong with same payload
if (!send_pong_frame(ssl, payload, payload_len)) {
if (config->debug) {
printf("[DEBUG - WebSockets] Failed to send pong frame\n");
fflush(stdout);
}
}
} else if (frame_type == 0x8A) { // Pong frame
if (config->debug) {
printf("[DEBUG - WebSockets] Received pong frame\n");
fflush(stdout);
}
// Just acknowledge, no response needed
} else if (frame_type == 0x81 || frame_type == 0x82) { // Text or binary frame
if (config->debug) {
printf("[DEBUG - WebSockets] Received message: %.*s\n", payload_len, payload);
fflush(stdout);
} }
}
memmove(buffer, payload, payload_len);
buffer[payload_len] = '\0';
// Handle message // Copy payload to buffer for processing (null-terminate for string operations)
if (config->debug) { if ((size_t)payload_len < sizeof(buffer)) {
printf("[DEBUG - WebSockets] Received message: %s\n", buffer); memcpy(buffer, payload, payload_len);
fflush(stdout); buffer[payload_len] = '\0';
} } else {
fprintf(stderr, "Payload too large for processing buffer\n");
// Skip this frame
frame_buffer_used = 0;
continue;
}
// Parse JSON message // Handle message
if (strstr(buffer, "tunnel_request")) { if (config->debug) {
// Extract request_id printf("[DEBUG - WebSockets] Processing message: %s\n", buffer);
char *id_start = strstr(buffer, "\"request_id\""); fflush(stdout);
if (id_start) { }
char *colon = strchr(id_start, ':');
if (colon) { // Parse JSON message
char *open_quote = strchr(colon, '"'); if (strstr(buffer, "tunnel_request")) {
if (open_quote) { // Extract request_id
id_start = open_quote + 1; char *id_start = strstr(buffer, "\"request_id\"");
char *close_quote = strchr(id_start, '"'); if (id_start) {
if (close_quote) { char *colon = strchr(id_start, ':');
*close_quote = '\0'; if (colon) {
if (config->debug) { char *open_quote = strchr(colon, '"');
printf("[DEBUG - WebSockets] Received tunnel_request for ID: %s\n", id_start); if (open_quote) {
fflush(stdout); id_start = open_quote + 1;
char *close_quote = strchr(id_start, '"');
if (close_quote) {
*close_quote = '\0';
if (config->debug) {
printf("[DEBUG - WebSockets] Received tunnel_request for ID: %s\n", id_start);
fflush(stdout);
}
handle_tunnel_request(ssl, id_start, config->debug, config->ssh_host, config->ssh_port);
} }
handle_tunnel_request(ssl, id_start, config->debug, config->ssh_host, config->ssh_port);
} }
} }
} }
} } else if (strstr(buffer, "tunnel_data")) {
} else if (strstr(buffer, "tunnel_data")) { if (config->debug) {
if (config->debug) { printf("[DEBUG - WebSockets] Received tunnel_data message\n");
printf("[DEBUG - WebSockets] Received tunnel_data message\n"); fflush(stdout);
fflush(stdout); }
} // Extract request_id and data
// Extract request_id and data char *id_start = strstr(buffer, "\"request_id\"");
char *id_start = strstr(buffer, "\"request_id\""); char *data_start = strstr(buffer, "\"data\"");
char *data_start = strstr(buffer, "\"data\""); if (id_start && data_start) {
if (id_start && data_start) { char *colon = strchr(id_start, ':');
char *colon = strchr(id_start, ':'); if (colon) {
if (colon) { char *open_quote = strchr(colon, '"');
char *open_quote = strchr(colon, '"'); if (open_quote) {
if (open_quote) { id_start = open_quote + 1;
id_start = open_quote + 1; char *close_quote = strchr(id_start, '"');
char *close_quote = strchr(id_start, '"'); if (close_quote) {
if (close_quote) { *close_quote = '\0';
*close_quote = '\0'; char *data_colon = strchr(data_start, ':');
char *data_colon = strchr(data_start, ':'); if (data_colon) {
if (data_colon) { char *data_quote = strchr(data_colon, '"');
char *data_quote = strchr(data_colon, '"'); if (data_quote) {
if (data_quote) { data_start = data_quote + 1;
data_start = data_quote + 1; char *data_end = strchr(data_start, '"');
char *data_end = strchr(data_start, '"'); if (data_end) {
if (data_end) { *data_end = '\0';
*data_end = '\0'; handle_tunnel_data(ssl, id_start, data_start, config->debug);
handle_tunnel_data(ssl, id_start, data_start, config->debug); }
} }
} }
} }
} }
} }
} }
} } else if (strstr(buffer, "tunnel_close")) {
} else if (strstr(buffer, "tunnel_close")) { char *id_start = strstr(buffer, "\"request_id\"");
char *id_start = strstr(buffer, "\"request_id\""); if (id_start) {
if (id_start) { char *colon = strchr(id_start, ':');
char *colon = strchr(id_start, ':'); if (colon) {
if (colon) { char *open_quote = strchr(colon, '"');
char *open_quote = strchr(colon, '"'); if (open_quote) {
if (open_quote) { id_start = open_quote + 1;
id_start = open_quote + 1; char *close_quote = strchr(id_start, '"');
char *close_quote = strchr(id_start, '"'); if (close_quote) {
if (close_quote) { *close_quote = '\0';
*close_quote = '\0'; if (config->debug) {
if (config->debug) { printf("[DEBUG - WebSockets] Received tunnel_close for ID: %s\n", id_start);
printf("[DEBUG - WebSockets] Received tunnel_close for ID: %s\n", id_start); fflush(stdout);
fflush(stdout); }
handle_tunnel_close(ssl, id_start, config->debug);
} }
handle_tunnel_close(ssl, id_start, config->debug);
} }
} }
} }
} }
} }
} else {
fprintf(stderr, "WebSocket frame payload too large or incomplete: payload_len=%zu, buffer_size=%zu, bytes_read=%d\n",
payload_len, sizeof(buffer) - header_len, bytes_read);
break;
}
} else if (bytes_read >= 2 && (buffer[0] & 0x8F) == 0x88) { // Close frame
if (config->debug) {
printf("[DEBUG - WebSockets] Received close frame - cleaning up and reconnecting...\n");
fflush(stdout);
}
// Clean up tunnel resources before reconnecting
cleanup_tunnel(config->debug);
return 0;
} else if (bytes_read >= 2 && (buffer[0] & 0x8F) == 0x89) { // Ping frame
if (config->debug) {
printf("[DEBUG - WebSockets] Received ping frame\n");
fflush(stdout);
}
// Parse ping frame and send pong with echoed payload
int masked = buffer[1] & 0x80;
int len_indicator = buffer[1] & 0x7F;
int header_len = 2;
size_t payload_len;
if (len_indicator <= 125) {
payload_len = len_indicator;
} else if (len_indicator == 126) {
if (bytes_read < 4) {
if (config->debug) {
printf("[DEBUG] Incomplete ping extended length frame\n");
}
continue;
}
payload_len = ((unsigned char)buffer[2] << 8) | (unsigned char)buffer[3];
header_len = 4;
} else if (len_indicator == 127) {
if (bytes_read < 10) {
if (config->debug) {
printf("[DEBUG] Incomplete ping extended length frame\n");
}
continue;
}
uint64_t len = 0;
for (int i = 0; i < 8; i++) {
len = (len << 8) | (unsigned char)buffer[2 + i];
}
if (len > SIZE_MAX) {
fprintf(stderr, "Ping payload too large\n");
continue;
}
payload_len = (size_t)len;
header_len = 10;
}
if (masked) {
header_len += 4;
}
if (payload_len <= 1024 && (size_t)bytes_read >= (size_t)header_len + payload_len) {
char *payload = buffer + header_len;
if (masked) {
char *mask_key = buffer + header_len - 4;
for (size_t i = 0; i < payload_len; i++) {
payload[i] ^= mask_key[i % 4];
}
}
// Send pong frame with same payload, properly masked // Remove processed frame from buffer
char pong_frame[14 + 1024]; // Max header + max pong payload int frame_size = (payload - frame_buffer) + payload_len;
if (payload_len > 1024) { if (frame_size < frame_buffer_used) {
fprintf(stderr, "Pong payload too large: %zu bytes\n", payload_len); // Move remaining data to front
continue; memmove(frame_buffer, frame_buffer + frame_size, frame_buffer_used - frame_size);
} frame_buffer_used -= frame_size;
pong_frame[0] = 0x8A; // Pong opcode
int pong_header_len = 2;
char pong_mask_key[4];
size_t pong_payload_len = payload_len;
if (pong_payload_len <= 125) {
pong_frame[1] = 0x80 | (int)pong_payload_len; // MASK + length
} else if (pong_payload_len <= 65535) {
pong_frame[1] = 0x80 | 126; // MASK + extended length
pong_frame[2] = (pong_payload_len >> 8) & 0xFF;
pong_frame[3] = pong_payload_len & 0xFF;
pong_header_len = 4;
} else { } else {
pong_frame[1] = 0x80 | 127; // MASK + extended length // Entire buffer was consumed
pong_frame[2] = 0; frame_buffer_used = 0;
pong_frame[3] = 0;
pong_frame[4] = 0;
pong_frame[5] = 0;
pong_frame[6] = (pong_payload_len >> 24) & 0xFF;
pong_frame[7] = (pong_payload_len >> 16) & 0xFF;
pong_frame[8] = (pong_payload_len >> 8) & 0xFF;
pong_frame[9] = pong_payload_len & 0xFF;
pong_header_len = 10;
}
// Add mask key
for (int i = 0; i < 4; i++) {
pong_mask_key[i] = rand() % 256;
pong_frame[pong_header_len + i] = pong_mask_key[i];
}
pong_header_len += 4;
// Mask payload
for (size_t i = 0; i < pong_payload_len; i++) {
pong_frame[pong_header_len + i] = payload[i] ^ pong_mask_key[i % 4];
}
int pong_frame_len = pong_header_len + (int)pong_payload_len;
if (config->debug) {
printf("[DEBUG - WebSockets] Sending pong frame, len: %d\n", pong_frame_len);
fflush(stdout);
}
if (SSL_write(ssl, pong_frame, pong_frame_len) <= 0) {
fprintf(stderr, "[ERROR] [WebSocket] Send pong failed\n");
} }
} else {
// Frame not complete yet, continue reading
continue;
} }
}
} }
// Cleanup // Cleanup
......
wssshtools/wssshlib.h
View file @ ac456539
...@@ -45,6 +45,7 @@ typedef struct { ...@@ -45,6 +45,7 @@ typedef struct {
int wssshd_port; // wssshd server port int wssshd_port; // wssshd server port
int debug; int debug;
int interval; // Reconnection interval in seconds int interval; // Reconnection interval in seconds
int dev_tunnel; // Development mode - don't launch SSH, just setup tunnel
} wsssh_config_t; } wsssh_config_t;
typedef struct { typedef struct {
...@@ -52,6 +53,7 @@ typedef struct { ...@@ -52,6 +53,7 @@ typedef struct {
int wssshd_port; // wssshd server port int wssshd_port; // wssshd server port
int debug; int debug;
int interval; // Connection retry interval in seconds int interval; // Connection retry interval in seconds
int dev_tunnel; // Development mode - don't launch SCP, just setup tunnel
} wsscp_config_t; } wsscp_config_t;
// Thread arguments // Thread arguments
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment