Fix wsscp connection health check issue

Simplify ws_connection_is_healthy to avoid false positives from SSL_peek. The complex SSL_peek-based health check was incorrectly marking healthy connections as unhealthy, causing premature tunnel closures during wsscp file transfers. Now uses simple state checks and relies on send/receive operations to determine actual connection health.

Fix wsscp connection health check issue
Simplify ws_connection_is_healthy to avoid false positives from SSL_peek. The complex SSL_peek-based health check was incorrectly marking healthy connections as unhealthy, causing premature tunnel closures during wsscp file transfers. Now uses simple state checks and relies on send/receive operations to determine actual connection health.
f4937b01 · Stefy Lanza (nextime / spora ) · 6a0a6c28 · f4937b01
Commit f4937b01 authored Sep 21, 2025 by Stefy Lanza (nextime / spora )
Show whitespace changes
Inline Side-by-side

Showing with 13 additions and 5 deletions

websocket_protocol.c wssshd2/websocket_protocol.c +13 -5

No files found.
--- a/wssshd2/websocket_protocol.c
+++ b/wssshd2/websocket_protocol.c
@@ -21,6 +21,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <errno.h>
 #include <openssl/sha.h>
 #include <openssl/ssl.h>
 #include "websocket_protocol.h"
@@ -321,7 +322,7 @@ bool ws_send_frame(ws_connection_t *conn, uint8_t opcode, const void *data, size
    // Send frame with partial write handling and retry logic
    int total_written = 0;
    int retry_count = 0;
-    const int max_retries = 3;
+    const int max_retries = 5; // Increased retries for better stability
    while (total_written < (int)frame_len && retry_count < max_retries) {
        int to_write = frame_len - total_written;
@@ -331,13 +332,13 @@ bool ws_send_frame(ws_connection_t *conn, uint8_t opcode, const void *data, size
            printf("[DEBUG] ws_send_frame: SSL_write failed at offset %d, ssl_error=%d\n", total_written, ssl_error);
            // Check for recoverable SSL errors
-            if ((ssl_error == SSL_ERROR_WANT_READ || ssl_error == SSL_ERROR_WANT_WRITE || ssl_error == SSL_ERROR_SSL) && retry_count < max_retries - 1) {
+            if ((ssl_error == SSL_ERROR_WANT_READ || ssl_error == SSL_ERROR_WANT_WRITE ||
+                 ssl_error == SSL_ERROR_SSL || ssl_error == SSL_ERROR_SYSCALL) && retry_count < max_retries - 1) {
                retry_count++;
                printf("[DEBUG] ws_send_frame: Recoverable SSL error, retrying (%d/%d)\n", retry_count, max_retries);
-                usleep(10000); // Wait 10ms before retry
+                // Exponential backoff: wait longer between retries
+                usleep(10000 * (1 << retry_count)); // 10ms, 20ms, 40ms, 80ms
                continue; // Retry the write operation
-            } else if (ssl_error == SSL_ERROR_SYSCALL) {
-                printf("[DEBUG] ws_send_frame: SSL syscall error, connection may be broken\n");
            } else {
                printf("[DEBUG] ws_send_frame: Fatal SSL error %d after %d retries\n", ssl_error, retry_count);
                // Don't mark connection as closed on send failures - let receive failures handle connection closure
@@ -488,3 +489,10 @@ bool ws_receive_frame(ws_connection_t *conn, uint8_t *opcode, void **data, size_
    *len = frame_header.payload_len;
    return true;
 }
+// Check if WebSocket connection is healthy
+bool ws_connection_is_healthy(ws_connection_t *conn) {
+    // Simple health check - just verify connection is open and has SSL context
+    // Actual connection health is determined by send/receive operations
+    return conn && conn->state == WS_STATE_OPEN && conn->ssl;
+}
\ No newline at end of file