Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No timeout for websocket handshake #406

Closed
zonescape opened this issue Feb 5, 2025 · 4 comments
Closed

No timeout for websocket handshake #406

zonescape opened this issue Feb 5, 2025 · 4 comments
Labels
bug

Comments

@zonescape
Copy link

Describe the bug

wstunnel waits forever for a websocket handshake

Steps to reproduce:

terminal 1

$ nc -lp 8080
GET /v1/events HTTP/1.1
host: 127.0.0.1:8080
upgrade: websocket
connection: upgrade
sec-websocket-key: JQ4/uiRmssTgCLlWDzSP5w==
sec-websocket-version: 13
sec-websocket-protocol: v1, authorization.bearer.eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IjAxOTRkMGI4LTJhZDUtNzBmMC1hNjk1LWRjNzhjNzhjYzM5ZSIsInAiOnsiVGNwIjp7InByb3h5X3Byb3RvY29sIjpmYWxzZX19LCJyIjoibXlpcC5lbml4Lm9yZyIsInJwIjo4MH0.dIK_41LYNb9pmlDy7aE1bEHsmqYxebPYxxSGm3H3KYo

terminal 2

$ ./wstunnel client -L socks5://127.0.0.1:1984 ws://127.0.0.1:8080
2025-02-04T11:28:29.512515Z  INFO wstunnel: Starting wstunnel client v10.1.8
2025-02-04T11:28:29.512550Z  INFO wstunnel::protocols::socks5::tcp_server: Starting SOCKS5 server listening cnx on 127.0.0.1:1984 with credentials None
2025-02-04T11:28:38.101286Z  INFO wstunnel::protocols::tcp::server: Opening TCP connection to 127.0.0.1:8080

terminal 3

$ curl -x socks5h://127.0.0.1:1984 http://myip.enix.org/REMOTE_ADDR

Expected behavior

wstunnel must close the connection after a while

Desktop

OS: Ubuntu 22.04
@zonescape zonescape added the bug label Feb 5, 2025
@erebe
Copy link
Owner

erebe commented Feb 5, 2025

Hello,
This is kind of a feature in the case of reverse tunnel. The handshake only terminates when a new client arrives on the remote server, otherwise the connection stays open and wait.

If the TCP connection breaks the tunnel breaks too.

@zonescape
Copy link
Author

This is kind of a feature in the case of reverse tunnel

I used direct tunnel in the example

If the TCP connection breaks the tunnel breaks too.

The problem is connection leakage. Currently, for robust operation, client of wstunnel client must also act as a supervisor process that restarts wstunnel in case of connection timeout. It's not very convenient.

@erebe
Copy link
Owner

erebe commented Feb 6, 2025

It does, at the TCP level. Each TCP connection has a keep-alive set, so if the underlaying connection break or is not working anymore, wstunnel recycle them.

In your case, the HTTP connection is not making any progress/there is no response, but the TCP connection is still alive. If you drop packet/or close your TCP connection, the keep-alive will kick-in and the connection is going to be recycled.

It is possible to add a hard timeout for the HTTP handshake to happen, but this one will need to be high in order to not break reverse tunnel

@zonescape
Copy link
Author

It does, at the TCP level

OK. I got it. It's quite unusual though. The issue can be closed.

(For those who came here from a search)
According to my measurements wstunnel closes blocked TCP connection after 90 seconds.

@erebe erebe closed this as completed Feb 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@erebe @zonescape