Skip to content

Immediate crash and no connection on server with 10.0.0  #53

@simpz

Description

@simpz

I have just tried the new version on wstunnel and it crashes straight way on the server when a 10.0.0 client crashes it on connection.

My server command launch is

./wstunnel server --tls-certificate ./certs/wstunnel-server.cert.pem \
   --tls-private-key ./private/wstunnel-server.pem \
   --tls-client-ca-certs ./certs/ca.cert.pem \
   --restrict-to '[::1]:51820' \
   --log-lvl=TRACE \
   wss://[::]:8443

The output is (with a number of lines encryption lines removed) :

./wstunnel_start 
2024-08-16T13:02:47.356413Z  INFO wstunnel::protocols::tls::server: Loading tls certificate from "./certs/wstunnel-server.cert.pem"
2024-08-16T13:02:47.356496Z  INFO wstunnel::protocols::tls::server: Loading tls private key from "./private/wstunnel-server.pem"
2024-08-16T13:02:47.356526Z  INFO wstunnel::protocols::tls::server: Loading tls certificate from "./certs/ca.cert.pem"
2024-08-16T13:02:47.356751Z TRACE hickory_resolver::async_resolver: handle passed back
2024-08-16T13:02:47.356762Z  INFO wstunnel: Starting wstunnel server v10.0.0 with config WsServerConfig { socket_so_mark: None, bind: [::]:8443, websocket_ping_frequency: None, timeout_connect: 10s, websocket_mask_frame: false, restriction_config: None, tls: true, mTLS: true }
2024-08-16T13:02:47.356784Z DEBUG wstunnel: Restriction rules: RestrictionsRules {
    restrictions: [
        RestrictionConfig {
            name: "Allow All",
            match: [
                Any,
            ],
            allow: [
                Tunnel(
                    AllowTunnelConfig {
                        protocol: [],
                        port: [
                            51820..=51820,
                        ],
                        host: Regex(
                            "^::1$",
                        ),
                        cidr: [
                            0.0.0.0/0,
                            ::/0,
                        ],
                    },
                ),
                ReverseTunnel(
                    AllowReverseTunnelConfig {
                        protocol: [],
                        port: [
                            51820..=51820,
                        ],
                        port_mapping: {},
                        cidr: [
                            ::1/128,
                        ],
                    },
                ),
            ],
        },
    ],
}    
2024-08-16T13:02:47.356851Z  INFO wstunnel::tunnel::server::server: Starting wstunnel server listening on [::]:8443
2024-08-16T13:02:47.357051Z TRACE mio::poll: registering event source with poller: token=Token(0), interests=READABLE    
2024-08-16T13:02:47.357093Z  INFO wstunnel::tunnel::tls_reloader: Starting to watch tls certificates and private key for changes to reload them
2024-08-16T13:02:47.357104Z TRACE mio::poll: registering event source with poller: token=Token(0), interests=READABLE    
2024-08-16T13:02:47.357164Z TRACE notify::inotify: adding inotify watch: /etc/config/wstunnel/./certs/wstunnel-server.cert.pem    
2024-08-16T13:02:47.357284Z TRACE notify::inotify: adding inotify watch: /etc/config/wstunnel/./private/wstunnel-server.pem    
2024-08-16T13:02:47.357332Z TRACE notify::inotify: adding inotify watch: /etc/config/wstunnel/./certs/ca.cert.pem    
2024-08-16T13:03:11.977741Z  INFO wstunnel::tunnel::server::server: Accepting connection
2024-08-16T13:03:11.977826Z  INFO tunnel{peer="[::ffff:193.34.36.243]:41920"}: wstunnel::tunnel::server::server: Doing TLS handshake
2024-08-16T13:03:11.978525Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::hs: we got a clienthello ClientHelloPayload { client_version: TLSv1_2, random: e9c6b4be6b329ae1917f906ed2c4230233a4b65c27528cf88ce78fcfedaa4a0c, session_id: ef41c65d4655656cf03f02c806a3ea01660fbbf2c9674bcda17cc1a70b607ce1, cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV], compression_methods: [Null], extensions: [KeyShare([KeyShareEntry { group: X25519, payload: b79a692ba8477c4a7c8d526ecd7ca2a5a0f8f9e21e2d567761a7422a67fcb52b }]), PresharedKeyModes([PSK_DHE_KE]), SessionTicket(Request), SupportedVersions([TLSv1_3, TLSv1_2]), NamedGroups([X25519, secp256r1, secp384r1]), ExtendedMasterSecretRequest, EcPointFormats([Uncompressed]), Protocols([ProtocolName(687474702f312e31)]), CertificateStatusRequest(Ocsp(OcspCertificateStatusRequest { responder_ids: [], extensions:  })), SignatureAlgorithms([RSA_PKCS1_SHA1, ECDSA_SHA1_Legacy, RSA_PKCS1_SHA256, ECDSA_NISTP256_SHA256, RSA_PKCS1_SHA384, ECDSA_NISTP384_SHA384, RSA_PKCS1_SHA512, ECDSA_NISTP521_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, ED25519, ED448])] }    
2024-08-16T13:03:11.978591Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::server_conn: sni None    
2024-08-16T13:03:11.978605Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::server_conn: sig schemes [RSA_PKCS1_SHA1, ECDSA_SHA1_Legacy, RSA_PKCS1_SHA256, ECDSA_NISTP256_SHA256, RSA_PKCS1_SHA384, ECDSA_NISTP384_SHA384, RSA_PKCS1_SHA512, ECDSA_NISTP521_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, ED25519, ED448]    
2024-08-16T13:03:11.978613Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::server_conn: alpn protocols Some([ProtocolName(687474702f312e31)])    
2024-08-16T13:03:11.978621Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::server_conn: cipher suites [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]    
2024-08-16T13:03:11.978633Z DEBUG tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::hs: decided upon suite TLS13_AES_256_GCM_SHA384    
2024-08-16T13:03:11.979132Z DEBUG tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::hs: Chosen ALPN protocol [104, 116, 116, 112, 47, 49, 46, 49]    
2024-08-16T13:03:11.979142Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::tls13::client_hello: sending encrypted extensions Message { version: TLSv1_3, payload: Handshake { parsed: HandshakeMessagePayload { typ: EncryptedExtensions, payload: EncryptedExtensions([Protocols([ProtocolName(687474702f312e31)])]) }, encoded: 08000011000f0010000b000908687474702f312e31 } }    
2024-08-16T13:03:12.005386Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::conn: Dropping CCS    
2024-08-16T13:03:12.006282Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::tls13: client CertificateVerify OK    
2024-08-16T13:03:12.006597Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::tls13: sending new ticket Message { version: TLSv1_3, payload: Handshake { parsed: HandshakeMessagePayload { typ: NewSessionTicket, payload: NewSessionTicketTls13(NewSessionTicketPayloadTls13 { lifetime: 86400, age_add: 3838686406, nonce: 2b89529cad2aac5bee41466d50e96b4349159667d8ce6a1212da9d64bda3dfdf, ticket: a935a20b2d5a2821af1fa6dcbf4dd4493c97f55df17599f29ed5a6c1f1b8dfc2, exts: [] }) }, encoded: 0400004d00015180e4cdb4c6202b89529cad2aac5bee41466d50e96b4349159667d8ce6a1212da9d64bda3dfdf0020a935a20b2d5a2821af1fa6dcbf4dd4493c97f55df17599f29ed5a6c1f1b8dfc20000 } } (stateless: false)    
thread 'tokio-runtime-worker' panicked at /cargo/registry/src/index.crates.io-6f17d22bba15001f/hyper-1.4.1/src/common/time.rs:73:32:
timeout `header_read_timeout` set, but no timer set
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Aborted

The daemon is dead after this.
The client reports nothing except cannot connect to tcp endpoint (no surprise).

This was your linux arm64 binary running on a Raspberry Pi 5 with OpenWRT, the client is an android arm64 binary.
This was a working 9.7.2 setup and just swapped the executables to a 10.0.0 version.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions