Immediate crash and no connection on server with 10.0.0 #336

simpz · 2024-08-16T23:18:04Z

A clear have just tried the new version on wstunnel and it crashes straight way on the server when a 10.0.0 client crashes it on connection.

My server command launch is

./ server --tls-certificate ./certs/wstunnel-server.cert.pem \
   --tls-private-key ./private/wstunnel-server.pem \
   --tls-client-ca-certs ./certs/ca.cert.pem \
   --restrict-to '[::1]:51820' \
   --log-lvl=TRACE \
   wss://[::]:8443

The output is (with a number of lines encryption lines removed) :


./wstunnel_start 
2024-08-16T13:02:47.356413Z  INFO wstunnel::protocols::tls::server: Loading tls certificate from "./certs/wstunnel-server.cert.pem"
2024-08-16T13:02:47.356496Z  INFO wstunnel::protocols::tls::server: Loading tls private key from "./private/wstunnel-server.pem"
2024-08-16T13:02:47.356526Z  INFO wstunnel::protocols::tls::server: Loading tls certificate from "./certs/ca.cert.pem"
2024-08-16T13:02:47.356751Z TRACE hickory_resolver::async_resolver: handle passed back
2024-08-16T13:02:47.356762Z  INFO wstunnel: Starting wstunnel server v10.0.0 with config WsServerConfig { socket_so_mark: None, bind: [::]:8443, websocket_ping_frequency: None, timeout_connect: 10s, websocket_mask_frame: false, restriction_config: None, tls: true, mTLS: true }
2024-08-16T13:02:47.356784Z DEBUG wstunnel: Restriction rules: RestrictionsRules {
    restrictions: [
        RestrictionConfig {
            name: "Allow All",
            match: [
                Any,
            ],
            allow: [
                Tunnel(
                    AllowTunnelConfig {
                        protocol: [],
                        port: [
                            51820..=51820,
                        ],
                        host: Regex(
                            "^::1$",
                        ),
                        cidr: [
                            0.0.0.0/0,
                            ::/0,
                        ],
                    },
                ),
                ReverseTunnel(
                    AllowReverseTunnelConfig {
                        protocol: [],
                        port: [
                            51820..=51820,
                        ],
                        port_mapping: {},
                        cidr: [
                            ::1/128,
                        ],
                    },
                ),
            ],
        },
    ],
}    
2024-08-16T13:02:47.356851Z  INFO wstunnel::tunnel::server::server: Starting wstunnel server listening on [::]:8443
2024-08-16T13:02:47.357051Z TRACE mio::poll: registering event source with poller: token=Token(0), interests=READABLE    
2024-08-16T13:02:47.357093Z  INFO wstunnel::tunnel::tls_reloader: Starting to watch tls certificates and private key for changes to reload them
2024-08-16T13:02:47.357104Z TRACE mio::poll: registering event source with poller: token=Token(0), interests=READABLE    
2024-08-16T13:02:47.357164Z TRACE notify::inotify: adding inotify watch: /etc/config/wstunnel/./certs/wstunnel-server.cert.pem    
2024-08-16T13:02:47.357284Z TRACE notify::inotify: adding inotify watch: /etc/config/wstunnel/./private/wstunnel-server.pem    
2024-08-16T13:02:47.357332Z TRACE notify::inotify: adding inotify watch: /etc/config/wstunnel/./certs/ca.cert.pem    
2024-08-16T13:03:11.977741Z  INFO wstunnel::tunnel::server::server: Accepting connection
2024-08-16T13:03:11.977826Z  INFO tunnel{peer="[::ffff:193.34.36.243]:41920"}: wstunnel::tunnel::server::server: Doing TLS handshake
2024-08-16T13:03:11.978525Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::hs: we got a clienthello ClientHelloPayload { client_version: TLSv1_2, random: e9c6b4be6b329ae1917f906ed2c4230233a4b65c27528cf88ce78fcfedaa4a0c, session_id: ef41c65d4655656cf03f02c806a3ea01660fbbf2c9674bcda17cc1a70b607ce1, cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV], compression_methods: [Null], extensions: [KeyShare([KeyShareEntry { group: X25519, payload: b79a692ba8477c4a7c8d526ecd7ca2a5a0f8f9e21e2d567761a7422a67fcb52b }]), PresharedKeyModes([PSK_DHE_KE]), SessionTicket(Request), SupportedVersions([TLSv1_3, TLSv1_2]), NamedGroups([X25519, secp256r1, secp384r1]), ExtendedMasterSecretRequest, EcPointFormats([Uncompressed]), Protocols([ProtocolName(687474702f312e31)]), CertificateStatusRequest(Ocsp(OcspCertificateStatusRequest { responder_ids: [], extensions:  })), SignatureAlgorithms([RSA_PKCS1_SHA1, ECDSA_SHA1_Legacy, RSA_PKCS1_SHA256, ECDSA_NISTP256_SHA256, RSA_PKCS1_SHA384, ECDSA_NISTP384_SHA384, RSA_PKCS1_SHA512, ECDSA_NISTP521_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, ED25519, ED448])] }    
2024-08-16T13:03:11.978591Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::server_conn: sni None    
2024-08-16T13:03:11.978605Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::server_conn: sig schemes [RSA_PKCS1_SHA1, ECDSA_SHA1_Legacy, RSA_PKCS1_SHA256, ECDSA_NISTP256_SHA256, RSA_PKCS1_SHA384, ECDSA_NISTP384_SHA384, RSA_PKCS1_SHA512, ECDSA_NISTP521_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, ED25519, ED448]    
2024-08-16T13:03:11.978613Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::server_conn: alpn protocols Some([ProtocolName(687474702f312e31)])    
2024-08-16T13:03:11.978621Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::server_conn: cipher suites [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]    
2024-08-16T13:03:11.978633Z DEBUG tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::hs: decided upon suite TLS13_AES_256_GCM_SHA384    
2024-08-16T13:03:11.979132Z DEBUG tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::hs: Chosen ALPN protocol [104, 116, 116, 112, 47, 49, 46, 49]    
2024-08-16T13:03:11.979142Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::tls13::client_hello: sending encrypted extensions Message { version: TLSv1_3, payload: Handshake { parsed: HandshakeMessagePayload { typ: EncryptedExtensions, payload: EncryptedExtensions([Protocols([ProtocolName(687474702f312e31)])]) }, encoded: 08000011000f0010000b000908687474702f312e31 } }    
2024-08-16T13:03:12.005386Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::conn: Dropping CCS    
2024-08-16T13:03:12.006282Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::tls13: client CertificateVerify OK    
2024-08-16T13:03:12.006597Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::tls13: sending new ticket Message { version: TLSv1_3, payload: Handshake { parsed: HandshakeMessagePayload { typ: NewSessionTicket, payload: NewSessionTicketTls13(NewSessionTicketPayloadTls13 { lifetime: 86400, age_add: 3838686406, nonce: 2b89529cad2aac5bee41466d50e96b4349159667d8ce6a1212da9d64bda3dfdf, ticket: a935a20b2d5a2821af1fa6dcbf4dd4493c97f55df17599f29ed5a6c1f1b8dfc2, exts: [] }) }, encoded: 0400004d00015180e4cdb4c6202b89529cad2aac5bee41466d50e96b4349159667d8ce6a1212da9d64bda3dfdf0020a935a20b2d5a2821af1fa6dcbf4dd4493c97f55df17599f29ed5a6c1f1b8dfc20000 } } (stateless: false)    
thread 'tokio-runtime-worker' panicked at /cargo/registry/src/index.crates.io-6f17d22bba15001f/hyper-1.4.1/src/common/time.rs:73:32:
timeout `header_read_timeout` set, but no timer set
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Aborted

The daemon is dead after this.
The client reports nothing except cannot connect to tcp endpoint (no surprise).

This was your linux arm64 binary running on a Raspberry Pi 5 with OpenWRT, the client is an android arm64 binary.
This was a working 9.7.2 setup and just swapped the executables to a 10.0.0 version. concise description of what the bug is.

The text was updated successfully, but these errors were encountered:

github-actions · 2024-08-16T23:18:15Z

Hello @simpz 👋

This issue is being automatically closed because it does not follow the issue template.

erebe · 2024-08-17T07:39:15Z

Hello,

It is fixed in v10.0.1, sorry about that.

simpz · 2024-08-17T11:45:13Z

Yup confirmed working fine on 10.0.1

simpz added the bug label Aug 16, 2024

github-actions bot closed this as completed Aug 16, 2024

simpz changed the title ~~Short description of the issue~~ Immediate crash and no connection on server with 10.0.0 Aug 16, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Immediate crash and no connection on server with 10.0.0 #336

Immediate crash and no connection on server with 10.0.0 #336

simpz commented Aug 16, 2024

github-actions bot commented Aug 16, 2024

erebe commented Aug 17, 2024

simpz commented Aug 17, 2024

Immediate crash and no connection on server with 10.0.0 #336

Immediate crash and no connection on server with 10.0.0 #336

Comments

simpz commented Aug 16, 2024

github-actions bot commented Aug 16, 2024

erebe commented Aug 17, 2024

simpz commented Aug 17, 2024