Skip to content

Commit

Permalink
everything is okay but http2 :(
Browse files Browse the repository at this point in the history
  • Loading branch information
@radkesvat
radkesvat committed Apr 2, 2024
1 parent 9cb3288 commit e2062e8
Show file tree
Hide file tree
Showing 4 changed files with 69 additions and 14 deletions.
4 changes: 2 additions & 2 deletions tunnels/client/http2/helpers.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
#include "types.h"

#define MAX_CONCURRENT_STREAMS 0xffffffffu
#define MAX_CHILD_PER_STREAM 400
#define MAX_CHILD_PER_STREAM 1000

#define STATE(x) ((http2_client_state_t *)((x)->state))
#define CSTATE(x) ((void *)((((x)->line->chains_state)[self->chain_index])))
Expand Down Expand Up @@ -186,7 +186,7 @@ static void delete_http2_connection(http2_client_con_state_t *con)
static http2_client_con_state_t *take_http2_connection(tunnel_t *self, int tid, hio_t *io)
{
http2_client_state_t *state = STATE(self);
return create_http2_connection(self, tid, io);
// return create_http2_connection(self, tid, io);
vec_cons *vector = &(state->thread_cpool[tid].cons);

if (vec_cons_size(vector) > 0)
Expand Down
36 changes: 28 additions & 8 deletions tunnels/client/openssl/openssl_client.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -309,11 +309,27 @@ static inline void downStream(tunnel_t *self, context_t *c)
goto failed;
}

/* Did SSL request to write bytes? */
shift_buffer_t *buf = popBuffer(buffer_pools[c->line->tid]);
size_t avail = rCap(buf);
n = BIO_read(cstate->wbio, rawBuf(buf), avail);
if (n > 0)
{
setLen(buf, n);
context_t *data_ctx = newContext(c->line);
data_ctx->payload = buf;
self->up->upStream(self->up, data_ctx);
}
else
{
reuseBuffer(buffer_pools[c->line->tid], buf);
}

if (!SSL_is_init_finished(cstate->ssl))
{
DISCARD_CONTEXT(c);
destroyContext(c);
return;
// DISCARD_CONTEXT(c);
// destroyContext(c);
// return;
}
else
{
Expand All @@ -331,10 +347,14 @@ static inline void downStream(tunnel_t *self, context_t *c)
}
flush_write_queue(self, c);
// queue is flushed and we are done
DISCARD_CONTEXT(c);
destroyContext(c);
return;
// DISCARD_CONTEXT(c);
// destroyContext(c);
// return;
}

DISCARD_CONTEXT(c);
destroyContext(c);
return;
}

/* The encrypted data is now in the input bio so now we can perform actual
Expand Down Expand Up @@ -467,7 +487,7 @@ tunnel_t *newOpenSSLClient(node_instance_context_t *instance_info)
return NULL;
}

ssl_param->verify_peer = state->verify ? 1 : 0; // no mtls
ssl_param->verify_peer = state->verify ? 1 : 0;
ssl_param->endpoint = SSL_CLIENT;
// ssl_param->ca_path = "cacert.pem";
state->ssl_context = ssl_ctx_new(ssl_param);
Expand All @@ -488,7 +508,7 @@ tunnel_t *newOpenSSLClient(node_instance_context_t *instance_info)
} *ossl_alpn = malloc(1 + alpn_len);
ossl_alpn->len = alpn_len;
memcpy(&(ossl_alpn->alpn_data[0]), state->alpn, alpn_len);
SSL_CTX_set_alpn_protos(state->ssl_context,(const unsigned char *)ossl_alpn, 1 + alpn_len);
SSL_CTX_set_alpn_protos(state->ssl_context, (const unsigned char *)ossl_alpn, 1 + alpn_len);
free(ossl_alpn);

tunnel_t *t = newTunnel();
Expand Down
41 changes: 38 additions & 3 deletions ww/managers/socket_manager.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
#include "utils/procutils.h"
#include "hv/hthread.h"
#include "loggers/network_logger.h"
#include <signal.h>

#define i_key socket_filter_t *
#define i_type filters_t
Expand All @@ -19,8 +20,10 @@ typedef struct socket_manager_s
filters_t filters;
size_t last_round_tindex;
bool iptables_installed;
bool ip6tables_installed;
bool lsof_installed;
bool iptable_cleaned;
bool iptables_used;

} socket_manager_state_t;

Expand Down Expand Up @@ -80,6 +83,19 @@ static bool reset_iptables()

return execCmd("iptables -t nat -F").exit_code == 0 && execCmd("iptables -t nat -X").exit_code == 0;
}
static void exit_hook()
{
if (state->iptables_used)
reset_iptables();
}
static void sig_handler(int signum)
{
signal(signum, SIG_DFL);
if (signum == SIGTERM || signum == SIGINT)
{
exit(0); // exit hook gets called
}
}

void registerSocketAcceptor(tunnel_t *tunnel, socket_filter_option_t option, onAccept cb)
{
Expand Down Expand Up @@ -120,7 +136,7 @@ static void on_accept_tcp(hio_t *io)

if (option.multiport_backend == multiport_backend_iptables)
{
unsigned char pbuf[28]= {0};
unsigned char pbuf[28] = {0};
int size = 16; // todo ipv6 value is 28
if (getsockopt(hio_fd(io), SOL_IP, SO_ORIGINAL_DST, &(pbuf[0]), &size) < 0)
{
Expand All @@ -130,7 +146,7 @@ static void on_accept_tcp(hio_t *io)
return;
}

result->realport = (pbuf[2]<< 8) | pbuf[3] ;
result->realport = (pbuf[2] << 8) | pbuf[3];
}

if (option.no_delay)
Expand Down Expand Up @@ -214,7 +230,7 @@ static HTHREAD_ROUTINE(accept_thread)
}
if (port_min == port_max)
goto singleport;

state->iptables_used = true;
if (!state->iptable_cleaned)
{
if (!reset_iptables())
Expand Down Expand Up @@ -328,6 +344,25 @@ socket_manager_state_t *createSocketManager()

state->iptables_installed = check_installed("iptables");
state->lsof_installed = check_installed("lsof");
#if SUPOPRT_V6
state->ip6tables_installed = check_installed("ip6tables");
#endif

if (signal(SIGTERM, sig_handler) == SIG_ERR)
{
perror("Error setting SIGTERM signal handler");
exit(1);
}
if (signal(SIGINT, sig_handler) == SIG_ERR)
{
perror("Error setting SIGINT signal handler");
exit(1);
}
if (atexit(exit_hook) != 0)
{
perror("Error setting ATEXIT hook");
exit(1);
}

return state;
}
2 changes: 1 addition & 1 deletion ww/utils/utils.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -335,7 +335,7 @@ cmdresult_t execCmd(const char *str)
bool check_installed(const char *app)
{
char b[300];
sprintf(b, "dpkg-query -W --showformat='${Status}\n' %s|grep \"install ok install\"", app);
sprintf(b, "command -v %s", app);
cmdresult_t result = execCmd(b);
return (result.exit_code == 0 && strlen(result.output) > 0);
}

0 comments on commit e2062e8

Please sign in to comment.