diff --git a/tunnels/client/http2/helpers.h b/tunnels/client/http2/helpers.h index af55c859..830c1178 100644 --- a/tunnels/client/http2/helpers.h +++ b/tunnels/client/http2/helpers.h @@ -3,7 +3,7 @@ #include "types.h" #define MAX_CONCURRENT_STREAMS 0xffffffffu -#define MAX_CHILD_PER_STREAM 400 +#define MAX_CHILD_PER_STREAM 1000 #define STATE(x) ((http2_client_state_t *)((x)->state)) #define CSTATE(x) ((void *)((((x)->line->chains_state)[self->chain_index]))) @@ -186,7 +186,7 @@ static void delete_http2_connection(http2_client_con_state_t *con) static http2_client_con_state_t *take_http2_connection(tunnel_t *self, int tid, hio_t *io) { http2_client_state_t *state = STATE(self); - return create_http2_connection(self, tid, io); + // return create_http2_connection(self, tid, io); vec_cons *vector = &(state->thread_cpool[tid].cons); if (vec_cons_size(vector) > 0) diff --git a/tunnels/client/openssl/openssl_client.c b/tunnels/client/openssl/openssl_client.c index 453ba7ce..caef5ce0 100644 --- a/tunnels/client/openssl/openssl_client.c +++ b/tunnels/client/openssl/openssl_client.c @@ -309,11 +309,27 @@ static inline void downStream(tunnel_t *self, context_t *c) goto failed; } + /* Did SSL request to write bytes? */ + shift_buffer_t *buf = popBuffer(buffer_pools[c->line->tid]); + size_t avail = rCap(buf); + n = BIO_read(cstate->wbio, rawBuf(buf), avail); + if (n > 0) + { + setLen(buf, n); + context_t *data_ctx = newContext(c->line); + data_ctx->payload = buf; + self->up->upStream(self->up, data_ctx); + } + else + { + reuseBuffer(buffer_pools[c->line->tid], buf); + } + if (!SSL_is_init_finished(cstate->ssl)) { - DISCARD_CONTEXT(c); - destroyContext(c); - return; + // DISCARD_CONTEXT(c); + // destroyContext(c); + // return; } else { @@ -331,10 +347,14 @@ static inline void downStream(tunnel_t *self, context_t *c) } flush_write_queue(self, c); // queue is flushed and we are done - DISCARD_CONTEXT(c); - destroyContext(c); - return; + // DISCARD_CONTEXT(c); + // destroyContext(c); + // return; } + + DISCARD_CONTEXT(c); + destroyContext(c); + return; } /* The encrypted data is now in the input bio so now we can perform actual @@ -467,7 +487,7 @@ tunnel_t *newOpenSSLClient(node_instance_context_t *instance_info) return NULL; } - ssl_param->verify_peer = state->verify ? 1 : 0; // no mtls + ssl_param->verify_peer = state->verify ? 1 : 0; ssl_param->endpoint = SSL_CLIENT; // ssl_param->ca_path = "cacert.pem"; state->ssl_context = ssl_ctx_new(ssl_param); @@ -488,7 +508,7 @@ tunnel_t *newOpenSSLClient(node_instance_context_t *instance_info) } *ossl_alpn = malloc(1 + alpn_len); ossl_alpn->len = alpn_len; memcpy(&(ossl_alpn->alpn_data[0]), state->alpn, alpn_len); - SSL_CTX_set_alpn_protos(state->ssl_context,(const unsigned char *)ossl_alpn, 1 + alpn_len); + SSL_CTX_set_alpn_protos(state->ssl_context, (const unsigned char *)ossl_alpn, 1 + alpn_len); free(ossl_alpn); tunnel_t *t = newTunnel(); diff --git a/ww/managers/socket_manager.c b/ww/managers/socket_manager.c index 69d75d26..2793b698 100644 --- a/ww/managers/socket_manager.c +++ b/ww/managers/socket_manager.c @@ -3,6 +3,7 @@ #include "utils/procutils.h" #include "hv/hthread.h" #include "loggers/network_logger.h" +#include #define i_key socket_filter_t * #define i_type filters_t @@ -19,8 +20,10 @@ typedef struct socket_manager_s filters_t filters; size_t last_round_tindex; bool iptables_installed; + bool ip6tables_installed; bool lsof_installed; bool iptable_cleaned; + bool iptables_used; } socket_manager_state_t; @@ -80,6 +83,19 @@ static bool reset_iptables() return execCmd("iptables -t nat -F").exit_code == 0 && execCmd("iptables -t nat -X").exit_code == 0; } +static void exit_hook() +{ + if (state->iptables_used) + reset_iptables(); +} +static void sig_handler(int signum) +{ + signal(signum, SIG_DFL); + if (signum == SIGTERM || signum == SIGINT) + { + exit(0); // exit hook gets called + } +} void registerSocketAcceptor(tunnel_t *tunnel, socket_filter_option_t option, onAccept cb) { @@ -120,7 +136,7 @@ static void on_accept_tcp(hio_t *io) if (option.multiport_backend == multiport_backend_iptables) { - unsigned char pbuf[28]= {0}; + unsigned char pbuf[28] = {0}; int size = 16; // todo ipv6 value is 28 if (getsockopt(hio_fd(io), SOL_IP, SO_ORIGINAL_DST, &(pbuf[0]), &size) < 0) { @@ -130,7 +146,7 @@ static void on_accept_tcp(hio_t *io) return; } - result->realport = (pbuf[2]<< 8) | pbuf[3] ; + result->realport = (pbuf[2] << 8) | pbuf[3]; } if (option.no_delay) @@ -214,7 +230,7 @@ static HTHREAD_ROUTINE(accept_thread) } if (port_min == port_max) goto singleport; - + state->iptables_used = true; if (!state->iptable_cleaned) { if (!reset_iptables()) @@ -328,6 +344,25 @@ socket_manager_state_t *createSocketManager() state->iptables_installed = check_installed("iptables"); state->lsof_installed = check_installed("lsof"); +#if SUPOPRT_V6 + state->ip6tables_installed = check_installed("ip6tables"); +#endif + + if (signal(SIGTERM, sig_handler) == SIG_ERR) + { + perror("Error setting SIGTERM signal handler"); + exit(1); + } + if (signal(SIGINT, sig_handler) == SIG_ERR) + { + perror("Error setting SIGINT signal handler"); + exit(1); + } + if (atexit(exit_hook) != 0) + { + perror("Error setting ATEXIT hook"); + exit(1); + } return state; } diff --git a/ww/utils/utils.c b/ww/utils/utils.c index d1cd5621..6407666c 100644 --- a/ww/utils/utils.c +++ b/ww/utils/utils.c @@ -335,7 +335,7 @@ cmdresult_t execCmd(const char *str) bool check_installed(const char *app) { char b[300]; - sprintf(b, "dpkg-query -W --showformat='${Status}\n' %s|grep \"install ok install\"", app); + sprintf(b, "command -v %s", app); cmdresult_t result = execCmd(b); return (result.exit_code == 0 && strlen(result.output) > 0); }