Immediate crash and no connection on server with 10.0.0
Opened this issue · 1 comments
simpz commented
I have just tried the new version on wstunnel and it crashes straight way on the server when a 10.0.0 client crashes it on connection.
My server command launch is
./wstunnel server --tls-certificate ./certs/wstunnel-server.cert.pem \
--tls-private-key ./private/wstunnel-server.pem \
--tls-client-ca-certs ./certs/ca.cert.pem \
--restrict-to '[::1]:51820' \
--log-lvl=TRACE \
wss://[::]:8443
The output is (with a number of lines encryption lines removed) :
./wstunnel_start
2024-08-16T13:02:47.356413Z INFO wstunnel::protocols::tls::server: Loading tls certificate from "./certs/wstunnel-server.cert.pem"
2024-08-16T13:02:47.356496Z INFO wstunnel::protocols::tls::server: Loading tls private key from "./private/wstunnel-server.pem"
2024-08-16T13:02:47.356526Z INFO wstunnel::protocols::tls::server: Loading tls certificate from "./certs/ca.cert.pem"
2024-08-16T13:02:47.356751Z TRACE hickory_resolver::async_resolver: handle passed back
2024-08-16T13:02:47.356762Z INFO wstunnel: Starting wstunnel server v10.0.0 with config WsServerConfig { socket_so_mark: None, bind: [::]:8443, websocket_ping_frequency: None, timeout_connect: 10s, websocket_mask_frame: false, restriction_config: None, tls: true, mTLS: true }
2024-08-16T13:02:47.356784Z DEBUG wstunnel: Restriction rules: RestrictionsRules {
restrictions: [
RestrictionConfig {
name: "Allow All",
match: [
Any,
],
allow: [
Tunnel(
AllowTunnelConfig {
protocol: [],
port: [
51820..=51820,
],
host: Regex(
"^::1$",
),
cidr: [
0.0.0.0/0,
::/0,
],
},
),
ReverseTunnel(
AllowReverseTunnelConfig {
protocol: [],
port: [
51820..=51820,
],
port_mapping: {},
cidr: [
::1/128,
],
},
),
],
},
],
}
2024-08-16T13:02:47.356851Z INFO wstunnel::tunnel::server::server: Starting wstunnel server listening on [::]:8443
2024-08-16T13:02:47.357051Z TRACE mio::poll: registering event source with poller: token=Token(0), interests=READABLE
2024-08-16T13:02:47.357093Z INFO wstunnel::tunnel::tls_reloader: Starting to watch tls certificates and private key for changes to reload them
2024-08-16T13:02:47.357104Z TRACE mio::poll: registering event source with poller: token=Token(0), interests=READABLE
2024-08-16T13:02:47.357164Z TRACE notify::inotify: adding inotify watch: /etc/config/wstunnel/./certs/wstunnel-server.cert.pem
2024-08-16T13:02:47.357284Z TRACE notify::inotify: adding inotify watch: /etc/config/wstunnel/./private/wstunnel-server.pem
2024-08-16T13:02:47.357332Z TRACE notify::inotify: adding inotify watch: /etc/config/wstunnel/./certs/ca.cert.pem
2024-08-16T13:03:11.977741Z INFO wstunnel::tunnel::server::server: Accepting connection
2024-08-16T13:03:11.977826Z INFO tunnel{peer="[::ffff:193.34.36.243]:41920"}: wstunnel::tunnel::server::server: Doing TLS handshake
2024-08-16T13:03:11.978525Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::hs: we got a clienthello ClientHelloPayload { client_version: TLSv1_2, random: e9c6b4be6b329ae1917f906ed2c4230233a4b65c27528cf88ce78fcfedaa4a0c, session_id: ef41c65d4655656cf03f02c806a3ea01660fbbf2c9674bcda17cc1a70b607ce1, cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV], compression_methods: [Null], extensions: [KeyShare([KeyShareEntry { group: X25519, payload: b79a692ba8477c4a7c8d526ecd7ca2a5a0f8f9e21e2d567761a7422a67fcb52b }]), PresharedKeyModes([PSK_DHE_KE]), SessionTicket(Request), SupportedVersions([TLSv1_3, TLSv1_2]), NamedGroups([X25519, secp256r1, secp384r1]), ExtendedMasterSecretRequest, EcPointFormats([Uncompressed]), Protocols([ProtocolName(687474702f312e31)]), CertificateStatusRequest(Ocsp(OcspCertificateStatusRequest { responder_ids: [], extensions: })), SignatureAlgorithms([RSA_PKCS1_SHA1, ECDSA_SHA1_Legacy, RSA_PKCS1_SHA256, ECDSA_NISTP256_SHA256, RSA_PKCS1_SHA384, ECDSA_NISTP384_SHA384, RSA_PKCS1_SHA512, ECDSA_NISTP521_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, ED25519, ED448])] }
2024-08-16T13:03:11.978591Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::server_conn: sni None
2024-08-16T13:03:11.978605Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::server_conn: sig schemes [RSA_PKCS1_SHA1, ECDSA_SHA1_Legacy, RSA_PKCS1_SHA256, ECDSA_NISTP256_SHA256, RSA_PKCS1_SHA384, ECDSA_NISTP384_SHA384, RSA_PKCS1_SHA512, ECDSA_NISTP521_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, ED25519, ED448]
2024-08-16T13:03:11.978613Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::server_conn: alpn protocols Some([ProtocolName(687474702f312e31)])
2024-08-16T13:03:11.978621Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::server_conn: cipher suites [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2024-08-16T13:03:11.978633Z DEBUG tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::hs: decided upon suite TLS13_AES_256_GCM_SHA384
2024-08-16T13:03:11.979132Z DEBUG tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::hs: Chosen ALPN protocol [104, 116, 116, 112, 47, 49, 46, 49]
2024-08-16T13:03:11.979142Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::tls13::client_hello: sending encrypted extensions Message { version: TLSv1_3, payload: Handshake { parsed: HandshakeMessagePayload { typ: EncryptedExtensions, payload: EncryptedExtensions([Protocols([ProtocolName(687474702f312e31)])]) }, encoded: 08000011000f0010000b000908687474702f312e31 } }
2024-08-16T13:03:12.005386Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::conn: Dropping CCS
2024-08-16T13:03:12.006282Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::tls13: client CertificateVerify OK
2024-08-16T13:03:12.006597Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::tls13: sending new ticket Message { version: TLSv1_3, payload: Handshake { parsed: HandshakeMessagePayload { typ: NewSessionTicket, payload: NewSessionTicketTls13(NewSessionTicketPayloadTls13 { lifetime: 86400, age_add: 3838686406, nonce: 2b89529cad2aac5bee41466d50e96b4349159667d8ce6a1212da9d64bda3dfdf, ticket: a935a20b2d5a2821af1fa6dcbf4dd4493c97f55df17599f29ed5a6c1f1b8dfc2, exts: [] }) }, encoded: 0400004d00015180e4cdb4c6202b89529cad2aac5bee41466d50e96b4349159667d8ce6a1212da9d64bda3dfdf0020a935a20b2d5a2821af1fa6dcbf4dd4493c97f55df17599f29ed5a6c1f1b8dfc20000 } } (stateless: false)
thread 'tokio-runtime-worker' panicked at /cargo/registry/src/index.crates.io-6f17d22bba15001f/hyper-1.4.1/src/common/time.rs:73:32:
timeout `header_read_timeout` set, but no timer set
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Aborted
The daemon is dead after this.
The client reports nothing except cannot connect to tcp endpoint (no surprise).
This was your linux arm64 binary running on a Raspberry Pi 5 with OpenWRT, the client is an android arm64 binary.
This was a working 9.7.2 setup and just swapped the executables to a 10.0.0 version.
simpz commented
Wrong project...closing