Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Advanced" mode does not proxy connections (upgrade failed) #208

Open
Alexander-- opened this issue Nov 25, 2023 · 1 comment
Open

"Advanced" mode does not proxy connections (upgrade failed) #208

Alexander-- opened this issue Nov 25, 2023 · 1 comment

Comments

@Alexander--
Copy link

Alexander-- commented Nov 25, 2023
edited

I am trying to get websocat to proxy my Websocket connection to another Websocket server:

$ websocat -vvvv -E --binary --pkcs12-der ~/combined.pfx  'wss-listen:192.168.1.34:49234' 'wss://example.com/ws/connection/websocket'
websocat: Unfortunately, serving multiple clients without --exit-on-eof (-E) or with -U option is prone to socket leak in this websocat version
[DEBUG websocat] Done third phase of interpreting options.
[DEBUG websocat] Done fourth phase of interpreting options.
[DEBUG websocat] Preparation done. Now actually starting.
[DEBUG websocat::sessionserve] Serving WsServer(TlsAccept(TcpListen(192.168.1.181:49234))) to WsClient("wss://example.com/ws/connection/websocket") with Options { websocket_text_mode: false, websocket_protocol: None, websocket_reply_protocol: None, udp_oneshot_mode: false, udp_broadcast: false, udp_multicast_loop: false, udp_ttl: None, udp_join_multicast_addr: [], udp_join_multicast_iface_v4: [], udp_join_multicast_iface_v6: [], udp_reuseaddr: false, unidirectional: false, unidirectional_reverse: false, max_messages: None, max_messages_rev: None, exit_on_eof: false, oneshot: false, unlink_unix_socket: false, unix_socket_accept_from_fd: false, exec_args: [], ws_c_uri: "ws://0.0.0.0/", linemode_strip_newlines: false, linemode_strict: false, origin: None, custom_headers: [], custom_reply_headers: [], websocket_version: None, websocket_dont_close: false, websocket_ignore_zeromsg: false, one_message: false, no_auto_linemode: false, buffer_size: 65536, broadcast_queue_len: 16, read_debt_handling: Silent, linemode_zero_terminated: false, restrict_uri: None, serve_static_files: [], exec_set_env: false, no_exit_on_zeromsg: false, reuser_send_zero_msg_on_disconnect: false, process_zero_sighup: false, process_exit_sighup: false, socks_destination: None, auto_socks5: None, socks5_bind_script: None, tls_domain: None, tls_insecure: false, headers_to_env: [], max_parallel_conns: None, ws_ping_interval: None, ws_ping_timeout: None, request_uri: None, request_method: None, request_headers: [], autoreconnect_delay_millis: 20, ws_text_prefix: None, ws_binary_prefix: None, ws_binary_base64: false, ws_text_base64: false, close_status_code: None, close_reason: None, asyncstdio: false, foreachmsg_wait_reads: false, announce_listens: false, timestamp_monotonic: false, print_ping_rtts: false, byte_to_exit_on: 28, max_ws_message_length: 209715200, max_ws_frame_length: 104857600, preamble: [], preamble_reverse: [], compress_deflate: false, compress_zlib: false, compress_gzip: false, uncompress_deflate: false, uncompress_zlib: false, uncompress_gzip: false }
[DEBUG websocat::net_peer] Listening TCP socket
[INFO  websocat::net_peer] Incoming TCP connection from Some(192.168.1.163:35766)
[DEBUG websocat::sessionserve] Underlying connection established
[INFO  websocat::sessionserve] Serving 1 ongoing connections
[DEBUG websocat::ssl_peer] Accepting a TLS connection
[INFO  websocat::ssl_peer] Accepted TLS connection
[DEBUG websocat::ssl_peer]   no identity certificate from the client. But Websocat may have failed to request it.
[DEBUG websocat::readdebt] Fullfulling the debt of 135 bytes
[DEBUG websocat::trivial_peer] LiteralPeer debt
[DEBUG websocat::trivial_peer] LiteralPeer finished
[DEBUG websocat::my_copy] zero len
[DEBUG websocat::my_copy] read_done
[DEBUG websocat::my_copy] done
websocat: WebSocketError: I/O failure

On the client I am receiving 400 response code and the following message:

Only WebSocket connections are welcome here

From the brief glance at the source code, it looks like websocat somehow tries to treat the connection as HTTP (??) instead of Websocket. I don't have this issue with other Websocket server software (including Golang/Gorilla and python-websockets).

I am using websocat 1.11.0 from Arch Linux repositories.
@Alexander-- Alexander-- mentioned this issue Nov 25, 2023
Open
@vi
Copy link
Owner

vi commented Nov 25, 2023
edited

HTTP (??) instead of Websocket

WebSocket typically starts with a HTTP upgrade. What does the client send to Websocat?

You can try to log it with something like this:

websocat  -E --binary --pkcs12-der ~/combined.pfx   ws-upgrade:log:tls-accept:tcp-listen:192.168.1.34:49234 'wss://example.com/ws/connection/websocket'

This should produce additional debugging output like this:

READ 153 "GET / HTTP/1.1\r\nHost: 127.0.0.1:1234\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Version: 13\r\nSec-WebSocket-Key: 1+GnaZ3/ZsNl7ETXCD8L+Q==\r\n\r\n"
WRITE 129 "HTTP/1.1 101 Switching Protocols\r\nSec-WebSocket-Accept: CcUcKFF2hwqCoDKTE9Yrvjv1jiQ=\r\nConnection: Upgrade\r\nUpgrade: websocket\r\n\r\n"
READ 10 "\x81\x84\x03l\xbd*p\x08\xdb "
WRITE 6 "\x82\x04sdf\n"
READ 13 "\x81\x87\xbe\x87d\x11\xcd\xe3\x02u\xcd\xe1n"
WRITE 9 "\x82\x07sdfdsf\n"
READ 0 ""

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vi @Alexander--