Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sslh-select hangs when connecting towards an unresponsive server #258

Closed
yrutschle opened this issue Mar 6, 2020 · 4 comments
Closed

sslh-select hangs when connecting towards an unresponsive server #258

yrutschle opened this issue Mar 6, 2020 · 4 comments
Labels
bug

Comments

@yrutschle
Copy link
Owner

Use case: sslh forwards incoming HTTPS to a local LXC, which is not started. Connection towards the LXC hangs (e.g. telnet prints Trying 192.168.0.3... then waits for a long time).

sslh also hangs, which means no other connection are serviced.
@yrutschle yrutschle mentioned this issue Mar 6, 2020
Closed
@yrutschle yrutschle added the bug label Apr 10, 2020
@yrutschle yrutschle mentioned this issue Apr 13, 2020
Closed
@fdellwing
Copy link

We face the same issue in 1.21:

May 27 14:42:26 mbCONNECT24 sslh-select[6563]: http:connection from 66.19.x.x:41347 to 198.50.162.21:4443 forwarded from 66.19.x.x:41347 to 192.168.0.181:443
May 27 14:44:35 mbCONNECT24 sslh-select[6563]: forward to openvpn failed:connect: Connection timed out
[...]
May 27 14:44:48 mbCONNECT24 sslh-select[6563]: http:connection from 166.159.x.x:41527 to 198.50.162.21:4443 forwarded from 166.159.x.x:41527 to 192.168.0.181:443
May 27 14:46:58 mbCONNECT24 sslh-select[6563]: forward to openvpn failed:connect: Connection timed out
[...]
May 27 14:49:30 mbCONNECT24 sslh-select[6563]: tls:connection from 165.225.x.x:13373 to 198.50.162.21:4443 forwarded from 165.225.x.x:13373 to 192.168.0.181:443
May 27 14:51:41 mbCONNECT24 sslh-select[6563]: forward to openvpn failed:connect: Connection timed out

As you can see, the server is always unresponsive for about 130seconds. This is a big problem for us, as we are now unable to use sslh-select at all.

Any idea how to solve this issue in sslh?

@yrutschle
Copy link
Owner Author

Ok, I had a quick look.
The issue is that upon calling accept(2) in common.c:connect_addr(), the file descriptor is blocking.
The patch attached would fix that, but for some reason the file descriptors that hang, hang... forever, apparently.
So I can't quite commit this, I'll investigate further.
non_block.zip

@yrutschle
Copy link
Owner Author

Ok, this commit should work. It may fail if the server name resolves to several addresses, one of which hangs while the others don't, as sslh will stop trying with the first connect(2) that returns (e.g. "target.example.com" resolves to an IPv4 and IPv6; sslh connects to the IPv4, and connect() returns: it won't even try to connect to the IPv6. Before, it tried all adresses with connect() blocking, which means it had an answer from the remote server). I don't think that would be a big issue but I could be wrong.

I expect the commit should apply to 1.21c straightfowardly, but I didn't try it.

@fdellwing
Copy link

fdellwing commented May 28, 2021
edited
Loading

We will try the change. Name resolution is not a problem for us, as we only use local addresses as target.

Thanks a lot for your work 👍

@fdellwing fdellwing mentioned this issue Jun 7, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yrutschle @fdellwing