added optional client keepalives

Author: jpillora

README.md

@@ -80,8 +80,8 @@ and then visit [localhost:3000](http://localhost:3000/), we should see a directo
 
 	  --key, An optional string to seed the generation of a ECDSA public
 	  and private key pair. All commications will be secured using this
-	  key pair. Share the resulting fingerprint with clients to prevent
-	  man-in-the-middle attacks.
+	  key pair. Share this fingerprint with clients to enable detection
+	  of man-in-the-middle attacks.
 
 	  --authfile, An optional path to a users.json file. This file should
 	  be an object with users defined like:
@@ -113,7 +113,7 @@ and then visit [localhost:3000](http://localhost:3000/), we should see a directo
 
 	server is the URL to the chisel server.
 
-	remotes are remote connections tunneled through the server, each of
+	remotes are remote connections tunnelled through the server, each of
 	which come in the form:
 
 		<local-host>:<local-port>:<remote-host>:<remote-port>
@@ -141,6 +141,12 @@ and then visit [localhost:3000](http://localhost:3000/), we should see a directo
 	  in the form: "<user>:<pass>". These credentials are compared to
 	  the credentials inside the server's --authfile.
 
+	  --keepalive, An optional keepalive interval. Since the underlying
+	  transport is HTTP, in many instances we'll be traversing through
+	  proxies, often these proxies will close idle connections. You must
+	  specify a time with a unit, for example '30s' or '2m'. Defaults
+	  to '0s' (disabled).
+
 	  -v, Enable verbose logging
 
 	  --help, This help text

client/client.go

@@ -15,26 +15,34 @@ import (
 	"golang.org/x/net/websocket"
 )
 
+type Config struct {
+	shared      *chshare.Config
+	Fingerprint string
+	Auth        string
+	KeepAlive   time.Duration
+	Server      string
+	Remotes     []string
+}
+
 type Client struct {
 	*chshare.Logger
-	config      *chshare.Config
-	sshConfig   *ssh.ClientConfig
-	proxies     []*Proxy
-	sshConn     ssh.Conn
-	fingerprint string
-	server      string
-	running     bool
-	runningc    chan error
+	config    *Config
+	sshConfig *ssh.ClientConfig
+	proxies   []*Proxy
+	sshConn   ssh.Conn
+	server    string
+	running   bool
+	runningc  chan error
 }
 
-func NewClient(fingerprint, auth, server string, remotes ...string) (*Client, error) {
+func NewClient(config *Config) (*Client, error) {
 
 	//apply default scheme
-	if !strings.HasPrefix(server, "http") {
-		server = "http://" + server
+	if !strings.HasPrefix(config.Server, "http") {
+		config.Server = "http://" + config.Server
 	}
 
-	u, err := url.Parse(server)
+	u, err := url.Parse(config.Server)
 	if err != nil {
 		return nil, err
 	}
@@ -51,34 +59,34 @@ func NewClient(fingerprint, auth, server string, remotes ...string) (*Client, er
 	//swap to websockets scheme
 	u.Scheme = strings.Replace(u.Scheme, "http", "ws", 1)
 
-	config := &chshare.Config{}
-	for _, s := range remotes {
+	shared := &chshare.Config{}
+	for _, s := range config.Remotes {
 		r, err := chshare.DecodeRemote(s)
 		if err != nil {
 			return nil, fmt.Errorf("Failed to decode remote '%s': %s", s, err)
 		}
-		config.Remotes = append(config.Remotes, r)
+		shared.Remotes = append(shared.Remotes, r)
 	}
-
-	c := &Client{
-		Logger:      chshare.NewLogger("client"),
-		config:      config,
-		server:      u.String(),
-		fingerprint: fingerprint,
-		running:     true,
-		runningc:    make(chan error, 1),
+	config.shared = shared
+
+	client := &Client{
+		Logger:   chshare.NewLogger("client"),
+		config:   config,
+		server:   u.String(),
+		running:  true,
+		runningc: make(chan error, 1),
 	}
 
-	user, pass := chshare.ParseAuth(auth)
+	user, pass := chshare.ParseAuth(config.Auth)
 
-	c.sshConfig = &ssh.ClientConfig{
+	client.sshConfig = &ssh.ClientConfig{
 		User:            user,
 		Auth:            []ssh.AuthMethod{ssh.Password(pass)},
 		ClientVersion:   chshare.ProtocolVersion + "-client",
-		HostKeyCallback: c.verifyServer,
+		HostKeyCallback: client.verifyServer,
 	}
 
-	return c, nil
+	return client, nil
 }
 
 //Start then Wait
@@ -88,12 +96,13 @@ func (c *Client) Run() error {
 }
 
 func (c *Client) verifyServer(hostname string, remote net.Addr, key ssh.PublicKey) error {
-	f := chshare.FingerprintKey(key)
-	if c.fingerprint != "" && !strings.HasPrefix(f, c.fingerprint) {
-		return fmt.Errorf("Invalid fingerprint (Got %s)", f)
+	expect := c.config.Fingerprint
+	got := chshare.FingerprintKey(key)
+	if expect != "" && !strings.HasPrefix(got, expect) {
+		return fmt.Errorf("Invalid fingerprint (%s)", got)
 	}
 	//overwrite with complete fingerprint
-	c.Infof("Fingerprint %s", f)
+	c.Infof("Fingerprint %s", got)
 	return nil
 }
 
@@ -106,12 +115,23 @@ func (c *Client) start() {
 	c.Infof("Connecting to %s\n", c.server)
 
 	//prepare proxies
-	for id, r := range c.config.Remotes {
+	for id, r := range c.config.shared.Remotes {
 		proxy := NewProxy(c, id, r)
 		go proxy.start()
 		c.proxies = append(c.proxies, proxy)
 	}
 
+	//optional keepalive loop
+	if c.config.KeepAlive > 0 {
+		go func() {
+			for range time.Tick(c.config.KeepAlive) {
+				if c.sshConn != nil {
+					c.sshConn.SendRequest("ping", true, nil)
+				}
+			}
+		}()
+	}
+
 	//connection loop!
 	var connerr error
 	b := &backoff.Backoff{Max: 5 * time.Minute}
@@ -134,7 +154,8 @@ func (c *Client) start() {
 		}
 
 		sshConn, chans, reqs, err := ssh.NewClientConn(ws, "", c.sshConfig)
-		//NOTE break -> dont retry on handshake failures
+
+		//NOTE: break == dont retry on handshake failures
 		if err != nil {
 			if strings.Contains(err.Error(), "unable to authenticate") {
 				c.Infof("Authentication failed")
@@ -144,16 +165,16 @@ func (c *Client) start() {
 			}
 			break
 		}
-		conf, _ := chshare.EncodeConfig(c.config)
+		conf, _ := chshare.EncodeConfig(c.config.shared)
 		c.Debugf("Sending configurating")
 		t0 := time.Now()
-		_, conerr, err := sshConn.SendRequest("config", true, conf)
+		_, configerr, err := sshConn.SendRequest("config", true, conf)
 		if err != nil {
 			c.Infof("Config verification failed")
 			break
 		}
-		if len(conerr) > 0 {
-			c.Infof(string(conerr))
+		if len(configerr) > 0 {
+			c.Infof(string(configerr))
 			break
 		}
 		c.Infof("Connected (Latency %s)", time.Now().Sub(t0))

main.go

@@ -126,7 +126,11 @@ func server(args []string) {
 		*port = "8080"
 	}
 
-	s, err := chserver.NewServer(*key, *authfile, *proxy)
+	s, err := chserver.NewServer(&chserver.Config{
+		KeySeed:  *key,
+		AuthFile: *authfile,
+		Proxy:    *proxy,
+	})
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -171,6 +175,12 @@ var clientHelp = `
 	  --auth, An optional username and password (client authentication)
 	  in the form: "<user>:<pass>". These credentials are compared to
 	  the credentials inside the server's --authfile.
+
+	  --keepalive, An optional keepalive interval. Since the underlying
+	  transport is HTTP, in many instances we'll be traversing through
+	  proxies, often these proxies will close idle connections. You must
+	  specify a time with a unit, for example '30s' or '2m'. Defaults
+	  to '0s' (disabled).
 ` + commonHelp
 
 func client(args []string) {
@@ -179,32 +189,34 @@ func client(args []string) {
 
 	fingerprint := flags.String("fingerprint", "", "")
 	auth := flags.String("auth", "", "")
+	keepalive := flags.Duration("keepalive", 0, "")
 	verbose := flags.Bool("v", false, "")
 	flags.Usage = func() {
 		fmt.Fprintf(os.Stderr, clientHelp)
 		os.Exit(1)
 	}
 	flags.Parse(args)
-
+	//pull out options, put back remaining args
 	args = flags.Args()
 	if len(args) < 2 {
 		log.Fatalf("A server and least one remote is required")
 	}
 
-	server := args[0]
-	remotes := args[1:]
-
-	c, err := chclient.NewClient(*fingerprint, *auth, server, remotes...)
+	c, err := chclient.NewClient(&chclient.Config{
+		Fingerprint: *fingerprint,
+		Auth:        *auth,
+		KeepAlive:   *keepalive,
+		Server:      args[0],
+		Remotes:     args[1:],
+	})
 	if err != nil {
 		log.Fatal(err)
 	}
 
 	c.Info = true
 	c.Debug = *verbose
 
-	c.Start()
-
-	if err = c.Wait(); err != nil {
+	if err = c.Run(); err != nil {
 		log.Fatal(err)
 	}
 }

server/server.go

@@ -13,9 +13,19 @@ import (
 	"golang.org/x/net/websocket"
 )
 
+type Config struct {
+	KeySeed  string
+	AuthFile string
+	Proxy    string
+}
+
 type Server struct {
 	*chshare.Logger
-	Users       chshare.Users
+	//Users is an empty map of usernames to Users
+	//It can be optionally initialized using the
+	//file found at AuthFile
+	Users chshare.Users
+
 	fingerprint string
 	wsCount     int
 	wsServer    websocket.Server
@@ -25,7 +35,7 @@ type Server struct {
 	sessions    map[string]*chshare.User
 }
 
-func NewServer(keySeed, authfile, proxy string) (*Server, error) {
+func NewServer(config *Config) (*Server, error) {
 	s := &Server{
 		Logger:     chshare.NewLogger("server"),
 		wsServer:   websocket.Server{},
@@ -35,16 +45,16 @@ func NewServer(keySeed, authfile, proxy string) (*Server, error) {
 	s.wsServer.Handler = websocket.Handler(s.handleWS)
 
 	//parse users, if provided
-	if authfile != "" {
-		users, err := chshare.ParseUsers(authfile)
+	if config.AuthFile != "" {
+		users, err := chshare.ParseUsers(config.AuthFile)
 		if err != nil {
 			return nil, err
 		}
 		s.Users = users
 	}
 
 	//generate private key (optionally using seed)
-	key, _ := chshare.GenerateKey(keySeed)
+	key, _ := chshare.GenerateKey(config.KeySeed)
 	//convert into ssh.PrivateKey
 	private, err := ssh.ParsePrivateKey(key)
 	if err != nil {
@@ -59,8 +69,8 @@ func NewServer(keySeed, authfile, proxy string) (*Server, error) {
 	}
 	s.sshConfig.AddHostKey(private)
 
-	if proxy != "" {
-		u, err := url.Parse(proxy)
+	if config.Proxy != "" {
+		u, err := url.Parse(config.Proxy)
 		if err != nil {
 			return nil, err
 		}
@@ -202,7 +212,18 @@ func (s *Server) handleWS(ws *websocket.Conn) {
 	l := s.Fork("session#%d", id)
 
 	l.Debugf("Open")
-	go ssh.DiscardRequests(reqs)
+
+	go func() {
+		for r := range reqs {
+			switch r.Type {
+			case "ping":
+				r.Reply(true, nil)
+			default:
+				l.Debugf("Unknown request: %s", r.Type)
+			}
+		}
+	}()
+
 	go chshare.ConnectStreams(l, chans)
 	sshConn.Wait()
 	l.Debugf("Close")