feat: collect and display usage stats

.gitignore

@@ -4,4 +4,9 @@
 /.env
 /socks
 /host.key
-/custom
+/custom
+/dist
+tools/
+/CHANGELOG.md
+/.chglog
+/stats.json

.goreleaser.yaml

@@ -0,0 +1,95 @@
+project_name: rebound
+before:
+  hooks:
+    - go mod tidy
+builds:
+  - id: rebound
+    env:
+      - CGO_ENABLED=0
+    ldflags:
+      - -s
+      - -w
+      - -X "main.Version={{ .Env.GORELEASER_CURRENT_TAG }}"
+    gcflags:
+      - -trimpath="${PWD}"
+    asmflags:
+      - -trimpath="${PWD}"
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - "386"
+    main: ./cmd/server
+archives:
+  - id: rebound
+    builds: ["rebound"]
+    name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
+    files:
+      - README.md
+checksum:
+  name_template: 'checksums.txt'
+snapshot:
+  name_template: "{{ .Version }}"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+nfpms:
+  - id: rebound
+    builds:
+      - "rebound"
+    package_name: rebound
+    homepage: https://forge.cadoles.com/wpetit/rebound
+    maintainer: William Petit <wpetit@cadoles.com>
+    description: |-
+      SSH tunneling for machines behind NATs.
+    license: AGPL-3.0
+    formats:
+      - apk
+      - deb
+      - rpm
+    contents:
+      # Deb
+      - src: misc/packaging/systemd/rebound.systemd.service
+        dst: /usr/lib/systemd/system/rebound.service
+        packager: deb
+      - src: misc/packaging/systemd/rebound.env
+        dst: /etc/rebound/environ
+        type: config|noreplace
+        packager: deb
+
+      # RPM
+      - src: misc/packaging/systemd/rebound.systemd.service
+        dst: /usr/lib/systemd/system/rebound.service
+        packager: rpm    
+      - src: misc/packaging/systemd/rebound.env
+        type: config|noreplace
+        dst: /etc/rebound/environ
+        packager: rpm
+
+      # APK
+      - src: misc/packaging/openrc/rebound.openrc.sh
+        dst: /etc/init.d/rebound
+        file_info:
+          mode: 0755
+        packager: apk
+      - src: misc/packaging/openrc/rebound.conf
+        type: config|noreplace
+        dst: /etc/conf.d/rebound
+        file_info:
+          mode: 0755
+        packager: apk
+
+      # All
+      - dst: /var/lib/rebound
+        type: dir
+        file_info:
+          mode: 0700
+      - dst: /var/log/rebound
+        type: dir
+        file_info:
+          mode: 0700
+    scripts:
+      postinstall: "misc/packaging/common/postinstall-rebound.sh"

Makefile

@@ -1,6 +1,15 @@
 SHELL := /bin/bash
 DOKKU_URL := dokku@dev.lookingfora.name:rebound
 
+GORELEASER_VERSION ?= v1.13.1
+GORELEASER_ARGS ?= release --snapshot  --clean
+
+MKT_GITEA_RELEASE_ORG ?= wpetit
+MKT_GITEA_RELEASE_PROJECT ?= rebound
+MKT_GITEA_RELEASE_VERSION ?= $(MKT_PROJECT_VERSION)
+
+DEPLOY_TARGET ?= root@cadoles-rebound
+
 all: build
 
 watch: tools/modd/bin/modd
@@ -34,6 +43,25 @@ dokku-deploy:
 	$(if $(shell git config remote.dokku.url),, git remote add dokku $(DOKKU_URL))
 	git push -f dokku $(shell git rev-parse HEAD):refs/heads/master
 
+.PHONY: dist
+dist: .mktools
+	( set -o allexport && source .env && set +o allexport && VERSION=$(GORELEASER_VERSION) curl -sfL https://goreleaser.com/static/run | GORELEASER_CURRENT_TAG="$(MKT_PROJECT_VERSION)" bash /dev/stdin $(GORELEASER_ARGS) )
+
+.PHONY: release
+release: changelog
+	$(MAKE) MKT_GITEA_RELEASE_ATTACHMENTS="$$(find dist/* -type f -name '*.apk' -or -name '*.deb' -or -name '*.rpm' -or -name 'checksums.txt' -or -name 'CHANGELOG.md' | tr '\n' ' ')" mkt-gitea-release
+
+.PHONY: changelog
+changelog: .mktools
+	$(MAKE) MKT_GIT_CHGLOG_ARGS='--next-tag $(MKT_PROJECT_VERSION) --tag-filter-pattern $(MKT_PROJECT_VERSION_CHANNEL) --output CHANGELOG.md' mkt-changelog
+
+.PHONY: deploy
+deploy: dist
+	FILE=$$(find ./dist -name '*amd64.deb') \
+		&& ssh $(DEPLOY_TARGET) rm -f ~/rebound_*amd64.deb \
+		&& scp $${FILE} $(DEPLOY_TARGET):~/ \
+		&& ssh $(DEPLOY_TARGET) dpkg -i $$(basename $${FILE})
+
 .PHONY: mktools
 mktools:
 	rm -rf .mktools

cmd/server/main.go

@@ -1,7 +1,6 @@
 package main
 
 import (
-	"flag"
 	"log"
 	"os"
 	"os/signal"
@@ -12,6 +11,8 @@ import (
 	"github.com/pkg/errors"
 )
 
+var Version string = "unknown"
+
 func main() {
 	opts := rebound.DefaultOptions()
 
@@ -19,30 +20,21 @@ func main() {
 		log.Fatalf("[ERROR] %+v", errors.WithStack(err))
 	}
 
-	// Global Options
-	address := flag.String("address", opts.Address, "server listening address")
-
-	// SSH Options
-	sockDir := flag.String("ssh-sock-dir", opts.SSH.SockDir, "ssh sock directory")
-	publicPort := flag.Uint("ssh-public-port", opts.SSH.PublicPort, "ssh public port")
-	publicHost := flag.String("ssh-public-host", opts.SSH.PublicHost, "ssh public host")
-	hostKey := flag.String("ssh-host-key", opts.SSH.HostKey, "ssh host key")
-
-	// HTTP Options
-	customDir := flag.String("http-custom-dir", opts.HTTP.CustomDir, "http custom templates/assets directory")
-
-	flag.Parse()
+	opts.HTTP.TemplateData.Version = Version
 
 	server := rebound.NewServer(
-		rebound.WithAddress(*address),
+		rebound.WithAddress(opts.Address),
+		rebound.WithStatsFile(opts.StatsFile),
+		rebound.WithStatsFileSaveInterval(opts.StatsFileSaveInterval),
 		rebound.WithSSHOption(
-			ssh.WithSockDir(*sockDir),
-			ssh.WithPublicHost(*publicHost),
-			ssh.WithPublicPort(*publicPort),
-			ssh.WithHostKey(*hostKey),
+			ssh.WithSockDir(opts.SSH.SockDir),
+			ssh.WithPublicHost(opts.SSH.PublicHost),
+			ssh.WithPublicPort(opts.SSH.PublicPort),
+			ssh.WithHostKey(opts.SSH.HostKey),
 		),
 		rebound.WitHTTPOption(
-			http.WithCustomDir(*customDir),
+			http.WithCustomDir(opts.HTTP.CustomDir),
+			http.WithTemplateData(opts.HTTP.TemplateData),
 		),
 	)
 

http/options.go

@@ -1,10 +1,23 @@
 package http
 
-import "log"
+import (
+	"log"
+
+	"forge.cadoles.com/wpetit/rebound/stat"
+)
 
 type Options struct {
-	Logger    func(message string, args ...any)
-	CustomDir string `env:"CUSTOM_DIR"`
+	Logger       func(message string, args ...any)
+	CustomDir    string        `env:"CUSTOM_DIR"`
+	TemplateData *TemplateData `envPrefix:"TEMPLATE_DATA_"`
+	Stats        *stat.Store
+}
+
+type TemplateData struct {
+	Title         string `env:"TITLE"`
+	Version       string
+	SSHPublicHost string `env:"SSH_PUBLIC_HOST"`
+	SSHPublicPort int    `env:"SSH_PUBLIC_PORT"`
 }
 
 type OptionFunc func(*Options)
@@ -13,6 +26,12 @@ func DefaultOptions() *Options {
 	return &Options{
 		Logger:    log.Printf,
 		CustomDir: "",
+		TemplateData: &TemplateData{
+			Title:         "Rebound",
+			SSHPublicHost: "127.0.0.1",
+			SSHPublicPort: 2222,
+		},
+		Stats: stat.NewStore(),
 	}
 }
 
@@ -27,3 +46,15 @@ func WithCustomDir(customDir string) func(*Options) {
 		opts.CustomDir = customDir
 	}
 }
+
+func WithTemplateData(templateData *TemplateData) func(*Options) {
+	return func(opts *Options) {
+		opts.TemplateData = templateData
+	}
+}
+
+func WithStats(stats *stat.Store) func(*Options) {
+	return func(opts *Options) {
+		opts.Stats = stats
+	}
+}

http/server.go

@@ -3,9 +3,11 @@ package http
 import (
 	"bytes"
 	"embed"
+	"fmt"
 	"html/template"
 	"io"
 	"io/fs"
+	"log/slog"
 	"net"
 	"net/http"
 	"os"
@@ -29,13 +31,44 @@ type Server struct {
 	templates template.Template
 }
 
+var templateFuncs = template.FuncMap{
+	"humanSize": func(b float64) string {
+		const unit = 1000
+		if b < unit {
+			return fmt.Sprintf("%d B", int64(b))
+		}
+
+		div, exp := int64(unit), 0
+
+		for n := b / unit; n >= unit; n /= unit {
+			div *= unit
+			exp++
+		}
+
+		return fmt.Sprintf("%.1f %cB",
+			float64(b)/float64(div), "kMGTPE"[exp])
+	},
+}
+
 func (s *Server) serveHomepage(w http.ResponseWriter, r *http.Request) {
-	data := struct {
-		Title string
-	}{
-		Title: "Rebound",
+	stats, err := s.opts.Stats.Snapshot()
+	if err != nil {
+		slog.Error("could not make stats snapshot", slog.Any("error", errors.WithStack(err)))
+		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+
+		return
 	}
 
+	data := struct {
+		TemplateData
+		Stats map[string]float64
+	}{
+		TemplateData: *s.opts.TemplateData,
+		Stats:        stats,
+	}
+
+	s.opts.Stats.Add(StatTotalPageView, 1, 0)
+
 	s.renderTemplate(w, "index", data)
 }
 
@@ -73,7 +106,7 @@ func (s *Server) Serve(l net.Listener) error {
 }
 
 func (s *Server) parseTemplates(fs fs.FS) error {
-	templates, err := template.ParseFS(fs, "templates/*.html")
+	templates, err := template.New("").Funcs(templateFuncs).ParseFS(fs, "templates/*.html")
 	if err != nil {
 		return errors.WithStack(err)
 	}

http/stats.go

@@ -0,0 +1,5 @@
+package http
+
+const (
+	StatTotalPageView = "total_page_view"
+)

http/templates/footer.html

@@ -2,7 +2,7 @@
 <footer class="footer">
     <div class="container">
         <div class="content has-text-centered">
-            Ce service est propulsé par Rebound, un logiciel libre diffusé sous licence <a href="#">AGPL-3.0</a>.
+            Ce service est propulsé par <a href="https://forge.cadoles.com/wpetit/rebound" title="Rebound repository">rebound@{{ .Version }}</a>, un logiciel libre diffusé sous licence <a href="https://www.gnu.org/licenses/agpl-3.0.en.html#license-text">AGPL-3.0</a>.
         </div>
     </div>
 </footer>

http/templates/index.html

@@ -13,14 +13,46 @@
             <p class="subtitle is-size-3">
                 Bienvenue sur <strong>Rebound</strong>!
             </p>
-            <div class="content">
-                <p>Rebound est un serveur SSH permettant de créer des tunnels TCP/IP éphémères et privés entre 2 machines positionnées
-                    derrière un <abbr title="Network Address Traversal">NAT</abbr>.</p>
-                <p>Pour l'utiliser <strong>un simple client SSH suffit !</strong></p>
-                <pre class="has-background-dark	has-text-white-ter is-family-monospace">ssh -R 0:127.0.0.1:<span class="has-text-info">&lt;port&gt;</span> rebound@rebound.cadol.es</pre>
-                <p class="is-italic">Où <span class="has-text-info">&lt;port&gt;</span> est à remplacer par le port du service
-                    s'exécutant sur votre machine en local.</span>
-                <p>Une fois connecté, suivez les instructions. 😉</p>
+            <div class="block">
+                <div class="content">
+                    <p>Rebound est un serveur SSH permettant de créer des tunnels TCP/IP éphémères et privés entre 2 machines positionnées
+                        derrière un <abbr title="Network Address Traversal">NAT</abbr>.</p>
+                    <p>Pour l'utiliser <strong>un simple client SSH suffit !</strong></p>
+                    <pre class="has-background-dark	has-text-white-ter is-family-monospace">ssh -R 0:127.0.0.1:<span class="has-text-info">&lt;port&gt;</span> rebound@{{ .SSHPublicHost }} -p {{ .SSHPublicPort }}</pre>
+                    <p class="is-italic">Où <span class="has-text-info">&lt;port&gt;</span> est à remplacer par le port du service
+                        s'exécutant sur votre machine en local.</span>
+                    <p>Une fois connecté, suivez les instructions. 😉</p>
+                </div>
+            </div>
+            <hr />
+            <div class="block">
+                <div class="columns">
+                    <div class="column is-4">
+                        <h3 class="title is-size-4">En savoir plus</h3>
+                        <div class="content">
+                            À venir...
+                        </div>
+                    </div>
+                    <div class="column is-4">
+                        <h3 class="title is-size-4">Statistiques</h3>
+                        <table class="table is-bordered is-striped is-fullwidth">
+                            <tbody>
+                                <tr>
+                                    <td><strong>Total tunnels ouverts</strong></td>
+                                    <td>{{ index .Stats "total_opened_tunnels" }}</td>
+                                </tr>
+                                <tr>
+                                    <td><strong>Total données entrantes</strong></td>
+                                    <td>{{ humanSize ( index .Stats "total_rx_bytes" ) }}</td>
+                                </tr>
+                                <tr>
+                                    <td><strong>Total données sortantes</strong></td>
+                                    <td>{{ humanSize ( index .Stats "total_tx_bytes" ) }}</td>
+                                </tr>
+                            </tbody>
+                        </table>
+                    </div>
+                </div>
             </div>
         </div>
     </section>

misc/packaging/common/postinstall-rebound.sh

@@ -0,0 +1,75 @@
+#!/bin/sh
+
+use_systemctl="True"
+systemd_version=0
+if ! command -V systemctl >/dev/null 2>&1; then
+  use_systemctl="False"
+else
+  systemd_version=$(systemctl --version | head -1 | cut -d ' ' -f 2)
+fi
+
+service_name=rebound
+
+cleanup() {
+  if [ "${use_systemctl}" = "False" ]; then
+    rm -f /usr/lib/systemd/system/${service_name}.service
+  else
+    rm -f /etc/chkconfig/${service_name}
+    rm -f /etc/init.d/${service_name}
+  fi
+}
+
+cleanInstall() {
+  printf "\033[32m Post Install of an clean install\033[0m\n"
+  if [ "${use_systemctl}" = "False" ]; then
+    if command -V chkconfig >/dev/null 2>&1; then
+      chkconfig --add ${service_name}
+    fi
+
+    service ${service_name} restart || :
+  else
+    if [[ "${systemd_version}" -lt 231 ]]; then
+      printf "\033[31m systemd version %s is less then 231, fixing the service file \033[0m\n" "${systemd_version}"
+      sed -i "s/=+/=/g" /usr/lib/systemd/system/${service_name}.service
+    fi
+    printf "\033[32m Reload the service unit from disk\033[0m\n"
+    systemctl daemon-reload || :
+    printf "\033[32m Unmask the service\033[0m\n"
+    systemctl unmask ${service_name} || :
+    printf "\033[32m Set the preset flag for the service unit\033[0m\n"
+    systemctl preset ${service_name} || :
+    printf "\033[32m Set the enabled flag for the service unit\033[0m\n"
+    systemctl enable ${service_name} || :
+    systemctl restart ${service_name} || :
+  fi
+}
+
+upgrade() {
+  printf "\033[32m Post Install of an upgrade\033[0m\n"
+  systemctl daemon-reload || :
+  systemctl restart ${service_name} || :
+}
+
+# Step 2, check if this is a clean install or an upgrade
+action="$1"
+if [ "$1" = "configure" ] && [ -z "$2" ]; then
+  action="install"
+elif [ "$1" = "configure" ] && [ -n "$2" ]; then
+  action="upgrade"
+fi
+
+case "$action" in
+"1" | "install")
+  cleanInstall
+  ;;
+"2" | "upgrade")
+  printf "\033[32m Post Install of an upgrade\033[0m\n"
+  upgrade
+  ;;
+*)
+  printf "\033[32m Alpine\033[0m"
+  cleanInstall
+  ;;
+esac
+
+cleanup

misc/packaging/openrc/rebound.conf

@@ -0,0 +1,10 @@
+export REBOUND_ADDRESS=:2222
+export REBOUND_HTTP_CUSTOM_DIR=/etc/rebound/custom
+export REBOUND_SSH_PUBLIC_HOST=rebound
+export REBOUND_SSH_PUBLIC_PORT=2222
+export REBOUND_SSH_SOCK_DIR=/var/lib/rebound/socks
+export REBOUND_SSH_HOST_KEY=/etc/rebound/host.key
+export REBOUND_STATS_FILE=/var/lib/rebound/stats.json
+export REBOUND_HTTP_TEMPLATE_DATA_TITLE=Rebound
+export REBOUND_HTTP_TEMPLATE_DATA_SSH_PUBLIC_HOST=127.0.0.1
+export REBOUND_HTTP_TEMPLATE_DATA_SSH_PUBLIC_PORT=8080

misc/packaging/openrc/rebound.openrc.sh

@@ -0,0 +1,11 @@
+#!/sbin/openrc-run
+  
+command="/usr/bin/rebound"
+command_args=""
+supervisor=supervise-daemon
+output_log="/var/log/rebound.log"
+error_log="$output_log"
+
+depend() {
+    need net
+}

misc/packaging/systemd/rebound.env

@@ -0,0 +1,10 @@
+REBOUND_ADDRESS=:8080
+REBOUND_HTTP_CUSTOM_DIR=/var/lib/rebound/custom
+REBOUND_SSH_PUBLIC_HOST=rebound
+REBOUND_SSH_PUBLIC_PORT=8080
+REBOUND_SSH_SOCK_DIR=/var/lib/rebound/socks
+REBOUND_SSH_HOST_KEY=/var/lib/rebound/host.key
+REBOUND_STATS_FILE=/var/lib/rebound/stats.json
+REBOUND_HTTP_TEMPLATE_DATA_TITLE=Rebound
+REBOUND_HTTP_TEMPLATE_DATA_SSH_PUBLIC_HOST=127.0.0.1
+REBOUND_HTTP_TEMPLATE_DATA_SSH_PUBLIC_PORT=8080

misc/packaging/systemd/rebound.systemd.service

@@ -0,0 +1,35 @@
+[Unit]
+Description=rebound service
+After=network.target
+
+[Service]
+Type=simple
+Restart=on-failure
+EnvironmentFile=/etc/rebound/environ
+ExecStart=/usr/bin/rebound
+EnvironmentFile=/etc/rebound/environ
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+PrivateUsers=yes
+DynamicUser=yes
+StateDirectory=rebound
+DevicePolicy=closed
+ProtectSystem=true
+ProtectHome=read-only
+ProtectKernelLogs=yes
+ProtectProc=invisible
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
+CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH  CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_WAKE_ALARM CAP_SYS_TTY_CONFIG 
+
+[Install]
+WantedBy=multi-user.target

options.go

@@ -2,6 +2,7 @@ package rebound
 
 import (
 	"log"
+	"time"
 
 	"forge.cadoles.com/wpetit/rebound/http"
 	"forge.cadoles.com/wpetit/rebound/ssh"
@@ -10,10 +11,12 @@ import (
 )
 
 type Options struct {
-	Address string `env:"REBOUND_ADDRESS"`
-	Logger  func(message string, args ...any)
-	SSH     *ssh.Options  `envPrefix:"REBOUND_SSH_"`
-	HTTP    *http.Options `envPrefix:"REBOUND_HTTP_"`
+	Address               string        `env:"REBOUND_ADDRESS"`
+	StatsFile             string        `env:"REBOUND_STATS_FILE"`
+	StatsFileSaveInterval time.Duration `env:"REBOUND_STATS_FILE_SAVE_INTERVAL"`
+	Logger                func(message string, args ...any)
+	SSH                   *ssh.Options  `envPrefix:"REBOUND_SSH_"`
+	HTTP                  *http.Options `envPrefix:"REBOUND_HTTP_"`
 }
 
 func (o *Options) ParseEnv() error {
@@ -28,10 +31,12 @@ type OptionFunc func(*Options)
 
 func DefaultOptions() *Options {
 	return &Options{
-		Address: "127.0.0.1:2222",
-		Logger:  log.Printf,
-		SSH:     ssh.DefaultOptions(),
-		HTTP:    http.DefaultOptions(),
+		Address:               "127.0.0.1:2222",
+		StatsFile:             "stats.json",
+		StatsFileSaveInterval: 30 * time.Second,
+		Logger:                log.Printf,
+		SSH:                   ssh.DefaultOptions(),
+		HTTP:                  http.DefaultOptions(),
 	}
 }
 
@@ -49,6 +54,18 @@ func WithLogger(logger func(message string, args ...any)) func(*Options) {
 	}
 }
 
+func WithStatsFile(path string) func(*Options) {
+	return func(o *Options) {
+		o.StatsFile = path
+	}
+}
+
+func WithStatsFileSaveInterval(interval time.Duration) func(*Options) {
+	return func(o *Options) {
+		o.StatsFileSaveInterval = interval
+	}
+}
+
 func WithSSHOption(funcs ...ssh.OptionFunc) func(*Options) {
 	return func(o *Options) {
 		for _, fn := range funcs {

server.go

@@ -1,21 +1,34 @@
 package rebound
 
 import (
+	"log/slog"
 	"net"
+	"os"
+	"time"
 
 	"forge.cadoles.com/wpetit/rebound/http"
 	"forge.cadoles.com/wpetit/rebound/ssh"
+	"forge.cadoles.com/wpetit/rebound/stat"
 	"github.com/pkg/errors"
 )
 
 type Server struct {
 	listener net.Listener
 	opts     *Options
+	stats    *stat.Store
 }
 
 func (s *Server) Start() error {
 	s.log("[INFO] listening on %s", s.opts.Address)
 
+	if err := s.stats.Load(s.opts.StatsFile); err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			s.log("[INFO] stats file does not exist. ignoring.")
+		} else {
+			return errors.WithStack(err)
+		}
+	}
+
 	listener, err := net.Listen("tcp", s.opts.Address)
 	if err != nil {
 		return errors.WithStack(err)
@@ -34,6 +47,7 @@ func (s *Server) Start() error {
 			ssh.WithPublicPort(s.opts.SSH.PublicPort),
 			ssh.WithSockDir(s.opts.SSH.SockDir),
 			ssh.WithLogger(s.opts.SSH.Logger),
+			ssh.WithStats(s.stats),
 		)
 
 		if err := server.Serve(sshListener); err != nil {
@@ -47,7 +61,9 @@ func (s *Server) Start() error {
 
 		server := http.NewServer(
 			http.WithCustomDir(s.opts.HTTP.CustomDir),
+			http.WithTemplateData(s.opts.HTTP.TemplateData),
 			http.WithLogger(s.opts.HTTP.Logger),
+			http.WithStats(s.stats),
 		)
 
 		if err := server.Serve(httpListener); err != nil {
@@ -56,6 +72,23 @@ func (s *Server) Start() error {
 		}
 	}()
 
+	go func() {
+		defer listener.Close()
+
+		ticker := time.NewTicker(s.opts.StatsFileSaveInterval)
+
+		for {
+			<-ticker.C
+
+			slog.Info("saving stats", slog.String("file", s.opts.StatsFile), slog.Duration("interval", s.opts.StatsFileSaveInterval))
+			if err := s.stats.Save(s.opts.StatsFile); err != nil {
+				slog.Error("could not save stat file", slog.Any("error", errors.WithStack(err)))
+
+				return
+			}
+		}
+	}()
+
 	return nil
 }
 
@@ -84,6 +117,7 @@ func NewServer(funcs ...OptionFunc) *Server {
 	}
 
 	return &Server{
-		opts: opts,
+		opts:  opts,
+		stats: stat.NewStore(),
 	}
 }

ssh/direct_tcp_handler.go

@@ -77,7 +77,13 @@ func (s *Server) handleDirectTCP(srv *ssh.Server, conn *gossh.ServerConn, newCha
 		defer dconn.Close()
 		defer ch.Close()
 
-		if _, err := io.Copy(ch, dconn); err != nil {
+		reader := &instrumentedReader{
+			internal: dconn,
+			stats:    s.opts.Stats,
+			name:     StatTotalRxBytes,
+		}
+
+		if _, err := io.Copy(ch, reader); err != nil {
 			if errors.Is(err, net.ErrClosed) {
 				return
 			}
@@ -90,7 +96,13 @@ func (s *Server) handleDirectTCP(srv *ssh.Server, conn *gossh.ServerConn, newCha
 		defer dconn.Close()
 		defer ch.Close()
 
-		if _, err := io.Copy(dconn, ch); err != nil {
+		writer := &instrumentedWriter{
+			internal: dconn,
+			stats:    s.opts.Stats,
+			name:     StatTotalTxBytes,
+		}
+
+		if _, err := io.Copy(writer, ch); err != nil {
 			s.log("[ERROR] %+v", errors.WithStack(err))
 		}
 	}()

ssh/options.go

@@ -1,6 +1,10 @@
 package ssh
 
-import "log"
+import (
+	"log"
+
+	"forge.cadoles.com/wpetit/rebound/stat"
+)
 
 type Options struct {
 	Logger     func(message string, args ...any)
@@ -8,6 +12,7 @@ type Options struct {
 	PublicPort uint   `env:"PUBLIC_PORT"`
 	PublicHost string `env:"PUBLIC_HOST"`
 	HostKey    string `env:"HOST_KEY"`
+	Stats      *stat.Store
 }
 
 type OptionFunc func(*Options)
@@ -19,6 +24,7 @@ func DefaultOptions() *Options {
 		PublicPort: 2222,
 		PublicHost: "127.0.0.1",
 		HostKey:    "./host.key",
+		Stats:      stat.NewStore(),
 	}
 }
 
@@ -51,3 +57,9 @@ func WithLogger(logger func(message string, args ...any)) func(*Options) {
 		opts.Logger = logger
 	}
 }
+
+func WithStats(stats *stat.Store) func(*Options) {
+	return func(opts *Options) {
+		opts.Stats = stats
+	}
+}

ssh/request_handler.go

@@ -80,12 +80,19 @@ func (s *Server) handleRequest(ctx ssh.Context, srv *ssh.Server, req *gossh.Requ
 
 		addr := s.getSocketPath(sessionID)
 
+		if err := s.ensureFileDir(addr); err != nil {
+			s.log("[ERROR] %+v", errors.WithStack(err))
+			return false, []byte("internal server error")
+		}
+
 		ln, err := net.Listen("unix", addr)
 		if err != nil {
 			s.log("[ERROR] %+v", errors.WithStack(err))
 			return false, []byte{}
 		}
 
+		s.opts.Stats.Add(StatTotalOpenedTunnels, 1, 0)
+
 		destPort := 1
 
 		s.requestHandlerLock.Lock()
@@ -200,6 +207,15 @@ func (s *Server) getSocketPath(sessionID SessionID) string {
 	return filepath.Join(s.opts.SockDir, fmt.Sprintf("%s.sock", sessionID))
 }
 
+func (s *Server) ensureFileDir(file string) error {
+	dir := filepath.Dir(file)
+	if err := os.MkdirAll(dir, os.FileMode(0750)); err != nil {
+		return errors.WithStack(err)
+	}
+
+	return nil
+}
+
 func generateToken(length int) (string, error) {
 	chars := []rune(
 		"ABCDEFGHIJKLMNOPQRSTUVWXYZ" +

ssh/stats.go

@@ -0,0 +1,43 @@
+package ssh
+
+import (
+	"io"
+
+	"forge.cadoles.com/wpetit/rebound/stat"
+)
+
+const (
+	StatTotalOpenedTunnels = "total_opened_tunnels"
+	StatTotalTxBytes       = "total_tx_bytes"
+	StatTotalRxBytes       = "total_rx_bytes"
+)
+
+type instrumentedWriter struct {
+	name     string
+	stats    *stat.Store
+	internal io.Writer
+}
+
+// Write implements io.Writer.
+func (w *instrumentedWriter) Write(p []byte) (n int, err error) {
+	n, err = w.internal.Write(p)
+	w.stats.Add(w.name, float64(n), 0)
+	return n, err
+}
+
+var _ io.Writer = &instrumentedWriter{}
+
+type instrumentedReader struct {
+	name     string
+	stats    *stat.Store
+	internal io.Reader
+}
+
+// Read implements io.Reader.
+func (w *instrumentedReader) Read(p []byte) (n int, err error) {
+	n, err = w.internal.Read(p)
+	w.stats.Add(w.name, float64(n), 0)
+	return n, err
+}
+
+var _ io.Reader = &instrumentedReader{}

stat/store.go

@@ -0,0 +1,154 @@
+package stat
+
+import (
+	"encoding/json"
+	"os"
+	"path/filepath"
+	"sync"
+
+	"log/slog"
+
+	"github.com/pkg/errors"
+)
+
+type Store struct {
+	data         sync.Map
+	loadSaveLock sync.Mutex
+}
+
+func (s *Store) Load(path string) error {
+	s.loadSaveLock.Lock()
+	defer s.loadSaveLock.Unlock()
+
+	file, err := os.OpenFile(path, os.O_RDONLY, os.ModePerm)
+	if err != nil {
+		return errors.WithStack(err)
+	}
+
+	decoder := json.NewDecoder(file)
+	data := map[string]any{}
+
+	if err := decoder.Decode(&data); err != nil {
+		return errors.WithStack(err)
+	}
+
+	s.data.Range(func(key, value any) bool {
+		s.data.Delete(key)
+		return true
+	})
+
+	for k, v := range data {
+		s.data.Store(k, v)
+	}
+
+	return nil
+}
+
+func (s *Store) Save(path string) error {
+	s.loadSaveLock.Lock()
+	defer s.loadSaveLock.Unlock()
+
+	data, err := s.Snapshot()
+	if err != nil {
+		return errors.WithStack(err)
+	}
+
+	dir := filepath.Dir(path)
+	filename := filepath.Base(path)
+
+	temp, err := os.CreateTemp(dir, filename+".new*")
+	if err != nil {
+		return errors.WithStack(err)
+	}
+
+	defer func() {
+		if err := os.Remove(temp.Name()); err != nil && !errors.Is(err, os.ErrNotExist) {
+			slog.Error("could not remove temporary file",
+				slog.String("file", temp.Name()),
+				slog.Any("error", errors.WithStack(err)),
+			)
+		}
+	}()
+
+	encoder := json.NewEncoder(temp)
+	if err := encoder.Encode(data); err != nil {
+		return errors.WithStack(err)
+	}
+
+	if err := os.Rename(temp.Name(), path); err != nil {
+		return errors.WithStack(err)
+	}
+
+	return nil
+}
+
+func (s *Store) Snapshot() (map[string]float64, error) {
+	data := map[string]float64{}
+
+	var err error
+	s.data.Range(func(rawKey, rawValue any) bool {
+		key, ok := rawKey.(string)
+		if !ok {
+			err = errors.Errorf("unexpected stat key of '%v'", rawKey)
+
+			return false
+		}
+
+		value, ok := rawValue.(float64)
+		if !ok {
+			err = errors.Errorf("unexpected stat value of '%v'", rawValue)
+
+			return false
+		}
+
+		data[key] = value
+
+		return true
+	})
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return data, nil
+}
+
+func (s *Store) Add(name string, added float64, defaultValue float64) float64 {
+	for {
+		value := s.Get(name, defaultValue)
+		if value == defaultValue {
+			s.data.Store(name, defaultValue)
+		}
+
+		sum := value + added
+		if s.data.CompareAndSwap(name, value, value+added) {
+			return sum
+		}
+	}
+}
+
+func (s *Store) Set(name string, value float64) float64 {
+	s.data.Store(name, value)
+
+	return value
+}
+
+func (s *Store) Get(name string, defaultValue float64) float64 {
+	rawValue, ok := s.data.Load(name)
+	if !ok {
+		return defaultValue
+	}
+
+	value, ok := rawValue.(float64)
+	if !ok {
+		return defaultValue
+	}
+
+	return value
+}
+
+func NewStore() *Store {
+	return &Store{
+		data:         sync.Map{},
+		loadSaveLock: sync.Mutex{},
+	}
+}