TCP and Privileged Ping Fixes (#19)

* Fix nil remote address on premature connection close * Set timeout for unused connections * Add timer to reap connections not used by client * Enable TCP keepalives between client and server * Add timeout to privileged pings * Make TCP keepalive options configurable
sandialabs · Jun 9, 2023 · c8860da · c8860da
1 parent 2d0d7bc
commit c8860da
Show file tree

Hide file tree

Showing 5 changed files with 767 additions and 66 deletions.
diff --git a/src/cmd/serve.go b/src/cmd/serve.go
@@ -9,6 +9,7 @@ import (
 	"os"
 	"strings"
 	"sync"
+	"time"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -28,16 +29,21 @@ import (
 )
 
 type serveCmdConfig struct {
-	configFile       string
-	clientAddr4E2EE  string
-	clientAddr6E2EE  string
-	clientAddr4Relay string
-	clientAddr6Relay string
-	quiet            bool
-	debug            bool
-	simple           bool
-	logging          bool
-	logFile          string
+	configFile        string
+	clientAddr4E2EE   string
+	clientAddr6E2EE   string
+	clientAddr4Relay  string
+	clientAddr6Relay  string
+	quiet             bool
+	debug             bool
+	simple            bool
+	logging           bool
+	logFile           string
+	catchTimeout      uint
+	connTimeout       uint
+	keepaliveIdle     uint
+	keepaliveCount    uint
+	keepaliveInterval uint
 }
 
 type wiretapDefaultConfig struct {
@@ -56,16 +62,21 @@ type wiretapDefaultConfig struct {
 
 // Defaults for serve command.
 var serveCmd = serveCmdConfig{
-	configFile:       "",
-	clientAddr4E2EE:  ClientE2EESubnet4.Addr().Next().String(),
-	clientAddr6E2EE:  ClientE2EESubnet6.Addr().Next().String(),
-	clientAddr4Relay: ClientRelaySubnet4.Addr().Next().Next().String(),
-	clientAddr6Relay: ClientRelaySubnet6.Addr().Next().Next().String(),
-	quiet:            false,
-	debug:            false,
-	simple:           false,
-	logging:          false,
-	logFile:          "wiretap.log",
+	configFile:        "",
+	clientAddr4E2EE:   ClientE2EESubnet4.Addr().Next().String(),
+	clientAddr6E2EE:   ClientE2EESubnet6.Addr().Next().String(),
+	clientAddr4Relay:  ClientRelaySubnet4.Addr().Next().Next().String(),
+	clientAddr6Relay:  ClientRelaySubnet6.Addr().Next().Next().String(),
+	quiet:             false,
+	debug:             false,
+	simple:            false,
+	logging:           false,
+	logFile:           "wiretap.log",
+	catchTimeout:      5 * 1000,
+	connTimeout:       5 * 1000,
+	keepaliveIdle:     60,
+	keepaliveCount:    3,
+	keepaliveInterval: 60,
 }
 
 var wiretapDefault = wiretapDefaultConfig{
@@ -105,6 +116,11 @@ func init() {
 	cmd.Flags().BoolVarP(&serveCmd.simple, "simple", "", serveCmd.simple, "disable multihop and multiclient features for a simpler setup")
 	cmd.Flags().BoolVarP(&serveCmd.logging, "log", "l", serveCmd.logging, "enable logging to file")
 	cmd.Flags().StringVarP(&serveCmd.logFile, "log-file", "o", serveCmd.logFile, "write log to this filename")
+	cmd.Flags().UintVarP(&serveCmd.catchTimeout, "completion-timeout", "", serveCmd.catchTimeout, "time in ms for client to complete TCP connection to server")
+	cmd.Flags().UintVarP(&serveCmd.connTimeout, "conn-timeout", "", serveCmd.connTimeout, "time in ms for server to wait for outgoing TCP handshakes to complete")
+	cmd.Flags().UintVarP(&serveCmd.connTimeout, "keepalive-idle", "", serveCmd.keepaliveIdle, "time in seconds before TCP keepalives are sent to client")
+	cmd.Flags().UintVarP(&serveCmd.connTimeout, "keepalive-interval", "", serveCmd.keepaliveInterval, "time in seconds between TCP keepalives")
+	cmd.Flags().UintVarP(&serveCmd.connTimeout, "keepalive-count", "", serveCmd.keepaliveCount, "number of unacknowledged TCP keepalives before closing connection")
 
 	cmd.Flags().StringVarP(&serveCmd.clientAddr4Relay, "ipv4-relay-client", "", serveCmd.clientAddr4Relay, "ipv4 relay address of client")
 	cmd.Flags().StringVarP(&serveCmd.clientAddr6Relay, "ipv6-relay-client", "", serveCmd.clientAddr6Relay, "ipv6 relay address of client")
@@ -212,6 +228,11 @@ func init() {
 				"api",
 				"keepalive",
 				"mtu",
+				"conn-timeout",
+				"completion-timeout",
+				"keepalive-interval",
+				"keepalive-count",
+				"keepalive-idle",
 			} {
 				err := cmd.Flags().MarkHidden(f)
 				if err != nil {
@@ -298,9 +319,10 @@ func (c serveCmdConfig) Run() {
 			ListenPort: E2EEPort,
 			Peers: []peer.PeerConfigArgs{
 				{
-					PublicKey:  viper.GetString("E2EE.Peer.publickey"),
-					Endpoint:   viper.GetString("E2EE.Peer.endpoint"),
-					AllowedIPs: []string{c.clientAddr4E2EE + "/32", c.clientAddr6E2EE + "/128"},
+					PublicKey:                   viper.GetString("E2EE.Peer.publickey"),
+					Endpoint:                    viper.GetString("E2EE.Peer.endpoint"),
+					AllowedIPs:                  []string{c.clientAddr4E2EE + "/32", c.clientAddr6E2EE + "/128"},
+					PersistentKeepaliveInterval: viper.GetInt("Relay.Peer.keepalive"),
 				},
 			},
 			Addresses: []string{viper.GetString("E2EE.Interface.ipv4") + "/32", viper.GetString("E2EE.Interface.ipv6") + "/128", viper.GetString("E2EE.Interface.api") + "/128"},
@@ -415,11 +437,22 @@ func (c serveCmdConfig) Run() {
 			return tnetE2EE
 		}
 	}()
+
 	// Start transport layer handlers under the e2ee device.
 	wg.Add(1)
 	lock.Lock()
 	go func() {
-		tcp.Handle(transportHandler, ipv4Addr, ipv6Addr, 1337, &lock)
+		config := tcp.TcpConfig{
+			CatchTimeout:      time.Duration(c.catchTimeout) * time.Millisecond,
+			ConnTimeout:       time.Duration(c.connTimeout) * time.Millisecond,
+			KeepaliveIdle:     time.Duration(c.keepaliveIdle) * time.Second,
+			KeepaliveInterval: time.Duration(c.keepaliveInterval) * time.Second,
+			KeepaliveCount:    int(c.keepaliveCount),
+			Ipv4Addr:          ipv4Addr,
+			Ipv6Addr:          ipv6Addr,
+			Port:              1337,
+		}
+		tcp.Handle(transportHandler, config, &lock)
 		wg.Done()
 	}()
 

diff --git a/src/transport/icmp/ping.go b/src/transport/icmp/ping.go
@@ -4,6 +4,7 @@ import (
 	"log"
 	"os/exec"
 	"runtime"
+	"time"
 
 	"github.com/go-ping/ping"
 )
@@ -41,13 +42,19 @@ func (socketPing) ping(addr string) (success bool, err error) {
 		return false, err
 	}
 
+	pinger.RecordRtts = false
+	pinger.Timeout = 1 * time.Second
 	pinger.Count = 1
 	err = pinger.Run()
 	if err != nil {
 		return false, err
 	}
 
-	return true, nil
+	if pinger.PacketsRecv > 0 {
+		return true, nil
+	} else {
+		return false, nil
+	}
 }
 
 // execPing attempts to ping destination address via ping binary on the local machine.