Add accept timeouts for public and private proxies and ensure connect…

…ions that are not accepted by the private proxy are closed after some time.
iris-connect · Oct 8, 2021 · 4ea0a5f · 4ea0a5f
1 parent 41aa921
commit 4ea0a5f
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 1 deletion.
diff --git a/proxy/forms.go b/proxy/forms.go
@@ -123,6 +123,13 @@ var InternalEndpointForm = forms.Form{
 				forms.IsString{},
 			},
 		},
+		{
+			Name: "timeout",
+			Validators: []forms.Validator{
+				forms.IsOptional{Default: 30.0},
+				forms.IsFloat{HasMin: true, Min: 0, HasMax: true, Max: 3000},
+			},
+		},
 	},
 }
 
@@ -223,5 +230,12 @@ var PublicSettingsForm = forms.Form{
 				},
 			},
 		},
+		{
+			Name: "accept_timeout",
+			Validators: []forms.Validator{
+				forms.IsOptional{Default: 10.0},
+				forms.IsFloat{HasMin: true, Min: 0, HasMax: true, Max: 3000},
+			},
+		},
 	},
 }
diff --git a/proxy/private_server.go b/proxy/private_server.go
@@ -278,7 +278,7 @@ func (p *ProxyConnection) TerminateTLS(proxyConnection net.Conn) error {
 		defer server.Stop()
 		select {
 		case <-done:
-		case <-time.After(5 * time.Second):
+		case <-time.After(time.Duration(p.settings.Timeout) * time.Second):
 			break
 			return fmt.Errorf("timeout handling request")
 		}

diff --git a/proxy/public_server.go b/proxy/public_server.go
@@ -514,6 +514,23 @@ func (s *PublicServer) handleTlsConnection(conn net.Conn) {
 		s.tlsHellos[randomStr] = buf[:reqLen]
 		s.mutex.Unlock()
 
+		go func() {
+			time.Sleep(time.Duration(s.settings.AcceptTimeout) * time.Second)
+			s.mutex.Lock()
+			defer s.mutex.Unlock()
+			// connection still waiting, we close it
+			if conn, ok := s.tlsConnections[randomStr]; ok {
+				eps.Log.Warningf("TLS connection not accepted in time by private proxy, closing it...")
+				if err := conn.Close(); err != nil {
+					eps.Log.Error(err)
+				}
+				delete(s.tlsConnections, randomStr)
+				delete(s.tlsHellos, randomStr)
+			} else {
+				eps.Log.Debugf("Connection accepted...")
+			}
+		}()
+
 		// we tell the internal proxy about an incoming connection
 		request := jsonrpc.MakeRequest(fmt.Sprintf("%s.incomingConnection", announcement.Operator), "", map[string]interface{}{
 			"domain":   hostName,

diff --git a/proxy/settings.go b/proxy/settings.go
@@ -49,6 +49,7 @@ type PublicServerSettings struct {
 	JSONRPCClient       *jsonrpc.JSONRPCClientSettings `json:"jsonrpc_client"`
 	JSONRPCServer       *jsonrpc.JSONRPCServerSettings `json:"jsonrpc_server`
 	TCPRateLimits       []*net.RateLimit               `json:"tcp_rate_limits"`
+	AcceptTimeout       float64                        `json:"accept_timeout"`
 }
 
 type PublicAnnouncement struct {
@@ -74,6 +75,7 @@ type InternalEndpointSettings struct {
 	TLS           *tls.TLSSettings               `json:"tls"`
 	JSONRPCClient *jsonrpc.JSONRPCClientSettings `json:"jsonrpc_client"`
 	JSONRPCPath   string                         `json:"jsonrpc_path"`
+	Timeout       float64                        `json:"timeout"`
 }
 
 type PrivateServerSettings struct {