722dde5cfc
The readTimeout field (default 15s) was being applied via xnet.Pipe to both directions of a bidirectional proxy connection. During asymmetric transfers (e.g. HTTP file download), the direction reading from the tunnel sees no data after the initial request is forwarded, causing SetReadDeadline to fire after 15s and abort the entire transfer. Fix: add a separate idleTimeout field (default 0=disabled) to the metadata structs in both forward/local and forward/remote handlers, and switch xnet.Pipe to use idleTimeout instead of readTimeout. The readTimeout field now only applies to the initial protocol sniffing/handshake phase. Also document readTimeout vs idleTimeout semantics across all 24 locations in the x/ module where these timeouts appear: - readTimeout: handshake sniffing deadline (handlers), upstream response header timeout (http.Transport), or transport-level read deadline - idleTimeout: idle read deadline per Pipe direction (0=disabled) - ReadTimeout on Sniffer/SnifferBuilder: upstream response header/TLS handshake read timeout during sniffing
78 lines
2.3 KiB
Go
78 lines
2.3 KiB
Go
package remote
|
|
|
|
import (
|
|
"crypto"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"time"
|
|
|
|
"github.com/go-gost/core/bypass"
|
|
mdata "github.com/go-gost/core/metadata"
|
|
mdutil "github.com/go-gost/x/metadata/util"
|
|
"github.com/go-gost/x/registry"
|
|
)
|
|
|
|
type metadata struct {
|
|
// readTimeout is the deadline for the initial protocol sniffing phase
|
|
// (used by SnifferBuilder.ReadTimeout). After sniffing completes and
|
|
// raw forwarding begins, this timeout no longer applies.
|
|
// Default: 15s.
|
|
readTimeout time.Duration
|
|
// idleTimeout is the idle read timeout applied to each direction of
|
|
// the bidirectional pipe (xnet.Pipe). A value of 0 or negative disables
|
|
// the timeout entirely, relying on TCP keepalives and context
|
|
// cancellation to detect dead connections.
|
|
// Default: 0 (disabled).
|
|
idleTimeout time.Duration
|
|
httpKeepalive bool
|
|
proxyProtocol int
|
|
|
|
sniffing bool
|
|
sniffingTimeout time.Duration
|
|
sniffingWebsocket bool
|
|
sniffingWebsocketSampleRate float64
|
|
|
|
certificate *x509.Certificate
|
|
privateKey crypto.PrivateKey
|
|
alpn string
|
|
mitmBypass bypass.Bypass
|
|
}
|
|
|
|
func (h *forwardHandler) parseMetadata(md mdata.Metadata) (err error) {
|
|
h.md.readTimeout = mdutil.GetDuration(md, "readTimeout")
|
|
if h.md.readTimeout <= 0 {
|
|
h.md.readTimeout = 15 * time.Second
|
|
}
|
|
|
|
h.md.idleTimeout = mdutil.GetDuration(md, "idleTimeout")
|
|
if h.md.idleTimeout < 0 {
|
|
h.md.idleTimeout = 0
|
|
}
|
|
|
|
h.md.httpKeepalive = mdutil.GetBool(md, "http.keepalive")
|
|
h.md.proxyProtocol = mdutil.GetInt(md, "proxyProtocol")
|
|
|
|
h.md.sniffing = mdutil.GetBool(md, "sniffing")
|
|
h.md.sniffingTimeout = mdutil.GetDuration(md, "sniffing.timeout")
|
|
h.md.sniffingWebsocket = mdutil.GetBool(md, "sniffing.websocket")
|
|
h.md.sniffingWebsocketSampleRate = mdutil.GetFloat(md, "sniffing.websocket.sampleRate")
|
|
|
|
certFile := mdutil.GetString(md, "mitm.certFile", "mitm.caCertFile")
|
|
keyFile := mdutil.GetString(md, "mitm.keyFile", "mitm.caKeyFile")
|
|
if certFile != "" && keyFile != "" {
|
|
tlsCert, err := tls.LoadX509KeyPair(certFile, keyFile)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
h.md.certificate, err = x509.ParseCertificate(tlsCert.Certificate[0])
|
|
if err != nil {
|
|
return err
|
|
}
|
|
h.md.privateKey = tlsCert.PrivateKey
|
|
}
|
|
h.md.alpn = mdutil.GetString(md, "mitm.alpn")
|
|
h.md.mitmBypass = registry.BypassRegistry().Get(mdutil.GetString(md, "mitm.bypass"))
|
|
|
|
return
|
|
}
|