resource leak of udp socket

jpillora / chisel

A fast TCP/UDP tunnel over HTTP

MIT License

13.66k stars 1.41k forks source link

resource leak of udp socket #309

Open chenthanks opened 3 years ago

chenthanks commented 3 years ago

There are two bugs in func (h udpHandler) handleWrite(p udpPacket) error in file tunnel_out_ssh_udp.go: 1.forget to close udp connection, causing resource leak. 2.The limit of udp connection is 100. Iff it received 200 connection in 15s, the 200 connections are also add to the map udpConns.m, and 100 connection of them will have no chance to be removed from the map.

jpillora commented 3 years ago

Yea they should time out though

I wonder how NAT (port mapping tables) solve this problem…

On Sun, 14 Nov 2021 at 5:27 pm chenthanks @.***> wrote:

There are two bugs in func (h udpHandler) handleWrite(p udpPacket) error in file tunnel_out_ssh_udp.go: 1.forget to close udp connection, causing resource leak. 2.The limit of udp connection is 100. Iff it received 200 connection in 15s, the 200 connections are also add to the map udpConns.m, and 100 connection of them will have no chance to be removed from the map.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jpillora/chisel/issues/309, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE2X4744PKBZ4BVWIQXADTUL5JEBANCNFSM5H7P5W7A .

chenthanks commented 3 years ago

whether removal of the connection limit is feasible? it's simple, but works: func (s *L1Proxy) handleUdpProbeStream(us UdpStream) { ...... if !exists { go h.handleRead(p, conn) } ...... }

func (h udpHandler) handleRead(p udpPacket, conn *udpConn) { //ensure connection is cleaned up defer func () {h.udpConns.remove(conn.id); conn.Close()} () ...... }

jpillora commented 3 years ago

Udp is stateless so read simply wait until timeout, so forget mapping after each read? Can the sender send 2 packets at the mapped port?

On Mon, 15 Nov 2021 at 1:09 am chenthanks @.***> wrote:

whether removal of the connection limit is feasible? it's simple, but works: func (s *L1Proxy) handleUdpProbeStream(us UdpStream) { ...... if !exists { go h.handleRead(p, conn) } ...... }

func (h udpHandler) handleRead(p udpPacket, conn *udpConn) { //ensure connection is cleaned up defer func () {h.udpConns.remove(conn.id); conn.Close()} () ...... }

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/jpillora/chisel/issues/309#issuecomment-968297850, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE2X46V22ZV6X7NIMLBS33UL67IDANCNFSM5H7P5W7A .