search

rapiz1 / rathole

A lightweight and high-performance reverse proxy for NAT traversal, written in Rust. An alternative to frp and ngrok.
Apache License 2.0
8.8k stars 440 forks source link

TCP connection floods overwhelm the client #367

Open zzzorgo opened 3 weeks ago

zzzorgo commented 3 weeks ago

Describe the bug One of my rathole clients (not sure about the others) creates a lot of TCP connections without closing them. The half of the connections are in CLOSE_WAIT state and the other half in ESTABLISHED. This could be as bad as 1300+ simultaneous TCP connections for only two services.

To Reproduce Steps to reproduce the behavior:

  1. Start the server and the client
  2. Wait for about 24 hours

Configuration Configuration used to reproduce the behavior:

# client.toml
[client]
remote_addr = "XXXX:XXXX"

[client.transport]
type = "tls"

[client.transport.tls]
trusted_root = "XXXX.pem"

[client.services.local_balancer]
token = "XXXX"
local_addr = "127.0.0.1:8081"

[client.services.local_ssh]
token = "XXXX"
local_addr = "127.0.0.1:22"
# server.toml
[server]
bind_addr = "XXXX:XXXX"

[server.transport]
type = "tls"

[server.transport.tls]
pkcs12 = "XXXX.pfx"
pkcs12_password = "XXXX"

[server.services.local_balancer]
token = "XXXX"
bind_addr = "0.0.0.0:64115"

[server.services.local_ssh]
token = "XXXX"
bind_addr = "0.0.0.0:64116"

[server.services.local_balancer_bryansk]
token = "XXXX"
bind_addr = "0.0.0.0:64117"

[server.services.local_ssh_bryansk]
token = "XXXX"
bind_addr = "0.0.0.0:64118"

Logs Rathole log log.txt

Netstat output when the flood is there netstat.log

Netstat output after rathole process restarting netstat-after-restarting.log

Environment: