fix(smartproxy): Correct NFTables forwarding handling to avoid premature connection termination and add comprehensive tests
This commit is contained in:
@ -3,6 +3,6 @@
|
||||
*/
|
||||
export const commitinfo = {
|
||||
name: '@push.rocks/smartproxy',
|
||||
version: '19.3.4',
|
||||
version: '19.3.5',
|
||||
description: 'A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.'
|
||||
}
|
||||
|
||||
@ -339,21 +339,6 @@ export class RouteConnectionHandler {
|
||||
);
|
||||
}
|
||||
|
||||
// Check if this route uses NFTables for forwarding
|
||||
if (route.action.forwardingEngine === 'nftables') {
|
||||
// For NFTables routes, we don't need to do anything at the application level
|
||||
// The packet is forwarded at the kernel level
|
||||
|
||||
// Log the connection
|
||||
console.log(
|
||||
`[${connectionId}] Connection forwarded by NFTables: ${record.remoteIP} -> port ${record.localPort}`
|
||||
);
|
||||
|
||||
// Just close the socket in our application since it's handled at kernel level
|
||||
socket.end();
|
||||
this.connectionManager.cleanupConnection(record, 'nftables_handled');
|
||||
return;
|
||||
}
|
||||
|
||||
// Handle the route based on its action type
|
||||
switch (route.action.type) {
|
||||
@ -391,10 +376,13 @@ export class RouteConnectionHandler {
|
||||
|
||||
// Check if this route uses NFTables for forwarding
|
||||
if (action.forwardingEngine === 'nftables') {
|
||||
// Log detailed information about NFTables-handled connection
|
||||
// NFTables handles packet forwarding at the kernel level
|
||||
// The application should NOT interfere with these connections
|
||||
|
||||
// Just log the connection for monitoring purposes
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
console.log(
|
||||
`[${record.id}] Connection forwarded by NFTables (kernel-level): ` +
|
||||
`[${record.id}] NFTables forwarding (kernel-level): ` +
|
||||
`${record.remoteIP}:${socket.remotePort} -> ${socket.localAddress}:${record.localPort}` +
|
||||
` (Route: "${route.name || 'unnamed'}", Domain: ${record.lockedDomain || 'n/a'})`
|
||||
);
|
||||
@ -420,14 +408,8 @@ export class RouteConnectionHandler {
|
||||
}
|
||||
}
|
||||
|
||||
// This connection is handled at the kernel level, no need to process at application level
|
||||
// Close the socket gracefully in our application layer
|
||||
socket.end();
|
||||
|
||||
// Mark the connection as handled by NFTables for proper cleanup
|
||||
record.nftablesHandled = true;
|
||||
this.connectionManager.initiateCleanupOnce(record, 'nftables_handled');
|
||||
return;
|
||||
// For NFTables routes, continue processing the connection normally
|
||||
// since the packet forwarding happens transparently at the kernel level
|
||||
}
|
||||
|
||||
// We should have a target configuration for forwarding
|
||||
|
||||
Reference in New Issue
Block a user