Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 51fe935f1f | |||
| 146fac73cf | |||
| 4465cac807 | |||
| 9d7ed21cba | |||
| 54fbe5beac | |||
| 0704853fa2 |
18
changelog.md
18
changelog.md
@ -1,5 +1,23 @@
|
||||
# Changelog
|
||||
|
||||
## 2025-03-10 - 3.30.1 - fix(PortProxy)
|
||||
Improve TLS keep-alive management and fix whitespace formatting
|
||||
|
||||
- Implemented better handling for TLS keep-alive connections after sleep or long inactivity.
|
||||
- Reformatted whitespace for better readability and consistency.
|
||||
|
||||
## 2025-03-08 - 3.30.0 - feat(PortProxy)
|
||||
Add advanced TLS keep-alive handling and system sleep detection
|
||||
|
||||
- Implemented system sleep detection to maintain keep-alive connections.
|
||||
- Enhanced TLS keep-alive connections with extended timeout and sleep detection mechanisms.
|
||||
- Introduced automatic TLS state refresh after system wake-up to prevent connection drops.
|
||||
|
||||
## 2025-03-07 - 3.29.3 - fix(core)
|
||||
Fix functional errors in the proxy setup and enhance pnpm configuration
|
||||
|
||||
- Corrected pnpm configuration to include specific dependencies as 'onlyBuiltDependencies'.
|
||||
|
||||
## 2025-03-07 - 3.29.2 - fix(PortProxy)
|
||||
Fix test for PortProxy handling of custom IPs in Docker/CI environments.
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@push.rocks/smartproxy",
|
||||
"version": "3.29.2",
|
||||
"version": "3.30.1",
|
||||
"private": false,
|
||||
"description": "A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.",
|
||||
"main": "dist_ts/index.js",
|
||||
@ -77,6 +77,11 @@
|
||||
"url": "https://code.foss.global/push.rocks/smartproxy/issues"
|
||||
},
|
||||
"pnpm": {
|
||||
"overrides": {}
|
||||
"overrides": {},
|
||||
"onlyBuiltDependencies": [
|
||||
"esbuild",
|
||||
"mongodb-memory-server",
|
||||
"puppeteer"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
1863
pnpm-lock.yaml
generated
1863
pnpm-lock.yaml
generated
File diff suppressed because it is too large
Load Diff
@ -3,6 +3,6 @@
|
||||
*/
|
||||
export const commitinfo = {
|
||||
name: '@push.rocks/smartproxy',
|
||||
version: '3.29.2',
|
||||
version: '3.30.1',
|
||||
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.'
|
||||
}
|
||||
|
||||
@ -100,6 +100,10 @@ interface IConnectionRecord {
|
||||
// New field for NetworkProxy tracking
|
||||
usingNetworkProxy?: boolean; // Whether this connection is using a NetworkProxy
|
||||
networkProxyIndex?: number; // Which NetworkProxy instance is being used
|
||||
|
||||
// Sleep detection fields
|
||||
possibleSystemSleep?: boolean; // Flag to indicate a possible system sleep was detected
|
||||
lastSleepDetection?: number; // Timestamp of the last sleep detection
|
||||
}
|
||||
|
||||
/**
|
||||
@ -375,8 +379,8 @@ export class PortProxy {
|
||||
|
||||
// Feature flags
|
||||
disableInactivityCheck: settingsArg.disableInactivityCheck || false,
|
||||
enableKeepAliveProbes: settingsArg.enableKeepAliveProbes !== undefined
|
||||
? settingsArg.enableKeepAliveProbes : true, // Enable by default
|
||||
enableKeepAliveProbes:
|
||||
settingsArg.enableKeepAliveProbes !== undefined ? settingsArg.enableKeepAliveProbes : true, // Enable by default
|
||||
enableDetailedLogging: settingsArg.enableDetailedLogging || false,
|
||||
enableTlsDebugLogging: settingsArg.enableTlsDebugLogging || false,
|
||||
enableRandomizedTimeouts: settingsArg.enableRandomizedTimeouts || false, // Disable randomization by default
|
||||
@ -413,15 +417,23 @@ export class PortProxy {
|
||||
serverName?: string
|
||||
): void {
|
||||
// Determine which NetworkProxy to use
|
||||
const proxyIndex = domainConfig.networkProxyIndex !== undefined
|
||||
? domainConfig.networkProxyIndex
|
||||
: 0;
|
||||
const proxyIndex =
|
||||
domainConfig.networkProxyIndex !== undefined ? domainConfig.networkProxyIndex : 0;
|
||||
|
||||
// Validate the NetworkProxy index
|
||||
if (proxyIndex < 0 || proxyIndex >= this.networkProxies.length) {
|
||||
console.log(`[${connectionId}] Invalid NetworkProxy index: ${proxyIndex}. Using fallback direct connection.`);
|
||||
console.log(
|
||||
`[${connectionId}] Invalid NetworkProxy index: ${proxyIndex}. Using fallback direct connection.`
|
||||
);
|
||||
// Fall back to direct connection
|
||||
return this.setupDirectConnection(connectionId, socket, record, domainConfig, serverName, initialData);
|
||||
return this.setupDirectConnection(
|
||||
connectionId,
|
||||
socket,
|
||||
record,
|
||||
domainConfig,
|
||||
serverName,
|
||||
initialData
|
||||
);
|
||||
}
|
||||
|
||||
const networkProxy = this.networkProxies[proxyIndex];
|
||||
@ -437,7 +449,7 @@ export class PortProxy {
|
||||
// Create a connection to the NetworkProxy
|
||||
const proxySocket = plugins.net.connect({
|
||||
host: proxyHost,
|
||||
port: proxyPort
|
||||
port: proxyPort,
|
||||
});
|
||||
|
||||
// Store the outgoing socket in the record
|
||||
@ -475,13 +487,32 @@ export class PortProxy {
|
||||
|
||||
socket.on('close', () => {
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
console.log(`[${connectionId}] Client connection closed after forwarding to NetworkProxy`);
|
||||
console.log(
|
||||
`[${connectionId}] Client connection closed after forwarding to NetworkProxy`
|
||||
);
|
||||
}
|
||||
this.cleanupConnection(record, 'client_closed');
|
||||
});
|
||||
|
||||
// Update activity on data transfer
|
||||
socket.on('data', () => this.updateActivity(record));
|
||||
socket.on('data', (chunk: Buffer) => {
|
||||
this.updateActivity(record);
|
||||
|
||||
// Check for potential TLS renegotiation or reconnection packets
|
||||
if (chunk.length > 0 && chunk[0] === 22) {
|
||||
// ContentType.handshake
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
console.log(
|
||||
`[${connectionId}] Detected potential TLS handshake data while connected to NetworkProxy`
|
||||
);
|
||||
}
|
||||
|
||||
// Let the NetworkProxy handle the TLS renegotiation
|
||||
// Just update the activity timestamp to prevent timeouts
|
||||
record.lastActivity = Date.now();
|
||||
}
|
||||
});
|
||||
|
||||
proxySocket.on('data', () => this.updateActivity(record));
|
||||
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
@ -585,7 +616,9 @@ export class PortProxy {
|
||||
} catch (err) {
|
||||
// Ignore errors - these are optional enhancements
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
console.log(`[${connectionId}] Enhanced TCP keep-alive not supported for outgoing socket: ${err}`);
|
||||
console.log(
|
||||
`[${connectionId}] Enhanced TCP keep-alive not supported for outgoing socket: ${err}`
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -642,7 +675,9 @@ export class PortProxy {
|
||||
// For keep-alive connections, just log a warning instead of closing
|
||||
if (record.hasKeepAlive) {
|
||||
console.log(
|
||||
`[${connectionId}] Timeout event on incoming keep-alive connection from ${record.remoteIP} after ${plugins.prettyMs(
|
||||
`[${connectionId}] Timeout event on incoming keep-alive connection from ${
|
||||
record.remoteIP
|
||||
} after ${plugins.prettyMs(
|
||||
this.settings.socketTimeout || 3600000
|
||||
)}. Connection preserved.`
|
||||
);
|
||||
@ -652,9 +687,9 @@ export class PortProxy {
|
||||
|
||||
// For non-keep-alive connections, proceed with normal cleanup
|
||||
console.log(
|
||||
`[${connectionId}] Timeout on incoming side from ${record.remoteIP} after ${plugins.prettyMs(
|
||||
this.settings.socketTimeout || 3600000
|
||||
)}`
|
||||
`[${connectionId}] Timeout on incoming side from ${
|
||||
record.remoteIP
|
||||
} after ${plugins.prettyMs(this.settings.socketTimeout || 3600000)}`
|
||||
);
|
||||
if (record.incomingTerminationReason === null) {
|
||||
record.incomingTerminationReason = 'timeout';
|
||||
@ -667,7 +702,9 @@ export class PortProxy {
|
||||
// For keep-alive connections, just log a warning instead of closing
|
||||
if (record.hasKeepAlive) {
|
||||
console.log(
|
||||
`[${connectionId}] Timeout event on outgoing keep-alive connection from ${record.remoteIP} after ${plugins.prettyMs(
|
||||
`[${connectionId}] Timeout event on outgoing keep-alive connection from ${
|
||||
record.remoteIP
|
||||
} after ${plugins.prettyMs(
|
||||
this.settings.socketTimeout || 3600000
|
||||
)}. Connection preserved.`
|
||||
);
|
||||
@ -677,9 +714,9 @@ export class PortProxy {
|
||||
|
||||
// For non-keep-alive connections, proceed with normal cleanup
|
||||
console.log(
|
||||
`[${connectionId}] Timeout on outgoing side from ${record.remoteIP} after ${plugins.prettyMs(
|
||||
this.settings.socketTimeout || 3600000
|
||||
)}`
|
||||
`[${connectionId}] Timeout on outgoing side from ${
|
||||
record.remoteIP
|
||||
} after ${plugins.prettyMs(this.settings.socketTimeout || 3600000)}`
|
||||
);
|
||||
if (record.outgoingTerminationReason === null) {
|
||||
record.outgoingTerminationReason = 'timeout';
|
||||
@ -695,7 +732,9 @@ export class PortProxy {
|
||||
targetSocket.setTimeout(0);
|
||||
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
console.log(`[${connectionId}] Disabled socket timeouts for immortal keep-alive connection`);
|
||||
console.log(
|
||||
`[${connectionId}] Disabled socket timeouts for immortal keep-alive connection`
|
||||
);
|
||||
}
|
||||
} else {
|
||||
// Set normal timeouts for other connections
|
||||
@ -725,9 +764,7 @@ export class PortProxy {
|
||||
const combinedData = Buffer.concat(record.pendingData);
|
||||
targetSocket.write(combinedData, (err) => {
|
||||
if (err) {
|
||||
console.log(
|
||||
`[${connectionId}] Error writing pending data to target: ${err.message}`
|
||||
);
|
||||
console.log(`[${connectionId}] Error writing pending data to target: ${err.message}`);
|
||||
return this.initiateCleanupOnce(record, 'write_error');
|
||||
}
|
||||
|
||||
@ -746,7 +783,9 @@ export class PortProxy {
|
||||
? ` (Port-based for domain: ${domainConfig.domains.join(', ')})`
|
||||
: ''
|
||||
}` +
|
||||
` TLS: ${record.isTLS ? 'Yes' : 'No'}, Keep-Alive: ${record.hasKeepAlive ? 'Yes' : 'No'}`
|
||||
` TLS: ${record.isTLS ? 'Yes' : 'No'}, Keep-Alive: ${
|
||||
record.hasKeepAlive ? 'Yes' : 'No'
|
||||
}`
|
||||
);
|
||||
} else {
|
||||
console.log(
|
||||
@ -777,7 +816,9 @@ export class PortProxy {
|
||||
? ` (Port-based for domain: ${domainConfig.domains.join(', ')})`
|
||||
: ''
|
||||
}` +
|
||||
` TLS: ${record.isTLS ? 'Yes' : 'No'}, Keep-Alive: ${record.hasKeepAlive ? 'Yes' : 'No'}`
|
||||
` TLS: ${record.isTLS ? 'Yes' : 'No'}, Keep-Alive: ${
|
||||
record.hasKeepAlive ? 'Yes' : 'No'
|
||||
}`
|
||||
);
|
||||
} else {
|
||||
console.log(
|
||||
@ -831,10 +872,43 @@ export class PortProxy {
|
||||
// For immortal keep-alive connections, skip setting a timeout completely
|
||||
if (record.hasKeepAlive && this.settings.keepAliveTreatment === 'immortal') {
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
console.log(`[${connectionId}] Keep-alive connection with immortal treatment - no max lifetime`);
|
||||
console.log(
|
||||
`[${connectionId}] Keep-alive connection with immortal treatment - no max lifetime`
|
||||
);
|
||||
}
|
||||
// No cleanup timer for immortal connections
|
||||
}
|
||||
// For TLS keep-alive connections, use a very extended timeout
|
||||
else if (record.hasKeepAlive && record.isTLS) {
|
||||
// For TLS keep-alive connections, use a very extended timeout
|
||||
// This helps prevent certificate errors after sleep/wake cycles
|
||||
const tlsKeepAliveTimeout = 14 * 24 * 60 * 60 * 1000; // 14 days for TLS keep-alive
|
||||
const safeTimeout = ensureSafeTimeout(tlsKeepAliveTimeout);
|
||||
|
||||
record.cleanupTimer = setTimeout(() => {
|
||||
console.log(
|
||||
`[${connectionId}] TLS keep-alive connection from ${
|
||||
record.remoteIP
|
||||
} exceeded extended lifetime (${plugins.prettyMs(
|
||||
tlsKeepAliveTimeout
|
||||
)}), forcing cleanup.`
|
||||
);
|
||||
this.initiateCleanupOnce(record, 'tls_extended_lifetime');
|
||||
}, safeTimeout);
|
||||
|
||||
// Make sure timeout doesn't keep the process alive
|
||||
if (record.cleanupTimer.unref) {
|
||||
record.cleanupTimer.unref();
|
||||
}
|
||||
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
console.log(
|
||||
`[${connectionId}] TLS keep-alive connection with enhanced protection, lifetime: ${plugins.prettyMs(
|
||||
tlsKeepAliveTimeout
|
||||
)}`
|
||||
);
|
||||
}
|
||||
}
|
||||
// For extended keep-alive connections, use extended timeout
|
||||
else if (record.hasKeepAlive && this.settings.keepAliveTreatment === 'extended') {
|
||||
const extendedTimeout = this.settings.extendedKeepAliveLifetime || 7 * 24 * 60 * 60 * 1000; // 7 days
|
||||
@ -842,9 +916,9 @@ export class PortProxy {
|
||||
|
||||
record.cleanupTimer = setTimeout(() => {
|
||||
console.log(
|
||||
`[${connectionId}] Keep-alive connection from ${record.remoteIP} exceeded extended lifetime (${plugins.prettyMs(
|
||||
extendedTimeout
|
||||
)}), forcing cleanup.`
|
||||
`[${connectionId}] Keep-alive connection from ${
|
||||
record.remoteIP
|
||||
} exceeded extended lifetime (${plugins.prettyMs(extendedTimeout)}), forcing cleanup.`
|
||||
);
|
||||
this.initiateCleanupOnce(record, 'extended_lifetime');
|
||||
}, safeTimeout);
|
||||
@ -855,20 +929,25 @@ export class PortProxy {
|
||||
}
|
||||
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
console.log(`[${connectionId}] Keep-alive connection with extended lifetime of ${plugins.prettyMs(extendedTimeout)}`);
|
||||
console.log(
|
||||
`[${connectionId}] Keep-alive connection with extended lifetime of ${plugins.prettyMs(
|
||||
extendedTimeout
|
||||
)}`
|
||||
);
|
||||
}
|
||||
}
|
||||
// For standard connections, use normal timeout
|
||||
else {
|
||||
// Use domain-specific timeout if available, otherwise use default
|
||||
const connectionTimeout = record.domainConfig?.connectionTimeout || this.settings.maxConnectionLifetime!;
|
||||
const connectionTimeout =
|
||||
record.domainConfig?.connectionTimeout || this.settings.maxConnectionLifetime!;
|
||||
const safeTimeout = ensureSafeTimeout(connectionTimeout);
|
||||
|
||||
record.cleanupTimer = setTimeout(() => {
|
||||
console.log(
|
||||
`[${connectionId}] Connection from ${record.remoteIP} exceeded max lifetime (${plugins.prettyMs(
|
||||
connectionTimeout
|
||||
)}), forcing cleanup.`
|
||||
`[${connectionId}] Connection from ${
|
||||
record.remoteIP
|
||||
} exceeded max lifetime (${plugins.prettyMs(connectionTimeout)}), forcing cleanup.`
|
||||
);
|
||||
this.initiateCleanupOnce(record, 'connection_timeout');
|
||||
}, safeTimeout);
|
||||
@ -950,6 +1029,100 @@ export class PortProxy {
|
||||
this.terminationStats[side][reason] = (this.terminationStats[side][reason] || 0) + 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Update connection activity timestamp with sleep detection
|
||||
*/
|
||||
private updateActivity(record: IConnectionRecord): void {
|
||||
// Get the current time
|
||||
const now = Date.now();
|
||||
|
||||
// Check if there was a large time gap that suggests system sleep
|
||||
if (record.lastActivity > 0) {
|
||||
const timeDiff = now - record.lastActivity;
|
||||
|
||||
// If time difference is very large (> 30 minutes) and this is a keep-alive connection,
|
||||
// this might indicate system sleep rather than just inactivity
|
||||
if (timeDiff > 30 * 60 * 1000 && record.hasKeepAlive) {
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
console.log(
|
||||
`[${record.id}] Detected possible system sleep for ${plugins.prettyMs(timeDiff)}. ` +
|
||||
`Handling keep-alive connection after long inactivity.`
|
||||
);
|
||||
}
|
||||
|
||||
// For TLS keep-alive connections after sleep/long inactivity, force close
|
||||
// to make browser establish a new connection with fresh certificate context
|
||||
if (record.isTLS && record.tlsHandshakeComplete) {
|
||||
if (timeDiff > 4 * 60 * 60 * 1000) {
|
||||
// If inactive for more than 4 hours
|
||||
console.log(
|
||||
`[${record.id}] TLS connection inactive for ${plugins.prettyMs(timeDiff)}. ` +
|
||||
`Closing to force new connection with fresh certificate.`
|
||||
);
|
||||
return this.initiateCleanupOnce(record, 'certificate_refresh_needed');
|
||||
} else {
|
||||
// For shorter inactivity periods, try to refresh the TLS state
|
||||
this.refreshTlsStateAfterSleep(record);
|
||||
}
|
||||
}
|
||||
|
||||
// Mark that we detected sleep
|
||||
record.possibleSystemSleep = true;
|
||||
record.lastSleepDetection = now;
|
||||
}
|
||||
}
|
||||
|
||||
// Update the activity timestamp
|
||||
record.lastActivity = now;
|
||||
|
||||
// Clear any inactivity warning
|
||||
if (record.inactivityWarningIssued) {
|
||||
record.inactivityWarningIssued = false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Refresh TLS state after sleep detection
|
||||
*/
|
||||
private refreshTlsStateAfterSleep(record: IConnectionRecord): void {
|
||||
// Skip if we're using a NetworkProxy as it handles its own TLS state
|
||||
if (record.usingNetworkProxy) {
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
// For outgoing connections that might need to be refreshed
|
||||
if (record.outgoing && !record.outgoing.destroyed) {
|
||||
// Check how long this connection has been established
|
||||
const connectionAge = Date.now() - record.incomingStartTime;
|
||||
const hourInMs = 60 * 60 * 1000;
|
||||
|
||||
// For TLS browser connections that are very old, it's better to force a new connection
|
||||
// rather than trying to refresh the state, to avoid certificate issues
|
||||
if (record.isTLS && record.hasKeepAlive && connectionAge > 12 * hourInMs) {
|
||||
console.log(
|
||||
`[${record.id}] Long-lived TLS connection (${plugins.prettyMs(connectionAge)}). ` +
|
||||
`Closing to ensure proper certificate handling on browser reconnect.`
|
||||
);
|
||||
return this.initiateCleanupOnce(record, 'certificate_context_refresh');
|
||||
}
|
||||
|
||||
// For newer connections, try to send a refresh packet
|
||||
record.outgoing.write(Buffer.alloc(0));
|
||||
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
console.log(`[${record.id}] Sent refresh packet after sleep detection`);
|
||||
}
|
||||
}
|
||||
} catch (err) {
|
||||
console.log(`[${record.id}] Error refreshing TLS state: ${err}`);
|
||||
|
||||
// If we hit an error, it's likely the connection is already broken
|
||||
// Force cleanup to ensure browser reconnects cleanly
|
||||
return this.initiateCleanupOnce(record, 'tls_refresh_error');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Cleans up a connection record.
|
||||
* Destroys both incoming and outgoing sockets, clears timers, and removes the record.
|
||||
@ -1047,7 +1220,9 @@ export class PortProxy {
|
||||
` Duration: ${plugins.prettyMs(
|
||||
duration
|
||||
)}, Bytes IN: ${bytesReceived}, OUT: ${bytesSent}, ` +
|
||||
`TLS: ${record.isTLS ? 'Yes' : 'No'}, Keep-Alive: ${record.hasKeepAlive ? 'Yes' : 'No'}` +
|
||||
`TLS: ${record.isTLS ? 'Yes' : 'No'}, Keep-Alive: ${
|
||||
record.hasKeepAlive ? 'Yes' : 'No'
|
||||
}` +
|
||||
`${record.usingNetworkProxy ? `, NetworkProxy: ${record.networkProxyIndex}` : ''}`
|
||||
);
|
||||
} else {
|
||||
@ -1058,18 +1233,6 @@ export class PortProxy {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Update connection activity timestamp
|
||||
*/
|
||||
private updateActivity(record: IConnectionRecord): void {
|
||||
record.lastActivity = Date.now();
|
||||
|
||||
// Clear any inactivity warning
|
||||
if (record.inactivityWarningIssued) {
|
||||
record.inactivityWarningIssued = false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get target IP with round-robin support
|
||||
*/
|
||||
@ -1091,7 +1254,10 @@ export class PortProxy {
|
||||
console.log(`[${record.id}] Connection cleanup initiated for ${record.remoteIP} (${reason})`);
|
||||
}
|
||||
|
||||
if (record.incomingTerminationReason === null || record.incomingTerminationReason === undefined) {
|
||||
if (
|
||||
record.incomingTerminationReason === null ||
|
||||
record.incomingTerminationReason === undefined
|
||||
) {
|
||||
record.incomingTerminationReason = reason;
|
||||
this.incrementTerminationStat('incoming', reason);
|
||||
}
|
||||
@ -1245,7 +1411,10 @@ export class PortProxy {
|
||||
outgoingTerminationReason: null,
|
||||
|
||||
// Initialize NetworkProxy tracking fields
|
||||
usingNetworkProxy: false
|
||||
usingNetworkProxy: false,
|
||||
|
||||
// Initialize sleep detection fields
|
||||
possibleSystemSleep: false,
|
||||
};
|
||||
|
||||
// Apply keep-alive settings if enabled
|
||||
@ -1266,7 +1435,9 @@ export class PortProxy {
|
||||
} catch (err) {
|
||||
// Ignore errors - these are optional enhancements
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
console.log(`[${connectionId}] Enhanced TCP keep-alive settings not supported: ${err}`);
|
||||
console.log(
|
||||
`[${connectionId}] Enhanced TCP keep-alive settings not supported: ${err}`
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1706,11 +1877,54 @@ export class PortProxy {
|
||||
}
|
||||
|
||||
// Skip inactivity check if disabled or for immortal keep-alive connections
|
||||
if (!this.settings.disableInactivityCheck &&
|
||||
!(record.hasKeepAlive && this.settings.keepAliveTreatment === 'immortal')) {
|
||||
|
||||
if (
|
||||
!this.settings.disableInactivityCheck &&
|
||||
!(record.hasKeepAlive && this.settings.keepAliveTreatment === 'immortal')
|
||||
) {
|
||||
const inactivityTime = now - record.lastActivity;
|
||||
|
||||
// Special handling for TLS keep-alive connections
|
||||
if (
|
||||
record.hasKeepAlive &&
|
||||
record.isTLS &&
|
||||
inactivityTime > this.settings.inactivityTimeout! / 2
|
||||
) {
|
||||
// For TLS keep-alive connections that are getting stale, try to refresh before closing
|
||||
if (!record.inactivityWarningIssued) {
|
||||
console.log(
|
||||
`[${id}] TLS keep-alive connection from ${
|
||||
record.remoteIP
|
||||
} inactive for ${plugins.prettyMs(inactivityTime)}. ` +
|
||||
`Attempting to preserve connection.`
|
||||
);
|
||||
|
||||
// Set warning flag but give a much longer grace period for TLS connections
|
||||
record.inactivityWarningIssued = true;
|
||||
|
||||
// For TLS connections, extend the last activity time considerably
|
||||
// This gives browsers more time to re-establish the connection properly
|
||||
record.lastActivity = now - this.settings.inactivityTimeout! / 3;
|
||||
|
||||
// Try to stimulate the connection with a probe packet
|
||||
if (record.outgoing && !record.outgoing.destroyed) {
|
||||
try {
|
||||
// For TLS connections, send a proper TLS heartbeat-like packet
|
||||
// This is just a small empty buffer that won't affect the TLS session
|
||||
record.outgoing.write(Buffer.alloc(0));
|
||||
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
console.log(`[${id}] Sent TLS keep-alive probe packet`);
|
||||
}
|
||||
} catch (err) {
|
||||
console.log(`[${id}] Error sending TLS probe packet: ${err}`);
|
||||
}
|
||||
}
|
||||
|
||||
// Don't proceed to the normal inactivity check logic
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
// Use extended timeout for extended-treatment keep-alive connections
|
||||
let effectiveTimeout = this.settings.inactivityTimeout!;
|
||||
if (record.hasKeepAlive && this.settings.keepAliveTreatment === 'extended') {
|
||||
@ -1722,7 +1936,9 @@ export class PortProxy {
|
||||
// For keep-alive connections, issue a warning first
|
||||
if (record.hasKeepAlive && !record.inactivityWarningIssued) {
|
||||
console.log(
|
||||
`[${id}] Warning: Keep-alive connection from ${record.remoteIP} inactive for ${plugins.prettyMs(inactivityTime)}. ` +
|
||||
`[${id}] Warning: Keep-alive connection from ${
|
||||
record.remoteIP
|
||||
} inactive for ${plugins.prettyMs(inactivityTime)}. ` +
|
||||
`Will close in 10 minutes if no activity.`
|
||||
);
|
||||
|
||||
@ -1742,6 +1958,33 @@ export class PortProxy {
|
||||
console.log(`[${id}] Error sending probe packet: ${err}`);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// MODIFIED: For TLS connections, be more lenient before closing
|
||||
// For TLS browser connections, we need to handle certificate context properly
|
||||
if (record.isTLS && record.hasKeepAlive) {
|
||||
// For very long inactivity, it's better to close the connection
|
||||
// so the browser establishes a new one with a fresh certificate context
|
||||
if (inactivityTime > 6 * 60 * 60 * 1000) {
|
||||
// 6 hours
|
||||
console.log(
|
||||
`[${id}] TLS keep-alive connection from ${
|
||||
record.remoteIP
|
||||
} inactive for ${plugins.prettyMs(inactivityTime)}. ` +
|
||||
`Closing to ensure proper certificate handling on browser reconnect.`
|
||||
);
|
||||
this.cleanupConnection(record, 'tls_certificate_refresh');
|
||||
} else {
|
||||
// For shorter inactivity periods, add grace period
|
||||
console.log(
|
||||
`[${id}] TLS keep-alive connection from ${
|
||||
record.remoteIP
|
||||
} inactive for ${plugins.prettyMs(inactivityTime)}. ` +
|
||||
`Adding extra grace period.`
|
||||
);
|
||||
|
||||
// Give additional time for browsers to reconnect properly
|
||||
record.lastActivity = now - effectiveTimeout / 2;
|
||||
}
|
||||
} else {
|
||||
// For non-keep-alive or after warning, close the connection
|
||||
console.log(
|
||||
@ -1751,10 +1994,13 @@ export class PortProxy {
|
||||
);
|
||||
this.cleanupConnection(record, 'inactivity');
|
||||
}
|
||||
}
|
||||
} else if (inactivityTime <= effectiveTimeout && record.inactivityWarningIssued) {
|
||||
// If activity detected after warning, clear the warning
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
console.log(`[${id}] Connection activity detected after inactivity warning, resetting warning`);
|
||||
console.log(
|
||||
`[${id}] Connection activity detected after inactivity warning, resetting warning`
|
||||
);
|
||||
}
|
||||
record.inactivityWarningIssued = false;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user