Merge pull request #983 from openziti/handle.failed.tcp.conns.before.…

…ziti.dial Handle failed tcp conns before ziti dial
openziti · Sep 21, 2024 · 71538f9 · 71538f9
2 parents 8b9f046 + 714f0b9
commit 71538f9
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 6 deletions.
diff --git a/lib/ziti-tunnel-cbs/ziti_tunnel_cbs.c b/lib/ziti-tunnel-cbs/ziti_tunnel_cbs.c
@@ -599,6 +599,7 @@ static void ziti_conn_close_cb(ziti_connection zc) {
     }
     if (io->ziti_io) {
         free(io->ziti_io);
+        io->ziti_io = NULL;
     }
     ziti_tunneler_close(io->tnlr_io);
     free(io);

diff --git a/lib/ziti-tunnel/tunnel_tcp.c b/lib/ziti-tunnel/tunnel_tcp.c
@@ -184,10 +184,10 @@ static void on_tcp_client_err(void *io_ctx, err_t err) {
         const char *client = "<unknown>";
         if (io->tnlr_io != NULL) {
             client = io->tnlr_io->client;
+            // null our pcb so tunneler_tcp_close doesn't try to close it.
+            io->tnlr_io->tcp = NULL;
         }
         TNL_LOG(ERR, "client=%s err=%d, terminating connection", client, err);
-        // null our pcb so tunneler_tcp_close doesn't try to close it.
-        io->tnlr_io->tcp = NULL;
         io->close_fn(io->ziti_io);
     }
 }
@@ -249,11 +249,12 @@ int tunneler_tcp_close(struct tcp_pcb *pcb) {
         return 0;
     }
     LOG_STATE(DEBUG, "closing", pcb);
+    tcp_arg(pcb, NULL);
+    tcp_recv(pcb, NULL);
+    tcp_err(pcb, NULL);
     if (pcb->state == CLOSED) {
         return 0;
     }
-    tcp_arg(pcb, NULL);
-    tcp_recv(pcb, NULL);
     if (pcb->state < ESTABLISHED) {
         TNL_LOG(DEBUG, "closing connection before handshake complete. sending RST to client");
         tcp_abandon(pcb, 1);
@@ -275,14 +276,18 @@ void tunneler_tcp_dial_completed(struct io_ctx_s *io, bool ok) {
     }
 
     struct tcp_pcb *pcb = io->tnlr_io->tcp;
-    tcp_arg(pcb, io);
+    if (pcb == NULL) {
+        TNL_LOG(ERR, "tcp connection with %s is no longer viable", io->tnlr_io->client);
+        // no need to close the ziti side here, since it was done in the tcp error callback.
+        return;
+    }
+
     if (!ok) {
         TNL_LOG(VERBOSE, "ziti dial failed. not sending SYN to client.");
         return;
     }
     ip_set_option(pcb, SOF_KEEPALIVE);
     tcp_recv(pcb, on_tcp_client_data);
-    tcp_err(pcb, on_tcp_client_err);
 
     /* Send a SYN|ACK together with the MSS option. */
     err_t rc = tcp_enqueue_flags(pcb, TCP_SYN | TCP_ACK);
@@ -426,6 +431,9 @@ u8_t recv_tcp(void *tnlr_ctx_arg, struct raw_pcb *pcb, struct pbuf *p, const ip_
     io->close_write_fn = intercept_ctx->close_write_fn ? intercept_ctx->close_write_fn : tnlr_ctx->opts.ziti_close_write;
     io->close_fn = intercept_ctx->close_fn ? intercept_ctx->close_fn : tnlr_ctx->opts.ziti_close;
 
+    tcp_err(npcb, on_tcp_client_err);
+    tcp_arg(npcb, io);
+
     TNL_LOG(DEBUG, "intercepted address[%s] client[%s] service[%s]", io->tnlr_io->intercepted, io->tnlr_io->client,
             intercept_ctx->service_name);
     void *ziti_io_ctx = zdial(intercept_ctx->app_intercept_ctx, io);