WAF和其他请求关闭连接时更加快速

2025-11-03 23:20:25 +08:00 · 2022-08-27 10:49:16 +08:00
parent b2a9a31fe5
commit 18f08525b9
3 changed files with 28 additions and 15 deletions
--- a/internal/nodes/client_conn.go
+++ b/internal/nodes/client_conn.go
@@ -36,25 +36,23 @@ type ClientConn struct {
 	hasResetSYNFlood bool
 }

-func NewClientConn(conn net.Conn, isTLS bool, quickClose bool) net.Conn {
-	if quickClose {
-		// TCP
-		tcpConn, ok := conn.(*net.TCPConn)
-		if ok {
-			// TODO 可以在配置中设置此值
-			_ = tcpConn.SetLinger(nodeconfigs.DefaultTCPLinger)
-		}
-	}
-
+func NewClientConn(rawConn net.Conn, isTLS bool, quickClose bool) net.Conn {
 	// 是否为环路
-	var remoteAddr = conn.RemoteAddr().String()
+	var remoteAddr = rawConn.RemoteAddr().String()
 	var isLO = strings.HasPrefix(remoteAddr, "127.0.0.1:") || strings.HasPrefix(remoteAddr, "[::1]:")

-	return &ClientConn{
-		BaseClientConn: BaseClientConn{rawConn: conn},
+	var conn = &ClientConn{
+		BaseClientConn: BaseClientConn{rawConn: rawConn},
 		isTLS:          isTLS,
 		isLO:           isLO,
 	}
+
+	if quickClose {
+		// TODO 可以在配置中设置此值
+		_ = conn.SetLinger(nodeconfigs.DefaultTCPLinger)
+	}
+
+	return conn
 }

 func (this *ClientConn) Read(b []byte) (n int, err error) {
@@ -177,6 +175,11 @@ func (this *ClientConn) increaseSYNFlood(synFloodConfig *firewallconfigs.SYNFloo
 			if timeout <= 0 {
 				timeout = 600
 			}
+
+			// 关闭当前连接
+			_ = this.SetLinger(0)
+			_ = this.Close()
+
 			waf.SharedIPBlackList.RecordIP(waf.IPTypeAll, firewallconfigs.FirewallScopeGlobal, 0, ip, time.Now().Unix()+int64(timeout), 0, true, 0, 0, "疑似SYN Flood攻击，当前1分钟"+types.String(result)+"次空连接")
 		}
 	}
--- a/internal/nodes/client_conn_base.go
+++ b/internal/nodes/client_conn_base.go
@@ -95,7 +95,12 @@ func (this *BaseClientConn) TCPConn() (tcpConn *net.TCPConn, ok bool) {
 	// 设置包装前连接
 	switch conn := this.rawConn.(type) {
 	case *tls.Conn:
-		tcpConn, ok = conn.NetConn().(*net.TCPConn)
+		var internalConn = conn.NetConn()
+		clientConn, ok := internalConn.(*ClientConn)
+		if ok {
+			return clientConn.TCPConn()
+		}
+		tcpConn, ok = internalConn.(*net.TCPConn)
 	default:
 		tcpConn, ok = this.rawConn.(*net.TCPConn)
 	}
--- a/internal/nodes/http_request.go
+++ b/internal/nodes/http_request.go
@@ -1428,11 +1428,16 @@ func (this *HTTPRequest) Done() {
 func (this *HTTPRequest) Close() {
 	this.Done()

-	requestConn := this.RawReq.Context().Value(HTTPConnContextKey)
+	var requestConn = this.RawReq.Context().Value(HTTPConnContextKey)
 	if requestConn == nil {
 		return
 	}

+	lingerConn, ok := requestConn.(LingerConn)
+	if ok {
+		_ = lingerConn.SetLinger(0)
+	}
+
 	conn, ok := requestConn.(net.Conn)
 	if ok {
 		_ = conn.Close()