TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-11-04 16:00:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

WAF和其他请求关闭连接时更加快速

Browse Source
This commit is contained in:
GoEdgeLab
2022-08-27 10:49:16 +08:00
parent 328ae09ce7
commit e413adb1b0
3 changed files with 28 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
internal/nodes/client_conn.go
View File

@@ -36,25 +36,23 @@ type ClientConn struct {
hasResetSYNFlood bool hasResetSYNFlood bool
} }
func NewClientConn(conn net.Conn, isTLS bool, quickClose bool) net.Conn { func NewClientConn(rawConn net.Conn, isTLS bool, quickClose bool) net.Conn {
if quickClose {
// TCP
tcpConn, ok := conn.(*net.TCPConn)
if ok {
// TODO 可以在配置中设置此值
_ = tcpConn.SetLinger(nodeconfigs.DefaultTCPLinger)
}
}
// 是否为环路 // 是否为环路
var remoteAddr = conn.RemoteAddr().String() var remoteAddr = rawConn.RemoteAddr().String()
var isLO = strings.HasPrefix(remoteAddr, "127.0.0.1:") || strings.HasPrefix(remoteAddr, "[::1]:") var isLO = strings.HasPrefix(remoteAddr, "127.0.0.1:") || strings.HasPrefix(remoteAddr, "[::1]:")
return &ClientConn{ var conn = &ClientConn{
BaseClientConn: BaseClientConn{rawConn: conn}, BaseClientConn: BaseClientConn{rawConn: rawConn},
isTLS: isTLS, isTLS: isTLS,
isLO: isLO, isLO: isLO,
} }
if quickClose {
// TODO 可以在配置中设置此值
_ = conn.SetLinger(nodeconfigs.DefaultTCPLinger)
}
return conn
} }
func (this *ClientConn) Read(b []byte) (n int, err error) { func (this *ClientConn) Read(b []byte) (n int, err error) {
@@ -177,6 +175,11 @@ func (this *ClientConn) increaseSYNFlood(synFloodConfig *firewallconfigs.SYNFloo
if timeout <= 0 { if timeout <= 0 {
timeout = 600 timeout = 600
} }
// 关闭当前连接
_ = this.SetLinger(0)
_ = this.Close()
waf.SharedIPBlackList.RecordIP(waf.IPTypeAll, firewallconfigs.FirewallScopeGlobal, 0, ip, time.Now().Unix()+int64(timeout), 0, true, 0, 0, "疑似SYN Flood攻击当前1分钟"+types.String(result)+"次空连接") waf.SharedIPBlackList.RecordIP(waf.IPTypeAll, firewallconfigs.FirewallScopeGlobal, 0, ip, time.Now().Unix()+int64(timeout), 0, true, 0, 0, "疑似SYN Flood攻击当前1分钟"+types.String(result)+"次空连接")
} }
} }

7
internal/nodes/client_conn_base.go
View File

@@ -95,7 +95,12 @@ func (this *BaseClientConn) TCPConn() (tcpConn *net.TCPConn, ok bool) {
// 设置包装前连接 // 设置包装前连接
switch conn := this.rawConn.(type) { switch conn := this.rawConn.(type) {
case *tls.Conn: case *tls.Conn:
tcpConn, ok = conn.NetConn().(*net.TCPConn) var internalConn = conn.NetConn()
clientConn, ok := internalConn.(*ClientConn)
if ok {
return clientConn.TCPConn()
}
tcpConn, ok = internalConn.(*net.TCPConn)
default: default:
tcpConn, ok = this.rawConn.(*net.TCPConn) tcpConn, ok = this.rawConn.(*net.TCPConn)
} }

7
internal/nodes/http_request.go
View File

@@ -1428,11 +1428,16 @@ func (this *HTTPRequest) Done() {
func (this *HTTPRequest) Close() { func (this *HTTPRequest) Close() {
this.Done() this.Done()
requestConn := this.RawReq.Context().Value(HTTPConnContextKey) var requestConn = this.RawReq.Context().Value(HTTPConnContextKey)
if requestConn == nil { if requestConn == nil {
return return
} }
lingerConn, ok := requestConn.(LingerConn)
if ok {
_ = lingerConn.SetLinger(0)
}
conn, ok := requestConn.(net.Conn) conn, ok := requestConn.(net.Conn)
if ok { if ok {
_ = conn.Close() _ = conn.Close()