Merge pull request #3782 from openziti/backport-ert-close

[Backport-1.6] Fix ER/T half-close logic. Fixes #3781

Author: plorenz

CHANGELOG.md

@@ -1,3 +1,15 @@
+# Release 1.6.16
+
+## What's New
+
+* Bug fixes and dependency updates
+
+## Component Updates and Bug Fixes
+
+* github.com/openziti/ziti: [v1.6.15 -> v1.6.16](https://github.com/openziti/ziti/compare/v1.6.15...v1.6.16)
+    * [Issue #3781](https://github.com/openziti/ziti/issues/3781) - [Backport-1.6] ER/T half-close logic is incorrect
+
+
 # Release 1.6.15
 
 ## What's New

router/xgress_common/connection.go

@@ -205,11 +205,6 @@ func (self *XgressConn) ReadPayload() ([]byte, map[uint8][]byte, error) {
 		if self.IsClosed() {
 			return nil, nil, xgress.ErrPeerClosed
 		}
-
-		if self.IsWriteClosed() {
-			<-self.writeDone
-			return nil, nil, xgress.ErrPeerClosed
-		}
 	}
 
 	buffer := make([]byte, self.bufferSize)
@@ -241,17 +236,20 @@ func (self *XgressConn) ReadPayload() ([]byte, map[uint8][]byte, error) {
 	}
 
 	if err != nil && n == 0 && errors.Is(err, io.EOF) {
-		if connAliveErr := self.Conn.SetWriteDeadline(time.Time{}); connAliveErr == nil {
+		if connAliveErr := self.Conn.SetWriteDeadline(time.Time{}); connAliveErr != nil {
 			self.flags.Set(closedFlag, true)
-			pfxlog.Logger().WithError(connAliveErr).Errorf("failed to set write deadline, connection is fully closed")
+			pfxlog.Logger().WithError(connAliveErr).Debug("failed to set write deadline, connection is fully closed")
+			return nil, nil, xgress.ErrPeerClosed
 		}
 
 		if self.flags.IsSet(halfCloseFlag) {
+			// first send the fin headers
 			if self.flags.CompareAndSet(sentFinFlag, false, true) {
 				return nil, GetFinHeaders(), nil
-			} else {
-				return nil, nil, xgress.ErrPeerClosed
 			}
+
+			// next time return EOF
+			return nil, nil, io.EOF
 		}
 	}
 

tests/tunneler_data_flow_test.go

@@ -333,8 +333,6 @@ func Test_TunnelerDataflowUdp(t *testing.T) {
 	l, err := net.ListenPacket("udp", "localhost:8690")
 	ctx.Req.NoError(err)
 
-	time.Sleep(time.Second)
-
 	errC := make(chan error, 10)
 	go echoData(l, errC)
 
@@ -350,6 +348,25 @@ func Test_TunnelerDataflowUdp(t *testing.T) {
 			counter++
 		}
 
+		// The first iteration acts as a readiness poll. The tunneler's UDP intercept
+		// proxy on port 8688 may not be listening yet, so retry with a longer timeout
+		// until we get a successful round-trip.
+		if i == 0 {
+			deadline := time.Now().Add(30 * time.Second)
+			for {
+				ctx.Req.NoError(conn.SetDeadline(time.Now().Add(time.Second)))
+				_, _ = conn.Write(buf)
+				readBuf := make([]byte, size)
+				_, readErr := io.ReadFull(conn, readBuf)
+				if readErr == nil {
+					ctx.Req.Equal(buf, readBuf)
+					break
+				}
+				ctx.Req.True(time.Now().Before(deadline), "timed out waiting for UDP proxy to be ready")
+			}
+			continue
+		}
+
 		time.Sleep(time.Millisecond)
 
 		err := conn.SetDeadline(time.Now().Add(time.Second))