feat: be more aggressive to close conn (dmachard#308)

* be more aggressive to close conn

* fix race

* fix for windows

collectors/dnstap.go

@@ -3,7 +3,6 @@ package collectors
 import (
 	"bufio"
 	"crypto/tls"
-	"io"
 	"net"
 	"os"
 	"strconv"
@@ -15,25 +14,6 @@ import (
 	"github.com/dmachard/go-logger"
 )
 
-// thanks to https://stackoverflow.com/questions/28967701/golang-tcp-socket-cant-close-after-get-file,
-// call conn.CloseRead() before calling conn.Close()
-func Close(conn io.Closer) error {
-	type ReadCloser interface {
-		CloseRead() error
-	}
-	var errs []error
-	if closer, ok := conn.(ReadCloser); ok {
-		errs = append(errs, closer.CloseRead())
-	}
-	errs = append(errs, conn.Close())
-	for _, err := range errs {
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
 type Dnstap struct {
 	done     chan bool
 	listen   net.Listener
@@ -147,7 +127,7 @@ func (c *Dnstap) Stop() {
 	for _, conn := range c.conns {
 		peer := conn.RemoteAddr().String()
 		c.LogInfo("%s - closing connection...", peer)
-		Close(conn)
+		netlib.Close(conn, c.config.Collectors.Dnstap.ResetConn)
 	}
 	// Finally close the listener to unblock accept
 	c.LogInfo("stop listening...")
@@ -226,13 +206,7 @@ func (c *Dnstap) Run() {
 		}
 
 		if (c.connMode == "tls" || c.connMode == "tcp") && c.config.Collectors.Dnstap.RcvBufSize > 0 {
-
-			var is_tls bool
-			if c.config.Collectors.Dnstap.TlsSupport {
-				is_tls = true
-			}
-
-			before, actual, err := netlib.SetSock_RCVBUF(conn, c.config.Collectors.Dnstap.RcvBufSize, is_tls)
+			before, actual, err := netlib.SetSock_RCVBUF(conn, c.config.Collectors.Dnstap.RcvBufSize, c.config.Collectors.Dnstap.TlsSupport)
 			if err != nil {
 				c.logger.Fatal("Unable to set SO_RCVBUF: ", err)
 			}

collectors/powerdns.go

@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/dmachard/go-dnscollector/dnsutils"
+	"github.com/dmachard/go-dnscollector/netlib"
 	"github.com/dmachard/go-logger"
 	powerdns_protobuf "github.com/dmachard/go-powerdns-protobuf"
 )
@@ -97,7 +98,7 @@ func (c *ProtobufPowerDNS) Stop() {
 	for _, conn := range c.conns {
 		peer := conn.RemoteAddr().String()
 		c.LogInfo("%s - closing connection...", peer)
-		conn.Close()
+		netlib.Close(conn, c.config.Collectors.PowerDNS.ResetConn)
 	}
 	// Finally close the listener to unblock accept
 	c.LogInfo("stop listening...")
@@ -160,6 +161,17 @@ func (c *ProtobufPowerDNS) Run() {
 			break
 		}
 
+		if c.config.Collectors.Dnstap.RcvBufSize > 0 {
+			before, actual, err := netlib.SetSock_RCVBUF(conn, c.config.Collectors.Dnstap.RcvBufSize, c.config.Collectors.Dnstap.TlsSupport)
+			if err != nil {
+				c.logger.Fatal("Unable to set SO_RCVBUF: ", err)
+			}
+			c.LogInfo("set SO_RCVBUF option, value before: %d, desired: %d, actual: %d",
+				before,
+				c.config.Collectors.Dnstap.RcvBufSize,
+				actual)
+		}
+
 		c.conns = append(c.conns, conn)
 		go c.HandleConn(conn)
 

config.yml

@@ -104,6 +104,8 @@ multiplexer:
 #   key-file: ""
 #   # Sets the socket receive buffer in bytes SO_RCVBUF, set to zero to use the default system value
 #   sock-rcvbuf: 0
+#   # Reset TCP connection on exit
+#   reset-conn: true
 
 # # dnstap proxifier with no protobuf decoding.
 # dnstap-proxifier:
@@ -182,6 +184,8 @@ multiplexer:
 #   cert-file: ""
 #   # private key server file
 #   key-file: ""
+#   # Reset TCP connection on exit
+#   reset-conn: true
 
 # # ztsp (TaZmen Sniffer Protocol)
 # ztsp:

dnsutils/config.go

@@ -184,6 +184,7 @@ type Config struct {
 			CertFile      string `yaml:"cert-file"`
 			KeyFile       string `yaml:"key-file"`
 			RcvBufSize    int    `yaml:"sock-rcvbuf"`
+			ResetConn     bool   `yaml:"reset-conn"`
 		} `yaml:"dnstap"`
 		DnstapProxifier struct {
 			Enable        bool   `yaml:"enable"`
@@ -213,6 +214,8 @@ type Config struct {
 			TlsMinVersion string `yaml:"tls-min-version"`
 			CertFile      string `yaml:"cert-file"`
 			KeyFile       string `yaml:"key-file"`
+			RcvBufSize    int    `yaml:"sock-rcvbuf"`
+			ResetConn     bool   `yaml:"reset-conn"`
 		} `yaml:"powerdns"`
 		FileIngestor struct {
 			Enable      bool   `yaml:"enable"`
@@ -479,6 +482,7 @@ func (c *Config) SetDefault() {
 	c.Collectors.Dnstap.CertFile = ""
 	c.Collectors.Dnstap.KeyFile = ""
 	c.Collectors.Dnstap.RcvBufSize = 0
+	c.Collectors.Dnstap.ResetConn = true
 
 	c.Collectors.DnstapProxifier.Enable = false
 	c.Collectors.DnstapProxifier.ListenIP = ANY_IP
@@ -503,6 +507,8 @@ func (c *Config) SetDefault() {
 	c.Collectors.PowerDNS.TlsMinVersion = TLS_v12
 	c.Collectors.PowerDNS.CertFile = ""
 	c.Collectors.PowerDNS.KeyFile = ""
+	c.Collectors.PowerDNS.RcvBufSize = 0
+	c.Collectors.PowerDNS.ResetConn = true
 
 	c.Collectors.FileIngestor.Enable = false
 	c.Collectors.FileIngestor.WatchDir = ""

doc/collectors.md

@@ -24,6 +24,7 @@ Options:
 - `cert-file`: (string) certificate server file
 - `key-file`: (string) private key server file
 - `sock-rcvbuf`: (integer) sets the socket receive buffer in bytes SO_RCVBUF, set to zero to use the default system value
+- `reset-conn`: (bool) Reset TCP connection on exit
 
 Default values:
 
@@ -37,6 +38,7 @@ dnstap:
   cert-file: ""
   key-file: ""
   sock-rcvbuf: 0
+  reset-conn: true
 ```
 
 ### DNS tap Proxifier
@@ -159,6 +161,8 @@ Options:
 - `tls-min-version`: (string) min tls version
 - `cert-file`: (string) certificate server file
 - `key-file`: (string) private key server file
+- `sock-rcvbuf`: (integer) sets the socket receive buffer in bytes SO_RCVBUF, set to zero to use the default system value
+- `reset-conn`: (bool) Reset TCP connection on exit
 
 Default values:
 
@@ -170,6 +174,8 @@ powerdns:
   tls-min-version: 1.2
   cert-file: ""
   key-file: ""
+  sock-rcvbuf: 0
+  reset-conn: true
 ```
 
 ### File Ingestor

netlib/conn.go

@@ -0,0 +1,33 @@
+package netlib
+
+import (
+	"io"
+	"net"
+)
+
+// thanks to https://stackoverflow.com/questions/28967701/golang-tcp-socket-cant-close-after-get-file,
+// call conn.CloseRead() before calling conn.Close()
+func Close(conn io.Closer, reset bool) error {
+	type ReadCloser interface {
+		CloseRead() error
+	}
+
+	// Agressive closing, send TCP RESET instead of FIN
+	if reset {
+		if tcpConn, ok := conn.(*net.TCPConn); ok {
+			tcpConn.SetLinger(0)
+		}
+	}
+
+	var errs []error
+	if closer, ok := conn.(ReadCloser); ok {
+		errs = append(errs, closer.CloseRead())
+	}
+	errs = append(errs, conn.Close())
+	for _, err := range errs {
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}