Skip to content

smoltcp sockets don't timeout

While investigating a question related to https://gitlab.torproject.org/tpo/core/onionmasq/-/issues/145 for @micah, I dug around the code, and it looks like we might not be cleaning up smoltcp sockets in some cases, especially if an app somehow dies or is closed during the initial TCP handshake to the listening socket. In OnionTunnel::run() in lib.rs, we clean up sockets, but only if they are in TcpState:Closed.

Since we always forward the syn packet immediately after parsing and creating the listen socket, I think this means no sockets can be in smoltcp TcpState::Listen, but they can be in TcpState::SynReceived if the app crashes or is killed in the tcp handshake, or is malicious.

SmolTcp has timeout code that could transition listen sockets into TcpState::Closed, but it only runs if we call set_timeout() on a socket.

So I think this means we either need to use set_timeout(), or clean up sockets in more states in the handles_to_remove set.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information