[client] refactor lazy detection (#4050)

This PR introduces a new inactivity package responsible for monitoring peer activity and notifying when peers become inactive. Introduces a new Signal message type to close the peer connection after the idle timeout is reached. Periodically checks the last activity of registered peers via a Bind interface. Notifies via a channel when peers exceed a configurable inactivity threshold. Default settings DefaultInactivityThreshold is set to 15 minutes, with a minimum allowed threshold of 1 minute. Limitations This inactivity check does not support kernel WireGuard integration. In kernel–user space communication, the user space side will always be responsible for closing the connection.
2025-08-14 01:08:46 +02:00 · 2025-07-04 19:52:27 +02:00
parent 77ec32dd6f
commit fbb1b55beb
33 changed files with 857 additions and 543 deletions
--- a/client/iface/bind/ice_bind.go
+++ b/client/iface/bind/ice_bind.go
@ -1,6 +1,7 @@
 package bind

 import (
+	"encoding/binary"
 	"fmt"
 	"net"
 	"net/netip"
@ -51,22 +52,24 @@ type ICEBind struct {
 	closedChanMu sync.RWMutex // protect the closeChan recreation from reading from it.
 	closed       bool

-	muUDPMux sync.Mutex
-	udpMux   *UniversalUDPMuxDefault
-	address  wgaddr.Address
+	muUDPMux         sync.Mutex
+	udpMux           *UniversalUDPMuxDefault
+	address          wgaddr.Address
+	activityRecorder *ActivityRecorder
 }

 func NewICEBind(transportNet transport.Net, filterFn FilterFn, address wgaddr.Address) *ICEBind {
 	b, _ := wgConn.NewStdNetBind().(*wgConn.StdNetBind)
 	ib := &ICEBind{
-		StdNetBind:   b,
-		RecvChan:     make(chan RecvMessage, 1),
-		transportNet: transportNet,
-		filterFn:     filterFn,
-		endpoints:    make(map[netip.Addr]net.Conn),
-		closedChan:   make(chan struct{}),
-		closed:       true,
-		address:      address,
+		StdNetBind:       b,
+		RecvChan:         make(chan RecvMessage, 1),
+		transportNet:     transportNet,
+		filterFn:         filterFn,
+		endpoints:        make(map[netip.Addr]net.Conn),
+		closedChan:       make(chan struct{}),
+		closed:           true,
+		address:          address,
+		activityRecorder: NewActivityRecorder(),
 	}

 	rc := receiverCreator{
@ -100,6 +103,10 @@ func (s *ICEBind) Close() error {
 	return s.StdNetBind.Close()
 }

+func (s *ICEBind) ActivityRecorder() *ActivityRecorder {
+	return s.activityRecorder
+}
+
 // GetICEMux returns the ICE UDPMux that was created and used by ICEBind
 func (s *ICEBind) GetICEMux() (*UniversalUDPMuxDefault, error) {
 	s.muUDPMux.Lock()
@ -199,6 +206,11 @@ func (s *ICEBind) createIPv4ReceiverFn(pc *ipv4.PacketConn, conn *net.UDPConn, r
 				continue
 			}
 			addrPort := msg.Addr.(*net.UDPAddr).AddrPort()
+
+			if isTransportPkg(msg.Buffers, msg.N) {
+				s.activityRecorder.record(addrPort)
+			}
+
 			ep := &wgConn.StdNetEndpoint{AddrPort: addrPort} // TODO: remove allocation
 			wgConn.GetSrcFromControl(msg.OOB[:msg.NN], ep)
 			eps[i] = ep
@ -257,6 +269,13 @@ func (c *ICEBind) receiveRelayed(buffs [][]byte, sizes []int, eps []wgConn.Endpo
 		copy(buffs[0], msg.Buffer)
 		sizes[0] = len(msg.Buffer)
 		eps[0] = wgConn.Endpoint(msg.Endpoint)
+
+		if isTransportPkg(buffs, sizes[0]) {
+			if ep, ok := eps[0].(*Endpoint); ok {
+				c.activityRecorder.record(ep.AddrPort)
+			}
+		}
+
 		return 1, nil
 	}
 }
@ -272,3 +291,19 @@ func putMessages(msgs *[]ipv6.Message, msgsPool *sync.Pool) {
 	}
 	msgsPool.Put(msgs)
 }
+
+func isTransportPkg(buffers [][]byte, n int) bool {
+	// The first buffer should contain at least 4 bytes for type
+	if len(buffers[0]) < 4 {
+		return true
+	}
+
+	// WireGuard packet type is a little-endian uint32 at start
+	packetType := binary.LittleEndian.Uint32(buffers[0][:4])
+
+	// Check if packetType matches known WireGuard message types
+	if packetType == 4 && n > 32 {
+		return true
+	}
+	return false
+}