inverse-inc · satkunas · Jan 7, 2025 · Dec 16, 2024 · Dec 17, 2024 · Dec 17, 2024
diff --git a/go/chisel/server/server_handler.go b/go/chisel/server/server_handler.go
@@ -23,7 +23,6 @@ import (
 	"github.com/inverse-inc/packetfence/go/pfconfigdriver"
 	"github.com/inverse-inc/packetfence/go/pfk8s"
 	"github.com/inverse-inc/packetfence/go/unifiedapiclient"
-	"github.com/phayes/freeport"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/sync/errgroup"
 )
@@ -261,23 +260,17 @@ func (s *Server) handleDynReverse(w http.ResponseWriter, req *http.Request) {
 	if o, ok := activeTunnels.Load(connectorId); ok {
 		for i := 0; i < DYNREVERSE_BIND_ATTEMPTS; i++ {
 			tun := o.(*tunnel.Tunnel)
-			dynPort, err := freeport.GetFreePort()
-			if err != nil {
-				w.WriteHeader(http.StatusInternalServerError)
-				json.NewEncoder(w).Encode(unifiedapiclient.ErrorReply{Status: http.StatusInternalServerError, Message: fmt.Sprintf("Unable to find available port: %s", err)})
-				return
-			}
 			to := payload.To
-			remoteStr := fmt.Sprintf("R:%d:%s", dynPort, to)
+			remoteStr := fmt.Sprintf("R:0:%s", to)
 			remote, err := settings.DecodeRemote(remoteStr)
 			if err != nil {
 				w.WriteHeader(http.StatusBadRequest)
 				json.NewEncoder(w).Encode(unifiedapiclient.ErrorReply{Status: http.StatusBadRequest, Message: fmt.Sprintf("The format for the remote (%s) is invalid: %s", to, err)})
 				return
 			}
 
-			remote.Dynamic = true
 			remote.LastTouched = time.Now()
+			dynPort := remote.LocalPort
 			settings.ActiveDynReverse.Store(cacheKey, remote)
 			bindErrChan := make(chan error)
 			go func() {

diff --git a/go/chisel/share/settings/remote.go b/go/chisel/share/settings/remote.go
@@ -2,6 +2,7 @@ package settings
 
 import (
 	"errors"
+	"fmt"
 	"net"
 	"net/url"
 	"regexp"
@@ -39,8 +40,10 @@ type Remote struct {
 	LastTouched                         time.Time
 	LocalHost, LocalPort, LocalProto    string
 	RemoteHost, RemotePort, RemoteProto string
-	Dynamic, Socks, Reverse, Stdio      bool
 	Handler                             string
+	ReusedTcpListener                   *net.TCPListener
+	ReusedUdpConn                       *net.UDPConn
+	Dynamic, Socks, Reverse, Stdio      bool
 }
 
 const revPrefix = "R:"
@@ -87,6 +90,9 @@ func DecodeRemote(s string) (*Remote, error) {
 
 		if isPort(p) {
 			if !r.Socks && r.RemotePort == "" {
+				if p == "0" {
+					return nil, errors.New("Invalid port")
+				}
 				r.RemotePort = p
 			}
 			r.LocalPort = p
@@ -143,15 +149,60 @@ func DecodeRemote(s string) (*Remote, error) {
 	if r.Stdio && r.Reverse {
 		return nil, errors.New("stdio cannot be reversed")
 	}
+
+	if r.Reverse && r.LocalPort == "0" {
+		if err := r.setupLocalPort(); err != nil {
+			return nil, fmt.Errorf("Cannot bind to a local port: %w", err)
+		}
+	}
+
 	return r, nil
 }
 
+func (r *Remote) setupLocalPort() error {
+	if r.LocalProto == "tcp" {
+		addr, err := net.ResolveTCPAddr("tcp", r.Local())
+		if err != nil {
+			return fmt.Errorf("resolve: %w", err)
+		}
+
+		tl, err := net.ListenTCP("tcp", addr)
+		if err != nil {
+			return fmt.Errorf("net.ListenTCP: %w", err)
+		}
+
+		r.LocalPort = strconv.Itoa(tl.Addr().(*net.TCPAddr).Port)
+		r.ReusedTcpListener = tl
+		r.Dynamic = true
+		return nil
+	}
+
+	if r.LocalProto == "udp" {
+		addr, err := net.ResolveUDPAddr("udp", r.Local())
+		if err != nil {
+			return fmt.Errorf("resolve: %w", err)
+		}
+
+		conn, err := net.ListenUDP("udp", addr)
+		if err != nil {
+			return fmt.Errorf("net.ListenUDP: %w", err)
+		}
+
+		r.LocalPort = strconv.Itoa(conn.LocalAddr().(*net.UDPAddr).Port)
+		r.ReusedUdpConn = conn
+		r.Dynamic = true
+		return nil
+	}
+
+	return errors.New("Proto not supported")
+}
+
 func isPort(s string) bool {
 	n, err := strconv.Atoi(s)
 	if err != nil {
 		return false
 	}
-	if n <= 0 || n > 65535 {
+	if n < 0 || n > 65535 {
 		return false
 	}
 	return true

diff --git a/go/chisel/share/settings/remote_test.go b/go/chisel/share/settings/remote_test.go
@@ -1,6 +1,8 @@
 package settings
 
-import "testing"
+import (
+	"testing"
+)
 
 func testString(t *testing.T, name, got, expected string) {
 	if got != expected {
@@ -31,3 +33,33 @@ func TestL4Proto(t *testing.T) {
 		testString(t, "handler", handler, test.handler)
 	}
 }
+
+func TestLocalTcp(t *testing.T) {
+	remote, err := DecodeRemote("R:0:1813/tcp")
+	if err != nil {
+		t.Fatalf("%s", err.Error())
+	}
+
+	if remote.LocalPort == "0" {
+		t.Fatalf("The local port was not resolved")
+	}
+
+	if remote.ReusedTcpListener == nil {
+		t.Fatalf("TCPListener not saved")
+	}
+}
+
+func TestLocalUdp(t *testing.T) {
+	remote, err := DecodeRemote("R:0:1813/udp")
+	if err != nil {
+		t.Fatalf("%s", err.Error())
+	}
+
+	if remote.LocalPort == "0" {
+		t.Fatalf("The local port was not resolved")
+	}
+
+	if remote.ReusedUdpConn == nil {
+		t.Fatalf("UdpConn not saved")
+	}
+}
diff --git a/go/chisel/share/tunnel/tunnel_in_proxy.go b/go/chisel/share/tunnel/tunnel_in_proxy.go
@@ -50,16 +50,21 @@ func (p *Proxy) listen() error {
 	if p.remote.Stdio {
 		//TODO check if pipes active?
 	} else if p.remote.LocalProto == "tcp" {
-		addr, err := net.ResolveTCPAddr("tcp", p.remote.LocalHost+":"+p.remote.LocalPort)
-		if err != nil {
-			return p.Errorf("resolve: %s", err)
-		}
-		l, err := net.ListenTCP("tcp", addr)
-		if err != nil {
-			return p.Errorf("tcp: %s", err)
+		if p.remote.ReusedTcpListener != nil {
+			p.tcp = p.remote.ReusedTcpListener
+			p.remote.ReusedTcpListener = nil
+		} else {
+			addr, err := net.ResolveTCPAddr("tcp", p.remote.LocalHost+":"+p.remote.LocalPort)
+			if err != nil {
+				return p.Errorf("resolve: %s", err)
+			}
+			l, err := net.ListenTCP("tcp", addr)
+			if err != nil {
+				return p.Errorf("tcp: %s", err)
+			}
+			p.Infof("Listening")
+			p.tcp = l
 		}
-		p.Infof("Listening")
-		p.tcp = l
 	} else if p.remote.LocalProto == "udp" {
 		l, err := listenUDP(p.Logger, p.sshTun, p.remote)
 		if err != nil {

diff --git a/go/chisel/share/tunnel/tunnel_in_proxy_udp.go b/go/chisel/share/tunnel/tunnel_in_proxy_udp.go
@@ -32,13 +32,19 @@ import (
 // of time, so that when the exit node receives a response on 6345, it
 // knows to return it to 1111.
 func listenUDP(l *cio.Logger, sshTun sshTunnel, remote *settings.Remote) (*udpListener, error) {
-	a, err := net.ResolveUDPAddr("udp", remote.Local())
-	if err != nil {
-		return nil, l.Errorf("resolve: %s", err)
-	}
-	conn, err := net.ListenUDP("udp", a)
-	if err != nil {
-		return nil, l.Errorf("listen: %s", err)
+	var conn *net.UDPConn
+	if remote.ReusedUdpConn != nil {
+		conn = remote.ReusedUdpConn
+		remote.ReusedUdpConn = nil
+	} else {
+		a, err := net.ResolveUDPAddr("udp", remote.Local())
+		if err != nil {
+			return nil, l.Errorf("resolve: %s", err)
+		}
+		conn, err = net.ListenUDP("udp", a)
+		if err != nil {
+			return nil, l.Errorf("listen: %s", err)
+		}
 	}
 	//ready
 	u := &udpListener{

diff --git a/go/reuseport/freeport.go b/go/reuseport/freeport.go
@@ -0,0 +1,45 @@
+package reuseport
+
+import (
+	"context"
+	"errors"
+	"net"
+)
+
+func FreeTcpPort() (*net.TCPListener, int, error) {
+	l, err := ReusePortListenConfig.Listen(context.Background(), "tcp", "localhost:0")
+	if err != nil {
+		return nil, 0, err
+	}
+
+	tl, ok := l.(*net.TCPListener)
+	if !ok {
+		return nil, 0, errors.New("Bad Cast")
+	}
+
+	addr, ok := l.Addr().(*net.TCPAddr)
+	if !ok {
+		return nil, 0, errors.New("Bad Cast")
+	}
+
+	return tl, addr.Port, nil
+}
+
+func FreeUdpPort() (*net.UDPConn, int, error) {
+	l, err := ReusePortListenConfig.ListenPacket(context.Background(), "udp", "localhost:0")
+	if err != nil {
+		return nil, 0, err
+	}
+
+	uc, ok := l.(*net.UDPConn)
+	if !ok {
+		return nil, 0, errors.New("Bad Cast")
+	}
+
+	addr, ok := l.LocalAddr().(*net.UDPAddr)
+	if !ok {
+		return nil, 0, errors.New("Bad Cast")
+	}
+
+	return uc, addr.Port, nil
+}
diff --git a/go/reuseport/freeport_test.go b/go/reuseport/freeport_test.go
@@ -0,0 +1,40 @@
+package reuseport
+
+import (
+	"context"
+	"testing"
+)
+
+func TestFreeTcpPort(t *testing.T) {
+	l1, _, err := FreeTcpPort()
+	if err != nil {
+		t.Fatalf("%s", err.Error())
+	}
+
+	defer l1.Close()
+	l2, err := ReusePortListenConfig.Listen(context.Background(), "tcp", l1.Addr().String())
+	if err != nil {
+		t.Fatalf("%s", err.Error())
+	}
+
+	if l2.Addr().String() != l1.Addr().String() {
+		t.Fatalf("Not the same address")
+	}
+}
+
+func TestFreeUdpPort(t *testing.T) {
+	l1, _, err := FreeUdpPort()
+	if err != nil {
+		t.Fatalf("%s", err.Error())
+	}
+
+	defer l1.Close()
+	l2, err := ReusePortListenConfig.ListenPacket(context.Background(), "udp", l1.LocalAddr().String())
+	if err != nil {
+		t.Fatalf("%s", err.Error())
+	}
+
+	if l2.LocalAddr().String() != l1.LocalAddr().String() {
+		t.Fatalf("Not the same address")
+	}
+}
diff --git a/go/reuseport/reuse_port.go b/go/reuseport/reuse_port.go
@@ -0,0 +1,24 @@
+package reuseport
+
+import (
+	"net"
+	"syscall"
+
+	"golang.org/x/sys/unix"
+)
+
+func reusePort(network, address string, conn syscall.RawConn) error {
+	var opErr error
+	err := conn.Control(func(fd uintptr) {
+		opErr = syscall.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_REUSEPORT, 1)
+	})
+	if err != nil {
+		return err
+	}
+
+	return opErr
+}
+
+var ReusePortListenConfig = net.ListenConfig{
+	Control: reusePort,
+}