deps: Revert inetaf/tcpproxy commit 2862066

This causes a regression in gvproxy when it's used by podman:
containers/podman#23616

Thanks to Maciej Szlosarczyk <[email protected]> for investigating and
finding the faulty commit!

Reverting inetaf/tcpproxy commit 2862066 is a bit convoluted, as we need
to first undo the module name change (inet.af/tcpproxy ->
github.com/inetaf/tcpproxy) done in commit 600910c
and then a go module `replace` directive to redirect the no-longer
existing inet.af/tcpproxy to the commit we want in github.com/inetaf/tcpproxy/

This way, the module name in gvisor-tap-vsock go.mod and in
github.com/inetaf/tcpproxy go.mod are the same (inet.af/tcpproxy), and
we can use older commits in this repository.

It's unclear what's causing the regression, as the commit log/PR
description/associated issue don't provide useful details:
inetaf/tcpproxy@2862066

The best I could find is:
tailscale/tailscale#10070
> The close in the handler sometimes occurs before the buffered data is
forwarded. The proxy could be improved to perform a half-close dance,
such that it will only mutually close once both halves are closed or
both halves error.

and inetaf/tcpproxy#21 which seems to be the
same issue as inetaf/tcpproxy#38 which is the
issue fixed by the commit triggering the regression.

What could be happening is that before inetaf/tcpproxy commit 2862066,
as soon as one side of the connection was closed, the other half was
also closed, while after commit 2862066, the tcpproxy code waits for
both halves of the connection to be closed. So maybe we are missing a
connection close somewhere in gvproxy's code :-/

Signed-off-by: Christophe Fergeau <[email protected]>

go.mod

@@ -9,7 +9,6 @@ require (
 	github.com/coreos/stream-metadata-go v0.4.4
 	github.com/dustin/go-humanize v1.0.1
 	github.com/google/gopacket v1.1.19
-	github.com/inetaf/tcpproxy v0.0.0-20240214030015-3ce58045626c
 	github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9
 	github.com/linuxkit/virtsock v0.0.0-20220523201153-1a23e78aa7a2
 	github.com/mdlayher/vsock v1.2.1
@@ -27,6 +26,7 @@ require (
 	golang.org/x/sync v0.8.0
 	golang.org/x/sys v0.24.0
 	gvisor.dev/gvisor v0.0.0-20231023213702-2691a8f9b1cf
+	inet.af/tcpproxy v0.0.0-20220326234310-be3ee21c9fa0
 )
 
 require (
@@ -49,3 +49,5 @@ require (
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
+
+replace inet.af/tcpproxy => github.com/inetaf/tcpproxy v0.0.0-20221017015627-91f861402626

go.sum

@@ -40,8 +40,8 @@ github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo
 github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
 github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/inetaf/tcpproxy v0.0.0-20240214030015-3ce58045626c h1:gYfYE403/nlrGNYj6BEOs9ucLCAGB9gstlSk92DttTg=
-github.com/inetaf/tcpproxy v0.0.0-20240214030015-3ce58045626c/go.mod h1:Di7LXRyUcnvAcLicFhtM9/MlZl/TNgRSDHORM2c6CMI=
+github.com/inetaf/tcpproxy v0.0.0-20221017015627-91f861402626 h1:oeu2cpk2bBlSgMQiSQIBJ8+FZsTqMG9fwdPez/weEbk=
+github.com/inetaf/tcpproxy v0.0.0-20221017015627-91f861402626/go.mod h1:Tojt5kmHpDIR2jMojxzZK2w2ZR7OILODmUo2gaSwjrk=
 github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9 h1:LZJWucZz7ztCqY6Jsu7N9g124iJ2kt/O62j3+UchZFg=
 github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9/go.mod h1:KclMyHxX06VrVr0DJmeFSUb1ankt7xTfoOA35pCkoic=
 github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA=

pkg/services/forwarder/ports.go

@@ -17,12 +17,12 @@ import (
 
 	"github.com/containers/gvisor-tap-vsock/pkg/sshclient"
 	"github.com/containers/gvisor-tap-vsock/pkg/types"
-	"github.com/inetaf/tcpproxy"
 	log "github.com/sirupsen/logrus"
 	"gvisor.dev/gvisor/pkg/tcpip"
 	"gvisor.dev/gvisor/pkg/tcpip/adapters/gonet"
 	"gvisor.dev/gvisor/pkg/tcpip/network/ipv4"
 	"gvisor.dev/gvisor/pkg/tcpip/stack"
+	"inet.af/tcpproxy"
 )
 
 type PortsForwarder struct {

pkg/services/forwarder/tcp.go

@@ -6,13 +6,13 @@ import (
 	"net"
 	"sync"
 
-	"github.com/inetaf/tcpproxy"
 	log "github.com/sirupsen/logrus"
 	"gvisor.dev/gvisor/pkg/tcpip"
 	"gvisor.dev/gvisor/pkg/tcpip/adapters/gonet"
 	"gvisor.dev/gvisor/pkg/tcpip/stack"
 	"gvisor.dev/gvisor/pkg/tcpip/transport/tcp"
 	"gvisor.dev/gvisor/pkg/waiter"
+	"inet.af/tcpproxy"
 )
 
 const linkLocalSubnet = "169.254.0.0/16"

pkg/virtualnetwork/mux.go

@@ -8,11 +8,11 @@ import (
 	"strconv"
 
 	"github.com/containers/gvisor-tap-vsock/pkg/types"
-	"github.com/inetaf/tcpproxy"
 	log "github.com/sirupsen/logrus"
 	"gvisor.dev/gvisor/pkg/tcpip"
 	"gvisor.dev/gvisor/pkg/tcpip/adapters/gonet"
 	"gvisor.dev/gvisor/pkg/tcpip/network/ipv4"
+	"inet.af/tcpproxy"
 )
 
 func (n *VirtualNetwork) Mux() *http.ServeMux {

vendor/github.com/inetaf/tcpproxy/README.md → vendor/inet.af/tcpproxy/README.md

@@ -1,5 +1,5 @@
 # tcpproxy
 
-For library usage, see https://pkg.go.dev/github.com/inetaf/tcpproxy/
+For library usage, see https://godoc.org/inet.af/tcpproxy/
 
 For CLI usage, see https://github.com/inetaf/tcpproxy/blob/master/cmd/tlsrouter/README.md

vendor/github.com/inetaf/tcpproxy/tcpproxy.go → vendor/inet.af/tcpproxy/tcpproxy.go

@@ -345,30 +345,8 @@ func UnderlyingConn(c net.Conn) net.Conn {
 	return c
 }
 
-func tcpConn(c net.Conn) (t *net.TCPConn, ok bool) {
-	if c, ok := UnderlyingConn(c).(*net.TCPConn); ok {
-		return c, ok
-	}
-	if c, ok := c.(*net.TCPConn); ok {
-		return c, ok
-	}
-	return nil, false
-}
-
 func goCloseConn(c net.Conn) { go c.Close() }
 
-func closeRead(c net.Conn) {
-	if c, ok := tcpConn(c); ok {
-		c.CloseRead()
-	}
-}
-
-func closeWrite(c net.Conn) {
-	if c, ok := tcpConn(c); ok {
-		c.CloseWrite()
-	}
-}
-
 // HandleConn implements the Target interface.
 func (dp *DialProxy) HandleConn(src net.Conn) {
 	ctx := context.Background()
@@ -393,19 +371,20 @@ func (dp *DialProxy) HandleConn(src net.Conn) {
 	defer goCloseConn(src)
 
 	if ka := dp.keepAlivePeriod(); ka > 0 {
-		for _, c := range []net.Conn{src, dst} {
-			if c, ok := tcpConn(c); ok {
-				c.SetKeepAlive(true)
-				c.SetKeepAlivePeriod(ka)
-			}
+		if c, ok := UnderlyingConn(src).(*net.TCPConn); ok {
+			c.SetKeepAlive(true)
+			c.SetKeepAlivePeriod(ka)
+		}
+		if c, ok := dst.(*net.TCPConn); ok {
+			c.SetKeepAlive(true)
+			c.SetKeepAlivePeriod(ka)
 		}
 	}
 
-	errc := make(chan error, 2)
+	errc := make(chan error, 1)
 	go proxyCopy(errc, src, dst)
 	go proxyCopy(errc, dst, src)
 	<-errc
-	<-errc
 }
 
 func (dp *DialProxy) sendProxyHeader(w io.Writer, src net.Conn) error {
@@ -441,9 +420,6 @@ func (dp *DialProxy) sendProxyHeader(w io.Writer, src net.Conn) error {
 // It's a named function instead of a func literal so users get
 // named goroutines in debug goroutine stack dumps.
 func proxyCopy(errc chan<- error, dst, src net.Conn) {
-	defer closeRead(src)
-	defer closeWrite(dst)
-
 	// Before we unwrap src and/or dst, copy any buffered data.
 	if wc, ok := src.(*Conn); ok && len(wc.Peeked) > 0 {
 		if _, err := dst.Write(wc.Peeked); err != nil {

vendor/modules.txt

@@ -41,9 +41,6 @@ github.com/google/go-cmp/cmp/internal/value
 ## explicit; go 1.12
 github.com/google/gopacket
 github.com/google/gopacket/layers
-# github.com/inetaf/tcpproxy v0.0.0-20240214030015-3ce58045626c
-## explicit; go 1.16
-github.com/inetaf/tcpproxy
 # github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9
 ## explicit; go 1.20
 github.com/insomniacslk/dhcp/dhcpv4
@@ -272,3 +269,7 @@ gvisor.dev/gvisor/pkg/tcpip/transport/tcp
 gvisor.dev/gvisor/pkg/tcpip/transport/tcpconntrack
 gvisor.dev/gvisor/pkg/tcpip/transport/udp
 gvisor.dev/gvisor/pkg/waiter
+# inet.af/tcpproxy v0.0.0-20220326234310-be3ee21c9fa0 => github.com/inetaf/tcpproxy v0.0.0-20221017015627-91f861402626
+## explicit; go 1.16
+inet.af/tcpproxy
+# inet.af/tcpproxy => github.com/inetaf/tcpproxy v0.0.0-20221017015627-91f861402626