Session Clean ups.

Author: masterking32

internal/config/server.go

@@ -30,6 +30,9 @@ type ServerConfig struct {
 	DNSRequestWorkers                 int      `toml:"DNS_REQUEST_WORKERS"`
 	MaxPacketSize                     int      `toml:"MAX_PACKET_SIZE"`
 	DropLogIntervalSecs               float64  `toml:"DROP_LOG_INTERVAL_SECONDS"`
+	SessionTimeoutSecs                float64  `toml:"SESSION_TIMEOUT_SECONDS"`
+	SessionCleanupIntervalSecs        float64  `toml:"SESSION_CLEANUP_INTERVAL_SECONDS"`
+	ClosedSessionRetentionSecs        float64  `toml:"CLOSED_SESSION_RETENTION_SECONDS"`
 	Domain                            []string `toml:"DOMAIN"`
 	MinVPNLabelLength                 int      `toml:"MIN_VPN_LABEL_LENGTH"`
 	SupportedUploadCompressionTypes   []int    `toml:"SUPPORTED_UPLOAD_COMPRESSION_TYPES"`
@@ -53,6 +56,9 @@ func defaultServerConfig() ServerConfig {
 		DNSRequestWorkers:                 workers,
 		MaxPacketSize:                     65535,
 		DropLogIntervalSecs:               2.0,
+		SessionTimeoutSecs:                300.0,
+		SessionCleanupIntervalSecs:        30.0,
+		ClosedSessionRetentionSecs:        600.0,
 		Domain:                            nil,
 		MinVPNLabelLength:                 3,
 		SupportedUploadCompressionTypes:   []int{0, 3},
@@ -112,6 +118,15 @@ func LoadServerConfig(filename string) (ServerConfig, error) {
 	if cfg.DropLogIntervalSecs <= 0 {
 		cfg.DropLogIntervalSecs = 2.0
 	}
+	if cfg.SessionTimeoutSecs <= 0 {
+		cfg.SessionTimeoutSecs = 300.0
+	}
+	if cfg.SessionCleanupIntervalSecs <= 0 {
+		cfg.SessionCleanupIntervalSecs = 30.0
+	}
+	if cfg.ClosedSessionRetentionSecs <= 0 {
+		cfg.ClosedSessionRetentionSecs = 600.0
+	}
 
 	if cfg.MinVPNLabelLength <= 0 {
 		cfg.MinVPNLabelLength = 3
@@ -142,6 +157,18 @@ func (c ServerConfig) DropLogInterval() time.Duration {
 	return time.Duration(c.DropLogIntervalSecs * float64(time.Second))
 }
 
+func (c ServerConfig) SessionTimeout() time.Duration {
+	return time.Duration(c.SessionTimeoutSecs * float64(time.Second))
+}
+
+func (c ServerConfig) SessionCleanupInterval() time.Duration {
+	return time.Duration(c.SessionCleanupIntervalSecs * float64(time.Second))
+}
+
+func (c ServerConfig) ClosedSessionRetention() time.Duration {
+	return time.Duration(c.ClosedSessionRetentionSecs * float64(time.Second))
+}
+
 func (c ServerConfig) EncryptionKeyPath() string {
 	if c.EncryptionKeyFile == "" {
 		return filepath.Join(c.ConfigDir, "encrypt_key.txt")

internal/udpserver/server.go

@@ -15,6 +15,7 @@ import (
 	"net"
 	"sync"
 	"sync/atomic"
+	"time"
 
 	"masterdnsvpn-go/internal/compression"
 	"masterdnsvpn-go/internal/config"
@@ -71,6 +72,9 @@ func New(cfg config.ServerConfig, log *logger.Logger, codec *security.Codec) *Se
 }
 
 func (s *Server) Run(ctx context.Context) error {
+	runCtx, cancel := context.WithCancel(ctx)
+	defer cancel()
+
 	conn, err := net.ListenUDP("udp", &net.UDPAddr{
 		IP:   net.ParseIP(s.cfg.UDPHost),
 		Port: s.cfg.UDPPort,
@@ -97,17 +101,23 @@ func (s *Server) Run(ctx context.Context) error {
 
 	reqCh := make(chan request, s.cfg.MaxConcurrentRequests)
 	var workerWG sync.WaitGroup
+	cleanupDone := make(chan struct{})
+
+	go func() {
+		defer close(cleanupDone)
+		s.sessionCleanupLoop(runCtx)
+	}()
 
 	for i := range s.cfg.DNSRequestWorkers {
 		workerWG.Add(1)
 		go func(workerID int) {
 			defer workerWG.Done()
-			s.worker(ctx, conn, reqCh, workerID)
+			s.worker(runCtx, conn, reqCh, workerID)
 		}(i + 1)
 	}
 
 	go func() {
-		<-ctx.Done()
+		<-runCtx.Done()
 		_ = conn.Close()
 	}()
 
@@ -117,7 +127,7 @@ func (s *Server) Run(ctx context.Context) error {
 		readerWG.Add(1)
 		go func(readerID int) {
 			defer readerWG.Done()
-			if err := s.readLoop(ctx, conn, reqCh, readerID); err != nil {
+			if err := s.readLoop(runCtx, conn, reqCh, readerID); err != nil {
 				select {
 				case readErrCh <- err:
 				default:
@@ -129,6 +139,8 @@ func (s *Server) Run(ctx context.Context) error {
 	readerWG.Wait()
 	close(reqCh)
 	workerWG.Wait()
+	cancel()
+	<-cleanupDone
 
 	if ctx.Err() != nil {
 		return ctx.Err()
@@ -142,6 +154,32 @@ func (s *Server) Run(ctx context.Context) error {
 	}
 }
 
+func (s *Server) sessionCleanupLoop(ctx context.Context) {
+	interval := s.cfg.SessionCleanupInterval()
+	if interval <= 0 {
+		interval = 30 * time.Second
+	}
+
+	ticker := time.NewTicker(interval)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		case now := <-ticker.C:
+			expired := s.sessions.Cleanup(now, s.cfg.SessionTimeout(), s.cfg.ClosedSessionRetention())
+			if len(expired) == 0 {
+				continue
+			}
+			s.log.Infof(
+				"🧹 <green>Expired Sessions Cleaned</green> <magenta>|</magenta> <blue>Count</blue>: <cyan>%d</cyan>",
+				len(expired),
+			)
+		}
+	}
+}
+
 func (s *Server) readLoop(ctx context.Context, conn *net.UDPConn, reqCh chan<- request, readerID int) error {
 	for {
 		buffer := s.packetPool.Get().([]byte)

internal/udpserver/server_test.go

@@ -312,6 +312,59 @@ func TestSessionStoreExpiresReuseSignatureWithoutDroppingSession(t *testing.T) {
 	store.mu.Unlock()
 }
 
+func TestSessionStoreCleanupMovesExpiredSessionToRecentClosed(t *testing.T) {
+	store := newSessionStore()
+	payload := []byte{1, 0x21, 0x00, 0x96, 0x00, 0xC8, 0x44, 0x33, 0x22, 0x11}
+
+	record, reused, err := store.findOrCreate(payload, 3, 0)
+	if err != nil {
+		t.Fatalf("findOrCreate returned error: %v", err)
+	}
+	if reused || record == nil {
+		t.Fatal("expected a new session record")
+	}
+
+	store.mu.Lock()
+	record.LastActivityAt = time.Now().Add(-2 * time.Minute)
+	expectedCookie := record.Cookie
+	store.mu.Unlock()
+
+	expired := store.Cleanup(time.Now(), time.Minute, 10*time.Minute)
+	if len(expired) != 1 || expired[0] != record.ID {
+		t.Fatalf("unexpected expired sessions: %#v", expired)
+	}
+	if _, ok := store.Active(record.ID); ok {
+		t.Fatal("expired session should no longer be active")
+	}
+	if cookie, ok := store.ExpectedCookie(record.ID); !ok || cookie != expectedCookie {
+		t.Fatalf("recently closed cookie missing: ok=%v cookie=%d expected=%d", ok, cookie, expectedCookie)
+	}
+}
+
+func TestSessionStoreTouchRefreshesActivity(t *testing.T) {
+	store := newSessionStore()
+	payload := []byte{1, 0x21, 0x00, 0x96, 0x00, 0xC8, 0x44, 0x33, 0x22, 0x11}
+
+	record, _, err := store.findOrCreate(payload, 0, 0)
+	if err != nil {
+		t.Fatalf("findOrCreate returned error: %v", err)
+	}
+
+	old := record.LastActivityAt
+	time.Sleep(5 * time.Millisecond)
+	if !store.Touch(record.ID, time.Now()) {
+		t.Fatal("Touch returned false")
+	}
+
+	active, ok := store.Active(record.ID)
+	if !ok {
+		t.Fatal("Active returned false")
+	}
+	if !active.LastActivityAt.After(old) {
+		t.Fatal("last activity timestamp was not updated")
+	}
+}
+
 func buildServerTestQuery(id uint16, name string, qtype uint16) []byte {
 	qname := encodeServerTestName(name)
 	packet := make([]byte, 12+len(qname)+4)

internal/udpserver/session.go

@@ -38,19 +38,27 @@ type sessionRecord struct {
 	VerifyCode          [4]byte
 	Signature           [sessionInitDataSize]byte
 	CreatedAt           time.Time
+	LastActivityAt      time.Time
 	ReuseUntil          time.Time
 }
 
+type closedSessionRecord struct {
+	Cookie    uint8
+	ExpiresAt time.Time
+}
+
 type sessionStore struct {
-	mu     sync.Mutex
-	nextID uint16
-	byID   [maxServerSessions]*sessionRecord
-	bySig  map[[sessionInitDataSize]byte]uint8
+	mu           sync.Mutex
+	nextID       uint16
+	byID         [maxServerSessions]*sessionRecord
+	bySig        map[[sessionInitDataSize]byte]uint8
+	recentClosed map[uint8]closedSessionRecord
 }
 
 func newSessionStore() *sessionStore {
 	return &sessionStore{
-		bySig: make(map[[sessionInitDataSize]byte]uint8, 64),
+		bySig:        make(map[[sessionInitDataSize]byte]uint8, 64),
+		recentClosed: make(map[uint8]closedSessionRecord, 32),
 	}
 }
 
@@ -71,6 +79,7 @@ func (s *sessionStore) findOrCreate(payload []byte, uploadCompressionType uint8,
 	if sessionID, ok := s.bySig[signature]; ok {
 		if existing := s.byID[sessionID]; existing != nil {
 			if now.Before(existing.ReuseUntil) || now.Equal(existing.ReuseUntil) {
+				existing.LastActivityAt = now
 				return existing, true, nil
 			}
 		}
@@ -83,11 +92,12 @@ func (s *sessionStore) findOrCreate(payload []byte, uploadCompressionType uint8,
 	}
 
 	record := &sessionRecord{
-		ID:           uint8(slot),
-		ResponseMode: payload[0],
-		CreatedAt:    now,
-		ReuseUntil:   now.Add(sessionInitTTL),
-		Signature:    signature,
+		ID:             uint8(slot),
+		ResponseMode:   payload[0],
+		CreatedAt:      now,
+		LastActivityAt: now,
+		ReuseUntil:     now.Add(sessionInitTTL),
+		Signature:      signature,
 	}
 	record.UploadCompression = compression.NormalizeType(uploadCompressionType)
 	record.DownloadCompression = compression.NormalizeType(downloadCompressionType)
@@ -98,6 +108,7 @@ func (s *sessionStore) findOrCreate(payload []byte, uploadCompressionType uint8,
 
 	s.byID[slot] = record
 	s.bySig[signature] = uint8(slot)
+	delete(s.recentClosed, uint8(slot))
 	s.nextID = uint16((slot + 1) % maxServerSessions)
 	return record, false, nil
 }
@@ -111,6 +122,109 @@ func (s *sessionStore) expireReuseLocked(now time.Time) {
 	}
 }
 
+func (s *sessionStore) Touch(sessionID uint8, now time.Time) bool {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	record := s.byID[sessionID]
+	if record == nil {
+		return false
+	}
+	record.LastActivityAt = now
+	return true
+}
+
+func (s *sessionStore) Active(sessionID uint8) (*sessionRecord, bool) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	record := s.byID[sessionID]
+	if record == nil {
+		return nil, false
+	}
+	copyRecord := *record
+	return &copyRecord, true
+}
+
+func (s *sessionStore) ExpectedCookie(sessionID uint8) (uint8, bool) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	if record := s.byID[sessionID]; record != nil {
+		return record.Cookie, true
+	}
+	if record, ok := s.recentClosed[sessionID]; ok {
+		return record.Cookie, true
+	}
+	return 0, false
+}
+
+func (s *sessionStore) ValidateCookie(sessionID uint8, cookie uint8) bool {
+	expected, ok := s.ExpectedCookie(sessionID)
+	return ok && expected == cookie
+}
+
+func (s *sessionStore) Close(sessionID uint8, now time.Time, retention time.Duration) bool {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	record := s.byID[sessionID]
+	if record == nil {
+		return false
+	}
+
+	delete(s.bySig, record.Signature)
+	s.byID[sessionID] = nil
+	if retention > 0 {
+		s.recentClosed[sessionID] = closedSessionRecord{
+			Cookie:    record.Cookie,
+			ExpiresAt: now.Add(retention),
+		}
+	} else {
+		delete(s.recentClosed, sessionID)
+	}
+	return true
+}
+
+func (s *sessionStore) Cleanup(now time.Time, idleTimeout time.Duration, closedRetention time.Duration) []uint8 {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	s.expireReuseLocked(now)
+
+	for sessionID, record := range s.recentClosed {
+		if !now.Before(record.ExpiresAt) {
+			delete(s.recentClosed, sessionID)
+		}
+	}
+
+	if idleTimeout <= 0 {
+		return nil
+	}
+
+	expired := make([]uint8, 0, 8)
+	for sessionID, record := range s.byID {
+		if record == nil {
+			continue
+		}
+		if now.Sub(record.LastActivityAt) < idleTimeout {
+			continue
+		}
+
+		delete(s.bySig, record.Signature)
+		s.byID[sessionID] = nil
+		if closedRetention > 0 {
+			s.recentClosed[uint8(sessionID)] = closedSessionRecord{
+				Cookie:    record.Cookie,
+				ExpiresAt: now.Add(closedRetention),
+			}
+		}
+		expired = append(expired, uint8(sessionID))
+	}
+
+	return expired
+}
+
 func (s *sessionStore) allocateSlotLocked() int {
 	for i := range maxServerSessions {
 		slot := int((s.nextID + uint16(i)) % maxServerSessions)

server_config.toml.simple

@@ -31,6 +31,11 @@ MAX_PACKET_SIZE = 65535
 # Minimum interval between overload/drop warning logs.
 DROP_LOG_INTERVAL_SECONDS = 2.0
 
+# Active session lifecycle.
+SESSION_TIMEOUT_SECONDS = 300.0
+SESSION_CLEANUP_INTERVAL_SECONDS = 30.0
+CLOSED_SESSION_RETENTION_SECONDS = 600.0
+
 # Allowed tunnel domains.
 DOMAIN = ["v.domain.com"]