Bump version to 0.6.0

From: https://github.com/ekzhang/bore/pull/162#discussion_r2042195219

.github/workflows/ci.yml

@@ -1,13 +1,17 @@
 name: CI
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - main
+  pull_request:
 
 jobs:
   rust:
     name: Build and Test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - uses: actions-rs/toolchain@v1
         with:
@@ -22,7 +26,7 @@ jobs:
     name: Rustfmt
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - uses: actions-rs/toolchain@v1
         with:
@@ -36,7 +40,7 @@ jobs:
     name: Clippy
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - uses: actions-rs/toolchain@v1
         with:

.github/workflows/docker.yml

@@ -11,11 +11,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
         with:
           images: ekzhang/bore
           tags: |
@@ -23,22 +23,22 @@ jobs:
             type=semver,pattern={{major}}.{{minor}}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
         with:
           platforms: arm64
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           platforms: linux/amd64,linux/arm64
           push: true

.github/workflows/mean_bean_ci.yml

@@ -1,12 +1,16 @@
 name: Mean Bean CI
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - main
+  pull_request:
 
 jobs:
   install-cross:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 50
 
@@ -18,7 +22,7 @@ jobs:
           matches: ${{ matrix.platform }}
           token: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: actions/upload-artifact@v1
+      - uses: actions/upload-artifact@v4
         with:
           name: cross-${{ matrix.platform }}
           path: ${{ steps.cross.outputs.install_path }}
@@ -33,11 +37,11 @@ jobs:
       matrix:
         channel: [stable]
         target:
-          - x86_64-apple-darwin
+          - aarch64-apple-darwin
 
     steps:
       - name: Setup | Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       - name: Setup | Rust
         uses: actions-rs/toolchain@v1
         with:
@@ -57,12 +61,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: install-cross
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 50
 
       - name: Download Cross
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v4
         with:
           name: cross-linux-musl
           path: /tmp/
@@ -85,8 +89,11 @@ jobs:
       matrix:
         channel: [stable]
         target:
+          - aarch64-unknown-linux-musl
+          - arm-unknown-linux-musleabi
           - arm-unknown-linux-gnueabi
           - armv7-unknown-linux-gnueabihf
+          - armv7-unknown-linux-musleabihf
           - i686-unknown-linux-musl
           - x86_64-unknown-linux-musl
 
@@ -98,7 +105,7 @@ jobs:
     # artifacts are downloaded first.
     needs: install-cross
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 50
       - run: ci/set_rust_version.bash ${{ matrix.channel }} ${{ matrix.target }}

.github/workflows/mean_bean_deploy.yml

@@ -16,7 +16,7 @@ jobs:
   install-cross:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 50
 
@@ -28,7 +28,7 @@ jobs:
           matches: ${{ matrix.platform }}
           token: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: actions/upload-artifact@v1
+      - uses: actions/upload-artifact@v4
         with:
           name: cross-${{ matrix.platform }}
           path: ${{ steps.cross.outputs.install_path }}
@@ -50,11 +50,11 @@ jobs:
         uses: dawidd6/action-get-tag@v1
 
       - name: Setup | Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       # Cache files between builds
       - name: Setup | Cache Cargo
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: |
             ~/.cargo/registry
@@ -102,8 +102,11 @@ jobs:
     strategy:
       matrix:
         target:
+          - aarch64-unknown-linux-musl
+          - arm-unknown-linux-musleabi
           - arm-unknown-linux-gnueabi
           - armv7-unknown-linux-gnueabihf
+          - armv7-unknown-linux-musleabihf
           - i686-unknown-linux-musl
           - x86_64-unknown-linux-musl
     steps:
@@ -111,8 +114,8 @@ jobs:
         id: tag
         uses: dawidd6/action-get-tag@v1
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v1
+      - uses: actions/download-artifact@v4
         with:
           name: cross-linux-musl
           path: /tmp/
@@ -160,7 +163,7 @@ jobs:
         id: tag
         uses: dawidd6/action-get-tag@v1
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - run: bash ci/set_rust_version.bash stable ${{ matrix.target }}
       - run: bash ci/build.bash cargo ${{ matrix.target }} RELEASE
       - run: |

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "bore-cli"
-version = "0.4.1"
+version = "0.6.0"
 authors = ["Eric Zhang <ekzhang1@gmail.com>"]
 license = "MIT"
 description = "A modern, simple TCP tunnel in Rust that exposes local ports to a remote server, bypassing standard NAT connection firewalls."
@@ -19,6 +19,7 @@ path = "src/main.rs"
 anyhow = { version = "1.0.56", features = ["backtrace"] }
 clap = { version = "4.0.22", features = ["derive", "env"] }
 dashmap = "5.2.0"
+fastrand = "1.9.0"
 futures-util = { version = "0.3.21", features = ["sink"] }
 hex = "0.4.3"
 hmac = "0.12.1"
@@ -28,10 +29,10 @@ sha2 = "0.10.2"
 tokio = { version = "1.17.0", features = ["rt-multi-thread", "io-util", "macros", "net", "time"] }
 tokio-util = { version = "0.7.1", features = ["codec"] }
 tracing = "0.1.32"
-tracing-subscriber = "0.3.10"
+tracing-subscriber = "0.3.18"
 uuid = { version = "1.2.1", features = ["serde", "v4"] }
 
 [dev-dependencies]
 lazy_static = "1.4.0"
-rstest = "0.12.0"
+rstest = "0.15.0"
 tokio = { version = "1.17.0", features = ["sync"] }

Dockerfile

@@ -1,4 +1,4 @@
-FROM rust:alpine as builder
+FROM rust:alpine AS builder
 WORKDIR /home/rust/src
 RUN apk --no-cache add musl-dev
 COPY . .

README.md

@@ -1,6 +1,6 @@
 # bore
 
-[![Build status](https://img.shields.io/github/workflow/status/ekzhang/bore/CI)](https://github.com/ekzhang/bore/actions)
+[![Build status](https://img.shields.io/github/actions/workflow/status/ekzhang/bore/ci.yml)](https://github.com/ekzhang/bore/actions)
 [![Crates.io](https://img.shields.io/crates/v/bore-cli.svg)](https://crates.io/crates/bore-cli)
 
 A modern, simple TCP tunnel in Rust that exposes local ports to a remote server, bypassing standard NAT connection firewalls. **That's all it does: no more, and no less.**
@@ -19,25 +19,53 @@ This will expose your local port at `localhost:8000` to the public internet at `
 
 Similar to [localtunnel](https://github.com/localtunnel/localtunnel) and [ngrok](https://ngrok.io/), except `bore` is intended to be a highly efficient, unopinionated tool for forwarding TCP traffic that is simple to install and easy to self-host, with no frills attached.
 
-(`bore` totals less than 400 lines of safe, async Rust code and is trivial to set up — just run a single binary for the client and server.)
+(`bore` totals about 400 lines of safe, async Rust code and is trivial to set up — just run a single binary for the client and server.)
 
 ## Installation
 
-If you're on macOS, `bore` is packaged as a Homebrew formula.
+### macOS
+
+`bore` is packaged as a Homebrew core formula.
 
 ```shell
-brew install ekzhang/bore/bore
+brew install bore-cli
 ```
 
+### Linux
+
+#### Arch Linux
+
+`bore` is available in the AUR as `bore`.
+
+```shell
+yay -S bore # or your favorite AUR helper
+```
+
+#### Gentoo Linux
+
+`bore` is available in the [gentoo-zh](https://github.com/microcai/gentoo-zh) overlay.
+
+```shell
+sudo eselect repository enable gentoo-zh
+sudo emerge --sync gentoo-zh
+sudo emerge net-proxy/bore
+```
+
+### Binary Distribution
+
 Otherwise, the easiest way to install bore is from prebuilt binaries. These are available on the [releases page](https://github.com/ekzhang/bore/releases) for macOS, Windows, and Linux. Just unzip the appropriate file for your platform and move the `bore` executable into a folder on your PATH.
 
+### Cargo
+
 You also can build `bore` from source using [Cargo](https://doc.rust-lang.org/cargo/), the Rust package manager. This command installs the `bore` binary at a user-accessible path.
 
 ```shell
 cargo install bore-cli
 ```
 
-We also publish versioned Docker images for each release. Each image is built for AMD 64-bit and Arm 64-bit architectures. They're tagged with the specific version and allow you to run the statically-linked `bore` binary from a minimal "scratch" container.
+### Docker
+
+We also publish versioned Docker images for each release. The image is built for an AMD 64-bit architecture. They're tagged with the specific version and allow you to run the statically-linked `bore` binary from a minimal "scratch" container.
 
 ```shell
 docker run -it --init --rm --network host ekzhang/bore <ARGS>
@@ -65,14 +93,14 @@ Starts a local proxy to the remote server
 Usage: bore local [OPTIONS] --to <TO> <LOCAL_PORT>
 
 Arguments:
-  <LOCAL_PORT>  The local port to expose
+  <LOCAL_PORT>  The local port to expose [env: BORE_LOCAL_PORT=]
 
 Options:
   -l, --local-host <HOST>  The local host to expose [default: localhost]
   -t, --to <TO>            Address of the remote server to expose local ports to [env: BORE_SERVER=]
   -p, --port <PORT>        Optional port on the remote server to select [default: 0]
   -s, --secret <SECRET>    Optional secret for authentication [env: BORE_SECRET]
-  -h, --help               Print help information
+  -h, --help               Print help
 ```
 
 ### Self-Hosting
@@ -85,6 +113,8 @@ bore server
 
 That's all it takes! After the server starts running at a given address, you can then update the `bore local` command with option `--to <ADDRESS>` to forward a local port to this remote server.
 
+It's possible to specify different IP addresses for the control server and for the tunnels. This setup is useful for cases where you might want the control server to be on a private network while allowing tunnel connections over a public interface, or vice versa.
+
 The full options for the `bore server` command are shown below.
 
 ```shell
@@ -93,9 +123,12 @@ Runs the remote proxy server
 Usage: bore server [OPTIONS]
 
 Options:
-      --min-port <MIN_PORT>  Minimum TCP port number to accept [default: 1024]
+      --min-port <MIN_PORT>          Minimum accepted TCP port number [env: BORE_MIN_PORT=] [default: 1024]
+      --max-port <MAX_PORT>          Maximum accepted TCP port number [env: BORE_MAX_PORT=] [default: 65535]
   -s, --secret <SECRET>              Optional secret for authentication [env: BORE_SECRET]
-  -h, --help                 Print help information
+      --bind-addr <BIND_ADDR>        IP address to bind to, clients must reach this [default: 0.0.0.0]
+      --bind-tunnels <BIND_TUNNELS>  IP address where tunnels will listen on, defaults to --bind-addr
+  -h, --help                         Print help
 ```
 
 ## Protocol

ci/test.bash

@@ -12,5 +12,21 @@ TARGET_TRIPLE=$2
 required_arg $CROSS 'CROSS'
 required_arg $TARGET_TRIPLE '<Target Triple>'
 
-$CROSS test --target $TARGET_TRIPLE
+max_attempts=3
-$CROSS test --target $TARGET_TRIPLE --all-features
+count=0
+
+while [ $count -lt $max_attempts ]; do
+    $CROSS test --target $TARGET_TRIPLE
+    status=$?
+    if [ $status -eq 0 ]; then
+        echo "Test passed"
+        break
+    else
+        echo "Test failed, attempt $(($count + 1))"
+    fi
+    count=$(($count + 1))
+done
+
+if [ $status -ne 0 ]; then
+    echo "Test failed after $max_attempts attempts"
+fi

src/client.rs

@@ -3,16 +3,12 @@
 use std::sync::Arc;
 
 use anyhow::{bail, Context, Result};
-
+use tokio::{io::AsyncWriteExt, net::TcpStream, time::timeout};
-use tokio::io::AsyncWriteExt;
-use tokio::{net::TcpStream, time::timeout};
 use tracing::{error, info, info_span, warn, Instrument};
 use uuid::Uuid;
 
 use crate::auth::Authenticator;
-use crate::shared::{
+use crate::shared::{ClientMessage, Delimited, ServerMessage, CONTROL_PORT, NETWORK_TIMEOUT};
-    proxy, ClientMessage, Delimited, ServerMessage, CONTROL_PORT, NETWORK_TIMEOUT,
-};
 
 /// State structure for the client.
 pub struct Client {
@@ -114,10 +110,10 @@ impl Client {
         }
         remote_conn.send(ClientMessage::Accept(id)).await?;
         let mut local_conn = connect_with_timeout(&self.local_host, self.local_port).await?;
-        let parts = remote_conn.into_parts();
+        let mut parts = remote_conn.into_parts();
         debug_assert!(parts.write_buf.is_empty(), "framed write buffer not empty");
         local_conn.write_all(&parts.read_buf).await?; // mostly of the cases, this will be empty
-        proxy(local_conn, parts.io).await?;
+        tokio::io::copy_bidirectional(&mut local_conn, &mut parts.io).await?;
         Ok(())
     }
 }

src/main.rs

@@ -1,6 +1,8 @@
+use std::net::IpAddr;
+
 use anyhow::Result;
 use bore_cli::{client::Client, server::Server};
-use clap::{Parser, Subcommand};
+use clap::{error::ErrorKind, CommandFactory, Parser, Subcommand};
 
 #[derive(Parser, Debug)]
 #[clap(author, version, about)]
@@ -14,6 +16,7 @@ enum Command {
     /// Starts a local proxy to the remote server.
     Local {
         /// The local port to expose.
+        #[clap(env = "BORE_LOCAL_PORT")]
         local_port: u16,
 
         /// The local host to expose.
@@ -35,13 +38,25 @@ enum Command {
 
     /// Runs the remote proxy server.
     Server {
-        /// Minimum TCP port number to accept.
+        /// Minimum accepted TCP port number.
-        #[clap(long, default_value_t = 1024)]
+        #[clap(long, default_value_t = 1024, env = "BORE_MIN_PORT")]
         min_port: u16,
 
+        /// Maximum accepted TCP port number.
+        #[clap(long, default_value_t = 65535, env = "BORE_MAX_PORT")]
+        max_port: u16,
+
         /// Optional secret for authentication.
         #[clap(short, long, env = "BORE_SECRET", hide_env_values = true)]
         secret: Option<String>,
+
+        /// IP address to bind to, clients must reach this.
+        #[clap(long, default_value = "0.0.0.0")]
+        bind_addr: IpAddr,
+
+        /// IP address where tunnels will listen on, defaults to --bind-addr.
+        #[clap(long)]
+        bind_tunnels: Option<IpAddr>,
     },
 }
 
@@ -58,8 +73,23 @@ async fn run(command: Command) -> Result<()> {
             let client = Client::new(&local_host, local_port, &to, port, secret.as_deref()).await?;
             client.listen().await?;
         }
-        Command::Server { min_port, secret } => {
+        Command::Server {
-            Server::new(min_port, secret.as_deref()).listen().await?;
+            min_port,
+            max_port,
+            secret,
+            bind_addr,
+            bind_tunnels,
+        } => {
+            let port_range = min_port..=max_port;
+            if port_range.is_empty() {
+                Args::command()
+                    .error(ErrorKind::InvalidValue, "port range is empty")
+                    .exit();
+            }
+            let mut server = Server::new(port_range, secret.as_deref());
+            server.set_bind_addr(bind_addr);
+            server.set_bind_tunnels(bind_tunnels.unwrap_or(bind_addr));
+            server.listen().await?;
         }
     }
 

src/server.rs

@@ -1,8 +1,7 @@
 //! Server implementation for the `bore` service.
 
-use std::net::SocketAddr;
+use std::net::{IpAddr, Ipv4Addr};
-use std::sync::Arc;
+use std::{io, ops::RangeInclusive, sync::Arc, time::Duration};
-use std::time::Duration;
 
 use anyhow::Result;
 use dashmap::DashMap;
@@ -13,36 +12,54 @@ use tracing::{info, info_span, warn, Instrument};
 use uuid::Uuid;
 
 use crate::auth::Authenticator;
-use crate::shared::{proxy, ClientMessage, Delimited, ServerMessage, CONTROL_PORT};
+use crate::shared::{ClientMessage, Delimited, ServerMessage, CONTROL_PORT};
 
 /// State structure for the server.
 pub struct Server {
-    /// The minimum TCP port that can be forwarded.
+    /// Range of TCP ports that can be forwarded.
-    min_port: u16,
+    port_range: RangeInclusive<u16>,
 
     /// Optional secret used to authenticate clients.
     auth: Option<Authenticator>,
 
     /// Concurrent map of IDs to incoming connections.
     conns: Arc<DashMap<Uuid, TcpStream>>,
+
+    /// IP address where the control server will bind to.
+    bind_addr: IpAddr,
+
+    /// IP address where tunnels will listen on.
+    bind_tunnels: IpAddr,
 }
 
 impl Server {
     /// Create a new server with a specified minimum port number.
-    pub fn new(min_port: u16, secret: Option<&str>) -> Self {
+    pub fn new(port_range: RangeInclusive<u16>, secret: Option<&str>) -> Self {
+        assert!(!port_range.is_empty(), "must provide at least one port");
         Server {
-            min_port,
+            port_range,
             conns: Arc::new(DashMap::new()),
             auth: secret.map(Authenticator::new),
+            bind_addr: IpAddr::V4(Ipv4Addr::UNSPECIFIED),
+            bind_tunnels: IpAddr::V4(Ipv4Addr::UNSPECIFIED),
         }
     }
 
+    /// Set the IP address where tunnels will listen on.
+    pub fn set_bind_addr(&mut self, bind_addr: IpAddr) {
+        self.bind_addr = bind_addr;
+    }
+
+    /// Set the IP address where the control server will bind to.
+    pub fn set_bind_tunnels(&mut self, bind_tunnels: IpAddr) {
+        self.bind_tunnels = bind_tunnels;
+    }
+
     /// Start the server, listening for new connections.
     pub async fn listen(self) -> Result<()> {
         let this = Arc::new(self);
-        let addr = SocketAddr::from(([0, 0, 0, 0], CONTROL_PORT));
+        let listener = TcpListener::bind((this.bind_addr, CONTROL_PORT)).await?;
-        let listener = TcpListener::bind(&addr).await?;
+        info!(addr = ?this.bind_addr, "server listening");
-        info!(?addr, "server listening");
 
         loop {
             let (stream, addr) = listener.accept().await?;
@@ -61,6 +78,43 @@ impl Server {
         }
     }
 
+    async fn create_listener(&self, port: u16) -> Result<TcpListener, &'static str> {
+        let try_bind = |port: u16| async move {
+            TcpListener::bind((self.bind_tunnels, port))
+                .await
+                .map_err(|err| match err.kind() {
+                    io::ErrorKind::AddrInUse => "port already in use",
+                    io::ErrorKind::PermissionDenied => "permission denied",
+                    _ => "failed to bind to port",
+                })
+        };
+        if port > 0 {
+            // Client requests a specific port number.
+            if !self.port_range.contains(&port) {
+                return Err("client port number not in allowed range");
+            }
+            try_bind(port).await
+        } else {
+            // Client requests any available port in range.
+            //
+            // In this case, we bind to 150 random port numbers. We choose this value because in
+            // order to find a free port with probability at least 1-δ, when ε proportion of the
+            // ports are currently available, it suffices to check approximately -2 ln(δ) / ε
+            // independently and uniformly chosen ports (up to a second-order term in ε).
+            //
+            // Checking 150 times gives us 99.999% success at utilizing 85% of ports under these
+            // conditions, when ε=0.15 and δ=0.00001.
+            for _ in 0..150 {
+                let port = fastrand::u16(self.port_range.clone());
+                match try_bind(port).await {
+                    Ok(listener) => return Ok(listener),
+                    Err(_) => continue,
+                }
+            }
+            Err("failed to find an available port")
+        }
+    }
+
     async fn handle_connection(&self, stream: TcpStream) -> Result<()> {
         let mut stream = Delimited::new(stream);
         if let Some(auth) = &self.auth {
@@ -77,22 +131,16 @@ impl Server {
                 Ok(())
             }
             Some(ClientMessage::Hello(port)) => {
-                if port != 0 && port < self.min_port {
+                let listener = match self.create_listener(port).await {
-                    warn!(?port, "client port number too low");
-                    return Ok(());
-                }
-                info!(?port, "new client");
-                let listener = match TcpListener::bind(("0.0.0.0", port)).await {
                     Ok(listener) => listener,
-                    Err(_) => {
+                    Err(err) => {
-                        warn!(?port, "could not bind to local port");
+                        stream.send(ServerMessage::Error(err.into())).await?;
-                        stream
-                            .send(ServerMessage::Error("port already in use".into()))
-                            .await?;
                         return Ok(());
                     }
                 };
+                let host = listener.local_addr()?.ip();
                 let port = listener.local_addr()?.port();
+                info!(?host, ?port, "new client");
                 stream.send(ServerMessage::Hello(port)).await?;
 
                 loop {
@@ -124,25 +172,16 @@ impl Server {
                 info!(%id, "forwarding connection");
                 match self.conns.remove(&id) {
                     Some((_, mut stream2)) => {
-                        let parts = stream.into_parts();
+                        let mut parts = stream.into_parts();
                         debug_assert!(parts.write_buf.is_empty(), "framed write buffer not empty");
                         stream2.write_all(&parts.read_buf).await?;
-                        proxy(parts.io, stream2).await?
+                        tokio::io::copy_bidirectional(&mut parts.io, &mut stream2).await?;
                     }
                     None => warn!(%id, "missing connection"),
                 }
                 Ok(())
             }
-            None => {
+            None => Ok(()),
-                warn!("unexpected EOF");
-                Ok(())
-            }
         }
     }
 }
-
-impl Default for Server {
-    fn default() -> Self {
-        Server::new(1024, None)
-    }
-}

src/shared.rs

@@ -4,10 +4,8 @@ use std::time::Duration;
 
 use anyhow::{Context, Result};
 use futures_util::{SinkExt, StreamExt};
-use serde::de::DeserializeOwned;
+use serde::{de::DeserializeOwned, Deserialize, Serialize};
-use serde::{Deserialize, Serialize};
+use tokio::io::{AsyncRead, AsyncWrite};
-use tokio::io::{self, AsyncRead, AsyncWrite};
-
 use tokio::time::timeout;
 use tokio_util::codec::{AnyDelimiterCodec, Framed, FramedParts};
 use tracing::trace;
@@ -16,7 +14,7 @@ use uuid::Uuid;
 /// TCP port used for control connections with the server.
 pub const CONTROL_PORT: u16 = 7835;
 
-/// Maxmium byte length for a JSON frame in the stream.
+/// Maximum byte length for a JSON frame in the stream.
 pub const MAX_FRAME_LENGTH: usize = 256;
 
 /// Timeout for network connections and initial protocol messages.
@@ -99,18 +97,3 @@ impl<U: AsyncRead + AsyncWrite + Unpin> Delimited<U> {
         self.0.into_parts()
     }
 }
-
-/// Copy data mutually between two read/write streams.
-pub async fn proxy<S1, S2>(stream1: S1, stream2: S2) -> io::Result<()>
-where
-    S1: AsyncRead + AsyncWrite + Unpin,
-    S2: AsyncRead + AsyncWrite + Unpin,
-{
-    let (mut s1_read, mut s1_write) = io::split(stream1);
-    let (mut s2_read, mut s2_write) = io::split(stream2);
-    tokio::select! {
-        res = io::copy(&mut s1_read, &mut s2_write) => res,
-        res = io::copy(&mut s2_read, &mut s1_write) => res,
-    }?;
-    Ok(())
-}

tests/e2e_test.rs

@@ -17,7 +17,7 @@ lazy_static! {
 
 /// Spawn the server, giving some time for the control port TcpListener to start.
 async fn spawn_server(secret: Option<&str>) {
-    tokio::spawn(Server::new(1024, secret).listen());
+    tokio::spawn(Server::new(1024..=65535, secret).listen());
     time::sleep(Duration::from_millis(50)).await;
 }
 
@@ -117,3 +117,48 @@ async fn very_long_frame() -> Result<()> {
     }
     panic!("did not exit after a 1 MB frame");
 }
+
+#[test]
+#[should_panic]
+fn empty_port_range() {
+    let min_port = 5000;
+    let max_port = 3000;
+    let _ = Server::new(min_port..=max_port, None);
+}
+
+#[tokio::test]
+async fn half_closed_tcp_stream() -> Result<()> {
+    // Check that "half-closed" TCP streams will not result in spontaneous hangups.
+    let _guard = SERIAL_GUARD.lock().await;
+
+    spawn_server(None).await;
+    let (listener, addr) = spawn_client(None).await?;
+
+    let (mut cli, (mut srv, _)) = tokio::try_join!(TcpStream::connect(addr), listener.accept())?;
+
+    // Send data before half-closing one of the streams.
+    let mut buf = b"message before shutdown".to_vec();
+    cli.write_all(&buf).await?;
+
+    // Only close the write half of the stream. This is a half-closed stream. In the
+    // TCP protocol, it is represented as a FIN packet on one end. The entire stream
+    // is only closed after two FINs are exchanged and ACKed by the other end.
+    cli.shutdown().await?;
+
+    srv.read_exact(&mut buf).await?;
+    assert_eq!(buf, b"message before shutdown");
+    assert_eq!(srv.read(&mut buf).await?, 0); // EOF
+
+    // Now make sure that the other stream can still send data, despite
+    // half-shutdown on client->server side.
+    let mut buf = b"hello from the other side!".to_vec();
+    srv.write_all(&buf).await?;
+    cli.read_exact(&mut buf).await?;
+    assert_eq!(buf, b"hello from the other side!");
+
+    // We don't have to think about CLOSE_RD handling because that's not really
+    // part of the TCP protocol, just the POSIX streams API. It is implemented by
+    // the OS ignoring future packets received on that stream.
+
+    Ok(())
+}