Handle cross platform close

Former-commit-id: 89932bb736c7f4b3eb9bb2384b0cf6bd27872c1c

.github/workflows/cicd.yml

@@ -364,7 +364,7 @@ jobs:
 
       - name: Attest build provenance (GHCR)
         id: attest-ghcr
-        uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
+        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
         with:
           subject-name: ${{ env.GHCR_IMAGE }}
           subject-digest: ${{ steps.build.outputs.digest }}
@@ -374,7 +374,7 @@ jobs:
       - name: Attest build provenance (Docker Hub)
         continue-on-error: true
         id: attest-dh
-        uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
+        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
         with:
           subject-name: index.docker.io/fosrl/${{ github.event.repository.name }}
           subject-digest: ${{ steps.build.outputs.digest }}

config.go

@@ -89,6 +89,7 @@ func DefaultConfig() *OlmConfig {
 		PingInterval:     "3s",
 		PingTimeout:      "5s",
 		DisableHolepunch: false,
+		OverrideDNS:      false,
 		TunnelDNS:        false,
 		// DoNotCreateNewClient: false,
 		sources: make(map[string]string),
@@ -324,9 +325,9 @@ func loadConfigFromCLI(config *OlmConfig, args []string) (bool, bool, error) {
 	serviceFlags.StringVar(&config.PingTimeout, "ping-timeout", config.PingTimeout, "Timeout for each ping")
 	serviceFlags.BoolVar(&config.EnableAPI, "enable-api", config.EnableAPI, "Enable API server for receiving connection requests")
 	serviceFlags.BoolVar(&config.DisableHolepunch, "disable-holepunch", config.DisableHolepunch, "Disable hole punching")
-	serviceFlags.BoolVar(&config.OverrideDNS, "override-dns", config.OverrideDNS, "Override system DNS settings")
+	serviceFlags.BoolVar(&config.OverrideDNS, "override-dns", config.OverrideDNS, "When enabled, the client uses custom DNS servers to resolve internal resources and aliases. This overrides your system's default DNS settings. Queries that cannot be resolved as a Pangolin resource will be forwarded to your configured Upstream DNS Server. (default false)")
 	serviceFlags.BoolVar(&config.DisableRelay, "disable-relay", config.DisableRelay, "Disable relay connections")
-	serviceFlags.BoolVar(&config.TunnelDNS, "tunnel-dns", config.TunnelDNS, "Use tunnel for DNS traffic")
+	serviceFlags.BoolVar(&config.TunnelDNS, "tunnel-dns", config.TunnelDNS, "When enabled, DNS queries are routed through the tunnel for remote resolution. To ensure queries are tunneled correctly, you must define the DNS server as a Pangolin resource and enter its address as an Upstream DNS Server. (default false)")
 	// serviceFlags.BoolVar(&config.DoNotCreateNewClient, "do-not-create-new-client", config.DoNotCreateNewClient, "Do not create new client")
 
 	version := serviceFlags.Bool("version", false, "Print the version")

dns/dns_records.go

@@ -48,8 +48,8 @@ func (s *DNSRecordStore) AddRecord(domain string, ip net.IP) error {
 		domain = domain + "."
 	}
 
-	// Normalize domain to lowercase
-	domain = dns.Fqdn(domain)
+	// Normalize domain to lowercase FQDN
+	domain = strings.ToLower(dns.Fqdn(domain))
 
 	// Check if domain contains wildcards
 	isWildcard := strings.ContainsAny(domain, "*?")
@@ -86,8 +86,8 @@ func (s *DNSRecordStore) RemoveRecord(domain string, ip net.IP) {
 		domain = domain + "."
 	}
 
-	// Normalize domain to lowercase
-	domain = dns.Fqdn(domain)
+	// Normalize domain to lowercase FQDN
+	domain = strings.ToLower(dns.Fqdn(domain))
 
 	// Check if domain contains wildcards
 	isWildcard := strings.ContainsAny(domain, "*?")
@@ -148,7 +148,7 @@ func (s *DNSRecordStore) GetRecords(domain string, recordType RecordType) []net.
 	defer s.mu.RUnlock()
 
 	// Normalize domain to lowercase FQDN
-	domain = dns.Fqdn(domain)
+	domain = strings.ToLower(dns.Fqdn(domain))
 
 	var records []net.IP
 	switch recordType {
@@ -205,7 +205,7 @@ func (s *DNSRecordStore) HasRecord(domain string, recordType RecordType) bool {
 	defer s.mu.RUnlock()
 
 	// Normalize domain to lowercase FQDN
-	domain = dns.Fqdn(domain)
+	domain = strings.ToLower(dns.Fqdn(domain))
 
 	switch recordType {
 	case RecordTypeA:

dns/dns_records_test.go

@@ -348,3 +348,68 @@ func TestHasRecordWildcard(t *testing.T) {
 		t.Error("Expected HasRecord to return false for base domain")
 	}
 }
+
+func TestDNSRecordStoreCaseInsensitive(t *testing.T) {
+	store := NewDNSRecordStore()
+
+	// Add record with mixed case
+	ip := net.ParseIP("10.0.0.1")
+	err := store.AddRecord("MyHost.AutoCo.Internal", ip)
+	if err != nil {
+		t.Fatalf("Failed to add mixed case record: %v", err)
+	}
+
+	// Test lookup with different cases
+	testCases := []string{
+		"myhost.autoco.internal.",
+		"MYHOST.AUTOCO.INTERNAL.",
+		"MyHost.AutoCo.Internal.",
+		"mYhOsT.aUtOcO.iNtErNaL.",
+	}
+
+	for _, domain := range testCases {
+		ips := store.GetRecords(domain, RecordTypeA)
+		if len(ips) != 1 {
+			t.Errorf("Expected 1 IP for domain %q, got %d", domain, len(ips))
+		}
+		if len(ips) > 0 && !ips[0].Equal(ip) {
+			t.Errorf("Expected IP %v for domain %q, got %v", ip, domain, ips[0])
+		}
+	}
+
+	// Test wildcard with mixed case
+	wildcardIP := net.ParseIP("10.0.0.2")
+	err = store.AddRecord("*.Example.Com", wildcardIP)
+	if err != nil {
+		t.Fatalf("Failed to add mixed case wildcard: %v", err)
+	}
+
+	wildcardTestCases := []string{
+		"host.example.com.",
+		"HOST.EXAMPLE.COM.",
+		"Host.Example.Com.",
+		"HoSt.ExAmPlE.CoM.",
+	}
+
+	for _, domain := range wildcardTestCases {
+		ips := store.GetRecords(domain, RecordTypeA)
+		if len(ips) != 1 {
+			t.Errorf("Expected 1 IP for wildcard domain %q, got %d", domain, len(ips))
+		}
+		if len(ips) > 0 && !ips[0].Equal(wildcardIP) {
+			t.Errorf("Expected IP %v for wildcard domain %q, got %v", wildcardIP, domain, ips[0])
+		}
+	}
+
+	// Test removal with different case
+	store.RemoveRecord("MYHOST.AUTOCO.INTERNAL", nil)
+	ips := store.GetRecords("myhost.autoco.internal.", RecordTypeA)
+	if len(ips) != 0 {
+		t.Errorf("Expected 0 IPs after removal, got %d", len(ips))
+	}
+
+	// Test HasRecord with different case
+	if !store.HasRecord("HOST.EXAMPLE.COM.", RecordTypeA) {
+		t.Error("Expected HasRecord to return true for mixed case wildcard match")
+	}
+}

olm/connect.go

@@ -36,7 +36,7 @@ func (o *Olm) handleConnect(msg websocket.WSMessage) {
 
 	var wgData WgData
 
-	if o.connected {
+	if o.registered {
 		logger.Info("Already connected. Ignoring new connection request.")
 		return
 	}
@@ -208,7 +208,7 @@ func (o *Olm) handleConnect(msg websocket.WSMessage) {
 
 	o.apiServer.SetRegistered(true)
 
-	o.connected = true
+	o.registered = true
 
 	// Start ping monitor now that we are registered and connected
 	o.websocket.StartPingMonitor()
@@ -273,6 +273,12 @@ func (o *Olm) handleTerminate(msg websocket.WSMessage) {
 			logger.Error("Error unmarshaling terminate error data: %v", err)
 		} else {
 			logger.Info("Terminate reason (code: %s): %s", errorData.Code, errorData.Message)
+			
+			if errorData.Code == "TERMINATED_INACTIVITY" {
+				logger.Info("Ignoring...")
+				return
+			}
+			
 			// Set the olm error in the API server so it can be exposed via status
 			o.apiServer.SetOlmError(errorData.Code, errorData.Message)
 		}

olm/data.go

@@ -157,7 +157,7 @@ func (o *Olm) handleWgPeerUpdateData(msg websocket.WSMessage) {
 func (o *Olm) handleSync(msg websocket.WSMessage) {
 	logger.Debug("Received sync message: %v", msg.Data)
 
-	if !o.connected {
+	if !o.registered {
 		logger.Warn("Not connected, ignoring sync request")
 		return
 	}

olm/olm.go

@@ -8,7 +8,6 @@ import (
 	_ "net/http/pprof"
 	"os"
 	"sync"
-	"syscall"
 	"time"
 
 	"github.com/fosrl/newt/bind"
@@ -32,7 +31,7 @@ type Olm struct {
 	privateKey wgtypes.Key
 	logFile    *os.File
 
-	connected     bool
+	registered     bool
 	tunnelRunning bool
 
 	uapiListener net.Listener
@@ -386,10 +385,10 @@ func (o *Olm) StartTunnel(config TunnelConfig) {
 
 		o.apiServer.SetConnectionStatus(true)
 
-		if o.connected {
+		if o.registered {
 			o.websocket.StartPingMonitor()
 			
-			logger.Debug("Already connected, skipping registration")
+			logger.Debug("Already registered, skipping registration")
 			return nil
 		}
 
@@ -576,7 +575,7 @@ func (o *Olm) Close() {
 		// If we never created a device from the FD, close it explicitly
 		// This can happen if tunnel is stopped during registration before handleConnect
 		logger.Debug("Closing unused TUN file descriptor %d", o.tunnelConfig.FileDescriptorTun)
-		if err := syscall.Close(int(o.tunnelConfig.FileDescriptorTun)); err != nil {
+		if err := closeFD(o.tunnelConfig.FileDescriptorTun); err != nil {
 			logger.Error("Failed to close TUN file descriptor: %v", err)
 		} else {
 			logger.Info("Closed unused TUN file descriptor")
@@ -615,7 +614,7 @@ func (o *Olm) StopTunnel() error {
 	}
 
 	// Reset the running state BEFORE cleanup to prevent callbacks from accessing nil pointers
-	o.connected = false
+	o.registered = false
 	o.tunnelRunning = false
 
 	// Cancel the tunnel context if it exists
@@ -739,9 +738,6 @@ func (o *Olm) SetPowerMode(mode string) error {
 
 		logger.Info("Switching to low power mode")
 
-		// Mark as disconnected so we re-register on reconnect
-		o.connected = false
-
 		// Update API server connection status
 		if o.apiServer != nil {
 			o.apiServer.SetConnectionStatus(false)

olm/olm_unix.go

@@ -0,0 +1,10 @@
+//go:build !windows
+
+package olm
+
+import "syscall"
+
+// closeFD closes a file descriptor in a platform-specific way
+func closeFD(fd uint32) error {
+	return syscall.Close(int(fd))
+}

olm/olm_windows.go

@@ -0,0 +1,10 @@
+//go:build windows
+
+package olm
+
+import "syscall"
+
+// closeFD closes a file descriptor in a platform-specific way
+func closeFD(fd uint32) error {
+	return syscall.Close(syscall.Handle(fd))
+}