fix: sécuriser shutdown, config par défaut et reconnexion socket

Co-authored-by: aider (openrouter/openai/gpt-5.3-codex) <aider@aider.chat>
2026-02-25 21:44:40 +01:00
parent 617ecd2014
commit 6cd6c4c3b8
11 changed files with 394 additions and 56 deletions
--- a/internal/tlsparse/parser.go
+++ b/internal/tlsparse/parser.go
@ -46,6 +46,7 @@ type ParserImpl struct {
 	flowTimeout  time.Duration
 	cleanupDone  chan struct{}
 	cleanupClose chan struct{}
+	closeOnce    sync.Once
 }

 // NewParser creates a new TLS parser with connection state tracking
@ -260,8 +261,10 @@ func (p *ParserImpl) getOrCreateFlow(key string, srcIP string, srcPort uint16, d

 // Close cleans up the parser and stops background goroutines
 func (p *ParserImpl) Close() error {
-	close(p.cleanupClose)
-	<-p.cleanupDone
+	p.closeOnce.Do(func() {
+		close(p.cleanupClose)
+		<-p.cleanupDone
+	})
 	return nil
 }

@ -296,8 +299,12 @@ func extractTCPMeta(tcp *layers.TCP) api.TCPMeta {
 	for _, opt := range tcp.Options {
 		switch opt.OptionType {
 		case layers.TCPOptionKindMSS:
-			meta.MSS = binary.BigEndian.Uint16(opt.OptionData)
-			meta.Options = append(meta.Options, "MSS")
+			if len(opt.OptionData) >= 2 {
+				meta.MSS = binary.BigEndian.Uint16(opt.OptionData[:2])
+				meta.Options = append(meta.Options, "MSS")
+			} else {
+				meta.Options = append(meta.Options, "MSS_INVALID")
+			}
 		case layers.TCPOptionKindWindowScale:
 			if len(opt.OptionData) > 0 {
 				meta.WindowScale = opt.OptionData[0]
--- a/internal/tlsparse/parser_test.go
+++ b/internal/tlsparse/parser_test.go
@ -251,3 +251,39 @@ func TestParserConnectionStateTracking(t *testing.T) {
 		t.Error("IsClientHello() should return true for valid ClientHello")
 	}
 }
+
+func TestParserClose_Idempotent(t *testing.T) {
+	parser := NewParser()
+
+	if err := parser.Close(); err != nil {
+		t.Fatalf("first Close() error = %v", err)
+	}
+	if err := parser.Close(); err != nil {
+		t.Fatalf("second Close() error = %v", err)
+	}
+}
+
+func TestExtractTCPMeta_MSSInvalid_NoPanic(t *testing.T) {
+	tcp := &layers.TCP{
+		Window: 1234,
+		Options: []layers.TCPOption{
+			{
+				OptionType: layers.TCPOptionKindMSS,
+				OptionData: []byte{0x05}, // malformed (1 byte instead of 2)
+			},
+		},
+	}
+
+	meta := extractTCPMeta(tcp)
+
+	found := false
+	for _, opt := range meta.Options {
+		if opt == "MSS_INVALID" {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Fatalf("expected MSS_INVALID in options, got %v", meta.Options)
+	}
+}