Fix enable/disable state changes

Enabled -> Broken -> Disabled -> Enabled

etc

src/client/mod.rs

@@ -334,6 +334,7 @@ async fn spawn_ssh(
         cmd.arg("sudo");
     }
     cmd.arg(format!("FWD_LOG={log_filter}"))
+        .arg("FWD_SEND_ANONYMOUS=1")
         .arg("fwd")
         .arg("--server");
 

src/client/ui.rs

@@ -127,6 +127,11 @@ impl Listener {
         }
     }
 
+    #[cfg(test)]
+    pub fn state_ref(&self) -> std::sync::Arc<std::sync::Mutex<State>> {
+        self.state.clone()
+    }
+
     pub fn enabled(&self) -> bool {
         self.state() == State::Enabled
     }
@@ -154,8 +159,8 @@ impl Listener {
         *self.state.lock().unwrap()
     }
 
-    pub fn set_enabled(&mut self, socks_port: Option<u16>, enabled: bool) {
-        if enabled {
+    pub fn toggle_enabled(&mut self, socks_port: Option<u16>) {
+        if self.state() == State::Disabled {
             self.state = State::Enabled.boxed();
             self.start(socks_port);
         } else {
@@ -435,7 +440,7 @@ impl UI {
 
     fn enable_disable_port(&mut self, port: u16) {
         if let Some(listener) = self.ports.get_mut(&port) {
-            listener.set_enabled(self.socks_port, !listener.enabled());
+            listener.toggle_enabled(self.socks_port);
         }
     }
 
@@ -1178,4 +1183,72 @@ mod tests {
 
         drop(sender);
     }
+
+    #[test]
+    fn empty_port_desc_disabled_on_refresh() {
+        let (sender, receiver) = mpsc::channel(64);
+        let config = ServerConfig::default();
+        let mut ui = UI::new(receiver, config);
+
+        ui.handle_internal_event(Some(UIEvent::Ports(vec![PortDesc {
+            port: 8080,
+            desc: "".to_string(),
+        }])));
+
+        let listener = ui.ports.get(&8080).unwrap();
+        assert_eq!(listener.state(), State::Disabled);
+
+        // Just do it again, make sure we haven't broken the refresh path.
+        ui.handle_internal_event(Some(UIEvent::Ports(vec![PortDesc {
+            port: 8080,
+            desc: "".to_string(),
+        }])));
+
+        let listener = ui.ports.get(&8080).unwrap();
+        assert_eq!(listener.state(), State::Disabled);
+
+        drop(sender);
+    }
+
+    #[test]
+    fn state_toggle_enable_disable() {
+        let (sender, receiver) = mpsc::channel(64);
+        let config = ServerConfig::default();
+        let mut ui = UI::new(receiver, config);
+
+        ui.handle_internal_event(Some(UIEvent::Ports(vec![PortDesc {
+            port: 8080,
+            desc: "rando".to_string(),
+        }])));
+
+        let listener = ui.ports.get_mut(&8080).unwrap();
+        assert_eq!(listener.state(), State::Enabled);
+
+        // Enabled -> Disabled
+        ui.enable_disable_port(8080); // FLIP!
+        let listener = ui.ports.get(&8080).unwrap();
+        assert_eq!(listener.state(), State::Disabled);
+
+        // Disabled -> Enabled
+        ui.enable_disable_port(8080); // FLIP!
+        let listener = ui.ports.get(&8080).unwrap();
+        assert_eq!(listener.state(), State::Enabled);
+
+        {
+            // Oh no it broke!
+            let state = listener.state_ref();
+            let mut sg = state.lock().unwrap();
+            *sg = State::Broken;
+        }
+
+        let listener = ui.ports.get_mut(&8080).unwrap();
+        assert_eq!(listener.state(), State::Broken);
+
+        // Broken -> Disabled
+        ui.enable_disable_port(8080);
+        let listener = ui.ports.get_mut(&8080).unwrap();
+        assert_eq!(listener.state(), State::Disabled);
+
+        drop(sender);
+    }
 }

src/server/mod.rs

@@ -24,6 +24,15 @@ async fn server_loop<Reader: AsyncRead + Unpin>(
     reader: &mut MessageReader<Reader>,
     writer: &mut mpsc::Sender<Message>,
 ) -> Result<()> {
+    // NOTE: The client needs to opt in to getting anonymous ports because it
+    // does not feel safe to automatically enable port forwarding by default
+    // for random system ports. The way we keep it from being unsafe is that
+    // the client leaves anonymous ports disabled by default. Older clients
+    // did not do this, and so we cannot send older clients anonymous ports.
+    let send_anonymous = std::env::var("FWD_SEND_ANONYMOUS")
+        .map(|v| v == "1")
+        .unwrap_or(false);
+
     // The first message we send must be an announcement.
     writer.send(Message::Hello(0, 2, vec![])).await?;
     let mut version_reported = false;
@@ -46,7 +55,7 @@ async fn server_loop<Reader: AsyncRead + Unpin>(
                     version_reported = true;
                 }
 
-                let ports = match refresh::get_entries().await {
+                let ports = match refresh::get_entries(send_anonymous).await {
                     Ok(ports) => ports,
                     Err(e) => {
                         error!("Error scanning: {:?}", e);

src/server/refresh.rs

@@ -12,7 +12,7 @@ mod procfs;
 #[cfg(unix)]
 mod docker;
 
-pub async fn get_entries() -> Result<Vec<PortDesc>> {
+pub async fn get_entries(_send_anonymous: bool) -> Result<Vec<PortDesc>> {
     #[cfg_attr(not(target_os = "linux"), allow(unused_mut))]
     let mut attempts = 0;
 
@@ -35,7 +35,7 @@ pub async fn get_entries() -> Result<Vec<PortDesc>> {
     #[cfg(target_os = "linux")]
     {
         attempts += 1;
-        match procfs::get_entries() {
+        match procfs::get_entries(_send_anonymous) {
             Ok(m) => {
                 for (p, d) in m {
                     result.entry(p).or_insert(d);

src/server/refresh/procfs.rs

@@ -4,7 +4,7 @@ use std::collections::HashMap;
 
 use crate::message::PortDesc;
 
-pub fn get_entries() -> Result<HashMap<u16, PortDesc>> {
+pub fn get_entries(send_anonymous: bool) -> Result<HashMap<u16, PortDesc>> {
     let all_procs = procfs::process::all_processes()?;
 
     // build up a map between socket inodes and process stat info. Ignore any
@@ -38,12 +38,21 @@ pub fn get_entries() -> Result<HashMap<u16, PortDesc>> {
                 || tcp_entry.local_address.ip().is_unspecified())
             && !h.contains_key(&tcp_entry.local_address.port())
         {
-            if let Some(cmd) = map.get(&tcp_entry.inode) {
+            // If the process is not one that we can identify, then we return
+            // the port but leave the description empty so that it can be
+            // identified by the client as "anonymous".
+            let desc = if let Some(cmd) = map.get(&tcp_entry.inode) {
+                cmd.clone()
+            } else {
+                String::new()
+            };
+
+            if send_anonymous || !desc.is_empty() {
                 h.insert(
                     tcp_entry.local_address.port(),
                     PortDesc {
                         port: tcp_entry.local_address.port(),
-                        desc: cmd.clone(),
+                        desc,
                     },
                 );
             }