fix(xdns): address code review findings

nnemirovsky · nnemirovsky · commit a272ea48e9c2 · 2026-03-31T16:50:09.000+08:00
- Wire up sendEmptyResponse in drain loop so discarded queries get
  DNS responses (prevents resolver timeouts in resolver mode)
- Remove unused maxResponseDelay constant
- Downgrade sendLoop per-packet logging from Warning to Debug
- Add TestResolverModeRejectsNestedLayers for config validation guard
- Add TestResolverModeServerToClient for server-to-client data path
diff --git a/transport/internet/finalmask/xdns/dns_test.go b/transport/internet/finalmask/xdns/dns_test.go
@@ -796,3 +796,150 @@ func TestMultiResolverDistribution(t *testing.T) {
 		}
 	}
 }
+
+func TestResolverModeRejectsNestedLayers(t *testing.T) {
+	config := &Config{
+		Domain:    "t.example.com",
+		Resolvers: []string{"1.1.1.1"},
+	}
+
+	raw, err := net.ListenPacket("udp", "127.0.0.1:0")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer raw.Close()
+
+	// level > 0 means there are lower finalmask layers; resolver mode must reject this
+	_, err = config.WrapPacketConnClient(raw, 1, 2)
+	if err == nil {
+		t.Fatal("expected error for resolver mode with level > 0, got nil")
+	}
+	if !strings.Contains(err.Error(), "resolver mode") {
+		t.Errorf("unexpected error message: %v", err)
+	}
+
+	// level == 0 should succeed
+	conn, err := config.WrapPacketConnClient(raw, 0, 1)
+	if err != nil {
+		t.Fatalf("unexpected error for level=0: %v", err)
+	}
+	conn.Close()
+}
+
+func TestResolverModeServerToClient(t *testing.T) {
+	// Auth server: raw UDP socket that the XDNS server wraps
+	authServer, err := net.ListenPacket("udp", "127.0.0.1:0")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer authServer.Close()
+
+	// Mock resolver: bidirectional UDP forwarder
+	resolver, err := net.ListenPacket("udp", "127.0.0.1:0")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer resolver.Close()
+
+	go func() {
+		buf := make([]byte, 4096)
+		authAddr := authServer.LocalAddr().String()
+		var clientAddr net.Addr
+		for {
+			n, addr, err := resolver.ReadFrom(buf)
+			if err != nil {
+				return
+			}
+			if addr.String() == authAddr {
+				if clientAddr != nil {
+					resolver.WriteTo(buf[:n], clientAddr)
+				}
+			} else {
+				clientAddr = addr
+				resolver.WriteTo(buf[:n], authServer.LocalAddr())
+			}
+		}
+	}()
+
+	// XDNS server
+	serverConfig := &Config{Domain: "t.example.com"}
+	server, err := NewConnServer(serverConfig, authServer)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer server.Close()
+
+	// XDNS client with resolver
+	config := &Config{
+		Domain:    "t.example.com",
+		Resolvers: []string{resolver.LocalAddr().String()},
+	}
+	rawConn, err := net.ListenPacket("udp", "127.0.0.1:0")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer rawConn.Close()
+
+	client, err := NewConnClient(config, rawConn)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer client.Close()
+
+	// Client sends a query to trigger the connection and set serverAddr
+	_, err = client.WriteTo([]byte("init"), rawConn.LocalAddr())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Wait for server to receive the client query
+	serverBuf := make([]byte, 256)
+	done := make(chan struct{})
+	var serverReadAddr net.Addr
+	go func() {
+		defer close(done)
+		_, serverReadAddr, _ = server.ReadFrom(serverBuf)
+	}()
+	select {
+	case <-done:
+	case <-time.After(5 * time.Second):
+		t.Fatal("timeout waiting for server ReadFrom")
+	}
+
+	// Server writes data back to the client
+	responsePayload := []byte("hello from server")
+	_, err = server.WriteTo(responsePayload, serverReadAddr)
+	if err != nil {
+		t.Fatalf("server WriteTo: %v", err)
+	}
+
+	// Client sends another query to trigger the server to send the response
+	// (server data is delivered as DNS response payloads)
+	_, err = client.WriteTo([]byte("poll"), rawConn.LocalAddr())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Read from client with timeout
+	clientBuf := make([]byte, 256)
+	done2 := make(chan struct{})
+	var clientReadN int
+	var clientReadErr error
+	go func() {
+		defer close(done2)
+		clientReadN, _, clientReadErr = client.ReadFrom(clientBuf)
+	}()
+
+	select {
+	case <-done2:
+	case <-time.After(5 * time.Second):
+		t.Fatal("timeout waiting for client ReadFrom")
+	}
+
+	if clientReadErr != nil {
+		t.Fatalf("client ReadFrom: %v", clientReadErr)
+	}
+	if !bytes.Equal(clientBuf[:clientReadN], responsePayload) {
+		t.Errorf("client received %q, want %q", clientBuf[:clientReadN], responsePayload)
+	}
+}
diff --git a/transport/internet/finalmask/xdns/server.go b/transport/internet/finalmask/xdns/server.go
@@ -16,9 +16,8 @@ import (
 )
 
 const (
-	idleTimeout      = 10 * time.Second
-	responseTTL      = 60
-	maxResponseDelay = 1 * time.Second
+	idleTimeout = 10 * time.Second
+	responseTTL = 60
 )
 
 var (
@@ -255,17 +254,19 @@ func (c *xdnsConnServer) sendLoop() {
 			break
 		}
 
-		errors.LogWarning(context.Background(), "xdns sendLoop: got record from ", rec.Addr, " client=", rec.ClientAddr, " chLen=", len(c.ch))
+		errors.LogDebug(context.Background(), "xdns sendLoop: got record from ", rec.Addr, " client=", rec.ClientAddr, " chLen=", len(c.ch))
 
 		// Drain excess records, keeping the latest. mKCP floods retransmissions
 		// that fill c.ch with hundreds of queries. Process only the latest one.
+		// Send empty responses for discarded records so resolvers don't time out.
 	drain:
 		for {
 			select {
 			case newer, ok2 := <-c.ch:
 				if !ok2 {
 					break drain
 				}
+				c.sendEmptyResponse(rec)
 				rec = newer
 			default:
 				break drain
@@ -295,9 +296,8 @@ func (c *xdnsConnServer) sendLoop() {
 			c.mutex.Unlock()
 
 			// Try to get data immediately (non-blocking). If no data is
-			// available, wait briefly (50ms) for data to arrive. This is much
-			// shorter than the original 1s maxResponseDelay. DNS tunneling needs
-			// fast turnaround because the client can only receive data in
+			// available, wait briefly (50ms) for data to arrive. DNS tunneling
+			// needs fast turnaround because the client can only receive data in
 			// responses to its queries.
 			var p []byte
 			select {
@@ -318,7 +318,7 @@ func (c *xdnsConnServer) sendLoop() {
 				}
 			}
 
-			errors.LogWarning(context.Background(), "xdns sendLoop: data fetch result len=", len(p), " qLen=", len(q.queue), " stashLen=", len(q.stash))
+			errors.LogDebug(context.Background(), "xdns sendLoop: data fetch result len=", len(p), " qLen=", len(q.queue), " stashLen=", len(q.stash))
 
 			// Pack first packet
 			if len(p) > 0 {
