net: apply a default 60s handshake timeout to inbound TCP connections

leaf/src/app/dispatcher.rs

@@ -5,7 +5,7 @@ use std::time::Duration;
 
 use async_recursion::async_recursion;
 use log::*;
-use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt};
+use tokio::io::{AsyncRead, AsyncWrite};
 use tokio::sync::RwLock;
 
 use crate::{

leaf/src/app/inbound/network_listener.rs

@@ -1,6 +1,7 @@
 use std::io;
 use std::net::SocketAddr;
 use std::sync::Arc;
+use std::time::Duration;
 
 use anyhow::Result;
 
@@ -9,6 +10,7 @@ use log::*;
 use tokio::net::{TcpStream, UdpSocket};
 use tokio::sync::mpsc::channel as tokio_channel;
 use tokio::sync::mpsc::{Receiver as TokioReceiver, Sender as TokioSender};
+use tokio::time::timeout;
 
 use crate::app::dispatcher::Dispatcher;
 use crate::app::nat_manager::{NatManager, UdpPacket};
@@ -138,7 +140,11 @@ async fn handle_inbound_tcp_stream(
         ..Default::default()
     };
     // Transforms the TCP stream into an inbound transport.
-    let transport = handler.stream()?.handle(sess, Box::new(stream)).await?;
+    let transport = timeout(
+        Duration::from_secs(*crate::option::INBOUND_ACCEPT_TIMEOUT),
+        handler.stream()?.handle(sess, Box::new(stream)),
+    )
+    .await??;
     handle_inbound_transport(transport, handler, dispatcher, nat_manager).await;
     Ok(())
 }

leaf/src/option/mod.rs

@@ -137,6 +137,12 @@ lazy_static! {
         get_env_var_or("DATAGRAM_BUFFER_SIZE", 2)
     };
 
+    /// The timeout for an accepted inbound TCP connection to finish the proxy
+    /// protocol handshake.
+    pub static ref INBOUND_ACCEPT_TIMEOUT: u64 = {
+        get_env_var_or("INBOUND_ACCEPT_TIMEOUT", 60)
+    };
+
     pub static ref OUTBOUND_DIAL_TIMEOUT: u64 = {
         get_env_var_or("OUTBOUND_DIAL_TIMEOUT", 4)
     };