Add best-effort session close notifications on client shutdown

Author: masterking32

cmd/client/main.go

@@ -15,6 +15,7 @@ import (
 	"strings"
 	"sync"
 	"syscall"
+	"time"
 
 	"masterdnsvpn-go/internal/client"
 	"masterdnsvpn-go/internal/logger"
@@ -138,12 +139,24 @@ func main() {
 
 	log.Infof("\U0001F3AF <green>Client Bootstrap Ready</green>")
 
+	var sessionCloseOnce sync.Once
+	notifySessionClose := func() {
+		sessionCloseOnce.Do(func() {
+			app.BestEffortSessionClose(time.Second)
+		})
+	}
+
 	if !cfg.LocalDNSEnabled && !cfg.LocalSOCKS5Enabled && cfg.ProtocolType != "TCP" {
+		notifySessionClose()
 		return
 	}
 
 	runCtx, stop := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)
 	defer stop()
+	go func() {
+		<-runCtx.Done()
+		notifySessionClose()
+	}()
 
 	enabledListeners := enabledClientListenerCount(cfg.LocalDNSEnabled, cfg.LocalSOCKS5Enabled, cfg.ProtocolType)
 	errCh := make(chan error, enabledListeners)
@@ -162,6 +175,7 @@ func main() {
 	}
 
 	listenersWG.Wait()
+	notifySessionClose()
 	select {
 	case err := <-errCh:
 		exitWithStderrf("%v\n", err)

internal/client/client.go

@@ -70,6 +70,7 @@ type Client struct {
 	mtuOutputMu               sync.Mutex
 
 	exchangeQueryFn     func(Connection, []byte, time.Duration) ([]byte, error)
+	sendOneWayPacketFn  func(Connection, []byte, time.Time) error
 	fragmentLimits      sync.Map
 	stream0Runtime      *stream0Runtime
 	streamsMu           sync.RWMutex

internal/client/session_close.go

@@ -0,0 +1,125 @@
+// ==============================================================================
+// MasterDnsVPN
+// Author: MasterkinG32
+// Github: https://github.com/masterking32
+// Year: 2026
+// ==============================================================================
+
+package client
+
+import (
+	"sync"
+	"time"
+
+	Enums "masterdnsvpn-go/internal/enums"
+	VpnProto "masterdnsvpn-go/internal/vpnproto"
+)
+
+const (
+	sessionCloseFanoutLimit   = 10
+	sessionCloseDefaultWindow = time.Second
+)
+
+func (c *Client) BestEffortSessionClose(timeout time.Duration) {
+	if c == nil || !c.sessionReady || c.sessionID == 0 {
+		return
+	}
+
+	targets := c.activeSessionCloseTargets(sessionCloseFanoutLimit)
+	if len(targets) == 0 {
+		return
+	}
+
+	timeout = normalizeTimeout(timeout, sessionCloseDefaultWindow)
+	deadline := time.Now().Add(timeout)
+	queries := make(map[string][]byte, len(targets))
+
+	var wg sync.WaitGroup
+	done := make(chan struct{})
+	for _, conn := range targets {
+		query, ok := queries[conn.Domain]
+		if !ok {
+			built, err := c.buildSessionCloseQuery(conn.Domain)
+			if err != nil {
+				continue
+			}
+			query = built
+			queries[conn.Domain] = query
+		}
+
+		connCopy := conn
+		packetCopy := query
+		wg.Go(func() {
+			_ = c.sendOneWaySessionPacket(connCopy, packetCopy, deadline)
+		})
+	}
+
+	go func() {
+		wg.Wait()
+		close(done)
+	}()
+
+	timer := time.NewTimer(timeout)
+	defer timer.Stop()
+
+	select {
+	case <-done:
+	case <-timer.C:
+	}
+}
+
+func (c *Client) activeSessionCloseTargets(limit int) []Connection {
+	if c == nil || limit <= 0 {
+		return nil
+	}
+
+	limit = min(limit, sessionCloseFanoutLimit)
+	seen := make(map[string]struct{}, limit)
+	targets := make([]Connection, 0, limit)
+	candidateCount := min(len(c.connections), max(limit, limit*max(1, len(c.cfg.Domains))))
+
+	for _, conn := range c.balancer.GetUniqueConnections(candidateCount) {
+		if !conn.IsValid || conn.ResolverLabel == "" {
+			continue
+		}
+		if _, ok := seen[conn.ResolverLabel]; ok {
+			continue
+		}
+		seen[conn.ResolverLabel] = struct{}{}
+		targets = append(targets, conn)
+		if len(targets) >= limit {
+			return targets
+		}
+	}
+
+	for _, conn := range c.connections {
+		if !conn.IsValid || conn.ResolverLabel == "" {
+			continue
+		}
+		if _, ok := seen[conn.ResolverLabel]; ok {
+			continue
+		}
+		seen[conn.ResolverLabel] = struct{}{}
+		targets = append(targets, conn)
+		if len(targets) >= limit {
+			break
+		}
+	}
+
+	return targets
+}
+
+func (c *Client) buildSessionCloseQuery(domain string) ([]byte, error) {
+	return c.buildTunnelTXTQueryRaw(domain, VpnProto.BuildOptions{
+		SessionID:     c.sessionID,
+		PacketType:    Enums.PACKET_SESSION_CLOSE,
+		SessionCookie: c.sessionCookie,
+	})
+}
+
+func (c *Client) sendOneWaySessionPacket(connection Connection, packet []byte, deadline time.Time) error {
+	if c != nil && c.sendOneWayPacketFn != nil {
+		return c.sendOneWayPacketFn(connection, packet, deadline)
+	}
+	return sendOneWayUDPQuery(connection.ResolverLabel, packet, deadline)
+}

internal/client/session_close_test.go

@@ -0,0 +1,104 @@
+// ==============================================================================
+// MasterDnsVPN
+// Author: MasterkinG32
+// Github: https://github.com/masterking32
+// Year: 2026
+// ==============================================================================
+
+package client
+
+import (
+	"strconv"
+	"sync"
+	"testing"
+	"time"
+
+	"masterdnsvpn-go/internal/config"
+	"masterdnsvpn-go/internal/security"
+)
+
+func TestBestEffortSessionCloseUsesUpToTenUniqueResolvers(t *testing.T) {
+	resolvers := make([]config.ResolverAddress, 0, 12)
+	for idx := 1; idx <= 12; idx++ {
+		resolvers = append(resolvers, config.ResolverAddress{
+			IP:   "10.0.0." + strconv.Itoa(idx),
+			Port: 53,
+		})
+	}
+
+	codec, err := security.NewCodec(0, "")
+	if err != nil {
+		t.Fatalf("NewCodec returned error: %v", err)
+	}
+
+	c := New(config.ClientConfig{
+		Domains: []string{
+			"a.example.com",
+			"b.example.com",
+		},
+		Resolvers: resolvers,
+	}, nil, codec)
+	c.BuildConnectionMap()
+	c.sessionReady = true
+	c.sessionID = 7
+	c.sessionCookie = 9
+
+	var (
+		mu      sync.Mutex
+		targets = make(map[string]int)
+	)
+	c.sendOneWayPacketFn = func(conn Connection, packet []byte, deadline time.Time) error {
+		if conn.ResolverLabel == "" {
+			t.Fatal("resolver label must not be empty")
+		}
+		if len(packet) == 0 {
+			t.Fatal("session close packet must not be empty")
+		}
+		if deadline.IsZero() {
+			t.Fatal("session close deadline must be set")
+		}
+
+		mu.Lock()
+		targets[conn.ResolverLabel]++
+		mu.Unlock()
+		return nil
+	}
+
+	c.BestEffortSessionClose(50 * time.Millisecond)
+
+	if got := len(targets); got != 10 {
+		t.Fatalf("unexpected unique resolver fanout: got=%d want=10", got)
+	}
+	for resolverLabel, count := range targets {
+		if count != 1 {
+			t.Fatalf("resolver %s received duplicate shutdown notifications: %d", resolverLabel, count)
+		}
+	}
+}
+
+func TestBestEffortSessionCloseSkipsWithoutEstablishedSession(t *testing.T) {
+	codec, err := security.NewCodec(0, "")
+	if err != nil {
+		t.Fatalf("NewCodec returned error: %v", err)
+	}
+
+	c := New(config.ClientConfig{
+		Domains: []string{"a.example.com"},
+		Resolvers: []config.ResolverAddress{
+			{IP: "8.8.8.8", Port: 53},
+		},
+	}, nil, codec)
+	c.BuildConnectionMap()
+
+	var calls int
+	c.sendOneWayPacketFn = func(Connection, []byte, time.Time) error {
+		calls++
+		return nil
+	}
+
+	c.BestEffortSessionClose(20 * time.Millisecond)
+
+	if calls != 0 {
+		t.Fatalf("expected no shutdown packets without an established session, got=%d", calls)
+	}
+}

internal/client/tunnel_runtime.go

@@ -313,13 +313,16 @@ type udpQueryTransport struct {
 	buffer []byte
 }
 
-func newUDPQueryTransport(resolverLabel string) (*udpQueryTransport, error) {
+func dialUDPResolver(resolverLabel string) (*net.UDPConn, error) {
 	addr, err := net.ResolveUDPAddr("udp", resolverLabel)
 	if err != nil {
 		return nil, err
 	}
+	return net.DialUDP("udp", nil, addr)
+}
 
-	conn, err := net.DialUDP("udp", nil, addr)
+func newUDPQueryTransport(resolverLabel string) (*udpQueryTransport, error) {
+	conn, err := dialUDPResolver(resolverLabel)
 	if err != nil {
 		return nil, err
 	}
@@ -329,6 +332,24 @@ func newUDPQueryTransport(resolverLabel string) (*udpQueryTransport, error) {
 	}, nil
 }
 
+func sendOneWayUDPQuery(resolverLabel string, packet []byte, deadline time.Time) error {
+	if len(packet) == 0 {
+		return nil
+	}
+
+	conn, err := dialUDPResolver(resolverLabel)
+	if err != nil {
+		return err
+	}
+	defer conn.Close()
+
+	if err := conn.SetWriteDeadline(deadline); err != nil {
+		return err
+	}
+	_, err = conn.Write(packet)
+	return err
+}
+
 func exchangeUDPQuery(transport *udpQueryTransport, packet []byte, timeout time.Duration) ([]byte, error) {
 	if transport == nil || transport.conn == nil {
 		return nil, net.ErrClosed

internal/enums/dns.go

@@ -52,6 +52,7 @@ const (
 	PACKET_DNS_QUERY_RES                       = 0x2A
 	PACKET_DNS_QUERY_REQ_ACK                   = 0x2B
 	PACKET_DNS_QUERY_RES_ACK                   = 0x2C
+	PACKET_SESSION_CLOSE                       = 0x2D
 	PACKET_ERROR_DROP                          = 0xFF
 )
 

internal/enums/dns_names.go

@@ -112,6 +112,8 @@ func PacketTypeName(packetType uint8) string {
 		return "DNS_QUERY_REQ_ACK"
 	case PACKET_DNS_QUERY_RES_ACK:
 		return "DNS_QUERY_RES_ACK"
+	case PACKET_SESSION_CLOSE:
+		return "SESSION_CLOSE"
 	case PACKET_ERROR_DROP:
 		return "ERROR_DROP"
 	default: