Make sure that closing one direction closes the other, too.

go.mod

@@ -9,7 +9,6 @@ require (
 	github.com/akamensky/argparse v1.4.0
 	github.com/go-ini/ini v1.67.0
 	github.com/landlock-lsm/go-landlock v0.0.0-20240216195629-efb66220540a
-	github.com/sourcegraph/conc v0.3.0
 	github.com/things-go/go-socks5 v0.0.5
 	golang.org/x/net v0.23.0
 	golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173

go.sum

@@ -12,8 +12,6 @@ github.com/landlock-lsm/go-landlock v0.0.0-20240216195629-efb66220540a h1:dz+a1M
 github.com/landlock-lsm/go-landlock v0.0.0-20240216195629-efb66220540a/go.mod h1:1NY/VPO8xm3hXw3f+M65z+PJDLUaZA5cu7OfanxoUzY=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
-github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/things-go/go-socks5 v0.0.5 h1:qvKaGcBkfDrUL33SchHN93srAmYGzb4CxSM2DPYufe8=

http.go

@@ -10,8 +10,6 @@ import (
 	"net"
 	"net/http"
 	"strings"
-
-	"github.com/sourcegraph/conc"
 )
 
 const proxyAuthHeaderKey = "Proxy-Authorization"
@@ -131,17 +129,19 @@ func (s *HTTPServer) serve(conn net.Conn) {
 		log.Println("dial proxy failed: peer nil")
 		return
 	}
+
 	go func() {
-		wg := conc.NewWaitGroup()
+		defer conn.Close()
-		wg.Go(func() {
+		defer peer.Close()
-			_, err = io.Copy(conn, peer)
+
-			_ = conn.Close()
+		io.Copy(conn, peer)
-		})
+	}()
-		wg.Go(func() {
+
-			_, err = io.Copy(peer, conn)
+	go func() {
-			_ = peer.Close()
+		defer conn.Close()
-		})
+		defer peer.Close()
-		wg.Wait()
+
+		io.Copy(peer, conn)
 	}()
 }
 

routine.go

@@ -24,7 +24,6 @@ import (
 	"sync"
 	"time"
 
-	"github.com/sourcegraph/conc"
 	"github.com/things-go/go-socks5"
 	"github.com/things-go/go-socks5/bufferpool"
 
@@ -190,6 +189,9 @@ func (c CredentialValidator) Valid(username, password string) bool {
 
 // connForward copy data from `from` to `to`
 func connForward(from io.ReadWriteCloser, to io.ReadWriteCloser) {
+	defer from.Close()
+	defer to.Close()
+
 	_, err := io.Copy(to, from)
 	if err != nil {
 		errorLogger.Printf("Cannot forward traffic: %s\n", err.Error())
@@ -212,20 +214,8 @@ func tcpClientForward(vt *VirtualTun, raddr *addressPort, conn net.Conn) {
 		return
 	}
 
-	go func() {
+	go connForward(sconn, conn)
-		wg := conc.NewWaitGroup()
+	go connForward(conn, sconn)
-		wg.Go(func() {
-			connForward(sconn, conn)
-		})
-		wg.Go(func() {
-			connForward(conn, sconn)
-		})
-		wg.Wait()
-		_ = sconn.Close()
-		_ = conn.Close()
-		sconn = nil
-		conn = nil
-	}()
 }
 
 // STDIOTcpForward starts a new connection via wireguard and forward traffic from `conn`
@@ -250,18 +240,8 @@ func STDIOTcpForward(vt *VirtualTun, raddr *addressPort) {
 		return
 	}
 
-	go func() {
+	go connForward(os.Stdin, sconn)
-		wg := conc.NewWaitGroup()
+	go connForward(sconn, stdout)
-		wg.Go(func() {
-			connForward(os.Stdin, sconn)
-		})
-		wg.Go(func() {
-			connForward(sconn, stdout)
-		})
-		wg.Wait()
-		_ = sconn.Close()
-		sconn = nil
-	}()
 }
 
 // SpawnRoutine spawns a local TCP server which acts as a proxy to the specified target
@@ -311,20 +291,9 @@ func tcpServerForward(vt *VirtualTun, raddr *addressPort, conn net.Conn) {
 		return
 	}
 
-	go func() {
+	go connForward(sconn, conn)
-		gr := conc.NewWaitGroup()
+	go connForward(conn, sconn)
-		gr.Go(func() {
+
-			connForward(sconn, conn)
-		})
-		gr.Go(func() {
-			connForward(conn, sconn)
-		})
-		gr.Wait()
-		_ = sconn.Close()
-		_ = conn.Close()
-		sconn = nil
-		conn = nil
-	}()
 }
 
 // SpawnRoutine spawns a TCP server on wireguard which acts as a proxy to the specified target