From 901058c29397bf4948a8611b6794b057d207da8a Mon Sep 17 00:00:00 2001
From: nullchinchilla <nullchinchilla@pm.me>
Date: Wed, 15 Jan 2025 21:01:01 -0500
Subject: [PATCH] truly randomize listening ports for bridges

---
 binaries/geph5-bridge/src/listen_forward.rs | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/binaries/geph5-bridge/src/listen_forward.rs b/binaries/geph5-bridge/src/listen_forward.rs
index 034b3ce..60c4266 100644
--- a/binaries/geph5-bridge/src/listen_forward.rs
+++ b/binaries/geph5-bridge/src/listen_forward.rs
@@ -18,6 +18,7 @@ use geph5_misc_rpc::bridge::{B2eMetadata, BridgeControlProtocol, BridgeControlSe
 use moka::future::Cache;
 use once_cell::sync::Lazy;
 use picomux::{PicoMux, Stream};
+use rand::Rng;
 use sillad::{dialer::Dialer, listener::Listener, tcp::TcpListener, Pipe};
 use smol::future::FutureExt as _;
 use smol::io::AsyncWriteExt;
@@ -52,9 +53,7 @@ impl BridgeControlProtocol for State {
 
         MAPPING
             .get_with((b2e_dest, metadata.clone()), async {
-                let listener = TcpListener::bind("0.0.0.0:0".parse().unwrap())
-                    .await
-                    .unwrap();
+                let listener = random_tcp_listener().await;
                 let addr = listener
                     .local_addr()
                     .await
@@ -67,6 +66,19 @@ impl BridgeControlProtocol for State {
     }
 }
 
+async fn random_tcp_listener() -> TcpListener {
+    let rando = rand::thread_rng().gen_range(2048u16..65535);
+    loop {
+        match TcpListener::bind(format!("0.0.0.0:{rando}").parse().unwrap()).await {
+            Ok(listener) => return listener,
+            Err(err) => {
+                smol::Timer::after(Duration::from_millis(100)).await;
+                tracing::warn!(rando, err = debug(err), "retrying a bind...")
+            }
+        }
+    }
+}
+
 async fn handle_one_listener(
     mut listener: impl Listener,
     b2e_dest: SocketAddr,