Fix 3 bugs in preflight e2e: timeout explosion, double-kill, shadowing

- Limit preflight to 3 resolver attempts (was 18 × 20s = 6min worst case)
- Replace defer+explicit double-kill with single cleanup() function
- Rename shadowed e2eTimeout variable to preflightTimeout

Author: SamNet-dev

cmd/scan.go

@@ -248,8 +248,8 @@ func printPreFlight(ipCount int, domain, pubkey, testURL, proxyAuth, dnsttBin, s
 	// Preflight e2e: test tunnel connectivity with a known-good resolver
 	if dnsttBin != "" && domain != "" && pubkey != "" {
 		fmt.Fprintf(w, "    %s…%s Tunnel preflight: testing dnstt-server connectivity...\n", colorDim, colorReset)
-		e2eTimeout := time.Duration(e2eTimeout) * time.Second
-		result := scanner.PreflightE2E(dnsttBin, domain, pubkey, testURL, proxyAuth, e2eTimeout)
+		preflightTimeout := time.Duration(e2eTimeout) * time.Second
+		result := scanner.PreflightE2E(dnsttBin, domain, pubkey, testURL, proxyAuth, preflightTimeout)
 		if result.OK {
 			fmt.Fprintf(w, "\r\033[2K\033[A\033[2K    %s\u2714%s Tunnel preflight: %sconnected via %s%s\n",
 				colorGreen, colorReset, colorGreen, result.Resolver, colorReset)

internal/scanner/e2e.go

@@ -395,23 +395,30 @@ type PreflightE2EResult struct {
 
 // PreflightE2E runs a single e2e tunnel test against known-good resolvers
 // to verify that the dnstt-server is reachable before scanning thousands of IPs.
-// It tries preflightResolvers in order and returns on the first success.
+// It tries up to 3 resolvers with the full timeout, then stops.
+// This avoids waiting 18×20s if the server is actually down.
 func PreflightE2E(bin, domain, pubkey, testURL, proxyAuth string, timeout time.Duration) PreflightE2EResult {
 	if testURL == "" {
 		testURL = defaultTestURL
 	}
 	port := 29999 // dedicated port for preflight, outside normal pool range
 
-	for _, resolver := range preflightResolvers {
-		result := preflightSingle(bin, resolver, domain, pubkey, testURL, proxyAuth, port, timeout)
-		if result.OK {
-			return result
+	maxAttempts := 3
+	if maxAttempts > len(preflightResolvers) {
+		maxAttempts = len(preflightResolvers)
+	}
+
+	var lastResult PreflightE2EResult
+	for i := 0; i < maxAttempts; i++ {
+		lastResult = preflightSingle(bin, preflightResolvers[i], domain, pubkey, testURL, proxyAuth, port, timeout)
+		if lastResult.OK {
+			return lastResult
 		}
 	}
 
 	return PreflightE2EResult{
 		OK:  false,
-		Err: fmt.Sprintf("tunnel test failed via all preflight resolvers (%v) — dnstt-server may not be running or is misconfigured", preflightResolvers),
+		Err: fmt.Sprintf("tunnel test failed via %d resolvers — dnstt-server may not be running or is misconfigured", maxAttempts),
 	}
 }
 
@@ -438,24 +445,22 @@ func preflightSingle(bin, resolver, domain, pubkey, testURL, proxyAuth string, p
 		close(exited)
 	}()
 
-	defer func() {
+	// cleanup: kill process and wait for exit before returning
+	cleanup := func() {
 		cmd.Process.Kill()
 		select {
 		case <-exited:
 		case <-time.After(2 * time.Second):
 		}
-	}()
+	}
 
 	if waitAndTestSOCKS(ctx, port, testURL, proxyAuth, exited, timeout) {
+		cleanup()
 		return PreflightE2EResult{OK: true, Resolver: resolver}
 	}
 
 	// Kill and wait to safely read stderr
-	cmd.Process.Kill()
-	select {
-	case <-exited:
-	case <-time.After(2 * time.Second):
-	}
+	cleanup()
 	stderr := strings.TrimSpace(stderrBuf.String())
 	if stderr != "" {
 		return PreflightE2EResult{Resolver: resolver, Stderr: truncate(stderr, 300), Err: "dnstt-client error: " + truncate(stderr, 200)}