Use gated fabric sessions for VPN transport

agents/rap-node-agent/internal/vpnruntime/fabric_session_transport.go

@@ -70,7 +70,52 @@ func (t *FabricSessionPacketTransport) ReceiveGatewayPacketBatch(ctx context.Con
 	if direction == "" {
 		direction = FabricDirectionClientToGateway
 	}
-	return t.Inbox.Receive(ctx, t.VPNConnectionID, direction, timeout)
+	if packets, err := t.Inbox.Receive(ctx, t.VPNConnectionID, direction, 5*time.Millisecond); err != nil || len(packets) > 0 {
+		return packets, err
+	}
+	if t.Receiver == nil {
+		return t.Inbox.Receive(ctx, t.VPNConnectionID, direction, timeout)
+	}
+	if timeout <= 0 {
+		timeout = 25 * time.Second
+	}
+	timer := time.NewTimer(timeout)
+	defer timer.Stop()
+	frames := t.Receiver.Frames()
+	errorsCh := t.Receiver.Errors()
+	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		case <-timer.C:
+			return nil, nil
+		case err, ok := <-errorsCh:
+			if !ok {
+				errorsCh = nil
+				continue
+			}
+			if err != nil {
+				return nil, err
+			}
+		case frame, ok := <-frames:
+			if !ok {
+				return t.Inbox.Receive(ctx, t.VPNConnectionID, direction, 5*time.Millisecond)
+			}
+			if frame.Type != fabricproto.FrameData || (t.StreamID != 0 && frame.StreamID != t.StreamID) {
+				continue
+			}
+			payload, err := DecodeFabricVPNPacketDataFrame(frame)
+			if err != nil {
+				return nil, err
+			}
+			if payload.VPNConnectionID == t.VPNConnectionID && payload.Direction == direction {
+				return cleanPacketBatch(payload.Packets), nil
+			}
+			if err := t.Inbox.DeliverFabricSessionFrame(ctx, frame); err != nil {
+				return nil, err
+			}
+		}
+	}
 }
 
 func (t *FabricSessionPacketTransport) RunFrameIngress(ctx context.Context) error {