diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 57a0d2a7..d4ad1c6c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -51,7 +51,7 @@ jobs: strategy: fail-fast: false matrix: - goversion: ["1.21", "1.22", "1.23"] + goversion: ["1.23", "1.24"] name: Build & Test (Linux, Go ${{ matrix.goversion }}) needs: [lint] @@ -75,7 +75,7 @@ jobs: strategy: fail-fast: false matrix: - goversion: ["1.21", "1.22", "1.23"] + goversion: ["1.23", "1.24"] name: Build & Test (Windows, Go ${{ matrix.goversion }}) needs: [lint] @@ -99,7 +99,7 @@ jobs: strategy: fail-fast: false matrix: - goversion: ["1.21", "1.22", "1.23"] + goversion: ["1.23", "1.24"] name: Build & Test (macOS, Go ${{ matrix.goversion }}) needs: [lint] @@ -123,7 +123,7 @@ jobs: strategy: fail-fast: false matrix: - goversion: ["1.21", "1.22", "1.23"] + goversion: ["1.23", "1.24"] goos: - freebsd - openbsd diff --git a/.github/workflows/pkg.yml b/.github/workflows/pkg.yml index 1484618e..c2074df6 100644 --- a/.github/workflows/pkg.yml +++ b/.github/workflows/pkg.yml @@ -16,7 +16,7 @@ jobs: name: Package (Debian, ${{ matrix.pkgarch }}) - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: @@ -110,7 +110,7 @@ jobs: name: Package (Router, ${{ matrix.pkgarch }}) - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: diff --git a/CHANGELOG.md b/CHANGELOG.md index c442353e..c7ac1d80 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,36 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - in case of vulnerabilities. --> +## [0.5.12] - 2024-12-18 + +* Go 1.22 is now required to build Yggdrasil + +### Changed + +* The `latency_ms` field in the admin socket `getPeers` response has been renamed to `latency` + +### Fixed + +* A timing regression which causes a higher level of idle protocol traffic on each peering has been fixed +* The `-user` flag now correctly detects an empty user/group specification + +## [0.5.11] - 2024-12-12 + +### Added + +* Support for `unveil` and `pledge` on OpenBSD + +### Changed + +* The parent selection algorithm now only chooses a new parent if there is a larger cost benefit to doing so, which should help to stabilise the tree +* The bloom filters are now repropagated periodically, to avoid nodes getting stuck with bad state + +### Fixed + +* A memory leak caused by missed cleanup of the peer response map has been fixed +* Other bug fixes with bloom filter propagation for off-tree filters and zero vs one bits +* TLS-based peering connections now support TLS 1.2 again + ## [0.5.10] - 2024-11-24 ### Added diff --git a/README.md b/README.md index 8449f073..09b6c227 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ or tools in the `contrib` folder. If you want to build from source, as opposed to installing one of the pre-built packages: -1. Install [Go](https://golang.org) (requires Go 1.21 or later) +1. Install [Go](https://golang.org) (requires Go 1.22 or later) 2. Clone this repository 2. Run `./build` @@ -81,11 +81,9 @@ Documentation is available [on our website](https://yggdrasil-network.github.io) - [Frequently asked questions](https://yggdrasil-network.github.io/faq.html) - [Version changelog](CHANGELOG.md) -## Community +## Communities -Feel free to join us on our [Matrix -channel](https://matrix.to/#/#yggdrasil:matrix.org) at `#yggdrasil:matrix.org` -or in the `#yggdrasil` IRC channel on [libera.chat](https://libera.chat). +A number of IRC communities exist, including the `#yggdrasil` IRC channel on [libera.chat](https://libera.chat) and various others on [Yggdrasil-internal IRC networks](https://yggdrasil-network.github.io/services.html#irc). ## License diff --git a/cmd/genkeys/main.go b/cmd/genkeys/main.go index 36107c0a..2d007cb8 100644 --- a/cmd/genkeys/main.go +++ b/cmd/genkeys/main.go @@ -18,18 +18,27 @@ import ( "runtime" "time" + "suah.dev/protect" + "github.com/yggdrasil-network/yggdrasil-go/src/address" ) type keySet struct { priv ed25519.PrivateKey pub ed25519.PublicKey + count uint64 } func main() { + if err := protect.Pledge("stdio"); err != nil { + panic(err) + } + threads := runtime.GOMAXPROCS(0) fmt.Println("Threads:", threads) start := time.Now() + var totalKeys uint64 + totalKeys = 0 var currentBest ed25519.PublicKey newKeys := make(chan keySet, threads) for i := 0; i < threads; i++ { @@ -38,8 +47,9 @@ func main() { for { newKey := <-newKeys if isBetter(currentBest, newKey.pub) || len(currentBest) == 0 { + totalKeys += newKey.count currentBest = newKey.pub - fmt.Println("-----", time.Since(start)) + fmt.Println("-----", time.Since(start), "---", totalKeys, "keys tried") fmt.Println("Priv:", hex.EncodeToString(newKey.priv)) fmt.Println("Pub:", hex.EncodeToString(newKey.pub)) addr := address.AddrForKey(newKey.pub) @@ -62,11 +72,14 @@ func isBetter(oldPub, newPub ed25519.PublicKey) bool { func doKeys(out chan<- keySet) { bestKey := make(ed25519.PublicKey, ed25519.PublicKeySize) + var count uint64 + count = 0 for idx := range bestKey { bestKey[idx] = 0xff } for { pub, priv, err := ed25519.GenerateKey(nil) + count++ if err != nil { panic(err) } @@ -74,6 +87,7 @@ func doKeys(out chan<- keySet) { continue } bestKey = pub - out <- keySet{priv, pub} + out <- keySet{priv, pub, count} + count = 0 } } diff --git a/cmd/yggdrasil/chuser_unix.go b/cmd/yggdrasil/chuser_unix.go index fc3e5c2c..24a706df 100644 --- a/cmd/yggdrasil/chuser_unix.go +++ b/cmd/yggdrasil/chuser_unix.go @@ -14,6 +14,12 @@ import ( func chuser(input string) error { givenUser, givenGroup, _ := strings.Cut(input, ":") + if givenUser == "" { + return fmt.Errorf("user is empty") + } + if strings.Contains(input, ":") && givenGroup == "" { + return fmt.Errorf("group is empty") + } var ( err error diff --git a/cmd/yggdrasil/chuser_unix_test.go b/cmd/yggdrasil/chuser_unix_test.go index ad2e3517..fc624ac2 100644 --- a/cmd/yggdrasil/chuser_unix_test.go +++ b/cmd/yggdrasil/chuser_unix_test.go @@ -4,33 +4,33 @@ package main import ( - "testing" "os/user" + "testing" ) // Usernames must not contain a number sign. -func TestEmptyString (t *testing.T) { +func TestEmptyString(t *testing.T) { if chuser("") == nil { t.Fatal("the empty string is not a valid user") } } // Either omit delimiter and group, or omit both. -func TestEmptyGroup (t *testing.T) { +func TestEmptyGroup(t *testing.T) { if chuser("0:") == nil { t.Fatal("the empty group is not allowed") } } // Either user only or user and group. -func TestGroupOnly (t *testing.T) { +func TestGroupOnly(t *testing.T) { if chuser(":0") == nil { t.Fatal("group only is not allowed") } } // Usenames must not contain the number sign. -func TestInvalidUsername (t *testing.T) { +func TestInvalidUsername(t *testing.T) { const username = "#user" if chuser(username) == nil { t.Fatalf("'%s' is not a valid username", username) @@ -38,14 +38,14 @@ func TestInvalidUsername (t *testing.T) { } // User IDs must be non-negative. -func TestInvalidUserid (t *testing.T) { +func TestInvalidUserid(t *testing.T) { if chuser("-1") == nil { t.Fatal("User ID cannot be negative") } } // Change to the current user by ID. -func TestCurrentUserid (t *testing.T) { +func TestCurrentUserid(t *testing.T) { usr, err := user.Current() if err != nil { t.Fatal(err) @@ -61,7 +61,7 @@ func TestCurrentUserid (t *testing.T) { } // Change to a common user by name. -func TestCommonUsername (t *testing.T) { +func TestCommonUsername(t *testing.T) { usr, err := user.Current() if err != nil { t.Fatal(err) diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go index 3ec6414c..b3c9151d 100644 --- a/cmd/yggdrasil/main.go +++ b/cmd/yggdrasil/main.go @@ -14,6 +14,8 @@ import ( "strings" "syscall" + "suah.dev/protect" + "github.com/gologme/log" gsyslog "github.com/hashicorp/go-syslog" "github.com/hjson/hjson-go/v4" @@ -39,6 +41,20 @@ type node struct { // The main function is responsible for configuring and starting Yggdrasil. func main() { + // Not all operations are coverable with pledge(2), so immediately + // limit file system access with unveil(2), effectively preventing + // "proc exec" promises right from the start: + // + // - read arbitrary config file + // - create/write arbitrary log file + // - read/write/chmod/remove admin socket, if at all + if err := protect.Unveil("/", "rwc"); err != nil { + panic(fmt.Sprintf("unveil: / rwc: %v", err)) + } + if err := protect.UnveilBlock(); err != nil { + panic(fmt.Sprintf("unveil: %v", err)) + } + genconf := flag.Bool("genconf", false, "print a new config to stdout") useconf := flag.Bool("useconf", false, "read HJSON/JSON config from stdin") useconffile := flag.String("useconffile", "", "read HJSON/JSON config from specified file path") @@ -296,6 +312,21 @@ func main() { } } + // Promise final modes of operation. At this point, if at all: + // - raw socket is created/open + // - admin socket is created/open + // - privileges are dropped to non-root user + // + // Peers, InterfacePeers, Listen can be UNIX sockets; + // Go's net.Listen.Close() deletes files on shutdown. + promises := []string{"stdio", "cpath", "inet", "unix", "dns"} + if len(cfg.MulticastInterfaces) > 0 { + promises = append(promises, "mcast") + } + if err := protect.Pledge(strings.Join(promises, " ")); err != nil { + panic(fmt.Sprintf("pledge: %v: %v", promises, err)) + } + // Block until we are told to shut down. <-ctx.Done() diff --git a/cmd/yggdrasilctl/main.go b/cmd/yggdrasilctl/main.go index ca0bce1a..51c25dcd 100644 --- a/cmd/yggdrasilctl/main.go +++ b/cmd/yggdrasilctl/main.go @@ -13,6 +13,8 @@ import ( "strings" "time" + "suah.dev/protect" + "github.com/olekukonko/tablewriter" "github.com/yggdrasil-network/yggdrasil-go/src/admin" "github.com/yggdrasil-network/yggdrasil-go/src/core" @@ -22,6 +24,11 @@ import ( ) func main() { + // read config, speak DNS/TCP and/or over a UNIX socket + if err := protect.Pledge("stdio rpath inet unix dns"); err != nil { + panic(err) + } + // makes sure we can use defer and still return an error code to the OS os.Exit(run()) } @@ -78,6 +85,11 @@ func run() int { panic(err) } + // config and socket are done, work without unprivileges + if err := protect.Pledge("stdio"); err != nil { + panic(err) + } + logger.Println("Connected") defer conn.Close() diff --git a/contrib/apparmor/usr.bin.yggdrasilctl b/contrib/apparmor/usr.bin.yggdrasilctl new file mode 100644 index 00000000..2f2c8366 --- /dev/null +++ b/contrib/apparmor/usr.bin.yggdrasilctl @@ -0,0 +1,11 @@ +# Last Modified: Mon Feb 3 22:19:45 2025 +include + +/usr/bin/yggdrasilctl { + include + + /etc/yggdrasil.conf rw, + /run/yggdrasil.sock rw, + owner /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r, + +} diff --git a/contrib/mobile/mobile.go b/contrib/mobile/mobile.go index abc89f1c..72ea7d68 100644 --- a/contrib/mobile/mobile.go +++ b/contrib/mobile/mobile.go @@ -1,6 +1,7 @@ package mobile import ( + "crypto/ed25519" "encoding/hex" "encoding/json" "net" @@ -273,3 +274,28 @@ func (m *Yggdrasil) GetMTU() int { func GetVersion() string { return version.BuildVersion() } + +type ConfigSummary struct { + PublicKey string + IPv6Address string + IPv6Subnet string +} + +func SummaryForConfig(b []byte) *ConfigSummary { + cfg := config.GenerateConfig() + if err := cfg.UnmarshalHJSON(b); err != nil { + return nil + } + pub := ed25519.PrivateKey(cfg.PrivateKey).Public().(ed25519.PublicKey) + hpub := hex.EncodeToString(pub) + addr := net.IP(address.AddrForKey(pub)[:]) + snet := net.IPNet{ + IP: append(address.SubnetForKey(pub)[:], 0, 0, 0, 0, 0, 0, 0, 0), + Mask: net.CIDRMask(64, 128), + } + return &ConfigSummary{ + PublicKey: hpub, + IPv6Address: addr.String(), + IPv6Subnet: snet.String(), + } +} diff --git a/contrib/openrc/yggdrasil b/contrib/openrc/yggdrasil index 4a2e0a13..aece8ecb 100755 --- a/contrib/openrc/yggdrasil +++ b/contrib/openrc/yggdrasil @@ -6,7 +6,6 @@ CONFFILE="/etc/yggdrasil.conf" pidfile="/run/${RC_SVCNAME}.pid" command="/usr/bin/yggdrasil" -extra_started_commands="reload" depend() { use net dns logger @@ -42,12 +41,6 @@ start() { eend $? } -reload() { - ebegin "Reloading ${RC_SVCNAME}" - start-stop-daemon --signal HUP --pidfile "${pidfile}" - eend $? -} - stop() { ebegin "Stopping ${RC_SVCNAME}" start-stop-daemon --stop --pidfile "${pidfile}" --exec "${command}" diff --git a/go.mod b/go.mod index 987a3554..653342f3 100644 --- a/go.mod +++ b/go.mod @@ -1,25 +1,27 @@ module github.com/yggdrasil-network/yggdrasil-go -go 1.21 +go 1.23.1 + +toolchain go1.24.2 require ( - github.com/Arceliar/ironwood v0.0.0-20241122002527-75a6e82fa380 + github.com/Arceliar/ironwood v0.0.0-20241213013129-743fe2fccbd3 github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d github.com/cheggaaa/pb/v3 v3.1.5 - github.com/coder/websocket v1.8.12 + github.com/coder/websocket v1.8.13 github.com/gologme/log v1.3.0 github.com/hashicorp/go-syslog v1.0.0 - github.com/hjson/hjson-go/v4 v4.4.0 + github.com/hjson/hjson-go/v4 v4.5.0 github.com/kardianos/minwinsvc v1.0.2 - github.com/quic-go/quic-go v0.46.0 + github.com/quic-go/quic-go v0.52.0 github.com/vishvananda/netlink v1.3.0 github.com/wlynxg/anet v0.0.5 - golang.org/x/crypto v0.29.0 - golang.org/x/net v0.31.0 - golang.org/x/sys v0.27.0 - golang.org/x/text v0.20.0 + golang.org/x/crypto v0.39.0 + golang.org/x/net v0.41.0 + golang.org/x/sys v0.33.0 + golang.org/x/text v0.26.0 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 - golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 + golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb golang.zx2c4.com/wireguard/windows v0.5.3 ) @@ -31,18 +33,18 @@ require ( github.com/mattn/go-colorable v0.1.13 // indirect github.com/onsi/ginkgo/v2 v2.9.5 // indirect github.com/rivo/uniseg v0.2.0 // indirect - go.uber.org/mock v0.4.0 // indirect - golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect - golang.org/x/mod v0.19.0 // indirect - golang.org/x/sync v0.9.0 // indirect - golang.org/x/tools v0.23.0 // indirect + go.uber.org/mock v0.5.0 // indirect + golang.org/x/mod v0.25.0 // indirect + golang.org/x/sync v0.15.0 // indirect + golang.org/x/tools v0.33.0 // indirect ) require ( github.com/VividCortex/ewma v1.2.0 // indirect - github.com/fatih/color v1.15.0 // indirect - github.com/mattn/go-isatty v0.0.19 // indirect - github.com/mattn/go-runewidth v0.0.15 // indirect + github.com/fatih/color v1.18.0 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-runewidth v0.0.16 // indirect github.com/olekukonko/tablewriter v0.0.5 - github.com/vishvananda/netns v0.0.4 // indirect + github.com/vishvananda/netns v0.0.5 // indirect + suah.dev/protect v1.2.4 ) diff --git a/go.sum b/go.sum index 8531a2a3..b94a9073 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/Arceliar/ironwood v0.0.0-20241122002527-75a6e82fa380 h1:WRLvBMWzs6NOiPUYA7fMu8XqZFg/clXKorUumfbJNv0= -github.com/Arceliar/ironwood v0.0.0-20241122002527-75a6e82fa380/go.mod h1:SrrElc3FFMpYCODSr11jWbLFeOM8WsY+DbDY/l2AXF0= +github.com/Arceliar/ironwood v0.0.0-20241213013129-743fe2fccbd3 h1:d8N0z+udAnbU5PdjpLSNPTWlqeU/nnYsQ42B6+879aw= +github.com/Arceliar/ironwood v0.0.0-20241213013129-743fe2fccbd3/go.mod h1:SrrElc3FFMpYCODSr11jWbLFeOM8WsY+DbDY/l2AXF0= github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d h1:UK9fsWbWqwIQkMCz1CP+v5pGbsGoWAw6g4AyvMpm1EM= github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d/go.mod h1:BCnxhRf47C/dy/e/D2pmB8NkB3dQVIrkD98b220rx5Q= github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow= @@ -14,13 +14,13 @@ github.com/cheggaaa/pb/v3 v3.1.5/go.mod h1:CrxkeghYTXi1lQBEI7jSn+3svI3cuc19haAj6 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/coder/websocket v1.8.12 h1:5bUXkEPPIbewrnkU8LTCLVaxi4N4J8ahufH2vlo4NAo= -github.com/coder/websocket v1.8.12/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs= +github.com/coder/websocket v1.8.13 h1:f3QZdXy7uGVz+4uCJy2nTZyM0yTBj8yANEHhqlXZ9FE= +github.com/coder/websocket v1.8.13/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= -github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= @@ -29,27 +29,27 @@ github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/gologme/log v1.3.0 h1:l781G4dE+pbigClDSDzSaaYKtiueHCILUa/qSDsmHAo= github.com/gologme/log v1.3.0/go.mod h1:yKT+DvIPdDdDoPtqFrFxheooyVmoqi0BAsw+erN3wA4= -github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= -github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= +github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= +github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/hashicorp/go-syslog v1.0.0 h1:KaodqZuhUoZereWVIYmpUgZysurB1kBLX2j0MwMrUAE= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= -github.com/hjson/hjson-go/v4 v4.4.0 h1:D/NPvqOCH6/eisTb5/ztuIS8GUvmpHaLOcNk1Bjr298= -github.com/hjson/hjson-go/v4 v4.4.0/go.mod h1:KaYt3bTw3zhBjYqnXkYywcYctk0A2nxeEFTse3rH13E= +github.com/hjson/hjson-go/v4 v4.5.0 h1:ZHLiZ+HaGqPOtEe8T6qY8QHnoEsAeBv8wqxniQAp+CY= +github.com/hjson/hjson-go/v4 v4.5.0/go.mod h1:4zx6c7Y0vWcm8IRyVoQJUHAPJLXLvbG6X8nk1RLigSo= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/kardianos/minwinsvc v1.0.2 h1:JmZKFJQrmTGa/WiW+vkJXKmfzdjabuEW4Tirj5lLdR0= github.com/kardianos/minwinsvc v1.0.2/go.mod h1:LUZNYhNmxujx2tR7FbdxqYJ9XDDoCd3MQcl1o//FWl4= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= -github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= -github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= +github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q= @@ -58,50 +58,51 @@ github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/quic-go/quic-go v0.46.0 h1:uuwLClEEyk1DNvchH8uCByQVjo3yKL9opKulExNDs7Y= -github.com/quic-go/quic-go v0.46.0/go.mod h1:1dLehS7TIR64+vxGR70GDcatWTOtMX2PUtnKsjbTurI= +github.com/quic-go/quic-go v0.52.0 h1:/SlHrCRElyaU6MaEPKqKr9z83sBg2v4FLLvWM+Z47pA= +github.com/quic-go/quic-go v0.52.0/go.mod h1:MFlGGpcpJqRAfmYi6NC2cptDPSxRWTOGNuP4wqrWmzQ= github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/twmb/murmur3 v1.1.6 h1:mqrRot1BRxm+Yct+vavLMou2/iJt0tNVTTC0QoIjaZg= github.com/twmb/murmur3 v1.1.6/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ= github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk= github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= -github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= +github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY= +github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= github.com/wlynxg/anet v0.0.5 h1:J3VJGi1gvo0JwZ/P1/Yc/8p63SoW98B5dHkYDmpgvvU= github.com/wlynxg/anet v0.0.5/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA= -go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU= -go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc= -golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= -golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= -golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= -golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= -golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= -golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= -golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU= +go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM= +golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= +golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= +golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w= +golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= +golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= +golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= +golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8= +golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= -golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= -golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= -golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= +golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= +golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc= +golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI= golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg= golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI= -golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 h1:/jFs0duh4rdb8uIfPMv78iAJGcPKDeqAFnaLBropIC4= -golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173/go.mod h1:tkCQ4FQXmpAgYVh++1cq16/dH4QJtmvpRv19DWGAHSA= +golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb h1:whnFRlWMcXI9d+ZbWg+4sHnLp52d5yiIPUxMBSt4X9A= +golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb/go.mod h1:rpwXGsirqLqN2L0JDJQlwOboGHmptD5ZD6T2VmcqhTw= golang.zx2c4.com/wireguard/windows v0.5.3 h1:On6j2Rpn3OEMXqBq00QEDC7bWSZrPIHKIus8eIuExIE= golang.zx2c4.com/wireguard/windows v0.5.3/go.mod h1:9TEe8TJmtwyQebdFwAkEWOPr3prrtqm+REGFifP60hI= google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= @@ -110,5 +111,7 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 h1:TbRPT0HtzFP3Cno1zZo7yPzEEnfu8EjLfl6IU9VfqkQ= -gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259/go.mod h1:AVgIgHMwK63XvmAzWG9vLQ41YnVHN0du0tEC46fI7yY= +gvisor.dev/gvisor v0.0.0-20250503011706-39ed1f5ac29c h1:m/r7OM+Y2Ty1sgBQ7Qb27VgIMBW8ZZhT4gLnUyDIhzI= +gvisor.dev/gvisor v0.0.0-20250503011706-39ed1f5ac29c/go.mod h1:3r5CMtNQMKIvBlrmM9xWUNamjKBYPOWyXOjmg5Kts3g= +suah.dev/protect v1.2.4 h1:iVZG/zQB63FKNpITDYM/cXoAeCTIjCiXHuFVByJFDzg= +suah.dev/protect v1.2.4/go.mod h1:vVrquYO3u1Ep9Ez2z8x+6N6/czm+TBmWKZfiXU2tb54= diff --git a/src/address/address.go b/src/address/address.go index d56be80d..c9581c70 100644 --- a/src/address/address.go +++ b/src/address/address.go @@ -113,7 +113,7 @@ func SubnetForKey(publicKey ed25519.PublicKey) *Subnet { return &snet } -// GetKet returns the partial ed25519.PublicKey for the Address. +// GetKey returns the partial ed25519.PublicKey for the Address. // This is used for key lookup. func (a *Address) GetKey() ed25519.PublicKey { var key [ed25519.PublicKeySize]byte @@ -141,7 +141,7 @@ func (a *Address) GetKey() ed25519.PublicKey { return ed25519.PublicKey(key[:]) } -// GetKet returns the partial ed25519.PublicKey for the Subnet. +// GetKey returns the partial ed25519.PublicKey for the Subnet. // This is used for key lookup. func (s *Subnet) GetKey() ed25519.PublicKey { var addr Address diff --git a/src/admin/getpeers.go b/src/admin/getpeers.go index 34eca243..0384b792 100644 --- a/src/admin/getpeers.go +++ b/src/admin/getpeers.go @@ -31,7 +31,7 @@ type PeerEntry struct { RXRate DataUnit `json:"rate_recvd,omitempty"` TXRate DataUnit `json:"rate_sent,omitempty"` Uptime float64 `json:"uptime,omitempty"` - Latency time.Duration `json:"latency_ms,omitempty"` + Latency time.Duration `json:"latency,omitempty"` LastErrorTime time.Duration `json:"last_error_time,omitempty"` LastError string `json:"last_error,omitempty"` } diff --git a/src/core/link.go b/src/core/link.go index f30016f9..dce19278 100644 --- a/src/core/link.go +++ b/src/core/link.go @@ -28,7 +28,7 @@ const ( ) const defaultBackoffLimit = time.Second << 12 // 1h8m16s -const minimumBackoffLimit = time.Second * 30 +const minimumBackoffLimit = time.Second * 5 type links struct { phony.Inbox diff --git a/src/core/link_quic.go b/src/core/link_quic.go index ffb69a6d..d23ab184 100644 --- a/src/core/link_quic.go +++ b/src/core/link_quic.go @@ -54,6 +54,8 @@ func (l *linkQUIC) dial(ctx context.Context, url *url.URL, info linkInfo, option tlsconfig := l.tlsconfig.Clone() return l.links.findSuitableIP(url, func(hostname string, ip net.IP, port int) (net.Conn, error) { tlsconfig.ServerName = hostname + tlsconfig.MinVersion = tls.VersionTLS12 + tlsconfig.MaxVersion = tls.VersionTLS13 hostport := net.JoinHostPort(ip.String(), fmt.Sprintf("%d", port)) qc, err := quic.DialAddr(ctx, hostport, l.tlsconfig, l.quicconfig) if err != nil { diff --git a/src/core/link_socks.go b/src/core/link_socks.go index f33cd190..495c8233 100644 --- a/src/core/link_socks.go +++ b/src/core/link_socks.go @@ -51,6 +51,8 @@ func (l *linkSOCKS) dial(_ context.Context, url *url.URL, info linkInfo, options } if url.Scheme == "sockstls" { tlsconfig.ServerName = hostname + tlsconfig.MinVersion = tls.VersionTLS12 + tlsconfig.MaxVersion = tls.VersionTLS13 if sni := options.tlsSNI; sni != "" { tlsconfig.ServerName = sni } diff --git a/src/core/link_tls.go b/src/core/link_tls.go index da3c7791..55da8597 100644 --- a/src/core/link_tls.go +++ b/src/core/link_tls.go @@ -35,6 +35,8 @@ func (l *linkTLS) dial(ctx context.Context, url *url.URL, info linkInfo, options tlsconfig := l.config.Clone() return l.links.findSuitableIP(url, func(hostname string, ip net.IP, port int) (net.Conn, error) { tlsconfig.ServerName = hostname + tlsconfig.MinVersion = tls.VersionTLS12 + tlsconfig.MaxVersion = tls.VersionTLS13 if sni := options.tlsSNI; sni != "" { tlsconfig.ServerName = sni } diff --git a/src/core/link_wss.go b/src/core/link_wss.go index 1a8d571f..1d618324 100644 --- a/src/core/link_wss.go +++ b/src/core/link_wss.go @@ -34,6 +34,8 @@ func (l *linkWSS) dial(ctx context.Context, url *url.URL, info linkInfo, options tlsconfig := l.tlsconfig.Clone() return l.links.findSuitableIP(url, func(hostname string, ip net.IP, port int) (net.Conn, error) { tlsconfig.ServerName = hostname + tlsconfig.MinVersion = tls.VersionTLS12 + tlsconfig.MaxVersion = tls.VersionTLS13 u := *url u.Host = net.JoinHostPort(ip.String(), fmt.Sprintf("%d", port)) addr := &net.TCPAddr{