34560af141
cli: put the local IP at the front ( #1256 )
2025-08-22 20:40:28 +08:00
e6ec7f405c
introduce uptime monitor for easytier public nodes ( #1250 )
2025-08-20 22:59:44 +08:00
d9bcbd9b31
fix proxy traffic not count into traffic ( #1229 )
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-08-14 00:05:12 +08:00
e43537939a
clippy all codes ( #1214 )
...
1. clippy code
2. add fmt and clippy check in ci
2025-08-10 22:56:41 +08:00
0087ac3ffc
feat(encrypt): Add XOR and ChaCha20 encryption with low-end device optimization and openssl support. ( #1186 )
...
Add ChaCha20 XOR algorithm, extend AES-GCM-256 capabilities, and integrate OpenSSL support.
---------
Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn >
2025-08-09 18:53:55 +08:00
8ffc2f12e4
optimize the condition of enabling kcp ( #1210 )
2025-08-09 16:16:09 +08:00
8cdb27d43d
add stats metrics ( #1207 )
...
support new cli command `easytier-cli stats`
It's useful to find out which components are consuming bandwidth.
2025-08-09 00:06:35 +08:00
d0a6c93c2c
fix ipv6 packet routing and avoid route looping
...
properly handle ipv6 link local address and exit node.
2025-08-03 18:10:27 +08:00
3d610c0f0f
Some Improvements ( #1172 )
...
1. do not exit when dns query failed on et startup.
2. do not send secret digest to client when secret mismatch.
2025-07-29 23:05:38 +08:00
2ec88da823
cli for port forward and tcp whitelist ( #1165 )
2025-07-29 09:30:47 +08:00
354a4e1d7b
fix acl not work with kcp&quic ( #1152 )
2025-07-26 14:38:10 +08:00
33ff9554cd
need encrypt rpc if dst is in peer map ( #1151 )
2025-07-25 22:28:47 +08:00
1f6a715939
releases/v2.4.0 ( #1145 )
...
* bump version to v2.4.0
* update tauri.
* allow try direct connect to public server
2025-07-25 00:16:15 +08:00
8e7a8de5e5
Implement ACL ( #1140 )
...
1. get acl stats
```
./easytier-cli acl stats
AclStats:
Global:
CacheHits: 4
CacheMaxSize: 10000
CacheSize: 5
DefaultAllows: 3
InboundPacketsAllowed: 2
InboundPacketsTotal: 2
OutboundPacketsAllowed: 7
OutboundPacketsTotal: 7
PacketsAllowed: 9
PacketsTotal: 9
RuleMatches: 2
ConnTrack:
[src: 10.14.11.1:57444, dst: 10.14.11.2:1000, proto: Tcp, state: New, pkts: 1, bytes: 60, created: 2025-07-24 10:13:39 +08:00, last_seen: 2025-07-24 10:13:39 +08:00]
Rules:
[name: 'tcp_whitelist', prio: 1000, action: Allow, enabled: true, proto: Tcp, ports: ["1000"], src_ports: [], src_ips: [], dst_ips: [], stateful: true, rate: 0, burst: 0] [pkts: 2, bytes: 120]
```
2. use tcp/udp whitelist to block unexpected traffic.
`sudo ./easytier-core -d --tcp-whitelist 1000`
3. use complete acl ability with config file:
```
[[acl.acl_v1.chains]]
name = "inbound_whitelist"
chain_type = 1
description = "Auto-generated inbound whitelist from CLI"
enabled = true
default_action = 2
[[acl.acl_v1.chains.rules]]
name = "tcp_whitelist"
description = "Auto-generated TCP whitelist rule"
priority = 1000
enabled = true
protocol = 1
ports = ["1000"]
source_ips = []
destination_ips = []
source_ports = []
action = 1
rate_limit = 0
burst_limit = 0
stateful = true
```
2025-07-24 22:13:45 +08:00
85f0091056
fix latency first route of public server ( #1129 )
2025-07-19 18:16:53 +08:00
7f3a9c021c
close peer conn if remote addr is from virtual network ( #1123 )
2025-07-18 03:29:48 +08:00
3c65594030
smoltcp use larger tx/rx buf size ( #1085 )
...
* smoltcp use larger tx/rx buf size
* fix direct conn check
2025-07-06 10:53:01 +08:00
f85b031402
handle close peer conn correctly ( #1082 )
2025-07-06 09:16:13 +08:00
d0cfc49806
Add support for IPv6 within VPN ( #1061 )
...
* add flake.nix with nix based dev shell
* add support for IPv6
* update thunk
---------
Co-authored-by: sijie.sun <sijie.sun@smartx.com >
2025-07-04 23:43:30 +08:00
01e491ec07
support ohos ( #974 )
...
* support ohos
---------
Co-authored-by: FrankHan <2777926911@qq.com >
2025-07-02 09:44:45 +08:00
cd26d9f669
fix mem leak of token bucket ( #1055 )
2025-06-26 02:19:26 +08:00
fded8b1de0
limit max conn count in foreign network manager ( #1041 )
2025-06-22 19:11:27 +08:00
762d5cd392
blacklist the peers which disable p2p in hole-punching client ( #1038 )
2025-06-22 14:39:24 +08:00
dde7a4dff1
bps limit should throttle kcp packet
2025-06-19 22:53:41 +08:00
40601bd05b
add bps limiter ( #1015 )
...
* add token bucket
* remove quinn-proto
2025-06-19 21:15:04 +08:00
72673a9d52
Add is_hole_punched flag to PeerConn ( #1001 )
2025-06-18 12:14:57 +08:00
40b5fe9a54
support quic proxy ( #993 )
...
QUIC proxy works like kcp proxy, it can proxy TCP streams and transfer data with QUIC.
QUIC has better congestion algorithm (BBR) for network with both high loss rate and high bandwidth.
QUIC proxy can be enabled by passing `--enable-quic-proxy` to easytier in the client side. The proxy status can be viewed by `easytier-cli proxy`.
2025-06-15 19:43:45 +08:00
25dcdc652a
support mapping subnet proxy ( #978 )
...
- **support mapping subproxy network cidr**
- **add command line option for proxy network mapping**
- **fix Instance leak in tests.
2025-06-14 11:42:45 +08:00
870353c499
fix ospf route ( #970 )
...
- **fix deadlock in ospf route introducd by #958 **
- **use random peer id for foreign network entry, because ospf route algo need peer id change after peer info version reset. this may interfere route propagation and cause node residual**
- **allow multiple nodes broadcast same network ranges for subnet proxy**
- **bump version to v2.3.2**
2025-06-11 09:44:03 +08:00
f39fbb2ce2
ipv4-peerid table should use peer with least hop ( #958 )
...
sometimes route table may not be updated in time, so some dead nodes are still showing in the peer list.
when generating ipv4-peer table, we should avoid these dead devices overrides the entry of healthy nodes.
2025-06-08 11:28:59 +08:00
0314c66635
some improvements ( #939 )
...
1. ospf route conn map should also use version
2. treat nopat as cone
2025-06-05 22:49:57 +08:00
96fc19b803
fix minor bugs ( #936 )
...
1. update upx to v5.0.1 to avoid mips bug.
2. use latest mimalloc.
3. fix panic in ospf route
4. potential residual conn.
2025-06-05 11:55:44 +08:00
4608bca998
improve performance of route generation ( #914 )
...
this may fix following problem:
1. cpu 100% when large number of nodes in network.
2. high cpu usage when large number of foreign networks.
3. packet loss when new node enters/exits.
4. old routes not cleand and show as an obloleted entry.
2025-06-02 20:12:27 +08:00
b5dfc7374c
add private mode ( #897 )
...
---------
Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn >
2025-06-02 06:47:17 +08:00
f9c24bc205
fix bugs ( #892 )
...
1. traffic stats not work.
2. magisk zip malformat
2025-05-27 09:28:28 +08:00
29994b663a
v6 hole punch ( #873 )
...
Some devices have ipv6 but don't allow input connection, this patch add hole punching for these devices.
- **add v6 hole punch msg to udp tunnel**
- **send hole punch packet when do ipv6 direct connect**
2025-05-24 22:57:33 +08:00
28fe6257be
magic dns ( #813 )
...
This patch implements:
1. A dns server that handles .et.net. zone in local and forward all other queries to system dns server.
2. A dns server instance which is a singleton in one machine, using one specific tcp port to be exclusive with each other. this instance is responsible for config system dns and run the dns server to handle dns queries.
3. A dns client instance that all easytier instance will run one, this instance will try to connect to dns server instance, and update the dns record in the dns server instance.
this pr only implements the system config for windows. linux & mac will do later.
2025-05-16 09:24:24 +08:00
75f7865769
fix gui memory leak ( #768 )
...
* upgrade primevue
* use card instead of panel
2025-04-10 10:02:04 +08:00
01e3ad99ca
optimize memory issues ( #767 )
...
* optimize memory issues
1. introduce jemalloc support, which can dump current memory usage
2. reduce the GlobalEvent broadcaster memory usage.
3. reduce tcp & udp tunnel memory usage
TODO: if peer conn tunnel hangs, the unbounded channel of peer rpc
may consume lots of memory, which should be improved.
* select a port from 15888+ when port is 0
2025-04-09 23:05:49 +08:00
b46a200f8d
connector should set bind addrs correctly ( #696 )
2025-03-19 10:47:43 +08:00
23f69ce6a4
improve direct connector ( #685 )
...
* support ipv6 stun
* show interface and public ip in cli node info
* direct conn should keep trying unless already direct connected
* peer should use conn with smallest latency
* deprecate ipv6_listener, use -l instead
2025-03-17 10:46:14 +08:00
98d321f8ac
fix kcp traffic not encrypted
2025-03-08 22:09:43 +08:00
568dca6f9c
fix memory leak
2025-03-06 11:07:05 +08:00
66051967fe
fix self peer route info not exist when starting ( #595 )
2025-02-04 21:35:14 +08:00
4aea0821dd
forward original peer info in ospf route ( #589 )
...
prost doesn't support unknown field, and these info may be lost when
they go through a old version node.
2025-01-27 20:38:22 +08:00
08546925cc
fix tests ( #588 )
...
fix proxy_three_node_disconnect_test and hole_punching_symmetric_only_random
2025-01-27 15:17:47 +08:00
2a5d5ea4df
make kcp proxy compitible with old version ( #585 )
...
* fix kcp not work with smoltcp
* check if dst kcp input is enabled
2025-01-26 16:22:10 +08:00
55a39491cb
feat/kcp ( #580 )
...
* support proxy tcp stream with kcp to improve experience of tcp over udp
* update rust version
* make subnet proxy route metrics lower in windows.
2025-01-26 00:41:15 +08:00
1194ee1c2d
fix peer manager stuck when sending large peer rpc ( #572 )
2025-01-17 06:50:21 +08:00
9d76b86f49
fix bugs ( #561 )
...
1. if peers disconnected before stop session, may crash at the assert.
2. bind_device flag should take effect on manual connector.
2025-01-12 00:16:38 +08:00
fanyang