mirror/Easytier
1
0
Fork 0
mirror of https://github.com/EasyTier/EasyTier.git synced 2026-05-07 18:24:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
596 Commits 15 Branches 33 Tags
e43537939a00450bec22c2aa97fd2a5a45dd768d
Commit Graph

112 Commits

Author SHA1 Message Date
Sijie.Sun e43537939a clippy all codes (#1214) 
1. clippy code
2. add fmt and clippy check in ci
 2025-08-10 22:56:41 +08:00
CyiceK 0087ac3ffc feat(encrypt): Add XOR and ChaCha20 encryption with low-end device optimization and openssl support. (#1186) 
Add ChaCha20 XOR algorithm, extend AES-GCM-256 capabilities, and integrate OpenSSL support.

---------

Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn>
 2025-08-09 18:53:55 +08:00
Sijie.Sun 8ffc2f12e4 optimize the condition of enabling kcp (#1210) 2025-08-09 16:16:09 +08:00
Sijie.Sun 8cdb27d43d add stats metrics (#1207) 
support new cli command `easytier-cli stats`

It's useful to find out which components are consuming bandwidth.
 2025-08-09 00:06:35 +08:00
sijie.sun d0a6c93c2c fix ipv6 packet routing and avoid route looping 
properly handle ipv6 link local address and exit node.
 2025-08-03 18:10:27 +08:00
Sijie.Sun 2ec88da823 cli for port forward and tcp whitelist (#1165) 2025-07-29 09:30:47 +08:00
Sijie.Sun 354a4e1d7b fix acl not work with kcp&quic (#1152) 2025-07-26 14:38:10 +08:00
Sijie.Sun 1f6a715939 releases/v2.4.0 (#1145) 
* bump version to v2.4.0
* update tauri.
* allow try direct connect to public server
 2025-07-25 00:16:15 +08:00
Sijie.Sun 8e7a8de5e5 Implement ACL (#1140) 
1. get acl stats
```
./easytier-cli acl stats
AclStats:
  Global:
    CacheHits: 4
    CacheMaxSize: 10000
    CacheSize: 5
    DefaultAllows: 3
    InboundPacketsAllowed: 2
    InboundPacketsTotal: 2
    OutboundPacketsAllowed: 7
    OutboundPacketsTotal: 7
    PacketsAllowed: 9
    PacketsTotal: 9
    RuleMatches: 2
  ConnTrack:
    [src: 10.14.11.1:57444, dst: 10.14.11.2:1000, proto: Tcp, state: New, pkts: 1, bytes: 60, created: 2025-07-24 10:13:39 +08:00, last_seen: 2025-07-24 10:13:39 +08:00]
  Rules:
    [name: 'tcp_whitelist', prio: 1000, action: Allow, enabled: true, proto: Tcp, ports: ["1000"], src_ports: [], src_ips: [], dst_ips: [], stateful: true, rate: 0, burst: 0] [pkts: 2, bytes: 120]

  ```
2. use tcp/udp whitelist to block unexpected traffic.
   `sudo ./easytier-core -d --tcp-whitelist 1000`

3. use complete acl ability with config file:

```
[[acl.acl_v1.chains]]
name = "inbound_whitelist"
chain_type = 1
description = "Auto-generated inbound whitelist from CLI"
enabled = true
default_action = 2

[[acl.acl_v1.chains.rules]]
name = "tcp_whitelist"
description = "Auto-generated TCP whitelist rule"
priority = 1000
enabled = true
protocol = 1
ports = ["1000"]
source_ips = []
destination_ips = []
source_ports = []
action = 1
rate_limit = 0
burst_limit = 0
stateful = true

```
 2025-07-24 22:13:45 +08:00
Sijie.Sun 940238f158 socks5 and port forwarding (#1118) 2025-07-17 10:09:25 +08:00
Sijie.Sun 13c2e72871 fix incorrect config check (#1086) 2025-07-06 14:20:49 +08:00
Sijie.Sun a4bb555fac use winapi to config ip and route (remove dep on netsh) (#1079) 
On some windows machines can not execut netsh.
Also this avoid black cmd window when using gui.
 2025-07-05 16:50:09 +08:00
DavHau d0cfc49806 Add support for IPv6 within VPN (#1061) 
* add flake.nix with nix based dev shell
* add support for IPv6
* update thunk

---------

Co-authored-by: sijie.sun <sijie.sun@smartx.com>
 2025-07-04 23:43:30 +08:00
韩嘉乐 01e491ec07 support ohos (#974) 
* support ohos

---------

Co-authored-by: FrankHan <2777926911@qq.com>
 2025-07-02 09:44:45 +08:00
Sijie.Sun 70e69a382e allow set multithread count (#1056) 2025-06-26 02:19:33 +08:00
Sijie.Sun cd26d9f669 fix mem leak of token bucket (#1055) 2025-06-26 02:19:26 +08:00
Sijie.Sun fded8b1de0 limit max conn count in foreign network manager (#1041) 2025-06-22 19:11:27 +08:00
Sijie.Sun 40601bd05b add bps limiter (#1015) 
* add token bucket
* remove quinn-proto
 2025-06-19 21:15:04 +08:00
Sijie.Sun 8c2f96d1aa allow set machine uid with command line (#1009) 2025-06-18 11:02:29 +08:00
Sijie.Sun 40b5fe9a54 support quic proxy (#993) 
QUIC proxy works like kcp proxy, it can proxy TCP streams and transfer data with QUIC.
QUIC has better congestion algorithm (BBR) for network with both high loss rate and high bandwidth. 
QUIC proxy can be enabled by passing `--enable-quic-proxy` to easytier in the client side. The proxy status can be viewed by `easytier-cli proxy`.
 2025-06-15 19:43:45 +08:00
Sijie.Sun 0bab14cd72 use bulk compress instead of streaming to reduce mem usage (#985) 2025-06-14 14:55:48 +08:00
Sijie.Sun 25dcdc652a support mapping subnet proxy (#978) 
- **support mapping subproxy network cidr**
- **add command line option for proxy network mapping**
- **fix Instance leak in tests.
 2025-06-14 11:42:45 +08:00
Mg Pig 8ddd153022 easytier-core支持多配置文件 (#964) 
* 将web和gui允许多网络实例逻辑抽离到NetworkInstanceManager中

* easytier-core支持多配置文件

* FFI复用instance manager

* 添加instance manager 单元测试
 2025-06-11 23:17:09 +08:00
Mg Pig 20a6025075 Added RPC portal whitelist function, allowing only local access by default to enhance security (#929) 2025-06-07 22:05:47 +08:00
Zisu Zhang d34a51739f Update default_port and sni logic to improve reverse proxy reachability (#947) 2025-06-07 08:19:31 +08:00
Sijie.Sun a6773aa549 zstd should reuse ctx to avoid huge mmap cost (#941) 2025-06-06 08:59:06 +08:00
FuturePrayer b5dfc7374c add private mode (#897) 
---------

Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn>
 2025-06-02 06:47:17 +08:00
Sijie.Sun f9c24bc205 fix bugs (#892) 
1. traffic stats not work.
2. magisk zip malformat
 2025-05-27 09:28:28 +08:00
Sijie.Sun 29994b663a v6 hole punch (#873) 
Some devices have ipv6 but don't allow input connection, this patch add hole punching for these devices.

- **add v6 hole punch msg to udp tunnel**
- **send hole punch packet when do ipv6 direct connect**
 2025-05-24 22:57:33 +08:00
Sijie.Sun 5a2fd4465c fix dns query (#864) 
1. dns resolver should be global unique so dns cache can work. avoid dns query influence hole punching.
2. when system dns failed, fallback to hickory dns.
 2025-05-23 10:34:28 +08:00
Sijie.Sun 28fe6257be magic dns (#813) 
This patch implements:

1. A dns server that handles .et.net. zone in local and forward all other queries to system dns server.

2. A dns server instance which is a singleton in one machine, using one specific tcp port to be exclusive with each other. this instance is responsible for config system dns and run the dns server to handle dns queries.

3. A dns client instance that all easytier instance will run one, this instance will try to connect to dns server instance, and update the dns record in the dns server instance.

this pr only implements the system config for windows. linux & mac will do later.
 2025-05-16 09:24:24 +08:00
Sijie.Sun d758a4958f fix panic cause segment fault (#843) 
1. backtrace may fail on some platform such as armv7, should do it last in panic hook.
2. stun should not panic when bind v6 failed.
 2025-05-11 21:34:24 +08:00
Sijie.Sun 2675cf2d00 bump hickory-dns version to v0.25.2 (#839) 2025-05-11 08:46:31 +08:00
Sijie.Sun ef1d81a2a1 introduce ffi for easytier (#791) 2025-04-19 21:01:51 +08:00
L-Trump 6a038e8a88 fix default listeners for config file (#777) 2025-04-13 09:38:45 +08:00
Sijie.Sun 01e3ad99ca optimize memory issues (#767) 
* optimize memory issues

1. introduce jemalloc support, which can dump current memory usage
2. reduce the GlobalEvent broadcaster memory usage.
3. reduce tcp & udp tunnel memory usage

TODO: if peer conn tunnel hangs, the unbounded channel of peer rpc
may consume lots of memory, which should be improved.

* select a port from 15888+ when port is 0
 2025-04-09 23:05:49 +08:00
Sijie.Sun c142db301a port forward (#736) 
* support tcp port forward
* support udp port forward
* command line option for port forward
 2025-04-01 09:59:53 +08:00
Sijie.Sun e130c3f2e4 when gather v6 bind addrs should only rely on v6 range (#707) 2025-03-21 22:40:26 +08:00
Sijie.Sun 23f69ce6a4 improve direct connector (#685) 
* support ipv6 stun
* show interface and public ip in cli node info
* direct conn should keep trying unless already direct connected
* peer should use conn with smallest latency
* deprecate ipv6_listener, use -l instead
 2025-03-17 10:46:14 +08:00
L-Trump 00d61333d3 allow proxy packets to be forwarded by system kernel 2025-03-08 12:56:49 +08:00
sijie.sun 568dca6f9c fix memory leak 2025-03-06 11:07:05 +08:00
sijie.sun 32b1fe0893 netlink shoud remove route only when ifidx is same 2025-02-06 19:23:00 +08:00
Sijie.Sun 1e821a03fe netlink route add should be exclusive (#596) 2025-02-04 23:01:13 +08:00
Sijie.Sun a63778854f use netlink instead of shell cmd to config ip (#593) 2025-02-03 15:13:50 +08:00
Sijie.Sun 2a5d5ea4df make kcp proxy compitible with old version (#585) 
* fix kcp not work with smoltcp
* check if dst kcp input is enabled
 2025-01-26 16:22:10 +08:00
Sijie.Sun b69b122c8d add options to gui to enable kcp (#583) 
* add test to kcp
* add options to gui to enable kcp
 2025-01-26 13:31:20 +08:00
Sijie.Sun 55a39491cb feat/kcp (#580) 
* support proxy tcp stream with kcp to improve experience of tcp over udp
* update rust version
* make subnet proxy route metrics lower in windows.
 2025-01-26 00:41:15 +08:00
Sijie.Sun c23b544c34 tcp accept should retry when encoutering some kinds of error (#565) 
* tcp accept should retry when encoutering some kinds of error

bump version to v2.1.2

* persistent temporary machine id
 2025-01-14 08:55:48 +08:00
Sijie.Sun bb0ccca3e5 allow manually specify public address of listeners (#556) 2025-01-10 09:25:14 +08:00
Sijie.Sun 306817ae9a allow listener retry listen (#554) 2025-01-09 00:01:41 +08:00