b56bcfb4b0
fix: increase websocket peer connection timeout to 20 seconds ( #1939 )
...
- Add ws/wss protocols to long timeout list
2026-02-28 18:26:19 +08:00
a8f7226195
fix(foreign_network): set avoid_relay_data when relay_data is false ( #1935 )
2026-02-25 09:30:24 +08:00
73291a3a1c
feat: Update Cargo.toml to add support for tls1.2 when use wss ( #1917 )
2026-02-20 18:01:21 +08:00
f737708f45
fix: avoid panic on malformed short tunnel packets ( #1904 )
2026-02-18 00:04:30 +08:00
aa24d09aa2
fix: replace stale magic DNS records on IP change ( #1906 )
...
Magic DNS updates are full snapshots, so appending routes keeps old IPs and returns duplicate A records. Replace each client's previous routes on update and add a regression test to ensure hostname resolution keeps only the latest IP.
2026-02-16 13:20:11 +08:00
fe4e77979d
fix: avoid panic for quic peer urls using port 0 ( #1905 )
...
Prevent crashes when users input quic://...:0 by rejecting port 0 explicitly and propagating connect setup errors. Add a regression test to ensure invalid QUIC targets fail gracefully.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-02-14 17:10:29 +08:00
7a26640c26
feat: support macOS Network Extension ( #1902 )
...
* feat: support macOS Network Extension
* fix: disable macOS NE feature in cargo hack check
2026-02-14 14:54:36 +08:00
011770a601
Update http_connector.rs ( #1900 )
2026-02-13 16:02:32 +08:00
c58140fb47
update rust to 1.93 ( #1865 )
2026-02-04 09:48:43 +08:00
aebb7facfa
drop permit reserved by poll_reserve ( #1858 )
2026-02-03 11:14:11 +08:00
1e2124cb99
fix: force set tun fd when received ( #1860 )
2026-02-03 11:13:31 +08:00
e1cbd07d1f
feat: separate zstd and faketcp into features ( #1861 )
...
* feat: separate faketcp into a feature
* fix: no need to initialize out_len
* feat: separate zstd into a feature
* clippy: remove unnecessary cast, because for unix size_t always equals usize
2026-02-03 11:12:33 +08:00
bf3edbd28f
remove src modified flag from pm hdr ( #1857 )
2026-02-02 16:47:26 +08:00
cd2cf56358
refactor: handle quic proxy internally instead of use external udp port ( #1743 )
...
* deprecate quic_listen_port, add disable_relay_quic and enable_relay_foreign_network_quic
* add set_src_modified to TcpProxyForWrappedSrcTrait
* prioritize quic over kcp
2026-02-02 11:53:40 +08:00
21f4a944a7
fix perf degraded because of impact of is_empty() of dashmap ( #1854 )
2026-02-01 08:51:18 +08:00
9617005136
make udp->ring transmit reliable ( #1851 )
2026-01-31 17:23:45 +08:00
c85d1d41b3
allow set TUN dev name on FreeBSD ( #1823 )
...
Also rename stale interfaces from previous runs before creating new ones.
Works around rust-tun reusing existing tun0 instead of configured name.
Tested on FreeBSD 14.1
2026-01-30 23:51:52 +08:00
9e3c9228bb
improve perf of remove_network in foreign net mgr ( #1847 )
2026-01-30 23:04:31 +08:00
8727221513
call remove_peer instead of remove_network when peer id not match ( #1844 )
2026-01-30 16:01:52 +08:00
cdedaf3f63
refactor(quic): remove quinn encryption ( #1831 )
...
* use quinn-plaintext
* remove server_cert in QUICTunnelListener
* remove some customized transport config
* leave max_concurrent_bidi_streams as default
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-30 10:21:59 +08:00
ffe5644ddc
add token bucket limiter on peer conn recv ( #1842 )
...
We should limit peer conn recv to make sure we don't recv too much from peers.
2026-01-29 16:12:26 +08:00
ccc684a9ab
Fix: Fixed compilation issue after partially removing the feature flag ( #1835 )
2026-01-28 21:38:34 +08:00
977e502150
feat(cli): add column truncation controls ( #1838 )
...
- drop low-priority columns when tables exceed terminal width
- truncate optional columns to fit remaining width
- add --no-trunc flag to disable truncation
- compute column widths using unicode display width
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-28 14:50:14 +08:00
518d26b25f
feat: add X-Network-Name header to HTTP connector requests ( #1839 )
...
This allows HTTP redirect servers to provide network-specific node
lists based on the client's network identity. Updated unit tests
to verify the header is correctly sent.
2026-01-28 14:48:45 +08:00
101f416268
Introduce secure mode (part 1) ( #1808 )
...
Use noise protocol on handshake. Check peer's public key if needed. Also support rekey and replay attack prevention.
E2EE and temporary password will be implemented based on this.
2026-01-25 20:16:51 +08:00
ffa08d1c43
feat: add peer_id in MyNodeInfo ( #1821 )
2026-01-22 22:44:37 +08:00
53264f67bf
fix peer establish direct conn with subnet proxy to one of local interface ( #1782 )
...
* fix peer establish direct conn with subnet proxy to one of local interface
* fix peer mgr ref loop
2026-01-15 01:00:32 +08:00
bd8f01fb26
Add Nushell completion script generation support ( #1756 )
...
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com >
2026-01-11 18:41:02 +08:00
b590700540
feat: support unix socket tunnel (for ios) ( #1779 )
...
Co-authored-by: Page Chen <pagechen04@gmail.com >
2026-01-11 16:37:32 +08:00
48c5c23f9b
feat: support compile for iOS ( #1777 )
2026-01-11 16:36:58 +08:00
f4f591d14c
fix: outbound packet not dropped by acl ( #1766 )
2026-01-08 19:58:23 +08:00
4bfea06a12
docs: update locales ( #1755 )
...
Co-authored-by: KKRainbow <443152178@qq.com >
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-08 11:08:32 +08:00
7f48ca54a3
Implement requesting tun_fd with tokio channel. ( #1734 )
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-04 21:04:43 +08:00
c5d732773f
Convert dead URL to ASCII before socket address lookup ( #1739 )
2026-01-02 18:49:23 +08:00
88a45d1156
use 80/443 as ws/wss default port ( #1700 )
2026-01-01 01:31:38 +08:00
4e651a72f7
allow loopback src address in listener ( #1730 )
2026-01-01 00:41:56 +08:00
7c563153ae
fix: ensure proxy routes update correctly on NIC ( #1729 )
2025-12-31 22:36:45 +08:00
cb81c0df85
respond packet should not be dropped if request packet is already allowed ( #1725 )
2025-12-31 08:14:39 +08:00
9c316ea01c
fix socks5 and tcp forward mem leak ( #1721 )
...
Co-authored-by: sijie.sun <sijie.sun@smartx.com >
2025-12-31 00:01:44 +08:00
18478b7c4b
fix(android): update vpn routes when proxy cidrs change ( #1717 )
2025-12-30 19:26:42 +08:00
39b056c87a
bump version to v2.5.0 ( #1715 )
2025-12-28 23:19:30 +08:00
c19cd1bff3
add tcp hole punching ( #1713 )
...
add tcp hole punching and tcp stun test
2025-12-28 21:35:30 +08:00
ca9b4c58b1
fix windivert cause stack overflow ( #1711 )
2025-12-27 19:31:42 +08:00
4341bcba5d
improve faketcp, handle tcp GSO correctly ( #1708 )
...
Current implementation falsely drop GSO-merged tcp packet, and cause unexpected packet loss.
2025-12-26 23:46:17 +08:00
28cd6da502
Add fake tcp tunnel (experimental) ( #1673 )
...
support faketcp to avoid tcp-over-tcp problem.
linux/macos/windows are supported.
better to be used in internet env, the maximum
performance is majorly limited by windivert/raw socket.
2025-12-25 00:10:32 +08:00
0712ef762d
Fix logic error in relay network whitelist resolving ( #1692 )
2025-12-23 08:25:45 +08:00
c6a32e4467
fix: magic dns tld_dns_zone were not working properly ( #1686 )
...
* fix: magic dns tld_dns_zone failed to get updated
2025-12-21 21:13:39 +08:00
7aba65ea32
enhance port forward ( #1662 )
2025-12-09 22:16:16 +08:00
fe4dff5df0
perf: simplify method signatures and reduce clone across multiple files ( #1663 )
2025-12-09 16:47:57 +08:00
2bc51daa98
fix whitelist cause packets of other protocal dropped ( #1660 )
2025-12-08 21:56:27 +08:00
sky96111