f4f591d14c
fix: outbound packet not dropped by acl ( #1766 )
2026-01-08 19:58:23 +08:00
4e651a72f7
allow loopback src address in listener ( #1730 )
2026-01-01 00:41:56 +08:00
cb81c0df85
respond packet should not be dropped if request packet is already allowed ( #1725 )
2025-12-31 08:14:39 +08:00
c19cd1bff3
add tcp hole punching ( #1713 )
...
add tcp hole punching and tcp stun test
2025-12-28 21:35:30 +08:00
28cd6da502
Add fake tcp tunnel (experimental) ( #1673 )
...
support faketcp to avoid tcp-over-tcp problem.
linux/macos/windows are supported.
better to be used in internet env, the maximum
performance is majorly limited by windivert/raw socket.
2025-12-25 00:10:32 +08:00
7aba65ea32
enhance port forward ( #1662 )
2025-12-09 22:16:16 +08:00
fe4dff5df0
perf: simplify method signatures and reduce clone across multiple files ( #1663 )
2025-12-09 16:47:57 +08:00
838b6101b9
Make ospf route more effiencient ( #1512 )
...
Avoid iterate all peer info and conn list when building sync request.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-12-08 13:14:47 +08:00
2a656d6a0c
fix(core): Fix sleep-wake reconnect by resetting alive_conn_urls ( #1593 )
...
Co-authored-by: sijie.sun <sijie.sun@smartx.com >
2025-12-05 14:31:08 +08:00
43a650f9ab
set FORCE_USE_CONN_LIST default to false ( #1652 )
...
this is falsely set to true and will casue compatibility issue
2025-12-05 00:26:04 +08:00
b44053f496
support p2p-only mode ( #1598 )
2025-11-20 08:20:27 +08:00
55b93454dc
fix: clippy errors with stable toolchain and default features ( #1553 )
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-11-07 20:08:39 +08:00
26d002bc2b
The flowback solution of HarmonyOS 5 failed due to the anti-loop mechanism. ( #1514 )
2025-10-25 00:17:24 +08:00
71679e889a
allow sync conn with conn list when conn bitmap is too large ( #1508 )
2025-10-23 08:11:36 +08:00
7485f5f64e
make sure event is triggered when peer conn remove ( #1507 )
2025-10-22 23:37:19 +08:00
eba9504fc2
refactor(gui): refactor gui to use RemoteClient trait and RemoteManagement component ( #1489 )
...
* refactor(gui): refactor gui to use RemoteClient trait and RemoteManagement component
* feat(gui): Add network config saving and refactor RemoteManagement
2025-10-20 22:07:01 +08:00
3ffa6214ca
fix subnet proxy deadloop ( #1492 )
...
* use LPM to determine subnet proxy dst.
* never allow subnet proxy traffic sending to self.
2025-10-19 15:46:51 +08:00
f10b45a67c
[easytier-uptime] support tag in node list ( #1487 )
2025-10-18 23:19:53 +08:00
cc8f35787e
release dashmap memory ( #1485 )
2025-10-18 12:48:04 +08:00
af95312949
fix(acl): acl group cache add self group info ( #1445 )
2025-10-07 23:56:26 +08:00
4d5330fa0a
refactor: get_running_info fn replace status polling with direct calls ( #1441 )
2025-10-04 21:43:34 +08:00
841d525913
refactor(rpc): Centralize RPC service and unify API ( #1427 )
...
This change introduces a major refactoring of the RPC service layer to improve modularity, unify the API, and simplify the overall architecture.
Key changes:
- Replaced per-network-instance RPC services with a single global RPC server, reducing resource usage and simplifying management.
- All clients (CLI, Web UI, etc.) now interact with EasyTier core through a unified RPC entrypoint, enabling consistent authentication and control.
- RPC implementation logic has been moved to `easytier/src/rpc_service/` and organized by functionality (e.g., `instance_manage.rs`, `peer_manage.rs`, `config.rs`) for better maintainability.
- Standardized Protobuf API definitions under `easytier/src/proto/` with an `api_` prefix (e.g., `cli.proto` → `api_instance.proto`) to provide a consistent interface.
- CLI commands now require explicit `--instance-id` or `--instance-name` when multiple network instances are running; the parameter is optional when only one instance exists.
BREAKING CHANGE:
RPC portal configuration (`rpc_portal` and `rpc_portal_whitelist`) has been removed from per-instance configs and the Web UI. The RPC listen address must now be specified globally via the `--rpc-portal` command-line flag or the `ET_RPC_PORTAL` environment variable, as there is only one RPC service for the entire application.
2025-10-02 20:30:39 +08:00
971ef82679
fix data not encrypted when no tun is enabled ( #1435 )
2025-10-01 11:16:24 +08:00
020bf04ec4
refactor(config): unify runtime configuration management via ConfigRpc ( #1397 )
...
* refactor(config): unify runtime configuration management via ConfigRpc
* feat(tests): add config patch test and fix problem
2025-10-01 00:32:28 +08:00
215db09925
avoid packets sending to non-exist peer causing route loop ( #1378 )
2025-09-17 09:52:53 +08:00
793889c3b7
fix ospf ipv4 map error when ipv4 conflicted and changed ( #1359 )
2025-09-13 08:48:50 +08:00
d0efc40efb
fix foreign network direct conn with mapped listeners ( #1363 )
2025-09-13 08:48:12 +08:00
2145ef40b9
fix ospf route panic ( #1304 )
2025-08-27 13:22:29 +08:00
ea76114d50
fix kcp not work as expect ( #1285 )
2025-08-24 14:33:11 +08:00
08a92a53c3
feat(acl): add group-based ACL rules and related structures ( #1265 )
...
* feat(acl): add group-based ACL rules and related structures
* refactor(acl): optimize group handling with Arc and improve cache management
* refactor(acl): clippy
* feat(tests): add performance tests for generate_with_proof and verify methods
* feat: update group_trust_map to use HashMap for more secure group proofs
* refactor: refactor the logic of the trusted group getting and setting
* feat(acl): support kcp/quic use group acl
* feat(proxy): optimize group retrieval by IP in Kcp and Quic proxy handlers
* feat(tests): add group-based ACL tree node test
* always allow quic proxy traffic
---------
Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn >
Co-authored-by: sijie.sun <sijie.sun@smartx.com >
2025-08-22 22:25:00 +08:00
34560af141
cli: put the local IP at the front ( #1256 )
2025-08-22 20:40:28 +08:00
e6ec7f405c
introduce uptime monitor for easytier public nodes ( #1250 )
2025-08-20 22:59:44 +08:00
d9bcbd9b31
fix proxy traffic not count into traffic ( #1229 )
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-08-14 00:05:12 +08:00
e43537939a
clippy all codes ( #1214 )
...
1. clippy code
2. add fmt and clippy check in ci
2025-08-10 22:56:41 +08:00
0087ac3ffc
feat(encrypt): Add XOR and ChaCha20 encryption with low-end device optimization and openssl support. ( #1186 )
...
Add ChaCha20 XOR algorithm, extend AES-GCM-256 capabilities, and integrate OpenSSL support.
---------
Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn >
2025-08-09 18:53:55 +08:00
8ffc2f12e4
optimize the condition of enabling kcp ( #1210 )
2025-08-09 16:16:09 +08:00
8cdb27d43d
add stats metrics ( #1207 )
...
support new cli command `easytier-cli stats`
It's useful to find out which components are consuming bandwidth.
2025-08-09 00:06:35 +08:00
d0a6c93c2c
fix ipv6 packet routing and avoid route looping
...
properly handle ipv6 link local address and exit node.
2025-08-03 18:10:27 +08:00
3d610c0f0f
Some Improvements ( #1172 )
...
1. do not exit when dns query failed on et startup.
2. do not send secret digest to client when secret mismatch.
2025-07-29 23:05:38 +08:00
2ec88da823
cli for port forward and tcp whitelist ( #1165 )
2025-07-29 09:30:47 +08:00
354a4e1d7b
fix acl not work with kcp&quic ( #1152 )
2025-07-26 14:38:10 +08:00
33ff9554cd
need encrypt rpc if dst is in peer map ( #1151 )
2025-07-25 22:28:47 +08:00
1f6a715939
releases/v2.4.0 ( #1145 )
...
* bump version to v2.4.0
* update tauri.
* allow try direct connect to public server
2025-07-25 00:16:15 +08:00
8e7a8de5e5
Implement ACL ( #1140 )
...
1. get acl stats
```
./easytier-cli acl stats
AclStats:
Global:
CacheHits: 4
CacheMaxSize: 10000
CacheSize: 5
DefaultAllows: 3
InboundPacketsAllowed: 2
InboundPacketsTotal: 2
OutboundPacketsAllowed: 7
OutboundPacketsTotal: 7
PacketsAllowed: 9
PacketsTotal: 9
RuleMatches: 2
ConnTrack:
[src: 10.14.11.1:57444, dst: 10.14.11.2:1000, proto: Tcp, state: New, pkts: 1, bytes: 60, created: 2025-07-24 10:13:39 +08:00, last_seen: 2025-07-24 10:13:39 +08:00]
Rules:
[name: 'tcp_whitelist', prio: 1000, action: Allow, enabled: true, proto: Tcp, ports: ["1000"], src_ports: [], src_ips: [], dst_ips: [], stateful: true, rate: 0, burst: 0] [pkts: 2, bytes: 120]
```
2. use tcp/udp whitelist to block unexpected traffic.
`sudo ./easytier-core -d --tcp-whitelist 1000`
3. use complete acl ability with config file:
```
[[acl.acl_v1.chains]]
name = "inbound_whitelist"
chain_type = 1
description = "Auto-generated inbound whitelist from CLI"
enabled = true
default_action = 2
[[acl.acl_v1.chains.rules]]
name = "tcp_whitelist"
description = "Auto-generated TCP whitelist rule"
priority = 1000
enabled = true
protocol = 1
ports = ["1000"]
source_ips = []
destination_ips = []
source_ports = []
action = 1
rate_limit = 0
burst_limit = 0
stateful = true
```
2025-07-24 22:13:45 +08:00
85f0091056
fix latency first route of public server ( #1129 )
2025-07-19 18:16:53 +08:00
7f3a9c021c
close peer conn if remote addr is from virtual network ( #1123 )
2025-07-18 03:29:48 +08:00
3c65594030
smoltcp use larger tx/rx buf size ( #1085 )
...
* smoltcp use larger tx/rx buf size
* fix direct conn check
2025-07-06 10:53:01 +08:00
f85b031402
handle close peer conn correctly ( #1082 )
2025-07-06 09:16:13 +08:00
d0cfc49806
Add support for IPv6 within VPN ( #1061 )
...
* add flake.nix with nix based dev shell
* add support for IPv6
* update thunk
---------
Co-authored-by: sijie.sun <sijie.sun@smartx.com >
2025-07-04 23:43:30 +08:00
01e491ec07
support ohos ( #974 )
...
* support ohos
---------
Co-authored-by: FrankHan <2777926911@qq.com >
2025-07-02 09:44:45 +08:00
朝倉水希