Version 0.4.4

Fix printing self coordinates in getself command of yggdrasilctl

.circleci/config.yml

@@ -1,257 +0,0 @@
-# Golang CircleCI 2.0 configuration file
-#
-# Check https://circleci.com/docs/2.0/language-go/ for more details
-version: 2.1
-jobs:
-  lint:
-    docker:
-      - image: circleci/golang:1.16
-
-    steps:
-      - checkout
-
-      - run:
-          name: Run golangci-lint
-          command: |
-              go get github.com/golangci/golangci-lint/cmd/golangci-lint@v1.31.0
-              golangci-lint run
-
-  build-linux:
-    docker:
-      - image: circleci/golang:1.16
-
-    steps:
-      - checkout
-
-      - run:
-          name: Create artifact upload directory and set variables
-          command: |
-              mkdir /tmp/upload
-              echo 'export CINAME=$(sh contrib/semver/name.sh)' >> $BASH_ENV
-              echo 'export CIVERSION=$(sh contrib/semver/version.sh --bare)' >> $BASH_ENV
-              echo 'export CIVERSIONRPM=$(sh contrib/semver/version.sh --bare | tr "-" ".")' >> $BASH_ENV
-              echo 'export CIBRANCH=$(echo $CIRCLE_BRANCH | tr -d "/")' >> $BASH_ENV
-              case "$CINAME" in \
-                "yggdrasil") (echo 'export CICONFLICTS=yggdrasil-develop' >> $BASH_ENV) ;; \
-                "yggdrasil-develop") (echo 'export CICONFLICTS=yggdrasil' >> $BASH_ENV) ;; \
-                *) (echo 'export CICONFLICTS="yggdrasil yggdrasil-develop"' >> $BASH_ENV) ;; \
-              esac
-              git config --global user.email "$(git log --format='%ae' HEAD -1)";
-              git config --global user.name "$(git log --format='%an' HEAD -1)";
-
-      - run:
-          name: Install RPM utilities
-          command: |
-              sudo apt-get update
-              sudo apt-get install -y rpm file
-              mkdir -p ~/rpmbuild/BUILD ~/rpmbuild/RPMS ~/rpmbuild/SOURCES ~/rpmbuild/SPECS ~/rpmbuild/SRPMS
-
-      - run:
-          name: Test debug builds
-          command: |
-              ./build -d
-              test -f yggdrasil && test -f yggdrasilctl
-
-      - run:
-          name: Build for Linux (including Debian packages)
-          command: |
-              rm -f {yggdrasil,yggdrasilctl}
-              PKGARCH=amd64 sh contrib/deb/generate.sh && mv yggdrasil /tmp/upload/$CINAME-$CIVERSION-linux-amd64 && mv yggdrasilctl /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-linux-amd64;
-              PKGARCH=i386 sh contrib/deb/generate.sh && mv yggdrasil /tmp/upload/$CINAME-$CIVERSION-linux-i386 && mv yggdrasilctl /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-linux-i386;
-              PKGARCH=mipsel sh contrib/deb/generate.sh && mv yggdrasil /tmp/upload/$CINAME-$CIVERSION-linux-mipsel && mv yggdrasilctl /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-linux-mipsel;
-              PKGARCH=mips sh contrib/deb/generate.sh && mv yggdrasil /tmp/upload/$CINAME-$CIVERSION-linux-mips && mv yggdrasilctl /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-linux-mips;
-              PKGARCH=armhf sh contrib/deb/generate.sh && mv yggdrasil /tmp/upload/$CINAME-$CIVERSION-linux-armhf && mv yggdrasilctl /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-linux-armhf;
-              PKGARCH=armel sh contrib/deb/generate.sh && mv yggdrasil /tmp/upload/$CINAME-$CIVERSION-linux-armel && mv yggdrasilctl /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-linux-armel;
-              PKGARCH=arm64 sh contrib/deb/generate.sh && mv yggdrasil /tmp/upload/$CINAME-$CIVERSION-linux-arm64 && mv yggdrasilctl /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-linux-arm64;
-              mv *.deb /tmp/upload/
-
-      - run:
-          name: Build for Linux (RPM packages)
-          command: |
-              git clone https://github.com/yggdrasil-network/yggdrasil-package-rpm ~/rpmbuild/SPECS
-              cd ../ && tar -czvf ~/rpmbuild/SOURCES/v$CIVERSIONRPM --transform "s/project/yggdrasil-go-$CIBRANCH-$CIVERSIONRPM/" project
-              sed -i "s/yggdrasil-go/yggdrasil-go-$CIBRANCH/" ~/rpmbuild/SPECS/yggdrasil.spec
-              sed -i "s/^PKGNAME=yggdrasil/PKGNAME=yggdrasil-$CIBRANCH/" ~/rpmbuild/SPECS/yggdrasil.spec
-              sed -i "s/^Name\:.*/Name\:           $CINAME/" ~/rpmbuild/SPECS/yggdrasil.spec
-              sed -i "s/^Version\:.*/Version\:        $CIVERSIONRPM/" ~/rpmbuild/SPECS/yggdrasil.spec
-              sed -i "s/^Conflicts\:.*/Conflicts\:      $CICONFLICTS/" ~/rpmbuild/SPECS/yggdrasil.spec
-              cat ~/rpmbuild/SPECS/yggdrasil.spec
-              GOARCH=amd64 rpmbuild -v --nodeps --target=x86_64 -ba ~/rpmbuild/SPECS/yggdrasil.spec
-              #GOARCH=386 rpmbuild -v --nodeps --target=i386 -bb ~/rpmbuild/SPECS/yggdrasil.spec
-              find ~/rpmbuild/RPMS/ -name '*.rpm' -exec mv {} /tmp/upload \;
-              find ~/rpmbuild/SRPMS/ -name '*.rpm' -exec mv {} /tmp/upload \;
-
-      - run:
-          name: Build for EdgeRouter and VyOS
-          command: |
-              rm -f {yggdrasil,yggdrasilctl}
-              git clone https://github.com/neilalexander/vyatta-yggdrasil /tmp/vyatta-yggdrasil;
-              cd /tmp/vyatta-yggdrasil;
-              BUILDDIR_YGG=$CIRCLE_WORKING_DIRECTORY ./build-edgerouter-x $CIRCLE_BRANCH;
-              BUILDDIR_YGG=$CIRCLE_WORKING_DIRECTORY ./build-edgerouter-lite $CIRCLE_BRANCH;
-              BUILDDIR_YGG=$CIRCLE_WORKING_DIRECTORY ./build-vyos-i386 $CIRCLE_BRANCH
-              BUILDDIR_YGG=$CIRCLE_WORKING_DIRECTORY ./build-vyos-amd64 $CIRCLE_BRANCH
-              mv *.deb /tmp/upload;
-
-      - persist_to_workspace:
-          root: /tmp
-          paths:
-            - upload
-
-  build-macos:
-    macos:
-      xcode: "10.0.0"
-
-    working_directory: ~/go/src/github.com/yggdrasil-network/yggdrasil-go
-
-    steps:
-      - checkout
-
-      - run:
-          name: Create artifact upload directory and set variables
-          command: |
-              mkdir /tmp/upload
-              echo 'export CINAME=$(sh contrib/semver/name.sh)' >> $BASH_ENV
-              echo 'export CIVERSION=$(sh contrib/semver/version.sh --bare)' >> $BASH_ENV
-              echo 'export PATH=$PATH:/usr/local/go/bin:~/go/bin' >> $BASH_ENV
-              git config --global user.email "$(git log --format='%ae' HEAD -1)";
-              git config --global user.name "$(git log --format='%an' HEAD -1)";
-              echo -e "Host *\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
-
-      - run:
-          name: Install Go 1.16
-          command: |
-              cd /tmp
-              curl -LO https://dl.google.com/go/go1.16.darwin-amd64.pkg
-              sudo installer -pkg /tmp/go1.16.darwin-amd64.pkg -target /
-
-      #- run:
-      #    name: Install Gomobile
-      #    command: |
-      #        GO111MODULE=off go get golang.org/x/mobile/cmd/gomobile
-      #        gomobile init
-
-      - run:
-          name: Build for macOS
-          command: |
-              GO111MODULE=on GOOS=darwin GOARCH=amd64 ./build
-              cp yggdrasil /tmp/upload/$CINAME-$CIVERSION-darwin-amd64
-              cp yggdrasilctl /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-darwin-amd64;
-
-      - run:
-          name: Build for macOS (.pkg format)
-          command: |
-              PKGARCH=amd64 sh contrib/macos/create-pkg.sh
-              mv *.pkg /tmp/upload/
-
-      #- run:
-      #    name: Build framework for iOS (.framework format)
-      #    command: |
-      #        sudo GO111MODULE=off go get -v github.com/yggdrasil-network/yggdrasil-go/cmd/...
-      #        sudo GO111MODULE=off go get -v github.com/yggdrasil-network/yggdrasil-go/src/...
-      #        GO111MODULE=off ./build -i
-      #        mv *.framework /tmp/upload
-
-      - persist_to_workspace:
-          root: /tmp
-          paths:
-            - upload
-
-  build-windows:
-    docker:
-      - image: circleci/golang:1.16
-
-    steps:
-      - checkout
-
-      - run:
-          name: Create artifact upload directory and set variables
-          command: |
-              mkdir /tmp/upload
-              echo 'export CINAME=$(sh contrib/semver/name.sh)' >> $BASH_ENV
-              echo 'export CIVERSION=$(sh contrib/semver/version.sh --bare)' >> $BASH_ENV
-              git config --global user.email "$(git log --format='%ae' HEAD -1)";
-              git config --global user.name "$(git log --format='%an' HEAD -1)";
-
-      - run:
-          name: Install tools
-          command: |
-              sudo apt-get update
-              sudo apt-get -y install msitools wixl
-
-      - run:
-          name: Build for Windows
-          command: |
-              rm -f {yggdrasil,yggdrasilctl}
-              GOOS=windows GOARCH=amd64 ./build && mv yggdrasil.exe /tmp/upload/$CINAME-$CIVERSION-windows-amd64.exe && mv yggdrasilctl.exe /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-windows-amd64.exe;
-              GOOS=windows GOARCH=386 ./build && mv yggdrasil.exe /tmp/upload/$CINAME-$CIVERSION-windows-i386.exe && mv yggdrasilctl.exe /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-windows-i386.exe;
-              bash contrib/msi/build-msi.sh x64
-              bash contrib/msi/build-msi.sh x86
-              mv *.msi /tmp/upload
-
-      - persist_to_workspace:
-          root: /tmp
-          paths:
-            - upload
-
-  build-other:
-    docker:
-      - image: circleci/golang:1.16
-
-    steps:
-      - checkout
-
-      - run:
-          name: Create artifact upload directory and set variables
-          command: |
-              mkdir /tmp/upload
-              echo 'export CINAME=$(sh contrib/semver/name.sh)' >> $BASH_ENV
-              echo 'export CIVERSION=$(sh contrib/semver/version.sh --bare)' >> $BASH_ENV
-              git config --global user.email "$(git log --format='%ae' HEAD -1)";
-              git config --global user.name "$(git log --format='%an' HEAD -1)";
-
-      - run:
-          name: Build for OpenBSD
-          command: |
-              rm -f {yggdrasil,yggdrasilctl}
-              GOOS=openbsd GOARCH=amd64 ./build && mv yggdrasil /tmp/upload/$CINAME-$CIVERSION-openbsd-amd64 && mv yggdrasilctl /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-openbsd-amd64;
-              GOOS=openbsd GOARCH=386 ./build && mv yggdrasil /tmp/upload/$CINAME-$CIVERSION-openbsd-i386 && mv yggdrasilctl /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-openbsd-i386;
-
-      - run:
-          name: Build for FreeBSD
-          command: |
-              rm -f {yggdrasil,yggdrasilctl}
-              GOOS=freebsd GOARCH=amd64 ./build && mv yggdrasil /tmp/upload/$CINAME-$CIVERSION-freebsd-amd64 && mv yggdrasilctl /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-freebsd-amd64;
-              GOOS=freebsd GOARCH=386 ./build && mv yggdrasil /tmp/upload/$CINAME-$CIVERSION-freebsd-i386 && mv yggdrasilctl /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-freebsd-i386;
-
-      - persist_to_workspace:
-          root: /tmp
-          paths:
-            - upload
-
-  upload:
-    machine: true
-
-    steps:
-      - attach_workspace:
-          at: /tmp
-
-      - store_artifacts:
-          path: /tmp/upload
-          destination: /
-
-workflows:
-  version: 2.1
-  build:
-    jobs:
-      - lint
-      - build-linux
-      - build-macos
-      - build-windows
-      - build-other
-      - upload:
-          requires:
-            - build-linux
-            - build-macos
-            - build-windows
-            - build-other

.github/workflows/ci.yml

@@ -0,0 +1,263 @@
+name: Yggdrasil
+
+on:
+  push:
+  pull_request:
+  release:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+      - uses: actions/checkout@v3
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          args: --issues-exit-code=1
+
+  codeql:
+    name: Analyse
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: go
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+
+  build-linux:
+    strategy:
+      fail-fast: false
+      matrix:
+        goversion: ["1.17", "1.18"]
+
+    name: Build & Test (Linux, Go ${{ matrix.goversion }})
+    needs: [lint]
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ matrix.goversion }}
+
+      - name: Build Yggdrasil
+        run: go build -v ./...
+
+      - name: Unit tests
+        run: go test -v ./...
+
+  build-windows:
+    strategy:
+      fail-fast: false
+      matrix:
+        goversion: ["1.17", "1.18"]
+
+    name: Build & Test (Windows, Go ${{ matrix.goversion }})
+    needs: [lint]
+
+    runs-on: windows-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ matrix.goversion }}
+
+      - name: Build Yggdrasil
+        run: go build -v ./...
+
+      - name: Unit tests
+        run: go test -v ./...
+
+  build-macos:
+    strategy:
+      fail-fast: false
+      matrix:
+        goversion: ["1.17", "1.18"]
+
+    name: Build & Test (macOS, Go ${{ matrix.goversion }})
+    needs: [lint]
+
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ matrix.goversion }}
+
+      - name: Build Yggdrasil
+        run: go build -v ./...
+
+      - name: Unit tests
+        run: go test -v ./...
+
+  tests-ok:
+    name: All tests passed
+    needs: [lint, codeql, build-linux, build-windows, build-macos]
+    runs-on: ubuntu-latest
+    if: ${{ !cancelled() }}
+    steps:
+      - name: Check all tests passed
+        uses: re-actors/alls-green@release/v1
+        with:
+          jobs: ${{ toJSON(needs) }}
+
+  build-packages-debian:
+    strategy:
+      fail-fast: false
+      matrix:
+        pkgarch: ["amd64", "i386", "mips", "mipsel", "armhf", "armel", "arm64"]
+
+    name: Create Package (Debian, ${{ matrix.pkgarch }})
+    needs: [tests-ok]
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+
+      - name: Build package
+        env:
+          PKGARCH: ${{ matrix.pkgarch }}
+        run: sh contrib/deb/generate.sh
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: Debian package (${{ matrix.pkgarch }})
+          path: "*.deb"
+          if-no-files-found: error
+
+  build-packages-macos:
+    strategy:
+      fail-fast: false
+      matrix:
+        pkgarch: ["amd64", "arm64"]
+
+    name: Create Package (macOS, ${{ matrix.pkgarch }})
+    needs: [tests-ok]
+
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+
+      - name: Build package
+        env:
+          PKGARCH: ${{ matrix.pkgarch }}
+        run: sh contrib/macos/create-pkg.sh
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: macOS package (${{ matrix.pkgarch }})
+          path: "*.pkg"
+          if-no-files-found: error
+
+  build-packages-windows:
+    strategy:
+      fail-fast: false
+      matrix:
+        pkgarch: ["x64", "x86", "arm", "arm64"]
+
+    name: Create Package (Windows, ${{ matrix.pkgarch }})
+    needs: [tests-ok]
+
+    runs-on: windows-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+
+      - name: Build package
+        run: sh contrib/msi/build-msi.sh ${{ matrix.pkgarch }}
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: Windows package (${{ matrix.pkgarch }})
+          path: "*.msi"
+          if-no-files-found: error
+
+  build-packages-router:
+    strategy:
+      fail-fast: false
+      matrix:
+        pkgarch: ["edgerouter-x", "edgerouter-lite", "vyos-amd64", "vyos-i386"]
+
+    name: Create Package (Router, ${{ matrix.pkgarch }})
+    needs: [tests-ok]
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          path: yggdrasil
+
+      - uses: actions/checkout@v3
+        with:
+          repository: neilalexander/vyatta-yggdrasil
+          path: vyatta-yggdrasil
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+
+      - name: Build package
+        env:
+          BUILDDIR_YGG: /home/runner/work/yggdrasil-go/yggdrasil-go/yggdrasil
+        run: cd /home/runner/work/yggdrasil-go/yggdrasil-go/vyatta-yggdrasil && ./build-${{ matrix.pkgarch }}
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: Router package (${{ matrix.pkgarch }})
+          path: "/home/runner/work/yggdrasil-go/yggdrasil-go/vyatta-yggdrasil/*.deb"
+          if-no-files-found: error

.gitmodules

@@ -1,3 +0,0 @@
-[submodule "doc/yggdrasil-network.github.io"]
-	path = doc/yggdrasil-network.github.io
-	url = https://github.com/yggdrasil-network/yggdrasil-network.github.io/

CHANGELOG.md

@@ -1,4 +1,5 @@
 # Changelog
+
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
@@ -25,11 +26,116 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - in case of vulnerabilities.
 -->
 
-## [0.3.16] - 2021-03-18
+## [0.4.4] - 2022-07-07
+
+### Fixed
+
+- ICMPv6 "Packet Too Big" payload size has been increased, which should fix Path MTU Discovery (PMTUD) when two nodes have different `IfMTU` values configured
+- A crash has been fixed when handling debug packet responses
+- `yggdrasilctl getSelf` should now report coordinates correctly again
+
+### Changed
+
+- Go 1.17 is now required to build Yggdrasil
+
+## [0.4.3] - 2022-02-06
+
 ### Added
+
+- `bytes_sent`, `bytes_recvd` and `uptime` have been added to `getPeers`
+- Clearer logging when connections are rejected due to incompatible peer versions
+
+### Fixed
+
+- Latency-based parent selection tiebreak is now reliable on platforms even with low timer resolution
+- Tree distance calculation offsets have been corrected
+
+## [0.4.2] - 2021-11-03
+
+### Fixed
+
+- Reverted a dependency update which resulted in problems building with Go 1.16 and running on Windows
+
+## [0.4.1] - 2021-11-03
+
+### Added
+
+- TLS peerings now support Server Name Indication (SNI)
+  - The SNI is sent automatically if the peering URI contains a DNS name
+  - A custom SNI can be specified by adding the `?sni=domain.com` parameter to the peering URI
+- A new `ipv6rwc` API package now implements the IPv6-specific logic separate from the `tun` package
+
+### Fixed
+
+- A crash when calculating the partial public key for very high IPv6 addresses has been fixed
+- A crash due to a concurrent map write has been fixed
+- A crash due to missing TUN configuration has been fixed
+- A race condition in the keystore code has been fixed
+
+## [0.4.0] - 2021-07-04
+
+### Added
+
+- New routing scheme, which is backwards incompatible with previous versions of Yggdrasil
+  - The wire protocol version number, exchanged as part of the peer setup handshake, has been increased to 0.4
+  - Nodes running this new version **will not** be able to peer with earlier versions of Yggdrasil
+  - Please note that **the network may be temporarily unstable** while infrastructure is being upgraded to the new release
+- TLS connections now use public key pinning
+  - If no public key was already pinned, then the public key received as part of the TLS handshake is pinned to the connection
+  - The public key received as part of the handshake is checked against the pinned keys, and if no match is found, the connection is rejected
+
+### Changed
+
+- IP addresses are now derived from ed25519 public (signing) keys
+  - Previously, addresses were derived from a hash of X25519 (Diffie-Hellman) keys
+  - Importantly, this means that **all internal IPv6 addresses will change with this release** — this will affect anyone running public services or relying on Yggdrasil for remote access
+- It is now recommended to peer over TLS
+  - Link-local peers from multicast peer discovery will now connect over TLS, with the key from the multicast beacon pinned to the connection
+  - `socks://` peers now expect the destination endpoint to be a `tls://` listener, instead of a `tcp://` listener
+- Multicast peer discovery is now more configurable
+  - There are separate configuration options to control if beacons are sent, what port to listen on for incoming connections (if sending beacons), and whether or not to listen for beacons from other nodes (and open connections when receiving a beacon)
+  - Each configuration entry in the list specifies a regular expression to match against interface names
+  - If an interface matches multiple regex in the list, it will use the settings for the first entry in the list that it matches with
+- The session and routing code has been entirely redesigned and rewritten
+  - This is still an early work-in-progress, so the code hasn't been as well tested or optimized as the old code base — please bear with us for these next few releases as we work through any bugs or issues
+  - Generally speaking, we expect to see reduced bandwidth use and improved reliability with the new design, especially in cases where nodes move around or change peerings frequently
+  - Cryptographic sessions no longer use a single shared (ephemeral) secret for the entire life of the session. Keys are now rotated regularly for ongoing sessions (currently rotated at least once per round trip exchange of traffic, subject to change in future releases)
+  - Source routing has been added. Under normal circumstances, this is what is used to forward session traffic (e.g. the user's IPv6 traffic)
+  - DHT-based routing has been added. This is used when the sender does not know a source route to the destination. Forwarding through the DHT is less efficient, but the only information that it requires the sender to know is the destination node's (static) key. This is primarily used during the key exchange at session setup, or as a temporary fallback when a source route fails due to changes in the network
+  - The new DHT design is no longer RPC-based, does not support crawling and does not inherently allow nodes to look up the owner of an arbitrary key. Responding to lookups is now implemented at the application level and a response is only sent if the destination key matches the node's `/128` IP or `/64` prefix
+  - The greedy routing scheme, used to forward all traffic in previous releases, is now only used for protocol traffic (i.e. DHT setup and source route discovery)
+  - The routing logic now lives in a [standalone library](https://github.com/Arceliar/ironwood). You are encouraged **not** to use it, as it's still considered pre-alpha, but it's available for those who want to experiment with the new routing algorithm in other contexts
+  - Session MTUs may be slightly lower now, in order to accommodate large packet headers if required
+- Many of the admin functions available over `yggdrasilctl` have been changed or removed as part of rewrites to the code
+  - Several remote `debug` functions have been added temporarily, to allow for crawling and census gathering during the transition to the new version, but we intend to remove this at some point in the (possibly distant) future
+  - The list of available functions will likely be expanded in future releases
+- The configuration file format has been updated in response to the changed/removed features
+
+### Removed
+
+- Tunnel routing (a.k.a. crypto-key routing or "CKR") has been removed
+  - It was far too easy to accidentally break routing altogether by capturing the route to peers with the TUN adapter
+  - We recommend tunnelling an existing standard over Yggdrasil instead (e.g. `ip6gre`, `ip6gretap` or other similar encapsulations, using Yggdrasil IPv6 addresses as the tunnel endpoints)
+  - All `TunnelRouting` configuration options will no longer take effect
+- Session firewall has been removed
+  - This was never a true firewall — it didn't behave like a stateful IP firewall, often allowed return traffic unexpectedly and was simply a way to prevent a node from being flooded with unwanted sessions, so the name could be misleading and usually lead to a false sense of security
+  - Due to design changes, the new code needs to address the possible memory exhaustion attacks in other ways and a single configurable list no longer makes sense
+  - Users who want a firewall or other packet filter mechansim should configure something supported by their OS instead (e.g. `ip6tables`)
+  - All `SessionFirewall` configuration options will no longer take effect
+- `SIGHUP` handling to reload the configuration at runtime has been removed
+  - It was not obvious which parts of the configuration could be reloaded at runtime, and which required the application to be killed and restarted to take effect
+  - Reloading the config without restarting was also a delicate and bug-prone process, and was distracting from more important developments
+  - `SIGHUP` will be handled normally (i.e. by exiting)
+- `cmd/yggrasilsim` has been removed, and is unlikely to return to this repository
+
+## [0.3.16] - 2021-03-18
+
+### Added
+
 - New simulation code under `cmd/yggdrasilsim` (work-in-progress)
 
 ### Changed
+
 - Multi-threading in the switch
   - Swich lookups happen independently for each (incoming) peer connection, instead of being funneled to a single dedicated switch worker
   - Packets are queued for each (outgoing) peer connection, instead of being handled by a single dedicated switch worker
@@ -45,13 +151,16 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Upgrade build to Go 1.16
 
 ### Fixed
+
 - Fixed a bug where the connection listener could exit prematurely due to resoruce exhaustion (if e.g. too many connections were opened)
 - Fixed DefaultIfName for OpenBSD (`/dev/tun0` -> `tun0`)
 - Fixed an issue where a peer could sometimes never be added to the switch
 - Fixed a goroutine leak that could occur if a peer with an open connection continued to spam additional connection attempts
 
 ## [0.3.15] - 2020-09-27
+
 ### Added
+
 - Support for pinning remote public keys in peering strings has been added, e.g.
   - By signing public key: `tcp://host:port?ed25519=key`
   - By encryption public key: `tcp://host:port?curve25519=key`
@@ -61,25 +170,32 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Added support for SOCKS proxy authentication, e.g. `socks://user@password:host/...`
 
 ### Fixed
+
 - Some bugs in the multicast code that could cause unnecessary CPU usage have been fixed
 - A possible multicast deadlock on macOS when enumerating interfaces has been fixed
 - A deadlock in the connection code has been fixed
 - Updated HJSON dependency that caused some build problems
 
 ### Changed
+
 - `DisconnectPeer` and `RemovePeer` have been separated and implemented properly now
 - Less nodes are stored in the DHT now, reducing ambient network traffic and possible instability
 - Default config file for FreeBSD is now at `/usr/local/etc/yggdrasil.conf` instead of `/etc/yggdrasil.conf`
 
 ## [0.3.14] - 2020-03-28
+
 ### Fixed
+
 - Fixes a memory leak that may occur if packets are incorrectly never removed from a switch queue
 
 ### Changed
+
 - Make DHT searches a bit more reliable by tracking the 16 most recently visited nodes
 
 ## [0.3.13] - 2020-02-21
+
 ### Added
+
 - Support for the Wireguard TUN driver, which now replaces Water and provides far better support and performance on Windows
 - Windows `.msi` installer files are now supported (bundling the Wireguard TUN driver)
 - NodeInfo code is now actorised, should be more reliable
@@ -87,6 +203,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - The Yggdrasil API now supports dialing a remote node using the public key instead of the Node ID
 
 ### Changed
+
 - The `-loglevel` command line parameter is now cumulative and automatically includes all levels below the one specified
 - DHT search code has been significantly simplified and processes rumoured nodes in parallel, speeding up search time
 - DHT search results are now sorted
@@ -94,26 +211,32 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - The Yggdrasil API now returns public keys instead of node IDs when querying for local and remote addresses
 
 ### Fixed
+
 - The multicast code no longer panics when shutting down the node
 - A potential OOB error when calculating IPv4 flow labels (when tunnel routing is enabled) has been fixed
 - A bug resulting in incorrect idle notifications in the switch should now be fixed
 - MTUs are now using a common datatype throughout the codebase
 
 ### Removed
+
 - TAP mode has been removed entirely, since it is no longer supported with the Wireguard TUN package. Please note that if you are using TAP mode, you may need to revise your config!
 - NetBSD support has been removed until the Wireguard TUN package supports NetBSD
 
 ## [0.3.12] - 2019-11-24
+
 ### Added
+
 - New API functions `SetMaximumSessionMTU` and `GetMaximumSessionMTU`
 - New command line parameters `-address` and `-subnet` for getting the address/subnet from the config file, for use with `-useconffile` or `-useconf`
 - A warning is now produced in the Yggdrasil output at startup when the MTU in the config is invalid or has been adjusted for some reason
 
 ### Changed
+
 - On Linux, outgoing `InterfacePeers` connections now use `SO_BINDTODEVICE` to prefer an outgoing interface
 - The `genkeys` utility is now in `cmd` rather than `misc`
 
 ### Fixed
+
 - A data race condition has been fixed when updating session coordinates
 - A crash when shutting down when no multicast interfaces are configured has been fixed
 - A deadlock when calling `AddPeer` multiple times has been fixed
@@ -122,10 +245,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - The MTU calculation now correctly accounts for ethernet headers when running in TAP mode
 
 ## [0.3.11] - 2019-10-25
+
 ### Added
+
 - Support for TLS listeners and peers has been added, allowing the use of `tls://host:port` in `Peers`, `InterfacePeers` and `Listen` configuration settings - this allows hiding Yggdrasil peerings inside regular TLS connections
 
 ### Changed
+
 - Go 1.13 or later is now required for building Yggdrasil
 - Some exported API functions have been updated to work with standard Go interfaces:
   - `net.Conn` instead of `yggdrasil.Conn`
@@ -135,27 +261,35 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Multicast module reloading behaviour has been improved
 
 ### Fixed
+
 - An incorrectly held mutex in the crypto-key routing code has been fixed
 - Multicast module no longer opens a listener socket if no multicast interfaces are configured
 
 ## [0.3.10] - 2019-10-10
+
 ### Added
+
 - The core library now includes several unit tests for peering and `yggdrasil.Conn` connections
 
 ### Changed
+
 - On recent Linux kernels, Yggdrasil will now set the `tcp_congestion_control` algorithm used for its own TCP sockets to [BBR](https://github.com/google/bbr), which reduces latency under load
 - The systemd service configuration in `contrib` (and, by extension, some of our packages) now attempts to load the `tun` module, in case TUN/TAP support is available but not loaded, and it restricts Yggdrasil to the `CAP_NET_ADMIN` capability for managing the TUN/TAP adapter, rather than letting it do whatever the (typically `root`) user can do
 
 ### Fixed
+
 - The `yggdrasil.Conn.RemoteAddr()` function no longer blocks, fixing a deadlock when CKR is used while under heavy load
 
 ## [0.3.9] - 2019-09-27
+
 ### Added
+
 - Yggdrasil will now complain more verbosely when a peer URI is incorrectly formatted
 - Soft-shutdown methods have been added, allowing a node to shut down gracefully when terminated
 - New multicast interval logic which sends multicast beacons more often when Yggdrasil is first started to increase the chance of finding nearby nodes quickly after startup
 
 ### Changed
+
 - The switch now buffers packets more eagerly in an attempt to give the best link a chance to send, which appears to reduce packet reordering when crossing aggregate sets of peerings
 - Substantial amounts of the codebase have been refactored to use the actor model, which should substantially reduce the chance of deadlocks
 - Nonce tracking in sessions has been modified so that memory usage is reduced whilst still only allowing duplicate packets within a small window
@@ -164,6 +298,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - The maximum queue size is now managed exclusively by the switch rather than by the core
 
 ### Fixed
+
 - The broken `hjson-go` dependency which affected builds of the previous version has now been resolved in the module manifest
 - Some minor memory leaks in the switch have been fixed, which improves memory usage on mobile builds
 - A memory leak in the add-peer loop has been fixed
@@ -175,10 +310,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - A panic which could occur when the TUN/TAP interface reads an undersized/corrupted packet has been fixed
 
 ### Removed
+
 - A number of legacy debug functions have now been removed and a number of exported API functions are now better documented
 
 ## [0.3.8] - 2019-08-21
+
 ### Changed
+
 - Yggdrasil can now send multiple packets from the switch at once, which results in improved throughput with smaller packets or lower MTUs
 - Performance has been slightly improved by not allocating cancellations where not necessary
 - Crypto-key routing options have been renamed for clarity
@@ -191,20 +329,25 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - New nonce tracking should help to reduce the number of packets dropped as a result of multiple/aggregate paths or congestion control in the switch
 
 ### Fixed
+
 - A deadlock was fixed in the session code which could result in Yggdrasil failing to pass traffic after some time
 
 ### Security
+
 - Address verification was not strict enough, which could result in a malicious session sending traffic with unexpected or spoofed source or destination addresses which Yggdrasil could fail to reject
   - Versions `0.3.6` and `0.3.7` are vulnerable - users of these versions should upgrade as soon as possible
   - Versions `0.3.5` and earlier are not affected
 
 ## [0.3.7] - 2019-08-14
+
 ### Changed
+
 - The switch should now forward packets along a single path more consistently in cases where congestion is low and multiple equal-length paths exist, which should improve stability and result in fewer out-of-order packets
 - Sessions should now be more tolerant of out-of-order packets, by replacing a bitmask with a variable sized heap+map structure to track recently received nonces, which should reduce the number of packets dropped due to reordering when multiple paths are used or multiple independent flows are transmitted through the same session
 - The admin socket can no longer return a dotfile representation of the known parts of the network, this could be rebuilt by clients using information from `getSwitchPeers`,`getDHT` and `getSessions`
 
 ### Fixed
+
 - A number of significant performance regressions introduced in version 0.3.6 have been fixed, resulting in better performance
 - Flow labels are now used to prioritise traffic flows again correctly
 - In low-traffic scenarios where there are multiple peerings between a pair of nodes, Yggdrasil now prefers the most active peering instead of the least active, helping to reduce packet reordering
@@ -218,13 +361,16 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - A number of minor allocation and pointer fixes
 
 ## [0.3.6] - 2019-08-03
+
 ### Added
+
 - Yggdrasil now has a public API with interfaces such as `yggdrasil.ConnDialer`, `yggdrasil.ConnListener` and `yggdrasil.Conn` for using Yggdrasil as a transport directly within applications
 - Session gatekeeper functions, part of the API, which can be used to control whether to allow or reject incoming or outgoing sessions dynamically (compared to the previous fixed whitelist/blacklist approach)
 - Support for logging to files or syslog (where supported)
 - Platform defaults now include the ability to set sane defaults for multicast interfaces
 
 ### Changed
+
 - Following a massive refactoring exercise, Yggdrasil's codebase has now been broken out into modules
 - Core node functionality in the `yggdrasil` package with a public API
   - This allows Yggdrasil to be integrated directly into other applications and used as a transport
@@ -237,6 +383,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Upstream dependency references have been updated, which includes a number of fixes in the Water library
 
 ### Fixed
+
 - Multicast discovery is no longer disabled if the nominated interfaces aren't available on the system yet, e.g. during boot
 - Multicast interfaces are now re-evaluated more frequently so that Yggdrasil doesn't need to be restarted to use interfaces that have become available since startup
 - Admin socket error cases are now handled better
@@ -251,12 +398,16 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Lots of small bug tweaks and clean-ups throughout the codebase
 
 ## [0.3.5] - 2019-03-13
+
 ### Fixed
+
 - The `AllowedEncryptionPublicKeys` option has now been fixed to handle incoming connections properly and no longer blocks outgoing connections (this was broken in v0.3.4)
 - Multicast TCP listeners will now be stopped correctly when the link-local address on the interface changes or disappears altogether
 
 ## [0.3.4] - 2019-03-12
+
 ### Added
+
 - Support for multiple listeners (although currently only TCP listeners are supported)
 - New multicast behaviour where each multicast interface is given its own link-local listener and does not depend on the `Listen` configuration
 - Blocking detection in the switch to avoid parenting a blocked peer
@@ -267,6 +418,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Added `LinkLocalTCPPort` option for controlling the port number that link-local TCP listeners will listen on by default when setting up `MulticastInterfaces` (a node restart is currently required for changes to `LinkLocalTCPPort` to take effect - it cannot be updated by reloading config during runtime)
 
 ### Changed
+
 - The `Listen` configuration statement is now an array instead of a string
 - The `Listen` configuration statement should now conform to the same formatting as peers with the protocol prefix, e.g. `tcp://[::]:0`
 - Session workers are now non-blocking
@@ -275,6 +427,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Peer forwarding is now prioritised instead of randomised
 
 ### Fixed
+
 - Admin socket `getTunTap` call now returns properly instead of claiming no interface is enabled in all cases
 - Handling of `getRoutes` etc in `yggdrasilctl` is now working
 - Local interface names are no longer leaked in multicast packets
@@ -282,7 +435,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Yggdrasil now correctly responds to multicast interfaces going up and down during runtime
 
 ## [0.3.3] - 2019-02-18
+
 ### Added
+
 - Dynamic reconfiguration, which allows reloading the configuration file to make changes during runtime by sending a `SIGHUP` signal (note: this only works with `-useconffile` and not `-useconf` and currently reconfiguring TUN/TAP is not supported)
 - Support for building Yggdrasil as an iOS or Android framework if the appropriate tools (e.g. `gomobile`/`gobind` + SDKs) are available
 - Connection contexts used for TCP connections which allow more exotic socket options to be set, e.g.
@@ -291,26 +446,33 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Flexible logging support, which allows for logging at different levels of verbosity
 
 ### Changed
+
 - Switch changes to improve parent selection
 - Node configuration is now stored centrally, rather than having fragments/copies distributed at startup time
 - Significant refactoring in various areas, including for link types (TCP, AWDL etc), generic streams and adapters
 - macOS builds through CircleCI are now 64-bit only
 
 ### Fixed
+
 - Simplified `systemd` service now in `contrib`
 
 ### Removed
+
 - `ReadTimeout` option is now deprecated
 
 ## [0.3.2] - 2018-12-26
+
 ### Added
+
 - The admin socket is now multithreaded, greatly improving performance of the crawler and allowing concurrent lookups to take place
 - The ability to hide NodeInfo defaults through either setting the `NodeInfoPrivacy` option or through setting individual `NodeInfo` attributes to `null`
 
 ### Changed
+
 - The `armhf` build now targets ARMv6 instead of ARMv7, adding support for Raspberry Pi Zero and other older models, amongst others
 
 ### Fixed
+
 - DHT entries are now populated using a copy in memory to fix various potential DHT bugs
 - DHT traffic should now throttle back exponentially to reduce idle traffic
 - Adjust how nodes are inserted into the DHT which should help to reduce some incorrect DHT traffic
@@ -318,7 +480,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - In TUN mode, ICMPv6 packets are now ignored whereas they were incorrectly processed before
 
 ## [0.3.1] - 2018-12-17
+
 ### Added
+
 - Build name and version is now imprinted onto the binaries if available/specified during build
 - Ability to disable admin socket with `AdminListen: none`
 - `AF_UNIX` domain sockets for the admin socket
@@ -328,18 +492,22 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Adds flags `-c`, `-l` and `-t` to `build` script for specifying `GCFLAGS`, `LDFLAGS` or whether to keep symbol/DWARF tables
 
 ### Changed
+
 - Default `AdminListen` in newly generated config is now `unix:///var/run/yggdrasil.sock`
 - Formatting of `getRoutes` in the admin socket has been improved
 - Debian package now adds `yggdrasil` group to assist with `AF_UNIX` admin socket permissions
 - Crypto, address and other utility code refactored into separate Go packages
 
 ### Fixed
+
 - Switch peer convergence is now much faster again (previously it was taking up to a minute once the peering was established)
 - `yggdrasilctl` is now less prone to crashing when parameters are specified incorrectly
 - Panic fixed when `Peers` or `InterfacePeers` was commented out
 
 ## [0.3.0] - 2018-12-12
+
 ### Added
+
 - Crypto-key routing support for tunnelling both IPv4 and IPv6 over Yggdrasil
 - Add advanced `SwitchOptions` in configuration file for tuning the switch
 - Add `dhtPing` to the admin socket to aid in crawling the network
@@ -352,6 +520,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - `yggdrasilctl` now returns more useful logging in the event of a fatal error
 
 ### Changed
+
 - Switched to Chord DHT (instead of Kademlia, although still compatible at the protocol level)
 - The `AdminListen` option and `yggdrasilctl` now default to `unix:///var/run/yggdrasil.sock` on BSDs, macOS and Linux
 - Cleaned up some of the parameter naming in the admin socket
@@ -361,12 +530,15 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - `yggdrasilctl` now has more useful help text (with `-help` or when no arguments passed)
 
 ### Fixed
+
 - Memory leaks in the DHT fixed
 - Crash fixed where the ICMPv6 NDP goroutine would incorrectly start in TUN mode
 - Removing peers from the switch table if they stop sending switch messages but keep the TCP connection alive
 
 ## [0.2.7] - 2018-10-13
+
 ### Added
+
 - Session firewall, which makes it possible to control who can open sessions with your node
 - Add `getSwitchQueues` to admin socket
 - Add `InterfacePeers` for configuring static peerings via specific network interfaces
@@ -374,81 +546,106 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - FreeBSD service script in `contrib`
 
 ## Changed
+
 - CircleCI builds are now built with Go 1.11 instead of Go 1.9
 
 ## Fixed
+
 - Race condition in the switch table, reported by trn
 - Debug builds are now tested by CircleCI as well as platform release builds
 - Port number fixed on admin graph from unknown nodes
 
 ## [0.2.6] - 2018-07-31
+
 ### Added
+
 - Configurable TCP timeouts to assist in peering over Tor/I2P
 - Prefer IPv6 flow label when extending coordinates to sort backpressure queues
 - `arm64` builds through CircleCI
 
 ### Changed
+
 - Sort dot graph links by integer value
 
 ## [0.2.5] - 2018-07-19
+
 ### Changed
+
 - Make `yggdrasilctl` less case sensitive
 - More verbose TCP disconnect messages
 
 ### Fixed
+
 - Fixed debug builds
 - Cap maximum MTU on Linux in TAP mode
 - Process successfully-read TCP traffic before checking for / handling errors (fixes EOF behavior)
 
 ## [0.2.4] - 2018-07-08
+
 ### Added
+
 - Support for UNIX domain sockets for the admin socket using `unix:///path/to/file.sock`
 - Centralised platform-specific defaults
 
 ### Changed
+
 - Backpressure tuning, including reducing resource consumption
 
 ### Fixed
+
 - macOS local ping bug, which previously prevented you from pinging your own `utun` adapter's IPv6 address
 
 ## [0.2.3] - 2018-06-29
+
 ### Added
+
 - Begin keeping changelog (incomplete and possibly inaccurate information before this point).
 - Build RPMs in CircleCI using alien. This provides package support for Fedora, Red Hat Enterprise Linux, CentOS and other RPM-based distributions.
 
 ### Changed
+
 - Local backpressure improvements.
 - Change `box_pub_key` to `key` in admin API for simplicity.
 - Session cleanup.
 
 ## [0.2.2] - 2018-06-21
+
 ### Added
+
 - Add `yggdrasilconf` utility for testing with the `vyatta-yggdrasil` package.
 - Add a randomized retry delay after TCP disconnects, to prevent synchronization livelocks.
 
 ### Changed
+
 - Update build script to strip by default, which significantly reduces the size of the binary.
 - Add debug `-d` and UPX `-u` flags to the `build` script.
 - Start pprof in debug builds based on an environment variable (e.g. `PPROFLISTEN=localhost:6060`), instead of a flag.
 
 ### Fixed
+
 - Fix typo in big-endian BOM so that both little-endian and big-endian UTF-16 files are detected correctly.
 
 ## [0.2.1] - 2018-06-15
+
 ### Changed
+
 - The address range was moved from `fd00::/8` to `200::/7`. This range was chosen as it is marked as deprecated. The change prevents overlap with other ULA privately assigned ranges.
 
 ### Fixed
+
 - UTF-16 detection conversion for configuration files, which can particularly be a problem on Windows 10 if a configuration file is generated from within PowerShell.
 - Fixes to the Debian package control file.
 - Fixes to the launchd service for macOS.
 - Fixes to the DHT and switch.
 
 ## [0.2.0] - 2018-06-13
+
 ### Added
+
 - Exchange version information during connection setup, to prevent connections with incompatible versions.
 
 ### Changed
+
 - Wire format changes (backwards incompatible).
 - Less maintenance traffic per peer.
 - Exponential back-off for DHT maintenance traffic (less maintenance traffic for known good peers).
@@ -456,18 +653,24 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Use local queue sizes for a sort of local-only backpressure routing, instead of the removed bandwidth estimates, when deciding where to send a packet.
 
 ### Removed
+
 - UDP peering, this may be added again if/when a better implementation appears.
 - Per peer bandwidth estimation, as this has been replaced with an early local backpressure implementation.
 
 ## [0.1.0] - 2018-02-01
+
 ### Added
+
 - Adopt semantic versioning.
 
 ### Changed
+
 - Wire format changes (backwards incompatible).
 - Many other undocumented changes leading up to this release and before the next one.
 
 ## [0.0.1] - 2017-12-28
+
 ### Added
+
 - First commit.
 - Initial public release.

README.md

@@ -1,7 +1,6 @@
 # Yggdrasil
 
-[![CircleCI](https://circleci.com/gh/yggdrasil-network/yggdrasil-go.svg?style=shield&circle-token=:circle-token
-)](https://circleci.com/gh/yggdrasil-network/yggdrasil-go)
+[![Build status](https://github.com/yggdrasil-network/yggdrasil-go/actions/workflows/ci.yml/badge.svg)](https://github.com/yggdrasil-network/yggdrasil-go/actions/workflows/ci.yml)
 
 ## Introduction
 
@@ -11,44 +10,21 @@ allows pretty much any IPv6-capable application to communicate securely with
 other Yggdrasil nodes. Yggdrasil does not require you to have IPv6 Internet
 connectivity - it also works over IPv4.
 
-Although Yggdrasil shares many similarities with
-[cjdns](https://github.com/cjdelisle/cjdns), it employs a different routing
-algorithm based on a globally-agreed spanning tree and greedy routing in a
-metric space, and aims to implement some novel local backpressure routing
-techniques. In theory, Yggdrasil should scale well on networks with
-internet-like topologies.
-
 ## Supported Platforms
 
-We actively support the following platforms, and packages are available for
-some of the below:
+Yggdrasil works on a number of platforms, including Linux, macOS, Ubiquiti
+EdgeRouter, VyOS, Windows, FreeBSD, OpenBSD and OpenWrt.
 
-- Linux
-  - `.deb` and `.rpm` packages are built by CI for Debian and Red Hat-based
-    distributions
-  - Arch, Nix, Void packages also available within their respective repositories
-- macOS
-  - `.pkg` packages are built by CI
-- Ubiquiti EdgeOS
-  - `.deb` Vyatta packages are built by CI
-- Windows
-- FreeBSD
-- OpenBSD
-- OpenWrt
-
-Please see our [Platforms](https://yggdrasil-network.github.io/platforms.html) pages for more
-specific information about each of our supported platforms, including
-installation steps and caveats.
-
-You may also find other platform-specific wrappers, scripts or tools in the
-`contrib` folder.
+Please see our [Installation](https://yggdrasil-network.github.io/installation.html)
+page for more information. You may also find other platform-specific wrappers, scripts
+or tools in the `contrib` folder.
 
 ## Building
 
 If you want to build from source, as opposed to installing one of the pre-built
 packages:
 
-1. Install [Go](https://golang.org) (requires Go 1.16 or later)
+1. Install [Go](https://golang.org) (requires Go 1.17 or later)
 2. Clone this repository
 2. Run `./build`
 
@@ -80,6 +56,7 @@ other configuration such as listen addresses or multicast addresses, etc.
 ### Run Yggdrasil
 
 To run with the generated static configuration:
+
 ```
 ./yggdrasil -useconffile /path/to/yggdrasil.conf
 ```
@@ -97,21 +74,18 @@ by giving the Yggdrasil binary the `CAP_NET_ADMIN` capability.
 
 ## Documentation
 
-Documentation is available on our [GitHub
-Pages](https://yggdrasil-network.github.io) site, or in the base submodule
-repository within `doc/yggdrasil-network.github.io`.
+Documentation is available [on our website](https://yggdrasil-network.github.io).
 
-- [Configuration file options](https://yggdrasil-network.github.io/configuration.html)
-- [Platform-specific documentation](https://yggdrasil-network.github.io/platforms.html)
+- [Installing Yggdrasil](https://yggdrasil-network.github.io/installation.html)
+- [Configuring Yggdrasil](https://yggdrasil-network.github.io/configuration.html)
 - [Frequently asked questions](https://yggdrasil-network.github.io/faq.html)
-- [Admin API documentation](https://yggdrasil-network.github.io/admin.html)
 - [Version changelog](CHANGELOG.md)
 
 ## Community
 
 Feel free to join us on our [Matrix
 channel](https://matrix.to/#/#yggdrasil:matrix.org) at `#yggdrasil:matrix.org`
-or in the `#yggdrasil` IRC channel on Freenode.
+or in the `#yggdrasil` IRC channel on [libera.chat](https://libera.chat).
 
 ## License
 

build

@@ -9,13 +9,11 @@ PKGVER=${PKGVER:-$(sh contrib/semver/version.sh --bare)}
 LDFLAGS="-X $PKGSRC.buildName=$PKGNAME -X $PKGSRC.buildVersion=$PKGVER"
 ARGS="-v"
 
-while getopts "uaitc:l:dro:p" option
+while getopts "utc:l:dro:p" option
 do
   case "$option"
   in
   u) UPX=true;;
-  i) IOS=true;;
-  a) ANDROID=true;;
   t) TABLES=true;;
   c) GCFLAGS="$GCFLAGS $OPTARG";;
   l) LDFLAGS="$LDFLAGS $OPTARG";;
@@ -30,27 +28,11 @@ if [ -z $TABLES ] && [ -z $DEBUG ]; then
   LDFLAGS="$LDFLAGS -s -w"
 fi
 
-if [ $IOS ]; then
-  echo "Building framework for iOS"
-  gomobile bind -target ios -tags mobile -ldflags="$LDFLAGS $STRIP" -gcflags="$GCFLAGS" \
-    github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil \
-    github.com/yggdrasil-network/yggdrasil-go/src/config \
-    github.com/yggdrasil-network/yggdrasil-extras/src/mobile \
-    github.com/yggdrasil-network/yggdrasil-extras/src/dummy
-elif [ $ANDROID ]; then
-  echo "Building aar for Android"
-  gomobile bind -target android -tags mobile -ldflags="$LDFLAGS $STRIP" -gcflags="$GCFLAGS" \
-    github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil \
-    github.com/yggdrasil-network/yggdrasil-go/src/config \
-    github.com/yggdrasil-network/yggdrasil-extras/src/mobile \
-    github.com/yggdrasil-network/yggdrasil-extras/src/dummy
-else
-  for CMD in yggdrasil yggdrasilctl ; do
-    echo "Building: $CMD"
-    go build $ARGS -ldflags="$LDFLAGS" -gcflags="$GCFLAGS" ./cmd/$CMD
+for CMD in yggdrasil yggdrasilctl ; do
+  echo "Building: $CMD"
+  go build $ARGS -ldflags="$LDFLAGS" -gcflags="$GCFLAGS" ./cmd/$CMD
 
-    if [ $UPX ]; then
-      upx --brute $CMD
-    fi
-  done
-fi
+  if [ $UPX ]; then
+    upx --brute $CMD
+  fi
+done

cmd/genkeys/main.go

@@ -13,116 +13,66 @@ This only matters if it's high enough to make you the root of the tree.
 package main
 
 import (
+	"crypto/ed25519"
 	"encoding/hex"
-	"flag"
 	"fmt"
 	"net"
 	"runtime"
 
 	"github.com/yggdrasil-network/yggdrasil-go/src/address"
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
 )
 
-var doSig = flag.Bool("sig", false, "generate new signing keys instead")
-
 type keySet struct {
-	priv []byte
-	pub  []byte
-	id   []byte
-	ip   string
+	priv ed25519.PrivateKey
+	pub  ed25519.PublicKey
 }
 
 func main() {
 	threads := runtime.GOMAXPROCS(0)
-	var threadChannels []chan []byte
-	var currentBest []byte
+	var currentBest ed25519.PublicKey
 	newKeys := make(chan keySet, threads)
-	flag.Parse()
-
 	for i := 0; i < threads; i++ {
-		threadChannels = append(threadChannels, make(chan []byte, threads))
-		switch {
-		case *doSig:
-			go doSigKeys(newKeys, threadChannels[i])
-		default:
-			go doBoxKeys(newKeys, threadChannels[i])
-		}
+		go doKeys(newKeys)
 	}
-
 	for {
 		newKey := <-newKeys
-		if isBetter(currentBest, newKey.id[:]) || len(currentBest) == 0 {
-			currentBest = newKey.id
-			for _, channel := range threadChannels {
-				select {
-				case channel <- newKey.id:
-				}
-			}
-			fmt.Println("--------------------------------------------------------------------------------")
-			switch {
-			case *doSig:
-				fmt.Println("sigPriv:", hex.EncodeToString(newKey.priv))
-				fmt.Println("sigPub:", hex.EncodeToString(newKey.pub))
-				fmt.Println("TreeID:", hex.EncodeToString(newKey.id))
-			default:
-				fmt.Println("boxPriv:", hex.EncodeToString(newKey.priv))
-				fmt.Println("boxPub:", hex.EncodeToString(newKey.pub))
-				fmt.Println("NodeID:", hex.EncodeToString(newKey.id))
-				fmt.Println("IP:", newKey.ip)
-			}
+		if isBetter(currentBest, newKey.pub) || len(currentBest) == 0 {
+			currentBest = newKey.pub
+			fmt.Println("-----")
+			fmt.Println("Priv:", hex.EncodeToString(newKey.priv))
+			fmt.Println("Pub:", hex.EncodeToString(newKey.pub))
+			addr := address.AddrForKey(newKey.pub)
+			fmt.Println("IP:", net.IP(addr[:]).String())
 		}
 	}
 }
 
-func isBetter(oldID, newID []byte) bool {
-	for idx := range oldID {
-		if newID[idx] != oldID[idx] {
-			return newID[idx] > oldID[idx]
+func isBetter(oldPub, newPub ed25519.PublicKey) bool {
+	for idx := range oldPub {
+		if newPub[idx] < oldPub[idx] {
+			return true
+		}
+		if newPub[idx] > oldPub[idx] {
+			break
 		}
 	}
 	return false
 }
 
-func doBoxKeys(out chan<- keySet, in <-chan []byte) {
-	var bestID crypto.NodeID
-	for {
-		select {
-		case newBestID := <-in:
-			if isBetter(bestID[:], newBestID) {
-				copy(bestID[:], newBestID)
-			}
-		default:
-			pub, priv := crypto.NewBoxKeys()
-			id := crypto.GetNodeID(pub)
-			if !isBetter(bestID[:], id[:]) {
-				continue
-			}
-			bestID = *id
-			ip := net.IP(address.AddrForNodeID(id)[:]).String()
-			out <- keySet{priv[:], pub[:], id[:], ip}
-		}
-	}
-}
-
-func doSigKeys(out chan<- keySet, in <-chan []byte) {
-	var bestID crypto.TreeID
-	for idx := range bestID {
-		bestID[idx] = 0
+func doKeys(out chan<- keySet) {
+	bestKey := make(ed25519.PublicKey, ed25519.PublicKeySize)
+	for idx := range bestKey {
+		bestKey[idx] = 0xff
 	}
 	for {
-		select {
-		case newBestID := <-in:
-			if isBetter(bestID[:], newBestID) {
-				copy(bestID[:], newBestID)
-			}
-		default:
+		pub, priv, err := ed25519.GenerateKey(nil)
+		if err != nil {
+			panic(err)
 		}
-		pub, priv := crypto.NewSigKeys()
-		id := crypto.GetTreeID(pub)
-		if !isBetter(bestID[:], id[:]) {
+		if !isBetter(bestKey, pub) {
 			continue
 		}
-		bestID = *id
-		out <- keySet{priv[:], pub[:], id[:], ""}
+		bestKey = pub
+		out <- keySet{priv, pub}
 	}
 }

cmd/yggdrasil/main.go

@@ -2,6 +2,8 @@ package main
 
 import (
 	"bytes"
+	"context"
+	"crypto/ed25519"
 	"encoding/hex"
 	"encoding/json"
 	"flag"
@@ -24,31 +26,32 @@ import (
 	"github.com/yggdrasil-network/yggdrasil-go/src/address"
 	"github.com/yggdrasil-network/yggdrasil-go/src/admin"
 	"github.com/yggdrasil-network/yggdrasil-go/src/config"
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
-	"github.com/yggdrasil-network/yggdrasil-go/src/module"
+	"github.com/yggdrasil-network/yggdrasil-go/src/defaults"
+
+	"github.com/yggdrasil-network/yggdrasil-go/src/core"
+	"github.com/yggdrasil-network/yggdrasil-go/src/ipv6rwc"
 	"github.com/yggdrasil-network/yggdrasil-go/src/multicast"
 	"github.com/yggdrasil-network/yggdrasil-go/src/tuntap"
 	"github.com/yggdrasil-network/yggdrasil-go/src/version"
-	"github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil"
 )
 
 type node struct {
-	core      yggdrasil.Core
-	state     *config.NodeState
-	tuntap    module.Module // tuntap.TunAdapter
-	multicast module.Module // multicast.Multicast
-	admin     module.Module // admin.AdminSocket
+	core      core.Core
+	config    *config.NodeConfig
+	tuntap    *tuntap.TunAdapter
+	multicast *multicast.Multicast
+	admin     *admin.AdminSocket
 }
 
-func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config.NodeConfig {
+func readConfig(log *log.Logger, useconf bool, useconffile string, normaliseconf bool) *config.NodeConfig {
 	// Use a configuration file. If -useconf, the configuration will be read
 	// from stdin. If -useconffile, the configuration will be read from the
 	// filesystem.
 	var conf []byte
 	var err error
-	if *useconffile != "" {
+	if useconffile != "" {
 		// Read the file from the filesystem
-		conf, err = ioutil.ReadFile(*useconffile)
+		conf, err = ioutil.ReadFile(useconffile)
 	} else {
 		// Read the file from stdin.
 		conf, err = ioutil.ReadAll(os.Stdin)
@@ -73,32 +76,51 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config
 	// then parse the configuration we loaded above on top of it. The effect
 	// of this is that any configuration item that is missing from the provided
 	// configuration will use a sane default.
-	cfg := config.GenerateConfig()
+	cfg := defaults.GenerateConfig()
 	var dat map[string]interface{}
 	if err := hjson.Unmarshal(conf, &dat); err != nil {
 		panic(err)
 	}
-	// Check for fields that have changed type recently, e.g. the Listen config
-	// option is now a []string rather than a string
-	if listen, ok := dat["Listen"].(string); ok {
-		dat["Listen"] = []string{listen}
+	// Check if we have old field names
+	if _, ok := dat["TunnelRouting"]; ok {
+		log.Warnln("WARNING: Tunnel routing is no longer supported")
 	}
-	if tunnelrouting, ok := dat["TunnelRouting"].(map[string]interface{}); ok {
-		if c, ok := tunnelrouting["IPv4Sources"]; ok {
-			delete(tunnelrouting, "IPv4Sources")
-			tunnelrouting["IPv4LocalSubnets"] = c
+	if old, ok := dat["SigningPrivateKey"]; ok {
+		log.Warnln("WARNING: The \"SigningPrivateKey\" configuration option has been renamed to \"PrivateKey\"")
+		if _, ok := dat["PrivateKey"]; !ok {
+			if privstr, err := hex.DecodeString(old.(string)); err == nil {
+				priv := ed25519.PrivateKey(privstr)
+				pub := priv.Public().(ed25519.PublicKey)
+				dat["PrivateKey"] = hex.EncodeToString(priv[:])
+				dat["PublicKey"] = hex.EncodeToString(pub[:])
+			} else {
+				log.Warnln("WARNING: The \"SigningPrivateKey\" configuration option contains an invalid value and will be ignored")
+			}
 		}
-		if c, ok := tunnelrouting["IPv6Sources"]; ok {
-			delete(tunnelrouting, "IPv6Sources")
-			tunnelrouting["IPv6LocalSubnets"] = c
-		}
-		if c, ok := tunnelrouting["IPv4Destinations"]; ok {
-			delete(tunnelrouting, "IPv4Destinations")
-			tunnelrouting["IPv4RemoteSubnets"] = c
-		}
-		if c, ok := tunnelrouting["IPv6Destinations"]; ok {
-			delete(tunnelrouting, "IPv6Destinations")
-			tunnelrouting["IPv6RemoteSubnets"] = c
+	}
+	if oldmc, ok := dat["MulticastInterfaces"]; ok {
+		if oldmcvals, ok := oldmc.([]interface{}); ok {
+			var newmc []config.MulticastInterfaceConfig
+			for _, oldmcval := range oldmcvals {
+				if str, ok := oldmcval.(string); ok {
+					newmc = append(newmc, config.MulticastInterfaceConfig{
+						Regex:  str,
+						Beacon: true,
+						Listen: true,
+					})
+				}
+			}
+			if newmc != nil {
+				if oldport, ok := dat["LinkLocalTCPPort"]; ok {
+					// numbers parse to float64 by default
+					if port, ok := oldport.(float64); ok {
+						for idx := range newmc {
+							newmc[idx].Port = uint16(port)
+						}
+					}
+				}
+				dat["MulticastInterfaces"] = newmc
+			}
 		}
 	}
 	// Sanitise the config
@@ -106,7 +128,9 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config
 	if err != nil {
 		panic(err)
 	}
-	json.Unmarshal(confJson, &cfg)
+	if err := json.Unmarshal(confJson, &cfg); err != nil {
+		panic(err)
+	}
 	// Overlay our newly mapped configuration onto the autoconf node config that
 	// we generated above.
 	if err = mapstructure.Decode(dat, &cfg); err != nil {
@@ -118,7 +142,7 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config
 // Generates a new configuration and returns it in HJSON format. This is used
 // with -genconf.
 func doGenconf(isjson bool) string {
-	cfg := config.GenerateConfig()
+	cfg := defaults.GenerateConfig()
 	var bs []byte
 	var err error
 	if isjson {
@@ -158,9 +182,21 @@ func setLogLevel(loglevel string, logger *log.Logger) {
 	}
 }
 
-// The main function is responsible for configuring and starting Yggdrasil.
-func main() {
-	// Configure the command line parameters.
+type yggArgs struct {
+	genconf       bool
+	useconf       bool
+	normaliseconf bool
+	confjson      bool
+	autoconf      bool
+	ver           bool
+	getaddr       bool
+	getsnet       bool
+	useconffile   string
+	logto         string
+	loglevel      string
+}
+
+func getArgs() yggArgs {
 	genconf := flag.Bool("genconf", false, "print a new config to stdout")
 	useconf := flag.Bool("useconf", false, "read HJSON/JSON config from stdin")
 	useconffile := flag.String("useconffile", "", "read HJSON/JSON config from specified file path")
@@ -173,28 +209,70 @@ func main() {
 	getsnet := flag.Bool("subnet", false, "returns the IPv6 subnet as derived from the supplied configuration")
 	loglevel := flag.String("loglevel", "info", "loglevel to enable")
 	flag.Parse()
+	return yggArgs{
+		genconf:       *genconf,
+		useconf:       *useconf,
+		useconffile:   *useconffile,
+		normaliseconf: *normaliseconf,
+		confjson:      *confjson,
+		autoconf:      *autoconf,
+		ver:           *ver,
+		logto:         *logto,
+		getaddr:       *getaddr,
+		getsnet:       *getsnet,
+		loglevel:      *loglevel,
+	}
+}
+
+// The main function is responsible for configuring and starting Yggdrasil.
+func run(args yggArgs, ctx context.Context, done chan struct{}) {
+	defer close(done)
+	// Create a new logger that logs output to stdout.
+	var logger *log.Logger
+	switch args.logto {
+	case "stdout":
+		logger = log.New(os.Stdout, "", log.Flags())
+	case "syslog":
+		if syslogger, err := gsyslog.NewLogger(gsyslog.LOG_NOTICE, "DAEMON", version.BuildName()); err == nil {
+			logger = log.New(syslogger, "", log.Flags())
+		}
+	default:
+		if logfd, err := os.OpenFile(args.logto, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644); err == nil {
+			logger = log.New(logfd, "", log.Flags())
+		}
+	}
+	if logger == nil {
+		logger = log.New(os.Stdout, "", log.Flags())
+		logger.Warnln("Logging defaulting to stdout")
+	}
+
+	if args.normaliseconf {
+		setLogLevel("error", logger)
+	} else {
+		setLogLevel(args.loglevel, logger)
+	}
 
 	var cfg *config.NodeConfig
 	var err error
 	switch {
-	case *ver:
+	case args.ver:
 		fmt.Println("Build name:", version.BuildName())
 		fmt.Println("Build version:", version.BuildVersion())
 		return
-	case *autoconf:
+	case args.autoconf:
 		// Use an autoconf-generated config, this will give us random keys and
 		// port numbers, and will use an automatically selected TUN/TAP interface.
-		cfg = config.GenerateConfig()
-	case *useconffile != "" || *useconf:
+		cfg = defaults.GenerateConfig()
+	case args.useconffile != "" || args.useconf:
 		// Read the configuration from either stdin or from the filesystem
-		cfg = readConfig(useconf, useconffile, normaliseconf)
+		cfg = readConfig(logger, args.useconf, args.useconffile, args.normaliseconf)
 		// If the -normaliseconf option was specified then remarshal the above
 		// configuration and print it back to stdout. This lets the user update
 		// their configuration file with newly mapped names (like above) or to
 		// convert from plain JSON to commented HJSON.
-		if *normaliseconf {
+		if args.normaliseconf {
 			var bs []byte
-			if *confjson {
+			if args.confjson {
 				bs, err = json.MarshalIndent(cfg, "", "  ")
 			} else {
 				bs, err = hjson.Marshal(cfg)
@@ -205,9 +283,10 @@ func main() {
 			fmt.Println(string(bs))
 			return
 		}
-	case *genconf:
+	case args.genconf:
 		// Generate a new configuration and print it to stdout.
-		fmt.Println(doGenconf(*confjson))
+		fmt.Println(doGenconf(args.confjson))
+		return
 	default:
 		// No flags were provided, therefore print the list of flags to stdout.
 		flag.PrintDefaults()
@@ -219,25 +298,23 @@ func main() {
 		return
 	}
 	// Have we been asked for the node address yet? If so, print it and then stop.
-	getNodeID := func() *crypto.NodeID {
-		if pubkey, err := hex.DecodeString(cfg.EncryptionPublicKey); err == nil {
-			var box crypto.BoxPubKey
-			copy(box[:], pubkey)
-			return crypto.GetNodeID(&box)
+	getNodeKey := func() ed25519.PublicKey {
+		if pubkey, err := hex.DecodeString(cfg.PrivateKey); err == nil {
+			return ed25519.PrivateKey(pubkey).Public().(ed25519.PublicKey)
 		}
 		return nil
 	}
 	switch {
-	case *getaddr:
-		if nodeid := getNodeID(); nodeid != nil {
-			addr := *address.AddrForNodeID(nodeid)
+	case args.getaddr:
+		if key := getNodeKey(); key != nil {
+			addr := address.AddrForKey(key)
 			ip := net.IP(addr[:])
 			fmt.Println(ip.String())
 		}
 		return
-	case *getsnet:
-		if nodeid := getNodeID(); nodeid != nil {
-			snet := *address.SubnetForNodeID(nodeid)
+	case args.getsnet:
+		if key := getNodeKey(); key != nil {
+			snet := address.SubnetForKey(key)
 			ipnet := net.IPNet{
 				IP:   append(snet[:], 0, 0, 0, 0, 0, 0, 0, 0),
 				Mask: net.CIDRMask(len(snet)*8, 128),
@@ -247,170 +324,85 @@ func main() {
 		return
 	default:
 	}
-	// Create a new logger that logs output to stdout.
-	var logger *log.Logger
-	switch *logto {
-	case "stdout":
-		logger = log.New(os.Stdout, "", log.Flags())
-	case "syslog":
-		if syslogger, err := gsyslog.NewLogger(gsyslog.LOG_NOTICE, "DAEMON", version.BuildName()); err == nil {
-			logger = log.New(syslogger, "", log.Flags())
-		}
-	default:
-		if logfd, err := os.OpenFile(*logto, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644); err == nil {
-			logger = log.New(logfd, "", log.Flags())
-		}
-	}
-	if logger == nil {
-		logger = log.New(os.Stdout, "", log.Flags())
-		logger.Warnln("Logging defaulting to stdout")
-	}
-
-	setLogLevel(*loglevel, logger)
 
 	// Setup the Yggdrasil node itself. The node{} type includes a Core, so we
 	// don't need to create this manually.
-	n := node{}
+	n := node{config: cfg}
 	// Now start Yggdrasil - this starts the DHT, router, switch and other core
 	// components needed for Yggdrasil to operate
-	n.state, err = n.core.Start(cfg, logger)
-	if err != nil {
+	if err = n.core.Start(cfg, logger); err != nil {
 		logger.Errorln("An error occurred during startup")
 		panic(err)
 	}
 	// Register the session firewall gatekeeper function
-	n.core.SetSessionGatekeeper(n.sessionFirewall)
 	// Allocate our modules
 	n.admin = &admin.AdminSocket{}
 	n.multicast = &multicast.Multicast{}
 	n.tuntap = &tuntap.TunAdapter{}
 	// Start the admin socket
-	n.admin.Init(&n.core, n.state, logger, nil)
-	if err := n.admin.Start(); err != nil {
+	if err := n.admin.Init(&n.core, cfg, logger, nil); err != nil {
+		logger.Errorln("An error occurred initialising admin socket:", err)
+	} else if err := n.admin.Start(); err != nil {
 		logger.Errorln("An error occurred starting admin socket:", err)
 	}
-	n.admin.SetupAdminHandlers(n.admin.(*admin.AdminSocket))
+	n.admin.SetupAdminHandlers(n.admin)
 	// Start the multicast interface
-	n.multicast.Init(&n.core, n.state, logger, nil)
-	if err := n.multicast.Start(); err != nil {
+	if err := n.multicast.Init(&n.core, cfg, logger, nil); err != nil {
+		logger.Errorln("An error occurred initialising multicast:", err)
+	} else if err := n.multicast.Start(); err != nil {
 		logger.Errorln("An error occurred starting multicast:", err)
 	}
-	n.multicast.SetupAdminHandlers(n.admin.(*admin.AdminSocket))
+	n.multicast.SetupAdminHandlers(n.admin)
 	// Start the TUN/TAP interface
-	if listener, err := n.core.ConnListen(); err == nil {
-		if dialer, err := n.core.ConnDialer(); err == nil {
-			n.tuntap.Init(&n.core, n.state, logger, tuntap.TunOptions{Listener: listener, Dialer: dialer})
-			if err := n.tuntap.Start(); err != nil {
-				logger.Errorln("An error occurred starting TUN/TAP:", err)
-			}
-			n.tuntap.SetupAdminHandlers(n.admin.(*admin.AdminSocket))
-		} else {
-			logger.Errorln("Unable to get Dialer:", err)
-		}
-	} else {
-		logger.Errorln("Unable to get Listener:", err)
+	rwc := ipv6rwc.NewReadWriteCloser(&n.core)
+	if err := n.tuntap.Init(rwc, cfg, logger, nil); err != nil {
+		logger.Errorln("An error occurred initialising TUN/TAP:", err)
+	} else if err := n.tuntap.Start(); err != nil {
+		logger.Errorln("An error occurred starting TUN/TAP:", err)
 	}
+	n.tuntap.SetupAdminHandlers(n.admin)
 	// Make some nice output that tells us what our IPv6 address and subnet are.
 	// This is just logged to stdout for the user.
 	address := n.core.Address()
 	subnet := n.core.Subnet()
+	public := n.core.GetSelf().Key
+	logger.Infof("Your public key is %s", hex.EncodeToString(public[:]))
 	logger.Infof("Your IPv6 address is %s", address.String())
 	logger.Infof("Your IPv6 subnet is %s", subnet.String())
 	// Catch interrupts from the operating system to exit gracefully.
-	c := make(chan os.Signal, 1)
-	r := make(chan os.Signal, 1)
-	signal.Notify(c, os.Interrupt, syscall.SIGTERM)
-	signal.Notify(r, os.Interrupt, syscall.SIGHUP)
+	<-ctx.Done()
 	// Capture the service being stopped on Windows.
 	minwinsvc.SetOnExit(n.shutdown)
-	defer n.shutdown()
-	// Wait for the terminate/interrupt signal. Once a signal is received, the
-	// deferred Stop function above will run which will shut down TUN/TAP.
-	for {
-		select {
-		case <-c:
-			goto exit
-		case <-r:
-			if *useconffile != "" {
-				cfg = readConfig(useconf, useconffile, normaliseconf)
-				logger.Infoln("Reloading configuration from", *useconffile)
-				n.core.UpdateConfig(cfg)
-				n.tuntap.UpdateConfig(cfg)
-				n.multicast.UpdateConfig(cfg)
-			} else {
-				logger.Errorln("Reloading config at runtime is only possible with -useconffile")
-			}
-		}
-	}
-exit:
+	n.shutdown()
 }
 
 func (n *node) shutdown() {
-	n.admin.Stop()
-	n.multicast.Stop()
-	n.tuntap.Stop()
+	_ = n.admin.Stop()
+	_ = n.multicast.Stop()
+	_ = n.tuntap.Stop()
 	n.core.Stop()
 }
 
-func (n *node) sessionFirewall(pubkey *crypto.BoxPubKey, initiator bool) bool {
-	n.state.Mutex.RLock()
-	defer n.state.Mutex.RUnlock()
-
-	// Allow by default if the session firewall is disabled
-	if !n.state.Current.SessionFirewall.Enable {
-		return true
-	}
-
-	// Prepare for checking whitelist/blacklist
-	var box crypto.BoxPubKey
-	// Reject blacklisted nodes
-	for _, b := range n.state.Current.SessionFirewall.BlacklistEncryptionPublicKeys {
-		key, err := hex.DecodeString(b)
-		if err == nil {
-			copy(box[:crypto.BoxPubKeyLen], key)
-			if box == *pubkey {
-				return false
-			}
+func main() {
+	args := getArgs()
+	hup := make(chan os.Signal, 1)
+	//signal.Notify(hup, os.Interrupt, syscall.SIGHUP)
+	term := make(chan os.Signal, 1)
+	signal.Notify(term, os.Interrupt, syscall.SIGTERM)
+	for {
+		done := make(chan struct{})
+		ctx, cancel := context.WithCancel(context.Background())
+		go run(args, ctx, done)
+		select {
+		case <-hup:
+			cancel()
+			<-done
+		case <-term:
+			cancel()
+			<-done
+			return
+		case <-done:
+			return
 		}
 	}
-
-	// Allow whitelisted nodes
-	for _, b := range n.state.Current.SessionFirewall.WhitelistEncryptionPublicKeys {
-		key, err := hex.DecodeString(b)
-		if err == nil {
-			copy(box[:crypto.BoxPubKeyLen], key)
-			if box == *pubkey {
-				return true
-			}
-		}
-	}
-
-	// Allow outbound sessions if appropriate
-	if n.state.Current.SessionFirewall.AlwaysAllowOutbound {
-		if initiator {
-			return true
-		}
-	}
-
-	// Look and see if the pubkey is that of a direct peer
-	var isDirectPeer bool
-	for _, peer := range n.core.GetPeers() {
-		if peer.PublicKey == *pubkey {
-			isDirectPeer = true
-			break
-		}
-	}
-
-	// Allow direct peers if appropriate
-	if n.state.Current.SessionFirewall.AllowFromDirect && isDirectPeer {
-		return true
-	}
-
-	// Allow remote nodes if appropriate
-	if n.state.Current.SessionFirewall.AllowFromRemote && !isDirectPeer {
-		return true
-	}
-
-	// Finally, default-deny if not matching any of the above rules
-	return false
 }

cmd/yggdrasilctl/cmd_line_env.go

@@ -0,0 +1,94 @@
+package main
+
+import (
+	"bytes"
+	"flag"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"os"
+
+	"github.com/hjson/hjson-go"
+	"golang.org/x/text/encoding/unicode"
+
+	"github.com/yggdrasil-network/yggdrasil-go/src/defaults"
+)
+
+type CmdLineEnv struct {
+	args                 []string
+	endpoint, server     string
+	injson, verbose, ver bool
+}
+
+func newCmdLineEnv() CmdLineEnv {
+	var cmdLineEnv CmdLineEnv
+	cmdLineEnv.endpoint = defaults.GetDefaults().DefaultAdminListen
+	return cmdLineEnv
+}
+
+func (cmdLineEnv *CmdLineEnv) parseFlagsAndArgs() {
+	flag.Usage = func() {
+		fmt.Fprintf(flag.CommandLine.Output(), "Usage: %s [options] command [key=value] [key=value] ...\n\n", os.Args[0])
+		fmt.Println("Options:")
+		flag.PrintDefaults()
+		fmt.Println()
+		fmt.Println("Please note that options must always specified BEFORE the command\non the command line or they will be ignored.")
+		fmt.Println()
+		fmt.Println("Commands:\n  - Use \"list\" for a list of available commands")
+		fmt.Println()
+		fmt.Println("Examples:")
+		fmt.Println("  - ", os.Args[0], "list")
+		fmt.Println("  - ", os.Args[0], "getPeers")
+		fmt.Println("  - ", os.Args[0], "-v getSelf")
+		fmt.Println("  - ", os.Args[0], "setTunTap name=auto mtu=1500 tap_mode=false")
+		fmt.Println("  - ", os.Args[0], "-endpoint=tcp://localhost:9001 getDHT")
+		fmt.Println("  - ", os.Args[0], "-endpoint=unix:///var/run/ygg.sock getDHT")
+	}
+
+	server := flag.String("endpoint", cmdLineEnv.endpoint, "Admin socket endpoint")
+	injson := flag.Bool("json", false, "Output in JSON format (as opposed to pretty-print)")
+	verbose := flag.Bool("v", false, "Verbose output (includes public keys)")
+	ver := flag.Bool("version", false, "Prints the version of this build")
+
+	flag.Parse()
+
+	cmdLineEnv.args = flag.Args()
+	cmdLineEnv.server = *server
+	cmdLineEnv.injson = *injson
+	cmdLineEnv.verbose = *verbose
+	cmdLineEnv.ver = *ver
+}
+
+func (cmdLineEnv *CmdLineEnv) setEndpoint(logger *log.Logger) {
+	if cmdLineEnv.server == cmdLineEnv.endpoint {
+		if config, err := ioutil.ReadFile(defaults.GetDefaults().DefaultConfigFile); err == nil {
+			if bytes.Equal(config[0:2], []byte{0xFF, 0xFE}) ||
+				bytes.Equal(config[0:2], []byte{0xFE, 0xFF}) {
+				utf := unicode.UTF16(unicode.BigEndian, unicode.UseBOM)
+				decoder := utf.NewDecoder()
+				config, err = decoder.Bytes(config)
+				if err != nil {
+					panic(err)
+				}
+			}
+			var dat map[string]interface{}
+			if err := hjson.Unmarshal(config, &dat); err != nil {
+				panic(err)
+			}
+			if ep, ok := dat["AdminListen"].(string); ok && (ep != "none" && ep != "") {
+				cmdLineEnv.endpoint = ep
+				logger.Println("Found platform default config file", defaults.GetDefaults().DefaultConfigFile)
+				logger.Println("Using endpoint", cmdLineEnv.endpoint, "from AdminListen")
+			} else {
+				logger.Println("Configuration file doesn't contain appropriate AdminListen option")
+				logger.Println("Falling back to platform default", defaults.GetDefaults().DefaultAdminListen)
+			}
+		} else {
+			logger.Println("Can't open config file from default location", defaults.GetDefaults().DefaultConfigFile)
+			logger.Println("Falling back to platform default", defaults.GetDefaults().DefaultAdminListen)
+		}
+	} else {
+		cmdLineEnv.endpoint = cmdLineEnv.server
+		logger.Println("Using endpoint", cmdLineEnv.endpoint, "from command line")
+	}
+}

cmd/yggdrasilctl/main.go

@@ -6,7 +6,6 @@ import (
 	"errors"
 	"flag"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"net"
 	"net/url"
@@ -15,10 +14,6 @@ import (
 	"strconv"
 	"strings"
 
-	"golang.org/x/text/encoding/unicode"
-
-	"github.com/hjson/hjson-go"
-	"github.com/yggdrasil-network/yggdrasil-go/src/defaults"
 	"github.com/yggdrasil-network/yggdrasil-go/src/version"
 )
 
@@ -32,6 +27,7 @@ func main() {
 func run() int {
 	logbuffer := &bytes.Buffer{}
 	logger := log.New(logbuffer, "", log.Flags())
+
 	defer func() int {
 		if r := recover(); r != nil {
 			logger.Println("Fatal error:", r)
@@ -41,94 +37,24 @@ func run() int {
 		return 0
 	}()
 
-	endpoint := defaults.GetDefaults().DefaultAdminListen
+	cmdLineEnv := newCmdLineEnv()
+	cmdLineEnv.parseFlagsAndArgs()
 
-	flag.Usage = func() {
-		fmt.Fprintf(flag.CommandLine.Output(), "Usage: %s [options] command [key=value] [key=value] ...\n\n", os.Args[0])
-		fmt.Println("Options:")
-		flag.PrintDefaults()
-		fmt.Println("\nPlease note that options must always specified BEFORE the command\non the command line or they will be ignored.\n")
-		fmt.Println("Commands:\n  - Use \"list\" for a list of available commands\n")
-		fmt.Println("Examples:")
-		fmt.Println("  - ", os.Args[0], "list")
-		fmt.Println("  - ", os.Args[0], "getPeers")
-		fmt.Println("  - ", os.Args[0], "-v getSelf")
-		fmt.Println("  - ", os.Args[0], "setTunTap name=auto mtu=1500 tap_mode=false")
-		fmt.Println("  - ", os.Args[0], "-endpoint=tcp://localhost:9001 getDHT")
-		fmt.Println("  - ", os.Args[0], "-endpoint=unix:///var/run/ygg.sock getDHT")
-	}
-	server := flag.String("endpoint", endpoint, "Admin socket endpoint")
-	injson := flag.Bool("json", false, "Output in JSON format (as opposed to pretty-print)")
-	verbose := flag.Bool("v", false, "Verbose output (includes public keys)")
-	ver := flag.Bool("version", false, "Prints the version of this build")
-	flag.Parse()
-	args := flag.Args()
-
-	if *ver {
+	if cmdLineEnv.ver {
 		fmt.Println("Build name:", version.BuildName())
 		fmt.Println("Build version:", version.BuildVersion())
 		fmt.Println("To get the version number of the running Yggdrasil node, run", os.Args[0], "getSelf")
 		return 0
 	}
 
-	if len(args) == 0 {
+	if len(cmdLineEnv.args) == 0 {
 		flag.Usage()
 		return 0
 	}
 
-	if *server == endpoint {
-		if config, err := ioutil.ReadFile(defaults.GetDefaults().DefaultConfigFile); err == nil {
-			if bytes.Equal(config[0:2], []byte{0xFF, 0xFE}) ||
-				bytes.Equal(config[0:2], []byte{0xFE, 0xFF}) {
-				utf := unicode.UTF16(unicode.BigEndian, unicode.UseBOM)
-				decoder := utf.NewDecoder()
-				config, err = decoder.Bytes(config)
-				if err != nil {
-					panic(err)
-				}
-			}
-			var dat map[string]interface{}
-			if err := hjson.Unmarshal(config, &dat); err != nil {
-				panic(err)
-			}
-			if ep, ok := dat["AdminListen"].(string); ok && (ep != "none" && ep != "") {
-				endpoint = ep
-				logger.Println("Found platform default config file", defaults.GetDefaults().DefaultConfigFile)
-				logger.Println("Using endpoint", endpoint, "from AdminListen")
-			} else {
-				logger.Println("Configuration file doesn't contain appropriate AdminListen option")
-				logger.Println("Falling back to platform default", defaults.GetDefaults().DefaultAdminListen)
-			}
-		} else {
-			logger.Println("Can't open config file from default location", defaults.GetDefaults().DefaultConfigFile)
-			logger.Println("Falling back to platform default", defaults.GetDefaults().DefaultAdminListen)
-		}
-	} else {
-		endpoint = *server
-		logger.Println("Using endpoint", endpoint, "from command line")
-	}
+	cmdLineEnv.setEndpoint(logger)
 
-	var conn net.Conn
-	u, err := url.Parse(endpoint)
-	if err == nil {
-		switch strings.ToLower(u.Scheme) {
-		case "unix":
-			logger.Println("Connecting to UNIX socket", endpoint[7:])
-			conn, err = net.Dial("unix", endpoint[7:])
-		case "tcp":
-			logger.Println("Connecting to TCP socket", u.Host)
-			conn, err = net.Dial("tcp", u.Host)
-		default:
-			logger.Println("Unknown protocol or malformed address - check your endpoint")
-			err = errors.New("protocol not supported")
-		}
-	} else {
-		logger.Println("Connecting to TCP socket", u.Host)
-		conn, err = net.Dial("tcp", endpoint)
-	}
-	if err != nil {
-		panic(err)
-	}
+	conn := connect(cmdLineEnv.endpoint, logger)
 	logger.Println("Connected")
 	defer conn.Close()
 
@@ -137,7 +63,7 @@ func run() int {
 	send := make(admin_info)
 	recv := make(admin_info)
 
-	for c, a := range args {
+	for c, a := range cmdLineEnv.args {
 		if c == 0 {
 			if strings.HasPrefix(a, "-") {
 				logger.Printf("Ignoring flag %s as it should be specified before other parameters\n", a)
@@ -173,7 +99,9 @@ func run() int {
 	if err := encoder.Encode(&send); err != nil {
 		panic(err)
 	}
+
 	logger.Printf("Request sent")
+
 	if err := decoder.Decode(&recv); err == nil {
 		logger.Printf("Response received")
 		if recv["status"] == "error" {
@@ -192,249 +120,16 @@ func run() int {
 			fmt.Println("Missing response body (malformed response?)")
 			return 1
 		}
-		req := recv["request"].(map[string]interface{})
 		res := recv["response"].(map[string]interface{})
 
-		if *injson {
+		if cmdLineEnv.injson {
 			if json, err := json.MarshalIndent(res, "", "  "); err == nil {
 				fmt.Println(string(json))
 			}
 			return 0
 		}
 
-		switch strings.ToLower(req["request"].(string)) {
-		case "dot":
-			fmt.Println(res["dot"])
-		case "list", "getpeers", "getswitchpeers", "getdht", "getsessions", "dhtping":
-			maxWidths := make(map[string]int)
-			var keyOrder []string
-			keysOrdered := false
-
-			for _, tlv := range res {
-				for slk, slv := range tlv.(map[string]interface{}) {
-					if !keysOrdered {
-						for k := range slv.(map[string]interface{}) {
-							if !*verbose {
-								if k == "box_pub_key" || k == "box_sig_key" || k == "nodeinfo" || k == "was_mtu_fixed" {
-									continue
-								}
-							}
-							keyOrder = append(keyOrder, fmt.Sprint(k))
-						}
-						sort.Strings(keyOrder)
-						keysOrdered = true
-					}
-					for k, v := range slv.(map[string]interface{}) {
-						if len(fmt.Sprint(slk)) > maxWidths["key"] {
-							maxWidths["key"] = len(fmt.Sprint(slk))
-						}
-						if len(fmt.Sprint(v)) > maxWidths[k] {
-							maxWidths[k] = len(fmt.Sprint(v))
-							if maxWidths[k] < len(k) {
-								maxWidths[k] = len(k)
-							}
-						}
-					}
-				}
-
-				if len(keyOrder) > 0 {
-					fmt.Printf("%-"+fmt.Sprint(maxWidths["key"])+"s  ", "")
-					for _, v := range keyOrder {
-						fmt.Printf("%-"+fmt.Sprint(maxWidths[v])+"s  ", v)
-					}
-					fmt.Println()
-				}
-
-				for slk, slv := range tlv.(map[string]interface{}) {
-					fmt.Printf("%-"+fmt.Sprint(maxWidths["key"])+"s  ", slk)
-					for _, k := range keyOrder {
-						preformatted := slv.(map[string]interface{})[k]
-						var formatted string
-						switch k {
-						case "bytes_sent", "bytes_recvd":
-							formatted = fmt.Sprintf("%d", uint(preformatted.(float64)))
-						case "uptime", "last_seen":
-							seconds := uint(preformatted.(float64)) % 60
-							minutes := uint(preformatted.(float64)/60) % 60
-							hours := uint(preformatted.(float64) / 60 / 60)
-							formatted = fmt.Sprintf("%02d:%02d:%02d", hours, minutes, seconds)
-						default:
-							formatted = fmt.Sprint(preformatted)
-						}
-						fmt.Printf("%-"+fmt.Sprint(maxWidths[k])+"s  ", formatted)
-					}
-					fmt.Println()
-				}
-			}
-		case "gettuntap", "settuntap":
-			for k, v := range res {
-				fmt.Println("Interface name:", k)
-				if mtu, ok := v.(map[string]interface{})["mtu"].(float64); ok {
-					fmt.Println("Interface MTU:", mtu)
-				}
-				if tap_mode, ok := v.(map[string]interface{})["tap_mode"].(bool); ok {
-					fmt.Println("TAP mode:", tap_mode)
-				}
-			}
-		case "getself":
-			for k, v := range res["self"].(map[string]interface{}) {
-				if buildname, ok := v.(map[string]interface{})["build_name"].(string); ok && buildname != "unknown" {
-					fmt.Println("Build name:", buildname)
-				}
-				if buildversion, ok := v.(map[string]interface{})["build_version"].(string); ok && buildversion != "unknown" {
-					fmt.Println("Build version:", buildversion)
-				}
-				fmt.Println("IPv6 address:", k)
-				if subnet, ok := v.(map[string]interface{})["subnet"].(string); ok {
-					fmt.Println("IPv6 subnet:", subnet)
-				}
-				if coords, ok := v.(map[string]interface{})["coords"].(string); ok {
-					fmt.Println("Coords:", coords)
-				}
-				if *verbose {
-					if nodeID, ok := v.(map[string]interface{})["node_id"].(string); ok {
-						fmt.Println("Node ID:", nodeID)
-					}
-					if boxPubKey, ok := v.(map[string]interface{})["box_pub_key"].(string); ok {
-						fmt.Println("Public encryption key:", boxPubKey)
-					}
-					if boxSigKey, ok := v.(map[string]interface{})["box_sig_key"].(string); ok {
-						fmt.Println("Public signing key:", boxSigKey)
-					}
-				}
-			}
-		case "getswitchqueues":
-			maximumqueuesize := float64(4194304)
-			portqueues := make(map[float64]float64)
-			portqueuesize := make(map[float64]float64)
-			portqueuepackets := make(map[float64]float64)
-			v := res["switchqueues"].(map[string]interface{})
-			if queuecount, ok := v["queues_count"].(float64); ok {
-				fmt.Printf("Active queue count: %d queues\n", uint(queuecount))
-			}
-			if queuesize, ok := v["queues_size"].(float64); ok {
-				fmt.Printf("Active queue size: %d bytes\n", uint(queuesize))
-			}
-			if highestqueuecount, ok := v["highest_queues_count"].(float64); ok {
-				fmt.Printf("Highest queue count: %d queues\n", uint(highestqueuecount))
-			}
-			if highestqueuesize, ok := v["highest_queues_size"].(float64); ok {
-				fmt.Printf("Highest queue size: %d bytes\n", uint(highestqueuesize))
-			}
-			if m, ok := v["maximum_queues_size"].(float64); ok {
-				maximumqueuesize = m
-				fmt.Printf("Maximum queue size: %d bytes\n", uint(maximumqueuesize))
-			}
-			if queues, ok := v["queues"].([]interface{}); ok {
-				if len(queues) != 0 {
-					fmt.Println("Active queues:")
-					for _, v := range queues {
-						queueport := v.(map[string]interface{})["queue_port"].(float64)
-						queuesize := v.(map[string]interface{})["queue_size"].(float64)
-						queuepackets := v.(map[string]interface{})["queue_packets"].(float64)
-						queueid := v.(map[string]interface{})["queue_id"].(string)
-						portqueues[queueport]++
-						portqueuesize[queueport] += queuesize
-						portqueuepackets[queueport] += queuepackets
-						queuesizepercent := (100 / maximumqueuesize) * queuesize
-						fmt.Printf("- Switch port %d, Stream ID: %v, size: %d bytes (%d%% full), %d packets\n",
-							uint(queueport), []byte(queueid), uint(queuesize),
-							uint(queuesizepercent), uint(queuepackets))
-					}
-				}
-			}
-			if len(portqueuesize) > 0 && len(portqueuepackets) > 0 {
-				fmt.Println("Aggregated statistics by switchport:")
-				for k, v := range portqueuesize {
-					queuesizepercent := (100 / (portqueues[k] * maximumqueuesize)) * v
-					fmt.Printf("- Switch port %d, size: %d bytes (%d%% full), %d packets\n",
-						uint(k), uint(v), uint(queuesizepercent), uint(portqueuepackets[k]))
-				}
-			}
-		case "addpeer", "removepeer", "addallowedencryptionpublickey", "removeallowedencryptionpublickey", "addsourcesubnet", "addroute", "removesourcesubnet", "removeroute":
-			if _, ok := res["added"]; ok {
-				for _, v := range res["added"].([]interface{}) {
-					fmt.Println("Added:", fmt.Sprint(v))
-				}
-			}
-			if _, ok := res["not_added"]; ok {
-				for _, v := range res["not_added"].([]interface{}) {
-					fmt.Println("Not added:", fmt.Sprint(v))
-				}
-			}
-			if _, ok := res["removed"]; ok {
-				for _, v := range res["removed"].([]interface{}) {
-					fmt.Println("Removed:", fmt.Sprint(v))
-				}
-			}
-			if _, ok := res["not_removed"]; ok {
-				for _, v := range res["not_removed"].([]interface{}) {
-					fmt.Println("Not removed:", fmt.Sprint(v))
-				}
-			}
-		case "getallowedencryptionpublickeys":
-			if _, ok := res["allowed_box_pubs"]; !ok {
-				fmt.Println("All connections are allowed")
-			} else if res["allowed_box_pubs"] == nil {
-				fmt.Println("All connections are allowed")
-			} else {
-				fmt.Println("Connections are allowed only from the following public box keys:")
-				for _, v := range res["allowed_box_pubs"].([]interface{}) {
-					fmt.Println("-", v)
-				}
-			}
-		case "getmulticastinterfaces":
-			if _, ok := res["multicast_interfaces"]; !ok {
-				fmt.Println("No multicast interfaces found")
-			} else if res["multicast_interfaces"] == nil {
-				fmt.Println("No multicast interfaces found")
-			} else {
-				fmt.Println("Multicast peer discovery is active on:")
-				for _, v := range res["multicast_interfaces"].([]interface{}) {
-					fmt.Println("-", v)
-				}
-			}
-		case "getsourcesubnets":
-			if _, ok := res["source_subnets"]; !ok {
-				fmt.Println("No source subnets found")
-			} else if res["source_subnets"] == nil {
-				fmt.Println("No source subnets found")
-			} else {
-				fmt.Println("Source subnets:")
-				for _, v := range res["source_subnets"].([]interface{}) {
-					fmt.Println("-", v)
-				}
-			}
-		case "getroutes":
-			if routes, ok := res["routes"].(map[string]interface{}); !ok {
-				fmt.Println("No routes found")
-			} else {
-				if res["routes"] == nil || len(routes) == 0 {
-					fmt.Println("No routes found")
-				} else {
-					fmt.Println("Routes:")
-					for k, v := range routes {
-						if pv, ok := v.(string); ok {
-							fmt.Println("-", k, " via ", pv)
-						}
-					}
-				}
-			}
-		case "settunnelrouting":
-			fallthrough
-		case "gettunnelrouting":
-			if enabled, ok := res["enabled"].(bool); !ok {
-				fmt.Println("Tunnel routing is disabled")
-			} else if !enabled {
-				fmt.Println("Tunnel routing is disabled")
-			} else {
-				fmt.Println("Tunnel routing is enabled")
-			}
-		default:
-			if json, err := json.MarshalIndent(recv["response"], "", "  "); err == nil {
-				fmt.Println(string(json))
-			}
-		}
+		handleAll(recv, cmdLineEnv.verbose)
 	} else {
 		logger.Println("Error receiving response:", err)
 	}
@@ -442,5 +137,321 @@ func run() int {
 	if v, ok := recv["status"]; ok && v != "success" {
 		return 1
 	}
+
 	return 0
 }
+
+func connect(endpoint string, logger *log.Logger) net.Conn {
+	var conn net.Conn
+
+	u, err := url.Parse(endpoint)
+
+	if err == nil {
+		switch strings.ToLower(u.Scheme) {
+		case "unix":
+			logger.Println("Connecting to UNIX socket", endpoint[7:])
+			conn, err = net.Dial("unix", endpoint[7:])
+		case "tcp":
+			logger.Println("Connecting to TCP socket", u.Host)
+			conn, err = net.Dial("tcp", u.Host)
+		default:
+			logger.Println("Unknown protocol or malformed address - check your endpoint")
+			err = errors.New("protocol not supported")
+		}
+	} else {
+		logger.Println("Connecting to TCP socket", u.Host)
+		conn, err = net.Dial("tcp", endpoint)
+	}
+
+	if err != nil {
+		panic(err)
+	}
+
+	return conn
+}
+
+func handleAll(recv map[string]interface{}, verbose bool) {
+	req := recv["request"].(map[string]interface{})
+	res := recv["response"].(map[string]interface{})
+
+	switch strings.ToLower(req["request"].(string)) {
+	case "dot":
+		handleDot(res)
+	case "list", "getpeers", "getswitchpeers", "getdht", "getsessions", "dhtping":
+		handleVariousInfo(res, verbose)
+	case "gettuntap", "settuntap":
+		handleGetAndSetTunTap(res)
+	case "getself":
+		handleGetSelf(res, verbose)
+	case "getswitchqueues":
+		handleGetSwitchQueues(res)
+	case "addpeer", "removepeer", "addallowedencryptionpublickey", "removeallowedencryptionpublickey", "addsourcesubnet", "addroute", "removesourcesubnet", "removeroute":
+		handleAddsAndRemoves(res)
+	case "getallowedencryptionpublickeys":
+		handleGetAllowedEncryptionPublicKeys(res)
+	case "getmulticastinterfaces":
+		handleGetMulticastInterfaces(res)
+	case "getsourcesubnets":
+		handleGetSourceSubnets(res)
+	case "getroutes":
+		handleGetRoutes(res)
+	case "settunnelrouting":
+		fallthrough
+	case "gettunnelrouting":
+		handleGetTunnelRouting(res)
+	default:
+		if json, err := json.MarshalIndent(recv["response"], "", "  "); err == nil {
+			fmt.Println(string(json))
+		}
+	}
+}
+
+func handleDot(res map[string]interface{}) {
+	fmt.Println(res["dot"])
+}
+
+func handleVariousInfo(res map[string]interface{}, verbose bool) {
+	maxWidths := make(map[string]int)
+	var keyOrder []string
+	keysOrdered := false
+
+	for _, tlv := range res {
+		for slk, slv := range tlv.(map[string]interface{}) {
+			if !keysOrdered {
+				for k := range slv.(map[string]interface{}) {
+					if !verbose {
+						if k == "box_pub_key" || k == "box_sig_key" || k == "nodeinfo" || k == "was_mtu_fixed" {
+							continue
+						}
+					}
+					keyOrder = append(keyOrder, fmt.Sprint(k))
+				}
+				sort.Strings(keyOrder)
+				keysOrdered = true
+			}
+			for k, v := range slv.(map[string]interface{}) {
+				if len(fmt.Sprint(slk)) > maxWidths["key"] {
+					maxWidths["key"] = len(fmt.Sprint(slk))
+				}
+				if len(fmt.Sprint(v)) > maxWidths[k] {
+					maxWidths[k] = len(fmt.Sprint(v))
+					if maxWidths[k] < len(k) {
+						maxWidths[k] = len(k)
+					}
+				}
+			}
+		}
+
+		if len(keyOrder) > 0 {
+			fmt.Printf("%-"+fmt.Sprint(maxWidths["key"])+"s  ", "")
+			for _, v := range keyOrder {
+				fmt.Printf("%-"+fmt.Sprint(maxWidths[v])+"s  ", v)
+			}
+			fmt.Println()
+		}
+
+		for slk, slv := range tlv.(map[string]interface{}) {
+			fmt.Printf("%-"+fmt.Sprint(maxWidths["key"])+"s  ", slk)
+			for _, k := range keyOrder {
+				preformatted := slv.(map[string]interface{})[k]
+				var formatted string
+				switch k {
+				case "bytes_sent", "bytes_recvd":
+					formatted = fmt.Sprintf("%d", uint(preformatted.(float64)))
+				case "uptime", "last_seen":
+					seconds := uint(preformatted.(float64)) % 60
+					minutes := uint(preformatted.(float64)/60) % 60
+					hours := uint(preformatted.(float64) / 60 / 60)
+					formatted = fmt.Sprintf("%02d:%02d:%02d", hours, minutes, seconds)
+				default:
+					formatted = fmt.Sprint(preformatted)
+				}
+				fmt.Printf("%-"+fmt.Sprint(maxWidths[k])+"s  ", formatted)
+			}
+			fmt.Println()
+		}
+	}
+}
+
+func handleGetAndSetTunTap(res map[string]interface{}) {
+	for k, v := range res {
+		fmt.Println("Interface name:", k)
+		if mtu, ok := v.(map[string]interface{})["mtu"].(float64); ok {
+			fmt.Println("Interface MTU:", mtu)
+		}
+		if tap_mode, ok := v.(map[string]interface{})["tap_mode"].(bool); ok {
+			fmt.Println("TAP mode:", tap_mode)
+		}
+	}
+}
+
+func handleGetSelf(res map[string]interface{}, verbose bool) {
+	for k, v := range res["self"].(map[string]interface{}) {
+		if buildname, ok := v.(map[string]interface{})["build_name"].(string); ok && buildname != "unknown" {
+			fmt.Println("Build name:", buildname)
+		}
+		if buildversion, ok := v.(map[string]interface{})["build_version"].(string); ok && buildversion != "unknown" {
+			fmt.Println("Build version:", buildversion)
+		}
+		fmt.Println("IPv6 address:", k)
+		if subnet, ok := v.(map[string]interface{})["subnet"].(string); ok {
+			fmt.Println("IPv6 subnet:", subnet)
+		}
+		if boxSigKey, ok := v.(map[string]interface{})["key"].(string); ok {
+			fmt.Println("Public key:", boxSigKey)
+		}
+		if coords, ok := v.(map[string]interface{})["coords"].([]interface{}); ok {
+			fmt.Println("Coords:", coords)
+		}
+		if verbose {
+			if nodeID, ok := v.(map[string]interface{})["node_id"].(string); ok {
+				fmt.Println("Node ID:", nodeID)
+			}
+			if boxPubKey, ok := v.(map[string]interface{})["box_pub_key"].(string); ok {
+				fmt.Println("Public encryption key:", boxPubKey)
+			}
+			if boxSigKey, ok := v.(map[string]interface{})["box_sig_key"].(string); ok {
+				fmt.Println("Public signing key:", boxSigKey)
+			}
+		}
+	}
+}
+
+func handleGetSwitchQueues(res map[string]interface{}) {
+	maximumqueuesize := float64(4194304)
+	portqueues := make(map[float64]float64)
+	portqueuesize := make(map[float64]float64)
+	portqueuepackets := make(map[float64]float64)
+	v := res["switchqueues"].(map[string]interface{})
+	if queuecount, ok := v["queues_count"].(float64); ok {
+		fmt.Printf("Active queue count: %d queues\n", uint(queuecount))
+	}
+	if queuesize, ok := v["queues_size"].(float64); ok {
+		fmt.Printf("Active queue size: %d bytes\n", uint(queuesize))
+	}
+	if highestqueuecount, ok := v["highest_queues_count"].(float64); ok {
+		fmt.Printf("Highest queue count: %d queues\n", uint(highestqueuecount))
+	}
+	if highestqueuesize, ok := v["highest_queues_size"].(float64); ok {
+		fmt.Printf("Highest queue size: %d bytes\n", uint(highestqueuesize))
+	}
+	if m, ok := v["maximum_queues_size"].(float64); ok {
+		maximumqueuesize = m
+		fmt.Printf("Maximum queue size: %d bytes\n", uint(maximumqueuesize))
+	}
+	if queues, ok := v["queues"].([]interface{}); ok {
+		if len(queues) != 0 {
+			fmt.Println("Active queues:")
+			for _, v := range queues {
+				queueport := v.(map[string]interface{})["queue_port"].(float64)
+				queuesize := v.(map[string]interface{})["queue_size"].(float64)
+				queuepackets := v.(map[string]interface{})["queue_packets"].(float64)
+				queueid := v.(map[string]interface{})["queue_id"].(string)
+				portqueues[queueport]++
+				portqueuesize[queueport] += queuesize
+				portqueuepackets[queueport] += queuepackets
+				queuesizepercent := (100 / maximumqueuesize) * queuesize
+				fmt.Printf("- Switch port %d, Stream ID: %v, size: %d bytes (%d%% full), %d packets\n",
+					uint(queueport), []byte(queueid), uint(queuesize),
+					uint(queuesizepercent), uint(queuepackets))
+			}
+		}
+	}
+	if len(portqueuesize) > 0 && len(portqueuepackets) > 0 {
+		fmt.Println("Aggregated statistics by switchport:")
+		for k, v := range portqueuesize {
+			queuesizepercent := (100 / (portqueues[k] * maximumqueuesize)) * v
+			fmt.Printf("- Switch port %d, size: %d bytes (%d%% full), %d packets\n",
+				uint(k), uint(v), uint(queuesizepercent), uint(portqueuepackets[k]))
+		}
+	}
+}
+
+func handleAddsAndRemoves(res map[string]interface{}) {
+	if _, ok := res["added"]; ok {
+		for _, v := range res["added"].([]interface{}) {
+			fmt.Println("Added:", fmt.Sprint(v))
+		}
+	}
+	if _, ok := res["not_added"]; ok {
+		for _, v := range res["not_added"].([]interface{}) {
+			fmt.Println("Not added:", fmt.Sprint(v))
+		}
+	}
+	if _, ok := res["removed"]; ok {
+		for _, v := range res["removed"].([]interface{}) {
+			fmt.Println("Removed:", fmt.Sprint(v))
+		}
+	}
+	if _, ok := res["not_removed"]; ok {
+		for _, v := range res["not_removed"].([]interface{}) {
+			fmt.Println("Not removed:", fmt.Sprint(v))
+		}
+	}
+}
+
+func handleGetAllowedEncryptionPublicKeys(res map[string]interface{}) {
+	if _, ok := res["allowed_box_pubs"]; !ok {
+		fmt.Println("All connections are allowed")
+	} else if res["allowed_box_pubs"] == nil {
+		fmt.Println("All connections are allowed")
+	} else {
+		fmt.Println("Connections are allowed only from the following public box keys:")
+		for _, v := range res["allowed_box_pubs"].([]interface{}) {
+			fmt.Println("-", v)
+		}
+	}
+}
+
+func handleGetMulticastInterfaces(res map[string]interface{}) {
+	if _, ok := res["multicast_interfaces"]; !ok {
+		fmt.Println("No multicast interfaces found")
+	} else if res["multicast_interfaces"] == nil {
+		fmt.Println("No multicast interfaces found")
+	} else {
+		fmt.Println("Multicast peer discovery is active on:")
+		for _, v := range res["multicast_interfaces"].([]interface{}) {
+			fmt.Println("-", v)
+		}
+	}
+}
+
+func handleGetSourceSubnets(res map[string]interface{}) {
+	if _, ok := res["source_subnets"]; !ok {
+		fmt.Println("No source subnets found")
+	} else if res["source_subnets"] == nil {
+		fmt.Println("No source subnets found")
+	} else {
+		fmt.Println("Source subnets:")
+		for _, v := range res["source_subnets"].([]interface{}) {
+			fmt.Println("-", v)
+		}
+	}
+}
+
+func handleGetRoutes(res map[string]interface{}) {
+	if routes, ok := res["routes"].(map[string]interface{}); !ok {
+		fmt.Println("No routes found")
+	} else {
+		if res["routes"] == nil || len(routes) == 0 {
+			fmt.Println("No routes found")
+		} else {
+			fmt.Println("Routes:")
+			for k, v := range routes {
+				if pv, ok := v.(string); ok {
+					fmt.Println("-", k, " via ", pv)
+				}
+			}
+		}
+	}
+}
+
+func handleGetTunnelRouting(res map[string]interface{}) {
+	if enabled, ok := res["enabled"].(bool); !ok {
+		fmt.Println("Tunnel routing is disabled")
+	} else if !enabled {
+		fmt.Println("Tunnel routing is disabled")
+	} else {
+		fmt.Println("Tunnel routing is enabled")
+	}
+}

cmd/yggdrasilsim/dial.go

@@ -1,61 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"sort"
-	"time"
-
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
-)
-
-func doListen(recvNode *simNode) {
-	// TODO be able to stop the listeners somehow so they don't leak across different tests
-	for {
-		c, err := recvNode.listener.Accept()
-		if err != nil {
-			panic(err)
-		}
-		c.Close()
-	}
-}
-
-func dialTest(sendNode, recvNode *simNode) {
-	if sendNode.id == recvNode.id {
-		fmt.Println("Skipping dial to self")
-		return
-	}
-	var mask crypto.NodeID
-	for idx := range mask {
-		mask[idx] = 0xff
-	}
-	for {
-		c, err := sendNode.dialer.DialByNodeIDandMask(nil, &recvNode.nodeID, &mask)
-		if c != nil {
-			c.Close()
-			return
-		}
-		if err != nil {
-			fmt.Println("Dial failed:", err)
-		}
-		time.Sleep(time.Second)
-	}
-}
-
-func dialStore(store nodeStore) {
-	var nodeIdxs []int
-	for idx, n := range store {
-		nodeIdxs = append(nodeIdxs, idx)
-		go doListen(n)
-	}
-	sort.Slice(nodeIdxs, func(i, j int) bool {
-		return nodeIdxs[i] < nodeIdxs[j]
-	})
-	for _, idx := range nodeIdxs {
-		sendNode := store[idx]
-		for _, jdx := range nodeIdxs {
-			recvNode := store[jdx]
-			fmt.Printf("Dialing from node %d to node %d / %d...\n", idx, jdx, len(store))
-			dialTest(sendNode, recvNode)
-		}
-	}
-}

cmd/yggdrasilsim/main.go

@@ -1,6 +0,0 @@
-package main
-
-func main() {
-	store := makeStoreSquareGrid(4)
-	dialStore(store)
-}

cmd/yggdrasilsim/node.go

@@ -1,28 +0,0 @@
-package main
-
-import (
-	"io/ioutil"
-
-	"github.com/gologme/log"
-
-	"github.com/yggdrasil-network/yggdrasil-go/src/config"
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
-	"github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil"
-)
-
-type simNode struct {
-	core     yggdrasil.Core
-	id       int
-	nodeID   crypto.NodeID
-	dialer   *yggdrasil.Dialer
-	listener *yggdrasil.Listener
-}
-
-func newNode(id int) *simNode {
-	n := simNode{id: id}
-	n.core.Start(config.GenerateConfig(), log.New(ioutil.Discard, "", 0))
-	n.nodeID = *n.core.NodeID()
-	n.dialer, _ = n.core.ConnDialer()
-	n.listener, _ = n.core.ConnListen()
-	return &n
-}

cmd/yggdrasilsim/store.go

@@ -1,41 +0,0 @@
-package main
-
-type nodeStore map[int]*simNode
-
-func makeStoreSingle() nodeStore {
-	s := make(nodeStore)
-	s[0] = newNode(0)
-	return s
-}
-
-func linkNodes(a *simNode, b *simNode) {
-	la := a.core.NewSimlink()
-	lb := b.core.NewSimlink()
-	la.SetDestination(lb)
-	lb.SetDestination(la)
-	la.Start()
-	lb.Start()
-}
-
-func makeStoreSquareGrid(sideLength int) nodeStore {
-	store := make(nodeStore)
-	nNodes := sideLength * sideLength
-	idxs := make([]int, 0, nNodes)
-	// TODO shuffle nodeIDs
-	for idx := 1; idx <= nNodes; idx++ {
-		idxs = append(idxs, idx)
-	}
-	for _, idx := range idxs {
-		n := newNode(idx)
-		store[idx] = n
-	}
-	for idx := 0; idx < nNodes; idx++ {
-		if (idx % sideLength) != 0 {
-			linkNodes(store[idxs[idx]], store[idxs[idx-1]])
-		}
-		if idx >= sideLength {
-			linkNodes(store[idxs[idx]], store[idxs[idx-sideLength]])
-		}
-	}
-	return store
-}

contrib/ansible/genkeys.go

@@ -6,6 +6,7 @@ This file generates crypto keys for [ansible-yggdrasil](https://github.com/jcgru
 package main
 
 import (
+	"crypto/ed25519"
 	"encoding/hex"
 	"flag"
 	"fmt"
@@ -14,7 +15,6 @@ import (
 
 	"github.com/cheggaaa/pb/v3"
 	"github.com/yggdrasil-network/yggdrasil-go/src/address"
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
 )
 
 var numHosts = flag.Int("hosts", 1, "number of host vars to generate")
@@ -23,7 +23,6 @@ var keyTries = flag.Int("tries", 1000, "number of tries before taking the best k
 type keySet struct {
 	priv []byte
 	pub  []byte
-	id   []byte
 	ip   string
 }
 
@@ -37,27 +36,15 @@ func main() {
 		return
 	}
 
-	var encryptionKeys []keySet
+	var keys []keySet
 	for i := 0; i < *numHosts+1; i++ {
-		encryptionKeys = append(encryptionKeys, newBoxKey())
+		keys = append(keys, newKey())
 		bar.Increment()
 	}
-	encryptionKeys = sortKeySetArray(encryptionKeys)
+	keys = sortKeySetArray(keys)
 	for i := 0; i < *keyTries-*numHosts-1; i++ {
-		encryptionKeys[0] = newBoxKey()
-		encryptionKeys = bubbleUpTo(encryptionKeys, 0)
-		bar.Increment()
-	}
-
-	var signatureKeys []keySet
-	for i := 0; i < *numHosts+1; i++ {
-		signatureKeys = append(signatureKeys, newSigKey())
-		bar.Increment()
-	}
-	signatureKeys = sortKeySetArray(signatureKeys)
-	for i := 0; i < *keyTries-*numHosts-1; i++ {
-		signatureKeys[0] = newSigKey()
-		signatureKeys = bubbleUpTo(signatureKeys, 0)
+		keys[0] = newKey()
+		keys = bubbleUpTo(keys, 0)
 		bar.Increment()
 	}
 
@@ -70,43 +57,36 @@ func main() {
 			return
 		}
 		defer file.Close()
-		file.WriteString(fmt.Sprintf("yggdrasil_encryption_public_key: %v\n", hex.EncodeToString(encryptionKeys[i].pub)))
-		file.WriteString("yggdrasil_encryption_private_key: \"{{ vault_yggdrasil_encryption_private_key }}\"\n")
-		file.WriteString(fmt.Sprintf("yggdrasil_signing_public_key: %v\n", hex.EncodeToString(signatureKeys[i].pub)))
-		file.WriteString("yggdrasil_signing_private_key: \"{{ vault_yggdrasil_signing_private_key }}\"\n")
-		file.WriteString(fmt.Sprintf("ansible_host: %v\n", encryptionKeys[i].ip))
+		file.WriteString(fmt.Sprintf("yggdrasil_public_key: %v\n", hex.EncodeToString(keys[i].pub)))
+		file.WriteString("yggdrasil_private_key: \"{{ vault_yggdrasil_private_key }}\"\n")
+		file.WriteString(fmt.Sprintf("ansible_host: %v\n", keys[i].ip))
 
 		file, err = os.Create(fmt.Sprintf("host_vars/%x/vault", i))
 		if err != nil {
 			return
 		}
 		defer file.Close()
-		file.WriteString(fmt.Sprintf("vault_yggdrasil_encryption_private_key: %v\n", hex.EncodeToString(encryptionKeys[i].priv)))
-		file.WriteString(fmt.Sprintf("vault_yggdrasil_signing_private_key: %v\n", hex.EncodeToString(signatureKeys[i].priv)))
+		file.WriteString(fmt.Sprintf("vault_yggdrasil_private_key: %v\n", hex.EncodeToString(keys[i].priv)))
 		bar.Increment()
 	}
 	bar.Finish()
 }
 
-func newBoxKey() keySet {
-	pub, priv := crypto.NewBoxKeys()
-	id := crypto.GetNodeID(pub)
-	ip := net.IP(address.AddrForNodeID(id)[:]).String()
-	return keySet{priv[:], pub[:], id[:], ip}
-}
-
-func newSigKey() keySet {
-	pub, priv := crypto.NewSigKeys()
-	id := crypto.GetTreeID(pub)
-	return keySet{priv[:], pub[:], id[:], ""}
+func newKey() keySet {
+	pub, priv, err := ed25519.GenerateKey(nil)
+	if err != nil {
+		panic(err)
+	}
+	ip := net.IP(address.AddrForKey(pub)[:]).String()
+	return keySet{priv[:], pub[:], ip}
 }
 
 func isBetter(oldID, newID []byte) bool {
 	for idx := range oldID {
-		if newID[idx] > oldID[idx] {
+		if newID[idx] < oldID[idx] {
 			return true
 		}
-		if newID[idx] < oldID[idx] {
+		if newID[idx] > oldID[idx] {
 			return false
 		}
 	}
@@ -122,7 +102,7 @@ func sortKeySetArray(sets []keySet) []keySet {
 
 func bubbleUpTo(sets []keySet, num int) []keySet {
 	for i := 0; i < len(sets)-num-1; i++ {
-		if isBetter(sets[i+1].id, sets[i].id) {
+		if isBetter(sets[i+1].pub, sets[i].pub) {
 			var tmp = sets[i]
 			sets[i] = sets[i+1]
 			sets[i+1] = tmp

contrib/docker/Dockerfile

@@ -8,7 +8,6 @@ ENV CGO_ENABLED=0
 RUN apk add git && ./build && go build -o /src/genkeys cmd/genkeys/main.go
 
 FROM docker.io/alpine
-LABEL maintainer="Christer Waren/CWINFO <christer.waren@cwinfo.org>"
 
 COPY --from=builder /src/yggdrasil /usr/bin/yggdrasil
 COPY --from=builder /src/yggdrasilctl /usr/bin/yggdrasilctl

contrib/macos/create-pkg.sh

@@ -15,6 +15,10 @@ command -v mkbom >/dev/null 2>&1 || (
   sudo make install || (echo "Failed to build mkbom"; exit 1)
 )
 
+# Build Yggdrasil
+echo "running GO111MODULE=on GOOS=darwin GOARCH=${PKGARCH-amd64} ./build"
+GO111MODULE=on GOOS=darwin GOARCH=${PKGARCH-amd64} ./build
+
 # Check if we can find the files we need - they should
 # exist if you are running this script from the root of
 # the yggdrasil-go repo and you have ran ./build
@@ -75,6 +79,7 @@ PKGNAME=$(sh contrib/semver/name.sh)
 PKGVERSION=$(sh contrib/semver/version.sh --bare)
 PKGARCH=${PKGARCH-amd64}
 PAYLOADSIZE=$(( $(wc -c pkgbuild/flat/base.pkg/Payload | awk '{ print $1 }') / 1024 ))
+[ "$PKGARCH" = "amd64" ] && PKGHOSTARCH="x86_64" || PKGHOSTARCH=${PKGARCH}
 
 # Create the PackageInfo file
 cat > pkgbuild/flat/base.pkg/PackageInfo << EOF
@@ -94,7 +99,7 @@ cat > pkgbuild/flat/Distribution << EOF
 <?xml version="1.0" encoding="utf-8"?>
 <installer-script minSpecVersion="1.000000" authoringTool="com.apple.PackageMaker" authoringToolVersion="3.0.3" authoringToolBuild="174">
     <title>Yggdrasil (${PKGNAME}-${PKGVERSION})</title>
-    <options customize="never" allow-external-scripts="no"/>
+    <options customize="never" allow-external-scripts="no" hostArchitectures="${PKGHOSTARCH}" />
     <domains enable_anywhere="true"/>
     <installation-check script="pm_install_check();"/>
     <script>

contrib/mobile/build

@@ -0,0 +1,52 @@
+#!/bin/sh
+
+set -ef
+
+[ ! -d contrib/mobile ] && (echo "Must run ./contrib/mobile/build [-i] [-a] from the repository top level folder"; exit 1)
+
+PKGSRC=${PKGSRC:-github.com/yggdrasil-network/yggdrasil-go/src/version}
+PKGNAME=${PKGNAME:-$(sh contrib/semver/name.sh)}
+PKGVER=${PKGVER:-$(sh contrib/semver/version.sh --bare)}
+
+LDFLAGS="-X $PKGSRC.buildName=$PKGNAME -X $PKGSRC.buildVersion=$PKGVER"
+ARGS="-v"
+
+while getopts "aitc:l:d" option
+do
+  case "$option"
+  in
+  i) IOS=true;;
+  a) ANDROID=true;;
+  t) TABLES=true;;
+  c) GCFLAGS="$GCFLAGS $OPTARG";;
+  l) LDFLAGS="$LDFLAGS $OPTARG";;
+  d) ARGS="$ARGS -tags debug" DEBUG=true;;
+  esac
+done
+
+if [ -z $TABLES ] && [ -z $DEBUG ]; then
+  LDFLAGS="$LDFLAGS -s -w"
+fi
+
+if [ ! $IOS ] && [ ! $ANDROID ]; then 
+  echo "Must specify -a (Android), -i (iOS) or both"
+  exit 1
+fi
+
+if [ $IOS ]; then
+  echo "Building framework for iOS"
+  go get golang.org/x/mobile/bind
+  gomobile bind \
+    -target ios -tags mobile -o Yggdrasil.xcframework \
+    -ldflags="$LDFLAGS $STRIP" -gcflags="$GCFLAGS" \
+    ./contrib/mobile ./src/config;
+fi
+
+if [ $ANDROID ]; then
+  echo "Building aar for Android"
+  go get golang.org/x/mobile/bind
+  gomobile bind \
+    -target android -tags mobile -o yggdrasil.aar \
+    -ldflags="$LDFLAGS $STRIP" -gcflags="$GCFLAGS" \
+    ./contrib/mobile ./src/config;
+fi

contrib/mobile/mobile.go

@@ -0,0 +1,178 @@
+package mobile
+
+import (
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"net"
+
+	"github.com/gologme/log"
+
+	"github.com/yggdrasil-network/yggdrasil-go/src/address"
+	"github.com/yggdrasil-network/yggdrasil-go/src/config"
+	"github.com/yggdrasil-network/yggdrasil-go/src/core"
+	"github.com/yggdrasil-network/yggdrasil-go/src/defaults"
+	"github.com/yggdrasil-network/yggdrasil-go/src/ipv6rwc"
+	"github.com/yggdrasil-network/yggdrasil-go/src/multicast"
+	"github.com/yggdrasil-network/yggdrasil-go/src/version"
+
+	_ "golang.org/x/mobile/bind"
+)
+
+// Yggdrasil mobile package is meant to "plug the gap" for mobile support, as
+// Gomobile will not create headers for Swift/Obj-C etc if they have complex
+// (non-native) types. Therefore for iOS we will expose some nice simple
+// functions. Note that in the case of iOS we handle reading/writing to/from TUN
+// in Swift therefore we use the "dummy" TUN interface instead.
+type Yggdrasil struct {
+	core      core.Core
+	iprwc     *ipv6rwc.ReadWriteCloser
+	config    *config.NodeConfig
+	multicast multicast.Multicast
+	log       MobileLogger
+}
+
+// StartAutoconfigure starts a node with a randomly generated config
+func (m *Yggdrasil) StartAutoconfigure() error {
+	return m.StartJSON([]byte("{}"))
+}
+
+// StartJSON starts a node with the given JSON config. You can get JSON config
+// (rather than HJSON) by using the GenerateConfigJSON() function
+func (m *Yggdrasil) StartJSON(configjson []byte) error {
+	logger := log.New(m.log, "", 0)
+	logger.EnableLevel("error")
+	logger.EnableLevel("warn")
+	logger.EnableLevel("info")
+	m.config = defaults.GenerateConfig()
+	if err := json.Unmarshal(configjson, &m.config); err != nil {
+		return err
+	}
+	m.config.IfName = "none"
+	if err := m.core.Start(m.config, logger); err != nil {
+		logger.Errorln("An error occured starting Yggdrasil:", err)
+		return err
+	}
+	mtu := m.config.IfMTU
+	m.iprwc = ipv6rwc.NewReadWriteCloser(&m.core)
+	if m.iprwc.MaxMTU() < mtu {
+		mtu = m.iprwc.MaxMTU()
+	}
+	m.iprwc.SetMTU(mtu)
+	if len(m.config.MulticastInterfaces) > 0 {
+		if err := m.multicast.Init(&m.core, m.config, logger, nil); err != nil {
+			logger.Errorln("An error occurred initialising multicast:", err)
+			return err
+		}
+		if err := m.multicast.Start(); err != nil {
+			logger.Errorln("An error occurred starting multicast:", err)
+			return err
+		}
+	}
+	return nil
+}
+
+// Send sends a packet to Yggdrasil. It should be a fully formed
+// IPv6 packet
+func (m *Yggdrasil) Send(p []byte) error {
+	if m.iprwc == nil {
+		return nil
+	}
+	_, _ = m.iprwc.Write(p)
+	return nil
+}
+
+// Recv waits for and reads a packet coming from Yggdrasil. It
+// will be a fully formed IPv6 packet
+func (m *Yggdrasil) Recv() ([]byte, error) {
+	if m.iprwc == nil {
+		return nil, nil
+	}
+	var buf [65535]byte
+	n, _ := m.iprwc.Read(buf[:])
+	return buf[:n], nil
+}
+
+// Stop the mobile Yggdrasil instance
+func (m *Yggdrasil) Stop() error {
+	logger := log.New(m.log, "", 0)
+	logger.EnableLevel("info")
+	logger.Infof("Stop the mobile Yggdrasil instance %s", "")
+	if err := m.multicast.Stop(); err != nil {
+		return err
+	}
+	m.core.Stop()
+	return nil
+}
+
+// GenerateConfigJSON generates mobile-friendly configuration in JSON format
+func GenerateConfigJSON() []byte {
+	nc := defaults.GenerateConfig()
+	nc.IfName = "none"
+	if json, err := json.Marshal(nc); err == nil {
+		return json
+	}
+	return nil
+}
+
+// GetAddressString gets the node's IPv6 address
+func (m *Yggdrasil) GetAddressString() string {
+	ip := m.core.Address()
+	return ip.String()
+}
+
+// GetSubnetString gets the node's IPv6 subnet in CIDR notation
+func (m *Yggdrasil) GetSubnetString() string {
+	subnet := m.core.Subnet()
+	return subnet.String()
+}
+
+// GetPublicKeyString gets the node's public key in hex form
+func (m *Yggdrasil) GetPublicKeyString() string {
+	return hex.EncodeToString(m.core.GetSelf().Key)
+}
+
+// GetCoordsString gets the node's coordinates
+func (m *Yggdrasil) GetCoordsString() string {
+	return fmt.Sprintf("%v", m.core.GetSelf().Coords)
+}
+
+func (m *Yggdrasil) GetPeersJSON() (result string) {
+	peers := []struct {
+		core.Peer
+		IP string
+	}{}
+	for _, v := range m.core.GetPeers() {
+		a := address.AddrForKey(v.Key)
+		ip := net.IP(a[:]).String()
+		peers = append(peers, struct {
+			core.Peer
+			IP string
+		}{
+			Peer: v,
+			IP:   ip,
+		})
+	}
+	if res, err := json.Marshal(peers); err == nil {
+		return string(res)
+	} else {
+		return "{}"
+	}
+}
+
+func (m *Yggdrasil) GetDHTJSON() (result string) {
+	if res, err := json.Marshal(m.core.GetDHT()); err == nil {
+		return string(res)
+	} else {
+		return "{}"
+	}
+}
+
+// GetMTU returns the configured node MTU. This must be called AFTER Start.
+func (m *Yggdrasil) GetMTU() int {
+	return int(m.core.MTU())
+}
+
+func GetVersion() string {
+	return version.BuildVersion()
+}

contrib/mobile/mobile_android.go

@@ -0,0 +1,13 @@
+//go:build android
+// +build android
+
+package mobile
+
+import "log"
+
+type MobileLogger struct{}
+
+func (nsl MobileLogger) Write(p []byte) (n int, err error) {
+	log.Println(string(p))
+	return len(p), nil
+}

contrib/mobile/mobile_ios.go

@@ -0,0 +1,28 @@
+//go:build ios
+// +build ios
+
+package mobile
+
+/*
+#cgo CFLAGS: -x objective-c
+#cgo LDFLAGS: -framework Foundation
+#import <Foundation/Foundation.h>
+void Log(const char *text) {
+  NSString *nss = [NSString stringWithUTF8String:text];
+  NSLog(@"%@", nss);
+}
+*/
+import "C"
+import (
+	"unsafe"
+)
+
+type MobileLogger struct {
+}
+
+func (nsl MobileLogger) Write(p []byte) (n int, err error) {
+	p = append(p, 0)
+	cstr := (*C.char)(unsafe.Pointer(&p[0]))
+	C.Log(cstr)
+	return len(p), nil
+}

contrib/mobile/mobile_other.go

@@ -0,0 +1,14 @@
+//go:build !android && !ios
+// +build !android,!ios
+
+package mobile
+
+import "fmt"
+
+type MobileLogger struct {
+}
+
+func (nsl MobileLogger) Write(p []byte) (n int, err error) {
+	fmt.Print(string(p))
+	return len(p), nil
+}

contrib/mobile/mobile_test.go

@@ -0,0 +1,16 @@
+package mobile
+
+import "testing"
+
+func TestStartYggdrasil(t *testing.T) {
+	ygg := &Yggdrasil{}
+	if err := ygg.StartAutoconfigure(); err != nil {
+		t.Fatalf("Failed to start Yggdrasil: %s", err)
+	}
+	t.Log("Address:", ygg.GetAddressString())
+	t.Log("Subnet:", ygg.GetSubnetString())
+	t.Log("Coords:", ygg.GetCoordsString())
+	if err := ygg.Stop(); err != nil {
+		t.Fatalf("Failed to stop Yggdrasil: %s", err)
+	}
+}

contrib/msi/build-msi.sh

@@ -1,7 +1,9 @@
-#!/bin/bash
+#!/bin/sh
 
 # This script generates an MSI file for Yggdrasil for a given architecture. It
-# needs to run on Linux or macOS with Go 1.16, wixl and msitools installed.
+# needs to run on Windows within MSYS2 and Go 1.17 or later must be installed on
+# the system and within the PATH. This is ran currently by GitHub Actions (see
+# the workflows in the repository).
 #
 # Author: Neil Alexander <neilalexander@users.noreply.github.com>
 
@@ -9,28 +11,31 @@
 PKGARCH=$1
 if [ "${PKGARCH}" == "" ];
 then
-  echo "tell me the architecture: x86, x64 or arm"
+  echo "tell me the architecture: x86, x64, arm or arm64"
   exit 1
 fi
 
-# Get the rest of the repository history. This is needed within Appveyor because
-# otherwise we don't get all of the branch histories and therefore the semver
-# scripts don't work properly.
-if [ "${APPVEYOR_PULL_REQUEST_HEAD_REPO_BRANCH}" != "" ];
+# Download the wix tools!
+if [ ! -d wixbin ];
 then
-  git fetch --all
-  git checkout ${APPVEYOR_PULL_REQUEST_HEAD_REPO_BRANCH}
-elif [ "${APPVEYOR_REPO_BRANCH}" != "" ];
-then
-  git fetch --all
-  git checkout ${APPVEYOR_REPO_BRANCH}
+  curl -LO https://wixtoolset.org/downloads/v3.14.0.3910/wix314-binaries.zip
+  if [ `md5sum wix314-binaries.zip | cut -f 1 -d " "` != "34f655cf108086838dd5a76d4318063b" ];
+  then
+    echo "wix package didn't match expected checksum"
+    exit 1
+  fi
+  mkdir -p wixbin
+  unzip -o wix314-binaries.zip -d wixbin || (
+    echo "failed to unzip WiX"
+    exit 1
+  )
 fi
 
 # Build Yggdrasil!
-[ "${PKGARCH}" == "x64" ] && GOOS=windows GOARCH=amd64 CGO_ENABLED=0 ./build -p -l "-aslr"
-[ "${PKGARCH}" == "x86" ] && GOOS=windows GOARCH=386 CGO_ENABLED=0 ./build -p -l "-aslr"
-[ "${PKGARCH}" == "arm" ] && GOOS=windows GOARCH=arm CGO_ENABLED=0 ./build -p -l "-aslr"
-#[ "${PKGARCH}" == "arm64" ] && GOOS=windows GOARCH=arm64 CGO_ENABLED=0 ./build
+[ "${PKGARCH}" == "x64" ] && GOOS=windows GOARCH=amd64 CGO_ENABLED=0 ./build
+[ "${PKGARCH}" == "x86" ] && GOOS=windows GOARCH=386 CGO_ENABLED=0 ./build
+[ "${PKGARCH}" == "arm" ] && GOOS=windows GOARCH=arm CGO_ENABLED=0 ./build
+[ "${PKGARCH}" == "arm64" ] && GOOS=windows GOARCH=arm64 CGO_ENABLED=0 ./build
 
 # Create the postinstall script
 cat > updateconfig.bat << EOF
@@ -39,32 +44,33 @@ if not exist %ALLUSERSPROFILE%\\Yggdrasil (
 )
 if not exist %ALLUSERSPROFILE%\\Yggdrasil\\yggdrasil.conf (
   if exist yggdrasil.exe (
-    if not exist %ALLUSERSPROFILE%\\Yggdrasil\\yggdrasil.conf (
-      yggdrasil.exe -genconf > %ALLUSERSPROFILE%\\Yggdrasil\\yggdrasil.conf
-    )
+    yggdrasil.exe -genconf > %ALLUSERSPROFILE%\\Yggdrasil\\yggdrasil.conf
   )
 )
 EOF
 
 # Work out metadata for the package info
 PKGNAME=$(sh contrib/semver/name.sh)
-PKGVERSION=$(sh contrib/semver/version.sh --bare)
+PKGVERSION=$(sh contrib/msi/msversion.sh --bare)
 PKGVERSIONMS=$(echo $PKGVERSION | tr - .)
-[ "${PKGARCH}" == "x64" ] && \
+([ "${PKGARCH}" == "x64" ] || [ "${PKGARCH}" == "arm64" ]) && \
   PKGGUID="77757838-1a23-40a5-a720-c3b43e0260cc" PKGINSTFOLDER="ProgramFiles64Folder" || \
   PKGGUID="54a3294e-a441-4322-aefb-3bb40dd022bb" PKGINSTFOLDER="ProgramFilesFolder"
 
 # Download the Wintun driver
-curl -o wintun.zip https://www.wintun.net/builds/wintun-0.10.2.zip
-unzip wintun.zip
+if [ ! -d wintun ];
+then
+  curl -o wintun.zip https://www.wintun.net/builds/wintun-0.14.1.zip
+  unzip wintun.zip
+fi
 if [ $PKGARCH = "x64" ]; then
   PKGWINTUNDLL=wintun/bin/amd64/wintun.dll
 elif [ $PKGARCH = "x86" ]; then
   PKGWINTUNDLL=wintun/bin/x86/wintun.dll
 elif [ $PKGARCH = "arm" ]; then
   PKGWINTUNDLL=wintun/bin/arm/wintun.dll
-#elif [ $PKGARCH = "arm64" ]; then
-#  PKGWINTUNDLL=wintun/bin/arm64/wintun.dll
+elif [ $PKGARCH = "arm64" ]; then
+  PKGWINTUNDLL=wintun/bin/arm64/wintun.dll
 else
   echo "wasn't sure which architecture to get wintun for"
   exit 1
@@ -87,7 +93,6 @@ cat > wix.xml << EOF
     Language="1033"
     Codepage="1252"
     Version="${PKGVERSIONMS}"
-    Platform="${PKGARCH}"
     Manufacturer="github.com/yggdrasil-network">
 
     <Package
@@ -100,7 +105,6 @@ cat > wix.xml << EOF
       InstallScope="perMachine"
       Languages="1033"
       Compressed="yes"
-      Platform="${PKGARCH}"
       SummaryCodepage="1252" />
 
     <MajorUpgrade
@@ -189,7 +193,9 @@ cat > wix.xml << EOF
     <InstallExecuteSequence>
       <Custom
         Action="UpdateGenerateConfig"
-        Before="StartServices" />
+        Before="StartServices">
+          NOT Installed AND NOT REMOVE
+      </Custom>
     </InstallExecuteSequence>
 
   </Product>
@@ -197,4 +203,7 @@ cat > wix.xml << EOF
 EOF
 
 # Generate the MSI
-wixl -v wix.xml -a ${PKGARCH} -o ${PKGNAME}-${PKGVERSION}-${PKGARCH}.msi
+CANDLEFLAGS="-nologo"
+LIGHTFLAGS="-nologo -spdb -sice:ICE71 -sice:ICE61"
+wixbin/candle $CANDLEFLAGS -out ${PKGNAME}-${PKGVERSION}-${PKGARCH}.wixobj -arch ${PKGARCH} wix.xml && \
+wixbin/light $LIGHTFLAGS -ext WixUtilExtension.dll -out ${PKGNAME}-${PKGVERSION}-${PKGARCH}.msi ${PKGNAME}-${PKGVERSION}-${PKGARCH}.wixobj

contrib/msi/msversion.sh

@@ -0,0 +1,46 @@
+#!/bin/sh
+
+# Get the last tag
+TAG=$(git describe --abbrev=0 --tags --match="v[0-9]*\.[0-9]*\.[0-9]*" 2>/dev/null)
+
+# Did getting the tag succeed?
+if [ $? != 0 ] || [ -z "$TAG" ]; then
+  printf -- "unknown"
+  exit 0
+fi
+
+# Get the current branch
+BRANCH=$(git symbolic-ref -q HEAD --short 2>/dev/null)
+
+# Did getting the branch succeed?
+if [ $? != 0 ] || [ -z "$BRANCH" ]; then
+  BRANCH="master"
+fi
+
+# Split out into major, minor and patch numbers
+MAJOR=$(echo $TAG | cut -c 2- | cut -d "." -f 1)
+MINOR=$(echo $TAG | cut -c 2- | cut -d "." -f 2)
+PATCH=$(echo $TAG | cut -c 2- | cut -d "." -f 3 | awk -F"rc" '{print $1}')
+
+# Output in the desired format
+if [ $((PATCH)) -eq 0 ]; then
+  printf '%s%d.%d' "$PREPEND" "$((MAJOR))" "$((MINOR))"
+else
+  printf '%s%d.%d.%d' "$PREPEND" "$((MAJOR))" "$((MINOR))" "$((PATCH))"
+fi
+
+# Add the build tag on non-master branches
+if [ "$BRANCH" != "master" ]; then
+  BUILD=$(git rev-list --count $TAG..HEAD 2>/dev/null)
+
+  # Did getting the count of commits since the tag succeed?
+  if [ $? != 0 ] || [ -z "$BUILD" ]; then
+    printf -- "-unknown"
+    exit 0
+  fi
+
+  # Is the build greater than zero?
+  if [ $((BUILD)) -gt 0 ]; then
+      printf -- "-%04d" "$((BUILD))"
+  fi
+fi

contrib/semver/name.sh

@@ -1,9 +1,11 @@
 #!/bin/sh
 
 # Get the current branch name
-BRANCH=$(git symbolic-ref --short HEAD 2>/dev/null)
+BRANCH="$GITHUB_REF_NAME"
+if [ -z "$BRANCH" ]; then
+  BRANCH=$(git symbolic-ref --short HEAD 2>/dev/null)
+fi
 
-# Complain if the git history is not available
 if [ $? != 0 ] || [ -z "$BRANCH" ]; then
   printf "yggdrasil"
   exit 0

contrib/semver/version.sh

@@ -1,46 +1,11 @@
 #!/bin/sh
 
-# Get the last tag
-TAG=$(git describe --abbrev=0 --tags --match="v[0-9]*\.[0-9]*\.[0-9]*" 2>/dev/null)
-
-# Did getting the tag succeed?
-if [ $? != 0 ] || [ -z "$TAG" ]; then
-  printf -- "unknown"
-  exit 0
-fi
-
-# Get the current branch
-BRANCH=$(git symbolic-ref -q HEAD --short 2>/dev/null)
-
-# Did getting the branch succeed?
-if [ $? != 0 ] || [ -z "$BRANCH" ]; then
-  BRANCH="master"
-fi
-
-# Split out into major, minor and patch numbers
-MAJOR=$(echo $TAG | cut -c 2- | cut -d "." -f 1)
-MINOR=$(echo $TAG | cut -c 2- | cut -d "." -f 2)
-PATCH=$(echo $TAG | cut -c 2- | cut -d "." -f 3)
-
-# Output in the desired format
-if [ $((PATCH)) -eq 0 ]; then
-  printf '%s%d.%d' "$PREPEND" "$((MAJOR))" "$((MINOR))"
-else
-  printf '%s%d.%d.%d' "$PREPEND" "$((MAJOR))" "$((MINOR))" "$((PATCH))"
-fi
-
-# Add the build tag on non-master branches
-if [ "$BRANCH" != "master" ]; then
-  BUILD=$(git rev-list --count $TAG..HEAD 2>/dev/null)
-
-  # Did getting the count of commits since the tag succeed?
-  if [ $? != 0 ] || [ -z "$BUILD" ]; then
-    printf -- "-unknown"
-    exit 0
-  fi
-
-  # Is the build greater than zero?
-  if [ $((BUILD)) -gt 0 ]; then
-      printf -- "-%04d" "$((BUILD))"
-  fi
-fi
+case "$*" in
+  *--bare*)
+    # Remove the "v" prefix
+    git describe --tags --match="v[0-9]*\.[0-9]*\.[0-9]*" | cut -c 2-
+    ;;
+  *)
+    git describe --tags --match="v[0-9]*\.[0-9]*\.[0-9]*"
+    ;;
+esac

contrib/systemd/yggdrasil.service

@@ -1,8 +1,8 @@
 [Unit]
 Description=yggdrasil
-Wants=network.target
+Wants=network-online.target
 Wants=yggdrasil-default-config.service
-After=network.target
+After=network-online.target
 After=yggdrasil-default-config.service
 
 [Service]
@@ -10,7 +10,7 @@ Group=yggdrasil
 ProtectHome=true
 ProtectSystem=true
 SyslogIdentifier=yggdrasil
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 ExecStartPre=+-/sbin/modprobe tun
 ExecStart=/usr/bin/yggdrasil -useconffile /etc/yggdrasil.conf
 ExecReload=/bin/kill -HUP $MAINPID

doc/Whitepaper.md

@@ -1,148 +0,0 @@
-# Yggdrasil
-
-Note: This is a very rough early draft.
-
-Yggdrasil is an encrypted IPv6 network running in the [`200::/7` address range](https://en.wikipedia.org/wiki/Unique_local_address).
-It is an experimental/toy network, so failure is acceptable, as long as it's instructive to see how it breaks if/when everything falls apart.
-
-IP addresses are derived from cryptographic keys, to reduce the need for public key infrastructure.
-A form of locator/identifier separation (similar in goal to [LISP](https://en.wikipedia.org/wiki/Locator/Identifier_Separation_Protocol)) is used to map static identifiers (IP addresses) onto dynamic routing information (locators), using a [distributed hash table](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT).
-Locators are used to approximate the distance between nodes in the network, where the approximate distance is the length of a real worst-case-scenario path through the network.
-This is (arguably) easier to secure and requires less information about the network than commonly used routing schemes.
-
-While not technically a [compact routing scheme](https://arxiv.org/abs/0708.2309), tests on real-world networks suggest that routing in this style incurs stretch comparable to the name-dependent compact routing schemes designed for static networks.
-Compared to compact routing schemes, Yggdrasil appears to have smaller average routing table sizes, works on dynamic networks, and is name-independent.
-It currently lacks the provable bounds of compact routing schemes, and there's a serious argument to be made that it cheats by stretching the definition of some of the above terms, but the main point to be emphasized is that there are trade-offs between different concerns when trying to route traffic, and we'd rather make every part *good* than try to make any one part *perfect*.
-In that sense, Yggdrasil seems to be competitive, on what are supposedly realistic networks, with compact routing schemes.
-
-## Addressing
-
-Yggdrasil uses a truncated version of a `NodeID` to assign addresses.
-An address is assigned from the `200::/7` prefix, according to the following:
-
-1. Begin with `0x02` as the first byte of the address, or `0x03` if it's a `/64` prefix.
-2. Count the number of leading `1` bits in the NodeID.
-3. Set the second byte of the address to the number of leading `1` bits in the NodeID (8 bit unsigned integer, at most 255).
-4. Append the NodeID to the remaining bits of the address, truncating the leading `1` bits and the first `0` bit, to a total address size of 128 bits.
-
-The last bit of the first byte is used to flag if an address is for a router (`200::/8`), or part of an advertised prefix (`300::/8`), where each router owns a `/64` that matches their address (except with the eight bit set to 1 instead of 0).
-This allows the prefix to be advertised to the router's LAN, so unsupported devices can still connect to the network (e.g. network printers).
-
-The NodeID is a [sha512sum](https://en.wikipedia.org/wiki/SHA-512) of a node's public encryption key.
-Addresses are checked that they match NodeID, to prevent address spoofing.
-As such, while a 128 bit IPv6 address is likely too short to be considered secure by cryptographer standards, there is a significant cost in attempting to cause an address collision.
-Addresses can be made more secure by brute force generating a large number of leading `1` bits in the NodeID.
-
-When connecting to a node, the IP address is unpacked into the known bits of the NodeID and a matching bitmask to track which bits are significant.
-A node is only communicated with if its `NodeID` matches its public key and the known `NodeID` bits from the address.
-
-It is important to note that only `NodeID` is used internally for routing, so the addressing scheme could in theory be changed without breaking compatibility with intermediate routers.
-This has been done once, when moving the address range from the `fd00::/8` ULA range to the reserved-but-[deprecated](https://tools.ietf.org/html/rfc4048) `200::/7` range.
-Further addressing scheme changes could occur if, for example, an IPv7 format ever emerges.
-
-### Cryptography
-
-Public key encryption is done using the `golang.org/x/crypto/nacl/box`, which uses [Curve25519](https://en.wikipedia.org/wiki/Curve25519), [XSalsa20](https://en.wikipedia.org/wiki/Salsa20), and [Poly1305](https://en.wikipedia.org/wiki/Poly1305) for key exchange, encryption, and authentication (interoperable with [NaCl](https://en.wikipedia.org/wiki/NaCl_(software))).
-Permanent keys are used only for protocol traffic, with random nonces generated on a per-packet basis using `crypto/rand` from Go's standard library.
-Ephemeral session keys (for [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy)) are generated for encapsulated IPv6 traffic, using the same set of primitives, with random initial nonces that are subsequently incremented.
-A list of recently received session nonces is kept (as a bitmask) and checked to reject duplicated packets, in an effort to block duplicate packets and replay attacks.
-A separate set of keys are generated and used for signing with [Ed25519](https://en.wikipedia.org/wiki/Ed25519), which is used by the routing layer to secure construction of a spanning tree.
-
-### Prefixes
-
-Recall that each node's address is in the lower half of the address range, I.e. `200::/8`. A `/64` prefix is made available to each node under `300::/8`, where the remaining bits of the prefix match the node's address under `200::/8`.
-A node may optionally advertise a prefix on their local area network, which allows unsupported or legacy devices with IPv6 support to connect to the network.
-Note that there are 64 fewer bits of `NodeID` available to check in each address from a routing prefix, so it makes sense to brute force a `NodeID` with more significant bits in the address if this approach is to be used.
-Running `genkeys.go` will do this by default.
-
-## Locators and Routing
-
-Locators are generated using information from a spanning tree (described below).
-The result is that each node has a set of [coordinates in a greedy metric space](https://en.wikipedia.org/wiki/Greedy_embedding).
-These coordinates are used as a distance label.
-Given the coordinates of any two nodes, it is possible to calculate the length of some real path through the network between the two nodes.
-
-Traffic is forwarded using a [greedy routing](https://en.wikipedia.org/wiki/Small-world_routing#Greedy_routing) scheme, where each node forwards the packet to a one-hop neighbor that is closer to the destination (according to this distance metric) than the current node.
-In particular, when a packet needs to be forwarded, a node will forward it to whatever peer is closest to the destination in the greedy [metric space](https://en.wikipedia.org/wiki/Metric_space) used by the network, provided that the peer is closer to the destination than the current node.
-
-If no closer peers are idle, then the packet is queued in FIFO order, with separate queues per destination coords (currently, as a bit of a hack, IPv6 flow labels are embedded after the end of the significant part of the coords, so queues distinguish between different traffic streams with the same destination).
-Whenever the node finishes forwarding a packet to a peer, it checks the queues, and will forward the first packet from the queue with the maximum `<age of first packet>/<queue size in bytes>`, i.e. the bandwidth the queue is attempting to use, subject to the constraint that the peer is a valid next hop (i.e. closer to the destination than the current node).
-If no non-empty queue is available, then the peer is added to the idle set, forward packets when the need arises.
-
-This acts as a crude approximation of backpressure routing, where the remote queue sizes are assumed to be equal to the distance of a node from a destination (rather than communicating queue size information), and packets are never forwarded "backwards" through the network, but congestion on a local link is routed around when possible.
-The queue selection strategy behaves similar to shortest-queue-first, in that a larger fraction of available bandwidth to sessions that attempt to use less bandwidth, and is loosely based on the rationale behind some proposed solutions to the [cake-cutting](https://en.wikipedia.org/wiki/Fair_cake-cutting) problem.
-
-The queue size is limited to 4 MB. If a packet is added to a queue and the total size of all queues is larger than this threshold, then a random queue is selected (with odds proportional to relative queue sizes), and the first packet from that queue is dropped, with the process repeated until the total queue size drops below the allowed threshold.
-
-Note that this forwarding procedure generalizes to nodes that are not one-hop neighbors, but the current implementation omits the use of more distant neighbors, as this is expected to be a minor optimization (it would add per-link control traffic to pass path-vector-like information about a subset of the network, which is a lot of overhead compared to the current setup).
-
-### Spanning Tree
-
-A [spanning tree](https://en.wikipedia.org/wiki/Spanning_tree) is constructed with the tree rooted at the highest TreeID, where TreeID is equal to a sha512sum of a node's public [Ed25519](https://en.wikipedia.org/wiki/Ed25519) key (used for signing).
-A node sends periodic advertisement messages to each neighbor.
-The advertisement contains the coords that match the path from the root through the node, plus one additional hop from the node to the neighbor being advertised to.
-Each hop in this advertisement includes a matching ed25519 signature.
-These signatures prevent nodes from forging arbitrary routing advertisements.
-
-The first hop, from the root, also includes a sequence number, which must be updated periodically.
-A node will blacklist the current root (keeping a record of the last sequence number observed) if the root fails to update for longer than some timeout (currently hard coded at 1 minute).
-Normally, a root node will update their sequence number for frequently than this (once every 30 seconds).
-Nodes are throttled to ignore updates with a new sequence number for some period after updating their most recently seen sequence number (currently this cooldown is 15 seconds).
-The implementation chooses to set the sequence number equal to the unix time on the root's clock, so that a new (higher) sequence number will be selected if the root is restarted and the clock is not set back.
-
-Other than the root node, every other node in the network must select one of its neighbors to use as their parent.
-This selection is done by tracking when each neighbor first sends us a message with a new timestamp from the root, to determine the ordering of the latency of each path from the root, to each neighbor, and then to the node that's searching for a parent.
-These relative latencies are tracked by, for each neighbor, keeping a score vs each other neighbor.
-If a neighbor sends a message with an updated timestamp before another neighbor, then the faster neighbor's score is increased by 1.
-If the neighbor sends a message slower, then the score is decreased by 2, to make sure that a node must be reliably faster (at least 2/3 of the time) to see a net score increase over time.
-If a node begins to advertise new coordinates, then its score vs all other nodes is reset to 0.
-A node switches to a new parent if a neighbor's score (vs the current parent) reaches some threshold, currently 240, which corresponds to about 2 hours of being a reliably faster path.
-The intended outcome of this process is that stable connections from fixed infrastructure near the "core" of the network should (eventually) select parents that minimize latency from the root to themselves, while the more dynamic parts of the network, presumably more towards the edges, will try to favor reliability when selecting a parent.
-
-The distance metric between nodes is simply the distance between the nodes if they routed on the spanning tree.
-This is equal to the sum of the distance from each node to the last common ancestor of the two nodes being compared.
-The locator then consists of a root's key, timestamp, and coordinates representing each hop in the path from the root to the node.
-In practice, only the coords are used for routing, while the root and timestamp, along with all the per-hop signatures, are needed to securely construct the spanning tree.
-
-## Name-independent routing
-
-A [Chord](https://en.wikipedia.org/wiki/Chord_(peer-to-peer))-like Distributed Hash Table (DHT) is used as a distributed database that maps NodeIDs onto coordinates in the spanning tree metric space.
-The DHT is Chord-like in that it uses a successor/predecessor structure to do lookups in `O(n)` time with `O(1)` entries, then augments this with some additional information, adding roughly `O(logn)` additional entries, to reduce the lookup time to something around `O(logn)`.
-In the long term, the idea is to favor spending our bandwidth making sure the minimum `O(1)` part is right, to prioritize correctness, and then try to conserve bandwidth (and power) by being a bit lazy about checking the remaining `O(logn)` portion when it's not in use.
-
-To be specific, the DHT stores the immediate successor of a node, plus the next node it manages to find which is strictly closer (by the tree hop-count metric) than all previous nodes.
-The same process is repeated for predecessor nodes, and lookups walk the network in the predecessor direction, with each key being owned by its successor (to make sure defaulting to 0 for unknown bits of a `NodeID` doesn't cause us to overshoot the target during a lookup).
-In addition, all of a node's one-hop neighbors are included in the DHT, since we get this information "for free", and we must include it in our DHT to ensure that the network doesn't diverge to a broken state (though I suspect that only adding parents or parent-child relationships may be sufficient -- worth trying to prove or disprove, if somebody's bored).
-The DHT differs from Chord in that there are no values in the key:value store -- it only stores information about DHT peers -- and that it uses a [Kademlia](https://en.wikipedia.org/wiki/Kademlia)-inspired iterative-parallel lookup process.
-
-To summarize the entire routing procedure, when given only a node's IP address, the goal is to find a route to the destination.
-That happens through 3 steps:
-
-1. The address is unpacked into the known bits of a NodeID and a bitmask to signal which bits of the NodeID are known (the unknown bits are ignored).
-2. A DHT search is performed, which normally results in a response from the node closest in the DHT keyspace to the target `NodeID`. The response contains the node's curve25519 public key, which is checked to match the `NodeID` (and therefore the address), as well as the node's coordinates.
-3. Using the keys and coords from the above step, an ephemeral key exchange occurs between the source and destination nodes. These ephemeral session keys are used to encrypt any ordinary IPv6 traffic that may be encapsulated and sent between the nodes.
-
-From that point, the session keys and coords are cached and used to encrypt and send traffic between nodes. This is *mostly* transparent to the user: the initial DHT lookup and key exchange takes at least 2 round trips, so there's some delay before session setup completes and normal IPv6 traffic can flow. This is similar to the delay caused by a DNS lookup, although it generally takes longer, as a DHT lookup requires multiple iterations to reach the destination.
-
-## Project Status and Plans
-
-The current (Go) implementation is considered alpha, so compatibility with future versions is neither guaranteed nor expected.
-While users are discouraged from running anything truly critical on top of it, as of writing, it seems reliable enough for day-to-day use.
-
-As an "alpha" quality release, Yggdrasil *should* at least be able to detect incompatible versions when it sees them, and warn the users that an update may be needed.
-A "beta" quality release should know enough to be compatible in the face of wire format changes, and reasonably feature complete.
-A "stable" 1.0 release, if it ever happens, would probably be feature complete, with no expectation of future wire format changes, and free of known critical bugs.
-
-Roughly speaking, there are a few obvious ways the project could turn out:
-
-1. The developers could lose interest before it goes anywhere.
-2. The project could be reasonably complete (beta or stable), but never gain a significant number of users.
-3. The network may grow large enough that fundamental (non-fixable) design problems appear, which is hopefully a learning experience, but the project may die as a result.
-4. The network may grow large, but never hit any design problems, in which case we need to think about either moving the important parts into other projects ([cjdns](https://github.com/cjdelisle/cjdns)) or rewriting compatible implementations that are better optimized for the target platforms (e.g. a linux kernel module).
-
-That last one is probably impossible, because the speed of light would *eventually* become a problem, for a sufficiently large network.
-If the only thing limiting network growth turns out to be the underlying physics, then that arguably counts as a win.
-
-Also, note that some design decisions were made for ease-of-programming or ease-of-testing reasons, and likely need to be reconsidered at some point.
-In particular, Yggdrasil currently uses TCP for connections with one-hop neighbors, which introduces an additional layer of buffering that can lead to increased and/or unstable latency in congested areas of the network.
-

go.mod

@@ -1,24 +1,35 @@
 module github.com/yggdrasil-network/yggdrasil-go
 
-go 1.16
+go 1.17
 
 require (
+	github.com/Arceliar/ironwood v0.0.0-20220409035209-b7f71f05435a
 	github.com/Arceliar/phony v0.0.0-20210209235338-dde1a8dca979
-	github.com/cheggaaa/pb/v3 v3.0.6
-	github.com/fatih/color v1.10.0 // indirect
+	github.com/cheggaaa/pb/v3 v3.0.8
 	github.com/gologme/log v1.2.0
 	github.com/hashicorp/go-syslog v1.0.0
 	github.com/hjson/hjson-go v3.1.0+incompatible
 	github.com/kardianos/minwinsvc v1.0.0
-	github.com/mattn/go-runewidth v0.0.10 // indirect
 	github.com/mitchellh/mapstructure v1.4.1
-	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/vishvananda/netlink v1.1.0
-	github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
-	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83
-	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
-	golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b
-	golang.org/x/text v0.3.6-0.20210220033129-8f690f22cf1c
-	golang.zx2c4.com/wireguard v0.0.0-20210306175010-7e3b8371a1bf
-	golang.zx2c4.com/wireguard/windows v0.3.8
+	golang.org/x/mobile v0.0.0-20220112015953-858099ff7816
+	golang.org/x/net v0.0.0-20211101193420-4a448f8816b3
+	golang.org/x/sys v0.0.0-20211102192858-4dd72447c267
+	golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b
+	golang.zx2c4.com/wireguard v0.0.0-20211017052713-f87e87af0d9a
+	golang.zx2c4.com/wireguard/windows v0.4.12
+)
+
+require (
+	github.com/VividCortex/ewma v1.2.0 // indirect
+	github.com/fatih/color v1.12.0 // indirect
+	github.com/mattn/go-colorable v0.1.8 // indirect
+	github.com/mattn/go-isatty v0.0.13 // indirect
+	github.com/mattn/go-runewidth v0.0.13 // indirect
+	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
+	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
+	golang.org/x/mod v0.4.2 // indirect
+	golang.org/x/tools v0.1.8-0.20211022200916-316ba0b74098 // indirect
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 )

go.sum

@@ -1,12 +1,16 @@
+github.com/Arceliar/ironwood v0.0.0-20220409035209-b7f71f05435a h1:yfbnOyqPcx2gi5cFIJ2rlPz5M6rFPHT/c8FgZmFjCdc=
+github.com/Arceliar/ironwood v0.0.0-20220409035209-b7f71f05435a/go.mod h1:RP72rucOFm5udrnEzTmIWLRVGQiV/fSUAQXJ0RST/nk=
 github.com/Arceliar/phony v0.0.0-20210209235338-dde1a8dca979 h1:WndgpSW13S32VLQ3ugUxx2EnnWmgba1kCqPkd4Gk1yQ=
 github.com/Arceliar/phony v0.0.0-20210209235338-dde1a8dca979/go.mod h1:6Lkn+/zJilRMsKmbmG1RPoamiArC6HS73xbwRyp3UyI=
-github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
-github.com/cheggaaa/pb/v3 v3.0.6 h1:ULPm1wpzvj60FvmCrX7bIaB80UgbhI+zSaQJKRfCbAs=
-github.com/cheggaaa/pb/v3 v3.0.6/go.mod h1:X1L61/+36nz9bjIsrDU52qHKOQukUQe2Ge+YvGuquCw=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.10.0 h1:s36xzo75JdqLaaWoiEHk767eHiwo0598uUxyfiPkDsg=
+github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
+github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
+github.com/cheggaaa/pb/v3 v3.0.8 h1:bC8oemdChbke2FHIIGy9mn4DPJ2caZYQnfbRqwmdCoA=
+github.com/cheggaaa/pb/v3 v3.0.8/go.mod h1:UICbiLec/XO6Hw6k+BHEtHeQFzzBH4i2/qk/ow1EJTA=
 github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
+github.com/fatih/color v1.12.0 h1:mRhaKNwANqRgUBGKmnI5ZxEk7QXmjQeCcuYFMX2bfcc=
+github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
 github.com/gologme/log v1.2.0 h1:Ya5Ip/KD6FX7uH0S31QO87nCCSucKtF44TLbTtO7V4c=
 github.com/gologme/log v1.2.0/go.mod h1:gq31gQ8wEHkR+WekdWsqDuf8pXTUZA9BnnzTuPz1Y9U=
 github.com/hashicorp/go-syslog v1.0.0 h1:KaodqZuhUoZereWVIYmpUgZysurB1kBLX2j0MwMrUAE=
@@ -17,15 +21,14 @@ github.com/kardianos/minwinsvc v1.0.0 h1:+JfAi8IBJna0jY2dJGZqi7o15z13JelFIklJCAE
 github.com/kardianos/minwinsvc v1.0.0/go.mod h1:Bgd0oc+D0Qo3bBytmNtyRKVlp85dAloLKhfxanPFFRc=
 github.com/lxn/walk v0.0.0-20210112085537-c389da54e794/go.mod h1:E23UucZGqpuUANJooIbHWCufXvOcT6E7Stq81gU+CSQ=
 github.com/lxn/win v0.0.0-20210218163916-a377121e959e/go.mod h1:KxxjdtRkfNoYDCUP5ryK7XJJNTnpC8atvtmTheChOtk=
-github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8=
 github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
-github.com/mattn/go-runewidth v0.0.10 h1:CoZ3S2P7pvtP45xOtBw+/mDL2z0RKI576gSkzRRpdGg=
-github.com/mattn/go-runewidth v0.0.10/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
+github.com/mattn/go-isatty v0.0.13 h1:qdl+GuBjcsKKDco5BsxPJlId98mSWNKqYA+Co0SC1yA=
+github.com/mattn/go-isatty v0.0.13/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
+github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
+github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag=
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
@@ -36,37 +39,68 @@ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYp
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
 github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f h1:p4VB7kIXpOQvVn1ZaTIVp+3vuYAXFe3OJEvjbUYJLaA=
 github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
+github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 h1:/ZScEX8SfEmUGRHs0gxpqteO5nfNW6axyZbBdw9A12g=
-golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/exp v0.0.0-20190731235908-ec7cb31e5a56/go.mod h1:JhuoJpWY28nO4Vef9tZUw9qufEGTyX1+7lmHxV5q5G4=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20220112015953-858099ff7816 h1:jhDgkcu3yQ4tasBZ+1YwDmK7eFmuVf1w1k+NGGGxfmE=
+golang.org/x/mobile v0.0.0-20220112015953-858099ff7816/go.mod h1:pe2sM7Uk+2Su1y7u/6Z8KJ24D7lepUjFZbhFOrmDfuQ=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20210224082022-3d97a244fca7/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210927181540-4e4d966f7476/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211011170408-caeb26a5c8c0/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211101193420-4a448f8816b3 h1:VrJZAjbekhoRn7n5FBujY31gboH+iB3pdLxn3gE9FjU=
+golang.org/x/net v0.0.0-20211101193420-4a448f8816b3/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201018230417-eeed37f84f13/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210225014209-683adc9d29d7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210305215415-5cdee2b1b5a0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b h1:ggRgirZABFolTmi3sn6Ivd9SipZwLedQ5wR0aAKnFxU=
-golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
+golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211102192858-4dd72447c267 h1:7zYaz3tjChtpayGDzu6H0hDAUM5zIGA2XW7kRNgQ0jc=
+golang.org/x/sys v0.0.0-20211102192858-4dd72447c267/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6-0.20210220033129-8f690f22cf1c h1:SW/oilbeWd6f32u3ZvuYGqZ+wivcp//I3Dy/gByk7Wk=
-golang.org/x/text v0.3.6-0.20210220033129-8f690f22cf1c/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b h1:NXqSWXSRUSCaFuvitrWtU169I3876zRTalMRbfd6LL0=
+golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b/go.mod h1:EFNZuWvGYxIRUEX+K8UmCFwYmZjqcrnq15ZuVldZkZ0=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.zx2c4.com/wireguard v0.0.0-20210225140808-70b7b7158fc9/go.mod h1:39ZQQ95hUxDxT7opsWy/rtfgvXXc8s30qfZ02df69Fo=
-golang.zx2c4.com/wireguard v0.0.0-20210306175010-7e3b8371a1bf h1:AtdIMfzvVNPXN4kVY/yWS8mvpQogSwtCRJk2y/LBPpg=
-golang.zx2c4.com/wireguard v0.0.0-20210306175010-7e3b8371a1bf/go.mod h1:ojGPy+9W6ZSM8anL+xC67fvh8zPQJwA6KpFOHyDWLX4=
-golang.zx2c4.com/wireguard/windows v0.3.8 h1:FvfBEhdZZTwthLuPHdyP6zpivYL3enopxd4XpggAufM=
-golang.zx2c4.com/wireguard/windows v0.3.8/go.mod h1:lm7dxHcBuzMNq706Ge1tZKZKw4+19vG9dLOhoDX05HQ=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
+golang.org/x/tools v0.1.8-0.20211022200916-316ba0b74098 h1:YuekqPskqwCCPM79F1X5Dhv4ezTCj+Ki1oNwiafxkA0=
+golang.org/x/tools v0.1.8-0.20211022200916-316ba0b74098/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.zx2c4.com/wireguard v0.0.0-20211012062646-82d2aa87aa62/go.mod h1:id8Oh3eCCmpj9uVGWVjsUAl6UPX5ysMLzu6QxJU2UOU=
+golang.zx2c4.com/wireguard v0.0.0-20211017052713-f87e87af0d9a h1:tTbyylK9/D3u/wEP26Vx7L700UpY48nhioJWZM1vhZw=
+golang.zx2c4.com/wireguard v0.0.0-20211017052713-f87e87af0d9a/go.mod h1:id8Oh3eCCmpj9uVGWVjsUAl6UPX5ysMLzu6QxJU2UOU=
+golang.zx2c4.com/wireguard/windows v0.4.12 h1:CUmbdWKVNzTSsVb4yUAiEwL3KsabdJkEPdDjCHxBlhA=
+golang.zx2c4.com/wireguard/windows v0.4.12/go.mod h1:PW4y+d9oY83XU9rRwRwrJDwEMuhVjMxu2gfD1cfzS7w=

misc/sim/merge.py

@@ -1,62 +0,0 @@
-import glob
-import sys
-inputDirPath =  sys.argv[1]
-
-inputFilePaths = glob.glob(inputDirPath+"/*")
-inputFilePaths.sort()
-
-merged = dict()
-
-stretches = []
-
-total = 0
-for inputFilePath in inputFilePaths:
-  print "Processing file {}".format(inputFilePath)
-  with open(inputFilePath, 'r') as f:
-    inData = f.readlines()
-  pathsChecked = 0.
-  avgStretch = 0.
-  for line in inData:
-    dat = line.rstrip('\n').split(' ')
-    eHops = int(dat[0])
-    nHops = int(dat[1])
-    count = int(dat[2])
-    if eHops not in merged: merged[eHops] = dict()
-    if nHops not in merged[eHops]: merged[eHops][nHops] = 0
-    merged[eHops][nHops] += count
-    total += count
-    pathsChecked += count
-    stretch = float(nHops)/eHops
-    avgStretch += stretch*count
-  finStretch = avgStretch / max(1, pathsChecked)
-  stretches.append(str(finStretch))
-
-hopsUsed = 0.
-hopsNeeded = 0.
-avgStretch = 0.
-results = []
-for eHops in sorted(merged.keys()):
-  for nHops in sorted(merged[eHops].keys()):
-    count = merged[eHops][nHops]
-    result = "{} {} {}".format(eHops, nHops, count)
-    results.append(result)
-    hopsUsed += nHops*count
-    hopsNeeded += eHops*count
-    stretch = float(nHops)/eHops
-    avgStretch += stretch*count
-    print result
-bandwidthUsage = hopsUsed/max(1, hopsNeeded)
-avgStretch /= max(1, total)
-
-with open("results.txt", "w") as f:
-  f.write('\n'.join(results))
-
-with open("stretches.txt", "w") as f:
-  f.write('\n'.join(stretches))
-
-print "Total files processed: {}".format(len(inputFilePaths))
-print "Total paths found: {}".format(total)
-print "Bandwidth usage: {}".format(bandwidthUsage)
-print "Average stretch: {}".format(avgStretch)
-
-

misc/sim/run-sim

@@ -1,2 +0,0 @@
-#!/bin/bash
-go run -tags debug misc/sim/treesim.go "$@"

misc/sim/treesim-forward.py

@@ -1,901 +0,0 @@
-# Tree routing scheme (named Yggdrasil, after the world tree from Norse mythology)
-# Steps:
-#   1: Pick any node, here I'm using highest nodeID
-#   2: Build spanning tree, each node stores path back to root
-#     Optionally with weights for each hop
-#     Ties broken by preferring a parent with higher degree
-#   3: Distance metric: self->peer + (via tree) peer->dest
-#   4: Perform (modified) greedy lookup via this metric for each direction (A->B and B->A)
-#   5: Source-route traffic using the better of those two paths
-
-# Note: This makes no attempt to simulate a dynamic network
-#   E.g. A node's peers cannot be disconnected
-
-# TODO:
-#   Make better use of drop?
-#   In particular, we should be ignoring *all* recently dropped *paths* to the root
-#     To minimize route flapping
-#     Not really an issue in the sim, but probably needed for a real network
-
-import array
-import gc
-import glob
-import gzip
-import heapq
-import os
-import random
-import time
-
-#############
-# Constants #
-#############
-
-# Reminder of where link cost comes in
-LINK_COST = 1
-
-# Timeout before dropping something, in simulated seconds
-TIMEOUT = 60
-
-###########
-# Classes #
-###########
-
-class PathInfo:
-  def __init__(self, nodeID):
-    self.nodeID = nodeID   # e.g. IP
-    self.coords = []       # Position in tree
-    self.tstamp = 0        # Timestamp from sender, to keep track of old vs new info
-    self.degree = 0        # Number of peers the sender has, used to break ties
-    # The above should be signed
-    self.path   = [nodeID] # Path to node (in path-vector route)
-    self.time   = 0        # Time info was updated, to keep track of e.g. timeouts
-    self.treeID = nodeID   # Hack, let tree use different ID than IP, used so we can dijkstra once and test many roots
-  def clone(self):
-    # Return a deep-enough copy of the path
-    clone = PathInfo(None)
-    clone.nodeID = self.nodeID
-    clone.coords = self.coords[:]
-    clone.tstamp = self.tstamp
-    clone.degree = self.degree
-    clone.path = self.path[:]
-    clone.time = self.time
-    clone.treeID = self.treeID
-    return clone
-# End class PathInfo
-
-class Node:
-  def __init__(self, nodeID):
-    self.info  = PathInfo(nodeID) # Self NodeInfo
-    self.root  = None             # PathInfo to node at root of tree
-    self.drop  = dict()           # PathInfo to nodes from clus that have timed out
-    self.peers = dict()           # PathInfo to peers
-    self.links = dict()           # Links to peers (to pass messages)
-    self.msgs  = []               # Said messages
-    self.table = dict()           # Pre-computed lookup table of peer info
-
-  def tick(self):
-    # Do periodic maintenance stuff, including push updates
-    self.info.time += 1
-    if self.info.time > self.info.tstamp + TIMEOUT/4:
-      # Update timestamp at least once every 1/4 timeout period
-      # This should probably be randomized in a real implementation
-      self.info.tstamp = self.info.time
-      self.info.degree = 0# TODO decide if degree should be used, len(self.peers)
-    changed = False # Used to track when the network has converged
-    changed |= self.cleanRoot()
-    self.cleanDropped()
-    # Should probably send messages infrequently if there's nothing new to report
-    if self.info.tstamp == self.info.time:
-      msg = self.createMessage()
-      self.sendMessage(msg)
-    return changed
-
-  def cleanRoot(self):
-    changed = False
-    if self.root and self.info.time - self.root.time > TIMEOUT:
-      print "DEBUG: clean root,", self.root.path
-      self.drop[self.root.treeID] = self.root
-      self.root = None
-      changed = True
-    if not self.root or self.root.treeID < self.info.treeID:
-      # No need to drop someone who'se worse than us
-      self.info.coords = [self.info.nodeID]
-      self.root = self.info.clone()
-      changed = True
-    elif self.root.treeID == self.info.treeID:
-      self.root = self.info.clone()
-    return changed
-
-  def cleanDropped(self):
-    # May actually be a treeID... better to iterate over keys explicitly
-    nodeIDs = sorted(self.drop.keys())
-    for nodeID in nodeIDs:
-      node = self.drop[nodeID]
-      if self.info.time - node.time > 4*TIMEOUT:
-        del self.drop[nodeID]
-    return None
-
-  def createMessage(self):
-    # Message is just a tuple
-    # First element is the sender
-    # Second element is the root
-    # We will .clone() everything during the send operation
-    msg = (self.info, self.root)
-    return msg
-
-  def sendMessage(self, msg):
-    for link in self.links.values():
-      newMsg = (msg[0].clone(), msg[1].clone())
-      link.msgs.append(newMsg)
-    return None
-
-  def handleMessages(self):
-    changed = False
-    while self.msgs:
-      changed |= self.handleMessage(self.msgs.pop())
-    return changed
-
-  def handleMessage(self, msg):
-    changed = False
-    for node in msg:
-      # Update the path and timestamp for the sender and root info
-      node.path.append(self.info.nodeID)
-      node.time = self.info.time
-    # Update the sender's info in our list of peers
-    sender = msg[0]
-    self.peers[sender.nodeID] = sender
-    # Decide if we want to update the root
-    root = msg[1]
-    updateRoot = False
-    isSameParent = False
-    isBetterParent = False
-    if len(self.root.path) > 1 and len(root.path) > 1:
-      parent = self.peers[self.root.path[-2]]
-      if parent.nodeID == sender.nodeID: isSameParent = True
-      if sender.degree > parent.degree:
-        # This would also be where you check path uptime/reliability/whatever
-        # All else being equal, we prefer parents with high degree
-        # We are trusting peers to report degree correctly in this case
-        # So expect some performance reduction if your peers aren't trustworthy
-        # (Lies can increase average stretch by a few %)
-        isBetterParent = True
-    if self.info.nodeID in root.path[:-1]: pass # No loopy routes allowed
-    elif root.treeID in self.drop and self.drop[root.treeID].tstamp >= root.tstamp: pass
-    elif not self.root: updateRoot = True
-    elif self.root.treeID < root.treeID: updateRoot = True
-    elif self.root.treeID != root.treeID: pass
-    elif self.root.tstamp > root.tstamp: pass
-    elif len(root.path) < len(self.root.path): updateRoot = True
-    elif isBetterParent and len(root.path) == len(self.root.path): updateRoot = True
-    elif isSameParent and self.root.tstamp < root.tstamp: updateRoot = True
-    if updateRoot:
-      if not self.root or self.root.path != root.path: changed = True
-      self.root = root
-      self.info.coords = self.root.path
-    return changed
-
-  def lookup(self, dest):
-    # Note: Can loop in an unconverged network
-    # The person looking up the route is responsible for checking for loops
-    best = None
-    bestDist = 0
-    for node in self.peers.itervalues():
-      # dist = distance to node + dist (on tree) from node to dest
-      dist = len(node.path)-1 + treeDist(node.coords, dest.coords)
-      if not best or dist < bestDist:
-        best = node
-        bestDist = dist
-    if best:
-      next = best.path[-2]
-      assert next in self.peers
-      return next
-    else:
-      # We failed to look something up
-      # TODO some way to signal this which doesn't crash
-      assert False
-
-  def initTable(self):
-    # Pre-computes a lookup table for destination coords
-    # Insert parent first so you prefer them as a next-hop
-    self.table.clear()
-    parent = self.info.nodeID
-    if len(self.info.coords) >= 2: parent = self.info.coords[-2]
-    for peer in self.peers.itervalues():
-      current = self.table
-      for coord in peer.coords:
-        if coord not in current: current[coord] = (peer.nodeID, dict())
-        old = current[coord]
-        next = old[1]
-        oldPeer = self.peers[old[0]]
-        oldDist = len(oldPeer.coords)
-        oldDeg = oldPeer.degree
-        newDist = len(peer.coords)
-        newDeg = peer.degree
-        # Prefer parent
-        # Else prefer short distance from root
-        # If equal distance, prefer high degree
-        if peer.nodeID == parent: current[coord] = (peer.nodeID, next)
-        elif newDist < oldDist: current[coord] = (peer.nodeID, next)
-        elif newDist == oldDist and newDeg > oldDeg: current[coord] = (peer.nodeID, next)
-        current = next
-    return None
-
-  def lookup_new(self, dest):
-    # Use pre-computed lookup table to look up next hop for dest coords
-    assert self.table
-    if len(self.info.coords) >= 2: parent = self.info.coords[-2]
-    else: parent = None
-    current = (parent, self.table)
-    c = None
-    for coord in dest.coords:
-      c = coord
-      if coord not in current[1]: break
-      current = current[1][coord]
-    next = current[0]
-    if c in self.peers: next = c
-    if next not in self.peers:
-      assert next == None
-      # You're the root of a different connected component
-      # You'd drop the packet in this case
-      # To make the path cache not die, need to return a valid next hop...
-      # Returning self for that reason
-      next = self.info.nodeID
-    return next
-# End class Node
-
-####################
-# Helper Functions #
-####################
-
-def getIndexOfLCA(source, dest):
-  # Return index of last common ancestor in source/dest coords
-  # -1 if no common ancestor (e.g. different roots)
-  lcaIdx = -1
-  minLen = min(len(source), len(dest))
-  for idx in xrange(minLen):
-    if source[idx] == dest[idx]: lcaIdx = idx
-    else: break
-  return lcaIdx
-
-def treePath(source, dest):
-  # Return path with source at head and dest at tail
-  lastMatch = getIndexOfLCA(source, dest)
-  path = dest[-1:lastMatch:-1] + source[lastMatch:]
-  assert path[0] == dest[-1]
-  assert path[-1] == source[-1]
-  return path
-
-def treeDist(source, dest):
-  dist = len(source) + len(dest)
-  lcaIdx = getIndexOfLCA(source, dest)
-  dist -= 2*(lcaIdx+1)
-  return dist
-
-def dijkstra(nodestore, startingNodeID):
-  # Idea to use heapq and basic implementation taken from stackexchange post
-  # http://codereview.stackexchange.com/questions/79025/dijkstras-algorithm-in-python
-  nodeIDs = sorted(nodestore.keys())
-  nNodes = len(nodeIDs)
-  idxs = dict()
-  for nodeIdx in xrange(nNodes):
-    nodeID = nodeIDs[nodeIdx]
-    idxs[nodeID] = nodeIdx
-  dists = array.array("H", [0]*nNodes)
-  queue = [(0, startingNodeID)]
-  while queue:
-    dist, nodeID = heapq.heappop(queue)
-    idx = idxs[nodeID]
-    if not dists[idx]: # Unvisited, otherwise we skip it
-      dists[idx] = dist
-      for peer in nodestore[nodeID].links:
-        if not dists[idxs[peer]]:
-          # Peer is also unvisited, so add to queue
-          heapq.heappush(queue, (dist+LINK_COST, peer))
-  return dists
-
-def dijkstrall(nodestore):
-  # Idea to use heapq and basic implementation taken from stackexchange post
-  # http://codereview.stackexchange.com/questions/79025/dijkstras-algorithm-in-python
-  nodeIDs = sorted(nodestore.keys())
-  nNodes = len(nodeIDs)
-  idxs = dict()
-  for nodeIdx in xrange(nNodes):
-    nodeID = nodeIDs[nodeIdx]
-    idxs[nodeID] = nodeIdx
-  dists = array.array("H", [0]*nNodes*nNodes) # use GetCacheIndex(nNodes, start, end)
-  for sourceIdx in xrange(nNodes):
-    print "Finding shortest paths for node {} / {} ({})".format(sourceIdx+1, nNodes, nodeIDs[sourceIdx])
-    queue = [(0, sourceIdx)]
-    while queue:
-      dist, nodeIdx = heapq.heappop(queue)
-      distIdx = getCacheIndex(nNodes, sourceIdx, nodeIdx)
-      if not dists[distIdx]: # Unvisited, otherwise we skip it
-        dists[distIdx] = dist
-        for peer in nodestore[nodeIDs[nodeIdx]].links:
-          pIdx = idxs[peer]
-          pdIdx = getCacheIndex(nNodes, sourceIdx, pIdx)
-          if not dists[pdIdx]:
-            # Peer is also unvisited, so add to queue
-            heapq.heappush(queue, (dist+LINK_COST, pIdx))
-  return dists
-
-def linkNodes(node1, node2):
-  node1.links[node2.info.nodeID] = node2
-  node2.links[node1.info.nodeID] = node1
-
-############################
-# Store topology functions #
-############################
-
-def makeStoreSquareGrid(sideLength, randomize=True):
-  # Simple grid in a sideLength*sideLength square
-  # Just used to validate that the code runs
-  store = dict()
-  nodeIDs = list(range(sideLength*sideLength))
-  if randomize: random.shuffle(nodeIDs)
-  for nodeID in nodeIDs:
-    store[nodeID] = Node(nodeID)
-  for index in xrange(len(nodeIDs)):
-    if (index % sideLength != 0): linkNodes(store[nodeIDs[index]], store[nodeIDs[index-1]])
-    if (index >= sideLength): linkNodes(store[nodeIDs[index]], store[nodeIDs[index-sideLength]])
-  print "Grid store created, size {}".format(len(store))
-  return store
-
-def makeStoreASRelGraph(pathToGraph):
-  #Existing network graphs, in caida.org's asrel format (ASx|ASy|z per line, z denotes relationship type)
-  with open(pathToGraph, "r") as f:
-    inData = f.readlines()
-  store = dict()
-  for line in inData:
-    if line.strip()[0] == "#": continue # Skip comment lines
-    line = line.replace('|'," ")
-    nodes = map(int, line.split()[0:2])
-    if nodes[0] not in store: store[nodes[0]] = Node(nodes[0])
-    if nodes[1] not in store: store[nodes[1]] = Node(nodes[1])
-    linkNodes(store[nodes[0]], store[nodes[1]])
-  print "CAIDA AS-relation graph successfully imported, size {}".format(len(store))
-  return store
-
-def makeStoreASRelGraphMaxDeg(pathToGraph, degIdx=0):
-  with open(pathToGraph, "r") as f:
-    inData = f.readlines()
-  store = dict()
-  nodeDeg = dict()
-  for line in inData:
-    if line.strip()[0] == "#": continue # Skip comment lines
-    line = line.replace('|'," ")
-    nodes = map(int, line.split()[0:2])
-    if nodes[0] not in nodeDeg: nodeDeg[nodes[0]] = 0
-    if nodes[1] not in nodeDeg: nodeDeg[nodes[1]] = 0
-    nodeDeg[nodes[0]] += 1
-    nodeDeg[nodes[1]] += 1
-  sortedNodes = sorted(nodeDeg.keys(), \
-                       key=lambda x: (nodeDeg[x], x), \
-                       reverse=True)
-  maxDegNodeID = sortedNodes[degIdx]
-  return makeStoreASRelGraphFixedRoot(pathToGraph, maxDegNodeID)
-
-def makeStoreASRelGraphFixedRoot(pathToGraph, rootNodeID):
-  with open(pathToGraph, "r") as f:
-    inData = f.readlines()
-  store = dict()
-  for line in inData:
-    if line.strip()[0] == "#": continue # Skip comment lines
-    line = line.replace('|'," ")
-    nodes = map(int, line.split()[0:2])
-    if nodes[0] not in store:
-      store[nodes[0]] = Node(nodes[0])
-      if nodes[0] == rootNodeID: store[nodes[0]].info.treeID += 1000000000
-    if nodes[1] not in store:
-      store[nodes[1]] = Node(nodes[1])
-      if nodes[1] == rootNodeID: store[nodes[1]].info.treeID += 1000000000
-    linkNodes(store[nodes[0]], store[nodes[1]])
-  print "CAIDA AS-relation graph successfully imported, size {}".format(len(store))
-  return store
-
-def makeStoreDimesEdges(pathToGraph, rootNodeID=None):
-  # Read from a DIMES csv-formatted graph from a gzip file
-  store = dict()
-  with gzip.open(pathToGraph, "r") as f:
-    inData = f.readlines()
-  size = len(inData)
-  index = 0
-  for edge in inData:
-    if not index % 1000:
-      pct = 100.0*index/size
-      print "Processing edge {}, {:.2f}%".format(index, pct)
-    index += 1
-    dat = edge.rstrip().split(',')
-    node1 = "N" + str(dat[0].strip())
-    node2 = "N" + str(dat[1].strip())
-    if '?' in node1 or '?' in node2: continue #Unknown node
-    if node1 == rootNodeID: node1 = "R" + str(dat[0].strip())
-    if node2 == rootNodeID: node2 = "R" + str(dat[1].strip())
-    if node1 not in store: store[node1] = Node(node1)
-    if node2 not in store: store[node2] = Node(node2)
-    if node1 != node2: linkNodes(store[node1], store[node2])
-  print "DIMES graph successfully imported, size {}".format(len(store))
-  return store
-
-def makeStoreGeneratedGraph(pathToGraph, root=None):
-  with open(pathToGraph, "r") as f:
-    inData = f.readlines()
-  store = dict()
-  for line in inData:
-    if line.strip()[0] == "#": continue # Skip comment lines
-    nodes = map(int, line.strip().split(' ')[0:2])
-    node1 = nodes[0]
-    node2 = nodes[1]
-    if node1 == root: node1 += 1000000
-    if node2 == root: node2 += 1000000
-    if node1 not in store: store[node1] = Node(node1)
-    if node2 not in store: store[node2] = Node(node2)
-    linkNodes(store[node1], store[node2])
-  print "Generated graph successfully imported, size {}".format(len(store))
-  return store
-
-
-############################################
-# Functions used as parts of network tests #
-############################################
-
-def idleUntilConverged(store):
-  nodeIDs = sorted(store.keys())
-  timeOfLastChange = 0
-  step = 0
-  # Idle until the network has converged
-  while step - timeOfLastChange < 4*TIMEOUT:
-    step += 1
-    print "Step: {}, last change: {}".format(step, timeOfLastChange)
-    changed = False
-    for nodeID in nodeIDs:
-      # Update node status, send messages
-      changed |= store[nodeID].tick()
-    for nodeID in nodeIDs:
-      # Process messages
-      changed |= store[nodeID].handleMessages()
-    if changed: timeOfLastChange = step
-  initTables(store)
-  return store
-
-def getCacheIndex(nodes, sourceIndex, destIndex):
-  return sourceIndex*nodes + destIndex
-
-def initTables(store):
-  nodeIDs = sorted(store.keys())
-  nNodes = len(nodeIDs)
-  print "Initializing routing tables for {} nodes".format(nNodes)
-  for idx in xrange(nNodes):
-    nodeID = nodeIDs[idx]
-    store[nodeID].initTable()
-  print "Routing tables initialized"
-  return None
-
-def getCache(store):
-  nodeIDs = sorted(store.keys())
-  nNodes = len(nodeIDs)
-  nodeIdxs = dict()
-  for nodeIdx in xrange(nNodes):
-    nodeIdxs[nodeIDs[nodeIdx]] = nodeIdx
-  cache = array.array("H", [0]*nNodes*nNodes)
-  for sourceIdx in xrange(nNodes):
-    sourceID = nodeIDs[sourceIdx]
-    print "Building fast lookup table for node {} / {} ({})".format(sourceIdx+1, nNodes, sourceID)
-    for destIdx in xrange(nNodes):
-      destID = nodeIDs[destIdx]
-      if sourceID == destID: nextHop = destID # lookup would fail
-      else: nextHop = store[sourceID].lookup(store[destID].info)
-      nextHopIdx = nodeIdxs[nextHop]
-      cache[getCacheIndex(nNodes, sourceIdx, destIdx)] = nextHopIdx
-  return cache
-
-def testPaths(store, dists):
-  cache = getCache(store)
-  nodeIDs = sorted(store.keys())
-  nNodes = len(nodeIDs)
-  idxs = dict()
-  for nodeIdx in xrange(nNodes):
-    nodeID = nodeIDs[nodeIdx]
-    idxs[nodeID] = nodeIdx
-  results = dict()
-  for sourceIdx in xrange(nNodes):
-    sourceID = nodeIDs[sourceIdx]
-    print "Testing paths from node {} / {} ({})".format(sourceIdx+1, len(nodeIDs), sourceID)
-    #dists = dijkstra(store, sourceID)
-    for destIdx in xrange(nNodes):
-      destID = nodeIDs[destIdx]
-      if destID == sourceID: continue # Skip self
-      distIdx = getCacheIndex(nNodes, sourceIdx, destIdx)
-      eHops = dists[distIdx]
-      if not eHops: continue # The network is split, no path exists
-      hops = 0
-      for pair in ((sourceIdx, destIdx),):
-        nHops = 0
-        locIdx = pair[0]
-        dIdx = pair[1]
-        while locIdx != dIdx:
-          locIdx = cache[getCacheIndex(nNodes, locIdx, dIdx)]
-          nHops += 1
-        if not hops or nHops < hops: hops = nHops
-      if eHops not in results: results[eHops] = dict()
-      if hops not in results[eHops]: results[eHops][hops] = 0
-      results[eHops][hops] += 1
-  return results
-
-def getAvgStretch(pathMatrix):
-  avgStretch = 0.
-  checked = 0.
-  for eHops in sorted(pathMatrix.keys()):
-    for nHops in sorted(pathMatrix[eHops].keys()):
-      count = pathMatrix[eHops][nHops]
-      stretch = float(nHops)/float(max(1, eHops))
-      avgStretch += stretch*count
-      checked += count
-  avgStretch /= max(1, checked)
-  return avgStretch
-
-def getMaxStretch(pathMatrix):
-  maxStretch = 0.
-  for eHops in sorted(pathMatrix.keys()):
-    for nHops in sorted(pathMatrix[eHops].keys()):
-      stretch = float(nHops)/float(max(1, eHops))
-      maxStretch = max(maxStretch, stretch)
-  return maxStretch
-
-def getCertSizes(store):
-  # Returns nCerts frequency distribution
-  # De-duplicates common certs (for shared prefixes in the path)
-  sizes = dict()
-  for node in store.values():
-    certs = set()
-    for peer in node.peers.values():
-      pCerts = set()
-      assert len(peer.path) == 2
-      assert peer.coords[-1] == peer.path[0]
-      hops = peer.coords + peer.path[1:]
-      for hopIdx in xrange(len(hops)-1):
-        send = hops[hopIdx]
-        if send == node.info.nodeID: continue # We created it, already have it
-        path = hops[0:hopIdx+2]
-        # Each cert is signed by the sender
-        # Includes information about the path from the sender to the next hop
-        # Next hop is at hopIdx+1, so the path to next hop is hops[0:hopIdx+2]
-        cert = "{}:{}".format(send, path)
-        certs.add(cert)
-    size = len(certs)
-    if size not in sizes: sizes[size] = 0
-    sizes[size] += 1
-  return sizes
-
-def getMinLinkCertSizes(store):
-  # Returns nCerts frequency distribution
-  # De-duplicates common certs (for shared prefixes in the path)
-  # Based on the minimum number of certs that must be traded through a particular link
-  # Handled per link
-  sizes = dict()
-  for node in store.values():
-    peerCerts = dict()
-    for peer in node.peers.values():
-      pCerts = set()
-      assert len(peer.path) == 2
-      assert peer.coords[-1] == peer.path[0]
-      hops = peer.coords + peer.path[1:]
-      for hopIdx in xrange(len(hops)-1):
-        send = hops[hopIdx]
-        if send == node.info.nodeID: continue # We created it, already have it
-        path = hops[0:hopIdx+2]
-        # Each cert is signed by the sender
-        # Includes information about the path from the sender to the next hop
-        # Next hop is at hopIdx+1, so the path to next hop is hops[0:hopIdx+2]
-        cert = "{}:{}".format(send, path)
-        pCerts.add(cert)
-      peerCerts[peer.nodeID] = pCerts
-    for peer in peerCerts:
-      size = 0
-      pCerts = peerCerts[peer]
-      for cert in pCerts:
-        required = True
-        for p2 in peerCerts:
-          if p2 == peer: continue
-          p2Certs = peerCerts[p2]
-          if cert in p2Certs: required = False
-        if required: size += 1
-      if size not in sizes: sizes[size] = 0
-      sizes[size] += 1
-  return sizes
-
-def getPathSizes(store):
-  # Returns frequency distribution of the total number of hops the routing table
-  # I.e. a node with 3 peers, each with 5 hop coord+path, would count as 3x5=15
-  sizes = dict()
-  for node in store.values():
-    size = 0
-    for peer in node.peers.values():
-      assert len(peer.path) == 2
-      assert peer.coords[-1] == peer.path[0]
-      peerSize = len(peer.coords) + len(peer.path) - 1 # double-counts peer, -1
-      size += peerSize
-    if size not in sizes: sizes[size] = 0
-    sizes[size] += 1
-  return sizes
-
-def getPeerSizes(store):
-  # Returns frequency distribution of the number of peers each node has
-  sizes = dict()
-  for node in store.values():
-    nPeers = len(node.peers)
-    if nPeers not in sizes: sizes[nPeers] = 0
-    sizes[nPeers] += 1
-  return sizes
-
-def getAvgSize(sizes):
-  sumSizes = 0
-  nNodes = 0
-  for size in sizes:
-    count = sizes[size]
-    sumSizes += size*count
-    nNodes += count
-  avgSize = float(sumSizes)/max(1, nNodes)
-  return avgSize
-
-def getMaxSize(sizes):
-  return max(sizes.keys())
-
-def getMinSize(sizes):
-  return min(sizes.keys())
-
-def getResults(pathMatrix):
-  results = []
-  for eHops in sorted(pathMatrix.keys()):
-    for nHops in sorted(pathMatrix[eHops].keys()):
-      count = pathMatrix[eHops][nHops]
-      results.append("{} {} {}".format(eHops, nHops, count))
-  return '\n'.join(results)
-
-####################################
-# Functions to run different tests #
-####################################
-
-def runTest(store):
-  # Runs the usual set of tests on the store
-  # Does not save results, so only meant for quick tests
-  # To e.g. check the code works, maybe warm up the pypy jit
-  for node in store.values():
-    node.info.time = random.randint(0, TIMEOUT)
-    node.info.tstamp = TIMEOUT
-  print "Begin testing network"
-  dists = None
-  if not dists: dists = dijkstrall(store)
-  idleUntilConverged(store)
-  pathMatrix = testPaths(store, dists)
-  avgStretch = getAvgStretch(pathMatrix)
-  maxStretch = getMaxStretch(pathMatrix)
-  peers = getPeerSizes(store)
-  certs = getCertSizes(store)
-  paths = getPathSizes(store)
-  linkCerts = getMinLinkCertSizes(store)
-  avgPeerSize = getAvgSize(peers)
-  maxPeerSize = getMaxSize(peers)
-  avgCertSize = getAvgSize(certs)
-  maxCertSize = getMaxSize(certs)
-  avgPathSize = getAvgSize(paths)
-  maxPathSize = getMaxSize(paths)
-  avgLinkCert = getAvgSize(linkCerts)
-  maxLinkCert = getMaxSize(linkCerts)
-  totalCerts = sum(map(lambda x: x*certs[x], certs.keys()))
-  totalLinks = sum(map(lambda x: x*peers[x], peers.keys())) # one-way links
-  avgCertsPerLink = float(totalCerts)/max(1, totalLinks)
-  print "Finished testing network"
-  print "Avg / Max stretch: {} / {}".format(avgStretch, maxStretch)
-  print "Avg / Max nPeers size: {} / {}".format(avgPeerSize, maxPeerSize)
-  print "Avg / Max nCerts size: {} / {}".format(avgCertSize, maxCertSize)
-  print "Avg / Max total hops in any node's routing table: {} / {}".format(avgPathSize, maxPathSize)
-  print "Avg / Max lower bound cert requests per link (one-way): {} / {}".format(avgLinkCert, maxLinkCert)
-  print "Avg certs per link (one-way): {}".format(avgCertsPerLink)
-  return # End of function
-
-def rootNodeASTest(path, outDir="output-treesim-AS", dists=None, proc = 1):
-  # Checks performance for every possible choice of root node
-  # Saves output for each root node to a separate file on disk
-  # path = input path to some caida.org formatted AS-relationship graph
-  if not os.path.exists(outDir): os.makedirs(outDir)
-  assert os.path.exists(outDir)
-  store = makeStoreASRelGraph(path)
-  nodes = sorted(store.keys())
-  for nodeIdx in xrange(len(nodes)):
-    if nodeIdx % proc != 0: continue # Work belongs to someone else
-    rootNodeID = nodes[nodeIdx]
-    outpath = outDir+"/{}".format(rootNodeID)
-    if os.path.exists(outpath):
-      print "Skipping {}, already processed".format(rootNodeID)
-      continue
-    store = makeStoreASRelGraphFixedRoot(path, rootNodeID)
-    for node in store.values():
-      node.info.time = random.randint(0, TIMEOUT)
-      node.info.tstamp = TIMEOUT
-    print "Beginning {}, size {}".format(nodeIdx, len(store))
-    if not dists: dists = dijkstrall(store)
-    idleUntilConverged(store)
-    pathMatrix = testPaths(store, dists)
-    avgStretch = getAvgStretch(pathMatrix)
-    maxStretch = getMaxStretch(pathMatrix)
-    results = getResults(pathMatrix)
-    with open(outpath, "w") as f:
-      f.write(results)
-    print "Finished test for root AS {} ({} / {})".format(rootNodeID, nodeIdx+1, len(store))
-    print "Avg / Max stretch: {} / {}".format(avgStretch, maxStretch)
-    #break # Stop after 1, because they can take forever
-  return # End of function
-
-def timelineASTest():
-  # Meant to study the performance of the network as a function of network size
-  # Loops over a set of AS-relationship graphs
-  # Runs a test on each graph, selecting highest-degree node as the root
-  # Saves results for each graph to a separate file on disk
-  outDir = "output-treesim-timeline-AS"
-  if not os.path.exists(outDir): os.makedirs(outDir)
-  assert os.path.exists(outDir)
-  paths = sorted(glob.glob("asrel/datasets/*"))
-  for path in paths:
-    date = os.path.basename(path).split(".")[0]
-    outpath = outDir+"/{}".format(date)
-    if os.path.exists(outpath):
-      print "Skipping {}, already processed".format(date)
-      continue
-    store = makeStoreASRelGraphMaxDeg(path)
-    dists = None
-    for node in store.values():
-      node.info.time = random.randint(0, TIMEOUT)
-      node.info.tstamp = TIMEOUT
-    print "Beginning {}, size {}".format(date, len(store))
-    if not dists: dists = dijkstrall(store)
-    idleUntilConverged(store)
-    pathMatrix = testPaths(store, dists)
-    avgStretch = getAvgStretch(pathMatrix)
-    maxStretch = getMaxStretch(pathMatrix)
-    results = getResults(pathMatrix)
-    with open(outpath, "w") as f:
-      f.write(results)
-    print "Finished {} with {} nodes".format(date, len(store))
-    print "Avg / Max stretch: {} / {}".format(avgStretch, maxStretch)
-    #break # Stop after 1, because they can take forever
-  return # End of function
-
-def timelineDimesTest():
-  # Meant to study the performance of the network as a function of network size
-  # Loops over a set of AS-relationship graphs
-  # Runs a test on each graph, selecting highest-degree node as the root
-  # Saves results for each graph to a separate file on disk
-  outDir = "output-treesim-timeline-dimes"
-  if not os.path.exists(outDir): os.makedirs(outDir)
-  assert os.path.exists(outDir)
-  # Input files are named ASEdgesX_Y where X = month (no leading 0), Y = year
-  paths = sorted(glob.glob("DIMES/ASEdges/*.gz"))
-  exists = set(glob.glob(outDir+"/*"))
-  for path in paths:
-    date = os.path.basename(path).split(".")[0]
-    outpath = outDir+"/{}".format(date)
-    if outpath in exists:
-      print "Skipping {}, already processed".format(date)
-      continue
-    store = makeStoreDimesEdges(path)
-    # Get the highest degree node and make it root
-    # Sorted by nodeID just to make it stable in the event of a tie
-    nodeIDs = sorted(store.keys())
-    bestRoot = ""
-    bestDeg = 0
-    for nodeID in nodeIDs:
-      node = store[nodeID]
-      if len(node.links) > bestDeg:
-        bestRoot = nodeID
-        bestDeg = len(node.links)
-    assert bestRoot
-    store = makeStoreDimesEdges(path, bestRoot)
-    rootID = "R" + bestRoot[1:]
-    assert rootID in store
-    # Don't forget to set random seed before setting times
-    # To make results reproducible
-    nodeIDs = sorted(store.keys())
-    random.seed(12345)
-    for nodeID in nodeIDs:
-      node = store[nodeID]
-      node.info.time = random.randint(0, TIMEOUT)
-      node.info.tstamp = TIMEOUT
-    print "Beginning {}, size {}".format(date, len(store))
-    if not dists: dists = dijkstrall(store)
-    idleUntilConverged(store)
-    pathMatrix = testPaths(store, dists)
-    avgStretch = getAvgStretch(pathMatrix)
-    maxStretch = getMaxStretch(pathMatrix)
-    results = getResults(pathMatrix)
-    with open(outpath, "w") as f:
-      f.write(results)
-    print "Finished {} with {} nodes".format(date, len(store))
-    print "Avg / Max stretch: {} / {}".format(avgStretch, maxStretch)
-    break # Stop after 1, because they can take forever
-  return # End of function
-
-def scalingTest(maxTests=None, inputDir="graphs"):
-  # Meant to study the performance of the network as a function of network size
-  # Loops over a set of nodes in a previously generated graph
-  # Runs a test on each graph, testing each node as the root
-  # if maxTests is set, tests only that number of roots (highest degree first)
-  # Saves results for each graph to a separate file on disk
-  outDir = "output-treesim-{}".format(inputDir)
-  if not os.path.exists(outDir): os.makedirs(outDir)
-  assert os.path.exists(outDir)
-  paths = sorted(glob.glob("{}/*".format(inputDir)))
-  exists = set(glob.glob(outDir+"/*"))
-  for path in paths:
-    gc.collect() # pypy waits for gc to close files
-    graph = os.path.basename(path).split(".")[0]
-    store = makeStoreGeneratedGraph(path)
-    # Get the highest degree node and make it root
-    # Sorted by nodeID just to make it stable in the event of a tie
-    nodeIDs = sorted(store.keys(), key=lambda x: len(store[x].links), reverse=True)
-    dists = None
-    if maxTests: nodeIDs = nodeIDs[:maxTests]
-    for nodeID in nodeIDs:
-      nodeIDStr = str(nodeID).zfill(len(str(len(store)-1)))
-      outpath = outDir+"/{}-{}".format(graph, nodeIDStr)
-      if outpath in exists:
-        print "Skipping {}-{}, already processed".format(graph, nodeIDStr)
-        continue
-      store = makeStoreGeneratedGraph(path, nodeID)
-      # Don't forget to set random seed before setting times
-      random.seed(12345) # To make results reproducible
-      nIDs = sorted(store.keys())
-      for nID in nIDs:
-        node = store[nID]
-        node.info.time = random.randint(0, TIMEOUT)
-        node.info.tstamp = TIMEOUT
-      print "Beginning {}, size {}".format(graph, len(store))
-      if not dists: dists = dijkstrall(store)
-      idleUntilConverged(store)
-      pathMatrix = testPaths(store, dists)
-      avgStretch = getAvgStretch(pathMatrix)
-      maxStretch = getMaxStretch(pathMatrix)
-      results = getResults(pathMatrix)
-      with open(outpath, "w") as f:
-        f.write(results)
-      print "Finished {} with {} nodes for root {}".format(graph, len(store), nodeID)
-      print "Avg / Max stretch: {} / {}".format(avgStretch, maxStretch)
-  return # End of function
-
-##################
-# Main Execution #
-##################
-
-if __name__ == "__main__":
-  if True: # Run a quick test
-    random.seed(12345) # DEBUG
-    store = makeStoreSquareGrid(4)
-    runTest(store) # Quick test
-  store = None
-  # Do some real work
-  #runTest(makeStoreDimesEdges("DIMES/ASEdges/ASEdges1_2007.csv.gz"))
-  #timelineDimesTest()
-  #rootNodeASTest("asrel/datasets/19980101.as-rel.txt")
-  #timelineASTest()
-  #rootNodeASTest("hype-2016-09-19.list", "output-treesim-hype")
-  #scalingTest(None, "graphs-20") # First argument 1 to only test 1 root per graph
-  #store = makeStoreGeneratedGraph("bgp_tables")
-  #store = makeStoreGeneratedGraph("skitter")
-  #store = makeStoreASRelGraphMaxDeg("hype-2016-09-19.list") #http://hia.cjdns.ca/watchlist/c/walk.peers.20160919
-  #store = makeStoreGeneratedGraph("fc00-2017-08-12.txt")
-  if store: runTest(store)
-  #rootNodeASTest("skitter", "output-treesim-skitter", None, 0, 1)
-  #scalingTest(1, "graphs-20") # First argument 1 to only test 1 root per graph
-  #scalingTest(1, "graphs-21") # First argument 1 to only test 1 root per graph
-  #scalingTest(1, "graphs-22") # First argument 1 to only test 1 root per graph
-  #scalingTest(1, "graphs-23") # First argument 1 to only test 1 root per graph
-  if not store:
-    import sys
-    args = sys.argv
-    if len(args) == 2:
-      job_number = int(sys.argv[1])
-      rootNodeASTest("fc00-2017-08-12.txt", "fc00", None, job_number)
-    else:
-      print "Usage: {} job_number".format(args[0])
-      print "job_number = which job set to run on this node (1-indexed)"
-

misc/sim/treesim.go

@@ -1,459 +0,0 @@
-// +build !lint
-
-package main
-
-import (
-	"bufio"
-	"flag"
-	"fmt"
-	"os"
-	"runtime"
-	"runtime/pprof"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/gologme/log"
-
-	. "github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil"
-
-	. "github.com/yggdrasil-network/yggdrasil-go/src/crypto"
-)
-
-////////////////////////////////////////////////////////////////////////////////
-
-type Node struct {
-	index int
-	core  Core
-	send  chan<- []byte
-	recv  <-chan []byte
-}
-
-func (n *Node) init(index int) {
-	n.index = index
-	n.core.Init()
-	n.send = n.core.DEBUG_getSend()
-	n.recv = n.core.DEBUG_getRecv()
-	n.core.DEBUG_simFixMTU()
-}
-
-func (n *Node) printTraffic() {
-	for {
-		packet := <-n.recv
-		fmt.Println(n.index, packet)
-		//panic("Got a packet")
-	}
-}
-
-func (n *Node) startPeers() {
-	//for _, p := range n.core.Peers.Ports {
-	//  go p.MainLoop()
-	//}
-	//go n.printTraffic()
-	//n.core.Peers.DEBUG_startPeers()
-}
-
-func linkNodes(m, n *Node) {
-	// Don't allow duplicates
-	if m.core.DEBUG_getPeers().DEBUG_hasPeer(n.core.DEBUG_getSigningPublicKey()) {
-		return
-	}
-	// Create peers
-	// Buffering reduces packet loss in the sim
-	//  This slightly speeds up testing (fewer delays before retrying a ping)
-	pLinkPub, pLinkPriv := m.core.DEBUG_newBoxKeys()
-	qLinkPub, qLinkPriv := m.core.DEBUG_newBoxKeys()
-	p := m.core.DEBUG_getPeers().DEBUG_newPeer(n.core.DEBUG_getEncryptionPublicKey(),
-		n.core.DEBUG_getSigningPublicKey(), *m.core.DEBUG_getSharedKey(pLinkPriv, qLinkPub))
-	q := n.core.DEBUG_getPeers().DEBUG_newPeer(m.core.DEBUG_getEncryptionPublicKey(),
-		m.core.DEBUG_getSigningPublicKey(), *n.core.DEBUG_getSharedKey(qLinkPriv, pLinkPub))
-	DEBUG_simLinkPeers(p, q)
-	return
-}
-
-func makeStoreSquareGrid(sideLength int) map[int]*Node {
-	store := make(map[int]*Node)
-	nNodes := sideLength * sideLength
-	idxs := make([]int, 0, nNodes)
-	// TODO shuffle nodeIDs
-	for idx := 1; idx <= nNodes; idx++ {
-		idxs = append(idxs, idx)
-	}
-	for _, idx := range idxs {
-		node := &Node{}
-		node.init(idx)
-		store[idx] = node
-	}
-	for idx := 0; idx < nNodes; idx++ {
-		if (idx % sideLength) != 0 {
-			linkNodes(store[idxs[idx]], store[idxs[idx-1]])
-		}
-		if idx >= sideLength {
-			linkNodes(store[idxs[idx]], store[idxs[idx-sideLength]])
-		}
-	}
-	//for _, node := range store { node.initPorts() }
-	return store
-}
-
-func makeStoreStar(nNodes int) map[int]*Node {
-	store := make(map[int]*Node)
-	center := &Node{}
-	center.init(0)
-	store[0] = center
-	for idx := 1; idx < nNodes; idx++ {
-		node := &Node{}
-		node.init(idx)
-		store[idx] = node
-		linkNodes(center, node)
-	}
-	return store
-}
-
-func loadGraph(path string) map[int]*Node {
-	f, err := os.Open(path)
-	if err != nil {
-		panic(err)
-	}
-	defer f.Close()
-	store := make(map[int]*Node)
-	s := bufio.NewScanner(f)
-	for s.Scan() {
-		line := s.Text()
-		nodeIdxstrs := strings.Split(line, " ")
-		nodeIdx0, _ := strconv.Atoi(nodeIdxstrs[0])
-		nodeIdx1, _ := strconv.Atoi(nodeIdxstrs[1])
-		if store[nodeIdx0] == nil {
-			node := &Node{}
-			node.init(nodeIdx0)
-			store[nodeIdx0] = node
-		}
-		if store[nodeIdx1] == nil {
-			node := &Node{}
-			node.init(nodeIdx1)
-			store[nodeIdx1] = node
-		}
-		linkNodes(store[nodeIdx0], store[nodeIdx1])
-	}
-	//for _, node := range store { node.initPorts() }
-	return store
-}
-
-////////////////////////////////////////////////////////////////////////////////
-
-func startNetwork(store map[[32]byte]*Node) {
-	for _, node := range store {
-		node.startPeers()
-	}
-}
-
-func getKeyedStore(store map[int]*Node) map[[32]byte]*Node {
-	newStore := make(map[[32]byte]*Node)
-	for _, node := range store {
-		newStore[node.core.DEBUG_getSigningPublicKey()] = node
-	}
-	return newStore
-}
-
-func testPaths(store map[[32]byte]*Node) bool {
-	nNodes := len(store)
-	count := 0
-	for _, source := range store {
-		count++
-		fmt.Printf("Testing paths from node %d / %d (%d)\n", count, nNodes, source.index)
-		for _, dest := range store {
-			//if source == dest { continue }
-			destLoc := dest.core.DEBUG_getLocator()
-			coords := destLoc.DEBUG_getCoords()
-			temp := 0
-			ttl := ^uint64(0)
-			oldTTL := ttl
-			for here := source; here != dest; {
-				temp++
-				if temp > 4096 {
-					fmt.Println("Loop?")
-					time.Sleep(time.Second)
-					return false
-				}
-				nextPort := here.core.DEBUG_switchLookup(coords)
-				// First check if "here" is accepting packets from the previous node
-				// TODO explain how this works
-				ports := here.core.DEBUG_getPeers().DEBUG_getPorts()
-				nextPeer := ports[nextPort]
-				if nextPeer == nil {
-					fmt.Println("Peer associated with next port is nil")
-					return false
-				}
-				next := store[nextPeer.DEBUG_getSigKey()]
-				/*
-				   if next == here {
-				     //for idx, link := range here.links {
-				     //  fmt.Println("DUMP:", idx, link.nodeID)
-				     //}
-				     if nextPort != 0 { panic("This should not be") }
-				     fmt.Println("Failed to route:", source.index, here.index, dest.index, oldTTL, ttl)
-				     //here.table.DEBUG_dumpTable()
-				     //fmt.Println("Ports:", here.nodeID, here.ports)
-				     return false
-				     panic(fmt.Sprintln("Routing Loop:",
-				                        source.index,
-				                        here.index,
-				                        dest.index))
-				   }
-				*/
-				if temp > 4090 {
-					fmt.Println("DEBUG:",
-						source.index, source.core.DEBUG_getLocator(),
-						here.index, here.core.DEBUG_getLocator(),
-						dest.index, dest.core.DEBUG_getLocator())
-					//here.core.DEBUG_getSwitchTable().DEBUG_dumpTable()
-				}
-				if here != source {
-					// This is sufficient to check for routing loops or blackholes
-					//break
-				}
-				if here == next {
-					fmt.Println("Drop:", source.index, here.index, dest.index, oldTTL)
-					return false
-				}
-				here = next
-			}
-		}
-	}
-	return true
-}
-
-func stressTest(store map[[32]byte]*Node) {
-	fmt.Println("Stress testing network...")
-	nNodes := len(store)
-	dests := make([][]byte, 0, nNodes)
-	for _, dest := range store {
-		loc := dest.core.DEBUG_getLocator()
-		coords := loc.DEBUG_getCoords()
-		dests = append(dests, coords)
-	}
-	lookups := 0
-	start := time.Now()
-	for _, source := range store {
-		for _, coords := range dests {
-			source.core.DEBUG_switchLookup(coords)
-			lookups++
-		}
-	}
-	timed := time.Since(start)
-	fmt.Printf("%d lookups in %s (%f lookups per second)\n",
-		lookups,
-		timed,
-		float64(lookups)/timed.Seconds())
-}
-
-func pingNodes(store map[[32]byte]*Node) {
-	fmt.Println("Sending pings...")
-	nNodes := len(store)
-	count := 0
-	equiv := func(a []byte, b []byte) bool {
-		if len(a) != len(b) {
-			return false
-		}
-		for idx := 0; idx < len(a); idx++ {
-			if a[idx] != b[idx] {
-				return false
-			}
-		}
-		return true
-	}
-	for _, source := range store {
-		count++
-		//if count > 16 { break }
-		fmt.Printf("Sending packets from node %d/%d (%d)\n", count, nNodes, source.index)
-		sourceKey := source.core.DEBUG_getEncryptionPublicKey()
-		payload := sourceKey[:]
-		sourceAddr := source.core.DEBUG_getAddr()[:]
-		sendTo := func(bs []byte, destAddr []byte) {
-			packet := make([]byte, 40+len(bs))
-			copy(packet[8:24], sourceAddr)
-			copy(packet[24:40], destAddr)
-			copy(packet[40:], bs)
-			packet[0] = 6 << 4
-			source.send <- packet
-		}
-		destCount := 0
-		for _, dest := range store {
-			destCount += 1
-			fmt.Printf("%d Nodes, %d Send, %d Recv\n", nNodes, count, destCount)
-			if dest == source {
-				fmt.Println("Skipping self")
-				continue
-			}
-			destAddr := dest.core.DEBUG_getAddr()[:]
-			ticker := time.NewTicker(150 * time.Millisecond)
-			sendTo(payload, destAddr)
-			for loop := true; loop; {
-				select {
-				case packet := <-dest.recv:
-					{
-						if equiv(payload, packet[len(packet)-len(payload):]) {
-							loop = false
-						}
-					}
-				case <-ticker.C:
-					sendTo(payload, destAddr)
-					//dumpDHTSize(store) // note that this uses racey functions to read things...
-				}
-			}
-			ticker.Stop()
-		}
-		//break // Only try sending pings from 1 node
-		// This is because, for some reason, stopTun() doesn't always close it
-		// And if two tuns are up, bad things happen (sends via wrong interface)
-	}
-	fmt.Println("Finished pinging nodes")
-}
-
-func pingBench(store map[[32]byte]*Node) {
-	fmt.Println("Benchmarking pings...")
-	nPings := 0
-	payload := make([]byte, 1280+40) // MTU + ipv6 header
-	var timed time.Duration
-	//nNodes := len(store)
-	count := 0
-	for _, source := range store {
-		count++
-		//fmt.Printf("Sending packets from node %d/%d (%d)\n", count, nNodes, source.index)
-		getPing := func(key [32]byte, decodedCoords []byte) []byte {
-			// TODO write some function to do this the right way, put... somewhere...
-			coords := DEBUG_wire_encode_coords(decodedCoords)
-			packet := make([]byte, 0, len(key)+len(coords)+len(payload))
-			packet = append(packet, key[:]...)
-			packet = append(packet, coords...)
-			packet = append(packet, payload[:]...)
-			return packet
-		}
-		for _, dest := range store {
-			key := dest.core.DEBUG_getEncryptionPublicKey()
-			loc := dest.core.DEBUG_getLocator()
-			coords := loc.DEBUG_getCoords()
-			ping := getPing(key, coords)
-			// TODO make sure the session is open first
-			start := time.Now()
-			for i := 0; i < 1000000; i++ {
-				source.send <- ping
-				nPings++
-			}
-			timed += time.Since(start)
-			break
-		}
-		break
-	}
-	fmt.Printf("Sent %d pings in %s (%f per second)\n",
-		nPings,
-		timed,
-		float64(nPings)/timed.Seconds())
-}
-
-func dumpStore(store map[NodeID]*Node) {
-	for _, node := range store {
-		fmt.Println("DUMPSTORE:", node.index, node.core.DEBUG_getLocator())
-		node.core.DEBUG_getSwitchTable().DEBUG_dumpTable()
-	}
-}
-
-func dumpDHTSize(store map[[32]byte]*Node) {
-	var min, max, sum int
-	for _, node := range store {
-		num := node.core.DEBUG_getDHTSize()
-		min = num
-		max = num
-		break
-	}
-	for _, node := range store {
-		num := node.core.DEBUG_getDHTSize()
-		if num < min {
-			min = num
-		}
-		if num > max {
-			max = num
-		}
-		sum += num
-	}
-	avg := float64(sum) / float64(len(store))
-	fmt.Printf("DHT min %d / avg %f / max %d\n", min, avg, max)
-}
-
-func (n *Node) startTCP(listen string) {
-	n.core.DEBUG_setupAndStartGlobalTCPInterface(listen)
-}
-
-func (n *Node) connectTCP(remoteAddr string) {
-	n.core.AddPeer(remoteAddr, remoteAddr)
-}
-
-////////////////////////////////////////////////////////////////////////////////
-
-var cpuprofile = flag.String("cpuprofile", "", "write cpu profile `file`")
-var memprofile = flag.String("memprofile", "", "write memory profile to this file")
-
-func main() {
-	flag.Parse()
-	if *cpuprofile != "" {
-		f, err := os.Create(*cpuprofile)
-		if err != nil {
-			panic(fmt.Sprintf("could not create CPU profile: ", err))
-		}
-		if err := pprof.StartCPUProfile(f); err != nil {
-			panic(fmt.Sprintf("could not start CPU profile: ", err))
-		}
-		defer pprof.StopCPUProfile()
-	}
-	if *memprofile != "" {
-		f, err := os.Create(*memprofile)
-		if err != nil {
-			panic(fmt.Sprintf("could not create memory profile: ", err))
-		}
-		defer func() { pprof.WriteHeapProfile(f); f.Close() }()
-	}
-	fmt.Println("Test")
-	Util_testAddrIDMask()
-	idxstore := makeStoreSquareGrid(4)
-	//idxstore := makeStoreStar(256)
-	//idxstore := loadGraph("misc/sim/hype-2016-09-19.list")
-	//idxstore := loadGraph("misc/sim/fc00-2017-08-12.txt")
-	//idxstore := loadGraph("skitter")
-	kstore := getKeyedStore(idxstore)
-	//*
-	logger := log.New(os.Stderr, "", log.Flags())
-	for _, n := range kstore {
-		n.core.DEBUG_setLogger(logger)
-	}
-	//*/
-	startNetwork(kstore)
-	//time.Sleep(10*time.Second)
-	// Note that testPaths only works if pressure is turned off
-	//  Otherwise congestion can lead to routing loops?
-	for finished := false; !finished; {
-		finished = testPaths(kstore)
-	}
-	pingNodes(kstore)
-	//pingBench(kstore) // Only after disabling debug output
-	//stressTest(kstore)
-	//time.Sleep(120 * time.Second)
-	dumpDHTSize(kstore) // note that this uses racey functions to read things...
-	if false {
-		// This connects the sim to the local network
-		for _, node := range kstore {
-			node.startTCP("localhost:0")
-			node.connectTCP("localhost:12345")
-			break // just 1
-		}
-		for _, node := range kstore {
-			go func() {
-				// Just dump any packets sent to this node
-				for range node.recv {
-				}
-			}()
-		}
-		var block chan struct{}
-		<-block
-	}
-	runtime.GC()
-}

src/address/address.go

@@ -3,9 +3,7 @@
 package address
 
 import (
-	"fmt"
-
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
+	"crypto/ed25519"
 )
 
 // Address represents an IPv6 address in the yggdrasil address range.
@@ -45,25 +43,34 @@ func (s *Subnet) IsValid() bool {
 	return (*s)[l-1] == prefix[l-1]|0x01
 }
 
-// AddrForNodeID takes a *NodeID as an argument and returns an *Address.
+// AddrForKey takes an ed25519.PublicKey as an argument and returns an *Address.
+// This function returns nil if the key length is not ed25519.PublicKeySize.
 // This address begins with the contents of GetPrefix(), with the last bit set to 0 to indicate an address.
-// The following 8 bits are set to the number of leading 1 bits in the NodeID.
-// The NodeID, excluding the leading 1 bits and the first leading 0 bit, is truncated to the appropriate length and makes up the remainder of the address.
-func AddrForNodeID(nid *crypto.NodeID) *Address {
+// The following 8 bits are set to the number of leading 1 bits in the bitwise inverse of the public key.
+// The bitwise inverse of the key, excluding the leading 1 bits and the first leading 0 bit, is truncated to the appropriate length and makes up the remainder of the address.
+func AddrForKey(publicKey ed25519.PublicKey) *Address {
 	// 128 bit address
 	// Begins with prefix
 	// Next bit is a 0
 	// Next 7 bits, interpreted as a uint, are # of leading 1s in the NodeID
 	// Leading 1s and first leading 0 of the NodeID are truncated off
 	// The rest is appended to the IPv6 address (truncated to 128 bits total)
+	if len(publicKey) != ed25519.PublicKeySize {
+		return nil
+	}
+	var buf [ed25519.PublicKeySize]byte
+	copy(buf[:], publicKey)
+	for idx := range buf {
+		buf[idx] = ^buf[idx]
+	}
 	var addr Address
-	var temp []byte
+	var temp = make([]byte, 0, 32)
 	done := false
 	ones := byte(0)
 	bits := byte(0)
 	nBits := 0
-	for idx := 0; idx < 8*len(nid); idx++ {
-		bit := (nid[idx/8] & (0x80 >> byte(idx%8))) >> byte(7-(idx%8))
+	for idx := 0; idx < 8*len(buf); idx++ {
+		bit := (buf[idx/8] & (0x80 >> byte(idx%8))) >> byte(7-(idx%8))
 		if !done && bit != 0 {
 			ones++
 			continue
@@ -86,91 +93,58 @@ func AddrForNodeID(nid *crypto.NodeID) *Address {
 	return &addr
 }
 
-// SubnetForNodeID takes a *NodeID as an argument and returns an *Address.
-// This subnet begins with the address prefix, with the last bit set to 1 to indicate a prefix.
-// The following 8 bits are set to the number of leading 1 bits in the NodeID.
-// The NodeID, excluding the leading 1 bits and the first leading 0 bit, is truncated to the appropriate length and makes up the remainder of the subnet.
-func SubnetForNodeID(nid *crypto.NodeID) *Subnet {
+// SubnetForKey takes an ed25519.PublicKey as an argument and returns a *Subnet.
+// This function returns nil if the key length is not ed25519.PublicKeySize.
+// The subnet begins with the address prefix, with the last bit set to 1 to indicate a prefix.
+// The following 8 bits are set to the number of leading 1 bits in the bitwise inverse of the key.
+// The bitwise inverse of the key, excluding the leading 1 bits and the first leading 0 bit, is truncated to the appropriate length and makes up the remainder of the subnet.
+func SubnetForKey(publicKey ed25519.PublicKey) *Subnet {
 	// Exactly as the address version, with two exceptions:
 	//  1) The first bit after the fixed prefix is a 1 instead of a 0
 	//  2) It's truncated to a subnet prefix length instead of 128 bits
-	addr := *AddrForNodeID(nid)
+	addr := AddrForKey(publicKey)
+	if addr == nil {
+		return nil
+	}
 	var snet Subnet
 	copy(snet[:], addr[:])
-	prefix := GetPrefix()
+	prefix := GetPrefix() // nolint:staticcheck
 	snet[len(prefix)-1] |= 0x01
 	return &snet
 }
 
-// GetNodeIDandMask returns two *NodeID.
-// The first is a NodeID with all the bits known from the Address set to their correct values.
-// The second is a bitmask with 1 bit set for each bit that was known from the Address.
-// This is used to look up NodeIDs in the DHT and tell if they match an Address.
-func (a *Address) GetNodeIDandMask() (*crypto.NodeID, *crypto.NodeID) {
-	// Mask is a bitmask to mark the bits visible from the address
-	// This means truncated leading 1s, first leading 0, and visible part of addr
-	var nid crypto.NodeID
-	var mask crypto.NodeID
-	prefix := GetPrefix()
+// GetKet returns the partial ed25519.PublicKey for the Address.
+// This is used for key lookup.
+func (a *Address) GetKey() ed25519.PublicKey {
+	var key [ed25519.PublicKeySize]byte
+	prefix := GetPrefix() // nolint:staticcheck
 	ones := int(a[len(prefix)])
 	for idx := 0; idx < ones; idx++ {
-		nid[idx/8] |= 0x80 >> byte(idx%8)
+		key[idx/8] |= 0x80 >> byte(idx%8)
 	}
-	nidOffset := ones + 1
+	keyOffset := ones + 1
 	addrOffset := 8*len(prefix) + 8
 	for idx := addrOffset; idx < 8*len(a); idx++ {
 		bits := a[idx/8] & (0x80 >> byte(idx%8))
 		bits <<= byte(idx % 8)
-		nidIdx := nidOffset + (idx - addrOffset)
-		bits >>= byte(nidIdx % 8)
-		nid[nidIdx/8] |= bits
+		keyIdx := keyOffset + (idx - addrOffset)
+		bits >>= byte(keyIdx % 8)
+		idx := keyIdx / 8
+		if idx >= len(key) {
+			break
+		}
+		key[idx] |= bits
 	}
-	maxMask := 8*(len(a)-len(prefix)-1) + ones + 1
-	for idx := 0; idx < maxMask; idx++ {
-		mask[idx/8] |= 0x80 >> byte(idx%8)
+	for idx := range key {
+		key[idx] = ^key[idx]
 	}
-	return &nid, &mask
+	return ed25519.PublicKey(key[:])
 }
 
-// GetNodeIDLengthString returns a string representation of the known bits of the NodeID, along with the number of known bits, for use with yggdrasil.Dialer's Dial and DialContext functions.
-func (a *Address) GetNodeIDLengthString() string {
-	nid, mask := a.GetNodeIDandMask()
-	l := mask.PrefixLength()
-	return fmt.Sprintf("%s/%d", nid.String(), l)
-}
-
-// GetNodeIDandMask returns two *NodeID.
-// The first is a NodeID with all the bits known from the Subnet set to their correct values.
-// The second is a bitmask with 1 bit set for each bit that was known from the Subnet.
-// This is used to look up NodeIDs in the DHT and tell if they match a Subnet.
-func (s *Subnet) GetNodeIDandMask() (*crypto.NodeID, *crypto.NodeID) {
-	// As with the address version, but visible parts of the subnet prefix instead
-	var nid crypto.NodeID
-	var mask crypto.NodeID
-	prefix := GetPrefix()
-	ones := int(s[len(prefix)])
-	for idx := 0; idx < ones; idx++ {
-		nid[idx/8] |= 0x80 >> byte(idx%8)
-	}
-	nidOffset := ones + 1
-	addrOffset := 8*len(prefix) + 8
-	for idx := addrOffset; idx < 8*len(s); idx++ {
-		bits := s[idx/8] & (0x80 >> byte(idx%8))
-		bits <<= byte(idx % 8)
-		nidIdx := nidOffset + (idx - addrOffset)
-		bits >>= byte(nidIdx % 8)
-		nid[nidIdx/8] |= bits
-	}
-	maxMask := 8*(len(s)-len(prefix)-1) + ones + 1
-	for idx := 0; idx < maxMask; idx++ {
-		mask[idx/8] |= 0x80 >> byte(idx%8)
-	}
-	return &nid, &mask
-}
-
-// GetNodeIDLengthString returns a string representation of the known bits of the NodeID, along with the number of known bits, for use with yggdrasil.Dialer's Dial and DialContext functions.
-func (s *Subnet) GetNodeIDLengthString() string {
-	nid, mask := s.GetNodeIDandMask()
-	l := mask.PrefixLength()
-	return fmt.Sprintf("%s/%d", nid.String(), l)
+// GetKet returns the partial ed25519.PublicKey for the Subnet.
+// This is used for key lookup.
+func (s *Subnet) GetKey() ed25519.PublicKey {
+	var addr Address
+	copy(addr[:], s[:])
+	return addr.GetKey()
 }

src/address/address_test.go

@@ -0,0 +1,114 @@
+package address
+
+import (
+	"bytes"
+	"crypto/ed25519"
+	"math/rand"
+	"testing"
+)
+
+func TestAddress_Address_IsValid(t *testing.T) {
+	var address Address
+	rand.Read(address[:])
+
+	address[0] = 0
+
+	if address.IsValid() {
+		t.Fatal("invalid address marked as valid")
+	}
+
+	address[0] = 0x03
+
+	if address.IsValid() {
+		t.Fatal("invalid address marked as valid")
+	}
+
+	address[0] = 0x02
+
+	if !address.IsValid() {
+		t.Fatal("valid address marked as invalid")
+	}
+}
+
+func TestAddress_Subnet_IsValid(t *testing.T) {
+	var subnet Subnet
+	rand.Read(subnet[:])
+
+	subnet[0] = 0
+
+	if subnet.IsValid() {
+		t.Fatal("invalid subnet marked as valid")
+	}
+
+	subnet[0] = 0x02
+
+	if subnet.IsValid() {
+		t.Fatal("invalid subnet marked as valid")
+	}
+
+	subnet[0] = 0x03
+
+	if !subnet.IsValid() {
+		t.Fatal("valid subnet marked as invalid")
+	}
+}
+
+func TestAddress_AddrForKey(t *testing.T) {
+	publicKey := ed25519.PublicKey{
+		189, 186, 207, 216, 34, 64, 222, 61, 205, 18, 57, 36, 203, 181, 82, 86,
+		251, 141, 171, 8, 170, 152, 227, 5, 82, 138, 184, 79, 65, 158, 110, 251,
+	}
+
+	expectedAddress := Address{
+		2, 0, 132, 138, 96, 79, 187, 126, 67, 132, 101, 219, 141, 182, 104, 149,
+	}
+
+	if *AddrForKey(publicKey) != expectedAddress {
+		t.Fatal("invalid address returned")
+	}
+}
+
+func TestAddress_SubnetForKey(t *testing.T) {
+	publicKey := ed25519.PublicKey{
+		189, 186, 207, 216, 34, 64, 222, 61, 205, 18, 57, 36, 203, 181, 82, 86,
+		251, 141, 171, 8, 170, 152, 227, 5, 82, 138, 184, 79, 65, 158, 110, 251,
+	}
+
+	expectedSubnet := Subnet{3, 0, 132, 138, 96, 79, 187, 126}
+
+	if *SubnetForKey(publicKey) != expectedSubnet {
+		t.Fatal("invalid subnet returned")
+	}
+}
+
+func TestAddress_Address_GetKey(t *testing.T) {
+	address := Address{
+		2, 0, 132, 138, 96, 79, 187, 126, 67, 132, 101, 219, 141, 182, 104, 149,
+	}
+
+	expectedPublicKey := ed25519.PublicKey{
+		189, 186, 207, 216, 34, 64, 222, 61,
+		205, 18, 57, 36, 203, 181, 127, 255,
+		255, 255, 255, 255, 255, 255, 255, 255,
+		255, 255, 255, 255, 255, 255, 255, 255,
+	}
+
+	if !bytes.Equal(address.GetKey(), expectedPublicKey) {
+		t.Fatal("invalid public key returned")
+	}
+}
+
+func TestAddress_Subnet_GetKey(t *testing.T) {
+	subnet := Subnet{3, 0, 132, 138, 96, 79, 187, 126}
+
+	expectedPublicKey := ed25519.PublicKey{
+		189, 186, 207, 216, 34, 64, 255, 255,
+		255, 255, 255, 255, 255, 255, 255, 255,
+		255, 255, 255, 255, 255, 255, 255, 255,
+		255, 255, 255, 255, 255, 255, 255, 255,
+	}
+
+	if !bytes.Equal(subnet.GetKey(), expectedPublicKey) {
+		t.Fatal("invalid public key returned")
+	}
+}

src/admin/admin.go

@@ -1,48 +1,57 @@
 package admin
 
 import (
-	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"net"
 	"net/url"
 	"os"
-	"strconv"
+
 	"strings"
 	"time"
 
 	"github.com/gologme/log"
 
-	"github.com/yggdrasil-network/yggdrasil-go/src/address"
 	"github.com/yggdrasil-network/yggdrasil-go/src/config"
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
-	"github.com/yggdrasil-network/yggdrasil-go/src/util"
-	"github.com/yggdrasil-network/yggdrasil-go/src/version"
-	"github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil"
+	"github.com/yggdrasil-network/yggdrasil-go/src/core"
 )
 
 // TODO: Add authentication
 
 type AdminSocket struct {
-	core       *yggdrasil.Core
+	core       *core.Core
 	log        *log.Logger
 	listenaddr string
 	listener   net.Listener
 	handlers   map[string]handler
-	started    bool
+	done       chan struct{}
 }
 
-// Info refers to information that is returned to the admin socket handler.
-type Info map[string]interface{}
+type AdminSocketResponse struct {
+	Status  string `json:"status"`
+	Request struct {
+		Name      string `json:"request"`
+		KeepAlive bool   `json:"keepalive"`
+	} `json:"request"`
+	Response interface{} `json:"response"`
+}
 
 type handler struct {
-	args    []string                 // List of human-readable argument names
-	handler func(Info) (Info, error) // First is input map, second is output
+	args    []string            // List of human-readable argument names
+	handler core.AddHandlerFunc // First is input map, second is output
+}
+
+type ListResponse struct {
+	List map[string]ListEntry `json:"list"`
+}
+
+type ListEntry struct {
+	Fields []string `json:"fields"`
 }
 
 // AddHandler is called for each admin function to add the handler and help documentation to the API.
-func (a *AdminSocket) AddHandler(name string, args []string, handlerfunc func(Info) (Info, error)) error {
+func (a *AdminSocket) AddHandler(name string, args []string, handlerfunc core.AddHandlerFunc) error {
 	if _, ok := a.handlers[strings.ToLower(name)]; ok {
 		return errors.New("handler already exists")
 	}
@@ -54,304 +63,120 @@ func (a *AdminSocket) AddHandler(name string, args []string, handlerfunc func(In
 }
 
 // Init runs the initial admin setup.
-func (a *AdminSocket) Init(c *yggdrasil.Core, state *config.NodeState, log *log.Logger, options interface{}) error {
+func (a *AdminSocket) Init(c *core.Core, nc *config.NodeConfig, log *log.Logger, options interface{}) error {
 	a.core = c
 	a.log = log
 	a.handlers = make(map[string]handler)
-	current := state.GetCurrent()
-	a.listenaddr = current.AdminListen
-	a.AddHandler("list", []string{}, func(in Info) (Info, error) {
-		handlers := make(map[string]interface{})
-		for handlername, handler := range a.handlers {
-			handlers[handlername] = Info{"fields": handler.args}
+	nc.RLock()
+	a.listenaddr = nc.AdminListen
+	nc.RUnlock()
+	a.done = make(chan struct{})
+	close(a.done) // Start in a done / not-started state
+	_ = a.AddHandler("list", []string{}, func(_ json.RawMessage) (interface{}, error) {
+		res := &ListResponse{
+			List: map[string]ListEntry{},
 		}
-		return Info{"list": handlers}, nil
+		for name, handler := range a.handlers {
+			res.List[name] = ListEntry{
+				Fields: handler.args,
+			}
+		}
+		return res, nil
 	})
-	return nil
-}
-
-func (a *AdminSocket) UpdateConfig(config *config.NodeConfig) {
-	a.log.Debugln("Reloading admin configuration...")
-	if a.listenaddr != config.AdminListen {
-		a.listenaddr = config.AdminListen
-		if a.IsStarted() {
-			a.Stop()
-		}
-		a.Start()
-	}
+	return a.core.SetAdmin(a)
 }
 
 func (a *AdminSocket) SetupAdminHandlers(na *AdminSocket) {
-	a.AddHandler("getSelf", []string{}, func(in Info) (Info, error) {
-		ip := a.core.Address().String()
-		subnet := a.core.Subnet()
-		return Info{
-			"self": Info{
-				ip: Info{
-					"box_pub_key":   a.core.EncryptionPublicKey(),
-					"build_name":    version.BuildName(),
-					"build_version": version.BuildVersion(),
-					"coords":        fmt.Sprintf("%v", a.core.Coords()),
-					"subnet":        subnet.String(),
-				},
-			},
-		}, nil
+	_ = a.AddHandler("getSelf", []string{}, func(in json.RawMessage) (interface{}, error) {
+		req := &GetSelfRequest{}
+		res := &GetSelfResponse{}
+		if err := json.Unmarshal(in, &req); err != nil {
+			return nil, err
+		}
+		if err := a.getSelfHandler(req, res); err != nil {
+			return nil, err
+		}
+		return res, nil
 	})
-	a.AddHandler("getPeers", []string{}, func(in Info) (Info, error) {
-		peers := make(Info)
-		for _, p := range a.core.GetPeers() {
-			addr := *address.AddrForNodeID(crypto.GetNodeID(&p.PublicKey))
-			so := net.IP(addr[:]).String()
-			peers[so] = Info{
-				"port":        p.Port,
-				"uptime":      p.Uptime.Seconds(),
-				"bytes_sent":  p.BytesSent,
-				"bytes_recvd": p.BytesRecvd,
-				"proto":       p.Protocol,
-				"endpoint":    p.Endpoint,
-				"box_pub_key": hex.EncodeToString(p.PublicKey[:]),
-			}
+	_ = a.AddHandler("getPeers", []string{}, func(in json.RawMessage) (interface{}, error) {
+		req := &GetPeersRequest{}
+		res := &GetPeersResponse{}
+		if err := json.Unmarshal(in, &req); err != nil {
+			return nil, err
 		}
-		return Info{"peers": peers}, nil
+		if err := a.getPeersHandler(req, res); err != nil {
+			return nil, err
+		}
+		return res, nil
 	})
-	a.AddHandler("getSwitchPeers", []string{}, func(in Info) (Info, error) {
-		switchpeers := make(Info)
-		for _, s := range a.core.GetSwitchPeers() {
-			addr := *address.AddrForNodeID(crypto.GetNodeID(&s.PublicKey))
-			so := fmt.Sprint(s.Port)
-			switchpeers[so] = Info{
-				"ip":          net.IP(addr[:]).String(),
-				"coords":      fmt.Sprintf("%v", s.Coords),
-				"port":        s.Port,
-				"bytes_sent":  s.BytesSent,
-				"bytes_recvd": s.BytesRecvd,
-				"proto":       s.Protocol,
-				"endpoint":    s.Endpoint,
-				"box_pub_key": hex.EncodeToString(s.PublicKey[:]),
-			}
+	_ = a.AddHandler("getDHT", []string{}, func(in json.RawMessage) (interface{}, error) {
+		req := &GetDHTRequest{}
+		res := &GetDHTResponse{}
+		if err := json.Unmarshal(in, &req); err != nil {
+			return nil, err
 		}
-		return Info{"switchpeers": switchpeers}, nil
+		if err := a.getDHTHandler(req, res); err != nil {
+			return nil, err
+		}
+		return res, nil
 	})
-	/*
-		a.AddHandler("getSwitchQueues", []string{}, func(in Info) (Info, error) {
-			queues := a.core.GetSwitchQueues()
-			return Info{"switchqueues": queues.asMap()}, nil
-		})
-	*/
-	a.AddHandler("getDHT", []string{}, func(in Info) (Info, error) {
-		dht := make(Info)
-		for _, d := range a.core.GetDHT() {
-			addr := *address.AddrForNodeID(crypto.GetNodeID(&d.PublicKey))
-			so := net.IP(addr[:]).String()
-			dht[so] = Info{
-				"coords":      fmt.Sprintf("%v", d.Coords),
-				"last_seen":   d.LastSeen.Seconds(),
-				"box_pub_key": hex.EncodeToString(d.PublicKey[:]),
-			}
+	_ = a.AddHandler("getPaths", []string{}, func(in json.RawMessage) (interface{}, error) {
+		req := &GetPathsRequest{}
+		res := &GetPathsResponse{}
+		if err := json.Unmarshal(in, &req); err != nil {
+			return nil, err
 		}
-		return Info{"dht": dht}, nil
+		if err := a.getPathsHandler(req, res); err != nil {
+			return nil, err
+		}
+		return res, nil
 	})
-	a.AddHandler("getSessions", []string{}, func(in Info) (Info, error) {
-		sessions := make(Info)
-		for _, s := range a.core.GetSessions() {
-			addr := *address.AddrForNodeID(crypto.GetNodeID(&s.PublicKey))
-			so := net.IP(addr[:]).String()
-			sessions[so] = Info{
-				"coords":        fmt.Sprintf("%v", s.Coords),
-				"bytes_sent":    s.BytesSent,
-				"bytes_recvd":   s.BytesRecvd,
-				"mtu":           s.MTU,
-				"uptime":        s.Uptime.Seconds(),
-				"was_mtu_fixed": s.WasMTUFixed,
-				"box_pub_key":   hex.EncodeToString(s.PublicKey[:]),
-			}
+	_ = a.AddHandler("getSessions", []string{}, func(in json.RawMessage) (interface{}, error) {
+		req := &GetSessionsRequest{}
+		res := &GetSessionsResponse{}
+		if err := json.Unmarshal(in, &req); err != nil {
+			return nil, err
 		}
-		return Info{"sessions": sessions}, nil
-	})
-	a.AddHandler("addPeer", []string{"uri", "[interface]"}, func(in Info) (Info, error) {
-		// Set sane defaults
-		intf := ""
-		// Has interface been specified?
-		if itf, ok := in["interface"]; ok {
-			intf = itf.(string)
-		}
-		if a.core.AddPeer(in["uri"].(string), intf) == nil {
-			return Info{
-				"added": []string{
-					in["uri"].(string),
-				},
-			}, nil
-		}
-		return Info{
-			"not_added": []string{
-				in["uri"].(string),
-			},
-		}, errors.New("Failed to add peer")
-	})
-	a.AddHandler("disconnectPeer", []string{"port"}, func(in Info) (Info, error) {
-		port, err := strconv.ParseInt(fmt.Sprint(in["port"]), 10, 64)
-		if err != nil {
-			return Info{}, err
-		}
-		if a.core.DisconnectPeer(uint64(port)) == nil {
-			return Info{
-				"disconnected": []string{
-					fmt.Sprint(port),
-				},
-			}, nil
-		} else {
-			return Info{
-				"not_disconnected": []string{
-					fmt.Sprint(port),
-				},
-			}, errors.New("Failed to disconnect peer")
-		}
-	})
-	a.AddHandler("removePeer", []string{"uri", "[interface]"}, func(in Info) (Info, error) {
-		// Set sane defaults
-		intf := ""
-		// Has interface been specified?
-		if itf, ok := in["interface"]; ok {
-			intf = itf.(string)
-		}
-		if a.core.RemovePeer(in["uri"].(string), intf) == nil {
-			return Info{
-				"removed": []string{
-					in["uri"].(string),
-				},
-			}, nil
-		} else {
-			return Info{
-				"not_removed": []string{
-					in["uri"].(string),
-				},
-			}, errors.New("Failed to remove peer")
-		}
-		return Info{
-			"not_removed": []string{
-				in["uri"].(string),
-			},
-		}, errors.New("Failed to remove peer")
-	})
-	a.AddHandler("getAllowedEncryptionPublicKeys", []string{}, func(in Info) (Info, error) {
-		return Info{"allowed_box_pubs": a.core.GetAllowedEncryptionPublicKeys()}, nil
-	})
-	a.AddHandler("addAllowedEncryptionPublicKey", []string{"box_pub_key"}, func(in Info) (Info, error) {
-		if a.core.AddAllowedEncryptionPublicKey(in["box_pub_key"].(string)) == nil {
-			return Info{
-				"added": []string{
-					in["box_pub_key"].(string),
-				},
-			}, nil
-		}
-		return Info{
-			"not_added": []string{
-				in["box_pub_key"].(string),
-			},
-		}, errors.New("Failed to add allowed key")
-	})
-	a.AddHandler("removeAllowedEncryptionPublicKey", []string{"box_pub_key"}, func(in Info) (Info, error) {
-		if a.core.RemoveAllowedEncryptionPublicKey(in["box_pub_key"].(string)) == nil {
-			return Info{
-				"removed": []string{
-					in["box_pub_key"].(string),
-				},
-			}, nil
-		}
-		return Info{
-			"not_removed": []string{
-				in["box_pub_key"].(string),
-			},
-		}, errors.New("Failed to remove allowed key")
-	})
-	a.AddHandler("dhtPing", []string{"box_pub_key", "coords", "[target]"}, func(in Info) (Info, error) {
-		var reserr error
-		var result yggdrasil.DHTRes
-		if in["target"] == nil {
-			in["target"] = "none"
-		}
-		coords := util.DecodeCoordString(in["coords"].(string))
-		var boxPubKey crypto.BoxPubKey
-		if b, err := hex.DecodeString(in["box_pub_key"].(string)); err == nil {
-			copy(boxPubKey[:], b)
-			if n, err := hex.DecodeString(in["target"].(string)); err == nil {
-				var targetNodeID crypto.NodeID
-				copy(targetNodeID[:], n)
-				result, reserr = a.core.DHTPing(boxPubKey, coords, &targetNodeID)
-			} else {
-				result, reserr = a.core.DHTPing(boxPubKey, coords, nil)
-			}
-		} else {
-			return Info{}, err
-		}
-		if reserr != nil {
-			return Info{}, reserr
-		}
-		infos := make(map[string]map[string]string, len(result.Infos))
-		for _, dinfo := range result.Infos {
-			info := map[string]string{
-				"box_pub_key": hex.EncodeToString(dinfo.PublicKey[:]),
-				"coords":      fmt.Sprintf("%v", dinfo.Coords),
-			}
-			addr := net.IP(address.AddrForNodeID(crypto.GetNodeID(&dinfo.PublicKey))[:]).String()
-			infos[addr] = info
-		}
-		return Info{"nodes": infos}, nil
-	})
-	a.AddHandler("getNodeInfo", []string{"[box_pub_key]", "[coords]", "[nocache]"}, func(in Info) (Info, error) {
-		var nocache bool
-		if in["nocache"] != nil {
-			nocache = in["nocache"].(string) == "true"
-		}
-		var boxPubKey crypto.BoxPubKey
-		var coords []uint64
-		if in["box_pub_key"] == nil && in["coords"] == nil {
-			nodeinfo := a.core.MyNodeInfo()
-			var jsoninfo interface{}
-			if err := json.Unmarshal(nodeinfo, &jsoninfo); err != nil {
-				return Info{}, err
-			}
-			return Info{"nodeinfo": jsoninfo}, nil
-		} else if in["box_pub_key"] == nil || in["coords"] == nil {
-			return Info{}, errors.New("Expecting both box_pub_key and coords")
-		} else {
-			if b, err := hex.DecodeString(in["box_pub_key"].(string)); err == nil {
-				copy(boxPubKey[:], b)
-			} else {
-				return Info{}, err
-			}
-			coords = util.DecodeCoordString(in["coords"].(string))
-		}
-		result, err := a.core.GetNodeInfo(boxPubKey, coords, nocache)
-		if err == nil {
-			var m map[string]interface{}
-			if err = json.Unmarshal(result, &m); err == nil {
-				return Info{"nodeinfo": m}, nil
-			}
-			return Info{}, err
-		}
-		return Info{}, err
+		if err := a.getSessionsHandler(req, res); err != nil {
+			return nil, err
+		}
+		return res, nil
 	})
+	//_ = a.AddHandler("getNodeInfo", []string{"key"}, t.proto.nodeinfo.nodeInfoAdminHandler)
+	//_ = a.AddHandler("debug_remoteGetSelf", []string{"key"}, t.proto.getSelfHandler)
+	//_ = a.AddHandler("debug_remoteGetPeers", []string{"key"}, t.proto.getPeersHandler)
+	//_ = a.AddHandler("debug_remoteGetDHT", []string{"key"}, t.proto.getDHTHandler)
 }
 
 // Start runs the admin API socket to listen for / respond to admin API calls.
 func (a *AdminSocket) Start() error {
 	if a.listenaddr != "none" && a.listenaddr != "" {
+		a.done = make(chan struct{})
 		go a.listen()
-		a.started = true
 	}
 	return nil
 }
 
 // IsStarted returns true if the module has been started.
 func (a *AdminSocket) IsStarted() bool {
-	return a.started
+	select {
+	case <-a.done:
+		// Not blocking, so we're not currently running
+		return false
+	default:
+		// Blocked, so we must have started
+		return true
+	}
 }
 
 // Stop will stop the admin API and close the socket.
 func (a *AdminSocket) Stop() error {
 	if a.listener != nil {
-		a.started = false
+		select {
+		case <-a.done:
+		default:
+			close(a.done)
+		}
 		return a.listener.Close()
 	}
 	return nil
@@ -408,6 +233,14 @@ func (a *AdminSocket) listen() {
 		conn, err := a.listener.Accept()
 		if err == nil {
 			go a.handleRequest(conn)
+		} else {
+			select {
+			case <-a.done:
+				// Not blocked, so we havent started or already stopped
+				return
+			default:
+				// Blocked, so we're supposed to keep running
+			}
 		}
 	}
 }
@@ -415,20 +248,20 @@ func (a *AdminSocket) listen() {
 // handleRequest calls the request handler for each request sent to the admin API.
 func (a *AdminSocket) handleRequest(conn net.Conn) {
 	decoder := json.NewDecoder(conn)
+	decoder.DisallowUnknownFields()
+
 	encoder := json.NewEncoder(conn)
 	encoder.SetIndent("", "  ")
-	recv := make(Info)
-	send := make(Info)
+
+	defer conn.Close()
 
 	defer func() {
 		r := recover()
 		if r != nil {
-			send = Info{
-				"status": "error",
-				"error":  "Check your syntax and input types",
-			}
 			a.log.Debugln("Admin socket error:", r)
-			if err := encoder.Encode(&send); err != nil {
+			if err := encoder.Encode(&ErrorResponse{
+				Error: "Check your syntax and input types",
+			}); err != nil {
 				a.log.Debugln("Admin socket JSON encode error:", err)
 			}
 			conn.Close()
@@ -436,83 +269,39 @@ func (a *AdminSocket) handleRequest(conn net.Conn) {
 	}()
 
 	for {
-		// Start with a clean slate on each request
-		recv = Info{}
-		send = Info{}
-
-		// Decode the input
-		if err := decoder.Decode(&recv); err != nil {
-			a.log.Debugln("Admin socket JSON decode error:", err)
-			return
-		}
-
-		// Send the request back with the response, and default to "error"
-		// unless the status is changed below by one of the handlers
-		send["request"] = recv
-		send["status"] = "error"
-
-		n := strings.ToLower(recv["request"].(string))
-
-		if _, ok := recv["request"]; !ok {
-			send["error"] = "No request sent"
-			goto respond
-		}
-
-		if h, ok := a.handlers[n]; ok {
-			// Check that we have all the required arguments
-			for _, arg := range h.args {
-				// An argument in [square brackets] is optional and not required,
-				// so we can safely ignore those
-				if strings.HasPrefix(arg, "[") && strings.HasSuffix(arg, "]") {
-					continue
+		var err error
+		var buf json.RawMessage
+		_ = decoder.Decode(&buf)
+		var resp AdminSocketResponse
+		resp.Status = "success"
+		if err = json.Unmarshal(buf, &resp.Request); err == nil {
+			if resp.Request.Name == "" {
+				resp.Status = "error"
+				resp.Response = &ErrorResponse{
+					Error: "No request specified",
 				}
-				// Check if the field is missing
-				if _, ok := recv[arg]; !ok {
-					send = Info{
-						"status":    "error",
-						"error":     "Expected field missing: " + arg,
-						"expecting": arg,
+			} else if h, ok := a.handlers[strings.ToLower(resp.Request.Name)]; ok {
+				resp.Response, err = h.handler(buf)
+				if err != nil {
+					resp.Status = "error"
+					resp.Response = &ErrorResponse{
+						Error: err.Error(),
 					}
-					goto respond
-				}
-			}
-
-			// By this point we should have all the fields we need, so call
-			// the handler
-			response, err := h.handler(recv)
-			if err != nil {
-				send["error"] = err.Error()
-				if response != nil {
-					send["response"] = response
-					goto respond
 				}
 			} else {
-				send["status"] = "success"
-				if response != nil {
-					send["response"] = response
-					goto respond
+				resp.Status = "error"
+				resp.Response = &ErrorResponse{
+					Error: fmt.Sprintf("Unknown action '%s', try 'list' for help", resp.Request.Name),
 				}
 			}
+		}
+		if err = encoder.Encode(resp); err != nil {
+			a.log.Debugln("Encode error:", err)
+		}
+		if !resp.Request.KeepAlive {
+			break
 		} else {
-			// Start with a clean response on each request, which defaults to an error
-			// state. If a handler is found below then this will be overwritten
-			send = Info{
-				"request": recv,
-				"status":  "error",
-				"error":   fmt.Sprintf("Unknown action '%s', try 'list' for help", recv["request"].(string)),
-			}
-			goto respond
-		}
-
-		// Send the response back
-	respond:
-		if err := encoder.Encode(&send); err != nil {
-			return
-		}
-
-		// If "keepalive" isn't true then close the connection
-		if keepalive, ok := recv["keepalive"]; !ok || !keepalive.(bool) {
-			conn.Close()
+			continue
 		}
 	}
 }

src/admin/error.go

@@ -0,0 +1,5 @@
+package admin
+
+type ErrorResponse struct {
+	Error string `json:"error"`
+}

src/admin/getdht.go

@@ -0,0 +1,34 @@
+package admin
+
+import (
+	"encoding/hex"
+	"net"
+
+	"github.com/yggdrasil-network/yggdrasil-go/src/address"
+)
+
+type GetDHTRequest struct{}
+
+type GetDHTResponse struct {
+	DHT map[string]DHTEntry `json:"dht"`
+}
+
+type DHTEntry struct {
+	PublicKey string `json:"key"`
+	Port      uint64 `json:"port"`
+	Rest      uint64 `json:"rest"`
+}
+
+func (a *AdminSocket) getDHTHandler(req *GetDHTRequest, res *GetDHTResponse) error {
+	res.DHT = map[string]DHTEntry{}
+	for _, d := range a.core.GetDHT() {
+		addr := address.AddrForKey(d.Key)
+		so := net.IP(addr[:]).String()
+		res.DHT[so] = DHTEntry{
+			PublicKey: hex.EncodeToString(d.Key[:]),
+			Port:      d.Port,
+			Rest:      d.Rest,
+		}
+	}
+	return nil
+}

src/admin/getpaths.go

@@ -0,0 +1,33 @@
+package admin
+
+import (
+	"encoding/hex"
+	"net"
+
+	"github.com/yggdrasil-network/yggdrasil-go/src/address"
+)
+
+type GetPathsRequest struct {
+}
+
+type GetPathsResponse struct {
+	Paths map[string]PathEntry `json:"paths"`
+}
+
+type PathEntry struct {
+	PublicKey string   `json:"key"`
+	Path      []uint64 `json:"path"`
+}
+
+func (a *AdminSocket) getPathsHandler(req *GetPathsRequest, res *GetPathsResponse) error {
+	res.Paths = map[string]PathEntry{}
+	for _, p := range a.core.GetPaths() {
+		addr := address.AddrForKey(p.Key)
+		so := net.IP(addr[:]).String()
+		res.Paths[so] = PathEntry{
+			PublicKey: hex.EncodeToString(p.Key),
+			Path:      p.Path,
+		}
+	}
+	return nil
+}

src/admin/getpeers.go

@@ -0,0 +1,43 @@
+package admin
+
+import (
+	"encoding/hex"
+	"net"
+
+	"github.com/yggdrasil-network/yggdrasil-go/src/address"
+)
+
+type GetPeersRequest struct {
+}
+
+type GetPeersResponse struct {
+	Peers map[string]PeerEntry `json:"peers"`
+}
+
+type PeerEntry struct {
+	PublicKey string   `json:"key"`
+	Port      uint64   `json:"port"`
+	Coords    []uint64 `json:"coords"`
+	Remote    string   `json:"remote"`
+	RXBytes   uint64   `json:"bytes_recvd"`
+	TXBytes   uint64   `json:"bytes_sent"`
+	Uptime    float64  `json:"uptime"`
+}
+
+func (a *AdminSocket) getPeersHandler(req *GetPeersRequest, res *GetPeersResponse) error {
+	res.Peers = map[string]PeerEntry{}
+	for _, p := range a.core.GetPeers() {
+		addr := address.AddrForKey(p.Key)
+		so := net.IP(addr[:]).String()
+		res.Peers[so] = PeerEntry{
+			PublicKey: hex.EncodeToString(p.Key),
+			Port:      p.Port,
+			Coords:    p.Coords,
+			Remote:    p.Remote,
+			RXBytes:   p.RXBytes,
+			TXBytes:   p.TXBytes,
+			Uptime:    p.Uptime.Seconds(),
+		}
+	}
+	return nil
+}

src/admin/getself.go

@@ -0,0 +1,36 @@
+package admin
+
+import (
+	"encoding/hex"
+
+	"github.com/yggdrasil-network/yggdrasil-go/src/version"
+)
+
+type GetSelfRequest struct{}
+
+type GetSelfResponse struct {
+	Self map[string]SelfEntry `json:"self"`
+}
+
+type SelfEntry struct {
+	BuildName    string   `json:"build_name"`
+	BuildVersion string   `json:"build_version"`
+	PublicKey    string   `json:"key"`
+	Coords       []uint64 `json:"coords"`
+	Subnet       string   `json:"subnet"`
+}
+
+func (a *AdminSocket) getSelfHandler(req *GetSelfRequest, res *GetSelfResponse) error {
+	res.Self = make(map[string]SelfEntry)
+	self := a.core.GetSelf()
+	addr := a.core.Address().String()
+	snet := a.core.Subnet()
+	res.Self[addr] = SelfEntry{
+		BuildName:    version.BuildName(),
+		BuildVersion: version.BuildVersion(),
+		PublicKey:    hex.EncodeToString(self.Key[:]),
+		Subnet:       snet.String(),
+		Coords:       self.Coords,
+	}
+	return nil
+}

src/admin/getsessions.go

@@ -0,0 +1,30 @@
+package admin
+
+import (
+	"encoding/hex"
+	"net"
+
+	"github.com/yggdrasil-network/yggdrasil-go/src/address"
+)
+
+type GetSessionsRequest struct{}
+
+type GetSessionsResponse struct {
+	Sessions map[string]SessionEntry `json:"sessions"`
+}
+
+type SessionEntry struct {
+	PublicKey string `json:"key"`
+}
+
+func (a *AdminSocket) getSessionsHandler(req *GetSessionsRequest, res *GetSessionsResponse) error {
+	res.Sessions = map[string]SessionEntry{}
+	for _, s := range a.core.GetSessions() {
+		addr := address.AddrForKey(s.Key)
+		so := net.IP(addr[:]).String()
+		res.Sessions[so] = SessionEntry{
+			PublicKey: hex.EncodeToString(s.Key[:]),
+		}
+	}
+	return nil
+}

src/config/config.go

@@ -17,143 +17,45 @@ configuration option that is not provided.
 package config
 
 import (
+	"crypto/ed25519"
 	"encoding/hex"
 	"sync"
-
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
-	"github.com/yggdrasil-network/yggdrasil-go/src/defaults"
-	"github.com/yggdrasil-network/yggdrasil-go/src/types"
 )
 
-type MTU = types.MTU
-
-// NodeState represents the active and previous configuration of an Yggdrasil
-// node. A NodeState object is returned when starting an Yggdrasil node. Note
-// that this structure and related functions are likely to disappear soon.
-type NodeState struct {
-	Current  NodeConfig
-	Previous NodeConfig
-	Mutex    sync.RWMutex
-}
-
-// Current returns the active node configuration.
-func (s *NodeState) GetCurrent() NodeConfig {
-	s.Mutex.RLock()
-	defer s.Mutex.RUnlock()
-	return s.Current
-}
-
-// Previous returns the previous node configuration.
-func (s *NodeState) GetPrevious() NodeConfig {
-	s.Mutex.RLock()
-	defer s.Mutex.RUnlock()
-	return s.Previous
-}
-
-// Replace the node configuration with new configuration.
-func (s *NodeState) Replace(n NodeConfig) {
-	s.Mutex.Lock()
-	defer s.Mutex.Unlock()
-	s.Previous = s.Current
-	s.Current = n
-}
-
 // NodeConfig is the main configuration structure, containing configuration
 // options that are necessary for an Yggdrasil node to run. You will need to
 // supply one of these structs to the Yggdrasil core when starting a node.
 type NodeConfig struct {
-	Peers                       []string               `comment:"List of connection strings for outbound peer connections in URI format,\ne.g. tcp://a.b.c.d:e or socks://a.b.c.d:e/f.g.h.i:j. These connections\nwill obey the operating system routing table, therefore you should\nuse this section when you may connect via different interfaces."`
-	InterfacePeers              map[string][]string    `comment:"List of connection strings for outbound peer connections in URI format,\narranged by source interface, e.g. { \"eth0\": [ tcp://a.b.c.d:e ] }.\nNote that SOCKS peerings will NOT be affected by this option and should\ngo in the \"Peers\" section instead."`
-	Listen                      []string               `comment:"Listen addresses for incoming connections. You will need to add\nlisteners in order to accept incoming peerings from non-local nodes.\nMulticast peer discovery will work regardless of any listeners set\nhere. Each listener should be specified in URI format as above, e.g.\ntcp://0.0.0.0:0 or tcp://[::]:0 to listen on all interfaces."`
-	AdminListen                 string                 `comment:"Listen address for admin connections. Default is to listen for local\nconnections either on TCP/9001 or a UNIX socket depending on your\nplatform. Use this value for yggdrasilctl -endpoint=X. To disable\nthe admin socket, use the value \"none\" instead."`
-	MulticastInterfaces         []string               `comment:"Regular expressions for which interfaces multicast peer discovery\nshould be enabled on. If none specified, multicast peer discovery is\ndisabled. The default value is .* which uses all interfaces."`
-	AllowedEncryptionPublicKeys []string               `comment:"List of peer encryption public keys to allow incoming TCP peering\nconnections from. If left empty/undefined then all connections will\nbe allowed by default. This does not affect outgoing peerings, nor\ndoes it affect link-local peers discovered via multicast."`
-	EncryptionPublicKey         string                 `comment:"Your public encryption key. Your peers may ask you for this to put\ninto their AllowedEncryptionPublicKeys configuration."`
-	EncryptionPrivateKey        string                 `comment:"Your private encryption key. DO NOT share this with anyone!"`
-	SigningPublicKey            string                 `comment:"Your public signing key. You should not ordinarily need to share\nthis with anyone."`
-	SigningPrivateKey           string                 `comment:"Your private signing key. DO NOT share this with anyone!"`
-	LinkLocalTCPPort            uint16                 `comment:"The port number to be used for the link-local TCP listeners for the\nconfigured MulticastInterfaces. This option does not affect listeners\nspecified in the Listen option. Unless you plan to firewall link-local\ntraffic, it is best to leave this as the default value of 0. This\noption cannot currently be changed by reloading config during runtime."`
-	IfName                      string                 `comment:"Local network interface name for TUN adapter, or \"auto\" to select\nan interface automatically, or \"none\" to run without TUN."`
-	IfMTU                       MTU                    `comment:"Maximum Transmission Unit (MTU) size for your local TUN interface.\nDefault is the largest supported size for your platform. The lowest\npossible value is 1280."`
-	SessionFirewall             SessionFirewall        `comment:"The session firewall controls who can send/receive network traffic\nto/from. This is useful if you want to protect this node without\nresorting to using a real firewall. This does not affect traffic\nbeing routed via this node to somewhere else. Rules are prioritised as\nfollows: blacklist, whitelist, always allow outgoing, direct, remote."`
-	TunnelRouting               TunnelRouting          `comment:"Allow tunneling non-Yggdrasil traffic over Yggdrasil. This effectively\nallows you to use Yggdrasil to route to, or to bridge other networks,\nsimilar to a VPN tunnel. Tunnelling works between any two nodes and\ndoes not require them to be directly peered."`
-	SwitchOptions               SwitchOptions          `comment:"Advanced options for tuning the switch. Normally you will not need\nto edit these options."`
-	NodeInfoPrivacy             bool                   `comment:"By default, nodeinfo contains some defaults including the platform,\narchitecture and Yggdrasil version. These can help when surveying\nthe network and diagnosing network routing problems. Enabling\nnodeinfo privacy prevents this, so that only items specified in\n\"NodeInfo\" are sent back if specified."`
-	NodeInfo                    map[string]interface{} `comment:"Optional node info. This must be a { \"key\": \"value\", ... } map\nor set as null. This is entirely optional but, if set, is visible\nto the whole network on request."`
+	sync.RWMutex        `json:"-"`
+	Peers               []string                   `comment:"List of connection strings for outbound peer connections in URI format,\ne.g. tls://a.b.c.d:e or socks://a.b.c.d:e/f.g.h.i:j. These connections\nwill obey the operating system routing table, therefore you should\nuse this section when you may connect via different interfaces."`
+	InterfacePeers      map[string][]string        `comment:"List of connection strings for outbound peer connections in URI format,\narranged by source interface, e.g. { \"eth0\": [ tls://a.b.c.d:e ] }.\nNote that SOCKS peerings will NOT be affected by this option and should\ngo in the \"Peers\" section instead."`
+	Listen              []string                   `comment:"Listen addresses for incoming connections. You will need to add\nlisteners in order to accept incoming peerings from non-local nodes.\nMulticast peer discovery will work regardless of any listeners set\nhere. Each listener should be specified in URI format as above, e.g.\ntls://0.0.0.0:0 or tls://[::]:0 to listen on all interfaces."`
+	AdminListen         string                     `comment:"Listen address for admin connections. Default is to listen for local\nconnections either on TCP/9001 or a UNIX socket depending on your\nplatform. Use this value for yggdrasilctl -endpoint=X. To disable\nthe admin socket, use the value \"none\" instead."`
+	MulticastInterfaces []MulticastInterfaceConfig `comment:"Configuration for which interfaces multicast peer discovery should be\nenabled on. Each entry in the list should be a json object which may\ncontain Regex, Beacon, Listen, and Port. Regex is a regular expression\nwhich is matched against an interface name, and interfaces use the\nfirst configuration that they match gainst. Beacon configures whether\nor not the node should send link-local multicast beacons to advertise\ntheir presence, while listening for incoming connections on Port.\nListen controls whether or not the node listens for multicast beacons\nand opens outgoing connections."`
+	AllowedPublicKeys   []string                   `comment:"List of peer public keys to allow incoming peering connections\nfrom. If left empty/undefined then all connections will be allowed\nby default. This does not affect outgoing peerings, nor does it\naffect link-local peers discovered via multicast."`
+	PublicKey           string                     `comment:"Your public key. Your peers may ask you for this to put\ninto their AllowedPublicKeys configuration."`
+	PrivateKey          string                     `comment:"Your private key. DO NOT share this with anyone!"`
+	IfName              string                     `comment:"Local network interface name for TUN adapter, or \"auto\" to select\nan interface automatically, or \"none\" to run without TUN."`
+	IfMTU               uint64                     `comment:"Maximum Transmission Unit (MTU) size for your local TUN interface.\nDefault is the largest supported size for your platform. The lowest\npossible value is 1280."`
+	NodeInfoPrivacy     bool                       `comment:"By default, nodeinfo contains some defaults including the platform,\narchitecture and Yggdrasil version. These can help when surveying\nthe network and diagnosing network routing problems. Enabling\nnodeinfo privacy prevents this, so that only items specified in\n\"NodeInfo\" are sent back if specified."`
+	NodeInfo            map[string]interface{}     `comment:"Optional node info. This must be a { \"key\": \"value\", ... } map\nor set as null. This is entirely optional but, if set, is visible\nto the whole network on request."`
 }
 
-// SessionFirewall controls the session firewall configuration.
-type SessionFirewall struct {
-	Enable                        bool     `comment:"Enable or disable the session firewall. If disabled, network traffic\nfrom any node will be allowed. If enabled, the below rules apply."`
-	AllowFromDirect               bool     `comment:"Allow network traffic from directly connected peers."`
-	AllowFromRemote               bool     `comment:"Allow network traffic from remote nodes on the network that you are\nnot directly peered with."`
-	AlwaysAllowOutbound           bool     `comment:"Allow outbound network traffic regardless of AllowFromDirect or\nAllowFromRemote. This does allow a remote node to send unsolicited\ntraffic back to you for the length of the session."`
-	WhitelistEncryptionPublicKeys []string `comment:"List of public keys from which network traffic is always accepted,\nregardless of AllowFromDirect or AllowFromRemote."`
-	BlacklistEncryptionPublicKeys []string `comment:"List of public keys from which network traffic is always rejected,\nregardless of the whitelist, AllowFromDirect or AllowFromRemote."`
-}
-
-// TunnelRouting contains the crypto-key routing tables for tunneling regular
-// IPv4 or IPv6 subnets across the Yggdrasil network.
-type TunnelRouting struct {
-	Enable            bool              `comment:"Enable or disable tunnel routing."`
-	IPv6RemoteSubnets map[string]string `comment:"IPv6 subnets belonging to remote nodes, mapped to the node's public\nkey, e.g. { \"aaaa:bbbb:cccc::/e\": \"boxpubkey\", ... }"`
-	IPv6LocalSubnets  []string          `comment:"IPv6 subnets belonging to this node's end of the tunnels. Only traffic\nfrom these ranges (or the Yggdrasil node's IPv6 address/subnet)\nwill be tunnelled."`
-	IPv4RemoteSubnets map[string]string `comment:"IPv4 subnets belonging to remote nodes, mapped to the node's public\nkey, e.g. { \"a.b.c.d/e\": \"boxpubkey\", ... }"`
-	IPv4LocalSubnets  []string          `comment:"IPv4 subnets belonging to this node's end of the tunnels. Only traffic\nfrom these ranges will be tunnelled."`
-}
-
-// SwitchOptions contains tuning options for the switch. These are advanced
-// options and shouldn't be changed unless necessary.
-type SwitchOptions struct {
-	MaxTotalQueueSize uint64 `comment:"Maximum size of all switch queues combined (in bytes)."`
-}
-
-// Generates default configuration and returns a pointer to the resulting
-// NodeConfig. This is used when outputting the -genconf parameter and also when
-// using -autoconf.
-func GenerateConfig() *NodeConfig {
-	// Generate encryption keys.
-	bpub, bpriv := crypto.NewBoxKeys()
-	spub, spriv := crypto.NewSigKeys()
-	// Create a node configuration and populate it.
-	cfg := NodeConfig{}
-	cfg.Listen = []string{}
-	cfg.AdminListen = defaults.GetDefaults().DefaultAdminListen
-	cfg.EncryptionPublicKey = hex.EncodeToString(bpub[:])
-	cfg.EncryptionPrivateKey = hex.EncodeToString(bpriv[:])
-	cfg.SigningPublicKey = hex.EncodeToString(spub[:])
-	cfg.SigningPrivateKey = hex.EncodeToString(spriv[:])
-	cfg.Peers = []string{}
-	cfg.InterfacePeers = map[string][]string{}
-	cfg.AllowedEncryptionPublicKeys = []string{}
-	cfg.MulticastInterfaces = defaults.GetDefaults().DefaultMulticastInterfaces
-	cfg.IfName = defaults.GetDefaults().DefaultIfName
-	cfg.IfMTU = defaults.GetDefaults().DefaultIfMTU
-	cfg.SessionFirewall.Enable = false
-	cfg.SessionFirewall.AllowFromDirect = true
-	cfg.SessionFirewall.AllowFromRemote = true
-	cfg.SessionFirewall.AlwaysAllowOutbound = true
-	cfg.SwitchOptions.MaxTotalQueueSize = 4 * 1024 * 1024
-	cfg.NodeInfoPrivacy = false
-
-	return &cfg
-}
-
-// NewEncryptionKeys replaces the encryption keypair in the NodeConfig with a
-// new encryption keypair. The encryption keys are used by the router to encrypt
-// traffic and to derive the node ID and IPv6 address/subnet of the node, so
-// this is equivalent to discarding the node's identity on the network.
-func (cfg *NodeConfig) NewEncryptionKeys() {
-	bpub, bpriv := crypto.NewBoxKeys()
-	cfg.EncryptionPublicKey = hex.EncodeToString(bpub[:])
-	cfg.EncryptionPrivateKey = hex.EncodeToString(bpriv[:])
+type MulticastInterfaceConfig struct {
+	Regex  string
+	Beacon bool
+	Listen bool
+	Port   uint16
 }
 
 // NewSigningKeys replaces the signing keypair in the NodeConfig with a new
 // signing keypair. The signing keys are used by the switch to derive the
 // structure of the spanning tree.
-func (cfg *NodeConfig) NewSigningKeys() {
-	spub, spriv := crypto.NewSigKeys()
-	cfg.SigningPublicKey = hex.EncodeToString(spub[:])
-	cfg.SigningPrivateKey = hex.EncodeToString(spriv[:])
+func (cfg *NodeConfig) NewKeys() {
+	spub, spriv, err := ed25519.GenerateKey(nil)
+	if err != nil {
+		panic(err)
+	}
+	cfg.PublicKey = hex.EncodeToString(spub[:])
+	cfg.PrivateKey = hex.EncodeToString(spriv[:])
 }

src/config/config_test.go

@@ -0,0 +1,54 @@
+package config
+
+import (
+	"bytes"
+	"encoding/hex"
+	"testing"
+)
+
+func TestConfig_Keys(t *testing.T) {
+	var nodeConfig NodeConfig
+	nodeConfig.NewKeys()
+
+	publicKey1, err := hex.DecodeString(nodeConfig.PublicKey)
+
+	if err != nil {
+		t.Fatal("can not decode generated public key")
+	}
+
+	if len(publicKey1) == 0 {
+		t.Fatal("empty public key generated")
+	}
+
+	privateKey1, err := hex.DecodeString(nodeConfig.PrivateKey)
+
+	if err != nil {
+		t.Fatal("can not decode generated private key")
+	}
+
+	if len(privateKey1) == 0 {
+		t.Fatal("empty private key generated")
+	}
+
+	nodeConfig.NewKeys()
+
+	publicKey2, err := hex.DecodeString(nodeConfig.PublicKey)
+
+	if err != nil {
+		t.Fatal("can not decode generated public key")
+	}
+
+	if bytes.Equal(publicKey2, publicKey1) {
+		t.Fatal("same public key generated")
+	}
+
+	privateKey2, err := hex.DecodeString(nodeConfig.PrivateKey)
+
+	if err != nil {
+		t.Fatal("can not decode generated private key")
+	}
+
+	if bytes.Equal(privateKey2, privateKey1) {
+		t.Fatal("same private key generated")
+	}
+}

src/core/api.go

@@ -0,0 +1,278 @@
+package core
+
+import (
+	"crypto/ed25519"
+	"sync/atomic"
+	"time"
+
+	//"encoding/hex"
+	"encoding/json"
+	//"errors"
+	//"fmt"
+	"net"
+	"net/url"
+
+	//"sort"
+	//"time"
+
+	"github.com/gologme/log"
+	"github.com/yggdrasil-network/yggdrasil-go/src/address"
+	//"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
+	//"github.com/Arceliar/phony"
+)
+
+type Self struct {
+	Key    ed25519.PublicKey
+	Root   ed25519.PublicKey
+	Coords []uint64
+}
+
+type Peer struct {
+	Key     ed25519.PublicKey
+	Root    ed25519.PublicKey
+	Coords  []uint64
+	Port    uint64
+	Remote  string
+	RXBytes uint64
+	TXBytes uint64
+	Uptime  time.Duration
+}
+
+type DHTEntry struct {
+	Key  ed25519.PublicKey
+	Port uint64
+	Rest uint64
+}
+
+type PathEntry struct {
+	Key  ed25519.PublicKey
+	Path []uint64
+}
+
+type Session struct {
+	Key ed25519.PublicKey
+}
+
+func (c *Core) GetSelf() Self {
+	var self Self
+	s := c.PacketConn.PacketConn.Debug.GetSelf()
+	self.Key = s.Key
+	self.Root = s.Root
+	self.Coords = s.Coords
+	return self
+}
+
+func (c *Core) GetPeers() []Peer {
+	var peers []Peer
+	names := make(map[net.Conn]string)
+	c.links.mutex.Lock()
+	for _, info := range c.links.links {
+		names[info.conn] = info.lname
+	}
+	c.links.mutex.Unlock()
+	ps := c.PacketConn.PacketConn.Debug.GetPeers()
+	for _, p := range ps {
+		var info Peer
+		info.Key = p.Key
+		info.Root = p.Root
+		info.Coords = p.Coords
+		info.Port = p.Port
+		info.Remote = p.Conn.RemoteAddr().String()
+		if name := names[p.Conn]; name != "" {
+			info.Remote = name
+		}
+		if linkconn, ok := p.Conn.(*linkConn); ok {
+			info.RXBytes = atomic.LoadUint64(&linkconn.rx)
+			info.TXBytes = atomic.LoadUint64(&linkconn.tx)
+			info.Uptime = time.Since(linkconn.up)
+		}
+		peers = append(peers, info)
+	}
+	return peers
+}
+
+func (c *Core) GetDHT() []DHTEntry {
+	var dhts []DHTEntry
+	ds := c.PacketConn.PacketConn.Debug.GetDHT()
+	for _, d := range ds {
+		var info DHTEntry
+		info.Key = d.Key
+		info.Port = d.Port
+		info.Rest = d.Rest
+		dhts = append(dhts, info)
+	}
+	return dhts
+}
+
+func (c *Core) GetPaths() []PathEntry {
+	var paths []PathEntry
+	ps := c.PacketConn.PacketConn.Debug.GetPaths()
+	for _, p := range ps {
+		var info PathEntry
+		info.Key = p.Key
+		info.Path = p.Path
+		paths = append(paths, info)
+	}
+	return paths
+}
+
+func (c *Core) GetSessions() []Session {
+	var sessions []Session
+	ss := c.PacketConn.Debug.GetSessions()
+	for _, s := range ss {
+		var info Session
+		info.Key = s.Key
+		sessions = append(sessions, info)
+	}
+	return sessions
+}
+
+// Listen starts a new listener (either TCP or TLS). The input should be a url.URL
+// parsed from a string of the form e.g. "tcp://a.b.c.d:e". In the case of a
+// link-local address, the interface should be provided as the second argument.
+func (c *Core) Listen(u *url.URL, sintf string) (*TcpListener, error) {
+	return c.links.tcp.listenURL(u, sintf)
+}
+
+// Address gets the IPv6 address of the Yggdrasil node. This is always a /128
+// address. The IPv6 address is only relevant when the node is operating as an
+// IP router and often is meaningless when embedded into an application, unless
+// that application also implements either VPN functionality or deals with IP
+// packets specifically.
+func (c *Core) Address() net.IP {
+	addr := net.IP(address.AddrForKey(c.public)[:])
+	return addr
+}
+
+// Subnet gets the routed IPv6 subnet of the Yggdrasil node. This is always a
+// /64 subnet. The IPv6 subnet is only relevant when the node is operating as an
+// IP router and often is meaningless when embedded into an application, unless
+// that application also implements either VPN functionality or deals with IP
+// packets specifically.
+func (c *Core) Subnet() net.IPNet {
+	subnet := address.SubnetForKey(c.public)[:]
+	subnet = append(subnet, 0, 0, 0, 0, 0, 0, 0, 0)
+	return net.IPNet{IP: subnet, Mask: net.CIDRMask(64, 128)}
+}
+
+// SetLogger sets the output logger of the Yggdrasil node after startup. This
+// may be useful if you want to redirect the output later. Note that this
+// expects a Logger from the github.com/gologme/log package and not from Go's
+// built-in log package.
+func (c *Core) SetLogger(log *log.Logger) {
+	c.log = log
+}
+
+// AddPeer adds a peer. This should be specified in the peer URI format, e.g.:
+// 		tcp://a.b.c.d:e
+//		socks://a.b.c.d:e/f.g.h.i:j
+// This adds the peer to the peer list, so that they will be called again if the
+// connection drops.
+/*
+func (c *Core) AddPeer(addr string, sintf string) error {
+	if err := c.CallPeer(addr, sintf); err != nil {
+		// TODO: We maybe want this to write the peer to the persistent
+		// configuration even if a connection attempt fails, but first we'll need to
+		// move the code to check the peer URI so that we don't deliberately save a
+		// peer with a known bad URI. Loading peers from config should really do the
+		// same thing too but I don't think that happens today
+		return err
+	}
+	c.config.Mutex.Lock()
+	defer c.config.Mutex.Unlock()
+	if sintf == "" {
+		for _, peer := range c.config.Current.Peers {
+			if peer == addr {
+				return errors.New("peer already added")
+			}
+		}
+		c.config.Current.Peers = append(c.config.Current.Peers, addr)
+	} else {
+		if _, ok := c.config.Current.InterfacePeers[sintf]; ok {
+			for _, peer := range c.config.Current.InterfacePeers[sintf] {
+				if peer == addr {
+					return errors.New("peer already added")
+				}
+			}
+		}
+		if _, ok := c.config.Current.InterfacePeers[sintf]; !ok {
+			c.config.Current.InterfacePeers[sintf] = []string{addr}
+		} else {
+			c.config.Current.InterfacePeers[sintf] = append(c.config.Current.InterfacePeers[sintf], addr)
+		}
+	}
+	return nil
+}
+*/
+
+/*
+func (c *Core) RemovePeer(addr string, sintf string) error {
+	if sintf == "" {
+		for i, peer := range c.config.Current.Peers {
+			if peer == addr {
+				c.config.Current.Peers = append(c.config.Current.Peers[:i], c.config.Current.Peers[i+1:]...)
+				break
+			}
+		}
+	} else if _, ok := c.config.Current.InterfacePeers[sintf]; ok {
+		for i, peer := range c.config.Current.InterfacePeers[sintf] {
+			if peer == addr {
+				c.config.Current.InterfacePeers[sintf] = append(c.config.Current.InterfacePeers[sintf][:i], c.config.Current.InterfacePeers[sintf][i+1:]...)
+				break
+			}
+		}
+	}
+
+	panic("TODO") // Get the net.Conn to this peer (if any) and close it
+	c.peers.Act(nil, func() {
+		ports := c.peers.ports
+		for _, peer := range ports {
+			if addr == peer.intf.name() {
+				c.peers._removePeer(peer)
+			}
+		}
+	})
+
+	return nil
+}
+*/
+
+// CallPeer calls a peer once. This should be specified in the peer URI format,
+// e.g.:
+// 		tcp://a.b.c.d:e
+//		socks://a.b.c.d:e/f.g.h.i:j
+// This does not add the peer to the peer list, so if the connection drops, the
+// peer will not be called again automatically.
+func (c *Core) CallPeer(u *url.URL, sintf string) error {
+	return c.links.call(u, sintf)
+}
+
+func (c *Core) PublicKey() ed25519.PublicKey {
+	return c.public
+}
+
+// Hack to get the admin stuff working, TODO something cleaner
+
+type AddHandler interface {
+	AddHandler(name string, args []string, handlerfunc AddHandlerFunc) error
+}
+
+type AddHandlerFunc func(json.RawMessage) (interface{}, error)
+
+// SetAdmin must be called after Init and before Start.
+// It sets the admin handler for NodeInfo and the Debug admin functions.
+func (c *Core) SetAdmin(a AddHandler) error {
+	if err := a.AddHandler("getNodeInfo", []string{"key"}, c.proto.nodeinfo.nodeInfoAdminHandler); err != nil {
+		return err
+	}
+	if err := a.AddHandler("debug_remoteGetSelf", []string{"key"}, c.proto.getSelfHandler); err != nil {
+		return err
+	}
+	if err := a.AddHandler("debug_remoteGetPeers", []string{"key"}, c.proto.getPeersHandler); err != nil {
+		return err
+	}
+	if err := a.AddHandler("debug_remoteGetDHT", []string{"key"}, c.proto.getDHTHandler); err != nil {
+		return err
+	}
+	return nil
+}

src/core/core.go

@@ -0,0 +1,239 @@
+package core
+
+import (
+	"context"
+	"crypto/ed25519"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/url"
+	"time"
+
+	iwe "github.com/Arceliar/ironwood/encrypted"
+	iwt "github.com/Arceliar/ironwood/types"
+	"github.com/Arceliar/phony"
+	"github.com/gologme/log"
+
+	"github.com/yggdrasil-network/yggdrasil-go/src/config"
+	//"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
+	"github.com/yggdrasil-network/yggdrasil-go/src/version"
+)
+
+// The Core object represents the Yggdrasil node. You should create a Core
+// object for each Yggdrasil node you plan to run.
+type Core struct {
+	// This is the main data structure that holds everything else for a node
+	// We're going to keep our own copy of the provided config - that way we can
+	// guarantee that it will be covered by the mutex
+	phony.Inbox
+	*iwe.PacketConn
+	config       *config.NodeConfig // Config
+	secret       ed25519.PrivateKey
+	public       ed25519.PublicKey
+	links        links
+	proto        protoHandler
+	log          *log.Logger
+	addPeerTimer *time.Timer
+	ctx          context.Context
+	ctxCancel    context.CancelFunc
+}
+
+func (c *Core) _init() error {
+	// TODO separate init and start functions
+	//  Init sets up structs
+	//  Start launches goroutines that depend on structs being set up
+	// This is pretty much required to completely avoid race conditions
+	c.config.RLock()
+	defer c.config.RUnlock()
+	if c.log == nil {
+		c.log = log.New(ioutil.Discard, "", 0)
+	}
+
+	sigPriv, err := hex.DecodeString(c.config.PrivateKey)
+	if err != nil {
+		return err
+	}
+	if len(sigPriv) < ed25519.PrivateKeySize {
+		return errors.New("PrivateKey is incorrect length")
+	}
+
+	c.secret = ed25519.PrivateKey(sigPriv)
+	c.public = c.secret.Public().(ed25519.PublicKey)
+	// TODO check public against current.PublicKey, error if they don't match
+
+	c.PacketConn, err = iwe.NewPacketConn(c.secret)
+	c.ctx, c.ctxCancel = context.WithCancel(context.Background())
+	c.proto.init(c)
+	if err := c.proto.nodeinfo.setNodeInfo(c.config.NodeInfo, c.config.NodeInfoPrivacy); err != nil {
+		return fmt.Errorf("setNodeInfo: %w", err)
+	}
+	return err
+}
+
+// If any static peers were provided in the configuration above then we should
+// configure them. The loop ensures that disconnected peers will eventually
+// be reconnected with.
+func (c *Core) _addPeerLoop() {
+	c.config.RLock()
+	defer c.config.RUnlock()
+
+	if c.addPeerTimer == nil {
+		return
+	}
+
+	// Add peers from the Peers section
+	for _, peer := range c.config.Peers {
+		go func(peer string, intf string) {
+			u, err := url.Parse(peer)
+			if err != nil {
+				c.log.Errorln("Failed to parse peer url:", peer, err)
+			}
+			if err := c.CallPeer(u, intf); err != nil {
+				c.log.Errorln("Failed to add peer:", err)
+			}
+		}(peer, "") // TODO: this should be acted and not in a goroutine?
+	}
+
+	// Add peers from the InterfacePeers section
+	for intf, intfpeers := range c.config.InterfacePeers {
+		for _, peer := range intfpeers {
+			go func(peer string, intf string) {
+				u, err := url.Parse(peer)
+				if err != nil {
+					c.log.Errorln("Failed to parse peer url:", peer, err)
+				}
+				if err := c.CallPeer(u, intf); err != nil {
+					c.log.Errorln("Failed to add peer:", err)
+				}
+			}(peer, intf) // TODO: this should be acted and not in a goroutine?
+		}
+	}
+
+	c.addPeerTimer = time.AfterFunc(time.Minute, func() {
+		c.Act(nil, c._addPeerLoop)
+	})
+}
+
+// Start starts up Yggdrasil using the provided config.NodeConfig, and outputs
+// debug logging through the provided log.Logger. The started stack will include
+// TCP and UDP sockets, a multicast discovery socket, an admin socket, router,
+// switch and DHT node. A config.NodeState is returned which contains both the
+// current and previous configurations (from reconfigures).
+func (c *Core) Start(nc *config.NodeConfig, log *log.Logger) (err error) {
+	phony.Block(c, func() {
+		err = c._start(nc, log)
+	})
+	return
+}
+
+// This function is unsafe and should only be ran by the core actor.
+func (c *Core) _start(nc *config.NodeConfig, log *log.Logger) error {
+	c.log = log
+	c.config = nc
+
+	if name := version.BuildName(); name != "unknown" {
+		c.log.Infoln("Build name:", name)
+	}
+	if version := version.BuildVersion(); version != "unknown" {
+		c.log.Infoln("Build version:", version)
+	}
+
+	c.log.Infoln("Starting up...")
+	if err := c._init(); err != nil {
+		c.log.Errorln("Failed to initialize core")
+		return err
+	}
+
+	if err := c.links.init(c); err != nil {
+		c.log.Errorln("Failed to start link interfaces")
+		return err
+	}
+
+	c.addPeerTimer = time.AfterFunc(0, func() {
+		c.Act(nil, c._addPeerLoop)
+	})
+
+	c.log.Infoln("Startup complete")
+	return nil
+}
+
+// Stop shuts down the Yggdrasil node.
+func (c *Core) Stop() {
+	phony.Block(c, func() {
+		c.log.Infoln("Stopping...")
+		c._close()
+		c.log.Infoln("Stopped")
+	})
+}
+
+func (c *Core) Close() error {
+	var err error
+	phony.Block(c, func() {
+		err = c._close()
+	})
+	return err
+}
+
+// This function is unsafe and should only be ran by the core actor.
+func (c *Core) _close() error {
+	c.ctxCancel()
+	err := c.PacketConn.Close()
+	if c.addPeerTimer != nil {
+		c.addPeerTimer.Stop()
+		c.addPeerTimer = nil
+	}
+	_ = c.links.stop()
+	return err
+}
+
+func (c *Core) MTU() uint64 {
+	const sessionTypeOverhead = 1
+	return c.PacketConn.MTU() - sessionTypeOverhead
+}
+
+func (c *Core) ReadFrom(p []byte) (n int, from net.Addr, err error) {
+	buf := make([]byte, c.PacketConn.MTU(), 65535)
+	for {
+		bs := buf
+		n, from, err = c.PacketConn.ReadFrom(bs)
+		if err != nil {
+			return 0, from, err
+		}
+		if n == 0 {
+			continue
+		}
+		switch bs[0] {
+		case typeSessionTraffic:
+			// This is what we want to handle here
+		case typeSessionProto:
+			var key keyArray
+			copy(key[:], from.(iwt.Addr))
+			data := append([]byte(nil), bs[1:n]...)
+			c.proto.handleProto(nil, key, data)
+			continue
+		default:
+			continue
+		}
+		bs = bs[1:n]
+		copy(p, bs)
+		if len(p) < len(bs) {
+			n = len(p)
+		} else {
+			n = len(bs)
+		}
+		return
+	}
+}
+
+func (c *Core) WriteTo(p []byte, addr net.Addr) (n int, err error) {
+	buf := make([]byte, 0, 65535)
+	buf = append(buf, typeSessionTraffic)
+	buf = append(buf, p...)
+	n, err = c.PacketConn.WriteTo(buf, addr)
+	if n > 0 {
+		n -= 1
+	}
+	return
+}

src/core/core_test.go

@@ -1,8 +1,9 @@
-package yggdrasil
+package core
 
 import (
 	"bytes"
 	"math/rand"
+	"net/url"
 	"os"
 	"testing"
 	"time"
@@ -10,11 +11,12 @@ import (
 	"github.com/gologme/log"
 
 	"github.com/yggdrasil-network/yggdrasil-go/src/config"
+	"github.com/yggdrasil-network/yggdrasil-go/src/defaults"
 )
 
 // GenerateConfig produces default configuration with suitable modifications for tests.
 func GenerateConfig() *config.NodeConfig {
-	cfg := config.GenerateConfig()
+	cfg := defaults.GenerateConfig()
 	cfg.AdminListen = "none"
 	cfg.Listen = []string{"tcp://127.0.0.1:0"}
 	cfg.IfName = "none"
@@ -39,21 +41,25 @@ func GetLoggerWithPrefix(prefix string, verbose bool) *log.Logger {
 // Verbosity flag is passed to logger.
 func CreateAndConnectTwo(t testing.TB, verbose bool) (nodeA *Core, nodeB *Core) {
 	nodeA = new(Core)
-	_, err := nodeA.Start(GenerateConfig(), GetLoggerWithPrefix("A: ", verbose))
-	if err != nil {
+	if err := nodeA.Start(GenerateConfig(), GetLoggerWithPrefix("A: ", verbose)); err != nil {
 		t.Fatal(err)
 	}
 
 	nodeB = new(Core)
-	_, err = nodeB.Start(GenerateConfig(), GetLoggerWithPrefix("B: ", verbose))
+	if err := nodeB.Start(GenerateConfig(), GetLoggerWithPrefix("B: ", verbose)); err != nil {
+		t.Fatal(err)
+	}
+
+	u, err := url.Parse("tcp://" + nodeA.links.tcp.getAddr().String())
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = nodeB.CallPeer(u, "")
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	err = nodeB.AddPeer("tcp://"+nodeA.link.tcp.getAddr().String(), "")
-	if err != nil {
-		t.Fatal(err)
-	}
+	time.Sleep(100 * time.Millisecond)
 
 	if l := len(nodeA.GetPeers()); l != 1 {
 		t.Fatal("unexpected number of peers", l)
@@ -70,7 +76,7 @@ func WaitConnected(nodeA, nodeB *Core) bool {
 	// It may take up to 3 seconds, but let's wait 5.
 	for i := 0; i < 50; i++ {
 		time.Sleep(100 * time.Millisecond)
-		if len(nodeA.GetSwitchPeers()) > 0 && len(nodeB.GetSwitchPeers()) > 0 {
+		if len(nodeA.GetPeers()) > 0 && len(nodeB.GetPeers()) > 0 {
 			return true
 		}
 	}
@@ -80,26 +86,13 @@ func WaitConnected(nodeA, nodeB *Core) bool {
 // CreateEchoListener creates a routine listening on nodeA. It expects repeats messages of length bufLen.
 // It returns a channel used to synchronize the routine with caller.
 func CreateEchoListener(t testing.TB, nodeA *Core, bufLen int, repeats int) chan struct{} {
-	// Listen. Doing it here guarantees that there will be something to try to connect when it returns.
-	listener, err := nodeA.ConnListen()
-	if err != nil {
-		t.Fatal(err)
-	}
-
 	// Start routine
 	done := make(chan struct{})
 	go func() {
-		defer listener.Close()
-		conn, err := listener.Accept()
-		if err != nil {
-			t.Error(err)
-			return
-		}
-		defer conn.Close()
 		buf := make([]byte, bufLen)
-
+		res := make([]byte, bufLen)
 		for i := 0; i < repeats; i++ {
-			n, err := conn.Read(buf)
+			n, from, err := nodeA.ReadFrom(buf)
 			if err != nil {
 				t.Error(err)
 				return
@@ -108,7 +101,10 @@ func CreateEchoListener(t testing.TB, nodeA *Core, bufLen int, repeats int) chan
 				t.Error("missing data")
 				return
 			}
-			_, err = conn.Write(buf)
+			copy(res, buf)
+			copy(res[8:24], buf[24:40])
+			copy(res[24:40], buf[8:24])
+			_, err = nodeA.WriteTo(res, from)
 			if err != nil {
 				t.Error(err)
 			}
@@ -127,6 +123,8 @@ func TestCore_Start_Connect(t *testing.T) {
 // TestCore_Start_Transfer checks that messages can be passed between nodes (in both directions).
 func TestCore_Start_Transfer(t *testing.T) {
 	nodeA, nodeB := CreateAndConnectTwo(t, true)
+	defer nodeA.Stop()
+	defer nodeB.Stop()
 
 	msgLen := 1500
 	done := CreateEchoListener(t, nodeA, msgLen, 1)
@@ -135,28 +133,22 @@ func TestCore_Start_Transfer(t *testing.T) {
 		t.Fatal("nodes did not connect")
 	}
 
-	// Dial
-	dialer, err := nodeB.ConnDialer()
-	if err != nil {
-		t.Fatal(err)
-	}
-	conn, err := dialer.Dial("nodeid", nodeA.NodeID().String())
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer conn.Close()
+	// Send
 	msg := make([]byte, msgLen)
-	rand.Read(msg)
-	conn.Write(msg)
+	rand.Read(msg[40:])
+	msg[0] = 0x60
+	copy(msg[8:24], nodeB.Address())
+	copy(msg[24:40], nodeA.Address())
+	_, err := nodeB.WriteTo(msg, nodeA.LocalAddr())
 	if err != nil {
 		t.Fatal(err)
 	}
 	buf := make([]byte, msgLen)
-	_, err = conn.Read(buf)
+	_, _, err = nodeB.ReadFrom(buf)
 	if err != nil {
 		t.Fatal(err)
 	}
-	if bytes.Compare(msg, buf) != 0 {
+	if !bytes.Equal(msg[40:], buf[40:]) {
 		t.Fatal("expected echo")
 	}
 	<-done
@@ -173,29 +165,25 @@ func BenchmarkCore_Start_Transfer(b *testing.B) {
 		b.Fatal("nodes did not connect")
 	}
 
-	// Dial
-	dialer, err := nodeB.ConnDialer()
-	if err != nil {
-		b.Fatal(err)
-	}
-	conn, err := dialer.Dial("nodeid", nodeA.NodeID().String())
-	if err != nil {
-		b.Fatal(err)
-	}
-	defer conn.Close()
+	// Send
 	msg := make([]byte, msgLen)
-	rand.Read(msg)
+	rand.Read(msg[40:])
+	msg[0] = 0x60
+	copy(msg[8:24], nodeB.Address())
+	copy(msg[24:40], nodeA.Address())
+
 	buf := make([]byte, msgLen)
 
-	b.SetBytes(int64(b.N * msgLen))
+	b.SetBytes(int64(msgLen))
 	b.ResetTimer()
 
+	addr := nodeA.LocalAddr()
 	for i := 0; i < b.N; i++ {
-		conn.Write(msg)
+		_, err := nodeB.WriteTo(msg, addr)
 		if err != nil {
 			b.Fatal(err)
 		}
-		_, err = conn.Read(buf)
+		_, _, err = nodeB.ReadFrom(buf)
 		if err != nil {
 			b.Fatal(err)
 		}

src/core/debug.go

@@ -1,15 +1,18 @@
+//go:build debug
 // +build debug
 
-package yggdrasil
+package core
 
-import "fmt"
+import (
+	"fmt"
 
-import _ "net/http/pprof"
-import "net/http"
-import "runtime"
-import "os"
+	"net/http"
+	_ "net/http/pprof"
+	"os"
+	"runtime"
 
-import "github.com/gologme/log"
+	"github.com/gologme/log"
+)
 
 // Start the profiler in debug builds, if the required environment variable is set.
 func init() {

src/core/link.go

@@ -0,0 +1,300 @@
+package core
+
+import (
+	"crypto/ed25519"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"net/url"
+	"strings"
+	"sync"
+
+	//"sync/atomic"
+	"time"
+
+	"sync/atomic"
+
+	"github.com/yggdrasil-network/yggdrasil-go/src/address"
+	"github.com/yggdrasil-network/yggdrasil-go/src/util"
+	"golang.org/x/net/proxy"
+	//"github.com/Arceliar/phony" // TODO? use instead of mutexes
+)
+
+type links struct {
+	core    *Core
+	mutex   sync.RWMutex // protects links below
+	links   map[linkInfo]*link
+	tcp     tcp // TCP interface support
+	stopped chan struct{}
+	// TODO timeout (to remove from switch), read from config.ReadTimeout
+}
+
+// linkInfo is used as a map key
+type linkInfo struct {
+	key      keyArray
+	linkType string // Type of link, e.g. TCP, AWDL
+	local    string // Local name or address
+	remote   string // Remote name or address
+}
+
+type link struct {
+	lname    string
+	links    *links
+	conn     *linkConn
+	options  linkOptions
+	info     linkInfo
+	incoming bool
+	force    bool
+	closed   chan struct{}
+}
+
+type linkOptions struct {
+	pinnedEd25519Keys map[keyArray]struct{}
+}
+
+func (l *links) init(c *Core) error {
+	l.core = c
+	l.mutex.Lock()
+	l.links = make(map[linkInfo]*link)
+	l.mutex.Unlock()
+	l.stopped = make(chan struct{})
+
+	if err := l.tcp.init(l); err != nil {
+		c.log.Errorln("Failed to start TCP interface")
+		return err
+	}
+
+	return nil
+}
+
+func (l *links) call(u *url.URL, sintf string) error {
+	//u, err := url.Parse(uri)
+	//if err != nil {
+	//	return fmt.Errorf("peer %s is not correctly formatted (%s)", uri, err)
+	//}
+	tcpOpts := tcpOptions{}
+	if pubkeys, ok := u.Query()["key"]; ok && len(pubkeys) > 0 {
+		tcpOpts.pinnedEd25519Keys = make(map[keyArray]struct{})
+		for _, pubkey := range pubkeys {
+			if sigPub, err := hex.DecodeString(pubkey); err == nil {
+				var sigPubKey keyArray
+				copy(sigPubKey[:], sigPub)
+				tcpOpts.pinnedEd25519Keys[sigPubKey] = struct{}{}
+			}
+		}
+	}
+	switch u.Scheme {
+	case "tcp":
+		l.tcp.call(u.Host, tcpOpts, sintf)
+	case "socks":
+		tcpOpts.socksProxyAddr = u.Host
+		if u.User != nil {
+			tcpOpts.socksProxyAuth = &proxy.Auth{}
+			tcpOpts.socksProxyAuth.User = u.User.Username()
+			tcpOpts.socksProxyAuth.Password, _ = u.User.Password()
+		}
+		tcpOpts.upgrade = l.tcp.tls.forDialer // TODO make this configurable
+		pathtokens := strings.Split(strings.Trim(u.Path, "/"), "/")
+		l.tcp.call(pathtokens[0], tcpOpts, sintf)
+	case "tls":
+		tcpOpts.upgrade = l.tcp.tls.forDialer
+		// SNI headers must contain hostnames and not IP addresses, so we must make sure
+		// that we do not populate the SNI with an IP literal. We do this by splitting
+		// the host-port combo from the query option and then seeing if it parses to an
+		// IP address successfully or not.
+		if sni := u.Query().Get("sni"); sni != "" {
+			if net.ParseIP(sni) == nil {
+				tcpOpts.tlsSNI = sni
+			}
+		}
+		// If the SNI is not configured still because the above failed then we'll try
+		// again but this time we'll use the host part of the peering URI instead.
+		if tcpOpts.tlsSNI == "" {
+			if host, _, err := net.SplitHostPort(u.Host); err == nil && net.ParseIP(host) == nil {
+				tcpOpts.tlsSNI = host
+			}
+		}
+		l.tcp.call(u.Host, tcpOpts, sintf)
+	default:
+		return errors.New("unknown call scheme: " + u.Scheme)
+	}
+	return nil
+}
+
+func (l *links) create(conn net.Conn, name, linkType, local, remote string, incoming, force bool, options linkOptions) (*link, error) {
+	// Technically anything unique would work for names, but let's pick something human readable, just for debugging
+	intf := link{
+		conn: &linkConn{
+			Conn: conn,
+			up:   time.Now(),
+		},
+		lname:   name,
+		links:   l,
+		options: options,
+		info: linkInfo{
+			linkType: linkType,
+			local:    local,
+			remote:   remote,
+		},
+		incoming: incoming,
+		force:    force,
+	}
+	return &intf, nil
+}
+
+func (l *links) stop() error {
+	close(l.stopped)
+	if err := l.tcp.stop(); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (intf *link) handler() (chan struct{}, error) {
+	// TODO split some of this into shorter functions, so it's easier to read, and for the FIXME duplicate peer issue mentioned later
+	defer intf.conn.Close()
+	meta := version_getBaseMetadata()
+	meta.key = intf.links.core.public
+	metaBytes := meta.encode()
+	// TODO timeouts on send/recv (goroutine for send/recv, channel select w/ timer)
+	var err error
+	if !util.FuncTimeout(30*time.Second, func() {
+		var n int
+		n, err = intf.conn.Write(metaBytes)
+		if err == nil && n != len(metaBytes) {
+			err = errors.New("incomplete metadata send")
+		}
+	}) {
+		return nil, errors.New("timeout on metadata send")
+	}
+	if err != nil {
+		return nil, err
+	}
+	if !util.FuncTimeout(30*time.Second, func() {
+		var n int
+		n, err = io.ReadFull(intf.conn, metaBytes)
+		if err == nil && n != len(metaBytes) {
+			err = errors.New("incomplete metadata recv")
+		}
+	}) {
+		return nil, errors.New("timeout on metadata recv")
+	}
+	if err != nil {
+		return nil, err
+	}
+	meta = version_metadata{}
+	base := version_getBaseMetadata()
+	if !meta.decode(metaBytes) {
+		return nil, errors.New("failed to decode metadata")
+	}
+	if !meta.check() {
+		var connectError string
+		if intf.incoming {
+			connectError = "Rejected incoming connection"
+		} else {
+			connectError = "Failed to connect"
+		}
+		intf.links.core.log.Debugf("%s: %s is incompatible version (local %s, remote %s)",
+			connectError,
+			intf.lname,
+			fmt.Sprintf("%d.%d", base.ver, base.minorVer),
+			fmt.Sprintf("%d.%d", meta.ver, meta.minorVer),
+		)
+		return nil, errors.New("remote node is incompatible version")
+	}
+	// Check if the remote side matches the keys we expected. This is a bit of a weak
+	// check - in future versions we really should check a signature or something like that.
+	if pinned := intf.options.pinnedEd25519Keys; pinned != nil {
+		var key keyArray
+		copy(key[:], meta.key)
+		if _, allowed := pinned[key]; !allowed {
+			intf.links.core.log.Errorf("Failed to connect to node: %q sent ed25519 key that does not match pinned keys", intf.name())
+			return nil, fmt.Errorf("failed to connect: host sent ed25519 key that does not match pinned keys")
+		}
+	}
+	// Check if we're authorized to connect to this key / IP
+	intf.links.core.config.RLock()
+	allowed := intf.links.core.config.AllowedPublicKeys
+	intf.links.core.config.RUnlock()
+	isallowed := len(allowed) == 0
+	for _, k := range allowed {
+		if k == hex.EncodeToString(meta.key) { // TODO: this is yuck
+			isallowed = true
+			break
+		}
+	}
+	if intf.incoming && !intf.force && !isallowed {
+		intf.links.core.log.Warnf("%s connection from %s forbidden: AllowedEncryptionPublicKeys does not contain key %s",
+			strings.ToUpper(intf.info.linkType), intf.info.remote, hex.EncodeToString(meta.key))
+		intf.close()
+		return nil, nil
+	}
+	// Check if we already have a link to this node
+	copy(intf.info.key[:], meta.key)
+	intf.links.mutex.Lock()
+	if oldIntf, isIn := intf.links.links[intf.info]; isIn {
+		intf.links.mutex.Unlock()
+		// FIXME we should really return an error and let the caller block instead
+		// That lets them do things like close connections on its own, avoid printing a connection message in the first place, etc.
+		intf.links.core.log.Debugln("DEBUG: found existing interface for", intf.name())
+		return oldIntf.closed, nil
+	} else {
+		intf.closed = make(chan struct{})
+		intf.links.links[intf.info] = intf
+		defer func() {
+			intf.links.mutex.Lock()
+			delete(intf.links.links, intf.info)
+			intf.links.mutex.Unlock()
+			close(intf.closed)
+		}()
+		intf.links.core.log.Debugln("DEBUG: registered interface for", intf.name())
+	}
+	intf.links.mutex.Unlock()
+	themAddr := address.AddrForKey(ed25519.PublicKey(intf.info.key[:]))
+	themAddrString := net.IP(themAddr[:]).String()
+	themString := fmt.Sprintf("%s@%s", themAddrString, intf.info.remote)
+	intf.links.core.log.Infof("Connected %s: %s, source %s",
+		strings.ToUpper(intf.info.linkType), themString, intf.info.local)
+	// Run the handler
+	err = intf.links.core.HandleConn(ed25519.PublicKey(intf.info.key[:]), intf.conn)
+	// TODO don't report an error if it's just a 'use of closed network connection'
+	if err != nil {
+		intf.links.core.log.Infof("Disconnected %s: %s, source %s; error: %s",
+			strings.ToUpper(intf.info.linkType), themString, intf.info.local, err)
+	} else {
+		intf.links.core.log.Infof("Disconnected %s: %s, source %s",
+			strings.ToUpper(intf.info.linkType), themString, intf.info.local)
+	}
+	return nil, err
+}
+
+func (intf *link) close() {
+	intf.conn.Close()
+}
+
+func (intf *link) name() string {
+	return intf.lname
+}
+
+type linkConn struct {
+	// tx and rx are at the beginning of the struct to ensure 64-bit alignment
+	// on 32-bit platforms, see https://pkg.go.dev/sync/atomic#pkg-note-BUG
+	rx uint64
+	tx uint64
+	up time.Time
+	net.Conn
+}
+
+func (c *linkConn) Read(p []byte) (n int, err error) {
+	n, err = c.Conn.Read(p)
+	atomic.AddUint64(&c.rx, uint64(n))
+	return
+}
+
+func (c *linkConn) Write(p []byte) (n int, err error) {
+	n, err = c.Conn.Write(p)
+	atomic.AddUint64(&c.tx, uint64(n))
+	return
+}

src/core/nodeinfo.go

@@ -0,0 +1,189 @@
+package core
+
+import (
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"net"
+	"runtime"
+	"strings"
+	"time"
+
+	iwt "github.com/Arceliar/ironwood/types"
+	"github.com/Arceliar/phony"
+
+	//"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
+	"github.com/yggdrasil-network/yggdrasil-go/src/address"
+	"github.com/yggdrasil-network/yggdrasil-go/src/version"
+)
+
+// NodeInfoPayload represents a RequestNodeInfo response, in bytes.
+type NodeInfoPayload []byte
+
+type nodeinfo struct {
+	phony.Inbox
+	proto      *protoHandler
+	myNodeInfo NodeInfoPayload
+	callbacks  map[keyArray]nodeinfoCallback
+}
+
+type nodeinfoCallback struct {
+	call    func(nodeinfo NodeInfoPayload)
+	created time.Time
+}
+
+// Initialises the nodeinfo cache/callback maps, and starts a goroutine to keep
+// the cache/callback maps clean of stale entries
+func (m *nodeinfo) init(proto *protoHandler) {
+	m.Act(nil, func() {
+		m._init(proto)
+	})
+}
+
+func (m *nodeinfo) _init(proto *protoHandler) {
+	m.proto = proto
+	m.callbacks = make(map[keyArray]nodeinfoCallback)
+	m._cleanup()
+}
+
+func (m *nodeinfo) _cleanup() {
+	for boxPubKey, callback := range m.callbacks {
+		if time.Since(callback.created) > time.Minute {
+			delete(m.callbacks, boxPubKey)
+		}
+	}
+	time.AfterFunc(time.Second*30, func() {
+		m.Act(nil, m._cleanup)
+	})
+}
+
+func (m *nodeinfo) _addCallback(sender keyArray, call func(nodeinfo NodeInfoPayload)) {
+	m.callbacks[sender] = nodeinfoCallback{
+		created: time.Now(),
+		call:    call,
+	}
+}
+
+// Handles the callback, if there is one
+func (m *nodeinfo) _callback(sender keyArray, nodeinfo NodeInfoPayload) {
+	if callback, ok := m.callbacks[sender]; ok {
+		callback.call(nodeinfo)
+		delete(m.callbacks, sender)
+	}
+}
+
+func (m *nodeinfo) _getNodeInfo() NodeInfoPayload {
+	return m.myNodeInfo
+}
+
+// Set the current node's nodeinfo
+func (m *nodeinfo) setNodeInfo(given interface{}, privacy bool) (err error) {
+	phony.Block(m, func() {
+		err = m._setNodeInfo(given, privacy)
+	})
+	return
+}
+
+func (m *nodeinfo) _setNodeInfo(given interface{}, privacy bool) error {
+	defaults := map[string]interface{}{
+		"buildname":     version.BuildName(),
+		"buildversion":  version.BuildVersion(),
+		"buildplatform": runtime.GOOS,
+		"buildarch":     runtime.GOARCH,
+	}
+	newnodeinfo := make(map[string]interface{})
+	if !privacy {
+		for k, v := range defaults {
+			newnodeinfo[k] = v
+		}
+	}
+	if nodeinfomap, ok := given.(map[string]interface{}); ok {
+		for key, value := range nodeinfomap {
+			if _, ok := defaults[key]; ok {
+				if strvalue, strok := value.(string); strok && strings.EqualFold(strvalue, "null") || value == nil {
+					delete(newnodeinfo, key)
+				}
+				continue
+			}
+			newnodeinfo[key] = value
+		}
+	}
+	newjson, err := json.Marshal(newnodeinfo)
+	if err == nil {
+		if len(newjson) > 16384 {
+			return errors.New("NodeInfo exceeds max length of 16384 bytes")
+		}
+		m.myNodeInfo = newjson
+		return nil
+	}
+	return err
+}
+
+func (m *nodeinfo) sendReq(from phony.Actor, key keyArray, callback func(nodeinfo NodeInfoPayload)) {
+	m.Act(from, func() {
+		m._sendReq(key, callback)
+	})
+}
+
+func (m *nodeinfo) _sendReq(key keyArray, callback func(nodeinfo NodeInfoPayload)) {
+	if callback != nil {
+		m._addCallback(key, callback)
+	}
+	_, _ = m.proto.core.PacketConn.WriteTo([]byte{typeSessionProto, typeProtoNodeInfoRequest}, iwt.Addr(key[:]))
+}
+
+func (m *nodeinfo) handleReq(from phony.Actor, key keyArray) {
+	m.Act(from, func() {
+		m._sendRes(key)
+	})
+}
+
+func (m *nodeinfo) handleRes(from phony.Actor, key keyArray, info NodeInfoPayload) {
+	m.Act(from, func() {
+		m._callback(key, info)
+	})
+}
+
+func (m *nodeinfo) _sendRes(key keyArray) {
+	bs := append([]byte{typeSessionProto, typeProtoNodeInfoResponse}, m._getNodeInfo()...)
+	_, _ = m.proto.core.PacketConn.WriteTo(bs, iwt.Addr(key[:]))
+}
+
+// Admin socket stuff
+
+type GetNodeInfoRequest struct {
+	Key string `json:"key"`
+}
+type GetNodeInfoResponse map[string]interface{}
+
+func (m *nodeinfo) nodeInfoAdminHandler(in json.RawMessage) (interface{}, error) {
+	var req GetNodeInfoRequest
+	if err := json.Unmarshal(in, &req); err != nil {
+		return nil, err
+	}
+	var key keyArray
+	var kbs []byte
+	var err error
+	if kbs, err = hex.DecodeString(req.Key); err != nil {
+		return nil, err
+	}
+	copy(key[:], kbs)
+	ch := make(chan []byte, 1)
+	m.sendReq(nil, key, func(info NodeInfoPayload) {
+		ch <- info
+	})
+	timer := time.NewTimer(6 * time.Second)
+	defer timer.Stop()
+	select {
+	case <-timer.C:
+		return nil, errors.New("timeout")
+	case info := <-ch:
+		var msg json.RawMessage
+		if err := msg.UnmarshalJSON(info); err != nil {
+			return nil, err
+		}
+		ip := net.IP(address.AddrForKey(kbs)[:])
+		res := GetNodeInfoResponse{ip.String(): msg}
+		return res, nil
+	}
+}

src/core/proto.go

@@ -0,0 +1,373 @@
+package core
+
+import (
+	"crypto/ed25519"
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net"
+	"time"
+
+	iwt "github.com/Arceliar/ironwood/types"
+	"github.com/Arceliar/phony"
+
+	"github.com/yggdrasil-network/yggdrasil-go/src/address"
+)
+
+const (
+	typeDebugDummy = iota
+	typeDebugGetSelfRequest
+	typeDebugGetSelfResponse
+	typeDebugGetPeersRequest
+	typeDebugGetPeersResponse
+	typeDebugGetDHTRequest
+	typeDebugGetDHTResponse
+)
+
+type reqInfo struct {
+	callback func([]byte)
+	timer    *time.Timer // time.AfterFunc cleanup
+}
+
+type keyArray [ed25519.PublicKeySize]byte
+
+type protoHandler struct {
+	phony.Inbox
+
+	core     *Core
+	nodeinfo nodeinfo
+
+	selfRequests  map[keyArray]*reqInfo
+	peersRequests map[keyArray]*reqInfo
+	dhtRequests   map[keyArray]*reqInfo
+}
+
+func (p *protoHandler) init(core *Core) {
+	p.core = core
+	p.nodeinfo.init(p)
+
+	p.selfRequests = make(map[keyArray]*reqInfo)
+	p.peersRequests = make(map[keyArray]*reqInfo)
+	p.dhtRequests = make(map[keyArray]*reqInfo)
+}
+
+// Common functions
+
+func (p *protoHandler) handleProto(from phony.Actor, key keyArray, bs []byte) {
+	if len(bs) == 0 {
+		return
+	}
+	switch bs[0] {
+	case typeProtoDummy:
+	case typeProtoNodeInfoRequest:
+		p.nodeinfo.handleReq(p, key)
+	case typeProtoNodeInfoResponse:
+		p.nodeinfo.handleRes(p, key, bs[1:])
+	case typeProtoDebug:
+		p.handleDebug(from, key, bs[1:])
+	}
+}
+
+func (p *protoHandler) handleDebug(from phony.Actor, key keyArray, bs []byte) {
+	p.Act(from, func() {
+		p._handleDebug(key, bs)
+	})
+}
+
+func (p *protoHandler) _handleDebug(key keyArray, bs []byte) {
+	if len(bs) == 0 {
+		return
+	}
+	switch bs[0] {
+	case typeDebugDummy:
+	case typeDebugGetSelfRequest:
+		p._handleGetSelfRequest(key)
+	case typeDebugGetSelfResponse:
+		p._handleGetSelfResponse(key, bs[1:])
+	case typeDebugGetPeersRequest:
+		p._handleGetPeersRequest(key)
+	case typeDebugGetPeersResponse:
+		p._handleGetPeersResponse(key, bs[1:])
+	case typeDebugGetDHTRequest:
+		p._handleGetDHTRequest(key)
+	case typeDebugGetDHTResponse:
+		p._handleGetDHTResponse(key, bs[1:])
+	}
+}
+
+func (p *protoHandler) _sendDebug(key keyArray, dType uint8, data []byte) {
+	bs := append([]byte{typeSessionProto, typeProtoDebug, dType}, data...)
+	_, _ = p.core.PacketConn.WriteTo(bs, iwt.Addr(key[:]))
+}
+
+// Get self
+
+func (p *protoHandler) sendGetSelfRequest(key keyArray, callback func([]byte)) {
+	p.Act(nil, func() {
+		if info := p.selfRequests[key]; info != nil {
+			info.timer.Stop()
+			delete(p.selfRequests, key)
+		}
+		info := new(reqInfo)
+		info.callback = callback
+		info.timer = time.AfterFunc(time.Minute, func() {
+			p.Act(nil, func() {
+				if p.selfRequests[key] == info {
+					delete(p.selfRequests, key)
+				}
+			})
+		})
+		p.selfRequests[key] = info
+		p._sendDebug(key, typeDebugGetSelfRequest, nil)
+	})
+}
+
+func (p *protoHandler) _handleGetSelfRequest(key keyArray) {
+	self := p.core.GetSelf()
+	res := map[string]string{
+		"key":    hex.EncodeToString(self.Key[:]),
+		"coords": fmt.Sprintf("%v", self.Coords),
+	}
+	bs, err := json.Marshal(res) // FIXME this puts keys in base64, not hex
+	if err != nil {
+		return
+	}
+	p._sendDebug(key, typeDebugGetSelfResponse, bs)
+}
+
+func (p *protoHandler) _handleGetSelfResponse(key keyArray, bs []byte) {
+	if info := p.selfRequests[key]; info != nil {
+		info.timer.Stop()
+		info.callback(bs)
+		delete(p.selfRequests, key)
+	}
+}
+
+// Get peers
+
+func (p *protoHandler) sendGetPeersRequest(key keyArray, callback func([]byte)) {
+	p.Act(nil, func() {
+		if info := p.peersRequests[key]; info != nil {
+			info.timer.Stop()
+			delete(p.peersRequests, key)
+		}
+		info := new(reqInfo)
+		info.callback = callback
+		info.timer = time.AfterFunc(time.Minute, func() {
+			p.Act(nil, func() {
+				if p.peersRequests[key] == info {
+					delete(p.peersRequests, key)
+				}
+			})
+		})
+		p.peersRequests[key] = info
+		p._sendDebug(key, typeDebugGetPeersRequest, nil)
+	})
+}
+
+func (p *protoHandler) _handleGetPeersRequest(key keyArray) {
+	peers := p.core.GetPeers()
+	var bs []byte
+	for _, pinfo := range peers {
+		tmp := append(bs, pinfo.Key[:]...)
+		const responseOverhead = 2 // 1 debug type, 1 getpeers type
+		if uint64(len(tmp))+responseOverhead > p.core.MTU() {
+			break
+		}
+		bs = tmp
+	}
+	p._sendDebug(key, typeDebugGetPeersResponse, bs)
+}
+
+func (p *protoHandler) _handleGetPeersResponse(key keyArray, bs []byte) {
+	if info := p.peersRequests[key]; info != nil {
+		info.timer.Stop()
+		info.callback(bs)
+		delete(p.peersRequests, key)
+	}
+}
+
+// Get DHT
+
+func (p *protoHandler) sendGetDHTRequest(key keyArray, callback func([]byte)) {
+	p.Act(nil, func() {
+		if info := p.dhtRequests[key]; info != nil {
+			info.timer.Stop()
+			delete(p.dhtRequests, key)
+		}
+		info := new(reqInfo)
+		info.callback = callback
+		info.timer = time.AfterFunc(time.Minute, func() {
+			p.Act(nil, func() {
+				if p.dhtRequests[key] == info {
+					delete(p.dhtRequests, key)
+				}
+			})
+		})
+		p.dhtRequests[key] = info
+		p._sendDebug(key, typeDebugGetDHTRequest, nil)
+	})
+}
+
+func (p *protoHandler) _handleGetDHTRequest(key keyArray) {
+	dinfos := p.core.GetDHT()
+	var bs []byte
+	for _, dinfo := range dinfos {
+		tmp := append(bs, dinfo.Key[:]...)
+		const responseOverhead = 2 // 1 debug type, 1 getdht type
+		if uint64(len(tmp))+responseOverhead > p.core.MTU() {
+			break
+		}
+		bs = tmp
+	}
+	p._sendDebug(key, typeDebugGetDHTResponse, bs)
+}
+
+func (p *protoHandler) _handleGetDHTResponse(key keyArray, bs []byte) {
+	if info := p.dhtRequests[key]; info != nil {
+		info.timer.Stop()
+		info.callback(bs)
+		delete(p.dhtRequests, key)
+	}
+}
+
+// Admin socket stuff for "Get self"
+
+type DebugGetSelfRequest struct {
+	Key string `json:"key"`
+}
+
+type DebugGetSelfResponse map[string]interface{}
+
+func (p *protoHandler) getSelfHandler(in json.RawMessage) (interface{}, error) {
+	var req DebugGetSelfRequest
+	if err := json.Unmarshal(in, &req); err != nil {
+		return nil, err
+	}
+	var key keyArray
+	var kbs []byte
+	var err error
+	if kbs, err = hex.DecodeString(req.Key); err != nil {
+		return nil, err
+	}
+	copy(key[:], kbs)
+	ch := make(chan []byte, 1)
+	p.sendGetSelfRequest(key, func(info []byte) {
+		ch <- info
+	})
+	timer := time.NewTimer(6 * time.Second)
+	defer timer.Stop()
+	select {
+	case <-timer.C:
+		return nil, errors.New("timeout")
+	case info := <-ch:
+		var msg json.RawMessage
+		if err := msg.UnmarshalJSON(info); err != nil {
+			return nil, err
+		}
+		ip := net.IP(address.AddrForKey(kbs)[:])
+		res := DebugGetSelfResponse{ip.String(): msg}
+		return res, nil
+	}
+}
+
+// Admin socket stuff for "Get peers"
+
+type DebugGetPeersRequest struct {
+	Key string `json:"key"`
+}
+
+type DebugGetPeersResponse map[string]interface{}
+
+func (p *protoHandler) getPeersHandler(in json.RawMessage) (interface{}, error) {
+	var req DebugGetPeersRequest
+	if err := json.Unmarshal(in, &req); err != nil {
+		return nil, err
+	}
+	var key keyArray
+	var kbs []byte
+	var err error
+	if kbs, err = hex.DecodeString(req.Key); err != nil {
+		return nil, err
+	}
+	copy(key[:], kbs)
+	ch := make(chan []byte, 1)
+	p.sendGetPeersRequest(key, func(info []byte) {
+		ch <- info
+	})
+	timer := time.NewTimer(6 * time.Second)
+	defer timer.Stop()
+	select {
+	case <-timer.C:
+		return nil, errors.New("timeout")
+	case info := <-ch:
+		ks := make(map[string][]string)
+		bs := info
+		for len(bs) >= len(key) {
+			ks["keys"] = append(ks["keys"], hex.EncodeToString(bs[:len(key)]))
+			bs = bs[len(key):]
+		}
+		js, err := json.Marshal(ks)
+		if err != nil {
+			return nil, err
+		}
+		var msg json.RawMessage
+		if err := msg.UnmarshalJSON(js); err != nil {
+			return nil, err
+		}
+		ip := net.IP(address.AddrForKey(kbs)[:])
+		res := DebugGetPeersResponse{ip.String(): msg}
+		return res, nil
+	}
+}
+
+// Admin socket stuff for "Get DHT"
+
+type DebugGetDHTRequest struct {
+	Key string `json:"key"`
+}
+
+type DebugGetDHTResponse map[string]interface{}
+
+func (p *protoHandler) getDHTHandler(in json.RawMessage) (interface{}, error) {
+	var req DebugGetDHTRequest
+	if err := json.Unmarshal(in, &req); err != nil {
+		return nil, err
+	}
+	var key keyArray
+	var kbs []byte
+	var err error
+	if kbs, err = hex.DecodeString(req.Key); err != nil {
+		return nil, err
+	}
+	copy(key[:], kbs)
+	ch := make(chan []byte, 1)
+	p.sendGetDHTRequest(key, func(info []byte) {
+		ch <- info
+	})
+	timer := time.NewTimer(6 * time.Second)
+	defer timer.Stop()
+	select {
+	case <-timer.C:
+		return nil, errors.New("timeout")
+	case info := <-ch:
+		ks := make(map[string][]string)
+		bs := info
+		for len(bs) >= len(key) {
+			ks["keys"] = append(ks["keys"], hex.EncodeToString(bs[:len(key)]))
+			bs = bs[len(key):]
+		}
+		js, err := json.Marshal(ks)
+		if err != nil {
+			return nil, err
+		}
+		var msg json.RawMessage
+		if err := msg.UnmarshalJSON(js); err != nil {
+			return nil, err
+		}
+		ip := net.IP(address.AddrForKey(kbs)[:])
+		res := DebugGetDHTResponse{ip.String(): msg}
+		return res, nil
+	}
+}

src/core/tcp.go

@@ -1,4 +1,4 @@
-package yggdrasil
+package core
 
 // This sends packets to peers using TCP as a transport
 // It's generally better tested than the UDP implementation
@@ -19,6 +19,7 @@ import (
 	"fmt"
 	"math/rand"
 	"net"
+	"net/url"
 	"strings"
 	"sync"
 	"time"
@@ -26,11 +27,10 @@ import (
 	"golang.org/x/net/proxy"
 
 	"github.com/yggdrasil-network/yggdrasil-go/src/address"
-	"github.com/yggdrasil-network/yggdrasil-go/src/util"
+	//"github.com/yggdrasil-network/yggdrasil-go/src/util"
 )
 
 const default_timeout = 6 * time.Second
-const tcp_ping_interval = (default_timeout * 2 / 3)
 
 // The TCP listener and information about active TCP connections, to avoid duplication.
 type tcp struct {
@@ -49,12 +49,12 @@ type tcp struct {
 // multicast interfaces.
 type TcpListener struct {
 	Listener net.Listener
-	upgrade  *TcpUpgrade
+	opts     tcpOptions
 	stop     chan struct{}
 }
 
 type TcpUpgrade struct {
-	upgrade func(c net.Conn) (net.Conn, error)
+	upgrade func(c net.Conn, o *tcpOptions) (net.Conn, error)
 	name    string
 }
 
@@ -64,10 +64,11 @@ type tcpOptions struct {
 	socksProxyAddr string
 	socksProxyAuth *proxy.Auth
 	socksPeerAddr  string
+	tlsSNI         string
 }
 
 func (l *TcpListener) Stop() {
-	defer func() { recover() }()
+	defer func() { _ = recover() }()
 	close(l.stop)
 }
 
@@ -75,7 +76,7 @@ func (l *TcpListener) Stop() {
 func (t *tcp) setExtraOptions(c net.Conn) {
 	switch sock := c.(type) {
 	case *net.TCPConn:
-		sock.SetNoDelay(true)
+		_ = sock.SetNoDelay(true)
 	// TODO something for socks5
 	default:
 	}
@@ -104,20 +105,15 @@ func (t *tcp) init(l *links) error {
 	t.listeners = make(map[string]*TcpListener)
 	t.mutex.Unlock()
 
-	t.links.core.config.Mutex.RLock()
-	defer t.links.core.config.Mutex.RUnlock()
-	for _, listenaddr := range t.links.core.config.Current.Listen {
-		switch listenaddr[:6] {
-		case "tcp://":
-			if _, err := t.listen(listenaddr[6:], nil); err != nil {
-				return err
-			}
-		case "tls://":
-			if _, err := t.listen(listenaddr[6:], t.tls.forListener); err != nil {
-				return err
-			}
-		default:
-			t.links.core.log.Errorln("Failed to add listener: listener", listenaddr, "is not correctly formatted, ignoring")
+	t.links.core.config.RLock()
+	defer t.links.core.config.RUnlock()
+	for _, listenaddr := range t.links.core.config.Listen {
+		u, err := url.Parse(listenaddr)
+		if err != nil {
+			t.links.core.log.Errorln("Failed to parse listener: listener", listenaddr, "is not correctly formatted, ignoring")
+		}
+		if _, err := t.listenURL(u, ""); err != nil {
+			return err
 		}
 	}
 
@@ -134,47 +130,31 @@ func (t *tcp) stop() error {
 	return nil
 }
 
-func (t *tcp) reconfigure() {
-	t.links.core.config.Mutex.RLock()
-	added := util.Difference(t.links.core.config.Current.Listen, t.links.core.config.Previous.Listen)
-	deleted := util.Difference(t.links.core.config.Previous.Listen, t.links.core.config.Current.Listen)
-	t.links.core.config.Mutex.RUnlock()
-	if len(added) > 0 || len(deleted) > 0 {
-		for _, a := range added {
-			switch a[:6] {
-			case "tcp://":
-				if _, err := t.listen(a[6:], nil); err != nil {
-					t.links.core.log.Errorln("Error adding TCP", a[6:], "listener:", err)
-				}
-			case "tls://":
-				if _, err := t.listen(a[6:], t.tls.forListener); err != nil {
-					t.links.core.log.Errorln("Error adding TLS", a[6:], "listener:", err)
-				}
-			default:
-				t.links.core.log.Errorln("Failed to add listener: listener", a, "is not correctly formatted, ignoring")
-			}
-		}
-		for _, d := range deleted {
-			if d[:6] != "tcp://" && d[:6] != "tls://" {
-				t.links.core.log.Errorln("Failed to delete listener: listener", d, "is not correctly formatted, ignoring")
-				continue
-			}
-			t.mutex.Lock()
-			if listener, ok := t.listeners[d[6:]]; ok {
-				t.mutex.Unlock()
-				listener.Stop()
-				t.links.core.log.Infoln("Stopped TCP listener:", d[6:])
-			} else {
-				t.mutex.Unlock()
-			}
+func (t *tcp) listenURL(u *url.URL, sintf string) (*TcpListener, error) {
+	var listener *TcpListener
+	var err error
+	hostport := u.Host // Used for tcp and tls
+	if len(sintf) != 0 {
+		host, port, err := net.SplitHostPort(hostport)
+		if err == nil {
+			hostport = fmt.Sprintf("[%s%%%s]:%s", host, sintf, port)
 		}
 	}
+	switch u.Scheme {
+	case "tcp":
+		listener, err = t.listen(hostport, nil)
+	case "tls":
+		listener, err = t.listen(hostport, t.tls.forListener)
+	default:
+		t.links.core.log.Errorln("Failed to add listener: listener", u.String(), "is not correctly formatted, ignoring")
+	}
+	return listener, err
 }
 
 func (t *tcp) listen(listenaddr string, upgrade *TcpUpgrade) (*TcpListener, error) {
 	var err error
 
-	ctx := context.Background()
+	ctx := t.links.core.ctx
 	lc := net.ListenConfig{
 		Control: t.tcpContext,
 	}
@@ -182,7 +162,7 @@ func (t *tcp) listen(listenaddr string, upgrade *TcpUpgrade) (*TcpListener, erro
 	if err == nil {
 		l := TcpListener{
 			Listener: listener,
-			upgrade:  upgrade,
+			opts:     tcpOptions{upgrade: upgrade},
 			stop:     make(chan struct{}),
 		}
 		t.waitgroup.Add(1)
@@ -206,17 +186,21 @@ func (t *tcp) listener(l *TcpListener, listenaddr string) {
 		l.Listener.Close()
 		return
 	}
+	callproto := "TCP"
+	if l.opts.upgrade != nil {
+		callproto = strings.ToUpper(l.opts.upgrade.name)
+	}
 	t.listeners[listenaddr] = l
 	t.mutex.Unlock()
 	// And here we go!
 	defer func() {
-		t.links.core.log.Infoln("Stopping TCP listener on:", l.Listener.Addr().String())
+		t.links.core.log.Infoln("Stopping", callproto, "listener on:", l.Listener.Addr().String())
 		l.Listener.Close()
 		t.mutex.Lock()
 		delete(t.listeners, listenaddr)
 		t.mutex.Unlock()
 	}()
-	t.links.core.log.Infoln("Listening for TCP on:", l.Listener.Addr().String())
+	t.links.core.log.Infoln("Listening for", callproto, "on:", l.Listener.Addr().String())
 	go func() {
 		<-l.stop
 		l.Listener.Close()
@@ -235,9 +219,7 @@ func (t *tcp) listener(l *TcpListener, listenaddr string) {
 			continue
 		}
 		t.waitgroup.Add(1)
-		options := tcpOptions{
-			upgrade: l.upgrade,
-		}
+		options := l.opts
 		go t.handler(sock, true, options)
 	}
 }
@@ -293,12 +275,14 @@ func (t *tcp) call(saddr string, options tcpOptions, sintf string) {
 			if err != nil {
 				return
 			}
-			conn, err = dialer.Dial("tcp", saddr)
+			ctx, done := context.WithTimeout(t.links.core.ctx, default_timeout)
+			conn, err = dialer.(proxy.ContextDialer).DialContext(ctx, "tcp", saddr)
+			done()
 			if err != nil {
 				return
 			}
 			t.waitgroup.Add(1)
-			options.socksPeerAddr = conn.RemoteAddr().String()
+			options.socksPeerAddr = saddr
 			if ch := t.handler(conn, false, options); ch != nil {
 				<-ch
 			}
@@ -315,7 +299,6 @@ func (t *tcp) call(saddr string, options tcpOptions, sintf string) {
 			}
 			dialer := net.Dialer{
 				Control: t.tcpContext,
-				Timeout: time.Second * 5,
 			}
 			if sintf != "" {
 				dialer.Control = t.getControl(sintf)
@@ -361,7 +344,9 @@ func (t *tcp) call(saddr string, options tcpOptions, sintf string) {
 					}
 				}
 			}
-			conn, err = dialer.Dial("tcp", dst.String())
+			ctx, done := context.WithTimeout(t.links.core.ctx, default_timeout)
+			conn, err = dialer.DialContext(ctx, "tcp", dst.String())
+			done()
 			if err != nil {
 				t.links.core.log.Debugf("Failed to dial %s: %s", callproto, err)
 				return
@@ -381,14 +366,12 @@ func (t *tcp) handler(sock net.Conn, incoming bool, options tcpOptions) chan str
 	var upgraded bool
 	if options.upgrade != nil {
 		var err error
-		if sock, err = options.upgrade.upgrade(sock); err != nil {
+		if sock, err = options.upgrade.upgrade(sock, &options); err != nil {
 			t.links.core.log.Errorln("TCP handler upgrade failed:", err)
 			return nil
 		}
 		upgraded = true
 	}
-	stream := stream{}
-	stream.init(sock)
 	var name, proto, local, remote string
 	if options.socksProxyAddr != "" {
 		name = "socks://" + sock.RemoteAddr().String() + "/" + options.socksPeerAddr
@@ -423,7 +406,7 @@ func (t *tcp) handler(sock net.Conn, incoming bool, options tcpOptions) chan str
 		}
 	}
 	force := net.ParseIP(strings.Split(remote, "%")[0]).IsLinkLocalUnicast()
-	link, err := t.links.create(&stream, name, proto, local, remote, incoming, force, options.linkOptions)
+	link, err := t.links.create(sock, name, proto, local, remote, incoming, force, options.linkOptions)
 	if err != nil {
 		t.links.core.log.Println(err)
 		panic(err)

src/core/tcp_darwin.go

@@ -1,6 +1,7 @@
+//go:build darwin
 // +build darwin
 
-package yggdrasil
+package core
 
 import (
 	"syscall"

src/core/tcp_linux.go

@@ -1,6 +1,7 @@
+//go:build linux
 // +build linux
 
-package yggdrasil
+package core
 
 import (
 	"syscall"
@@ -36,7 +37,7 @@ func (t *tcp) getControl(sintf string) func(string, string, syscall.RawConn) err
 		btd := func(fd uintptr) {
 			err = unix.BindToDevice(int(fd), sintf)
 		}
-		c.Control(btd)
+		_ = c.Control(btd)
 		if err != nil {
 			t.links.core.log.Debugln("Failed to set SO_BINDTODEVICE:", sintf)
 		}

src/core/tcp_other.go

@@ -1,6 +1,7 @@
+//go:build !darwin && !linux
 // +build !darwin,!linux
 
-package yggdrasil
+package core
 
 import (
 	"syscall"

src/core/tls.go

@@ -1,4 +1,4 @@
-package yggdrasil
+package core
 
 import (
 	"bytes"
@@ -9,6 +9,7 @@ import (
 	"crypto/x509/pkix"
 	"encoding/hex"
 	"encoding/pem"
+	"errors"
 	"log"
 	"math/big"
 	"net"
@@ -34,7 +35,7 @@ func (t *tcptls) init(tcp *tcp) {
 	}
 
 	edpriv := make(ed25519.PrivateKey, ed25519.PrivateKeySize)
-	copy(edpriv[:], tcp.links.core.sigPriv[:])
+	copy(edpriv[:], tcp.links.core.secret[:])
 
 	certBuf := &bytes.Buffer{}
 
@@ -42,7 +43,7 @@ func (t *tcptls) init(tcp *tcp) {
 	pubtemp := x509.Certificate{
 		SerialNumber: big.NewInt(1),
 		Subject: pkix.Name{
-			CommonName: hex.EncodeToString(tcp.links.core.sigPub[:]),
+			CommonName: hex.EncodeToString(tcp.links.core.public[:]),
 		},
 		NotBefore:             time.Now(),
 		NotAfter:              time.Now().Add(time.Hour * 24 * 365),
@@ -76,16 +77,48 @@ func (t *tcptls) init(tcp *tcp) {
 	}
 }
 
-func (t *tcptls) upgradeListener(c net.Conn) (net.Conn, error) {
-	conn := tls.Server(c, t.config)
+func (t *tcptls) configForOptions(options *tcpOptions) *tls.Config {
+	config := t.config.Clone()
+	config.VerifyPeerCertificate = func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
+		if len(rawCerts) != 1 {
+			return errors.New("tls not exactly 1 cert")
+		}
+		cert, err := x509.ParseCertificate(rawCerts[0])
+		if err != nil {
+			return errors.New("tls failed to parse cert")
+		}
+		if cert.PublicKeyAlgorithm != x509.Ed25519 {
+			return errors.New("tls wrong cert algorithm")
+		}
+		pk := cert.PublicKey.(ed25519.PublicKey)
+		var key keyArray
+		copy(key[:], pk)
+		// If options does not have a pinned key, then pin one now
+		if options.pinnedEd25519Keys == nil {
+			options.pinnedEd25519Keys = make(map[keyArray]struct{})
+			options.pinnedEd25519Keys[key] = struct{}{}
+		}
+		if _, isIn := options.pinnedEd25519Keys[key]; !isIn {
+			return errors.New("tls key does not match pinned key")
+		}
+		return nil
+	}
+	return config
+}
+
+func (t *tcptls) upgradeListener(c net.Conn, options *tcpOptions) (net.Conn, error) {
+	config := t.configForOptions(options)
+	conn := tls.Server(c, config)
 	if err := conn.Handshake(); err != nil {
 		return c, err
 	}
 	return conn, nil
 }
 
-func (t *tcptls) upgradeDialer(c net.Conn) (net.Conn, error) {
-	conn := tls.Client(c, t.config)
+func (t *tcptls) upgradeDialer(c net.Conn, options *tcpOptions) (net.Conn, error) {
+	config := t.configForOptions(options)
+	config.ServerName = options.tlsSNI
+	conn := tls.Client(c, config)
 	if err := conn.Handshake(); err != nil {
 		return c, err
 	}

src/core/types.go

@@ -0,0 +1,16 @@
+package core
+
+// In-band packet types
+const (
+	typeSessionDummy = iota // nolint:deadcode,varcheck
+	typeSessionTraffic
+	typeSessionProto
+)
+
+// Protocol packet types
+const (
+	typeProtoDummy = iota
+	typeProtoNodeInfoRequest
+	typeProtoNodeInfoResponse
+	typeProtoDebug = 255
+)

src/core/version.go

@@ -1,22 +1,20 @@
-package yggdrasil
+package core
 
 // This file contains the version metadata struct
 // Used in the initial connection setup and key exchange
 // Some of this could arguably go in wire.go instead
 
-import "github.com/yggdrasil-network/yggdrasil-go/src/crypto"
+import "crypto/ed25519"
 
 // This is the version-specific metadata exchanged at the start of a connection.
 // It must always begin with the 4 bytes "meta" and a wire formatted uint64 major version number.
 // The current version also includes a minor version number, and the box/sig/link keys that need to be exchanged to open a connection.
 type version_metadata struct {
 	meta [4]byte
-	ver  uint64 // 1 byte in this version
+	ver  uint8 // 1 byte in this version
 	// Everything after this point potentially depends on the version number, and is subject to change in future versions
-	minorVer uint64 // 1 byte in this version
-	box      crypto.BoxPubKey
-	sig      crypto.SigPubKey
-	link     crypto.BoxPubKey
+	minorVer uint8 // 1 byte in this version
+	key      ed25519.PublicKey
 }
 
 // Gets a base metadata with no keys set, but with the correct version numbers.
@@ -24,18 +22,16 @@ func version_getBaseMetadata() version_metadata {
 	return version_metadata{
 		meta:     [4]byte{'m', 'e', 't', 'a'},
 		ver:      0,
-		minorVer: 2,
+		minorVer: 4,
 	}
 }
 
 // Gets the length of the metadata for this version, used to know how many bytes to read from the start of a connection.
 func version_getMetaLength() (mlen int) {
-	mlen += 4                   // meta
-	mlen++                      // ver, as long as it's < 127, which it is in this version
-	mlen++                      // minorVer, as long as it's < 127, which it is in this version
-	mlen += crypto.BoxPubKeyLen // box
-	mlen += crypto.SigPubKeyLen // sig
-	mlen += crypto.BoxPubKeyLen // link
+	mlen += 4                     // meta
+	mlen++                        // ver, as long as it's < 127, which it is in this version
+	mlen++                        // minorVer, as long as it's < 127, which it is in this version
+	mlen += ed25519.PublicKeySize // key
 	return
 }
 
@@ -43,11 +39,9 @@ func version_getMetaLength() (mlen int) {
 func (m *version_metadata) encode() []byte {
 	bs := make([]byte, 0, version_getMetaLength())
 	bs = append(bs, m.meta[:]...)
-	bs = append(bs, wire_encode_uint64(m.ver)...)
-	bs = append(bs, wire_encode_uint64(m.minorVer)...)
-	bs = append(bs, m.box[:]...)
-	bs = append(bs, m.sig[:]...)
-	bs = append(bs, m.link[:]...)
+	bs = append(bs, m.ver)
+	bs = append(bs, m.minorVer)
+	bs = append(bs, m.key[:]...)
 	if len(bs) != version_getMetaLength() {
 		panic("Inconsistent metadata length")
 	}
@@ -56,20 +50,14 @@ func (m *version_metadata) encode() []byte {
 
 // Decodes version metadata from its wire format into the struct.
 func (m *version_metadata) decode(bs []byte) bool {
-	switch {
-	case !wire_chop_slice(m.meta[:], &bs):
-		return false
-	case !wire_chop_uint64(&m.ver, &bs):
-		return false
-	case !wire_chop_uint64(&m.minorVer, &bs):
-		return false
-	case !wire_chop_slice(m.box[:], &bs):
-		return false
-	case !wire_chop_slice(m.sig[:], &bs):
-		return false
-	case !wire_chop_slice(m.link[:], &bs):
+	if len(bs) != version_getMetaLength() {
 		return false
 	}
+	offset := 0
+	offset += copy(m.meta[:], bs[offset:])
+	m.ver, offset = bs[offset], offset+1
+	m.minorVer, offset = bs[offset], offset+1
+	m.key = append([]byte(nil), bs[offset:]...)
 	return true
 }
 

src/crypto/crypto.go

@@ -1,311 +0,0 @@
-// Package crypto is a wrapper around packages under golang.org/x/crypto/, particulaly curve25519, ed25519, and nacl/box.
-// This is used to avoid explicitly importing and using these packages throughout yggdrasil.
-// It also includes the all-important NodeID and TreeID types, which are used to identify nodes in the DHT and in the spanning tree's root selection algorithm, respectively.
-package crypto
-
-/*
-
-This part of the package wraps crypto operations needed elsewhere
-
-In particular, it exposes key generation for ed25519 and nacl box
-
-It also defines NodeID and TreeID as hashes of keys, and wraps hash functions
-
-*/
-
-import (
-	"crypto/rand"
-	"crypto/sha512"
-	"encoding/hex"
-	"sync"
-
-	"golang.org/x/crypto/curve25519"
-	"golang.org/x/crypto/ed25519"
-	"golang.org/x/crypto/nacl/box"
-)
-
-////////////////////////////////////////////////////////////////////////////////
-
-// NodeID and TreeID
-
-// NodeIDLen is the length (in bytes) of a NodeID.
-const NodeIDLen = sha512.Size
-
-// TreeIDLen is the length (in bytes) of a TreeID.
-const TreeIDLen = sha512.Size
-
-// handleLen is the length (in bytes) of a Handle.
-const handleLen = 8
-
-// NodeID is how a yggdrasil node is identified in the DHT, and is used to derive IPv6 addresses and subnets in the main executable. It is a sha512sum hash of the node's BoxPubKey
-type NodeID [NodeIDLen]byte
-
-// TreeID is how a yggdrasil node is identified in the root selection algorithm used to construct the spanning tree.
-type TreeID [TreeIDLen]byte
-
-type Handle [handleLen]byte
-
-func (n *NodeID) String() string {
-	return hex.EncodeToString(n[:])
-}
-
-// Network returns "nodeid" nearly always right now.
-func (n *NodeID) Network() string {
-	return "nodeid"
-}
-
-// PrefixLength returns the number of bits set in a masked NodeID.
-func (n *NodeID) PrefixLength() int {
-	var len int
-	for i, v := range *n {
-		_, _ = i, v
-		if v == 0xff {
-			len += 8
-			continue
-		}
-		for v&0x80 != 0 {
-			len++
-			v <<= 1
-		}
-		if v != 0 {
-			return -1
-		}
-		for i++; i < NodeIDLen; i++ {
-			if n[i] != 0 {
-				return -1
-			}
-		}
-		break
-	}
-	return len
-}
-
-// GetNodeID returns the NodeID associated with a BoxPubKey.
-func GetNodeID(pub *BoxPubKey) *NodeID {
-	h := sha512.Sum512(pub[:])
-	return (*NodeID)(&h)
-}
-
-// GetTreeID returns the TreeID associated with a BoxPubKey
-func GetTreeID(pub *SigPubKey) *TreeID {
-	h := sha512.Sum512(pub[:])
-	return (*TreeID)(&h)
-}
-
-// NewHandle returns a new (cryptographically random) Handle, used by the session code to identify which session an incoming packet is associated with.
-func NewHandle() *Handle {
-	var h Handle
-	_, err := rand.Read(h[:])
-	if err != nil {
-		panic(err)
-	}
-	return &h
-}
-
-////////////////////////////////////////////////////////////////////////////////
-
-// Signatures
-
-// SigPubKeyLen is the length of a SigPubKey in bytes.
-const SigPubKeyLen = ed25519.PublicKeySize
-
-// SigPrivKeyLen is the length of a SigPrivKey in bytes.
-const SigPrivKeyLen = ed25519.PrivateKeySize
-
-// SigLen is the length of SigBytes.
-const SigLen = ed25519.SignatureSize
-
-// SigPubKey is a public ed25519 signing key.
-type SigPubKey [SigPubKeyLen]byte
-
-// SigPrivKey is a private ed25519 signing key.
-type SigPrivKey [SigPrivKeyLen]byte
-
-// SigBytes is an ed25519 signature.
-type SigBytes [SigLen]byte
-
-// NewSigKeys generates a public/private ed25519 key pair.
-func NewSigKeys() (*SigPubKey, *SigPrivKey) {
-	var pub SigPubKey
-	var priv SigPrivKey
-	pubSlice, privSlice, err := ed25519.GenerateKey(rand.Reader)
-	if err != nil {
-		panic(err)
-	}
-	copy(pub[:], pubSlice)
-	copy(priv[:], privSlice)
-	return &pub, &priv
-}
-
-// Sign returns the SigBytes signing a message.
-func Sign(priv *SigPrivKey, msg []byte) *SigBytes {
-	var sig SigBytes
-	sigSlice := ed25519.Sign(priv[:], msg)
-	copy(sig[:], sigSlice)
-	return &sig
-}
-
-// Verify returns true if the provided signature matches the key and message.
-func Verify(pub *SigPubKey, msg []byte, sig *SigBytes) bool {
-	// Should sig be an array instead of a slice?...
-	// It's fixed size, but
-	return ed25519.Verify(pub[:], msg, sig[:])
-}
-
-// Public returns the SigPubKey associated with this SigPrivKey.
-func (p SigPrivKey) Public() SigPubKey {
-	priv := make(ed25519.PrivateKey, ed25519.PrivateKeySize)
-	copy(priv[:], p[:])
-	pub := priv.Public().(ed25519.PublicKey)
-	var sigPub SigPubKey
-	copy(sigPub[:], pub[:])
-	return sigPub
-}
-
-////////////////////////////////////////////////////////////////////////////////
-
-// NaCl-like crypto "box" (curve25519+xsalsa20+poly1305)
-
-// BoxPubKeyLen is the length of a BoxPubKey in bytes.
-const BoxPubKeyLen = 32
-
-// BoxPrivKeyLen is the length of a BoxPrivKey in bytes.
-const BoxPrivKeyLen = 32
-
-// BoxSharedKeyLen is the length of a BoxSharedKey in bytes.
-const BoxSharedKeyLen = 32
-
-// BoxNonceLen is the length of a BoxNonce in bytes.
-const BoxNonceLen = 24
-
-// BoxOverhead is the length of the overhead from boxing something.
-const BoxOverhead = box.Overhead
-
-// BoxPubKey is a NaCl-like "box" public key (curve25519+xsalsa20+poly1305).
-type BoxPubKey [BoxPubKeyLen]byte
-
-// BoxPrivKey is a NaCl-like "box" private key (curve25519+xsalsa20+poly1305).
-type BoxPrivKey [BoxPrivKeyLen]byte
-
-// BoxSharedKey is a NaCl-like "box" shared key (curve25519+xsalsa20+poly1305).
-type BoxSharedKey [BoxSharedKeyLen]byte
-
-// BoxNonce is the nonce used in NaCl-like crypto "box" operations (curve25519+xsalsa20+poly1305), and must not be reused for different messages encrypted using the same BoxSharedKey.
-type BoxNonce [BoxNonceLen]byte
-
-// String returns a string representation of the "box" key.
-func (k BoxPubKey) String() string {
-	return hex.EncodeToString(k[:])
-}
-
-// Network returns "curve25519" for "box" keys.
-func (n BoxPubKey) Network() string {
-	return "curve25519"
-}
-
-// NewBoxKeys generates a new pair of public/private crypto box keys.
-func NewBoxKeys() (*BoxPubKey, *BoxPrivKey) {
-	pubBytes, privBytes, err := box.GenerateKey(rand.Reader)
-	if err != nil {
-		panic(err)
-	}
-	pub := (*BoxPubKey)(pubBytes)
-	priv := (*BoxPrivKey)(privBytes)
-	return pub, priv
-}
-
-// GetSharedKey returns the shared key derived from your private key and the destination's public key.
-func GetSharedKey(myPrivKey *BoxPrivKey,
-	othersPubKey *BoxPubKey) *BoxSharedKey {
-	var shared [BoxSharedKeyLen]byte
-	priv := (*[BoxPrivKeyLen]byte)(myPrivKey)
-	pub := (*[BoxPubKeyLen]byte)(othersPubKey)
-	box.Precompute(&shared, pub, priv)
-	return (*BoxSharedKey)(&shared)
-}
-
-// pool is used internally by BoxOpen and BoxSeal to avoid allocating temporary space
-var pool = sync.Pool{New: func() interface{} { return []byte(nil) }}
-
-// BoxOpen returns a message and true if it successfully opens a crypto box using the provided shared key and nonce.
-// The boxed input slice's backing array is reused for the unboxed output when possible.
-func BoxOpen(shared *BoxSharedKey,
-	boxed []byte,
-	nonce *BoxNonce) ([]byte, bool) {
-	s := (*[BoxSharedKeyLen]byte)(shared)
-	n := (*[BoxNonceLen]byte)(nonce)
-	temp := append(pool.Get().([]byte), boxed...)
-	unboxed, success := box.OpenAfterPrecomputation(boxed[:0], temp, n, s)
-	pool.Put(temp[:0])
-	return unboxed, success
-}
-
-// BoxSeal seals a crypto box using the provided shared key, returning the box and the nonce needed to decrypt it.
-// If nonce is nil, a random BoxNonce will be used and returned.
-// If nonce is non-nil, then nonce.Increment() will be called before using it, and the incremented BoxNonce is what is returned.
-// The unboxed input slice's backing array is reused for the boxed output when possible.
-func BoxSeal(shared *BoxSharedKey, unboxed []byte, nonce *BoxNonce) ([]byte, *BoxNonce) {
-	if nonce == nil {
-		nonce = NewBoxNonce()
-	}
-	nonce.Increment()
-	s := (*[BoxSharedKeyLen]byte)(shared)
-	n := (*[BoxNonceLen]byte)(nonce)
-	temp := append(pool.Get().([]byte), unboxed...)
-	boxed := box.SealAfterPrecomputation(unboxed[:0], temp, n, s)
-	pool.Put(temp[:0])
-	return boxed, nonce
-}
-
-// NewBoxNonce generates a (cryptographically) random BoxNonce.
-func NewBoxNonce() *BoxNonce {
-	var nonce BoxNonce
-	_, err := rand.Read(nonce[:])
-	for ; err == nil && nonce[0] == 0xff; _, err = rand.Read(nonce[:]) {
-		// Make sure nonce isn't too high
-		// This is just to make rollover unlikely to happen
-		// Rollover is fine, but it may kill the session and force it to reopen
-	}
-	if err != nil {
-		panic(err)
-	}
-	return &nonce
-}
-
-// Increment adds 2 to a BoxNonce, which is useful if one node intends to send only with odd BoxNonce values, and the other only with even BoxNonce values.
-func (n *BoxNonce) Increment() {
-	oldNonce := *n
-	n[len(n)-1] += 2
-	for i := len(n) - 2; i >= 0; i-- {
-		if n[i+1] < oldNonce[i+1] {
-			n[i]++
-		}
-	}
-}
-
-// Public returns the BoxPubKey associated with this BoxPrivKey.
-func (p BoxPrivKey) Public() BoxPubKey {
-	var boxPub [BoxPubKeyLen]byte
-	var boxPriv [BoxPrivKeyLen]byte
-	copy(boxPriv[:BoxPrivKeyLen], p[:BoxPrivKeyLen])
-	curve25519.ScalarBaseMult(&boxPub, &boxPriv)
-	return boxPub
-}
-
-// Minus is the result of subtracting the provided BoNonce from this BoxNonce, bounded at +- 64.
-// It's primarily used to determine if a new BoxNonce is higher than the last known BoxNonce from a crypto session, and by how much.
-// This is used in the machinery that makes sure replayed packets can't keep a session open indefinitely or stuck using old/bad information about a node.
-func (n *BoxNonce) Minus(m *BoxNonce) int64 {
-	diff := int64(0)
-	for idx := range n {
-		diff *= 256
-		diff += int64(n[idx]) - int64(m[idx])
-		if diff > 64 {
-			diff = 64
-		}
-		if diff < -64 {
-			diff = -64
-		}
-	}
-	return diff
-}

src/defaults/defaults.go

@@ -1,6 +1,8 @@
 package defaults
 
-import "github.com/yggdrasil-network/yggdrasil-go/src/types"
+import "github.com/yggdrasil-network/yggdrasil-go/src/config"
+
+type MulticastInterfaceConfig = config.MulticastInterfaceConfig
 
 // Defines which parameters are expected by default for configuration on a
 // specific platform. These values are populated in the relevant defaults_*.go
@@ -13,10 +15,30 @@ type platformDefaultParameters struct {
 	DefaultConfigFile string
 
 	// Multicast interfaces
-	DefaultMulticastInterfaces []string
+	DefaultMulticastInterfaces []MulticastInterfaceConfig
 
 	// TUN/TAP
-	MaximumIfMTU  types.MTU
-	DefaultIfMTU  types.MTU
+	MaximumIfMTU  uint64
+	DefaultIfMTU  uint64
 	DefaultIfName string
 }
+
+// Generates default configuration and returns a pointer to the resulting
+// NodeConfig. This is used when outputting the -genconf parameter and also when
+// using -autoconf.
+func GenerateConfig() *config.NodeConfig {
+	// Create a node configuration and populate it.
+	cfg := new(config.NodeConfig)
+	cfg.NewKeys()
+	cfg.Listen = []string{}
+	cfg.AdminListen = GetDefaults().DefaultAdminListen
+	cfg.Peers = []string{}
+	cfg.InterfacePeers = map[string][]string{}
+	cfg.AllowedPublicKeys = []string{}
+	cfg.MulticastInterfaces = GetDefaults().DefaultMulticastInterfaces
+	cfg.IfName = GetDefaults().DefaultIfName
+	cfg.IfMTU = GetDefaults().DefaultIfMTU
+	cfg.NodeInfoPrivacy = false
+
+	return cfg
+}

src/defaults/defaults_darwin.go

@@ -1,3 +1,4 @@
+//go:build darwin
 // +build darwin
 
 package defaults
@@ -13,9 +14,9 @@ func GetDefaults() platformDefaultParameters {
 		DefaultConfigFile: "/etc/yggdrasil.conf",
 
 		// Multicast interfaces
-		DefaultMulticastInterfaces: []string{
-			"en.*",
-			"bridge.*",
+		DefaultMulticastInterfaces: []MulticastInterfaceConfig{
+			{Regex: "en.*", Beacon: true, Listen: true},
+			{Regex: "bridge.*", Beacon: true, Listen: true},
 		},
 
 		// TUN/TAP

src/defaults/defaults_freebsd.go

@@ -1,3 +1,4 @@
+//go:build freebsd
 // +build freebsd
 
 package defaults
@@ -13,8 +14,8 @@ func GetDefaults() platformDefaultParameters {
 		DefaultConfigFile: "/usr/local/etc/yggdrasil.conf",
 
 		// Multicast interfaces
-		DefaultMulticastInterfaces: []string{
-			".*",
+		DefaultMulticastInterfaces: []MulticastInterfaceConfig{
+			{Regex: ".*", Beacon: true, Listen: true},
 		},
 
 		// TUN/TAP

src/defaults/defaults_linux.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package defaults
@@ -13,8 +14,8 @@ func GetDefaults() platformDefaultParameters {
 		DefaultConfigFile: "/etc/yggdrasil.conf",
 
 		// Multicast interfaces
-		DefaultMulticastInterfaces: []string{
-			".*",
+		DefaultMulticastInterfaces: []MulticastInterfaceConfig{
+			{Regex: ".*", Beacon: true, Listen: true},
 		},
 
 		// TUN/TAP

src/defaults/defaults_openbsd.go

@@ -1,3 +1,4 @@
+//go:build openbsd
 // +build openbsd
 
 package defaults
@@ -13,8 +14,8 @@ func GetDefaults() platformDefaultParameters {
 		DefaultConfigFile: "/etc/yggdrasil.conf",
 
 		// Multicast interfaces
-		DefaultMulticastInterfaces: []string{
-			".*",
+		DefaultMulticastInterfaces: []MulticastInterfaceConfig{
+			{Regex: ".*", Beacon: true, Listen: true},
 		},
 
 		// TUN/TAP

src/defaults/defaults_other.go

@@ -1,3 +1,4 @@
+//go:build !linux && !darwin && !windows && !openbsd && !freebsd
 // +build !linux,!darwin,!windows,!openbsd,!freebsd
 
 package defaults
@@ -13,8 +14,8 @@ func GetDefaults() platformDefaultParameters {
 		DefaultConfigFile: "/etc/yggdrasil.conf",
 
 		// Multicast interfaces
-		DefaultMulticastInterfaces: []string{
-			".*",
+		DefaultMulticastInterfaces: []MulticastInterfaceConfig{
+			{Regex: ".*", Beacon: true, Listen: true},
 		},
 
 		// TUN/TAP

src/defaults/defaults_windows.go

@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package defaults
@@ -13,8 +14,8 @@ func GetDefaults() platformDefaultParameters {
 		DefaultConfigFile: "C:\\Program Files\\Yggdrasil\\yggdrasil.conf",
 
 		// Multicast interfaces
-		DefaultMulticastInterfaces: []string{
-			".*",
+		DefaultMulticastInterfaces: []MulticastInterfaceConfig{
+			{Regex: ".*", Beacon: true, Listen: true},
 		},
 
 		// TUN/TAP

src/ipv6rwc/icmpv6.go

@@ -1,4 +1,4 @@
-package tuntap
+package ipv6rwc
 
 // The ICMPv6 module implements functions to easily create ICMPv6
 // packets. These functions, when mixed with the built-in Go IPv6
@@ -17,11 +17,7 @@ import (
 	"golang.org/x/net/ipv6"
 )
 
-const len_ETHER = 14
-
-type ICMPv6 struct {
-	tun *TunAdapter
-}
+type ICMPv6 struct{}
 
 // Marshal returns the binary encoding of h.
 func ipv6Header_Marshal(h *ipv6.Header) ([]byte, error) {
@@ -40,13 +36,6 @@ func ipv6Header_Marshal(h *ipv6.Header) ([]byte, error) {
 	return b, nil
 }
 
-// Initialises the ICMPv6 module by assigning our link-local IPv6 address and
-// our MAC address. ICMPv6 messages will always appear to originate from these
-// addresses.
-func (i *ICMPv6) Init(t *TunAdapter) {
-	i.tun = t
-}
-
 // Creates an ICMPv6 packet based on the given icmp.MessageBody and other
 // parameters, complete with IP headers only, which can be written directly to
 // a TUN adapter, or called directly by the CreateICMPv6L2 function when

src/ipv6rwc/ipv6rwc.go

@@ -0,0 +1,354 @@
+package ipv6rwc
+
+import (
+	"crypto/ed25519"
+	"errors"
+	"fmt"
+	"net"
+	"sync"
+	"time"
+
+	"golang.org/x/net/icmp"
+	"golang.org/x/net/ipv6"
+
+	iwt "github.com/Arceliar/ironwood/types"
+
+	"github.com/yggdrasil-network/yggdrasil-go/src/address"
+	"github.com/yggdrasil-network/yggdrasil-go/src/core"
+)
+
+const keyStoreTimeout = 2 * time.Minute
+
+// Out-of-band packet types
+const (
+	typeKeyDummy = iota // nolint:deadcode,varcheck
+	typeKeyLookup
+	typeKeyResponse
+)
+
+type keyArray [ed25519.PublicKeySize]byte
+
+type keyStore struct {
+	core         *core.Core
+	address      address.Address
+	subnet       address.Subnet
+	mutex        sync.Mutex
+	keyToInfo    map[keyArray]*keyInfo
+	addrToInfo   map[address.Address]*keyInfo
+	addrBuffer   map[address.Address]*buffer
+	subnetToInfo map[address.Subnet]*keyInfo
+	subnetBuffer map[address.Subnet]*buffer
+	mtu          uint64
+}
+
+type keyInfo struct {
+	key     keyArray
+	address address.Address
+	subnet  address.Subnet
+	timeout *time.Timer // From calling a time.AfterFunc to do cleanup
+}
+
+type buffer struct {
+	packet  []byte
+	timeout *time.Timer
+}
+
+func (k *keyStore) init(c *core.Core) {
+	k.core = c
+	k.address = *address.AddrForKey(k.core.PublicKey())
+	k.subnet = *address.SubnetForKey(k.core.PublicKey())
+	if err := k.core.SetOutOfBandHandler(k.oobHandler); err != nil {
+		err = fmt.Errorf("tun.core.SetOutOfBandHander: %w", err)
+		panic(err)
+	}
+	k.keyToInfo = make(map[keyArray]*keyInfo)
+	k.addrToInfo = make(map[address.Address]*keyInfo)
+	k.addrBuffer = make(map[address.Address]*buffer)
+	k.subnetToInfo = make(map[address.Subnet]*keyInfo)
+	k.subnetBuffer = make(map[address.Subnet]*buffer)
+	k.mtu = 1280 // Default to something safe, expect user to set this
+}
+
+func (k *keyStore) sendToAddress(addr address.Address, bs []byte) {
+	k.mutex.Lock()
+	if info := k.addrToInfo[addr]; info != nil {
+		k.resetTimeout(info)
+		k.mutex.Unlock()
+		_, _ = k.core.WriteTo(bs, iwt.Addr(info.key[:]))
+	} else {
+		var buf *buffer
+		if buf = k.addrBuffer[addr]; buf == nil {
+			buf = new(buffer)
+			k.addrBuffer[addr] = buf
+		}
+		msg := append([]byte(nil), bs...)
+		buf.packet = msg
+		if buf.timeout != nil {
+			buf.timeout.Stop()
+		}
+		buf.timeout = time.AfterFunc(keyStoreTimeout, func() {
+			k.mutex.Lock()
+			defer k.mutex.Unlock()
+			if nbuf := k.addrBuffer[addr]; nbuf == buf {
+				delete(k.addrBuffer, addr)
+			}
+		})
+		k.mutex.Unlock()
+		k.sendKeyLookup(addr.GetKey())
+	}
+}
+
+func (k *keyStore) sendToSubnet(subnet address.Subnet, bs []byte) {
+	k.mutex.Lock()
+	if info := k.subnetToInfo[subnet]; info != nil {
+		k.resetTimeout(info)
+		k.mutex.Unlock()
+		_, _ = k.core.WriteTo(bs, iwt.Addr(info.key[:]))
+	} else {
+		var buf *buffer
+		if buf = k.subnetBuffer[subnet]; buf == nil {
+			buf = new(buffer)
+			k.subnetBuffer[subnet] = buf
+		}
+		msg := append([]byte(nil), bs...)
+		buf.packet = msg
+		if buf.timeout != nil {
+			buf.timeout.Stop()
+		}
+		buf.timeout = time.AfterFunc(keyStoreTimeout, func() {
+			k.mutex.Lock()
+			defer k.mutex.Unlock()
+			if nbuf := k.subnetBuffer[subnet]; nbuf == buf {
+				delete(k.subnetBuffer, subnet)
+			}
+		})
+		k.mutex.Unlock()
+		k.sendKeyLookup(subnet.GetKey())
+	}
+}
+
+func (k *keyStore) update(key ed25519.PublicKey) *keyInfo {
+	k.mutex.Lock()
+	var kArray keyArray
+	copy(kArray[:], key)
+	var info *keyInfo
+	var packets [][]byte
+	if info = k.keyToInfo[kArray]; info == nil {
+		info = new(keyInfo)
+		info.key = kArray
+		info.address = *address.AddrForKey(ed25519.PublicKey(info.key[:]))
+		info.subnet = *address.SubnetForKey(ed25519.PublicKey(info.key[:]))
+		k.keyToInfo[info.key] = info
+		k.addrToInfo[info.address] = info
+		k.subnetToInfo[info.subnet] = info
+		if buf := k.addrBuffer[info.address]; buf != nil {
+			packets = append(packets, buf.packet)
+			delete(k.addrBuffer, info.address)
+		}
+		if buf := k.subnetBuffer[info.subnet]; buf != nil {
+			packets = append(packets, buf.packet)
+			delete(k.subnetBuffer, info.subnet)
+		}
+	}
+	k.resetTimeout(info)
+	k.mutex.Unlock()
+	for _, packet := range packets {
+		_, _ = k.core.WriteTo(packet, iwt.Addr(info.key[:]))
+	}
+	return info
+}
+
+func (k *keyStore) resetTimeout(info *keyInfo) {
+	if info.timeout != nil {
+		info.timeout.Stop()
+	}
+	info.timeout = time.AfterFunc(keyStoreTimeout, func() {
+		k.mutex.Lock()
+		defer k.mutex.Unlock()
+		if nfo := k.keyToInfo[info.key]; nfo == info {
+			delete(k.keyToInfo, info.key)
+		}
+		if nfo := k.addrToInfo[info.address]; nfo == info {
+			delete(k.addrToInfo, info.address)
+		}
+		if nfo := k.subnetToInfo[info.subnet]; nfo == info {
+			delete(k.subnetToInfo, info.subnet)
+		}
+	})
+}
+
+func (k *keyStore) oobHandler(fromKey, toKey ed25519.PublicKey, data []byte) {
+	if len(data) != 1+ed25519.SignatureSize {
+		return
+	}
+	sig := data[1:]
+	switch data[0] {
+	case typeKeyLookup:
+		snet := *address.SubnetForKey(toKey)
+		if snet == k.subnet && ed25519.Verify(fromKey, toKey[:], sig) {
+			// This is looking for at least our subnet (possibly our address)
+			// Send a response
+			k.sendKeyResponse(fromKey)
+		}
+	case typeKeyResponse:
+		// TODO keep a list of something to match against...
+		// Ignore the response if it doesn't match anything of interest...
+		if ed25519.Verify(fromKey, toKey[:], sig) {
+			k.update(fromKey)
+		}
+	}
+}
+
+func (k *keyStore) sendKeyLookup(partial ed25519.PublicKey) {
+	sig := ed25519.Sign(k.core.PrivateKey(), partial[:])
+	bs := append([]byte{typeKeyLookup}, sig...)
+	_ = k.core.SendOutOfBand(partial, bs)
+}
+
+func (k *keyStore) sendKeyResponse(dest ed25519.PublicKey) {
+	sig := ed25519.Sign(k.core.PrivateKey(), dest[:])
+	bs := append([]byte{typeKeyResponse}, sig...)
+	_ = k.core.SendOutOfBand(dest, bs)
+}
+
+func (k *keyStore) readPC(p []byte) (int, error) {
+	buf := make([]byte, k.core.MTU(), 65535)
+	for {
+		bs := buf
+		n, from, err := k.core.ReadFrom(bs)
+		if err != nil {
+			return n, err
+		}
+		if n == 0 {
+			continue
+		}
+		bs = bs[:n]
+		if len(bs) == 0 {
+			continue
+		}
+		if bs[0]&0xf0 != 0x60 {
+			continue // not IPv6
+		}
+		if len(bs) < 40 {
+			continue
+		}
+		k.mutex.Lock()
+		mtu := int(k.mtu)
+		k.mutex.Unlock()
+		if len(bs) > mtu {
+			// Using bs would make it leak off the stack, so copy to buf
+			buf := make([]byte, 512)
+			cn := copy(buf, bs)
+			ptb := &icmp.PacketTooBig{
+				MTU:  mtu,
+				Data: buf[:cn],
+			}
+			if packet, err := CreateICMPv6(buf[8:24], buf[24:40], ipv6.ICMPTypePacketTooBig, 0, ptb); err == nil {
+				_, _ = k.writePC(packet)
+			}
+			continue
+		}
+		var srcAddr, dstAddr address.Address
+		var srcSubnet, dstSubnet address.Subnet
+		copy(srcAddr[:], bs[8:])
+		copy(dstAddr[:], bs[24:])
+		copy(srcSubnet[:], bs[8:])
+		copy(dstSubnet[:], bs[24:])
+		if dstAddr != k.address && dstSubnet != k.subnet {
+			continue // bad local address/subnet
+		}
+		info := k.update(ed25519.PublicKey(from.(iwt.Addr)))
+		if srcAddr != info.address && srcSubnet != info.subnet {
+			continue // bad remote address/subnet
+		}
+		n = copy(p, bs)
+		return n, nil
+	}
+}
+
+func (k *keyStore) writePC(bs []byte) (int, error) {
+	if bs[0]&0xf0 != 0x60 {
+		return 0, errors.New("not an IPv6 packet") // not IPv6
+	}
+	if len(bs) < 40 {
+		strErr := fmt.Sprint("undersized IPv6 packet, length: ", len(bs))
+		return 0, errors.New(strErr)
+	}
+	var srcAddr, dstAddr address.Address
+	var srcSubnet, dstSubnet address.Subnet
+	copy(srcAddr[:], bs[8:])
+	copy(dstAddr[:], bs[24:])
+	copy(srcSubnet[:], bs[8:])
+	copy(dstSubnet[:], bs[24:])
+	if srcAddr != k.address && srcSubnet != k.subnet {
+		// This happens all the time due to link-local traffic
+		// Don't send back an error, just drop it
+		strErr := fmt.Sprint("incorrect source address: ", net.IP(srcAddr[:]).String())
+		return 0, errors.New(strErr)
+	}
+	if dstAddr.IsValid() {
+		k.sendToAddress(dstAddr, bs)
+	} else if dstSubnet.IsValid() {
+		k.sendToSubnet(dstSubnet, bs)
+	} else {
+		return 0, errors.New("invalid destination address")
+	}
+	return len(bs), nil
+}
+
+// Exported API
+
+func (k *keyStore) MaxMTU() uint64 {
+	return k.core.MTU()
+}
+
+func (k *keyStore) SetMTU(mtu uint64) {
+	if mtu > k.MaxMTU() {
+		mtu = k.MaxMTU()
+	}
+	if mtu < 1280 {
+		mtu = 1280
+	}
+	k.mutex.Lock()
+	k.mtu = mtu
+	k.mutex.Unlock()
+}
+
+func (k *keyStore) MTU() uint64 {
+	k.mutex.Lock()
+	mtu := k.mtu
+	k.mutex.Unlock()
+	return mtu
+}
+
+type ReadWriteCloser struct {
+	keyStore
+}
+
+func NewReadWriteCloser(c *core.Core) *ReadWriteCloser {
+	rwc := new(ReadWriteCloser)
+	rwc.init(c)
+	return rwc
+}
+
+func (rwc *ReadWriteCloser) Address() address.Address {
+	return rwc.address
+}
+
+func (rwc *ReadWriteCloser) Subnet() address.Subnet {
+	return rwc.subnet
+}
+
+func (rwc *ReadWriteCloser) Read(p []byte) (n int, err error) {
+	return rwc.readPC(p)
+}
+
+func (rwc *ReadWriteCloser) Write(p []byte) (n int, err error) {
+	return rwc.writePC(p)
+}
+
+func (rwc *ReadWriteCloser) Close() error {
+	err := rwc.core.Close()
+	rwc.core.Stop()
+	return err
+}

src/module/module.go

@@ -1,20 +0,0 @@
-package module
-
-import (
-	"github.com/gologme/log"
-
-	"github.com/yggdrasil-network/yggdrasil-go/src/admin"
-	"github.com/yggdrasil-network/yggdrasil-go/src/config"
-	"github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil"
-)
-
-// Module is an interface that defines which functions must be supported by a
-// given Yggdrasil module.
-type Module interface {
-	Init(core *yggdrasil.Core, state *config.NodeState, log *log.Logger, options interface{}) error
-	Start() error
-	Stop() error
-	UpdateConfig(config *config.NodeConfig)
-	SetupAdminHandlers(a *admin.AdminSocket)
-	IsStarted() bool
-}

src/multicast/admin.go

@@ -1,13 +1,34 @@
 package multicast
 
-import "github.com/yggdrasil-network/yggdrasil-go/src/admin"
+import (
+	"encoding/json"
+
+	"github.com/yggdrasil-network/yggdrasil-go/src/admin"
+)
+
+type GetMulticastInterfacesRequest struct{}
+type GetMulticastInterfacesResponse struct {
+	Interfaces []string `json:"multicast_interfaces"`
+}
+
+func (m *Multicast) getMulticastInterfacesHandler(req *GetMulticastInterfacesRequest, res *GetMulticastInterfacesResponse) error {
+	res.Interfaces = []string{}
+	for _, v := range m.Interfaces() {
+		res.Interfaces = append(res.Interfaces, v.Name)
+	}
+	return nil
+}
 
 func (m *Multicast) SetupAdminHandlers(a *admin.AdminSocket) {
-	a.AddHandler("getMulticastInterfaces", []string{}, func(in admin.Info) (admin.Info, error) {
-		var intfs []string
-		for _, v := range m.Interfaces() {
-			intfs = append(intfs, v.Name)
+	_ = a.AddHandler("getMulticastInterfaces", []string{}, func(in json.RawMessage) (interface{}, error) {
+		req := &GetMulticastInterfacesRequest{}
+		res := &GetMulticastInterfacesResponse{}
+		if err := json.Unmarshal(in, &req); err != nil {
+			return nil, err
 		}
-		return admin.Info{"multicast_interfaces": intfs}, nil
+		if err := m.getMulticastInterfacesHandler(req, res); err != nil {
+			return nil, err
+		}
+		return res, nil
 	})
 }

src/multicast/multicast.go

@@ -1,9 +1,14 @@
 package multicast
 
 import (
+	"bytes"
 	"context"
+	"crypto/ed25519"
+	"encoding/binary"
+	"encoding/hex"
 	"fmt"
 	"net"
+	"net/url"
 	"regexp"
 	"time"
 
@@ -11,7 +16,7 @@ import (
 	"github.com/gologme/log"
 
 	"github.com/yggdrasil-network/yggdrasil-go/src/config"
-	"github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil"
+	"github.com/yggdrasil-network/yggdrasil-go/src/core"
 	"golang.org/x/net/ipv6"
 )
 
@@ -21,37 +26,38 @@ import (
 // automatically.
 type Multicast struct {
 	phony.Inbox
-	core        *yggdrasil.Core
-	config      *config.NodeState
+	core        *core.Core
+	config      *config.NodeConfig
 	log         *log.Logger
 	sock        *ipv6.PacketConn
 	groupAddr   string
 	listeners   map[string]*listenerInfo
-	listenPort  uint16
 	isOpen      bool
 	_interfaces map[string]interfaceInfo
 }
 
 type interfaceInfo struct {
-	iface net.Interface
-	addrs []net.Addr
+	iface  net.Interface
+	addrs  []net.Addr
+	beacon bool
+	listen bool
+	port   uint16
 }
 
 type listenerInfo struct {
-	listener *yggdrasil.TcpListener
+	listener *core.TcpListener
 	time     time.Time
 	interval time.Duration
+	port     uint16
 }
 
 // Init prepares the multicast interface for use.
-func (m *Multicast) Init(core *yggdrasil.Core, state *config.NodeState, log *log.Logger, options interface{}) error {
+func (m *Multicast) Init(core *core.Core, nc *config.NodeConfig, log *log.Logger, options interface{}) error {
 	m.core = core
-	m.config = state
+	m.config = nc
 	m.log = log
 	m.listeners = make(map[string]*listenerInfo)
 	m._interfaces = make(map[string]interfaceInfo)
-	current := m.config.GetCurrent()
-	m.listenPort = current.LinkLocalTCPPort
 	m.groupAddr = "[ff02::114]:9001"
 	return nil
 }
@@ -72,7 +78,9 @@ func (m *Multicast) _start() error {
 	if m.isOpen {
 		return fmt.Errorf("multicast module is already started")
 	}
-	if len(m.config.GetCurrent().MulticastInterfaces) == 0 {
+	m.config.RLock()
+	defer m.config.RUnlock()
+	if len(m.config.MulticastInterfaces) == 0 {
 		return nil
 	}
 	m.log.Infoln("Starting multicast module")
@@ -89,7 +97,7 @@ func (m *Multicast) _start() error {
 		return err
 	}
 	m.sock = ipv6.NewPacketConn(conn)
-	if err = m.sock.SetControlMessage(ipv6.FlagDst, true); err != nil {
+	if err = m.sock.SetControlMessage(ipv6.FlagDst, true); err != nil { // nolint:staticcheck
 		// Windows can't set this flag, so we need to handle it in other ways
 	}
 
@@ -129,45 +137,17 @@ func (m *Multicast) _stop() error {
 	return nil
 }
 
-// UpdateConfig updates the multicast module with the provided config.NodeConfig
-// and then signals the various module goroutines to reconfigure themselves if
-// needed.
-func (m *Multicast) UpdateConfig(config *config.NodeConfig) {
-	m.Act(nil, func() { m._updateConfig(config) })
-}
-
-func (m *Multicast) _updateConfig(config *config.NodeConfig) {
-	m.log.Infoln("Reloading multicast configuration...")
-	if m.isOpen {
-		if len(config.MulticastInterfaces) == 0 || config.LinkLocalTCPPort != m.listenPort {
-			if err := m._stop(); err != nil {
-				m.log.Errorln("Error stopping multicast module:", err)
-			}
-		}
-	}
-	m.config.Replace(*config)
-	m.listenPort = config.LinkLocalTCPPort
-	if !m.isOpen && len(config.MulticastInterfaces) > 0 {
-		if err := m._start(); err != nil {
-			m.log.Errorln("Error starting multicast module:", err)
-		}
-	}
-	m.log.Debugln("Reloaded multicast configuration successfully")
-}
-
 func (m *Multicast) _updateInterfaces() {
-	interfaces := make(map[string]interfaceInfo)
-	intfs := m.getAllowedInterfaces()
-	for _, intf := range intfs {
-		addrs, err := intf.Addrs()
+	interfaces := m.getAllowedInterfaces()
+	for name, info := range interfaces {
+		addrs, err := info.iface.Addrs()
 		if err != nil {
-			m.log.Warnf("Failed up get addresses for interface %s: %s", intf.Name, err)
+			m.log.Warnf("Failed up get addresses for interface %s: %s", name, err)
+			delete(interfaces, name)
 			continue
 		}
-		interfaces[intf.Name] = interfaceInfo{
-			iface: intf,
-			addrs: addrs,
-		}
+		info.addrs = addrs
+		interfaces[name] = info
 	}
 	m._interfaces = interfaces
 }
@@ -183,11 +163,10 @@ func (m *Multicast) Interfaces() map[string]net.Interface {
 }
 
 // getAllowedInterfaces returns the currently known/enabled multicast interfaces.
-func (m *Multicast) getAllowedInterfaces() map[string]net.Interface {
-	interfaces := make(map[string]net.Interface)
+func (m *Multicast) getAllowedInterfaces() map[string]interfaceInfo {
+	interfaces := make(map[string]interfaceInfo)
 	// Get interface expressions from config
-	current := m.config.GetCurrent()
-	exprs := current.MulticastInterfaces
+	ifcfgs := m.config.MulticastInterfaces
 	// Ask the system for network interfaces
 	allifaces, err := net.Interfaces()
 	if err != nil {
@@ -209,15 +188,24 @@ func (m *Multicast) getAllowedInterfaces() map[string]net.Interface {
 			// Ignore point-to-point interfaces
 			continue
 		}
-		for _, expr := range exprs {
+		for _, ifcfg := range ifcfgs {
 			// Compile each regular expression
-			e, err := regexp.Compile(expr)
+			e, err := regexp.Compile(ifcfg.Regex)
 			if err != nil {
 				panic(err)
 			}
 			// Does the interface match the regular expression? Store it if so
 			if e.MatchString(iface.Name) {
-				interfaces[iface.Name] = iface
+				if ifcfg.Beacon || ifcfg.Listen {
+					info := interfaceInfo{
+						iface:  iface,
+						beacon: ifcfg.Beacon,
+						listen: ifcfg.Listen,
+						port:   ifcfg.Port,
+					}
+					interfaces[iface.Name] = info
+				}
+				break
 			}
 		}
 	}
@@ -293,42 +281,55 @@ func (m *Multicast) _announce() {
 			if !addrIP.IsLinkLocalUnicast() {
 				continue
 			}
-			// Join the multicast group
-			m.sock.JoinGroup(&iface, groupAddr)
+			if info.listen {
+				// Join the multicast group, so we can listen for beacons
+				_ = m.sock.JoinGroup(&iface, groupAddr)
+			}
+			if !info.beacon {
+				break // Don't send multicast beacons or accept incoming connections
+			}
 			// Try and see if we already have a TCP listener for this interface
-			var info *listenerInfo
+			var linfo *listenerInfo
 			if nfo, ok := m.listeners[iface.Name]; !ok || nfo.listener.Listener == nil {
 				// No listener was found - let's create one
-				listenaddr := fmt.Sprintf("[%s%%%s]:%d", addrIP, iface.Name, m.listenPort)
-				if li, err := m.core.ListenTCP(listenaddr); err == nil {
+				urlString := fmt.Sprintf("tls://[%s]:%d", addrIP, info.port)
+				u, err := url.Parse(urlString)
+				if err != nil {
+					panic(err)
+				}
+				if li, err := m.core.Listen(u, iface.Name); err == nil {
 					m.log.Debugln("Started multicasting on", iface.Name)
 					// Store the listener so that we can stop it later if needed
-					info = &listenerInfo{listener: li, time: time.Now()}
-					m.listeners[iface.Name] = info
+					linfo = &listenerInfo{listener: li, time: time.Now(), port: info.port}
+					m.listeners[iface.Name] = linfo
 				} else {
 					m.log.Warnln("Not multicasting on", iface.Name, "due to error:", err)
 				}
 			} else {
 				// An existing listener was found
-				info = m.listeners[iface.Name]
+				linfo = m.listeners[iface.Name]
 			}
 			// Make sure nothing above failed for some reason
-			if info == nil {
+			if linfo == nil {
 				continue
 			}
-			if time.Since(info.time) < info.interval {
+			if time.Since(linfo.time) < linfo.interval {
 				continue
 			}
 			// Get the listener details and construct the multicast beacon
-			lladdr := info.listener.Listener.Addr().String()
+			lladdr := linfo.listener.Listener.Addr().String()
 			if a, err := net.ResolveTCPAddr("tcp6", lladdr); err == nil {
 				a.Zone = ""
 				destAddr.Zone = iface.Name
-				msg := []byte(a.String())
-				m.sock.WriteTo(msg, nil, destAddr)
+				msg := append([]byte(nil), m.core.GetSelf().Key...)
+				msg = append(msg, a.IP...)
+				pbs := make([]byte, 2)
+				binary.BigEndian.PutUint16(pbs, uint16(a.Port))
+				msg = append(msg, pbs...)
+				_, _ = m.sock.WriteTo(msg, nil, destAddr)
 			}
-			if info.interval.Seconds() < 15 {
-				info.interval += time.Second
+			if linfo.interval.Seconds() < 15 {
+				linfo.interval += time.Second
 			}
 			break
 		}
@@ -363,22 +364,42 @@ func (m *Multicast) listen() {
 				continue
 			}
 		}
-		anAddr := string(bs[:nBytes])
-		addr, err := net.ResolveTCPAddr("tcp6", anAddr)
+		if nBytes < ed25519.PublicKeySize {
+			continue
+		}
+		var key ed25519.PublicKey
+		key = append(key, bs[:ed25519.PublicKeySize]...)
+		if bytes.Equal(key, m.core.GetSelf().Key) {
+			continue // don't bother trying to peer with self
+		}
+		begin := ed25519.PublicKeySize
+		end := nBytes - 2
+		if end <= begin {
+			continue // malformed address
+		}
+		ip := bs[begin:end]
+		port := binary.BigEndian.Uint16(bs[end:nBytes])
+		anAddr := net.TCPAddr{IP: ip, Port: int(port)}
+		addr, err := net.ResolveTCPAddr("tcp6", anAddr.String())
 		if err != nil {
 			continue
 		}
 		from := fromAddr.(*net.UDPAddr)
-		if addr.IP.String() != from.IP.String() {
+		if !from.IP.Equal(addr.IP) {
 			continue
 		}
 		var interfaces map[string]interfaceInfo
 		phony.Block(m, func() {
 			interfaces = m._interfaces
 		})
-		if _, ok := interfaces[from.Zone]; ok {
+		if info, ok := interfaces[from.Zone]; ok && info.listen {
 			addr.Zone = ""
-			if err := m.core.CallPeer("tcp://"+addr.String(), from.Zone); err != nil {
+			pin := fmt.Sprintf("/?key=%s", hex.EncodeToString(key))
+			u, err := url.Parse("tls://" + addr.String() + pin)
+			if err != nil {
+				m.log.Debugln("Call from multicast failed, parse error:", addr.String(), err)
+			}
+			if err := m.core.CallPeer(u, from.Zone); err != nil {
 				m.log.Debugln("Call from multicast failed:", err)
 			}
 		}

src/multicast/multicast_darwin.go

@@ -1,50 +1,17 @@
-// +build darwin
+//go:build !cgo && (darwin || ios)
+// +build !cgo
+// +build darwin ios
 
 package multicast
 
-/*
-#cgo CFLAGS: -x objective-c
-#cgo LDFLAGS: -framework Foundation
-#import <Foundation/Foundation.h>
-NSNetServiceBrowser *serviceBrowser;
-void StartAWDLBrowsing() {
-	if (serviceBrowser == nil) {
-		serviceBrowser = [[NSNetServiceBrowser alloc] init];
-		serviceBrowser.includesPeerToPeer = YES;
-	}
-	[serviceBrowser searchForServicesOfType:@"_yggdrasil._tcp" inDomain:@""];
-}
-void StopAWDLBrowsing() {
-	if (serviceBrowser == nil) {
-		return;
-	}
-	[serviceBrowser stop];
-}
-*/
-import "C"
 import (
 	"syscall"
-	"time"
 
 	"golang.org/x/sys/unix"
 )
 
-var awdlGoroutineStarted bool
-
 func (m *Multicast) _multicastStarted() {
-	if !m.isOpen {
-		return
-	}
-	C.StopAWDLBrowsing()
-	for intf := range m._interfaces {
-		if intf == "awdl0" {
-			C.StartAWDLBrowsing()
-			break
-		}
-	}
-	time.AfterFunc(time.Minute, func() {
-		m.Act(nil, m._multicastStarted)
-	})
+
 }
 
 func (m *Multicast) multicastReuse(network string, address string, c syscall.RawConn) error {

src/multicast/multicast_darwin_cgo.go

@@ -0,0 +1,69 @@
+//go:build (darwin && cgo) || (ios && cgo)
+// +build darwin,cgo ios,cgo
+
+package multicast
+
+/*
+#cgo CFLAGS: -x objective-c
+#cgo LDFLAGS: -framework Foundation
+#import <Foundation/Foundation.h>
+NSNetServiceBrowser *serviceBrowser;
+void StartAWDLBrowsing() {
+	if (serviceBrowser == nil) {
+		serviceBrowser = [[NSNetServiceBrowser alloc] init];
+		serviceBrowser.includesPeerToPeer = YES;
+	}
+	[serviceBrowser searchForServicesOfType:@"_yggdrasil._tcp" inDomain:@""];
+}
+void StopAWDLBrowsing() {
+	if (serviceBrowser == nil) {
+		return;
+	}
+	[serviceBrowser stop];
+}
+*/
+import "C"
+import (
+	"syscall"
+	"time"
+
+	"golang.org/x/sys/unix"
+)
+
+func (m *Multicast) _multicastStarted() {
+	if !m.isOpen {
+		return
+	}
+	C.StopAWDLBrowsing()
+	for intf := range m._interfaces {
+		if intf == "awdl0" {
+			C.StartAWDLBrowsing()
+			break
+		}
+	}
+	time.AfterFunc(time.Minute, func() {
+		m.Act(nil, m._multicastStarted)
+	})
+}
+
+func (m *Multicast) multicastReuse(network string, address string, c syscall.RawConn) error {
+	var control error
+	var reuseport error
+	var recvanyif error
+
+	control = c.Control(func(fd uintptr) {
+		reuseport = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_REUSEPORT, 1)
+
+		// sys/socket.h: #define	SO_RECV_ANYIF	0x1104
+		recvanyif = unix.SetsockoptInt(int(fd), syscall.SOL_SOCKET, 0x1104, 1)
+	})
+
+	switch {
+	case reuseport != nil:
+		return reuseport
+	case recvanyif != nil:
+		return recvanyif
+	default:
+		return control
+	}
+}

src/multicast/multicast_other.go

@@ -1,4 +1,5 @@
-// +build !linux,!darwin,!netbsd,!freebsd,!openbsd,!dragonflybsd,!windows
+//go:build !linux && !darwin && !ios && !netbsd && !freebsd && !openbsd && !dragonflybsd && !windows
+// +build !linux,!darwin,!ios,!netbsd,!freebsd,!openbsd,!dragonflybsd,!windows
 
 package multicast
 

src/multicast/multicast_unix.go

@@ -1,9 +1,13 @@
+//go:build linux || netbsd || freebsd || openbsd || dragonflybsd
 // +build linux netbsd freebsd openbsd dragonflybsd
 
 package multicast
 
-import "syscall"
-import "golang.org/x/sys/unix"
+import (
+	"syscall"
+
+	"golang.org/x/sys/unix"
+)
 
 func (m *Multicast) _multicastStarted() {
 

src/multicast/multicast_windows.go

@@ -1,9 +1,13 @@
+//go:build windows
 // +build windows
 
 package multicast
 
-import "syscall"
-import "golang.org/x/sys/windows"
+import (
+	"syscall"
+
+	"golang.org/x/sys/windows"
+)
 
 func (m *Multicast) _multicastStarted() {
 

src/tuntap/admin.go

@@ -1,114 +1,37 @@
 package tuntap
 
 import (
-	"encoding/hex"
-	"errors"
-	"fmt"
-	"net"
+	"encoding/json"
 
 	"github.com/yggdrasil-network/yggdrasil-go/src/admin"
 )
 
-func (t *TunAdapter) SetupAdminHandlers(a *admin.AdminSocket) {
-	a.AddHandler("getTunTap", []string{}, func(in admin.Info) (r admin.Info, e error) {
-		defer func() {
-			if err := recover(); err != nil {
-				r = admin.Info{"none": admin.Info{}}
-				e = nil
-			}
-		}()
+type GetTUNRequest struct{}
+type GetTUNResponse map[string]TUNEntry
 
-		return admin.Info{
-			t.Name(): admin.Info{
-				"mtu": t.mtu,
-			},
-		}, nil
-	})
-	/*
-			// TODO: rewrite this as I'm fairly sure it doesn't work right on many
-			// platforms anyway, but it may require changes to Water
-		  a.AddHandler("setTunTap", []string{"name", "[tap_mode]", "[mtu]"}, func(in Info) (Info, error) {
-		    // Set sane defaults
-		    iftapmode := defaults.GetDefaults().DefaultIfTAPMode
-		    ifmtu := defaults.GetDefaults().DefaultIfMTU
-		    // Has TAP mode been specified?
-		    if tap, ok := in["tap_mode"]; ok {
-		      iftapmode = tap.(bool)
-		    }
-		    // Check we have enough params for MTU
-		    if mtu, ok := in["mtu"]; ok {
-		      if mtu.(float64) >= 1280 && ifmtu <= defaults.GetDefaults().MaximumIfMTU {
-		        ifmtu = int(in["mtu"].(float64))
-		      }
-		    }
-		    // Start the TUN adapter
-		    if err := a.startTunWithMTU(in["name"].(string), iftapmode, ifmtu); err != nil {
-		      return Info{}, errors.New("Failed to configure adapter")
-		    } else {
-		      return Info{
-		        a.core.router.tun.iface.Name(): Info{
-		          "tap_mode": a.core.router.tun.iface.IsTAP(),
-		          "mtu":      ifmtu,
-		        },
-		      }, nil
-		    }
-		  })
-	*/
-	a.AddHandler("getTunnelRouting", []string{}, func(in admin.Info) (admin.Info, error) {
-		return admin.Info{"enabled": t.ckr.isEnabled()}, nil
-	})
-	a.AddHandler("setTunnelRouting", []string{"enabled"}, func(in admin.Info) (admin.Info, error) {
-		enabled := false
-		if e, ok := in["enabled"].(bool); ok {
-			enabled = e
+type TUNEntry struct {
+	MTU uint64 `json:"mtu"`
+}
+
+func (t *TunAdapter) getTUNHandler(req *GetTUNRequest, res *GetTUNResponse) error {
+	*res = GetTUNResponse{
+		t.Name(): TUNEntry{
+			MTU: t.MTU(),
+		},
+	}
+	return nil
+}
+
+func (t *TunAdapter) SetupAdminHandlers(a *admin.AdminSocket) {
+	_ = a.AddHandler("getTunTap", []string{}, func(in json.RawMessage) (interface{}, error) {
+		req := &GetTUNRequest{}
+		res := &GetTUNResponse{}
+		if err := json.Unmarshal(in, &req); err != nil {
+			return nil, err
 		}
-		t.ckr.setEnabled(enabled)
-		return admin.Info{"enabled": enabled}, nil
-	})
-	a.AddHandler("addLocalSubnet", []string{"subnet"}, func(in admin.Info) (admin.Info, error) {
-		if err := t.ckr.addLocalSubnet(in["subnet"].(string)); err == nil {
-			return admin.Info{"added": []string{in["subnet"].(string)}}, nil
+		if err := t.getTUNHandler(req, res); err != nil {
+			return nil, err
 		}
-		return admin.Info{"not_added": []string{in["subnet"].(string)}}, errors.New("Failed to add source subnet")
-	})
-	a.AddHandler("addRemoteSubnet", []string{"subnet", "box_pub_key"}, func(in admin.Info) (admin.Info, error) {
-		if err := t.ckr.addRemoteSubnet(in["subnet"].(string), in["box_pub_key"].(string)); err == nil {
-			return admin.Info{"added": []string{fmt.Sprintf("%s via %s", in["subnet"].(string), in["box_pub_key"].(string))}}, nil
-		}
-		return admin.Info{"not_added": []string{fmt.Sprintf("%s via %s", in["subnet"].(string), in["box_pub_key"].(string))}}, errors.New("Failed to add route")
-	})
-	a.AddHandler("getSourceSubnets", []string{}, func(in admin.Info) (admin.Info, error) {
-		var subnets []string
-		getSourceSubnets := func(snets []net.IPNet) {
-			for _, subnet := range snets {
-				subnets = append(subnets, subnet.String())
-			}
-		}
-		getSourceSubnets(t.ckr.ipv4locals)
-		getSourceSubnets(t.ckr.ipv6locals)
-		return admin.Info{"source_subnets": subnets}, nil
-	})
-	a.AddHandler("getRoutes", []string{}, func(in admin.Info) (admin.Info, error) {
-		routes := make(admin.Info)
-		getRoutes := func(ckrs []cryptokey_route) {
-			for _, ckr := range ckrs {
-				routes[ckr.subnet.String()] = hex.EncodeToString(ckr.destination[:])
-			}
-		}
-		getRoutes(t.ckr.ipv4remotes)
-		getRoutes(t.ckr.ipv6remotes)
-		return admin.Info{"routes": routes}, nil
-	})
-	a.AddHandler("removeLocalSubnet", []string{"subnet"}, func(in admin.Info) (admin.Info, error) {
-		if err := t.ckr.removeLocalSubnet(in["subnet"].(string)); err == nil {
-			return admin.Info{"removed": []string{in["subnet"].(string)}}, nil
-		}
-		return admin.Info{"not_removed": []string{in["subnet"].(string)}}, errors.New("Failed to remove source subnet")
-	})
-	a.AddHandler("removeRemoteSubnet", []string{"subnet", "box_pub_key"}, func(in admin.Info) (admin.Info, error) {
-		if err := t.ckr.removeRemoteSubnet(in["subnet"].(string), in["box_pub_key"].(string)); err == nil {
-			return admin.Info{"removed": []string{fmt.Sprintf("%s via %s", in["subnet"].(string), in["box_pub_key"].(string))}}, nil
-		}
-		return admin.Info{"not_removed": []string{fmt.Sprintf("%s via %s", in["subnet"].(string), in["box_pub_key"].(string))}}, errors.New("Failed to remove route")
+		return res, nil
 	})
 }

src/tuntap/ckr.go

@@ -1,430 +0,0 @@
-package tuntap
-
-import (
-	"bytes"
-	"encoding/hex"
-	"errors"
-	"fmt"
-	"net"
-	"sort"
-	"sync"
-	"sync/atomic"
-
-	"github.com/yggdrasil-network/yggdrasil-go/src/address"
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
-)
-
-// This module implements crypto-key routing, similar to Wireguard, where we
-// allow traffic for non-Yggdrasil ranges to be routed over Yggdrasil.
-
-type cryptokey struct {
-	tun          *TunAdapter
-	enabled      atomic.Value // bool
-	ipv4remotes  []cryptokey_route
-	ipv6remotes  []cryptokey_route
-	ipv4cache    map[address.Address]cryptokey_route
-	ipv6cache    map[address.Address]cryptokey_route
-	ipv4locals   []net.IPNet
-	ipv6locals   []net.IPNet
-	mutexremotes sync.RWMutex
-	mutexcaches  sync.RWMutex
-	mutexlocals  sync.RWMutex
-}
-
-type cryptokey_route struct {
-	subnet      net.IPNet
-	destination crypto.BoxPubKey
-}
-
-// Initialise crypto-key routing. This must be done before any other CKR calls.
-func (c *cryptokey) init(tun *TunAdapter) {
-	c.tun = tun
-	c.configure()
-}
-
-// Configure the CKR routes. This should only ever be ran by the TUN/TAP actor.
-func (c *cryptokey) configure() {
-	current := c.tun.config.GetCurrent()
-
-	// Set enabled/disabled state
-	c.setEnabled(current.TunnelRouting.Enable)
-
-	// Clear out existing routes
-	c.mutexremotes.Lock()
-	c.ipv6remotes = make([]cryptokey_route, 0)
-	c.ipv4remotes = make([]cryptokey_route, 0)
-	c.mutexremotes.Unlock()
-
-	// Add IPv6 routes
-	for ipv6, pubkey := range current.TunnelRouting.IPv6RemoteSubnets {
-		if err := c.addRemoteSubnet(ipv6, pubkey); err != nil {
-			c.tun.log.Errorln("Error adding CKR IPv6 remote subnet:", err)
-		}
-	}
-
-	// Add IPv4 routes
-	for ipv4, pubkey := range current.TunnelRouting.IPv4RemoteSubnets {
-		if err := c.addRemoteSubnet(ipv4, pubkey); err != nil {
-			c.tun.log.Errorln("Error adding CKR IPv4 remote subnet:", err)
-		}
-	}
-
-	// Clear out existing sources
-	c.mutexlocals.Lock()
-	c.ipv6locals = make([]net.IPNet, 0)
-	c.ipv4locals = make([]net.IPNet, 0)
-	c.mutexlocals.Unlock()
-
-	// Add IPv6 sources
-	c.ipv6locals = make([]net.IPNet, 0)
-	for _, source := range current.TunnelRouting.IPv6LocalSubnets {
-		if err := c.addLocalSubnet(source); err != nil {
-			c.tun.log.Errorln("Error adding CKR IPv6 local subnet:", err)
-		}
-	}
-
-	// Add IPv4 sources
-	c.ipv4locals = make([]net.IPNet, 0)
-	for _, source := range current.TunnelRouting.IPv4LocalSubnets {
-		if err := c.addLocalSubnet(source); err != nil {
-			c.tun.log.Errorln("Error adding CKR IPv4 local subnet:", err)
-		}
-	}
-
-	// Wipe the caches
-	c.mutexcaches.Lock()
-	c.ipv4cache = make(map[address.Address]cryptokey_route, 0)
-	c.ipv6cache = make(map[address.Address]cryptokey_route, 0)
-	c.mutexcaches.Unlock()
-}
-
-// Enable or disable crypto-key routing.
-func (c *cryptokey) setEnabled(enabled bool) {
-	c.enabled.Store(enabled)
-}
-
-// Check if crypto-key routing is enabled.
-func (c *cryptokey) isEnabled() bool {
-	enabled, ok := c.enabled.Load().(bool)
-	return ok && enabled
-}
-
-// Check whether the given address (with the address length specified in bytes)
-// matches either the current node's address, the node's routed subnet or the
-// list of subnets specified in ipv4locals/ipv6locals.
-func (c *cryptokey) isValidLocalAddress(addr address.Address, addrlen int) bool {
-	c.mutexlocals.RLock()
-	defer c.mutexlocals.RUnlock()
-	// Does it match a configured CKR source?
-	if c.isEnabled() {
-		ip := net.IP(addr[:addrlen])
-		// Build our references to the routing sources
-		var routingsources *[]net.IPNet
-
-		// Check if the prefix is IPv4 or IPv6
-		if addrlen == net.IPv6len {
-			routingsources = &c.ipv6locals
-		} else if addrlen == net.IPv4len {
-			routingsources = &c.ipv4locals
-		} else {
-			return false
-		}
-
-		for _, subnet := range *routingsources {
-			if subnet.Contains(ip) {
-				return true
-			}
-		}
-	}
-
-	// Doesn't match any of the above
-	return false
-}
-
-// Adds a source subnet, which allows traffic with these source addresses to
-// be tunnelled using crypto-key routing.
-func (c *cryptokey) addLocalSubnet(cidr string) error {
-	c.mutexlocals.Lock()
-	defer c.mutexlocals.Unlock()
-
-	// Is the CIDR we've been given valid?
-	_, ipnet, err := net.ParseCIDR(cidr)
-	if err != nil {
-		return err
-	}
-
-	// Get the prefix length and size
-	_, prefixsize := ipnet.Mask.Size()
-
-	// Build our references to the routing sources
-	var routingsources *[]net.IPNet
-
-	// Check if the prefix is IPv4 or IPv6
-	if prefixsize == net.IPv6len*8 {
-		routingsources = &c.ipv6locals
-	} else if prefixsize == net.IPv4len*8 {
-		routingsources = &c.ipv4locals
-	} else {
-		return errors.New("unexpected prefix size")
-	}
-
-	// Check if we already have this CIDR
-	for _, subnet := range *routingsources {
-		if subnet.String() == ipnet.String() {
-			return errors.New("local subnet already configured")
-		}
-	}
-
-	// Add the source subnet
-	*routingsources = append(*routingsources, *ipnet)
-	c.tun.log.Infoln("Added CKR local subnet", cidr)
-	return nil
-}
-
-// Adds a destination route for the given CIDR to be tunnelled to the node
-// with the given BoxPubKey.
-func (c *cryptokey) addRemoteSubnet(cidr string, dest string) error {
-	c.mutexremotes.Lock()
-	c.mutexcaches.Lock()
-	defer c.mutexremotes.Unlock()
-	defer c.mutexcaches.Unlock()
-
-	// Is the CIDR we've been given valid?
-	ipaddr, ipnet, err := net.ParseCIDR(cidr)
-	if err != nil {
-		return err
-	}
-
-	// Get the prefix length and size
-	_, prefixsize := ipnet.Mask.Size()
-
-	// Build our references to the routing table and cache
-	var routingtable *[]cryptokey_route
-	var routingcache *map[address.Address]cryptokey_route
-
-	// Check if the prefix is IPv4 or IPv6
-	if prefixsize == net.IPv6len*8 {
-		routingtable = &c.ipv6remotes
-		routingcache = &c.ipv6cache
-	} else if prefixsize == net.IPv4len*8 {
-		routingtable = &c.ipv4remotes
-		routingcache = &c.ipv4cache
-	} else {
-		return errors.New("unexpected prefix size")
-	}
-
-	// Is the route an Yggdrasil destination?
-	var addr address.Address
-	var snet address.Subnet
-	copy(addr[:], ipaddr)
-	copy(snet[:], ipnet.IP)
-	if addr.IsValid() || snet.IsValid() {
-		return errors.New("can't specify Yggdrasil destination as crypto-key route")
-	}
-	// Do we already have a route for this subnet?
-	for _, route := range *routingtable {
-		if route.subnet.String() == ipnet.String() {
-			return fmt.Errorf("remote subnet already exists for %s", cidr)
-		}
-	}
-	// Decode the public key
-	if bpk, err := hex.DecodeString(dest); err != nil {
-		return err
-	} else if len(bpk) != crypto.BoxPubKeyLen {
-		return fmt.Errorf("incorrect key length for %s", dest)
-	} else {
-		// Add the new crypto-key route
-		var key crypto.BoxPubKey
-		copy(key[:], bpk)
-		*routingtable = append(*routingtable, cryptokey_route{
-			subnet:      *ipnet,
-			destination: key,
-		})
-
-		// Sort so most specific routes are first
-		sort.Slice(*routingtable, func(i, j int) bool {
-			im, _ := (*routingtable)[i].subnet.Mask.Size()
-			jm, _ := (*routingtable)[j].subnet.Mask.Size()
-			return im > jm
-		})
-
-		// Clear the cache as this route might change future routing
-		// Setting an empty slice keeps the memory whereas nil invokes GC
-		for k := range *routingcache {
-			delete(*routingcache, k)
-		}
-
-		c.tun.log.Infoln("Added CKR remote subnet", cidr)
-		return nil
-	}
-}
-
-// Looks up the most specific route for the given address (with the address
-// length specified in bytes) from the crypto-key routing table. An error is
-// returned if the address is not suitable or no route was found.
-func (c *cryptokey) getPublicKeyForAddress(addr address.Address, addrlen int) (crypto.BoxPubKey, error) {
-
-	// Check if the address is a valid Yggdrasil address - if so it
-	// is exempt from all CKR checking
-	if addr.IsValid() {
-		return crypto.BoxPubKey{}, errors.New("cannot look up CKR for Yggdrasil addresses")
-	}
-
-	// Build our references to the routing table and cache
-	var routingtable *[]cryptokey_route
-	var routingcache *map[address.Address]cryptokey_route
-
-	// Check if the prefix is IPv4 or IPv6
-	if addrlen == net.IPv6len {
-		routingcache = &c.ipv6cache
-	} else if addrlen == net.IPv4len {
-		routingcache = &c.ipv4cache
-	} else {
-		return crypto.BoxPubKey{}, errors.New("unexpected prefix size")
-	}
-
-	// Check if there's a cache entry for this addr
-	c.mutexcaches.RLock()
-	if route, ok := (*routingcache)[addr]; ok {
-		c.mutexcaches.RUnlock()
-		return route.destination, nil
-	}
-	c.mutexcaches.RUnlock()
-
-	c.mutexremotes.RLock()
-	defer c.mutexremotes.RUnlock()
-
-	// Check if the prefix is IPv4 or IPv6
-	if addrlen == net.IPv6len {
-		routingtable = &c.ipv6remotes
-	} else if addrlen == net.IPv4len {
-		routingtable = &c.ipv4remotes
-	} else {
-		return crypto.BoxPubKey{}, errors.New("unexpected prefix size")
-	}
-
-	// No cache was found - start by converting the address into a net.IP
-	ip := make(net.IP, addrlen)
-	copy(ip[:addrlen], addr[:])
-
-	// Check if we have a route. At this point c.ipv6remotes should be
-	// pre-sorted so that the most specific routes are first
-	for _, route := range *routingtable {
-		// Does this subnet match the given IP?
-		if route.subnet.Contains(ip) {
-			c.mutexcaches.Lock()
-			defer c.mutexcaches.Unlock()
-
-			// Check if the routing cache is above a certain size, if it is evict
-			// a random entry so we can make room for this one. We take advantage
-			// of the fact that the iteration order is random here
-			for k := range *routingcache {
-				if len(*routingcache) < 1024 {
-					break
-				}
-				delete(*routingcache, k)
-			}
-
-			// Cache the entry for future packets to get a faster lookup
-			(*routingcache)[addr] = route
-
-			// Return the boxPubKey
-			return route.destination, nil
-		}
-	}
-
-	// No route was found if we got to this point
-	return crypto.BoxPubKey{}, fmt.Errorf("no route to %s", ip.String())
-}
-
-// Removes a source subnet, which allows traffic with these source addresses to
-// be tunnelled using crypto-key routing.
-func (c *cryptokey) removeLocalSubnet(cidr string) error {
-	c.mutexlocals.Lock()
-	defer c.mutexlocals.Unlock()
-
-	// Is the CIDR we've been given valid?
-	_, ipnet, err := net.ParseCIDR(cidr)
-	if err != nil {
-		return err
-	}
-
-	// Get the prefix length and size
-	_, prefixsize := ipnet.Mask.Size()
-
-	// Build our references to the routing sources
-	var routingsources *[]net.IPNet
-
-	// Check if the prefix is IPv4 or IPv6
-	if prefixsize == net.IPv6len*8 {
-		routingsources = &c.ipv6locals
-	} else if prefixsize == net.IPv4len*8 {
-		routingsources = &c.ipv4locals
-	} else {
-		return errors.New("unexpected prefix size")
-	}
-
-	// Check if we already have this CIDR
-	for idx, subnet := range *routingsources {
-		if subnet.String() == ipnet.String() {
-			*routingsources = append((*routingsources)[:idx], (*routingsources)[idx+1:]...)
-			c.tun.log.Infoln("Removed CKR local subnet", cidr)
-			return nil
-		}
-	}
-	return errors.New("local subnet not found")
-}
-
-// Removes a destination route for the given CIDR to be tunnelled to the node
-// with the given BoxPubKey.
-func (c *cryptokey) removeRemoteSubnet(cidr string, dest string) error {
-	c.mutexremotes.Lock()
-	c.mutexcaches.Lock()
-	defer c.mutexremotes.Unlock()
-	defer c.mutexcaches.Unlock()
-
-	// Is the CIDR we've been given valid?
-	_, ipnet, err := net.ParseCIDR(cidr)
-	if err != nil {
-		return err
-	}
-
-	// Get the prefix length and size
-	_, prefixsize := ipnet.Mask.Size()
-
-	// Build our references to the routing table and cache
-	var routingtable *[]cryptokey_route
-	var routingcache *map[address.Address]cryptokey_route
-
-	// Check if the prefix is IPv4 or IPv6
-	if prefixsize == net.IPv6len*8 {
-		routingtable = &c.ipv6remotes
-		routingcache = &c.ipv6cache
-	} else if prefixsize == net.IPv4len*8 {
-		routingtable = &c.ipv4remotes
-		routingcache = &c.ipv4cache
-	} else {
-		return errors.New("unexpected prefix size")
-	}
-
-	// Decode the public key
-	bpk, err := hex.DecodeString(dest)
-	if err != nil {
-		return err
-	} else if len(bpk) != crypto.BoxPubKeyLen {
-		return fmt.Errorf("incorrect key length for %s", dest)
-	}
-	netStr := ipnet.String()
-
-	for idx, route := range *routingtable {
-		if bytes.Equal(route.destination[:], bpk) && route.subnet.String() == netStr {
-			*routingtable = append((*routingtable)[:idx], (*routingtable)[idx+1:]...)
-			for k := range *routingcache {
-				delete(*routingcache, k)
-			}
-			c.tun.log.Infof("Removed CKR remote subnet %s via %s\n", cidr, dest)
-			return nil
-		}
-	}
-	return fmt.Errorf("route does not exists for %s", cidr)
-}

src/tuntap/conn.go

@@ -1,227 +0,0 @@
-package tuntap
-
-import (
-	"bytes"
-	"errors"
-	"time"
-
-	"github.com/Arceliar/phony"
-	"github.com/yggdrasil-network/yggdrasil-go/src/address"
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
-	"github.com/yggdrasil-network/yggdrasil-go/src/util"
-	"github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil"
-	"golang.org/x/net/icmp"
-	"golang.org/x/net/ipv6"
-)
-
-const tunConnTimeout = 2 * time.Minute
-
-type tunConn struct {
-	phony.Inbox
-	tun   *TunAdapter
-	conn  *yggdrasil.Conn
-	addr  address.Address
-	snet  address.Subnet
-	stop  chan struct{}
-	alive *time.Timer // From calling time.AfterFunc
-}
-
-func (s *tunConn) close() {
-	s.tun.Act(s, s._close_from_tun)
-}
-
-func (s *tunConn) _close_from_tun() {
-	go s.conn.Close() // Just in case it blocks on actor operations
-	delete(s.tun.addrToConn, s.addr)
-	delete(s.tun.subnetToConn, s.snet)
-	func() {
-		defer func() { recover() }()
-		close(s.stop) // Closes reader/writer goroutines
-	}()
-}
-
-func (s *tunConn) _read(bs []byte) (err error) {
-	select {
-	case <-s.stop:
-		err = errors.New("session was already closed")
-		return
-	default:
-	}
-	if len(bs) == 0 {
-		err = errors.New("read packet with 0 size")
-		return
-	}
-	ipv4 := len(bs) > 20 && bs[0]&0xf0 == 0x40
-	ipv6 := len(bs) > 40 && bs[0]&0xf0 == 0x60
-	isCGA := true
-	// Check source addresses
-	switch {
-	case ipv6 && bs[8] == 0x02 && bytes.Equal(s.addr[:16], bs[8:24]): // source
-	case ipv6 && bs[8] == 0x03 && bytes.Equal(s.snet[:8], bs[8:16]): // source
-	default:
-		isCGA = false
-	}
-	// Check destination addresses
-	switch {
-	case ipv6 && bs[24] == 0x02 && bytes.Equal(s.tun.addr[:16], bs[24:40]): // destination
-	case ipv6 && bs[24] == 0x03 && bytes.Equal(s.tun.subnet[:8], bs[24:32]): // destination
-	default:
-		isCGA = false
-	}
-	// Decide how to handle the packet
-	var skip bool
-	switch {
-	case isCGA: // Allowed
-	case s.tun.ckr.isEnabled() && (ipv4 || ipv6):
-		var srcAddr address.Address
-		var dstAddr address.Address
-		var addrlen int
-		if ipv4 {
-			copy(srcAddr[:], bs[12:16])
-			copy(dstAddr[:], bs[16:20])
-			addrlen = 4
-		}
-		if ipv6 {
-			copy(srcAddr[:], bs[8:24])
-			copy(dstAddr[:], bs[24:40])
-			addrlen = 16
-		}
-		if !s.tun.ckr.isValidLocalAddress(dstAddr, addrlen) {
-			// The destination address isn't in our CKR allowed range
-			skip = true
-		} else if key, err := s.tun.ckr.getPublicKeyForAddress(srcAddr, addrlen); err == nil {
-			if *s.conn.RemoteAddr().(*crypto.BoxPubKey) == key {
-				// This is the one allowed CKR case, where source and destination addresses are both good
-			} else {
-				// The CKR key associated with this address doesn't match the sender's NodeID
-				skip = true
-			}
-		} else {
-			// We have no CKR route for this source address
-			skip = true
-		}
-	default:
-		skip = true
-	}
-	if skip {
-		err = errors.New("address not allowed")
-		return
-	}
-	s.tun.writer.writeFrom(s, bs)
-	s.stillAlive()
-	return
-}
-
-func (s *tunConn) writeFrom(from phony.Actor, bs []byte) {
-	s.Act(from, func() {
-		s._write(bs)
-	})
-}
-
-func (s *tunConn) _write(bs []byte) (err error) {
-	select {
-	case <-s.stop:
-		err = errors.New("session was already closed")
-		return
-	default:
-	}
-	v4 := len(bs) > 20 && bs[0]&0xf0 == 0x40
-	v6 := len(bs) > 40 && bs[0]&0xf0 == 0x60
-	isCGA := true
-	// Check source addresses
-	switch {
-	case v6 && bs[8] == 0x02 && bytes.Equal(s.tun.addr[:16], bs[8:24]): // source
-	case v6 && bs[8] == 0x03 && bytes.Equal(s.tun.subnet[:8], bs[8:16]): // source
-	default:
-		isCGA = false
-	}
-	// Check destiantion addresses
-	switch {
-	case v6 && bs[24] == 0x02 && bytes.Equal(s.addr[:16], bs[24:40]): // destination
-	case v6 && bs[24] == 0x03 && bytes.Equal(s.snet[:8], bs[24:32]): // destination
-	default:
-		isCGA = false
-	}
-	// Decide how to handle the packet
-	var skip bool
-	switch {
-	case isCGA: // Allowed
-	case s.tun.ckr.isEnabled() && (v4 || v6):
-		var srcAddr address.Address
-		var dstAddr address.Address
-		var addrlen int
-		if v4 {
-			copy(srcAddr[:], bs[12:16])
-			copy(dstAddr[:], bs[16:20])
-			addrlen = 4
-		}
-		if v6 {
-			copy(srcAddr[:], bs[8:24])
-			copy(dstAddr[:], bs[24:40])
-			addrlen = 16
-		}
-		if !s.tun.ckr.isValidLocalAddress(srcAddr, addrlen) {
-			// The source address isn't in our CKR allowed range
-			skip = true
-		} else if key, err := s.tun.ckr.getPublicKeyForAddress(dstAddr, addrlen); err == nil {
-			if *s.conn.RemoteAddr().(*crypto.BoxPubKey) == key {
-				// This is the one allowed CKR case, where source and destination addresses are both good
-			} else {
-				// The CKR key associated with this address doesn't match the sender's NodeID
-				skip = true
-			}
-		} else {
-			// We have no CKR route for this destination address... why do we have the packet in the first place?
-			skip = true
-		}
-	default:
-		skip = true
-	}
-	if skip {
-		err = errors.New("address not allowed")
-		return
-	}
-	msg := yggdrasil.FlowKeyMessage{
-		FlowKey: util.GetFlowKey(bs),
-		Message: bs,
-	}
-	s.conn.WriteFrom(s, msg, func(err error) {
-		if err == nil {
-			// No point in wasting resources to send back an error if there was none
-			return
-		}
-		s.Act(s.conn, func() {
-			if e, eok := err.(yggdrasil.ConnError); !eok {
-				if e.Closed() {
-					s.tun.log.Debugln(s.conn.String(), "TUN/TAP generic write debug:", err)
-				} else {
-					s.tun.log.Errorln(s.conn.String(), "TUN/TAP generic write error:", err)
-				}
-			} else if e.PacketTooBig() {
-				// TODO: This currently isn't aware of IPv4 for CKR
-				ptb := &icmp.PacketTooBig{
-					MTU:  int(e.PacketMaximumSize()),
-					Data: bs[:900],
-				}
-				if packet, err := CreateICMPv6(bs[8:24], bs[24:40], ipv6.ICMPTypePacketTooBig, 0, ptb); err == nil {
-					s.tun.writer.writeFrom(s, packet)
-				}
-			} else {
-				if e.Closed() {
-					s.tun.log.Debugln(s.conn.String(), "TUN/TAP conn write debug:", err)
-				} else {
-					s.tun.log.Errorln(s.conn.String(), "TUN/TAP conn write error:", err)
-				}
-			}
-		})
-	})
-	s.stillAlive()
-	return
-}
-
-func (s *tunConn) stillAlive() {
-	if s.alive != nil {
-		s.alive.Stop()
-	}
-	s.alive = time.AfterFunc(tunConnTimeout, s.close)
-}

src/tuntap/iface.go

@@ -1,220 +1,47 @@
 package tuntap
 
-import (
-	"github.com/yggdrasil-network/yggdrasil-go/src/address"
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
-	"github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil"
-
-	"golang.org/x/net/icmp"
-	"golang.org/x/net/ipv6"
-
-	"github.com/Arceliar/phony"
-)
-
 const TUN_OFFSET_BYTES = 4
 
-type tunWriter struct {
-	phony.Inbox
-	tun *TunAdapter
-	buf [TUN_OFFSET_BYTES + 65536]byte
-}
-
-func (w *tunWriter) writeFrom(from phony.Actor, b []byte) {
-	w.Act(from, func() {
-		w._write(b)
-	})
-}
-
-// write is pretty loose with the memory safety rules, e.g. it assumes it can
-// read w.tun.iface.IsTap() safely
-func (w *tunWriter) _write(b []byte) {
-	var written int
-	var err error
-	n := len(b)
-	if n == 0 {
-		return
-	}
-	temp := append(w.buf[:TUN_OFFSET_BYTES], b...)
-	written, err = w.tun.iface.Write(temp, TUN_OFFSET_BYTES)
-	if err != nil {
-		w.tun.Act(w, func() {
-			if !w.tun.isOpen {
-				w.tun.log.Errorln("TUN iface write error:", err)
+func (tun *TunAdapter) read() {
+	var buf [TUN_OFFSET_BYTES + 65535]byte
+	for {
+		n, err := tun.iface.Read(buf[:], TUN_OFFSET_BYTES)
+		if n <= TUN_OFFSET_BYTES || err != nil {
+			tun.log.Errorln("Error reading TUN:", err)
+			ferr := tun.iface.Flush()
+			if ferr != nil {
+				tun.log.Errorln("Unable to flush packets:", ferr)
 			}
-		})
-	}
-	if written != n+TUN_OFFSET_BYTES {
-		// FIXME some platforms return the wrong number of bytes written, causing error spam
-		//w.tun.log.Errorln("TUN iface write mismatch:", written, "bytes written vs", n+TUN_OFFSET_BYTES, "bytes given")
+			return
+		}
+		begin := TUN_OFFSET_BYTES
+		end := begin + n
+		bs := buf[begin:end]
+		if _, err := tun.rwc.Write(bs); err != nil {
+			tun.log.Debugln("Unable to send packet:", err)
+		}
 	}
 }
 
-type tunReader struct {
-	phony.Inbox
-	tun *TunAdapter
-	buf [TUN_OFFSET_BYTES + 65536]byte
-}
-
-func (r *tunReader) _read() {
-	// Get a slice to store the packet in
-	// Wait for a packet to be delivered to us through the TUN adapter
-	n, err := r.tun.iface.Read(r.buf[:], TUN_OFFSET_BYTES)
-	if n <= TUN_OFFSET_BYTES || err != nil {
-		r.tun.log.Errorln("Error reading TUN:", err)
-		ferr := r.tun.iface.Flush()
-		if ferr != nil {
-			r.tun.log.Errorln("Unable to flush packets:", ferr)
-		}
-	} else {
-		bs := make([]byte, n, n+crypto.BoxOverhead) // extra capacity for later...
-		copy(bs, r.buf[TUN_OFFSET_BYTES:n+TUN_OFFSET_BYTES])
-		r.tun.handlePacketFrom(r, bs, err)
-	}
-	if err == nil {
-		// Now read again
-		r.Act(nil, r._read)
-	}
-}
-
-func (tun *TunAdapter) handlePacketFrom(from phony.Actor, packet []byte, err error) {
-	tun.Act(from, func() {
-		tun._handlePacket(packet, err)
-	})
-}
-
-// does the work of reading a packet and sending it to the correct tunConn
-func (tun *TunAdapter) _handlePacket(recvd []byte, err error) {
-	if err != nil {
-		tun.log.Errorln("TUN iface read error:", err)
-		return
-	}
-	// Offset the buffer from now on so that we can ignore ethernet frames if
-	// they are present
-	bs := recvd[:]
-	// Check if the packet is long enough to detect if it's an ICMP packet or not
-	if len(bs) < 7 {
-		tun.log.Traceln("TUN iface read undersized unknown packet, length:", len(bs))
-		return
-	}
-	// From the IP header, work out what our source and destination addresses
-	// and node IDs are. We will need these in order to work out where to send
-	// the packet
-	var dstAddr address.Address
-	var dstSnet address.Subnet
-	var addrlen int
-	n := len(bs)
-	// Check the IP protocol - if it doesn't match then we drop the packet and
-	// do nothing with it
-	if bs[0]&0xf0 == 0x60 {
-		// Check if we have a fully-sized IPv6 header
-		if len(bs) < 40 {
-			tun.log.Traceln("TUN iface read undersized ipv6 packet, length:", len(bs))
+func (tun *TunAdapter) write() {
+	var buf [TUN_OFFSET_BYTES + 65535]byte
+	for {
+		bs := buf[TUN_OFFSET_BYTES:]
+		n, err := tun.rwc.Read(bs)
+		if err != nil {
+			tun.log.Errorln("Exiting tun writer due to core read error:", err)
 			return
 		}
-		// Check the packet size
-		if n-tun_IPv6_HEADER_LENGTH != 256*int(bs[4])+int(bs[5]) {
-			return
+		if !tun.isEnabled {
+			continue // Nothing to do, the tun isn't enabled
 		}
-		// IPv6 address
-		addrlen = 16
-		copy(dstAddr[:addrlen], bs[24:])
-		copy(dstSnet[:addrlen/2], bs[24:])
-	} else if bs[0]&0xf0 == 0x40 {
-		// Check if we have a fully-sized IPv4 header
-		if len(bs) < 20 {
-			tun.log.Traceln("TUN iface read undersized ipv4 packet, length:", len(bs))
-			return
+		bs = buf[:TUN_OFFSET_BYTES+n]
+		if _, err = tun.iface.Write(bs, TUN_OFFSET_BYTES); err != nil {
+			tun.Act(nil, func() {
+				if !tun.isOpen {
+					tun.log.Errorln("TUN iface write error:", err)
+				}
+			})
 		}
-		// Check the packet size
-		if n != 256*int(bs[2])+int(bs[3]) {
-			return
-		}
-		// IPv4 address
-		addrlen = 4
-		copy(dstAddr[:addrlen], bs[16:])
-	} else {
-		// Unknown address length or protocol, so drop the packet and ignore it
-		tun.log.Traceln("Unknown packet type, dropping")
-		return
-	}
-	if tun.ckr.isEnabled() {
-		if addrlen != 16 || (!dstAddr.IsValid() && !dstSnet.IsValid()) {
-			if key, err := tun.ckr.getPublicKeyForAddress(dstAddr, addrlen); err == nil {
-				// A public key was found, get the node ID for the search
-				dstNodeID := crypto.GetNodeID(&key)
-				dstAddr = *address.AddrForNodeID(dstNodeID)
-				dstSnet = *address.SubnetForNodeID(dstNodeID)
-				addrlen = 16
-			}
-		}
-	}
-	if addrlen != 16 || (!dstAddr.IsValid() && !dstSnet.IsValid()) {
-		// Couldn't find this node's ygg IP
-		dlen := len(bs)
-		if dlen > 900 {
-			dlen = 900
-		}
-		ptb := &icmp.DstUnreach{
-			Data: bs[:dlen],
-		}
-		if packet, err := CreateICMPv6(bs[8:24], bs[24:40], ipv6.ICMPTypeDestinationUnreachable, 0, ptb); err == nil {
-			tun.writer.writeFrom(nil, packet)
-		}
-		return
-	}
-	// Do we have an active connection for this node address?
-	var dstString string
-	session, isIn := tun.addrToConn[dstAddr]
-	if !isIn || session == nil {
-		session, isIn = tun.subnetToConn[dstSnet]
-		if !isIn || session == nil {
-			// Neither an address nor a subnet mapping matched, therefore populate
-			// the node ID and mask to commence a search
-			if dstAddr.IsValid() {
-				dstString = dstAddr.GetNodeIDLengthString()
-			} else {
-				dstString = dstSnet.GetNodeIDLengthString()
-			}
-		}
-	}
-	// If we don't have a connection then we should open one
-	if !isIn || session == nil {
-		// Check we haven't been given empty node ID, really this shouldn't ever
-		// happen but just to be sure...
-		if dstString == "" {
-			panic("Given empty dstString - this shouldn't happen")
-		}
-		_, known := tun.dials[dstString]
-		tun.dials[dstString] = append(tun.dials[dstString], bs)
-		for len(tun.dials[dstString]) > 32 {
-			tun.dials[dstString] = tun.dials[dstString][1:]
-		}
-		if !known {
-			go func() {
-				conn, err := tun.dialer.Dial("nodeid", dstString)
-				tun.Act(nil, func() {
-					packets := tun.dials[dstString]
-					delete(tun.dials, dstString)
-					if err != nil {
-						return
-					}
-					// We've been given a connection so prepare the session wrapper
-					var tc *tunConn
-					if tc, err = tun._wrap(conn.(*yggdrasil.Conn)); err != nil {
-						// Something went wrong when storing the connection, typically that
-						// something already exists for this address or subnet
-						tun.log.Debugln("TUN iface wrap:", err)
-						return
-					}
-					for _, packet := range packets {
-						tc.writeFrom(nil, packet)
-					}
-				})
-			}()
-		}
-	}
-	// If we have a connection now, try writing to it
-	if isIn && session != nil {
-		session.writeFrom(tun, bs)
 	}
 }

src/tuntap/tun.go

@@ -9,7 +9,6 @@ package tuntap
 // TODO: Don't block in reader on writes that are pending searches
 
 import (
-	"encoding/hex"
 	"errors"
 	"fmt"
 	"net"
@@ -22,51 +21,33 @@ import (
 
 	"github.com/yggdrasil-network/yggdrasil-go/src/address"
 	"github.com/yggdrasil-network/yggdrasil-go/src/config"
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
 	"github.com/yggdrasil-network/yggdrasil-go/src/defaults"
-	"github.com/yggdrasil-network/yggdrasil-go/src/types"
-	"github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil"
+	"github.com/yggdrasil-network/yggdrasil-go/src/ipv6rwc"
 )
 
-type MTU = types.MTU
-
-const tun_IPv6_HEADER_LENGTH = 40
+type MTU uint16
 
 // TunAdapter represents a running TUN interface and extends the
 // yggdrasil.Adapter type. In order to use the TUN adapter with Yggdrasil, you
 // should pass this object to the yggdrasil.SetRouterAdapter() function before
 // calling yggdrasil.Start().
 type TunAdapter struct {
-	core        *yggdrasil.Core
-	writer      tunWriter
-	reader      tunReader
-	config      *config.NodeState
+	rwc         *ipv6rwc.ReadWriteCloser
+	config      *config.NodeConfig
 	log         *log.Logger
-	reconfigure chan chan error
-	listener    *yggdrasil.Listener
-	dialer      *yggdrasil.Dialer
 	addr        address.Address
 	subnet      address.Subnet
-	ckr         cryptokey
-	icmpv6      ICMPv6
-	mtu         MTU
+	mtu         uint64
 	iface       tun.Device
 	phony.Inbox // Currently only used for _handlePacket from the reader, TODO: all the stuff that currently needs a mutex below
 	//mutex        sync.RWMutex // Protects the below
-	addrToConn   map[address.Address]*tunConn
-	subnetToConn map[address.Subnet]*tunConn
-	dials        map[string][][]byte // Buffer of packets to send after dialing finishes
-	isOpen       bool
-}
-
-type TunOptions struct {
-	Listener *yggdrasil.Listener
-	Dialer   *yggdrasil.Dialer
+	isOpen    bool
+	isEnabled bool // Used by the writer to drop sessionTraffic if not enabled
 }
 
 // Gets the maximum supported MTU for the platform based on the defaults in
 // defaults.GetDefaults().
-func getSupportedMTU(mtu MTU) MTU {
+func getSupportedMTU(mtu uint64) uint64 {
 	if mtu < 1280 {
 		return 1280
 	}
@@ -88,7 +69,7 @@ func (tun *TunAdapter) Name() string {
 // MTU gets the adapter's MTU. This can range between 1280 and 65535, although
 // the maximum value is determined by your platform. The returned value will
 // never exceed that of MaximumMTU().
-func (tun *TunAdapter) MTU() MTU {
+func (tun *TunAdapter) MTU() uint64 {
 	return getSupportedMTU(tun.mtu)
 }
 
@@ -99,34 +80,23 @@ func DefaultName() string {
 
 // DefaultMTU gets the default TUN interface MTU for your platform. This can
 // be as high as MaximumMTU(), depending on platform, but is never lower than 1280.
-func DefaultMTU() MTU {
+func DefaultMTU() uint64 {
 	return defaults.GetDefaults().DefaultIfMTU
 }
 
 // MaximumMTU returns the maximum supported TUN interface MTU for your
 // platform. This can be as high as 65535, depending on platform, but is never
 // lower than 1280.
-func MaximumMTU() MTU {
+func MaximumMTU() uint64 {
 	return defaults.GetDefaults().MaximumIfMTU
 }
 
 // Init initialises the TUN module. You must have acquired a Listener from
 // the Yggdrasil core before this point and it must not be in use elsewhere.
-func (tun *TunAdapter) Init(core *yggdrasil.Core, config *config.NodeState, log *log.Logger, options interface{}) error {
-	tunoptions, ok := options.(TunOptions)
-	if !ok {
-		return fmt.Errorf("invalid options supplied to TunAdapter module")
-	}
-	tun.core = core
+func (tun *TunAdapter) Init(rwc *ipv6rwc.ReadWriteCloser, config *config.NodeConfig, log *log.Logger, options interface{}) error {
+	tun.rwc = rwc
 	tun.config = config
 	tun.log = log
-	tun.listener = tunoptions.Listener
-	tun.dialer = tunoptions.Dialer
-	tun.addrToConn = make(map[address.Address]*tunConn)
-	tun.subnetToConn = make(map[address.Subnet]*tunConn)
-	tun.dials = make(map[string][][]byte)
-	tun.writer.tun = tun
-	tun.reader.tun = tun
 	return nil
 }
 
@@ -144,35 +114,35 @@ func (tun *TunAdapter) _start() error {
 	if tun.isOpen {
 		return errors.New("TUN module is already started")
 	}
-	current := tun.config.GetCurrent()
-	if tun.config == nil || tun.listener == nil || tun.dialer == nil {
+	if tun.config == nil {
 		return errors.New("no configuration available to TUN")
 	}
-	var boxPub crypto.BoxPubKey
-	boxPubHex, err := hex.DecodeString(current.EncryptionPublicKey)
-	if err != nil {
-		return err
-	}
-	copy(boxPub[:], boxPubHex)
-	nodeID := crypto.GetNodeID(&boxPub)
-	tun.addr = *address.AddrForNodeID(nodeID)
-	tun.subnet = *address.SubnetForNodeID(nodeID)
+	tun.config.RLock()
+	defer tun.config.RUnlock()
+	tun.addr = tun.rwc.Address()
+	tun.subnet = tun.rwc.Subnet()
 	addr := fmt.Sprintf("%s/%d", net.IP(tun.addr[:]).String(), 8*len(address.GetPrefix())-1)
-	if current.IfName == "none" || current.IfName == "dummy" {
+	if tun.config.IfName == "none" || tun.config.IfName == "dummy" {
 		tun.log.Debugln("Not starting TUN as ifname is none or dummy")
+		tun.isEnabled = false
+		go tun.write()
 		return nil
 	}
-	if err := tun.setup(current.IfName, addr, current.IfMTU); err != nil {
+	mtu := tun.config.IfMTU
+	if tun.rwc.MaxMTU() < mtu {
+		mtu = tun.rwc.MaxMTU()
+	}
+	if err := tun.setup(tun.config.IfName, addr, mtu); err != nil {
 		return err
 	}
-	if tun.MTU() != current.IfMTU {
-		tun.log.Warnf("Warning: Interface MTU %d automatically adjusted to %d (supported range is 1280-%d)", current.IfMTU, tun.MTU(), MaximumMTU())
+	if tun.MTU() != mtu {
+		tun.log.Warnf("Warning: Interface MTU %d automatically adjusted to %d (supported range is 1280-%d)", tun.config.IfMTU, tun.MTU(), MaximumMTU())
 	}
-	tun.core.SetMaximumSessionMTU(tun.MTU())
+	tun.rwc.SetMTU(tun.MTU())
 	tun.isOpen = true
-	go tun.handler()
-	tun.reader.Act(nil, tun.reader._read) // Start the reader
-	tun.ckr.init(tun)
+	tun.isEnabled = true
+	go tun.read()
+	go tun.write()
 	return nil
 }
 
@@ -204,80 +174,3 @@ func (tun *TunAdapter) _stop() error {
 	}
 	return nil
 }
-
-// UpdateConfig updates the TUN module with the provided config.NodeConfig
-// and then signals the various module goroutines to reconfigure themselves if
-// needed.
-func (tun *TunAdapter) UpdateConfig(config *config.NodeConfig) {
-	tun.log.Debugln("Reloading TUN configuration...")
-
-	// Replace the active configuration with the supplied one
-	tun.config.Replace(*config)
-
-	// If the MTU has changed in the TUN module then this is where we would
-	// tell the router so that updated session pings can be sent. However, we
-	// don't currently update the MTU of the adapter once it has been created so
-	// this doesn't actually happen in the real world yet.
-	//   tun.core.SetMaximumSessionMTU(...)
-
-	// Notify children about the configuration change
-	tun.Act(nil, tun.ckr.configure)
-}
-
-func (tun *TunAdapter) handler() error {
-	for {
-		// Accept the incoming connection
-		conn, err := tun.listener.Accept()
-		if err != nil {
-			tun.log.Errorln("TUN connection accept error:", err)
-			return err
-		}
-		phony.Block(tun, func() {
-			if _, err := tun._wrap(conn.(*yggdrasil.Conn)); err != nil {
-				// Something went wrong when storing the connection, typically that
-				// something already exists for this address or subnet
-				tun.log.Debugln("TUN handler wrap:", err)
-			}
-		})
-	}
-}
-
-func (tun *TunAdapter) _wrap(conn *yggdrasil.Conn) (c *tunConn, err error) {
-	// Prepare a session wrapper for the given connection
-	s := tunConn{
-		tun:  tun,
-		conn: conn,
-		stop: make(chan struct{}),
-	}
-	c = &s
-	// Get the remote address and subnet of the other side
-	remotePubKey := conn.RemoteAddr().(*crypto.BoxPubKey)
-	remoteNodeID := crypto.GetNodeID(remotePubKey)
-	s.addr = *address.AddrForNodeID(remoteNodeID)
-	s.snet = *address.SubnetForNodeID(remoteNodeID)
-	// Work out if this is already a destination we already know about
-	atc, aok := tun.addrToConn[s.addr]
-	stc, sok := tun.subnetToConn[s.snet]
-	// If we know about a connection for this destination already then assume it
-	// is no longer valid and close it
-	if aok {
-		atc._close_from_tun()
-		err = errors.New("replaced connection for address")
-	} else if sok {
-		stc._close_from_tun()
-		err = errors.New("replaced connection for subnet")
-	}
-	// Save the session wrapper so that we can look it up quickly next time
-	// we receive a packet through the interface for this address
-	tun.addrToConn[s.addr] = &s
-	tun.subnetToConn[s.snet] = &s
-	// Set the read callback and start the timeout
-	conn.SetReadCallback(func(bs []byte) {
-		s.Act(conn, func() {
-			s._read(bs)
-		})
-	})
-	s.Act(nil, s.stillAlive)
-	// Return
-	return c, err
-}

src/tuntap/tun_bsd.go

@@ -1,3 +1,4 @@
+//go:build openbsd || freebsd
 // +build openbsd freebsd
 
 package tuntap
@@ -73,14 +74,14 @@ type in6_ifreq_lifetime struct {
 }
 
 // Configures the TUN adapter with the correct IPv6 address and MTU.
-func (tun *TunAdapter) setup(ifname string, addr string, mtu MTU) error {
+func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
 	iface, err := wgtun.CreateTUN(ifname, int(mtu))
 	if err != nil {
 		panic(err)
 	}
 	tun.iface = iface
 	if mtu, err := iface.MTU(); err == nil {
-		tun.mtu = getSupportedMTU(MTU(mtu))
+		tun.mtu = getSupportedMTU(uint64(mtu))
 	} else {
 		tun.mtu = 0
 	}

src/tuntap/tun_darwin.go

@@ -1,3 +1,4 @@
+//go:build !mobile
 // +build !mobile
 
 package tuntap
@@ -16,7 +17,7 @@ import (
 )
 
 // Configures the "utun" adapter with the correct IPv6 address and MTU.
-func (tun *TunAdapter) setup(ifname string, addr string, mtu MTU) error {
+func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
 	if ifname == "auto" {
 		ifname = "utun"
 	}
@@ -25,8 +26,8 @@ func (tun *TunAdapter) setup(ifname string, addr string, mtu MTU) error {
 		panic(err)
 	}
 	tun.iface = iface
-	if mtu, err := iface.MTU(); err == nil {
-		tun.mtu = getSupportedMTU(MTU(mtu))
+	if m, err := iface.MTU(); err == nil {
+		tun.mtu = getSupportedMTU(uint64(m))
 	} else {
 		tun.mtu = 0
 	}
@@ -40,26 +41,29 @@ const (
 	darwin_ND6_INFINITE_LIFETIME = 0xFFFFFFFF // netinet6/nd6.h
 )
 
+// nolint:structcheck
 type in6_addrlifetime struct {
-	ia6t_expire    float64
-	ia6t_preferred float64
+	ia6t_expire    float64 // nolint:unused
+	ia6t_preferred float64 // nolint:unused
 	ia6t_vltime    uint32
 	ia6t_pltime    uint32
 }
 
+// nolint:structcheck
 type sockaddr_in6 struct {
 	sin6_len      uint8
 	sin6_family   uint8
-	sin6_port     uint8
-	sin6_flowinfo uint32
+	sin6_port     uint8  // nolint:unused
+	sin6_flowinfo uint32 // nolint:unused
 	sin6_addr     [8]uint16
-	sin6_scope_id uint32
+	sin6_scope_id uint32 // nolint:unused
 }
 
+// nolint:structcheck
 type in6_aliasreq struct {
 	ifra_name       [16]byte
 	ifra_addr       sockaddr_in6
-	ifra_dstaddr    sockaddr_in6
+	ifra_dstaddr    sockaddr_in6 // nolint:unused
 	ifra_prefixmask sockaddr_in6
 	ifra_flags      uint32
 	ifra_lifetime   in6_addrlifetime
@@ -87,7 +91,7 @@ func (tun *TunAdapter) setupAddress(addr string) error {
 	ar.ifra_prefixmask.sin6_len = uint8(unsafe.Sizeof(ar.ifra_prefixmask))
 	b := make([]byte, 16)
 	binary.LittleEndian.PutUint16(b, uint16(0xFE00))
-	ar.ifra_prefixmask.sin6_addr[0] = uint16(binary.BigEndian.Uint16(b))
+	ar.ifra_prefixmask.sin6_addr[0] = binary.BigEndian.Uint16(b)
 
 	ar.ifra_addr.sin6_len = uint8(unsafe.Sizeof(ar.ifra_addr))
 	ar.ifra_addr.sin6_family = unix.AF_INET6
@@ -96,7 +100,7 @@ func (tun *TunAdapter) setupAddress(addr string) error {
 		addr, _ := strconv.ParseUint(parts[i], 16, 16)
 		b := make([]byte, 16)
 		binary.LittleEndian.PutUint16(b, uint16(addr))
-		ar.ifra_addr.sin6_addr[i] = uint16(binary.BigEndian.Uint16(b))
+		ar.ifra_addr.sin6_addr[i] = binary.BigEndian.Uint16(b)
 	}
 
 	ar.ifra_flags |= darwin_IN6_IFF_NODAD

src/tuntap/tun_linux.go

@@ -1,3 +1,4 @@
+//go:build !mobile
 // +build !mobile
 
 package tuntap
@@ -10,7 +11,7 @@ import (
 )
 
 // Configures the TUN adapter with the correct IPv6 address and MTU.
-func (tun *TunAdapter) setup(ifname string, addr string, mtu MTU) error {
+func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
 	if ifname == "auto" {
 		ifname = "\000"
 	}
@@ -20,7 +21,7 @@ func (tun *TunAdapter) setup(ifname string, addr string, mtu MTU) error {
 	}
 	tun.iface = iface
 	if mtu, err := iface.MTU(); err == nil {
-		tun.mtu = getSupportedMTU(MTU(mtu))
+		tun.mtu = getSupportedMTU(uint64(mtu))
 	} else {
 		tun.mtu = 0
 	}

src/tuntap/tun_other.go

@@ -1,3 +1,4 @@
+//go:build !linux && !darwin && !windows && !openbsd && !freebsd && !mobile
 // +build !linux,!darwin,!windows,!openbsd,!freebsd,!mobile
 
 package tuntap
@@ -10,14 +11,14 @@ import (
 )
 
 // Configures the TUN adapter with the correct IPv6 address and MTU.
-func (tun *TunAdapter) setup(ifname string, addr string, mtu int) error {
+func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
 	iface, err := wgtun.CreateTUN(ifname, mtu)
 	if err != nil {
 		panic(err)
 	}
 	tun.iface = iface
 	if mtu, err := iface.MTU(); err == nil {
-		tun.mtu = getSupportedMTU(mtu)
+		tun.mtu = getSupportedMTU(uint64(mtu))
 	} else {
 		tun.mtu = 0
 	}

src/tuntap/tun_windows.go

@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package tuntap
@@ -19,7 +20,7 @@ import (
 // This is to catch Windows platforms
 
 // Configures the TUN adapter with the correct IPv6 address and MTU.
-func (tun *TunAdapter) setup(ifname string, addr string, mtu MTU) error {
+func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
 	if ifname == "auto" {
 		ifname = defaults.GetDefaults().DefaultIfName
 	}
@@ -43,14 +44,14 @@ func (tun *TunAdapter) setup(ifname string, addr string, mtu MTU) error {
 			return err
 		}
 		if mtu, err := iface.MTU(); err == nil {
-			tun.mtu = MTU(mtu)
+			tun.mtu = uint64(mtu)
 		}
 		return nil
 	})
 }
 
 // Sets the MTU of the TAP adapter.
-func (tun *TunAdapter) setupMTU(mtu MTU) error {
+func (tun *TunAdapter) setupMTU(mtu uint64) error {
 	if tun.iface == nil || tun.Name() == "" {
 		return errors.New("Can't configure MTU as TUN adapter is not present")
 	}

src/types/types.go

@@ -1,3 +0,0 @@
-package types
-
-type MTU uint16

src/util/cancellation.go

@@ -1,103 +0,0 @@
-package util
-
-import (
-	"errors"
-	"runtime"
-	"sync"
-	"time"
-)
-
-// Cancellation is used to signal when things should shut down, such as signaling anything associated with a Conn to exit.
-// This is and is similar to a context, but with an error to specify the reason for the cancellation.
-type Cancellation interface {
-	Finished() <-chan struct{} // Finished returns a channel which will be closed when Cancellation.Cancel is first called.
-	Cancel(error) error        // Cancel closes the channel returned by Finished and sets the error returned by error, or else returns the existing error if the Cancellation has already run.
-	Error() error              // Error returns the error provided to Cancel, or nil if no error has been provided.
-}
-
-// CancellationFinalized is an error returned if a cancellation object was garbage collected and the finalizer was run.
-// If you ever see this, then you're probably doing something wrong with your code.
-var CancellationFinalized = errors.New("finalizer called")
-
-// CancellationTimeoutError is used when a CancellationWithTimeout or CancellationWithDeadline is cancelled due to said timeout.
-var CancellationTimeoutError = errors.New("timeout")
-
-// CancellationFinalizer is set as a finalizer when creating a new cancellation with NewCancellation(), and generally shouldn't be needed by the user, but is included in case other implementations of the same interface want to make use of it.
-func CancellationFinalizer(c Cancellation) {
-	c.Cancel(CancellationFinalized)
-}
-
-type cancellation struct {
-	cancel chan struct{}
-	mutex  sync.RWMutex
-	err    error
-	done   bool
-}
-
-// NewCancellation returns a pointer to a struct satisfying the Cancellation interface.
-func NewCancellation() Cancellation {
-	c := cancellation{
-		cancel: make(chan struct{}),
-	}
-	runtime.SetFinalizer(&c, CancellationFinalizer)
-	return &c
-}
-
-// Finished returns a channel which will be closed when Cancellation.Cancel is first called.
-func (c *cancellation) Finished() <-chan struct{} {
-	return c.cancel
-}
-
-// Cancel closes the channel returned by Finished and sets the error returned by error, or else returns the existing error if the Cancellation has already run.
-func (c *cancellation) Cancel(err error) error {
-	c.mutex.Lock()
-	defer c.mutex.Unlock()
-	if c.done {
-		return c.err
-	}
-	c.err = err
-	c.done = true
-	close(c.cancel)
-	return nil
-}
-
-// Error returns the error provided to Cancel, or nil if no error has been provided.
-func (c *cancellation) Error() error {
-	c.mutex.RLock()
-	err := c.err
-	c.mutex.RUnlock()
-	return err
-}
-
-// CancellationChild returns a new Cancellation which can be Cancelled independently of the parent, but which will also be Cancelled if the parent is Cancelled first.
-func CancellationChild(parent Cancellation) Cancellation {
-	child := NewCancellation()
-	go func() {
-		select {
-		case <-child.Finished():
-		case <-parent.Finished():
-			child.Cancel(parent.Error())
-		}
-	}()
-	return child
-}
-
-// CancellationWithTimeout returns a ChildCancellation that will automatically be Cancelled with a CancellationTimeoutError after the timeout.
-func CancellationWithTimeout(parent Cancellation, timeout time.Duration) Cancellation {
-	child := CancellationChild(parent)
-	go func() {
-		timer := time.NewTimer(timeout)
-		defer TimerStop(timer)
-		select {
-		case <-child.Finished():
-		case <-timer.C:
-			child.Cancel(CancellationTimeoutError)
-		}
-	}()
-	return child
-}
-
-// CancellationWithTimeout returns a ChildCancellation that will automatically be Cancelled with a CancellationTimeoutError after the specified deadline.
-func CancellationWithDeadline(parent Cancellation, deadline time.Time) Cancellation {
-	return CancellationWithTimeout(parent, deadline.Sub(time.Now()))
-}

src/util/util.go

@@ -5,35 +5,9 @@ package util
 // These are misc. utility functions that didn't really fit anywhere else
 
 import (
-	"runtime"
-	"strconv"
-	"strings"
 	"time"
 )
 
-// Yield just executes runtime.Gosched(), and is included so we don't need to explicitly import runtime elsewhere.
-func Yield() {
-	runtime.Gosched()
-}
-
-// LockThread executes runtime.LockOSThread(), and is included so we don't need to explicitly import runtime elsewhere.
-func LockThread() {
-	runtime.LockOSThread()
-}
-
-// UnlockThread executes runtime.UnlockOSThread(), and is included so we don't need to explicitly import runtime elsewhere.
-func UnlockThread() {
-	runtime.UnlockOSThread()
-}
-
-// ResizeBytes returns a slice of the specified length. If the provided slice has sufficient capacity, it will be resized and returned rather than allocating a new slice.
-func ResizeBytes(bs []byte, length int) []byte {
-	if cap(bs) >= length {
-		return bs[:length]
-	}
-	return make([]byte, length)
-}
-
 // TimerStop stops a timer and makes sure the channel is drained, returns true if the timer was stopped before firing.
 func TimerStop(t *time.Timer) bool {
 	stopped := t.Stop()
@@ -46,7 +20,7 @@ func TimerStop(t *time.Timer) bool {
 
 // FuncTimeout runs the provided function in a separate goroutine, and returns true if the function finishes executing before the timeout passes, or false if the timeout passes.
 // It includes no mechanism to stop the function if the timeout fires, so the user is expected to do so on their own (such as with a Cancellation or a context).
-func FuncTimeout(f func(), timeout time.Duration) bool {
+func FuncTimeout(timeout time.Duration, f func()) bool {
 	success := make(chan struct{})
 	go func() {
 		defer close(success)
@@ -61,70 +35,3 @@ func FuncTimeout(f func(), timeout time.Duration) bool {
 		return false
 	}
 }
-
-// Difference loops over two strings and returns the elements of A which do not appear in B.
-// This is somewhat useful when needing to determine which elements of a configuration file have changed.
-func Difference(a, b []string) []string {
-	ab := []string{}
-	mb := map[string]bool{}
-	for _, x := range b {
-		mb[x] = true
-	}
-	for _, x := range a {
-		if !mb[x] {
-			ab = append(ab, x)
-		}
-	}
-	return ab
-}
-
-// DecodeCoordString decodes a string representing coordinates in [1 2 3] format
-// and returns a []uint64.
-func DecodeCoordString(in string) (out []uint64) {
-	s := strings.Trim(in, "[]")
-	t := strings.Split(s, " ")
-	for _, a := range t {
-		if u, err := strconv.ParseUint(a, 0, 64); err == nil {
-			out = append(out, u)
-		}
-	}
-	return out
-}
-
-// GetFlowKey takes an IP packet as an argument and returns some information about the traffic flow.
-// For IPv4 packets, this is derived from the source and destination protocol and port numbers.
-// For IPv6 packets, this is derived from the FlowLabel field of the packet if this was set, otherwise it's handled like IPv4.
-// The FlowKey is then used internally by Yggdrasil for congestion control.
-func GetFlowKey(bs []byte) uint64 {
-	// Work out the flowkey - this is used to determine which switch queue
-	// traffic will be pushed to in the event of congestion
-	var flowkey uint64
-	// Get the IP protocol version from the packet
-	switch bs[0] & 0xf0 {
-	case 0x40: // IPv4 packet
-		ihl := (bs[0] & 0x0f) * 4 // whole IPv4 header length (min 20)
-		// 8 is minimum UDP packet length
-		if ihl >= 20 && len(bs)-int(ihl) >= 8 {
-			switch bs[9] /* protocol */ {
-			case 0x06 /* TCP */, 0x11 /* UDP */, 0x84 /* SCTP */ :
-				flowkey = uint64(bs[9])<<32 /* proto */ |
-					uint64(bs[ihl+0])<<24 | uint64(bs[ihl+1])<<16 /* sport */ |
-					uint64(bs[ihl+2])<<8 | uint64(bs[ihl+3]) /* dport */
-			}
-		}
-	case 0x60: // IPv6 packet
-		// Check if the flowlabel was specified in the packet header
-		flowkey = uint64(bs[1]&0x0f)<<16 | uint64(bs[2])<<8 | uint64(bs[3])
-		// If the flowlabel isn't present, make protokey from proto | sport | dport
-		// if the packet meets minimum UDP packet length
-		if flowkey == 0 && len(bs) >= 48 {
-			switch bs[9] /* protocol */ {
-			case 0x06 /* TCP */, 0x11 /* UDP */, 0x84 /* SCTP */ :
-				flowkey = uint64(bs[6])<<32 /* proto */ |
-					uint64(bs[40])<<24 | uint64(bs[41])<<16 /* sport */ |
-					uint64(bs[42])<<8 | uint64(bs[43]) /* dport */
-			}
-		}
-	}
-	return flowkey
-}

src/util/workerpool.go

@@ -1,29 +0,0 @@
-package util
-
-import "runtime"
-
-var workerPool chan func()
-
-func init() {
-	maxProcs := runtime.GOMAXPROCS(0)
-	if maxProcs < 1 {
-		maxProcs = 1
-	}
-	workerPool = make(chan func(), maxProcs)
-	for idx := 0; idx < maxProcs; idx++ {
-		go func() {
-			for f := range workerPool {
-				f()
-			}
-		}()
-	}
-}
-
-// WorkerGo submits a job to a pool of GOMAXPROCS worker goroutines.
-// This is meant for short non-blocking functions f() where you could just go f(),
-// but you want some kind of backpressure to prevent spawning endless goroutines.
-// WorkerGo returns as soon as the function is queued to run, not when it finishes.
-// In Yggdrasil, these workers are used for certain cryptographic operations.
-func WorkerGo(f func()) {
-	workerPool <- f
-}

src/yggdrasil/api.go

@@ -1,562 +0,0 @@
-package yggdrasil
-
-import (
-	"encoding/hex"
-	"errors"
-	"fmt"
-	"net"
-	"sort"
-	"time"
-
-	"github.com/gologme/log"
-	"github.com/yggdrasil-network/yggdrasil-go/src/address"
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
-
-	"github.com/Arceliar/phony"
-)
-
-// Peer represents a single peer object. This contains information from the
-// preferred switch port for this peer, although there may be more than one
-// active switch port connection to the peer in reality.
-//
-// This struct is informational only - you cannot manipulate peer connections
-// using instances of this struct. You should use the AddPeer or RemovePeer
-// functions instead.
-type Peer struct {
-	PublicKey  crypto.BoxPubKey // The public key of the remote node
-	Endpoint   string           // The connection string used to connect to the peer
-	BytesSent  uint64           // Number of bytes sent to this peer
-	BytesRecvd uint64           // Number of bytes received from this peer
-	Protocol   string           // The transport protocol that this peer is connected with, typically "tcp"
-	Port       uint64           // Switch port number for this peer connection
-	Uptime     time.Duration    // How long this peering has been active for
-}
-
-// SwitchPeer represents a switch connection to a peer. Note that there may be
-// multiple switch peers per actual peer, e.g. if there are multiple connections
-// to a given node.
-//
-// This struct is informational only - you cannot manipulate switch peer
-// connections using instances of this struct. You should use the AddPeer or
-// RemovePeer functions instead.
-type SwitchPeer struct {
-	PublicKey  crypto.BoxPubKey // The public key of the remote node
-	Coords     []uint64         // The coordinates of the remote node
-	BytesSent  uint64           // Number of bytes sent via this switch port
-	BytesRecvd uint64           // Number of bytes received via this switch port
-	Port       uint64           // Switch port number for this switch peer
-	Protocol   string           // The transport protocol that this switch port is connected with, typically "tcp"
-	Endpoint   string           // The connection string used to connect to the switch peer
-}
-
-// DHTEntry represents a single DHT entry that has been learned or cached from
-// DHT searches.
-type DHTEntry struct {
-	PublicKey crypto.BoxPubKey
-	Coords    []uint64
-	LastSeen  time.Duration
-}
-
-// DHTRes represents a DHT response, as returned by DHTPing.
-type DHTRes struct {
-	PublicKey crypto.BoxPubKey // key of the sender
-	Coords    []uint64         // coords of the sender
-	Dest      crypto.NodeID    // the destination node ID
-	Infos     []DHTEntry       // response
-}
-
-// NodeInfoPayload represents a RequestNodeInfo response, in bytes.
-type NodeInfoPayload []byte
-
-// SwitchQueues represents information from the switch related to link
-// congestion and a list of switch queues created in response to congestion on a
-// given link.
-type SwitchQueues struct {
-	Queues       []SwitchQueue // An array of SwitchQueue objects containing information about individual queues
-	Count        uint64        // The current number of active switch queues
-	Size         uint64        // The current total size of active switch queues
-	HighestCount uint64        // The highest recorded number of switch queues so far
-	HighestSize  uint64        // The highest recorded total size of switch queues so far
-	MaximumSize  uint64        // The maximum allowed total size of switch queues, as specified by config
-}
-
-// SwitchQueue represents a single switch queue. Switch queues are only created
-// in response to congestion on a given link and represent how much data has
-// been temporarily cached for sending once the congestion has cleared.
-type SwitchQueue struct {
-	ID      string // The ID of the switch queue
-	Size    uint64 // The total size, in bytes, of the queue
-	Packets uint64 // The number of packets in the queue
-	Port    uint64 // The switch port to which the queue applies
-}
-
-// Session represents an open session with another node. Sessions are opened in
-// response to traffic being exchanged between two nodes using Conn objects.
-// Note that sessions will automatically be closed by Yggdrasil if no traffic is
-// exchanged for around two minutes.
-type Session struct {
-	PublicKey   crypto.BoxPubKey // The public key of the remote node
-	Coords      []uint64         // The coordinates of the remote node
-	BytesSent   uint64           // Bytes sent to the session
-	BytesRecvd  uint64           // Bytes received from the session
-	MTU         MTU              // The maximum supported message size of the session
-	Uptime      time.Duration    // How long this session has been active for
-	WasMTUFixed bool             // This field is no longer used
-}
-
-// GetPeers returns one or more Peer objects containing information about active
-// peerings with other Yggdrasil nodes, where one of the responses always
-// includes information about the current node (with a port number of 0). If
-// there is exactly one entry then this node is not connected to any other nodes
-// and is therefore isolated.
-func (c *Core) GetPeers() []Peer {
-	var ports map[switchPort]*peer
-	phony.Block(&c.peers, func() { ports = c.peers.ports })
-	var peers []Peer
-	var ps []switchPort
-	for port := range ports {
-		ps = append(ps, port)
-	}
-	sort.Slice(ps, func(i, j int) bool { return ps[i] < ps[j] })
-	for _, port := range ps {
-		p := ports[port]
-		var info Peer
-		phony.Block(p, func() {
-			info = Peer{
-				Endpoint:   p.intf.name(),
-				BytesSent:  p.bytesSent,
-				BytesRecvd: p.bytesRecvd,
-				Protocol:   p.intf.interfaceType(),
-				Port:       uint64(port),
-				Uptime:     time.Since(p.firstSeen),
-			}
-			copy(info.PublicKey[:], p.box[:])
-		})
-		peers = append(peers, info)
-	}
-	return peers
-}
-
-// GetSwitchPeers returns zero or more SwitchPeer objects containing information
-// about switch port connections with other Yggdrasil nodes. Note that, unlike
-// GetPeers, GetSwitchPeers does not include information about the current node,
-// therefore it is possible for this to return zero elements if the node is
-// isolated or not connected to any peers.
-func (c *Core) GetSwitchPeers() []SwitchPeer {
-	var switchpeers []SwitchPeer
-	var table *lookupTable
-	var ports map[switchPort]*peer
-	phony.Block(&c.peers, func() {
-		table = c.peers.table
-		ports = c.peers.ports
-	})
-	for _, elem := range table.elems {
-		peer, isIn := ports[elem.port]
-		if !isIn {
-			continue
-		}
-		coords := elem.locator.getCoords()
-		var info SwitchPeer
-		phony.Block(peer, func() {
-			info = SwitchPeer{
-				Coords:     append([]uint64{}, wire_coordsBytestoUint64s(coords)...),
-				BytesSent:  peer.bytesSent,
-				BytesRecvd: peer.bytesRecvd,
-				Port:       uint64(elem.port),
-				Protocol:   peer.intf.interfaceType(),
-				Endpoint:   peer.intf.remote(),
-			}
-			copy(info.PublicKey[:], peer.box[:])
-		})
-		switchpeers = append(switchpeers, info)
-	}
-	return switchpeers
-}
-
-// GetDHT returns zero or more entries as stored in the DHT, cached primarily
-// from searches that have already taken place.
-func (c *Core) GetDHT() []DHTEntry {
-	var dhtentries []DHTEntry
-	getDHT := func() {
-		now := time.Now()
-		var dhtentry []*dhtInfo
-		for _, v := range c.router.dht.table {
-			dhtentry = append(dhtentry, v)
-		}
-		sort.SliceStable(dhtentry, func(i, j int) bool {
-			return dht_ordered(&c.router.dht.nodeID, dhtentry[i].getNodeID(), dhtentry[j].getNodeID())
-		})
-		for _, v := range dhtentry {
-			info := DHTEntry{
-				Coords:   append([]uint64{}, wire_coordsBytestoUint64s(v.coords)...),
-				LastSeen: now.Sub(v.recv),
-			}
-			copy(info.PublicKey[:], v.key[:])
-			dhtentries = append(dhtentries, info)
-		}
-	}
-	phony.Block(&c.router, getDHT)
-	return dhtentries
-}
-
-// GetSessions returns a list of open sessions from this node to other nodes.
-func (c *Core) GetSessions() []Session {
-	var sessions []Session
-	getSessions := func() {
-		for _, sinfo := range c.router.sessions.sinfos {
-			var session Session
-			workerFunc := func() {
-				session = Session{
-					Coords:      append([]uint64{}, wire_coordsBytestoUint64s(sinfo.coords)...),
-					MTU:         sinfo._getMTU(),
-					BytesSent:   sinfo.bytesSent,
-					BytesRecvd:  sinfo.bytesRecvd,
-					Uptime:      time.Now().Sub(sinfo.timeOpened),
-					WasMTUFixed: sinfo.wasMTUFixed,
-				}
-				copy(session.PublicKey[:], sinfo.theirPermPub[:])
-			}
-			phony.Block(sinfo, workerFunc)
-			// TODO? skipped known but timed out sessions?
-			sessions = append(sessions, session)
-		}
-	}
-	phony.Block(&c.router, getSessions)
-	return sessions
-}
-
-// ConnListen returns a listener for Yggdrasil session connections. You can only
-// call this function once as each Yggdrasil node can only have a single
-// ConnListener. Make sure to keep the reference to this for as long as it is
-// needed.
-func (c *Core) ConnListen() (*Listener, error) {
-	c.router.sessions.listenerMutex.Lock()
-	defer c.router.sessions.listenerMutex.Unlock()
-	if c.router.sessions.listener != nil {
-		return nil, errors.New("a listener already exists")
-	}
-	c.router.sessions.listener = &Listener{
-		core:  c,
-		conn:  make(chan *Conn),
-		close: make(chan interface{}),
-	}
-	return c.router.sessions.listener, nil
-}
-
-// ConnDialer returns a dialer for Yggdrasil session connections. Since
-// ConnDialers are stateless, you can request as many dialers as you like,
-// although ideally you should request only one and keep the reference to it for
-// as long as it is needed.
-func (c *Core) ConnDialer() (*Dialer, error) {
-	return &Dialer{
-		core: c,
-	}, nil
-}
-
-// ListenTCP starts a new TCP listener. The input URI should match that of the
-// "Listen" configuration item, e.g.
-// 		tcp://a.b.c.d:e
-func (c *Core) ListenTCP(uri string) (*TcpListener, error) {
-	return c.links.tcp.listen(uri, nil)
-}
-
-// ListenTLS starts a new TLS listener. The input URI should match that of the
-// "Listen" configuration item, e.g.
-// 		tls://a.b.c.d:e
-func (c *Core) ListenTLS(uri string) (*TcpListener, error) {
-	return c.links.tcp.listen(uri, c.links.tcp.tls.forListener)
-}
-
-// NodeID gets the node ID. This is derived from your router encryption keys.
-// Remote nodes wanting to open connections to your node will need to know your
-// node ID.
-func (c *Core) NodeID() *crypto.NodeID {
-	return crypto.GetNodeID(&c.boxPub)
-}
-
-// TreeID gets the tree ID. This is derived from your switch signing keys. There
-// is typically no need to share this key.
-func (c *Core) TreeID() *crypto.TreeID {
-	return crypto.GetTreeID(&c.sigPub)
-}
-
-// SigningPublicKey gets the node's signing public key, as used by the switch.
-func (c *Core) SigningPublicKey() string {
-	return hex.EncodeToString(c.sigPub[:])
-}
-
-// EncryptionPublicKey gets the node's encryption public key, as used by the
-// router.
-func (c *Core) EncryptionPublicKey() string {
-	return hex.EncodeToString(c.boxPub[:])
-}
-
-// Coords returns the current coordinates of the node. Note that these can
-// change at any time for a number of reasons, not limited to but including
-// changes to peerings (either yours or a parent nodes) or changes to the network
-// root.
-//
-// This function may return an empty array - this is normal behaviour if either
-// you are the root of the network that you are connected to, or you are not
-// connected to any other nodes (effectively making you the root of a
-// single-node network).
-func (c *Core) Coords() []uint64 {
-	var coords []byte
-	phony.Block(&c.router, func() {
-		coords = c.router.table.self.getCoords()
-	})
-	return wire_coordsBytestoUint64s(coords)
-}
-
-// Address gets the IPv6 address of the Yggdrasil node. This is always a /128
-// address. The IPv6 address is only relevant when the node is operating as an
-// IP router and often is meaningless when embedded into an application, unless
-// that application also implements either VPN functionality or deals with IP
-// packets specifically.
-func (c *Core) Address() net.IP {
-	address := net.IP(address.AddrForNodeID(c.NodeID())[:])
-	return address
-}
-
-// Subnet gets the routed IPv6 subnet of the Yggdrasil node. This is always a
-// /64 subnet. The IPv6 subnet is only relevant when the node is operating as an
-// IP router and often is meaningless when embedded into an application, unless
-// that application also implements either VPN functionality or deals with IP
-// packets specifically.
-func (c *Core) Subnet() net.IPNet {
-	subnet := address.SubnetForNodeID(c.NodeID())[:]
-	subnet = append(subnet, 0, 0, 0, 0, 0, 0, 0, 0)
-	return net.IPNet{IP: subnet, Mask: net.CIDRMask(64, 128)}
-}
-
-// MyNodeInfo gets the currently configured nodeinfo. NodeInfo is typically
-// specified through the "NodeInfo" option in the node configuration or using
-// the SetNodeInfo function, although it may also contain other built-in values
-// such as "buildname", "buildversion" etc.
-func (c *Core) MyNodeInfo() NodeInfoPayload {
-	return c.router.nodeinfo.getNodeInfo()
-}
-
-// SetNodeInfo sets the local nodeinfo. Note that nodeinfo can be any value or
-// struct, it will be serialised into JSON automatically.
-func (c *Core) SetNodeInfo(nodeinfo interface{}, nodeinfoprivacy bool) {
-	c.router.nodeinfo.setNodeInfo(nodeinfo, nodeinfoprivacy)
-}
-
-// GetMaximumSessionMTU returns the maximum allowed session MTU size.
-func (c *Core) GetMaximumSessionMTU() MTU {
-	var mtu MTU
-	phony.Block(&c.router, func() {
-		mtu = c.router.sessions.myMaximumMTU
-	})
-	return mtu
-}
-
-// SetMaximumSessionMTU sets the maximum allowed session MTU size. The default
-// value is 65535 bytes. Session pings will be sent to update all open sessions
-// if the MTU has changed.
-func (c *Core) SetMaximumSessionMTU(mtu MTU) {
-	phony.Block(&c.router, func() {
-		if c.router.sessions.myMaximumMTU != mtu {
-			c.router.sessions.myMaximumMTU = mtu
-			c.router.sessions.reconfigure()
-		}
-	})
-}
-
-// GetNodeInfo requests nodeinfo from a remote node, as specified by the public
-// key and coordinates specified. The third parameter specifies whether a cached
-// result is acceptable - this results in less traffic being generated than is
-// necessary when, e.g. crawling the network.
-func (c *Core) GetNodeInfo(key crypto.BoxPubKey, coords []uint64, nocache bool) (NodeInfoPayload, error) {
-	response := make(chan *NodeInfoPayload, 1)
-	c.router.nodeinfo.addCallback(key, func(nodeinfo *NodeInfoPayload) {
-		defer func() { recover() }()
-		select {
-		case response <- nodeinfo:
-		default:
-		}
-	})
-	c.router.nodeinfo.sendNodeInfo(key, wire_coordsUint64stoBytes(coords), false)
-	phony.Block(&c.router.nodeinfo, func() {}) // Wait for sendNodeInfo before starting timer
-	timer := time.AfterFunc(6*time.Second, func() { close(response) })
-	defer timer.Stop()
-	for res := range response {
-		return *res, nil
-	}
-	return NodeInfoPayload{}, fmt.Errorf("getNodeInfo timeout: %s", hex.EncodeToString(key[:]))
-}
-
-// SetSessionGatekeeper allows you to configure a handler function for deciding
-// whether a session should be allowed or not. The default session firewall is
-// implemented in this way. The function receives the public key of the remote
-// side and a boolean which is true if we initiated the session or false if we
-// received an incoming session request. The function should return true to
-// allow the session or false to reject it.
-func (c *Core) SetSessionGatekeeper(f func(pubkey *crypto.BoxPubKey, initiator bool) bool) {
-	c.router.sessions.isAllowedMutex.Lock()
-	defer c.router.sessions.isAllowedMutex.Unlock()
-
-	c.router.sessions.isAllowedHandler = f
-}
-
-// SetLogger sets the output logger of the Yggdrasil node after startup. This
-// may be useful if you want to redirect the output later. Note that this
-// expects a Logger from the github.com/gologme/log package and not from Go's
-// built-in log package.
-func (c *Core) SetLogger(log *log.Logger) {
-	c.log = log
-}
-
-// AddPeer adds a peer. This should be specified in the peer URI format, e.g.:
-// 		tcp://a.b.c.d:e
-//		socks://a.b.c.d:e/f.g.h.i:j
-// This adds the peer to the peer list, so that they will be called again if the
-// connection drops.
-func (c *Core) AddPeer(addr string, sintf string) error {
-	if err := c.CallPeer(addr, sintf); err != nil {
-		// TODO: We maybe want this to write the peer to the persistent
-		// configuration even if a connection attempt fails, but first we'll need to
-		// move the code to check the peer URI so that we don't deliberately save a
-		// peer with a known bad URI. Loading peers from config should really do the
-		// same thing too but I don't think that happens today
-		return err
-	}
-	c.config.Mutex.Lock()
-	defer c.config.Mutex.Unlock()
-	if sintf == "" {
-		for _, peer := range c.config.Current.Peers {
-			if peer == addr {
-				return errors.New("peer already added")
-			}
-		}
-		c.config.Current.Peers = append(c.config.Current.Peers, addr)
-	} else {
-		if _, ok := c.config.Current.InterfacePeers[sintf]; ok {
-			for _, peer := range c.config.Current.InterfacePeers[sintf] {
-				if peer == addr {
-					return errors.New("peer already added")
-				}
-			}
-		}
-		if _, ok := c.config.Current.InterfacePeers[sintf]; !ok {
-			c.config.Current.InterfacePeers[sintf] = []string{addr}
-		} else {
-			c.config.Current.InterfacePeers[sintf] = append(c.config.Current.InterfacePeers[sintf], addr)
-		}
-	}
-	return nil
-}
-
-func (c *Core) RemovePeer(addr string, sintf string) error {
-	if sintf == "" {
-		for i, peer := range c.config.Current.Peers {
-			if peer == addr {
-				c.config.Current.Peers = append(c.config.Current.Peers[:i], c.config.Current.Peers[i+1:]...)
-				break
-			}
-		}
-	} else if _, ok := c.config.Current.InterfacePeers[sintf]; ok {
-		for i, peer := range c.config.Current.InterfacePeers[sintf] {
-			if peer == addr {
-				c.config.Current.InterfacePeers[sintf] = append(c.config.Current.InterfacePeers[sintf][:i], c.config.Current.InterfacePeers[sintf][i+1:]...)
-				break
-			}
-		}
-	}
-
-	c.peers.Act(nil, func() {
-		ports := c.peers.ports
-		for _, peer := range ports {
-			if addr == peer.intf.name() {
-				c.peers._removePeer(peer)
-			}
-		}
-	})
-
-	return nil
-}
-
-// CallPeer calls a peer once. This should be specified in the peer URI format,
-// e.g.:
-// 		tcp://a.b.c.d:e
-//		socks://a.b.c.d:e/f.g.h.i:j
-// This does not add the peer to the peer list, so if the connection drops, the
-// peer will not be called again automatically.
-func (c *Core) CallPeer(addr string, sintf string) error {
-	return c.links.call(addr, sintf)
-}
-
-// DisconnectPeer disconnects a peer once. This should be specified as a port
-// number.
-func (c *Core) DisconnectPeer(port uint64) error {
-	c.peers.Act(nil, func() {
-		if p, isIn := c.peers.ports[switchPort(port)]; isIn {
-			p.Act(&c.peers, p._removeSelf)
-		}
-	})
-	return nil
-}
-
-// GetAllowedEncryptionPublicKeys returns the public keys permitted for incoming
-// peer connections. If this list is empty then all incoming peer connections
-// are accepted by default.
-func (c *Core) GetAllowedEncryptionPublicKeys() []string {
-	return c.peers.getAllowedEncryptionPublicKeys()
-}
-
-// AddAllowedEncryptionPublicKey whitelists a key for incoming peer connections.
-// By default all incoming peer connections are accepted, but adding public keys
-// to the whitelist using this function enables strict checking from that point
-// forward. Once the whitelist is enabled, only peer connections from
-// whitelisted public keys will be accepted.
-func (c *Core) AddAllowedEncryptionPublicKey(bstr string) (err error) {
-	c.peers.addAllowedEncryptionPublicKey(bstr)
-	return nil
-}
-
-// RemoveAllowedEncryptionPublicKey removes a key from the whitelist for
-// incoming peer connections. If none are set, an empty list permits all
-// incoming connections.
-func (c *Core) RemoveAllowedEncryptionPublicKey(bstr string) (err error) {
-	c.peers.removeAllowedEncryptionPublicKey(bstr)
-	return nil
-}
-
-// DHTPing sends a DHT ping to the node with the provided key and coords,
-// optionally looking up the specified target NodeID.
-func (c *Core) DHTPing(key crypto.BoxPubKey, coords []uint64, target *crypto.NodeID) (DHTRes, error) {
-	resCh := make(chan *dhtRes, 1)
-	info := dhtInfo{
-		key:    key,
-		coords: wire_coordsUint64stoBytes(coords),
-	}
-	if target == nil {
-		target = info.getNodeID()
-	}
-	rq := dhtReqKey{info.key, *target}
-	sendPing := func() {
-		c.router.dht.addCallback(&rq, func(res *dhtRes) {
-			resCh <- res
-		})
-		c.router.dht.ping(&info, &rq.dest)
-	}
-	phony.Block(&c.router, sendPing)
-	// TODO: do something better than the below...
-	res := <-resCh
-	if res != nil {
-		r := DHTRes{
-			Coords: append([]uint64{}, wire_coordsBytestoUint64s(res.Coords)...),
-		}
-		copy(r.PublicKey[:], res.Key[:])
-		for _, i := range res.Infos {
-			e := DHTEntry{
-				Coords: append([]uint64{}, wire_coordsBytestoUint64s(i.coords)...),
-			}
-			copy(e.PublicKey[:], i.key[:])
-			r.Infos = append(r.Infos, e)
-		}
-		return r, nil
-	}
-	return DHTRes{}, fmt.Errorf("DHT ping timeout: %s", hex.EncodeToString(key[:]))
-}

src/yggdrasil/conn.go

@@ -1,397 +0,0 @@
-package yggdrasil
-
-import (
-	"errors"
-	"fmt"
-	"net"
-	"time"
-
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
-	"github.com/yggdrasil-network/yggdrasil-go/src/types"
-	"github.com/yggdrasil-network/yggdrasil-go/src/util"
-
-	"github.com/Arceliar/phony"
-)
-
-type MTU = types.MTU
-
-// ConnError implements the net.Error interface
-type ConnError struct {
-	error
-	timeout   bool
-	temporary bool
-	closed    bool
-	maxsize   int
-}
-
-// Timeout returns true if the error relates to a timeout condition on the
-// connection.
-func (e *ConnError) Timeout() bool {
-	return e.timeout
-}
-
-// Temporary return true if the error is temporary or false if it is a permanent
-// error condition.
-func (e *ConnError) Temporary() bool {
-	return e.temporary
-}
-
-// PacketTooBig returns in response to sending a packet that is too large, and
-// if so, the maximum supported packet size that should be used for the
-// connection.
-func (e *ConnError) PacketTooBig() bool {
-	return e.maxsize > 0
-}
-
-// PacketMaximumSize returns the maximum supported packet size. This will only
-// return a non-zero value if ConnError.PacketTooBig() returns true.
-func (e *ConnError) PacketMaximumSize() int {
-	if !e.PacketTooBig() {
-		return 0
-	}
-	return e.maxsize
-}
-
-// Closed returns if the session is already closed and is now unusable.
-func (e *ConnError) Closed() bool {
-	return e.closed
-}
-
-// The Conn struct is a reference to an active connection session between the
-// local node and a remote node. Conn implements the io.ReadWriteCloser
-// interface and is used to send and receive traffic with a remote node.
-type Conn struct {
-	phony.Inbox
-	core          *Core
-	readDeadline  *time.Time
-	writeDeadline *time.Time
-	nodeID        *crypto.NodeID
-	nodeMask      *crypto.NodeID
-	session       *sessionInfo
-	mtu           MTU
-	readCallback  func([]byte)
-	readBuffer    chan []byte
-}
-
-// TODO func NewConn() that initializes additional fields as needed
-func newConn(core *Core, nodeID *crypto.NodeID, nodeMask *crypto.NodeID, session *sessionInfo) *Conn {
-	conn := Conn{
-		core:       core,
-		nodeID:     nodeID,
-		nodeMask:   nodeMask,
-		session:    session,
-		readBuffer: make(chan []byte, 1024),
-	}
-	return &conn
-}
-
-// String returns a string that uniquely identifies a connection. Currently this
-// takes a form similar to "conn=0x0000000", which contains a memory reference
-// to the Conn object. While this value should always be unique for each Conn
-// object, the format of this is not strictly defined and may change in the
-// future.
-func (c *Conn) String() string {
-	var s string
-	phony.Block(c, func() { s = fmt.Sprintf("conn=%p", c) })
-	return s
-}
-
-func (c *Conn) setMTU(from phony.Actor, mtu MTU) {
-	c.Act(from, func() { c.mtu = mtu })
-}
-
-// This should never be called from an actor, used in the dial functions
-func (c *Conn) search() error {
-	var err error
-	done := make(chan struct{})
-	phony.Block(&c.core.router, func() {
-		_, isIn := c.core.router.searches.searches[*c.nodeID]
-		if !isIn {
-			searchCompleted := func(sinfo *sessionInfo, e error) {
-				select {
-				case <-done:
-					// Somehow this was called multiple times, TODO don't let that happen
-					if sinfo != nil {
-						// Need to clean up to avoid a session leak
-						sinfo.cancel.Cancel(nil)
-						sinfo.sessions.removeSession(sinfo)
-					}
-				default:
-					if sinfo != nil {
-						// Finish initializing the session
-						c.session = sinfo
-						c.session.setConn(nil, c)
-						c.nodeID = crypto.GetNodeID(&c.session.theirPermPub)
-						for i := range c.nodeMask {
-							c.nodeMask[i] = 0xFF
-						}
-					}
-					err = e
-					close(done)
-				}
-			}
-			sinfo := c.core.router.searches.newIterSearch(c.nodeID, c.nodeMask, searchCompleted)
-			sinfo.startSearch()
-		} else {
-			err = errors.New("search already exists")
-			close(done)
-		}
-	})
-	<-done
-	if c.session == nil && err == nil {
-		panic("search failed but returned no error")
-	}
-	return err
-}
-
-// Used in session keep-alive traffic
-func (c *Conn) _doSearch() {
-	s := fmt.Sprintf("conn=%p", c)
-	routerWork := func() {
-		// Check to see if there is a search already matching the destination
-		sinfo, isIn := c.core.router.searches.searches[*c.nodeID]
-		if !isIn {
-			// Nothing was found, so create a new search
-			searchCompleted := func(sinfo *sessionInfo, e error) {}
-			sinfo = c.core.router.searches.newIterSearch(c.nodeID, c.nodeMask, searchCompleted)
-			c.core.log.Debugf("%s DHT search started: %p", s, sinfo)
-			// Start the search
-			sinfo.startSearch()
-		}
-	}
-	c.core.router.Act(c.session, routerWork)
-}
-
-func (c *Conn) _getDeadlineCancellation(t *time.Time) (util.Cancellation, bool) {
-	if t != nil {
-		// A deadline is set, so return a Cancellation that uses it
-		c := util.CancellationWithDeadline(c.session.cancel, *t)
-		return c, true
-	}
-	// No deadline was set, so just return the existing cancellation and a dummy value
-	return c.session.cancel, false
-}
-
-// SetReadCallback allows you to specify a function that will be called whenever
-// a packet is received. This should be used if you wish to implement
-// asynchronous patterns for receiving data from the remote node.
-//
-// Note that if a read callback has been supplied, you should no longer attempt
-// to use the synchronous Read function.
-func (c *Conn) SetReadCallback(callback func([]byte)) {
-	c.Act(nil, func() {
-		c.readCallback = callback
-		c._drainReadBuffer()
-	})
-}
-
-func (c *Conn) _drainReadBuffer() {
-	if c.readCallback == nil {
-		return
-	}
-	select {
-	case bs := <-c.readBuffer:
-		c.readCallback(bs)
-		c.Act(nil, c._drainReadBuffer) // In case there's more
-	default:
-	}
-}
-
-// Called by the session to pass a new message to the Conn
-func (c *Conn) recvMsg(from phony.Actor, msg []byte) {
-	c.Act(from, func() {
-		if c.readCallback != nil {
-			c.readCallback(msg)
-		} else {
-			select {
-			case c.readBuffer <- msg:
-			default:
-			}
-		}
-	})
-}
-
-// Used internally by Read, the caller is responsible for util.PutBytes when they're done.
-func (c *Conn) readNoCopy() ([]byte, error) {
-	var cancel util.Cancellation
-	var doCancel bool
-	phony.Block(c, func() { cancel, doCancel = c._getDeadlineCancellation(c.readDeadline) })
-	if doCancel {
-		defer cancel.Cancel(nil)
-	}
-	// Wait for some traffic to come through from the session
-	select {
-	case <-cancel.Finished():
-		if cancel.Error() == util.CancellationTimeoutError {
-			return nil, ConnError{errors.New("read timeout"), true, false, false, 0}
-		}
-		return nil, ConnError{errors.New("session closed"), false, false, true, 0}
-	case bs := <-c.readBuffer:
-		return bs, nil
-	}
-}
-
-// Read allows you to read from the connection in a synchronous fashion. The
-// function will block up until the point that either new data is available, the
-// connection has been closed or the read deadline has been reached. If the
-// function succeeds, the number of bytes read from the connection will be
-// returned. Otherwise, an error condition will be returned.
-//
-// Note that you can also implement asynchronous reads by using SetReadCallback.
-// If you do that, you should no longer attempt to use the Read function.
-func (c *Conn) Read(b []byte) (int, error) {
-	bs, err := c.readNoCopy()
-	if err != nil {
-		return 0, err
-	}
-	n := len(bs)
-	if len(bs) > len(b) {
-		n = len(b)
-		err = ConnError{errors.New("read buffer too small for entire packet"), false, true, false, 0}
-	}
-	// Copy results to the output slice and clean up
-	copy(b, bs)
-	// Return the number of bytes copied to the slice, along with any error
-	return n, err
-}
-
-func (c *Conn) _write(msg FlowKeyMessage) error {
-	if len(msg.Message) > int(c.mtu) {
-		return ConnError{errors.New("packet too big"), true, false, false, int(c.mtu)}
-	}
-	c.session.Act(c, func() {
-		// Send the packet
-		c.session._send(msg)
-		// Session keep-alive, while we wait for the crypto workers from send
-		switch {
-		case time.Since(c.session.time) > 6*time.Second:
-			if c.session.time.Before(c.session.pingTime) && time.Since(c.session.pingTime) > 6*time.Second {
-				// TODO double check that the above condition is correct
-				c._doSearch()
-			} else {
-				c.session.ping(c.session) // TODO send from self if this becomes an actor
-			}
-		case c.session.reset && c.session.pingTime.Before(c.session.time):
-			c.session.ping(c.session) // TODO send from self if this becomes an actor
-		default: // Don't do anything, to keep traffic throttled
-		}
-	})
-	return nil
-}
-
-// WriteFrom should be called by a phony.Actor, and tells the Conn to send a
-// message. This is used internally by Write. If the callback is called with a
-// non-nil value, then it is safe to reuse the argument FlowKeyMessage.
-func (c *Conn) WriteFrom(from phony.Actor, msg FlowKeyMessage, callback func(error)) {
-	c.Act(from, func() {
-		callback(c._write(msg))
-	})
-}
-
-// writeNoCopy is used internally by Write and makes use of WriteFrom under the hood.
-// The caller must not reuse the argument FlowKeyMessage when a nil error is returned.
-func (c *Conn) writeNoCopy(msg FlowKeyMessage) error {
-	var cancel util.Cancellation
-	var doCancel bool
-	phony.Block(c, func() { cancel, doCancel = c._getDeadlineCancellation(c.writeDeadline) })
-	if doCancel {
-		defer cancel.Cancel(nil)
-	}
-	var err error
-	select {
-	case <-cancel.Finished():
-		if cancel.Error() == util.CancellationTimeoutError {
-			err = ConnError{errors.New("write timeout"), true, false, false, 0}
-		} else {
-			err = ConnError{errors.New("session closed"), false, false, true, 0}
-		}
-	default:
-		done := make(chan struct{})
-		callback := func(e error) { err = e; close(done) }
-		c.WriteFrom(nil, msg, callback)
-		<-done
-	}
-	return err
-}
-
-// Write allows you to write to the connection in a synchronous fashion. This
-// function may block until either the write has completed, the connection has
-// been closed or the write deadline has been reached. If the function succeeds,
-// the number of written bytes is returned. Otherwise, an error condition is
-// returned.
-func (c *Conn) Write(b []byte) (int, error) {
-	written := len(b)
-	bs := make([]byte, 0, len(b)+crypto.BoxOverhead)
-	bs = append(bs, b...)
-	msg := FlowKeyMessage{Message: bs}
-	err := c.writeNoCopy(msg)
-	if err != nil {
-		written = 0
-	}
-	return written, err
-}
-
-// Close will close an open connection and any blocking operations on the
-// connection will unblock and return. From this point forward, the connection
-// can no longer be used and you should no longer attempt to Read or Write to
-// the connection.
-func (c *Conn) Close() (err error) {
-	phony.Block(c, func() {
-		if c.session != nil {
-			// Close the session, if it hasn't been closed already
-			if e := c.session.cancel.Cancel(errors.New("connection closed")); e != nil {
-				err = ConnError{errors.New("close failed, session already closed"), false, false, true, 0}
-			} else {
-				c.session.doRemove()
-			}
-		}
-	})
-	return
-}
-
-// LocalAddr returns the complete public key of the local side of the
-// connection. This is always going to return your own node's public key.
-func (c *Conn) LocalAddr() net.Addr {
-	return &c.core.boxPub
-}
-
-// RemoteAddr returns the complete public key of the remote side of the
-// connection.
-func (c *Conn) RemoteAddr() net.Addr {
-	if c.session != nil {
-		return &c.session.theirPermPub
-	}
-	return nil
-}
-
-// SetDeadline is equivalent to calling both SetReadDeadline and
-// SetWriteDeadline with the same value, configuring the maximum amount of time
-// that synchronous Read and Write operations can block for. If no deadline is
-// configured, Read and Write operations can potentially block indefinitely.
-func (c *Conn) SetDeadline(t time.Time) error {
-	c.SetReadDeadline(t)
-	c.SetWriteDeadline(t)
-	return nil
-}
-
-// SetReadDeadline configures the maximum amount of time that a synchronous Read
-// operation can block for. A Read operation will unblock at the point that the
-// read deadline is reached if no other condition (such as data arrival or
-// connection closure) happens first. If no deadline is configured, Read
-// operations can potentially block indefinitely.
-func (c *Conn) SetReadDeadline(t time.Time) error {
-	// TODO warn that this can block while waiting for the Conn actor to run, so don't call it from other actors...
-	phony.Block(c, func() { c.readDeadline = &t })
-	return nil
-}
-
-// SetWriteDeadline configures the maximum amount of time that a synchronous
-// Write operation can block for. A Write operation will unblock at the point
-// that the read deadline is reached if no other condition (such as data sending
-// or connection closure) happens first. If no deadline is configured, Write
-// operations can potentially block indefinitely.
-func (c *Conn) SetWriteDeadline(t time.Time) error {
-	// TODO warn that this can block while waiting for the Conn actor to run, so don't call it from other actors...
-	phony.Block(c, func() { c.writeDeadline = &t })
-	return nil
-}

src/yggdrasil/core.go

@@ -1,207 +0,0 @@
-package yggdrasil
-
-import (
-	"encoding/hex"
-	"errors"
-	"io/ioutil"
-	"time"
-
-	"github.com/Arceliar/phony"
-	"github.com/gologme/log"
-
-	"github.com/yggdrasil-network/yggdrasil-go/src/config"
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
-	"github.com/yggdrasil-network/yggdrasil-go/src/version"
-)
-
-// The Core object represents the Yggdrasil node. You should create a Core
-// object for each Yggdrasil node you plan to run.
-type Core struct {
-	// This is the main data structure that holds everything else for a node
-	// We're going to keep our own copy of the provided config - that way we can
-	// guarantee that it will be covered by the mutex
-	phony.Inbox
-	config       config.NodeState // Config
-	boxPub       crypto.BoxPubKey
-	boxPriv      crypto.BoxPrivKey
-	sigPub       crypto.SigPubKey
-	sigPriv      crypto.SigPrivKey
-	switchTable  switchTable
-	peers        peers
-	router       router
-	links        links
-	log          *log.Logger
-	addPeerTimer *time.Timer
-}
-
-func (c *Core) _init() error {
-	// TODO separate init and start functions
-	//  Init sets up structs
-	//  Start launches goroutines that depend on structs being set up
-	// This is pretty much required to completely avoid race conditions
-	if c.log == nil {
-		c.log = log.New(ioutil.Discard, "", 0)
-	}
-
-	current := c.config.GetCurrent()
-
-	boxPrivHex, err := hex.DecodeString(current.EncryptionPrivateKey)
-	if err != nil {
-		return err
-	}
-	if len(boxPrivHex) < crypto.BoxPrivKeyLen {
-		return errors.New("EncryptionPrivateKey is incorrect length")
-	}
-
-	sigPrivHex, err := hex.DecodeString(current.SigningPrivateKey)
-	if err != nil {
-		return err
-	}
-	if len(sigPrivHex) < crypto.SigPrivKeyLen {
-		return errors.New("SigningPrivateKey is incorrect length")
-	}
-
-	copy(c.boxPriv[:], boxPrivHex)
-	copy(c.sigPriv[:], sigPrivHex)
-
-	boxPub, sigPub := c.boxPriv.Public(), c.sigPriv.Public()
-
-	copy(c.boxPub[:], boxPub[:])
-	copy(c.sigPub[:], sigPub[:])
-
-	if bp := hex.EncodeToString(c.boxPub[:]); current.EncryptionPublicKey != bp {
-		c.log.Warnln("EncryptionPublicKey in config is incorrect, should be", bp)
-	}
-	if sp := hex.EncodeToString(c.sigPub[:]); current.SigningPublicKey != sp {
-		c.log.Warnln("SigningPublicKey in config is incorrect, should be", sp)
-	}
-
-	c.peers.init(c)
-	c.router.init(c)
-	c.switchTable.init(c) // TODO move before peers? before router?
-
-	return nil
-}
-
-// If any static peers were provided in the configuration above then we should
-// configure them. The loop ensures that disconnected peers will eventually
-// be reconnected with.
-func (c *Core) _addPeerLoop() {
-	// Get the peers from the config - these could change!
-	current := c.config.GetCurrent()
-
-	// Add peers from the Peers section
-	for _, peer := range current.Peers {
-		go func(peer, intf string) {
-			if err := c.CallPeer(peer, intf); err != nil {
-				c.log.Errorln("Failed to add peer:", err)
-			}
-		}(peer, "") // TODO: this should be acted and not in a goroutine?
-	}
-
-	// Add peers from the InterfacePeers section
-	for intf, intfpeers := range current.InterfacePeers {
-		for _, peer := range intfpeers {
-			go func(peer, intf string) {
-				if err := c.CallPeer(peer, intf); err != nil {
-					c.log.Errorln("Failed to add peer:", err)
-				}
-			}(peer, intf) // TODO: this should be acted and not in a goroutine?
-		}
-	}
-
-	c.addPeerTimer = time.AfterFunc(time.Minute, func() {
-		c.Act(nil, c._addPeerLoop)
-	})
-}
-
-// UpdateConfig updates the configuration in Core with the provided
-// config.NodeConfig and then signals the various module goroutines to
-// reconfigure themselves if needed.
-func (c *Core) UpdateConfig(config *config.NodeConfig) {
-	c.Act(nil, func() {
-		c.log.Debugln("Reloading node configuration...")
-
-		// Replace the active configuration with the supplied one
-		c.config.Replace(*config)
-
-		// Notify the router and switch about the new configuration
-		c.router.Act(c, c.router.reconfigure)
-		c.switchTable.Act(c, c.switchTable.reconfigure)
-	})
-}
-
-// Start starts up Yggdrasil using the provided config.NodeConfig, and outputs
-// debug logging through the provided log.Logger. The started stack will include
-// TCP and UDP sockets, a multicast discovery socket, an admin socket, router,
-// switch and DHT node. A config.NodeState is returned which contains both the
-// current and previous configurations (from reconfigures).
-func (c *Core) Start(nc *config.NodeConfig, log *log.Logger) (conf *config.NodeState, err error) {
-	phony.Block(c, func() {
-		conf, err = c._start(nc, log)
-	})
-	return
-}
-
-// This function is unsafe and should only be ran by the core actor.
-func (c *Core) _start(nc *config.NodeConfig, log *log.Logger) (*config.NodeState, error) {
-	c.log = log
-
-	c.config = config.NodeState{
-		Current:  *nc,
-		Previous: *nc,
-	}
-
-	if name := version.BuildName(); name != "unknown" {
-		c.log.Infoln("Build name:", name)
-	}
-	if version := version.BuildVersion(); version != "unknown" {
-		c.log.Infoln("Build version:", version)
-	}
-
-	c.log.Infoln("Starting up...")
-	if err := c._init(); err != nil {
-		c.log.Errorln("Failed to initialize core")
-		return nil, err
-	}
-
-	if err := c.links.init(c); err != nil {
-		c.log.Errorln("Failed to start link interfaces")
-		return nil, err
-	}
-
-	if err := c.switchTable.start(); err != nil {
-		c.log.Errorln("Failed to start switch")
-		return nil, err
-	}
-
-	if err := c.router.start(); err != nil {
-		c.log.Errorln("Failed to start router")
-		return nil, err
-	}
-
-	c.Act(c, c._addPeerLoop)
-
-	c.log.Infoln("Startup complete")
-	return &c.config, nil
-}
-
-// Stop shuts down the Yggdrasil node.
-func (c *Core) Stop() {
-	phony.Block(c, c._stop)
-}
-
-// This function is unsafe and should only be ran by the core actor.
-func (c *Core) _stop() {
-	c.log.Infoln("Stopping...")
-	if c.addPeerTimer != nil {
-		c.addPeerTimer.Stop()
-	}
-	c.links.stop()
-	/* FIXME this deadlocks, need a waitgroup or something to coordinate shutdown
-	for _, peer := range c.GetPeers() {
-		c.DisconnectPeer(peer.Port)
-	}
-	*/
-	c.log.Infoln("Stopped")
-}

src/yggdrasil/dht.go

@@ -1,447 +0,0 @@
-package yggdrasil
-
-// A chord-like Distributed Hash Table (DHT).
-// Used to look up coords given a NodeID and bitmask (taken from an IPv6 address).
-// Keeps track of immediate successor, predecessor, and all peers.
-// Also keeps track of other nodes if they're closer in tree space than all other known nodes encountered when heading in either direction to that point, under the hypothesis that, for the kinds of networks we care about, this should probabilistically include the node needed to keep lookups to near O(logn) steps.
-
-import (
-	"sort"
-	"time"
-
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
-)
-
-const (
-	dht_lookup_size     = 16
-	dht_timeout         = 6 * time.Minute
-	dht_max_delay       = 5 * time.Minute
-	dht_max_delay_dirty = 30 * time.Second
-)
-
-// dhtInfo represents everything we know about a node in the DHT.
-// This includes its key, a cache of its NodeID, coords, and timing/ping related info for deciding who/when to ping nodes for maintenance.
-type dhtInfo struct {
-	nodeID_hidden *crypto.NodeID
-	key           crypto.BoxPubKey
-	coords        []byte
-	recv          time.Time // When we last received a message
-	pings         int       // Time out if at least 3 consecutive maintenance pings drop
-	throttle      time.Duration
-	dirty         bool // Set to true if we've used this node in ping responses (for queries about someone other than the person doing the asking, i.e. real searches) since the last time we heard from the node
-}
-
-// Returns the *NodeID associated with dhtInfo.key, calculating it on the fly the first time or from a cache all subsequent times.
-func (info *dhtInfo) getNodeID() *crypto.NodeID {
-	if info.nodeID_hidden == nil {
-		info.nodeID_hidden = crypto.GetNodeID(&info.key)
-	}
-	return info.nodeID_hidden
-}
-
-// Request for a node to do a lookup.
-// Includes our key and coords so they can send a response back, and the destination NodeID we want to ask about.
-type dhtReq struct {
-	Key    crypto.BoxPubKey // Key of whoever asked
-	Coords []byte           // Coords of whoever asked
-	Dest   crypto.NodeID    // NodeID they're asking about
-}
-
-// Response to a DHT lookup.
-// Includes the key and coords of the node that's responding, and the destination they were asked about.
-// The main part is Infos []*dhtInfo, the lookup response.
-type dhtRes struct {
-	Key    crypto.BoxPubKey // key of the sender
-	Coords []byte           // coords of the sender
-	Dest   crypto.NodeID
-	Infos  []*dhtInfo // response
-}
-
-// Parts of a DHT req usable as a key in a map.
-type dhtReqKey struct {
-	key  crypto.BoxPubKey
-	dest crypto.NodeID
-}
-
-// The main DHT struct.
-type dht struct {
-	router    *router
-	nodeID    crypto.NodeID
-	reqs      map[dhtReqKey]time.Time          // Keeps track of recent outstanding requests
-	callbacks map[dhtReqKey][]dht_callbackInfo // Search and admin lookup callbacks
-	// These next two could be replaced by a single linked list or similar...
-	table map[crypto.NodeID]*dhtInfo
-	imp   []*dhtInfo
-}
-
-// Initializes the DHT.
-func (t *dht) init(r *router) {
-	t.router = r
-	t.nodeID = *t.router.core.NodeID()
-	t.callbacks = make(map[dhtReqKey][]dht_callbackInfo)
-	t.reset()
-}
-
-func (t *dht) reconfigure() {
-	// This is where reconfiguration would go, if we had anything to do
-}
-
-// Resets the DHT in response to coord changes.
-// This empties all info from the DHT and drops outstanding requests.
-func (t *dht) reset() {
-	for _, info := range t.table {
-		if t.isImportant(info) {
-			t.ping(info, nil)
-		}
-	}
-	t.reqs = make(map[dhtReqKey]time.Time)
-	t.table = make(map[crypto.NodeID]*dhtInfo)
-	t.imp = nil
-}
-
-// Does a DHT lookup and returns up to dht_lookup_size results.
-func (t *dht) lookup(nodeID *crypto.NodeID, everything bool) []*dhtInfo {
-	results := make([]*dhtInfo, 0, len(t.table))
-	for _, info := range t.table {
-		results = append(results, info)
-	}
-	if len(results) > dht_lookup_size {
-		// Drop the middle part, so we keep some nodes before and after.
-		// This should help to bootstrap / recover more quickly.
-		sort.SliceStable(results, func(i, j int) bool {
-			return dht_ordered(nodeID, results[i].getNodeID(), results[j].getNodeID())
-		})
-		newRes := make([]*dhtInfo, 0, len(results))
-		newRes = append(newRes, results[len(results)-dht_lookup_size/2:]...)
-		newRes = append(newRes, results[:len(results)-dht_lookup_size/2]...)
-		results = newRes
-		results = results[:dht_lookup_size]
-	}
-	return results
-}
-
-// Insert into table, preserving the time we last sent a packet if the node was already in the table, otherwise setting that time to now.
-func (t *dht) insert(info *dhtInfo) {
-	if *info.getNodeID() == t.nodeID {
-		// This shouldn't happen, but don't add it if it does
-		return
-	}
-	info.recv = time.Now()
-	if oldInfo, isIn := t.table[*info.getNodeID()]; isIn {
-		sameCoords := true
-		if len(info.coords) != len(oldInfo.coords) {
-			sameCoords = false
-		} else {
-			for idx := 0; idx < len(info.coords); idx++ {
-				if info.coords[idx] != oldInfo.coords[idx] {
-					sameCoords = false
-					break
-				}
-			}
-		}
-		if sameCoords {
-			info.throttle = oldInfo.throttle
-		}
-	}
-	t.imp = nil // It needs to update to get a pointer to the new info
-	t.table[*info.getNodeID()] = info
-}
-
-// Insert a peer into the table if it hasn't been pinged lately, to keep peers from dropping
-func (t *dht) insertPeer(info *dhtInfo) {
-	t.insert(info)    // FIXME this resets timers / ping counts / etc, so it seems kind of dangerous
-	t.ping(info, nil) // This is a quick fix to the above, ping them immediately...
-}
-
-// Return true if first/second/third are (partially) ordered correctly.
-func dht_ordered(first, second, third *crypto.NodeID) bool {
-	lessOrEqual := func(first, second *crypto.NodeID) bool {
-		for idx := 0; idx < crypto.NodeIDLen; idx++ {
-			if first[idx] > second[idx] {
-				return false
-			}
-			if first[idx] < second[idx] {
-				return true
-			}
-		}
-		return true
-	}
-	firstLessThanSecond := lessOrEqual(first, second)
-	secondLessThanThird := lessOrEqual(second, third)
-	thirdLessThanFirst := lessOrEqual(third, first)
-	switch {
-	case firstLessThanSecond && secondLessThanThird:
-		// Nothing wrapped around 0, the easy case
-		return true
-	case thirdLessThanFirst && firstLessThanSecond:
-		// Third wrapped around 0
-		return true
-	case secondLessThanThird && thirdLessThanFirst:
-		// Second (and third) wrapped around 0
-		return true
-	}
-	return false
-}
-
-// Reads a request, performs a lookup, and responds.
-// Update info about the node that sent the request.
-func (t *dht) handleReq(req *dhtReq) {
-	// Send them what they asked for
-	res := dhtRes{
-		Key:    t.router.core.boxPub,
-		Coords: t.router.table.self.getCoords(),
-		Dest:   req.Dest,
-		Infos:  t.lookup(&req.Dest, false),
-	}
-	t.sendRes(&res, req)
-	// Also add them to our DHT
-	info := dhtInfo{
-		key:    req.Key,
-		coords: req.Coords,
-	}
-	if _, isIn := t.table[*info.getNodeID()]; !isIn && t.isImportant(&info) {
-		t.ping(&info, nil)
-	}
-	// Maybe mark nodes from lookup as dirty
-	if req.Dest != *info.getNodeID() {
-		// This node asked about someone other than themself, so this wasn't just idle traffic.
-		for _, info := range res.Infos {
-			// Mark nodes dirty so we're sure to check up on them again later
-			info.dirty = true
-		}
-	}
-}
-
-// Sends a lookup response to the specified node.
-func (t *dht) sendRes(res *dhtRes, req *dhtReq) {
-	// Send a reply for a dhtReq
-	bs := res.encode()
-	shared := t.router.sessions.getSharedKey(&t.router.core.boxPriv, &req.Key)
-	payload, nonce := crypto.BoxSeal(shared, bs, nil)
-	p := wire_protoTrafficPacket{
-		Coords:  req.Coords,
-		ToKey:   req.Key,
-		FromKey: t.router.core.boxPub,
-		Nonce:   *nonce,
-		Payload: payload,
-	}
-	packet := p.encode()
-	t.router.out(packet)
-}
-
-type dht_callbackInfo struct {
-	f    func(*dhtRes)
-	time time.Time
-}
-
-// Adds a callback and removes it after some timeout.
-func (t *dht) addCallback(rq *dhtReqKey, callback func(*dhtRes)) {
-	info := dht_callbackInfo{callback, time.Now().Add(6 * time.Second)}
-	t.callbacks[*rq] = append(t.callbacks[*rq], info)
-}
-
-// Reads a lookup response, checks that we had sent a matching request, and processes the response info.
-// This mainly consists of updating the node we asked in our DHT (they responded, so we know they're still alive), and deciding if we want to do anything with their responses
-func (t *dht) handleRes(res *dhtRes) {
-	rq := dhtReqKey{res.Key, res.Dest}
-	if callbacks, isIn := t.callbacks[rq]; isIn {
-		for _, callback := range callbacks {
-			callback.f(res)
-		}
-		delete(t.callbacks, rq)
-	}
-	_, isIn := t.reqs[rq]
-	if !isIn {
-		return
-	}
-	delete(t.reqs, rq)
-	rinfo := dhtInfo{
-		key:    res.Key,
-		coords: res.Coords,
-	}
-	if t.isImportant(&rinfo) {
-		t.insert(&rinfo)
-	}
-	for _, info := range res.Infos {
-		if *info.getNodeID() == t.nodeID {
-			continue
-		} // Skip self
-		if _, isIn := t.table[*info.getNodeID()]; isIn {
-			// TODO? don't skip if coords are different?
-			continue
-		}
-		if t.isImportant(info) {
-			t.ping(info, nil)
-		}
-	}
-}
-
-// Sends a lookup request to the specified node.
-func (t *dht) sendReq(req *dhtReq, dest *dhtInfo) {
-	// Send a dhtReq to the node in dhtInfo
-	bs := req.encode()
-	shared := t.router.sessions.getSharedKey(&t.router.core.boxPriv, &dest.key)
-	payload, nonce := crypto.BoxSeal(shared, bs, nil)
-	p := wire_protoTrafficPacket{
-		Coords:  dest.coords,
-		ToKey:   dest.key,
-		FromKey: t.router.core.boxPub,
-		Nonce:   *nonce,
-		Payload: payload,
-	}
-	packet := p.encode()
-	t.router.out(packet)
-	rq := dhtReqKey{dest.key, req.Dest}
-	t.reqs[rq] = time.Now()
-}
-
-// Sends a lookup to this info, looking for the target.
-func (t *dht) ping(info *dhtInfo, target *crypto.NodeID) {
-	// Creates a req for the node at dhtInfo, asking them about the target (if one is given) or themself (if no target is given)
-	if target == nil {
-		target = &t.nodeID
-	}
-	req := dhtReq{
-		Key:    t.router.core.boxPub,
-		Coords: t.router.table.self.getCoords(),
-		Dest:   *target,
-	}
-	t.sendReq(&req, info)
-}
-
-// Periodic maintenance work to keep important DHT nodes alive.
-func (t *dht) doMaintenance() {
-	now := time.Now()
-	newReqs := make(map[dhtReqKey]time.Time, len(t.reqs))
-	for key, start := range t.reqs {
-		if now.Sub(start) < 6*time.Second {
-			newReqs[key] = start
-		}
-	}
-	t.reqs = newReqs
-	newCallbacks := make(map[dhtReqKey][]dht_callbackInfo, len(t.callbacks))
-	for key, cs := range t.callbacks {
-		for _, c := range cs {
-			if now.Before(c.time) {
-				newCallbacks[key] = append(newCallbacks[key], c)
-			} else {
-				// Signal failure
-				c.f(nil)
-			}
-		}
-	}
-	t.callbacks = newCallbacks
-	for infoID, info := range t.table {
-		switch {
-		case info.pings > 6:
-			// It failed to respond to too many pings
-			fallthrough
-		case now.Sub(info.recv) > dht_timeout:
-			// It's too old
-			fallthrough
-		case info.dirty && now.Sub(info.recv) > dht_max_delay_dirty && !t.isImportant(info):
-			// We won't ping it to refresh it, so just drop it
-			delete(t.table, infoID)
-			t.imp = nil
-		}
-	}
-	for _, info := range t.getImportant() {
-		switch {
-		case now.Sub(info.recv) > info.throttle:
-			info.throttle *= 2
-			if info.throttle < time.Second {
-				info.throttle = time.Second
-			} else if info.throttle > dht_max_delay {
-				info.throttle = dht_max_delay
-			}
-			fallthrough
-		case info.dirty && now.Sub(info.recv) > dht_max_delay_dirty:
-			t.ping(info, nil)
-			info.pings++
-		}
-	}
-}
-
-// Gets a list of important nodes, used by isImportant.
-func (t *dht) getImportant() []*dhtInfo {
-	if t.imp == nil {
-		// Get a list of all known nodes
-		infos := make([]*dhtInfo, 0, len(t.table))
-		for _, info := range t.table {
-			infos = append(infos, info)
-		}
-		// Sort them by increasing order in distance along the ring
-		sort.SliceStable(infos, func(i, j int) bool {
-			// Sort in order of predecessors (!), reverse from chord normal, because it plays nicer with zero bits for unknown parts of target addresses
-			return dht_ordered(infos[j].getNodeID(), infos[i].getNodeID(), &t.nodeID)
-		})
-		// Keep the ones that are no further than the closest seen so far
-		minDist := ^uint64(0)
-		loc := t.router.table.self
-		important := infos[:0]
-		for _, info := range infos {
-			dist := uint64(loc.dist(info.coords))
-			if dist < minDist {
-				minDist = dist
-				important = append(important, info)
-			} else if len(important) < 2 {
-				important = append(important, info)
-			}
-		}
-		var temp []*dhtInfo
-		minDist = ^uint64(0)
-		for idx := len(infos) - 1; idx >= 0; idx-- {
-			info := infos[idx]
-			dist := uint64(loc.dist(info.coords))
-			if dist < minDist {
-				minDist = dist
-				temp = append(temp, info)
-			} else if len(temp) < 2 {
-				temp = append(temp, info)
-			}
-		}
-		for idx := len(temp) - 1; idx >= 0; idx-- {
-			important = append(important, temp[idx])
-		}
-		t.imp = important
-	}
-	return t.imp
-}
-
-// Returns true if this is a node we need to keep track of for the DHT to work.
-func (t *dht) isImportant(ninfo *dhtInfo) bool {
-	if ninfo.key == t.router.core.boxPub {
-		return false
-	}
-	important := t.getImportant()
-	// Check if ninfo is of equal or greater importance to what we already know
-	loc := t.router.table.self
-	ndist := uint64(loc.dist(ninfo.coords))
-	minDist := ^uint64(0)
-	for _, info := range important {
-		if (*info.getNodeID() == *ninfo.getNodeID()) ||
-			(ndist < minDist && dht_ordered(info.getNodeID(), ninfo.getNodeID(), &t.nodeID)) {
-			// Either the same node, or a better one
-			return true
-		}
-		dist := uint64(loc.dist(info.coords))
-		if dist < minDist {
-			minDist = dist
-		}
-	}
-	minDist = ^uint64(0)
-	for idx := len(important) - 1; idx >= 0; idx-- {
-		info := important[idx]
-		if (*info.getNodeID() == *ninfo.getNodeID()) ||
-			(ndist < minDist && dht_ordered(&t.nodeID, ninfo.getNodeID(), info.getNodeID())) {
-			// Either the same node, or a better one
-			return true
-		}
-		dist := uint64(loc.dist(info.coords))
-		if dist < minDist {
-			minDist = dist
-		}
-	}
-	// We didn't find any important node that ninfo is better than
-	return false
-}

src/yggdrasil/dialer.go

@@ -1,120 +0,0 @@
-package yggdrasil
-
-import (
-	"context"
-	"encoding/hex"
-	"errors"
-	"net"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
-)
-
-// Dialer represents an Yggdrasil connection dialer.
-type Dialer struct {
-	core *Core
-}
-
-// Dial opens a session to the given node. The first parameter should be
-// "curve25519" or "nodeid" and the second parameter should contain a
-// hexadecimal representation of the target. It uses DialContext internally.
-func (d *Dialer) Dial(network, address string) (net.Conn, error) {
-	return d.DialContext(nil, network, address)
-}
-
-// DialContext is used internally by Dial, and should only be used with a
-// context that includes a timeout. It uses DialByNodeIDandMask internally when
-// the network is "nodeid", or DialByPublicKey when the network is "curve25519".
-func (d *Dialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
-	var nodeID crypto.NodeID
-	var nodeMask crypto.NodeID
-	// Process
-	switch network {
-	case "curve25519":
-		dest, err := hex.DecodeString(address)
-		if err != nil {
-			return nil, err
-		}
-		if len(dest) != crypto.BoxPubKeyLen {
-			return nil, errors.New("invalid key length supplied")
-		}
-		var pubKey crypto.BoxPubKey
-		copy(pubKey[:], dest)
-		return d.DialByPublicKey(ctx, &pubKey)
-	case "nodeid":
-		// A node ID was provided - we don't need to do anything special with it
-		if tokens := strings.Split(address, "/"); len(tokens) == 2 {
-			l, err := strconv.Atoi(tokens[1])
-			if err != nil {
-				return nil, err
-			}
-			dest, err := hex.DecodeString(tokens[0])
-			if err != nil {
-				return nil, err
-			}
-			copy(nodeID[:], dest)
-			for idx := 0; idx < l; idx++ {
-				nodeMask[idx/8] |= 0x80 >> byte(idx%8)
-			}
-		} else {
-			dest, err := hex.DecodeString(tokens[0])
-			if err != nil {
-				return nil, err
-			}
-			copy(nodeID[:], dest)
-			for i := range nodeMask {
-				nodeMask[i] = 0xFF
-			}
-		}
-		return d.DialByNodeIDandMask(ctx, &nodeID, &nodeMask)
-	default:
-		// An unexpected address type was given, so give up
-		return nil, errors.New("unexpected address type")
-	}
-}
-
-// DialByNodeIDandMask opens a session to the given node based on raw NodeID
-// parameters. If ctx is nil or has no timeout, then a default timeout of 6
-// seconds will apply, beginning *after* the search finishes.
-func (d *Dialer) DialByNodeIDandMask(ctx context.Context, nodeID, nodeMask *crypto.NodeID) (net.Conn, error) {
-	startDial := time.Now()
-	conn := newConn(d.core, nodeID, nodeMask, nil)
-	if err := conn.search(); err != nil {
-		// TODO: make searches take a context, so they can be cancelled early
-		conn.Close()
-		return nil, err
-	}
-	endSearch := time.Now()
-	d.core.log.Debugln("Dial searched for:", nodeID, "in time:", endSearch.Sub(startDial))
-	conn.session.setConn(nil, conn)
-	var cancel context.CancelFunc
-	if ctx == nil {
-		ctx = context.Background()
-	}
-	ctx, cancel = context.WithTimeout(ctx, 6*time.Second)
-	defer cancel()
-	select {
-	case <-conn.session.init:
-		endInit := time.Now()
-		d.core.log.Debugln("Dial initialized session for:", nodeID, "in time:", endInit.Sub(endSearch))
-		d.core.log.Debugln("Finished dial for:", nodeID, "in time:", endInit.Sub(startDial))
-		return conn, nil
-	case <-ctx.Done():
-		conn.Close()
-		return nil, errors.New("session handshake timeout")
-	}
-}
-
-// DialByPublicKey opens a session to the given node based on the public key. If
-// ctx is nil or has no timeout, then a default timeout of 6 seconds will apply,
-// beginning *after* the search finishes.
-func (d *Dialer) DialByPublicKey(ctx context.Context, pubKey *crypto.BoxPubKey) (net.Conn, error) {
-	nodeID := crypto.GetNodeID(pubKey)
-	var nodeMask crypto.NodeID
-	for i := range nodeMask {
-		nodeMask[i] = 0xFF
-	}
-	return d.DialByNodeIDandMask(ctx, nodeID, &nodeMask)
-}

src/yggdrasil/doc.go

@@ -1,176 +0,0 @@
-/*
-Package yggdrasil implements the core functionality of the Yggdrasil Network.
-
-Introduction
-
-Yggdrasil is a proof-of-concept mesh network which provides end-to-end encrypted
-communication between nodes in a decentralised fashion. The network is arranged
-using a globally-agreed spanning tree which provides each node with a locator
-(coordinates relative to the root) and a distributed hash table (DHT) mechanism
-for finding other nodes.
-
-Each node also implements a router, which is responsible for encryption of
-traffic, searches and connections, and a switch, which is responsible ultimately
-for forwarding traffic across the network.
-
-While many Yggdrasil nodes in existence today are IP nodes - that is, they are
-transporting IPv6 packets, like a kind of mesh VPN - it is also possible to
-integrate Yggdrasil into your own applications and use it as a generic data
-transport, similar to UDP.
-
-This library is what you need to integrate and use Yggdrasil in your own
-application.
-
-Basics
-
-In order to start an Yggdrasil node, you should start by generating node
-configuration, which amongst other things, includes encryption keypairs which
-are used to generate the node's identity, and supply a logger which Yggdrasil's
-output will be written to.
-
-This may look something like this:
-
-  import (
-    "os"
-    "github.com/gologme/log"
-    "github.com/yggdrasil-network/yggdrasil-go/src/config"
-    "github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil"
-  )
-
-  type node struct {
-    core   yggdrasil.Core
-    config *config.NodeConfig
-    log    *log.Logger
-  }
-
-You then can supply node configuration and a logger:
-
-  n := node{}
-  n.log = log.New(os.Stdout, "", log.Flags())
-  n.config = config.GenerateConfig()
-
-In the above example, we ask the config package to supply new configuration each
-time, which results in fresh encryption keys and therefore a new identity. It is
-normally preferable in most cases to persist node configuration onto the
-filesystem or into some configuration store so that the node's identity does not
-change each time that the program starts. Note that Yggdrasil will automatically
-fill in any missing configuration items with sane defaults.
-
-Once you have supplied a logger and some node configuration, you can then start
-the node:
-
-  n.core.Start(n.config, n.log)
-
-Add some peers to connect to the network:
-
-  n.core.AddPeer("tcp://some-host.net:54321", "")
-  n.core.AddPeer("tcp://[2001::1:2:3]:54321", "")
-  n.core.AddPeer("tcp://1.2.3.4:54321", "")
-
-You can also ask the API for information about our node:
-
-  n.log.Println("My node ID is", n.core.NodeID())
-  n.log.Println("My public key is", n.core.EncryptionPublicKey())
-  n.log.Println("My coords are", n.core.Coords())
-
-Incoming Connections
-
-Once your node is started, you can then listen for connections from other nodes
-by asking the API for a Listener:
-
-  listener, err := n.core.ConnListen()
-  if err != nil {
-    // ...
-  }
-
-The Listener has a blocking Accept function which will wait for incoming
-connections from remote nodes. It will return a Conn when a connection is
-received. If the node never receives any incoming connections then this function
-can block forever, so be prepared for that, perhaps by listening in a separate
-goroutine.
-
-Assuming that you have defined a myConnectionHandler function to deal with
-incoming connections:
-
-  for {
-    conn, err := listener.Accept()
-    if err != nil {
-      // ...
-    }
-
-    // We've got a new connection
-    go myConnectionHandler(conn)
-  }
-
-Outgoing Connections
-
-If you know the node ID of the remote node that you want to talk to, you can
-dial an outbound connection to it. To do this, you should first ask the API for
-a Dialer:
-
-  dialer, err := n.core.ConnDialer()
-  if err != nil {
-    // ...
-  }
-
-You can then dial using the node's public key in hexadecimal format, for example:
-
-  conn, err := dialer.Dial("curve25519", "55071be281f50d0abbda63aadc59755624280c44b2f1f47684317aa4e0325604")
-  if err != nil {
-    // ...
-  }
-
-Using Connections
-
-Conn objects are implementations of io.ReadWriteCloser, and as such, you can
-Read, Write and Close them as necessary.
-
-Each Read or Write operation can deal with a buffer with a maximum size of 65535
-bytes - any bigger than this and the operation will return an error.
-
-For example, to write to the Conn from the supplied buffer:
-
-  buf := []byte{1, 2, 3, 4, 5}
-  w, err := conn.Write(buf)
-  if err != nil {
-    // ...
-  } else {
-    // written w bytes
-  }
-
-Reading from the Conn into the supplied buffer:
-
-  buf := make([]byte, 65535)
-  r, err := conn.Read(buf)
-  if err != nil {
-    // ...
-  } else {
-    // read r bytes
-  }
-
-When you are happy that a connection is no longer required, you can discard it:
-
-  err := conn.Close()
-  if err != nil {
-    // ...
-  }
-
-Limitations
-
-You should be aware of the following limitations when working with the Yggdrasil
-library:
-
-Individual messages written through Yggdrasil connections can not exceed 65535
-bytes in size. Yggdrasil has no concept of fragmentation, so if you try to send
-a message that exceeds 65535 bytes in size, it will be dropped altogether and
-an error will be returned.
-
-Yggdrasil connections are unreliable by nature. Messages are delivered on a
-best-effort basis, and employs congestion control where appropriate to ensure
-that congestion does not affect message transport, but Yggdrasil will not
-retransmit any messages that have been lost. If reliable delivery is important
-then you should manually implement acknowledgement and retransmission of
-messages.
-
-*/
-package yggdrasil