Add support for Multipath TCP

* Changelog updates for Yggdrasil v0.5.6

* Fix spelling error

---------

Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
Co-authored-by: Arceliar <Arceliar@users.noreply.github.com>

.github/workflows/ci.yml

@@ -15,10 +15,10 @@ jobs:
     name: Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v5
         with:
           go-version: 1.21
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
@@ -34,7 +34,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
@@ -51,17 +51,17 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        goversion: ["1.20", "1.21"]
+        goversion: ["1.21", "1.22"]
 
     name: Build & Test (Linux, Go ${{ matrix.goversion }})
     needs: [lint]
 
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ matrix.goversion }}
 
@@ -75,17 +75,17 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        goversion: ["1.20", "1.21"]
+        goversion: ["1.21", "1.22"]
 
     name: Build & Test (Windows, Go ${{ matrix.goversion }})
     needs: [lint]
 
     runs-on: windows-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ matrix.goversion }}
 
@@ -99,17 +99,17 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        goversion: ["1.20", "1.21"]
+        goversion: ["1.21", "1.22"]
 
     name: Build & Test (macOS, Go ${{ matrix.goversion }})
     needs: [lint]
 
     runs-on: macos-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ matrix.goversion }}
 
@@ -123,7 +123,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        goversion: ["1.20", "1.21"]
+        goversion: ["1.21", "1.22"]
         goos:
           - freebsd
           - openbsd
@@ -133,10 +133,10 @@ jobs:
 
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ matrix.goversion }}
 

.github/workflows/pkg.yml

@@ -18,14 +18,14 @@ jobs:
 
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
-          go-version: "1.20"
+          go-version: "stable"
 
       - name: Build package
         env:
@@ -33,7 +33,7 @@ jobs:
         run: sh contrib/deb/generate.sh
 
       - name: Upload artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: Debian package (${{ matrix.pkgarch }})
           path: "*.deb"
@@ -49,14 +49,14 @@ jobs:
 
     runs-on: macos-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
-          go-version: "1.20"
+          go-version: "stable"
 
       - name: Build package
         env:
@@ -64,7 +64,7 @@ jobs:
         run: sh contrib/macos/create-pkg.sh
 
       - name: Upload artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: macOS package (${{ matrix.pkgarch }})
           path: "*.pkg"
@@ -80,20 +80,23 @@ jobs:
 
     runs-on: windows-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
-          go-version: "1.20"
+          go-version: "stable"
+
+      - name: Setup .NET Core SDK
+        uses: actions/setup-dotnet@v4
 
       - name: Build package
         run: sh contrib/msi/build-msi.sh ${{ matrix.pkgarch }}
 
       - name: Upload artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: Windows package (${{ matrix.pkgarch }})
           path: "*.msi"
@@ -109,20 +112,20 @@ jobs:
 
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
           path: yggdrasil
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           repository: neilalexander/vyatta-yggdrasil
           path: vyatta-yggdrasil
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
-          go-version: "1.20"
+          go-version: "stable"
 
       - name: Build package
         env:
@@ -130,7 +133,7 @@ jobs:
         run: cd /home/runner/work/yggdrasil-go/yggdrasil-go/vyatta-yggdrasil && ./build-${{ matrix.pkgarch }}
 
       - name: Upload artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: Router package (${{ matrix.pkgarch }})
           path: "/home/runner/work/yggdrasil-go/yggdrasil-go/vyatta-yggdrasil/*.deb"

CHANGELOG.md

@@ -26,6 +26,47 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - in case of vulnerabilities.
 -->
 
+## [0.5.6] - 2024-05-30
+
+* Go 1.21 is now required to build Yggdrasil
+
+### Added
+
+* The `getPeers` endpoint now reports the RTT/latency of directly connected peers
+
+### Changed
+
+* The tree parent selection algorithm now prefers the lowest latency peers instead of the most stable
+* Session key exchange logic has been changed to improve throughput and reduce occasional jitter
+
+### Fixed
+
+* Bloom filter hashing now works correctly on big-endian architectures
+* Incorrect buffer pool usage has been fixed, reducing memory allocations
+* The multicast beacon interval now backs off correctly, reducing the number of beacons sent
+* A denial-of-service vulnerability in the QUIC library has been fixed with a dependency update
+
+## [0.5.5] - 2024-01-27
+
+### Added
+
+* A new peer option `?maxbackoff=X` has been added to control the maximum backoff time for a given peer, supports duration values like `5m`, `1h` etc
+
+### Changed
+
+* The maximum backoff period for failing peer connections has been reduced to just over 1 hour, compared to 4.5 hours before
+* The `getPeers` endpoint now sorts peers in a more stable fashion
+* Upgrade dependencies
+
+### Fixed
+
+* A bug where QUIC listeners could stop listening for incoming connections unexpectedly has been fixed
+* The priority tiebreak between multiple peerings to the same node has been fixed
+* Peer connection ordering is no longer sensitive to poor system time resolution
+* The admin socket now verifies the length of input public keys
+* The `PPROFLISTEN` environment variable has been fixed and now starts the pprof listener correctly
+* A panic in `getPeers` has been fixed when using abstract UNIX sockets on Linux
+
 ## [0.5.4] - 2023-11-27
 
 ### Fixed
@@ -168,7 +209,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ### Changed
 
-* Go 1.17 is now required to build Yggdrasil
+* Go 1.20 is now required to build Yggdrasil
 
 ## [0.4.3] - 2022-02-06
 

README.md

@@ -24,7 +24,7 @@ or tools in the `contrib` folder.
 If you want to build from source, as opposed to installing one of the pre-built
 packages:
 
-1. Install [Go](https://golang.org) (requires Go 1.17 or later)
+1. Install [Go](https://golang.org) (requires Go 1.21 or later)
 2. Clone this repository
 2. Run `./build`
 

cmd/yggdrasil/main.go

@@ -188,7 +188,7 @@ func main() {
 
 	n := &node{}
 
-	// Setup the Yggdrasil node itself.
+	// Set up the Yggdrasil node itself.
 	{
 		options := []core.SetupOption{
 			core.NodeInfo(cfg.NodeInfo),
@@ -221,7 +221,7 @@ func main() {
 		logger.Printf("Your IPv6 subnet is %s", subnet.String())
 	}
 
-	// Setup the admin socket.
+	// Set up the admin socket.
 	{
 		options := []admin.SetupOption{
 			admin.ListenAddress(cfg.AdminListen),
@@ -237,7 +237,7 @@ func main() {
 		}
 	}
 
-	// Setup the multicast module.
+	// Set up the multicast module.
 	{
 		options := []multicast.SetupOption{}
 		for _, intf := range cfg.MulticastInterfaces {
@@ -258,7 +258,7 @@ func main() {
 		}
 	}
 
-	// Setup the TUN module.
+	// Set up the TUN module.
 	{
 		options := []tun.SetupOption{
 			tun.InterfaceName(cfg.IfName),

cmd/yggdrasilctl/main.go

@@ -174,26 +174,29 @@ func run() int {
 		if err := json.Unmarshal(recv.Response, &resp); err != nil {
 			panic(err)
 		}
-		table.SetHeader([]string{"URI", "State", "Dir", "IP Address", "Uptime", "RX", "TX", "Pr", "Last Error"})
+		table.SetHeader([]string{"URI", "State", "Dir", "IP Address", "Uptime", "RTT", "RX", "TX", "Pr", "Last Error"})
 		for _, peer := range resp.Peers {
-			state, lasterr, dir := "Up", "-", "Out"
+			state, lasterr, dir, rtt := "Up", "-", "Out", "-"
 			if !peer.Up {
 				state, lasterr = "Down", fmt.Sprintf("%s ago: %s", peer.LastErrorTime.Round(time.Second), peer.LastError)
+			} else if rttms := float64(peer.Latency.Microseconds()) / 1000; rttms > 0 {
+				rtt = fmt.Sprintf("%.02fms", rttms)
 			}
 			if peer.Inbound {
 				dir = "In"
 			}
-			uri, err := url.Parse(peer.URI)
-			if err != nil {
-				panic(err)
+			uristring := peer.URI
+			if uri, err := url.Parse(peer.URI); err == nil {
+				uri.RawQuery = ""
+				uristring = uri.String()
 			}
-			uri.RawQuery = ""
 			table.Append([]string{
-				uri.String(),
+				uristring,
 				state,
 				dir,
 				peer.IPAddress,
 				(time.Duration(peer.Uptime) * time.Second).String(),
+				rtt,
 				peer.RXBytes.String(),
 				peer.TXBytes.String(),
 				fmt.Sprintf("%d", peer.Priority),

contrib/mobile/mobile.go

@@ -53,7 +53,7 @@ func (m *Yggdrasil) StartJSON(configjson []byte) error {
 	if err := m.config.UnmarshalHJSON(configjson); err != nil {
 		return err
 	}
-	// Setup the Yggdrasil node itself.
+	// Set up the Yggdrasil node itself.
 	{
 		options := []core.SetupOption{}
 		for _, peer := range m.config.Peers {
@@ -85,7 +85,7 @@ func (m *Yggdrasil) StartJSON(configjson []byte) error {
 		logger.Infof("Your IPv6 subnet is %s", subnet.String())
 	}
 
-	// Setup the multicast module.
+	// Set up the multicast module.
 	if len(m.config.MulticastInterfaces) > 0 {
 		var err error
 		logger.Infof("Initializing multicast %s", "")

contrib/msi/build-msi.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 # This script generates an MSI file for Yggdrasil for a given architecture. It
-# needs to run on Windows within MSYS2 and Go 1.17 or later must be installed on
+# needs to run on Windows within MSYS2 and Go 1.21 or later must be installed on
 # the system and within the PATH. This is ran currently by GitHub Actions (see
 # the workflows in the repository).
 #
@@ -16,20 +16,7 @@ then
 fi
 
 # Download the wix tools!
-if [ ! -d wixbin ];
-then
-  curl -LO https://wixtoolset.org/downloads/v3.14.0.3910/wix314-binaries.zip
-  if [ `md5sum wix314-binaries.zip | cut -f 1 -d " "` != "34f655cf108086838dd5a76d4318063b" ];
-  then
-    echo "wix package didn't match expected checksum"
-    exit 1
-  fi
-  mkdir -p wixbin
-  unzip -o wix314-binaries.zip -d wixbin || (
-    echo "failed to unzip WiX"
-    exit 1
-  )
-fi
+dotnet tool install --global wix --version 5.0.0
 
 # Build Yggdrasil!
 [ "${PKGARCH}" == "x64" ] && GOOS=windows GOARCH=amd64 CGO_ENABLED=0 ./build
@@ -61,6 +48,11 @@ PKGVERSIONMS=$(echo $PKGVERSION | tr - .)
 if [ ! -d wintun ];
 then
   curl -o wintun.zip https://www.wintun.net/builds/wintun-0.14.1.zip
+  if [ `sha256sum wintun.zip | cut -f 1 -d " "` != "07c256185d6ee3652e09fa55c0b673e2624b565e02c4b9091c79ca7d2f24ef51" ];
+  then
+    echo "wintun package didn't match expected checksum"
+    exit 1
+  fi
   unzip wintun.zip
 fi
 if [ $PKGARCH = "x64" ]; then
@@ -101,7 +93,7 @@ cat > wix.xml << EOF
       Description="Yggdrasil Network Installer"
       Comments="Yggdrasil Network standalone router for Windows."
       Manufacturer="github.com/yggdrasil-network"
-      InstallerVersion="200"
+      InstallerVersion="500"
       InstallScope="perMachine"
       Languages="1033"
       Compressed="yes"
@@ -205,5 +197,5 @@ EOF
 # Generate the MSI
 CANDLEFLAGS="-nologo"
 LIGHTFLAGS="-nologo -spdb -sice:ICE71 -sice:ICE61"
-wixbin/candle $CANDLEFLAGS -out ${PKGNAME}-${PKGVERSION}-${PKGARCH}.wixobj -arch ${PKGARCH} wix.xml && \
-wixbin/light $LIGHTFLAGS -ext WixUtilExtension.dll -out ${PKGNAME}-${PKGVERSION}-${PKGARCH}.msi ${PKGNAME}-${PKGVERSION}-${PKGARCH}.wixobj
+candle $CANDLEFLAGS -out ${PKGNAME}-${PKGVERSION}-${PKGARCH}.wixobj -arch ${PKGARCH} wix.xml && \
+light $LIGHTFLAGS -ext WixUtilExtension.dll -out ${PKGNAME}-${PKGVERSION}-${PKGARCH}.msi ${PKGNAME}-${PKGVERSION}-${PKGARCH}.wixobj

go.mod

@@ -1,39 +1,39 @@
 module github.com/yggdrasil-network/yggdrasil-go
 
-go 1.20
+go 1.21
 
 require (
-	github.com/Arceliar/ironwood v0.0.0-20231127131626-465b82dfb5bd
+	github.com/Arceliar/ironwood v0.0.0-20240529054413-b8e59574e2b2
 	github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d
 	github.com/cheggaaa/pb/v3 v3.1.4
 	github.com/gologme/log v1.3.0
 	github.com/hashicorp/go-syslog v1.0.0
-	github.com/hjson/hjson-go/v4 v4.3.0
+	github.com/hjson/hjson-go/v4 v4.4.0
 	github.com/kardianos/minwinsvc v1.0.2
-	github.com/quic-go/quic-go v0.39.3
+	github.com/quic-go/quic-go v0.44.0
 	github.com/vishvananda/netlink v1.1.0
-	golang.org/x/crypto v0.14.0
-	golang.org/x/mobile v0.0.0-20231006135142-2b44d11868fe
-	golang.org/x/net v0.17.0
-	golang.org/x/sys v0.13.0
-	golang.org/x/text v0.13.0
+	golang.org/x/crypto v0.23.0
+	golang.org/x/mobile v0.0.0-20240520174638-fa72addaaa1b
+	golang.org/x/net v0.25.0
+	golang.org/x/sys v0.20.0
+	golang.org/x/text v0.15.0
 	golang.zx2c4.com/wireguard v0.0.0-20230223181233-21636207a675
 	golang.zx2c4.com/wireguard/windows v0.5.3
 )
 
 require (
-	github.com/bits-and-blooms/bitset v1.5.0 // indirect
-	github.com/bits-and-blooms/bloom/v3 v3.3.1 // indirect
+	github.com/bits-and-blooms/bitset v1.13.0 // indirect
+	github.com/bits-and-blooms/bloom/v3 v3.7.0 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/onsi/ginkgo/v2 v2.9.5 // indirect
-	github.com/quic-go/qtls-go1-20 v0.3.4 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
-	go.uber.org/mock v0.3.0 // indirect
-	golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect
-	golang.org/x/mod v0.13.0 // indirect
-	golang.org/x/tools v0.14.0 // indirect
+	go.uber.org/mock v0.4.0 // indirect
+	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/tools v0.21.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 )
 

go.sum

@@ -1,14 +1,14 @@
-github.com/Arceliar/ironwood v0.0.0-20231127131626-465b82dfb5bd h1:458tnmZ4zM2gbLtefdYbaxyAJevDNEWu6tLKEqbK4wg=
-github.com/Arceliar/ironwood v0.0.0-20231127131626-465b82dfb5bd/go.mod h1:5x7fWW0mshe9WQ1lvSMmmHBYC3BeHH9gpwW5tz7cbfw=
+github.com/Arceliar/ironwood v0.0.0-20240529054413-b8e59574e2b2 h1:SBdYBKeXYUUFef5wi2CMhYmXFVGiYaRpTvbki0Bu+JQ=
+github.com/Arceliar/ironwood v0.0.0-20240529054413-b8e59574e2b2/go.mod h1:6WP4799FX0OuWdENGQAh+0RXp9FLh0y7NZ7tM9cJyXk=
 github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d h1:UK9fsWbWqwIQkMCz1CP+v5pGbsGoWAw6g4AyvMpm1EM=
 github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d/go.mod h1:BCnxhRf47C/dy/e/D2pmB8NkB3dQVIrkD98b220rx5Q=
 github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
 github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
-github.com/bits-and-blooms/bitset v1.3.1/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
-github.com/bits-and-blooms/bitset v1.5.0 h1:NpE8frKRLGHIcEzkR+gZhiioW1+WbYV6fKwD6ZIpQT8=
-github.com/bits-and-blooms/bitset v1.5.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
-github.com/bits-and-blooms/bloom/v3 v3.3.1 h1:K2+A19bXT8gJR5mU7y+1yW6hsKfNCjcP2uNfLFKncjQ=
-github.com/bits-and-blooms/bloom/v3 v3.3.1/go.mod h1:bhUUknWd5khVbTe4UgMCSiOOVJzr3tMoijSK3WwvW90=
+github.com/bits-and-blooms/bitset v1.10.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
+github.com/bits-and-blooms/bitset v1.13.0 h1:bAQ9OPNFYbGHV6Nez0tmNI0RiEu7/hxlYJRUA0wFAVE=
+github.com/bits-and-blooms/bitset v1.13.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
+github.com/bits-and-blooms/bloom/v3 v3.7.0 h1:VfknkqV4xI+PsaDIsoHueyxVDZrfvMn56jeWUzvzdls=
+github.com/bits-and-blooms/bloom/v3 v3.7.0/go.mod h1:VKlUSvp0lFIYqxJjzdnSsZEw4iHb1kOL2tfHTgyJBHg=
 github.com/cheggaaa/pb/v3 v3.1.4 h1:DN8j4TVVdKu3WxVwcRKu0sG00IIU6FewoABZzXbRQeo=
 github.com/cheggaaa/pb/v3 v3.1.4/go.mod h1:6wVjILNBaXMs8c21qRiaUM8BR82erfgau1DQ4iUXmSA=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
@@ -20,18 +20,21 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
 github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
 github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/gologme/log v1.3.0 h1:l781G4dE+pbigClDSDzSaaYKtiueHCILUa/qSDsmHAo=
 github.com/gologme/log v1.3.0/go.mod h1:yKT+DvIPdDdDoPtqFrFxheooyVmoqi0BAsw+erN3wA4=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=
 github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/hashicorp/go-syslog v1.0.0 h1:KaodqZuhUoZereWVIYmpUgZysurB1kBLX2j0MwMrUAE=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
-github.com/hjson/hjson-go/v4 v4.3.0 h1:dyrzJdqqFGhHt+FSrs5n9s6b0fPM8oSJdWo+oS3YnJw=
-github.com/hjson/hjson-go/v4 v4.3.0/go.mod h1:KaYt3bTw3zhBjYqnXkYywcYctk0A2nxeEFTse3rH13E=
+github.com/hjson/hjson-go/v4 v4.4.0 h1:D/NPvqOCH6/eisTb5/ztuIS8GUvmpHaLOcNk1Bjr298=
+github.com/hjson/hjson-go/v4 v4.4.0/go.mod h1:KaYt3bTw3zhBjYqnXkYywcYctk0A2nxeEFTse3rH13E=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/kardianos/minwinsvc v1.0.2 h1:JmZKFJQrmTGa/WiW+vkJXKmfzdjabuEW4Tirj5lLdR0=
 github.com/kardianos/minwinsvc v1.0.2/go.mod h1:LUZNYhNmxujx2tR7FbdxqYJ9XDDoCd3MQcl1o//FWl4=
@@ -48,12 +51,11 @@ github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6
 github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=
 github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k=
 github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
+github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/quic-go/qtls-go1-20 v0.3.4 h1:MfFAPULvst4yoMgY9QmtpYmfij/em7O8UUi+bNVm7Cg=
-github.com/quic-go/qtls-go1-20 v0.3.4/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k=
-github.com/quic-go/quic-go v0.39.3 h1:o3YB6t2SR+HU/pgwF29kJ6g4jJIJEwEZ8CKia1h1TKg=
-github.com/quic-go/quic-go v0.39.3/go.mod h1:T09QsDQWjLiQ74ZmacDfqZmhY/NLnw5BC40MANNNZ1Q=
+github.com/quic-go/quic-go v0.44.0 h1:So5wOr7jyO4vzL2sd8/pD9Kesciv91zSk8BoFngItQ0=
+github.com/quic-go/quic-go v0.44.0/go.mod h1:z4cx/9Ny9UtGITIPzmPTXh1ULfOyWh4qGQlpnPcWmek=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -67,32 +69,34 @@ github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17
 github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f h1:p4VB7kIXpOQvVn1ZaTIVp+3vuYAXFe3OJEvjbUYJLaA=
 github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.uber.org/mock v0.3.0 h1:3mUxI1No2/60yUYax92Pt8eNOEecx2D3lcXZh2NEZJo=
-go.uber.org/mock v0.3.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
+go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
+go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
-golang.org/x/exp v0.0.0-20221205204356-47842c84f3db h1:D/cFflL63o2KSLJIwjlcIt8PR064j/xsmdEJL/YvY/o=
-golang.org/x/exp v0.0.0-20221205204356-47842c84f3db/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
-golang.org/x/mobile v0.0.0-20231006135142-2b44d11868fe h1:lrXv4yHeD9FA8PSJATWowP1QvexpyAPWmPia+Kbzql8=
-golang.org/x/mobile v0.0.0-20231006135142-2b44d11868fe/go.mod h1:BrnXpEObnFxpaT75Jo9hsCazwOWcp7nVIa8NNuH5cuA=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=
+golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
+golang.org/x/mobile v0.0.0-20240520174638-fa72addaaa1b h1:WX7nnnLfCEXg+FmdYZPai2XuP3VqCP1HZVMST0n9DF0=
+golang.org/x/mobile v0.0.0-20240520174638-fa72addaaa1b/go.mod h1:EiXZlVfUTaAyySFVJb9rsODuiO+WXu8HrUuySb7nYFw=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
-golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -104,26 +108,32 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
-golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
+golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw=
+golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
@@ -132,6 +142,8 @@ golang.zx2c4.com/wireguard v0.0.0-20230223181233-21636207a675/go.mod h1:whfbyDBt
 golang.zx2c4.com/wireguard/windows v0.5.3 h1:On6j2Rpn3OEMXqBq00QEDC7bWSZrPIHKIus8eIuExIE=
 golang.zx2c4.com/wireguard/windows v0.5.3/go.mod h1:9TEe8TJmtwyQebdFwAkEWOPr3prrtqm+REGFifP60hI=
 google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

src/admin/getpeers.go

@@ -24,11 +24,13 @@ type PeerEntry struct {
 	PublicKey     string        `json:"key"`
 	Port          uint64        `json:"port"`
 	Priority      uint64        `json:"priority"`
+	Multipath     bool          `json:"multipath,omitempty"`
 	RXBytes       DataUnit      `json:"bytes_recvd,omitempty"`
 	TXBytes       DataUnit      `json:"bytes_sent,omitempty"`
 	Uptime        float64       `json:"uptime,omitempty"`
-	LastError     string        `json:"last_error,omitempty"`
+	Latency       time.Duration `json:"latency_ms,omitempty"`
 	LastErrorTime time.Duration `json:"last_error_time,omitempty"`
+	LastError     string        `json:"last_error,omitempty"`
 }
 
 func (a *AdminSocket) getPeersHandler(req *GetPeersRequest, res *GetPeersResponse) error {
@@ -36,14 +38,18 @@ func (a *AdminSocket) getPeersHandler(req *GetPeersRequest, res *GetPeersRespons
 	res.Peers = make([]PeerEntry, 0, len(peers))
 	for _, p := range peers {
 		peer := PeerEntry{
-			Port:     p.Port,
-			Up:       p.Up,
-			Inbound:  p.Inbound,
-			Priority: uint64(p.Priority), // can't be uint8 thanks to gobind
-			URI:      p.URI,
-			RXBytes:  DataUnit(p.RXBytes),
-			TXBytes:  DataUnit(p.TXBytes),
-			Uptime:   p.Uptime.Seconds(),
+			Port:      p.Port,
+			Up:        p.Up,
+			Inbound:   p.Inbound,
+			Priority:  uint64(p.Priority), // can't be uint8 thanks to gobind
+			Multipath: p.Multipath,
+			URI:       p.URI,
+			RXBytes:   DataUnit(p.RXBytes),
+			TXBytes:   DataUnit(p.TXBytes),
+			Uptime:    p.Uptime.Seconds(),
+		}
+		if p.Latency > 0 {
+			peer.Latency = p.Latency
 		}
 		if addr := address.AddrForKey(p.Key); addr != nil {
 			peer.PublicKey = hex.EncodeToString(p.Key)
@@ -56,10 +62,16 @@ func (a *AdminSocket) getPeersHandler(req *GetPeersRequest, res *GetPeersRespons
 		res.Peers = append(res.Peers, peer)
 	}
 	sort.Slice(res.Peers, func(i, j int) bool {
-		if res.Peers[i].Port == res.Peers[j].Port {
-			return res.Peers[i].Priority < res.Peers[j].Priority
+		if res.Peers[i].Inbound == res.Peers[j].Inbound {
+			if res.Peers[i].PublicKey == res.Peers[j].PublicKey {
+				if res.Peers[i].Priority == res.Peers[j].Priority {
+					return res.Peers[i].Uptime > res.Peers[j].Uptime
+				}
+				return res.Peers[i].Priority < res.Peers[j].Priority
+			}
+			return res.Peers[i].PublicKey < res.Peers[j].PublicKey
 		}
-		return res.Peers[i].Port < res.Peers[j].Port
+		return !res.Peers[i].Inbound && res.Peers[j].Inbound
 	})
 	return nil
 }

src/config/config.go

@@ -51,9 +51,9 @@ type NodeConfig struct {
 	AllowedPublicKeys   []string                   `comment:"List of peer public keys to allow incoming peering connections\nfrom. If left empty/undefined then all connections will be allowed\nby default. This does not affect outgoing peerings, nor does it\naffect link-local peers discovered via multicast."`
 	IfName              string                     `comment:"Local network interface name for TUN adapter, or \"auto\" to select\nan interface automatically, or \"none\" to run without TUN."`
 	IfMTU               uint64                     `comment:"Maximum Transmission Unit (MTU) size for your local TUN interface.\nDefault is the largest supported size for your platform. The lowest\npossible value is 1280."`
+	LogLookups          bool                       `json:",omitempty"`
 	NodeInfoPrivacy     bool                       `comment:"By default, nodeinfo contains some defaults including the platform,\narchitecture and Yggdrasil version. These can help when surveying\nthe network and diagnosing network routing problems. Enabling\nnodeinfo privacy prevents this, so that only items specified in\n\"NodeInfo\" are sent back if specified."`
 	NodeInfo            map[string]interface{}     `comment:"Optional node info. This must be a { \"key\": \"value\", ... } map\nor set as null. This is entirely optional but, if set, is visible\nto the whole network on request."`
-	LogLookups          bool                       `json:",omitempty"`
 }
 
 type MulticastInterfaceConfig struct {

src/core/api.go

@@ -30,9 +30,11 @@ type PeerInfo struct {
 	Coords        []uint64
 	Port          uint64
 	Priority      uint8
+	Multipath     bool
 	RXBytes       uint64
 	TXBytes       uint64
 	Uptime        time.Duration
+	Latency       time.Duration
 }
 
 type TreeEntryInfo struct {
@@ -86,12 +88,14 @@ func (c *Core) GetPeers() []PeerInfo {
 				peerinfo.RXBytes = atomic.LoadUint64(&c.rx)
 				peerinfo.TXBytes = atomic.LoadUint64(&c.tx)
 				peerinfo.Uptime = time.Since(c.up)
+				peerinfo.Multipath = isMPTCP(c)
 			}
 			if p, ok := conns[conn]; ok {
 				peerinfo.Key = p.Key
 				peerinfo.Root = p.Root
 				peerinfo.Port = p.Port
 				peerinfo.Priority = p.Priority
+				peerinfo.Latency = p.Latency
 			}
 			peers = append(peers, peerinfo)
 		}

src/core/core.go

@@ -212,7 +212,7 @@ func (c *Core) ReadFrom(p []byte) (n int, from net.Addr, err error) {
 
 func (c *Core) WriteTo(p []byte, addr net.Addr) (n int, err error) {
 	buf := allocBytes(0)
-	defer freeBytes(buf)
+	defer func() { freeBytes(buf) }()
 	buf = append(buf, typeSessionTraffic)
 	buf = append(buf, p...)
 	n, err = c.PacketConn.WriteTo(buf, addr)

src/core/debug.go

@@ -12,6 +12,8 @@ func init() {
 	envVarName := "PPROFLISTEN"
 	if hostPort := os.Getenv(envVarName); hostPort != "" {
 		fmt.Fprintf(os.Stderr, "DEBUG: Starting pprof on %s\n", hostPort)
-		go fmt.Println(http.ListenAndServe(hostPort, nil))
+		go func() {
+			fmt.Fprintf(os.Stderr, "DEBUG: %s", http.ListenAndServe(hostPort, nil))
+		}()
 	}
 }

src/core/link.go

@@ -6,7 +6,6 @@ import (
 	"encoding/hex"
 	"fmt"
 	"io"
-	"math"
 	"net"
 	"net/netip"
 	"net/url"
@@ -28,6 +27,9 @@ const (
 	linkTypeIncoming                   // Incoming connection
 )
 
+const defaultBackoffLimit = time.Second << 12 // 1h8m16s
+const minimumBackoffLimit = time.Second * 30
+
 type links struct {
 	phony.Inbox
 	core  *Core
@@ -42,7 +44,7 @@ type links struct {
 
 type linkProtocol interface {
 	dial(ctx context.Context, url *url.URL, info linkInfo, options linkOptions) (net.Conn, error)
-	listen(ctx context.Context, url *url.URL, sintf string) (net.Listener, error)
+	listen(ctx context.Context, url *url.URL, sintf string, options linkOptions) (net.Listener, error)
 }
 
 // linkInfo is used as a map key
@@ -61,7 +63,7 @@ type link struct {
 	// The remaining fields can only be modified safely from within the links actor
 	_conn    *linkConn // Connected link, if any, nil if not connected
 	_err     error     // Last error on the connection, if any
-	_errtime time.Time // Last time an error occured
+	_errtime time.Time // Last time an error occurred
 }
 
 type linkOptions struct {
@@ -69,6 +71,8 @@ type linkOptions struct {
 	priority          uint8
 	tlsSNI            string
 	password          []byte
+	maxBackoff        time.Duration
+	multipath         bool
 }
 
 type Listener struct {
@@ -136,6 +140,8 @@ const ErrLinkPriorityInvalid = linkError("priority value is invalid")
 const ErrLinkPinnedKeyInvalid = linkError("pinned public key is invalid")
 const ErrLinkPasswordInvalid = linkError("password is invalid")
 const ErrLinkUnrecognisedSchema = linkError("link schema unknown")
+const ErrLinkMaxBackoffInvalid = linkError("max backoff duration invalid")
+const ErrLinkMultipathInvalid = linkError("multipath invalid")
 
 func (l *links) add(u *url.URL, sintf string, linkType linkType) error {
 	var retErr error
@@ -150,7 +156,9 @@ func (l *links) add(u *url.URL, sintf string, linkType linkType) error {
 
 		// Collect together the link options, these are global options
 		// that are not specific to any given protocol.
-		var options linkOptions
+		options := linkOptions{
+			maxBackoff: defaultBackoffLimit,
+		}
 		for _, pubkey := range u.Query()["key"] {
 			sigPub, err := hex.DecodeString(pubkey)
 			if err != nil {
@@ -179,6 +187,25 @@ func (l *links) add(u *url.URL, sintf string, linkType linkType) error {
 			}
 			options.password = []byte(p)
 		}
+		if p := u.Query().Get("maxbackoff"); p != "" {
+			d, err := time.ParseDuration(p)
+			if err != nil || d < minimumBackoffLimit {
+				retErr = ErrLinkMaxBackoffInvalid
+				return
+			}
+			options.maxBackoff = d
+		}
+		if p := u.Query().Get("multipath"); p != "" {
+			switch p {
+			case "true", "1":
+				options.multipath = true
+			case "false", "0":
+				options.multipath = false
+			default:
+				retErr = ErrLinkMultipathInvalid
+				return
+			}
+		}
 		// SNI headers must contain hostnames and not IP addresses, so we must make sure
 		// that we do not populate the SNI with an IP literal. We do this by splitting
 		// the host-port combo from the query option and then seeing if it parses to an
@@ -235,10 +262,13 @@ func (l *links) add(u *url.URL, sintf string, linkType linkType) error {
 		// The caller should check the return value to decide whether
 		// or not to give up trying.
 		backoffNow := func() bool {
-			if backoff < 14 { // Cap at roughly 4.5 hours maximum.
+			if backoff < 32 {
 				backoff++
 			}
-			duration := time.Second * time.Duration(math.Exp2(float64(backoff)))
+			duration := time.Second << backoff
+			if duration > options.maxBackoff {
+				duration = options.maxBackoff
+			}
 			select {
 			case <-state.kick:
 				return true
@@ -362,7 +392,7 @@ func (l *links) add(u *url.URL, sintf string, linkType linkType) error {
 	return retErr
 }
 
-func (l *links) remove(u *url.URL, sintf string, linkType linkType) error {
+func (l *links) remove(u *url.URL, sintf string, _ linkType) error {
 	var retErr error
 	phony.Block(l, func() {
 		// Generate the link info and see whether we think we already
@@ -405,7 +435,36 @@ func (l *links) listen(u *url.URL, sintf string) (*Listener, error) {
 		cancel()
 		return nil, ErrLinkUnrecognisedSchema
 	}
-	listener, err := protocol.listen(ctx, u, sintf)
+
+	var options linkOptions
+	if p := u.Query().Get("priority"); p != "" {
+		pi, err := strconv.ParseUint(p, 10, 8)
+		if err != nil {
+			cancel()
+			return nil, ErrLinkPriorityInvalid
+		}
+		options.priority = uint8(pi)
+	}
+	if p := u.Query().Get("password"); p != "" {
+		if len(p) > blake2b.Size {
+			cancel()
+			return nil, ErrLinkPasswordInvalid
+		}
+		options.password = []byte(p)
+	}
+	if p := u.Query().Get("multipath"); p != "" {
+		switch p {
+		case "true", "1":
+			options.multipath = true
+		case "false", "0":
+			options.multipath = false
+		default:
+			cancel()
+			return nil, ErrLinkMultipathInvalid
+		}
+	}
+
+	listener, err := protocol.listen(ctx, u, sintf, options)
 	if err != nil {
 		cancel()
 		return nil, err
@@ -416,21 +475,6 @@ func (l *links) listen(u *url.URL, sintf string) (*Listener, error) {
 		Cancel:   cancel,
 	}
 
-	var options linkOptions
-	if p := u.Query().Get("priority"); p != "" {
-		pi, err := strconv.ParseUint(p, 10, 8)
-		if err != nil {
-			return nil, ErrLinkPriorityInvalid
-		}
-		options.priority = uint8(pi)
-	}
-	if p := u.Query().Get("password"); p != "" {
-		if len(p) > blake2b.Size {
-			return nil, ErrLinkPasswordInvalid
-		}
-		options.password = []byte(p)
-	}
-
 	go func() {
 		l.core.log.Infof("%s listener started on %s", strings.ToUpper(u.Scheme), listener.Addr())
 		defer l.core.log.Infof("%s listener stopped on %s", strings.ToUpper(u.Scheme), listener.Addr())
@@ -550,7 +594,7 @@ func (l *links) handler(linkType linkType, options linkOptions, conn net.Conn, s
 	switch {
 	case err != nil:
 		return fmt.Errorf("write handshake: %w", err)
-	case err == nil && n != len(metaBytes):
+	case n != len(metaBytes):
 		return fmt.Errorf("incomplete handshake send")
 	}
 	meta = version_metadata{}

src/core/link_quic.go

@@ -3,6 +3,7 @@ package core
 import (
 	"context"
 	"crypto/tls"
+	"fmt"
 	"net"
 	"net/url"
 	"time"
@@ -64,7 +65,7 @@ func (l *linkQUIC) dial(ctx context.Context, url *url.URL, info linkInfo, option
 	}, nil
 }
 
-func (l *linkQUIC) listen(ctx context.Context, url *url.URL, _ string) (net.Listener, error) {
+func (l *linkQUIC) listen(ctx context.Context, url *url.URL, _ string, _ linkOptions) (net.Listener, error) {
 	ql, err := quic.ListenAddr(url.Host, l.tlsconfig, l.quicconfig)
 	if err != nil {
 		return nil, err
@@ -77,18 +78,22 @@ func (l *linkQUIC) listen(ctx context.Context, url *url.URL, _ string) (net.List
 	go func() {
 		for {
 			qc, err := ql.Accept(ctx)
-			if err != nil {
+			switch err {
+			case context.Canceled, context.DeadlineExceeded:
 				ql.Close()
+				fallthrough
+			case quic.ErrServerClosed:
 				return
-			}
-			qs, err := qc.AcceptStream(ctx)
-			if err != nil {
-				ql.Close()
-				return
-			}
-			ch <- &linkQUICStream{
-				Connection: qc,
-				Stream:     qs,
+			case nil:
+				qs, err := qc.AcceptStream(ctx)
+				if err != nil {
+					_ = qc.CloseWithError(1, fmt.Sprintf("stream error: %s", err))
+					continue
+				}
+				ch <- &linkQUICStream{
+					Connection: qc,
+					Stream:     qs,
+				}
 			}
 		}
 	}()

src/core/link_socks.go

@@ -47,6 +47,6 @@ func (l *linkSOCKS) dial(_ context.Context, url *url.URL, info linkInfo, options
 	return conn, nil
 }
 
-func (l *linkSOCKS) listen(ctx context.Context, url *url.URL, _ string) (net.Listener, error) {
+func (l *linkSOCKS) listen(ctx context.Context, url *url.URL, _ string, _ linkOptions) (net.Listener, error) {
 	return nil, fmt.Errorf("SOCKS listener not supported")
 }

src/core/link_tcp.go

@@ -36,7 +36,7 @@ type tcpDialer struct {
 	addr   *net.TCPAddr
 }
 
-func (l *linkTCP) dialersFor(url *url.URL, info linkInfo) ([]*tcpDialer, error) {
+func (l *linkTCP) dialersFor(url *url.URL, info linkInfo, options linkOptions) ([]*tcpDialer, error) {
 	host, p, err := net.SplitHostPort(url.Host)
 	if err != nil {
 		return nil, err
@@ -55,7 +55,7 @@ func (l *linkTCP) dialersFor(url *url.URL, info linkInfo) ([]*tcpDialer, error)
 			IP:   ip,
 			Port: port,
 		}
-		dialer, err := l.dialerFor(addr, info.sintf)
+		dialer, err := l.dialerFor(addr, info.sintf, options.multipath)
 		if err != nil {
 			continue
 		}
@@ -69,7 +69,7 @@ func (l *linkTCP) dialersFor(url *url.URL, info linkInfo) ([]*tcpDialer, error)
 }
 
 func (l *linkTCP) dial(ctx context.Context, url *url.URL, info linkInfo, options linkOptions) (net.Conn, error) {
-	dialers, err := l.dialersFor(url, info)
+	dialers, err := l.dialersFor(url, info, options)
 	if err != nil {
 		return nil, err
 	}
@@ -88,17 +88,21 @@ func (l *linkTCP) dial(ctx context.Context, url *url.URL, info linkInfo, options
 	return nil, err
 }
 
-func (l *linkTCP) listen(ctx context.Context, url *url.URL, sintf string) (net.Listener, error) {
+func (l *linkTCP) listen(ctx context.Context, url *url.URL, sintf string, options linkOptions) (net.Listener, error) {
 	hostport := url.Host
 	if sintf != "" {
 		if host, port, err := net.SplitHostPort(hostport); err == nil {
 			hostport = fmt.Sprintf("[%s%%%s]:%s", host, sintf, port)
 		}
 	}
-	return l.listenconfig.Listen(ctx, "tcp", hostport)
+	lc := *l.listenconfig
+	if options.multipath {
+		setMPTCPForListener(&lc)
+	}
+	return lc.Listen(ctx, "tcp", hostport)
 }
 
-func (l *linkTCP) dialerFor(dst *net.TCPAddr, sintf string) (*net.Dialer, error) {
+func (l *linkTCP) dialerFor(dst *net.TCPAddr, sintf string, mptcp bool) (*net.Dialer, error) {
 	if dst.IP.IsLinkLocalUnicast() {
 		if sintf != "" {
 			dst.Zone = sintf
@@ -112,6 +116,9 @@ func (l *linkTCP) dialerFor(dst *net.TCPAddr, sintf string) (*net.Dialer, error)
 		KeepAlive: -1,
 		Control:   l.tcpContext,
 	}
+	if mptcp {
+		setMPTCPForDialer(dialer)
+	}
 	if sintf != "" {
 		dialer.Control = l.getControl(sintf)
 		ief, err := net.InterfaceByName(sintf)

src/core/link_tcp_mptcp.go

@@ -0,0 +1,30 @@
+package core
+
+import (
+	"crypto/tls"
+	"net"
+)
+
+func setMPTCPForDialer(d *net.Dialer) {
+	d.SetMultipathTCP(true)
+}
+
+func setMPTCPForListener(lc *net.ListenConfig) {
+	lc.SetMultipathTCP(true)
+}
+
+func isMPTCP(c net.Conn) bool {
+	switch tc := c.(type) {
+	case *net.TCPConn:
+		mp, _ := tc.MultipathTCP()
+		return mp
+	case *tls.Conn:
+		if tc, ok := tc.NetConn().(*net.TCPConn); ok {
+			mp, _ := tc.MultipathTCP()
+			return mp
+		}
+		return false
+	default:
+		return false
+	}
+}

src/core/link_tls.go

@@ -3,7 +3,6 @@ package core
 import (
 	"context"
 	"crypto/tls"
-	"fmt"
 	"net"
 	"net/url"
 
@@ -34,7 +33,7 @@ func (l *links) newLinkTLS(tcp *linkTCP) *linkTLS {
 }
 
 func (l *linkTLS) dial(ctx context.Context, url *url.URL, info linkInfo, options linkOptions) (net.Conn, error) {
-	dialers, err := l.tcp.dialersFor(url, info)
+	dialers, err := l.tcp.dialersFor(url, info, options)
 	if err != nil {
 		return nil, err
 	}
@@ -58,17 +57,10 @@ func (l *linkTLS) dial(ctx context.Context, url *url.URL, info linkInfo, options
 	return nil, err
 }
 
-func (l *linkTLS) listen(ctx context.Context, url *url.URL, sintf string) (net.Listener, error) {
-	hostport := url.Host
-	if sintf != "" {
-		if host, port, err := net.SplitHostPort(hostport); err == nil {
-			hostport = fmt.Sprintf("[%s%%%s]:%s", host, sintf, port)
-		}
-	}
-	listener, err := l.listener.Listen(ctx, "tcp", hostport)
+func (l *linkTLS) listen(ctx context.Context, url *url.URL, sintf string, options linkOptions) (net.Listener, error) {
+	listener, err := l.tcp.listen(ctx, url, sintf, options)
 	if err != nil {
 		return nil, err
 	}
-	tlslistener := tls.NewListener(listener, l.config)
-	return tlslistener, nil
+	return tls.NewListener(listener, l.config), nil
 }

src/core/link_unix.go

@@ -40,6 +40,6 @@ func (l *linkUNIX) dial(ctx context.Context, url *url.URL, info linkInfo, option
 	return l.dialer.DialContext(ctx, "unix", addr.String())
 }
 
-func (l *linkUNIX) listen(ctx context.Context, url *url.URL, _ string) (net.Listener, error) {
+func (l *linkUNIX) listen(ctx context.Context, url *url.URL, _ string, _ linkOptions) (net.Listener, error) {
 	return l.listener.Listen(ctx, "unix", url.Path)
 }

src/core/proto.go

@@ -251,15 +251,16 @@ func (p *protoHandler) getSelfHandler(in json.RawMessage) (interface{}, error) {
 	if kbs, err = hex.DecodeString(req.Key); err != nil {
 		return nil, err
 	}
+	if len(kbs) != ed25519.PublicKeySize {
+		return nil, fmt.Errorf("invalid public key length")
+	}
 	copy(key[:], kbs)
 	ch := make(chan []byte, 1)
 	p.sendGetSelfRequest(key, func(info []byte) {
 		ch <- info
 	})
-	timer := time.NewTimer(6 * time.Second)
-	defer timer.Stop()
 	select {
-	case <-timer.C:
+	case <-time.After(6 * time.Second):
 		return nil, errors.New("timeout")
 	case info := <-ch:
 		var msg json.RawMessage
@@ -291,15 +292,16 @@ func (p *protoHandler) getPeersHandler(in json.RawMessage) (interface{}, error)
 	if kbs, err = hex.DecodeString(req.Key); err != nil {
 		return nil, err
 	}
+	if len(kbs) != ed25519.PublicKeySize {
+		return nil, fmt.Errorf("invalid public key length")
+	}
 	copy(key[:], kbs)
 	ch := make(chan []byte, 1)
 	p.sendGetPeersRequest(key, func(info []byte) {
 		ch <- info
 	})
-	timer := time.NewTimer(6 * time.Second)
-	defer timer.Stop()
 	select {
-	case <-timer.C:
+	case <-time.After(6 * time.Second):
 		return nil, errors.New("timeout")
 	case info := <-ch:
 		ks := make(map[string][]string)
@@ -341,15 +343,16 @@ func (p *protoHandler) getTreeHandler(in json.RawMessage) (interface{}, error) {
 	if kbs, err = hex.DecodeString(req.Key); err != nil {
 		return nil, err
 	}
+	if len(kbs) != ed25519.PublicKeySize {
+		return nil, fmt.Errorf("invalid public key length")
+	}
 	copy(key[:], kbs)
 	ch := make(chan []byte, 1)
 	p.sendGetTreeRequest(key, func(info []byte) {
 		ch <- info
 	})
-	timer := time.NewTimer(6 * time.Second)
-	defer timer.Stop()
 	select {
-	case <-timer.C:
+	case <-time.After(6 * time.Second):
 		return nil, errors.New("timeout")
 	case info := <-ch:
 		ks := make(map[string][]string)

src/multicast/multicast.go

@@ -358,6 +358,7 @@ func (m *Multicast) _announce() {
 			if linfo.interval.Seconds() < 15 {
 				linfo.interval += time.Second
 			}
+			linfo.time = time.Now()
 			break
 		}
 	}