Update ironwood dependency (temporary replace)

Link cost-aware routing
2025-08-27 00:57:45 +00:00 · 2024-07-24 18:28:08 +01:00 · 2024-07-24 18:28:08 +01:00
39 changed files with 297 additions and 634 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -17,10 +17,10 @@ jobs:
    steps:
      - uses: actions/setup-go@v5
        with:
-          go-version: stable
+          go-version: 1.21
      - uses: actions/checkout@v4
      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v6
+        uses: golangci/golangci-lint-action@v3
        with:
          args: --issues-exit-code=1

@@ -51,7 +51,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        goversion: ["1.21", "1.22", "1.23"]
+        goversion: ["1.21", "1.22"]

    name: Build & Test (Linux, Go ${{ matrix.goversion }})
    needs: [lint]
@@ -75,7 +75,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        goversion: ["1.21", "1.22", "1.23"]
+        goversion: ["1.21", "1.22"]

    name: Build & Test (Windows, Go ${{ matrix.goversion }})
    needs: [lint]
@@ -99,7 +99,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        goversion: ["1.21", "1.22", "1.23"]
+        goversion: ["1.21", "1.22"]

    name: Build & Test (macOS, Go ${{ matrix.goversion }})
    needs: [lint]
@@ -123,7 +123,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        goversion: ["1.21", "1.22", "1.23"]
+        goversion: ["1.21", "1.22"]
        goos:
          - freebsd
          - openbsd
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -2,10 +2,9 @@ run:
  build-tags:
    - lint
  issues-exit-code: 0 # TODO: change this to 1 when we want it to fail builds
-issues:
-  exclude-dirs:
+  skip-dirs:
    - contrib/
    - misc/
 linters:
  disable:
-    - gocyclo
+    - gocyclo
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,57 +26,6 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - in case of vulnerabilities.
 -->

-## [0.5.9] - 2024-10-19
-
-### Added
-
-* New command line option `-user` for changing the process UID/GID
-
-### Changed
-
-* The routing algorithm has been updated with RTT-aware link costing, which should prefer lower latency links over higher latency links where possible
-  * The calculated cost is an average of the link RTT, but newly established links are costed higher to begin with, such that unstable peerings can be avoided
-  * Link costs are only used where multiple next-hops are available and will be ignored if there is only one loop-free path to the destination
-  * This is protocol-compatible with existing v0.5.x nodes but will have the best results when peering with nodes that are also running the latest version
-  * The `getPeers` endpoint will now report the calculated link cost for each given peer
-* Upgrade dependencies
-
-### Fixed
-
-* Multicast discovery should now work again when building Yggdrasil as an Android framework
-* Multicast discovery will now correctly ignore interfaces that are not marked as running
-* Ephemeral links, such as those added by multicast, will no longer try to reconnect in a fast loop, fixing a high CPU issue
-* The TUN interface will no longer stop working when hitting a segment read error from vectorised reads
-* The `AllowedPublicKeys` option will once again no longer apply to multicast peerings, as was originally intended
-* A potential panic when shutting down peering links has been fixed
-* A redundant system call for setting MTU on OpenBSD has been removed
-
-## [0.5.8] - 2024-08-12
-
-### Fixed
-
-* A bug which caused startup problems on Windows and FreeBSD should be fixed
-* Resolved some minor link state and listener management bugs during shutdown
-
-## [0.5.7] - 2024-08-05
-
-### Added
-
-* WebSocket support for peerings, by using the new `ws://` scheme in `Listen` and `Peers`
-  * Additionally, the `wss://` scheme can be used to connect to a WebSocket peer behind a HTTPS reverse proxy
-
-### Changed
-
-* On Linux, the TUN adapter now uses vectorised reads/writes where possible, which should reduce the amount of CPU time spent on syscalls and potentially improve throughput
-* Link error handling has been improved and various link error messages have been rewritten to be clearer
-* Upgrade dependencies
-
-### Fixed
-
-* Multiple multicast connections to the same remote machine should now work correctly
-  * You may get two connections in some cases, one inbound and one outbound, this is known and will not cause problems
-* Running as a Windows service should be more reliable with service startup and shutdown bugs fixed
-
 ## [0.5.6] - 2024-05-30

 * Go 1.21 is now required to build Yggdrasil
--- a/cmd/yggdrasil/chuser_other.go
+++ b/cmd/yggdrasil/chuser_other.go
@@ -1,10 +0,0 @@
-//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris
-// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris
-
-package main
-
-import "errors"
-
-func chuser(user string) error {
-	return errors.New("setting uid/gid is not supported on this platform")
-}
--- a/cmd/yggdrasil/chuser_unix.go
+++ b/cmd/yggdrasil/chuser_unix.go
@@ -1,87 +0,0 @@
-//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
-
-package main
-
-import (
-	"errors"
-	"fmt"
-	"math"
-	osuser "os/user"
-	"strconv"
-	"strings"
-	"syscall"
-)
-
-func chuser(user string) error {
-	group := ""
-	if i := strings.IndexByte(user, ':'); i >= 0 {
-		user, group = user[:i], user[i+1:]
-	}
-
-	u := (*osuser.User)(nil)
-	g := (*osuser.Group)(nil)
-
-	if user != "" {
-		if _, err := strconv.ParseUint(user, 10, 32); err == nil {
-			u, err = osuser.LookupId(user)
-			if err != nil {
-				return fmt.Errorf("failed to lookup user by id %q: %v", user, err)
-			}
-		} else {
-			u, err = osuser.Lookup(user)
-			if err != nil {
-				return fmt.Errorf("failed to lookup user by name %q: %v", user, err)
-			}
-		}
-	}
-	if group != "" {
-		if _, err := strconv.ParseUint(group, 10, 32); err == nil {
-			g, err = osuser.LookupGroupId(group)
-			if err != nil {
-				return fmt.Errorf("failed to lookup group by id %q: %v", user, err)
-			}
-		} else {
-			g, err = osuser.LookupGroup(group)
-			if err != nil {
-				return fmt.Errorf("failed to lookup group by name %q: %v", user, err)
-			}
-		}
-	}
-
-	if g != nil {
-		gid, _ := strconv.ParseUint(g.Gid, 10, 32)
-		var err error
-		if gid < math.MaxInt {
-			err = syscall.Setgid(int(gid))
-		} else {
-			err = errors.New("gid too big")
-		}
-
-		if err != nil {
-			return fmt.Errorf("failed to setgid %d: %v", gid, err)
-		}
-	} else if u != nil {
-		gid, _ := strconv.ParseUint(u.Gid, 10, 32)
-		err := syscall.Setgid(int(uint32(gid)))
-		if err != nil {
-			return fmt.Errorf("failed to setgid %d: %v", gid, err)
-		}
-	}
-
-	if u != nil {
-		uid, _ := strconv.ParseUint(u.Uid, 10, 32)
-		var err error
-		if uid < math.MaxInt {
-			err = syscall.Setuid(int(uid))
-		} else {
-			err = errors.New("uid too big")
-		}
-
-		if err != nil {
-			return fmt.Errorf("failed to setuid %d: %v", uid, err)
-		}
-	}
-
-	return nil
-}
--- a/cmd/yggdrasil/main.go
+++ b/cmd/yggdrasil/main.go
@@ -52,15 +52,14 @@ func main() {
 	getsnet := flag.Bool("subnet", false, "use in combination with either -useconf or -useconffile, outputs your IPv6 subnet")
 	getpkey := flag.Bool("publickey", false, "use in combination with either -useconf or -useconffile, outputs your public key")
 	loglevel := flag.String("loglevel", "info", "loglevel to enable")
-	chuserto := flag.String("user", "", "user (and, optionally, group) to set UID/GID to")
 	flag.Parse()

-	done := make(chan struct{})
-	defer close(done)
-
 	// Catch interrupts from the operating system to exit gracefully.
 	ctx, cancel := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)

+	// Capture the service being stopped on Windows.
+	minwinsvc.SetOnExit(cancel)
+
 	// Create a new logger that logs output to stdout.
 	var logger *log.Logger
 	switch *logto {
@@ -248,6 +247,7 @@ func main() {
 				Listen:   intf.Listen,
 				Port:     intf.Port,
 				Priority: uint8(intf.Priority),
+				Cost:     uint8(intf.Cost),
 				Password: intf.Password,
 			})
 		}
@@ -273,22 +273,6 @@ func main() {
 		}
 	}

-	//Windows service shutdown
-	minwinsvc.SetOnExit(func() {
-		logger.Infof("Shutting down service ...")
-		cancel()
-		// Wait for all parts to shutdown properly
-		<-done
-	})
-
-	// Change user if requested
-	if *chuserto != "" {
-		err = chuser(*chuserto)
-		if err != nil {
-			panic(err)
-		}
-	}
-
 	// Block until we are told to shut down.
 	<-ctx.Done()

--- a/cmd/yggdrasilctl/cmd_line_env.go
+++ b/cmd/yggdrasilctl/cmd_line_env.go
@@ -38,6 +38,7 @@ func (cmdLineEnv *CmdLineEnv) parseFlagsAndArgs() {
 		fmt.Println("Examples:")
 		fmt.Println("  - ", os.Args[0], "list")
 		fmt.Println("  - ", os.Args[0], "getPeers")
+		fmt.Println("  - ", os.Args[0], "setTunTap name=auto mtu=1500 tap_mode=false")
 		fmt.Println("  - ", os.Args[0], "-endpoint=tcp://localhost:9001 getPeers")
 		fmt.Println("  - ", os.Args[0], "-endpoint=unix:///var/run/ygg.sock getPeers")
 	}
--- a/contrib/mobile/build
+++ b/contrib/mobile/build
@@ -7,7 +7,6 @@ set -ef
 PKGSRC=${PKGSRC:-github.com/yggdrasil-network/yggdrasil-go/src/version}
 PKGNAME=${PKGNAME:-$(sh contrib/semver/name.sh)}
 PKGVER=${PKGVER:-$(sh contrib/semver/version.sh --bare)}
-GOVER=$(go version | { read _ _ version _; echo ${version#go}; })

 LDFLAGS="-X $PKGSRC.buildName=$PKGNAME -X $PKGSRC.buildVersion=$PKGVER"
 ARGS="-v"
@@ -34,15 +33,6 @@ if [ ! $IOS ] && [ ! $ANDROID ]; then
  exit 1
 fi

-ver_le() {
-    printf "$1\n$2\n" | sort -VC
-}
-
-if [ $ANDROID ] && ver_le 1.23.0 $GOVER ; then
-    # github.com/wlynxg/anet library relies on //go:linkname
-    LDFLAGS="$LDFLAGS -checklinkname=0"
-fi
-
 if [ $IOS ]; then
  echo "Building framework for iOS"
  go get golang.org/x/mobile/bind
--- a/contrib/mobile/mobile.go
+++ b/contrib/mobile/mobile.go
@@ -15,6 +15,8 @@ import (
 	"github.com/yggdrasil-network/yggdrasil-go/src/multicast"
 	"github.com/yggdrasil-network/yggdrasil-go/src/tun"
 	"github.com/yggdrasil-network/yggdrasil-go/src/version"
+
+	_ "golang.org/x/mobile/bind"
 )

 // Yggdrasil mobile package is meant to "plug the gap" for mobile support, as
@@ -95,6 +97,7 @@ func (m *Yggdrasil) StartJSON(configjson []byte) error {
 				Listen:   intf.Listen,
 				Port:     intf.Port,
 				Priority: uint8(intf.Priority),
+				Cost:     uint8(intf.Cost),
 				Password: intf.Password,
 			})
 		}
--- a/go.mod
+++ b/go.mod
@@ -2,25 +2,26 @@ module github.com/yggdrasil-network/yggdrasil-go

 go 1.21

+replace github.com/Arceliar/ironwood => github.com/neilalexander/ironwood v0.0.0-20240530214820-2be4c2c0545a
+
 require (
-	github.com/Arceliar/ironwood v0.0.0-20241016082300-f6fb9da97a17
+	github.com/Arceliar/ironwood v0.0.0-20240529054413-b8e59574e2b2
 	github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d
 	github.com/cheggaaa/pb/v3 v3.1.5
-	github.com/coder/websocket v1.8.12
 	github.com/gologme/log v1.3.0
 	github.com/hashicorp/go-syslog v1.0.0
 	github.com/hjson/hjson-go/v4 v4.4.0
 	github.com/kardianos/minwinsvc v1.0.2
-	github.com/quic-go/quic-go v0.46.0
-	github.com/vishvananda/netlink v1.3.0
-	github.com/wlynxg/anet v0.0.5
-	golang.org/x/crypto v0.28.0
-	golang.org/x/net v0.30.0
-	golang.org/x/sys v0.26.0
-	golang.org/x/text v0.19.0
-	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2
+	github.com/quic-go/quic-go v0.45.1
+	github.com/vishvananda/netlink v1.1.0
+	golang.org/x/crypto v0.25.0
+	golang.org/x/mobile v0.0.0-20240716161057-1ad2df20a8b6
+	golang.org/x/net v0.27.0
+	golang.org/x/sys v0.22.0
+	golang.org/x/text v0.16.0
 	golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173
 	golang.zx2c4.com/wireguard/windows v0.5.3
+	nhooyr.io/websocket v1.8.11
 )

 require (
@@ -34,8 +35,9 @@ require (
 	go.uber.org/mock v0.4.0 // indirect
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
 	golang.org/x/mod v0.19.0 // indirect
-	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
 	golang.org/x/tools v0.23.0 // indirect
+	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 )

 require (
@@ -44,5 +46,5 @@ require (
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/olekukonko/tablewriter v0.0.5
-	github.com/vishvananda/netns v0.0.4 // indirect
+	github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,3 @@
-github.com/Arceliar/ironwood v0.0.0-20241016082300-f6fb9da97a17 h1:uOvHqPwu09ndYZQDUL6QvyDcz0M9kwooKYa/PEfLwIU=
-github.com/Arceliar/ironwood v0.0.0-20241016082300-f6fb9da97a17/go.mod h1:6WP4799FX0OuWdENGQAh+0RXp9FLh0y7NZ7tM9cJyXk=
 github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d h1:UK9fsWbWqwIQkMCz1CP+v5pGbsGoWAw6g4AyvMpm1EM=
 github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d/go.mod h1:BCnxhRf47C/dy/e/D2pmB8NkB3dQVIrkD98b220rx5Q=
 github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
@@ -14,8 +12,6 @@ github.com/cheggaaa/pb/v3 v3.1.5/go.mod h1:CrxkeghYTXi1lQBEI7jSn+3svI3cuc19haAj6
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/coder/websocket v1.8.12 h1:5bUXkEPPIbewrnkU8LTCLVaxi4N4J8ahufH2vlo4NAo=
-github.com/coder/websocket v1.8.12/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -50,6 +46,8 @@ github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
 github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/neilalexander/ironwood v0.0.0-20240530214820-2be4c2c0545a h1:QtmEQn0ahcIFkkt8iXjBlyej984hdFS6Cc2cqTN2CuQ=
+github.com/neilalexander/ironwood v0.0.0-20240530214820-2be4c2c0545a/go.mod h1:6WP4799FX0OuWdENGQAh+0RXp9FLh0y7NZ7tM9cJyXk=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=
@@ -58,8 +56,8 @@ github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
 github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/quic-go/quic-go v0.46.0 h1:uuwLClEEyk1DNvchH8uCByQVjo3yKL9opKulExNDs7Y=
-github.com/quic-go/quic-go v0.46.0/go.mod h1:1dLehS7TIR64+vxGR70GDcatWTOtMX2PUtnKsjbTurI=
+github.com/quic-go/quic-go v0.45.1 h1:tPfeYCk+uZHjmDRwHHQmvHRYL2t44ROTujLeFVBmjCA=
+github.com/quic-go/quic-go v0.45.1/go.mod h1:1dLehS7TIR64+vxGR70GDcatWTOtMX2PUtnKsjbTurI=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -67,12 +65,11 @@ github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/twmb/murmur3 v1.1.6 h1:mqrRot1BRxm+Yct+vavLMou2/iJt0tNVTTC0QoIjaZg=
 github.com/twmb/murmur3 v1.1.6/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ=
-github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk=
-github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
-github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
-github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
-github.com/wlynxg/anet v0.0.5 h1:J3VJGi1gvo0JwZ/P1/Yc/8p63SoW98B5dHkYDmpgvvU=
-github.com/wlynxg/anet v0.0.5/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA=
+github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0=
+github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
+github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
+github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f h1:p4VB7kIXpOQvVn1ZaTIVp+3vuYAXFe3OJEvjbUYJLaA=
+github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
 go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
@@ -80,10 +77,12 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
-golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
+golang.org/x/mobile v0.0.0-20240716161057-1ad2df20a8b6 h1:/VlmIrkuLf2wzPjkZ8imSpckHoW7Y71h66dxbLHSpi8=
+golang.org/x/mobile v0.0.0-20240716161057-1ad2df20a8b6/go.mod h1:TCsc78+c4cqb8IKEosz2LwJ6YRNkIjMuAYeHYjchGDE=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
@@ -94,29 +93,29 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
-golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -130,8 +129,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
-golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -155,3 +154,5 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 h1:TbRPT0HtzFP3Cno1zZo7yPzEEnfu8EjLfl6IU9VfqkQ=
 gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259/go.mod h1:AVgIgHMwK63XvmAzWG9vLQ41YnVHN0du0tEC46fI7yY=
+nhooyr.io/websocket v1.8.11 h1:f/qXNc2/3DpoSZkHt1DQu6rj4zGC8JmkkLkWss0MgN0=
+nhooyr.io/websocket v1.8.11/go.mod h1:rN9OFWIUwuxg4fR5tELlYC04bXYowCP9GX47ivo2l+c=
--- a/src/admin/admin.go
+++ b/src/admin/admin.go
@@ -238,27 +238,27 @@ func (a *AdminSocket) listen() {
 	if err == nil {
 		switch strings.ToLower(u.Scheme) {
 		case "unix":
-			if _, err := os.Stat(u.Path); err == nil {
-				a.log.Debugln("Admin socket", u.Path, "already exists, trying to clean up")
-				if _, err := net.DialTimeout("unix", u.Path, time.Second*2); err == nil || err.(net.Error).Timeout() {
-					a.log.Errorln("Admin socket", u.Path, "already exists and is in use by another process")
+			if _, err := os.Stat(listenaddr[7:]); err == nil {
+				a.log.Debugln("Admin socket", listenaddr[7:], "already exists, trying to clean up")
+				if _, err := net.DialTimeout("unix", listenaddr[7:], time.Second*2); err == nil || err.(net.Error).Timeout() {
+					a.log.Errorln("Admin socket", listenaddr[7:], "already exists and is in use by another process")
 					os.Exit(1)
 				} else {
-					if err := os.Remove(u.Path); err == nil {
-						a.log.Debugln(u.Path, "was cleaned up")
+					if err := os.Remove(listenaddr[7:]); err == nil {
+						a.log.Debugln(listenaddr[7:], "was cleaned up")
 					} else {
-						a.log.Errorln(u.Path, "already exists and was not cleaned up:", err)
+						a.log.Errorln(listenaddr[7:], "already exists and was not cleaned up:", err)
 						os.Exit(1)
 					}
 				}
 			}
-			a.listener, err = net.Listen("unix", u.Path)
+			a.listener, err = net.Listen("unix", listenaddr[7:])
 			if err == nil {
-				switch u.Path[:1] {
+				switch listenaddr[7:8] {
 				case "@": // maybe abstract namespace
 				default:
-					if err := os.Chmod(u.Path, 0660); err != nil {
-						a.log.Warnln("WARNING:", u.Path, "may have unsafe permissions!")
+					if err := os.Chmod(listenaddr[7:], 0660); err != nil {
+						a.log.Warnln("WARNING:", listenaddr[:7], "may have unsafe permissions!")
 					}
 				}
 			}
--- a/src/admin/getpaths.go
+++ b/src/admin/getpaths.go
@@ -3,7 +3,7 @@ package admin
 import (
 	"encoding/hex"
 	"net"
-	"slices"
+	"sort"
 	"strings"

 	"github.com/yggdrasil-network/yggdrasil-go/src/address"
@@ -35,8 +35,8 @@ func (a *AdminSocket) getPathsHandler(_ *GetPathsRequest, res *GetPathsResponse)
 			Sequence:  p.Sequence,
 		})
 	}
-	slices.SortStableFunc(res.Paths, func(a, b PathEntry) int {
-		return strings.Compare(a.PublicKey, b.PublicKey)
+	sort.SliceStable(res.Paths, func(i, j int) bool {
+		return strings.Compare(res.Paths[i].PublicKey, res.Paths[j].PublicKey) < 0
 	})
 	return nil
 }
--- a/src/admin/getpeers.go
+++ b/src/admin/getpeers.go
@@ -3,8 +3,7 @@ package admin
 import (
 	"encoding/hex"
 	"net"
-	"slices"
-	"strings"
+	"sort"
 	"time"

 	"github.com/yggdrasil-network/yggdrasil-go/src/address"
@@ -43,7 +42,7 @@ func (a *AdminSocket) getPeersHandler(_ *GetPeersRequest, res *GetPeersResponse)
 			Up:       p.Up,
 			Inbound:  p.Inbound,
 			Priority: uint64(p.Priority), // can't be uint8 thanks to gobind
-			Cost:     p.Cost,
+			Cost:     uint64(p.Cost),     // can't be uint8 thanks to gobind
 			URI:      p.URI,
 			RXBytes:  DataUnit(p.RXBytes),
 			TXBytes:  DataUnit(p.TXBytes),
@@ -62,26 +61,17 @@ func (a *AdminSocket) getPeersHandler(_ *GetPeersRequest, res *GetPeersResponse)
 		}
 		res.Peers = append(res.Peers, peer)
 	}
-	slices.SortStableFunc(res.Peers, func(a, b PeerEntry) int {
-		if !a.Inbound && b.Inbound {
-			return -1
+	sort.Slice(res.Peers, func(i, j int) bool {
+		if res.Peers[i].Inbound == res.Peers[j].Inbound {
+			if res.Peers[i].PublicKey == res.Peers[j].PublicKey {
+				if res.Peers[i].Priority == res.Peers[j].Priority {
+					return res.Peers[i].Uptime > res.Peers[j].Uptime
+				}
+				return res.Peers[i].Priority < res.Peers[j].Priority
+			}
+			return res.Peers[i].PublicKey < res.Peers[j].PublicKey
 		}
-		if a.Inbound && !b.Inbound {
-			return 1
-		}
-		if d := strings.Compare(a.PublicKey, b.PublicKey); d != 0 {
-			return d
-		}
-		if d := a.Priority - b.Priority; d != 0 {
-			return int(d)
-		}
-		if d := a.Cost - b.Cost; d != 0 {
-			return int(d)
-		}
-		if d := a.Uptime - b.Uptime; d != 0 {
-			return int(d)
-		}
-		return 0
+		return !res.Peers[i].Inbound && res.Peers[j].Inbound
 	})
 	return nil
 }
--- a/src/admin/getsessions.go
+++ b/src/admin/getsessions.go
@@ -3,7 +3,7 @@ package admin
 import (
 	"encoding/hex"
 	"net"
-	"slices"
+	"sort"
 	"strings"

 	"github.com/yggdrasil-network/yggdrasil-go/src/address"
@@ -36,8 +36,8 @@ func (a *AdminSocket) getSessionsHandler(_ *GetSessionsRequest, res *GetSessions
 			Uptime:    s.Uptime.Seconds(),
 		})
 	}
-	slices.SortStableFunc(res.Sessions, func(a, b SessionEntry) int {
-		return strings.Compare(a.PublicKey, b.PublicKey)
+	sort.SliceStable(res.Sessions, func(i, j int) bool {
+		return strings.Compare(res.Sessions[i].PublicKey, res.Sessions[j].PublicKey) < 0
 	})
 	return nil
 }
--- a/src/admin/gettree.go
+++ b/src/admin/gettree.go
@@ -3,7 +3,7 @@ package admin
 import (
 	"encoding/hex"
 	"net"
-	"slices"
+	"sort"
 	"strings"

 	"github.com/yggdrasil-network/yggdrasil-go/src/address"
@@ -34,8 +34,8 @@ func (a *AdminSocket) getTreeHandler(_ *GetTreeRequest, res *GetTreeResponse) er
 			Sequence:  d.Sequence,
 		})
 	}
-	slices.SortStableFunc(res.Tree, func(a, b TreeEntry) int {
-		return strings.Compare(a.PublicKey, b.PublicKey)
+	sort.SliceStable(res.Tree, func(i, j int) bool {
+		return strings.Compare(res.Tree[i].PublicKey, res.Tree[j].PublicKey) < 0
 	})
 	return nil
 }
--- a/src/config/config.go
+++ b/src/config/config.go
@@ -62,6 +62,7 @@ type MulticastInterfaceConfig struct {
 	Listen   bool
 	Port     uint16
 	Priority uint64 // really uint8, but gobind won't export it
+	Cost     uint16 // really uint8, but gobind won't export it
 	Password string
 }

--- a/src/core/api.go
+++ b/src/core/api.go
@@ -30,7 +30,7 @@ type PeerInfo struct {
 	Coords        []uint64
 	Port          uint64
 	Priority      uint8
-	Cost          uint64
+	Cost          uint8
 	RXBytes       uint64
 	TXBytes       uint64
 	Uptime        time.Duration
@@ -95,7 +95,7 @@ func (c *Core) GetPeers() []PeerInfo {
 				peerinfo.Port = p.Port
 				peerinfo.Priority = p.Priority
 				peerinfo.Latency = p.Latency
-				peerinfo.Cost = p.Cost
+				peerinfo.Cost = uint8(p.Cost)
 			}
 			peers = append(peers, peerinfo)
 		}
@@ -150,14 +150,7 @@ func (c *Core) GetSessions() []SessionInfo {
 // parsed from a string of the form e.g. "tcp://a.b.c.d:e". In the case of a
 // link-local address, the interface should be provided as the second argument.
 func (c *Core) Listen(u *url.URL, sintf string) (*Listener, error) {
-	return c.links.listen(u, sintf, false)
-}
-
-// ListenLocal starts a listener, like the Listen function, but is used for
-// more trustworthy situations where you want to ignore AllowedPublicKeys, i.e.
-// with multicast listeners.
-func (c *Core) ListenLocal(u *url.URL, sintf string) (*Listener, error) {
-	return c.links.listen(u, sintf, true)
+	return c.links.listen(u, sintf)
 }

 // Address gets the IPv6 address of the Yggdrasil node. This is always a /128
--- a/src/core/core.go
+++ b/src/core/core.go
@@ -127,7 +127,7 @@ func New(cert *tls.Certificate, logger Logger, opts ...SetupOption) (*Core, erro
 			c.log.Errorf("Invalid listener URI %q specified, ignoring\n", listenaddr)
 			continue
 		}
-		if _, err = c.links.listen(u, "", false); err != nil {
+		if _, err = c.links.listen(u, ""); err != nil {
 			c.log.Errorf("Failed to start listener %q: %s\n", listenaddr, err)
 		}
 	}
--- a/src/core/core_test.go
+++ b/src/core/core_test.go
@@ -25,27 +25,6 @@ func GetLoggerWithPrefix(prefix string, verbose bool) *log.Logger {
 	return l
 }

-func require_NoError(t *testing.T, err error) {
-	t.Helper()
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
-func require_Equal[T comparable](t *testing.T, a, b T) {
-	t.Helper()
-	if a != b {
-		t.Fatalf("%v != %v", a, b)
-	}
-}
-
-func require_True(t *testing.T, a bool) {
-	t.Helper()
-	if !a {
-		t.Fatal("expected true")
-	}
-}
-
 // CreateAndConnectTwo creates two nodes. nodeB connects to nodeA.
 // Verbosity flag is passed to logger.
 func CreateAndConnectTwo(t testing.TB, verbose bool) (nodeA *Core, nodeB *Core) {
@@ -222,69 +201,3 @@ func BenchmarkCore_Start_Transfer(b *testing.B) {
 	}
 	<-done
 }
-
-func TestAllowedPublicKeys(t *testing.T) {
-	logger := GetLoggerWithPrefix("", false)
-	cfgA, cfgB := config.GenerateConfig(), config.GenerateConfig()
-	require_NoError(t, cfgA.GenerateSelfSignedCertificate())
-	require_NoError(t, cfgB.GenerateSelfSignedCertificate())
-
-	nodeA, err := New(cfgA.Certificate, logger, AllowedPublicKey("abcdef"))
-	require_NoError(t, err)
-	defer nodeA.Stop()
-
-	nodeB, err := New(cfgB.Certificate, logger)
-	require_NoError(t, err)
-	defer nodeB.Stop()
-
-	u, err := url.Parse("tcp://localhost:0")
-	require_NoError(t, err)
-
-	l, err := nodeA.Listen(u, "")
-	require_NoError(t, err)
-
-	u, err = url.Parse("tcp://" + l.Addr().String())
-	require_NoError(t, err)
-
-	require_NoError(t, nodeB.AddPeer(u, ""))
-
-	time.Sleep(time.Second)
-
-	peers := nodeB.GetPeers()
-	require_Equal(t, len(peers), 1)
-	require_True(t, !peers[0].Up)
-	require_True(t, peers[0].LastError != nil)
-}
-
-func TestAllowedPublicKeysLocal(t *testing.T) {
-	logger := GetLoggerWithPrefix("", false)
-	cfgA, cfgB := config.GenerateConfig(), config.GenerateConfig()
-	require_NoError(t, cfgA.GenerateSelfSignedCertificate())
-	require_NoError(t, cfgB.GenerateSelfSignedCertificate())
-
-	nodeA, err := New(cfgA.Certificate, logger, AllowedPublicKey("abcdef"))
-	require_NoError(t, err)
-	defer nodeA.Stop()
-
-	nodeB, err := New(cfgB.Certificate, logger)
-	require_NoError(t, err)
-	defer nodeB.Stop()
-
-	u, err := url.Parse("tcp://localhost:0")
-	require_NoError(t, err)
-
-	l, err := nodeA.ListenLocal(u, "")
-	require_NoError(t, err)
-
-	u, err = url.Parse("tcp://" + l.Addr().String())
-	require_NoError(t, err)
-
-	require_NoError(t, nodeB.AddPeer(u, ""))
-
-	time.Sleep(time.Second)
-
-	peers := nodeB.GetPeers()
-	require_Equal(t, len(peers), 1)
-	require_True(t, peers[0].Up)
-	require_True(t, peers[0].LastError == nil)
-}
--- a/src/core/link.go
+++ b/src/core/link.go
@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"context"
 	"encoding/hex"
-	"errors"
 	"fmt"
 	"io"
 	"net"
@@ -41,8 +40,7 @@ type links struct {
 	ws    *linkWS    // WS interface support
 	wss   *linkWSS   // WSS interface support
 	// _links can only be modified safely from within the links actor
-	_links     map[linkInfo]*link // *link is nil if connection in progress
-	_listeners map[*Listener]context.CancelFunc
+	_links map[linkInfo]*link // *link is nil if connection in progress
 }

 type linkProtocol interface {
@@ -72,6 +70,7 @@ type link struct {
 type linkOptions struct {
 	pinnedEd25519Keys map[keyArray]struct{}
 	priority          uint8
+	cost              uint8
 	tlsSNI            string
 	password          []byte
 	maxBackoff        time.Duration
@@ -87,6 +86,13 @@ func (l *Listener) Addr() net.Addr {
 	return l.listener.Addr()
 }

+func (l *Listener) Close() error {
+	l.Cancel()
+	err := l.listener.Close()
+	<-l.ctx.Done()
+	return err
+}
+
 func (l *links) init(c *Core) error {
 	l.core = c
 	l.tcp = l.newLinkTCP()
@@ -97,20 +103,32 @@ func (l *links) init(c *Core) error {
 	l.ws = l.newLinkWS()
 	l.wss = l.newLinkWSS()
 	l._links = make(map[linkInfo]*link)
-	l._listeners = make(map[*Listener]context.CancelFunc)
+
+	var listeners []ListenAddress
+	phony.Block(c, func() {
+		listeners = make([]ListenAddress, 0, len(c.config._listeners))
+		for listener := range c.config._listeners {
+			listeners = append(listeners, listener)
+		}
+	})

 	return nil
 }

 func (l *links) shutdown() {
-	phony.Block(l, func() {
-		for listener := range l._listeners {
-			_ = listener.listener.Close()
+	phony.Block(l.tcp, func() {
+		for l := range l.tcp._listeners {
+			_ = l.Close()
 		}
-		for _, link := range l._links {
-			if link._conn != nil {
-				_ = link._conn.Close()
-			}
+	})
+	phony.Block(l.tls, func() {
+		for l := range l.tls._listeners {
+			_ = l.Close()
+		}
+	})
+	phony.Block(l.unix, func() {
+		for l := range l.unix._listeners {
+			_ = l.Close()
 		}
 	})
 }
@@ -122,8 +140,9 @@ func (e linkError) Error() string { return string(e) }
 const ErrLinkAlreadyConfigured = linkError("peer is already configured")
 const ErrLinkNotConfigured = linkError("peer is not configured")
 const ErrLinkPriorityInvalid = linkError("priority value is invalid")
+const ErrLinkCostInvalid = linkError("cost value is invalid")
 const ErrLinkPinnedKeyInvalid = linkError("pinned public key is invalid")
-const ErrLinkPasswordInvalid = linkError("invalid password supplied")
+const ErrLinkPasswordInvalid = linkError("password is invalid")
 const ErrLinkUnrecognisedSchema = linkError("link schema unknown")
 const ErrLinkMaxBackoffInvalid = linkError("max backoff duration invalid")

@@ -164,6 +183,14 @@ func (l *links) add(u *url.URL, sintf string, linkType linkType) error {
 			}
 			options.priority = uint8(pi)
 		}
+		if p := u.Query().Get("cost"); p != "" {
+			c, err := strconv.ParseUint(p, 10, 8)
+			if err != nil {
+				retErr = ErrLinkCostInvalid
+				return
+			}
+			options.cost = uint8(c)
+		}
 		if p := u.Query().Get("password"); p != "" {
 			if len(p) > blake2b.Size {
 				retErr = ErrLinkPasswordInvalid
@@ -336,7 +363,7 @@ func (l *links) add(u *url.URL, sintf string, linkType linkType) error {

 				// Give the connection to the handler. The handler will block
 				// for the lifetime of the connection.
-				if err = l.handler(linkType, options, lc, resetBackoff, false); err != nil && err != io.EOF {
+				if err = l.handler(linkType, options, lc, resetBackoff); err != nil && err != io.EOF {
 					l.core.log.Debugf("Link %s error: %s\n", info.uri, err)
 				}

@@ -346,11 +373,9 @@ func (l *links) add(u *url.URL, sintf string, linkType linkType) error {
 				_ = lc.Close()
 				phony.Block(l, func() {
 					state._conn = nil
-					if err == nil {
-						err = fmt.Errorf("remote side closed the connection")
+					if state._err = err; state._err != nil {
+						state._errtime = time.Now()
 					}
-					state._err = err
-					state._errtime = time.Now()
 				})

 				// If the link is persistently configured, back off if needed
@@ -359,9 +384,8 @@ func (l *links) add(u *url.URL, sintf string, linkType linkType) error {
 					if backoffNow() {
 						continue
 					}
+					return
 				}
-				// Ephemeral or incoming connections don't reconnect.
-				return
 			}
 		}()
 	})
@@ -395,7 +419,7 @@ func (l *links) remove(u *url.URL, sintf string, _ linkType) error {
 	return retErr
 }

-func (l *links) listen(u *url.URL, sintf string, local bool) (*Listener, error) {
+func (l *links) listen(u *url.URL, sintf string) (*Listener, error) {
 	ctx, cancel := context.WithCancel(l.core.ctx)
 	var protocol linkProtocol
 	switch strings.ToLower(u.Scheme) {
@@ -423,10 +447,7 @@ func (l *links) listen(u *url.URL, sintf string, local bool) (*Listener, error)
 	li := &Listener{
 		listener: listener,
 		ctx:      ctx,
-		Cancel: func() {
-			cancel()
-			_ = listener.Close()
-		},
+		Cancel:   cancel,
 	}

 	var options linkOptions
@@ -437,6 +458,13 @@ func (l *links) listen(u *url.URL, sintf string, local bool) (*Listener, error)
 		}
 		options.priority = uint8(pi)
 	}
+	if p := u.Query().Get("cost"); p != "" {
+		c, err := strconv.ParseUint(p, 10, 8)
+		if err != nil {
+			return nil, ErrLinkCostInvalid
+		}
+		options.cost = uint8(c)
+	}
 	if p := u.Query().Get("password"); p != "" {
 		if len(p) > blake2b.Size {
 			return nil, ErrLinkPasswordInvalid
@@ -444,18 +472,11 @@ func (l *links) listen(u *url.URL, sintf string, local bool) (*Listener, error)
 		options.password = []byte(p)
 	}

-	phony.Block(l, func() {
-		l._listeners[li] = cancel
-	})
-
 	go func() {
-		l.core.log.Infof("%s listener started on %s", strings.ToUpper(u.Scheme), li.listener.Addr())
-		defer l.core.log.Infof("%s listener stopped on %s", strings.ToUpper(u.Scheme), li.listener.Addr())
-		defer phony.Block(l, func() {
-			delete(l._listeners, li)
-		})
+		l.core.log.Infof("%s listener started on %s", strings.ToUpper(u.Scheme), listener.Addr())
+		defer l.core.log.Infof("%s listener stopped on %s", strings.ToUpper(u.Scheme), listener.Addr())
 		for {
-			conn, err := li.listener.Accept()
+			conn, err := listener.Accept()
 			if err != nil {
 				return
 			}
@@ -511,22 +532,13 @@ func (l *links) listen(u *url.URL, sintf string, local bool) (*Listener, error)
 					// Store the state of the link so that it can be queried later.
 					l._links[info] = state
 				})
-				defer phony.Block(l, func() {
-					if l._links[info] == state {
-						delete(l._links, info)
-					}
-				})
 				if lc == nil {
 					return
 				}

 				// Give the connection to the handler. The handler will block
 				// for the lifetime of the connection.
-				switch err = l.handler(linkTypeIncoming, options, lc, nil, local); {
-				case err == nil:
-				case errors.Is(err, io.EOF):
-				case errors.Is(err, net.ErrClosed):
-				default:
+				if err = l.handler(linkTypeIncoming, options, lc, nil); err != nil && err != io.EOF {
 					l.core.log.Debugf("Link %s error: %s\n", u.Host, err)
 				}

@@ -534,6 +546,11 @@ func (l *links) listen(u *url.URL, sintf string, local bool) (*Listener, error)
 				// try to close the underlying socket just in case and then
 				// drop the link state.
 				_ = lc.Close()
+				phony.Block(l, func() {
+					if l._links[info] == state {
+						delete(l._links, info)
+					}
+				})
 			}(conn)
 		}
 	}()
@@ -563,10 +580,11 @@ func (l *links) connect(ctx context.Context, u *url.URL, info linkInfo, options
 	return dialer.dial(ctx, u, info, options)
 }

-func (l *links) handler(linkType linkType, options linkOptions, conn net.Conn, success func(), local bool) error {
+func (l *links) handler(linkType linkType, options linkOptions, conn net.Conn, success func()) error {
 	meta := version_getBaseMetadata()
 	meta.publicKey = l.core.public
 	meta.priority = options.priority
+	meta.cost = options.cost
 	metaBytes, err := meta.encode(l.core.secret, options.password)
 	if err != nil {
 		return fmt.Errorf("failed to generate handshake: %w", err)
@@ -606,22 +624,20 @@ func (l *links) handler(linkType linkType, options linkOptions, conn net.Conn, s
 		}
 	}
 	// Check if we're authorized to connect to this key / IP
-	if !local {
-		var allowed map[[32]byte]struct{}
-		phony.Block(l.core, func() {
-			allowed = l.core.config._allowedPublicKeys
-		})
-		isallowed := len(allowed) == 0
-		for k := range allowed {
-			if bytes.Equal(k[:], meta.publicKey) {
-				isallowed = true
-				break
-			}
-		}
-		if linkType == linkTypeIncoming && !isallowed {
-			return fmt.Errorf("node public key %q is not in AllowedPublicKeys", hex.EncodeToString(meta.publicKey))
+	var allowed map[[32]byte]struct{}
+	phony.Block(l.core, func() {
+		allowed = l.core.config._allowedPublicKeys
+	})
+	isallowed := len(allowed) == 0
+	for k := range allowed {
+		if bytes.Equal(k[:], meta.publicKey) {
+			isallowed = true
+			break
 		}
 	}
+	if linkType == linkTypeIncoming && !isallowed {
+		return fmt.Errorf("node public key %q is not in AllowedPublicKeys", hex.EncodeToString(meta.publicKey))
+	}

 	dir := "outbound"
 	if linkType == linkTypeIncoming {
@@ -630,17 +646,20 @@ func (l *links) handler(linkType linkType, options linkOptions, conn net.Conn, s
 	remoteAddr := net.IP(address.AddrForKey(meta.publicKey)[:]).String()
 	remoteStr := fmt.Sprintf("%s@%s", remoteAddr, conn.RemoteAddr())
 	localStr := conn.LocalAddr()
-	priority := options.priority
+	cost, priority := options.cost, options.priority
 	if meta.priority > priority {
 		priority = meta.priority
 	}
+	if meta.cost > cost {
+		cost = meta.cost
+	}
 	l.core.log.Infof("Connected %s: %s, source %s",
 		dir, remoteStr, localStr)
 	if success != nil {
 		success()
 	}

-	err = l.core.HandleConn(meta.publicKey, conn, priority)
+	err = l.core.HandleConn(meta.publicKey, conn, cost, priority)
 	switch err {
 	case io.EOF, net.ErrClosed, nil:
 		l.core.log.Infof("Disconnected %s: %s, source %s",
@@ -649,7 +668,7 @@ func (l *links) handler(linkType linkType, options linkOptions, conn net.Conn, s
 		l.core.log.Infof("Disconnected %s: %s, source %s; error: %s",
 			dir, remoteStr, localStr, err)
 	}
-	return err
+	return nil
 }

 func urlForLinkInfo(u url.URL) url.URL {
--- a/src/core/link_tcp.go
+++ b/src/core/link_tcp.go
@@ -15,6 +15,7 @@ type linkTCP struct {
 	phony.Inbox
 	*links
 	listenconfig *net.ListenConfig
+	_listeners   map[*Listener]context.CancelFunc
 }

 func (l *links) newLinkTCP() *linkTCP {
@@ -23,6 +24,7 @@ func (l *links) newLinkTCP() *linkTCP {
 		listenconfig: &net.ListenConfig{
 			KeepAlive: -1,
 		},
+		_listeners: map[*Listener]context.CancelFunc{},
 	}
 	lt.listenconfig.Control = lt.tcpContext
 	return lt
--- a/src/core/link_tls.go
+++ b/src/core/link_tls.go
@@ -13,9 +13,10 @@ import (
 type linkTLS struct {
 	phony.Inbox
 	*links
-	tcp      *linkTCP
-	listener *net.ListenConfig
-	config   *tls.Config
+	tcp        *linkTCP
+	listener   *net.ListenConfig
+	config     *tls.Config
+	_listeners map[*Listener]context.CancelFunc
 }

 func (l *links) newLinkTLS(tcp *linkTCP) *linkTLS {
@@ -26,7 +27,8 @@ func (l *links) newLinkTLS(tcp *linkTCP) *linkTLS {
 			Control:   tcp.tcpContext,
 			KeepAlive: -1,
 		},
-		config: l.core.config.tls.Clone(),
+		config:     l.core.config.tls.Clone(),
+		_listeners: map[*Listener]context.CancelFunc{},
 	}
 	return lt
 }
--- a/src/core/link_unix.go
+++ b/src/core/link_unix.go
@@ -12,8 +12,9 @@ import (
 type linkUNIX struct {
 	phony.Inbox
 	*links
-	dialer   *net.Dialer
-	listener *net.ListenConfig
+	dialer     *net.Dialer
+	listener   *net.ListenConfig
+	_listeners map[*Listener]context.CancelFunc
 }

 func (l *links) newLinkUNIX() *linkUNIX {
@@ -26,6 +27,7 @@ func (l *links) newLinkUNIX() *linkUNIX {
 		listener: &net.ListenConfig{
 			KeepAlive: -1,
 		},
+		_listeners: map[*Listener]context.CancelFunc{},
 	}
 	return lt
 }
--- a/src/core/link_ws.go
+++ b/src/core/link_ws.go
@@ -8,13 +8,12 @@ import (
 	"time"

 	"github.com/Arceliar/phony"
-	"github.com/coder/websocket"
+	"nhooyr.io/websocket"
 )

 type linkWS struct {
 	phony.Inbox
 	*links
-	listenconfig *net.ListenConfig
 }

 type linkWSConn struct {
@@ -79,9 +78,6 @@ func (s *wsServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 func (l *links) newLinkWS() *linkWS {
 	lt := &linkWS{
 		links: l,
-		listenconfig: &net.ListenConfig{
-			KeepAlive: -1,
-		},
 	}
 	return lt
 }
@@ -99,7 +95,7 @@ func (l *linkWS) dial(ctx context.Context, url *url.URL, info linkInfo, options
 }

 func (l *linkWS) listen(ctx context.Context, url *url.URL, _ string) (net.Listener, error) {
-	nl, err := l.listenconfig.Listen(ctx, "tcp", url.Host)
+	nl, err := net.Listen("tcp", url.Host)
 	if err != nil {
 		return nil, err
 	}
--- a/src/core/link_wss.go
+++ b/src/core/link_wss.go
@@ -7,7 +7,7 @@ import (
 	"net/url"

 	"github.com/Arceliar/phony"
-	"github.com/coder/websocket"
+	"nhooyr.io/websocket"
 )

 type linkWSS struct {
--- a/src/core/version.go
+++ b/src/core/version.go
@@ -8,6 +8,7 @@ import (
 	"bytes"
 	"crypto/ed25519"
 	"encoding/binary"
+	"fmt"
 	"io"

 	"golang.org/x/crypto/blake2b"
@@ -21,6 +22,7 @@ type version_metadata struct {
 	minorVer  uint16
 	publicKey ed25519.PublicKey
 	priority  uint8
+	cost      uint8
 }

 const (
@@ -35,18 +37,9 @@ const (
 	metaVersionMinor               // uint16
 	metaPublicKey                  // [32]byte
 	metaPriority                   // uint8
+	metaCost                       // uint8
 )

-type handshakeError string
-
-func (e handshakeError) Error() string { return string(e) }
-
-const ErrHandshakeInvalidPreamble = handshakeError("invalid handshake, remote side is not Yggdrasil")
-const ErrHandshakeInvalidLength = handshakeError("invalid handshake length, possible version mismatch")
-const ErrHandshakeInvalidPassword = handshakeError("invalid password supplied, check your config")
-const ErrHandshakeHashFailure = handshakeError("invalid hash length")
-const ErrHandshakeIncorrectPassword = handshakeError("password does not match remote side")
-
 // Gets a base metadata with no keys set, but with the correct version numbers.
 func version_getBaseMetadata() version_metadata {
 	return version_metadata{
@@ -73,9 +66,17 @@ func (m *version_metadata) encode(privateKey ed25519.PrivateKey, password []byte
 	bs = binary.BigEndian.AppendUint16(bs, ed25519.PublicKeySize)
 	bs = append(bs, m.publicKey[:]...)

-	bs = binary.BigEndian.AppendUint16(bs, metaPriority)
-	bs = binary.BigEndian.AppendUint16(bs, 1)
-	bs = append(bs, m.priority)
+	if m.priority > 0 {
+		bs = binary.BigEndian.AppendUint16(bs, metaPriority)
+		bs = binary.BigEndian.AppendUint16(bs, 1)
+		bs = append(bs, m.priority)
+	}
+
+	if m.cost > 0 {
+		bs = binary.BigEndian.AppendUint16(bs, metaCost)
+		bs = binary.BigEndian.AppendUint16(bs, 1)
+		bs = append(bs, m.cost)
+	}

 	hasher, err := blake2b.New512(password)
 	if err != nil {
@@ -86,7 +87,7 @@ func (m *version_metadata) encode(privateKey ed25519.PrivateKey, password []byte
 		return nil, err
 	}
 	if n != ed25519.PublicKeySize {
-		return nil, ErrHandshakeHashFailure
+		return nil, fmt.Errorf("hash writer only wrote %d bytes", n)
 	}
 	hash := hasher.Sum(nil)
 	bs = append(bs, ed25519.Sign(privateKey, hash)...)
@@ -103,11 +104,11 @@ func (m *version_metadata) decode(r io.Reader, password []byte) error {
 	}
 	meta := [4]byte{'m', 'e', 't', 'a'}
 	if !bytes.Equal(bh[:4], meta[:]) {
-		return ErrHandshakeInvalidPreamble
+		return fmt.Errorf("invalid handshake preamble")
 	}
 	hl := binary.BigEndian.Uint16(bh[4:6])
 	if hl < ed25519.SignatureSize {
-		return ErrHandshakeInvalidLength
+		return fmt.Errorf("invalid handshake length")
 	}
 	bs := make([]byte, hl)
 	if _, err := io.ReadFull(r, bs); err != nil {
@@ -135,21 +136,24 @@ func (m *version_metadata) decode(r io.Reader, password []byte) error {

 		case metaPriority:
 			m.priority = bs[0]
+
+		case metaCost:
+			m.cost = bs[0]
 		}
 		bs = bs[oplen:]
 	}

 	hasher, err := blake2b.New512(password)
 	if err != nil {
-		return ErrHandshakeInvalidPassword
+		return fmt.Errorf("invalid password supplied")
 	}
 	n, err := hasher.Write(m.publicKey)
 	if err != nil || n != ed25519.PublicKeySize {
-		return ErrHandshakeHashFailure
+		return fmt.Errorf("failed to generate hash")
 	}
 	hash := hasher.Sum(nil)
 	if !ed25519.Verify(m.publicKey, hash, sig) {
-		return ErrHandshakeIncorrectPassword
+		return fmt.Errorf("password is incorrect")
 	}
 	return nil
 }
--- a/src/core/version_test.go
+++ b/src/core/version_test.go
@@ -52,6 +52,9 @@ func TestVersionRoundtrip(t *testing.T) {
 			{majorVer: 258, minorVer: 259},
 			{majorVer: 3, minorVer: 5, priority: 6},
 			{majorVer: 260, minorVer: 261, priority: 7},
+			{majorVer: 258, minorVer: 259, cost: 5},
+			{majorVer: 3, minorVer: 5, priority: 6, cost: 12},
+			{majorVer: 260, minorVer: 261, priority: 7, cost: 1},
 		} {
 			// Generate a random public key for each time, since it is
 			// a required field.
--- a/src/multicast/multicast.go
+++ b/src/multicast/multicast.go
@@ -9,12 +9,10 @@ import (
 	"math/rand"
 	"net"
 	"net/url"
-	"sync/atomic"
 	"time"

 	"github.com/Arceliar/phony"
 	"github.com/gologme/log"
-	"github.com/wlynxg/anet"

 	"github.com/yggdrasil-network/yggdrasil-go/src/core"
 	"golang.org/x/crypto/blake2b"
@@ -30,7 +28,7 @@ type Multicast struct {
 	core        *core.Core
 	log         *log.Logger
 	sock        *ipv6.PacketConn
-	running     atomic.Bool
+	_isOpen     bool
 	_listeners  map[string]*listenerInfo
 	_interfaces map[string]*interfaceInfo
 	_timer      *time.Timer
@@ -47,6 +45,7 @@ type interfaceInfo struct {
 	listen   bool
 	port     uint16
 	priority uint8
+	cost     uint8
 	password []byte
 	hash     []byte
 }
@@ -81,7 +80,7 @@ func New(core *core.Core, log *log.Logger, opts ...SetupOption) (*Multicast, err
 }

 func (m *Multicast) _start() error {
-	if !m.running.CompareAndSwap(false, true) {
+	if m._isOpen {
 		return fmt.Errorf("multicast module is already started")
 	}
 	var anyEnabled bool
@@ -89,14 +88,12 @@ func (m *Multicast) _start() error {
 		anyEnabled = anyEnabled || intf.Beacon || intf.Listen
 	}
 	if !anyEnabled {
-		m.running.Store(false)
 		return nil
 	}
 	m.log.Debugln("Starting multicast module")
 	defer m.log.Debugln("Started multicast module")
 	addr, err := net.ResolveUDPAddr("udp", string(m.config._groupAddr))
 	if err != nil {
-		m.running.Store(false)
 		return err
 	}
 	listenString := fmt.Sprintf("[::]:%v", addr.Port)
@@ -105,7 +102,6 @@ func (m *Multicast) _start() error {
 	}
 	conn, err := lc.ListenPacket(context.Background(), "udp6", listenString)
 	if err != nil {
-		m.running.Store(false)
 		return err
 	}
 	m.sock = ipv6.NewPacketConn(conn)
@@ -113,6 +109,7 @@ func (m *Multicast) _start() error {
 		// Windows can't set this flag, so we need to handle it in other ways
 	}

+	m._isOpen = true
 	go m.listen()
 	m.Act(nil, m._multicastStarted)
 	m.Act(nil, m._announce)
@@ -122,7 +119,11 @@ func (m *Multicast) _start() error {

 // IsStarted returns true if the module has been started.
 func (m *Multicast) IsStarted() bool {
-	return m.running.Load()
+	var isOpen bool
+	phony.Block(m, func() {
+		isOpen = m._isOpen
+	})
+	return isOpen
 }

 // Stop stops the multicast module.
@@ -136,10 +137,8 @@ func (m *Multicast) Stop() error {
 }

 func (m *Multicast) _stop() error {
-	if !m.running.CompareAndSwap(true, false) {
-		return nil
-	}
 	m.log.Infoln("Stopping multicast module")
+	m._isOpen = false
 	if m.sock != nil {
 		m.sock.Close()
 	}
@@ -149,8 +148,7 @@ func (m *Multicast) _stop() error {
 func (m *Multicast) _updateInterfaces() {
 	interfaces := m._getAllowedInterfaces()
 	for name, info := range interfaces {
-		// 'anet' package is used here to avoid https://github.com/golang/go/issues/40569
-		addrs, err := anet.InterfaceAddrsByInterface(&info.iface)
+		addrs, err := info.iface.Addrs()
 		if err != nil {
 			m.log.Warnf("Failed up get addresses for interface %s: %s", name, err)
 			delete(interfaces, name)
@@ -158,7 +156,6 @@ func (m *Multicast) _updateInterfaces() {
 		}
 		info.addrs = addrs
 		interfaces[name] = info
-		m.log.Debugf("Discovered addresses for interface %s: %s", name, addrs)
 	}
 	m._interfaces = interfaces
 }
@@ -177,11 +174,10 @@ func (m *Multicast) Interfaces() map[string]net.Interface {
 func (m *Multicast) _getAllowedInterfaces() map[string]*interfaceInfo {
 	interfaces := make(map[string]*interfaceInfo)
 	// Ask the system for network interfaces
-	// 'anet' package is used here to avoid https://github.com/golang/go/issues/40569
-	allifaces, err := anet.Interfaces()
+	allifaces, err := net.Interfaces()
 	if err != nil {
 		// Don't panic, since this may be from e.g. too many open files (from too much connection spam)
-		m.log.Debugf("Failed to get interfaces: %s", err)
+		// TODO? log something
 		return nil
 	}
 	// Work out which interfaces to announce on
@@ -190,8 +186,6 @@ func (m *Multicast) _getAllowedInterfaces() map[string]*interfaceInfo {
 		switch {
 		case iface.Flags&net.FlagUp == 0:
 			continue // Ignore interfaces that are down
-		case iface.Flags&net.FlagRunning == 0:
-			continue // Ignore interfaces that are not running
 		case iface.Flags&net.FlagMulticast == 0:
 			continue // Ignore non-multicast interfaces
 		case iface.Flags&net.FlagPointToPoint != 0:
@@ -221,6 +215,7 @@ func (m *Multicast) _getAllowedInterfaces() map[string]*interfaceInfo {
 				listen:   ifcfg.Listen,
 				port:     ifcfg.Port,
 				priority: ifcfg.Priority,
+				cost:     ifcfg.Cost,
 				password: []byte(ifcfg.Password),
 				hash:     hasher.Sum(nil),
 			}
@@ -240,7 +235,7 @@ func (m *Multicast) AnnounceNow() {
 }

 func (m *Multicast) _announce() {
-	if !m.running.Load() {
+	if !m._isOpen {
 		return
 	}
 	m._updateInterfaces()
@@ -257,7 +252,7 @@ func (m *Multicast) _announce() {
 	for name, info := range m._listeners {
 		// Prepare our stop function!
 		stop := func() {
-			info.listener.Cancel()
+			info.listener.Close()
 			delete(m._listeners, name)
 			m.log.Debugln("No longer multicasting on", name)
 		}
@@ -321,13 +316,14 @@ func (m *Multicast) _announce() {
 				// No listener was found - let's create one
 				v := &url.Values{}
 				v.Add("priority", fmt.Sprintf("%d", info.priority))
+				v.Add("cost", fmt.Sprintf("%d", info.cost))
 				v.Add("password", string(info.password))
 				u := &url.URL{
 					Scheme:   "tls",
 					Host:     net.JoinHostPort(addrIP.String(), fmt.Sprintf("%d", info.port)),
 					RawQuery: v.Encode(),
 				}
-				if li, err := m.core.ListenLocal(u, iface.Name); err == nil {
+				if li, err := m.core.Listen(u, iface.Name); err == nil {
 					m.log.Debugln("Started multicasting on", iface.Name)
 					// Store the listener so that we can stop it later if needed
 					linfo = &listenerInfo{listener: li, time: time.Now(), port: info.port}
@@ -383,9 +379,6 @@ func (m *Multicast) listen() {
 	bs := make([]byte, 2048)
 	hb := make([]byte, 0, blake2b.Size) // Reused to reduce hash allocations
 	for {
-		if !m.running.Load() {
-			return
-		}
 		n, rcm, fromAddr, err := m.sock.ReadFrom(bs)
 		if err != nil {
 			if !m.IsStarted() {
@@ -438,6 +431,7 @@ func (m *Multicast) listen() {
 			v := &url.Values{}
 			v.Add("key", hex.EncodeToString(adv.PublicKey))
 			v.Add("priority", fmt.Sprintf("%d", info.priority))
+			v.Add("cost", fmt.Sprintf("%d", info.cost))
 			v.Add("password", string(info.password))
 			u := &url.URL{
 				Scheme:   "tls",
--- a/src/multicast/multicast_darwin_cgo.go
+++ b/src/multicast/multicast_darwin_cgo.go
@@ -31,7 +31,7 @@ import (
 )

 func (m *Multicast) _multicastStarted() {
-	if !m.running.Load() {
+	if !m._isOpen {
 		return
 	}
 	C.StopAWDLBrowsing()
--- a/src/multicast/options.go
+++ b/src/multicast/options.go
@@ -21,6 +21,7 @@ type MulticastInterface struct {
 	Listen   bool
 	Port     uint16
 	Priority uint8
+	Cost     uint8
 	Password string
 }

--- a/src/tun/iface.go
+++ b/src/tun/iface.go
@@ -1,11 +1,5 @@
 package tun

-import (
-	"errors"
-
-	wgtun "golang.zx2c4.com/wireguard/tun"
-)
-
 const TUN_OFFSET_BYTES = 80 // sizeof(virtio_net_hdr)

 func (tun *TunAdapter) read() {
@@ -18,10 +12,6 @@ func (tun *TunAdapter) read() {
 	for {
 		n, err := tun.iface.Read(bufs, sizes, TUN_OFFSET_BYTES)
 		if err != nil {
-			if errors.Is(err, wgtun.ErrTooManySegments) {
-				tun.log.Debugln("TUN segments dropped: %v", err)
-				continue
-			}
 			tun.log.Errorln("Error reading TUN:", err)
 			return
 		}
--- a/src/tun/tun.go
+++ b/src/tun/tun.go
@@ -11,6 +11,7 @@ import (
 	"io"
 	"net"
 	"sync"
+	"time"

 	"github.com/Arceliar/phony"
 	wgtun "golang.zx2c4.com/wireguard/tun"
@@ -64,6 +65,20 @@ func getSupportedMTU(mtu uint64) uint64 {
 	return mtu
 }

+func waitForTUNUp(ch <-chan wgtun.Event) bool {
+	t := time.After(time.Second * 5)
+	for {
+		select {
+		case ev := <-ch:
+			if ev == wgtun.EventUp {
+				return true
+			}
+		case <-t:
+			return false
+		}
+	}
+}
+
 // Name returns the name of the adapter, e.g. "tun0". On Windows, this may
 // return a canonical adapter name instead.
 func (tun *TunAdapter) Name() string {
--- a/src/tun/tun_freebsd.go
+++ b/src/tun/tun_freebsd.go
@@ -1,5 +1,5 @@
-//go:build freebsd
-// +build freebsd
+//go:build openbsd || freebsd
+// +build openbsd freebsd

 package tun

@@ -54,6 +54,11 @@ struct  in6_ifreq {
 290 };
 */

+type in6_ifreq_mtu struct {
+	ifr_name [syscall.IFNAMSIZ]byte
+	ifru_mtu int
+}
+
 type in6_ifreq_addr struct {
 	ifr_name  [syscall.IFNAMSIZ]byte
 	ifru_addr sockaddr_in6
@@ -75,6 +80,9 @@ func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
 	if err != nil {
 		return fmt.Errorf("failed to create TUN: %w", err)
 	}
+	if !waitForTUNUp(iface.Events()) {
+		return fmt.Errorf("TUN did not come up in time")
+	}
 	tun.iface = iface
 	if mtu, err := iface.MTU(); err == nil {
 		tun.mtu = getSupportedMTU(uint64(mtu))
@@ -107,6 +115,26 @@ func (tun *TunAdapter) setupAddress(addr string) error {
 	tun.log.Infof("Interface IPv6: %s", addr)
 	tun.log.Infof("Interface MTU: %d", tun.mtu)

+	// Create the MTU request
+	var ir in6_ifreq_mtu
+	copy(ir.ifr_name[:], tun.Name())
+	ir.ifru_mtu = int(tun.mtu)
+
+	// Set the MTU
+	if _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(sfd), uintptr(syscall.SIOCSIFMTU), uintptr(unsafe.Pointer(&ir))); errno != 0 {
+		err = errno
+		tun.log.Errorf("Error in SIOCSIFMTU: %v", errno)
+
+		// Fall back to ifconfig to set the MTU
+		cmd := exec.Command("ifconfig", tun.Name(), "mtu", string(tun.mtu))
+		tun.log.Warnf("Using ifconfig as fallback: %v", strings.Join(cmd.Args, " "))
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			tun.log.Errorf("SIOCSIFMTU fallback failed: %v.", err)
+			tun.log.Traceln(string(output))
+		}
+	}
+
 	// Create the address request
 	// FIXME: I don't work!
 	var ar in6_ifreq_addr
--- a/src/tun/tun_darwin.go
+++ b/src/tun/tun_darwin.go
@@ -27,6 +27,9 @@ func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
 	if err != nil {
 		return fmt.Errorf("failed to create TUN: %w", err)
 	}
+	if !waitForTUNUp(iface.Events()) {
+		return fmt.Errorf("TUN did not come up in time")
+	}
 	tun.iface = iface
 	if m, err := iface.MTU(); err == nil {
 		tun.mtu = getSupportedMTU(uint64(m))
@@ -55,6 +58,9 @@ func (tun *TunAdapter) setupFD(fd int32, addr string, mtu uint64) error {
 		unix.Close(dfd)
 		return fmt.Errorf("failed to create TUN from FD: %w", err)
 	}
+	if !waitForTUNUp(iface.Events()) {
+		return fmt.Errorf("TUN did not come up in time")
+	}
 	tun.iface = iface
 	if m, err := iface.MTU(); err == nil {
 		tun.mtu = getSupportedMTU(uint64(m))
--- a/src/tun/tun_linux.go
+++ b/src/tun/tun_linux.go
@@ -21,6 +21,9 @@ func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
 	if err != nil {
 		return fmt.Errorf("failed to create TUN: %w", err)
 	}
+	if !waitForTUNUp(iface.Events()) {
+		return fmt.Errorf("TUN did not come up in time")
+	}
 	tun.iface = iface
 	if mtu, err := iface.MTU(); err == nil {
 		tun.mtu = getSupportedMTU(uint64(mtu))
--- a/src/tun/tun_openbsd.go
+++ b/src/tun/tun_openbsd.go
@@ -1,122 +0,0 @@
-//go:build openbsd
-// +build openbsd
-
-package tun
-
-import (
-	"fmt"
-	"net"
-	"syscall"
-	"unsafe"
-
-	"golang.org/x/sys/unix"
-
-	wgtun "golang.zx2c4.com/wireguard/tun"
-)
-
-const (
-	SIOCAIFADDR_IN6       = 0x8080691a
-	ND6_INFINITE_LIFETIME = 0xffffffff
-)
-
-type in6_addrlifetime struct {
-	ia6t_expire    int64
-	ia6t_preferred int64
-	ia6t_vltime    uint32
-	ia6t_pltime    uint32
-}
-
-// Match types from the net package, effectively being [16]byte for IPv6 addresses.
-type in6_addr [16]uint8
-
-type sockaddr_in6 struct {
-	sin6_len      uint8
-	sin6_family   uint8
-	sin6_port     uint16
-	sin6_flowinfo uint32
-	sin6_addr     in6_addr
-	sin6_scope_id uint32
-}
-
-func (sa6 *sockaddr_in6) setSockaddr(addr [/*16*/]byte /* net.IP or net.IPMask */) {
-	sa6.sin6_len    = uint8(unsafe.Sizeof(*sa6))
-	sa6.sin6_family = unix.AF_INET6
-
-	for i := range sa6.sin6_addr {
-		sa6.sin6_addr[i] = addr[i]
-	}
-}
-
-type in6_aliasreq struct {
-	ifra_name       [syscall.IFNAMSIZ]byte
-	ifra_addr       sockaddr_in6
-	ifra_dstaddr    sockaddr_in6
-	ifra_prefixmask sockaddr_in6
-	ifra_flags      int32
-	ifra_lifetime   in6_addrlifetime
-}
-
-// Configures the TUN adapter with the correct IPv6 address and MTU.
-func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
-	iface, err := wgtun.CreateTUN(ifname, int(mtu))
-	if err != nil {
-		return fmt.Errorf("failed to create TUN: %w", err)
-	}
-	tun.iface = iface
-	if mtu, err := iface.MTU(); err == nil {
-		tun.mtu = getSupportedMTU(uint64(mtu))
-	} else {
-		tun.mtu = 0
-	}
-	if addr != "" {
-		return tun.setupAddress(addr)
-	}
-	return nil
-}
-
-// Configures the "utun" adapter from an existing file descriptor.
-func (tun *TunAdapter) setupFD(fd int32, addr string, mtu uint64) error {
-	return fmt.Errorf("setup via FD not supported on this platform")
-}
-
-func (tun *TunAdapter) setupAddress(addr string) error {
-	var sfd int
-	var err error
-
-	ip, prefix, err := net.ParseCIDR(addr)
-	if err != nil {
-		tun.log.Errorf("Error in ParseCIDR: %v", err)
-		return err
-	}
-
-	// Create system socket
-	if sfd, err = unix.Socket(unix.AF_INET6, unix.SOCK_DGRAM, 0); err != nil {
-		tun.log.Printf("Create AF_INET6 socket failed: %v", err)
-		return err
-	}
-
-	// Friendly output
-	tun.log.Infof("Interface name: %s", tun.Name())
-	tun.log.Infof("Interface IPv6: %s", addr)
-	tun.log.Infof("Interface MTU: %d", tun.mtu)
-
-	// Create the address request
-	var ar in6_aliasreq
-	copy(ar.ifra_name[:], tun.Name())
-
-	ar.ifra_addr.setSockaddr(ip)
-
-	prefixmask := net.CIDRMask(prefix.Mask.Size())
-	ar.ifra_prefixmask.setSockaddr(prefixmask)
-
-	ar.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME
-	ar.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME
-
-	// Set the interface address
-	if err = unix.IoctlSetInt(sfd, SIOCAIFADDR_IN6, int(uintptr(unsafe.Pointer(&ar)))); err != nil {
-		tun.log.Errorf("Error in SIOCAIFADDR_IN6: %v", err)
-		return err
-	}
-
-	return nil
-}
--- a/src/tun/tun_other.go
+++ b/src/tun/tun_other.go
@@ -18,6 +18,9 @@ func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
 	if err != nil {
 		return fmt.Errorf("failed to create TUN: %w", err)
 	}
+	if !waitForTUNUp(iface.Events()) {
+		return fmt.Errorf("TUN did not come up in time")
+	}
 	tun.iface = iface
 	if mtu, err := iface.MTU(); err == nil {
 		tun.mtu = getSupportedMTU(uint64(mtu))
--- a/src/tun/tun_windows.go
+++ b/src/tun/tun_windows.go
@@ -8,12 +8,10 @@ import (
 	"fmt"
 	"log"
 	"net/netip"
-	"time"

 	"github.com/yggdrasil-network/yggdrasil-go/src/config"
 	"golang.org/x/sys/windows"

-	"golang.zx2c4.com/wintun"
 	wgtun "golang.zx2c4.com/wireguard/tun"
 	"golang.zx2c4.com/wireguard/windows/elevate"
 	"golang.zx2c4.com/wireguard/windows/tunnel/winipcfg"
@@ -33,23 +31,14 @@ func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
 		if guid, err = windows.GUIDFromString("{8f59971a-7872-4aa6-b2eb-061fc4e9d0a7}"); err != nil {
 			return err
 		}
-		iface, err = wgtun.CreateTUNWithRequestedGUID(ifname, &guid, int(mtu))
-		if err != nil {
-			// Very rare condition, it will purge the old device and create new
-			tun.log.Printf("Error creating TUN: '%s'", err)
-			wintun.Uninstall()
-			time.Sleep(3 * time.Second)
-			tun.log.Printf("Trying again")
-			iface, err = wgtun.CreateTUNWithRequestedGUID(ifname, &guid, int(mtu))
-			if err != nil {
-				return err
-			}
+		if iface, err = wgtun.CreateTUNWithRequestedGUID(ifname, &guid, int(mtu)); err != nil {
+			return err
+		}
+		if !waitForTUNUp(iface.Events()) {
+			return fmt.Errorf("TUN did not come up in time")
 		}
-		tun.log.Printf("Waiting for TUN to come up")
-		time.Sleep(1 * time.Second)
 		tun.iface = iface
 		if addr != "" {
-			tun.log.Printf("Setting up address")
 			if err = tun.setupAddress(addr); err != nil {
 				tun.log.Errorln("Failed to set up TUN address:", err)
 				return err
@@ -62,7 +51,6 @@ func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
 		if mtu, err := iface.MTU(); err == nil {
 			tun.mtu = uint64(mtu)
 		}
-		tun.log.Printf("TUN is set up successfully")
 		return nil
 	})
 }
Author	SHA1	Message	Date
Neil Alexander	2bc2b77ed9	Update ironwood dependency (temporary replace)	2024-07-24 18:28:08 +01:00
Neil Alexander	bfdcf0762f	Link cost-aware routing	2024-07-24 18:28:08 +01:00