Yggdrasil Go Versions Save

Added

• A new peer option ?maxbackoff=X has been added to control the maximum backoff time for a given peer, supports duration values like 5m, 1h etc

Changed

• The maximum backoff period for failing peer connections has been reduced to just over 1 hour, compared to 4.5 hours before
• The getPeers endpoint now sorts peers in a more stable fashion
• Upgrade dependencies

Fixed

• A bug where QUIC listeners could stop listening for incoming connections unexpectedly has been fixed
• The priority tiebreak between multiple peerings to the same node has been fixed
• Peer connection ordering is no longer sensitive to poor system time resolution
• The admin socket now verifies the length of input public keys
• The PPROFLISTEN environment variable has been fixed and now starts the pprof listener correctly
• A panic in getPeers has been fixed when using abstract UNIX sockets on Linux

Fixed

• Fixed a crash that could happen when calculating the size of bloom filters during encoding

Fixed

• Fixed a data race from buffered pathfinder traffic
• Fix a bug where the next-hop selection may not take shortcuts through treespace
• Backoffs are now reset correctly when a successful handshake is completed
• Backoffs will no longer exceed roughly 4.5 hours when peers are down for a long time
• The -normaliseconf option will now work correctly with PrivateKeyPath
• Improved the reliability of QUIC peering setup by disabling 0-RTT

Added

• New -publickey command line option that prints the derived public key from a configuration file
• Support for connecting to TLS peers via SOCKS with the new sockstls:// link schema

Changed

• Stabilise tree parent selection algorithm
• Improved logging when the TUN interface fails to set up

Fixed

• Fixed a panic that could occur when a connection reaches an inconsistent error state
• The admin socket will now report more peering handshake error conditions in getPeers
• Yggdrasil will no longer panic at startup when duplicate peers are configured
• The build script will no longer incorrectly import LDFLAGS from the environment

Fixed

• Fix the Debian package so that upgrades are handled more smoothly

NOTE: If you are using the Debian package and upgrading an existing installation, you may need to update your AdminListen line in your configuration file to unix:///var/run/yggdrasil/yggdrasil.sock or delete the AdminListen line altogether.

Added

• Authenticated peering handshake with optional password, i.e.
  • For listeners: tls://[::]:12345?password=123456abcdef
  • For peers: tls://a.b.c.d:12345?password=123456abcdef
  • For multicast interfaces with the new Password option in each MulticastInterfaces section
  • Maximum password length is 64 characters
• QUIC support for peerings, by using the new quic:// scheme in Listen and Peers
  • This has not been extensively tested and may perform worse than TCP or TLS peers
• The private key can now be stored in PEM format separately to the main configuration file with the new PrivateKeyPath configuration file option
  • Use the -exportkey flag to export the key to a file from an existing config

Changed

• New routing scheme, which is backwards incompatible with previous versions of Yggdrasil
  • The wire protocol version number, exchanged as part of the peer setup handshake, has been increased to 0.5
  • Nodes running this new version will not be able to peer with earlier versions of Yggdrasil
  • A DHT is no longer used to map public keys and routes through treespace
  • Bloom filters are used to track on-tree links and nodes reachable via that link
  • Nodes now gossip separate per-link information which is tracked in CRDT structures, forcing local consistency and preventing unnecessary flapping when a route to the root node has changed or is broken
  • Greedy routing is once again used instead of source routing
  • Per-link keepalives have been replaced with periodic acknowledgements, reducing idle bandwidth
• The link handshake and multicast beacon formats have been revised for better future extensibility
• The link code has been refactored for more robust tracking of peering states
  • As a result, the admin socket is now able to report information about configured peerings that are down
  • Reconnect intervals are now tracked separately for each configured peer with exponential backoffs

Removed

• Yggdrasil will no longer request BBR congestion control for TCP and TLS peerings on Linux

Fixed

• Restored removePeer admin socket endpoint
• Fixed the RetryPeersNow API call for mobile

Fixed

• A bug which could result in high CPU usage after a network interface change has been fixed
• TLS listeners no longer require a TLS client certificate, as it is not necessary
• A panic in the mobile wrapper has been fixed when getting peers JSON

Added

• Authenticated peering handshake with optional password, i.e.
  • For listeners: tls://[::]:12345?password=123456abcdef
  • For peers: tls://a.b.c.d:12345?password=123456abcdef
  • For multicast interfaces with the new Password option in each MulticastInterfaces section
  • Maximum password length is 64 characters
• QUIC support for peerings, by using the new quic:// scheme in Listen and Peers
  • This has not been extensively tested and may perform worse than TCP or TLS peers
• The private key can now be stored in PEM format separately to the main configuration file with the new PrivateKeyPath configuration file option
  • Use the -exportkey flag to export the key to a file from an existing config

Changed

• New routing scheme, which is backwards incompatible with previous versions of Yggdrasil
  • The wire protocol version number, exchanged as part of the peer setup handshake, has been increased to 0.5
  • Nodes running this new version will not be able to peer with earlier versions of Yggdrasil
  • A DHT is no longer used to map public keys and routes through treespace
  • Bloom filters are used to track on-tree links and nodes reachable via that link
  • Nodes now gossip separate per-link information which is tracked in CRDT structures, forcing local consistency and preventing unnecessary flapping when a route to the root node has changed or is broken
  • Greedy routing is once again used instead of source routing
  • Per-link keepalives have been replaced with periodic acknowledgements, reducing idle bandwidth
• The link handshake and multicast beacon formats have been revised for better future extensibility
• The link code has been refactored for more robust tracking of peering states
  • As a result, the admin socket is now able to report information about configured peerings that are down
  • Reconnect intervals are now tracked separately for each configured peer with exponential backoffs

Removed

• Yggdrasil will no longer request BBR congestion control for TCP and TLS peerings on Linux

Added

• Dropped outbound peerings will now try to reconnect after a single second, rather than waiting up to 60 seconds for the normal peer timer

Changed

• Session encryption keys are now rotated at most once per minute, which reduces CPU usage and improves throughput on fast low latency links
• Buffers are now reused in the session encryption handler, which improves session throughput and reduces memory allocations
• Buffers are now reused in the router for DHT and path traffic, which improves overall routing throughput and reduces memory allocations

Fixed

• A bug in the admin socket where requests fail unless arguments is specified has been fixed
• Certificates on TLS listeners will no longer expire after a year
• The -address and -subnet command line options now return a useful warning when no configuration is specified