Version 0.5.0 RC3

Fixed

• Restored removePeer admin socket endpoint
• Fixed the RetryPeersNow API call for mobile

Version 0.5.0 RC2

Fixed

• A bug which could result in high CPU usage after a network interface change has been fixed
• TLS listeners no longer require a TLS client certificate, as it is not necessary
• A panic in the mobile wrapper has been fixed when getting peers JSON

Version 0.5.0 RC1

Added

• Authenticated peering handshake with optional password, i.e.
  • For listeners: tls://[::]:12345?password=123456abcdef
  • For peers: tls://a.b.c.d:12345?password=123456abcdef
  • For multicast interfaces with the new Password option in each MulticastInterfaces section
  • Maximum password length is 64 characters
• QUIC support for peerings, by using the new quic:// scheme in Listen and Peers
  • This has not been extensively tested and may perform worse than TCP or TLS peers
• The private key can now be stored in PEM format separately to the main configuration file with the new PrivateKeyPath configuration file option
  • Use the -exportkey flag to export the key to a file from an existing config

Changed

• New routing scheme, which is backwards incompatible with previous versions of Yggdrasil
  • The wire protocol version number, exchanged as part of the peer setup handshake, has been increased to 0.5
  • Nodes running this new version will not be able to peer with earlier versions of Yggdrasil
  • A DHT is no longer used to map public keys and routes through treespace
  • Bloom filters are used to track on-tree links and nodes reachable via that link
  • Nodes now gossip separate per-link information which is tracked in CRDT structures, forcing local consistency and preventing unnecessary flapping when a route to the root node has changed or is broken
  • Greedy routing is once again used instead of source routing
  • Per-link keepalives have been replaced with periodic acknowledgements, reducing idle bandwidth
• The link handshake and multicast beacon formats have been revised for better future extensibility
• The link code has been refactored for more robust tracking of peering states
  • As a result, the admin socket is now able to report information about configured peerings that are down
  • Reconnect intervals are now tracked separately for each configured peer with exponential backoffs

Removed

• Yggdrasil will no longer request BBR congestion control for TCP and TLS peerings on Linux

Version 0.4.7

Added

• Dropped outbound peerings will now try to reconnect after a single second, rather than waiting up to 60 seconds for the normal peer timer

Changed

• Session encryption keys are now rotated at most once per minute, which reduces CPU usage and improves throughput on fast low latency links
• Buffers are now reused in the session encryption handler, which improves session throughput and reduces memory allocations
• Buffers are now reused in the router for DHT and path traffic, which improves overall routing throughput and reduces memory allocations

Fixed

• A bug in the admin socket where requests fail unless arguments is specified has been fixed
• Certificates on TLS listeners will no longer expire after a year
• The -address and -subnet command line options now return a useful warning when no configuration is specified

Version 0.4.6

Added

• Support for prioritising multiple peerings to the same node has been added, useful for nodes with multiple network interfaces
  • The priority can be configured by specifying ?priority=X in a Peers or Listen URI, or by specifying Priority within a MulticastInterfaces configuration entry
  • Priorities are values between 0 and 254 (default is 0), lower numbers are prioritised and nodes will automatically negotiate the higher of the two values

Changed

• On Linux, SO_REUSEADDR is now used on the multicast port instead of SO_REUSEPORT, which should allow processes running under different users to run simultaneously

Fixed

• Adding peers using the InterfacePeers configuration option should now work correctly again
• Multiple connections from the same remote IP address will no longer be incorrectly dropped
• The admin socket will no longer incorrectly claim TCP connections as TLS
• A panic that could occur when calling GetPeers while a peering link is being set up has been fixed

Version 0.4.5

Added

• Support for peering over UNIX sockets is now available, by configuring Listen and peering URIs in the unix:///path/to/socket.sock format

Changed

• yggdrasilctl has been refactored and now has cleaner output
• It is now possible to addPeer and removePeer using the admin socket again
• The getSessions admin socket call reports number of bytes received and transmitted again
• The link setup code has been refactored, making it easier to support new peering types in the future
• Yggdrasil now maintains configuration internally, rather than relying on a shared and potentially mutable structure

Fixed

• Tracking information about expired root nodes has been fixed, which should hopefully resolve issues with reparenting and connection failures when the root node disappears
• A bug in the mobile framework code which caused a crash on Android when multicast failed to set up has been fixed
• Yggdrasil should now shut down gracefully and clean up correctly when running as a Windows service

Version 0.4.4

Fixed

• ICMPv6 "Packet Too Big" payload size has been increased, which should fix Path MTU Discovery (PMTUD) when two nodes have different IfMTU values configured
• A crash has been fixed when handling debug packet responses
• yggdrasilctl getSelf should now report coordinates correctly again

Changed

• Go 1.17 is now required to build Yggdrasil

Version 0.4.3

Added

• bytes_sent, bytes_recvd and uptime have been added to getPeers
• Clearer logging when connections are rejected due to incompatible peer versions

Fixed

• Latency-based parent selection tiebreak is now reliable on platforms even with low timer resolution
• Tree distance calculation offsets have been corrected

Version 0.4.2

This is an emergency release to correct build issues introduced in v0.4.1 and includes no other changes. Please see the Version 0.4.1 release notes for more information about the contents of this release.

Fixed

• Reverted a dependency update which resulted in problems building with Go 1.16 and running on Windows

Version 0.4.1

Added

• TLS peerings now support Server Name Indication (SNI)
  • The SNI is sent automatically if the peering URI contains a DNS name
  • A custom SNI can be specified by adding the ?sni=domain.com parameter to the peering URI
• A new ipv6rwc API package now implements the IPv6-specific logic separate from the tun package

Fixed

• A crash when calculating the partial public key for very high IPv6 addresses has been fixed
• A crash due to a concurrent map write has been fixed
• A crash due to missing TUN configuration has been fixed
• A race condition in the keystore code has been fixed