zstd should reuse ctx to avoid huge mmap cost (#941)

1. ospf route conn map should also use version
2. treat nopat as cone

.cargo/config.toml

@@ -6,72 +6,84 @@ rustflags = ["-C", "linker-flavor=ld.lld"]
 linker = "aarch64-linux-gnu-gcc"
 
 [target.aarch64-unknown-linux-musl]
-linker = "aarch64-linux-musl-gcc"
+linker = "aarch64-unknown-linux-musl-gcc"
 rustflags = ["-C", "target-feature=+crt-static"]
 
 [target.'cfg(all(windows, target_env = "msvc"))']
 rustflags = ["-C", "target-feature=+crt-static"]
 
 [target.mipsel-unknown-linux-musl]
-linker = "mipsel-linux-muslsf-gcc"
+linker = "mipsel-unknown-linux-muslsf-gcc"
 rustflags = [
     "-C",
     "target-feature=+crt-static",
     "-L",
-    "./musl_gcc/mipsel-linux-muslsf-cross/mipsel-linux-muslsf/lib",
+    "./musl_gcc/mipsel-unknown-linux-muslsf/mipsel-unknown-linux-muslsf/lib",
     "-L",
-    "./musl_gcc/mipsel-linux-muslsf-cross/lib/gcc/mipsel-linux-muslsf/11.2.1",
+    "./musl_gcc/mipsel-unknown-linux-muslsf/mipsel-unknown-linux-muslsf/sysroot/usr/lib",
+    "-L",
+    "./musl_gcc/mipsel-unknown-linux-muslsf/lib/gcc/mipsel-unknown-linux-muslsf/15.1.0",
     "-l",
     "atomic",
     "-l",
     "ctz",
+    "-l",
+    "gcc",
 ]
 
 [target.mips-unknown-linux-musl]
-linker = "mips-linux-muslsf-gcc"
+linker = "mips-unknown-linux-muslsf-gcc"
 rustflags = [
     "-C",
     "target-feature=+crt-static",
     "-L",
-    "./musl_gcc/mips-linux-muslsf-cross/mips-linux-muslsf/lib",
+    "./musl_gcc/mips-unknown-linux-muslsf/mips-unknown-linux-muslsf/lib",
     "-L",
-    "./musl_gcc/mips-linux-muslsf-cross/lib/gcc/mips-linux-muslsf/11.2.1",
+    "./musl_gcc/mips-unknown-linux-muslsf/mips-unknown-linux-muslsf/sysroot/usr/lib",
+    "-L",
+    "./musl_gcc/mips-unknown-linux-muslsf/lib/gcc/mips-unknown-linux-muslsf/15.1.0",
     "-l",
     "atomic",
     "-l",
     "ctz",
+    "-l",
+    "gcc",
 ]
 
 [target.armv7-unknown-linux-musleabihf]
-linker = "armv7l-linux-musleabihf-gcc"
+linker = "armv7-unknown-linux-musleabihf-gcc"
 rustflags = ["-C", "target-feature=+crt-static"]
 
 [target.armv7-unknown-linux-musleabi]
-linker = "armv7m-linux-musleabi-gcc"
+linker = "armv7-unknown-linux-musleabi-gcc"
 rustflags = ["-C", "target-feature=+crt-static"]
 
 [target.arm-unknown-linux-musleabihf]
-linker = "arm-linux-musleabihf-gcc"
+linker = "arm-unknown-linux-musleabihf-gcc"
 rustflags = [
     "-C",
     "target-feature=+crt-static",
     "-L",
-    "./musl_gcc/arm-linux-musleabihf-cross/arm-linux-musleabihf/lib",
+    "./musl_gcc/arm-unknown-linux-musleabihf/arm-unknown-linux-musleabihf/lib",
     "-L",
-    "./musl_gcc/arm-linux-musleabihf-cross/lib/gcc/arm-linux-musleabihf/11.2.1",
+    "./musl_gcc/arm-unknown-linux-musleabihf/lib/gcc/arm-unknown-linux-musleabihf/15.1.0",
     "-l",
     "atomic",
+    "-l",
+    "gcc",
 ]
 
 [target.arm-unknown-linux-musleabi]
-linker = "arm-linux-musleabi-gcc"
+linker = "arm-unknown-linux-musleabi-gcc"
 rustflags = [
     "-C",
     "target-feature=+crt-static",
     "-L",
-    "./musl_gcc/arm-linux-musleabi-cross/arm-linux-musleabi/lib",
+    "./musl_gcc/arm-unknown-linux-musleabi/arm-unknown-linux-musleabi/lib",
     "-L",
-    "./musl_gcc/arm-linux-musleabi-cross/lib/gcc/arm-linux-musleabi/11.2.1",
+    "./musl_gcc/arm-unknown-linux-musleabi/lib/gcc/arm-unknown-linux-musleabi/15.1.0",
     "-l",
     "atomic",
+    "-l",
+    "gcc",
 ]

.github/workflows/Dockerfile

@@ -18,7 +18,7 @@ RUN mkdir -p /tmp/output; \
 
 FROM alpine:latest
 
-RUN apk add --no-cache tzdata
+RUN apk add --no-cache tzdata tini
 WORKDIR /app
 COPY --from=builder --chmod=755 /tmp/output/* /usr/local/bin
 
@@ -36,4 +36,4 @@ EXPOSE 11011/tcp
 # wss
 EXPOSE 11012/tcp
 
-ENTRYPOINT ["easytier-core"]
+ENTRYPOINT ["/sbin/tini", "--", "easytier-core"]

.github/workflows/core.yml

@@ -31,6 +31,47 @@ jobs:
           skip_after_successful_duplicate: 'true'
           cancel_others: 'true'
           paths: '["Cargo.toml", "Cargo.lock", "easytier/**", ".github/workflows/core.yml", ".github/workflows/install_rust.sh"]'
+  build_web:
+    runs-on: ubuntu-latest
+    needs: pre_job
+    if: needs.pre_job.outputs.should_skip != 'true'
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 21
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v3
+        with:
+          version: 9
+          run_install: false
+
+      - name: Get pnpm store directory
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+      - name: Setup pnpm cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Install frontend dependencies
+        run: |
+          pnpm -r install
+          pnpm -r --filter "./easytier-web/*"  build
+
+      - name: Archive artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: easytier-web-dashboard
+          path: |
+            easytier-web/frontend/dist/*
   build:
     strategy:
       fail-fast: false
@@ -71,10 +112,12 @@ jobs:
           - TARGET: x86_64-pc-windows-msvc
             OS: windows-latest
             ARTIFACT_NAME: windows-x86_64
-
           - TARGET: aarch64-pc-windows-msvc
             OS: windows-latest
             ARTIFACT_NAME: windows-arm64
+          - TARGET: i686-pc-windows-msvc
+            OS: windows-latest
+            ARTIFACT_NAME: windows-i686
 
           - TARGET: x86_64-unknown-freebsd
             OS: ubuntu-22.04
@@ -87,7 +130,9 @@ jobs:
       TARGET: ${{ matrix.TARGET }}
       OS: ${{ matrix.OS }}
       OSS_BUCKET: ${{ secrets.ALIYUN_OSS_BUCKET }}
-    needs: pre_job
+    needs:
+      - pre_job
+      - build_web
     if: needs.pre_job.outputs.should_skip != 'true'
     steps:
       - uses: actions/checkout@v3
@@ -96,7 +141,14 @@ jobs:
         run: |
           echo "GIT_DESC=$(git log -1 --format=%cd.%h --date=format:%Y-%m-%d_%H:%M:%S)" >> $GITHUB_ENV
 
+      - name: Download web artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: easytier-web-dashboard
+          path: easytier-web/frontend/dist/
+
       - name: Cargo cache
+        if: ${{ ! endsWith(matrix.TARGET, 'freebsd') }}
         uses: actions/cache@v4
         with:
           path: |
@@ -114,26 +166,38 @@ jobs:
         if: ${{ ! endsWith(matrix.TARGET, 'freebsd') }}
         run: |
           bash ./.github/workflows/install_rust.sh
+
+          # we set the sysroot when sysroot is a dir
+          # this dir is a soft link generated by install_rust.sh
+          # kcp-sys need this to gen ffi bindings. without this clang may fail to find some libc headers such as bits/libc-header-start.h
+          if [[ -d "./musl_gcc/sysroot" ]]; then
+            export BINDGEN_EXTRA_CLANG_ARGS=--sysroot=$(readlink -f ./musl_gcc/sysroot)
+          fi
+
           if [[ $OS =~ ^ubuntu.*$ && $TARGET =~ ^mips.*$ ]]; then
             cargo +nightly build -r --verbose --target $TARGET -Z build-std=std,panic_abort --no-default-features --features mips --package=easytier
           else
+            if [[ $OS =~ ^windows.*$ ]]; then
+              SUFFIX=.exe
+            fi
+            cargo build --release --verbose --target $TARGET --package=easytier-web --features=embed
+            mv ./target/$TARGET/release/easytier-web"$SUFFIX" ./target/$TARGET/release/easytier-web-embed"$SUFFIX"
             cargo build --release --verbose --target $TARGET
           fi
 
       # Copied and slightly modified from @lmq8267 (https://github.com/lmq8267)
       - name: Build Core & Cli (X86_64 FreeBSD)
-        uses: cross-platform-actions/action@v0.23.0
+        uses: vmactions/freebsd-vm@v1
         if: ${{ endsWith(matrix.TARGET, 'freebsd') }}
         env:
           TARGET: ${{ matrix.TARGET }}
         with:
-          operating_system: freebsd
-          environment_variables: TARGET
-          architecture: x86-64
-          version: ${{ matrix.BSD_VERSION }}
-          shell: bash
-          memory: 5G
-          cpu_count: 4
+          envs: TARGET
+          release: ${{ matrix.BSD_VERSION }}
+          arch: x86_64
+          usesh: true
+          mem: 6144
+          cpu: 4
           run: |
             uname -a
             echo $SHELL
@@ -142,40 +206,36 @@ jobs:
             whoami
             env | sort
 
-            sudo pkg install -y git protobuf
+            pkg install -y git protobuf llvm-devel sudo curl
             curl --proto 'https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-            source $HOME/.cargo/env
+            . $HOME/.cargo/env
 
             rustup set auto-self-update disable
 
-            rustup install 1.77
-            rustup default 1.77
+            rustup install 1.86
+            rustup default 1.86
 
             export CC=clang
             export CXX=clang++
             export CARGO_TERM_COLOR=always
 
+            cargo build --release --verbose --target $TARGET --package=easytier-web --features=embed
+            mv ./target/$TARGET/release/easytier-web ./target/$TARGET/release/easytier-web-embed
             cargo build --release --verbose --target $TARGET
 
-      - name: Install UPX
-        if: ${{ matrix.OS != 'macos-latest' }}
-        uses: crazy-max/ghaction-upx@v3
-        with:
-          version: latest
-          install-only: true
-
       - name: Compress
         run: |
           mkdir -p ./artifacts/objects/
           # windows is the only OS using a different convention for executable file name
           if [[ $OS =~ ^windows.*$ && $TARGET =~ ^x86_64.*$ ]]; then
               SUFFIX=.exe
-              cp easytier/third_party/Packet.dll ./artifacts/objects/
-              cp easytier/third_party/wintun.dll ./artifacts/objects/
+              cp easytier/third_party/*.dll ./artifacts/objects/
+          elif [[ $OS =~ ^windows.*$ && $TARGET =~ ^i686.*$ ]]; then
+              SUFFIX=.exe
+              cp easytier/third_party/i686/*.dll ./artifacts/objects/
           elif [[ $OS =~ ^windows.*$ && $TARGET =~ ^aarch64.*$ ]]; then
               SUFFIX=.exe
-              cp easytier/third_party/arm64/Packet.dll ./artifacts/objects/
-              cp easytier/third_party/arm64/wintun.dll ./artifacts/objects/
+              cp easytier/third_party/arm64/*.dll ./artifacts/objects/
           fi
           if [[ $GITHUB_REF_TYPE =~ ^tag$ ]]; then
             TAG=$GITHUB_REF_NAME
@@ -184,14 +244,18 @@ jobs:
           fi
 
           if [[ $OS =~ ^ubuntu.*$ && ! $TARGET =~ ^.*freebsd$ ]]; then
-            upx --lzma --best ./target/$TARGET/release/easytier-core"$SUFFIX"
-            upx --lzma --best ./target/$TARGET/release/easytier-cli"$SUFFIX"
+            UPX_VERSION=5.0.1
+            curl -L https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-amd64_linux.tar.xz -s | tar xJvf -
+            cp upx-${UPX_VERSION}-amd64_linux/upx .
+            ./upx --lzma --best ./target/$TARGET/release/easytier-core"$SUFFIX"
+            ./upx --lzma --best ./target/$TARGET/release/easytier-cli"$SUFFIX"
           fi
 
           mv ./target/$TARGET/release/easytier-core"$SUFFIX" ./artifacts/objects/
           mv ./target/$TARGET/release/easytier-cli"$SUFFIX" ./artifacts/objects/
           if [[ ! $TARGET =~ ^mips.*$ ]]; then
             mv ./target/$TARGET/release/easytier-web"$SUFFIX" ./artifacts/objects/
+            mv ./target/$TARGET/release/easytier-web-embed"$SUFFIX" ./artifacts/objects/
           fi
 
           mv ./artifacts/objects/* ./artifacts/
@@ -204,25 +268,52 @@ jobs:
           path: |
             ./artifacts/*
 
-      - name: Upload OSS
-        if: ${{ env.OSS_BUCKET != '' }}
-        uses: Menci/upload-to-oss@main
-        with:
-          access-key-id: ${{ secrets.ALIYUN_OSS_ACCESS_ID }}
-          access-key-secret: ${{ secrets.ALIYUN_OSS_ACCESS_KEY }}
-          endpoint: ${{ secrets.ALIYUN_OSS_ENDPOINT }}
-          bucket: ${{ secrets.ALIYUN_OSS_BUCKET }}
-          local-path: ./artifacts/
-          remote-path: /easytier-releases/${{env.GIT_DESC}}/easytier-${{ matrix.ARTIFACT_NAME }}
-          no-delete-remote-files: true
-          retry: 5
   core-result:
     if: needs.pre_job.outputs.should_skip != 'true' && always()
     runs-on: ubuntu-latest
     needs:
       - pre_job
+      - build_web
       - build
     steps:
       - name: Mark result as failed
         if: needs.build.result != 'success'
         run: exit 1
+
+  magisk_build:
+    needs: 
+      - pre_job
+      - build_web
+      - build
+    if: needs.pre_job.outputs.should_skip != 'true' && always()
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4  # 必须先检出代码才能获取模块配置
+
+      # 下载二进制文件到独立目录
+      - name: Download Linux aarch64 binaries
+        uses: actions/download-artifact@v4
+        with:
+          name: easytier-linux-aarch64
+          path: ./downloaded-binaries/  # 独立目录避免冲突
+
+      # 将二进制文件复制到 Magisk 模块目录
+      - name: Prepare binaries
+        run: |
+          mkdir -p ./easytier-contrib/easytier-magisk/
+          cp ./downloaded-binaries/easytier-core ./easytier-contrib/easytier-magisk/
+          cp ./downloaded-binaries/easytier-cli ./easytier-contrib/easytier-magisk/
+          cp ./downloaded-binaries/easytier-web ./easytier-contrib/easytier-magisk/
+
+
+      # 上传生成的模块
+      - name: Upload Magisk Module
+        uses: actions/upload-artifact@v4
+        with:
+          name: Easytier-Magisk
+          path: |
+            ./easytier-contrib/easytier-magisk
+            !./easytier-contrib/easytier-magisk/build.sh
+            !./easytier-contrib/easytier-magisk/magisk_update.json
+          if-no-files-found: error

.github/workflows/docker.yml

@@ -11,7 +11,7 @@ on:
       image_tag:
         description: 'Tag for this image build'
         type: string
-        default: 'v1.2.0'
+        default: 'v2.3.1'
         required: true
       mark_latest:
         description: 'Mark this image as latest'
@@ -39,6 +39,12 @@ jobs:
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: login github container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Download artifact
         id: download-artifact
         uses: dawidd6/action-download-artifact@v6
@@ -58,4 +64,6 @@ jobs:
           platforms: linux/amd64,linux/arm64
           push: true
           file: .github/workflows/Dockerfile
-          tags: easytier/easytier:${{ inputs.image_tag }}${{ inputs.mark_latest && ',easytier/easytier:latest' || '' }},
+          tags: |
+            easytier/easytier:${{ inputs.image_tag }}${{ inputs.mark_latest && ',easytier/easytier:latest' || '' }},
+            ghcr.io/easytier/easytier:${{ inputs.image_tag }}${{ inputs.mark_latest && ',easytier/easytier:latest' || '' }},

.github/workflows/gui.yml

@@ -63,6 +63,11 @@ jobs:
             GUI_TARGET: aarch64-pc-windows-msvc
             ARTIFACT_NAME: windows-arm64
 
+          - TARGET: i686-pc-windows-msvc
+            OS: windows-latest
+            GUI_TARGET: i686-pc-windows-msvc
+            ARTIFACT_NAME: windows-i686
+
     runs-on: ${{ matrix.OS }}
     env:
       NAME: easytier
@@ -73,6 +78,56 @@ jobs:
     needs: pre_job
     if: needs.pre_job.outputs.should_skip != 'true'    
     steps:
+      - name: Install GUI dependencies (x86 only)
+        if: ${{ matrix.TARGET == 'x86_64-unknown-linux-musl' }}
+        run: |
+          sudo apt update
+          sudo apt install -qq libwebkit2gtk-4.1-dev \
+              build-essential \
+              curl \
+              wget \
+              file \
+              libgtk-3-dev \
+              librsvg2-dev \
+              libxdo-dev \
+              libssl-dev \
+              patchelf
+
+      - name: Install GUI cross compile (aarch64 only)
+        if: ${{ matrix.TARGET == 'aarch64-unknown-linux-musl' }}
+        run: |
+          # see https://tauri.app/v1/guides/building/linux/
+          echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy main restricted" | sudo tee /etc/apt/sources.list
+          echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy-updates main restricted" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy universe" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy-updates universe" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy multiverse" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy-updates multiverse" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy-backports main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=amd64] http://security.ubuntu.com/ubuntu/ jammy-security main restricted" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=amd64] http://security.ubuntu.com/ubuntu/ jammy-security universe" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=amd64] http://security.ubuntu.com/ubuntu/ jammy-security multiverse" | sudo tee -a /etc/apt/sources.list
+
+          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy main restricted" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy-updates main restricted" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy universe" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy-updates universe" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy multiverse" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy-updates multiverse" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy-backports main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy-security main restricted" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy-security universe" | sudo tee -a /etc/apt/sources.list
+          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy-security multiverse" | sudo tee -a /etc/apt/sources.list
+
+          sudo dpkg --add-architecture arm64
+          sudo apt update
+          sudo apt install aptitude
+          sudo aptitude install -y libgstreamer1.0-0:arm64 gstreamer1.0-plugins-base:arm64 gstreamer1.0-plugins-good:arm64 \
+            libgstreamer-gl1.0-0:arm64 libgstreamer-plugins-base1.0-0:arm64 libgstreamer-plugins-good1.0-0:arm64 libwebkit2gtk-4.1-0:arm64 \
+            libwebkit2gtk-4.1-dev:arm64 libssl-dev:arm64 gcc-aarch64-linux-gnu
+          echo "PKG_CONFIG_SYSROOT_DIR=/usr/aarch64-linux-gnu/" >> "$GITHUB_ENV"
+          echo "PKG_CONFIG_PATH=/usr/lib/aarch64-linux-gnu/pkgconfig/" >> "$GITHUB_ENV"
+
       - uses: actions/checkout@v3
 
       - name: Set current ref as env variable
@@ -124,45 +179,13 @@ jobs:
           # GitHub repo token to use to avoid rate limiter
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Install GUI cross compile (aarch64 only)
-        if: ${{ matrix.TARGET == 'aarch64-unknown-linux-musl' }}
-        run: |
-          # see https://tauri.app/v1/guides/building/linux/
-          echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy main restricted" | sudo tee /etc/apt/sources.list
-          echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy-updates main restricted" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy universe" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy-updates universe" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy multiverse" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy-updates multiverse" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy-backports main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=amd64] http://security.ubuntu.com/ubuntu/ jammy-security main restricted" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=amd64] http://security.ubuntu.com/ubuntu/ jammy-security universe" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=amd64] http://security.ubuntu.com/ubuntu/ jammy-security multiverse" | sudo tee -a /etc/apt/sources.list
-
-          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy main restricted" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy-updates main restricted" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy universe" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy-updates universe" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy multiverse" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy-updates multiverse" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy-backports main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy-security main restricted" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy-security universe" | sudo tee -a /etc/apt/sources.list
-          echo "deb [arch=armhf,arm64] http://ports.ubuntu.com/ubuntu-ports jammy-security multiverse" | sudo tee -a /etc/apt/sources.list
-
-          sudo dpkg --add-architecture arm64
-          sudo apt-get update
-          sudo apt-get install -y libgstreamer1.0-0:arm64 gstreamer1.0-plugins-base:arm64 gstreamer1.0-plugins-good:arm64 
-          sudo apt-get install -y libgstreamer-gl1.0-0:arm64 libgstreamer-plugins-base1.0-0:arm64 libgstreamer-plugins-good1.0-0:arm64 libwebkit2gtk-4.1-0:arm64
-          sudo apt install -f -o Dpkg::Options::="--force-overwrite" libwebkit2gtk-4.1-dev:arm64 libssl-dev:arm64 gcc-aarch64-linux-gnu
-          echo "PKG_CONFIG_SYSROOT_DIR=/usr/aarch64-linux-gnu/" >> "$GITHUB_ENV"
-          echo "PKG_CONFIG_PATH=/usr/lib/aarch64-linux-gnu/pkgconfig/" >> "$GITHUB_ENV"
-
       - name: copy correct DLLs
         if: ${{ matrix.OS == 'windows-latest' }}
         run: |
           if [[ $GUI_TARGET =~ ^aarch64.*$ ]]; then
             cp ./easytier/third_party/arm64/*.dll ./easytier-gui/src-tauri/
+          elif [[ $GUI_TARGET =~ ^i686.*$ ]]; then
+            cp ./easytier/third_party/i686/*.dll ./easytier-gui/src-tauri/
           else
             cp ./easytier/third_party/*.dll ./easytier-gui/src-tauri/
           fi
@@ -207,18 +230,6 @@ jobs:
           path: |
             ./artifacts/*
 
-      - name: Upload OSS
-        if: ${{ env.OSS_BUCKET != '' }}
-        uses: Menci/upload-to-oss@main
-        with:
-          access-key-id: ${{ secrets.ALIYUN_OSS_ACCESS_ID }}
-          access-key-secret: ${{ secrets.ALIYUN_OSS_ACCESS_KEY }}
-          endpoint: ${{ secrets.ALIYUN_OSS_ENDPOINT }}
-          bucket: ${{ secrets.ALIYUN_OSS_BUCKET }}
-          local-path: ./artifacts/
-          remote-path: /easytier-releases/${{env.GIT_DESC}}/easytier-gui-${{ matrix.ARTIFACT_NAME }}
-          no-delete-remote-files: true
-          retry: 5
   gui-result:
     if: needs.pre_job.outputs.should_skip != 'true' && always()
     runs-on: ubuntu-latest

.github/workflows/install_rust.sh

@@ -8,61 +8,33 @@
 # dependencies are only needed on ubuntu as that's the only place where
 # we make cross-compilation
 if [[ $OS =~ ^ubuntu.*$ ]]; then
-    sudo apt-get update && sudo apt-get install -qq crossbuild-essential-arm64 crossbuild-essential-armhf musl-tools libappindicator3-dev
-    # for easytier-gui
-    if [[ $GUI_TARGET != '' && $GUI_TARGET =~ ^x86_64.*$ ]]; then
-        sudo apt install -qq libwebkit2gtk-4.1-dev \
-            build-essential \
-            curl \
-            wget \
-            file \
-            libgtk-3-dev \
-            librsvg2-dev \
-            libxdo-dev \
-            libssl-dev \
-            patchelf
+    sudo apt-get update && sudo apt-get install -qq musl-tools libappindicator3-dev llvm clang
+    # https://github.com/cross-tools/musl-cross/releases
+    # if "musl" is a substring of TARGET, we assume that we are using musl
+    MUSL_TARGET=$TARGET
+    # if target is mips or mipsel, we should use soft-float version of musl
+    if [[ $TARGET =~ ^mips.*$ || $TARGET =~ ^mipsel.*$ ]]; then
+        MUSL_TARGET=${TARGET}sf
     fi
-    #  curl -s musl.cc | grep mipsel
-    case $TARGET in
-    mipsel-unknown-linux-musl)
-        MUSL_URI=mipsel-linux-muslsf
-        ;;
-    mips-unknown-linux-musl)
-        MUSL_URI=mips-linux-muslsf
-        ;;
-    aarch64-unknown-linux-musl)
-        MUSL_URI=aarch64-linux-musl
-        ;;
-    armv7-unknown-linux-musleabihf)
-        MUSL_URI=armv7l-linux-musleabihf
-        ;;
-    armv7-unknown-linux-musleabi)
-        MUSL_URI=armv7m-linux-musleabi
-        ;;
-    arm-unknown-linux-musleabihf)
-        MUSL_URI=arm-linux-musleabihf
-        ;;
-    arm-unknown-linux-musleabi)
-        MUSL_URI=arm-linux-musleabi
-        ;;
-    esac
-
-    if [ -n "$MUSL_URI" ]; then
+    if [[ $MUSL_TARGET =~ musl ]]; then
         mkdir -p ./musl_gcc
-        wget -c https://musl.cc/${MUSL_URI}-cross.tgz -P ./musl_gcc/
-        tar zxf ./musl_gcc/${MUSL_URI}-cross.tgz -C ./musl_gcc/
-        sudo ln -s $(pwd)/musl_gcc/${MUSL_URI}-cross/bin/*gcc /usr/bin/
+        wget --inet4-only -c https://github.com/cross-tools/musl-cross/releases/download/20250520/${MUSL_TARGET}.tar.xz -P ./musl_gcc/
+        tar xf ./musl_gcc/${MUSL_TARGET}.tar.xz -C ./musl_gcc/
+        sudo ln -sf $(pwd)/musl_gcc/${MUSL_TARGET}/bin/*gcc /usr/bin/
+        sudo ln -sf $(pwd)/musl_gcc/${MUSL_TARGET}/include/ /usr/include/musl-cross
+        sudo ln -sf $(pwd)/musl_gcc/${MUSL_TARGET}/${MUSL_TARGET}/sysroot/ ./musl_gcc/sysroot
+        sudo chmod -R a+rwx ./musl_gcc
     fi
 fi
 
 # see https://github.com/rust-lang/rustup/issues/3709
 rustup set auto-self-update disable
-rustup install 1.77
-rustup default 1.77
+rustup install 1.86
+rustup default 1.86
 
 # mips/mipsel cannot add target from rustup, need compile by ourselves
 if [[ $OS =~ ^ubuntu.*$ && $TARGET =~ ^mips.*$ ]]; then
-    cd "$PWD/musl_gcc/${MUSL_URI}-cross/lib/gcc/${MUSL_URI}/11.2.1" || exit 255
+    cd "$PWD/musl_gcc/${MUSL_TARGET}/lib/gcc/${MUSL_TARGET}/15.1.0" || exit 255
     # for panic-abort
     cp libgcc_eh.a libunwind.a
 

.github/workflows/mobile.yml

@@ -146,18 +146,6 @@ jobs:
           path: |
             ./artifacts/*
 
-      - name: Upload OSS
-        if: ${{ env.OSS_BUCKET != '' }}
-        uses: Menci/upload-to-oss@main
-        with:
-          access-key-id: ${{ secrets.ALIYUN_OSS_ACCESS_ID }}
-          access-key-secret: ${{ secrets.ALIYUN_OSS_ACCESS_KEY }}
-          endpoint: ${{ secrets.ALIYUN_OSS_ENDPOINT }}
-          bucket: ${{ secrets.ALIYUN_OSS_BUCKET }}
-          local-path: ./artifacts/
-          remote-path: /easytier-releases/${{env.GIT_DESC}}/easytier-gui-${{ matrix.ARTIFACT_NAME }}
-          no-delete-remote-files: true
-          retry: 5
   mobile-result:
     if: needs.pre_job.outputs.should_skip != 'true' && always()
     runs-on: ubuntu-latest

.github/workflows/release.yml

@@ -21,7 +21,7 @@ on:
       version:
         description: 'Version for this release'
         type: string
-        default: 'v2.1.2'
+        default: 'v2.3.1'
         required: true
       make_latest:
         description: 'Mark this release as latest'
@@ -57,7 +57,7 @@ jobs:
           repo: EasyTier/EasyTier
           path: release_assets_nozip
 
-      - name: Download GUI Artifact
+      - name: Download Mobile Artifact
         uses: dawidd6/action-download-artifact@v6
         with:
           github_token: ${{secrets.GITHUB_TOKEN}}
@@ -78,7 +78,14 @@ jobs:
           ls -l -R ./
           chmod -R 755 .
           for x in `ls`; do
-            zip ../zipped_assets/$x-${VERSION}.zip $x/*;
+            if [ "$x" = "Easytier-Magisk" ]; then
+              # for Easytier-Magisk, make sure files are in the root of the zip
+              cd $x;
+              zip -r ../../zipped_assets/$x-${VERSION}.zip .;
+              cd ..;
+            else
+              zip -r ../zipped_assets/$x-${VERSION}.zip $x;
+            fi
           done
 
       - name: Release

.github/workflows/test.yml

@@ -47,11 +47,40 @@ jobs:
 
       - name: Setup system for test
         run: |
+          sudo modprobe br_netfilter
           sudo sysctl net.bridge.bridge-nf-call-iptables=0
           sudo sysctl net.bridge.bridge-nf-call-ip6tables=0
           sudo sysctl net.ipv6.conf.lo.disable_ipv6=0
           sudo ip addr add 2001:db8::2/64 dev lo
 
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 21
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v3
+        with:
+          version: 9
+          run_install: false
+
+      - name: Get pnpm store directory
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+      - name: Setup pnpm cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Install frontend dependencies
+        run: |
+          pnpm -r install
+          pnpm -r --filter "./easytier-web/*"  build
+
       - name: Cargo cache
         uses: actions/cache@v4
         with:
@@ -62,6 +91,6 @@ jobs:
 
       - name: Run tests
         run: |
-          sudo -E env "PATH=$PATH" cargo test --no-default-features --features=full --verbose
+          sudo -E env "PATH=$PATH" cargo test --no-default-features --features=full --verbose -- --test-threads=1 --nocapture
           sudo chown -R $USER:$USER ./target
           sudo chown -R $USER:$USER ~/.cargo

Cargo.toml

@@ -1,6 +1,12 @@
 [workspace]
 resolver = "2"
-members = ["easytier", "easytier-gui/src-tauri", "easytier-rpc-build", "easytier-web"]
+members = [
+    "easytier",
+    "easytier-gui/src-tauri",
+    "easytier-rpc-build",
+    "easytier-web",
+    "easytier-contrib/easytier-ffi",
+]
 default-members = ["easytier", "easytier-web"]
 
 [profile.dev]
@@ -10,3 +16,5 @@ panic = "unwind"
 panic = "abort"
 lto = true
 codegen-units = 1
+opt-level = 3
+strip = true

README.md

@@ -1,14 +1,17 @@
 # EasyTier
 
+[![Github release](https://img.shields.io/github/v/tag/EasyTier/EasyTier)](https://github.com/EasyTier/EasyTier/releases)
 [![GitHub](https://img.shields.io/github/license/EasyTier/EasyTier)](https://github.com/EasyTier/EasyTier/blob/main/LICENSE)
 [![GitHub last commit](https://img.shields.io/github/last-commit/EasyTier/EasyTier)](https://github.com/EasyTier/EasyTier/commits/main)
 [![GitHub issues](https://img.shields.io/github/issues/EasyTier/EasyTier)](https://github.com/EasyTier/EasyTier/issues)
 [![GitHub Core Actions](https://github.com/EasyTier/EasyTier/actions/workflows/core.yml/badge.svg)](https://github.com/EasyTier/EasyTier/actions/workflows/core.yml)
 [![GitHub GUI Actions](https://github.com/EasyTier/EasyTier/actions/workflows/gui.yml/badge.svg)](https://github.com/EasyTier/EasyTier/actions/workflows/gui.yml)
+[![GitHub Test Actions](https://github.com/EasyTier/EasyTier/actions/workflows/test.yml/badge.svg)](https://github.com/EasyTier/EasyTier/actions/workflows/test.yml)
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/EasyTier/EasyTier)
 
 [简体中文](/README_CN.md) | [English](/README.md)
 
-**Please visit the [EasyTier Official Website](https://www.easytier.top/en/) to view the full documentation.**
+**Please visit the [EasyTier Official Website](https://easytier.cn/en/) to view the full documentation.**
 
 EasyTier is a simple, safe and decentralized VPN networking solution implemented with the Rust language and Tokio framework.
 
@@ -53,7 +56,7 @@ EasyTier is a simple, safe and decentralized VPN networking solution implemented
 
 4. **Install by Docker Compose**
 
-    Please visit the [EasyTier Official Website](https://www.easytier.cn/en/) to view the full documentation.
+    Please visit the [EasyTier Official Website](https://easytier.cn/en/) to view the full documentation.
 
 5. **Install by script (For Linux Only)**
 
@@ -61,7 +64,36 @@ EasyTier is a simple, safe and decentralized VPN networking solution implemented
     wget -O /tmp/easytier.sh "https://raw.githubusercontent.com/EasyTier/EasyTier/main/script/install.sh" && bash /tmp/easytier.sh install
     ```
 
-    You can also uninstall/update Easytier by the command "uninstall" or "update" of this script
+    The script supports the following commands and options:
+
+    Commands:
+    - `install`: Install EasyTier
+    - `uninstall`: Uninstall EasyTier
+    - `update`: Update EasyTier to the latest version
+    - `help`: Show help message
+
+    Options:
+    - `--skip-folder-verify`: Skip folder verification during installation
+    - `--skip-folder-fix`: Skip automatic folder path fixing
+    - `--no-gh-proxy`: Disable GitHub proxy
+    - `--gh-proxy`: Set custom GitHub proxy URL (default: https://ghfast.top/)
+
+    Examples:
+    ```sh
+    # Show help
+    bash /tmp/easytier.sh help
+
+    # Install with options
+    bash /tmp/easytier.sh install --skip-folder-verify
+    bash /tmp/easytier.sh install --no-gh-proxy
+    bash /tmp/easytier.sh install --gh-proxy https://your-proxy.com/
+
+    # Update EasyTier
+    bash /tmp/easytier.sh update
+
+    # Uninstall EasyTier
+    bash /tmp/easytier.sh uninstall
+    ```
 
 6. **Install by Homebrew (For MacOS Only)**
 

README_CN.md

@@ -8,7 +8,7 @@
 
 [简体中文](/README_CN.md) | [English](/README.md)
 
-**请访问 [EasyTier 官网](https://www.easytier.cn/) 以查看完整的文档。**
+**请访问 [EasyTier 官网](https://easytier.cn/) 以查看完整的文档。**
 
 一个简单、安全、去中心化的内网穿透 VPN 组网方案，使用 Rust 语言和 Tokio 框架实现。
 
@@ -53,7 +53,7 @@
 
 4. **通过Docker Compose安装**
 
-    请访问 [EasyTier 官网](https://www.easytier.cn/) 以查看完整的文档。
+    请访问 [EasyTier 官网](https://easytier.cn/) 以查看完整的文档。
 
 5. **使用一键脚本安装 (仅适用于 Linux)**
 
@@ -61,7 +61,36 @@
     wget -O /tmp/easytier.sh "https://raw.githubusercontent.com/EasyTier/EasyTier/main/script/install.sh" && bash /tmp/easytier.sh install
     ```
 
-    使用本脚本安装的 Easytier 可以使用脚本的 uninstall/update 对其卸载/升级
+    脚本支持以下命令和选项：
+
+    命令：
+    - `install`: 安装 EasyTier
+    - `uninstall`: 卸载 EasyTier
+    - `update`: 更新 EasyTier 到最新版本
+    - `help`: 显示帮助信息
+
+    选项：
+    - `--skip-folder-verify`: 跳过安装过程中的文件夹验证
+    - `--skip-folder-fix`: 跳过自动修复文件夹路径
+    - `--no-gh-proxy`: 禁用 GitHub 代理
+    - `--gh-proxy`: 设置自定义 GitHub 代理 URL (默认值: https://ghfast.top/)
+
+    示例：
+    ```sh
+    # 查看帮助
+    bash /tmp/easytier.sh help
+
+    # 安装（带选项）
+    bash /tmp/easytier.sh install --skip-folder-verify
+    bash /tmp/easytier.sh install --no-gh-proxy
+    bash /tmp/easytier.sh install --gh-proxy https://your-proxy.com/
+
+    # 更新 EasyTier
+    bash /tmp/easytier.sh update
+
+    # 卸载 EasyTier
+    bash /tmp/easytier.sh uninstall
+    ```
 
 6. **使用 Homebrew 安装 (仅适用于 MacOS)**
 

easytier-contrib/easytier-ffi/Cargo.toml

@@ -0,0 +1,16 @@
+[package]
+name = "easytier-ffi"
+version = "0.1.0"
+edition = "2021"
+
+[lib]
+crate-type = ["cdylib"]
+
+[dependencies]
+easytier = { path = "../../easytier" }
+
+once_cell = "1.18.0"
+dashmap = "6.0"
+
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1"

easytier-contrib/easytier-ffi/examples/csharp.cs

@@ -0,0 +1,159 @@
+public class EasyTierFFI
+{
+    // 导入 DLL 函数
+    private const string DllName = "easytier_ffi.dll";
+
+    [DllImport(DllName, CallingConvention = CallingConvention.Cdecl)]
+    private static extern int parse_config([MarshalAs(UnmanagedType.LPStr)] string cfgStr);
+
+    [DllImport(DllName, CallingConvention = CallingConvention.Cdecl)]
+    private static extern int run_network_instance([MarshalAs(UnmanagedType.LPStr)] string cfgStr);
+
+    [DllImport(DllName, CallingConvention = CallingConvention.Cdecl)]
+    private static extern int retain_network_instance(IntPtr instNames, int length);
+
+    [DllImport(DllName, CallingConvention = CallingConvention.Cdecl)]
+    private static extern int collect_network_infos(IntPtr infos, int maxLength);
+
+    [DllImport(DllName, CallingConvention = CallingConvention.Cdecl)]
+    private static extern void get_error_msg(out IntPtr errorMsg);
+
+    [DllImport(DllName, CallingConvention = CallingConvention.Cdecl)]
+    private static extern void free_string(IntPtr str);
+
+    // 定义 KeyValuePair 结构体
+    [StructLayout(LayoutKind.Sequential)]
+    public struct KeyValuePair
+    {
+        public IntPtr Key;
+        public IntPtr Value;
+    }
+
+    // 解析配置
+    public static void ParseConfig(string config)
+    {
+        if (string.IsNullOrEmpty(config))
+        {
+            throw new ArgumentException("Configuration string cannot be null or empty.");
+        }
+
+        int result = parse_config(config);
+        if (result < 0)
+        {
+            throw new Exception(GetErrorMessage());
+        }
+    }
+
+    // 启动网络实例
+    public static void RunNetworkInstance(string config)
+    {
+        if (string.IsNullOrEmpty(config))
+        {
+            throw new ArgumentException("Configuration string cannot be null or empty.");
+        }
+
+        int result = run_network_instance(config);
+        if (result < 0)
+        {
+            throw new Exception(GetErrorMessage());
+        }
+    }
+
+    // 保留网络实例
+    public static void RetainNetworkInstances(string[] instanceNames)
+    {
+        IntPtr[] namePointers = null;
+        IntPtr namesPtr = IntPtr.Zero;
+
+        try
+        {
+            if (instanceNames != null && instanceNames.Length > 0)
+            {
+                namePointers = new IntPtr[instanceNames.Length];
+                for (int i = 0; i < instanceNames.Length; i++)
+                {
+                    if (string.IsNullOrEmpty(instanceNames[i]))
+                    {
+                        throw new ArgumentException("Instance name cannot be null or empty.");
+                    }
+                    namePointers[i] = Marshal.StringToHGlobalAnsi(instanceNames[i]);
+                }
+
+                namesPtr = Marshal.AllocHGlobal(Marshal.SizeOf<IntPtr>() * namePointers.Length);
+                Marshal.Copy(namePointers, 0, namesPtr, namePointers.Length);
+            }
+
+            int result = retain_network_instance(namesPtr, instanceNames?.Length ?? 0);
+            if (result < 0)
+            {
+                throw new Exception(GetErrorMessage());
+            }
+        }
+        finally
+        {
+            if (namePointers != null)
+            {
+                foreach (var ptr in namePointers)
+                {
+                    if (ptr != IntPtr.Zero)
+                    {
+                        Marshal.FreeHGlobal(ptr);
+                    }
+                }
+            }
+
+            if (namesPtr != IntPtr.Zero)
+            {
+                Marshal.FreeHGlobal(namesPtr);
+            }
+        }
+    }
+
+    // 收集网络信息
+    public static KeyValuePair<string, string>[] CollectNetworkInfos(int maxLength)
+    {
+        IntPtr buffer = Marshal.AllocHGlobal(Marshal.SizeOf<KeyValuePair>() * maxLength);
+        try
+        {
+            int count = collect_network_infos(buffer, maxLength);
+            if (count < 0)
+            {
+                throw new Exception(GetErrorMessage());
+            }
+
+            var result = new KeyValuePair<string, string>[count];
+            for (int i = 0; i < count; i++)
+            {
+                var kv = Marshal.PtrToStructure<KeyValuePair>(buffer + i * Marshal.SizeOf<KeyValuePair>());
+                string key = Marshal.PtrToStringAnsi(kv.Key);
+                string value = Marshal.PtrToStringAnsi(kv.Value);
+
+                // 释放由 FFI 分配的字符串内存
+                free_string(kv.Key);
+                free_string(kv.Value);
+
+                result[i] = new KeyValuePair<string, string>(key, value);
+            }
+
+            return result;
+        }
+        finally
+        {
+            Marshal.FreeHGlobal(buffer);
+        }
+    }
+
+    // 获取错误信息
+    private static string GetErrorMessage()
+    {
+        get_error_msg(out IntPtr errorMsgPtr);
+        if (errorMsgPtr == IntPtr.Zero)
+        {
+            return "Unknown error";
+        }
+
+        string errorMsg = Marshal.PtrToStringAnsi(errorMsgPtr);
+        free_string(errorMsgPtr); // 释放错误信息字符串
+        return errorMsg;
+    }
+}

easytier-contrib/easytier-ffi/src/lib.rs

@@ -0,0 +1,199 @@
+use std::sync::Mutex;
+
+use dashmap::DashMap;
+use easytier::{
+    common::config::{ConfigLoader as _, TomlConfigLoader},
+    launcher::NetworkInstance,
+};
+
+static INSTANCE_MAP: once_cell::sync::Lazy<DashMap<String, NetworkInstance>> =
+    once_cell::sync::Lazy::new(DashMap::new);
+
+static ERROR_MSG: once_cell::sync::Lazy<Mutex<Vec<u8>>> =
+    once_cell::sync::Lazy::new(|| Mutex::new(Vec::new()));
+
+#[repr(C)]
+pub struct KeyValuePair {
+    pub key: *const std::ffi::c_char,
+    pub value: *const std::ffi::c_char,
+}
+
+fn set_error_msg(msg: &str) {
+    let bytes = msg.as_bytes();
+    let mut msg_buf = ERROR_MSG.lock().unwrap();
+    let len = bytes.len();
+    msg_buf.resize(len, 0);
+    msg_buf[..len].copy_from_slice(bytes);
+}
+
+#[no_mangle]
+pub extern "C" fn get_error_msg(out: *mut *const std::ffi::c_char) {
+    let msg_buf = ERROR_MSG.lock().unwrap();
+    if msg_buf.is_empty() {
+        unsafe {
+            *out = std::ptr::null();
+        }
+        return;
+    }
+    let cstr = std::ffi::CString::new(&msg_buf[..]).unwrap();
+    unsafe {
+        *out = cstr.into_raw();
+    }
+}
+
+#[no_mangle]
+pub extern "C" fn free_string(s: *const std::ffi::c_char) {
+    if s.is_null() {
+        return;
+    }
+    unsafe {
+        let _ = std::ffi::CString::from_raw(s as *mut std::ffi::c_char);
+    }
+}
+
+#[no_mangle]
+pub extern "C" fn parse_config(cfg_str: *const std::ffi::c_char) -> std::ffi::c_int {
+    let cfg_str = unsafe {
+        assert!(!cfg_str.is_null());
+        std::ffi::CStr::from_ptr(cfg_str)
+            .to_string_lossy()
+            .into_owned()
+    };
+
+    if let Err(e) = TomlConfigLoader::new_from_str(&cfg_str) {
+        set_error_msg(&format!("failed to parse config: {:?}", e));
+        return -1;
+    }
+
+    0
+}
+
+#[no_mangle]
+pub extern "C" fn run_network_instance(cfg_str: *const std::ffi::c_char) -> std::ffi::c_int {
+    let cfg_str = unsafe {
+        assert!(!cfg_str.is_null());
+        std::ffi::CStr::from_ptr(cfg_str)
+            .to_string_lossy()
+            .into_owned()
+    };
+    let cfg = match TomlConfigLoader::new_from_str(&cfg_str) {
+        Ok(cfg) => cfg,
+        Err(e) => {
+            set_error_msg(&format!("failed to parse config: {}", e));
+            return -1;
+        }
+    };
+
+    let inst_name = cfg.get_inst_name();
+
+    if INSTANCE_MAP.contains_key(&inst_name) {
+        set_error_msg("instance already exists");
+        return -1;
+    }
+
+    let mut instance = NetworkInstance::new(cfg);
+    if let Err(e) = instance.start().map_err(|e| e.to_string()) {
+        set_error_msg(&format!("failed to start instance: {}", e));
+        return -1;
+    }
+
+    INSTANCE_MAP.insert(inst_name, instance);
+
+    0
+}
+
+#[no_mangle]
+pub extern "C" fn retain_network_instance(
+    inst_names: *const *const std::ffi::c_char,
+    length: usize,
+) -> std::ffi::c_int {
+    if length == 0 {
+        INSTANCE_MAP.clear();
+        return 0;
+    }
+
+    let inst_names = unsafe {
+        assert!(!inst_names.is_null());
+        std::slice::from_raw_parts(inst_names, length)
+            .iter()
+            .map(|&name| {
+                assert!(!name.is_null());
+                std::ffi::CStr::from_ptr(name)
+                    .to_string_lossy()
+                    .into_owned()
+            })
+            .collect::<Vec<_>>()
+    };
+
+    let _ = INSTANCE_MAP.retain(|k, _| inst_names.contains(k));
+
+    0
+}
+
+#[no_mangle]
+pub extern "C" fn collect_network_infos(
+    infos: *mut KeyValuePair,
+    max_length: usize,
+) -> std::ffi::c_int {
+    if max_length == 0 {
+        return 0;
+    }
+
+    let infos = unsafe {
+        assert!(!infos.is_null());
+        std::slice::from_raw_parts_mut(infos, max_length)
+    };
+
+    let mut index = 0;
+    for instance in INSTANCE_MAP.iter() {
+        if index >= max_length {
+            break;
+        }
+        let key = instance.key();
+        let Some(value) = instance.get_running_info() else {
+            continue;
+        };
+        // convert value to json string
+        let value = match serde_json::to_string(&value) {
+            Ok(value) => value,
+            Err(e) => {
+                set_error_msg(&format!("failed to serialize instance info: {}", e));
+                return -1;
+            }
+        };
+
+        infos[index] = KeyValuePair {
+            key: std::ffi::CString::new(key.clone()).unwrap().into_raw(),
+            value: std::ffi::CString::new(value).unwrap().into_raw(),
+        };
+        index += 1;
+    }
+
+    index as std::ffi::c_int
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_parse_config() {
+        let cfg_str = r#"
+            inst_name = "test"
+            network = "test_network"
+            fdsafdsa
+        "#;
+        let cstr = std::ffi::CString::new(cfg_str).unwrap();
+        assert_eq!(parse_config(cstr.as_ptr()), 0);
+    }
+
+    #[test]
+    fn test_run_network_instance() {
+        let cfg_str = r#"
+            inst_name = "test"
+            network = "test_network"
+        "#;
+        let cstr = std::ffi::CString::new(cfg_str).unwrap();
+        assert_eq!(run_network_instance(cstr.as_ptr()), 0);
+    }
+}

easytier-contrib/easytier-magisk/META-INF/com/google/android/update-binary

@@ -0,0 +1,33 @@
+#!/sbin/sh
+
+#################
+# Initialization
+#################
+
+umask 022
+
+# echo before loading util_functions
+ui_print() { echo "$1"; }
+
+require_new_magisk() {
+  ui_print "********************************"
+  ui_print " Please install Magisk v20.4+! "
+  ui_print "********************************"
+  exit 1
+}
+
+#########################
+# Load util_functions.sh
+#########################
+
+OUTFD=$2
+ZIPFILE=$3
+
+mount /data 2>/dev/null
+
+[ -f /data/adb/magisk/util_functions.sh ] || require_new_magisk
+. /data/adb/magisk/util_functions.sh
+[ $MAGISK_VER_CODE -lt 20400 ] && require_new_magisk
+
+install_module
+exit 0

easytier-contrib/easytier-magisk/META-INF/com/google/android/updater-script

@@ -0,0 +1 @@
+#MAGISK

easytier-contrib/easytier-magisk/README.md

@@ -0,0 +1,6 @@
+# easytier_magisk版模块
+magisk安装后重启
+
+目录位置:/data/adb/modules/easytier_magisk
+配置文件位置://data/adb/modules/easytier_magisk/config/config.toml
+修改config.conf即可，修改后配置文件后去magisk app重新开关模块即可生效

easytier-contrib/easytier-magisk/action.sh

@@ -0,0 +1,14 @@
+#!/data/adb/magisk/busybox sh
+MODDIR=${0%/*}
+
+# 查找 easytier-core 进程的 PID
+PID=$(pgrep easytier-core)
+
+# 检查是否找到了进程
+if [ -z "$PID" ]; then
+    echo "easytier-core 进程未找到"
+else
+    # 结束进程
+    kill $PID
+    echo "已结束 easytier-core 进程 (PID: $PID)"
+fi

easytier-contrib/easytier-magisk/build.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+version=$(cat module.prop | grep 'version=' | awk -F '=' '{print $2}' | sed 's/ (.*//')
+
+version='v'$(grep '^version =' ../../easytier/Cargo.toml | cut -d '"' -f 2)
+
+if [ -z "$version" ]; then
+    echo "Error: 版本号不存在."
+    exit 1
+fi
+
+filename="easytier_magisk_${version}.zip"
+echo $version  
+
+
+if [ -f "./easytier-core" ] && [ -f "./easytier-cli" ] && [ -f "./easytier-web" ]; then
+    zip -r -o -X "$filename" ./ -x '.git/*' -x '.github/*' -x 'folder/*' -x 'build.sh' -x 'magisk_update.json'
+else
+    wget -O "easytier_last.zip" https://github.com/EasyTier/EasyTier/releases/download/"$version"/easytier-linux-aarch64-"$version".zip
+    unzip -o easytier_last.zip -d ./
+    mv ./easytier-linux-aarch64/* ./
+    rm -rf ./easytier_last.zip
+    rm -rf ./easytier-linux-aarch64
+    zip -r -o -X "$filename" ./ -x '.git/*' -x '.github/*' -x 'folder/*' -x 'build.sh' -x 'magisk_update.json'
+fi

easytier-contrib/easytier-magisk/config/config.toml

@@ -0,0 +1,37 @@
+instance_name = "default"
+dhcp = false
+#ipv4="本机ip"
+listeners = [
+    "tcp://0.0.0.0:11010",
+    "udp://0.0.0.0:11010",
+    "wg://0.0.0.0:11011",
+    "ws://0.0.0.0:11011/",
+    "wss://0.0.0.0:11012/",
+]
+mapped_listeners = []
+exit_nodes = []
+rpc_portal = "0.0.0.0:15888"
+
+[network_identity]
+network_name = "default"
+network_secret = ""
+
+[[peer]]
+#uri = "协议://中转ip:端口"
+
+[flags]
+default_protocol = "tcp"
+dev_name = ""
+enable_encryption = true
+enable_ipv6 = true
+mtu = 1380
+latency_first = false
+enable_exit_node = false
+no_tun = false
+use_smoltcp = false
+foreign_network_whitelist = "*"
+disable_p2p = false
+relay_all_peer_rpc = false
+disable_udp_hole_punching = false
+
+

easytier-contrib/easytier-magisk/customize.sh

@@ -0,0 +1,7 @@
+ui_print '安装完成'
+ui_print '当前架构为' + $ARCH
+ui_print '当前系统版本为' + $API
+ui_print '安装目录为:  /data/adb/modules/easytier_magisk'
+ui_print '配置文件位置:  /data/adb/modules/easytier_magisk/config/config.toml'
+ui_print '修改后配置文件后在magisk app点击操作按钮即可生效'
+ui_print '记得重启'

easytier-contrib/easytier-magisk/easytier_core.sh

@@ -0,0 +1,48 @@
+#!/system/bin/sh
+
+MODDIR=${0%/*}
+CONFIG_FILE="${MODDIR}/config/config.toml"
+LOG_FILE="${MODDIR}/log.log"
+MODULE_PROP="${MODDIR}/module.prop"
+EASYTIER="${MODDIR}/easytier-core"
+
+# 更新module.prop文件中的description
+update_module_description() {
+    local status_message=$1
+    sed -i "/^description=/c\description=[状态]${status_message}" ${MODULE_PROP}
+}
+
+if [ ! -e /dev/net/tun ]; then
+    if [ ! -d /dev/net ]; then
+        mkdir -p /dev/net
+    fi
+
+    ln -s /dev/tun /dev/net/tun
+fi
+
+while true; do
+    if ls $MODDIR | grep -q "disable"; then
+        update_module_description "关闭中"
+        if pgrep -f 'easytier-core' >/dev/null; then
+            echo "开关控制$(date "+%Y-%m-%d %H:%M:%S") 进程已存在，正在关闭 ..."
+            pkill easytier-core # 关闭进程
+        fi
+    else
+        if ! pgrep -f 'easytier-core' >/dev/null; then
+            if [ ! -f "$CONFIG_FILE" ]; then
+                update_module_description "config.toml不存在"
+                sleep 3s
+                continue
+            fi
+
+            TZ=Asia/Shanghai ${EASYTIER} -c ${CONFIG_FILE} > ${LOG_FILE} &
+            sleep 5s # 等待easytier-core启动完成
+            update_module_description "已开启(不一定运行成功)"
+            ip rule add from all lookup main
+        else
+            echo "开关控制$(date "+%Y-%m-%d %H:%M:%S") 进程已存在"
+        fi
+    fi
+    
+    sleep 3s # 暂停3秒后再次执行循环
+done

easytier-contrib/easytier-magisk/magisk_update.json

@@ -0,0 +1,6 @@
+{
+    "version": "v1.0",
+    "versionCode": 1,
+    "zipUrl": "",
+    "changelog": ""
+}

easytier-contrib/easytier-magisk/module.prop

@@ -0,0 +1,7 @@
+id=easytier_magisk
+name=EasyTier_Magisk
+version=v2.3.1
+versionCode=1
+author=EasyTier
+description=easytier magisk module @EasyTier(https://github.com/EasyTier/EasyTier)
+updateJson=https://raw.githubusercontent.com/EasyTier/EasyTier/refs/heads/main/easytier-contrib/easytier-magisk/magisk_update.json

easytier-contrib/easytier-magisk/service.sh

@@ -0,0 +1,27 @@
+#!/data/adb/magisk/busybox sh
+MODDIR=${0%/*}
+# MODDIR="$(dirname $(readlink -f "$0"))"
+chmod 755 ${MODDIR}/*
+
+# 等待系统启动成功
+while [ "$(getprop sys.boot_completed)" != "1" ]; do
+  sleep 5s
+done
+
+# 防止系统挂起
+echo "PowerManagerService.noSuspend" > /sys/power/wake_lock
+
+# 修改模块描述
+sed -i 's/$(description=)$[^"]*/\1[状态]关闭中/' "$MODDIR/module.prop"
+
+# 等待 3 秒
+sleep 3s
+
+"${MODDIR}/easytier_core.sh" &
+
+# 检查是否启用模块
+while [ ! -f ${MODDIR}/disable ]; do 
+    sleep 2
+done
+
+pkill easytier-core

easytier-contrib/easytier-magisk/system/etc/resolv.conf

@@ -0,0 +1,2 @@
+nameserver 114.114.114.114
+nameserver 223.5.5.5

easytier-contrib/easytier-magisk/uninstall.sh

@@ -0,0 +1,3 @@
+MODDIR=${0%/*}
+pkill easytier-core # 结束 easytier-core 进程
+rm -rf $MODDIR/*

easytier-gui/README.md

@@ -18,7 +18,11 @@ cd ../tauri-plugin-vpnservice
 pnpm install
 pnpm build
 
-cd ../easytier-gui
+cd ../easytier-web/frontend-lib
+pnpm install
+pnpm build
+
+cd ../../easytier-gui
 pnpm install
 pnpm tauri build
 ```

easytier-gui/locales/cn.yml

@@ -113,3 +113,4 @@ event:
   VpnPortalClientDisconnected: VPN门户客户端已断开连接
   DhcpIpv4Changed: DHCP IPv4地址更改
   DhcpIpv4Conflicted: DHCP IPv4地址冲突
+  PortForwardAdded: 端口转发添加

easytier-gui/locales/en.yml

@@ -112,3 +112,4 @@ event:
   VpnPortalClientDisconnected: VpnPortalClientDisconnected
   DhcpIpv4Changed: DhcpIpv4Changed
   DhcpIpv4Conflicted: DhcpIpv4Conflicted
+  PortForwardAdded: PortForwardAdded

easytier-gui/package.json

@@ -1,7 +1,7 @@
 {
   "name": "easytier-gui",
   "type": "module",
-  "version": "2.1.2",
+  "version": "2.3.1",
   "private": true,
   "packageManager": "pnpm@9.12.1+sha512.e5a7e52a4183a02d5931057f7a0dbff9d5e9ce3161e33fa68ae392125b79282a8a8a470a51dfc8a0ed86221442eb2fb57019b0990ed24fab519bf0e1bc5ccfc4",
   "scripts": {
@@ -13,7 +13,7 @@
     "lint:fix": "eslint . --ignore-pattern src-tauri --fix"
   },
   "dependencies": {
-    "@primevue/themes": "^4.2.1",
+    "@primevue/themes": "4.3.3",
     "@tauri-apps/plugin-autostart": "2.0.0",
     "@tauri-apps/plugin-clipboard-manager": "2.0.0",
     "@tauri-apps/plugin-os": "2.0.0",
@@ -24,7 +24,7 @@
     "easytier-frontend-lib": "workspace:*",
     "ip-num": "1.5.1",
     "pinia": "^2.2.4",
-    "primevue": "^4.2.1",
+    "primevue": "4.3.3",
     "tauri-plugin-vpnservice-api": "workspace:*",
     "vue": "^3.5.12",
     "vue-router": "^4.4.5"
@@ -32,7 +32,7 @@
   "devDependencies": {
     "@antfu/eslint-config": "^3.7.3",
     "@intlify/unplugin-vue-i18n": "^5.2.0",
-    "@primevue/auto-import-resolver": "^4.1.0",
+    "@primevue/auto-import-resolver": "4.3.3",
     "@tauri-apps/api": "2.1.0",
     "@tauri-apps/cli": "2.1.0",
     "@types/default-gateway": "^7.2.2",
@@ -46,7 +46,7 @@
     "eslint": "^9.12.0",
     "eslint-plugin-format": "^0.1.2",
     "postcss": "^8.4.47",
-    "tailwindcss": "^3.4.13",
+    "tailwindcss": "=3.4.17",
     "typescript": "^5.6.2",
     "unplugin-auto-import": "^0.18.3",
     "unplugin-vue-components": "^0.27.4",

easytier-gui/src-tauri/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "easytier-gui"
-version = "2.1.2"
+version = "2.3.1"
 description = "EasyTier GUI"
 authors = ["you"]
 edition = "2021"
@@ -14,6 +14,13 @@ crate-type = ["staticlib", "cdylib", "rlib"]
 [build-dependencies]
 tauri-build = { version = "2.0.0-rc", features = [] }
 
+# enable thunk-rs when compiling for x86_64 or i686 windows
+[target.x86_64-pc-windows-msvc.build-dependencies]
+thunk-rs = { git = "https://github.com/easytier/thunk.git", default-features = false, features = ["win7"] }
+
+[target.i686-pc-windows-msvc.build-dependencies]
+thunk-rs = { git = "https://github.com/easytier/thunk.git", default-features = false, features = ["win7"] }
+
 [dependencies]
 # wry 0.47 may crash on android, see https://github.com/EasyTier/EasyTier/issues/527
 tauri = { version = "=2.0.6", features = [
@@ -53,4 +60,4 @@ tauri-plugin-autostart = "2.0"
 custom-protocol = ["tauri/custom-protocol"]
 
 [target.'cfg(not(any(target_os = "android", target_os = "ios")))'.dependencies]
-tauri-plugin-single-instance = "2.0.0-rc.0"
+tauri-plugin-single-instance = "2.2.3"

easytier-gui/src-tauri/build.rs

@@ -1,3 +1,12 @@
 fn main() {
+    // enable thunk-rs when target os is windows and arch is x86_64 or i686
+    #[cfg(target_os = "windows")]
+    if !std::env::var("TARGET")
+        .unwrap_or_default()
+        .contains("aarch64")
+    {
+        thunk::thunk();
+    }
+
     tauri_build::build();
 }

easytier-gui/src-tauri/src/lib.rs

@@ -89,6 +89,7 @@ fn get_os_hostname() -> Result<String, String> {
 
 #[tauri::command]
 fn set_logging_level(level: String) -> Result<(), String> {
+    #[allow(static_mut_refs)]
     let sender = unsafe { LOGGER_LEVEL_SENDER.as_ref().unwrap() };
     sender.send(level).map_err(|e| e.to_string())?;
     Ok(())
@@ -107,7 +108,12 @@ fn set_tun_fd(instance_id: String, fd: i32) -> Result<(), String> {
 fn toggle_window_visibility<R: tauri::Runtime>(app: &tauri::AppHandle<R>) {
     if let Some(window) = app.get_webview_window("main") {
         if window.is_visible().unwrap_or_default() {
-            let _ = window.hide();
+            if window.is_minimized().unwrap_or_default() {
+                let _ = window.unminimize();
+                let _ = window.set_focus();
+            } else {
+                let _ = window.hide();
+            }
         } else {
             let _ = window.show();
             let _ = window.set_focus();
@@ -188,7 +194,10 @@ pub fn run() {
             let Ok(Some(logger_reinit)) = utils::init_logger(config, true) else {
                 return Ok(());
             };
-            unsafe { LOGGER_LEVEL_SENDER.replace(logger_reinit) };
+            #[allow(static_mut_refs)]
+            unsafe {
+                LOGGER_LEVEL_SENDER.replace(logger_reinit)
+            };
 
             // for tray icon, menu need to be built in js
             #[cfg(not(target_os = "android"))]

easytier-gui/src-tauri/tauri.conf.json

@@ -17,7 +17,7 @@
     "createUpdaterArtifacts": false
   },
   "productName": "easytier-gui",
-  "version": "2.1.2",
+  "version": "2.3.1",
   "identifier": "com.kkrainbow.easytier",
   "plugins": {},
   "app": {

easytier-gui/src/composables/mobile_vpn.ts

@@ -132,6 +132,14 @@ async function onNetworkInstanceChange() {
     return
   }
 
+  // if use no tun mode, stop the vpn service
+  const no_tun = networkStore.isNoTunEnabled(insts[0])
+  if (no_tun) {
+    console.error('no tun mode, stop vpn service')
+    await doStopVpn()
+    return
+  }
+
   let network_length = curNetworkInfo?.my_node_info?.virtual_ipv4.network_length
   if (!network_length) {
     network_length = 24

easytier-gui/src/main.ts

@@ -50,8 +50,8 @@ async function main() {
         darkModeSelector: 'system',
         cssLayer: {
           name: 'primevue',
-          order: 'tailwind-base, primevue, tailwind-utilities'
-        }
+          order: 'tailwind-base, primevue, tailwind-utilities',
+        },
       },
     },
   })

easytier-gui/src/stores/network.ts

@@ -128,6 +128,13 @@ export const useNetworkStore = defineStore('networkStore', {
       }
       this.saveAutoStartInstIdsToLocalStorage()
     },
+
+    isNoTunEnabled(instanceId: string): boolean {
+      const cfg = this.networkList.find((cfg) => cfg.instance_id === instanceId)
+      if (!cfg)
+        return false
+      return cfg.no_tun ?? false
+    },
   },
 })
 

easytier-gui/src/styles.css

@@ -45,3 +45,11 @@
   border-radius: 4px;
   background-color: #0000005d;
 }
+
+.p-password {
+  width: 100%;
+}
+
+.p-password>input {
+  width: 100%;
+}

easytier-rpc-build/Cargo.toml

@@ -8,7 +8,7 @@ repository = "https://github.com/EasyTier/EasyTier"
 authors = ["kkrainbow"]
 keywords = ["vpn", "p2p", "network", "easytier"]
 categories = ["network-programming", "command-line-utilities"]
-rust-version = "1.77.0"
+rust-version = "1.84.0"
 license-file = "LICENSE"
 readme = "README.md"
 

easytier-web/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "easytier-web"
-version = "0.1.0"
+version = "2.3.1"
 edition = "2021"
 description = "Config server for easytier. easytier-core gets config from this and web frontend use it as restful api server."
 
@@ -18,13 +18,18 @@ axum = { version = "0.7", features = ["macros"] }
 axum-login = { version = "0.16" }
 password-auth = { version = "1.0.0" }
 axum-messages = "0.7.0"
+axum-embed = { version = "0.1.0", optional = true }
 tower-sessions-sqlx-store = { version = "0.14.1", features = ["sqlite"] }
 tower-sessions = { version = "0.13.0", default-features = false, features = [
     "signed",
 ] }
 tower-http = { version = "0.6", features = ["cors", "compression-full"] }
 sqlx = { version = "0.8", features = ["sqlite"] }
-sea-orm = { version = "1.1", features = [ "sqlx-sqlite", "runtime-tokio-rustls", "macros" ] }
+sea-orm = { version = "1.1", features = [
+    "sqlx-sqlite",
+    "runtime-tokio-rustls",
+    "macros",
+] }
 sea-orm-migration = { version = "1.1" }
 
 
@@ -32,7 +37,7 @@ sea-orm-migration = { version = "1.1" }
 rust-embed = { version = "8.5.0", features = ["debug-embed"] }
 base64 = "0.22"
 rand = "0.8"
-image = {version="0.24", default-features = false, features = ["png"]}
+image = { version = "0.24", default-features = false, features = ["png"] }
 rusttype = "0.9.3"
 imageproc = "0.23.0"
 
@@ -55,3 +60,14 @@ uuid = { version = "1.5.0", features = [
 ] }
 
 chrono = { version = "0.4.37", features = ["serde"] }
+
+[features]
+default = []
+embed = ["dep:axum-embed"]
+
+# enable thunk-rs when compiling for x86_64 or i686 windows
+[target.x86_64-pc-windows-msvc.build-dependencies]
+thunk-rs = { git = "https://github.com/easytier/thunk.git", default-features = false, features = ["win7"] }
+
+[target.i686-pc-windows-msvc.build-dependencies]
+thunk-rs = { git = "https://github.com/easytier/thunk.git", default-features = false, features = ["win7"] }

easytier-web/build.rs

@@ -0,0 +1,7 @@
+fn main() {
+    // enable thunk-rs when target os is windows and arch is x86_64 or i686
+    #[cfg(target_os = "windows")]
+    if !std::env::var("TARGET").unwrap_or_default().contains("aarch64"){
+        thunk::thunk();
+    }
+}

easytier-web/frontend-lib/package.json

@@ -18,14 +18,14 @@
     "preview": "vite preview"
   },
   "dependencies": {
-    "@primevue/themes": "^4.2.1",
+    "@primevue/themes": "4.3.3",
     "@vueuse/core": "^11.1.0",
     "aura": "link:@primevue\\themes\\aura",
     "axios": "^1.7.7",
     "floating-vue": "^5.2",
     "ip-num": "1.5.1",
     "primeicons": "^7.0.0",
-    "primevue": "^4.2.1",
+    "primevue": "4.3.3",
     "tailwindcss-primeui": "^0.3.4",
     "ts-md5": "^1.3.1",
     "uuid": "^11.0.2",
@@ -40,10 +40,10 @@
     "postcss": "^8.4.47",
     "postcss-import": "^16.1.0",
     "postcss-nested": "^7.0.2",
-    "tailwindcss": "^3.4.14",
+    "tailwindcss": "=3.4.17",
     "typescript": "~5.6.3",
     "vite": "^5.4.10",
     "vite-plugin-dts": "^4.3.0",
     "vue-tsc": "^2.1.10"
   }
-}
+}

easytier-web/frontend-lib/src/components/Config.vue

@@ -1,7 +1,7 @@
 <script setup lang="ts">
 import InputGroup from 'primevue/inputgroup'
 import InputGroupAddon from 'primevue/inputgroupaddon'
-import { SelectButton, Checkbox, InputText, InputNumber, AutoComplete, Panel, Divider, ToggleButton, Button } from 'primevue'
+import { SelectButton, Checkbox, InputText, InputNumber, AutoComplete, Panel, Divider, ToggleButton, Button, Password } from 'primevue'
 import { DEFAULT_NETWORK_CONFIG, NetworkConfig, NetworkingMethod } from '../types/network'
 import { defineProps, defineEmits, ref, } from 'vue'
 import { useI18n } from 'vue-i18n'
@@ -120,13 +120,53 @@ function searchListenerSuggestions(e: { query: string }) {
   listenerSuggestions.value = ret
 }
 
+
+const exitNodesSuggestions = ref([''])
+
+function searchExitNodesSuggestions(e: { query: string }) {
+  const ret = []
+  ret.push(e.query)
+  exitNodesSuggestions.value = ret
+}
+
+const whitelistSuggestions = ref([''])
+
+function searchWhitelistSuggestions(e: { query: string }) {
+  const ret = []
+  ret.push(e.query)
+  whitelistSuggestions.value = ret
+}
+
+interface BoolFlag {
+  field: keyof NetworkConfig
+  help: string
+}
+
+const bool_flags: BoolFlag[] = [
+  { field: 'latency_first', help: 'latency_first_help' },
+  { field: 'use_smoltcp', help: 'use_smoltcp_help' },
+  { field: 'enable_kcp_proxy', help: 'enable_kcp_proxy_help' },
+  { field: 'disable_kcp_input', help: 'disable_kcp_input_help' },
+  { field: 'disable_p2p', help: 'disable_p2p_help' },
+  { field: 'bind_device', help: 'bind_device_help' },
+  { field: 'no_tun', help: 'no_tun_help' },
+  { field: 'enable_exit_node', help: 'enable_exit_node_help' },
+  { field: 'relay_all_peer_rpc', help: 'relay_all_peer_rpc_help' },
+  { field: 'multi_thread', help: 'multi_thread_help' },
+  { field: 'proxy_forward_by_system', help: 'proxy_forward_by_system_help' },
+  { field: 'disable_encryption', help: 'disable_encryption_help' },
+  { field: 'disable_udp_hole_punching', help: 'disable_udp_hole_punching_help' },
+  { field: 'enable_magic_dns', help: 'enable_magic_dns_help' },
+  { field: 'enable_private_mode', help: 'enable_private_mode_help' },
+]
+
 </script>
 
 <template>
   <div class="frontend-lib">
     <div class="flex flex-col h-full">
       <div class="flex flex-col">
-        <div class="w-10/12 self-center ">
+        <div class="w-11/12 self-center ">
           <Panel :header="t('basic_settings')">
             <div class="flex flex-col gap-y-2">
               <div class="flex flex-row gap-x-9 flex-wrap">
@@ -159,8 +199,8 @@ function searchListenerSuggestions(e: { query: string }) {
                 </div>
                 <div class="flex flex-col gap-2 basis-5/12 grow">
                   <label for="network_secret">{{ t('network_secret') }}</label>
-                  <InputText id="network_secret" v-model="curNetwork.network_secret"
-                    aria-describedby="network_secret-help" />
+                  <Password id="network_secret" v-model="curNetwork.network_secret"
+                    aria-describedby="network_secret-help" toggleMask :feedback="false"/>
                 </div>
               </div>
 
@@ -188,11 +228,18 @@ function searchListenerSuggestions(e: { query: string }) {
 
           <Panel :header="t('advanced_settings')" toggleable collapsed>
             <div class="flex flex-col gap-y-2">
+
               <div class="flex flex-row gap-x-9 flex-wrap">
                 <div class="flex flex-col gap-2 basis-5/12 grow">
-                  <div class="flex items-center">
-                    <Checkbox v-model="curNetwork.latency_first" input-id="use_latency_first" :binary="true" />
-                    <label for="use_latency_first" class="ml-2"> {{ t('use_latency_first') }} </label>
+                  <label> {{ t('flags_switch') }} </label>
+                  <div class="flex flex-row flex-wrap">
+
+                    <div class="basis-[20rem] flex items-center" v-for="flag in bool_flags">
+                      <Checkbox v-model="curNetwork[flag.field]" :input-id="flag.field" :binary="true" />
+                      <label :for="flag.field" class="ml-2"> {{ t(flag.field) }} </label>
+                      <span class="pi pi-question-circle ml-2 self-center" v-tooltip="t(flag.help)"></span>
+                    </div>
+
                   </div>
                 </div>
               </div>
@@ -220,17 +267,20 @@ function searchListenerSuggestions(e: { query: string }) {
                   <ToggleButton v-model="curNetwork.enable_vpn_portal" on-icon="pi pi-check" off-icon="pi pi-times"
                     :on-label="t('off_text')" :off-label="t('on_text')" class="w-48" />
                   <div v-if="curNetwork.enable_vpn_portal" class="items-center flex flex-row gap-x-4">
-                    <div class="min-w-64">
-                      <InputGroup>
-                        <InputText v-model="curNetwork.vpn_portal_client_network_addr"
-                          :placeholder="t('vpn_portal_client_network')" />
-                        <InputGroupAddon>
-                          <span>/{{ curNetwork.vpn_portal_client_network_len }}</span>
-                        </InputGroupAddon>
-                      </InputGroup>
-
-                      <InputNumber v-model="curNetwork.vpn_portal_listen_port" :allow-empty="false" :format="false"
-                        :min="0" :max="65535" class="w-8/12" fluid />
+                    <div class="flex flex-row gap-x-9 flex-wrap w-full">
+                      <div class="flex flex-col gap-2 basis-8/12 grow">
+                        <InputGroup>
+                          <InputText v-model="curNetwork.vpn_portal_client_network_addr"
+                                     :placeholder="t('vpn_portal_client_network')" />
+                          <InputGroupAddon>
+                            <span>/{{ curNetwork.vpn_portal_client_network_len }}</span>
+                          </InputGroupAddon>
+                        </InputGroup>
+                      </div>
+                      <div class="flex flex-col gap-2 basis-3/12 grow">
+                        <InputNumber v-model="curNetwork.vpn_portal_listen_port" :allow-empty="false" :format="false"
+                                     :min="0" :max="65535" fluid />
+                      </div>
                     </div>
                   </div>
                 </div>
@@ -261,6 +311,97 @@ function searchListenerSuggestions(e: { query: string }) {
                     :placeholder="t('dev_name_placeholder')" />
                 </div>
               </div>
+
+              <div class="flex flex-row gap-x-9 flex-wrap">
+                <div class="flex flex-col gap-2 basis-5/12 grow">
+                  <div class="flex">
+                    <label for="mtu">{{ t('mtu') }}</label>
+                    <span class="pi pi-question-circle ml-2 self-center"
+                          v-tooltip="t('mtu_help')"></span>
+                  </div>
+                  <InputNumber id="mtu" v-model="curNetwork.mtu" aria-describedby="mtu-help"
+                               :format="false" :placeholder="t('mtu_placeholder')" :min="400" :max="1380" fluid/>
+                </div>
+              </div>
+
+              <div class="flex flex-row gap-x-9 flex-wrap">
+                <div class="flex flex-col gap-2 basis-5/12 grow">
+                  <div class="flex">
+                    <label for="relay_network_whitelist">{{ t('relay_network_whitelist') }}</label>
+                    <span class="pi pi-question-circle ml-2 self-center"
+                          v-tooltip="t('relay_network_whitelist_help')"></span>
+                  </div>
+                  <ToggleButton v-model="curNetwork.enable_relay_network_whitelist" on-icon="pi pi-check" off-icon="pi pi-times"
+                                :on-label="t('off_text')" :off-label="t('on_text')" class="w-48" />
+                  <div v-if="curNetwork.enable_relay_network_whitelist" class="items-center flex flex-row gap-x-4">
+                    <div class="min-w-64 w-full">
+                      <AutoComplete id="relay_network_whitelist" v-model="curNetwork.relay_network_whitelist"
+                                    :placeholder="t('relay_network_whitelist')" class="w-full" multiple fluid
+                                    :suggestions="whitelistSuggestions" @complete="searchWhitelistSuggestions" />
+                    </div>
+                  </div>
+                </div>
+              </div>
+
+              <div class="flex flex-row gap-x-9 flex-wrap ">
+                <div class="flex flex-col gap-2 grow">
+                  <div class="flex">
+                    <label for="routes">{{ t('manual_routes') }}</label>
+                    <span class="pi pi-question-circle ml-2 self-center" v-tooltip="t('manual_routes_help')"></span>
+                  </div>
+                  <ToggleButton v-model="curNetwork.enable_manual_routes" on-icon="pi pi-check" off-icon="pi pi-times"
+                                :on-label="t('off_text')" :off-label="t('on_text')" class="w-48" />
+                  <div v-if="curNetwork.enable_manual_routes" class="items-center flex flex-row gap-x-4">
+                    <div class="min-w-64 w-full">
+                      <AutoComplete id="routes" v-model="curNetwork.routes"
+                                    :placeholder="t('chips_placeholder', ['192.168.0.0/16'])" class="w-full" multiple fluid
+                                    :suggestions="inetSuggestions" @complete="searchInetSuggestions" />
+                    </div>
+                  </div>
+                </div>
+              </div>
+
+              <div class="flex flex-row gap-x-9 flex-wrap ">
+                <div class="flex flex-col gap-2 grow">
+                  <div class="flex">
+                    <label for="socks5_port">{{ t('socks5') }}</label>
+                    <span class="pi pi-question-circle ml-2 self-center" v-tooltip="t('socks5_help')"></span>
+                  </div>
+                  <ToggleButton v-model="curNetwork.enable_socks5" on-icon="pi pi-check" off-icon="pi pi-times"
+                                :on-label="t('off_text')" :off-label="t('on_text')" class="w-48" />
+                  <div v-if="curNetwork.enable_socks5" class="items-center flex flex-row gap-x-4">
+                    <div class="min-w-64 w-full">
+                      <InputNumber id="socks5_port" v-model="curNetwork.socks5_port" aria-describedby="rpc_port-help"
+                                   :format="false" :allow-empty="false" :min="0" :max="65535" class="w-full"/>
+                    </div>
+                  </div>
+                </div>
+              </div>
+
+              <div class="flex flex-row gap-x-9 flex-wrap w-full">
+                <div class="flex flex-col gap-2 grow p-fluid">
+                  <div class="flex">
+                    <label for="exit_nodes">{{ t('exit_nodes') }}</label>
+                    <span class="pi pi-question-circle ml-2 self-center" v-tooltip="t('exit_nodes_help')"></span>
+                  </div>
+                  <AutoComplete id="exit_nodes" v-model="curNetwork.exit_nodes"
+                                :placeholder="t('chips_placeholder', ['192.168.8.8'])" class="w-full" multiple fluid
+                                :suggestions="exitNodesSuggestions" @complete="searchExitNodesSuggestions" />
+                </div>
+              </div>
+
+              <div class="flex flex-row gap-x-9 flex-wrap w-full">
+                <div class="flex flex-col gap-2 grow p-fluid">
+                  <div class="flex">
+                    <label for="mapped_listeners">{{ t('mapped_listeners') }}</label>
+                    <span class="pi pi-question-circle ml-2 self-center" v-tooltip="t('mapped_listeners_help')"></span>
+                  </div>
+                  <AutoComplete id="mapped_listeners" v-model="curNetwork.mapped_listeners"
+                                :placeholder="t('chips_placeholder', ['tcp://123.123.123.123:11223'])" class="w-full"
+                                multiple fluid :suggestions="peerSuggestions" @complete="searchPeerSuggestions" />
+                </div>
+              </div>
+
             </div>
           </Panel>
 

easytier-web/frontend-lib/src/components/Status.vue

@@ -106,6 +106,10 @@ function ipFormat(info: PeerRoutePair) {
   return ip ? `${IPv4.fromNumber(ip.address.addr)}/${ip.network_length}` : ''
 }
 
+function tunnelProto(info: PeerRoutePair) {
+  return [...new Set(info.peer?.conns.map(c => c.tunnel?.tunnel_type))].join(',')
+}
+
 const myNodeInfo = computed(() => {
   if (!props.curNetworkInst)
     return {} as NodeInfo
@@ -303,14 +307,15 @@ function showEventLogs() {
 
 <template>
   <div class="frontend-lib">
-    <Dialog v-model:visible="dialogVisible" modal :header="t(dialogHeader)" class="w-2/3 h-auto max-w-full">
+    <Dialog v-model:visible="dialogVisible" modal :header="t(dialogHeader)" class="w-full h-auto max-h-full"
+      :baseZIndex="2000">
       <ScrollPanel v-if="dialogHeader === 'vpn_portal_config'">
         <pre>{{ dialogContent }}</pre>
       </ScrollPanel>
       <Timeline v-else :value="dialogContent">
         <template #opposite="slotProps">
           <small class="text-surface-500 dark:text-surface-400">{{ useTimeAgo(Date.parse(slotProps.item.time))
-            }}</small>
+          }}</small>
         </template>
         <template #content="slotProps">
           <HumanEvent :event="slotProps.item.event" />
@@ -407,6 +412,7 @@ function showEventLogs() {
               </template>
             </Column>
             <Column :field="routeCost" :header="t('route_cost')" />
+            <Column :field="tunnelProto" :header="t('tunnel_proto')" />
             <Column :field="latencyMs" :header="t('latency')" />
             <Column :field="txBytes" :header="t('upload_bytes')" />
             <Column :field="rxBytes" :header="t('download_bytes')" />

easytier-web/frontend-lib/src/locales/cn.yaml

@@ -64,11 +64,89 @@ event_log: 事件日志
 peer_info: 节点信息
 hostname: 主机名
 route_cost: 路由
+tunnel_proto: 协议
 latency: 延迟
 upload_bytes: 上传
 download_bytes: 下载
 loss_rate: 丢包率
 
+flags_switch: 功能开关
+
+latency_first: 开启延迟优先模式
+latency_first_help: 忽略中转跳数，选择总延迟最低的路径
+
+use_smoltcp: 使用用户态协议栈
+use_smoltcp_help: 使用用户态 TCP/IP 协议栈，避免操作系统防火墙问题导致无法子网代理 / KCP代理。
+
+enable_kcp_proxy: 启用 KCP 代理
+enable_kcp_proxy_help: 将 TCP 流量转为 KCP 流量，降低传输延迟，提升传输速度。
+
+disable_kcp_input: 禁用 KCP 输入
+disable_kcp_input_help: 禁用 KCP 入站流量，其他开启 KCP 代理的节点仍然使用 TCP 连接到本节点。
+
+disable_p2p: 禁用 P2P
+disable_p2p_help: 禁用 P2P 模式，所有流量通过手动指定的服务器中转。
+
+bind_device: 仅使用物理网卡
+bind_device_help: 仅使用物理网卡，避免 EasyTier 通过其他虚拟网建立连接。
+
+no_tun: 无 TUN 模式
+no_tun_help: 不使用 TUN 网卡，适合无管理员权限时使用。本节点仅允许被访问。访问其他节点需要使用 SOCK5
+
+enable_exit_node: 启用出口节点
+enable_exit_node_help: 允许此节点成为出口节点
+
+relay_all_peer_rpc: 转发RPC包
+relay_all_peer_rpc_help: |
+  允许转发所有对等节点的RPC数据包，即使对等节点不在转发网络白名单中。
+  这可以帮助白名单外网络中的对等节点建立P2P连接。
+
+multi_thread: 启用多线程
+multi_thread_help: 使用多线程运行时
+
+proxy_forward_by_system: 系统转发
+proxy_forward_by_system_help: 通过系统内核转发子网代理数据包，禁用内置NAT
+
+disable_encryption: 禁用加密
+disable_encryption_help: 禁用对等节点通信的加密，默认为false，必须与对等节点相同
+
+disable_udp_hole_punching: 禁用UDP打洞
+disable_udp_hole_punching_help: 禁用UDP打洞功能
+
+enable_magic_dns: 启用魔法DNS
+enable_magic_dns_help: |
+  启用魔法DNS，允许通过EasyTier的DNS服务器访问其他节点的虚拟IPv4地址， 如 node1.et.net。
+
+enable_private_mode: 启用私有模式
+enable_private_mode_help: |
+  启用私有模式，则不允许使用了与本网络不相同的网络名称和密码的节点通过本节点进行握手或中转。
+
+relay_network_whitelist: 网络白名单
+relay_network_whitelist_help: |
+  仅转发白名单网络的流量，支持通配符字符串。多个网络名称间可以使用英文空格间隔。
+  如果该参数为空，则禁用转发。默认允许所有网络。
+  例如：'*'（所有网络），'def*'（以def为前缀的网络），'net1 net2'（只允许net1和net2）
+
+manual_routes: 自定义路由
+manual_routes_help: 手动分配路由CIDR，将禁用子网代理和从对等节点传播的wireguard路由。例如：192.168.0.0/16
+
+socks5: socks5服务器
+socks5_help: |
+  启用 socks5 服务器，允许 socks5 客户端访问虚拟网络. 格式: <端口>，例如：1080
+
+exit_nodes: 出口节点列表
+exit_nodes_help: 转发所有流量的出口节点，虚拟IPv4地址，优先级由列表顺序决定
+
+mtu: MTU
+mtu_help: |
+  TUN设备的MTU，默认为非加密时为1380，加密时为1360。范围：400-1380
+mtu_placeholder: 留空为默认值1380
+
+mapped_listeners: 监听映射
+mapped_listeners_help: |
+  手动指定监听器的公网地址，其他节点可以使用该地址连接到本节点。
+  例如：tcp://123.123.123.123:11223，可以指定多个。
+
 status:
   version: 内核版本
   local: 本机
@@ -113,3 +191,4 @@ event:
   VpnPortalClientDisconnected: VPN门户客户端已断开连接
   DhcpIpv4Changed: DHCP IPv4地址更改
   DhcpIpv4Conflicted: DHCP IPv4地址冲突
+  PortForwardAdded: 端口转发添加

easytier-web/frontend-lib/src/locales/en.yaml

@@ -62,12 +62,91 @@ show_event_log: Show Event Log
 event_log: Event Log
 peer_info: Peer Info
 route_cost: Route Cost
+tunnel_proto: Protocol
 hostname: Hostname
 latency: Latency
 upload_bytes: Upload
 download_bytes: Download
 loss_rate: Loss Rate
 
+flags_switch: Feature Switch
+
+latency_first: Enable Latency-First Mode
+latency_first_help: Ignore hop count and select the path with the lowest total latency
+
+use_smoltcp: Use User-Space Protocol Stack
+use_smoltcp_help: Use a user-space TCP/IP stack to avoid issues with operating system firewalls blocking subnet or KCP proxy functionality.
+
+enable_kcp_proxy: Enable KCP Proxy
+enable_kcp_proxy_help: Convert TCP traffic to KCP traffic to reduce latency and boost transmission speed.
+
+disable_kcp_input: Disable KCP Input
+disable_kcp_input_help: Disable inbound KCP traffic, while nodes with KCP proxy enabled continue to connect using TCP.
+
+disable_p2p: Disable P2P
+disable_p2p_help: Disable P2P mode; route all traffic through a manually specified relay server.
+
+bind_device: Bind to Physical Device Only
+bind_device_help: Use only the physical network interface to prevent EasyTier from connecting via virtual networks.
+
+no_tun: No TUN Mode
+no_tun_help: Do not use a TUN interface, suitable for environments without administrator privileges. This node is only accessible; accessing other nodes requires SOCKS5.
+
+enable_exit_node: Enable Exit Node
+enable_exit_node_help: Allow this node to be an exit node
+
+relay_all_peer_rpc: Relay RPC Packets
+relay_all_peer_rpc_help: |
+  Relay all peer rpc packets, even if the peer is not in the relay network whitelist.
+  This can help peers not in relay network whitelist to establish p2p connection.
+
+multi_thread: Multi Thread
+multi_thread_help: Use multi-thread runtime
+
+proxy_forward_by_system: System Forward
+proxy_forward_by_system_help: Forward packet to proxy networks via system kernel, disable internal nat for network proxy
+
+disable_encryption: Disable Encryption
+disable_encryption_help: Disable encryption for peers communication, default is false, must be same with peers
+
+disable_udp_hole_punching: Disable UDP Hole Punching
+disable_udp_hole_punching_help: Disable udp hole punching
+
+enable_magic_dns: Enable Magic DNS
+enable_magic_dns_help: |
+  Enable magic dns, all nodes in the network can access each other by domain name, e.g.: node1.et.net.
+
+enable_private_mode: Enable Private Mode
+enable_private_mode_help: |
+  Enable private mode, nodes with different network names or passwords from this network are not allowed to perform handshake or relay through this node.
+
+relay_network_whitelist: Network Whitelist
+relay_network_whitelist_help: |
+  Only forward traffic from the whitelist networks, supporting wildcard strings, multiple network names can be separated by spaces.
+  If this parameter is empty, forwarding is disabled. By default, all networks are allowed.
+  e.g.: '*' (all networks), 'def*' (networks with the prefix 'def'), 'net1 net2' (only allow net1 and net2)
+
+manual_routes: Manual Route
+manual_routes_help: |
+  Assign routes cidr manually, will disable subnet proxy and wireguard routes propagated from peers. e.g.:192.168.0.0/16
+
+socks5: Socks5 Server
+socks5_help: |
+  Enable socks5 server, allow socks5 client to access virtual network. format: <port>, e.g.: 1080
+
+exit_nodes: Exit Nodes
+exit_nodes_help: Exit nodes to forward all traffic to, a virtual ipv4 address, priority is determined by the order of the list
+
+mtu: MTU
+mtu_help: |
+  MTU of the TUN device, default is 1380 for non-encryption, 1360 for encryption. Range:400-1380
+mtu_placeholder: Leave blank as default value 1380
+
+mapped_listeners: Map Listeners
+mapped_listeners_help: |
+  Manually specify the public address of the listener, other nodes can use this address to connect to this node.
+  e.g.: tcp://123.123.123.123:11223, can specify multiple.
+
 status:
   version: Version
   local: Local
@@ -112,3 +191,4 @@ event:
   VpnPortalClientDisconnected: VpnPortalClientDisconnected
   DhcpIpv4Changed: DhcpIpv4Changed
   DhcpIpv4Conflicted: DhcpIpv4Conflicted
+  PortForwardAdded: PortForwardAdded

easytier-web/frontend-lib/src/modules/api.ts

@@ -1,6 +1,7 @@
 import axios, { AxiosError, AxiosInstance, AxiosResponse, InternalAxiosRequestConfig } from 'axios';
 import { Md5 } from 'ts-md5'
 import { UUID } from './utils';
+import { NetworkConfig } from '../types/network';
 
 export interface ValidateConfigResponse {
     toml_config: string;
@@ -37,6 +38,15 @@ export interface ListNetworkInstanceIdResponse {
     disabled_inst_ids: Array<UUID>,
 }
 
+export interface GenerateConfigRequest {
+    config: NetworkConfig;
+}
+
+export interface GenerateConfigResponse {
+    toml_config?: string;
+    error?: string;
+}
+
 export class ApiClient {
     private client: AxiosInstance;
     private authFailedCb: Function | undefined;
@@ -193,6 +203,18 @@ export class ApiClient {
     public captcha_url() {
         return this.client.defaults.baseURL + '/auth/captcha';
     }
+
+    public async generate_config(config: GenerateConfigRequest): Promise<GenerateConfigResponse> {
+        try {
+            const response = await this.client.post<any, GenerateConfigResponse>('/generate-config', config);
+            return response;
+        } catch (error) {
+            if (error instanceof AxiosError) {
+                return { error: error.response?.data };
+            }
+            return { error: 'Unknown error: ' + error };
+        }
+    }
 }
 
 export default ApiClient;

easytier-web/frontend-lib/src/style.css

@@ -1,8 +1,6 @@
 @import 'primeicons/primeicons.css';
 @import 'floating-vue/dist/style.css';
 
-.frontend-lib {
-
 @layer tailwind-base, primevue, tailwind-utilities;
 
 @layer tailwind-base {
@@ -51,4 +49,6 @@
   background-color: #0000005d;
 }
 
+.v-popper__inner {
+  white-space: pre-wrap;
 }

easytier-web/frontend-lib/src/types/network.ts

@@ -35,6 +35,36 @@ export interface NetworkConfig {
   latency_first: boolean
 
   dev_name: string
+
+  use_smoltcp?: boolean
+  enable_kcp_proxy?: boolean
+  disable_kcp_input?: boolean
+  disable_p2p?: boolean
+  bind_device?: boolean
+  no_tun?: boolean
+  enable_exit_node?: boolean
+  relay_all_peer_rpc?: boolean
+  multi_thread?: boolean
+  proxy_forward_by_system?: boolean
+  disable_encryption?: boolean
+  disable_udp_hole_punching?: boolean
+
+  enable_relay_network_whitelist?: boolean
+  relay_network_whitelist: string[]
+
+  enable_manual_routes: boolean
+  routes: string[]
+
+  exit_nodes: string[]
+
+  enable_socks5?: boolean
+  socks5_port: number
+
+  mtu: number | null
+  mapped_listeners: string[]
+
+  enable_magic_dns?: boolean
+  enable_private_mode?: boolean
 }
 
 export function DEFAULT_NETWORK_CONFIG(): NetworkConfig {
@@ -67,8 +97,32 @@ export function DEFAULT_NETWORK_CONFIG(): NetworkConfig {
       'wg://0.0.0.0:11011',
     ],
     rpc_port: 0,
-    latency_first: true,
+    latency_first: false,
     dev_name: '',
+
+    use_smoltcp: false,
+    enable_kcp_proxy: false,
+    disable_kcp_input: false,
+    disable_p2p: false,
+    bind_device: true,
+    no_tun: false,
+    enable_exit_node: false,
+    relay_all_peer_rpc: false,
+    multi_thread: true,
+    proxy_forward_by_system: false,
+    disable_encryption: false,
+    disable_udp_hole_punching: false,
+    enable_relay_network_whitelist: false,
+    relay_network_whitelist: [],
+    enable_manual_routes: false,
+    routes: [],
+    exit_nodes: [],
+    enable_socks5: false,
+    socks5_port: 1080,
+    mtu: null,
+    mapped_listeners: [],
+    enable_magic_dns: false,
+    enable_private_mode: false,
   }
 }
 
@@ -215,4 +269,6 @@ export enum EventType {
 
   DhcpIpv4Changed = 'DhcpIpv4Changed', // ipv4 | null, ipv4 | null
   DhcpIpv4Conflicted = 'DhcpIpv4Conflicted', // ipv4 | null
+
+  PortForwardAdded = 'PortForwardAdded', // PortForwardConfigPb
 }

easytier-web/frontend/index.html

@@ -5,6 +5,7 @@
     <link rel="icon" type="image/png" href="/easytier.png" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>EasyTier Dashboard</title>
+    <script src="/api_meta.js"></script>
   </head>
   <body>
     <div id="app"></div>

easytier-web/frontend/package.json

@@ -9,11 +9,11 @@
     "preview": "vite preview"
   },
   "dependencies": {
-    "@primevue/themes": "^4.2.1",
+    "@primevue/themes": "4.3.3",
     "aura": "link:@primevue/themes/aura",
     "axios": "^1.7.7",
     "easytier-frontend-lib": "workspace:*",
-    "primevue": "^4.2.1",
+    "primevue": "4.3.3",
     "tailwindcss-primeui": "^0.3.4",
     "vue": "^3.5.12",
     "vue-router": "4"
@@ -23,10 +23,10 @@
     "@vitejs/plugin-vue": "^5.1.4",
     "autoprefixer": "^10.4.20",
     "postcss": "^8.4.47",
-    "tailwindcss": "^3.4.14",
+    "tailwindcss": "=3.4.17",
     "typescript": "~5.6.2",
     "vite": "^5.4.10",
     "vite-plugin-singlefile": "^2.0.3",
     "vue-tsc": "^2.1.10"
   }
-}
+}

easytier-web/frontend/src/components/ConfigGenerator.vue

@@ -0,0 +1,63 @@
+<script setup lang="ts">
+import { NetworkTypes } from 'easytier-frontend-lib';
+import {computed, ref} from 'vue';
+import { Api } from 'easytier-frontend-lib'
+import {AutoComplete, Divider} from "primevue";
+import {getInitialApiHost, cleanAndLoadApiHosts, saveApiHost} from "../modules/api-host"
+
+const api = computed<Api.ApiClient>(() => new Api.ApiClient(apiHost.value));
+
+
+const apiHost = ref<string>(getInitialApiHost())
+const apiHostSuggestions = ref<Array<string>>([])
+const apiHostSearch = async (event: { query: string }) => {
+  apiHostSuggestions.value = [];
+  let hosts = cleanAndLoadApiHosts();
+  if (event.query) {
+    apiHostSuggestions.value.push(event.query);
+  }
+  hosts.forEach((host) => {
+    apiHostSuggestions.value.push(host.value);
+  });
+}
+
+const newNetworkConfig = ref<NetworkTypes.NetworkConfig>(NetworkTypes.DEFAULT_NETWORK_CONFIG());
+const toml_config = ref<string>("Press 'Run Network' to generate TOML configuration");
+
+const generateConfig = (config: NetworkTypes.NetworkConfig) => {
+  saveApiHost(apiHost.value)
+  api.value?.generate_config({
+        config: config
+    }).then((res) => {
+        if (res.error) {
+            toml_config.value = res.error;
+        } else if (res.toml_config) {
+            toml_config.value = res.toml_config;
+        } else {
+            toml_config.value = "Api server returned an unexpected response";
+        }
+    });
+};
+
+</script>
+
+<template>
+    <div class="flex items-center justify-center m-5">
+        <div class="sm:block md:flex w-full">
+            <div class="sm:w-full md:w-1/2 p-4">
+                <div class="flex flex-col">
+                  <div class="w-11/12 self-center ">
+                    <label>ApiHost</label>
+                    <AutoComplete id="api-host" v-model="apiHost" dropdown :suggestions="apiHostSuggestions"
+                                  @complete="apiHostSearch" class="w-full" />
+                    <Divider />
+                  </div>
+                </div>
+                <Config :cur-network="newNetworkConfig" @run-network="generateConfig" />
+            </div>
+            <div class="sm:w-full md:w-1/2 p-4 bg-gray-100">
+                <pre class="whitespace-pre-wrap">{{ toml_config }}</pre>
+            </div>
+        </div>
+    </div>
+</template>

easytier-web/frontend/src/components/DeviceList.vue

@@ -27,7 +27,7 @@ const loadDevices = async () => {
             public_ip: device.client_url,
             running_network_instances: device.info?.running_network_instances.map((instance: any) => Utils.UuidToStr(instance)),
             running_network_count: device.info?.running_network_instances.length,
-            report_time: device.info?.report_time,
+            report_time: new Date(device.info?.report_time).toLocaleString(),
             easytier_version: device.info?.easytier_version,
             machine_id: Utils.UuidToStr(device.info?.machine_id),
         });
@@ -102,7 +102,7 @@ const selectedDeviceHostname = computed<string | undefined>(() => {
     </DataTable>
 
     <Drawer v-model:visible="deviceManageVisible" :header="`Manage ${selectedDeviceHostname}`" position="right"
-        class="w-1/2 min-w-96">
+        :baseZIndex=1000 class="w-3/5 min-w-96">
         <RouterView v-slot="{ Component }">
             <component :is="Component" :api="api" :deviceList="deviceList" @update="loadDevices" />
         </RouterView>

easytier-web/frontend/src/components/DeviceManagement.vue

@@ -1,5 +1,5 @@
 <script setup lang="ts">
-import { Toolbar, IftaLabel, Select, Button, ConfirmPopup, Dialog, useConfirm, useToast } from 'primevue';
+import {Toolbar, IftaLabel, Select, Button, ConfirmPopup, Dialog, useConfirm, useToast, Divider} from 'primevue';
 import { NetworkTypes, Status, Utils, Api, } from 'easytier-frontend-lib';
 import { watch, computed, onMounted, onUnmounted, ref } from 'vue';
 import { useRoute, useRouter } from 'vue-router';
@@ -27,6 +27,8 @@ const deviceInfo = computed<Utils.DeviceInfo | undefined | null>(() => {
     return deviceId.value ? props.deviceList?.find((device) => device.machine_id === deviceId.value) : null;
 });
 
+const configFile = ref();
+
 const curNetworkInfo = ref<NetworkTypes.NetworkInstance | null>(null);
 
 const isEditing = ref(false);
@@ -158,6 +160,7 @@ const createNewNetwork = async () => {
 
 const newNetwork = () => {
     newNetworkConfig.value = NetworkTypes.DEFAULT_NETWORK_CONFIG();
+    newNetworkConfig.value.hostname = deviceInfo.value?.hostname;
     isEditing.value = false;
     showCreateNetworkDialog.value = true;
 }
@@ -207,6 +210,65 @@ const loadDeviceInfo = async () => {
     } as NetworkTypes.NetworkInstance;
 }
 
+const exportConfig = async () => {
+  if (!deviceId.value || !instanceId.value) {
+    toast.add({ severity: 'error', summary: 'Error', detail: 'No network instance selected', life: 2000 });
+    return;
+  }
+
+  try {
+    let ret = await props.api?.get_network_config(deviceId.value, instanceId.value);
+    delete ret.instance_id;
+    exportJsonFile(JSON.stringify(ret, null, 2),instanceId.value +'.json');
+  } catch (e: any) {
+    console.error(e);
+    toast.add({ severity: 'error', summary: 'Error', detail: 'Failed to export network config, error: ' + JSON.stringify(e.response.data), life: 2000 });
+    return;
+  }
+}
+
+const importConfig = () => {
+  configFile.value.click();
+}
+
+const handleFileUpload = (event: Event) => {
+  const files = (event.target as HTMLInputElement).files;
+  const file = files ? files[0] : null;
+  if (file) {
+    const reader = new FileReader();
+    reader.onload = (e) => {
+      try {
+        let str = e.target?.result?.toString();
+        if(str){
+          const config = JSON.parse(str);
+          if(config === null || typeof config !== "object"){
+            throw new Error();
+          }
+          Object.assign(newNetworkConfig.value, config);
+          toast.add({ severity: 'success', summary: 'Import Success', detail: "Config file import success", life: 2000 });
+        }
+      } catch (error) {
+        toast.add({ severity: 'error', summary: 'Error', detail: 'Config file parse error.', life: 2000 });
+      }
+      configFile.value.value = null;
+    }
+    reader.readAsText(file);
+  }
+}
+
+const exportJsonFile = (context: string, name: string) => {
+  let url = window.URL.createObjectURL(new Blob([context], { type: 'application/json' }));
+  let link = document.createElement('a');
+  link.style.display = 'none';
+  link.href = url;
+  link.setAttribute('download', name);
+  document.body.appendChild(link);
+  link.click();
+
+  document.body.removeChild(link);
+  window.URL.revokeObjectURL(url);
+}
+
 let periodFunc = new Utils.PeriodicTask(async () => {
     try {
         await Promise.all([loadNetworkInstanceIds(), loadDeviceInfo()]);
@@ -226,9 +288,16 @@ onUnmounted(() => {
 </script>
 
 <template>
+    <input type="file" @change="handleFileUpload" class="hidden" accept="application/json" ref="configFile"/>
     <ConfirmPopup></ConfirmPopup>
     <Dialog v-model:visible="showCreateNetworkDialog" modal :header="!isEditing ? 'Create New Network' : 'Edit Network'"
         :style="{ width: '55rem' }">
+        <div class="flex flex-col">
+          <div class="w-11/12 self-center ">
+            <Button @click="importConfig" icon="pi pi-file-import" label="Import" iconPos="right" />
+            <Divider />
+          </div>
+        </div>
         <Config :cur-network="newNetworkConfig" @run-network="createNewNetwork"></Config>
     </Dialog>
 
@@ -245,19 +314,23 @@ onUnmounted(() => {
             <div class="gap-x-3 flex">
                 <Button @click="confirmDeleteNetwork($event)" icon="pi pi-minus" severity="danger" label="Delete"
                     iconPos="right" />
+                <Button @click="exportConfig" icon="pi pi-file-export" severity="help" label="Export" iconPos="right" />
                 <Button @click="editNetwork" icon="pi pi-pen-to-square" label="Edit" iconPos="right" severity="info" />
                 <Button @click="newNetwork" icon="pi pi-plus" label="Create" iconPos="right" />
             </div>
         </template>
     </Toolbar>
 
+    <Divider />
+
     <!-- For running network, show the status -->
     <div v-if="needShowNetworkStatus">
         <Status v-bind:cur-network-inst="curNetworkInfo" v-if="needShowNetworkStatus">
         </Status>
-        <center>
-            <Button @click="updateNetworkState(true)" label="Disable Network" severity="warn" />
-        </center>
+        <Divider />
+        <div class="text-center">
+          <Button @click="updateNetworkState(true)" label="Disable Network" severity="warn" />
+        </div>
     </div>
 
     <!-- For disabled network, show the config -->

easytier-web/frontend/src/components/Login.vue

@@ -4,6 +4,7 @@ import { Card, InputText, Password, Button, AutoComplete } from 'primevue';
 import { useRouter } from 'vue-router';
 import { useToast } from 'primevue/usetoast';
 import { Api } from 'easytier-frontend-lib';
+import {getInitialApiHost, cleanAndLoadApiHosts, saveApiHost} from "../modules/api-host"
 
 defineProps<{
     isRegistering: boolean;
@@ -20,56 +21,6 @@ const registerPassword = ref('');
 const captcha = ref('');
 const captchaSrc = computed(() => api.value.captcha_url());
 
-interface ApiHost {
-    value: string;
-    usedAt: number;
-}
-
-const isValidHttpUrl = (s: string): boolean => {
-    let url;
-
-    try {
-        url = new URL(s);
-    } catch (_) {
-        return false;
-    }
-
-    return url.protocol === "http:" || url.protocol === "https:";
-}
-
-const cleanAndLoadApiHosts = (): Array<ApiHost> => {
-    const maxHosts = 10;
-    const apiHosts = localStorage.getItem('apiHosts');
-    if (apiHosts) {
-        const hosts: Array<ApiHost> = JSON.parse(apiHosts);
-        // sort by usedAt
-        hosts.sort((a, b) => b.usedAt - a.usedAt);
-
-        // only keep the first 10
-        if (hosts.length > maxHosts) {
-            hosts.splice(maxHosts);
-        }
-
-        localStorage.setItem('apiHosts', JSON.stringify(hosts));
-        return hosts;
-    } else {
-        return [];
-    }
-};
-
-const saveApiHost = (host: string) => {
-    console.log('Save API Host:', host);
-    if (!isValidHttpUrl(host)) {
-        console.error('Invalid API Host:', host);
-        return;
-    }
-
-    let hosts = cleanAndLoadApiHosts();
-    const newHost: ApiHost = { value: host, usedAt: Date.now() };
-    hosts = hosts.filter((h) => h.value !== host);
-    hosts.push(newHost);
-    localStorage.setItem('apiHosts', JSON.stringify(hosts));
-};
 
 const onSubmit = async () => {
     // Add your login logic here
@@ -100,16 +51,6 @@ const onRegister = async () => {
     }
 };
 
-const getInitialApiHost = (): string => {
-    const hosts = cleanAndLoadApiHosts();
-    if (hosts.length > 0) {
-        return hosts[0].value;
-    } else {
-        return defaultApiHost;
-    }
-};
-
-const defaultApiHost = 'https://config-server.easytier.cn'
 const apiHost = ref<string>(getInitialApiHost())
 const apiHostSuggestions = ref<Array<string>>([])
 const apiHostSearch = async (event: { query: string }) => {
@@ -124,10 +65,7 @@ const apiHostSearch = async (event: { query: string }) => {
 }
 
 onMounted(() => {
-    let hosts = cleanAndLoadApiHosts();
-    if (hosts.length === 0) {
-        saveApiHost(defaultApiHost);
-    }
+
 });
 
 </script>

easytier-web/frontend/src/main.ts

@@ -1,6 +1,6 @@
 import { createApp } from 'vue'
-import './style.css'
 import 'easytier-frontend-lib/style.css'
+import './style.css'
 import App from './App.vue'
 import EasytierFrontendLib from 'easytier-frontend-lib'
 import PrimeVue from 'primevue/config'
@@ -15,6 +15,7 @@ import DeviceManagement from './components/DeviceManagement.vue'
 import Dashboard from './components/Dashboard.vue'
 import DialogService from 'primevue/dialogservice';
 import ToastService from 'primevue/toastservice';
+import ConfigGenerator from './components/ConfigGenerator.vue'
 
 const routes = [
     {
@@ -66,6 +67,10 @@ const routes = [
             }
         }
     },
+    {
+        path: '/config_generator',
+        component: ConfigGenerator,
+    }
 ]
 
 const router = createRouter({

easytier-web/frontend/src/modules/api-host.ts

@@ -0,0 +1,71 @@
+interface ApiHost {
+    value: string;
+    usedAt: number;
+}
+
+let apiMeta: {
+    api_host: string;
+} | undefined = (window as any).apiMeta;
+
+// remove trailing slashes from the URL
+const cleanUrl = (url: string) => url.replace(/\/+$/, '');
+
+const defaultApiHost = cleanUrl(apiMeta?.api_host ?? `${location.origin}${location.pathname}`);
+
+const isValidHttpUrl = (s: string): boolean => {
+    let url;
+
+    try {
+        url = new URL(s);
+    } catch (_) {
+        return false;
+    }
+
+    return url.protocol === "http:" || url.protocol === "https:";
+};
+
+const cleanAndLoadApiHosts = (): Array<ApiHost> => {
+    const maxHosts = 10;
+    const apiHosts = localStorage.getItem('apiHosts');
+    if (apiHosts) {
+        const hosts: Array<ApiHost> = JSON.parse(apiHosts);
+        // sort by usedAt
+        hosts.sort((a, b) => b.usedAt - a.usedAt);
+
+        // only keep the first 10
+        if (hosts.length > maxHosts) {
+            hosts.splice(maxHosts);
+        }
+
+        localStorage.setItem('apiHosts', JSON.stringify(hosts));
+        return hosts;
+    } else {
+        return [];
+    }
+};
+
+const saveApiHost = (host: string) => {
+    console.log('Save API Host:', host);
+    if (!isValidHttpUrl(host)) {
+        console.error('Invalid API Host:', host);
+        return;
+    }
+
+    let hosts = cleanAndLoadApiHosts();
+    const newHost: ApiHost = { value: host, usedAt: Date.now() };
+    hosts = hosts.filter((h) => h.value !== host);
+    hosts.push(newHost);
+    localStorage.setItem('apiHosts', JSON.stringify(hosts));
+};
+
+const getInitialApiHost = (): string => {
+    const hosts = cleanAndLoadApiHosts();
+    if (hosts.length > 0) {
+        return hosts[0].value;
+    } else {
+        saveApiHost(defaultApiHost)
+        return defaultApiHost;
+    }
+};
+
+export { getInitialApiHost, cleanAndLoadApiHosts, saveApiHost }

easytier-web/frontend/vite.config.ts

@@ -1,9 +1,22 @@
 import { defineConfig } from 'vite'
 import vue from '@vitejs/plugin-vue'
-import { viteSingleFile } from "vite-plugin-singlefile"
+// import { viteSingleFile } from "vite-plugin-singlefile"
+
+const WEB_BASE_URL = process.env.WEB_BASE_URL || '';
+const API_BASE_URL = process.env.API_BASE_URL || 'http://localhost:11211';
 
 // https://vite.dev/config/
 export default defineConfig({
-  base: '',
-  plugins: [vue(), viteSingleFile()],
+  base: WEB_BASE_URL,
+  plugins: [vue(),/* viteSingleFile() */],
+  server: {
+    proxy: {
+      "/api": {
+        target: API_BASE_URL,
+      },
+      "/api_meta.js": {
+        target: API_BASE_URL,
+      },
+    }
+  }
 })

easytier-web/locales/app.yml

@@ -22,3 +22,12 @@ cli:
   api_server_port:
     en: "The port to listen for the restful server, acting as ApiHost and used by the web frontend"
     zh-CN: "restful 服务器的监听端口，作为 ApiHost 并被 web 前端使用"
+  web_server_port:
+    en: "The port to listen for the web dashboard server, default is same as the api server port"
+    zh-CN: "web dashboard 服务器的监听端口, 默认为与 api 服务器端口相同"
+  no_web:
+    en: "Do not run the web dashboard server"
+    zh-CN: "不运行 web dashboard 服务器"
+  api_host:
+    en: "The URL of the API server, used by the web frontend to connect to"
+    zh-CN: "API 服务器的 URL，用于 web 前端连接"

easytier-web/src/client_manager/mod.rs

@@ -10,7 +10,7 @@ use easytier::{
 use session::Session;
 use storage::{Storage, StorageToken};
 
-use crate::db::Db;
+use crate::db::{Db, UserIdInDb};
 
 #[derive(Debug)]
 pub struct ClientManager {
@@ -86,15 +86,21 @@ impl ClientManager {
         ret
     }
 
-    pub fn get_session_by_machine_id(&self, machine_id: &uuid::Uuid) -> Option<Arc<Session>> {
-        let c_url = self.storage.get_client_url_by_machine_id(machine_id)?;
+    pub fn get_session_by_machine_id(
+        &self,
+        user_id: UserIdInDb,
+        machine_id: &uuid::Uuid,
+    ) -> Option<Arc<Session>> {
+        let c_url = self
+            .storage
+            .get_client_url_by_machine_id(user_id, machine_id)?;
         self.client_sessions
             .get(&c_url)
             .map(|item| item.value().clone())
     }
 
-    pub async fn list_machine_by_token(&self, token: String) -> Vec<url::Url> {
-        self.storage.list_token_clients(&token)
+    pub async fn list_machine_by_user_id(&self, user_id: UserIdInDb) -> Vec<url::Url> {
+        self.storage.list_user_clients(user_id)
     }
 
     pub async fn get_heartbeat_requests(&self, client_url: &url::Url) -> Option<HeartbeatRequest> {
@@ -118,6 +124,7 @@ mod tests {
         },
         web_client::WebClient,
     };
+    use sqlx::Executor;
 
     use crate::{client_manager::ClientManager, db::Db};
 
@@ -127,8 +134,14 @@ mod tests {
         let mut mgr = ClientManager::new(Db::memory_db().await);
         mgr.serve(Box::new(listener)).await.unwrap();
 
+        mgr.db()
+            .inner()
+            .execute("INSERT INTO users (username, password) VALUES ('test', 'test')")
+            .await
+            .unwrap();
+
         let connector = UdpTunnelConnector::new("udp://127.0.0.1:54333".parse().unwrap());
-        let _c = WebClient::new(connector, "test");
+        let _c = WebClient::new(connector, "test", "test");
 
         wait_for_condition(
             || async { mgr.client_sessions.len() == 1 },

easytier-web/src/client_manager/session.rs

@@ -1,5 +1,6 @@
 use std::{fmt::Debug, str::FromStr as _, sync::Arc};
 
+use anyhow::Context;
 use easytier::{
     common::scoped_task::ScopedTask,
     proto::{
@@ -68,6 +69,66 @@ struct SessionRpcService {
     data: SharedSessionData,
 }
 
+impl SessionRpcService {
+    async fn handle_heartbeat(
+        &self,
+        req: HeartbeatRequest,
+    ) -> rpc_types::error::Result<HeartbeatResponse> {
+        let mut data = self.data.write().await;
+
+        let Ok(storage) = Storage::try_from(data.storage.clone()) else {
+            tracing::error!("Failed to get storage");
+            return Ok(HeartbeatResponse {});
+        };
+
+        let machine_id: uuid::Uuid =
+            req.machine_id
+                .clone()
+                .map(Into::into)
+                .ok_or(anyhow::anyhow!(
+                    "Machine id is not set correctly, expect uuid but got: {:?}",
+                    req.machine_id
+                ))?;
+
+        let user_id = storage
+            .db()
+            .get_user_id_by_token(req.user_token.clone())
+            .await
+            .with_context(|| {
+                format!(
+                    "Failed to get user id by token from db: {:?}",
+                    req.user_token
+                )
+            })?
+            .ok_or(anyhow::anyhow!(
+                "User not found by token: {:?}",
+                req.user_token
+            ))?;
+
+        if data.req.replace(req.clone()).is_none() {
+            assert!(data.storage_token.is_none());
+            data.storage_token = Some(StorageToken {
+                token: req.user_token.clone().into(),
+                client_url: data.client_url.clone(),
+                machine_id,
+                user_id,
+            });
+        }
+
+        let Ok(report_time) = chrono::DateTime::<chrono::Local>::from_str(&req.report_time) else {
+            tracing::error!("Failed to parse report time: {:?}", req.report_time);
+            return Ok(HeartbeatResponse {});
+        };
+        storage.update_client(
+            data.storage_token.as_ref().unwrap().clone(),
+            report_time.timestamp(),
+        );
+
+        let _ = data.notifier.send(req);
+        Ok(HeartbeatResponse {})
+    }
+}
+
 #[async_trait::async_trait]
 impl WebServerService for SessionRpcService {
     type Controller = BaseController;
@@ -77,34 +138,13 @@ impl WebServerService for SessionRpcService {
         _: BaseController,
         req: HeartbeatRequest,
     ) -> rpc_types::error::Result<HeartbeatResponse> {
-        let mut data = self.data.write().await;
-        if data.req.replace(req.clone()).is_none() {
-            assert!(data.storage_token.is_none());
-            data.storage_token = Some(StorageToken {
-                token: req.user_token.clone().into(),
-                client_url: data.client_url.clone(),
-                machine_id: req
-                    .machine_id
-                    .clone()
-                    .map(Into::into)
-                    .unwrap_or(uuid::Uuid::new_v4()),
-            });
+        let ret = self.handle_heartbeat(req).await;
+        if ret.is_err() {
+            tracing::warn!("Failed to handle heartbeat: {:?}", ret);
+            // sleep for a while to avoid client busy loop
+            tokio::time::sleep(std::time::Duration::from_secs(2)).await;
         }
-
-        if let Ok(storage) = Storage::try_from(data.storage.clone()) {
-            let Ok(report_time) = chrono::DateTime::<chrono::Local>::from_str(&req.report_time)
-            else {
-                tracing::error!("Failed to parse report time: {:?}", req.report_time);
-                return Ok(HeartbeatResponse {});
-            };
-            storage.update_client(
-                data.storage_token.as_ref().unwrap().clone(),
-                report_time.timestamp(),
-            );
-        }
-
-        let _ = data.notifier.send(req);
-        Ok(HeartbeatResponse {})
+        ret
     }
 }
 

easytier-web/src/client_manager/storage.rs

@@ -2,7 +2,7 @@ use std::sync::{Arc, Weak};
 
 use dashmap::DashMap;
 
-use crate::db::Db;
+use crate::db::{Db, UserIdInDb};
 
 // use this to maintain Storage
 #[derive(Debug, Clone, serde::Serialize, serde::Deserialize)]
@@ -10,21 +10,19 @@ pub struct StorageToken {
     pub token: String,
     pub client_url: url::Url,
     pub machine_id: uuid::Uuid,
+    pub user_id: UserIdInDb,
 }
 
 #[derive(Debug, Clone)]
 struct ClientInfo {
-    client_url: url::Url,
-    machine_id: uuid::Uuid,
-    token: String,
+    storage_token: StorageToken,
     report_time: i64,
 }
 
 #[derive(Debug)]
 pub struct StorageInner {
     // some map for indexing
-    token_clients_map: DashMap<String, DashMap<uuid::Uuid, ClientInfo>>,
-    machine_client_url_map: DashMap<uuid::Uuid, ClientInfo>,
+    user_clients_map: DashMap<UserIdInDb, DashMap<uuid::Uuid, ClientInfo>>,
     pub db: Db,
 }
 
@@ -43,8 +41,7 @@ impl TryFrom<WeakRefStorage> for Storage {
 impl Storage {
     pub fn new(db: Db) -> Self {
         Storage(Arc::new(StorageInner {
-            token_clients_map: DashMap::new(),
-            machine_client_url_map: DashMap::new(),
+            user_clients_map: DashMap::new(),
             db,
         }))
     }
@@ -54,17 +51,22 @@ impl Storage {
         machine_id: &uuid::Uuid,
         client_url: &url::Url,
     ) {
-        map.remove_if(&machine_id, |_, v| v.client_url == *client_url);
+        map.remove_if(&machine_id, |_, v| {
+            v.storage_token.client_url == *client_url
+        });
     }
 
     fn update_mid_to_client_info_map(
         map: &DashMap<uuid::Uuid, ClientInfo>,
         client_info: &ClientInfo,
     ) {
-        map.entry(client_info.machine_id)
+        map.entry(client_info.storage_token.machine_id)
             .and_modify(|e| {
                 if e.report_time < client_info.report_time {
-                    assert_eq!(e.machine_id, client_info.machine_id);
+                    assert_eq!(
+                        e.storage_token.machine_id,
+                        client_info.storage_token.machine_id
+                    );
                     *e = client_info.clone();
                 }
             })
@@ -74,53 +76,51 @@ impl Storage {
     pub fn update_client(&self, stoken: StorageToken, report_time: i64) {
         let inner = self
             .0
-            .token_clients_map
-            .entry(stoken.token.clone())
+            .user_clients_map
+            .entry(stoken.user_id)
             .or_insert_with(DashMap::new);
 
         let client_info = ClientInfo {
-            client_url: stoken.client_url.clone(),
-            machine_id: stoken.machine_id,
-            token: stoken.token.clone(),
+            storage_token: stoken.clone(),
             report_time,
         };
 
         Self::update_mid_to_client_info_map(&inner, &client_info);
-        Self::update_mid_to_client_info_map(&self.0.machine_client_url_map, &client_info);
     }
 
     pub fn remove_client(&self, stoken: &StorageToken) {
-        self.0.token_clients_map.remove_if(&stoken.token, |_, set| {
-            Self::remove_mid_to_client_info_map(set, &stoken.machine_id, &stoken.client_url);
-            set.is_empty()
-        });
-
-        Self::remove_mid_to_client_info_map(
-            &self.0.machine_client_url_map,
-            &stoken.machine_id,
-            &stoken.client_url,
-        );
+        self.0
+            .user_clients_map
+            .remove_if(&stoken.user_id, |_, set| {
+                Self::remove_mid_to_client_info_map(set, &stoken.machine_id, &stoken.client_url);
+                set.is_empty()
+            });
     }
 
     pub fn weak_ref(&self) -> WeakRefStorage {
         Arc::downgrade(&self.0)
     }
 
-    pub fn get_client_url_by_machine_id(&self, machine_id: &uuid::Uuid) -> Option<url::Url> {
-        self.0
-            .machine_client_url_map
-            .get(&machine_id)
-            .map(|info| info.client_url.clone())
+    pub fn get_client_url_by_machine_id(
+        &self,
+        user_id: UserIdInDb,
+        machine_id: &uuid::Uuid,
+    ) -> Option<url::Url> {
+        self.0.user_clients_map.get(&user_id).and_then(|info_map| {
+            info_map
+                .get(machine_id)
+                .map(|info| info.storage_token.client_url.clone())
+        })
     }
 
-    pub fn list_token_clients(&self, token: &str) -> Vec<url::Url> {
+    pub fn list_user_clients(&self, user_id: UserIdInDb) -> Vec<url::Url> {
         self.0
-            .token_clients_map
-            .get(token)
+            .user_clients_map
+            .get(&user_id)
             .map(|info_map| {
                 info_map
                     .iter()
-                    .map(|info| info.value().client_url.clone())
+                    .map(|info| info.value().storage_token.client_url.clone())
                     .collect()
             })
             .unwrap_or_default()

easytier-web/src/db/mod.rs

@@ -12,7 +12,7 @@ use sqlx::{migrate::MigrateDatabase as _, types::chrono, Sqlite, SqlitePool};
 
 use crate::migrator;
 
-type UserIdInDb = i32;
+pub type UserIdInDb = i32;
 
 pub enum ListNetworkProps {
     All,

easytier-web/src/main.rs

@@ -5,13 +5,16 @@ extern crate rust_i18n;
 
 use std::sync::Arc;
 
-use clap::{command, Parser};
+use clap::Parser;
 use easytier::{
     common::{
         config::{ConfigLoader, ConsoleLoggerConfig, FileLoggerConfig, TomlConfigLoader},
         constants::EASYTIER_VERSION,
+        error::Error,
+    },
+    tunnel::{
+        tcp::TcpTunnelListener, udp::UdpTunnelListener, websocket::WSTunnelListener, TunnelListener,
     },
-    tunnel::udp::UdpTunnelListener,
     utils::{init_logger, setup_panic_handler},
 };
 
@@ -20,10 +23,13 @@ mod db;
 mod migrator;
 mod restful;
 
+#[cfg(feature = "embed")]
+mod web;
+
 rust_i18n::i18n!("locales", fallback = "en");
 
 #[derive(Parser, Debug)]
-#[command(name = "easytier-core", author, version = EASYTIER_VERSION , about, long_about = None)]
+#[command(name = "easytier-web", author, version = EASYTIER_VERSION , about, long_about = None)]
 struct Cli {
     #[arg(short, long, default_value = "et.db", help = t!("cli.db").to_string())]
     db: String,
@@ -69,6 +75,40 @@ struct Cli {
         help = t!("cli.api_server_port").to_string(),
     )]
     api_server_port: u16,
+
+    #[cfg(feature = "embed")]
+    #[arg(
+        long,
+        short='l',
+        help = t!("cli.web_server_port").to_string(),
+    )]
+    web_server_port: Option<u16>,
+
+    #[cfg(feature = "embed")]
+    #[arg(
+        long,
+        help = t!("cli.no_web").to_string(),
+        default_value = "false"
+    )]
+    no_web: bool,
+
+    #[cfg(feature = "embed")]
+    #[arg(
+        long,
+        help = t!("cli.api_host").to_string()
+    )]
+    api_host: Option<url::Url>,
+}
+
+pub fn get_listener_by_url(l: &url::Url) -> Result<Box<dyn TunnelListener>, Error> {
+    Ok(match l.scheme() {
+        "tcp" => Box::new(TcpTunnelListener::new(l.clone())),
+        "udp" => Box::new(UdpTunnelListener::new(l.clone())),
+        "ws" => Box::new(WSTunnelListener::new(l.clone())),
+        _ => {
+            return Err(Error::InvalidUrl(l.to_string()));
+        }
+    })
 }
 
 #[tokio::main]
@@ -92,25 +132,63 @@ async fn main() {
     // let db = db::Db::new(":memory:").await.unwrap();
     let db = db::Db::new(cli.db).await.unwrap();
 
-    let listener = UdpTunnelListener::new(
-        format!(
+    let listener = get_listener_by_url(
+        &format!(
             "{}://0.0.0.0:{}",
             cli.config_server_protocol, cli.config_server_port
         )
         .parse()
         .unwrap(),
-    );
+    )
+    .unwrap();
     let mut mgr = client_manager::ClientManager::new(db.clone());
     mgr.serve(listener).await.unwrap();
     let mgr = Arc::new(mgr);
 
-    let mut restful_server = restful::RestfulServer::new(
+    #[cfg(feature = "embed")]
+    let (web_router_restful, web_router_static) = if cli.no_web {
+        (None, None)
+    } else {
+        let web_router = web::build_router(cli.api_host.clone());
+        if cli.web_server_port.is_none() || cli.web_server_port == Some(cli.api_server_port) {
+            (Some(web_router), None)
+        } else {
+            (None, Some(web_router))
+        }
+    };
+    #[cfg(not(feature = "embed"))]
+    let web_router_restful = None;
+
+    let _restful_server_tasks = restful::RestfulServer::new(
         format!("0.0.0.0:{}", cli.api_server_port).parse().unwrap(),
         mgr.clone(),
         db,
+        web_router_restful,
     )
     .await
+    .unwrap()
+    .start()
+    .await
     .unwrap();
-    restful_server.start().await.unwrap();
+
+    #[cfg(feature = "embed")]
+    let _web_server_task = if let Some(web_router) = web_router_static {
+        Some(
+            web::WebServer::new(
+                format!("0.0.0.0:{}", cli.web_server_port.unwrap_or(0))
+                    .parse()
+                    .unwrap(),
+                web_router,
+            )
+            .await
+            .unwrap()
+            .start()
+            .await
+            .unwrap(),
+        )
+    } else {
+        None
+    };
+
     tokio::signal::ctrl_c().await.unwrap();
 }

easytier-web/src/restful/mod.rs

@@ -6,11 +6,14 @@ mod users;
 use std::{net::SocketAddr, sync::Arc};
 
 use axum::http::StatusCode;
+use axum::routing::post;
 use axum::{extract::State, routing::get, Json, Router};
 use axum_login::tower_sessions::{ExpiredDeletion, SessionManagerLayer};
-use axum_login::{login_required, AuthManagerLayerBuilder, AuthzBackend};
+use axum_login::{login_required, AuthManagerLayerBuilder, AuthUser, AuthzBackend};
 use axum_messages::MessagesManagerLayer;
+use easytier::common::config::ConfigLoader;
 use easytier::common::scoped_task::ScopedTask;
+use easytier::launcher::NetworkConfig;
 use easytier::proto::rpc_types;
 use network::NetworkApi;
 use sea_orm::DbErr;
@@ -21,20 +24,26 @@ use tower_sessions::Expiry;
 use tower_sessions_sqlx_store::SqliteStore;
 use users::{AuthSession, Backend};
 
-use crate::client_manager::session::Session;
 use crate::client_manager::storage::StorageToken;
 use crate::client_manager::ClientManager;
 use crate::db::Db;
 
+/// Embed assets for web dashboard, build frontend first
+#[cfg(feature = "embed")]
+#[derive(rust_embed::RustEmbed, Clone)]
+#[folder = "frontend/dist/"]
+struct Assets;
+
 pub struct RestfulServer {
     bind_addr: SocketAddr,
     client_mgr: Arc<ClientManager>,
     db: Db,
 
-    serve_task: Option<ScopedTask<()>>,
-    delete_task: Option<ScopedTask<tower_sessions::session_store::Result<()>>>,
-
+    // serve_task: Option<ScopedTask<()>>,
+    // delete_task: Option<ScopedTask<tower_sessions::session_store::Result<()>>>,
     network_api: NetworkApi,
+
+    web_router: Option<Router>,
 }
 
 type AppStateInner = Arc<ClientManager>;
@@ -48,6 +57,17 @@ struct GetSummaryJsonResp {
     device_count: u32,
 }
 
+#[derive(Debug, serde::Deserialize, serde::Serialize)]
+struct GenerateConfigRequest {
+    config: NetworkConfig,
+}
+
+#[derive(Debug, serde::Deserialize, serde::Serialize)]
+struct GenerateConfigResponse {
+    error: Option<String>,
+    toml_config: Option<String>,
+}
+
 #[derive(Debug, serde::Deserialize, serde::Serialize)]
 pub struct Error {
     message: String,
@@ -73,6 +93,7 @@ impl RestfulServer {
         bind_addr: SocketAddr,
         client_mgr: Arc<ClientManager>,
         db: Db,
+        web_router: Option<Router>,
     ) -> anyhow::Result<Self> {
         assert!(client_mgr.is_running());
 
@@ -82,23 +103,13 @@ impl RestfulServer {
             bind_addr,
             client_mgr,
             db,
-            serve_task: None,
-            delete_task: None,
+            // serve_task: None,
+            // delete_task: None,
             network_api,
+            web_router,
         })
     }
 
-    async fn get_session_by_machine_id(
-        client_mgr: &ClientManager,
-        machine_id: &uuid::Uuid,
-    ) -> Result<Arc<Session>, HttpHandleError> {
-        let Some(result) = client_mgr.get_session_by_machine_id(machine_id) else {
-            return Err((StatusCode::NOT_FOUND, other_error("No such session").into()));
-        };
-
-        Ok(result)
-    }
-
     async fn handle_list_all_sessions(
         auth_session: AuthSession,
         State(client_mgr): AppState,
@@ -121,9 +132,7 @@ impl RestfulServer {
             return Err((StatusCode::UNAUTHORIZED, other_error("No such user").into()));
         };
 
-        let machines = client_mgr
-            .list_machine_by_token(user.tokens[0].clone())
-            .await;
+        let machines = client_mgr.list_machine_by_user_id(user.id().clone()).await;
 
         Ok(GetSummaryJsonResp {
             device_count: machines.len() as u32,
@@ -131,7 +140,33 @@ impl RestfulServer {
         .into())
     }
 
-    pub async fn start(&mut self) -> Result<(), anyhow::Error> {
+    async fn handle_generate_config(
+        Json(req): Json<GenerateConfigRequest>,
+    ) -> Result<Json<GenerateConfigResponse>, HttpHandleError> {
+        let config = req.config.gen_config();
+        match config {
+            Ok(c) => Ok(GenerateConfigResponse {
+                error: None,
+                toml_config: Some(c.dump()),
+            }
+            .into()),
+            Err(e) => Ok(GenerateConfigResponse {
+                error: Some(format!("{:?}", e)),
+                toml_config: None,
+            }
+            .into()),
+        }
+    }
+
+    pub async fn start(
+        mut self,
+    ) -> Result<
+        (
+            ScopedTask<()>,
+            ScopedTask<tower_sessions::session_store::Result<()>>,
+        ),
+        anyhow::Error,
+    > {
         let listener = TcpListener::bind(self.bind_addr).await?;
 
         // Session layer.
@@ -141,14 +176,13 @@ impl RestfulServer {
         let session_store = SqliteStore::new(self.db.inner());
         session_store.migrate().await?;
 
-        self.delete_task.replace(
+        let delete_task: ScopedTask<tower_sessions::session_store::Result<()>> =
             tokio::task::spawn(
                 session_store
                     .clone()
                     .continuously_delete_expired(tokio::time::Duration::from_secs(60)),
             )
-            .into(),
-        );
+            .into();
 
         // Generate a cryptographic key to sign the session cookie.
         let key = Key::generate();
@@ -178,16 +212,27 @@ impl RestfulServer {
             .route_layer(login_required!(Backend))
             .merge(auth::router())
             .with_state(self.client_mgr.clone())
+            .route(
+                "/api/v1/generate-config",
+                post(Self::handle_generate_config),
+            )
             .layer(MessagesManagerLayer)
             .layer(auth_layer)
             .layer(tower_http::cors::CorsLayer::very_permissive())
             .layer(compression_layer);
 
-        let task = tokio::spawn(async move {
-            axum::serve(listener, app).await.unwrap();
-        });
-        self.serve_task = Some(task.into());
+        #[cfg(feature = "embed")]
+        let app = if let Some(web_router) = self.web_router.take() {
+            app.merge(web_router)
+        } else {
+            app
+        };
 
-        Ok(())
+        let serve_task: ScopedTask<()> = tokio::spawn(async move {
+            axum::serve(listener, app).await.unwrap();
+        })
+        .into();
+
+        Ok((serve_task, delete_task))
     }
 }

easytier-web/src/restful/network.rs

@@ -5,7 +5,6 @@ use axum::http::StatusCode;
 use axum::routing::{delete, post};
 use axum::{extract::State, routing::get, Json, Router};
 use axum_login::AuthUser;
-use dashmap::DashSet;
 use easytier::launcher::NetworkConfig;
 use easytier::proto::common::Void;
 use easytier::proto::rpc_types::controller::BaseController;
@@ -13,7 +12,7 @@ use easytier::proto::web::*;
 
 use crate::client_manager::session::Session;
 use crate::client_manager::ClientManager;
-use crate::db::ListNetworkProps;
+use crate::db::{ListNetworkProps, UserIdInDb};
 
 use super::users::AuthSession;
 use super::{
@@ -81,12 +80,24 @@ impl NetworkApi {
         Self {}
     }
 
+    fn get_user_id(auth_session: &AuthSession) -> Result<UserIdInDb, (StatusCode, Json<Error>)> {
+        let Some(user_id) = auth_session.user.as_ref().map(|x| x.id()) else {
+            return Err((
+                StatusCode::UNAUTHORIZED,
+                other_error(format!("No user id found")).into(),
+            ));
+        };
+        Ok(user_id)
+    }
+
     async fn get_session_by_machine_id(
         auth_session: &AuthSession,
         client_mgr: &ClientManager,
         machine_id: &uuid::Uuid,
     ) -> Result<Arc<Session>, HttpHandleError> {
-        let Some(result) = client_mgr.get_session_by_machine_id(machine_id) else {
+        let user_id = Self::get_user_id(auth_session)?;
+
+        let Some(result) = client_mgr.get_session_by_machine_id(user_id, machine_id) else {
             return Err((
                 StatusCode::NOT_FOUND,
                 other_error(format!("No such session: {}", machine_id)).into(),
@@ -289,23 +300,13 @@ impl NetworkApi {
         auth_session: AuthSession,
         State(client_mgr): AppState,
     ) -> Result<Json<ListMachineJsonResp>, HttpHandleError> {
-        let tokens = auth_session
-            .user
-            .as_ref()
-            .map(|x| x.tokens.clone())
-            .unwrap_or_default();
+        let user_id = Self::get_user_id(&auth_session)?;
 
-        let client_urls = DashSet::new();
-        for token in tokens {
-            let urls = client_mgr.list_machine_by_token(token).await;
-            for url in urls {
-                client_urls.insert(url);
-            }
-        }
+        let client_urls = client_mgr.list_machine_by_user_id(user_id).await;
 
         let mut machines = vec![];
         for item in client_urls.iter() {
-            let client_url = item.key().clone();
+            let client_url = item.clone();
             let session = client_mgr.get_heartbeat_requests(&client_url).await;
             machines.push(ListMachineItem {
                 client_url: Some(client_url),

easytier-web/src/web/mod.rs

@@ -0,0 +1,86 @@
+use axum::{
+    extract::State,
+    http::header,
+    response::{IntoResponse, Response},
+    routing, Router,
+};
+use axum_embed::ServeEmbed;
+use easytier::common::scoped_task::ScopedTask;
+use rust_embed::RustEmbed;
+use std::net::SocketAddr;
+use tokio::net::TcpListener;
+
+/// Embed assets for web dashboard, build frontend first
+#[derive(RustEmbed, Clone)]
+#[folder = "frontend/dist/"]
+struct Assets;
+
+#[derive(Debug, serde::Deserialize, serde::Serialize)]
+struct ApiMetaResponse {
+    api_host: String,
+}
+
+async fn handle_api_meta(State(api_host): State<url::Url>) -> impl IntoResponse {
+    Response::builder()
+        .header(
+            header::CONTENT_TYPE,
+            "application/javascript; charset=utf-8",
+        )
+        .header(header::CACHE_CONTROL, "no-cache, no-store, must-revalidate")
+        .header(header::PRAGMA, "no-cache")
+        .header(header::EXPIRES, "0")
+        .body(format!(
+            "window.apiMeta = {}",
+            serde_json::to_string(&ApiMetaResponse {
+                api_host: api_host.to_string()
+            })
+            .unwrap(),
+        ))
+        .unwrap()
+}
+
+pub fn build_router(api_host: Option<url::Url>) -> Router {
+    let service = ServeEmbed::<Assets>::new();
+    let router = Router::new();
+
+    let router = if let Some(api_host) = api_host {
+        let sub_router = Router::new()
+            .route("/api_meta.js", routing::get(handle_api_meta))
+            .with_state(api_host);
+        router.merge(sub_router)
+    } else {
+        router
+    };
+
+    let router = router.fallback_service(service);
+
+    router
+}
+
+pub struct WebServer {
+    bind_addr: SocketAddr,
+    router: Router,
+    serve_task: Option<ScopedTask<()>>,
+}
+
+impl WebServer {
+    pub async fn new(bind_addr: SocketAddr, router: Router) -> anyhow::Result<Self> {
+        Ok(WebServer {
+            bind_addr,
+            router,
+            serve_task: None,
+        })
+    }
+
+    pub async fn start(self) -> Result<ScopedTask<()>, anyhow::Error> {
+        let listener = TcpListener::bind(self.bind_addr).await?;
+        let app = self.router;
+
+        let task = tokio::spawn(async move {
+            axum::serve(listener, app).await.unwrap();
+        })
+        .into();
+
+        Ok(task)
+    }
+}

easytier/Cargo.toml

@@ -3,12 +3,12 @@ name = "easytier"
 description = "A full meshed p2p VPN, connecting all your devices in one network with one command."
 homepage = "https://github.com/EasyTier/EasyTier"
 repository = "https://github.com/EasyTier/EasyTier"
-version = "2.1.2"
+version = "2.3.1"
 edition = "2021"
 authors = ["kkrainbow"]
 keywords = ["vpn", "p2p", "network", "easytier"]
 categories = ["network-programming", "command-line-utilities"]
-rust-version = "1.77.0"
+rust-version = "1.84.0"
 license-file = "LICENSE"
 readme = "README.md"
 
@@ -62,7 +62,6 @@ timedmap = "=1.0.1"
 zerocopy = { version = "0.7.32", features = ["derive", "simd"] }
 bytes = "1.5.0"
 pin-project-lite = "0.2.13"
-atomicbox = "0.4.0"
 tachyonix = "0.3.0"
 
 quinn = { version = "0.11.0", optional = true, features = ["ring"] }
@@ -89,7 +88,7 @@ tun = { package = "tun-easytier", version = "1.1.1", features = [
     "async",
 ], optional = true }
 # for net ns
-nix = { version = "0.27", features = ["sched", "socket", "ioctl"] }
+nix = { version = "0.29.0", features = ["sched", "socket", "ioctl", "net"] }
 
 uuid = { version = "1.5.0", features = [
     "v4",
@@ -99,7 +98,6 @@ uuid = { version = "1.5.0", features = [
 ] }
 
 # for ring tunnel
-crossbeam-queue = "0.3"
 once_cell = "1.18.0"
 
 # for rpc
@@ -126,11 +124,12 @@ serde = { version = "1.0", features = ["derive"] }
 pnet = { version = "0.35.0", features = ["serde"] }
 serde_json = "1"
 
-clap = { version = "4.4.8", features = [
+clap = { version = "4.5.30", features = [
     "string",
     "unicode",
     "derive",
     "wrap_help",
+    "env",
 ] }
 
 async-recursion = "1.0.5"
@@ -138,7 +137,8 @@ async-recursion = "1.0.5"
 network-interface = "2.0"
 
 # for ospf route
-petgraph = "0.6.5"
+petgraph = "0.8.1"
+hashbrown = "0.15.3"
 
 # for wireguard
 boringtun = { package = "boringtun-easytier", version = "0.6.1", optional = true }
@@ -154,21 +154,24 @@ humansize = "2.1.3"
 
 base64 = "0.22"
 
-derivative = "2.2.0"
-
-mimalloc-rust = { version = "0.2.1", optional = true }
-
-# for mips
-indexmap = { version = "~1.9.3", optional = false, features = ["std"] }
+mimalloc = { version = "*", optional = true }
 
+# mips
 atomic-shim = "0.2.0"
 
-smoltcp = { version = "0.11.0", optional = true, default-features = false, features = [
+smoltcp = { version = "0.12.0", optional = true, default-features = false, features = [
     "std",
     "medium-ip",
     "proto-ipv4",
     "proto-ipv6",
+    "proto-ipv4-fragmentation",
+    "fragmentation-buffer-size-8192",
+    "assembler-max-segment-count-16",
+    "reassembly-buffer-size-8192",
+    "reassembly-buffer-count-16",
     "socket-tcp",
+    "socket-udp",
+    # "socket-tcp-cubic",
     "async",
 ] }
 parking_lot = { version = "0.12.0", optional = true }
@@ -181,18 +184,62 @@ sys-locale = "0.3"
 ringbuf = "0.4.5"
 async-ringbuf = "0.3.1"
 
-service-manager = {git = "https://github.com/chipsenkbeil/service-manager-rs.git", branch = "main"}
+service-manager = { git = "https://github.com/chipsenkbeil/service-manager-rs.git", branch = "main" }
 
-async-compression = { version = "0.4.17", default-features = false, features = ["zstd", "tokio"] }
+zstd = { version = "0.13" }
+
+kcp-sys = { git = "https://github.com/EasyTier/kcp-sys" }
+
+prost-reflect = { version = "0.14.5", default-features = false, features = [
+    "derive",
+] }
+
+# for http connector
+http_req = { git = "https://github.com/EasyTier/http_req.git", default-features = false, features = [
+    "rust-tls",
+] }
+
+# for dns connector
+hickory-resolver = "0.25.2"
+hickory-proto = "0.25.2"
+
+# for magic dns
+hickory-client = "0.25.2"
+hickory-server = { version = "0.25.2", features = ["resolver"] }
+derive_builder = "0.20.2"
+humantime-serde = "1.1.1"
+multimap = "0.10.0"
+version-compare = "0.2.0"
+
+jemallocator = { version = "0.5.4", optional = true }
+jemalloc-ctl = { version = "0.5.4", optional = true }
+jemalloc-sys = { version = "0.5.4", features = [
+    "stats",
+    "profiling",
+    "unprefixed_malloc_on_supported_platforms",
+], optional = true }
 
 [target.'cfg(any(target_os = "linux", target_os = "macos", target_os = "windows", target_os = "freebsd"))'.dependencies]
 machine-uid = "0.5.3"
 
+[target.'cfg(any(target_os = "linux"))'.dependencies]
+netlink-sys = "0.8.7"
+netlink-packet-route = "0.21.0"
+netlink-packet-core = { version = "0.7.0" }
+netlink-packet-utils = "0.5.2"
+# for magic dns
+resolv-conf = "0.7.3"
+dbus = { version = "0.9.7", features = ["vendored"] }
+which = "7.0.3"
+
 [target.'cfg(windows)'.dependencies]
-windows-sys = { version = "0.52", features = [
-    "Win32_Networking_WinSock",
-    "Win32_NetworkManagement_IpHelper",
+windows = { version = "0.52.0", features = [
     "Win32_Foundation",
+    "Win32_NetworkManagement_WindowsFirewall",
+    "Win32_System_Com",
+    "Win32_Networking",
+    "Win32_System_Ole",
+    "Win32_Networking_WinSock",
     "Win32_System_IO",
 ] }
 encoding = "0.2"
@@ -204,17 +251,28 @@ tonic-build = "0.12"
 globwalk = "0.8.1"
 regex = "1"
 prost-build = "0.13.2"
-rpc_build = { package = "easytier-rpc-build", version = "0.1.0", features = ["internal-namespace"] }
+rpc_build = { package = "easytier-rpc-build", version = "0.1.0", features = [
+    "internal-namespace",
+] }
+prost-reflect-build = { version = "0.14.0" }
 
 [target.'cfg(windows)'.build-dependencies]
-reqwest = { version = "0.11", features = ["blocking"] }
-zip = "0.6.6"
+reqwest = { version = "0.12.12", features = ["blocking"] }
+zip = "4.0.0"
+
+# enable thunk-rs when compiling for x86_64 or i686 windows
+[target.x86_64-pc-windows-msvc.build-dependencies]
+thunk-rs = { git = "https://github.com/easytier/thunk.git", default-features = false, features = ["win7"] }
+
+[target.i686-pc-windows-msvc.build-dependencies]
+thunk-rs = { git = "https://github.com/easytier/thunk.git", default-features = false, features = ["win7"] }
 
 
 [dev-dependencies]
 serial_test = "3.0.0"
 rstest = "0.18.2"
 futures-util = "0.3.30"
+maplit = "1.0.2"
 
 [target.'cfg(target_os = "linux")'.dev-dependencies]
 defguard_wireguard_rs = "0.4.2"
@@ -236,7 +294,7 @@ full = [
 mips = ["aes-gcm", "mimalloc", "wireguard", "tun", "smoltcp", "socks5"]
 wireguard = ["dep:boringtun", "dep:ring"]
 quic = ["dep:quinn", "dep:rustls", "dep:rcgen"]
-mimalloc = ["dep:mimalloc-rust"]
+mimalloc = ["dep:mimalloc"]
 aes-gcm = ["dep:aes-gcm"]
 tun = ["dep:tun"]
 websocket = [
@@ -248,3 +306,4 @@ websocket = [
 ]
 smoltcp = ["dep:smoltcp", "dep:parking_lot"]
 socks5 = ["dep:smoltcp"]
+jemalloc = ["dep:jemallocator", "dep:jemalloc-ctl", "dep:jemalloc-sys"]

easytier/build.rs

@@ -71,6 +71,8 @@ impl WindowsBuild {
 
         if target.contains("x86_64") {
             println!("cargo:rustc-link-search=native=easytier/third_party/");
+        } else if target.contains("i686") {
+            println!("cargo:rustc-link-search=native=easytier/third_party/i686/");
         } else if target.contains("aarch64") {
             println!("cargo:rustc-link-search=native=easytier/third_party/arm64/");
         }
@@ -125,23 +127,34 @@ fn check_locale() {
 }
 
 fn main() -> Result<(), Box<dyn std::error::Error>> {
+    // enable thunk-rs when target os is windows and arch is x86_64 or i686
+    #[cfg(target_os = "windows")]
+    if !std::env::var("TARGET")
+        .unwrap_or_default()
+        .contains("aarch64")
+    {
+        thunk::thunk();
+    }
+
     #[cfg(target_os = "windows")]
     WindowsBuild::check_for_win();
 
+    let proto_files_reflect = ["src/proto/peer_rpc.proto", "src/proto/common.proto"];
+
     let proto_files = [
-        "src/proto/peer_rpc.proto",
-        "src/proto/common.proto",
         "src/proto/error.proto",
         "src/proto/tests.proto",
         "src/proto/cli.proto",
         "src/proto/web.proto",
+        "src/proto/magic_dns.proto",
     ];
 
-    for proto_file in &proto_files {
+    for proto_file in proto_files.iter().chain(proto_files_reflect.iter()) {
         println!("cargo:rerun-if-changed={}", proto_file);
     }
 
-    prost_build::Config::new()
+    let mut config = prost_build::Config::new();
+    config
         .protoc_arg("--experimental_allow_proto3_optional")
         .type_attribute(".common", "#[derive(serde::Serialize, serde::Deserialize)]")
         .type_attribute(".error", "#[derive(serde::Serialize, serde::Deserialize)]")
@@ -155,10 +168,15 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
         .type_attribute("peer_rpc.PeerInfoForGlobalMap", "#[derive(Hash)]")
         .type_attribute("peer_rpc.ForeignNetworkRouteInfoKey", "#[derive(Hash, Eq)]")
         .type_attribute("common.RpcDescriptor", "#[derive(Hash, Eq)]")
+        .field_attribute(".web.NetworkConfig", "#[serde(default)]")
         .service_generator(Box::new(rpc_build::ServiceGenerator::new()))
-        .btree_map(["."])
-        .compile_protos(&proto_files, &["src/proto/"])
-        .unwrap();
+        .btree_map(["."]);
+
+    config.compile_protos(&proto_files, &["src/proto/"])?;
+
+    prost_reflect_build::Builder::new()
+        .file_descriptor_set_bytes("crate::proto::DESCRIPTOR_POOL_BYTES")
+        .compile_protos_with_config(config, &proto_files_reflect, &["src/proto/"])?;
 
     check_locale();
     Ok(())

easytier/locales/app.yml

@@ -11,8 +11,8 @@ core_clap:
       完整URL：--config-server udp://127.0.0.1:22020/admin
       仅用户名：--config-server admin，将使用官方的服务器
   config_file:
-    en: "path to the config file, NOTE: if this is set, all other options will be ignored"
-    zh-CN: "配置文件路径，注意：如果设置了这个选项，其他所有选项都将被忽略"
+    en: "path to the config file, NOTE: the options set by cmdline args will override options in config file"
+    zh-CN: "配置文件路径，注意：命令行中的配置的选项会覆盖配置文件中的选项"
   network_name:
     en: "network name to identify this vpn network"
     zh-CN: "用于标识此VPN网络的网络名称"
@@ -96,12 +96,15 @@ core_clap:
   enable_exit_node:
     en: "allow this node to be an exit node"
     zh-CN: "允许此节点成为出口节点"
+  proxy_forward_by_system:
+    en: "forward packet to proxy networks via system kernel, disable internal nat for network proxy"
+    zh-CN: "通过系统内核转发子网代理数据包，禁用内置NAT"
   no_tun:
     en: "do not create TUN device, can use subnet proxy to access node"
     zh-CN: "不创建TUN设备，可以使用子网代理访问节点"
   use_smoltcp:
-    en: "enable smoltcp stack for subnet proxy"
-    zh-CN: "为子网代理启用smoltcp堆栈"
+    en: "enable smoltcp stack for subnet proxy and kcp proxy"
+    zh-CN: "为子网代理和 KCP 代理启用smoltcp堆栈"
   manual_routes:
     en: "assign routes cidr manually, will disable subnet proxy and wireguard routes propagated from peers. e.g.: 192.168.0.0/16"
     zh-CN: "手动分配路由CIDR，将禁用子网代理和从对等节点传播的wireguard路由。例如：192.168.0.0/16"
@@ -140,6 +143,21 @@ core_clap:
   bind_device:
     en: "bind the connector socket to physical devices to avoid routing issues. e.g.: subnet proxy segment conflicts with a node's segment, after binding the physical device, it can communicate with the node normally."
     zh-CN: "将连接器的套接字绑定到物理设备以避免路由问题。比如子网代理网段与某节点的网段冲突，绑定物理设备后可以与该节点正常通信。"
+  enable_kcp_proxy:
+    en: "proxy tcp streams with kcp, improving the latency and throughput on the network with udp packet loss."
+    zh-CN: "使用 KCP 代理 TCP 流，提高在 UDP 丢包网络上的延迟和吞吐量。"
+  disable_kcp_input:
+    en: "do not allow other nodes to use kcp to proxy tcp streams to this node. when a node with kcp proxy enabled accesses this node, the original tcp connection is preserved."
+    zh-CN: "不允许其他节点使用 KCP 代理 TCP 流到此节点。开启 KCP 代理的节点访问此节点时，依然使用原始 TCP 连接。"
+  port_forward:
+    en: "forward local port to remote port in virtual network. e.g.: udp://0.0.0.0:12345/10.126.126.1:23456, means forward local udp port 12345 to 10.126.126.1:23456 in the virtual network. can specify multiple."
+    zh-CN: "将本地端口转发到虚拟网络中的远程端口。例如：udp://0.0.0.0:12345/10.126.126.1:23456，表示将本地UDP端口12345转发到虚拟网络中的10.126.126.1:23456。可以指定多个。"
+  accept_dns:
+    en: "if true, enable magic dns. with magic dns, you can access other nodes with a domain name, e.g.: <hostname>.et.net. magic dns will modify your system dns settings, enable it carefully."
+    zh-CN: "如果为true，则启用魔法DNS。使用魔法DNS，您可以使用域名访问其他节点，例如：<hostname>.et.net。魔法DNS将修改您的系统DNS设置，请谨慎启用。"
+  private_mode:
+    en: "if true, nodes with different network names or passwords from this network are not allowed to perform handshake or relay through this node."
+    zh-CN: "如果为true，则不允许使用了与本网络不相同的网络名称和密码的节点通过本节点进行握手或中转"
 
 core_app:
   panic_backtrace_save:

easytier/src/arch/windows.rs

@@ -1,26 +1,27 @@
-use std::{
-    ffi::c_void,
-    io::{self, ErrorKind},
-    mem,
-    net::SocketAddr,
-    os::windows::io::AsRawSocket,
-    ptr,
-};
+use std::{io, net::SocketAddr, os::windows::io::AsRawSocket};
 
+use anyhow::Context;
 use network_interface::NetworkInterfaceConfig;
-use windows_sys::{
-    core::PCSTR,
+use windows::{
+    core::BSTR,
     Win32::{
         Foundation::{BOOL, FALSE},
+        NetworkManagement::WindowsFirewall::{
+            INetFwPolicy2, INetFwRule, NET_FW_ACTION_ALLOW, NET_FW_PROFILE2_PRIVATE,
+            NET_FW_PROFILE2_PUBLIC, NET_FW_RULE_DIR_IN, NET_FW_RULE_DIR_OUT,
+        },
         Networking::WinSock::{
             htonl, setsockopt, WSAGetLastError, WSAIoctl, IPPROTO_IP, IPPROTO_IPV6,
             IPV6_UNICAST_IF, IP_UNICAST_IF, SIO_UDP_CONNRESET, SOCKET, SOCKET_ERROR,
         },
+        System::Com::{
+            CoCreateInstance, CoInitializeEx, CoUninitialize, CLSCTX_ALL, COINIT_MULTITHREADED,
+        },
     },
 };
 
 pub fn disable_connection_reset<S: AsRawSocket>(socket: &S) -> io::Result<()> {
-    let handle = socket.as_raw_socket() as SOCKET;
+    let handle = SOCKET(socket.as_raw_socket() as usize);
 
     unsafe {
         // Ignoring UdpSocket's WSAECONNRESET error
@@ -39,21 +40,18 @@ pub fn disable_connection_reset<S: AsRawSocket>(socket: &S) -> io::Result<()> {
         let ret = WSAIoctl(
             handle,
             SIO_UDP_CONNRESET,
-            &enable as *const _ as *const c_void,
-            mem::size_of_val(&enable) as u32,
-            ptr::null_mut(),
+            Some(&enable as *const _ as *const std::ffi::c_void),
+            std::mem::size_of_val(&enable) as u32,
+            None,
             0,
             &mut bytes_returned as *mut _,
-            ptr::null_mut(),
+            None,
             None,
         );
 
         if ret == SOCKET_ERROR {
-            use std::io::Error;
-
-            // Error occurs
             let err_code = WSAGetLastError();
-            return Err(Error::from_raw_os_error(err_code));
+            return Err(std::io::Error::from_raw_os_error(err_code.0));
         }
     }
 
@@ -63,7 +61,7 @@ pub fn disable_connection_reset<S: AsRawSocket>(socket: &S) -> io::Result<()> {
 pub fn interface_count() -> io::Result<usize> {
     let ifaces = network_interface::NetworkInterface::show().map_err(|e| {
         io::Error::new(
-            ErrorKind::NotFound,
+            io::ErrorKind::NotFound,
             format!("Failed to get interfaces. error: {}", e),
         )
     })?;
@@ -73,7 +71,7 @@ pub fn interface_count() -> io::Result<usize> {
 pub fn find_interface_index(iface_name: &str) -> io::Result<u32> {
     let ifaces = network_interface::NetworkInterface::show().map_err(|e| {
         io::Error::new(
-            ErrorKind::NotFound,
+            io::ErrorKind::NotFound,
             format!("Failed to get interfaces. {}, error: {}", iface_name, e),
         )
     })?;
@@ -82,7 +80,7 @@ pub fn find_interface_index(iface_name: &str) -> io::Result<u32> {
     }
     tracing::error!("Failed to find interface index for {}", iface_name);
     Err(io::Error::new(
-        ErrorKind::NotFound,
+        io::ErrorKind::NotFound,
         format!("{}", iface_name),
     ))
 }
@@ -92,7 +90,7 @@ pub fn set_ip_unicast_if<S: AsRawSocket>(
     addr: &SocketAddr,
     iface: &str,
 ) -> io::Result<()> {
-    let handle = socket.as_raw_socket() as SOCKET;
+    let handle = SOCKET(socket.as_raw_socket() as usize);
 
     let if_index = find_interface_index(iface)?;
 
@@ -100,30 +98,23 @@ pub fn set_ip_unicast_if<S: AsRawSocket>(
         // https://docs.microsoft.com/en-us/windows/win32/winsock/ipproto-ip-socket-options
         let ret = match addr {
             SocketAddr::V4(..) => {
-                // Interface index is in network byte order for IPPROTO_IP.
                 let if_index = htonl(if_index);
-                setsockopt(
-                    handle,
-                    IPPROTO_IP as i32,
-                    IP_UNICAST_IF as i32,
-                    &if_index as *const _ as PCSTR,
-                    mem::size_of_val(&if_index) as i32,
-                )
+                let if_index_bytes = if_index.to_ne_bytes();
+                setsockopt(handle, IPPROTO_IP.0, IP_UNICAST_IF, Some(&if_index_bytes))
             }
             SocketAddr::V6(..) => {
-                // Interface index is in host byte order for IPPROTO_IPV6.
+                let if_index_bytes = if_index.to_ne_bytes();
                 setsockopt(
                     handle,
-                    IPPROTO_IPV6 as i32,
-                    IPV6_UNICAST_IF as i32,
-                    &if_index as *const _ as PCSTR,
-                    mem::size_of_val(&if_index) as i32,
+                    IPPROTO_IPV6.0,
+                    IPV6_UNICAST_IF,
+                    Some(&if_index_bytes),
                 )
             }
         };
 
         if ret == SOCKET_ERROR {
-            let err = io::Error::from_raw_os_error(WSAGetLastError());
+            let err = std::io::Error::from_raw_os_error(WSAGetLastError().0);
             tracing::error!(
                 "set IP_UNICAST_IF / IPV6_UNICAST_IF interface: {}, index: {}, error: {}",
                 iface,
@@ -152,4 +143,95 @@ pub fn setup_socket_for_win<S: AsRawSocket>(
     }
 
     Ok(())
-}
+}
+
+struct ComInitializer;
+
+impl ComInitializer {
+    fn new() -> windows::core::Result<Self> {
+        unsafe { CoInitializeEx(None, COINIT_MULTITHREADED)? };
+        Ok(Self)
+    }
+}
+
+impl Drop for ComInitializer {
+    fn drop(&mut self) {
+        unsafe {
+            CoUninitialize();
+        }
+    }
+}
+
+pub fn do_add_self_to_firewall_allowlist(inbound: bool) -> anyhow::Result<()> {
+    let _com = ComInitializer::new()?;
+    // 创建防火墙策略实例
+    let policy: INetFwPolicy2 = unsafe {
+        CoCreateInstance(
+            &windows::Win32::NetworkManagement::WindowsFirewall::NetFwPolicy2,
+            None,
+            CLSCTX_ALL,
+        )
+    }?;
+
+    // 创建防火墙规则实例
+    let rule: INetFwRule = unsafe {
+        CoCreateInstance(
+            &windows::Win32::NetworkManagement::WindowsFirewall::NetFwRule,
+            None,
+            CLSCTX_ALL,
+        )
+    }?;
+
+    // 设置规则属性
+    let exe_path = std::env::current_exe()
+        .with_context(|| "Failed to get current executable path when adding firewall rule")?
+        .to_string_lossy()
+        .replace(r"\\?\", "");
+
+    let name = BSTR::from(format!(
+        "EasyTier {} ({})",
+        exe_path,
+        if inbound { "Inbound" } else { "Outbound" }
+    ));
+    let desc = BSTR::from("Allow EasyTier to do subnet proxy and kcp proxy");
+    let app_path = BSTR::from(&exe_path);
+
+    unsafe {
+        rule.SetName(&name)?;
+        rule.SetDescription(&desc)?;
+        rule.SetApplicationName(&app_path)?;
+        rule.SetAction(NET_FW_ACTION_ALLOW)?;
+        if inbound {
+            rule.SetDirection(NET_FW_RULE_DIR_IN)?; // 允许入站连接
+        } else {
+            rule.SetDirection(NET_FW_RULE_DIR_OUT)?; // 允许出站连接
+        }
+        rule.SetEnabled(windows::Win32::Foundation::VARIANT_TRUE)?;
+        rule.SetProfiles(NET_FW_PROFILE2_PRIVATE.0 | NET_FW_PROFILE2_PUBLIC.0)?;
+        rule.SetGrouping(&BSTR::from("EasyTier"))?;
+
+        // 获取规则集合并添加新规则
+        let rules = policy.Rules()?;
+        rules.Remove(&name)?; // 先删除同名规则
+        rules.Add(&rule)?;
+    }
+
+    Ok(())
+}
+
+pub fn add_self_to_firewall_allowlist() -> anyhow::Result<()> {
+    do_add_self_to_firewall_allowlist(true)?;
+    do_add_self_to_firewall_allowlist(false)?;
+    Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_add_self_to_firewall_allowlist() {
+        let res = add_self_to_firewall_allowlist();
+        assert!(res.is_ok());
+    }
+}

easytier/src/common/compressor.rs

@@ -1,5 +1,10 @@
-use async_compression::tokio::write::{ZstdDecoder, ZstdEncoder};
-use tokio::io::AsyncWriteExt;
+use std::io::{Read, Write};
+
+use dashmap::DashMap;
+use std::cell::RefCell;
+use zstd::stream::read::Decoder;
+use zstd::stream::write::Encoder;
+use zstd::zstd_safe::{CCtx, DCtx};
 
 use zerocopy::{AsBytes as _, FromBytes as _};
 
@@ -29,17 +34,20 @@ impl DefaultCompressor {
         data: &[u8],
         compress_algo: CompressorAlgo,
     ) -> Result<Vec<u8>, Error> {
-        let buf = match compress_algo {
+        match compress_algo {
             CompressorAlgo::ZstdDefault => {
-                let mut o = ZstdEncoder::new(Vec::new());
-                o.write_all(data).await?;
-                o.shutdown().await?;
-                o.into_inner()
+                let ret = CTX_MAP.with(|map_cell| {
+                    let map = map_cell.borrow();
+                    let mut ctx_entry = map.entry(compress_algo).or_default();
+                    let writer = Vec::new();
+                    let mut o = Encoder::with_context(writer, ctx_entry.value_mut());
+                    o.write_all(data)?;
+                    o.finish()
+                });
+                Ok(ret?)
             }
-            CompressorAlgo::None => data.to_vec(),
-        };
-
-        Ok(buf)
+            CompressorAlgo::None => Ok(data.to_vec()),
+        }
     }
 
     pub async fn decompress_raw(
@@ -47,17 +55,17 @@ impl DefaultCompressor {
         data: &[u8],
         compress_algo: CompressorAlgo,
     ) -> Result<Vec<u8>, Error> {
-        let buf = match compress_algo {
-            CompressorAlgo::ZstdDefault => {
-                let mut o = ZstdDecoder::new(Vec::new());
-                o.write_all(data).await?;
-                o.shutdown().await?;
-                o.into_inner()
-            }
-            CompressorAlgo::None => data.to_vec(),
-        };
-
-        Ok(buf)
+        match compress_algo {
+            CompressorAlgo::ZstdDefault => DCTX_MAP.with(|map_cell| {
+                let map = map_cell.borrow();
+                let mut ctx_entry = map.entry(compress_algo).or_default();
+                let mut decoder = Decoder::with_context(data, ctx_entry.value_mut());
+                let mut output = Vec::new();
+                decoder.read_to_end(&mut output)?;
+                Ok(output)
+            }),
+            CompressorAlgo::None => Ok(data.to_vec()),
+        }
     }
 }
 
@@ -146,6 +154,11 @@ impl Compressor for DefaultCompressor {
     }
 }
 
+thread_local! {
+    static CTX_MAP: RefCell<DashMap<CompressorAlgo, CCtx<'static>>> = RefCell::new(DashMap::new());
+    static DCTX_MAP: RefCell<DashMap<CompressorAlgo, DCtx<'static>>> = RefCell::new(DashMap::new());
+}
+
 #[cfg(test)]
 pub mod tests {
     use super::*;
@@ -158,10 +171,21 @@ pub mod tests {
 
         let compressor = DefaultCompressor {};
 
+        println!(
+            "Uncompressed packet: {:?}, len: {}",
+            packet,
+            packet.payload_len()
+        );
+
         compressor
             .compress(&mut packet, CompressorAlgo::ZstdDefault)
             .await
             .unwrap();
+        println!(
+            "Compressed packet: {:?}, len: {}",
+            packet,
+            packet.payload_len()
+        );
         assert_eq!(packet.peer_manager_header().unwrap().is_compressed(), true);
 
         compressor.decompress(&mut packet).await.unwrap();

easytier/src/common/config.rs

@@ -7,7 +7,10 @@ use std::{
 use anyhow::Context;
 use serde::{Deserialize, Serialize};
 
-use crate::{proto::common::CompressionAlgoPb, tunnel::generate_digest_from_str};
+use crate::{
+    proto::common::{CompressionAlgoPb, PortForwardConfigPb, SocketType},
+    tunnel::generate_digest_from_str,
+};
 
 pub type Flags = crate::proto::common::FlagsInConfig;
 
@@ -20,16 +23,21 @@ pub fn gen_default_flags() -> Flags {
         mtu: 1380,
         latency_first: false,
         enable_exit_node: false,
+        proxy_forward_by_system: false,
         no_tun: false,
         use_smoltcp: false,
         relay_network_whitelist: "*".to_string(),
         disable_p2p: false,
         relay_all_peer_rpc: false,
         disable_udp_hole_punching: false,
-        ipv6_listener: "udp://[::]:0".to_string(),
         multi_thread: true,
         data_compress_algo: CompressionAlgoPb::None.into(),
         bind_device: true,
+        enable_kcp_proxy: false,
+        disable_kcp_input: false,
+        disable_relay_kcp: true,
+        accept_dns: false,
+        private_mode: false,
     }
 }
 
@@ -70,7 +78,7 @@ pub trait ConfigLoader: Send + Sync {
     fn get_peers(&self) -> Vec<PeerConfig>;
     fn set_peers(&self, peers: Vec<PeerConfig>);
 
-    fn get_listeners(&self) -> Vec<url::Url>;
+    fn get_listeners(&self) -> Option<Vec<url::Url>>;
     fn set_listeners(&self, listeners: Vec<url::Url>);
 
     fn get_mapped_listeners(&self) -> Vec<url::Url>;
@@ -94,6 +102,9 @@ pub trait ConfigLoader: Send + Sync {
     fn get_socks5_portal(&self) -> Option<url::Url>;
     fn set_socks5_portal(&self, addr: Option<url::Url>);
 
+    fn get_port_forwards(&self) -> Vec<PortForwardConfig>;
+    fn set_port_forwards(&self, forwards: Vec<PortForwardConfig>);
+
     fn dump(&self) -> String;
 }
 
@@ -177,6 +188,41 @@ pub struct VpnPortalConfig {
     pub wireguard_listen: SocketAddr,
 }
 
+#[derive(Debug, Clone, Deserialize, Serialize, PartialEq)]
+pub struct PortForwardConfig {
+    pub bind_addr: SocketAddr,
+    pub dst_addr: SocketAddr,
+    pub proto: String,
+}
+
+impl From<PortForwardConfigPb> for PortForwardConfig {
+    fn from(config: PortForwardConfigPb) -> Self {
+        PortForwardConfig {
+            bind_addr: config.bind_addr.unwrap_or_default().into(),
+            dst_addr: config.dst_addr.unwrap_or_default().into(),
+            proto: match SocketType::try_from(config.socket_type) {
+                Ok(SocketType::Tcp) => "tcp".to_string(),
+                Ok(SocketType::Udp) => "udp".to_string(),
+                _ => "tcp".to_string(),
+            },
+        }
+    }
+}
+
+impl Into<PortForwardConfigPb> for PortForwardConfig {
+    fn into(self) -> PortForwardConfigPb {
+        PortForwardConfigPb {
+            bind_addr: Some(self.bind_addr.into()),
+            dst_addr: Some(self.dst_addr.into()),
+            socket_type: match self.proto.to_lowercase().as_str() {
+                "tcp" => SocketType::Tcp as i32,
+                "udp" => SocketType::Udp as i32,
+                _ => SocketType::Tcp as i32,
+            },
+        }
+    }
+}
+
 #[derive(Debug, Clone, Deserialize, Serialize, PartialEq)]
 struct Config {
     netns: Option<String>,
@@ -204,6 +250,8 @@ struct Config {
 
     socks5_proxy: Option<url::Url>,
 
+    port_forward: Option<Vec<PortForwardConfig>>,
+
     flags: Option<serde_json::Map<String, serde_json::Value>>,
 
     #[serde(skip)]
@@ -228,20 +276,23 @@ impl TomlConfigLoader {
 
         config.flags_struct = Some(Self::gen_flags(config.flags.clone().unwrap_or_default()));
 
-        Ok(TomlConfigLoader {
+        let config = TomlConfigLoader {
             config: Arc::new(Mutex::new(config)),
-        })
+        };
+
+        let old_ns = config.get_network_identity();
+        config.set_network_identity(NetworkIdentity::new(
+            old_ns.network_name,
+            old_ns.network_secret.unwrap_or_default(),
+        ));
+
+        Ok(config)
     }
 
     pub fn new(config_path: &PathBuf) -> Result<Self, anyhow::Error> {
         let config_str = std::fs::read_to_string(config_path)
             .with_context(|| format!("failed to read config file: {:?}", config_path))?;
         let ret = Self::new_from_str(&config_str)?;
-        let old_ns = ret.get_network_identity();
-        ret.set_network_identity(NetworkIdentity::new(
-            old_ns.network_name,
-            old_ns.network_secret.unwrap_or_default(),
-        ));
 
         Ok(ret)
     }
@@ -464,13 +515,8 @@ impl ConfigLoader for TomlConfigLoader {
         self.config.lock().unwrap().peer = Some(peers);
     }
 
-    fn get_listeners(&self) -> Vec<url::Url> {
-        self.config
-            .lock()
-            .unwrap()
-            .listeners
-            .clone()
-            .unwrap_or_default()
+    fn get_listeners(&self) -> Option<Vec<url::Url>> {
+        self.config.lock().unwrap().listeners.clone()
     }
 
     fn set_listeners(&self, listeners: Vec<url::Url>) {
@@ -531,6 +577,35 @@ impl ConfigLoader for TomlConfigLoader {
         self.config.lock().unwrap().exit_nodes = Some(nodes);
     }
 
+    fn get_routes(&self) -> Option<Vec<cidr::Ipv4Cidr>> {
+        self.config.lock().unwrap().routes.clone()
+    }
+
+    fn set_routes(&self, routes: Option<Vec<cidr::Ipv4Cidr>>) {
+        self.config.lock().unwrap().routes = routes;
+    }
+
+    fn get_socks5_portal(&self) -> Option<url::Url> {
+        self.config.lock().unwrap().socks5_proxy.clone()
+    }
+
+    fn set_socks5_portal(&self, addr: Option<url::Url>) {
+        self.config.lock().unwrap().socks5_proxy = addr;
+    }
+
+    fn get_port_forwards(&self) -> Vec<PortForwardConfig> {
+        self.config
+            .lock()
+            .unwrap()
+            .port_forward
+            .clone()
+            .unwrap_or_default()
+    }
+
+    fn set_port_forwards(&self, forwards: Vec<PortForwardConfig>) {
+        self.config.lock().unwrap().port_forward = Some(forwards);
+    }
+
     fn dump(&self) -> String {
         let default_flags_json = serde_json::to_string(&gen_default_flags()).unwrap();
         let default_flags_hashmap =
@@ -555,22 +630,6 @@ impl ConfigLoader for TomlConfigLoader {
         config.flags = Some(flag_map);
         toml::to_string_pretty(&config).unwrap()
     }
-
-    fn get_routes(&self) -> Option<Vec<cidr::Ipv4Cidr>> {
-        self.config.lock().unwrap().routes.clone()
-    }
-
-    fn set_routes(&self, routes: Option<Vec<cidr::Ipv4Cidr>>) {
-        self.config.lock().unwrap().routes = routes;
-    }
-
-    fn get_socks5_portal(&self) -> Option<url::Url> {
-        self.config.lock().unwrap().socks5_proxy.clone()
-    }
-
-    fn set_socks5_portal(&self, addr: Option<url::Url>) {
-        self.config.lock().unwrap().socks5_proxy = addr;
-    }
 }
 
 #[cfg(test)]
@@ -611,6 +670,11 @@ dir = "/tmp/easytier"
 
 [console_logger]
 level = "warn"
+
+[[port_forward]]
+bind_addr = "0.0.0.0:11011"
+dst_addr = "192.168.94.33:11011"
+proto = "tcp"
 "#;
         let ret = TomlConfigLoader::new_from_str(config_str);
         if let Err(e) = &ret {
@@ -631,6 +695,14 @@ level = "warn"
                 .collect::<Vec<String>>()
         );
 
+        assert_eq!(
+            vec![PortForwardConfig {
+                bind_addr: "0.0.0.0:11011".parse().unwrap(),
+                dst_addr: "192.168.94.33:11011".parse().unwrap(),
+                proto: "tcp".to_string(),
+            }],
+            ret.get_port_forwards()
+        );
         println!("{}", ret.dump());
     }
 }

easytier/src/common/dns.rs

@@ -0,0 +1,134 @@
+use std::net::SocketAddr;
+use std::sync::atomic::AtomicBool;
+use std::sync::Arc;
+
+use anyhow::Context;
+use hickory_proto::runtime::TokioRuntimeProvider;
+use hickory_proto::xfer::Protocol;
+use hickory_resolver::config::{LookupIpStrategy, NameServerConfig, ResolverConfig, ResolverOpts};
+use hickory_resolver::name_server::{GenericConnector, TokioConnectionProvider};
+use hickory_resolver::system_conf::read_system_conf;
+use hickory_resolver::{Resolver, TokioResolver};
+use once_cell::sync::Lazy;
+use tokio::net::lookup_host;
+
+use super::error::Error;
+
+pub fn get_default_resolver_config() -> ResolverConfig {
+    let mut default_resolve_config = ResolverConfig::new();
+    default_resolve_config.add_name_server(NameServerConfig::new(
+        "223.5.5.5:53".parse().unwrap(),
+        Protocol::Udp,
+    ));
+    default_resolve_config.add_name_server(NameServerConfig::new(
+        "180.184.1.1:53".parse().unwrap(),
+        Protocol::Udp,
+    ));
+    default_resolve_config
+}
+
+pub static ALLOW_USE_SYSTEM_DNS_RESOLVER: Lazy<AtomicBool> = Lazy::new(|| AtomicBool::new(true));
+
+pub static RESOLVER: Lazy<Arc<Resolver<GenericConnector<TokioRuntimeProvider>>>> =
+    Lazy::new(|| {
+        let system_cfg = read_system_conf();
+        let mut cfg = get_default_resolver_config();
+        let mut opt = ResolverOpts::default();
+        if let Ok(s) = system_cfg {
+            for ns in s.0.name_servers() {
+                cfg.add_name_server(ns.clone());
+            }
+            opt = s.1;
+        }
+        opt.ip_strategy = LookupIpStrategy::Ipv4AndIpv6;
+        let builder = TokioResolver::builder_with_config(cfg, TokioConnectionProvider::default())
+            .with_options(opt);
+        Arc::new(builder.build())
+    });
+
+pub async fn resolve_txt_record(domain_name: &str) -> Result<String, Error> {
+    let r = RESOLVER.clone();
+    let response = r.txt_lookup(domain_name).await.with_context(|| {
+        format!(
+            "txt_lookup failed, domain_name: {}",
+            domain_name.to_string()
+        )
+    })?;
+
+    let txt_record = response.iter().next().with_context(|| {
+        format!(
+            "no txt record found, domain_name: {}",
+            domain_name.to_string()
+        )
+    })?;
+
+    let txt_data = String::from_utf8_lossy(&txt_record.txt_data()[0]);
+    tracing::info!(?txt_data, ?domain_name, "get txt record");
+
+    Ok(txt_data.to_string())
+}
+
+pub async fn socket_addrs(
+    url: &url::Url,
+    default_port_number: impl Fn() -> Option<u16>,
+) -> Result<Vec<SocketAddr>, Error> {
+    let host = url.host_str().ok_or(Error::InvalidUrl(url.to_string()))?;
+    let port = url
+        .port()
+        .or_else(default_port_number)
+        .ok_or(Error::InvalidUrl(url.to_string()))?;
+
+    // if host is an ip address, return it directly
+    if let Ok(ip) = host.parse::<std::net::IpAddr>() {
+        return Ok(vec![SocketAddr::new(ip, port)]);
+    }
+
+    if ALLOW_USE_SYSTEM_DNS_RESOLVER.load(std::sync::atomic::Ordering::Relaxed) {
+        let socket_addr = format!("{}:{}", host, port);
+        match lookup_host(socket_addr).await {
+            Ok(a) => {
+                let a = a.collect();
+                tracing::debug!(?a, "system dns lookup done");
+                return Ok(a);
+            }
+            Err(e) => {
+                tracing::error!(?e, "system dns lookup failed");
+            }
+        }
+    }
+
+    // use hickory_resolver
+    let ret = RESOLVER.lookup_ip(host).await.with_context(|| {
+        format!(
+            "hickory dns lookup_ip failed, host: {}, port: {}",
+            host, port
+        )
+    })?;
+    Ok(ret
+        .iter()
+        .map(|ip| SocketAddr::new(ip, port))
+        .collect::<Vec<_>>())
+}
+
+#[cfg(test)]
+mod tests {
+    use crate::defer;
+
+    use super::*;
+
+    #[tokio::test]
+    async fn test_socket_addrs() {
+        let url = url::Url::parse("tcp://public.easytier.cn:80").unwrap();
+        let addrs = socket_addrs(&url, || Some(80)).await.unwrap();
+        assert_eq!(2, addrs.len(), "addrs: {:?}", addrs);
+        println!("addrs: {:?}", addrs);
+
+        ALLOW_USE_SYSTEM_DNS_RESOLVER.store(false, std::sync::atomic::Ordering::Relaxed);
+        defer!(
+            ALLOW_USE_SYSTEM_DNS_RESOLVER.store(true, std::sync::atomic::Ordering::Relaxed);
+        );
+        let addrs = socket_addrs(&url, || Some(80)).await.unwrap();
+        assert_eq!(2, addrs.len(), "addrs: {:?}", addrs);
+        println!("addrs2: {:?}", addrs);
+    }
+}

easytier/src/common/global_ctx.rs

@@ -5,7 +5,7 @@ use std::{
 };
 
 use crate::proto::cli::PeerConnInfo;
-use crate::proto::common::PeerFeatureFlag;
+use crate::proto::common::{PeerFeatureFlag, PortForwardConfigPb};
 use crossbeam::atomic::AtomicCell;
 
 use super::{
@@ -42,6 +42,8 @@ pub enum GlobalCtxEvent {
 
     DhcpIpv4Changed(Option<cidr::Ipv4Inet>, Option<cidr::Ipv4Inet>), // (old, new)
     DhcpIpv4Conflicted(Option<cidr::Ipv4Inet>),
+
+    PortForwardAdded(PortForwardConfigPb),
 }
 
 pub type EventBus = tokio::sync::broadcast::Sender<GlobalCtxEvent>;
@@ -59,15 +61,16 @@ pub struct GlobalCtx {
     cached_ipv4: AtomicCell<Option<cidr::Ipv4Inet>>,
     cached_proxy_cidrs: AtomicCell<Option<Vec<cidr::IpCidr>>>,
 
-    ip_collector: Arc<IPCollector>,
+    ip_collector: Mutex<Option<Arc<IPCollector>>>,
 
-    hostname: String,
+    hostname: Mutex<String>,
 
-    stun_info_collection: Box<dyn StunInfoCollectorTrait>,
+    stun_info_collection: Mutex<Arc<dyn StunInfoCollectorTrait>>,
 
     running_listeners: Mutex<Vec<url::Url>>,
 
     enable_exit_node: bool,
+    proxy_forward_by_system: bool,
     no_tun: bool,
 
     feature_flags: AtomicCell<PeerFeatureFlag>,
@@ -94,13 +97,18 @@ impl GlobalCtx {
         let net_ns = NetNS::new(config_fs.get_netns());
         let hostname = config_fs.get_hostname();
 
-        let (event_bus, _) = tokio::sync::broadcast::channel(1024);
+        let (event_bus, _) = tokio::sync::broadcast::channel(8);
 
         let stun_info_collection = Arc::new(StunInfoCollector::new_with_default_servers());
 
         let enable_exit_node = config_fs.get_flags().enable_exit_node;
+        let proxy_forward_by_system = config_fs.get_flags().proxy_forward_by_system;
         let no_tun = config_fs.get_flags().no_tun;
 
+        let mut feature_flags = PeerFeatureFlag::default();
+        feature_flags.kcp_input = !config_fs.get_flags().disable_kcp_input;
+        feature_flags.no_relay_kcp = config_fs.get_flags().disable_relay_kcp;
+
         GlobalCtx {
             inst_name: config_fs.get_inst_name(),
             id,
@@ -112,18 +120,22 @@ impl GlobalCtx {
             cached_ipv4: AtomicCell::new(None),
             cached_proxy_cidrs: AtomicCell::new(None),
 
-            ip_collector: Arc::new(IPCollector::new(net_ns, stun_info_collection.clone())),
+            ip_collector: Mutex::new(Some(Arc::new(IPCollector::new(
+                net_ns,
+                stun_info_collection.clone(),
+            )))),
 
-            hostname,
+            hostname: Mutex::new(hostname),
 
-            stun_info_collection: Box::new(stun_info_collection),
+            stun_info_collection: Mutex::new(stun_info_collection),
 
             running_listeners: Mutex::new(Vec::new()),
 
             enable_exit_node,
+            proxy_forward_by_system,
             no_tun,
 
-            feature_flags: AtomicCell::new(PeerFeatureFlag::default()),
+            feature_flags: AtomicCell::new(feature_flags),
         }
     }
 
@@ -132,10 +144,13 @@ impl GlobalCtx {
     }
 
     pub fn issue_event(&self, event: GlobalCtxEvent) {
-        if self.event_bus.receiver_count() != 0 {
-            self.event_bus.send(event).unwrap();
-        } else {
-            tracing::warn!("No subscriber for event: {:?}", event);
+        if let Err(e) = self.event_bus.send(event.clone()) {
+            tracing::warn!(
+                "Failed to send event: {:?}, error: {:?}, receiver count: {}",
+                event,
+                e,
+                self.event_bus.receiver_count()
+            );
         }
     }
 
@@ -203,26 +218,30 @@ impl GlobalCtx {
     }
 
     pub fn get_ip_collector(&self) -> Arc<IPCollector> {
-        self.ip_collector.clone()
+        self.ip_collector.lock().unwrap().as_ref().unwrap().clone()
     }
 
     pub fn get_hostname(&self) -> String {
-        return self.hostname.clone();
+        return self.hostname.lock().unwrap().clone();
     }
 
-    pub fn get_stun_info_collector(&self) -> impl StunInfoCollectorTrait + '_ {
-        self.stun_info_collection.as_ref()
+    pub fn set_hostname(&self, hostname: String) {
+        *self.hostname.lock().unwrap() = hostname;
+    }
+
+    pub fn get_stun_info_collector(&self) -> Arc<dyn StunInfoCollectorTrait> {
+        self.stun_info_collection.lock().unwrap().clone()
     }
 
     pub fn replace_stun_info_collector(&self, collector: Box<dyn StunInfoCollectorTrait>) {
-        // force replace the stun_info_collection without mut and drop the old one
-        let ptr = &self.stun_info_collection as *const Box<dyn StunInfoCollectorTrait>;
-        let ptr = ptr as *mut Box<dyn StunInfoCollectorTrait>;
-        unsafe {
-            std::ptr::drop_in_place(ptr);
-            #[allow(invalid_reference_casting)]
-            std::ptr::write(ptr, collector);
-        }
+        let arc_collector: Arc<dyn StunInfoCollectorTrait> = Arc::new(collector);
+        *self.stun_info_collection.lock().unwrap() = arc_collector.clone();
+
+        // rebuild the ip collector
+        *self.ip_collector.lock().unwrap() = Some(Arc::new(IPCollector::new(
+            self.net_ns.clone(),
+            arc_collector,
+        )));
     }
 
     pub fn get_running_listeners(&self) -> Vec<url::Url> {
@@ -269,6 +288,10 @@ impl GlobalCtx {
         self.enable_exit_node
     }
 
+    pub fn proxy_forward_by_system(&self) -> bool {
+        self.proxy_forward_by_system
+    }
+
     pub fn no_tun(&self) -> bool {
         self.no_tun
     }
@@ -284,7 +307,10 @@ impl GlobalCtx {
 
 #[cfg(test)]
 pub mod tests {
-    use crate::common::{config::TomlConfigLoader, new_peer_id};
+    use crate::{
+        common::{config::TomlConfigLoader, new_peer_id, stun::MockStunInfoCollector},
+        proto::common::NatType,
+    };
 
     use super::*;
 
@@ -324,7 +350,12 @@ pub mod tests {
         let config_fs = TomlConfigLoader::default();
         config_fs.set_inst_name(format!("test_{}", config_fs.get_id()));
         config_fs.set_network_identity(network_identy.unwrap_or(NetworkIdentity::default()));
-        std::sync::Arc::new(GlobalCtx::new(config_fs))
+
+        let ctx = Arc::new(GlobalCtx::new(config_fs));
+        ctx.replace_stun_info_collector(Box::new(MockStunInfoCollector {
+            udp_nat_type: NatType::Unknown,
+        }));
+        ctx
     }
 
     pub fn get_mock_global_ctx() -> ArcGlobalCtx {

easytier/src/common/ifcfg.rs

@@ -1,417 +0,0 @@
-use std::net::Ipv4Addr;
-
-use async_trait::async_trait;
-use tokio::process::Command;
-
-use super::error::Error;
-
-#[async_trait]
-pub trait IfConfiguerTrait: Send + Sync {
-    async fn add_ipv4_route(
-        &self,
-        _name: &str,
-        _address: Ipv4Addr,
-        _cidr_prefix: u8,
-    ) -> Result<(), Error> {
-        Ok(())
-    }
-    async fn remove_ipv4_route(
-        &self,
-        _name: &str,
-        _address: Ipv4Addr,
-        _cidr_prefix: u8,
-    ) -> Result<(), Error> {
-        Ok(())
-    }
-    async fn add_ipv4_ip(
-        &self,
-        _name: &str,
-        _address: Ipv4Addr,
-        _cidr_prefix: u8,
-    ) -> Result<(), Error> {
-        Ok(())
-    }
-    async fn set_link_status(&self, _name: &str, _up: bool) -> Result<(), Error> {
-        Ok(())
-    }
-    async fn remove_ip(&self, _name: &str, _ip: Option<Ipv4Addr>) -> Result<(), Error> {
-        Ok(())
-    }
-    async fn wait_interface_show(&self, _name: &str) -> Result<(), Error> {
-        return Ok(());
-    }
-    async fn set_mtu(&self, _name: &str, _mtu: u32) -> Result<(), Error> {
-        Ok(())
-    }
-}
-
-fn cidr_to_subnet_mask(prefix_length: u8) -> Ipv4Addr {
-    if prefix_length > 32 {
-        panic!("Invalid CIDR prefix length");
-    }
-
-    let subnet_mask: u32 = (!0u32)
-        .checked_shl(32 - u32::from(prefix_length))
-        .unwrap_or(0);
-    Ipv4Addr::new(
-        ((subnet_mask >> 24) & 0xFF) as u8,
-        ((subnet_mask >> 16) & 0xFF) as u8,
-        ((subnet_mask >> 8) & 0xFF) as u8,
-        (subnet_mask & 0xFF) as u8,
-    )
-}
-
-async fn run_shell_cmd(cmd: &str) -> Result<(), Error> {
-    let cmd_out: std::process::Output;
-    let stdout: String;
-    let stderr: String;
-    #[cfg(target_os = "windows")]
-    {
-        const CREATE_NO_WINDOW: u32 = 0x08000000;
-        cmd_out = Command::new("cmd")
-            .stdin(std::process::Stdio::null())
-            .arg("/C")
-            .arg(cmd)
-            .creation_flags(CREATE_NO_WINDOW)
-            .output()
-            .await?;
-        stdout = crate::utils::utf8_or_gbk_to_string(cmd_out.stdout.as_slice());
-        stderr = crate::utils::utf8_or_gbk_to_string(cmd_out.stderr.as_slice());
-    };
-
-    #[cfg(not(target_os = "windows"))]
-    {
-        cmd_out = Command::new("sh").arg("-c").arg(cmd).output().await?;
-        stdout = String::from_utf8_lossy(cmd_out.stdout.as_slice()).to_string();
-        stderr = String::from_utf8_lossy(cmd_out.stderr.as_slice()).to_string();
-    };
-
-    let ec = cmd_out.status.code();
-    let succ = cmd_out.status.success();
-    tracing::info!(?cmd, ?ec, ?succ, ?stdout, ?stderr, "run shell cmd");
-
-    if !cmd_out.status.success() {
-        return Err(Error::ShellCommandError(stdout + &stderr));
-    }
-    Ok(())
-}
-
-pub struct MacIfConfiger {}
-#[async_trait]
-impl IfConfiguerTrait for MacIfConfiger {
-    async fn add_ipv4_route(
-        &self,
-        name: &str,
-        address: Ipv4Addr,
-        cidr_prefix: u8,
-    ) -> Result<(), Error> {
-        run_shell_cmd(
-            format!(
-                "route -n add {} -netmask {} -interface {} -hopcount 7",
-                address,
-                cidr_to_subnet_mask(cidr_prefix),
-                name
-            )
-            .as_str(),
-        )
-        .await
-    }
-
-    async fn remove_ipv4_route(
-        &self,
-        name: &str,
-        address: Ipv4Addr,
-        cidr_prefix: u8,
-    ) -> Result<(), Error> {
-        run_shell_cmd(
-            format!(
-                "route -n delete {} -netmask {} -interface {}",
-                address,
-                cidr_to_subnet_mask(cidr_prefix),
-                name
-            )
-            .as_str(),
-        )
-        .await
-    }
-
-    async fn add_ipv4_ip(
-        &self,
-        name: &str,
-        address: Ipv4Addr,
-        cidr_prefix: u8,
-    ) -> Result<(), Error> {
-        run_shell_cmd(
-            format!(
-                "ifconfig {} {:?}/{:?} 10.8.8.8 up",
-                name, address, cidr_prefix,
-            )
-            .as_str(),
-        )
-        .await
-    }
-
-    async fn set_link_status(&self, name: &str, up: bool) -> Result<(), Error> {
-        run_shell_cmd(format!("ifconfig {} {}", name, if up { "up" } else { "down" }).as_str())
-            .await
-    }
-
-    async fn remove_ip(&self, name: &str, ip: Option<Ipv4Addr>) -> Result<(), Error> {
-        if ip.is_none() {
-            run_shell_cmd(format!("ifconfig {} inet delete", name).as_str()).await
-        } else {
-            run_shell_cmd(
-                format!("ifconfig {} inet {} delete", name, ip.unwrap().to_string()).as_str(),
-            )
-            .await
-        }
-    }
-
-    async fn set_mtu(&self, name: &str, mtu: u32) -> Result<(), Error> {
-        run_shell_cmd(format!("ifconfig {} mtu {}", name, mtu).as_str()).await
-    }
-}
-
-pub struct LinuxIfConfiger {}
-#[async_trait]
-impl IfConfiguerTrait for LinuxIfConfiger {
-    async fn add_ipv4_route(
-        &self,
-        name: &str,
-        address: Ipv4Addr,
-        cidr_prefix: u8,
-    ) -> Result<(), Error> {
-        run_shell_cmd(
-            format!(
-                "ip route add {}/{} dev {} metric 65535",
-                address, cidr_prefix, name
-            )
-            .as_str(),
-        )
-        .await
-    }
-
-    async fn remove_ipv4_route(
-        &self,
-        name: &str,
-        address: Ipv4Addr,
-        cidr_prefix: u8,
-    ) -> Result<(), Error> {
-        run_shell_cmd(format!("ip route del {}/{} dev {}", address, cidr_prefix, name).as_str())
-            .await
-    }
-
-    async fn add_ipv4_ip(
-        &self,
-        name: &str,
-        address: Ipv4Addr,
-        cidr_prefix: u8,
-    ) -> Result<(), Error> {
-        run_shell_cmd(format!("ip addr add {:?}/{:?} dev {}", address, cidr_prefix, name).as_str())
-            .await
-    }
-
-    async fn set_link_status(&self, name: &str, up: bool) -> Result<(), Error> {
-        run_shell_cmd(format!("ip link set {} {}", name, if up { "up" } else { "down" }).as_str())
-            .await
-    }
-
-    async fn remove_ip(&self, name: &str, ip: Option<Ipv4Addr>) -> Result<(), Error> {
-        if ip.is_none() {
-            run_shell_cmd(format!("ip addr flush dev {}", name).as_str()).await
-        } else {
-            run_shell_cmd(
-                format!("ip addr del {:?} dev {}", ip.unwrap().to_string(), name).as_str(),
-            )
-            .await
-        }
-    }
-
-    async fn set_mtu(&self, name: &str, mtu: u32) -> Result<(), Error> {
-        run_shell_cmd(format!("ip link set dev {} mtu {}", name, mtu).as_str()).await
-    }
-}
-
-#[cfg(target_os = "windows")]
-pub struct WindowsIfConfiger {}
-
-#[cfg(target_os = "windows")]
-impl WindowsIfConfiger {
-    pub fn get_interface_index(name: &str) -> Option<u32> {
-        crate::arch::windows::find_interface_index(name).ok()
-    }
-
-    async fn list_ipv4(name: &str) -> Result<Vec<Ipv4Addr>, Error> {
-        use anyhow::Context;
-        use network_interface::NetworkInterfaceConfig;
-        use std::net::IpAddr;
-        let ret = network_interface::NetworkInterface::show().with_context(|| "show interface")?;
-        let addrs = ret
-            .iter()
-            .filter_map(|x| {
-                if x.name != name {
-                    return None;
-                }
-                Some(x.addr.clone())
-            })
-            .flat_map(|x| x)
-            .map(|x| x.ip())
-            .filter_map(|x| {
-                if let IpAddr::V4(ipv4) = x {
-                    Some(ipv4)
-                } else {
-                    None
-                }
-            })
-            .collect::<Vec<_>>();
-
-        Ok(addrs)
-    }
-
-    async fn remove_one_ipv4(name: &str, ip: Ipv4Addr) -> Result<(), Error> {
-        run_shell_cmd(
-            format!(
-                "netsh interface ipv4 delete address {} address={}",
-                name,
-                ip.to_string()
-            )
-            .as_str(),
-        )
-        .await
-    }
-}
-
-#[cfg(target_os = "windows")]
-#[async_trait]
-impl IfConfiguerTrait for WindowsIfConfiger {
-    async fn add_ipv4_route(
-        &self,
-        name: &str,
-        address: Ipv4Addr,
-        cidr_prefix: u8,
-    ) -> Result<(), Error> {
-        let Some(idx) = Self::get_interface_index(name) else {
-            return Err(Error::NotFound);
-        };
-        run_shell_cmd(
-            format!(
-                "route ADD {} MASK {} 10.1.1.1 IF {} METRIC 255",
-                address,
-                cidr_to_subnet_mask(cidr_prefix),
-                idx
-            )
-            .as_str(),
-        )
-        .await
-    }
-
-    async fn remove_ipv4_route(
-        &self,
-        name: &str,
-        address: Ipv4Addr,
-        cidr_prefix: u8,
-    ) -> Result<(), Error> {
-        let Some(idx) = Self::get_interface_index(name) else {
-            return Err(Error::NotFound);
-        };
-        run_shell_cmd(
-            format!(
-                "route DELETE {} MASK {} IF {}",
-                address,
-                cidr_to_subnet_mask(cidr_prefix),
-                idx
-            )
-            .as_str(),
-        )
-        .await
-    }
-
-    async fn add_ipv4_ip(
-        &self,
-        name: &str,
-        address: Ipv4Addr,
-        cidr_prefix: u8,
-    ) -> Result<(), Error> {
-        run_shell_cmd(
-            format!(
-                "netsh interface ipv4 add address {} address={} mask={}",
-                name,
-                address,
-                cidr_to_subnet_mask(cidr_prefix)
-            )
-            .as_str(),
-        )
-        .await
-    }
-
-    async fn set_link_status(&self, name: &str, up: bool) -> Result<(), Error> {
-        run_shell_cmd(
-            format!(
-                "netsh interface set interface {} {}",
-                name,
-                if up { "enable" } else { "disable" }
-            )
-            .as_str(),
-        )
-        .await
-    }
-
-    async fn remove_ip(&self, name: &str, ip: Option<Ipv4Addr>) -> Result<(), Error> {
-        if ip.is_none() {
-            for ip in Self::list_ipv4(name).await?.iter() {
-                Self::remove_one_ipv4(name, *ip).await?;
-            }
-            Ok(())
-        } else {
-            Self::remove_one_ipv4(name, ip.unwrap()).await
-        }
-    }
-
-    async fn wait_interface_show(&self, name: &str) -> Result<(), Error> {
-        Ok(
-            tokio::time::timeout(std::time::Duration::from_secs(10), async move {
-                loop {
-                    if let Some(idx) = Self::get_interface_index(name) {
-                        tracing::info!(?name, ?idx, "Interface found");
-                        break;
-                    }
-                    tokio::time::sleep(std::time::Duration::from_millis(100)).await;
-                }
-                Ok::<(), Error>(())
-            })
-            .await??,
-        )
-    }
-
-    async fn set_mtu(&self, name: &str, mtu: u32) -> Result<(), Error> {
-        let _ = run_shell_cmd(
-            format!("netsh interface ipv6 set subinterface {} mtu={}", name, mtu).as_str(),
-        )
-        .await;
-        run_shell_cmd(
-            format!("netsh interface ipv4 set subinterface {} mtu={}", name, mtu).as_str(),
-        )
-        .await
-    }
-}
-
-pub struct DummyIfConfiger {}
-#[async_trait]
-impl IfConfiguerTrait for DummyIfConfiger {}
-
-#[cfg(any(target_os = "macos", target_os = "freebsd"))]
-pub type IfConfiger = MacIfConfiger;
-
-#[cfg(target_os = "linux")]
-pub type IfConfiger = LinuxIfConfiger;
-
-#[cfg(target_os = "windows")]
-pub type IfConfiger = WindowsIfConfiger;
-
-#[cfg(not(any(
-    target_os = "macos",
-    target_os = "linux",
-    target_os = "windows",
-    target_os = "freebsd"
-)))]
-pub type IfConfiger = DummyIfConfiger;

easytier/src/common/ifcfg/darwin.rs

@@ -0,0 +1,83 @@
+use std::net::Ipv4Addr;
+
+use async_trait::async_trait;
+
+use super::{cidr_to_subnet_mask, run_shell_cmd, Error, IfConfiguerTrait};
+
+pub struct MacIfConfiger {}
+#[async_trait]
+impl IfConfiguerTrait for MacIfConfiger {
+    async fn add_ipv4_route(
+        &self,
+        name: &str,
+        address: Ipv4Addr,
+        cidr_prefix: u8,
+        cost: Option<i32>,
+    ) -> Result<(), Error> {
+        run_shell_cmd(
+            format!(
+                "route -n add {} -netmask {} -interface {} -hopcount {}",
+                address,
+                cidr_to_subnet_mask(cidr_prefix),
+                name,
+                cost.unwrap_or(7)
+            )
+            .as_str(),
+        )
+        .await
+    }
+
+    async fn remove_ipv4_route(
+        &self,
+        name: &str,
+        address: Ipv4Addr,
+        cidr_prefix: u8,
+    ) -> Result<(), Error> {
+        run_shell_cmd(
+            format!(
+                "route -n delete {} -netmask {} -interface {}",
+                address,
+                cidr_to_subnet_mask(cidr_prefix),
+                name
+            )
+            .as_str(),
+        )
+        .await
+    }
+
+    async fn add_ipv4_ip(
+        &self,
+        name: &str,
+        address: Ipv4Addr,
+        cidr_prefix: u8,
+    ) -> Result<(), Error> {
+        run_shell_cmd(
+            format!(
+                "ifconfig {} {:?}/{:?} 10.8.8.8 up",
+                name, address, cidr_prefix,
+            )
+            .as_str(),
+        )
+        .await
+    }
+
+    async fn set_link_status(&self, name: &str, up: bool) -> Result<(), Error> {
+        run_shell_cmd(format!("ifconfig {} {}", name, if up { "up" } else { "down" }).as_str())
+            .await
+    }
+
+    async fn remove_ip(&self, name: &str, ip: Option<Ipv4Addr>) -> Result<(), Error> {
+        if ip.is_none() {
+            run_shell_cmd(format!("ifconfig {} inet delete", name).as_str()).await
+        } else {
+            run_shell_cmd(
+                format!("ifconfig {} inet {} delete", name, ip.unwrap().to_string()).as_str(),
+            )
+            .await
+        }
+    }
+
+    async fn set_mtu(&self, name: &str, mtu: u32) -> Result<(), Error> {
+        run_shell_cmd(format!("ifconfig {} mtu {}", name, mtu).as_str()).await
+    }
+}

easytier/src/common/ifcfg/mod.rs

@@ -0,0 +1,131 @@
+#[cfg(any(target_os = "macos", target_os = "freebsd"))]
+mod darwin;
+#[cfg(any(target_os = "linux"))]
+mod netlink;
+#[cfg(target_os = "windows")]
+mod windows;
+
+mod route;
+
+use std::net::Ipv4Addr;
+
+use async_trait::async_trait;
+use tokio::process::Command;
+
+use super::error::Error;
+
+#[async_trait]
+pub trait IfConfiguerTrait: Send + Sync {
+    async fn add_ipv4_route(
+        &self,
+        _name: &str,
+        _address: Ipv4Addr,
+        _cidr_prefix: u8,
+        _cost: Option<i32>,
+    ) -> Result<(), Error> {
+        Ok(())
+    }
+    async fn remove_ipv4_route(
+        &self,
+        _name: &str,
+        _address: Ipv4Addr,
+        _cidr_prefix: u8,
+    ) -> Result<(), Error> {
+        Ok(())
+    }
+    async fn add_ipv4_ip(
+        &self,
+        _name: &str,
+        _address: Ipv4Addr,
+        _cidr_prefix: u8,
+    ) -> Result<(), Error> {
+        Ok(())
+    }
+    async fn set_link_status(&self, _name: &str, _up: bool) -> Result<(), Error> {
+        Ok(())
+    }
+    async fn remove_ip(&self, _name: &str, _ip: Option<Ipv4Addr>) -> Result<(), Error> {
+        Ok(())
+    }
+    async fn wait_interface_show(&self, _name: &str) -> Result<(), Error> {
+        return Ok(());
+    }
+    async fn set_mtu(&self, _name: &str, _mtu: u32) -> Result<(), Error> {
+        Ok(())
+    }
+}
+
+fn cidr_to_subnet_mask(prefix_length: u8) -> Ipv4Addr {
+    if prefix_length > 32 {
+        panic!("Invalid CIDR prefix length");
+    }
+
+    let subnet_mask: u32 = (!0u32)
+        .checked_shl(32 - u32::from(prefix_length))
+        .unwrap_or(0);
+    Ipv4Addr::new(
+        ((subnet_mask >> 24) & 0xFF) as u8,
+        ((subnet_mask >> 16) & 0xFF) as u8,
+        ((subnet_mask >> 8) & 0xFF) as u8,
+        (subnet_mask & 0xFF) as u8,
+    )
+}
+
+async fn run_shell_cmd(cmd: &str) -> Result<(), Error> {
+    let cmd_out: std::process::Output;
+    let stdout: String;
+    let stderr: String;
+    #[cfg(target_os = "windows")]
+    {
+        const CREATE_NO_WINDOW: u32 = 0x08000000;
+        cmd_out = Command::new("cmd")
+            .stdin(std::process::Stdio::null())
+            .arg("/C")
+            .arg(cmd)
+            .creation_flags(CREATE_NO_WINDOW)
+            .output()
+            .await?;
+        stdout = crate::utils::utf8_or_gbk_to_string(cmd_out.stdout.as_slice());
+        stderr = crate::utils::utf8_or_gbk_to_string(cmd_out.stderr.as_slice());
+    };
+
+    #[cfg(not(target_os = "windows"))]
+    {
+        cmd_out = Command::new("sh").arg("-c").arg(cmd).output().await?;
+        stdout = String::from_utf8_lossy(cmd_out.stdout.as_slice()).to_string();
+        stderr = String::from_utf8_lossy(cmd_out.stderr.as_slice()).to_string();
+    };
+
+    let ec = cmd_out.status.code();
+    let succ = cmd_out.status.success();
+    tracing::info!(?cmd, ?ec, ?succ, ?stdout, ?stderr, "run shell cmd");
+
+    if !cmd_out.status.success() {
+        return Err(Error::ShellCommandError(stdout + &stderr));
+    }
+    Ok(())
+}
+
+pub struct DummyIfConfiger {}
+#[async_trait]
+impl IfConfiguerTrait for DummyIfConfiger {}
+
+#[cfg(any(target_os = "linux"))]
+pub type IfConfiger = netlink::NetlinkIfConfiger;
+
+#[cfg(any(target_os = "macos", target_os = "freebsd"))]
+pub type IfConfiger = darwin::MacIfConfiger;
+
+#[cfg(target_os = "windows")]
+pub type IfConfiger = windows::WindowsIfConfiger;
+
+#[cfg(not(any(
+    target_os = "macos",
+    target_os = "linux",
+    target_os = "windows",
+    target_os = "freebsd",
+)))]
+pub type IfConfiger = DummyIfConfiger;
+
+#[cfg(target_os = "windows")]
+pub use windows::RegistryManager;