Version 0.5.9

Added

• New command line option -user for changing the process UID/GID

Changed

• The routing algorithm has been updated with RTT-aware link costing, which should prefer lower latency links over higher latency links where possible
  • The calculated cost is an average of the link RTT, but newly established links are costed higher to begin with, such that unstable peerings can be avoided
  • Link costs are only used where multiple next-hops are available and will be ignored if there is only one loop-free path to the destination
  • This is protocol-compatible with existing v0.5.x nodes but will have the best results when peering with nodes that are also running the latest version
  • The getPeers endpoint will now report the calculated link cost for each given peer
• Upgrade dependencies

Fixed

• Multicast discovery should now work again when building Yggdrasil as an Android framework
• Multicast discovery will now correctly ignore interfaces that are not marked as running
• Ephemeral links, such as those added by multicast, will no longer try to reconnect in a fast loop, fixing a high CPU issue
• The TUN interface will no longer stop working when hitting a segment read error from vectorised reads
• The AllowedPublicKeys option will once again no longer apply to multicast peerings, as was originally intended
• A potential panic when shutting down peering links has been fixed
• A redundant system call for setting MTU on OpenBSD has been removed

Version 0.5.8

Fixed

• A bug which caused startup problems on Windows and FreeBSD should be fixed
• Resolved some minor link state and listener management bugs during shutdown

Version 0.5.7

Added

• WebSocket support for peerings, by using the new ws:// scheme in Listen and Peers
  • Additionally, the wss:// scheme can be used to connect to a WebSocket peer behind a HTTPS reverse proxy

Changed

• On Linux, the TUN adapter now uses vectorised reads/writes where possible, which should reduce the amount of CPU time spent on syscalls and potentially improve throughput
• Link error handling has been improved and various link error messages have been rewritten to be clearer
• Upgrade dependencies

Fixed

• Multiple multicast connections to the same remote machine should now work correctly
  • You may get two connections in some cases, one inbound and one outbound, this is known and will not cause problems
• Running as a Windows service should be more reliable with service startup and shutdown bugs fixed

Version 0.5.6

• Go 1.21 is now required to build Yggdrasil

Added

• The getPeers endpoint now reports the RTT/latency of directly connected peers

Changed

• The tree parent selection algorithm now prefers the lowest latency peers instead of the most stable
• Session key exchange logic has been changed to improve throughput and reduce occasional jitter

Fixed

• Bloom filter hashing now works correctly on big-endian architectures
• Incorrect buffer pool usage has been fixed, reducing memory allocations
• The multicast beacon interval now backs off correctly, reducing the number of beacons sent
• A denial-of-service vulnerability in the QUIC library has been fixed with a dependency update

Version 0.5.5

Added

• A new peer option ?maxbackoff=X has been added to control the maximum backoff time for a given peer, supports duration values like 5m, 1h etc

Changed

• The maximum backoff period for failing peer connections has been reduced to just over 1 hour, compared to 4.5 hours before
• The getPeers endpoint now sorts peers in a more stable fashion
• Upgrade dependencies

Fixed

• A bug where QUIC listeners could stop listening for incoming connections unexpectedly has been fixed
• The priority tiebreak between multiple peerings to the same node has been fixed
• Peer connection ordering is no longer sensitive to poor system time resolution
• The admin socket now verifies the length of input public keys
• The PPROFLISTEN environment variable has been fixed and now starts the pprof listener correctly
• A panic in getPeers has been fixed when using abstract UNIX sockets on Linux

Version 0.5.4

Fixed

• Fixed a crash that could happen when calculating the size of bloom filters during encoding

Version 0.5.3

Fixed

• Fixed a data race from buffered pathfinder traffic
• Fix a bug where the next-hop selection may not take shortcuts through treespace
• Backoffs are now reset correctly when a successful handshake is completed
• Backoffs will no longer exceed roughly 4.5 hours when peers are down for a long time
• The -normaliseconf option will now work correctly with PrivateKeyPath
• Improved the reliability of QUIC peering setup by disabling 0-RTT

Version 0.5.2

Added

• New -publickey command line option that prints the derived public key from a configuration file
• Support for connecting to TLS peers via SOCKS with the new sockstls:// link schema

Changed

• Stabilise tree parent selection algorithm
• Improved logging when the TUN interface fails to set up

Fixed

• Fixed a panic that could occur when a connection reaches an inconsistent error state
• The admin socket will now report more peering handshake error conditions in getPeers
• Yggdrasil will no longer panic at startup when duplicate peers are configured
• The build script will no longer incorrectly import LDFLAGS from the environment

Version 0.5.1

Fixed

• Fix the Debian package so that upgrades are handled more smoothly

Version 0.5.0

NOTE: If you are using the Debian package and upgrading an existing installation, you may need to update your AdminListen line in your configuration file to unix:///var/run/yggdrasil/yggdrasil.sock or delete the AdminListen line altogether.

Added

• Authenticated peering handshake with optional password, i.e.
  • For listeners: tls://[::]:12345?password=123456abcdef
  • For peers: tls://a.b.c.d:12345?password=123456abcdef
  • For multicast interfaces with the new Password option in each MulticastInterfaces section
  • Maximum password length is 64 characters
• QUIC support for peerings, by using the new quic:// scheme in Listen and Peers
  • This has not been extensively tested and may perform worse than TCP or TLS peers
• The private key can now be stored in PEM format separately to the main configuration file with the new PrivateKeyPath configuration file option
  • Use the -exportkey flag to export the key to a file from an existing config

Changed

• New routing scheme, which is backwards incompatible with previous versions of Yggdrasil
  • The wire protocol version number, exchanged as part of the peer setup handshake, has been increased to 0.5
  • Nodes running this new version will not be able to peer with earlier versions of Yggdrasil
  • A DHT is no longer used to map public keys and routes through treespace
  • Bloom filters are used to track on-tree links and nodes reachable via that link
  • Nodes now gossip separate per-link information which is tracked in CRDT structures, forcing local consistency and preventing unnecessary flapping when a route to the root node has changed or is broken
  • Greedy routing is once again used instead of source routing
  • Per-link keepalives have been replaced with periodic acknowledgements, reducing idle bandwidth
• The link handshake and multicast beacon formats have been revised for better future extensibility
• The link code has been refactored for more robust tracking of peering states
  • As a result, the admin socket is now able to report information about configured peerings that are down
  • Reconnect intervals are now tracked separately for each configured peer with exponential backoffs

Removed

• Yggdrasil will no longer request BBR congestion control for TCP and TLS peerings on Linux