• Go 1.24 is now required to build Yggdrasil

Added

• Pledge is now used on OpenBSD to drop privileges after startup
• yggdrasilctl getPeers can now optionally sort the peers using sort=uptime or sort=cost

Changed

• The routing algorithm now tries to minimise both the cost and remaining tree distance to the destination, which should improve some cases where direct paths were ignored in favour of indirect paths
• The ?maxbackoff=X time for a peering can now be configured as low as 5 seconds (previously 30 seconds)
• Reduced memory allocations needed to parse paths or calculate ancestry
• Upgrade dependencies

Fixed

• getPeers no longer incorrectly surfaces error states that haven't happened
• Yggdrasil will no longer attempt reconnections after detecting that a peering connection is to itself
• Disabling TUN with IfName: none no longer results in backpressure building up that could block lower layers
• Outbound connections to link-local addresses should now work correctly on Android

• Go 1.22 is now required to build Yggdrasil

Changed

• The latency_ms field in the admin socket getPeers response has been renamed to latency

Fixed

• A timing regression which causes a higher level of idle protocol traffic on each peering has been fixed
• The -user flag now correctly detects an empty user/group specification

Added

• Support for unveil and pledge on OpenBSD

Changed

• The parent selection algorithm now only chooses a new parent if there is a larger cost benefit to doing so, which should help to stabilise the tree
• The bloom filters are now repropagated periodically, to avoid nodes getting stuck with bad state

Fixed

• A memory leak caused by missed cleanup of the peer response map has been fixed
• Other bug fixes with bloom filter propagation for off-tree filters and zero vs one bits
• TLS-based peering connections now support TLS 1.2 again

Added

• The getPeers admin endpoint will now report the current transmit/receive rate for each given peer
• The getMulticastInterfaces admin endpoint now reports much more useful information about each interface, rather than just a list of interface names

Changed

• Minor tweaks to the routing algorithm:
  • The next-hop selection will now prefer shorter paths when the costed distance is otherwise equal, tiebreaking on peering uptime to fall back to more stable paths
  • Link cost calculations have been smoothed out, making the costs less sensitive to sudden spikes in latency
• Reusable name lookup and peer connection logic across different peering types for more consistent behaviour
• Some comments in the configuration file have been revised for clarity
• Upgrade dependencies

Fixed

• Nodes with IfName set to none will now correctly respond to debug RPC requests
• The admin socket will now be created reliably before dropping privileges with -user
• Clear supplementary groups when providing a group ID as well as a user ID to -user
• SOCKS and WebSocket peerings should now use the correct source interface when specified in InterfacePeers
• Peers and InterfacePeers addresses that are obviously invalid (such as unspecified or multicast addresses) will now be correctly ignored
• Listeners should now shut down correctly, which should resolve issues where multicast listeners for specific interfaces would not come back up or would log errors

Added

• New command line option -user for changing the process UID/GID

Changed

• The routing algorithm has been updated with RTT-aware link costing, which should prefer lower latency links over higher latency links where possible
  • The calculated cost is an average of the link RTT, but newly established links are costed higher to begin with, such that unstable peerings can be avoided
  • Link costs are only used where multiple next-hops are available and will be ignored if there is only one loop-free path to the destination
  • This is protocol-compatible with existing v0.5.x nodes but will have the best results when peering with nodes that are also running the latest version
  • The getPeers endpoint will now report the calculated link cost for each given peer
• Upgrade dependencies

Fixed

• Multicast discovery should now work again when building Yggdrasil as an Android framework
• Multicast discovery will now correctly ignore interfaces that are not marked as running
• Ephemeral links, such as those added by multicast, will no longer try to reconnect in a fast loop, fixing a high CPU issue
• The TUN interface will no longer stop working when hitting a segment read error from vectorised reads
• The AllowedPublicKeys option will once again no longer apply to multicast peerings, as was originally intended
• A potential panic when shutting down peering links has been fixed
• A redundant system call for setting MTU on OpenBSD has been removed

Fixed

• A bug which caused startup problems on Windows and FreeBSD should be fixed
• Resolved some minor link state and listener management bugs during shutdown

Added

• WebSocket support for peerings, by using the new ws:// scheme in Listen and Peers
  • Additionally, the wss:// scheme can be used to connect to a WebSocket peer behind a HTTPS reverse proxy

Changed

• On Linux, the TUN adapter now uses vectorised reads/writes where possible, which should reduce the amount of CPU time spent on syscalls and potentially improve throughput
• Link error handling has been improved and various link error messages have been rewritten to be clearer
• Upgrade dependencies

Fixed

• Multiple multicast connections to the same remote machine should now work correctly
  • You may get two connections in some cases, one inbound and one outbound, this is known and will not cause problems
• Running as a Windows service should be more reliable with service startup and shutdown bugs fixed

• Go 1.21 is now required to build Yggdrasil

Added

• The getPeers endpoint now reports the RTT/latency of directly connected peers

Changed

• The tree parent selection algorithm now prefers the lowest latency peers instead of the most stable
• Session key exchange logic has been changed to improve throughput and reduce occasional jitter

Fixed

• Bloom filter hashing now works correctly on big-endian architectures
• Incorrect buffer pool usage has been fixed, reducing memory allocations
• The multicast beacon interval now backs off correctly, reducing the number of beacons sent
• A denial-of-service vulnerability in the QUIC library has been fixed with a dependency update

Added

• A new peer option ?maxbackoff=X has been added to control the maximum backoff time for a given peer, supports duration values like 5m, 1h etc

Changed

• The maximum backoff period for failing peer connections has been reduced to just over 1 hour, compared to 4.5 hours before
• The getPeers endpoint now sorts peers in a more stable fashion
• Upgrade dependencies

Fixed

• A bug where QUIC listeners could stop listening for incoming connections unexpectedly has been fixed
• The priority tiebreak between multiple peerings to the same node has been fixed
• Peer connection ordering is no longer sensitive to poor system time resolution
• The admin socket now verifies the length of input public keys
• The PPROFLISTEN environment variable has been fixed and now starts the pprof listener correctly
• A panic in getPeers has been fixed when using abstract UNIX sockets on Linux

Fixed

• Fixed a crash that could happen when calculating the size of bloom filters during encoding