Skip to content

Releases: rust-proxy/wind

Release list

latest

latest Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 03 Jul 00:28

πŸš€ Features

  • Extract tuic-core, add tokio-quiche backend, runtime backend switch by @Itsusinn
  • (wind-tuiche) Verify TUIC auth token via BoringSSL keying-material exporter by @Itsusinn
  • Support ACME and self-signed certs on the quiche backend by @Itsusinn
  • (wind-tuiche) Hot-reload TLS certificates via a ConnectionHook by @Itsusinn
  • Try enabling the quiche backend on 32-bit targets by @Itsusinn
  • Naive UoT v2 relay, QUIC congestion control in wind-core, wind-tuiche tracing spans (#18) by @Itsusinn
  • (wind-quic) Unified QUIC abstraction over quinn and quiche (#20) by @Itsusinn
  • (wind-tuic) HTTP/3 masquerade for non-TUIC clients (#24) by @Itsusinn
  • (hooks) Downstream extensibility hooks for inbound auth, traffic stats & connection management (#29) by @Itsusinn
  • (hooks) Add Protocol::Naive variant (#30) by @Itsusinn
  • (wind-tuic) ActiveConnections registry for per-user limits + kick (#31) by @Itsusinn
  • (wind-acme,wind-core) Shared cert + ActiveConnections for server hosts (#32) by @Itsusinn
  • (wind-acme) Depend on rustls-acme main-fork via submodule (#33) by @Itsusinn
  • (wind-acl) Generic ACL/routing engine unifying Clash + Hysteria rules (#34) by @Itsusinn
  • (acl) Wind-acl-ir IR + engine, replacing wind-acl (#36) by @Itsusinn
  • (wind-geodata) Add GeoSite/GeoIP loader with rkyv zero-copy mmap support by @Itsusinn
  • (wind-tuic) Add effective_name() and Display to CongestionControl enums (#46) by @Itsusinn
  • (quic) Per-algorithm congestion-control tuning (#47) by @Itsusinn
  • Handle SIGTERM on unix by @Itsusinn
  • Add more specific quic args by @Itsusinn
  • (wind-acl) Wire GeoIP/GeoSite database into AclEngine by @Itsusinn
  • (tuic-server) Wire GeoIP/GeoSite database into routing end-to-end by @Itsusinn

πŸ› Bug Fixes

  • (test) DirectCallback no longer swallows UDP relay errors silently by @Itsusinn
  • (wind-tuic) Set max_early_data_size to u32::MAX for 0-RTT by @Itsusinn
  • Complete the cancellation chain across all binaries and crates (#22) by @Itsusinn
  • (wind-geodata) Correctness fixes, mmap validation, and tests (#40) by @Itsusinn
  • (codspeed) Fix v4 mode mismatch and add walltime instrument (#41) by @Itsusinn
  • (quiche) Preserve final traffic sample on connection close (#43) by @Itsusinn
  • (wind-base) Bind direct UDP relay dual-stack for IPv6 targets (#48) by @Itsusinn
  • (tuic) Clean up connection child resources (#49) by @Itsusinn
  • (wind-core) Reap idle half-closed relays (#50) by @Itsusinn
  • Compile error of socket opts by @Itsusinn
  • (wind-core) Treat IPv4-mapped IPv6 as private in is_private_ip by @Itsusinn
  • (tuic-server) Warn instead of silently defaulting unknown outbound type to direct by @Itsusinn
  • (tuic-server) Warn on unparsable ACL CIDR instead of dropping silently by @Itsusinn
  • (tuic-server) Require token boundary after ACL localhost/private keywords by @Itsusinn
  • (wind-dns) Add container serde default so partial [dns] tables parse by @Itsusinn
  • (wind-dns) Default DnsMode to System to match documented behaviour by @Itsusinn
  • (wind-acme) Write TLS private keys with 0600 permissions on Unix by @Itsusinn
  • (wind-tuic) Bind client QUIC endpoint in the peer's address family by @Itsusinn
  • (tuic-client) Recognize bracketed IPv6 literal when picking SNI by @Itsusinn
  • (tuic-server) Honor configured stream_timeout for outbound relays by @Itsusinn
  • (tuic-core) Map io::Error into ProtoError::Io instead of panicking in debug by @Itsusinn
  • (wind) Honor the --work_dir CLI flag by @Itsusinn
  • (wind) Treat shutdown drain timeout as graceful, not an error exit by @Itsusinn
  • (wind-geodata) Validate slice offsets when opening a cache by @Itsusinn
  • (wind-quic) Forward the h3 close code instead of always closing with 0 by @Itsusinn
  • (tuic-client) Log SOCKS5 server startup at info, not warn by @Itsusinn
  • (wind-quic) Bound quiche out_queue and re-flush inbound on drain by @Itsusinn
  • (wind-tuic) Release UDP association when its local stream closes by @Itsusinn
  • (wind-tuic) Don't leak the parked masquerade task on peer disconnect by @Itsusinn
  • (wind-quic) Surface quiche stream resets as errors and propagate send failures by @Itsusinn
  • (wind) Include wind_acl/wind_geodata/wind_quic in the log filter by @Itsusinn
  • (wind-naive) Derive SNI correctly from a bracketed IPv6 server address by @Itsusinn
  • (tuic-client) Parse IPv6 server addresses correctly, reject unbracketed by @Itsusinn
  • (tuic-client) Return an error on double socks5 set_config instead of panicking by @Itsusinn
  • (tuic-client) Update log filter targets to the wind-tuic split by @Itsusinn
  • (wind-geodata) Write the cache file atomically by @Itsusinn
  • (wind-acme) Regenerate a self-signed cert when it has expired by @Itsusinn
  • (wind-acme) Bind the HTTP-01 challenge server dual-stack by @Itsusinn
  • (tuic-client) Only set IPV6_V6ONLY on IPv6 UDP-associate sockets by @Itsusinn
  • (wind-quic) Prevent a clean FIN from racing a quiche stream reset by @Itsusinn
  • (deps) Pin quinn fork to ce60e5b5 to fix the musl build by @Itsusinn

🚜 Refactor

  • Drop wind_core log macros, instrument spawns, attempt tracing-test by @Itsusinn
  • (tuic-core) Replace manual byte parsing with nom streaming parsers by @Itsusinn
  • (tuic) Unify wind-tuiche into wind-tuic over the wind-quic abstraction (#21) by @Itsusinn
  • (acl) [breaking] Separate tuic legacy ACL from real apernet ACL by @Itsusinn
  • (tuic) Carry id/user on the per-connection tracing span (#44) by @Itsusinn
  • Copy io half close by @Itsusinn
  • Add socket opts to DIRECT by @Itsusinn
  • Add TCP keepalive default by @Itsusinn

πŸ“š Documentation

  • Add full-project code review report by @Itsusinn
  • (specs) Acl-ir intermediate representation spec (#35) by @Itsusinn
  • Rewrite ACL IR specifications (#37) by @Itsusinn
  • Add second-round full-project code review report by @Itsusinn

⚑ Performance

  • Add CodSpeed performance benchmarking (#38) by @codspeed-hq[bot]

🎨 Styling

πŸ§ͺ Testing

  • Regression tests + IPv6-dual-stack fix for SOCKS5 UDP source check by @Itsusinn
  • Integration test verifying PR2 log-level demotion by @Itsusinn
  • Simplify PR2 log-capture helper by @Itsusinn
  • Switch PR2 log-noise check to tracing-test (no-env-filter feature) by @Itsusinn
  • Cap UDP payload at 9 KiB on macOS in PR2 log-noise test by @Itsusinn
  • Rephrase comment to placate typos linter by @Itsusinn
  • Rephrase comment to placate typos linter by @Itsusinn
  • Feed dispatch_udp a real first packet in routing test by @Itsusinn
  • Rephrase comment to placate typos linter (third time) by @Itsusinn
  • Add quiche backend, 0-RTT, and cert hot-reload integration tests by @Itsusinn
  • Fix quiche UDP relay test on CI (avoid dual-stack setsockopt) by @Itsusinn
  • (tuic) Add 0-RTT integration tests for quinn and quiche backends (#26) by @Itsusinn
  • Expand coverage (graceful shutdown, pure fns, SOCKS5 TCP) + client auto-reconnect (#28) by @Itsusinn
  • (tuic-tests) Assert relay success in the integration tests by @Itsusinn
  • (tuic-tests) Isolate client-using integration tests into their own binaries by @Itsusinn
  • (wind-quic) Skip quiche bulk-transfer on 32-bit (quiche PRR panics) by @Itsusinn
  • (wind-quic) Scope quiche bulk-transfer to x86_64 by @Itsusinn

πŸ› οΈ Builds

  • Re-enable datagram-socket patch for musl cross-compilation by @Itsusinn
  • Gate quiche backend behind a cargo feature, enabled per-target in CI by @Itsusinn
  • (deps) Bump the rust-dependencies group with 23 updates (#52) by @dependabot[bot]
  • (deps) Bump actions/checkout from 4 to 7 in the actions-dependencies group (#51) by @dependabot[bot]

βš™οΈ Miscellaneous Tasks

  • Cargo +nightly fmt --all by @Itsusinn
  • Cargo +nightly fmt by @Itsusinn
  • Exclude vendored patches/ from the typos spell-check by @Itsusinn
  • (wind-dns) Upgrade hickory-resolver 0.25 β†’ 0.26 (#19) by @Itsusinn
  • Add log filter by @Itsusinn
  • (ci) Cap sccache at 850M per target (#23) by @Itsusinn
  • Strip redundant comments and PR-number test prefixes (#25) by @Itsusinn
  • (traffic) Add batch summary logging to flush_once (#42) by @Itsusinn
  • (codspeed) Conditionally run walltime on Macro Runners (#45) by @Itsusinn
  • Use bytesize on initial_pacing_rate_bytes_per_second by @Itsusinn
  • Bump patches/quiche submodule for wind 32-bit GSO fix by @Itsusinn
  • Move quiche submodule from patches/ to forks/ by @Itsusinn
  • Bump forks/quiche submodule for datagram-socket musl fix by @Itsusinn
  • Bump forks/quiche submodule (standalone Cargo.toml fix) by @Itsusinn
  • Bump forks/quiche submodule (wind BBR/CUBIC settings) by @Itsusinn
  • (tuic-core) Move const-hex to dev-dependencies by @Itsusinn
  • (wind) Remove dead target_addr_to_socket_addr util by @Itsusinn
  • (tuic-server) Remove unused compat::QuicClient by @Itsusinn
  • Replace musl Linux targets with glibc + static-CRT by @Itsusinn
  • Shrink sccache to 400M to avoid runner disk exhaustion by @Itsusinn

Concurrency

  • PR3 β€” session lifecycle, leak/panic fixes, graceful shutdown by @Itsusinn

Deps

  • Upgrade tokio-quiche 0.18 -> 0.19 (quiche 0.29) by @Itsusinn

Protocol

  • PR2 β€” codec robustness, uni-stream finish, fragment validation by @Itsusinn

Quality

  • PR5 β€” perf, quality, and dead-code cleanups by @Itsusinn
  • Drop WIND_OVERRIVE_VERSION fallback by @Itsusinn

Routing

  • PR4 β€” rule/config/dispatcher correctness pass by @Itsusinn

Security

  • PR1 β€” secure defaults, auth/0-RTT/source validation hardening by @Itsusinn

New Contributors ❀️

Read more