Bump docker/login-action from 3.6.0 to 3.7.0

Bumps [docker/login-action](https://github.com/docker/login-action) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](5e57cd1181...c94ce9fb46)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 3.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/cicd.yml

@@ -107,14 +107,14 @@ jobs:
         uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
 
       - name: Log in to Docker Hub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
         with:
           registry: docker.io
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
 
       - name: Log in to GHCR
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

config.go

@@ -89,7 +89,6 @@ func DefaultConfig() *OlmConfig {
 		PingInterval:     "3s",
 		PingTimeout:      "5s",
 		DisableHolepunch: false,
-		OverrideDNS:      false,
 		TunnelDNS:        false,
 		// DoNotCreateNewClient: false,
 		sources: make(map[string]string),
@@ -325,9 +324,9 @@ func loadConfigFromCLI(config *OlmConfig, args []string) (bool, bool, error) {
 	serviceFlags.StringVar(&config.PingTimeout, "ping-timeout", config.PingTimeout, "Timeout for each ping")
 	serviceFlags.BoolVar(&config.EnableAPI, "enable-api", config.EnableAPI, "Enable API server for receiving connection requests")
 	serviceFlags.BoolVar(&config.DisableHolepunch, "disable-holepunch", config.DisableHolepunch, "Disable hole punching")
-	serviceFlags.BoolVar(&config.OverrideDNS, "override-dns", config.OverrideDNS, "When enabled, the client uses custom DNS servers to resolve internal resources and aliases. This overrides your system's default DNS settings. Queries that cannot be resolved as a Pangolin resource will be forwarded to your configured Upstream DNS Server. (default false)")
+	serviceFlags.BoolVar(&config.OverrideDNS, "override-dns", config.OverrideDNS, "Override system DNS settings")
 	serviceFlags.BoolVar(&config.DisableRelay, "disable-relay", config.DisableRelay, "Disable relay connections")
-	serviceFlags.BoolVar(&config.TunnelDNS, "tunnel-dns", config.TunnelDNS, "When enabled, DNS queries are routed through the tunnel for remote resolution. To ensure queries are tunneled correctly, you must define the DNS server as a Pangolin resource and enter its address as an Upstream DNS Server. (default false)")
+	serviceFlags.BoolVar(&config.TunnelDNS, "tunnel-dns", config.TunnelDNS, "Use tunnel for DNS traffic")
 	// serviceFlags.BoolVar(&config.DoNotCreateNewClient, "do-not-create-new-client", config.DoNotCreateNewClient, "Do not create new client")
 
 	version := serviceFlags.Bool("version", false, "Print the version")

dns/dns_records.go

@@ -48,8 +48,8 @@ func (s *DNSRecordStore) AddRecord(domain string, ip net.IP) error {
 		domain = domain + "."
 	}
 
-	// Normalize domain to lowercase FQDN
-	domain = strings.ToLower(dns.Fqdn(domain))
+	// Normalize domain to lowercase
+	domain = dns.Fqdn(domain)
 
 	// Check if domain contains wildcards
 	isWildcard := strings.ContainsAny(domain, "*?")
@@ -86,8 +86,8 @@ func (s *DNSRecordStore) RemoveRecord(domain string, ip net.IP) {
 		domain = domain + "."
 	}
 
-	// Normalize domain to lowercase FQDN
-	domain = strings.ToLower(dns.Fqdn(domain))
+	// Normalize domain to lowercase
+	domain = dns.Fqdn(domain)
 
 	// Check if domain contains wildcards
 	isWildcard := strings.ContainsAny(domain, "*?")
@@ -148,7 +148,7 @@ func (s *DNSRecordStore) GetRecords(domain string, recordType RecordType) []net.
 	defer s.mu.RUnlock()
 
 	// Normalize domain to lowercase FQDN
-	domain = strings.ToLower(dns.Fqdn(domain))
+	domain = dns.Fqdn(domain)
 
 	var records []net.IP
 	switch recordType {
@@ -205,7 +205,7 @@ func (s *DNSRecordStore) HasRecord(domain string, recordType RecordType) bool {
 	defer s.mu.RUnlock()
 
 	// Normalize domain to lowercase FQDN
-	domain = strings.ToLower(dns.Fqdn(domain))
+	domain = dns.Fqdn(domain)
 
 	switch recordType {
 	case RecordTypeA:

dns/dns_records_test.go

@@ -348,68 +348,3 @@ func TestHasRecordWildcard(t *testing.T) {
 		t.Error("Expected HasRecord to return false for base domain")
 	}
 }
-
-func TestDNSRecordStoreCaseInsensitive(t *testing.T) {
-	store := NewDNSRecordStore()
-
-	// Add record with mixed case
-	ip := net.ParseIP("10.0.0.1")
-	err := store.AddRecord("MyHost.AutoCo.Internal", ip)
-	if err != nil {
-		t.Fatalf("Failed to add mixed case record: %v", err)
-	}
-
-	// Test lookup with different cases
-	testCases := []string{
-		"myhost.autoco.internal.",
-		"MYHOST.AUTOCO.INTERNAL.",
-		"MyHost.AutoCo.Internal.",
-		"mYhOsT.aUtOcO.iNtErNaL.",
-	}
-
-	for _, domain := range testCases {
-		ips := store.GetRecords(domain, RecordTypeA)
-		if len(ips) != 1 {
-			t.Errorf("Expected 1 IP for domain %q, got %d", domain, len(ips))
-		}
-		if len(ips) > 0 && !ips[0].Equal(ip) {
-			t.Errorf("Expected IP %v for domain %q, got %v", ip, domain, ips[0])
-		}
-	}
-
-	// Test wildcard with mixed case
-	wildcardIP := net.ParseIP("10.0.0.2")
-	err = store.AddRecord("*.Example.Com", wildcardIP)
-	if err != nil {
-		t.Fatalf("Failed to add mixed case wildcard: %v", err)
-	}
-
-	wildcardTestCases := []string{
-		"host.example.com.",
-		"HOST.EXAMPLE.COM.",
-		"Host.Example.Com.",
-		"HoSt.ExAmPlE.CoM.",
-	}
-
-	for _, domain := range wildcardTestCases {
-		ips := store.GetRecords(domain, RecordTypeA)
-		if len(ips) != 1 {
-			t.Errorf("Expected 1 IP for wildcard domain %q, got %d", domain, len(ips))
-		}
-		if len(ips) > 0 && !ips[0].Equal(wildcardIP) {
-			t.Errorf("Expected IP %v for wildcard domain %q, got %v", wildcardIP, domain, ips[0])
-		}
-	}
-
-	// Test removal with different case
-	store.RemoveRecord("MYHOST.AUTOCO.INTERNAL", nil)
-	ips := store.GetRecords("myhost.autoco.internal.", RecordTypeA)
-	if len(ips) != 0 {
-		t.Errorf("Expected 0 IPs after removal, got %d", len(ips))
-	}
-
-	// Test HasRecord with different case
-	if !store.HasRecord("HOST.EXAMPLE.COM.", RecordTypeA) {
-		t.Error("Expected HasRecord to return true for mixed case wildcard match")
-	}
-}

olm/connect.go

@@ -36,7 +36,7 @@ func (o *Olm) handleConnect(msg websocket.WSMessage) {
 
 	var wgData WgData
 
-	if o.registered {
+	if o.connected {
 		logger.Info("Already connected. Ignoring new connection request.")
 		return
 	}
@@ -208,7 +208,7 @@ func (o *Olm) handleConnect(msg websocket.WSMessage) {
 
 	o.apiServer.SetRegistered(true)
 
-	o.registered = true
+	o.connected = true
 
 	// Start ping monitor now that we are registered and connected
 	o.websocket.StartPingMonitor()
@@ -273,12 +273,6 @@ func (o *Olm) handleTerminate(msg websocket.WSMessage) {
 			logger.Error("Error unmarshaling terminate error data: %v", err)
 		} else {
 			logger.Info("Terminate reason (code: %s): %s", errorData.Code, errorData.Message)
-			
-			if errorData.Code == "TERMINATED_INACTIVITY" {
-				logger.Info("Ignoring...")
-				return
-			}
-			
 			// Set the olm error in the API server so it can be exposed via status
 			o.apiServer.SetOlmError(errorData.Code, errorData.Message)
 		}

olm/data.go

@@ -157,7 +157,7 @@ func (o *Olm) handleWgPeerUpdateData(msg websocket.WSMessage) {
 func (o *Olm) handleSync(msg websocket.WSMessage) {
 	logger.Debug("Received sync message: %v", msg.Data)
 
-	if !o.registered {
+	if !o.connected {
 		logger.Warn("Not connected, ignoring sync request")
 		return
 	}

olm/olm.go

@@ -8,6 +8,7 @@ import (
 	_ "net/http/pprof"
 	"os"
 	"sync"
+	"syscall"
 	"time"
 
 	"github.com/fosrl/newt/bind"
@@ -31,7 +32,7 @@ type Olm struct {
 	privateKey wgtypes.Key
 	logFile    *os.File
 
-	registered     bool
+	connected     bool
 	tunnelRunning bool
 
 	uapiListener net.Listener
@@ -385,10 +386,10 @@ func (o *Olm) StartTunnel(config TunnelConfig) {
 
 		o.apiServer.SetConnectionStatus(true)
 
-		if o.registered {
+		if o.connected {
 			o.websocket.StartPingMonitor()
 			
-			logger.Debug("Already registered, skipping registration")
+			logger.Debug("Already connected, skipping registration")
 			return nil
 		}
 
@@ -575,7 +576,7 @@ func (o *Olm) Close() {
 		// If we never created a device from the FD, close it explicitly
 		// This can happen if tunnel is stopped during registration before handleConnect
 		logger.Debug("Closing unused TUN file descriptor %d", o.tunnelConfig.FileDescriptorTun)
-		if err := closeFD(o.tunnelConfig.FileDescriptorTun); err != nil {
+		if err := syscall.Close(int(o.tunnelConfig.FileDescriptorTun)); err != nil {
 			logger.Error("Failed to close TUN file descriptor: %v", err)
 		} else {
 			logger.Info("Closed unused TUN file descriptor")
@@ -614,7 +615,7 @@ func (o *Olm) StopTunnel() error {
 	}
 
 	// Reset the running state BEFORE cleanup to prevent callbacks from accessing nil pointers
-	o.registered = false
+	o.connected = false
 	o.tunnelRunning = false
 
 	// Cancel the tunnel context if it exists
@@ -738,6 +739,9 @@ func (o *Olm) SetPowerMode(mode string) error {
 
 		logger.Info("Switching to low power mode")
 
+		// Mark as disconnected so we re-register on reconnect
+		o.connected = false
+
 		// Update API server connection status
 		if o.apiServer != nil {
 			o.apiServer.SetConnectionStatus(false)

olm/olm_unix.go

@@ -1,10 +0,0 @@
-//go:build !windows
-
-package olm
-
-import "syscall"
-
-// closeFD closes a file descriptor in a platform-specific way
-func closeFD(fd uint32) error {
-	return syscall.Close(int(fd))
-}

olm/olm_windows.go

@@ -1,10 +0,0 @@
-//go:build windows
-
-package olm
-
-import "syscall"
-
-// closeFD closes a file descriptor in a platform-specific way
-func closeFD(fd uint32) error {
-	return syscall.Close(syscall.Handle(fd))
-}