Two real bugs in the WASM WebTransport conn that would only show up
under conn teardown:
- awaitPromise released its js.Func callbacks on ctx cancellation, so a
pending datagram read/write promise that later settled (closing the
WebTransport rejects every in-flight promise) tried to invoke a
released Go function and crashed the WASM module. The callbacks now
release themselves exactly once from inside the settlement path; ctx
cancellation only releases the Go-side waiter.
- Read and Write returned ErrClosedByServer on transport errors but
didn't mark the conn closed, so the relay client's next Read could
block on a fresh reader.read() promise instead of short-circuiting.
Both paths now call markClosed before returning the error.
The relay now accepts WebTransport sessions on the same UDP socket that
serves raw QUIC. The ALPN-multiplexing QUIC listener owns the socket and
dispatches incoming connections: "nb-quic" continues to the existing
relay handler, "h3" is handed to webtransport-go via http3.Server.
Browsers reach the relay over 443/udp without a second port.
Client side:
- Native builds keep using raw QUIC (no WT dialer registered).
- WASM/browser builds gain a WebTransport dialer that bridges syscall/js
to the browser's WebTransport API and uses datagrams (matching the
native QUIC dialer's semantics — no head-of-line blocking).
- The race dialer learned a transport hint so clients skip dialers a
given relay has not advertised.
Management protocol carries the hint as a new RelayEndpoint{url,
transports[]} list on RelayConfig, mirroring how peers and proxies
announce capabilities. Older management servers that only send urls keep
working unchanged.
devcert build: relay generates an ECDSA P-256 cert with 13-day validity
(within the WebTransport serverCertificateHashes 14-day cap) and exposes
its SHA-256 so the WASM dialer can pin it.
Bumps quic-go v0.55.0 -> v0.59.0 (no API breaks for relay's importers)
and adds github.com/quic-go/webtransport-go v0.10.0.
* [client] Use `net.JoinHostPort` for consistency in constructing host-port pairs
* [client] Fix handling of IPv6 addresses by trimming brackets in `net.JoinHostPort`
- Move `util/grpc` and `util/net` to `client` so `internal` packages can be accessed
- Add methods to return the next best interface after the NetBird interface.
- Use `IP_UNICAST_IF` sock opt to force the outgoing interface for the NetBird `net.Dialer` and `net.ListenerConfig` to avoid routing loops. The interface is picked by the new route lookup method.
- Some refactoring to avoid import cycles
- Old behavior is available through `NB_USE_LEGACY_ROUTING=true` env var
