Refactor Sync

When we delete a peer from an account, we save the account in the file store.
The file store maintains peerID -> accountID and peerKey -> accountID indices.
Those can't be updated when we delete a peer because the store saves the whole account
without a peer already and has no access to the removed peer.
In this PR, we dynamically check if there are stale indices when GetAccountByPeerPubKey
and GetAccountByPeerID.

.github/workflows/golang-test-darwin.yml

@@ -6,10 +6,6 @@ on:
       - main
   pull_request:
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-
 jobs:
   test:
     runs-on: macos-latest

.github/workflows/golang-test-linux.yml

@@ -6,10 +6,6 @@ on:
       - main
   pull_request:
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-
 jobs:
   test:
     strategy:
@@ -70,13 +66,13 @@ jobs:
         run: go mod tidy
 
       - name: Generate Iface Test bin
-        run: go test -c -o iface-testing.bin ./iface/
+        run: go test -c -o iface-testing.bin ./iface/...
 
       - name: Generate RouteManager Test bin
         run: go test -c -o routemanager-testing.bin ./client/internal/routemanager/...
 
       - name: Generate Engine Test bin
-        run: go test -c -o engine-testing.bin ./client/internal
+        run: go test -c -o engine-testing.bin ./client/internal/*.go
 
       - name: Generate Peer Test bin
         run: go test -c -o peer-testing.bin ./client/internal/peer/...
@@ -93,4 +89,4 @@ jobs:
         run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/engine-testing.bin  -test.timeout 5m -test.parallel 1
 
       - name: Run Peer tests in docker
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal/peer  --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/peer-testing.bin  -test.timeout 5m -test.parallel 1
+        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal/peer  --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/peer-testing.bin  -test.timeout 5m -test.parallel 1

.github/workflows/golang-test-windows.yml

@@ -6,45 +6,47 @@ on:
       - main
   pull_request:
 
-env:
-  downloadPath: '${{ github.workspace }}\temp'
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-
 jobs:
+  pre:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - run: bash -x wireguard_nt.sh
+        working-directory: client
+
+      - uses: actions/upload-artifact@v2
+        with:
+          name: syso
+          path: client/*.syso
+          retention-days: 1
+
   test:
+    needs: pre
     runs-on: windows-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
 
       - name: Install Go
-        uses: actions/setup-go@v4
-        id: go
+        uses: actions/setup-go@v2
         with:
           go-version: 1.19.x
 
-      - name: Download wintun
-        uses: carlosperate/download-file-action@v2
-        id: download-wintun
+      - uses: actions/cache@v2
         with:
-          file-url: https://www.wintun.net/builds/wintun-0.14.1.zip
-          file-name: wintun.zip
-          location: ${{ env.downloadPath }}
-          sha256: '07c256185d6ee3652e09fa55c0b673e2624b565e02c4b9091c79ca7d2f24ef51'
+          path: |
+            %LocalAppData%\go-build
+            ~\go\pkg\mod
+            ~\AppData\Local\go-build
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
 
-      - name: Decompressing wintun files
-        run: tar -zvxf "${{ steps.download-wintun.outputs.file-path }}" -C ${{ env.downloadPath }}
+      - uses: actions/download-artifact@v2
+        with:
+          name: syso
+          path: iface\
 
-      - run: mv ${{ env.downloadPath }}/wintun/bin/amd64/wintun.dll 'C:\Windows\System32\'
-
-      - run: choco install -y sysinternals
-      - run: PsExec64 -s -w ${{ github.workspace }} C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe env -w GOMODCACHE=C:\Users\runneradmin\go\pkg\mod
-      - run: PsExec64 -s -w ${{ github.workspace }} C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe env -w GOCACHE=C:\Users\runneradmin\AppData\Local\go-build
-
-      - name: test
-        run: PsExec64 -s -w ${{ github.workspace }} cmd.exe /c "C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe test -timeout 5m -p 1 ./... > test-out.txt 2>&1"
-      - name: test output
-        if: ${{ always() }}
-        run: Get-Content test-out.txt
+      - name: Test
+        run: go test -tags=load_wgnt_from_rsrc -timeout 5m -p 1 ./...

.github/workflows/golangci-lint.yml

@@ -1,8 +1,5 @@
 name: golangci-lint
 on: [pull_request]
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
 jobs:
   golangci:
     name: lint

.github/workflows/install-test-darwin.yml

@@ -1,60 +0,0 @@
-name: Test installation Darwin
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-    paths:
-      - "release_files/install.sh"
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-jobs:
-  install-cli-only:
-    runs-on: macos-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-
-      - name: Rename brew package
-        if: ${{ matrix.check_bin_install }}
-        run: mv /opt/homebrew/bin/brew /opt/homebrew/bin/brew.bak
-
-      - name: Run install script
-        run: |
-          sh ./release_files/install.sh
-        env:
-          SKIP_UI_APP: true
-
-      - name: Run tests
-        run: |
-          if ! command -v netbird &> /dev/null; then
-            echo "Error: netbird is not installed"
-            exit 1
-          fi
-  install-all:
-    runs-on: macos-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-
-      - name: Rename brew package
-        if: ${{ matrix.check_bin_install }}
-        run: mv /opt/homebrew/bin/brew /opt/homebrew/bin/brew.bak
-
-      - name: Run install script
-        run: |
-          sh ./release_files/install.sh
-
-      - name: Run tests
-        run: |
-          if ! command -v netbird &> /dev/null; then
-              echo "Error: netbird is not installed"
-              exit 1
-          fi
-
-          if [[ $(mdfind "kMDItemContentType == 'com.apple.application-bundle' && kMDItemFSName == '*NetBird UI.app'") ]]; then
-            echo "Error: NetBird UI is not installed"
-            exit 1
-          fi

.github/workflows/install-test-linux.yml

@@ -1,38 +0,0 @@
-name: Test installation Linux
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-    paths:
-      - "release_files/install.sh"
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-jobs:
-  install-cli-only:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        check_bin_install: [true, false]
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-
-      - name: Rename apt package
-        if: ${{ matrix.check_bin_install }}
-        run: |
-          sudo mv /usr/bin/apt /usr/bin/apt.bak
-          sudo mv /usr/bin/apt-get /usr/bin/apt-get.bak
-
-      - name: Run install script
-        run: |
-          sh ./release_files/install.sh
-
-      - name: Run tests
-        run: |
-          if ! command -v netbird &> /dev/null; then
-            echo "Error: netbird is not installed"
-            exit 1
-          fi

.github/workflows/release.yml

@@ -9,13 +9,9 @@ on:
   pull_request:
 
 env:
-  SIGN_PIPE_VER: "v0.0.6"
+  SIGN_PIPE_VER: "v0.0.5"
   GORELEASER_VER: "v1.14.1"
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-
 jobs:
   release:
     runs-on: ubuntu-latest
@@ -25,6 +21,10 @@ jobs:
         uses: actions/checkout@v2
         with:
           fetch-depth: 0 # It is required for GoReleaser to work properly
+
+      - name: Generate syso with DLL
+        run: bash -x wireguard_nt.sh
+        working-directory: client
       -
         name: Set up Go
         uses: actions/setup-go@v2
@@ -59,17 +59,6 @@ jobs:
           password: ${{ secrets.DOCKER_TOKEN }}
       - name: Install OS build dependencies
         run: sudo apt update && sudo apt install -y -q gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu
-
-      - name: Install rsrc
-        run: go install github.com/akavel/rsrc@v0.10.2
-      - name: Generate windows rsrc amd64
-        run: rsrc -arch amd64 -ico client/ui/netbird.ico -manifest client/manifest.xml -o client/resources_windows_amd64.syso
-      - name: Generate windows rsrc arm64
-        run: rsrc -arch arm64 -ico client/ui/netbird.ico -manifest client/manifest.xml -o client/resources_windows_arm64.syso
-      - name: Generate windows rsrc arm
-        run: rsrc -arch arm -ico client/ui/netbird.ico -manifest client/manifest.xml -o client/resources_windows_arm.syso
-      - name: Generate windows rsrc 386
-        run: rsrc -arch 386 -ico client/ui/netbird.ico -manifest client/manifest.xml -o client/resources_windows_386.syso
       -
         name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2

.github/workflows/test-docker-compose-linux.yml

@@ -6,10 +6,6 @@ on:
       - main
   pull_request:
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-
 jobs:
   test:
     runs-on: ubuntu-latest
@@ -63,11 +59,6 @@ jobs:
           CI_NETBIRD_AUTH_TOKEN_ENDPOINT: https://example.eu.auth0.com/oauth/token
           CI_NETBIRD_AUTH_DEVICE_AUTH_ENDPOINT: https://example.eu.auth0.com/oauth/device/code
           CI_NETBIRD_AUTH_REDIRECT_URI: "/peers"
-          CI_NETBIRD_TOKEN_SOURCE: "idToken"
-          CI_NETBIRD_AUTH_USER_ID_CLAIM: "email"
-          CI_NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE: "super"
-          CI_NETBIRD_AUTH_DEVICE_AUTH_SCOPE: "openid email"
-
         run: |
           grep AUTH_CLIENT_ID docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_ID
           grep AUTH_AUTHORITY docker-compose.yml | grep $CI_NETBIRD_AUTH_AUTHORITY
@@ -77,12 +68,6 @@ jobs:
           grep NETBIRD_MGMT_API_ENDPOINT docker-compose.yml | grep "$CI_NETBIRD_DOMAIN:33073"
           grep AUTH_REDIRECT_URI docker-compose.yml | grep $CI_NETBIRD_AUTH_REDIRECT_URI
           grep AUTH_SILENT_REDIRECT_URI docker-compose.yml | egrep 'AUTH_SILENT_REDIRECT_URI=$'
-          grep LETSENCRYPT_DOMAIN docker-compose.yml | egrep 'LETSENCRYPT_DOMAIN=$'
-          grep NETBIRD_TOKEN_SOURCE docker-compose.yml | grep $CI_NETBIRD_TOKEN_SOURCE
-          grep AuthUserIDClaim management.json | grep $CI_NETBIRD_AUTH_USER_ID_CLAIM
-          grep -A 1 ProviderConfig management.json | grep Audience | grep $CI_NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE
-          grep Scope management.json | grep "$CI_NETBIRD_AUTH_DEVICE_AUTH_SCOPE"
-          grep UseIDToken management.json | grep false
 
       - name: run docker compose up
         working-directory: infrastructure_files

.goreleaser.yaml

@@ -25,7 +25,7 @@ builds:
       - goos: windows
         goarch: 386
     ldflags:
-      - -s -w -X github.com/netbirdio/netbird/version.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
+      - -s -w -X github.com/netbirdio/netbird/client/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
     mod_timestamp: '{{ .CommitTimestamp }}'
     tags:
       - load_wgnt_from_rsrc
@@ -47,7 +47,7 @@ builds:
       - arm64
       - arm
     ldflags:
-      - -s -w -X github.com/netbirdio/netbird/version.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
+      - -s -w -X github.com/netbirdio/netbird/client/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
     mod_timestamp: '{{ .CommitTimestamp }}'
 
   - id: netbird-signal
@@ -61,7 +61,7 @@ builds:
       - arm64
       - arm
     ldflags:
-      - -s -w -X github.com/netbirdio/netbird/version.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
+      - -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
     mod_timestamp: '{{ .CommitTimestamp }}'
 
 archives:

.goreleaser_ui.yaml

@@ -10,7 +10,7 @@ builds:
     goarch:
       - amd64
     ldflags:
-      - -s -w -X github.com/netbirdio/netbird/version.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
+      - -s -w -X github.com/netbirdio/netbird/client/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
     mod_timestamp: '{{ .CommitTimestamp }}'
 
   - id: netbird-ui-windows
@@ -24,7 +24,7 @@ builds:
     goarch:
       - amd64
     ldflags:
-      - -s -w -X github.com/netbirdio/netbird/version.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
+      - -s -w -X github.com/netbirdio/netbird/client/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
       - -H windowsgui
     mod_timestamp: '{{ .CommitTimestamp }}'
 

.goreleaser_ui_darwin.yaml

@@ -14,7 +14,7 @@ builds:
       - hardfloat
       - softfloat
     ldflags:
-      - -s -w -X github.com/netbirdio/netbird/version.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
+      - -s -w -X github.com/netbirdio/netbird/client/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
     mod_timestamp: '{{ .CommitTimestamp }}'
     tags:
       - load_wgnt_from_rsrc

README.md

@@ -1,5 +1,5 @@
 <p align="center">
- <strong>:hatching_chick: New Release! Peer expiration.</strong>
+ <strong>:hatching_chick: New Release! DNS support.</strong>
   <a href="https://github.com/netbirdio/netbird/releases">
        Learn more
      </a>   

client/android/client.go

@@ -1,129 +0,0 @@
-package android
-
-import (
-	"context"
-	"sync"
-
-	log "github.com/sirupsen/logrus"
-
-	"github.com/netbirdio/netbird/client/internal"
-	"github.com/netbirdio/netbird/client/internal/peer"
-	"github.com/netbirdio/netbird/client/internal/stdnet"
-	"github.com/netbirdio/netbird/client/system"
-	"github.com/netbirdio/netbird/formatter"
-	"github.com/netbirdio/netbird/iface"
-)
-
-// ConnectionListener export internal Listener for mobile
-type ConnectionListener interface {
-	peer.Listener
-}
-
-// TunAdapter export internal TunAdapter for mobile
-type TunAdapter interface {
-	iface.TunAdapter
-}
-
-// IFaceDiscover export internal IFaceDiscover for mobile
-type IFaceDiscover interface {
-	stdnet.ExternalIFaceDiscover
-}
-
-func init() {
-	formatter.SetLogcatFormatter(log.StandardLogger())
-}
-
-// Client struct manage the life circle of background service
-type Client struct {
-	cfgFile       string
-	tunAdapter    iface.TunAdapter
-	iFaceDiscover IFaceDiscover
-	recorder      *peer.Status
-	ctxCancel     context.CancelFunc
-	ctxCancelLock *sync.Mutex
-	deviceName    string
-}
-
-// NewClient instantiate a new Client
-func NewClient(cfgFile, deviceName string, tunAdapter TunAdapter, iFaceDiscover IFaceDiscover) *Client {
-	lvl, _ := log.ParseLevel("trace")
-	log.SetLevel(lvl)
-
-	return &Client{
-		cfgFile:       cfgFile,
-		deviceName:    deviceName,
-		tunAdapter:    tunAdapter,
-		iFaceDiscover: iFaceDiscover,
-		recorder:      peer.NewRecorder(""),
-		ctxCancelLock: &sync.Mutex{},
-	}
-}
-
-// Run start the internal client. It is a blocker function
-func (c *Client) Run(urlOpener URLOpener) error {
-	cfg, err := internal.UpdateOrCreateConfig(internal.ConfigInput{
-		ConfigPath: c.cfgFile,
-	})
-	if err != nil {
-		return err
-	}
-	c.recorder.UpdateManagementAddress(cfg.ManagementURL.String())
-
-	var ctx context.Context
-	//nolint
-	ctxWithValues := context.WithValue(context.Background(), system.DeviceNameCtxKey, c.deviceName)
-	c.ctxCancelLock.Lock()
-	ctx, c.ctxCancel = context.WithCancel(ctxWithValues)
-	defer c.ctxCancel()
-	c.ctxCancelLock.Unlock()
-
-	auth := NewAuthWithConfig(ctx, cfg)
-	err = auth.login(urlOpener)
-	if err != nil {
-		return err
-	}
-
-	// todo do not throw error in case of cancelled context
-	ctx = internal.CtxInitState(ctx)
-	return internal.RunClient(ctx, cfg, c.recorder, c.tunAdapter, c.iFaceDiscover)
-}
-
-// Stop the internal client and free the resources
-func (c *Client) Stop() {
-	c.ctxCancelLock.Lock()
-	defer c.ctxCancelLock.Unlock()
-	if c.ctxCancel == nil {
-		return
-	}
-
-	c.ctxCancel()
-}
-
-// PeersList return with the list of the PeerInfos
-func (c *Client) PeersList() *PeerInfoArray {
-
-	fullStatus := c.recorder.GetFullStatus()
-
-	peerInfos := make([]PeerInfo, len(fullStatus.Peers))
-	for n, p := range fullStatus.Peers {
-		pi := PeerInfo{
-			p.IP,
-			p.FQDN,
-			p.ConnStatus.String(),
-			p.Direct,
-		}
-		peerInfos[n] = pi
-	}
-
-	return &PeerInfoArray{items: peerInfos}
-}
-
-// SetConnectionListener set the network connection listener
-func (c *Client) SetConnectionListener(listener ConnectionListener) {
-	c.recorder.SetConnectionListener(listener)
-}
-
-// RemoveConnectionListener remove connection listener
-func (c *Client) RemoveConnectionListener() {
-	c.recorder.RemoveConnectionListener()
-}

client/android/login.go

@@ -1,229 +0,0 @@
-package android
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/cenkalti/backoff/v4"
-
-	log "github.com/sirupsen/logrus"
-	"google.golang.org/grpc/codes"
-	gstatus "google.golang.org/grpc/status"
-
-	"github.com/netbirdio/netbird/client/cmd"
-	"github.com/netbirdio/netbird/client/system"
-
-	"github.com/netbirdio/netbird/client/internal"
-)
-
-// SSOListener is async listener for mobile framework
-type SSOListener interface {
-	OnSuccess(bool)
-	OnError(error)
-}
-
-// ErrListener is async listener for mobile framework
-type ErrListener interface {
-	OnSuccess()
-	OnError(error)
-}
-
-// URLOpener it is a callback interface. The Open function will be triggered if
-// the backend want to show an url for the user
-type URLOpener interface {
-	Open(string)
-}
-
-// Auth can register or login new client
-type Auth struct {
-	ctx     context.Context
-	config  *internal.Config
-	cfgPath string
-}
-
-// NewAuth instantiate Auth struct and validate the management URL
-func NewAuth(cfgPath string, mgmURL string) (*Auth, error) {
-	inputCfg := internal.ConfigInput{
-		ManagementURL: mgmURL,
-	}
-
-	cfg, err := internal.CreateInMemoryConfig(inputCfg)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Auth{
-		ctx:     context.Background(),
-		config:  cfg,
-		cfgPath: cfgPath,
-	}, nil
-}
-
-// NewAuthWithConfig instantiate Auth based on existing config
-func NewAuthWithConfig(ctx context.Context, config *internal.Config) *Auth {
-	return &Auth{
-		ctx:    ctx,
-		config: config,
-	}
-}
-
-// SaveConfigIfSSOSupported test the connectivity with the management server by retrieving the server device flow info.
-// If it returns a flow info than save the configuration and return true. If it gets a codes.NotFound, it means that SSO
-// is not supported and returns false without saving the configuration. For other errors return false.
-func (a *Auth) SaveConfigIfSSOSupported(listener SSOListener) {
-	go func() {
-		sso, err := a.saveConfigIfSSOSupported()
-		if err != nil {
-			listener.OnError(err)
-		} else {
-			listener.OnSuccess(sso)
-		}
-	}()
-}
-
-func (a *Auth) saveConfigIfSSOSupported() (bool, error) {
-	supportsSSO := true
-	err := a.withBackOff(a.ctx, func() (err error) {
-		_, err = internal.GetDeviceAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL)
-		if s, ok := gstatus.FromError(err); ok && s.Code() == codes.NotFound {
-			supportsSSO = false
-			err = nil
-		}
-		return err
-	})
-
-	if !supportsSSO {
-		return false, nil
-	}
-
-	if err != nil {
-		return false, fmt.Errorf("backoff cycle failed: %v", err)
-	}
-
-	err = internal.WriteOutConfig(a.cfgPath, a.config)
-	return true, err
-}
-
-// LoginWithSetupKeyAndSaveConfig test the connectivity with the management server with the setup key.
-func (a *Auth) LoginWithSetupKeyAndSaveConfig(resultListener ErrListener, setupKey string, deviceName string) {
-	go func() {
-		err := a.loginWithSetupKeyAndSaveConfig(setupKey, deviceName)
-		if err != nil {
-			resultListener.OnError(err)
-		} else {
-			resultListener.OnSuccess()
-		}
-	}()
-}
-
-func (a *Auth) loginWithSetupKeyAndSaveConfig(setupKey string, deviceName string) error {
-	//nolint
-	ctxWithValues := context.WithValue(a.ctx, system.DeviceNameCtxKey, deviceName)
-
-	err := a.withBackOff(a.ctx, func() error {
-		backoffErr := internal.Login(ctxWithValues, a.config, setupKey, "")
-		if s, ok := gstatus.FromError(backoffErr); ok && (s.Code() == codes.PermissionDenied) {
-			// we got an answer from management, exit backoff earlier
-			return backoff.Permanent(backoffErr)
-		}
-		return backoffErr
-	})
-	if err != nil {
-		return fmt.Errorf("backoff cycle failed: %v", err)
-	}
-
-	return internal.WriteOutConfig(a.cfgPath, a.config)
-}
-
-// Login try register the client on the server
-func (a *Auth) Login(resultListener ErrListener, urlOpener URLOpener) {
-	go func() {
-		err := a.login(urlOpener)
-		if err != nil {
-			resultListener.OnError(err)
-		} else {
-			resultListener.OnSuccess()
-		}
-	}()
-}
-
-func (a *Auth) login(urlOpener URLOpener) error {
-	var needsLogin bool
-
-	// check if we need to generate JWT token
-	err := a.withBackOff(a.ctx, func() (err error) {
-		needsLogin, err = internal.IsLoginRequired(a.ctx, a.config.PrivateKey, a.config.ManagementURL, a.config.SSHKey)
-		return
-	})
-	if err != nil {
-		return fmt.Errorf("backoff cycle failed: %v", err)
-	}
-
-	jwtToken := ""
-	if needsLogin {
-		tokenInfo, err := a.foregroundGetTokenInfo(urlOpener)
-		if err != nil {
-			return fmt.Errorf("interactive sso login failed: %v", err)
-		}
-		jwtToken = tokenInfo.GetTokenToUse()
-	}
-
-	err = a.withBackOff(a.ctx, func() error {
-		err := internal.Login(a.ctx, a.config, "", jwtToken)
-		if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.InvalidArgument || s.Code() == codes.PermissionDenied) {
-			return nil
-		}
-		return err
-	})
-	if err != nil {
-		return fmt.Errorf("backoff cycle failed: %v", err)
-	}
-
-	return nil
-}
-
-func (a *Auth) foregroundGetTokenInfo(urlOpener URLOpener) (*internal.TokenInfo, error) {
-	providerConfig, err := internal.GetDeviceAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL)
-	if err != nil {
-		s, ok := gstatus.FromError(err)
-		if ok && s.Code() == codes.NotFound {
-			return nil, fmt.Errorf("no SSO provider returned from management. " +
-				"If you are using hosting Netbird see documentation at " +
-				"https://github.com/netbirdio/netbird/tree/main/management for details")
-		} else if ok && s.Code() == codes.Unimplemented {
-			return nil, fmt.Errorf("the management server, %s, does not support SSO providers, "+
-				"please update your servver or use Setup Keys to login", a.config.ManagementURL)
-		} else {
-			return nil, fmt.Errorf("getting device authorization flow info failed with error: %v", err)
-		}
-	}
-
-	hostedClient := internal.NewHostedDeviceFlow(providerConfig.ProviderConfig)
-
-	flowInfo, err := hostedClient.RequestDeviceCode(context.TODO())
-	if err != nil {
-		return nil, fmt.Errorf("getting a request device code failed: %v", err)
-	}
-
-	go urlOpener.Open(flowInfo.VerificationURIComplete)
-
-	waitTimeout := time.Duration(flowInfo.ExpiresIn)
-	waitCTX, cancel := context.WithTimeout(a.ctx, waitTimeout*time.Second)
-	defer cancel()
-	tokenInfo, err := hostedClient.WaitToken(waitCTX, flowInfo)
-	if err != nil {
-		return nil, fmt.Errorf("waiting for browser login failed: %v", err)
-	}
-
-	return &tokenInfo, nil
-}
-
-func (a *Auth) withBackOff(ctx context.Context, bf func() error) error {
-	return backoff.RetryNotify(
-		bf,
-		backoff.WithContext(cmd.CLIBackOffSettings, ctx),
-		func(err error, duration time.Duration) {
-			log.Warnf("retrying Login to the Management service in %v due to error %v", duration, err)
-		})
-}

client/android/peer_notifier.go

@@ -1,37 +0,0 @@
-package android
-
-// PeerInfo describe information about the peers. It designed for the UI usage
-type PeerInfo struct {
-	IP         string
-	FQDN       string
-	ConnStatus string // Todo replace to enum
-	Direct     bool
-}
-
-// PeerInfoCollection made for Java layer to get non default types as collection
-type PeerInfoCollection interface {
-	Add(s string) PeerInfoCollection
-	Get(i int) string
-	Size() int
-}
-
-// PeerInfoArray is the implementation of the PeerInfoCollection
-type PeerInfoArray struct {
-	items []PeerInfo
-}
-
-// Add new PeerInfo to the collection
-func (array PeerInfoArray) Add(s PeerInfo) PeerInfoArray {
-	array.items = append(array.items, s)
-	return array
-}
-
-// Get return an element of the collection
-func (array PeerInfoArray) Get(i int) *PeerInfo {
-	return &array.items[i]
-}
-
-// Size return with the size of the collection
-func (array PeerInfoArray) Size() int {
-	return len(array.items)
-}

client/android/preferences.go

@@ -1,78 +0,0 @@
-package android
-
-import (
-	"github.com/netbirdio/netbird/client/internal"
-)
-
-// Preferences export a subset of the internal config for gomobile
-type Preferences struct {
-	configInput internal.ConfigInput
-}
-
-// NewPreferences create new Preferences instance
-func NewPreferences(configPath string) *Preferences {
-	ci := internal.ConfigInput{
-		ConfigPath: configPath,
-	}
-	return &Preferences{ci}
-}
-
-// GetManagementURL read url from config file
-func (p *Preferences) GetManagementURL() (string, error) {
-	if p.configInput.ManagementURL != "" {
-		return p.configInput.ManagementURL, nil
-	}
-
-	cfg, err := internal.ReadConfig(p.configInput.ConfigPath)
-	if err != nil {
-		return "", err
-	}
-	return cfg.ManagementURL.String(), err
-}
-
-// SetManagementURL store the given url and wait for commit
-func (p *Preferences) SetManagementURL(url string) {
-	p.configInput.ManagementURL = url
-}
-
-// GetAdminURL read url from config file
-func (p *Preferences) GetAdminURL() (string, error) {
-	if p.configInput.AdminURL != "" {
-		return p.configInput.AdminURL, nil
-	}
-
-	cfg, err := internal.ReadConfig(p.configInput.ConfigPath)
-	if err != nil {
-		return "", err
-	}
-	return cfg.AdminURL.String(), err
-}
-
-// SetAdminURL store the given url and wait for commit
-func (p *Preferences) SetAdminURL(url string) {
-	p.configInput.AdminURL = url
-}
-
-// GetPreSharedKey read preshared key from config file
-func (p *Preferences) GetPreSharedKey() (string, error) {
-	if p.configInput.PreSharedKey != nil {
-		return *p.configInput.PreSharedKey, nil
-	}
-
-	cfg, err := internal.ReadConfig(p.configInput.ConfigPath)
-	if err != nil {
-		return "", err
-	}
-	return cfg.PreSharedKey, err
-}
-
-// SetPreSharedKey store the given key and wait for commit
-func (p *Preferences) SetPreSharedKey(key string) {
-	p.configInput.PreSharedKey = &key
-}
-
-// Commit write out the changes into config file
-func (p *Preferences) Commit() error {
-	_, err := internal.UpdateOrCreateConfig(p.configInput)
-	return err
-}

client/android/preferences_test.go

@@ -1,120 +0,0 @@
-package android
-
-import (
-	"path/filepath"
-	"testing"
-
-	"github.com/netbirdio/netbird/client/internal"
-)
-
-func TestPreferences_DefaultValues(t *testing.T) {
-	cfgFile := filepath.Join(t.TempDir(), "netbird.json")
-	p := NewPreferences(cfgFile)
-	defaultVar, err := p.GetAdminURL()
-	if err != nil {
-		t.Fatalf("failed to read default value: %s", err)
-	}
-
-	if defaultVar != internal.DefaultAdminURL {
-		t.Errorf("invalid default admin url: %s", defaultVar)
-	}
-
-	defaultVar, err = p.GetManagementURL()
-	if err != nil {
-		t.Fatalf("failed to read default management URL: %s", err)
-	}
-
-	if defaultVar != internal.DefaultManagementURL {
-		t.Errorf("invalid default management url: %s", defaultVar)
-	}
-
-	var preSharedKey string
-	preSharedKey, err = p.GetPreSharedKey()
-	if err != nil {
-		t.Fatalf("failed to read default preshared key: %s", err)
-	}
-
-	if preSharedKey != "" {
-		t.Errorf("invalid preshared key: %s", preSharedKey)
-	}
-}
-
-func TestPreferences_ReadUncommitedValues(t *testing.T) {
-	exampleString := "exampleString"
-	cfgFile := filepath.Join(t.TempDir(), "netbird.json")
-	p := NewPreferences(cfgFile)
-
-	p.SetAdminURL(exampleString)
-	resp, err := p.GetAdminURL()
-	if err != nil {
-		t.Fatalf("failed to read admin url: %s", err)
-	}
-
-	if resp != exampleString {
-		t.Errorf("unexpected admin url: %s", resp)
-	}
-
-	p.SetManagementURL(exampleString)
-	resp, err = p.GetManagementURL()
-	if err != nil {
-		t.Fatalf("failed to read managmenet url: %s", err)
-	}
-
-	if resp != exampleString {
-		t.Errorf("unexpected managemenet url: %s", resp)
-	}
-
-	p.SetPreSharedKey(exampleString)
-	resp, err = p.GetPreSharedKey()
-	if err != nil {
-		t.Fatalf("failed to read preshared key: %s", err)
-	}
-
-	if resp != exampleString {
-		t.Errorf("unexpected preshared key: %s", resp)
-	}
-}
-
-func TestPreferences_Commit(t *testing.T) {
-	exampleURL := "https://myurl.com:443"
-	examplePresharedKey := "topsecret"
-	cfgFile := filepath.Join(t.TempDir(), "netbird.json")
-	p := NewPreferences(cfgFile)
-
-	p.SetAdminURL(exampleURL)
-	p.SetManagementURL(exampleURL)
-	p.SetPreSharedKey(examplePresharedKey)
-
-	err := p.Commit()
-	if err != nil {
-		t.Fatalf("failed to save changes: %s", err)
-	}
-
-	p = NewPreferences(cfgFile)
-	resp, err := p.GetAdminURL()
-	if err != nil {
-		t.Fatalf("failed to read admin url: %s", err)
-	}
-
-	if resp != exampleURL {
-		t.Errorf("unexpected admin url: %s", resp)
-	}
-
-	resp, err = p.GetManagementURL()
-	if err != nil {
-		t.Fatalf("failed to read managmenet url: %s", err)
-	}
-
-	if resp != exampleURL {
-		t.Errorf("unexpected managemenet url: %s", resp)
-	}
-
-	resp, err = p.GetPreSharedKey()
-	if err != nil {
-		t.Fatalf("failed to read preshared key: %s", err)
-	}
-
-	if resp != examplePresharedKey {
-		t.Errorf("unexpected preshared key: %s", resp)
-	}
-}

client/cmd/login.go

@@ -3,11 +3,10 @@ package cmd
 import (
 	"context"
 	"fmt"
-	"time"
-
 	"github.com/skratchdot/open-golang/open"
 	"google.golang.org/grpc/codes"
 	gstatus "google.golang.org/grpc/status"
+	"time"
 
 	"github.com/netbirdio/netbird/util"
 
@@ -39,7 +38,7 @@ var loginCmd = &cobra.Command{
 				return err
 			}
 
-			config, err := internal.UpdateOrCreateConfig(internal.ConfigInput{
+			config, err := internal.GetConfig(internal.ConfigInput{
 				ManagementURL: managementURL,
 				AdminURL:      adminURL,
 				ConfigPath:    configPath,
@@ -135,7 +134,7 @@ func foregroundLogin(ctx context.Context, cmd *cobra.Command, config *internal.C
 		if err != nil {
 			return fmt.Errorf("interactive sso login failed: %v", err)
 		}
-		jwtToken = tokenInfo.GetTokenToUse()
+		jwtToken = tokenInfo.AccessToken
 	}
 
 	err = WithBackOff(func() error {
@@ -153,7 +152,7 @@ func foregroundLogin(ctx context.Context, cmd *cobra.Command, config *internal.C
 }
 
 func foregroundGetTokenInfo(ctx context.Context, cmd *cobra.Command, config *internal.Config) (*internal.TokenInfo, error) {
-	providerConfig, err := internal.GetDeviceAuthorizationFlowInfo(ctx, config.PrivateKey, config.ManagementURL)
+	providerConfig, err := internal.GetDeviceAuthorizationFlowInfo(ctx, config)
 	if err != nil {
 		s, ok := gstatus.FromError(err)
 		if ok && s.Code() == codes.NotFound {
@@ -172,7 +171,12 @@ func foregroundGetTokenInfo(ctx context.Context, cmd *cobra.Command, config *int
 		}
 	}
 
-	hostedClient := internal.NewHostedDeviceFlow(providerConfig.ProviderConfig)
+	hostedClient := internal.NewHostedDeviceFlow(
+		providerConfig.ProviderConfig.Audience,
+		providerConfig.ProviderConfig.ClientID,
+		providerConfig.ProviderConfig.TokenEndpoint,
+		providerConfig.ProviderConfig.DeviceAuthEndpoint,
+	)
 
 	flowInfo, err := hostedClient.RequestDeviceCode(context.TODO())
 	if err != nil {

client/cmd/ssh.go

@@ -4,17 +4,15 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"github.com/netbirdio/netbird/client/internal"
+	nbssh "github.com/netbirdio/netbird/client/ssh"
+	"github.com/netbirdio/netbird/util"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
 	"os"
 	"os/signal"
 	"strings"
 	"syscall"
-
-	log "github.com/sirupsen/logrus"
-	"github.com/spf13/cobra"
-
-	"github.com/netbirdio/netbird/client/internal"
-	nbssh "github.com/netbirdio/netbird/client/ssh"
-	"github.com/netbirdio/netbird/util"
 )
 
 var (
@@ -59,7 +57,7 @@ var sshCmd = &cobra.Command{
 
 		ctx := internal.CtxInitState(cmd.Context())
 
-		config, err := internal.UpdateConfig(internal.ConfigInput{
+		config, err := internal.ReadConfig(internal.ConfigInput{
 			ConfigPath: configPath,
 		})
 		if err != nil {

client/cmd/status.go

@@ -17,8 +17,8 @@ import (
 	"github.com/netbirdio/netbird/client/internal"
 	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/client/proto"
+	"github.com/netbirdio/netbird/client/system"
 	"github.com/netbirdio/netbird/util"
-	"github.com/netbirdio/netbird/version"
 )
 
 type peerStateDetailOutput struct {
@@ -209,7 +209,7 @@ func convertToStatusOutputOverview(resp *proto.StatusResponse) statusOutputOverv
 
 	overview := statusOutputOverview{
 		Peers:           peersOverview,
-		CliVersion:      version.NetbirdVersion(),
+		CliVersion:      system.NetbirdVersion(),
 		DaemonVersion:   resp.GetDaemonVersion(),
 		ManagementState: managementOverview,
 		SignalState:     signalOverview,
@@ -345,7 +345,7 @@ func parseGeneralSummary(overview statusOutputOverview, showURL bool) string {
 			"Interface type: %s\n"+
 			"Peers count: %s\n",
 		overview.DaemonVersion,
-		version.NetbirdVersion(),
+		system.NetbirdVersion(),
 		managementConnString,
 		signalConnString,
 		overview.FQDN,

client/cmd/status_test.go

@@ -8,7 +8,7 @@ import (
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/netbirdio/netbird/client/proto"
-	"github.com/netbirdio/netbird/version"
+	"github.com/netbirdio/netbird/client/system"
 )
 
 var resp = &proto.StatusResponse{
@@ -89,7 +89,7 @@ var overview = statusOutputOverview{
 			},
 		},
 	},
-	CliVersion:    version.NetbirdVersion(),
+	CliVersion:    system.NetbirdVersion(),
 	DaemonVersion: "0.14.1",
 	ManagementState: managementStateOutput{
 		URL:       "my-awesome-management.com:443",

client/cmd/up.go

@@ -3,19 +3,17 @@ package cmd
 import (
 	"context"
 	"fmt"
-	"net"
-	"net/netip"
-	"strings"
-
+	"github.com/netbirdio/netbird/client/internal"
+	"github.com/netbirdio/netbird/client/proto"
+	nbStatus "github.com/netbirdio/netbird/client/status"
+	"github.com/netbirdio/netbird/util"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc/codes"
 	gstatus "google.golang.org/grpc/status"
-
-	"github.com/netbirdio/netbird/client/internal"
-	"github.com/netbirdio/netbird/client/internal/peer"
-	"github.com/netbirdio/netbird/client/proto"
-	"github.com/netbirdio/netbird/util"
+	"net"
+	"net/netip"
+	"strings"
 )
 
 const (
@@ -72,7 +70,7 @@ func runInForegroundMode(ctx context.Context, cmd *cobra.Command) error {
 		return err
 	}
 
-	config, err := internal.UpdateOrCreateConfig(internal.ConfigInput{
+	config, err := internal.GetConfig(internal.ConfigInput{
 		ManagementURL:    managementURL,
 		AdminURL:         adminURL,
 		ConfigPath:       configPath,
@@ -94,7 +92,7 @@ func runInForegroundMode(ctx context.Context, cmd *cobra.Command) error {
 	var cancel context.CancelFunc
 	ctx, cancel = context.WithCancel(ctx)
 	SetupCloseHandler(ctx, cancel)
-	return internal.RunClient(ctx, config, peer.NewRecorder(config.ManagementURL.String()), nil, nil)
+	return internal.RunClient(ctx, config, nbStatus.NewRecorder())
 }
 
 func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {

client/cmd/version.go

@@ -1,9 +1,8 @@
 package cmd
 
 import (
+	"github.com/netbirdio/netbird/client/system"
 	"github.com/spf13/cobra"
-
-	"github.com/netbirdio/netbird/version"
 )
 
 var (
@@ -12,7 +11,7 @@ var (
 		Short: "prints Netbird version",
 		Run: func(cmd *cobra.Command, args []string) {
 			cmd.SetOut(cmd.OutOrStdout())
-			cmd.Println(version.NetbirdVersion())
+			cmd.Println(system.NetbirdVersion())
 		},
 	}
 )

client/firewall/firewall.go

@@ -1,57 +0,0 @@
-package firewall
-
-import (
-	"net"
-)
-
-// Rule abstraction should be implemented by each firewall manager
-//
-// Each firewall type for different OS can use different type
-// of the properties to hold data of the created rule
-type Rule interface {
-	// GetRuleID returns the rule id
-	GetRuleID() string
-}
-
-// Direction is the direction of the traffic
-type Direction int
-
-const (
-	// DirectionSrc is the direction of the traffic from the source
-	DirectionSrc Direction = iota
-	// DirectionDst is the direction of the traffic from the destination
-	DirectionDst
-)
-
-// Action is the action to be taken on a rule
-type Action int
-
-const (
-	// ActionAccept is the action to accept a packet
-	ActionAccept Action = iota
-	// ActionDrop is the action to drop a packet
-	ActionDrop
-)
-
-// Manager is the high level abstraction of a firewall manager
-//
-// It declares methods which handle actions required by the
-// Netbird client for ACL and routing functionality
-type Manager interface {
-	// AddFiltering rule to the firewall
-	AddFiltering(
-		ip net.IP,
-		port *Port,
-		direction Direction,
-		action Action,
-		comment string,
-	) (Rule, error)
-
-	// DeleteRule from the firewall by rule definition
-	DeleteRule(rule Rule) error
-
-	// Reset firewall to the default state
-	Reset() error
-
-	// TODO: migrate routemanager firewal actions to this interface
-}

client/firewall/iptables/manager_linux.go

@@ -1,160 +0,0 @@
-package iptables
-
-import (
-	"fmt"
-	"net"
-	"strconv"
-	"sync"
-
-	"github.com/coreos/go-iptables/iptables"
-	"github.com/google/uuid"
-
-	fw "github.com/netbirdio/netbird/client/firewall"
-)
-
-const (
-	// ChainFilterName is the name of the chain that is used for filtering by the Netbird client
-	ChainFilterName = "NETBIRD-ACL"
-)
-
-// Manager of iptables firewall
-type Manager struct {
-	mutex sync.Mutex
-
-	ipv4Client *iptables.IPTables
-	ipv6Client *iptables.IPTables
-}
-
-// Create iptables firewall manager
-func Create() (*Manager, error) {
-	m := &Manager{}
-
-	// init clients for booth ipv4 and ipv6
-	ipv4Client, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
-	if err != nil {
-		return nil, fmt.Errorf("iptables is not installed in the system or not supported")
-	}
-	m.ipv4Client = ipv4Client
-
-	ipv6Client, err := iptables.NewWithProtocol(iptables.ProtocolIPv6)
-	if err != nil {
-		return nil, fmt.Errorf("ip6tables is not installed in the system or not supported")
-	}
-	m.ipv6Client = ipv6Client
-
-	if err := m.Reset(); err != nil {
-		return nil, fmt.Errorf("failed to reset firewall: %s", err)
-	}
-
-	return m, nil
-}
-
-// AddFiltering rule to the firewall
-func (m *Manager) AddFiltering(
-	ip net.IP,
-	port *fw.Port,
-	direction fw.Direction,
-	action fw.Action,
-	comment string,
-) (fw.Rule, error) {
-	m.mutex.Lock()
-	defer m.mutex.Unlock()
-	client := m.client(ip)
-	ok, err := client.ChainExists("filter", ChainFilterName)
-	if err != nil {
-		return nil, fmt.Errorf("failed to check if chain exists: %s", err)
-	}
-	if !ok {
-		if err := client.NewChain("filter", ChainFilterName); err != nil {
-			return nil, fmt.Errorf("failed to create chain: %s", err)
-		}
-	}
-	if port == nil || port.Values == nil || (port.IsRange && len(port.Values) != 2) {
-		return nil, fmt.Errorf("invalid port definition")
-	}
-	pv := strconv.Itoa(port.Values[0])
-	if port.IsRange {
-		pv += ":" + strconv.Itoa(port.Values[1])
-	}
-	specs := m.filterRuleSpecs("filter", ChainFilterName, ip, pv, direction, action, comment)
-	if err := client.AppendUnique("filter", ChainFilterName, specs...); err != nil {
-		return nil, err
-	}
-	rule := &Rule{
-		id:    uuid.New().String(),
-		specs: specs,
-		v6:    ip.To4() == nil,
-	}
-	return rule, nil
-}
-
-// DeleteRule from the firewall by rule definition
-func (m *Manager) DeleteRule(rule fw.Rule) error {
-	m.mutex.Lock()
-	defer m.mutex.Unlock()
-	r, ok := rule.(*Rule)
-	if !ok {
-		return fmt.Errorf("invalid rule type")
-	}
-	client := m.ipv4Client
-	if r.v6 {
-		client = m.ipv6Client
-	}
-	return client.Delete("filter", ChainFilterName, r.specs...)
-}
-
-// Reset firewall to the default state
-func (m *Manager) Reset() error {
-	m.mutex.Lock()
-	defer m.mutex.Unlock()
-	if err := m.reset(m.ipv4Client, "filter", ChainFilterName); err != nil {
-		return fmt.Errorf("clean ipv4 firewall ACL chain: %w", err)
-	}
-	if err := m.reset(m.ipv6Client, "filter", ChainFilterName); err != nil {
-		return fmt.Errorf("clean ipv6 firewall ACL chain: %w", err)
-	}
-	return nil
-}
-
-// reset firewall chain, clear it and drop it
-func (m *Manager) reset(client *iptables.IPTables, table, chain string) error {
-	ok, err := client.ChainExists(table, chain)
-	if err != nil {
-		return fmt.Errorf("failed to check if chain exists: %w", err)
-	}
-	if !ok {
-		return nil
-	}
-	if err := client.ClearChain(table, ChainFilterName); err != nil {
-		return fmt.Errorf("failed to clear chain: %w", err)
-	}
-	return client.DeleteChain(table, ChainFilterName)
-}
-
-// filterRuleSpecs returns the specs of a filtering rule
-func (m *Manager) filterRuleSpecs(
-	table string, chain string, ip net.IP, port string,
-	direction fw.Direction, action fw.Action, comment string,
-) (specs []string) {
-	if direction == fw.DirectionSrc {
-		specs = append(specs, "-s", ip.String())
-	}
-	specs = append(specs, "-p", "tcp", "--dport", port)
-	specs = append(specs, "-j", m.actionToStr(action))
-	return append(specs, "-m", "comment", "--comment", comment)
-}
-
-// client returns corresponding iptables client for the given ip
-func (m *Manager) client(ip net.IP) *iptables.IPTables {
-	if ip.To4() != nil {
-		return m.ipv4Client
-	}
-	return m.ipv6Client
-}
-
-func (m *Manager) actionToStr(action fw.Action) string {
-	if action == fw.ActionAccept {
-		return "ACCEPT"
-	}
-	return "DROP"
-}

client/firewall/iptables/manager_linux_test.go

@@ -1,105 +0,0 @@
-package iptables
-
-import (
-	"net"
-	"testing"
-
-	"github.com/coreos/go-iptables/iptables"
-	fw "github.com/netbirdio/netbird/client/firewall"
-)
-
-func TestNewManager(t *testing.T) {
-	ipv4Client, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	manager, err := Create()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var rule1 fw.Rule
-	t.Run("add first rule", func(t *testing.T) {
-		ip := net.ParseIP("10.20.0.2")
-		port := &fw.Port{Proto: fw.PortProtocolTCP, Values: []int{8080}}
-		rule1, err = manager.AddFiltering(ip, port, fw.DirectionDst, fw.ActionAccept, "accept HTTP traffic")
-		if err != nil {
-			t.Errorf("failed to add rule: %v", err)
-		}
-
-		checkRuleSpecs(t, ipv4Client, true, rule1.(*Rule).specs...)
-	})
-
-	var rule2 fw.Rule
-	t.Run("add second rule", func(t *testing.T) {
-		ip := net.ParseIP("10.20.0.3")
-		port := &fw.Port{
-			Proto:  fw.PortProtocolTCP,
-			Values: []int{8043: 8046},
-		}
-		rule2, err = manager.AddFiltering(
-			ip, port, fw.DirectionDst, fw.ActionAccept, "accept HTTPS traffic from ports range")
-		if err != nil {
-			t.Errorf("failed to add rule: %v", err)
-		}
-
-		checkRuleSpecs(t, ipv4Client, true, rule2.(*Rule).specs...)
-	})
-
-	t.Run("delete first rule", func(t *testing.T) {
-		if err := manager.DeleteRule(rule1); err != nil {
-			t.Errorf("failed to delete rule: %v", err)
-		}
-
-		checkRuleSpecs(t, ipv4Client, false, rule1.(*Rule).specs...)
-	})
-
-	t.Run("delete second rule", func(t *testing.T) {
-		if err := manager.DeleteRule(rule2); err != nil {
-			t.Errorf("failed to delete rule: %v", err)
-		}
-
-		checkRuleSpecs(t, ipv4Client, false, rule2.(*Rule).specs...)
-	})
-
-	t.Run("reset check", func(t *testing.T) {
-		// add second rule
-		ip := net.ParseIP("10.20.0.3")
-		port := &fw.Port{Proto: fw.PortProtocolUDP, Values: []int{5353}}
-		_, err = manager.AddFiltering(ip, port, fw.DirectionDst, fw.ActionAccept, "accept Fake DNS traffic")
-		if err != nil {
-			t.Errorf("failed to add rule: %v", err)
-		}
-
-		if err := manager.Reset(); err != nil {
-			t.Errorf("failed to reset: %v", err)
-		}
-
-		ok, err := ipv4Client.ChainExists("filter", ChainFilterName)
-		if err != nil {
-			t.Errorf("failed to drop chain: %v", err)
-		}
-
-		if ok {
-			t.Errorf("chain '%v' still exists after Reset", ChainFilterName)
-		}
-	})
-}
-
-func checkRuleSpecs(t *testing.T, ipv4Client *iptables.IPTables, mustExists bool, rulespec ...string) {
-	exists, err := ipv4Client.Exists("filter", ChainFilterName, rulespec...)
-	if err != nil {
-		t.Errorf("failed to check rule: %v", err)
-		return
-	}
-
-	if !exists && mustExists {
-		t.Errorf("rule '%v' does not exist", rulespec)
-		return
-	}
-	if exists && !mustExists {
-		t.Errorf("rule '%v' exist", rulespec)
-		return
-	}
-}

client/firewall/iptables/rule.go

@@ -1,13 +0,0 @@
-package iptables
-
-// Rule to handle management of rules
-type Rule struct {
-	id    string
-	specs []string
-	v6    bool
-}
-
-// GetRuleID returns the rule id
-func (r *Rule) GetRuleID() string {
-	return r.id
-}

client/firewall/port.go

@@ -1,24 +0,0 @@
-package firewall
-
-// PortProtocol is the protocol of the port
-type PortProtocol string
-
-const (
-	// PortProtocolTCP is the TCP protocol
-	PortProtocolTCP PortProtocol = "tcp"
-
-	// PortProtocolUDP is the UDP protocol
-	PortProtocolUDP PortProtocol = "udp"
-)
-
-// Port of the address for firewall rule
-type Port struct {
-	// IsRange is true Values contains two values, the first is the start port, the second is the end port
-	IsRange bool
-
-	// Values contains one value for single port, multiple values for the list of ports, or two values for the range of ports
-	Values []int
-
-	// Proto is the protocol of the port
-	Proto PortProtocol
-}

client/installer.nsis

@@ -193,7 +193,6 @@ ExecWait `taskkill /im ${UI_APP_EXE}.exe`
 Sleep 3000
 Delete "$INSTDIR\${UI_APP_EXE}"
 Delete "$INSTDIR\${MAIN_APP_EXE}"
-Delete "$INSTDIR\wintun.dll"
 RmDir /r "$INSTDIR"
 
 SetShellVarContext current

client/internal/config.go

@@ -1,18 +1,19 @@
 package internal
 
 import (
+	"context"
 	"fmt"
 	"net/url"
 	"os"
 
+	"github.com/netbirdio/netbird/client/ssh"
+	"github.com/netbirdio/netbird/iface"
+	mgm "github.com/netbirdio/netbird/management/client"
+	"github.com/netbirdio/netbird/util"
 	log "github.com/sirupsen/logrus"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
-
-	"github.com/netbirdio/netbird/client/ssh"
-	"github.com/netbirdio/netbird/iface"
-	"github.com/netbirdio/netbird/util"
 )
 
 const (
@@ -27,7 +28,7 @@ const (
 )
 
 var defaultInterfaceBlacklist = []string{iface.WgInterfaceDefault, "wt", "utun", "tun0", "zt", "ZeroTier", "wg", "ts",
-	"Tailscale", "tailscale", "docker", "veth", "br-", "lo"}
+	"Tailscale", "tailscale", "docker", "veth", "br-"}
 
 // ConfigInput carries configuration changes to the client
 type ConfigInput struct {
@@ -73,62 +74,6 @@ type Config struct {
 	CustomDNSAddress string
 }
 
-// ReadConfig read config file and return with Config. If it is not exists create a new with default values
-func ReadConfig(configPath string) (*Config, error) {
-	if configFileIsExists(configPath) {
-		config := &Config{}
-		if _, err := util.ReadJson(configPath, config); err != nil {
-			return nil, err
-		}
-		return config, nil
-	}
-
-	cfg, err := createNewConfig(ConfigInput{ConfigPath: configPath})
-	if err != nil {
-		return nil, err
-	}
-
-	err = WriteOutConfig(configPath, cfg)
-	return cfg, err
-}
-
-// UpdateConfig update existing configuration according to input configuration and return with the configuration
-func UpdateConfig(input ConfigInput) (*Config, error) {
-	if !configFileIsExists(input.ConfigPath) {
-		return nil, status.Errorf(codes.NotFound, "config file doesn't exist")
-	}
-
-	return update(input)
-}
-
-// UpdateOrCreateConfig reads existing config or generates a new one
-func UpdateOrCreateConfig(input ConfigInput) (*Config, error) {
-	if !configFileIsExists(input.ConfigPath) {
-		log.Infof("generating new config %s", input.ConfigPath)
-		cfg, err := createNewConfig(input)
-		if err != nil {
-			return nil, err
-		}
-		err = WriteOutConfig(input.ConfigPath, cfg)
-		return cfg, err
-	}
-
-	if isPreSharedKeyHidden(input.PreSharedKey) {
-		input.PreSharedKey = nil
-	}
-	return update(input)
-}
-
-// CreateInMemoryConfig generate a new config but do not write out it to the store
-func CreateInMemoryConfig(input ConfigInput) (*Config, error) {
-	return createNewConfig(input)
-}
-
-// WriteOutConfig write put the prepared config to the given path
-func WriteOutConfig(path string, config *Config) error {
-	return util.WriteJson(path, config)
-}
-
 // createNewConfig creates a new config generating a new Wireguard key and saving to file
 func createNewConfig(input ConfigInput) (*Config, error) {
 	wgKey := generateKey()
@@ -147,14 +92,14 @@ func createNewConfig(input ConfigInput) (*Config, error) {
 		CustomDNSAddress:     string(input.CustomDNSAddress),
 	}
 
-	defaultManagementURL, err := parseURL("Management URL", DefaultManagementURL)
+	defaultManagementURL, err := ParseURL("Management URL", DefaultManagementURL)
 	if err != nil {
 		return nil, err
 	}
 
 	config.ManagementURL = defaultManagementURL
 	if input.ManagementURL != "" {
-		URL, err := parseURL("Management URL", input.ManagementURL)
+		URL, err := ParseURL("Management URL", input.ManagementURL)
 		if err != nil {
 			return nil, err
 		}
@@ -165,14 +110,14 @@ func createNewConfig(input ConfigInput) (*Config, error) {
 		config.PreSharedKey = *input.PreSharedKey
 	}
 
-	defaultAdminURL, err := parseURL("Admin URL", DefaultAdminURL)
+	defaultAdminURL, err := ParseURL("Admin URL", DefaultAdminURL)
 	if err != nil {
 		return nil, err
 	}
 
 	config.AdminURL = defaultAdminURL
 	if input.AdminURL != "" {
-		newURL, err := parseURL("Admin Panel URL", input.AdminURL)
+		newURL, err := ParseURL("Admin Panel URL", input.AdminURL)
 		if err != nil {
 			return nil, err
 		}
@@ -180,11 +125,49 @@ func createNewConfig(input ConfigInput) (*Config, error) {
 	}
 
 	config.IFaceBlackList = defaultInterfaceBlacklist
+
+	err = util.WriteJson(input.ConfigPath, config)
+	if err != nil {
+		return nil, err
+	}
+
 	return config, nil
 }
 
-func update(input ConfigInput) (*Config, error) {
+// ParseURL parses and validates a service URL
+func ParseURL(serviceName, serviceURL string) (*url.URL, error) {
+	parsedMgmtURL, err := url.ParseRequestURI(serviceURL)
+	if err != nil {
+		log.Errorf("failed parsing %s URL %s: [%s]", serviceName, serviceURL, err.Error())
+		return nil, err
+	}
+
+	if parsedMgmtURL.Scheme != "https" && parsedMgmtURL.Scheme != "http" {
+		return nil, fmt.Errorf(
+			"invalid %s URL provided %s. Supported format [http|https]://[host]:[port]",
+			serviceName, serviceURL)
+	}
+
+	if parsedMgmtURL.Port() == "" {
+		switch parsedMgmtURL.Scheme {
+		case "https":
+			parsedMgmtURL.Host = parsedMgmtURL.Host + ":443"
+		case "http":
+			parsedMgmtURL.Host = parsedMgmtURL.Host + ":80"
+		default:
+			log.Infof("unable to determine a default port for schema %s in URL %s", parsedMgmtURL.Scheme, serviceURL)
+		}
+	}
+
+	return parsedMgmtURL, err
+}
+
+// ReadConfig reads existing configuration and update settings according to input configuration
+func ReadConfig(input ConfigInput) (*Config, error) {
 	config := &Config{}
+	if _, err := os.Stat(input.ConfigPath); os.IsNotExist(err) {
+		return nil, status.Errorf(codes.NotFound, "config file doesn't exist")
+	}
 
 	if _, err := util.ReadJson(input.ConfigPath, config); err != nil {
 		return nil, err
@@ -195,7 +178,7 @@ func update(input ConfigInput) (*Config, error) {
 	if input.ManagementURL != "" && config.ManagementURL.String() != input.ManagementURL {
 		log.Infof("new Management URL provided, updated to %s (old value %s)",
 			input.ManagementURL, config.ManagementURL)
-		newURL, err := parseURL("Management URL", input.ManagementURL)
+		newURL, err := ParseURL("Management URL", input.ManagementURL)
 		if err != nil {
 			return nil, err
 		}
@@ -206,7 +189,7 @@ func update(input ConfigInput) (*Config, error) {
 	if input.AdminURL != "" && (config.AdminURL == nil || config.AdminURL.String() != input.AdminURL) {
 		log.Infof("new Admin Panel URL provided, updated to %s (old value %s)",
 			input.AdminURL, config.AdminURL)
-		newURL, err := parseURL("Admin Panel URL", input.AdminURL)
+		newURL, err := ParseURL("Admin Panel URL", input.AdminURL)
 		if err != nil {
 			return nil, err
 		}
@@ -254,32 +237,17 @@ func update(input ConfigInput) (*Config, error) {
 	return config, nil
 }
 
-// parseURL parses and validates a service URL
-func parseURL(serviceName, serviceURL string) (*url.URL, error) {
-	parsedMgmtURL, err := url.ParseRequestURI(serviceURL)
-	if err != nil {
-		log.Errorf("failed parsing %s URL %s: [%s]", serviceName, serviceURL, err.Error())
-		return nil, err
+// GetConfig reads existing config or generates a new one
+func GetConfig(input ConfigInput) (*Config, error) {
+	if _, err := os.Stat(input.ConfigPath); os.IsNotExist(err) {
+		log.Infof("generating new config %s", input.ConfigPath)
+		return createNewConfig(input)
 	}
 
-	if parsedMgmtURL.Scheme != "https" && parsedMgmtURL.Scheme != "http" {
-		return nil, fmt.Errorf(
-			"invalid %s URL provided %s. Supported format [http|https]://[host]:[port]",
-			serviceName, serviceURL)
+	if isPreSharedKeyHidden(input.PreSharedKey) {
+		input.PreSharedKey = nil
 	}
-
-	if parsedMgmtURL.Port() == "" {
-		switch parsedMgmtURL.Scheme {
-		case "https":
-			parsedMgmtURL.Host = parsedMgmtURL.Host + ":443"
-		case "http":
-			parsedMgmtURL.Host = parsedMgmtURL.Host + ":80"
-		default:
-			log.Infof("unable to determine a default port for schema %s in URL %s", parsedMgmtURL.Scheme, serviceURL)
-		}
-	}
-
-	return parsedMgmtURL, err
+	return ReadConfig(input)
 }
 
 // generateKey generates a new Wireguard private key
@@ -291,6 +259,111 @@ func generateKey() string {
 	return key.String()
 }
 
+// DeviceAuthorizationFlow represents Device Authorization Flow information
+type DeviceAuthorizationFlow struct {
+	Provider       string
+	ProviderConfig ProviderConfig
+}
+
+// ProviderConfig has all attributes needed to initiate a device authorization flow
+type ProviderConfig struct {
+	// ClientID An IDP application client id
+	ClientID string
+	// ClientSecret An IDP application client secret
+	ClientSecret string
+	// Domain An IDP API domain
+	// Deprecated. Use OIDCConfigEndpoint instead
+	Domain string
+	// Audience An Audience for to authorization validation
+	Audience string
+	// TokenEndpoint is the endpoint of an IDP manager where clients can obtain access token
+	TokenEndpoint string
+	// DeviceAuthEndpoint is the endpoint of an IDP manager where clients can obtain device authorization code
+	DeviceAuthEndpoint string
+}
+
+func GetDeviceAuthorizationFlowInfo(ctx context.Context, config *Config) (DeviceAuthorizationFlow, error) {
+	// validate our peer's Wireguard PRIVATE key
+	myPrivateKey, err := wgtypes.ParseKey(config.PrivateKey)
+	if err != nil {
+		log.Errorf("failed parsing Wireguard key %s: [%s]", config.PrivateKey, err.Error())
+		return DeviceAuthorizationFlow{}, err
+	}
+
+	var mgmTlsEnabled bool
+	if config.ManagementURL.Scheme == "https" {
+		mgmTlsEnabled = true
+	}
+
+	log.Debugf("connecting to Management Service %s", config.ManagementURL.String())
+	mgmClient, err := mgm.NewClient(ctx, config.ManagementURL.Host, myPrivateKey, mgmTlsEnabled)
+	if err != nil {
+		log.Errorf("failed connecting to Management Service %s %v", config.ManagementURL.String(), err)
+		return DeviceAuthorizationFlow{}, err
+	}
+	log.Debugf("connected to the Management service %s", config.ManagementURL.String())
+	defer func() {
+		err = mgmClient.Close()
+		if err != nil {
+			log.Warnf("failed to close the Management service client %v", err)
+		}
+	}()
+
+	serverKey, err := mgmClient.GetServerPublicKey()
+	if err != nil {
+		log.Errorf("failed while getting Management Service public key: %v", err)
+		return DeviceAuthorizationFlow{}, err
+	}
+
+	protoDeviceAuthorizationFlow, err := mgmClient.GetDeviceAuthorizationFlow(*serverKey)
+	if err != nil {
+		if s, ok := status.FromError(err); ok && s.Code() == codes.NotFound {
+			log.Warnf("server couldn't find device flow, contact admin: %v", err)
+			return DeviceAuthorizationFlow{}, err
+		} else {
+			log.Errorf("failed to retrieve device flow: %v", err)
+			return DeviceAuthorizationFlow{}, err
+		}
+	}
+
+	deviceAuthorizationFlow := DeviceAuthorizationFlow{
+		Provider: protoDeviceAuthorizationFlow.Provider.String(),
+
+		ProviderConfig: ProviderConfig{
+			Audience:           protoDeviceAuthorizationFlow.GetProviderConfig().GetAudience(),
+			ClientID:           protoDeviceAuthorizationFlow.GetProviderConfig().GetClientID(),
+			ClientSecret:       protoDeviceAuthorizationFlow.GetProviderConfig().GetClientSecret(),
+			Domain:             protoDeviceAuthorizationFlow.GetProviderConfig().Domain,
+			TokenEndpoint:      protoDeviceAuthorizationFlow.GetProviderConfig().GetTokenEndpoint(),
+			DeviceAuthEndpoint: protoDeviceAuthorizationFlow.GetProviderConfig().GetDeviceAuthEndpoint(),
+		},
+	}
+
+	err = isProviderConfigValid(deviceAuthorizationFlow.ProviderConfig)
+	if err != nil {
+		return DeviceAuthorizationFlow{}, err
+	}
+
+	return deviceAuthorizationFlow, nil
+}
+
+func isProviderConfigValid(config ProviderConfig) error {
+	errorMSGFormat := "invalid provider configuration received from management: %s value is empty. Contact your NetBird administrator"
+	if config.Audience == "" {
+		return fmt.Errorf(errorMSGFormat, "Audience")
+	}
+	if config.ClientID == "" {
+		return fmt.Errorf(errorMSGFormat, "Client ID")
+	}
+	if config.TokenEndpoint == "" {
+		return fmt.Errorf(errorMSGFormat, "Token Endpoint")
+	}
+	if config.DeviceAuthEndpoint == "" {
+		return fmt.Errorf(errorMSGFormat, "Device Auth Endpoint")
+	}
+	return nil
+}
+
 // don't overwrite pre-shared key if we receive asterisks from UI
 func isPreSharedKeyHidden(preSharedKey *string) bool {
 	if preSharedKey != nil && *preSharedKey == "**********" {
@@ -298,8 +371,3 @@ func isPreSharedKeyHidden(preSharedKey *string) bool {
 	}
 	return false
 }
-
-func configFileIsExists(path string) bool {
-	_, err := os.Stat(path)
-	return !os.IsNotExist(err)
-}

client/internal/config_test.go

@@ -12,7 +12,7 @@ import (
 
 func TestGetConfig(t *testing.T) {
 	// case 1: new default config has to be generated
-	config, err := UpdateOrCreateConfig(ConfigInput{
+	config, err := GetConfig(ConfigInput{
 		ConfigPath: filepath.Join(t.TempDir(), "config.json"),
 	})
 
@@ -32,7 +32,7 @@ func TestGetConfig(t *testing.T) {
 	preSharedKey := "preSharedKey"
 
 	// case 2: new config has to be generated
-	config, err = UpdateOrCreateConfig(ConfigInput{
+	config, err = GetConfig(ConfigInput{
 		ManagementURL: managementURL,
 		AdminURL:      adminURL,
 		ConfigPath:    path,
@@ -50,7 +50,7 @@ func TestGetConfig(t *testing.T) {
 	}
 
 	// case 3: existing config -> fetch it
-	config, err = UpdateOrCreateConfig(ConfigInput{
+	config, err = GetConfig(ConfigInput{
 		ManagementURL: managementURL,
 		AdminURL:      adminURL,
 		ConfigPath:    path,
@@ -65,7 +65,7 @@ func TestGetConfig(t *testing.T) {
 
 	// case 4: existing config, but new managementURL has been provided -> update config
 	newManagementURL := "https://test.newManagement.url:33071"
-	config, err = UpdateOrCreateConfig(ConfigInput{
+	config, err = GetConfig(ConfigInput{
 		ManagementURL: newManagementURL,
 		AdminURL:      adminURL,
 		ConfigPath:    path,
@@ -101,13 +101,13 @@ func TestHiddenPreSharedKey(t *testing.T) {
 
 	// generate default cfg
 	cfgFile := filepath.Join(t.TempDir(), "config.json")
-	_, _ = UpdateOrCreateConfig(ConfigInput{
+	_, _ = GetConfig(ConfigInput{
 		ConfigPath: cfgFile,
 	})
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			cfg, err := UpdateOrCreateConfig(ConfigInput{
+			cfg, err := GetConfig(ConfigInput{
 				ConfigPath:   cfgFile,
 				PreSharedKey: tt.preSharedKey,
 			})

client/internal/connect.go

@@ -6,24 +6,25 @@ import (
 	"strings"
 	"time"
 
-	"github.com/cenkalti/backoff/v4"
-	log "github.com/sirupsen/logrus"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-	"google.golang.org/grpc/codes"
-	gstatus "google.golang.org/grpc/status"
-
-	"github.com/netbirdio/netbird/client/internal/peer"
-	"github.com/netbirdio/netbird/client/internal/stdnet"
 	"github.com/netbirdio/netbird/client/ssh"
+	nbStatus "github.com/netbirdio/netbird/client/status"
+
 	"github.com/netbirdio/netbird/client/system"
+
 	"github.com/netbirdio/netbird/iface"
 	mgm "github.com/netbirdio/netbird/management/client"
 	mgmProto "github.com/netbirdio/netbird/management/proto"
 	signal "github.com/netbirdio/netbird/signal/client"
+	log "github.com/sirupsen/logrus"
+
+	"github.com/cenkalti/backoff/v4"
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
+	"google.golang.org/grpc/codes"
+	gstatus "google.golang.org/grpc/status"
 )
 
 // RunClient with main logic.
-func RunClient(ctx context.Context, config *Config, statusRecorder *peer.Status, tunAdapter iface.TunAdapter, iFaceDiscover stdnet.ExternalIFaceDiscover) error {
+func RunClient(ctx context.Context, config *Config, statusRecorder *nbStatus.Status) error {
 	backOff := &backoff.ExponentialBackOff{
 		InitialInterval:     time.Second,
 		RandomizationFactor: 1,
@@ -59,7 +60,9 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *peer.Status,
 		return err
 	}
 
-	defer statusRecorder.ClientStop()
+	managementURL := config.ManagementURL.String()
+	statusRecorder.MarkManagementDisconnected(managementURL)
+
 	operation := func() error {
 		// if context cancelled we not start new backoff cycle
 		select {
@@ -72,7 +75,7 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *peer.Status,
 
 		engineCtx, cancel := context.WithCancel(ctx)
 		defer func() {
-			statusRecorder.MarkManagementDisconnected()
+			statusRecorder.MarkManagementDisconnected(managementURL)
 			statusRecorder.CleanLocalPeerState()
 			cancel()
 		}()
@@ -82,9 +85,6 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *peer.Status,
 		if err != nil {
 			return wrapErr(gstatus.Errorf(codes.FailedPrecondition, "failed connecting to Management Service : %s", err))
 		}
-		mgmNotifier := statusRecorderToMgmConnStateNotifier(statusRecorder)
-		mgmClient.SetConnStateListener(mgmNotifier)
-
 		log.Debugf("connected to the Management service %s", config.ManagementURL.Host)
 		defer func() {
 			err = mgmClient.Close()
@@ -103,12 +103,12 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *peer.Status,
 			}
 			return wrapErr(err)
 		}
-		statusRecorder.MarkManagementConnected()
+		statusRecorder.MarkManagementConnected(managementURL)
 
-		localPeerState := peer.LocalPeerState{
+		localPeerState := nbStatus.LocalPeerState{
 			IP:              loginResp.GetPeerConfig().GetAddress(),
 			PubKey:          myPrivateKey.PublicKey().String(),
-			KernelInterface: iface.WireGuardModuleIsLoaded(),
+			KernelInterface: iface.WireguardModuleIsLoaded(),
 			FQDN:            loginResp.GetPeerConfig().GetFqdn(),
 		}
 
@@ -119,10 +119,8 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *peer.Status,
 			loginResp.GetWiretrusteeConfig().GetSignal().GetUri(),
 		)
 
-		statusRecorder.UpdateSignalAddress(signalURL)
-
-		statusRecorder.MarkSignalDisconnected()
-		defer statusRecorder.MarkSignalDisconnected()
+		statusRecorder.MarkSignalDisconnected(signalURL)
+		defer statusRecorder.MarkSignalDisconnected(signalURL)
 
 		// with the global Wiretrustee config in hand connect (just a connection, no stream yet) Signal
 		signalClient, err := connectToSignal(engineCtx, loginResp.GetWiretrusteeConfig(), myPrivateKey)
@@ -137,14 +135,11 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *peer.Status,
 			}
 		}()
 
-		signalNotifier := statusRecorderToSignalConnStateNotifier(statusRecorder)
-		signalClient.SetConnStateListener(signalNotifier)
-
-		statusRecorder.MarkSignalConnected()
+		statusRecorder.MarkSignalConnected(signalURL)
 
 		peerConfig := loginResp.GetPeerConfig()
 
-		engineConfig, err := createEngineConfig(myPrivateKey, config, peerConfig, tunAdapter, iFaceDiscover)
+		engineConfig, err := createEngineConfig(myPrivateKey, config, peerConfig)
 		if err != nil {
 			log.Error(err)
 			return wrapErr(err)
@@ -160,10 +155,7 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *peer.Status,
 		log.Print("Netbird engine started, my IP is: ", peerConfig.Address)
 		state.Set(StatusConnected)
 
-		statusRecorder.ClientStart()
-
 		<-engineCtx.Done()
-		statusRecorder.ClientTeardown()
 
 		backOff.Reset()
 
@@ -194,13 +186,11 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *peer.Status,
 }
 
 // createEngineConfig converts configuration received from Management Service to EngineConfig
-func createEngineConfig(key wgtypes.Key, config *Config, peerConfig *mgmProto.PeerConfig, tunAdapter iface.TunAdapter, iFaceDiscover stdnet.ExternalIFaceDiscover) (*EngineConfig, error) {
+func createEngineConfig(key wgtypes.Key, config *Config, peerConfig *mgmProto.PeerConfig) (*EngineConfig, error) {
 
 	engineConf := &EngineConfig{
 		WgIfaceName:          config.WgIface,
 		WgAddr:               peerConfig.Address,
-		TunAdapter:           tunAdapter,
-		IFaceDiscover:        iFaceDiscover,
 		IFaceBlackList:       config.IFaceBlackList,
 		DisableIPv6Discovery: config.DisableIPv6Discovery,
 		WgPrivateKey:         key,
@@ -261,7 +251,7 @@ func loginToManagement(ctx context.Context, client mgm.Client, pubSSHKey []byte)
 // The check is performed only for the NetBird's managed version.
 func UpdateOldManagementPort(ctx context.Context, config *Config, configPath string) (*Config, error) {
 
-	defaultManagementURL, err := parseURL("Management URL", DefaultManagementURL)
+	defaultManagementURL, err := ParseURL("Management URL", DefaultManagementURL)
 	if err != nil {
 		return nil, err
 	}
@@ -283,7 +273,7 @@ func UpdateOldManagementPort(ctx context.Context, config *Config, configPath str
 
 	if mgmTlsEnabled && config.ManagementURL.Port() == fmt.Sprintf("%d", ManagementLegacyPort) {
 
-		newURL, err := parseURL("Management URL", fmt.Sprintf("%s://%s:%d",
+		newURL, err := ParseURL("Management URL", fmt.Sprintf("%s://%s:%d",
 			config.ManagementURL.Scheme, config.ManagementURL.Hostname(), 443))
 		if err != nil {
 			return nil, err
@@ -317,7 +307,7 @@ func UpdateOldManagementPort(ctx context.Context, config *Config, configPath str
 		}
 
 		// everything is alright => update the config
-		newConfig, err := UpdateConfig(ConfigInput{
+		newConfig, err := ReadConfig(ConfigInput{
 			ManagementURL: newURL.String(),
 			ConfigPath:    configPath,
 		})
@@ -332,15 +322,3 @@ func UpdateOldManagementPort(ctx context.Context, config *Config, configPath str
 
 	return config, nil
 }
-
-func statusRecorderToMgmConnStateNotifier(statusRecorder *peer.Status) mgm.ConnStateNotifier {
-	var sri interface{} = statusRecorder
-	mgmNotifier, _ := sri.(mgm.ConnStateNotifier)
-	return mgmNotifier
-}
-
-func statusRecorderToSignalConnStateNotifier(statusRecorder *peer.Status) signal.ConnStateNotifier {
-	var sri interface{} = statusRecorder
-	notifier, _ := sri.(signal.ConnStateNotifier)
-	return notifier
-}

client/internal/device_auth.go

@@ -1,134 +0,0 @@
-package internal
-
-import (
-	"context"
-	"fmt"
-	"net/url"
-
-	log "github.com/sirupsen/logrus"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-
-	mgm "github.com/netbirdio/netbird/management/client"
-)
-
-// DeviceAuthorizationFlow represents Device Authorization Flow information
-type DeviceAuthorizationFlow struct {
-	Provider       string
-	ProviderConfig ProviderConfig
-}
-
-// ProviderConfig has all attributes needed to initiate a device authorization flow
-type ProviderConfig struct {
-	// ClientID An IDP application client id
-	ClientID string
-	// ClientSecret An IDP application client secret
-	ClientSecret string
-	// Domain An IDP API domain
-	// Deprecated. Use OIDCConfigEndpoint instead
-	Domain string
-	// Audience An Audience for to authorization validation
-	Audience string
-	// TokenEndpoint is the endpoint of an IDP manager where clients can obtain access token
-	TokenEndpoint string
-	// DeviceAuthEndpoint is the endpoint of an IDP manager where clients can obtain device authorization code
-	DeviceAuthEndpoint string
-	// Scopes provides the scopes to be included in the token request
-	Scope string
-	// UseIDToken indicates if the id token should be used for authentication
-	UseIDToken bool
-}
-
-// GetDeviceAuthorizationFlowInfo initialize a DeviceAuthorizationFlow instance and return with it
-func GetDeviceAuthorizationFlowInfo(ctx context.Context, privateKey string, mgmURL *url.URL) (DeviceAuthorizationFlow, error) {
-	// validate our peer's Wireguard PRIVATE key
-	myPrivateKey, err := wgtypes.ParseKey(privateKey)
-	if err != nil {
-		log.Errorf("failed parsing Wireguard key %s: [%s]", privateKey, err.Error())
-		return DeviceAuthorizationFlow{}, err
-	}
-
-	var mgmTLSEnabled bool
-	if mgmURL.Scheme == "https" {
-		mgmTLSEnabled = true
-	}
-
-	log.Debugf("connecting to Management Service %s", mgmURL.String())
-	mgmClient, err := mgm.NewClient(ctx, mgmURL.Host, myPrivateKey, mgmTLSEnabled)
-	if err != nil {
-		log.Errorf("failed connecting to Management Service %s %v", mgmURL.String(), err)
-		return DeviceAuthorizationFlow{}, err
-	}
-	log.Debugf("connected to the Management service %s", mgmURL.String())
-
-	defer func() {
-		err = mgmClient.Close()
-		if err != nil {
-			log.Warnf("failed to close the Management service client %v", err)
-		}
-	}()
-
-	serverKey, err := mgmClient.GetServerPublicKey()
-	if err != nil {
-		log.Errorf("failed while getting Management Service public key: %v", err)
-		return DeviceAuthorizationFlow{}, err
-	}
-
-	protoDeviceAuthorizationFlow, err := mgmClient.GetDeviceAuthorizationFlow(*serverKey)
-	if err != nil {
-		if s, ok := status.FromError(err); ok && s.Code() == codes.NotFound {
-			log.Warnf("server couldn't find device flow, contact admin: %v", err)
-			return DeviceAuthorizationFlow{}, err
-		}
-		log.Errorf("failed to retrieve device flow: %v", err)
-		return DeviceAuthorizationFlow{}, err
-	}
-
-	deviceAuthorizationFlow := DeviceAuthorizationFlow{
-		Provider: protoDeviceAuthorizationFlow.Provider.String(),
-
-		ProviderConfig: ProviderConfig{
-			Audience:           protoDeviceAuthorizationFlow.GetProviderConfig().GetAudience(),
-			ClientID:           protoDeviceAuthorizationFlow.GetProviderConfig().GetClientID(),
-			ClientSecret:       protoDeviceAuthorizationFlow.GetProviderConfig().GetClientSecret(),
-			Domain:             protoDeviceAuthorizationFlow.GetProviderConfig().Domain,
-			TokenEndpoint:      protoDeviceAuthorizationFlow.GetProviderConfig().GetTokenEndpoint(),
-			DeviceAuthEndpoint: protoDeviceAuthorizationFlow.GetProviderConfig().GetDeviceAuthEndpoint(),
-			Scope:              protoDeviceAuthorizationFlow.GetProviderConfig().GetScope(),
-			UseIDToken:         protoDeviceAuthorizationFlow.GetProviderConfig().GetUseIDToken(),
-		},
-	}
-
-	// keep compatibility with older management versions
-	if deviceAuthorizationFlow.ProviderConfig.Scope == "" {
-		deviceAuthorizationFlow.ProviderConfig.Scope = "openid"
-	}
-
-	err = isProviderConfigValid(deviceAuthorizationFlow.ProviderConfig)
-	if err != nil {
-		return DeviceAuthorizationFlow{}, err
-	}
-
-	return deviceAuthorizationFlow, nil
-}
-
-func isProviderConfigValid(config ProviderConfig) error {
-	errorMSGFormat := "invalid provider configuration received from management: %s value is empty. Contact your NetBird administrator"
-	if config.Audience == "" {
-		return fmt.Errorf(errorMSGFormat, "Audience")
-	}
-	if config.ClientID == "" {
-		return fmt.Errorf(errorMSGFormat, "Client ID")
-	}
-	if config.TokenEndpoint == "" {
-		return fmt.Errorf(errorMSGFormat, "Token Endpoint")
-	}
-	if config.DeviceAuthEndpoint == "" {
-		return fmt.Errorf(errorMSGFormat, "Device Auth Endpoint")
-	}
-	if config.Scope == "" {
-		return fmt.Errorf(errorMSGFormat, "Device Auth Scopes")
-	}
-	return nil
-}

client/internal/dns/local.go

@@ -8,8 +8,6 @@ import (
 	"sync"
 )
 
-type registrationMap map[string]struct{}
-
 type localResolver struct {
 	registeredMap registrationMap
 	records       sync.Map

client/internal/dns/server.go

@@ -1,6 +1,27 @@
 package dns
 
-import nbdns "github.com/netbirdio/netbird/dns"
+import (
+	"context"
+	"fmt"
+	"net"
+	"net/netip"
+	"runtime"
+	"sync"
+	"time"
+
+	"github.com/miekg/dns"
+	"github.com/mitchellh/hashstructure/v2"
+	nbdns "github.com/netbirdio/netbird/dns"
+	"github.com/netbirdio/netbird/iface"
+	log "github.com/sirupsen/logrus"
+)
+
+const (
+	defaultPort = 53
+	customPort  = 5053
+	defaultIP   = "127.0.0.1"
+	customIP    = "127.0.0.153"
+)
 
 // Server is a dns server interface
 type Server interface {
@@ -8,3 +29,444 @@ type Server interface {
 	Stop()
 	UpdateDNSServer(serial uint64, update nbdns.Config) error
 }
+
+// DefaultServer dns server object
+type DefaultServer struct {
+	ctx                context.Context
+	ctxCancel          context.CancelFunc
+	upstreamCtxCancel  context.CancelFunc
+	mux                sync.Mutex
+	server             *dns.Server
+	dnsMux             *dns.ServeMux
+	dnsMuxMap          registrationMap
+	localResolver      *localResolver
+	wgInterface        *iface.WGIface
+	hostManager        hostManager
+	updateSerial       uint64
+	listenerIsRunning  bool
+	runtimePort        int
+	runtimeIP          string
+	previousConfigHash uint64
+	currentConfig      hostDNSConfig
+	customAddress      *netip.AddrPort
+}
+
+type registrationMap map[string]struct{}
+
+type muxUpdate struct {
+	domain  string
+	handler dns.Handler
+}
+
+// NewDefaultServer returns a new dns server
+func NewDefaultServer(ctx context.Context, wgInterface *iface.WGIface, customAddress string) (*DefaultServer, error) {
+	mux := dns.NewServeMux()
+
+	dnsServer := &dns.Server{
+		Net:     "udp",
+		Handler: mux,
+		UDPSize: 65535,
+	}
+
+	ctx, stop := context.WithCancel(ctx)
+
+	var addrPort *netip.AddrPort
+	if customAddress != "" {
+		parsedAddrPort, err := netip.ParseAddrPort(customAddress)
+		if err != nil {
+			stop()
+			return nil, fmt.Errorf("unable to parse the custom dns address, got error: %s", err)
+		}
+		addrPort = &parsedAddrPort
+	}
+
+	defaultServer := &DefaultServer{
+		ctx:       ctx,
+		ctxCancel: stop,
+		server:    dnsServer,
+		dnsMux:    mux,
+		dnsMuxMap: make(registrationMap),
+		localResolver: &localResolver{
+			registeredMap: make(registrationMap),
+		},
+		wgInterface:   wgInterface,
+		runtimePort:   defaultPort,
+		customAddress: addrPort,
+	}
+
+	hostmanager, err := newHostManager(wgInterface)
+	if err != nil {
+		stop()
+		return nil, err
+	}
+	defaultServer.hostManager = hostmanager
+	return defaultServer, err
+}
+
+// Start runs the listener in a go routine
+func (s *DefaultServer) Start() {
+	if s.customAddress != nil {
+		s.runtimeIP = s.customAddress.Addr().String()
+		s.runtimePort = int(s.customAddress.Port())
+	} else {
+		ip, port, err := s.getFirstListenerAvailable()
+		if err != nil {
+			log.Error(err)
+			return
+		}
+		s.runtimeIP = ip
+		s.runtimePort = port
+	}
+
+	s.server.Addr = fmt.Sprintf("%s:%d", s.runtimeIP, s.runtimePort)
+
+	log.Debugf("starting dns on %s", s.server.Addr)
+
+	go func() {
+		s.setListenerStatus(true)
+		defer s.setListenerStatus(false)
+
+		err := s.server.ListenAndServe()
+		if err != nil {
+			log.Errorf("dns server running with %d port returned an error: %v. Will not retry", s.runtimePort, err)
+		}
+	}()
+}
+
+func (s *DefaultServer) getFirstListenerAvailable() (string, int, error) {
+	ips := []string{defaultIP, customIP}
+	if runtime.GOOS != "darwin" && s.wgInterface != nil {
+		ips = append([]string{s.wgInterface.Address().IP.String()}, ips...)
+	}
+	ports := []int{defaultPort, customPort}
+	for _, port := range ports {
+		for _, ip := range ips {
+			addrString := fmt.Sprintf("%s:%d", ip, port)
+			udpAddr := net.UDPAddrFromAddrPort(netip.MustParseAddrPort(addrString))
+			probeListener, err := net.ListenUDP("udp", udpAddr)
+			if err == nil {
+				err = probeListener.Close()
+				if err != nil {
+					log.Errorf("got an error closing the probe listener, error: %s", err)
+				}
+				return ip, port, nil
+			}
+			log.Warnf("binding dns on %s is not available, error: %s", addrString, err)
+		}
+	}
+	return "", 0, fmt.Errorf("unable to find an unused ip and port combination. IPs tested: %v and ports %v", ips, ports)
+}
+
+func (s *DefaultServer) setListenerStatus(running bool) {
+	s.listenerIsRunning = running
+}
+
+// Stop stops the server
+func (s *DefaultServer) Stop() {
+	s.mux.Lock()
+	defer s.mux.Unlock()
+	s.ctxCancel()
+
+	err := s.hostManager.restoreHostDNS()
+	if err != nil {
+		log.Error(err)
+	}
+
+	err = s.stopListener()
+	if err != nil {
+		log.Error(err)
+	}
+}
+
+func (s *DefaultServer) stopListener() error {
+	if !s.listenerIsRunning {
+		return nil
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	err := s.server.ShutdownContext(ctx)
+	if err != nil {
+		return fmt.Errorf("stopping dns server listener returned an error: %v", err)
+	}
+	return nil
+}
+
+// UpdateDNSServer processes an update received from the management service
+func (s *DefaultServer) UpdateDNSServer(serial uint64, update nbdns.Config) error {
+	select {
+	case <-s.ctx.Done():
+		log.Infof("not updating DNS server as context is closed")
+		return s.ctx.Err()
+	default:
+		if serial < s.updateSerial {
+			return fmt.Errorf("not applying dns update, error: "+
+				"network update is %d behind the last applied update", s.updateSerial-serial)
+		}
+		s.mux.Lock()
+		defer s.mux.Unlock()
+
+		hash, err := hashstructure.Hash(update, hashstructure.FormatV2, &hashstructure.HashOptions{
+			ZeroNil:         true,
+			IgnoreZeroValue: true,
+			SlicesAsSets:    true,
+			UseStringer:     true,
+		})
+		if err != nil {
+			log.Errorf("unable to hash the dns configuration update, got error: %s", err)
+		}
+
+		if s.previousConfigHash == hash {
+			log.Debugf("not applying the dns configuration update as there is nothing new")
+			s.updateSerial = serial
+			return nil
+		}
+
+		if err := s.applyConfiguration(update); err != nil {
+			return err
+		}
+
+		s.updateSerial = serial
+		s.previousConfigHash = hash
+
+		return nil
+	}
+}
+
+func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
+	// is the service should be disabled, we stop the listener
+	// and proceed with a regular update to clean up the handlers and records
+	if !update.ServiceEnable {
+		err := s.stopListener()
+		if err != nil {
+			log.Error(err)
+		}
+	} else if !s.listenerIsRunning {
+		s.Start()
+	}
+
+	localMuxUpdates, localRecords, err := s.buildLocalHandlerUpdate(update.CustomZones)
+	if err != nil {
+		return fmt.Errorf("not applying dns update, error: %v", err)
+	}
+	upstreamMuxUpdates, err := s.buildUpstreamHandlerUpdate(update.NameServerGroups)
+	if err != nil {
+		return fmt.Errorf("not applying dns update, error: %v", err)
+	}
+
+	muxUpdates := append(localMuxUpdates, upstreamMuxUpdates...)
+
+	s.updateMux(muxUpdates)
+	s.updateLocalResolver(localRecords)
+	s.currentConfig = dnsConfigToHostDNSConfig(update, s.runtimeIP, s.runtimePort)
+
+	if err = s.hostManager.applyDNSConfig(s.currentConfig); err != nil {
+		log.Error(err)
+	}
+
+	return nil
+}
+
+func (s *DefaultServer) buildLocalHandlerUpdate(customZones []nbdns.CustomZone) ([]muxUpdate, map[string]nbdns.SimpleRecord, error) {
+	var muxUpdates []muxUpdate
+	localRecords := make(map[string]nbdns.SimpleRecord, 0)
+
+	for _, customZone := range customZones {
+
+		if len(customZone.Records) == 0 {
+			return nil, nil, fmt.Errorf("received an empty list of records")
+		}
+
+		muxUpdates = append(muxUpdates, muxUpdate{
+			domain:  customZone.Domain,
+			handler: s.localResolver,
+		})
+
+		for _, record := range customZone.Records {
+			var class uint16 = dns.ClassINET
+			if record.Class != nbdns.DefaultClass {
+				return nil, nil, fmt.Errorf("received an invalid class type: %s", record.Class)
+			}
+			key := buildRecordKey(record.Name, class, uint16(record.Type))
+			localRecords[key] = record
+		}
+	}
+	return muxUpdates, localRecords, nil
+}
+
+func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.NameServerGroup) ([]muxUpdate, error) {
+	// clean up the previous upstream resolver
+	if s.upstreamCtxCancel != nil {
+		s.upstreamCtxCancel()
+	}
+
+	var muxUpdates []muxUpdate
+	for _, nsGroup := range nameServerGroups {
+		if len(nsGroup.NameServers) == 0 {
+			log.Warn("received a nameserver group with empty nameserver list")
+			continue
+		}
+
+		var ctx context.Context
+		ctx, s.upstreamCtxCancel = context.WithCancel(s.ctx)
+
+		handler := newUpstreamResolver(ctx)
+		for _, ns := range nsGroup.NameServers {
+			if ns.NSType != nbdns.UDPNameServerType {
+				log.Warnf("skiping nameserver %s with type %s, this peer supports only %s",
+					ns.IP.String(), ns.NSType.String(), nbdns.UDPNameServerType.String())
+				continue
+			}
+			handler.upstreamServers = append(handler.upstreamServers, getNSHostPort(ns))
+		}
+
+		if len(handler.upstreamServers) == 0 {
+			log.Errorf("received a nameserver group with an invalid nameserver list")
+			continue
+		}
+
+		// when upstream fails to resolve domain several times over all it servers
+		// it will calls this hook to exclude self from the configuration and
+		// reapply DNS settings, but it not touch the original configuration and serial number
+		// because it is temporal deactivation until next try
+		//
+		// after some period defined by upstream it trys to reactivate self by calling this hook
+		// everything we need here is just to re-apply current configuration because it already
+		// contains this upstream settings (temporal deactivation not removed it)
+		handler.deactivate, handler.reactivate = s.upstreamCallbacks(nsGroup, handler)
+
+		if nsGroup.Primary {
+			muxUpdates = append(muxUpdates, muxUpdate{
+				domain:  nbdns.RootZone,
+				handler: handler,
+			})
+			continue
+		}
+
+		if len(nsGroup.Domains) == 0 {
+			return nil, fmt.Errorf("received a non primary nameserver group with an empty domain list")
+		}
+
+		for _, domain := range nsGroup.Domains {
+			if domain == "" {
+				return nil, fmt.Errorf("received a nameserver group with an empty domain element")
+			}
+			muxUpdates = append(muxUpdates, muxUpdate{
+				domain:  domain,
+				handler: handler,
+			})
+		}
+	}
+	return muxUpdates, nil
+}
+
+func (s *DefaultServer) updateMux(muxUpdates []muxUpdate) {
+	muxUpdateMap := make(registrationMap)
+
+	for _, update := range muxUpdates {
+		s.registerMux(update.domain, update.handler)
+		muxUpdateMap[update.domain] = struct{}{}
+	}
+
+	for key := range s.dnsMuxMap {
+		_, found := muxUpdateMap[key]
+		if !found {
+			s.deregisterMux(key)
+		}
+	}
+
+	s.dnsMuxMap = muxUpdateMap
+}
+
+func (s *DefaultServer) updateLocalResolver(update map[string]nbdns.SimpleRecord) {
+	for key := range s.localResolver.registeredMap {
+		_, found := update[key]
+		if !found {
+			s.localResolver.deleteRecord(key)
+		}
+	}
+
+	updatedMap := make(registrationMap)
+	for key, record := range update {
+		err := s.localResolver.registerRecord(record)
+		if err != nil {
+			log.Warnf("got an error while registering the record (%s), error: %v", record.String(), err)
+		}
+		updatedMap[key] = struct{}{}
+	}
+
+	s.localResolver.registeredMap = updatedMap
+}
+
+func getNSHostPort(ns nbdns.NameServer) string {
+	return fmt.Sprintf("%s:%d", ns.IP.String(), ns.Port)
+}
+
+func (s *DefaultServer) registerMux(pattern string, handler dns.Handler) {
+	s.dnsMux.Handle(pattern, handler)
+}
+
+func (s *DefaultServer) deregisterMux(pattern string) {
+	s.dnsMux.HandleRemove(pattern)
+}
+
+// upstreamCallbacks returns two functions, the first one is used to deactivate
+// the upstream resolver from the configuration, the second one is used to
+// reactivate it. Not allowed to call reactivate before deactivate.
+func (s *DefaultServer) upstreamCallbacks(
+	nsGroup *nbdns.NameServerGroup,
+	handler dns.Handler,
+) (deactivate func(), reactivate func()) {
+	var removeIndex map[string]int
+	deactivate = func() {
+		s.mux.Lock()
+		defer s.mux.Unlock()
+
+		l := log.WithField("nameservers", nsGroup.NameServers)
+		l.Info("temporary deactivate nameservers group due timeout")
+
+		removeIndex = make(map[string]int)
+		for _, domain := range nsGroup.Domains {
+			removeIndex[domain] = -1
+		}
+		if nsGroup.Primary {
+			removeIndex[nbdns.RootZone] = -1
+			s.currentConfig.routeAll = false
+		}
+
+		for i, item := range s.currentConfig.domains {
+			if _, found := removeIndex[item.domain]; found {
+				s.currentConfig.domains[i].disabled = true
+				s.deregisterMux(item.domain)
+				removeIndex[item.domain] = i
+			}
+		}
+		if err := s.hostManager.applyDNSConfig(s.currentConfig); err != nil {
+			l.WithError(err).Error("fail to apply nameserver deactivation on the host")
+		}
+	}
+	reactivate = func() {
+		s.mux.Lock()
+		defer s.mux.Unlock()
+
+		for domain, i := range removeIndex {
+			if i == -1 || i >= len(s.currentConfig.domains) || s.currentConfig.domains[i].domain != domain {
+				continue
+			}
+			s.currentConfig.domains[i].disabled = false
+			s.registerMux(domain, handler)
+		}
+
+		l := log.WithField("nameservers", nsGroup.NameServers)
+		l.Debug("reactivate temporary disabled nameserver group")
+
+		if nsGroup.Primary {
+			s.currentConfig.routeAll = true
+		}
+		if err := s.hostManager.applyDNSConfig(s.currentConfig); err != nil {
+			l.WithError(err).Error("reactivate temporary disabled nameserver group, DNS update apply")
+		}
+	}
+	return
+}

client/internal/dns/server_android.go

@@ -1,32 +0,0 @@
-package dns
-
-import (
-	"context"
-
-	nbdns "github.com/netbirdio/netbird/dns"
-	"github.com/netbirdio/netbird/iface"
-)
-
-// DefaultServer dummy dns server
-type DefaultServer struct {
-}
-
-// NewDefaultServer On Android the DNS feature is not supported yet
-func NewDefaultServer(ctx context.Context, wgInterface *iface.WGIface, customAddress string) (*DefaultServer, error) {
-	return &DefaultServer{}, nil
-}
-
-// Start dummy implementation
-func (s DefaultServer) Start() {
-
-}
-
-// Stop dummy implementation
-func (s DefaultServer) Stop() {
-
-}
-
-// UpdateDNSServer dummy implementation
-func (s DefaultServer) UpdateDNSServer(serial uint64, update nbdns.Config) error {
-	return nil
-}

client/internal/dns/server_nonandroid.go

@@ -1,465 +0,0 @@
-//go:build !android
-
-package dns
-
-import (
-	"context"
-	"fmt"
-	"net"
-	"net/netip"
-	"runtime"
-	"sync"
-	"time"
-
-	"github.com/miekg/dns"
-	"github.com/mitchellh/hashstructure/v2"
-	nbdns "github.com/netbirdio/netbird/dns"
-	"github.com/netbirdio/netbird/iface"
-	log "github.com/sirupsen/logrus"
-)
-
-const (
-	defaultPort = 53
-	customPort  = 5053
-	defaultIP   = "127.0.0.1"
-	customIP    = "127.0.0.153"
-)
-
-// DefaultServer dns server object
-type DefaultServer struct {
-	ctx                context.Context
-	ctxCancel          context.CancelFunc
-	upstreamCtxCancel  context.CancelFunc
-	mux                sync.Mutex
-	server             *dns.Server
-	dnsMux             *dns.ServeMux
-	dnsMuxMap          registrationMap
-	localResolver      *localResolver
-	wgInterface        *iface.WGIface
-	hostManager        hostManager
-	updateSerial       uint64
-	listenerIsRunning  bool
-	runtimePort        int
-	runtimeIP          string
-	previousConfigHash uint64
-	currentConfig      hostDNSConfig
-	customAddress      *netip.AddrPort
-}
-
-type muxUpdate struct {
-	domain  string
-	handler dns.Handler
-}
-
-// NewDefaultServer returns a new dns server
-func NewDefaultServer(ctx context.Context, wgInterface *iface.WGIface, customAddress string) (*DefaultServer, error) {
-	mux := dns.NewServeMux()
-
-	dnsServer := &dns.Server{
-		Net:     "udp",
-		Handler: mux,
-		UDPSize: 65535,
-	}
-
-	ctx, stop := context.WithCancel(ctx)
-
-	var addrPort *netip.AddrPort
-	if customAddress != "" {
-		parsedAddrPort, err := netip.ParseAddrPort(customAddress)
-		if err != nil {
-			stop()
-			return nil, fmt.Errorf("unable to parse the custom dns address, got error: %s", err)
-		}
-		addrPort = &parsedAddrPort
-	}
-
-	defaultServer := &DefaultServer{
-		ctx:       ctx,
-		ctxCancel: stop,
-		server:    dnsServer,
-		dnsMux:    mux,
-		dnsMuxMap: make(registrationMap),
-		localResolver: &localResolver{
-			registeredMap: make(registrationMap),
-		},
-		wgInterface:   wgInterface,
-		runtimePort:   defaultPort,
-		customAddress: addrPort,
-	}
-
-	hostmanager, err := newHostManager(wgInterface)
-	if err != nil {
-		stop()
-		return nil, err
-	}
-	defaultServer.hostManager = hostmanager
-	return defaultServer, err
-}
-
-// Start runs the listener in a go routine
-func (s *DefaultServer) Start() {
-	if s.customAddress != nil {
-		s.runtimeIP = s.customAddress.Addr().String()
-		s.runtimePort = int(s.customAddress.Port())
-	} else {
-		ip, port, err := s.getFirstListenerAvailable()
-		if err != nil {
-			log.Error(err)
-			return
-		}
-		s.runtimeIP = ip
-		s.runtimePort = port
-	}
-
-	s.server.Addr = fmt.Sprintf("%s:%d", s.runtimeIP, s.runtimePort)
-
-	log.Debugf("starting dns on %s", s.server.Addr)
-
-	go func() {
-		s.setListenerStatus(true)
-		defer s.setListenerStatus(false)
-
-		err := s.server.ListenAndServe()
-		if err != nil {
-			log.Errorf("dns server running with %d port returned an error: %v. Will not retry", s.runtimePort, err)
-		}
-	}()
-}
-
-func (s *DefaultServer) getFirstListenerAvailable() (string, int, error) {
-	ips := []string{defaultIP, customIP}
-	if runtime.GOOS != "darwin" && s.wgInterface != nil {
-		ips = append([]string{s.wgInterface.Address().IP.String()}, ips...)
-	}
-	ports := []int{defaultPort, customPort}
-	for _, port := range ports {
-		for _, ip := range ips {
-			addrString := fmt.Sprintf("%s:%d", ip, port)
-			udpAddr := net.UDPAddrFromAddrPort(netip.MustParseAddrPort(addrString))
-			probeListener, err := net.ListenUDP("udp", udpAddr)
-			if err == nil {
-				err = probeListener.Close()
-				if err != nil {
-					log.Errorf("got an error closing the probe listener, error: %s", err)
-				}
-				return ip, port, nil
-			}
-			log.Warnf("binding dns on %s is not available, error: %s", addrString, err)
-		}
-	}
-	return "", 0, fmt.Errorf("unable to find an unused ip and port combination. IPs tested: %v and ports %v", ips, ports)
-}
-
-func (s *DefaultServer) setListenerStatus(running bool) {
-	s.listenerIsRunning = running
-}
-
-// Stop stops the server
-func (s *DefaultServer) Stop() {
-	s.mux.Lock()
-	defer s.mux.Unlock()
-	s.ctxCancel()
-
-	err := s.hostManager.restoreHostDNS()
-	if err != nil {
-		log.Error(err)
-	}
-
-	err = s.stopListener()
-	if err != nil {
-		log.Error(err)
-	}
-}
-
-func (s *DefaultServer) stopListener() error {
-	if !s.listenerIsRunning {
-		return nil
-	}
-
-	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
-	defer cancel()
-
-	err := s.server.ShutdownContext(ctx)
-	if err != nil {
-		return fmt.Errorf("stopping dns server listener returned an error: %v", err)
-	}
-	return nil
-}
-
-// UpdateDNSServer processes an update received from the management service
-func (s *DefaultServer) UpdateDNSServer(serial uint64, update nbdns.Config) error {
-	select {
-	case <-s.ctx.Done():
-		log.Infof("not updating DNS server as context is closed")
-		return s.ctx.Err()
-	default:
-		if serial < s.updateSerial {
-			return fmt.Errorf("not applying dns update, error: "+
-				"network update is %d behind the last applied update", s.updateSerial-serial)
-		}
-		s.mux.Lock()
-		defer s.mux.Unlock()
-
-		hash, err := hashstructure.Hash(update, hashstructure.FormatV2, &hashstructure.HashOptions{
-			ZeroNil:         true,
-			IgnoreZeroValue: true,
-			SlicesAsSets:    true,
-			UseStringer:     true,
-		})
-		if err != nil {
-			log.Errorf("unable to hash the dns configuration update, got error: %s", err)
-		}
-
-		if s.previousConfigHash == hash {
-			log.Debugf("not applying the dns configuration update as there is nothing new")
-			s.updateSerial = serial
-			return nil
-		}
-
-		if err := s.applyConfiguration(update); err != nil {
-			return err
-		}
-
-		s.updateSerial = serial
-		s.previousConfigHash = hash
-
-		return nil
-	}
-}
-
-func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
-	// is the service should be disabled, we stop the listener
-	// and proceed with a regular update to clean up the handlers and records
-	if !update.ServiceEnable {
-		err := s.stopListener()
-		if err != nil {
-			log.Error(err)
-		}
-	} else if !s.listenerIsRunning {
-		s.Start()
-	}
-
-	localMuxUpdates, localRecords, err := s.buildLocalHandlerUpdate(update.CustomZones)
-	if err != nil {
-		return fmt.Errorf("not applying dns update, error: %v", err)
-	}
-	upstreamMuxUpdates, err := s.buildUpstreamHandlerUpdate(update.NameServerGroups)
-	if err != nil {
-		return fmt.Errorf("not applying dns update, error: %v", err)
-	}
-
-	muxUpdates := append(localMuxUpdates, upstreamMuxUpdates...)
-
-	s.updateMux(muxUpdates)
-	s.updateLocalResolver(localRecords)
-	s.currentConfig = dnsConfigToHostDNSConfig(update, s.runtimeIP, s.runtimePort)
-
-	if err = s.hostManager.applyDNSConfig(s.currentConfig); err != nil {
-		log.Error(err)
-	}
-
-	return nil
-}
-
-func (s *DefaultServer) buildLocalHandlerUpdate(customZones []nbdns.CustomZone) ([]muxUpdate, map[string]nbdns.SimpleRecord, error) {
-	var muxUpdates []muxUpdate
-	localRecords := make(map[string]nbdns.SimpleRecord, 0)
-
-	for _, customZone := range customZones {
-
-		if len(customZone.Records) == 0 {
-			return nil, nil, fmt.Errorf("received an empty list of records")
-		}
-
-		muxUpdates = append(muxUpdates, muxUpdate{
-			domain:  customZone.Domain,
-			handler: s.localResolver,
-		})
-
-		for _, record := range customZone.Records {
-			var class uint16 = dns.ClassINET
-			if record.Class != nbdns.DefaultClass {
-				return nil, nil, fmt.Errorf("received an invalid class type: %s", record.Class)
-			}
-			key := buildRecordKey(record.Name, class, uint16(record.Type))
-			localRecords[key] = record
-		}
-	}
-	return muxUpdates, localRecords, nil
-}
-
-func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.NameServerGroup) ([]muxUpdate, error) {
-	// clean up the previous upstream resolver
-	if s.upstreamCtxCancel != nil {
-		s.upstreamCtxCancel()
-	}
-
-	var muxUpdates []muxUpdate
-	for _, nsGroup := range nameServerGroups {
-		if len(nsGroup.NameServers) == 0 {
-			log.Warn("received a nameserver group with empty nameserver list")
-			continue
-		}
-
-		var ctx context.Context
-		ctx, s.upstreamCtxCancel = context.WithCancel(s.ctx)
-
-		handler := newUpstreamResolver(ctx)
-		for _, ns := range nsGroup.NameServers {
-			if ns.NSType != nbdns.UDPNameServerType {
-				log.Warnf("skiping nameserver %s with type %s, this peer supports only %s",
-					ns.IP.String(), ns.NSType.String(), nbdns.UDPNameServerType.String())
-				continue
-			}
-			handler.upstreamServers = append(handler.upstreamServers, getNSHostPort(ns))
-		}
-
-		if len(handler.upstreamServers) == 0 {
-			log.Errorf("received a nameserver group with an invalid nameserver list")
-			continue
-		}
-
-		// when upstream fails to resolve domain several times over all it servers
-		// it will calls this hook to exclude self from the configuration and
-		// reapply DNS settings, but it not touch the original configuration and serial number
-		// because it is temporal deactivation until next try
-		//
-		// after some period defined by upstream it trys to reactivate self by calling this hook
-		// everything we need here is just to re-apply current configuration because it already
-		// contains this upstream settings (temporal deactivation not removed it)
-		handler.deactivate, handler.reactivate = s.upstreamCallbacks(nsGroup, handler)
-
-		if nsGroup.Primary {
-			muxUpdates = append(muxUpdates, muxUpdate{
-				domain:  nbdns.RootZone,
-				handler: handler,
-			})
-			continue
-		}
-
-		if len(nsGroup.Domains) == 0 {
-			return nil, fmt.Errorf("received a non primary nameserver group with an empty domain list")
-		}
-
-		for _, domain := range nsGroup.Domains {
-			if domain == "" {
-				return nil, fmt.Errorf("received a nameserver group with an empty domain element")
-			}
-			muxUpdates = append(muxUpdates, muxUpdate{
-				domain:  domain,
-				handler: handler,
-			})
-		}
-	}
-	return muxUpdates, nil
-}
-
-func (s *DefaultServer) updateMux(muxUpdates []muxUpdate) {
-	muxUpdateMap := make(registrationMap)
-
-	for _, update := range muxUpdates {
-		s.registerMux(update.domain, update.handler)
-		muxUpdateMap[update.domain] = struct{}{}
-	}
-
-	for key := range s.dnsMuxMap {
-		_, found := muxUpdateMap[key]
-		if !found {
-			s.deregisterMux(key)
-		}
-	}
-
-	s.dnsMuxMap = muxUpdateMap
-}
-
-func (s *DefaultServer) updateLocalResolver(update map[string]nbdns.SimpleRecord) {
-	for key := range s.localResolver.registeredMap {
-		_, found := update[key]
-		if !found {
-			s.localResolver.deleteRecord(key)
-		}
-	}
-
-	updatedMap := make(registrationMap)
-	for key, record := range update {
-		err := s.localResolver.registerRecord(record)
-		if err != nil {
-			log.Warnf("got an error while registering the record (%s), error: %v", record.String(), err)
-		}
-		updatedMap[key] = struct{}{}
-	}
-
-	s.localResolver.registeredMap = updatedMap
-}
-
-func getNSHostPort(ns nbdns.NameServer) string {
-	return fmt.Sprintf("%s:%d", ns.IP.String(), ns.Port)
-}
-
-func (s *DefaultServer) registerMux(pattern string, handler dns.Handler) {
-	s.dnsMux.Handle(pattern, handler)
-}
-
-func (s *DefaultServer) deregisterMux(pattern string) {
-	s.dnsMux.HandleRemove(pattern)
-}
-
-// upstreamCallbacks returns two functions, the first one is used to deactivate
-// the upstream resolver from the configuration, the second one is used to
-// reactivate it. Not allowed to call reactivate before deactivate.
-func (s *DefaultServer) upstreamCallbacks(
-	nsGroup *nbdns.NameServerGroup,
-	handler dns.Handler,
-) (deactivate func(), reactivate func()) {
-	var removeIndex map[string]int
-	deactivate = func() {
-		s.mux.Lock()
-		defer s.mux.Unlock()
-
-		l := log.WithField("nameservers", nsGroup.NameServers)
-		l.Info("temporary deactivate nameservers group due timeout")
-
-		removeIndex = make(map[string]int)
-		for _, domain := range nsGroup.Domains {
-			removeIndex[domain] = -1
-		}
-		if nsGroup.Primary {
-			removeIndex[nbdns.RootZone] = -1
-			s.currentConfig.routeAll = false
-		}
-
-		for i, item := range s.currentConfig.domains {
-			if _, found := removeIndex[item.domain]; found {
-				s.currentConfig.domains[i].disabled = true
-				s.deregisterMux(item.domain)
-				removeIndex[item.domain] = i
-			}
-		}
-		if err := s.hostManager.applyDNSConfig(s.currentConfig); err != nil {
-			l.WithError(err).Error("fail to apply nameserver deactivation on the host")
-		}
-	}
-	reactivate = func() {
-		s.mux.Lock()
-		defer s.mux.Unlock()
-
-		for domain, i := range removeIndex {
-			if i == -1 || i >= len(s.currentConfig.domains) || s.currentConfig.domains[i].domain != domain {
-				continue
-			}
-			s.currentConfig.domains[i].disabled = false
-			s.registerMux(domain, handler)
-		}
-
-		l := log.WithField("nameservers", nsGroup.NameServers)
-		l.Debug("reactivate temporary disabled nameserver group")
-
-		if nsGroup.Primary {
-			s.currentConfig.routeAll = true
-		}
-		if err := s.hostManager.applyDNSConfig(s.currentConfig); err != nil {
-			l.WithError(err).Error("reactivate temporary disabled nameserver group, DNS update apply")
-		}
-	}
-	return
-}

client/internal/dns/server_test.go

@@ -9,10 +9,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/netbirdio/netbird/client/internal/stdnet"
-
 	"github.com/miekg/dns"
-
 	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/iface"
 )
@@ -202,11 +199,7 @@ func TestUpdateDNSServer(t *testing.T) {
 
 	for n, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			newNet, err := stdnet.NewNet(nil)
-			if err != nil {
-				t.Fatal(err)
-			}
-			wgIface, err := iface.NewWGIFace(fmt.Sprintf("utun230%d", n), fmt.Sprintf("100.66.100.%d/32", n+1), iface.DefaultMTU, nil, newNet)
+			wgIface, err := iface.NewWGIFace(fmt.Sprintf("utun230%d", n), fmt.Sprintf("100.66.100.%d/32", n+1), iface.DefaultMTU)
 			if err != nil {
 				t.Fatal(err)
 			}

client/internal/engine.go

@@ -12,23 +12,24 @@ import (
 	"sync"
 	"time"
 
-	"github.com/pion/ice/v2"
-	log "github.com/sirupsen/logrus"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-
 	"github.com/netbirdio/netbird/client/internal/dns"
-	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/client/internal/routemanager"
-	"github.com/netbirdio/netbird/client/internal/stdnet"
 	nbssh "github.com/netbirdio/netbird/client/ssh"
+	nbstatus "github.com/netbirdio/netbird/client/status"
 	nbdns "github.com/netbirdio/netbird/dns"
+	"github.com/netbirdio/netbird/route"
+
+	"github.com/netbirdio/netbird/client/internal/peer"
+	"github.com/netbirdio/netbird/client/internal/proxy"
 	"github.com/netbirdio/netbird/iface"
 	mgm "github.com/netbirdio/netbird/management/client"
 	mgmProto "github.com/netbirdio/netbird/management/proto"
-	"github.com/netbirdio/netbird/route"
 	signal "github.com/netbirdio/netbird/signal/client"
 	sProto "github.com/netbirdio/netbird/signal/proto"
 	"github.com/netbirdio/netbird/util"
+	"github.com/pion/ice/v2"
+	log "github.com/sirupsen/logrus"
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )
 
 // PeerConnectionTimeoutMax is a timeout of an initial connection attempt to a remote peer.
@@ -46,10 +47,6 @@ var ErrResetConnection = fmt.Errorf("reset connection")
 type EngineConfig struct {
 	WgPort      int
 	WgIfaceName string
-	// TunAdapter is option. It is necessary for mobile version.
-	TunAdapter iface.TunAdapter
-
-	IFaceDiscover stdnet.ExternalIFaceDiscover
 
 	// WgAddr is a Wireguard local address (Netbird Network IP)
 	WgAddr string
@@ -112,7 +109,7 @@ type Engine struct {
 	sshServerFunc func(hostKeyPEM []byte, addr string) (nbssh.Server, error)
 	sshServer     nbssh.Server
 
-	statusRecorder *peer.Status
+	statusRecorder *nbstatus.Status
 
 	routeManager routemanager.Manager
 
@@ -129,14 +126,14 @@ type Peer struct {
 func NewEngine(
 	ctx context.Context, cancel context.CancelFunc,
 	signalClient signal.Client, mgmClient mgm.Client,
-	config *EngineConfig, statusRecorder *peer.Status,
+	config *EngineConfig, statusRecorder *nbstatus.Status,
 ) *Engine {
 	return &Engine{
 		ctx:            ctx,
 		cancel:         cancel,
 		signal:         signalClient,
 		mgmClient:      mgmClient,
-		peerConns:      make(map[string]*peer.Conn),
+		peerConns:      map[string]*peer.Conn{},
 		syncMsgMux:     &sync.Mutex{},
 		config:         config,
 		STUNs:          []*ice.URL{},
@@ -165,77 +162,60 @@ func (e *Engine) Stop() error {
 	return nil
 }
 
-// Start creates a new WireGuard tunnel interface and listens to events from Signal and Management services
+// Start creates a new Wireguard tunnel interface and listens to events from Signal and Management services
 // Connections to remote peers are not established here.
 // However, they will be established once an event with a list of peers to connect to will be received from Management Service
 func (e *Engine) Start() error {
 	e.syncMsgMux.Lock()
 	defer e.syncMsgMux.Unlock()
 
-	wgIFaceName := e.config.WgIfaceName
+	wgIfaceName := e.config.WgIfaceName
 	wgAddr := e.config.WgAddr
 	myPrivateKey := e.config.WgPrivateKey
 	var err error
-	transportNet, err := e.newStdNet()
+
+	e.wgInterface, err = iface.NewWGIFace(wgIfaceName, wgAddr, iface.DefaultMTU)
 	if err != nil {
-		log.Warnf("failed to create pion's stdnet: %s", err)
-	}
-	e.wgInterface, err = iface.NewWGIFace(wgIFaceName, wgAddr, iface.DefaultMTU, e.config.TunAdapter, transportNet)
-	if err != nil {
-		log.Errorf("failed creating wireguard interface instance %s: [%s]", wgIFaceName, err.Error())
+		log.Errorf("failed creating wireguard interface instance %s: [%s]", wgIfaceName, err.Error())
 		return err
 	}
 
+	networkName := "udp"
+	if e.config.DisableIPv6Discovery {
+		networkName = "udp4"
+	}
+
+	e.udpMuxConn, err = net.ListenUDP(networkName, &net.UDPAddr{Port: e.config.UDPMuxPort})
+	if err != nil {
+		log.Errorf("failed listening on UDP port %d: [%s]", e.config.UDPMuxPort, err.Error())
+		e.close()
+		return err
+	}
+
+	e.udpMuxConnSrflx, err = net.ListenUDP(networkName, &net.UDPAddr{Port: e.config.UDPMuxSrflxPort})
+	if err != nil {
+		log.Errorf("failed listening on UDP port %d: [%s]", e.config.UDPMuxSrflxPort, err.Error())
+		e.close()
+		return err
+	}
+
+	e.udpMux = ice.NewUDPMuxDefault(ice.UDPMuxParams{UDPConn: e.udpMuxConn})
+	e.udpMuxSrflx = ice.NewUniversalUDPMuxDefault(ice.UniversalUDPMuxParams{UDPConn: e.udpMuxConnSrflx})
+
 	err = e.wgInterface.Create()
 	if err != nil {
-		log.Errorf("failed creating tunnel interface %s: [%s]", wgIFaceName, err.Error())
+		log.Errorf("failed creating tunnel interface %s: [%s]", wgIfaceName, err.Error())
 		e.close()
 		return err
 	}
 
 	err = e.wgInterface.Configure(myPrivateKey.String(), e.config.WgPort)
 	if err != nil {
-		log.Errorf("failed configuring Wireguard interface [%s]: %s", wgIFaceName, err.Error())
+		log.Errorf("failed configuring Wireguard interface [%s]: %s", wgIfaceName, err.Error())
 		e.close()
 		return err
 	}
 
-	if e.wgInterface.IsUserspaceBind() {
-		iceBind := e.wgInterface.GetBind()
-		udpMux, err := iceBind.GetICEMux()
-		if err != nil {
-			e.close()
-			return err
-		}
-		e.udpMux = udpMux.UDPMuxDefault
-		e.udpMuxSrflx = udpMux
-		log.Infof("using userspace bind mode %s", udpMux.LocalAddr().String())
-	} else {
-		networkName := "udp"
-		if e.config.DisableIPv6Discovery {
-			networkName = "udp4"
-		}
-		e.udpMuxConn, err = net.ListenUDP(networkName, &net.UDPAddr{Port: e.config.UDPMuxPort})
-		if err != nil {
-			log.Errorf("failed listening on UDP port %d: [%s]", e.config.UDPMuxPort, err.Error())
-			e.close()
-			return err
-		}
-		udpMuxParams := ice.UDPMuxParams{
-			UDPConn: e.udpMuxConn,
-			Net:     transportNet,
-		}
-		e.udpMux = ice.NewUDPMuxDefault(udpMuxParams)
-
-		e.udpMuxConnSrflx, err = net.ListenUDP(networkName, &net.UDPAddr{Port: e.config.UDPMuxSrflxPort})
-		if err != nil {
-			log.Errorf("failed listening on UDP port %d: [%s]", e.config.UDPMuxSrflxPort, err.Error())
-			e.close()
-			return err
-		}
-		e.udpMuxSrflx = ice.NewUniversalUDPMuxDefault(ice.UniversalUDPMuxParams{UDPConn: e.udpMuxConnSrflx, Net: transportNet})
-	}
-
 	e.routeManager = routemanager.NewManager(e.ctx, e.config.WgPrivateKey.PublicKey().String(), e.wgInterface, e.statusRecorder)
 
 	if e.dnsServer == nil {
@@ -358,6 +338,42 @@ func (e *Engine) removePeer(peerKey string) error {
 	return nil
 }
 
+// GetPeerConnectionStatus returns a connection Status or nil if peer connection wasn't found
+func (e *Engine) GetPeerConnectionStatus(peerKey string) peer.ConnStatus {
+	conn, exists := e.peerConns[peerKey]
+	if exists && conn != nil {
+		return conn.Status()
+	}
+
+	return -1
+}
+
+func (e *Engine) GetPeers() []string {
+	e.syncMsgMux.Lock()
+	defer e.syncMsgMux.Unlock()
+
+	peers := []string{}
+	for s := range e.peerConns {
+		peers = append(peers, s)
+	}
+	return peers
+}
+
+// GetConnectedPeers returns a connection Status or nil if peer connection wasn't found
+func (e *Engine) GetConnectedPeers() []string {
+	e.syncMsgMux.Lock()
+	defer e.syncMsgMux.Unlock()
+
+	peers := []string{}
+	for s, conn := range e.peerConns {
+		if conn.Status() == peer.StatusConnected {
+			peers = append(peers, s)
+		}
+	}
+
+	return peers
+}
+
 func signalCandidate(candidate ice.Candidate, myKey wgtypes.Key, remoteKey wgtypes.Key, s signal.Client) error {
 	err := s.Send(&sProto.Message{
 		Key:       myKey.PublicKey().String(),
@@ -374,10 +390,6 @@ func signalCandidate(candidate ice.Candidate, myKey wgtypes.Key, remoteKey wgtyp
 	return nil
 }
 
-func sendSignal(message *sProto.Message, s signal.Client) error {
-	return s.Send(message)
-}
-
 // SignalOfferAnswer signals either an offer or an answer to remote peer
 func SignalOfferAnswer(offerAnswer peer.OfferAnswer, myKey wgtypes.Key, remoteKey wgtypes.Key, s signal.Client, isAnswer bool) error {
 	var t sProto.Body_Type
@@ -394,10 +406,6 @@ func SignalOfferAnswer(offerAnswer peer.OfferAnswer, myKey wgtypes.Key, remoteKe
 	if err != nil {
 		return err
 	}
-
-	// indicates message support in gRPC
-	msg.Body.FeaturesSupported = []uint32{signal.DirectCheck}
-
 	err = s.Send(msg)
 	if err != nil {
 		return err
@@ -501,10 +509,10 @@ func (e *Engine) updateConfig(conf *mgmProto.PeerConfig) error {
 		}
 	}
 
-	e.statusRecorder.UpdateLocalPeerState(peer.LocalPeerState{
+	e.statusRecorder.UpdateLocalPeerState(nbstatus.LocalPeerState{
 		IP:              e.config.WgAddr,
 		PubKey:          e.config.WgPrivateKey.PublicKey().String(),
-		KernelInterface: iface.WireGuardModuleIsLoaded(),
+		KernelInterface: iface.WireguardModuleIsLoaded(),
 		FQDN:            conf.GetFqdn(),
 	})
 
@@ -586,8 +594,6 @@ func (e *Engine) updateNetworkMap(networkMap *mgmProto.NetworkMap) error {
 
 	log.Debugf("got peers update from Management Service, total peers to connect to = %d", len(networkMap.GetRemotePeers()))
 
-	e.updateOfflinePeers(networkMap.GetOfflinePeers())
-
 	// cleanup request, most likely our peer has been deleted
 	if networkMap.GetRemotePeersIsEmpty() {
 		err := e.removeAllPeers()
@@ -635,7 +641,6 @@ func (e *Engine) updateNetworkMap(networkMap *mgmProto.NetworkMap) error {
 	if protoDNSConfig == nil {
 		protoDNSConfig = &mgmProto.DNSConfig{}
 	}
-
 	err = e.dnsServer.UpdateDNSServer(serial, toDNSConfig(protoDNSConfig))
 	if err != nil {
 		log.Errorf("failed to update dns server, err: %v", err)
@@ -705,21 +710,6 @@ func toDNSConfig(protoDNSConfig *mgmProto.DNSConfig) nbdns.Config {
 	return dnsUpdate
 }
 
-func (e *Engine) updateOfflinePeers(offlinePeers []*mgmProto.RemotePeerConfig) {
-	replacement := make([]peer.State, len(offlinePeers))
-	for i, offlinePeer := range offlinePeers {
-		log.Debugf("added offline peer %s", offlinePeer.Fqdn)
-		replacement[i] = peer.State{
-			IP:               strings.Join(offlinePeer.GetAllowedIps(), ","),
-			PubKey:           offlinePeer.GetWgPubKey(),
-			FQDN:             offlinePeer.GetFqdn(),
-			ConnStatus:       peer.StatusDisconnected,
-			ConnStatusUpdate: time.Now(),
-		}
-	}
-	e.statusRecorder.ReplaceOfflinePeers(replacement)
-}
-
 // addNewPeers adds peers that were not know before but arrived from the Management service with the update
 func (e *Engine) addNewPeers(peersUpdate []*mgmProto.RemotePeerConfig) error {
 	for _, p := range peersUpdate {
@@ -808,6 +798,14 @@ func (e Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, er
 	stunTurn = append(stunTurn, e.STUNs...)
 	stunTurn = append(stunTurn, e.TURNs...)
 
+	proxyConfig := proxy.Config{
+		RemoteKey:    pubKey,
+		WgListenAddr: fmt.Sprintf("127.0.0.1:%d", e.config.WgPort),
+		WgInterface:  e.wgInterface,
+		AllowedIps:   allowedIPs,
+		PreSharedKey: e.config.PreSharedKey,
+	}
+
 	// randomize connection timeout
 	timeout := time.Duration(rand.Intn(PeerConnectionTimeoutMax-PeerConnectionTimeoutMin)+PeerConnectionTimeoutMin) * time.Millisecond
 	config := peer.ConnConfig{
@@ -819,12 +817,12 @@ func (e Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, er
 		Timeout:              timeout,
 		UDPMux:               e.udpMux,
 		UDPMuxSrflx:          e.udpMuxSrflx,
+		ProxyConfig:          proxyConfig,
 		LocalWgPort:          e.config.WgPort,
 		NATExternalIPs:       e.parseNATExternalIPMappings(),
-		AllowedIPs:           allowedIPs,
 	}
 
-	peerConn, err := peer.NewConn(config, e.wgInterface, e.statusRecorder, e.config.TunAdapter, e.config.IFaceDiscover)
+	peerConn, err := peer.NewConn(config, e.statusRecorder)
 	if err != nil {
 		return nil, err
 	}
@@ -849,9 +847,6 @@ func (e Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, er
 	peerConn.SetSignalCandidate(signalCandidate)
 	peerConn.SetSignalOffer(signalOffer)
 	peerConn.SetSignalAnswer(signalAnswer)
-	peerConn.SetSendSignalMessage(func(message *sProto.Message) error {
-		return sendSignal(message, e.signal)
-	})
 
 	return peerConn, nil
 }
@@ -875,9 +870,6 @@ func (e *Engine) receiveSignalEvents() {
 				if err != nil {
 					return err
 				}
-
-				conn.RegisterProtoSupportMeta(msg.Body.GetFeaturesSupported())
-
 				conn.OnRemoteOffer(peer.OfferAnswer{
 					IceCredentials: peer.IceCredentials{
 						UFrag: remoteCred.UFrag,
@@ -891,9 +883,6 @@ func (e *Engine) receiveSignalEvents() {
 				if err != nil {
 					return err
 				}
-
-				conn.RegisterProtoSupportMeta(msg.Body.GetFeaturesSupported())
-
 				conn.OnRemoteAnswer(peer.OfferAnswer{
 					IceCredentials: peer.IceCredentials{
 						UFrag: remoteCred.UFrag,
@@ -909,19 +898,6 @@ func (e *Engine) receiveSignalEvents() {
 					return err
 				}
 				conn.OnRemoteCandidate(candidate)
-			case sProto.Body_MODE:
-				protoMode := msg.GetBody().GetMode()
-				if protoMode == nil {
-					return fmt.Errorf("received an empty mode message")
-				}
-
-				err := conn.OnModeMessage(peer.ModeMessage{
-					Direct: protoMode.GetDirect(),
-				})
-				if err != nil {
-					log.Errorf("failed processing a mode message -> %s", err)
-					return err
-				}
 			}
 
 			return nil
@@ -1006,6 +982,12 @@ func (e *Engine) close() {
 		}
 	}
 
+	if e.udpMuxSrflx != nil {
+		if err := e.udpMuxSrflx.Close(); err != nil {
+			log.Debugf("close server reflexive udp mux: %v", err)
+		}
+	}
+
 	if e.udpMuxConn != nil {
 		if err := e.udpMuxConn.Close(); err != nil {
 			log.Debugf("close udp mux connection: %v", err)

client/internal/engine_stdnet.go

@@ -1,11 +0,0 @@
-//go:build !android
-
-package internal
-
-import (
-	"github.com/netbirdio/netbird/client/internal/stdnet"
-)
-
-func (e *Engine) newStdNet() (*stdnet.Net, error) {
-	return stdnet.NewNet(e.config.IFaceBlackList)
-}

client/internal/engine_stdnet_android.go

@@ -1,7 +0,0 @@
-package internal
-
-import "github.com/netbirdio/netbird/client/internal/stdnet"
-
-func (e *Engine) newStdNet() (*stdnet.Net, error) {
-	return stdnet.NewNetWithDiscover(e.config.IFaceDiscover, e.config.IFaceBlackList)
-}

client/internal/engine_test.go

@@ -3,8 +3,16 @@ package internal
 import (
 	"context"
 	"fmt"
-	"github.com/netbirdio/netbird/iface/bind"
-	"github.com/pion/transport/v2/stdnet"
+	"github.com/netbirdio/netbird/client/internal/dns"
+	"github.com/netbirdio/netbird/client/internal/routemanager"
+	"github.com/netbirdio/netbird/client/ssh"
+	nbstatus "github.com/netbirdio/netbird/client/status"
+	nbdns "github.com/netbirdio/netbird/dns"
+	"github.com/netbirdio/netbird/iface"
+	"github.com/netbirdio/netbird/management/server/activity"
+	"github.com/netbirdio/netbird/route"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"net"
 	"net/netip"
 	"os"
@@ -15,29 +23,18 @@ import (
 	"testing"
 	"time"
 
-	log "github.com/sirupsen/logrus"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/keepalive"
-
-	"github.com/netbirdio/netbird/client/internal/dns"
-	"github.com/netbirdio/netbird/client/internal/peer"
-	"github.com/netbirdio/netbird/client/internal/routemanager"
-	"github.com/netbirdio/netbird/client/ssh"
 	"github.com/netbirdio/netbird/client/system"
-	nbdns "github.com/netbirdio/netbird/dns"
-	"github.com/netbirdio/netbird/iface"
 	mgmt "github.com/netbirdio/netbird/management/client"
 	mgmtProto "github.com/netbirdio/netbird/management/proto"
 	"github.com/netbirdio/netbird/management/server"
-	"github.com/netbirdio/netbird/management/server/activity"
-	"github.com/netbirdio/netbird/route"
 	signal "github.com/netbirdio/netbird/signal/client"
 	"github.com/netbirdio/netbird/signal/proto"
 	signalServer "github.com/netbirdio/netbird/signal/server"
 	"github.com/netbirdio/netbird/util"
+	log "github.com/sirupsen/logrus"
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/keepalive"
 )
 
 var (
@@ -74,7 +71,7 @@ func TestEngine_SSH(t *testing.T) {
 		WgAddr:       "100.64.0.1/24",
 		WgPrivateKey: key,
 		WgPort:       33100,
-	}, peer.NewRecorder("https://mgm"))
+	}, nbstatus.NewRecorder())
 
 	engine.dnsServer = &dns.MockServer{
 		UpdateDNSServerFunc: func(serial uint64, update nbdns.Config) error { return nil },
@@ -208,24 +205,12 @@ func TestEngine_UpdateNetworkMap(t *testing.T) {
 		WgAddr:       "100.64.0.1/24",
 		WgPrivateKey: key,
 		WgPort:       33100,
-	}, peer.NewRecorder("https://mgm"))
-	newNet, err := stdnet.NewNet()
-	if err != nil {
-		t.Fatal(err)
-	}
-	engine.wgInterface, err = iface.NewWGIFace("utun102", "100.64.0.1/24", iface.DefaultMTU, nil, newNet)
-	if err != nil {
-		t.Fatal(err)
-	}
+	}, nbstatus.NewRecorder())
+	engine.wgInterface, err = iface.NewWGIFace("utun102", "100.64.0.1/24", iface.DefaultMTU)
 	engine.routeManager = routemanager.NewManager(ctx, key.PublicKey().String(), engine.wgInterface, engine.statusRecorder)
 	engine.dnsServer = &dns.MockServer{
 		UpdateDNSServerFunc: func(serial uint64, update nbdns.Config) error { return nil },
 	}
-	conn, err := net.ListenUDP("udp4", nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-	engine.udpMux = bind.NewUniversalUDPMuxDefault(bind.UniversalUDPMuxParams{UDPConn: conn})
 
 	type testCase struct {
 		name       string
@@ -404,7 +389,7 @@ func TestEngine_Sync(t *testing.T) {
 		WgAddr:       "100.64.0.1/24",
 		WgPrivateKey: key,
 		WgPort:       33100,
-	}, peer.NewRecorder("https://mgm"))
+	}, nbstatus.NewRecorder())
 
 	engine.dnsServer = &dns.MockServer{
 		UpdateDNSServerFunc: func(serial uint64, update nbdns.Config) error { return nil },
@@ -454,7 +439,7 @@ func TestEngine_Sync(t *testing.T) {
 		default:
 		}
 
-		if getPeers(engine) == 3 && engine.networkSerial == 10 {
+		if len(engine.GetPeers()) == 3 && engine.networkSerial == 10 {
 			break
 		}
 	}
@@ -562,12 +547,8 @@ func TestEngine_UpdateNetworkMapWithRoutes(t *testing.T) {
 				WgAddr:       wgAddr,
 				WgPrivateKey: key,
 				WgPort:       33100,
-			}, peer.NewRecorder("https://mgm"))
-			newNet, err := stdnet.NewNet()
-			if err != nil {
-				t.Fatal(err)
-			}
-			engine.wgInterface, err = iface.NewWGIFace(wgIfaceName, wgAddr, iface.DefaultMTU, nil, newNet)
+			}, nbstatus.NewRecorder())
+			engine.wgInterface, err = iface.NewWGIFace(wgIfaceName, wgAddr, iface.DefaultMTU)
 			assert.NoError(t, err, "shouldn't return error")
 			input := struct {
 				inputSerial uint64
@@ -731,12 +712,8 @@ func TestEngine_UpdateNetworkMapWithDNSUpdate(t *testing.T) {
 				WgAddr:       wgAddr,
 				WgPrivateKey: key,
 				WgPort:       33100,
-			}, peer.NewRecorder("https://mgm"))
-			newNet, err := stdnet.NewNet()
-			if err != nil {
-				t.Fatal(err)
-			}
-			engine.wgInterface, err = iface.NewWGIFace(wgIfaceName, wgAddr, iface.DefaultMTU, nil, newNet)
+			}, nbstatus.NewRecorder())
+			engine.wgInterface, err = iface.NewWGIFace(wgIfaceName, wgAddr, iface.DefaultMTU)
 			assert.NoError(t, err, "shouldn't return error")
 
 			mockRouteManager := &routemanager.MockManager{
@@ -869,7 +846,7 @@ loop:
 		case <-ticker.C:
 			totalConnected := 0
 			for _, engine := range engines {
-				totalConnected = totalConnected + getConnectedPeers(engine)
+				totalConnected = totalConnected + len(engine.GetConnectedPeers())
 			}
 			if totalConnected == expectedConnected {
 				log.Infof("total connected=%d", totalConnected)
@@ -1000,7 +977,7 @@ func createEngine(ctx context.Context, cancel context.CancelFunc, setupKey strin
 		WgPort:       wgPort,
 	}
 
-	return NewEngine(ctx, cancel, signalClient, mgmtClient, conf, peer.NewRecorder("https://mgm")), nil
+	return NewEngine(ctx, cancel, signalClient, mgmtClient, conf, nbstatus.NewRecorder()), nil
 }
 
 func startSignal() (*grpc.Server, string, error) {
@@ -1067,23 +1044,3 @@ func startManagement(dataDir string) (*grpc.Server, string, error) {
 
 	return s, lis.Addr().String(), nil
 }
-
-// getConnectedPeers returns a connection Status or nil if peer connection wasn't found
-func getConnectedPeers(e *Engine) int {
-	e.syncMsgMux.Lock()
-	defer e.syncMsgMux.Unlock()
-	i := 0
-	for _, conn := range e.peerConns {
-		if conn.Status() == peer.StatusConnected {
-			i++
-		}
-	}
-	return i
-}
-
-func getPeers(e *Engine) int {
-	e.syncMsgMux.Lock()
-	defer e.syncMsgMux.Unlock()
-
-	return len(e.peerConns)
-}

client/internal/login.go

@@ -2,55 +2,37 @@ package internal
 
 import (
 	"context"
-	"net/url"
-
 	"github.com/google/uuid"
-	log "github.com/sirupsen/logrus"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-
 	"github.com/netbirdio/netbird/client/ssh"
 	"github.com/netbirdio/netbird/client/system"
 	mgm "github.com/netbirdio/netbird/management/client"
 	mgmProto "github.com/netbirdio/netbird/management/proto"
+	log "github.com/sirupsen/logrus"
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 )
 
-// IsLoginRequired check that the server is support SSO or not
-func IsLoginRequired(ctx context.Context, privateKey string, mgmURL *url.URL, sshKey string) (bool, error) {
-	mgmClient, err := getMgmClient(ctx, privateKey, mgmURL)
-	if err != nil {
-		return false, err
-	}
-	defer func() {
-		err = mgmClient.Close()
-		if err != nil {
-			cStatus, ok := status.FromError(err)
-			if !ok || ok && cStatus.Code() != codes.Canceled {
-				log.Warnf("failed to close the Management service client, err: %v", err)
-			}
-		}
-	}()
-	log.Debugf("connected to the Management service %s", mgmURL.String())
-
-	pubSSHKey, err := ssh.GeneratePublicKey([]byte(sshKey))
-	if err != nil {
-		return false, err
-	}
-
-	_, err = doMgmLogin(ctx, mgmClient, pubSSHKey)
-	if isLoginNeeded(err) {
-		return true, nil
-	}
-	return false, err
-}
-
-// Login or register the client
 func Login(ctx context.Context, config *Config, setupKey string, jwtToken string) error {
-	mgmClient, err := getMgmClient(ctx, config.PrivateKey, config.ManagementURL)
+	// validate our peer's Wireguard PRIVATE key
+	myPrivateKey, err := wgtypes.ParseKey(config.PrivateKey)
 	if err != nil {
+		log.Errorf("failed parsing Wireguard key %s: [%s]", config.PrivateKey, err.Error())
 		return err
 	}
+
+	var mgmTlsEnabled bool
+	if config.ManagementURL.Scheme == "https" {
+		mgmTlsEnabled = true
+	}
+
+	log.Debugf("connecting to the Management service %s", config.ManagementURL.String())
+	mgmClient, err := mgm.NewClient(ctx, config.ManagementURL.Host, myPrivateKey, mgmTlsEnabled)
+	if err != nil {
+		log.Errorf("failed connecting to the Management service %s %v", config.ManagementURL.String(), err)
+		return err
+	}
+	log.Debugf("connected to the Management service %s", config.ManagementURL.String())
 	defer func() {
 		err = mgmClient.Close()
 		if err != nil {
@@ -60,55 +42,47 @@ func Login(ctx context.Context, config *Config, setupKey string, jwtToken string
 			}
 		}
 	}()
-	log.Debugf("connected to the Management service %s", config.ManagementURL.String())
+
+	serverKey, err := mgmClient.GetServerPublicKey()
+	if err != nil {
+		log.Errorf("failed while getting Management Service public key: %v", err)
+		return err
+	}
 
 	pubSSHKey, err := ssh.GeneratePublicKey([]byte(config.SSHKey))
 	if err != nil {
 		return err
 	}
+	_, err = loginPeer(ctx, *serverKey, mgmClient, setupKey, jwtToken, pubSSHKey)
+	if err != nil {
+		log.Errorf("failed logging-in peer on Management Service : %v", err)
+		return err
+	}
+	log.Infof("peer has successfully logged-in to the Management service %s", config.ManagementURL.String())
 
-	serverKey, err := doMgmLogin(ctx, mgmClient, pubSSHKey)
-	if isRegistrationNeeded(err) {
-		log.Debugf("peer registration required")
-		_, err = registerPeer(ctx, *serverKey, mgmClient, setupKey, jwtToken, pubSSHKey)
+	err = mgmClient.Close()
+	if err != nil {
+		log.Errorf("failed to close the Management service client: %v", err)
 		return err
 	}
 
-	return err
+	return nil
 }
 
-func getMgmClient(ctx context.Context, privateKey string, mgmURL *url.URL) (*mgm.GrpcClient, error) {
-	// validate our peer's Wireguard PRIVATE key
-	myPrivateKey, err := wgtypes.ParseKey(privateKey)
-	if err != nil {
-		log.Errorf("failed parsing Wireguard key %s: [%s]", privateKey, err.Error())
-		return nil, err
-	}
-
-	var mgmTlsEnabled bool
-	if mgmURL.Scheme == "https" {
-		mgmTlsEnabled = true
-	}
-
-	log.Debugf("connecting to the Management service %s", mgmURL.String())
-	mgmClient, err := mgm.NewClient(ctx, mgmURL.Host, myPrivateKey, mgmTlsEnabled)
-	if err != nil {
-		log.Errorf("failed connecting to the Management service %s %v", mgmURL.String(), err)
-		return nil, err
-	}
-	return mgmClient, err
-}
-
-func doMgmLogin(ctx context.Context, mgmClient *mgm.GrpcClient, pubSSHKey []byte) (*wgtypes.Key, error) {
-	serverKey, err := mgmClient.GetServerPublicKey()
-	if err != nil {
-		log.Errorf("failed while getting Management Service public key: %v", err)
-		return nil, err
-	}
-
+// loginPeer attempts to login to Management Service. If peer wasn't registered, tries the registration flow.
+func loginPeer(ctx context.Context, serverPublicKey wgtypes.Key, client *mgm.GrpcClient, setupKey string, jwtToken string, pubSSHKey []byte) (*mgmProto.LoginResponse, error) {
 	sysInfo := system.GetInfo(ctx)
-	_, err = mgmClient.Login(*serverKey, sysInfo, pubSSHKey)
-	return serverKey, err
+	loginResp, err := client.Login(serverPublicKey, sysInfo, pubSSHKey)
+	if err != nil {
+		if s, ok := status.FromError(err); ok && s.Code() == codes.PermissionDenied {
+			log.Debugf("peer registration required")
+			return registerPeer(ctx, serverPublicKey, client, setupKey, jwtToken, pubSSHKey)
+		} else {
+			return nil, err
+		}
+	}
+
+	return loginResp, nil
 }
 
 // registerPeer checks whether setupKey was provided via cmd line and if not then it prompts user to enter a key.
@@ -131,31 +105,3 @@ func registerPeer(ctx context.Context, serverPublicKey wgtypes.Key, client *mgm.
 
 	return loginResp, nil
 }
-
-func isLoginNeeded(err error) bool {
-	if err == nil {
-		return false
-	}
-	s, ok := status.FromError(err)
-	if !ok {
-		return false
-	}
-	if s.Code() == codes.InvalidArgument || s.Code() == codes.PermissionDenied {
-		return true
-	}
-	return false
-}
-
-func isRegistrationNeeded(err error) bool {
-	if err == nil {
-		return false
-	}
-	s, ok := status.FromError(err)
-	if !ok {
-		return false
-	}
-	if s.Code() == codes.PermissionDenied {
-		return true
-	}
-	return false
-}

client/internal/oauth.go

@@ -35,6 +35,15 @@ type DeviceAuthInfo struct {
 	Interval                int    `json:"interval"`
 }
 
+// TokenInfo holds information of issued access token
+type TokenInfo struct {
+	AccessToken  string `json:"access_token"`
+	RefreshToken string `json:"refresh_token"`
+	IDToken      string `json:"id_token"`
+	TokenType    string `json:"token_type"`
+	ExpiresIn    int    `json:"expires_in"`
+}
+
 // HostedGrantType grant type for device flow on Hosted
 const (
 	HostedGrantType    = "urn:ietf:params:oauth:grant-type:device_code"
@@ -43,7 +52,16 @@ const (
 
 // Hosted client
 type Hosted struct {
-	providerConfig ProviderConfig
+	// Hosted API Audience for validation
+	Audience string
+	// Hosted Native application client id
+	ClientID string
+	// Hosted Native application request scope
+	Scope string
+	// TokenEndpoint to request access token
+	TokenEndpoint string
+	// DeviceAuthEndpoint to request device authorization code
+	DeviceAuthEndpoint string
 
 	HTTPClient HTTPClient
 }
@@ -52,7 +70,7 @@ type Hosted struct {
 type RequestDeviceCodePayload struct {
 	Audience string `json:"audience"`
 	ClientID string `json:"client_id"`
-	Scope    string `json:"scope"`
+	Scope 	 string `json:"scope"`
 }
 
 // TokenRequestPayload used for requesting the auth0 token
@@ -75,26 +93,8 @@ type Claims struct {
 	Audience interface{} `json:"aud"`
 }
 
-// TokenInfo holds information of issued access token
-type TokenInfo struct {
-	AccessToken  string `json:"access_token"`
-	RefreshToken string `json:"refresh_token"`
-	IDToken      string `json:"id_token"`
-	TokenType    string `json:"token_type"`
-	ExpiresIn    int    `json:"expires_in"`
-	UseIDToken   bool   `json:"-"`
-}
-
-// GetTokenToUse returns either the access or id token based on UseIDToken field
-func (t TokenInfo) GetTokenToUse() string {
-	if t.UseIDToken {
-		return t.IDToken
-	}
-	return t.AccessToken
-}
-
 // NewHostedDeviceFlow returns an Hosted OAuth client
-func NewHostedDeviceFlow(config ProviderConfig) *Hosted {
+func NewHostedDeviceFlow(audience string, clientID string, tokenEndpoint string, deviceAuthEndpoint string) *Hosted {
 	httpTransport := http.DefaultTransport.(*http.Transport).Clone()
 	httpTransport.MaxIdleConns = 5
 
@@ -104,23 +104,27 @@ func NewHostedDeviceFlow(config ProviderConfig) *Hosted {
 	}
 
 	return &Hosted{
-		providerConfig: config,
-		HTTPClient:     httpClient,
+		Audience:           audience,
+		ClientID:           clientID,
+		Scope:              "openid",
+		TokenEndpoint:      tokenEndpoint,
+		HTTPClient:         httpClient,
+		DeviceAuthEndpoint: deviceAuthEndpoint,
 	}
 }
 
 // GetClientID returns the provider client id
 func (h *Hosted) GetClientID(ctx context.Context) string {
-	return h.providerConfig.ClientID
+	return h.ClientID
 }
 
 // RequestDeviceCode requests a device code login flow information from Hosted
 func (h *Hosted) RequestDeviceCode(ctx context.Context) (DeviceAuthInfo, error) {
 	form := url.Values{}
-	form.Add("client_id", h.providerConfig.ClientID)
-	form.Add("audience", h.providerConfig.Audience)
-	form.Add("scope", h.providerConfig.Scope)
-	req, err := http.NewRequest("POST", h.providerConfig.DeviceAuthEndpoint,
+	form.Add("client_id", h.ClientID)
+	form.Add("audience", h.Audience)
+	form.Add("scope", h.Scope)
+	req, err := http.NewRequest("POST", h.DeviceAuthEndpoint,
 		strings.NewReader(form.Encode()))
 	if err != nil {
 		return DeviceAuthInfo{}, fmt.Errorf("creating request failed with error: %v", err)
@@ -153,10 +157,10 @@ func (h *Hosted) RequestDeviceCode(ctx context.Context) (DeviceAuthInfo, error)
 
 func (h *Hosted) requestToken(info DeviceAuthInfo) (TokenRequestResponse, error) {
 	form := url.Values{}
-	form.Add("client_id", h.providerConfig.ClientID)
+	form.Add("client_id", h.ClientID)
 	form.Add("grant_type", HostedGrantType)
 	form.Add("device_code", info.DeviceCode)
-	req, err := http.NewRequest("POST", h.providerConfig.TokenEndpoint, strings.NewReader(form.Encode()))
+	req, err := http.NewRequest("POST", h.TokenEndpoint, strings.NewReader(form.Encode()))
 	if err != nil {
 		return TokenRequestResponse{}, fmt.Errorf("failed to create request access token: %v", err)
 	}
@@ -221,20 +225,18 @@ func (h *Hosted) WaitToken(ctx context.Context, info DeviceAuthInfo) (TokenInfo,
 				return TokenInfo{}, fmt.Errorf(tokenResponse.ErrorDescription)
 			}
 
+			err = isValidAccessToken(tokenResponse.AccessToken, h.Audience)
+			if err != nil {
+				return TokenInfo{}, fmt.Errorf("validate access token failed with error: %v", err)
+			}
+
 			tokenInfo := TokenInfo{
 				AccessToken:  tokenResponse.AccessToken,
 				TokenType:    tokenResponse.TokenType,
 				RefreshToken: tokenResponse.RefreshToken,
 				IDToken:      tokenResponse.IDToken,
 				ExpiresIn:    tokenResponse.ExpiresIn,
-				UseIDToken:   h.providerConfig.UseIDToken,
 			}
-
-			err = isValidAccessToken(tokenInfo.GetTokenToUse(), h.providerConfig.Audience)
-			if err != nil {
-				return TokenInfo{}, fmt.Errorf("validate access token failed with error: %v", err)
-			}
-
 			return tokenInfo, err
 		}
 	}

client/internal/oauth_test.go

@@ -3,15 +3,14 @@ package internal
 import (
 	"context"
 	"fmt"
+	"github.com/golang-jwt/jwt"
+	"github.com/stretchr/testify/require"
 	"io"
 	"net/http"
 	"net/url"
 	"strings"
 	"testing"
 	"time"
-
-	"github.com/golang-jwt/jwt"
-	"github.com/stretchr/testify/require"
 )
 
 type mockHTTPClient struct {
@@ -114,15 +113,12 @@ func TestHosted_RequestDeviceCode(t *testing.T) {
 			}
 
 			hosted := Hosted{
-				providerConfig: ProviderConfig{
-					Audience:           expectedAudience,
-					ClientID:           expectedClientID,
-					Scope:              expectedScope,
-					TokenEndpoint:      "test.hosted.com/token",
-					DeviceAuthEndpoint: "test.hosted.com/device/auth",
-					UseIDToken:         false,
-				},
-				HTTPClient: &httpClient,
+				Audience:           expectedAudience,
+				ClientID:           expectedClientID,
+				Scope:              expectedScope,
+				TokenEndpoint:      "test.hosted.com/token",
+				DeviceAuthEndpoint: "test.hosted.com/device/auth",
+				HTTPClient:         &httpClient,
 			}
 
 			authInfo, err := hosted.RequestDeviceCode(context.TODO())
@@ -279,15 +275,12 @@ func TestHosted_WaitToken(t *testing.T) {
 			}
 
 			hosted := Hosted{
-				providerConfig: ProviderConfig{
-					Audience:           testCase.inputAudience,
-					ClientID:           clientID,
-					TokenEndpoint:      "test.hosted.com/token",
-					DeviceAuthEndpoint: "test.hosted.com/device/auth",
-					Scope:              "openid",
-					UseIDToken:         false,
-				},
-				HTTPClient: &httpClient}
+				Audience:           testCase.inputAudience,
+				ClientID:           clientID,
+				TokenEndpoint:      "test.hosted.com/token",
+				DeviceAuthEndpoint: "test.hosted.com/device/auth",
+				HTTPClient:         &httpClient,
+			}
 
 			ctx, cancel := context.WithTimeout(context.TODO(), testCase.inputTimeout)
 			defer cancel()

client/internal/peer/conn.go

@@ -2,21 +2,18 @@ package peer
 
 import (
 	"context"
-	"fmt"
 	"net"
 	"strings"
 	"sync"
 	"time"
 
+	"github.com/netbirdio/netbird/client/internal/proxy"
+	nbStatus "github.com/netbirdio/netbird/client/status"
+	"github.com/netbirdio/netbird/client/system"
+	"github.com/netbirdio/netbird/iface"
 	"github.com/pion/ice/v2"
 	log "github.com/sirupsen/logrus"
-
-	"github.com/netbirdio/netbird/client/internal/proxy"
-	"github.com/netbirdio/netbird/client/internal/stdnet"
-	"github.com/netbirdio/netbird/iface"
-	signal "github.com/netbirdio/netbird/signal/client"
-	sProto "github.com/netbirdio/netbird/signal/proto"
-	"github.com/netbirdio/netbird/version"
+	"golang.zx2c4.com/wireguard/wgctrl"
 )
 
 // ConnConfig is a peer Connection configuration
@@ -37,14 +34,14 @@ type ConnConfig struct {
 
 	Timeout time.Duration
 
+	ProxyConfig proxy.Config
+
 	UDPMux      ice.UDPMux
 	UDPMuxSrflx ice.UniversalUDPMux
 
 	LocalWgPort int
 
 	NATExternalIPs []string
-
-	AllowedIPs string
 }
 
 // OfferAnswer represents a session establishment offer or answer
@@ -72,9 +69,8 @@ type Conn struct {
 	// signalCandidate is a handler function to signal remote peer about local connection candidate
 	signalCandidate func(candidate ice.Candidate) error
 	// signalOffer is a handler function to signal remote peer our connection offer (credentials)
-	signalOffer       func(OfferAnswer) error
-	signalAnswer      func(OfferAnswer) error
-	sendSignalMessage func(message *sProto.Message) error
+	signalOffer  func(OfferAnswer) error
+	signalAnswer func(OfferAnswer) error
 
 	// remoteOffersCh is a channel used to wait for remote credentials to proceed with the connection
 	remoteOffersCh chan OfferAnswer
@@ -87,26 +83,9 @@ type Conn struct {
 	agent  *ice.Agent
 	status ConnStatus
 
-	statusRecorder *Status
+	statusRecorder *nbStatus.Status
 
-	proxy        proxy.Proxy
-	remoteModeCh chan ModeMessage
-	meta         meta
-
-	wgIface       *iface.WGIface
-	adapter       iface.TunAdapter
-	iFaceDiscover stdnet.ExternalIFaceDiscover
-}
-
-// meta holds meta information about a connection
-type meta struct {
-	protoSupport signal.FeaturesSupport
-}
-
-// ModeMessage represents a connection mode chosen by the peer
-type ModeMessage struct {
-	// Direct indicates that it decided to use a direct connection
-	Direct bool
+	proxy proxy.Proxy
 }
 
 // GetConf returns the connection config
@@ -121,7 +100,7 @@ func (conn *Conn) UpdateConf(conf ConnConfig) {
 
 // NewConn creates a new not opened Conn to the remote peer.
 // To establish a connection run Conn.Open
-func NewConn(config ConnConfig, wgIface *iface.WGIface, statusRecorder *Status, adapter iface.TunAdapter, iFaceDiscover stdnet.ExternalIFaceDiscover) (*Conn, error) {
+func NewConn(config ConnConfig, statusRecorder *nbStatus.Status) (*Conn, error) {
 	return &Conn{
 		config:         config,
 		mu:             sync.Mutex{},
@@ -130,35 +109,51 @@ func NewConn(config ConnConfig, wgIface *iface.WGIface, statusRecorder *Status,
 		remoteOffersCh: make(chan OfferAnswer),
 		remoteAnswerCh: make(chan OfferAnswer),
 		statusRecorder: statusRecorder,
-		remoteModeCh:   make(chan ModeMessage, 1),
-		adapter:        adapter,
-		iFaceDiscover:  iFaceDiscover,
-		wgIface:        wgIface,
 	}, nil
 }
 
+// interfaceFilter is a function passed to ICE Agent to filter out not allowed interfaces
+// to avoid building tunnel over them
+func interfaceFilter(blackList []string) func(string) bool {
+
+	return func(iFace string) bool {
+		for _, s := range blackList {
+			if strings.HasPrefix(iFace, s) {
+				log.Debugf("ignoring interface %s - it is not allowed", iFace)
+				return false
+			}
+		}
+		// look for unlisted WireGuard interfaces
+		wg, err := wgctrl.New()
+		if err != nil {
+			log.Debugf("trying to create a wgctrl client failed with: %v", err)
+			return true
+		}
+		defer func() {
+			_ = wg.Close()
+		}()
+
+		_, err = wg.Device(iFace)
+		return err != nil
+	}
+}
+
 func (conn *Conn) reCreateAgent() error {
 	conn.mu.Lock()
 	defer conn.mu.Unlock()
 
 	failedTimeout := 6 * time.Second
-
 	var err error
-	transportNet, err := conn.newStdNet()
-	if err != nil {
-		log.Warnf("failed to create pion's stdnet: %s", err)
-	}
 	agentConfig := &ice.AgentConfig{
 		MulticastDNSMode: ice.MulticastDNSModeDisabled,
 		NetworkTypes:     []ice.NetworkType{ice.NetworkTypeUDP4, ice.NetworkTypeUDP6},
 		Urls:             conn.config.StunTurn,
 		CandidateTypes:   []ice.CandidateType{ice.CandidateTypeHost, ice.CandidateTypeServerReflexive, ice.CandidateTypeRelay},
 		FailedTimeout:    &failedTimeout,
-		InterfaceFilter:  stdnet.InterfaceFilter(conn.config.InterfaceBlackList),
+		InterfaceFilter:  interfaceFilter(conn.config.InterfaceBlackList),
 		UDPMux:           conn.config.UDPMux,
 		UDPMuxSrflx:      conn.config.UDPMuxSrflx,
 		NAT1To1IPs:       conn.config.NATExternalIPs,
-		Net:              transportNet,
 	}
 
 	if conn.config.DisableIPv6Discovery {
@@ -195,11 +190,11 @@ func (conn *Conn) reCreateAgent() error {
 func (conn *Conn) Open() error {
 	log.Debugf("trying to connect to peer %s", conn.config.Key)
 
-	peerState := State{PubKey: conn.config.Key}
+	peerState := nbStatus.PeerState{PubKey: conn.config.Key}
 
-	peerState.IP = strings.Split(conn.config.AllowedIPs, "/")[0]
+	peerState.IP = strings.Split(conn.config.ProxyConfig.AllowedIps, "/")[0]
 	peerState.ConnStatusUpdate = time.Now()
-	peerState.ConnStatus = conn.status
+	peerState.ConnStatus = conn.status.String()
 
 	err := conn.statusRecorder.UpdatePeerState(peerState)
 	if err != nil {
@@ -255,9 +250,9 @@ func (conn *Conn) Open() error {
 	defer conn.notifyDisconnected()
 	conn.mu.Unlock()
 
-	peerState = State{PubKey: conn.config.Key}
+	peerState = nbStatus.PeerState{PubKey: conn.config.Key}
 
-	peerState.ConnStatus = conn.status
+	peerState.ConnStatus = conn.status.String()
 	peerState.ConnStatusUpdate = time.Now()
 	err = conn.statusRecorder.UpdatePeerState(peerState)
 	if err != nil {
@@ -294,7 +289,7 @@ func (conn *Conn) Open() error {
 		return err
 	}
 
-	if conn.proxy.Type() == proxy.TypeDirectNoProxy {
+	if conn.proxy.Type() == proxy.TypeNoProxy {
 		host, _, _ := net.SplitHostPort(remoteConn.LocalAddr().String())
 		rhost, _, _ := net.SplitHostPort(remoteConn.RemoteAddr().String())
 		// direct Wireguard connection
@@ -315,75 +310,38 @@ func (conn *Conn) Open() error {
 }
 
 // useProxy determines whether a direct connection (without a go proxy) is possible
-//
-// There are 3 cases:
-//
-// * When neither candidate is from hard nat and one of the peers has a public IP
-//
-// * both peers are in the same private network
-//
-// * Local peer uses userspace interface with bind.ICEBind and is not relayed
-//
+// There are 3 cases: one of the peers has a public IP or both peers are in the same private network
 // Please note, that this check happens when peers were already able to ping each other using ICE layer.
-func shouldUseProxy(pair *ice.CandidatePair, userspaceBind bool) bool {
+func shouldUseProxy(pair *ice.CandidatePair) bool {
+	remoteIP := net.ParseIP(pair.Remote.Address())
+	myIp := net.ParseIP(pair.Local.Address())
+	remoteIsPublic := IsPublicIP(remoteIP)
+	myIsPublic := IsPublicIP(myIp)
 
-	if !isRelayCandidate(pair.Local) && userspaceBind {
+	if pair.Local.Type() == ice.CandidateTypeRelay || pair.Remote.Type() == ice.CandidateTypeRelay {
+		return true
+	}
+
+	//one of the hosts has a public IP
+	if remoteIsPublic && pair.Remote.Type() == ice.CandidateTypeHost {
+		return false
+	}
+	if myIsPublic && pair.Local.Type() == ice.CandidateTypeHost {
 		return false
 	}
 
-	if !isHardNATCandidate(pair.Local) && isHostCandidateWithPublicIP(pair.Remote) {
-		return false
-	}
-
-	if !isHardNATCandidate(pair.Remote) && isHostCandidateWithPublicIP(pair.Local) {
-		return false
-	}
-
-	if isHostCandidateWithPrivateIP(pair.Local) && isHostCandidateWithPrivateIP(pair.Remote) && isSameNetworkPrefix(pair) {
-		return false
+	if pair.Local.Type() == ice.CandidateTypeHost && pair.Remote.Type() == ice.CandidateTypeHost {
+		if !remoteIsPublic && !myIsPublic {
+			//both hosts are in the same private network
+			return false
+		}
 	}
 
 	return true
 }
 
-func isSameNetworkPrefix(pair *ice.CandidatePair) bool {
-
-	localIPStr, _, err := net.SplitHostPort(pair.Local.Address())
-	if err != nil {
-		return false
-	}
-	remoteIPStr, _, err := net.SplitHostPort(pair.Remote.Address())
-	if err != nil {
-		return false
-	}
-	localIP := net.ParseIP(localIPStr)
-	remoteIP := net.ParseIP(remoteIPStr)
-	if localIP == nil || remoteIP == nil {
-		return false
-	}
-	// only consider /16 networks
-	mask := net.IPMask{255, 255, 0, 0}
-	return localIP.Mask(mask).Equal(remoteIP.Mask(mask))
-}
-
-func isRelayCandidate(candidate ice.Candidate) bool {
-	return candidate.Type() == ice.CandidateTypeRelay
-}
-
-func isHardNATCandidate(candidate ice.Candidate) bool {
-	return candidate.Type() == ice.CandidateTypeRelay || candidate.Type() == ice.CandidateTypePeerReflexive
-}
-
-func isHostCandidateWithPublicIP(candidate ice.Candidate) bool {
-	return candidate.Type() == ice.CandidateTypeHost && isPublicIP(candidate.Address())
-}
-
-func isHostCandidateWithPrivateIP(candidate ice.Candidate) bool {
-	return candidate.Type() == ice.CandidateTypeHost && !isPublicIP(candidate.Address())
-}
-
-func isPublicIP(address string) bool {
-	ip := net.ParseIP(address)
+// IsPublicIP indicates whether IP is public or not.
+func IsPublicIP(ip net.IP) bool {
 	if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() || ip.IsPrivate() {
 		return false
 	}
@@ -401,8 +359,16 @@ func (conn *Conn) startProxy(remoteConn net.Conn, remoteWgPort int) error {
 		return err
 	}
 
-	peerState := State{PubKey: conn.config.Key}
-	p := conn.getProxyWithMessageExchange(pair, remoteWgPort)
+	peerState := nbStatus.PeerState{PubKey: conn.config.Key}
+	useProxy := shouldUseProxy(pair)
+	var p proxy.Proxy
+	if useProxy {
+		p = proxy.NewWireguardProxy(conn.config.ProxyConfig)
+		peerState.Direct = false
+	} else {
+		p = proxy.NewNoProxy(conn.config.ProxyConfig, remoteWgPort)
+		peerState.Direct = true
+	}
 	conn.proxy = p
 	err = p.Start(remoteConn)
 	if err != nil {
@@ -411,14 +377,13 @@ func (conn *Conn) startProxy(remoteConn net.Conn, remoteWgPort int) error {
 
 	conn.status = StatusConnected
 
-	peerState.ConnStatus = conn.status
+	peerState.ConnStatus = conn.status.String()
 	peerState.ConnStatusUpdate = time.Now()
 	peerState.LocalIceCandidateType = pair.Local.Type().String()
 	peerState.RemoteIceCandidateType = pair.Remote.Type().String()
 	if pair.Local.Type() == ice.CandidateTypeRelay || pair.Remote.Type() == ice.CandidateTypeRelay {
 		peerState.Relayed = true
 	}
-	peerState.Direct = p.Type() == proxy.TypeDirectNoProxy
 
 	err = conn.statusRecorder.UpdatePeerState(peerState)
 	if err != nil {
@@ -428,66 +393,6 @@ func (conn *Conn) startProxy(remoteConn net.Conn, remoteWgPort int) error {
 	return nil
 }
 
-func (conn *Conn) getProxyWithMessageExchange(pair *ice.CandidatePair, remoteWgPort int) proxy.Proxy {
-	useProxy := shouldUseProxy(pair, conn.wgIface.IsUserspaceBind())
-	localDirectMode := !useProxy
-	remoteDirectMode := localDirectMode
-
-	if conn.meta.protoSupport.DirectCheck {
-		go conn.sendLocalDirectMode(localDirectMode)
-		// will block until message received or timeout
-		remoteDirectMode = conn.receiveRemoteDirectMode()
-	}
-
-	if conn.wgIface.IsUserspaceBind() && localDirectMode {
-		return proxy.NewNoProxy(conn.config.ProxyConfig)
-	}
-
-	if localDirectMode && remoteDirectMode {
-		//wgInterface *iface.WGIface, remoteKey string, allowedIps string, preSharedKey *wgtypes.Key, remoteWgPort int)
-		return proxy.NewDirectNoProxy(conn.wgIface, conn.config.Key, conn.config.AllowedIPs, remoteWgPort)
-	}
-
-	log.Debugf("falling back to local proxy mode with peer %s", conn.config.Key)
-	return proxy.NewWireGuardProxy(conn.config.ProxyConfig)
-}
-
-func (conn *Conn) sendLocalDirectMode(localMode bool) {
-	// todo what happens when we couldn't deliver this message?
-	// we could retry, etc but there is no guarantee
-
-	err := conn.sendSignalMessage(&sProto.Message{
-		Key:       conn.config.LocalKey,
-		RemoteKey: conn.config.Key,
-		Body: &sProto.Body{
-			Type: sProto.Body_MODE,
-			Mode: &sProto.Mode{
-				Direct: &localMode,
-			},
-			NetBirdVersion: version.NetbirdVersion(),
-		},
-	})
-	if err != nil {
-		log.Errorf("failed to send local proxy mode to remote peer %s, error: %s", conn.config.Key, err)
-	}
-}
-
-func (conn *Conn) receiveRemoteDirectMode() bool {
-	timeout := time.Second
-	timer := time.NewTimer(timeout)
-	defer timer.Stop()
-
-	select {
-	case receivedMSG := <-conn.remoteModeCh:
-		return receivedMSG.Direct
-	case <-timer.C:
-		// we didn't receive a message from remote so we assume that it supports the direct mode to keep the old behaviour
-		log.Debugf("timeout after %s while waiting for remote direct mode message from remote peer %s",
-			timeout, conn.config.Key)
-		return true
-	}
-}
-
 // cleanup closes all open resources and sets status to StatusDisconnected
 func (conn *Conn) cleanup() error {
 	log.Debugf("trying to cleanup %s", conn.config.Key)
@@ -517,8 +422,8 @@ func (conn *Conn) cleanup() error {
 
 	conn.status = StatusDisconnected
 
-	peerState := State{PubKey: conn.config.Key}
-	peerState.ConnStatus = conn.status
+	peerState := nbStatus.PeerState{PubKey: conn.config.Key}
+	peerState.ConnStatus = conn.status.String()
 	peerState.ConnStatusUpdate = time.Now()
 
 	err := conn.statusRecorder.UpdatePeerState(peerState)
@@ -548,11 +453,6 @@ func (conn *Conn) SetSignalCandidate(handler func(candidate ice.Candidate) error
 	conn.signalCandidate = handler
 }
 
-// SetSendSignalMessage sets a handler function to be triggered by Conn when there is new message to send via signal
-func (conn *Conn) SetSendSignalMessage(handler func(message *sProto.Message) error) {
-	conn.sendSignalMessage = handler
-}
-
 // onICECandidate is a callback attached to an ICE Agent to receive new local connection candidates
 // and then signals them to the remote peer
 func (conn *Conn) onICECandidate(candidate ice.Candidate) {
@@ -594,7 +494,7 @@ func (conn *Conn) sendAnswer() error {
 	err = conn.signalAnswer(OfferAnswer{
 		IceCredentials: IceCredentials{localUFrag, localPwd},
 		WgListenPort:   conn.config.LocalWgPort,
-		Version:        version.NetbirdVersion(),
+		Version:        system.NetbirdVersion(),
 	})
 	if err != nil {
 		return err
@@ -615,7 +515,7 @@ func (conn *Conn) sendOffer() error {
 	err = conn.signalOffer(OfferAnswer{
 		IceCredentials: IceCredentials{localUFrag, localPwd},
 		WgListenPort:   conn.config.LocalWgPort,
-		Version:        version.NetbirdVersion(),
+		Version:        system.NetbirdVersion(),
 	})
 	if err != nil {
 		return err
@@ -707,19 +607,3 @@ func (conn *Conn) OnRemoteCandidate(candidate ice.Candidate) {
 func (conn *Conn) GetKey() string {
 	return conn.config.Key
 }
-
-// OnModeMessage unmarshall the payload message and send it to the mode message channel
-func (conn *Conn) OnModeMessage(message ModeMessage) error {
-	select {
-	case conn.remoteModeCh <- message:
-		return nil
-	default:
-		return fmt.Errorf("unable to process mode message: channel busy")
-	}
-}
-
-// RegisterProtoSupportMeta register supported proto message in the connection metadata
-func (conn *Conn) RegisterProtoSupportMeta(support []uint32) {
-	protoSupport := signal.ParseFeaturesSupported(support)
-	conn.meta.protoSupport = protoSupport
-}

client/internal/peer/conn_status.go

@@ -1,29 +0,0 @@
-package peer
-
-import log "github.com/sirupsen/logrus"
-
-const (
-	// StatusConnected indicate the peer is in connected state
-	StatusConnected ConnStatus = iota
-	// StatusConnecting indicate the peer is in connecting state
-	StatusConnecting
-	// StatusDisconnected indicate the peer is in disconnected state
-	StatusDisconnected
-)
-
-// ConnStatus describe the status of a peer's connection
-type ConnStatus int
-
-func (s ConnStatus) String() string {
-	switch s {
-	case StatusConnecting:
-		return "Connecting"
-	case StatusConnected:
-		return "Connected"
-	case StatusDisconnected:
-		return "Disconnected"
-	default:
-		log.Errorf("unknown status: %d", s)
-		return "INVALID_PEER_CONNECTION_STATUS"
-	}
-}

client/internal/peer/conn_status_test.go

@@ -1,27 +0,0 @@
-package peer
-
-import (
-	"github.com/magiconair/properties/assert"
-	"testing"
-)
-
-func TestConnStatus_String(t *testing.T) {
-
-	tables := []struct {
-		name   string
-		status ConnStatus
-		want   string
-	}{
-		{"StatusConnected", StatusConnected, "Connected"},
-		{"StatusDisconnected", StatusDisconnected, "Disconnected"},
-		{"StatusConnecting", StatusConnecting, "Connecting"},
-	}
-
-	for _, table := range tables {
-		t.Run(table.name, func(t *testing.T) {
-			got := table.status.String()
-			assert.Equal(t, got, table.want, "they should be equal")
-		})
-	}
-
-}

client/internal/peer/conn_test.go

@@ -1,18 +1,14 @@
 package peer
 
 import (
-	"github.com/netbirdio/netbird/client/internal/stdnet"
+	"github.com/magiconair/properties/assert"
+	"github.com/netbirdio/netbird/client/internal/proxy"
+	nbstatus "github.com/netbirdio/netbird/client/status"
+	"github.com/netbirdio/netbird/iface"
+	"github.com/pion/ice/v2"
 	"sync"
 	"testing"
 	"time"
-
-	"github.com/magiconair/properties/assert"
-	"github.com/pion/ice/v2"
-	"golang.org/x/sync/errgroup"
-
-	"github.com/netbirdio/netbird/client/internal/proxy"
-	"github.com/netbirdio/netbird/iface"
-	sproto "github.com/netbirdio/netbird/signal/proto"
 )
 
 var connConf = ConnConfig{
@@ -29,7 +25,7 @@ func TestNewConn_interfaceFilter(t *testing.T) {
 	ignore := []string{iface.WgInterfaceDefault, "tun0", "zt", "ZeroTier", "utun", "wg", "ts",
 		"Tailscale", "tailscale"}
 
-	filter := stdnet.InterfaceFilter(ignore)
+	filter := interfaceFilter(ignore)
 
 	for _, s := range ignore {
 		assert.Equal(t, filter(s), false)
@@ -38,7 +34,7 @@ func TestNewConn_interfaceFilter(t *testing.T) {
 }
 
 func TestConn_GetKey(t *testing.T) {
-	conn, err := NewConn(connConf, nil, nil, nil)
+	conn, err := NewConn(connConf, nil)
 	if err != nil {
 		return
 	}
@@ -50,7 +46,7 @@ func TestConn_GetKey(t *testing.T) {
 
 func TestConn_OnRemoteOffer(t *testing.T) {
 
-	conn, err := NewConn(connConf, NewRecorder("https://mgm"), nil, nil)
+	conn, err := NewConn(connConf, nbstatus.NewRecorder())
 	if err != nil {
 		return
 	}
@@ -84,7 +80,7 @@ func TestConn_OnRemoteOffer(t *testing.T) {
 
 func TestConn_OnRemoteAnswer(t *testing.T) {
 
-	conn, err := NewConn(connConf, NewRecorder("https://mgm"), nil, nil)
+	conn, err := NewConn(connConf, nbstatus.NewRecorder())
 	if err != nil {
 		return
 	}
@@ -117,7 +113,7 @@ func TestConn_OnRemoteAnswer(t *testing.T) {
 }
 func TestConn_Status(t *testing.T) {
 
-	conn, err := NewConn(connConf, NewRecorder("https://mgm"), nil, nil)
+	conn, err := NewConn(connConf, nbstatus.NewRecorder())
 	if err != nil {
 		return
 	}
@@ -144,7 +140,7 @@ func TestConn_Status(t *testing.T) {
 
 func TestConn_Close(t *testing.T) {
 
-	conn, err := NewConn(connConf, NewRecorder("https://mgm"), nil, nil)
+	conn, err := NewConn(connConf, nbstatus.NewRecorder())
 	if err != nil {
 		return
 	}
@@ -169,274 +165,3 @@ func TestConn_Close(t *testing.T) {
 
 	wg.Wait()
 }
-
-type mockICECandidate struct {
-	ice.Candidate
-	AddressFunc func() string
-	TypeFunc    func() ice.CandidateType
-}
-
-// Address mocks and overwrite ice.Candidate Address method
-func (m *mockICECandidate) Address() string {
-	if m.AddressFunc != nil {
-		return m.AddressFunc()
-	}
-	return ""
-}
-
-// Type mocks and overwrite ice.Candidate Type method
-func (m *mockICECandidate) Type() ice.CandidateType {
-	if m.TypeFunc != nil {
-		return m.TypeFunc()
-	}
-	return ice.CandidateTypeUnspecified
-}
-
-func TestConn_ShouldUseProxy(t *testing.T) {
-	publicHostCandidate := &mockICECandidate{
-		AddressFunc: func() string {
-			return "8.8.8.8"
-		},
-		TypeFunc: func() ice.CandidateType {
-			return ice.CandidateTypeHost
-		},
-	}
-	privateHostCandidate := &mockICECandidate{
-		AddressFunc: func() string {
-			return "10.0.0.1:44576"
-		},
-		TypeFunc: func() ice.CandidateType {
-			return ice.CandidateTypeHost
-		},
-	}
-
-	srflxCandidate := &mockICECandidate{
-		AddressFunc: func() string {
-			return "1.1.1.1"
-		},
-		TypeFunc: func() ice.CandidateType {
-			return ice.CandidateTypeServerReflexive
-		},
-	}
-
-	prflxCandidate := &mockICECandidate{
-		AddressFunc: func() string {
-			return "1.1.1.1"
-		},
-		TypeFunc: func() ice.CandidateType {
-			return ice.CandidateTypePeerReflexive
-		},
-	}
-
-	relayCandidate := &mockICECandidate{
-		AddressFunc: func() string {
-			return "1.1.1.1"
-		},
-		TypeFunc: func() ice.CandidateType {
-			return ice.CandidateTypeRelay
-		},
-	}
-
-	testCases := []struct {
-		name        string
-		candatePair *ice.CandidatePair
-		expected    bool
-	}{
-		{
-			name: "Use Proxy When Local Candidate Is Relay",
-			candatePair: &ice.CandidatePair{
-				Local:  relayCandidate,
-				Remote: privateHostCandidate,
-			},
-			expected: true,
-		},
-		{
-			name: "Use Proxy When Remote Candidate Is Relay",
-			candatePair: &ice.CandidatePair{
-				Local:  privateHostCandidate,
-				Remote: relayCandidate,
-			},
-			expected: true,
-		},
-		{
-			name: "Use Proxy When Local Candidate Is Peer Reflexive",
-			candatePair: &ice.CandidatePair{
-				Local:  prflxCandidate,
-				Remote: privateHostCandidate,
-			},
-			expected: true,
-		},
-		{
-			name: "Use Proxy When Remote Candidate Is Peer Reflexive",
-			candatePair: &ice.CandidatePair{
-				Local:  privateHostCandidate,
-				Remote: prflxCandidate,
-			},
-			expected: true,
-		},
-		{
-			name: "Don't Use Proxy When Local Candidate Is Public And Remote Is Private",
-			candatePair: &ice.CandidatePair{
-				Local:  publicHostCandidate,
-				Remote: privateHostCandidate,
-			},
-			expected: false,
-		},
-		{
-			name: "Don't Use Proxy When Remote Candidate Is Public And Local Is Private",
-			candatePair: &ice.CandidatePair{
-				Local:  privateHostCandidate,
-				Remote: publicHostCandidate,
-			},
-			expected: false,
-		},
-		{
-			name: "Don't Use Proxy When Local Candidate is Public And Remote Is Server Reflexive",
-			candatePair: &ice.CandidatePair{
-				Local:  publicHostCandidate,
-				Remote: srflxCandidate,
-			},
-			expected: false,
-		},
-		{
-			name: "Don't Use Proxy When Remote Candidate is Public And Local Is Server Reflexive",
-			candatePair: &ice.CandidatePair{
-				Local:  srflxCandidate,
-				Remote: publicHostCandidate,
-			},
-			expected: false,
-		},
-		{
-			name: "Don't Use Proxy When Both Candidates Are Public",
-			candatePair: &ice.CandidatePair{
-				Local:  publicHostCandidate,
-				Remote: publicHostCandidate,
-			},
-			expected: false,
-		},
-		{
-			name: "Don't Use Proxy When Both Candidates Are Private",
-			candatePair: &ice.CandidatePair{
-				Local:  privateHostCandidate,
-				Remote: privateHostCandidate,
-			},
-			expected: false,
-		},
-	}
-
-	for _, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			result := shouldUseProxy(testCase.candatePair, false)
-			if result != testCase.expected {
-				t.Errorf("got a different result. Expected %t Got %t", testCase.expected, result)
-			}
-		})
-	}
-}
-
-func TestGetProxyWithMessageExchange(t *testing.T) {
-	publicHostCandidate := &mockICECandidate{
-		AddressFunc: func() string {
-			return "8.8.8.8"
-		},
-		TypeFunc: func() ice.CandidateType {
-			return ice.CandidateTypeHost
-		},
-	}
-	relayCandidate := &mockICECandidate{
-		AddressFunc: func() string {
-			return "1.1.1.1"
-		},
-		TypeFunc: func() ice.CandidateType {
-			return ice.CandidateTypeRelay
-		},
-	}
-
-	testCases := []struct {
-		name                   string
-		candatePair            *ice.CandidatePair
-		inputDirectModeSupport bool
-		inputRemoteModeMessage bool
-		expected               proxy.Type
-	}{
-		{
-			name: "Should Result In Using Wireguard Proxy When Local Eval Is Use Proxy",
-			candatePair: &ice.CandidatePair{
-				Local:  relayCandidate,
-				Remote: publicHostCandidate,
-			},
-			inputDirectModeSupport: true,
-			inputRemoteModeMessage: true,
-			expected:               proxy.TypeWireGuard,
-		},
-		{
-			name: "Should Result In Using Wireguard Proxy When Remote Eval Is Use Proxy",
-			candatePair: &ice.CandidatePair{
-				Local:  publicHostCandidate,
-				Remote: publicHostCandidate,
-			},
-			inputDirectModeSupport: true,
-			inputRemoteModeMessage: false,
-			expected:               proxy.TypeWireGuard,
-		},
-		{
-			name: "Should Result In Using Wireguard Proxy When Remote Direct Mode Support Is False And Local Eval Is Use Proxy",
-			candatePair: &ice.CandidatePair{
-				Local:  relayCandidate,
-				Remote: publicHostCandidate,
-			},
-			inputDirectModeSupport: false,
-			inputRemoteModeMessage: false,
-			expected:               proxy.TypeWireGuard,
-		},
-		{
-			name: "Should Result In Using Direct When Remote Direct Mode Support Is False And Local Eval Is No Use Proxy",
-			candatePair: &ice.CandidatePair{
-				Local:  publicHostCandidate,
-				Remote: publicHostCandidate,
-			},
-			inputDirectModeSupport: false,
-			inputRemoteModeMessage: false,
-			expected:               proxy.TypeDirectNoProxy,
-		},
-		{
-			name: "Should Result In Using Direct When Local And Remote Eval Is No Proxy",
-			candatePair: &ice.CandidatePair{
-				Local:  publicHostCandidate,
-				Remote: publicHostCandidate,
-			},
-			inputDirectModeSupport: true,
-			inputRemoteModeMessage: true,
-			expected:               proxy.TypeDirectNoProxy,
-		},
-	}
-	for _, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			g := errgroup.Group{}
-			conn, err := NewConn(connConf, nil, nil, nil)
-			if err != nil {
-				t.Fatal(err)
-			}
-			conn.meta.protoSupport.DirectCheck = testCase.inputDirectModeSupport
-			conn.SetSendSignalMessage(func(message *sproto.Message) error {
-				return nil
-			})
-
-			g.Go(func() error {
-				return conn.OnModeMessage(ModeMessage{
-					Direct: testCase.inputRemoteModeMessage,
-				})
-			})
-
-			resultProxy := conn.getProxyWithMessageExchange(testCase.candatePair, 1000)
-
-			err = g.Wait()
-			if err != nil {
-				t.Error(err)
-			}
-			if resultProxy.Type() != testCase.expected {
-				t.Errorf("result didn't match expected value: Expected: %s, Got: %s", testCase.expected, resultProxy.Type())
-			}
-		})
-	}
-}

client/internal/peer/listener.go

@@ -1,11 +0,0 @@
-package peer
-
-// Listener is a callback type about the NetBird network connection state
-type Listener interface {
-	OnConnected()
-	OnDisconnected()
-	OnConnecting()
-	OnDisconnecting()
-	OnAddressChanged(string, string)
-	OnPeersListChanged(int)
-}

client/internal/peer/notifier.go

@@ -1,142 +0,0 @@
-package peer
-
-import (
-	"sync"
-)
-
-const (
-	stateDisconnected = iota
-	stateConnected
-	stateConnecting
-	stateDisconnecting
-)
-
-type notifier struct {
-	serverStateLock    sync.Mutex
-	listenersLock      sync.Mutex
-	listener           Listener
-	currentClientState bool
-	lastNotification   int
-}
-
-func newNotifier() *notifier {
-	return &notifier{}
-}
-
-func (n *notifier) setListener(listener Listener) {
-	n.listenersLock.Lock()
-	defer n.listenersLock.Unlock()
-
-	n.serverStateLock.Lock()
-	n.notifyListener(listener, n.lastNotification)
-	n.serverStateLock.Unlock()
-
-	n.listener = listener
-}
-
-func (n *notifier) removeListener() {
-	n.listenersLock.Lock()
-	defer n.listenersLock.Unlock()
-	n.listener = nil
-}
-
-func (n *notifier) updateServerStates(mgmState bool, signalState bool) {
-	n.serverStateLock.Lock()
-	defer n.serverStateLock.Unlock()
-
-	calculatedState := n.calculateState(mgmState, signalState)
-
-	if !n.isServerStateChanged(calculatedState) {
-		return
-	}
-
-	n.lastNotification = calculatedState
-
-	n.notify(n.lastNotification)
-}
-
-func (n *notifier) clientStart() {
-	n.serverStateLock.Lock()
-	defer n.serverStateLock.Unlock()
-	n.currentClientState = true
-	n.lastNotification = stateConnected
-	n.notify(n.lastNotification)
-}
-
-func (n *notifier) clientStop() {
-	n.serverStateLock.Lock()
-	defer n.serverStateLock.Unlock()
-	n.currentClientState = false
-	n.lastNotification = stateDisconnected
-	n.notify(n.lastNotification)
-}
-
-func (n *notifier) clientTearDown() {
-	n.serverStateLock.Lock()
-	defer n.serverStateLock.Unlock()
-	n.currentClientState = false
-	n.lastNotification = stateDisconnecting
-	n.notify(n.lastNotification)
-}
-
-func (n *notifier) isServerStateChanged(newState int) bool {
-	return n.lastNotification != newState
-}
-
-func (n *notifier) notify(state int) {
-	n.listenersLock.Lock()
-	defer n.listenersLock.Unlock()
-	if n.listener == nil {
-		return
-	}
-	n.notifyListener(n.listener, state)
-}
-
-func (n *notifier) notifyListener(l Listener, state int) {
-	go func() {
-		switch state {
-		case stateDisconnected:
-			l.OnDisconnected()
-		case stateConnected:
-			l.OnConnected()
-		case stateConnecting:
-			l.OnConnecting()
-		case stateDisconnecting:
-			l.OnDisconnecting()
-		}
-	}()
-}
-
-func (n *notifier) calculateState(managementConn, signalConn bool) int {
-	if managementConn && signalConn {
-		return stateConnected
-	}
-
-	if !managementConn && !signalConn {
-		return stateDisconnected
-	}
-
-	if n.lastNotification == stateDisconnecting {
-		return stateDisconnecting
-	}
-
-	return stateConnecting
-}
-
-func (n *notifier) peerListChanged(numOfPeers int) {
-	n.listenersLock.Lock()
-	defer n.listenersLock.Unlock()
-	if n.listener == nil {
-		return
-	}
-	n.listener.OnPeersListChanged(numOfPeers)
-}
-
-func (n *notifier) localAddressChanged(fqdn, address string) {
-	n.listenersLock.Lock()
-	defer n.listenersLock.Unlock()
-	if n.listener == nil {
-		return
-	}
-	n.listener.OnAddressChanged(fqdn, address)
-}

client/internal/peer/notifier_test.go

@@ -1,97 +0,0 @@
-package peer
-
-import (
-	"sync"
-	"testing"
-)
-
-type mocListener struct {
-	lastState int
-	wg        sync.WaitGroup
-	peers     int
-}
-
-func (l *mocListener) OnConnected() {
-	l.lastState = stateConnected
-	l.wg.Done()
-}
-func (l *mocListener) OnDisconnected() {
-	l.lastState = stateDisconnected
-	l.wg.Done()
-}
-func (l *mocListener) OnConnecting() {
-	l.lastState = stateConnecting
-	l.wg.Done()
-}
-func (l *mocListener) OnDisconnecting() {
-	l.lastState = stateDisconnecting
-	l.wg.Done()
-}
-
-func (l *mocListener) OnAddressChanged(host, addr string) {
-
-}
-func (l *mocListener) OnPeersListChanged(size int) {
-	l.peers = size
-}
-
-func (l *mocListener) setWaiter() {
-	l.wg.Add(1)
-}
-
-func (l *mocListener) wait() {
-	l.wg.Wait()
-}
-
-func Test_notifier_serverState(t *testing.T) {
-
-	type scenario struct {
-		name        string
-		expected    int
-		mgmState    bool
-		signalState bool
-	}
-	scenarios := []scenario{
-		{"connected", stateConnected, true, true},
-		{"mgm down", stateConnecting, false, true},
-		{"signal down", stateConnecting, true, false},
-		{"disconnected", stateDisconnected, false, false},
-	}
-
-	for _, tt := range scenarios {
-		t.Run(tt.name, func(t *testing.T) {
-			n := newNotifier()
-			n.updateServerStates(tt.mgmState, tt.signalState)
-			if n.lastNotification != tt.expected {
-				t.Errorf("invalid serverstate: %d, expected: %d", n.lastNotification, tt.expected)
-			}
-		})
-	}
-}
-
-func Test_notifier_SetListener(t *testing.T) {
-	listener := &mocListener{}
-	listener.setWaiter()
-
-	n := newNotifier()
-	n.lastNotification = stateConnecting
-	n.setListener(listener)
-	listener.wait()
-	if listener.lastState != n.lastNotification {
-		t.Errorf("invalid state: %d, expected: %d", listener.lastState, n.lastNotification)
-	}
-}
-
-func Test_notifier_RemoveListener(t *testing.T) {
-	listener := &mocListener{}
-	listener.setWaiter()
-	n := newNotifier()
-	n.lastNotification = stateConnecting
-	n.setListener(listener)
-	n.removeListener()
-	n.peerListChanged(1)
-
-	if listener.peers != 0 {
-		t.Errorf("invalid state: %d", listener.peers)
-	}
-}

client/internal/peer/status.go

@@ -1,316 +1,25 @@
 package peer
 
-import (
-	"errors"
-	"sync"
-	"time"
+import log "github.com/sirupsen/logrus"
+
+type ConnStatus int
+
+func (s ConnStatus) String() string {
+	switch s {
+	case StatusConnecting:
+		return "Connecting"
+	case StatusConnected:
+		return "Connected"
+	case StatusDisconnected:
+		return "Disconnected"
+	default:
+		log.Errorf("unknown status: %d", s)
+		return "INVALID_PEER_CONNECTION_STATUS"
+	}
+}
+
+const (
+	StatusConnected ConnStatus = iota
+	StatusConnecting
+	StatusDisconnected
 )
-
-// State contains the latest state of a peer
-type State struct {
-	IP                     string
-	PubKey                 string
-	FQDN                   string
-	ConnStatus             ConnStatus
-	ConnStatusUpdate       time.Time
-	Relayed                bool
-	Direct                 bool
-	LocalIceCandidateType  string
-	RemoteIceCandidateType string
-}
-
-// LocalPeerState contains the latest state of the local peer
-type LocalPeerState struct {
-	IP              string
-	PubKey          string
-	KernelInterface bool
-	FQDN            string
-}
-
-// SignalState contains the latest state of a signal connection
-type SignalState struct {
-	URL       string
-	Connected bool
-}
-
-// ManagementState contains the latest state of a management connection
-type ManagementState struct {
-	URL       string
-	Connected bool
-}
-
-// FullStatus contains the full state held by the Status instance
-type FullStatus struct {
-	Peers           []State
-	ManagementState ManagementState
-	SignalState     SignalState
-	LocalPeerState  LocalPeerState
-}
-
-// Status holds a state of peers, signal and management connections
-type Status struct {
-	mux             sync.Mutex
-	peers           map[string]State
-	changeNotify    map[string]chan struct{}
-	signalState     bool
-	managementState bool
-	localPeer       LocalPeerState
-	offlinePeers    []State
-	mgmAddress      string
-	signalAddress   string
-	notifier        *notifier
-}
-
-// NewRecorder returns a new Status instance
-func NewRecorder(mgmAddress string) *Status {
-	return &Status{
-		peers:        make(map[string]State),
-		changeNotify: make(map[string]chan struct{}),
-		offlinePeers: make([]State, 0),
-		notifier:     newNotifier(),
-		mgmAddress:   mgmAddress,
-	}
-}
-
-// ReplaceOfflinePeers replaces
-func (d *Status) ReplaceOfflinePeers(replacement []State) {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-	d.offlinePeers = make([]State, len(replacement))
-	copy(d.offlinePeers, replacement)
-}
-
-// AddPeer adds peer to Daemon status map
-func (d *Status) AddPeer(peerPubKey string) error {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-
-	_, ok := d.peers[peerPubKey]
-	if ok {
-		return errors.New("peer already exist")
-	}
-	d.peers[peerPubKey] = State{PubKey: peerPubKey, ConnStatus: StatusDisconnected}
-	return nil
-}
-
-// GetPeer adds peer to Daemon status map
-func (d *Status) GetPeer(peerPubKey string) (State, error) {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-
-	state, ok := d.peers[peerPubKey]
-	if !ok {
-		return State{}, errors.New("peer not found")
-	}
-	return state, nil
-}
-
-// RemovePeer removes peer from Daemon status map
-func (d *Status) RemovePeer(peerPubKey string) error {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-
-	_, ok := d.peers[peerPubKey]
-	if ok {
-		delete(d.peers, peerPubKey)
-		return nil
-	}
-
-	d.notifyPeerListChanged()
-	return errors.New("no peer with to remove")
-}
-
-// UpdatePeerState updates peer status
-func (d *Status) UpdatePeerState(receivedState State) error {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-
-	peerState, ok := d.peers[receivedState.PubKey]
-	if !ok {
-		return errors.New("peer doesn't exist")
-	}
-
-	if receivedState.IP != "" {
-		peerState.IP = receivedState.IP
-	}
-
-	if receivedState.ConnStatus != peerState.ConnStatus {
-		peerState.ConnStatus = receivedState.ConnStatus
-		peerState.ConnStatusUpdate = receivedState.ConnStatusUpdate
-		peerState.Direct = receivedState.Direct
-		peerState.Relayed = receivedState.Relayed
-		peerState.LocalIceCandidateType = receivedState.LocalIceCandidateType
-		peerState.RemoteIceCandidateType = receivedState.RemoteIceCandidateType
-	}
-
-	d.peers[receivedState.PubKey] = peerState
-
-	ch, found := d.changeNotify[receivedState.PubKey]
-	if found && ch != nil {
-		close(ch)
-		d.changeNotify[receivedState.PubKey] = nil
-	}
-
-	d.notifyPeerListChanged()
-	return nil
-}
-
-// UpdatePeerFQDN update peer's state fqdn only
-func (d *Status) UpdatePeerFQDN(peerPubKey, fqdn string) error {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-
-	peerState, ok := d.peers[peerPubKey]
-	if !ok {
-		return errors.New("peer doesn't exist")
-	}
-
-	peerState.FQDN = fqdn
-	d.peers[peerPubKey] = peerState
-
-	d.notifyPeerListChanged()
-	return nil
-}
-
-// GetPeerStateChangeNotifier returns a change notifier channel for a peer
-func (d *Status) GetPeerStateChangeNotifier(peer string) <-chan struct{} {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-	ch, found := d.changeNotify[peer]
-	if !found || ch == nil {
-		ch = make(chan struct{})
-		d.changeNotify[peer] = ch
-	}
-	return ch
-}
-
-// UpdateLocalPeerState updates local peer status
-func (d *Status) UpdateLocalPeerState(localPeerState LocalPeerState) {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-
-	d.localPeer = localPeerState
-	d.notifyAddressChanged()
-}
-
-// CleanLocalPeerState cleans local peer status
-func (d *Status) CleanLocalPeerState() {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-
-	d.localPeer = LocalPeerState{}
-	d.notifyAddressChanged()
-}
-
-// MarkManagementDisconnected sets ManagementState to disconnected
-func (d *Status) MarkManagementDisconnected() {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-	defer d.onConnectionChanged()
-
-	d.managementState = false
-}
-
-// MarkManagementConnected sets ManagementState to connected
-func (d *Status) MarkManagementConnected() {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-	defer d.onConnectionChanged()
-
-	d.managementState = true
-}
-
-// UpdateSignalAddress update the address of the signal server
-func (d *Status) UpdateSignalAddress(signalURL string) {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-	d.signalAddress = signalURL
-}
-
-// UpdateManagementAddress update the address of the management server
-func (d *Status) UpdateManagementAddress(mgmAddress string) {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-	d.mgmAddress = mgmAddress
-}
-
-// MarkSignalDisconnected sets SignalState to disconnected
-func (d *Status) MarkSignalDisconnected() {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-	defer d.onConnectionChanged()
-
-	d.signalState = false
-}
-
-// MarkSignalConnected sets SignalState to connected
-func (d *Status) MarkSignalConnected() {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-	defer d.onConnectionChanged()
-
-	d.signalState = true
-}
-
-// GetFullStatus gets full status
-func (d *Status) GetFullStatus() FullStatus {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-
-	fullStatus := FullStatus{
-		ManagementState: ManagementState{
-			d.mgmAddress,
-			d.managementState,
-		},
-		SignalState: SignalState{
-			d.signalAddress,
-			d.signalState,
-		},
-		LocalPeerState: d.localPeer,
-	}
-
-	for _, status := range d.peers {
-		fullStatus.Peers = append(fullStatus.Peers, status)
-	}
-
-	fullStatus.Peers = append(fullStatus.Peers, d.offlinePeers...)
-
-	return fullStatus
-}
-
-// ClientStart will notify all listeners about the new service state
-func (d *Status) ClientStart() {
-	d.notifier.clientStart()
-}
-
-// ClientStop will notify all listeners about the new service state
-func (d *Status) ClientStop() {
-	d.notifier.clientStop()
-}
-
-// ClientTeardown will notify all listeners about the service is under teardown
-func (d *Status) ClientTeardown() {
-	d.notifier.clientTearDown()
-}
-
-// SetConnectionListener set a listener to the notifier
-func (d *Status) SetConnectionListener(listener Listener) {
-	d.notifier.setListener(listener)
-}
-
-// RemoveConnectionListener remove the listener from the notifier
-func (d *Status) RemoveConnectionListener() {
-	d.notifier.removeListener()
-}
-
-func (d *Status) onConnectionChanged() {
-	d.notifier.updateServerStates(d.managementState, d.signalState)
-}
-
-func (d *Status) notifyPeerListChanged() {
-	d.notifier.peerListChanged(len(d.peers))
-}
-
-func (d *Status) notifyAddressChanged() {
-	d.notifier.localAddressChanged(d.localPeer.FQDN, d.localPeer.IP)
-}

client/internal/peer/status_test.go

@@ -1,233 +1,27 @@
 package peer
 
 import (
+	"github.com/magiconair/properties/assert"
 	"testing"
-
-	"github.com/stretchr/testify/assert"
 )
 
-func TestAddPeer(t *testing.T) {
-	key := "abc"
-	status := NewRecorder("https://mgm")
-	err := status.AddPeer(key)
-	assert.NoError(t, err, "shouldn't return error")
+func TestConnStatus_String(t *testing.T) {
 
-	_, exists := status.peers[key]
-	assert.True(t, exists, "value was found")
-
-	err = status.AddPeer(key)
-
-	assert.Error(t, err, "should return error on duplicate")
-}
-
-func TestGetPeer(t *testing.T) {
-	key := "abc"
-	status := NewRecorder("https://mgm")
-	err := status.AddPeer(key)
-	assert.NoError(t, err, "shouldn't return error")
-
-	peerStatus, err := status.GetPeer(key)
-	assert.NoError(t, err, "shouldn't return error on getting peer")
-
-	assert.Equal(t, key, peerStatus.PubKey, "retrieved public key should match")
-
-	_, err = status.GetPeer("non_existing_key")
-	assert.Error(t, err, "should return error when peer doesn't exist")
-}
-
-func TestUpdatePeerState(t *testing.T) {
-	key := "abc"
-	ip := "10.10.10.10"
-	status := NewRecorder("https://mgm")
-	peerState := State{
-		PubKey: key,
-	}
-
-	status.peers[key] = peerState
-
-	peerState.IP = ip
-
-	err := status.UpdatePeerState(peerState)
-	assert.NoError(t, err, "shouldn't return error")
-
-	state, exists := status.peers[key]
-	assert.True(t, exists, "state should be found")
-	assert.Equal(t, ip, state.IP, "ip should be equal")
-}
-
-func TestStatus_UpdatePeerFQDN(t *testing.T) {
-	key := "abc"
-	fqdn := "peer-a.netbird.local"
-	status := NewRecorder("https://mgm")
-	peerState := State{
-		PubKey: key,
-	}
-
-	status.peers[key] = peerState
-
-	err := status.UpdatePeerFQDN(key, fqdn)
-	assert.NoError(t, err, "shouldn't return error")
-
-	state, exists := status.peers[key]
-	assert.True(t, exists, "state should be found")
-	assert.Equal(t, fqdn, state.FQDN, "fqdn should be equal")
-}
-
-func TestGetPeerStateChangeNotifierLogic(t *testing.T) {
-	key := "abc"
-	ip := "10.10.10.10"
-	status := NewRecorder("https://mgm")
-	peerState := State{
-		PubKey: key,
-	}
-
-	status.peers[key] = peerState
-
-	ch := status.GetPeerStateChangeNotifier(key)
-	assert.NotNil(t, ch, "channel shouldn't be nil")
-
-	peerState.IP = ip
-
-	err := status.UpdatePeerState(peerState)
-	assert.NoError(t, err, "shouldn't return error")
-
-	select {
-	case <-ch:
-	default:
-		t.Errorf("channel wasn't closed after update")
-	}
-}
-
-func TestRemovePeer(t *testing.T) {
-	key := "abc"
-	status := NewRecorder("https://mgm")
-	peerState := State{
-		PubKey: key,
-	}
-
-	status.peers[key] = peerState
-
-	err := status.RemovePeer(key)
-	assert.NoError(t, err, "shouldn't return error")
-
-	_, exists := status.peers[key]
-	assert.False(t, exists, "state value shouldn't be found")
-
-	err = status.RemovePeer("not existing")
-	assert.Error(t, err, "should return error when peer doesn't exist")
-}
-
-func TestUpdateLocalPeerState(t *testing.T) {
-	localPeerState := LocalPeerState{
-		IP:              "10.10.10.10",
-		PubKey:          "abc",
-		KernelInterface: false,
-	}
-	status := NewRecorder("https://mgm")
-
-	status.UpdateLocalPeerState(localPeerState)
-
-	assert.Equal(t, localPeerState, status.localPeer, "local peer status should be equal")
-}
-
-func TestCleanLocalPeerState(t *testing.T) {
-	emptyLocalPeerState := LocalPeerState{}
-	localPeerState := LocalPeerState{
-		IP:              "10.10.10.10",
-		PubKey:          "abc",
-		KernelInterface: false,
-	}
-	status := NewRecorder("https://mgm")
-
-	status.localPeer = localPeerState
-
-	status.CleanLocalPeerState()
-
-	assert.Equal(t, emptyLocalPeerState, status.localPeer, "local peer status should be empty")
-}
-
-func TestUpdateSignalState(t *testing.T) {
-	url := "https://signal"
-	var tests = []struct {
-		name      string
-		connected bool
-		want      bool
+	tables := []struct {
+		name   string
+		status ConnStatus
+		want   string
 	}{
-		{"should mark as connected", true, true},
-		{"should mark as disconnected", false, false},
+		{"StatusConnected", StatusConnected, "Connected"},
+		{"StatusDisconnected", StatusDisconnected, "Disconnected"},
+		{"StatusConnecting", StatusConnecting, "Connecting"},
 	}
 
-	status := NewRecorder("https://mgm")
-	status.UpdateSignalAddress(url)
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			if test.connected {
-				status.MarkSignalConnected()
-			} else {
-				status.MarkSignalDisconnected()
-			}
-			assert.Equal(t, test.want, status.signalState, "signal status should be equal")
+	for _, table := range tables {
+		t.Run(table.name, func(t *testing.T) {
+			got := table.status.String()
+			assert.Equal(t, got, table.want, "they should be equal")
 		})
 	}
-}
-
-func TestUpdateManagementState(t *testing.T) {
-	url := "https://management"
-	var tests = []struct {
-		name      string
-		connected bool
-		want      bool
-	}{
-		{"should mark as connected", true, true},
-		{"should mark as disconnected", false, false},
-	}
-
-	status := NewRecorder(url)
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			if test.connected {
-				status.MarkManagementConnected()
-			} else {
-				status.MarkManagementDisconnected()
-			}
-			assert.Equal(t, test.want, status.managementState, "signalState status should be equal")
-		})
-	}
-}
-
-func TestGetFullStatus(t *testing.T) {
-	key1 := "abc"
-	key2 := "def"
-	signalAddr := "https://signal"
-	managementState := ManagementState{
-		URL:       "https://mgm",
-		Connected: true,
-	}
-	signalState := SignalState{
-		URL:       signalAddr,
-		Connected: true,
-	}
-	peerState1 := State{
-		PubKey: key1,
-	}
-
-	peerState2 := State{
-		PubKey: key2,
-	}
-
-	status := NewRecorder("https://mgm")
-	status.UpdateSignalAddress(signalAddr)
-
-	status.managementState = managementState.Connected
-	status.signalState = signalState.Connected
-	status.peers[key1] = peerState1
-	status.peers[key2] = peerState2
-
-	fullStatus := status.GetFullStatus()
-
-	assert.Equal(t, managementState, fullStatus.ManagementState, "management status should be equal")
-	assert.Equal(t, signalState, fullStatus.SignalState, "signal status should be equal")
-	assert.ElementsMatch(t, []State{peerState1, peerState2}, fullStatus.Peers, "peers states should match")
+
 }

client/internal/peer/stdnet.go

@@ -1,11 +0,0 @@
-//go:build !android
-
-package peer
-
-import (
-	"github.com/netbirdio/netbird/client/internal/stdnet"
-)
-
-func (conn *Conn) newStdNet() (*stdnet.Net, error) {
-	return stdnet.NewNet(conn.config.InterfaceBlackList)
-}

client/internal/peer/stdnet_android.go

@@ -1,7 +0,0 @@
-package peer
-
-import "github.com/netbirdio/netbird/client/internal/stdnet"
-
-func (conn *Conn) newStdNet() (*stdnet.Net, error) {
-	return stdnet.NewNetWithDiscover(conn.iFaceDiscover, conn.config.InterfaceBlackList)
-}

client/internal/proxy/direct.go

@@ -1,67 +0,0 @@
-package proxy
-
-import (
-	"net"
-
-	log "github.com/sirupsen/logrus"
-
-	"github.com/netbirdio/netbird/iface"
-)
-
-// DirectNoProxy is used when there is no need for a proxy between ICE and WireGuard.
-// This is possible in either of these cases:
-// - peers are in the same local network
-// - one of the peers has a public static IP (host)
-// DirectNoProxy will just update remote peer with a remote host and fixed WireGuard port (r.g. 51820).
-// In order DirectNoProxy to work, WireGuard port has to be fixed for the time being.
-type DirectNoProxy struct {
-	wgInterface *iface.WGIface
-
-	remoteKey  string
-	allowedIps string
-
-	// RemoteWgListenPort is a WireGuard port of a remote peer.
-	// It is used instead of the hardcoded 51820 port.
-	remoteWgListenPort int
-}
-
-// NewDirectNoProxy creates a new DirectNoProxy with a provided config and remote peer's WireGuard listen port
-func NewDirectNoProxy(wgInterface *iface.WGIface, remoteKey string, allowedIps string, remoteWgPort int) *DirectNoProxy {
-	return &DirectNoProxy{
-		wgInterface:        wgInterface,
-		remoteKey:          remoteKey,
-		allowedIps:         allowedIps,
-		remoteWgListenPort: remoteWgPort}
-}
-
-// Close removes peer from the WireGuard interface
-func (p *DirectNoProxy) Close() error {
-	err := p.wgInterface.RemovePeer(p.remoteKey)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-// Start just updates WireGuard peer with the remote IP and default WireGuard port
-func (p *DirectNoProxy) Start(remoteConn net.Conn) error {
-
-	log.Debugf("using DirectNoProxy while connecting to peer %s", p.remoteKey)
-	addr, err := net.ResolveUDPAddr("udp", remoteConn.RemoteAddr().String())
-	if err != nil {
-		return err
-	}
-	addr.Port = p.remoteWgListenPort
-	err = p.wgInterface.UpdatePeer(p.remoteKey, p.allowedIps, addr)
-
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// Type returns the type of this proxy
-func (p *DirectNoProxy) Type() Type {
-	return TypeDirectNoProxy
-}

client/internal/proxy/noproxy.go

@@ -5,18 +5,24 @@ import (
 	"net"
 )
 
-// NoProxy is used just to configure WireGuard without any local proxy in between.
-// Used when the WireGuard interface is userspace and uses bind.ICEBind
+// NoProxy is used when there is no need for a proxy between ICE and Wireguard.
+// This is possible in either of these cases:
+// - peers are in the same local network
+// - one of the peers has a public static IP (host)
+// NoProxy will just update remote peer with a remote host and fixed Wireguard port (r.g. 51820).
+// In order NoProxy to work, Wireguard port has to be fixed for the time being.
 type NoProxy struct {
 	config Config
+	// RemoteWgListenPort is a WireGuard port of a remote peer.
+	// It is used instead of the hardcoded 51820 port.
+	RemoteWgListenPort int
 }
 
-// NewNoProxy creates a new NoProxy with a provided config
-func NewNoProxy(config Config) *NoProxy {
-	return &NoProxy{config: config}
+// NewNoProxy creates a new NoProxy with a provided config and remote peer's WireGuard listen port
+func NewNoProxy(config Config, remoteWgPort int) *NoProxy {
+	return &NoProxy{config: config, RemoteWgListenPort: remoteWgPort}
 }
 
-// Close removes peer from the WireGuard interface
 func (p *NoProxy) Close() error {
 	err := p.config.WgInterface.RemovePeer(p.config.RemoteKey)
 	if err != nil {
@@ -25,16 +31,23 @@ func (p *NoProxy) Close() error {
 	return nil
 }
 
-// Start just updates WireGuard peer with the remote address
+// Start just updates Wireguard peer with the remote IP and default Wireguard port
 func (p *NoProxy) Start(remoteConn net.Conn) error {
 
-	log.Debugf("using NoProxy to connect to peer %s at %s", p.config.RemoteKey, remoteConn.RemoteAddr().String())
+	log.Debugf("using NoProxy while connecting to peer %s", p.config.RemoteKey)
 	addr, err := net.ResolveUDPAddr("udp", remoteConn.RemoteAddr().String())
 	if err != nil {
 		return err
 	}
-	return p.config.WgInterface.UpdatePeer(p.config.RemoteKey, p.config.AllowedIps, DefaultWgKeepAlive,
+	addr.Port = p.RemoteWgListenPort
+	err = p.config.WgInterface.UpdatePeer(p.config.RemoteKey, p.config.AllowedIps, DefaultWgKeepAlive,
 		addr, p.config.PreSharedKey)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
 }
 
 func (p *NoProxy) Type() Type {

client/internal/proxy/proxy.go

@@ -1,19 +1,31 @@
 package proxy
 
 import (
+	"github.com/netbirdio/netbird/iface"
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 	"io"
 	"net"
+	"time"
 )
 
+const DefaultWgKeepAlive = 25 * time.Second
+
 type Type string
 
 const (
-	TypeDirectNoProxy Type = "DirectNoProxy"
-	TypeWireGuard     Type = "WireGuard"
-	TypeDummy         Type = "Dummy"
-	TypeNoProxy       Type = "NoProxy"
+	TypeNoProxy   Type = "NoProxy"
+	TypeWireguard Type = "Wireguard"
+	TypeDummy     Type = "Dummy"
 )
 
+type Config struct {
+	WgListenAddr string
+	RemoteKey    string
+	WgInterface  *iface.WGIface
+	AllowedIps   string
+	PreSharedKey *wgtypes.Key
+}
+
 type Proxy interface {
 	io.Closer
 	// Start creates a local remoteConn and starts proxying data from/to remoteConn

client/internal/proxy/wireguard.go

@@ -6,8 +6,8 @@ import (
 	"net"
 )
 
-// WireGuardProxy proxies
-type WireGuardProxy struct {
+// WireguardProxy proxies
+type WireguardProxy struct {
 	ctx    context.Context
 	cancel context.CancelFunc
 
@@ -17,13 +17,13 @@ type WireGuardProxy struct {
 	localConn  net.Conn
 }
 
-func NewWireGuardProxy(config Config) *WireGuardProxy {
-	p := &WireGuardProxy{config: config}
+func NewWireguardProxy(config Config) *WireguardProxy {
+	p := &WireguardProxy{config: config}
 	p.ctx, p.cancel = context.WithCancel(context.Background())
 	return p
 }
 
-func (p *WireGuardProxy) updateEndpoint() error {
+func (p *WireguardProxy) updateEndpoint() error {
 	udpAddr, err := net.ResolveUDPAddr(p.localConn.LocalAddr().Network(), p.localConn.LocalAddr().String())
 	if err != nil {
 		return err
@@ -38,7 +38,7 @@ func (p *WireGuardProxy) updateEndpoint() error {
 	return nil
 }
 
-func (p *WireGuardProxy) Start(remoteConn net.Conn) error {
+func (p *WireguardProxy) Start(remoteConn net.Conn) error {
 	p.remoteConn = remoteConn
 
 	var err error
@@ -60,7 +60,7 @@ func (p *WireGuardProxy) Start(remoteConn net.Conn) error {
 	return nil
 }
 
-func (p *WireGuardProxy) Close() error {
+func (p *WireguardProxy) Close() error {
 	p.cancel()
 	if c := p.localConn; c != nil {
 		err := p.localConn.Close()
@@ -77,7 +77,7 @@ func (p *WireGuardProxy) Close() error {
 
 // proxyToRemote proxies everything from Wireguard to the RemoteKey peer
 // blocks
-func (p *WireGuardProxy) proxyToRemote() {
+func (p *WireguardProxy) proxyToRemote() {
 
 	buf := make([]byte, 1500)
 	for {
@@ -101,7 +101,7 @@ func (p *WireGuardProxy) proxyToRemote() {
 
 // proxyToLocal proxies everything from the RemoteKey peer to local Wireguard
 // blocks
-func (p *WireGuardProxy) proxyToLocal() {
+func (p *WireguardProxy) proxyToLocal() {
 
 	buf := make([]byte, 1500)
 	for {
@@ -123,6 +123,6 @@ func (p *WireGuardProxy) proxyToLocal() {
 	}
 }
 
-func (p *WireGuardProxy) Type() Type {
-	return TypeWireGuard
+func (p *WireguardProxy) Type() Type {
+	return TypeWireguard
 }

client/internal/routemanager/client.go

@@ -5,11 +5,11 @@ import (
 	"fmt"
 	"net/netip"
 
-	log "github.com/sirupsen/logrus"
-
 	"github.com/netbirdio/netbird/client/internal/peer"
+	"github.com/netbirdio/netbird/client/status"
 	"github.com/netbirdio/netbird/iface"
 	"github.com/netbirdio/netbird/route"
+	log "github.com/sirupsen/logrus"
 )
 
 type routerPeerStatus struct {
@@ -26,7 +26,7 @@ type routesUpdate struct {
 type clientNetwork struct {
 	ctx                 context.Context
 	stop                context.CancelFunc
-	statusRecorder      *peer.Status
+	statusRecorder      *status.Status
 	wgInterface         *iface.WGIface
 	routes              map[string]*route.Route
 	routeUpdate         chan routesUpdate
@@ -37,7 +37,7 @@ type clientNetwork struct {
 	updateSerial        uint64
 }
 
-func newClientNetworkWatcher(ctx context.Context, wgInterface *iface.WGIface, statusRecorder *peer.Status, network netip.Prefix) *clientNetwork {
+func newClientNetworkWatcher(ctx context.Context, wgInterface *iface.WGIface, statusRecorder *status.Status, network netip.Prefix) *clientNetwork {
 	ctx, cancel := context.WithCancel(ctx)
 	client := &clientNetwork{
 		ctx:                 ctx,
@@ -62,7 +62,7 @@ func (c *clientNetwork) getRouterPeerStatuses() map[string]routerPeerStatus {
 			continue
 		}
 		routePeerStatuses[r.ID] = routerPeerStatus{
-			connected: peerStatus.ConnStatus == peer.StatusConnected,
+			connected: peerStatus.ConnStatus == peer.StatusConnected.String(),
 			relayed:   peerStatus.Relayed,
 			direct:    peerStatus.Direct,
 		}
@@ -123,7 +123,7 @@ func (c *clientNetwork) watchPeerStatusChanges(ctx context.Context, peerKey stri
 			return
 		case <-c.statusRecorder.GetPeerStateChangeNotifier(peerKey):
 			state, err := c.statusRecorder.GetPeer(peerKey)
-			if err != nil || state.ConnStatus == peer.StatusConnecting {
+			if err != nil || state.ConnStatus == peer.StatusConnecting.String() {
 				continue
 			}
 			peerStateUpdate <- struct{}{}
@@ -144,7 +144,7 @@ func (c *clientNetwork) startPeersStatusChangeWatcher() {
 
 func (c *clientNetwork) removeRouteFromWireguardPeer(peerKey string) error {
 	state, err := c.statusRecorder.GetPeer(peerKey)
-	if err != nil || state.ConnStatus != peer.StatusConnected {
+	if err != nil || state.ConnStatus != peer.StatusConnected.String() {
 		return nil
 	}
 

client/internal/routemanager/manager.go

@@ -1,9 +1,189 @@
 package routemanager
 
-import "github.com/netbirdio/netbird/route"
+import (
+	"context"
+	"fmt"
+	"runtime"
+	"sync"
+
+	"github.com/netbirdio/netbird/client/status"
+	"github.com/netbirdio/netbird/client/system"
+	"github.com/netbirdio/netbird/iface"
+	"github.com/netbirdio/netbird/route"
+	log "github.com/sirupsen/logrus"
+)
 
 // Manager is a route manager interface
 type Manager interface {
 	UpdateRoutes(updateSerial uint64, newRoutes []*route.Route) error
 	Stop()
 }
+
+// DefaultManager is the default instance of a route manager
+type DefaultManager struct {
+	ctx            context.Context
+	stop           context.CancelFunc
+	mux            sync.Mutex
+	clientNetworks map[string]*clientNetwork
+	serverRoutes   map[string]*route.Route
+	serverRouter   *serverRouter
+	statusRecorder *status.Status
+	wgInterface    *iface.WGIface
+	pubKey         string
+}
+
+// NewManager returns a new route manager
+func NewManager(ctx context.Context, pubKey string, wgInterface *iface.WGIface, statusRecorder *status.Status) *DefaultManager {
+	mCTX, cancel := context.WithCancel(ctx)
+	return &DefaultManager{
+		ctx:            mCTX,
+		stop:           cancel,
+		clientNetworks: make(map[string]*clientNetwork),
+		serverRoutes:   make(map[string]*route.Route),
+		serverRouter: &serverRouter{
+			routes:                   make(map[string]*route.Route),
+			netForwardHistoryEnabled: isNetForwardHistoryEnabled(),
+			firewall:                 NewFirewall(ctx),
+		},
+		statusRecorder: statusRecorder,
+		wgInterface:    wgInterface,
+		pubKey:         pubKey,
+	}
+}
+
+// Stop stops the manager watchers and clean firewall rules
+func (m *DefaultManager) Stop() {
+	m.stop()
+	m.serverRouter.firewall.CleanRoutingRules()
+}
+
+func (m *DefaultManager) updateClientNetworks(updateSerial uint64, networks map[string][]*route.Route) {
+	// removing routes that do not exist as per the update from the Management service.
+	for id, client := range m.clientNetworks {
+		_, found := networks[id]
+		if !found {
+			log.Debugf("stopping client network watcher, %s", id)
+			client.stop()
+			delete(m.clientNetworks, id)
+		}
+	}
+
+	for id, routes := range networks {
+		clientNetworkWatcher, found := m.clientNetworks[id]
+		if !found {
+			clientNetworkWatcher = newClientNetworkWatcher(m.ctx, m.wgInterface, m.statusRecorder, routes[0].Network)
+			m.clientNetworks[id] = clientNetworkWatcher
+			go clientNetworkWatcher.peersStateAndUpdateWatcher()
+		}
+		update := routesUpdate{
+			updateSerial: updateSerial,
+			routes:       routes,
+		}
+
+		clientNetworkWatcher.sendUpdateToClientNetworkWatcher(update)
+	}
+}
+
+func (m *DefaultManager) updateServerRoutes(routesMap map[string]*route.Route) error {
+	serverRoutesToRemove := make([]string, 0)
+
+	if len(routesMap) > 0 {
+		err := m.serverRouter.firewall.RestoreOrCreateContainers()
+		if err != nil {
+			return fmt.Errorf("couldn't initialize firewall containers, got err: %v", err)
+		}
+	}
+
+	for routeID := range m.serverRoutes {
+		update, found := routesMap[routeID]
+		if !found || !update.IsEqual(m.serverRoutes[routeID]) {
+			serverRoutesToRemove = append(serverRoutesToRemove, routeID)
+			continue
+		}
+	}
+
+	for _, routeID := range serverRoutesToRemove {
+		oldRoute := m.serverRoutes[routeID]
+		err := m.removeFromServerNetwork(oldRoute)
+		if err != nil {
+			log.Errorf("unable to remove route id: %s, network %s, from server, got: %v",
+				oldRoute.ID, oldRoute.Network, err)
+		}
+		delete(m.serverRoutes, routeID)
+	}
+
+	for id, newRoute := range routesMap {
+		_, found := m.serverRoutes[id]
+		if found {
+			continue
+		}
+
+		err := m.addToServerNetwork(newRoute)
+		if err != nil {
+			log.Errorf("unable to add route %s from server, got: %v", newRoute.ID, err)
+			continue
+		}
+		m.serverRoutes[id] = newRoute
+	}
+
+	if len(m.serverRoutes) > 0 {
+		err := enableIPForwarding()
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// UpdateRoutes compares received routes with existing routes and remove, update or add them to the client and server maps
+func (m *DefaultManager) UpdateRoutes(updateSerial uint64, newRoutes []*route.Route) error {
+	select {
+	case <-m.ctx.Done():
+		log.Infof("not updating routes as context is closed")
+		return m.ctx.Err()
+	default:
+		m.mux.Lock()
+		defer m.mux.Unlock()
+
+		newClientRoutesIDMap := make(map[string][]*route.Route)
+		newServerRoutesMap := make(map[string]*route.Route)
+		ownNetworkIDs := make(map[string]bool)
+
+		for _, newRoute := range newRoutes {
+			networkID := route.GetHAUniqueID(newRoute)
+			if newRoute.Peer == m.pubKey {
+				ownNetworkIDs[networkID] = true
+				// only linux is supported for now
+				if runtime.GOOS != "linux" {
+					log.Warnf("received a route to manage, but agent doesn't support router mode on %s OS", runtime.GOOS)
+					continue
+				}
+				newServerRoutesMap[newRoute.ID] = newRoute
+			}
+		}
+
+		for _, newRoute := range newRoutes {
+			networkID := route.GetHAUniqueID(newRoute)
+			if !ownNetworkIDs[networkID] {
+				// if prefix is too small, lets assume is a possible default route which is not yet supported
+				// we skip this route management
+				if newRoute.Network.Bits() < 7 {
+					log.Errorf("this agent version: %s, doesn't support default routes, received %s, skiping this route",
+						system.NetbirdVersion(), newRoute.Network)
+					continue
+				}
+				newClientRoutesIDMap[networkID] = append(newClientRoutesIDMap[networkID], newRoute)
+			}
+		}
+
+		m.updateClientNetworks(updateSerial, newClientRoutesIDMap)
+
+		err := m.updateServerRoutes(newServerRoutesMap)
+		if err != nil {
+			return err
+		}
+
+		return nil
+	}
+}

client/internal/routemanager/manager_android.go

@@ -1,31 +0,0 @@
-package routemanager
-
-import (
-	"context"
-
-	"github.com/netbirdio/netbird/client/internal/peer"
-	"github.com/netbirdio/netbird/iface"
-	"github.com/netbirdio/netbird/route"
-)
-
-// DefaultManager dummy router manager for Android
-type DefaultManager struct {
-	ctx          context.Context
-	serverRouter *serverRouter
-	wgInterface  *iface.WGIface
-}
-
-// NewManager returns a new dummy route manager what doing nothing
-func NewManager(ctx context.Context, pubKey string, wgInterface *iface.WGIface, statusRecorder *peer.Status) *DefaultManager {
-	return &DefaultManager{}
-}
-
-// UpdateRoutes ...
-func (m *DefaultManager) UpdateRoutes(updateSerial uint64, newRoutes []*route.Route) error {
-	return nil
-}
-
-// Stop ...
-func (m *DefaultManager) Stop() {
-
-}

client/internal/routemanager/manager_nonandroid.go

@@ -1,186 +0,0 @@
-//go:build !android
-
-package routemanager
-
-import (
-	"context"
-	"fmt"
-	"runtime"
-	"sync"
-
-	log "github.com/sirupsen/logrus"
-
-	"github.com/netbirdio/netbird/client/internal/peer"
-	"github.com/netbirdio/netbird/iface"
-	"github.com/netbirdio/netbird/route"
-	"github.com/netbirdio/netbird/version"
-)
-
-// DefaultManager is the default instance of a route manager
-type DefaultManager struct {
-	ctx            context.Context
-	stop           context.CancelFunc
-	mux            sync.Mutex
-	clientNetworks map[string]*clientNetwork
-	serverRoutes   map[string]*route.Route
-	serverRouter   *serverRouter
-	statusRecorder *peer.Status
-	wgInterface    *iface.WGIface
-	pubKey         string
-}
-
-// NewManager returns a new route manager
-func NewManager(ctx context.Context, pubKey string, wgInterface *iface.WGIface, statusRecorder *peer.Status) *DefaultManager {
-	mCTX, cancel := context.WithCancel(ctx)
-	return &DefaultManager{
-		ctx:            mCTX,
-		stop:           cancel,
-		clientNetworks: make(map[string]*clientNetwork),
-		serverRoutes:   make(map[string]*route.Route),
-		serverRouter: &serverRouter{
-			routes:                   make(map[string]*route.Route),
-			netForwardHistoryEnabled: isNetForwardHistoryEnabled(),
-			firewall:                 NewFirewall(ctx),
-		},
-		statusRecorder: statusRecorder,
-		wgInterface:    wgInterface,
-		pubKey:         pubKey,
-	}
-}
-
-// Stop stops the manager watchers and clean firewall rules
-func (m *DefaultManager) Stop() {
-	m.stop()
-	m.serverRouter.firewall.CleanRoutingRules()
-}
-
-func (m *DefaultManager) updateClientNetworks(updateSerial uint64, networks map[string][]*route.Route) {
-	// removing routes that do not exist as per the update from the Management service.
-	for id, client := range m.clientNetworks {
-		_, found := networks[id]
-		if !found {
-			log.Debugf("stopping client network watcher, %s", id)
-			client.stop()
-			delete(m.clientNetworks, id)
-		}
-	}
-
-	for id, routes := range networks {
-		clientNetworkWatcher, found := m.clientNetworks[id]
-		if !found {
-			clientNetworkWatcher = newClientNetworkWatcher(m.ctx, m.wgInterface, m.statusRecorder, routes[0].Network)
-			m.clientNetworks[id] = clientNetworkWatcher
-			go clientNetworkWatcher.peersStateAndUpdateWatcher()
-		}
-		update := routesUpdate{
-			updateSerial: updateSerial,
-			routes:       routes,
-		}
-
-		clientNetworkWatcher.sendUpdateToClientNetworkWatcher(update)
-	}
-}
-
-func (m *DefaultManager) updateServerRoutes(routesMap map[string]*route.Route) error {
-	serverRoutesToRemove := make([]string, 0)
-
-	if len(routesMap) > 0 {
-		err := m.serverRouter.firewall.RestoreOrCreateContainers()
-		if err != nil {
-			return fmt.Errorf("couldn't initialize firewall containers, got err: %v", err)
-		}
-	}
-
-	for routeID := range m.serverRoutes {
-		update, found := routesMap[routeID]
-		if !found || !update.IsEqual(m.serverRoutes[routeID]) {
-			serverRoutesToRemove = append(serverRoutesToRemove, routeID)
-			continue
-		}
-	}
-
-	for _, routeID := range serverRoutesToRemove {
-		oldRoute := m.serverRoutes[routeID]
-		err := m.removeFromServerNetwork(oldRoute)
-		if err != nil {
-			log.Errorf("unable to remove route id: %s, network %s, from server, got: %v",
-				oldRoute.ID, oldRoute.Network, err)
-		}
-		delete(m.serverRoutes, routeID)
-	}
-
-	for id, newRoute := range routesMap {
-		_, found := m.serverRoutes[id]
-		if found {
-			continue
-		}
-
-		err := m.addToServerNetwork(newRoute)
-		if err != nil {
-			log.Errorf("unable to add route %s from server, got: %v", newRoute.ID, err)
-			continue
-		}
-		m.serverRoutes[id] = newRoute
-	}
-
-	if len(m.serverRoutes) > 0 {
-		err := enableIPForwarding()
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// UpdateRoutes compares received routes with existing routes and remove, update or add them to the client and server maps
-func (m *DefaultManager) UpdateRoutes(updateSerial uint64, newRoutes []*route.Route) error {
-	select {
-	case <-m.ctx.Done():
-		log.Infof("not updating routes as context is closed")
-		return m.ctx.Err()
-	default:
-		m.mux.Lock()
-		defer m.mux.Unlock()
-
-		newClientRoutesIDMap := make(map[string][]*route.Route)
-		newServerRoutesMap := make(map[string]*route.Route)
-		ownNetworkIDs := make(map[string]bool)
-
-		for _, newRoute := range newRoutes {
-			networkID := route.GetHAUniqueID(newRoute)
-			if newRoute.Peer == m.pubKey {
-				ownNetworkIDs[networkID] = true
-				// only linux is supported for now
-				if runtime.GOOS != "linux" {
-					log.Warnf("received a route to manage, but agent doesn't support router mode on %s OS", runtime.GOOS)
-					continue
-				}
-				newServerRoutesMap[newRoute.ID] = newRoute
-			}
-		}
-
-		for _, newRoute := range newRoutes {
-			networkID := route.GetHAUniqueID(newRoute)
-			if !ownNetworkIDs[networkID] {
-				// if prefix is too small, lets assume is a possible default route which is not yet supported
-				// we skip this route management
-				if newRoute.Network.Bits() < 7 {
-					log.Errorf("this agent version: %s, doesn't support default routes, received %s, skiping this route",
-						version.NetbirdVersion(), newRoute.Network)
-					continue
-				}
-				newClientRoutesIDMap[networkID] = append(newClientRoutesIDMap[networkID], newRoute)
-			}
-		}
-
-		m.updateClientNetworks(updateSerial, newClientRoutesIDMap)
-
-		err := m.updateServerRoutes(newServerRoutesMap)
-		if err != nil {
-			return err
-		}
-
-		return nil
-	}
-}

client/internal/routemanager/manager_test.go

@@ -3,16 +3,14 @@ package routemanager
 import (
 	"context"
 	"fmt"
-	"github.com/pion/transport/v2/stdnet"
 	"net/netip"
 	"runtime"
 	"testing"
 
-	"github.com/stretchr/testify/require"
-
-	"github.com/netbirdio/netbird/client/internal/peer"
+	"github.com/netbirdio/netbird/client/status"
 	"github.com/netbirdio/netbird/iface"
 	"github.com/netbirdio/netbird/route"
+	"github.com/stretchr/testify/require"
 )
 
 // send 5 routes, one for server and 4 for clients, one normal and 2 HA and one small
@@ -392,18 +390,14 @@ func TestManagerUpdateRoutes(t *testing.T) {
 
 	for n, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			newNet, err := stdnet.NewNet()
-			if err != nil {
-				t.Fatal(err)
-			}
-			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun43%d", n), "100.65.65.2/24", iface.DefaultMTU, nil, newNet)
+			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun43%d", n), "100.65.65.2/24", iface.DefaultMTU)
 			require.NoError(t, err, "should create testing WGIface interface")
 			defer wgInterface.Close()
 
 			err = wgInterface.Create()
 			require.NoError(t, err, "should create testing wireguard interface")
 
-			statusRecorder := peer.NewRecorder("https://mgm")
+			statusRecorder := status.NewRecorder()
 			ctx := context.TODO()
 			routeManager := NewManager(ctx, localPeerKey, wgInterface, statusRecorder)
 			defer routeManager.Stop()

client/internal/routemanager/systemops_test.go

@@ -3,7 +3,6 @@ package routemanager
 import (
 	"fmt"
 	"github.com/netbirdio/netbird/iface"
-	"github.com/pion/transport/v2/stdnet"
 	"github.com/stretchr/testify/require"
 	"net"
 	"net/netip"
@@ -33,11 +32,7 @@ func TestAddRemoveRoutes(t *testing.T) {
 
 	for n, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			newNet, err := stdnet.NewNet()
-			if err != nil {
-				t.Fatal(err)
-			}
-			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun53%d", n), "100.65.75.2/24", iface.DefaultMTU, nil, newNet)
+			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun53%d", n), "100.65.75.2/24", iface.DefaultMTU)
 			require.NoError(t, err, "should create testing WGIface interface")
 			defer wgInterface.Close()
 

client/internal/stdnet/discover.go

@@ -1,14 +0,0 @@
-package stdnet
-
-import "github.com/pion/transport/v2"
-
-// ExternalIFaceDiscover provide an option for external services (mobile)
-// to collect network interface information
-type ExternalIFaceDiscover interface {
-	// IFaces return with the description of the interfaces
-	IFaces() (string, error)
-}
-
-type iFaceDiscover interface {
-	iFaces() ([]*transport.Interface, error)
-}

client/internal/stdnet/discover_mobile.go

@@ -1,95 +0,0 @@
-package stdnet
-
-import (
-	"fmt"
-	"net"
-	"strings"
-
-	"github.com/pion/transport/v2"
-	log "github.com/sirupsen/logrus"
-)
-
-type mobileIFaceDiscover struct {
-	externalDiscover ExternalIFaceDiscover
-}
-
-func newMobileIFaceDiscover(externalDiscover ExternalIFaceDiscover) *mobileIFaceDiscover {
-	return &mobileIFaceDiscover{
-		externalDiscover: externalDiscover,
-	}
-}
-
-func (m *mobileIFaceDiscover) iFaces() ([]*transport.Interface, error) {
-	ifacesString, err := m.externalDiscover.IFaces()
-	if err != nil {
-		return nil, err
-	}
-	interfaces := m.parseInterfacesString(ifacesString)
-	return interfaces, nil
-}
-
-func (m *mobileIFaceDiscover) parseInterfacesString(interfaces string) []*transport.Interface {
-	ifs := []*transport.Interface{}
-
-	for _, iface := range strings.Split(interfaces, "\n") {
-		if strings.TrimSpace(iface) == "" {
-			continue
-		}
-
-		fields := strings.Split(iface, "|")
-		if len(fields) != 2 {
-			log.Warnf("parseInterfacesString: unable to split %q", iface)
-			continue
-		}
-
-		var name string
-		var index, mtu int
-		var up, broadcast, loopback, pointToPoint, multicast bool
-		_, err := fmt.Sscanf(fields[0], "%s %d %d %t %t %t %t %t",
-			&name, &index, &mtu, &up, &broadcast, &loopback, &pointToPoint, &multicast)
-		if err != nil {
-			log.Warnf("parseInterfacesString: unable to parse %q: %v", iface, err)
-			continue
-		}
-
-		newIf := net.Interface{
-			Name:  name,
-			Index: index,
-			MTU:   mtu,
-		}
-		if up {
-			newIf.Flags |= net.FlagUp
-		}
-		if broadcast {
-			newIf.Flags |= net.FlagBroadcast
-		}
-		if loopback {
-			newIf.Flags |= net.FlagLoopback
-		}
-		if pointToPoint {
-			newIf.Flags |= net.FlagPointToPoint
-		}
-		if multicast {
-			newIf.Flags |= net.FlagMulticast
-		}
-
-		ifc := transport.NewInterface(newIf)
-
-		addrs := strings.Trim(fields[1], " \n")
-		foundAddress := false
-		for _, addr := range strings.Split(addrs, " ") {
-			ip, ipNet, err := net.ParseCIDR(addr)
-			if err != nil {
-				log.Warnf("%s", err)
-				continue
-			}
-			ipNet.IP = ip
-			ifc.AddAddress(ipNet)
-			foundAddress = true
-		}
-		if foundAddress {
-			ifs = append(ifs, ifc)
-		}
-	}
-	return ifs
-}

client/internal/stdnet/discover_mobile_test.go

@@ -1,68 +0,0 @@
-package stdnet
-
-import (
-	"fmt"
-	"testing"
-)
-
-func Test_parseInterfacesString(t *testing.T) {
-	testData := []struct {
-		name         string
-		index        int
-		mtu          int
-		up           bool
-		broadcast    bool
-		loopBack     bool
-		pointToPoint bool
-		multicast    bool
-		addr         string
-	}{
-		{"wlan0", 30, 1500, true, true, false, false, true, "10.1.10.131/24"},
-		{"rmnet0", 30, 1500, true, true, false, false, true, "192.168.0.56/24"},
-		{"rmnet_data1", 30, 1500, true, true, false, false, true, "fec0::118c:faf7:8d97:3cb2/64"},
-	}
-
-	var exampleString string
-	for _, d := range testData {
-		exampleString = fmt.Sprintf("%s\n%s %d %d %t %t %t %t %t | %s", exampleString,
-			d.name,
-			d.index,
-			d.mtu,
-			d.up,
-			d.broadcast,
-			d.loopBack,
-			d.pointToPoint,
-			d.multicast,
-			d.addr)
-	}
-
-	d := mobileIFaceDiscover{}
-	nets := d.parseInterfacesString(exampleString)
-	if len(nets) == 0 {
-		t.Fatalf("failed to parse interfaces")
-	}
-
-	for i, net := range nets {
-		if net.MTU != testData[i].mtu {
-			t.Errorf("invalid mtu: %d, expected: %d", net.MTU, testData[0].mtu)
-
-		}
-
-		if net.Interface.Name != testData[i].name {
-			t.Errorf("invalid interface name: %s, expected: %s", net.Interface.Name, testData[i].name)
-		}
-
-		addr, err := net.Addrs()
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		if len(addr) == 0 {
-			t.Errorf("invalid address parsing")
-		}
-
-		if addr[0].String() != testData[i].addr {
-			t.Errorf("invalid address: %s, expected: %s", addr[0].String(), testData[i].addr)
-		}
-	}
-}

client/internal/stdnet/discover_pion.go

@@ -1,36 +0,0 @@
-package stdnet
-
-import (
-	"net"
-
-	"github.com/pion/transport/v2"
-)
-
-type pionDiscover struct {
-}
-
-func (d pionDiscover) iFaces() ([]*transport.Interface, error) {
-	ifs := []*transport.Interface{}
-
-	oifs, err := net.Interfaces()
-	if err != nil {
-		return nil, err
-	}
-
-	for _, oif := range oifs {
-		ifc := transport.NewInterface(oif)
-
-		addrs, err := oif.Addrs()
-		if err != nil {
-			return nil, err
-		}
-
-		for _, addr := range addrs {
-			ifc.AddAddress(addr)
-		}
-
-		ifs = append(ifs, ifc)
-	}
-
-	return ifs, nil
-}

client/internal/stdnet/filter.go

@@ -1,40 +0,0 @@
-package stdnet
-
-import (
-	"strings"
-
-	log "github.com/sirupsen/logrus"
-	"golang.zx2c4.com/wireguard/wgctrl"
-)
-
-// InterfaceFilter is a function passed to ICE Agent to filter out not allowed interfaces
-// to avoid building tunnel over them.
-func InterfaceFilter(disallowList []string) func(string) bool {
-
-	return func(iFace string) bool {
-
-		if strings.HasPrefix(iFace, "lo") {
-			// hardcoded loopback check to support already installed agents
-			return false
-		}
-
-		for _, s := range disallowList {
-			if strings.HasPrefix(iFace, s) {
-				log.Debugf("ignoring interface %s - it is not allowed", iFace)
-				return false
-			}
-		}
-		// look for unlisted WireGuard interfaces
-		wg, err := wgctrl.New()
-		if err != nil {
-			log.Debugf("trying to create a wgctrl client failed with: %v", err)
-			return true
-		}
-		defer func() {
-			_ = wg.Close()
-		}()
-
-		_, err = wg.Device(iFace)
-		return err != nil
-	}
-}

client/internal/stdnet/stdnet.go

@@ -1,97 +0,0 @@
-// Package stdnet is an extension of the pion's stdnet.
-// With it the list of the interface can come from external source.
-// More info: https://github.com/golang/go/issues/40569
-package stdnet
-
-import (
-	"fmt"
-
-	"github.com/pion/transport/v2"
-	"github.com/pion/transport/v2/stdnet"
-)
-
-// Net is an implementation of the net.Net interface
-// based on functions of the standard net package.
-type Net struct {
-	stdnet.Net
-	interfaces    []*transport.Interface
-	iFaceDiscover iFaceDiscover
-	// interfaceFilter should return true if the given interfaceName is allowed
-	interfaceFilter func(interfaceName string) bool
-}
-
-// NewNetWithDiscover creates a new StdNet instance.
-func NewNetWithDiscover(iFaceDiscover ExternalIFaceDiscover, disallowList []string) (*Net, error) {
-	n := &Net{
-		iFaceDiscover:   newMobileIFaceDiscover(iFaceDiscover),
-		interfaceFilter: InterfaceFilter(disallowList),
-	}
-	return n, n.UpdateInterfaces()
-}
-
-// NewNet creates a new StdNet instance.
-func NewNet(disallowList []string) (*Net, error) {
-	n := &Net{
-		iFaceDiscover:   pionDiscover{},
-		interfaceFilter: InterfaceFilter(disallowList),
-	}
-	return n, n.UpdateInterfaces()
-}
-
-// UpdateInterfaces updates the internal list of network interfaces
-// and associated addresses filtering them by name.
-// The interfaces are discovered by an external iFaceDiscover function or by a default discoverer if the external one
-// wasn't specified.
-func (n *Net) UpdateInterfaces() (err error) {
-	allIfaces, err := n.iFaceDiscover.iFaces()
-	if err != nil {
-		return err
-	}
-	n.interfaces = n.filterInterfaces(allIfaces)
-	return nil
-}
-
-// Interfaces returns a slice of interfaces which are available on the
-// system
-func (n *Net) Interfaces() ([]*transport.Interface, error) {
-	return n.interfaces, nil
-}
-
-// InterfaceByIndex returns the interface specified by index.
-//
-// On Solaris, it returns one of the logical network interfaces
-// sharing the logical data link; for more precision use
-// InterfaceByName.
-func (n *Net) InterfaceByIndex(index int) (*transport.Interface, error) {
-	for _, ifc := range n.interfaces {
-		if ifc.Index == index {
-			return ifc, nil
-		}
-	}
-
-	return nil, fmt.Errorf("%w: index=%d", transport.ErrInterfaceNotFound, index)
-}
-
-// InterfaceByName returns the interface specified by name.
-func (n *Net) InterfaceByName(name string) (*transport.Interface, error) {
-	for _, ifc := range n.interfaces {
-		if ifc.Name == name {
-			return ifc, nil
-		}
-	}
-
-	return nil, fmt.Errorf("%w: %s", transport.ErrInterfaceNotFound, name)
-}
-
-func (n *Net) filterInterfaces(interfaces []*transport.Interface) []*transport.Interface {
-	if n.interfaceFilter == nil {
-		return interfaces
-	}
-	result := []*transport.Interface{}
-	for _, iface := range interfaces {
-		if n.interfaceFilter(iface.Name) {
-			result = append(result, iface)
-		}
-	}
-	return result
-}

client/resources.rc

@@ -6,4 +6,4 @@
 #define EXPAND(x) STRINGIZE(x)
 CREATEPROCESS_MANIFEST_RESOURCE_ID RT_MANIFEST manifest.xml
 7 ICON ui/netbird.ico
-wintun.dll RCDATA wintun.dll
+wireguard.dll RCDATA wireguard.dll

client/server/server.go

@@ -3,19 +3,20 @@ package server
 import (
 	"context"
 	"fmt"
+	nbStatus "github.com/netbirdio/netbird/client/status"
+	"github.com/netbirdio/netbird/client/system"
+	"google.golang.org/protobuf/types/known/timestamppb"
 	"sync"
 	"time"
 
-	log "github.com/sirupsen/logrus"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/metadata"
 	gstatus "google.golang.org/grpc/status"
-	"google.golang.org/protobuf/types/known/timestamppb"
+
+	log "github.com/sirupsen/logrus"
 
 	"github.com/netbirdio/netbird/client/internal"
-	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/client/proto"
-	"github.com/netbirdio/netbird/version"
 )
 
 // Server for service control.
@@ -33,7 +34,7 @@ type Server struct {
 	config *internal.Config
 	proto.UnimplementedDaemonServiceServer
 
-	statusRecorder *peer.Status
+	statusRecorder *nbStatus.Status
 }
 
 type oauthAuthFlow struct {
@@ -76,9 +77,9 @@ func (s *Server) Start() error {
 
 	// if configuration exists, we just start connections. if is new config we skip and set status NeedsLogin
 	// on failure we return error to retry
-	config, err := internal.UpdateConfig(s.latestConfigInput)
+	config, err := internal.ReadConfig(s.latestConfigInput)
 	if errorStatus, ok := gstatus.FromError(err); ok && errorStatus.Code() == codes.NotFound {
-		s.config, err = internal.UpdateOrCreateConfig(s.latestConfigInput)
+		config, err = internal.GetConfig(s.latestConfigInput)
 		if err != nil {
 			log.Warnf("unable to create configuration file: %v", err)
 			return err
@@ -96,13 +97,11 @@ func (s *Server) Start() error {
 	s.config = config
 
 	if s.statusRecorder == nil {
-		s.statusRecorder = peer.NewRecorder(config.ManagementURL.String())
-	} else {
-		s.statusRecorder.UpdateManagementAddress(config.ManagementURL.String())
+		s.statusRecorder = nbStatus.NewRecorder()
 	}
 
 	go func() {
-		if err := internal.RunClient(ctx, config, s.statusRecorder, nil, nil); err != nil {
+		if err := internal.RunClient(ctx, config, s.statusRecorder); err != nil {
 			log.Errorf("init connections: %v", err)
 		}
 	}()
@@ -183,7 +182,7 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 
 	inputConfig.PreSharedKey = &msg.PreSharedKey
 
-	config, err := internal.UpdateOrCreateConfig(inputConfig)
+	config, err := internal.GetConfig(inputConfig)
 	if err != nil {
 		return nil, err
 	}
@@ -206,7 +205,7 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 	state.Set(internal.StatusConnecting)
 
 	if msg.SetupKey == "" {
-		providerConfig, err := internal.GetDeviceAuthorizationFlowInfo(ctx, config.PrivateKey, config.ManagementURL)
+		providerConfig, err := internal.GetDeviceAuthorizationFlowInfo(ctx, config)
 		if err != nil {
 			state.Set(internal.StatusLoginFailed)
 			s, ok := gstatus.FromError(err)
@@ -223,7 +222,12 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 			}
 		}
 
-		hostedClient := internal.NewHostedDeviceFlow(providerConfig.ProviderConfig)
+		hostedClient := internal.NewHostedDeviceFlow(
+			providerConfig.ProviderConfig.Audience,
+			providerConfig.ProviderConfig.ClientID,
+			providerConfig.ProviderConfig.TokenEndpoint,
+			providerConfig.ProviderConfig.DeviceAuthEndpoint,
+		)
 
 		if s.oauthAuthFlow.client != nil && s.oauthAuthFlow.client.GetClientID(ctx) == hostedClient.GetClientID(context.TODO()) {
 			if s.oauthAuthFlow.expiresAt.After(time.Now().Add(90 * time.Second)) {
@@ -339,7 +343,7 @@ func (s *Server) WaitSSOLogin(callerCtx context.Context, msg *proto.WaitSSOLogin
 	s.oauthAuthFlow.expiresAt = time.Now()
 	s.mutex.Unlock()
 
-	if loginStatus, err := s.loginAttempt(ctx, "", tokenInfo.GetTokenToUse()); err != nil {
+	if loginStatus, err := s.loginAttempt(ctx, "", tokenInfo.AccessToken); err != nil {
 		state.Set(loginStatus)
 		return nil, err
 	}
@@ -383,13 +387,11 @@ func (s *Server) Up(callerCtx context.Context, _ *proto.UpRequest) (*proto.UpRes
 	}
 
 	if s.statusRecorder == nil {
-		s.statusRecorder = peer.NewRecorder(s.config.ManagementURL.String())
-	} else {
-		s.statusRecorder.UpdateManagementAddress(s.config.ManagementURL.String())
+		s.statusRecorder = nbStatus.NewRecorder()
 	}
 
 	go func() {
-		if err := internal.RunClient(ctx, s.config, s.statusRecorder, nil, nil); err != nil {
+		if err := internal.RunClient(ctx, s.config, s.statusRecorder); err != nil {
 			log.Errorf("run client connection: %v", err)
 			return
 		}
@@ -426,12 +428,10 @@ func (s *Server) Status(
 		return nil, err
 	}
 
-	statusResponse := proto.StatusResponse{Status: string(status), DaemonVersion: version.NetbirdVersion()}
+	statusResponse := proto.StatusResponse{Status: string(status), DaemonVersion: system.NetbirdVersion()}
 
 	if s.statusRecorder == nil {
-		s.statusRecorder = peer.NewRecorder(s.config.ManagementURL.String())
-	} else {
-		s.statusRecorder.UpdateManagementAddress(s.config.ManagementURL.String())
+		s.statusRecorder = nbStatus.NewRecorder()
 	}
 
 	if msg.GetFullPeerStatus {
@@ -477,7 +477,7 @@ func (s *Server) GetConfig(_ context.Context, _ *proto.GetConfigRequest) (*proto
 	}, nil
 }
 
-func toProtoFullStatus(fullStatus peer.FullStatus) *proto.FullStatus {
+func toProtoFullStatus(fullStatus nbStatus.FullStatus) *proto.FullStatus {
 	pbFullStatus := proto.FullStatus{
 		ManagementState: &proto.ManagementState{},
 		SignalState:     &proto.SignalState{},
@@ -500,7 +500,7 @@ func toProtoFullStatus(fullStatus peer.FullStatus) *proto.FullStatus {
 		pbPeerState := &proto.PeerState{
 			IP:                     peerState.IP,
 			PubKey:                 peerState.PubKey,
-			ConnStatus:             peerState.ConnStatus.String(),
+			ConnStatus:             peerState.ConnStatus,
 			ConnStatusUpdate:       timestamppb.New(peerState.ConnStatusUpdate),
 			Relayed:                peerState.Relayed,
 			Direct:                 peerState.Direct,

client/status/status.go

@@ -0,0 +1,241 @@
+package status
+
+import (
+	"errors"
+	"sync"
+	"time"
+)
+
+// PeerState contains the latest state of a peer
+type PeerState struct {
+	IP                     string
+	PubKey                 string
+	FQDN                   string
+	ConnStatus             string
+	ConnStatusUpdate       time.Time
+	Relayed                bool
+	Direct                 bool
+	LocalIceCandidateType  string
+	RemoteIceCandidateType string
+}
+
+// LocalPeerState contains the latest state of the local peer
+type LocalPeerState struct {
+	IP              string
+	PubKey          string
+	KernelInterface bool
+	FQDN            string
+}
+
+// SignalState contains the latest state of a signal connection
+type SignalState struct {
+	URL       string
+	Connected bool
+}
+
+// ManagementState contains the latest state of a management connection
+type ManagementState struct {
+	URL       string
+	Connected bool
+}
+
+// FullStatus contains the full state held by the Status instance
+type FullStatus struct {
+	Peers           []PeerState
+	ManagementState ManagementState
+	SignalState     SignalState
+	LocalPeerState  LocalPeerState
+}
+
+// Status holds a state of peers, signal and management connections
+type Status struct {
+	mux          sync.Mutex
+	peers        map[string]PeerState
+	changeNotify map[string]chan struct{}
+	signal       SignalState
+	management   ManagementState
+	localPeer    LocalPeerState
+}
+
+// NewRecorder returns a new Status instance
+func NewRecorder() *Status {
+	return &Status{
+		peers:        make(map[string]PeerState),
+		changeNotify: make(map[string]chan struct{}),
+	}
+}
+
+// AddPeer adds peer to Daemon status map
+func (d *Status) AddPeer(peerPubKey string) error {
+	d.mux.Lock()
+	defer d.mux.Unlock()
+
+	_, ok := d.peers[peerPubKey]
+	if ok {
+		return errors.New("peer already exist")
+	}
+	d.peers[peerPubKey] = PeerState{PubKey: peerPubKey}
+	return nil
+}
+
+// GetPeer adds peer to Daemon status map
+func (d *Status) GetPeer(peerPubKey string) (PeerState, error) {
+	d.mux.Lock()
+	defer d.mux.Unlock()
+
+	state, ok := d.peers[peerPubKey]
+	if !ok {
+		return PeerState{}, errors.New("peer not found")
+	}
+	return state, nil
+}
+
+// RemovePeer removes peer from Daemon status map
+func (d *Status) RemovePeer(peerPubKey string) error {
+	d.mux.Lock()
+	defer d.mux.Unlock()
+
+	_, ok := d.peers[peerPubKey]
+	if ok {
+		delete(d.peers, peerPubKey)
+		return nil
+	}
+
+	return errors.New("no peer with to remove")
+}
+
+// UpdatePeerState updates peer status
+func (d *Status) UpdatePeerState(receivedState PeerState) error {
+	d.mux.Lock()
+	defer d.mux.Unlock()
+
+	peerState, ok := d.peers[receivedState.PubKey]
+	if !ok {
+		return errors.New("peer doesn't exist")
+	}
+
+	if receivedState.IP != "" {
+		peerState.IP = receivedState.IP
+	}
+
+	if receivedState.ConnStatus != peerState.ConnStatus {
+		peerState.ConnStatus = receivedState.ConnStatus
+		peerState.ConnStatusUpdate = receivedState.ConnStatusUpdate
+		peerState.Direct = receivedState.Direct
+		peerState.Relayed = receivedState.Relayed
+		peerState.LocalIceCandidateType = receivedState.LocalIceCandidateType
+		peerState.RemoteIceCandidateType = receivedState.RemoteIceCandidateType
+	}
+
+	d.peers[receivedState.PubKey] = peerState
+
+	ch, found := d.changeNotify[receivedState.PubKey]
+	if found && ch != nil {
+		close(ch)
+		d.changeNotify[receivedState.PubKey] = nil
+	}
+
+	return nil
+}
+
+// UpdatePeerFQDN update peer's state fqdn only
+func (d *Status) UpdatePeerFQDN(peerPubKey, fqdn string) error {
+	d.mux.Lock()
+	defer d.mux.Unlock()
+
+	peerState, ok := d.peers[peerPubKey]
+	if !ok {
+		return errors.New("peer doesn't exist")
+	}
+
+	peerState.FQDN = fqdn
+	d.peers[peerPubKey] = peerState
+
+	return nil
+}
+
+// GetPeerStateChangeNotifier returns a change notifier channel for a peer
+func (d *Status) GetPeerStateChangeNotifier(peer string) <-chan struct{} {
+	d.mux.Lock()
+	defer d.mux.Unlock()
+	ch, found := d.changeNotify[peer]
+	if !found || ch == nil {
+		ch = make(chan struct{})
+		d.changeNotify[peer] = ch
+	}
+	return ch
+}
+
+// UpdateLocalPeerState updates local peer status
+func (d *Status) UpdateLocalPeerState(localPeerState LocalPeerState) {
+	d.mux.Lock()
+	defer d.mux.Unlock()
+
+	d.localPeer = localPeerState
+}
+
+// CleanLocalPeerState cleans local peer status
+func (d *Status) CleanLocalPeerState() {
+	d.mux.Lock()
+	defer d.mux.Unlock()
+
+	d.localPeer = LocalPeerState{}
+}
+
+// MarkManagementDisconnected sets ManagementState to disconnected
+func (d *Status) MarkManagementDisconnected(managementURL string) {
+	d.mux.Lock()
+	defer d.mux.Unlock()
+	d.management = ManagementState{
+		URL:       managementURL,
+		Connected: false,
+	}
+}
+
+// MarkManagementConnected sets ManagementState to connected
+func (d *Status) MarkManagementConnected(managementURL string) {
+	d.mux.Lock()
+	defer d.mux.Unlock()
+	d.management = ManagementState{
+		URL:       managementURL,
+		Connected: true,
+	}
+}
+
+// MarkSignalDisconnected sets SignalState to disconnected
+func (d *Status) MarkSignalDisconnected(signalURL string) {
+	d.mux.Lock()
+	defer d.mux.Unlock()
+	d.signal = SignalState{
+		signalURL,
+		false,
+	}
+}
+
+// MarkSignalConnected sets SignalState to connected
+func (d *Status) MarkSignalConnected(signalURL string) {
+	d.mux.Lock()
+	defer d.mux.Unlock()
+	d.signal = SignalState{
+		signalURL,
+		true,
+	}
+}
+
+// GetFullStatus gets full status
+func (d *Status) GetFullStatus() FullStatus {
+	d.mux.Lock()
+	defer d.mux.Unlock()
+
+	fullStatus := FullStatus{
+		ManagementState: d.management,
+		SignalState:     d.signal,
+		LocalPeerState:  d.localPeer,
+	}
+
+	for _, status := range d.peers {
+		fullStatus.Peers = append(fullStatus.Peers, status)
+	}
+
+	return fullStatus
+}

client/status/status_test.go

@@ -0,0 +1,243 @@
+package status
+
+import (
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestAddPeer(t *testing.T) {
+	key := "abc"
+	status := NewRecorder()
+	err := status.AddPeer(key)
+	assert.NoError(t, err, "shouldn't return error")
+
+	_, exists := status.peers[key]
+	assert.True(t, exists, "value was found")
+
+	err = status.AddPeer(key)
+
+	assert.Error(t, err, "should return error on duplicate")
+}
+
+func TestGetPeer(t *testing.T) {
+	key := "abc"
+	status := NewRecorder()
+	err := status.AddPeer(key)
+	assert.NoError(t, err, "shouldn't return error")
+
+	peerStatus, err := status.GetPeer(key)
+	assert.NoError(t, err, "shouldn't return error on getting peer")
+
+	assert.Equal(t, key, peerStatus.PubKey, "retrieved public key should match")
+
+	_, err = status.GetPeer("non_existing_key")
+	assert.Error(t, err, "should return error when peer doesn't exist")
+}
+
+func TestUpdatePeerState(t *testing.T) {
+	key := "abc"
+	ip := "10.10.10.10"
+	status := NewRecorder()
+	peerState := PeerState{
+		PubKey: key,
+	}
+
+	status.peers[key] = peerState
+
+	peerState.IP = ip
+
+	err := status.UpdatePeerState(peerState)
+	assert.NoError(t, err, "shouldn't return error")
+
+	state, exists := status.peers[key]
+	assert.True(t, exists, "state should be found")
+	assert.Equal(t, ip, state.IP, "ip should be equal")
+}
+
+func TestStatus_UpdatePeerFQDN(t *testing.T) {
+	key := "abc"
+	fqdn := "peer-a.netbird.local"
+	status := NewRecorder()
+	peerState := PeerState{
+		PubKey: key,
+	}
+
+	status.peers[key] = peerState
+
+	err := status.UpdatePeerFQDN(key, fqdn)
+	assert.NoError(t, err, "shouldn't return error")
+
+	state, exists := status.peers[key]
+	assert.True(t, exists, "state should be found")
+	assert.Equal(t, fqdn, state.FQDN, "fqdn should be equal")
+}
+
+func TestGetPeerStateChangeNotifierLogic(t *testing.T) {
+	key := "abc"
+	ip := "10.10.10.10"
+	status := NewRecorder()
+	peerState := PeerState{
+		PubKey: key,
+	}
+
+	status.peers[key] = peerState
+
+	ch := status.GetPeerStateChangeNotifier(key)
+	assert.NotNil(t, ch, "channel shouldn't be nil")
+
+	peerState.IP = ip
+
+	err := status.UpdatePeerState(peerState)
+	assert.NoError(t, err, "shouldn't return error")
+
+	select {
+	case <-ch:
+	default:
+		t.Errorf("channel wasn't closed after update")
+	}
+}
+
+func TestRemovePeer(t *testing.T) {
+	key := "abc"
+	status := NewRecorder()
+	peerState := PeerState{
+		PubKey: key,
+	}
+
+	status.peers[key] = peerState
+
+	err := status.RemovePeer(key)
+	assert.NoError(t, err, "shouldn't return error")
+
+	_, exists := status.peers[key]
+	assert.False(t, exists, "state value shouldn't be found")
+
+	err = status.RemovePeer("not existing")
+	assert.Error(t, err, "should return error when peer doesn't exist")
+}
+
+func TestUpdateLocalPeerState(t *testing.T) {
+	localPeerState := LocalPeerState{
+		IP:              "10.10.10.10",
+		PubKey:          "abc",
+		KernelInterface: false,
+	}
+	status := NewRecorder()
+
+	status.UpdateLocalPeerState(localPeerState)
+
+	assert.Equal(t, localPeerState, status.localPeer, "local peer status should be equal")
+}
+
+func TestCleanLocalPeerState(t *testing.T) {
+	emptyLocalPeerState := LocalPeerState{}
+	localPeerState := LocalPeerState{
+		IP:              "10.10.10.10",
+		PubKey:          "abc",
+		KernelInterface: false,
+	}
+	status := NewRecorder()
+
+	status.localPeer = localPeerState
+
+	status.CleanLocalPeerState()
+
+	assert.Equal(t, emptyLocalPeerState, status.localPeer, "local peer status should be empty")
+}
+
+func TestUpdateSignalState(t *testing.T) {
+	url := "https://signal"
+	var tests = []struct {
+		name      string
+		connected bool
+		want      SignalState
+	}{
+		{"should mark as connected", true, SignalState{
+
+			URL:       url,
+			Connected: true,
+		}},
+		{"should mark as disconnected", false, SignalState{
+			URL:       url,
+			Connected: false,
+		}},
+	}
+
+	status := NewRecorder()
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			if test.connected {
+				status.MarkSignalConnected(url)
+			} else {
+				status.MarkSignalDisconnected(url)
+			}
+			assert.Equal(t, test.want, status.signal, "signal status should be equal")
+		})
+	}
+}
+
+func TestUpdateManagementState(t *testing.T) {
+	url := "https://management"
+	var tests = []struct {
+		name      string
+		connected bool
+		want      ManagementState
+	}{
+		{"should mark as connected", true, ManagementState{
+
+			URL:       url,
+			Connected: true,
+		}},
+		{"should mark as disconnected", false, ManagementState{
+			URL:       url,
+			Connected: false,
+		}},
+	}
+
+	status := NewRecorder()
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			if test.connected {
+				status.MarkManagementConnected(url)
+			} else {
+				status.MarkManagementDisconnected(url)
+			}
+			assert.Equal(t, test.want, status.management, "signal status should be equal")
+		})
+	}
+}
+
+func TestGetFullStatus(t *testing.T) {
+	key1 := "abc"
+	key2 := "def"
+	managementState := ManagementState{
+		URL:       "https://signal",
+		Connected: true,
+	}
+	signalState := SignalState{
+		URL:       "https://signal",
+		Connected: true,
+	}
+	peerState1 := PeerState{
+		PubKey: key1,
+	}
+
+	peerState2 := PeerState{
+		PubKey: key2,
+	}
+
+	status := NewRecorder()
+
+	status.management = managementState
+	status.signal = signalState
+	status.peers[key1] = peerState1
+	status.peers[key2] = peerState2
+
+	fullStatus := status.GetFullStatus()
+
+	assert.Equal(t, managementState, fullStatus.ManagementState, "management status should be equal")
+	assert.Equal(t, signalState, fullStatus.SignalState, "signal status should be equal")
+	assert.ElementsMatch(t, []PeerState{peerState1, peerState2}, fullStatus.Peers, "peers states should match")
+}

client/system/info.go

@@ -2,17 +2,15 @@ package system
 
 import (
 	"context"
-	"strings"
-
 	"google.golang.org/grpc/metadata"
-
-	"github.com/netbirdio/netbird/version"
+	"strings"
 )
 
-// DeviceNameCtxKey context key for device name
-const DeviceNameCtxKey = "deviceName"
+// this is the wiretrustee version
+// will be replaced with the release version when using goreleaser
+var version = "development"
 
-// Info is an object that contains machine information
+//Info is an object that contains machine information
 // Most of the code is taken from https://github.com/matishsiao/goInfo
 type Info struct {
 	GoOS               string
@@ -27,6 +25,11 @@ type Info struct {
 	UIVersion          string
 }
 
+// NetbirdVersion returns the Netbird version
+func NetbirdVersion() string {
+	return version
+}
+
 // extractUserAgent extracts Netbird's agent (client) name and version from the outgoing context
 func extractUserAgent(ctx context.Context) string {
 	md, hasMeta := metadata.FromOutgoingContext(ctx)
@@ -45,5 +48,5 @@ func extractUserAgent(ctx context.Context) string {
 
 // GetDesktopUIUserAgent returns the Desktop ui user agent
 func GetDesktopUIUserAgent() string {
-	return "netbird-desktop-ui/" + version.NetbirdVersion()
+	return "netbird-desktop-ui/" + NetbirdVersion()
 }

client/system/info_android.go

@@ -1,63 +0,0 @@
-//go:build android
-// +build android
-
-package system
-
-import (
-	"bytes"
-	"context"
-	"os/exec"
-	"runtime"
-	"strings"
-
-	log "github.com/sirupsen/logrus"
-
-	"github.com/netbirdio/netbird/version"
-)
-
-// GetInfo retrieves and parses the system information
-func GetInfo(ctx context.Context) *Info {
-	kernel := "android"
-	osInfo := uname()
-	if len(osInfo) == 2 {
-		kernel = osInfo[1]
-	}
-
-	gio := &Info{Kernel: kernel, Core: osVersion(), Platform: "unknown", OS: "android", OSVersion: osVersion(), GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
-	gio.Hostname = extractDeviceName(ctx)
-	gio.WiretrusteeVersion = version.NetbirdVersion()
-	gio.UIVersion = extractUserAgent(ctx)
-
-	return gio
-}
-
-func extractDeviceName(ctx context.Context) string {
-	v, ok := ctx.Value(DeviceNameCtxKey).(string)
-	if !ok {
-		return "android"
-	}
-	return v
-}
-
-func uname() []string {
-	res := run("/system/bin/uname", "-a")
-	return strings.Split(res, " ")
-}
-
-func osVersion() string {
-	return run("/system/bin/getprop", "ro.build.version.release")
-}
-
-func run(name string, arg ...string) string {
-	cmd := exec.Command(name, arg...)
-	cmd.Stdin = strings.NewReader("some")
-	var out bytes.Buffer
-	var stderr bytes.Buffer
-	cmd.Stdout = &out
-	cmd.Stderr = &stderr
-	err := cmd.Run()
-	if err != nil {
-		log.Errorf("getInfo: %s", err)
-	}
-	return out.String()
-}

client/system/info_darwin.go

@@ -4,16 +4,12 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	log "github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 	"os"
 	"os/exec"
 	"runtime"
 	"strings"
-
-	"golang.org/x/sys/unix"
-
-	log "github.com/sirupsen/logrus"
-
-	"github.com/netbirdio/netbird/version"
 )
 
 // GetInfo retrieves and parses the system information
@@ -26,14 +22,14 @@ func GetInfo(ctx context.Context) *Info {
 	sysName := string(bytes.Split(utsname.Sysname[:], []byte{0})[0])
 	machine := string(bytes.Split(utsname.Machine[:], []byte{0})[0])
 	release := string(bytes.Split(utsname.Release[:], []byte{0})[0])
-	swVersion, err := exec.Command("sw_vers", "-productVersion").Output()
+	version, err := exec.Command("sw_vers", "-productVersion").Output()
 	if err != nil {
 		log.Warnf("got an error while retrieving macOS version with sw_vers, error: %s. Using darwin version instead.\n", err)
-		swVersion = []byte(release)
+		version = []byte(release)
 	}
-	gio := &Info{Kernel: sysName, OSVersion: strings.TrimSpace(string(swVersion)), Core: release, Platform: machine, OS: sysName, GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
+	gio := &Info{Kernel: sysName, OSVersion: strings.TrimSpace(string(version)), Core: release, Platform: machine, OS: sysName, GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
 	gio.Hostname, _ = os.Hostname()
-	gio.WiretrusteeVersion = version.NetbirdVersion()
+	gio.WiretrusteeVersion = NetbirdVersion()
 	gio.UIVersion = extractUserAgent(ctx)
 
 	return gio

client/system/info_freebsd.go

@@ -9,8 +9,6 @@ import (
 	"runtime"
 	"strings"
 	"time"
-
-	"github.com/netbirdio/netbird/version"
 )
 
 // GetInfo retrieves and parses the system information
@@ -25,7 +23,7 @@ func GetInfo(ctx context.Context) *Info {
 	osInfo := strings.Split(osStr, " ")
 	gio := &Info{Kernel: osInfo[0], Core: osInfo[1], Platform: runtime.GOARCH, OS: osInfo[2], GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
 	gio.Hostname, _ = os.Hostname()
-	gio.WiretrusteeVersion = version.NetbirdVersion()
+	gio.WiretrusteeVersion = NetbirdVersion()
 	gio.UIVersion = extractUserAgent(ctx)
 
 	return gio

client/system/info_linux.go

@@ -1,6 +1,3 @@
-//go:build !android
-// +build !android
-
 package system
 
 import (
@@ -12,8 +9,6 @@ import (
 	"runtime"
 	"strings"
 	"time"
-
-	"github.com/netbirdio/netbird/version"
 )
 
 // GetInfo retrieves and parses the system information
@@ -51,7 +46,7 @@ func GetInfo(ctx context.Context) *Info {
 	}
 	gio := &Info{Kernel: osInfo[0], Core: osInfo[1], Platform: osInfo[2], OS: osName, OSVersion: osVer, GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
 	gio.Hostname, _ = os.Hostname()
-	gio.WiretrusteeVersion = version.NetbirdVersion()
+	gio.WiretrusteeVersion = NetbirdVersion()
 	gio.UIVersion = extractUserAgent(ctx)
 
 	return gio

client/system/info_windows.go

@@ -3,13 +3,10 @@ package system
 import (
 	"context"
 	"fmt"
-	"os"
-	"runtime"
-
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/sys/windows/registry"
-
-	"github.com/netbirdio/netbird/version"
+	"os"
+	"runtime"
 )
 
 // GetInfo retrieves and parses the system information
@@ -17,7 +14,7 @@ func GetInfo(ctx context.Context) *Info {
 	ver := getOSVersion()
 	gio := &Info{Kernel: "windows", OSVersion: ver, Core: ver, Platform: "unknown", OS: "windows", GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
 	gio.Hostname, _ = os.Hostname()
-	gio.WiretrusteeVersion = version.NetbirdVersion()
+	gio.WiretrusteeVersion = NetbirdVersion()
 	gio.UIVersion = extractUserAgent(ctx)
 
 	return gio
@@ -35,7 +32,7 @@ func getOSVersion() string {
 			log.Error(deferErr)
 		}
 	}()
-
+	
 	major, _, err := k.GetIntegerValue("CurrentMajorVersionNumber")
 	if err != nil {
 		log.Error(err)

client/ui/client_ui.go

@@ -6,7 +6,6 @@ package main
 
 import (
 	"context"
-	_ "embed"
 	"flag"
 	"fmt"
 	"os"
@@ -18,22 +17,25 @@ import (
 	"syscall"
 	"time"
 
-	"fyne.io/fyne/v2"
-	"fyne.io/fyne/v2/app"
-	"fyne.io/fyne/v2/dialog"
-	"fyne.io/fyne/v2/widget"
+	"github.com/netbirdio/netbird/client/system"
+
 	"github.com/cenkalti/backoff/v4"
+
+	_ "embed"
+
 	"github.com/getlantern/systray"
+	"github.com/netbirdio/netbird/client/internal"
+	"github.com/netbirdio/netbird/client/proto"
 	log "github.com/sirupsen/logrus"
 	"github.com/skratchdot/open-golang/open"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 
-	"github.com/netbirdio/netbird/client/internal"
-	"github.com/netbirdio/netbird/client/proto"
-	"github.com/netbirdio/netbird/client/system"
-	"github.com/netbirdio/netbird/version"
+	"fyne.io/fyne/v2"
+	"fyne.io/fyne/v2/app"
+	"fyne.io/fyne/v2/dialog"
+	"fyne.io/fyne/v2/widget"
 )
 
 const (
@@ -371,7 +373,7 @@ func (s *serviceClient) onTrayReady() {
 	systray.AddSeparator()
 	s.mSettings = systray.AddMenuItem("Settings", "Settings of the application")
 	systray.AddSeparator()
-	v := systray.AddMenuItem("v"+version.NetbirdVersion(), "Client Version: "+version.NetbirdVersion())
+	v := systray.AddMenuItem("v"+system.NetbirdVersion(), "Client Version: "+system.NetbirdVersion())
 	v.Disable()
 	systray.AddSeparator()
 	s.mQuit = systray.AddMenuItem("Quit", "Quit the client app")

client/wireguard_nt.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+ldir=$PWD
+tmp_dir_path=$ldir/.distfiles
+winnt=wireguard-nt.zip
+download_file_path=$tmp_dir_path/$winnt
+download_url=https://download.wireguard.com/wireguard-nt/wireguard-nt-0.10.1.zip
+download_sha=772c0b1463d8d2212716f43f06f4594d880dea4f735165bd68e388fc41b81605
+
+function resources_windows(){
+  cmd=$1
+  arch=$2
+  out=$3
+  docker run -i --rm -v $PWD:$PWD -w $PWD mstorsjo/llvm-mingw:latest $cmd -O coff -c 65001 -I $tmp_dir_path/wireguard-nt/bin/$arch -i resources.rc -o $out
+}
+
+mkdir -p $tmp_dir_path
+curl -L#o $download_file_path.unverified $download_url
+echo "$download_sha  $download_file_path.unverified" | sha256sum -c
+mv $download_file_path.unverified $download_file_path
+
+mkdir -p .deps
+unzip $download_file_path -d $tmp_dir_path
+
+resources_windows i686-w64-mingw32-windres x86 resources_windows_386.syso
+resources_windows aarch64-w64-mingw32-windres arm64 resources_windows_arm64.syso
+resources_windows x86_64-w64-mingw32-windres amd64 resources_windows_amd64.syso

encryption/encryption.go

@@ -3,13 +3,10 @@ package encryption
 import (
 	"crypto/rand"
 	"fmt"
-
 	"golang.org/x/crypto/nacl/box"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )
 
-const nonceSize = 24
-
 // A set of tools to encrypt/decrypt messages being sent through the Signal Exchange Service or Management Service
 // These tools use Golang crypto package (Curve25519, XSalsa20 and Poly1305 to encrypt and authenticate)
 // Wireguard keys are used for encryption
@@ -29,11 +26,8 @@ func Decrypt(encryptedMsg []byte, peerPublicKey wgtypes.Key, privateKey wgtypes.
 	if err != nil {
 		return nil, err
 	}
-	if len(encryptedMsg) < nonceSize {
-		return nil, fmt.Errorf("invalid encrypted message lenght")
-	}
-	copy(nonce[:], encryptedMsg[:nonceSize])
-	opened, ok := box.Open(nil, encryptedMsg[nonceSize:], nonce, toByte32(peerPublicKey), toByte32(privateKey))
+	copy(nonce[:], encryptedMsg[:24])
+	opened, ok := box.Open(nil, encryptedMsg[24:], nonce, toByte32(peerPublicKey), toByte32(privateKey))
 	if !ok {
 		return nil, fmt.Errorf("failed to decrypt message from peer %s", peerPublicKey.String())
 	}
@@ -42,8 +36,8 @@ func Decrypt(encryptedMsg []byte, peerPublicKey wgtypes.Key, privateKey wgtypes.
 }
 
 // Generates nonce of size 24
-func genNonce() (*[nonceSize]byte, error) {
-	var nonce [nonceSize]byte
+func genNonce() (*[24]byte, error) {
+	var nonce [24]byte
 	if _, err := rand.Read(nonce[:]); err != nil {
 		return nil, err
 	}

formatter/formatter.go

@@ -10,15 +10,15 @@ import (
 
 // TextFormatter formats logs into text with included source code's path
 type TextFormatter struct {
-	timestampFormat string
-	levelDesc       []string
+	TimestampFormat string
+	LevelDesc       []string
 }
 
 // NewTextFormatter create new MyTextFormatter instance
 func NewTextFormatter() *TextFormatter {
 	return &TextFormatter{
-		levelDesc:       []string{"PANC", "FATL", "ERRO", "WARN", "INFO", "DEBG", "TRAC"},
-		timestampFormat: time.RFC3339, // or RFC3339
+		LevelDesc:       []string{"PANC", "FATL", "ERRO", "WARN", "INFO", "DEBG", "TRAC"},
+		TimestampFormat: time.RFC3339, // or RFC3339
 	}
 }
 
@@ -39,13 +39,13 @@ func (f *TextFormatter) Format(entry *logrus.Entry) ([]byte, error) {
 
 	level := f.parseLevel(entry.Level)
 
-	return []byte(fmt.Sprintf("%s %s %s%s: %s\n", entry.Time.Format(f.timestampFormat), level, fields, entry.Data["source"], entry.Message)), nil
+	return []byte(fmt.Sprintf("%s %s %s%s: %s\n", entry.Time.Format(f.TimestampFormat), level, fields, entry.Data["source"], entry.Message)), nil
 }
 
 func (f *TextFormatter) parseLevel(level logrus.Level) string {
-	if len(f.levelDesc) < int(level) {
+	if len(f.LevelDesc) < int(level) {
 		return ""
 	}
 
-	return f.levelDesc[level]
+	return f.LevelDesc[level]
 }

formatter/logcat.go

@@ -1,48 +0,0 @@
-package formatter
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/sirupsen/logrus"
-)
-
-// LogcatFormatter formats logs into text what is fit for logcat
-type LogcatFormatter struct {
-	levelDesc []string
-}
-
-// NewLogcatFormatter create new LogcatFormatter instance
-func NewLogcatFormatter() *LogcatFormatter {
-	return &LogcatFormatter{
-		levelDesc: []string{"PANC", "FATL", "ERRO", "WARN", "INFO", "DEBG", "TRAC"},
-	}
-}
-
-// Format renders a single log entry
-func (f *LogcatFormatter) Format(entry *logrus.Entry) ([]byte, error) {
-	var fields string
-	keys := make([]string, 0, len(entry.Data))
-	for k, v := range entry.Data {
-		if k == "source" {
-			continue
-		}
-		keys = append(keys, fmt.Sprintf("%s: %v", k, v))
-	}
-
-	if len(keys) > 0 {
-		fields = fmt.Sprintf("[%s] ", strings.Join(keys, ", "))
-	}
-
-	level := f.parseLevel(entry.Level)
-
-	return []byte(fmt.Sprintf("[%s] %s%s %s\n", level, fields, entry.Data["source"], entry.Message)), nil
-}
-
-func (f *LogcatFormatter) parseLevel(level logrus.Level) string {
-	if len(f.levelDesc) < int(level) {
-		return ""
-	}
-
-	return f.levelDesc[level]
-}

formatter/logcat_test.go

@@ -1,28 +0,0 @@
-package formatter
-
-import (
-	"testing"
-	"time"
-
-	"github.com/sirupsen/logrus"
-)
-
-func TestLogcatMessageFormat(t *testing.T) {
-
-	someEntry := &logrus.Entry{
-		Data:    logrus.Fields{"att1": 1, "att2": 2, "source": "some/fancy/path.go:46"},
-		Time:    time.Date(2021, time.Month(2), 21, 1, 10, 30, 0, time.UTC),
-		Level:   3,
-		Message: "Some Message",
-	}
-
-	formatter := NewLogcatFormatter()
-	result, _ := formatter.Format(someEntry)
-
-	expectedString := "[WARN] [att1: 1, att2: 2] some/fancy/path.go:46 Some Message\n"
-	expectedStringVariant := "[WARN] [att2: 2, att1: 1] some/fancy/path.go:46 Some Message\n"
-	parsedString := string(result)
-	if parsedString != expectedString && parsedString != expectedStringVariant {
-		t.Errorf("The log messages don't match. Expected: '%s', got: '%s'", expectedString, parsedString)
-	}
-}

formatter/set.go

@@ -2,16 +2,9 @@ package formatter
 
 import "github.com/sirupsen/logrus"
 
-// SetTextFormatter set the text formatter for given logger.
+// SetTextFormatter set the formatter for given logger.
 func SetTextFormatter(logger *logrus.Logger) {
 	logger.Formatter = NewTextFormatter()
 	logger.ReportCaller = true
 	logger.AddHook(NewContextHook())
 }
-
-// SetLogcatFormatter set the logcat formatter for given logger.
-func SetLogcatFormatter(logger *logrus.Logger) {
-	logger.Formatter = NewLogcatFormatter()
-	logger.ReportCaller = true
-	logger.AddHook(NewContextHook())
-}

go.mod

@@ -11,24 +11,23 @@ require (
 	github.com/kardianos/service v1.2.1-0.20210728001519-a323c3813bc7
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.18.1
-	github.com/pion/ice/v2 v2.3.1
+	github.com/pion/ice/v2 v2.3.0
 	github.com/rs/cors v1.8.0
-	github.com/sirupsen/logrus v1.9.0
+	github.com/sirupsen/logrus v1.8.1
 	github.com/spf13/cobra v1.6.1
 	github.com/spf13/pflag v1.0.5
 	github.com/vishvananda/netlink v1.1.0
-	golang.org/x/crypto v0.7.0
-	golang.org/x/sys v0.6.0
-	golang.zx2c4.com/wireguard v0.0.0-20230223181233-21636207a675
+	golang.org/x/crypto v0.6.0
+	golang.org/x/sys v0.5.0
+	golang.zx2c4.com/wireguard v0.0.0-20211209221555-9c9e7e272434
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20211215182854-7a385b3431de
 	golang.zx2c4.com/wireguard/windows v0.5.1
-	google.golang.org/grpc v1.52.3
+	google.golang.org/grpc v1.43.0
 	google.golang.org/protobuf v1.28.1
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 )
 
 require (
-	codeberg.org/ac/base62 v0.0.0-20210305150220-e793b546833a
 	fyne.io/fyne/v2 v2.1.4
 	github.com/c-robinson/iplib v1.0.3
 	github.com/coreos/go-iptables v0.6.0
@@ -37,39 +36,29 @@ require (
 	github.com/getlantern/systray v1.2.1
 	github.com/gliderlabs/ssh v0.3.4
 	github.com/godbus/dbus/v5 v5.1.0
-	github.com/google/go-cmp v0.5.9
 	github.com/google/nftables v0.0.0-20220808154552-2eca00135732
-	github.com/hashicorp/go-secure-stdlib/base62 v0.1.2
 	github.com/hashicorp/go-version v1.6.0
 	github.com/libp2p/go-netroute v0.2.0
 	github.com/magiconair/properties v1.8.5
 	github.com/mattn/go-sqlite3 v1.14.16
-	github.com/miekg/dns v1.1.43
+	github.com/miekg/dns v1.1.41
 	github.com/mitchellh/hashstructure/v2 v2.0.2
-	github.com/open-policy-agent/opa v0.49.0
 	github.com/patrickmn/go-cache v2.1.0+incompatible
-	github.com/pion/logging v0.2.2
-	github.com/pion/stun v0.4.0
-	github.com/pion/transport/v2 v2.0.2
-	github.com/prometheus/client_golang v1.14.0
+	github.com/prometheus/client_golang v1.13.0
 	github.com/rs/xid v1.3.0
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
 	github.com/stretchr/testify v1.8.1
 	go.opentelemetry.io/otel/exporters/prometheus v0.33.0
 	go.opentelemetry.io/otel/metric v0.33.0
 	go.opentelemetry.io/otel/sdk/metric v0.33.0
-	golang.org/x/exp v0.0.0-20220518171630-0b5c67f07fdf
-	golang.org/x/net v0.8.0
-	golang.org/x/sync v0.1.0
-	golang.org/x/term v0.6.0
+	golang.org/x/net v0.7.0
+	golang.org/x/term v0.5.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	github.com/BurntSushi/toml v0.4.1 // indirect
-	github.com/OneOfOne/xxhash v1.2.8 // indirect
 	github.com/XiaoMi/pegasus-go-client v0.0.0-20210427083443-f3b6b08bc4c2 // indirect
-	github.com/agnivade/levenshtein v1.1.1 // indirect
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d // indirect
@@ -77,27 +66,25 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/fredbi/uri v0.0.0-20181227131451-3dcfdacbaaf3 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/fsnotify/fsnotify v1.5.1 // indirect
 	github.com/getlantern/context v0.0.0-20190109183933-c447772a6520 // indirect
 	github.com/getlantern/errors v0.0.0-20190325191628-abdb3e3e36f7 // indirect
 	github.com/getlantern/golog v0.0.0-20190830074920-4ef2e798c2d7 // indirect
 	github.com/getlantern/hex v0.0.0-20190417191902-c6586a6fe0b7 // indirect
 	github.com/getlantern/hidden v0.0.0-20190325191715-f02dbb02be55 // indirect
 	github.com/getlantern/ops v0.0.0-20190325191751-d70cb0d6f85f // indirect
-	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-gl/gl v0.0.0-20210813123233-e4099ee2221f // indirect
 	github.com/go-gl/glfw/v3.3/glfw v0.0.0-20211024062804-40e447a793be // indirect
 	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-redis/redis/v8 v8.11.5 // indirect
 	github.com/go-stack/stack v1.8.0 // indirect
-	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/goki/freetype v0.0.0-20181231101311-fa8a33aabaff // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gopacket v1.1.19 // indirect
-	github.com/hashicorp/go-uuid v1.0.2 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
 	github.com/mdlayher/genetlink v1.1.0 // indirect
 	github.com/mdlayher/netlink v1.4.2 // indirect
 	github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb // indirect
@@ -105,34 +92,36 @@ require (
 	github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c // indirect
 	github.com/pegasus-kv/thrift v0.13.0 // indirect
 	github.com/pion/dtls/v2 v2.2.6 // indirect
+	github.com/pion/logging v0.2.2 // indirect
 	github.com/pion/mdns v0.0.7 // indirect
 	github.com/pion/randutil v0.1.0 // indirect
+	github.com/pion/stun v0.4.0 // indirect
+	github.com/pion/transport/v2 v2.0.2 // indirect
 	github.com/pion/turn/v2 v2.1.0 // indirect
 	github.com/pion/udp/v2 v2.0.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_model v0.3.0 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
-	github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect
 	github.com/rogpeppe/go-internal v1.8.0 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/srwiley/oksvg v0.0.0-20200311192757-870daf9aa564 // indirect
 	github.com/srwiley/rasterx v0.0.0-20200120212402-85cb7272f5e9 // indirect
-	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
 	github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect
-	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
-	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
-	github.com/yashtewari/glob-intersection v0.1.0 // indirect
 	github.com/yuin/goldmark v1.4.13 // indirect
 	go.opentelemetry.io/otel v1.11.1 // indirect
 	go.opentelemetry.io/otel/sdk v1.11.1 // indirect
 	go.opentelemetry.io/otel/trace v1.11.1 // indirect
+	golang.org/x/exp v0.0.0-20220518171630-0b5c67f07fdf // indirect
 	golang.org/x/image v0.0.0-20200430140353-33d19683fad8 // indirect
-	golang.org/x/mod v0.8.0 // indirect
-	golang.org/x/text v0.8.0 // indirect
-	golang.org/x/tools v0.6.0 // indirect
+	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
+	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
+	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/tools v0.1.12 // indirect
+	golang.zx2c4.com/go118/netip v0.0.0-20211111135330-a4a02eeacf9d // indirect
 	golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 // indirect
-	google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 // indirect
+	google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect
+	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect

go.sum

@@ -30,8 +30,6 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-codeberg.org/ac/base62 v0.0.0-20210305150220-e793b546833a h1:U6cY/g6VSiy59vuvnBU6J/eSir0qVg4BeTnCDLaX+20=
-codeberg.org/ac/base62 v0.0.0-20210305150220-e793b546833a/go.mod h1:ykEpkLT4JtH3I4Rb4gwkDsNLfgUg803qRDeIX88t3e8=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 fyne.io/fyne/v2 v2.1.4 h1:bt1+28++kAzRzPB0GM2EuSV4cnl8rXNX4cjfd8G06Rc=
 fyne.io/fyne/v2 v2.1.4/go.mod h1:p+E/Dh+wPW8JwR2DVcsZ9iXgR9ZKde80+Y+40Is54AQ=
@@ -41,16 +39,13 @@ github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/Kodeworks/golang-image-ico v0.0.0-20141118225523-73f0f4cfade9/go.mod h1:7uhhqiBaR4CpN0k9rMjOtjpcfGd6DG2m04zQxKnWQ0I=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
-github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
+github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/XiaoMi/pegasus-go-client v0.0.0-20210427083443-f3b6b08bc4c2 h1:pami0oPhVosjOu/qRHepRmdjD6hGILF7DBr+qQZeP10=
 github.com/XiaoMi/pegasus-go-client v0.0.0-20210427083443-f3b6b08bc4c2/go.mod h1:jNIx5ykW1MroBuaTja9+VpglmaJOUzezumfhLlER3oY=
-github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8=
-github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo=
 github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -60,8 +55,7 @@ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk5
 github.com/allegro/bigcache/v3 v3.0.2 h1:AKZCw+5eAaVyNTBmI2fgyPVJhHkdWder3O9IrprcQfI=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
-github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=
-github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
+github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
@@ -69,14 +63,13 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d h1:pVrfxiGfwelyab6n21ZBkbkmbevaf+WvMIiR7sr97hw=
 github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
-github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA=
 github.com/c-robinson/iplib v1.0.3 h1:NG0UF0GoEsrC1/vyfX1Lx2Ss7CySWl3KqqXh3q4DdPU=
 github.com/c-robinson/iplib v1.0.3/go.mod h1:i3LuuFL1hRT5gFpBRnEydzw8R6yhGkF4szNDIbF8pgo=
 github.com/cenkalti/backoff/v4 v4.1.0/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4=
 github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
@@ -87,6 +80,12 @@ github.com/cilium/ebpf v0.5.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJ
 github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
+github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/coocood/freecache v1.2.1 h1:/v1CqMq45NFH9mp/Pt142reundeBM0dVUD3osQBeu/U=
 github.com/coreos/go-iptables v0.6.0 h1:is9qnZMPYjLd8LYqmm/qlE+wwEgJIkTYdhV3rfZo4jk=
 github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
@@ -99,12 +98,9 @@ github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgraph-io/badger/v3 v3.2103.5 h1:ylPa6qzbjYRQMU6jokoj4wzcaweHylt//CH0AKt0akg=
-github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8=
+github.com/dgraph-io/ristretto v0.1.0 h1:Jv3CGQHp9OjuMBSne1485aDpUkTKEcUqF+jm/LuerPI=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g=
-github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA=
 github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
@@ -116,20 +112,22 @@ github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
+github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw=
 github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
-github.com/foxcpp/go-mockdns v0.0.0-20210729171921-fb145fc6f897 h1:E52jfcE64UG42SwLmrW0QByONfGynWuzBvm86BoB9z8=
 github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fredbi/uri v0.0.0-20181227131451-3dcfdacbaaf3 h1:FDqhDm7pcsLhhWl1QtD8vlzI4mm59llRvNzrFg6/LAA=
 github.com/fredbi/uri v0.0.0-20181227131451-3dcfdacbaaf3/go.mod h1:CzM2G82Q9BDUvMTGHnXf/6OExw/Dz2ivDj48nVg7Lg8=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
+github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
 github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
 github.com/getlantern/context v0.0.0-20190109183933-c447772a6520 h1:NRUJuo3v3WGC/g5YiyF790gut6oQr5f3FBI88Wv0dx4=
 github.com/getlantern/context v0.0.0-20190109183933-c447772a6520/go.mod h1:L+mq6/vvYHKjCX2oez0CgEAJmbq1fbb/oNJIWQkBybY=
@@ -144,7 +142,6 @@ github.com/getlantern/hidden v0.0.0-20190325191715-f02dbb02be55/go.mod h1:6mmzY2
 github.com/getlantern/ops v0.0.0-20190325191751-d70cb0d6f85f h1:wrYrQttPS8FHIRSlsrcuKazukx/xqO/PpLZzZXsF+EA=
 github.com/getlantern/ops v0.0.0-20190325191751-d70cb0d6f85f/go.mod h1:D5ao98qkA6pxftxoqzibIBBrLSUli+kYnJqrgBf9cIA=
 github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do=
@@ -189,14 +186,11 @@ github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq
 github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
-github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
-github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
 github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/goki/freetype v0.0.0-20181231101311-fa8a33aabaff h1:W71vTCKoxtdXgnm1ECDFkfQnpdqAO00zzGXLA5yaEX8=
 github.com/goki/freetype v0.0.0-20181231101311-fa8a33aabaff/go.mod h1:wfqRWLHRBsRgkp5dmbG56SA0DmVtwrF5N3oPdI8t+Aw=
@@ -208,7 +202,6 @@ github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4er
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
@@ -235,10 +228,8 @@ github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/flatbuffers v1.12.1 h1:MVlul7pQNoDzWRLTw5imwYsl+usrS1TXG2H4jg6ImGw=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -283,10 +274,7 @@ github.com/gopherjs/gopherjs v0.0.0-20220410123724-9e86199038b0 h1:fWY+zXdWhvWnd
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 h1:ET4pqyjiGmY09R5y+rSd70J2w45CtbWDNvGqWp/R3Ng=
-github.com/hashicorp/go-secure-stdlib/base62 v0.1.2/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw=
-github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE=
-github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
 github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
@@ -327,7 +315,6 @@ github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
@@ -351,9 +338,8 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN
 github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
 github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
 github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/mdlayher/ethtool v0.0.0-20210210192532-2b88debcdd43/go.mod h1:+t7E0lkKfbBsebllff1xdTmyJt8lH37niI6kwFk9OTo=
 github.com/mdlayher/ethtool v0.0.0-20211028163843-288d040e9d60 h1:tHdB+hQRHU10CfcK0furo6rSNgZ38JT8uPh70c/pFD8=
 github.com/mdlayher/ethtool v0.0.0-20211028163843-288d040e9d60/go.mod h1:aYbhishWc4Ai3I2U4Gaa2n3kHWSwzme6EsG/46HRQbE=
@@ -376,8 +362,8 @@ github.com/mdlayher/socket v0.0.0-20210307095302-262dc9984e00/go.mod h1:GAFlyu4/
 github.com/mdlayher/socket v0.0.0-20211007213009-516dcbdf0267/go.mod h1:nFZ1EtZYK8Gi/k6QNu7z7CgO20i/4ExeQswwWuPmG/g=
 github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb h1:2dC7L10LmTqlyMVzFJ00qM25lqESg9Z4u3GuEXN5iHY=
 github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb/go.mod h1:nFZ1EtZYK8Gi/k6QNu7z7CgO20i/4ExeQswwWuPmG/g=
-github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg=
-github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
+github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY=
+github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
 github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721 h1:RlZweED6sbSArvlE924+mUcZuXKLBHA35U7LN621Bws=
 github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721/go.mod h1:Ickgr2WtCLZ2MDGd4Gr0geeCH5HybhRJbonOgQpvSxc=
 github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4=
@@ -420,18 +406,17 @@ github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1y
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/onsi/gomega v1.18.1 h1:M1GfJqGRrBrrGGsbxzV5dqM2U2ApXefZCQpkukxYRLE=
 github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
-github.com/open-policy-agent/opa v0.49.0 h1:TIlpCT1B5FSm8Dqo/a4t23gKmHkQysC3+7W77F99P4k=
-github.com/open-policy-agent/opa v0.49.0/go.mod h1:WTLWtu498/QNTDkiHx76Xj7jaJUPvLJAPtdMkCcst0w=
 github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw=
 github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pegasus-kv/thrift v0.13.0 h1:4ESwaNoHImfbHa9RUGJiJZ4hrxorihZHk5aarYwY8d4=
 github.com/pegasus-kv/thrift v0.13.0/go.mod h1:Gl9NT/WHG6ABm6NsrbfE8LiJN0sAyneCrvB4qN4NPqQ=
+github.com/pion/dtls/v2 v2.2.4/go.mod h1:WGKfxqhrddne4Kg3p11FUMJrynkOY4lb25zHNO49wuw=
 github.com/pion/dtls/v2 v2.2.6 h1:yXMxKr0Skd+Ub6A8UqXTRLSywskx93ooMRHsQUtd+Z4=
 github.com/pion/dtls/v2 v2.2.6/go.mod h1:t8fWJCIquY5rlQZwA2yWxUS1+OCrAdXrhVKXB5oD/wY=
-github.com/pion/ice/v2 v2.3.1 h1:FQCmUfZe2Jpe7LYStVBOP6z1DiSzbIateih3TztgTjc=
-github.com/pion/ice/v2 v2.3.1/go.mod h1:aq2kc6MtYNcn4XmMhobAv6hTNJiHzvD0yXRz80+bnP8=
+github.com/pion/ice/v2 v2.3.0 h1:G+ysriabk1p9wbySDpdsnlD+6ZspLlDLagRduRfzJPk=
+github.com/pion/ice/v2 v2.3.0/go.mod h1:+xO/cXVnnVUr6D2ZJcCT5g9LngucUkkTvfnTMqUxKRM=
 github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
 github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
 github.com/pion/mdns v0.0.7 h1:P0UB4Sr6xDWEox0kTVxF0LmQihtCbSAdW0H2nEgkA3U=
@@ -441,10 +426,12 @@ github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TB
 github.com/pion/stun v0.4.0 h1:vgRrbBE2htWHy7l3Zsxckk7rkjnjOsSM7PHZnBwo8rk=
 github.com/pion/stun v0.4.0/go.mod h1:QPsh1/SbXASntw3zkkrIk3ZJVKz4saBY2G7S10P3wCw=
 github.com/pion/transport/v2 v2.0.0/go.mod h1:HS2MEBJTwD+1ZI2eSXSvHJx/HnzQqRy2/LXxt6eVMHc=
+github.com/pion/transport/v2 v2.0.1/go.mod h1:93OYg91+mrGxKW+Jrgzmqr80kgXqD7J0yybOrdr7w0Y=
 github.com/pion/transport/v2 v2.0.2 h1:St+8o+1PEzPT51O9bv+tH/KYYLMNR5Vwm5Z3Qkjsywg=
 github.com/pion/transport/v2 v2.0.2/go.mod h1:vrz6bUbFr/cjdwbnxq8OdDDzHf7JJfGsIRkxfpZoTA0=
 github.com/pion/turn/v2 v2.1.0 h1:5wGHSgGhJhP/RpabkUb/T9PdsAjkGLS6toYz5HNzoSI=
 github.com/pion/turn/v2 v2.1.0/go.mod h1:yrT5XbXSGX1VFSF31A3c1kCNB5bBZgk/uu5LET162qs=
+github.com/pion/udp v0.1.4/go.mod h1:G8LDo56HsFwC24LIcnT4YIDU5qcB6NepqqjP0keL2us=
 github.com/pion/udp/v2 v2.0.1 h1:xP0z6WNux1zWEjhC7onRA3EwwSliXqu1ElUZAQhUP54=
 github.com/pion/udp/v2 v2.0.1/go.mod h1:B7uvTMP00lzWdyMr/1PVZXtV3wpPIxBRd4Wl6AksXn8=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
@@ -460,14 +447,13 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
-github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
+github.com/prometheus/client_golang v1.13.0 h1:b71QUfeo5M8gq2+evJdTPfZhYMAU0uKPkyPJ7TPsloU=
+github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
-github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
@@ -481,8 +467,7 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
-github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 h1:MkV+77GLUNo5oJ0jf870itWm3D0Sjh7+Za9gazKc5LQ=
-github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
+github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
@@ -496,12 +481,13 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeV
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
+github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=
 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
 github.com/smartystreets/assertions v1.13.0 h1:Dx1kYM01xsSqKPno3aqLnrwac2LetPvN23diwyr69Qs=
 github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
+github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
@@ -531,8 +517,6 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes=
-github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
@@ -540,12 +524,6 @@ github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJ
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
-github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
-github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/yashtewari/glob-intersection v0.1.0 h1:6gJvMYQlTDOL3dMsPF6J0+26vwX9MB8/1q3uAdhmTrg=
-github.com/yashtewari/glob-intersection v0.1.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -561,7 +539,6 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
 go.opentelemetry.io/otel v1.11.1 h1:4WLLAmcfkmDk2ukNXJyq3/kiz/3UzCaYq6PskJsaou4=
 go.opentelemetry.io/otel v1.11.1/go.mod h1:1nNhXBbWSD0nsL38H6btgnFN2k4i0sNLHNNMZMSbUGE=
 go.opentelemetry.io/otel/exporters/prometheus v0.33.0 h1:xXhPj7SLKWU5/Zd4Hxmd+X1C4jdmvc0Xy+kvjFx2z60=
@@ -574,6 +551,7 @@ go.opentelemetry.io/otel/sdk/metric v0.33.0 h1:oTqyWfksgKoJmbrs2q7O7ahkJzt+Ipeki
 go.opentelemetry.io/otel/sdk/metric v0.33.0/go.mod h1:xdypMeA21JBOvjjzDUtD0kzIcHO/SPez+a8HOzJPGp0=
 go.opentelemetry.io/otel/trace v1.11.1 h1:ofxdnzsNrGBYXbP7t7zpUK281+go5rF7dvdIZXF8gdQ=
 go.opentelemetry.io/otel/trace v1.11.1/go.mod h1:f/Q9G7vzk5u91PhbmKbg1Qn0rzH1LJ4vbPHFGkTPtOk=
+go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -585,8 +563,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
-golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
+golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -623,9 +601,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -686,9 +663,8 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
+golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -707,9 +683,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -734,6 +709,7 @@ golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -791,22 +767,18 @@ golang.org/x/sys v0.0.0-20211214234402-4825e8c3871d/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
+golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
-golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -818,9 +790,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -874,19 +845,19 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
+golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.zx2c4.com/go118/netip v0.0.0-20211111135330-a4a02eeacf9d h1:9+v0G0naRhLPOJEeJOL6NuXTtAHHwmkyZlgQJ0XcQ8I=
 golang.zx2c4.com/go118/netip v0.0.0-20211111135330-a4a02eeacf9d/go.mod h1:5yyfuiqVIJ7t+3MqrpTQ+QqRkMWiESiyDvPNvKYCecg=
 golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 h1:Ug9qvr1myri/zFN6xL17LSCBGFDnphBBhzmILHsM5TY=
 golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
 golang.zx2c4.com/wireguard v0.0.0-20211129173154-2dd424e2d808/go.mod h1:TjUWrnD5ATh7bFvmm/ALEJZQ4ivKbETb6pmyj1vUoNI=
-golang.zx2c4.com/wireguard v0.0.0-20230223181233-21636207a675 h1:/J/RVnr7ng4fWPRH3xa4WtBJ1Jp+Auu4YNLmGiPv5QU=
-golang.zx2c4.com/wireguard v0.0.0-20230223181233-21636207a675/go.mod h1:whfbyDBt09xhCYQWtO2+3UVjlaq6/9hDZrjg2ZE6SyA=
+golang.zx2c4.com/wireguard v0.0.0-20211209221555-9c9e7e272434 h1:3zl8RkJNQ8wfPRomwv/6DBbH2Ut6dgMaWTxM0ZunWnE=
+golang.zx2c4.com/wireguard v0.0.0-20211209221555-9c9e7e272434/go.mod h1:TjUWrnD5ATh7bFvmm/ALEJZQ4ivKbETb6pmyj1vUoNI=
 golang.zx2c4.com/wireguard/wgctrl v0.0.0-20211215182854-7a385b3431de h1:qDZ+lyO5jC9RNJ7ANJA0GWXk3pSn0Fu5SlcAIlgw+6w=
 golang.zx2c4.com/wireguard/wgctrl v0.0.0-20211215182854-7a385b3431de/go.mod h1:Q2XNgour4QSkFj0BWCkVlW0HWJwQgNMsMahpSlI0Eno=
 golang.zx2c4.com/wireguard/windows v0.5.1 h1:OnYw96PF+CsIMrqWo5QP3Q59q5hY1rFErk/yN3cS+JQ=
@@ -936,6 +907,7 @@ google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfG
 google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
@@ -943,8 +915,8 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 h1:a2S6M0+660BgMNl++4JPlcAO/CjkqYItDEZwkoDQK7c=
-google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg=
+google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa h1:I0YcKz0I7OAhddo7ya8kMnvprhcWM045PmkBdMO9zN0=
+google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -957,8 +929,11 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa
 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.52.3 h1:pf7sOysg4LdgBqduXveGKrcEwbStiK2rtfghdzlUYDQ=
-google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY=
+google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
+google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
+google.golang.org/grpc v1.43.0 h1:Eeu7bZtDZ2DpRCsLhUlcrLnvYaMK1Gz86a+hMVvELmM=
+google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -980,6 +955,7 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=

iface/bind/bind.go

@@ -1,208 +0,0 @@
-package bind
-
-import (
-	"errors"
-	"fmt"
-	"github.com/pion/stun"
-	"github.com/pion/transport/v2"
-	log "github.com/sirupsen/logrus"
-	"golang.zx2c4.com/wireguard/conn"
-	"net"
-	"net/netip"
-	"sync"
-	"syscall"
-)
-
-// ICEBind is the userspace implementation of WireGuard's conn.Bind interface using ice.UDPMux of the pion/ice library
-type ICEBind struct {
-	// below fields, initialized on open
-	sharedConn net.PacketConn
-	udpMux     *UniversalUDPMuxDefault
-
-	// below are fields initialized on creation
-	transportNet transport.Net
-	mu           sync.Mutex
-}
-
-// NewICEBind create a new instance of ICEBind with a given transportNet and an interfaceFilter function.
-// The interfaceFilter function is used to exclude interfaces from hole punching (the IPs of that interfaces won't be used as connection candidates)
-// The transportNet can be nil.
-func NewICEBind(transportNet transport.Net) *ICEBind {
-	return &ICEBind{
-		transportNet: transportNet,
-		mu:           sync.Mutex{},
-	}
-}
-
-// GetICEMux returns the ICE UDPMux that was created and used by ICEBind
-func (b *ICEBind) GetICEMux() (*UniversalUDPMuxDefault, error) {
-	b.mu.Lock()
-	defer b.mu.Unlock()
-	if b.udpMux == nil {
-		return nil, fmt.Errorf("ICEBind has not been initialized yet")
-	}
-
-	return b.udpMux, nil
-}
-
-// Open creates a WireGuard socket and an instance of UDPMux that is used to glue up ICE and WireGuard for hole punching
-func (b *ICEBind) Open(uport uint16) ([]conn.ReceiveFunc, uint16, error) {
-	b.mu.Lock()
-	defer b.mu.Unlock()
-
-	if b.sharedConn != nil {
-		return nil, 0, conn.ErrBindAlreadyOpen
-	}
-
-	ipv4Conn, _, err := listenNet("udp4", int(uport))
-	if err != nil && !errors.Is(err, syscall.EAFNOSUPPORT) {
-		return nil, 0, err
-	}
-	b.sharedConn = ipv4Conn
-	b.udpMux = NewUniversalUDPMuxDefault(UniversalUDPMuxParams{UDPConn: b.sharedConn, Net: b.transportNet})
-
-	portAddr1, err := netip.ParseAddrPort(ipv4Conn.LocalAddr().String())
-	if err != nil {
-		return nil, 0, err
-	}
-
-	log.Infof("opened ICEBind on %s", ipv4Conn.LocalAddr().String())
-
-	return []conn.ReceiveFunc{
-			b.makeReceiveIPv4(b.sharedConn),
-		},
-		portAddr1.Port(), nil
-}
-
-func listenNet(network string, port int) (*net.UDPConn, int, error) {
-	conn, err := net.ListenUDP(network, &net.UDPAddr{Port: port})
-	if err != nil {
-		return nil, 0, err
-	}
-
-	// Retrieve port.
-	laddr := conn.LocalAddr()
-	uaddr, err := net.ResolveUDPAddr(
-		laddr.Network(),
-		laddr.String(),
-	)
-	if err != nil {
-		return nil, 0, err
-	}
-	return conn, uaddr.Port, nil
-}
-
-func parseSTUNMessage(raw []byte) (*stun.Message, error) {
-	msg := &stun.Message{
-		Raw: append([]byte{}, raw...),
-	}
-	if err := msg.Decode(); err != nil {
-		return nil, err
-	}
-
-	return msg, nil
-}
-
-func (b *ICEBind) makeReceiveIPv4(c net.PacketConn) conn.ReceiveFunc {
-	return func(buff []byte) (int, conn.Endpoint, error) {
-		n, endpoint, err := c.ReadFrom(buff)
-		if err != nil {
-			return 0, nil, err
-		}
-		e, err := netip.ParseAddrPort(endpoint.String())
-		if err != nil {
-			return 0, nil, err
-		}
-		if !stun.IsMessage(buff[:20]) {
-			// WireGuard traffic
-			return n, (conn.StdNetEndpoint)(netip.AddrPortFrom(e.Addr(), e.Port())), nil
-		}
-
-		msg, err := parseSTUNMessage(buff[:n])
-		if err != nil {
-			return 0, nil, err
-		}
-
-		err = b.udpMux.HandleSTUNMessage(msg, endpoint)
-		if err != nil {
-			log.Warnf("failed to handle packet")
-		}
-
-		// discard packets because they are STUN related
-		return 0, nil, nil //todo proper return
-	}
-}
-
-// Close closes the WireGuard socket and UDPMux
-func (b *ICEBind) Close() error {
-	b.mu.Lock()
-	defer b.mu.Unlock()
-
-	var err1, err2 error
-	if b.sharedConn != nil {
-		c := b.sharedConn
-		b.sharedConn = nil
-		err1 = c.Close()
-	}
-
-	if b.udpMux != nil {
-		m := b.udpMux
-		b.udpMux = nil
-		err2 = m.Close()
-	}
-
-	if err1 != nil {
-		return err1
-	}
-
-	return err2
-}
-
-// SetMark sets the mark for each packet sent through this Bind.
-// This mark is passed to the kernel as the socket option SO_MARK.
-func (b *ICEBind) SetMark(mark uint32) error {
-	return nil
-}
-
-// Send bytes to the remote endpoint (peer)
-func (b *ICEBind) Send(buff []byte, endpoint conn.Endpoint) error {
-
-	nend, ok := endpoint.(conn.StdNetEndpoint)
-	if !ok {
-		return conn.ErrWrongEndpointType
-	}
-	addrPort := netip.AddrPort(nend)
-	_, err := b.sharedConn.WriteTo(buff, &net.UDPAddr{
-		IP:   addrPort.Addr().AsSlice(),
-		Port: int(addrPort.Port()),
-		Zone: addrPort.Addr().Zone(),
-	})
-	return err
-}
-
-// ParseEndpoint creates a new endpoint from a string.
-func (b *ICEBind) ParseEndpoint(s string) (ep conn.Endpoint, err error) {
-	e, err := netip.ParseAddrPort(s)
-	return asEndpoint(e), err
-}
-
-// endpointPool contains a re-usable set of mapping from netip.AddrPort to Endpoint.
-// This exists to reduce allocations: Putting a netip.AddrPort in an Endpoint allocates,
-// but Endpoints are immutable, so we can re-use them.
-var endpointPool = sync.Pool{
-	New: func() any {
-		return make(map[netip.AddrPort]conn.Endpoint)
-	},
-}
-
-// asEndpoint returns an Endpoint containing ap.
-func asEndpoint(ap netip.AddrPort) conn.Endpoint {
-	m := endpointPool.Get().(map[netip.AddrPort]conn.Endpoint)
-	defer endpointPool.Put(m)
-	e, ok := m[ap]
-	if !ok {
-		e = conn.Endpoint(conn.StdNetEndpoint(ap))
-		m[ap] = e
-	}
-	return e
-}

iface/bind/udp_mux.go

@@ -1,444 +0,0 @@
-package bind
-
-import (
-	"fmt"
-	"github.com/pion/ice/v2"
-	"github.com/pion/stun"
-	"github.com/pion/transport/v2/stdnet"
-	log "github.com/sirupsen/logrus"
-	"io"
-	"net"
-	"strings"
-	"sync"
-
-	"github.com/pion/logging"
-	"github.com/pion/transport/v2"
-)
-
-/*
- Most of this code was copied from https://github.com/pion/ice and modified to fulfill NetBird's requirements
-*/
-
-const receiveMTU = 8192
-
-// UDPMuxDefault is an implementation of the interface
-type UDPMuxDefault struct {
-	params UDPMuxParams
-
-	closedChan chan struct{}
-	closeOnce  sync.Once
-
-	// connsIPv4 and connsIPv6 are maps of all udpMuxedConn indexed by ufrag|network|candidateType
-	connsIPv4, connsIPv6 map[string]*udpMuxedConn
-
-	addressMapMu sync.RWMutex
-	addressMap   map[string][]*udpMuxedConn
-
-	// buffer pool to recycle buffers for net.UDPAddr encodes/decodes
-	pool *sync.Pool
-
-	mu sync.Mutex
-
-	// for UDP connection listen at unspecified address
-	localAddrsForUnspecified []net.Addr
-}
-
-const maxAddrSize = 512
-
-// UDPMuxParams are parameters for UDPMux.
-type UDPMuxParams struct {
-	Logger  logging.LeveledLogger
-	UDPConn net.PacketConn
-
-	// Required for gathering local addresses
-	// in case a un UDPConn is passed which does not
-	// bind to a specific local address.
-	Net             transport.Net
-	InterfaceFilter func(interfaceName string) bool
-}
-
-func localInterfaces(n transport.Net, interfaceFilter func(string) bool, ipFilter func(net.IP) bool, networkTypes []ice.NetworkType, includeLoopback bool) ([]net.IP, error) { //nolint:gocognit
-	ips := []net.IP{}
-	ifaces, err := n.Interfaces()
-	if err != nil {
-		return ips, err
-	}
-
-	var IPv4Requested, IPv6Requested bool
-	for _, typ := range networkTypes {
-		if typ.IsIPv4() {
-			IPv4Requested = true
-		}
-
-		if typ.IsIPv6() {
-			IPv6Requested = true
-		}
-	}
-
-	for _, iface := range ifaces {
-		if iface.Flags&net.FlagUp == 0 {
-			continue // interface down
-		}
-		if (iface.Flags&net.FlagLoopback != 0) && !includeLoopback {
-			continue // loopback interface
-		}
-
-		if interfaceFilter != nil && !interfaceFilter(iface.Name) {
-			continue
-		}
-
-		addrs, err := iface.Addrs()
-		if err != nil {
-			continue
-		}
-
-		for _, addr := range addrs {
-			var ip net.IP
-			switch addr := addr.(type) {
-			case *net.IPNet:
-				ip = addr.IP
-			case *net.IPAddr:
-				ip = addr.IP
-			}
-			if ip == nil || (ip.IsLoopback() && !includeLoopback) {
-				continue
-			}
-
-			if ipv4 := ip.To4(); ipv4 == nil {
-				if !IPv6Requested {
-					continue
-				} else if !isSupportedIPv6(ip) {
-					continue
-				}
-			} else if !IPv4Requested {
-				continue
-			}
-
-			if ipFilter != nil && !ipFilter(ip) {
-				continue
-			}
-
-			ips = append(ips, ip)
-		}
-	}
-	return ips, nil
-}
-
-// The conditions of invalidation written below are defined in
-// https://tools.ietf.org/html/rfc8445#section-5.1.1.1
-func isSupportedIPv6(ip net.IP) bool {
-	if len(ip) != net.IPv6len ||
-		isZeros(ip[0:12]) || // !(IPv4-compatible IPv6)
-		ip[0] == 0xfe && ip[1]&0xc0 == 0xc0 || // !(IPv6 site-local unicast)
-		ip.IsLinkLocalUnicast() ||
-		ip.IsLinkLocalMulticast() {
-		return false
-	}
-	return true
-}
-
-func isZeros(ip net.IP) bool {
-	for i := 0; i < len(ip); i++ {
-		if ip[i] != 0 {
-			return false
-		}
-	}
-	return true
-}
-
-// NewUDPMuxDefault creates an implementation of UDPMux
-func NewUDPMuxDefault(params UDPMuxParams) *UDPMuxDefault {
-	if params.Logger == nil {
-		params.Logger = logging.NewDefaultLoggerFactory().NewLogger("ice")
-	}
-
-	var localAddrsForUnspecified []net.Addr
-	if addr, ok := params.UDPConn.LocalAddr().(*net.UDPAddr); !ok {
-		params.Logger.Errorf("LocalAddr is not a net.UDPAddr, got %T", params.UDPConn.LocalAddr())
-	} else if ok && addr.IP.IsUnspecified() {
-		// For unspecified addresses, the correct behavior is to return errListenUnspecified, but
-		// it will break the applications that are already using unspecified UDP connection
-		// with UDPMuxDefault, so print a warn log and create a local address list for mux.
-		params.Logger.Warn("UDPMuxDefault should not listening on unspecified address, use NewMultiUDPMuxFromPort instead")
-		var networks []ice.NetworkType
-		switch {
-		case addr.IP.To4() != nil:
-			networks = []ice.NetworkType{ice.NetworkTypeUDP4}
-
-		case addr.IP.To16() != nil:
-			networks = []ice.NetworkType{ice.NetworkTypeUDP4, ice.NetworkTypeUDP6}
-
-		default:
-			params.Logger.Errorf("LocalAddr expected IPV4 or IPV6, got %T", params.UDPConn.LocalAddr())
-		}
-		if len(networks) > 0 {
-			if params.Net == nil {
-				var err error
-				if params.Net, err = stdnet.NewNet(); err != nil {
-					params.Logger.Errorf("failed to get create network: %v", err)
-				}
-			}
-
-			ips, err := localInterfaces(params.Net, params.InterfaceFilter, nil, networks, true)
-			if err == nil {
-				for _, ip := range ips {
-					localAddrsForUnspecified = append(localAddrsForUnspecified, &net.UDPAddr{IP: ip, Port: addr.Port})
-				}
-			} else {
-				params.Logger.Errorf("failed to get local interfaces for unspecified addr: %v", err)
-			}
-		}
-	}
-
-	return &UDPMuxDefault{
-		addressMap: map[string][]*udpMuxedConn{},
-		params:     params,
-		connsIPv4:  make(map[string]*udpMuxedConn),
-		connsIPv6:  make(map[string]*udpMuxedConn),
-		closedChan: make(chan struct{}, 1),
-		pool: &sync.Pool{
-			New: func() interface{} {
-				// big enough buffer to fit both packet and address
-				return newBufferHolder(receiveMTU + maxAddrSize)
-			},
-		},
-		localAddrsForUnspecified: localAddrsForUnspecified,
-	}
-}
-
-// LocalAddr returns the listening address of this UDPMuxDefault
-func (m *UDPMuxDefault) LocalAddr() net.Addr {
-	return m.params.UDPConn.LocalAddr()
-}
-
-// GetListenAddresses returns the list of addresses that this mux is listening on
-func (m *UDPMuxDefault) GetListenAddresses() []net.Addr {
-	if len(m.localAddrsForUnspecified) > 0 {
-		return m.localAddrsForUnspecified
-	}
-
-	return []net.Addr{m.LocalAddr()}
-}
-
-// GetConn returns a PacketConn given the connection's ufrag and network address
-// creates the connection if an existing one can't be found
-func (m *UDPMuxDefault) GetConn(ufrag string, addr net.Addr) (net.PacketConn, error) {
-
-	var isIPv6 bool
-	if udpAddr, _ := addr.(*net.UDPAddr); udpAddr != nil && udpAddr.IP.To4() == nil {
-		isIPv6 = true
-	}
-	m.mu.Lock()
-	defer m.mu.Unlock()
-
-	if m.IsClosed() {
-		return nil, io.ErrClosedPipe
-	}
-
-	if conn, ok := m.getConn(ufrag, isIPv6); ok {
-		return conn, nil
-	}
-
-	c := m.createMuxedConn(ufrag)
-	go func() {
-		<-c.CloseChannel()
-		m.RemoveConnByUfrag(ufrag)
-	}()
-
-	if isIPv6 {
-		m.connsIPv6[ufrag] = c
-	} else {
-		m.connsIPv4[ufrag] = c
-	}
-
-	return c, nil
-}
-
-// RemoveConnByUfrag stops and removes the muxed packet connection
-func (m *UDPMuxDefault) RemoveConnByUfrag(ufrag string) {
-	removedConns := make([]*udpMuxedConn, 0, 2)
-
-	// Keep lock section small to avoid deadlock with conn lock
-	m.mu.Lock()
-	if c, ok := m.connsIPv4[ufrag]; ok {
-		delete(m.connsIPv4, ufrag)
-		removedConns = append(removedConns, c)
-	}
-	if c, ok := m.connsIPv6[ufrag]; ok {
-		delete(m.connsIPv6, ufrag)
-		removedConns = append(removedConns, c)
-	}
-	m.mu.Unlock()
-
-	if len(removedConns) == 0 {
-		// No need to lock if no connection was found
-		return
-	}
-
-	m.addressMapMu.Lock()
-	defer m.addressMapMu.Unlock()
-
-	for _, c := range removedConns {
-		addresses := c.getAddresses()
-		for _, addr := range addresses {
-			if connList, ok := m.addressMap[addr]; ok {
-				var newList []*udpMuxedConn
-				for _, conn := range connList {
-					if conn.params.Key != ufrag {
-						newList = append(newList, conn)
-					}
-				}
-				m.addressMap[addr] = newList
-			}
-		}
-	}
-}
-
-// IsClosed returns true if the mux had been closed
-func (m *UDPMuxDefault) IsClosed() bool {
-	select {
-	case <-m.closedChan:
-		return true
-	default:
-		return false
-	}
-}
-
-// Close the mux, no further connections could be created
-func (m *UDPMuxDefault) Close() error {
-	var err error
-	m.closeOnce.Do(func() {
-		m.mu.Lock()
-		defer m.mu.Unlock()
-
-		for _, c := range m.connsIPv4 {
-			_ = c.Close()
-		}
-		for _, c := range m.connsIPv6 {
-			_ = c.Close()
-		}
-
-		m.connsIPv4 = make(map[string]*udpMuxedConn)
-		m.connsIPv6 = make(map[string]*udpMuxedConn)
-
-		close(m.closedChan)
-
-		_ = m.params.UDPConn.Close()
-	})
-	return err
-}
-
-func (m *UDPMuxDefault) writeTo(buf []byte, rAddr net.Addr) (n int, err error) {
-	return m.params.UDPConn.WriteTo(buf, rAddr)
-}
-
-func (m *UDPMuxDefault) registerConnForAddress(conn *udpMuxedConn, addr string) {
-	if m.IsClosed() {
-		return
-	}
-
-	m.addressMapMu.Lock()
-	defer m.addressMapMu.Unlock()
-
-	existing, ok := m.addressMap[addr]
-	if !ok {
-		existing = []*udpMuxedConn{}
-	}
-	existing = append(existing, conn)
-	m.addressMap[addr] = existing
-
-	log.Debugf("ICE: registered %s for %s", addr, conn.params.Key)
-}
-
-func (m *UDPMuxDefault) createMuxedConn(key string) *udpMuxedConn {
-	c := newUDPMuxedConn(&udpMuxedConnParams{
-		Mux:       m,
-		Key:       key,
-		AddrPool:  m.pool,
-		LocalAddr: m.LocalAddr(),
-		Logger:    m.params.Logger,
-	})
-	return c
-}
-
-// HandleSTUNMessage handles STUN packets and forwards them to underlying pion/ice library
-func (m *UDPMuxDefault) HandleSTUNMessage(msg *stun.Message, addr net.Addr) error {
-
-	remoteAddr, ok := addr.(*net.UDPAddr)
-	if !ok {
-		return fmt.Errorf("underlying PacketConn did not return a UDPAddr")
-	}
-
-	// If we have already seen this address dispatch to the appropriate destination
-	// If you are using the same socket for the Host and SRFLX candidates, it might be that there are more than one
-	// muxed connection - one for the SRFLX candidate and the other one for the HOST one.
-	// We will then forward STUN packets to each of these connections.
-	m.addressMapMu.Lock()
-	var destinationConnList []*udpMuxedConn
-	if storedConns, ok := m.addressMap[addr.String()]; ok {
-		destinationConnList = append(destinationConnList, storedConns...)
-	}
-	m.addressMapMu.Unlock()
-
-	var isIPv6 bool
-	if udpAddr, _ := addr.(*net.UDPAddr); udpAddr != nil && udpAddr.IP.To4() == nil {
-		isIPv6 = true
-	}
-
-	// This block is needed to discover Peer Reflexive Candidates for which we don't know the Endpoint upfront.
-	// However, we can take a username attribute from the STUN message which contains ufrag.
-	// We can use ufrag to identify the destination conn to route packet to.
-	attr, stunAttrErr := msg.Get(stun.AttrUsername)
-	if stunAttrErr == nil {
-		ufrag := strings.Split(string(attr), ":")[0]
-
-		m.mu.Lock()
-		destinationConn := m.connsIPv4[ufrag]
-		if isIPv6 {
-			destinationConn = m.connsIPv6[ufrag]
-		}
-
-		if destinationConn != nil {
-			exists := false
-			for _, conn := range destinationConnList {
-				if conn.params.Key == destinationConn.params.Key {
-					exists = true
-					break
-				}
-			}
-			if !exists {
-				destinationConnList = append(destinationConnList, destinationConn)
-			}
-		}
-		m.mu.Unlock()
-	}
-
-	// Forward STUN packets to each destination connections even thought the STUN packet might not belong there.
-	// It will be discarded by the further ICE candidate logic if so.
-	for _, conn := range destinationConnList {
-		if err := conn.writePacket(msg.Raw, remoteAddr); err != nil {
-			log.Errorf("could not write packet: %v", err)
-		}
-	}
-
-	return nil
-}
-
-func (m *UDPMuxDefault) getConn(ufrag string, isIPv6 bool) (val *udpMuxedConn, ok bool) {
-	if isIPv6 {
-		val, ok = m.connsIPv6[ufrag]
-	} else {
-		val, ok = m.connsIPv4[ufrag]
-	}
-	return
-}
-
-type bufferHolder struct {
-	buf []byte
-}
-
-func newBufferHolder(size int) *bufferHolder {
-	return &bufferHolder{
-		buf: make([]byte, size),
-	}
-}

iface/bind/udp_mux_universal.go

@@ -1,253 +0,0 @@
-package bind
-
-/*
- Most of this code was copied from https://github.com/pion/ice and modified to fulfill NetBird's requirements.
-*/
-
-import (
-	"fmt"
-	log "github.com/sirupsen/logrus"
-	"net"
-	"time"
-
-	"github.com/pion/logging"
-	"github.com/pion/stun"
-	"github.com/pion/transport/v2"
-)
-
-// UniversalUDPMuxDefault handles STUN and TURN servers packets by wrapping the original UDPConn
-// It then passes packets to the UDPMux that does the actual connection muxing.
-type UniversalUDPMuxDefault struct {
-	*UDPMuxDefault
-	params UniversalUDPMuxParams
-
-	// since we have a shared socket, for srflx candidates it makes sense to have a shared mapped address across all the agents
-	// stun.XORMappedAddress indexed by the STUN server addr
-	xorMappedMap map[string]*xorMapped
-}
-
-// UniversalUDPMuxParams are parameters for UniversalUDPMux server reflexive.
-type UniversalUDPMuxParams struct {
-	Logger                logging.LeveledLogger
-	UDPConn               net.PacketConn
-	XORMappedAddrCacheTTL time.Duration
-	Net                   transport.Net
-}
-
-// NewUniversalUDPMuxDefault creates an implementation of UniversalUDPMux embedding UDPMux
-func NewUniversalUDPMuxDefault(params UniversalUDPMuxParams) *UniversalUDPMuxDefault {
-	if params.Logger == nil {
-		params.Logger = logging.NewDefaultLoggerFactory().NewLogger("ice")
-	}
-	if params.XORMappedAddrCacheTTL == 0 {
-		params.XORMappedAddrCacheTTL = time.Second * 25
-	}
-
-	m := &UniversalUDPMuxDefault{
-		params:       params,
-		xorMappedMap: make(map[string]*xorMapped),
-	}
-
-	// wrap UDP connection, process server reflexive messages
-	// before they are passed to the UDPMux connection handler (connWorker)
-	m.params.UDPConn = &udpConn{
-		PacketConn: params.UDPConn,
-		mux:        m,
-		logger:     params.Logger,
-	}
-
-	// embed UDPMux
-	udpMuxParams := UDPMuxParams{
-		Logger:  params.Logger,
-		UDPConn: m.params.UDPConn,
-		Net:     m.params.Net,
-	}
-	m.UDPMuxDefault = NewUDPMuxDefault(udpMuxParams)
-
-	return m
-}
-
-// udpConn is a wrapper around UDPMux conn that overrides ReadFrom and handles STUN/TURN packets
-type udpConn struct {
-	net.PacketConn
-	mux    *UniversalUDPMuxDefault
-	logger logging.LeveledLogger
-}
-
-// GetListenAddresses returns the listen addr of this UDP
-func (m *UniversalUDPMuxDefault) GetListenAddresses() []net.Addr {
-	return []net.Addr{m.LocalAddr()}
-}
-
-// GetRelayedAddr creates relayed connection to the given TURN service and returns the relayed addr.
-// Not implemented yet.
-func (m *UniversalUDPMuxDefault) GetRelayedAddr(turnAddr net.Addr, deadline time.Duration) (*net.Addr, error) {
-	return nil, fmt.Errorf("not implemented yet")
-}
-
-// GetConnForURL add uniques to the muxed connection by concatenating ufrag and URL (e.g. STUN URL) to be able to support multiple STUN/TURN servers
-// and return a unique connection per server.
-func (m *UniversalUDPMuxDefault) GetConnForURL(ufrag string, url string, addr net.Addr) (net.PacketConn, error) {
-	return m.UDPMuxDefault.GetConn(fmt.Sprintf("%s%s", ufrag, url), addr)
-}
-
-// HandleSTUNMessage discovers STUN packets that carry a XOR mapped address from a STUN server.
-// All other STUN packets will be forwarded to the UDPMux
-func (m *UniversalUDPMuxDefault) HandleSTUNMessage(msg *stun.Message, addr net.Addr) error {
-
-	udpAddr, ok := addr.(*net.UDPAddr)
-	if !ok {
-		// message about this err will be logged in the UDPMux
-		return nil
-	}
-
-	if m.isXORMappedResponse(msg, udpAddr.String()) {
-		err := m.handleXORMappedResponse(udpAddr, msg)
-		if err != nil {
-			log.Debugf("%s: %v", fmt.Errorf("failed to get XOR-MAPPED-ADDRESS response"), err)
-			return nil
-		}
-		return nil
-	}
-	return m.UDPMuxDefault.HandleSTUNMessage(msg, addr)
-}
-
-// isXORMappedResponse indicates whether the message is a XORMappedAddress and is coming from the known STUN server.
-func (m *UniversalUDPMuxDefault) isXORMappedResponse(msg *stun.Message, stunAddr string) bool {
-	m.mu.Lock()
-	defer m.mu.Unlock()
-	// check first if it is a STUN server address because remote peer can also send similar messages but as a BindingSuccess
-	_, ok := m.xorMappedMap[stunAddr]
-	_, err := msg.Get(stun.AttrXORMappedAddress)
-	return err == nil && ok
-}
-
-// handleXORMappedResponse parses response from the STUN server, extracts XORMappedAddress attribute
-// and set the mapped address for the server
-func (m *UniversalUDPMuxDefault) handleXORMappedResponse(stunAddr *net.UDPAddr, msg *stun.Message) error {
-	m.mu.Lock()
-	defer m.mu.Unlock()
-
-	mappedAddr, ok := m.xorMappedMap[stunAddr.String()]
-	if !ok {
-		return fmt.Errorf("no XOR address mapping")
-	}
-
-	var addr stun.XORMappedAddress
-	if err := addr.GetFrom(msg); err != nil {
-		return err
-	}
-
-	m.xorMappedMap[stunAddr.String()] = mappedAddr
-	mappedAddr.SetAddr(&addr)
-
-	return nil
-}
-
-// GetXORMappedAddr returns *stun.XORMappedAddress if already present for a given STUN server.
-// Makes a STUN binding request to discover mapped address otherwise.
-// Blocks until the stun.XORMappedAddress has been discovered or deadline.
-// Method is safe for concurrent use.
-func (m *UniversalUDPMuxDefault) GetXORMappedAddr(serverAddr net.Addr, deadline time.Duration) (*stun.XORMappedAddress, error) {
-	m.mu.Lock()
-	mappedAddr, ok := m.xorMappedMap[serverAddr.String()]
-	// if we already have a mapping for this STUN server (address already received)
-	// and if it is not too old we return it without making a new request to STUN server
-	if ok {
-		if mappedAddr.expired() {
-			mappedAddr.closeWaiters()
-			delete(m.xorMappedMap, serverAddr.String())
-			ok = false
-		} else if mappedAddr.pending() {
-			ok = false
-		}
-	}
-	m.mu.Unlock()
-	if ok {
-		return mappedAddr.addr, nil
-	}
-
-	// otherwise, make a STUN request to discover the address
-	// or wait for already sent request to complete
-	waitAddrReceived, err := m.sendStun(serverAddr)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %s", "failed to send STUN packet", err)
-	}
-
-	// block until response was handled by the connWorker routine and XORMappedAddress was updated
-	select {
-	case <-waitAddrReceived:
-		// when channel closed, addr was obtained
-		m.mu.Lock()
-		mappedAddr := *m.xorMappedMap[serverAddr.String()]
-		m.mu.Unlock()
-		if mappedAddr.addr == nil {
-			return nil, fmt.Errorf("no XOR address mapping")
-		}
-		return mappedAddr.addr, nil
-	case <-time.After(deadline):
-		return nil, fmt.Errorf("timeout while waiting for XORMappedAddr")
-	}
-}
-
-// sendStun sends a STUN request via UDP conn.
-//
-// The returned channel is closed when the STUN response has been received.
-// Method is safe for concurrent use.
-func (m *UniversalUDPMuxDefault) sendStun(serverAddr net.Addr) (chan struct{}, error) {
-	m.mu.Lock()
-	defer m.mu.Unlock()
-
-	// if record present in the map, we already sent a STUN request,
-	// just wait when waitAddrReceived will be closed
-	addrMap, ok := m.xorMappedMap[serverAddr.String()]
-	if !ok {
-		addrMap = &xorMapped{
-			expiresAt:        time.Now().Add(m.params.XORMappedAddrCacheTTL),
-			waitAddrReceived: make(chan struct{}),
-		}
-		m.xorMappedMap[serverAddr.String()] = addrMap
-	}
-
-	req, err := stun.Build(stun.BindingRequest, stun.TransactionID)
-	if err != nil {
-		return nil, err
-	}
-
-	if _, err = m.params.UDPConn.WriteTo(req.Raw, serverAddr); err != nil {
-		return nil, err
-	}
-
-	return addrMap.waitAddrReceived, nil
-}
-
-type xorMapped struct {
-	addr             *stun.XORMappedAddress
-	waitAddrReceived chan struct{}
-	expiresAt        time.Time
-}
-
-func (a *xorMapped) closeWaiters() {
-	select {
-	case <-a.waitAddrReceived:
-		// notify was close, ok, that means we received duplicate response
-		// just exit
-		break
-	default:
-		// notify tha twe have a new addr
-		close(a.waitAddrReceived)
-	}
-}
-
-func (a *xorMapped) pending() bool {
-	return a.addr == nil
-}
-
-func (a *xorMapped) expired() bool {
-	return a.expiresAt.Before(time.Now())
-}
-
-func (a *xorMapped) SetAddr(addr *stun.XORMappedAddress) {
-	a.addr = addr
-	a.closeWaiters()
-}

iface/bind/udp_muxed_conn.go

@@ -1,233 +0,0 @@
-package bind
-
-/*
- Most of this code was copied from https://github.com/pion/ice and modified to fulfill NetBird's requirements
-*/
-
-import (
-	"encoding/binary"
-	"io"
-	"net"
-	"sync"
-	"time"
-
-	"github.com/pion/logging"
-	"github.com/pion/transport/v2/packetio"
-)
-
-type udpMuxedConnParams struct {
-	Mux       *UDPMuxDefault
-	AddrPool  *sync.Pool
-	Key       string
-	LocalAddr net.Addr
-	Logger    logging.LeveledLogger
-}
-
-// udpMuxedConn represents a logical packet conn for a single remote as identified by ufrag
-type udpMuxedConn struct {
-	params *udpMuxedConnParams
-	// remote addresses that we have sent to on this conn
-	addresses []string
-
-	// channel holding incoming packets
-	buf        *packetio.Buffer
-	closedChan chan struct{}
-	closeOnce  sync.Once
-	mu         sync.Mutex
-}
-
-func newUDPMuxedConn(params *udpMuxedConnParams) *udpMuxedConn {
-	p := &udpMuxedConn{
-		params:     params,
-		buf:        packetio.NewBuffer(),
-		closedChan: make(chan struct{}),
-	}
-
-	return p
-}
-
-func (c *udpMuxedConn) ReadFrom(b []byte) (n int, rAddr net.Addr, err error) {
-	buf := c.params.AddrPool.Get().(*bufferHolder) //nolint:forcetypeassert
-	defer c.params.AddrPool.Put(buf)
-
-	// read address
-	total, err := c.buf.Read(buf.buf)
-	if err != nil {
-		return 0, nil, err
-	}
-
-	dataLen := int(binary.LittleEndian.Uint16(buf.buf[:2]))
-	if dataLen > total || dataLen > len(b) {
-		return 0, nil, io.ErrShortBuffer
-	}
-
-	// read data and then address
-	offset := 2
-	copy(b, buf.buf[offset:offset+dataLen])
-	offset += dataLen
-
-	// read address len & decode address
-	addrLen := int(binary.LittleEndian.Uint16(buf.buf[offset : offset+2]))
-	offset += 2
-
-	if rAddr, err = decodeUDPAddr(buf.buf[offset : offset+addrLen]); err != nil {
-		return 0, nil, err
-	}
-
-	return dataLen, rAddr, nil
-}
-
-func (c *udpMuxedConn) WriteTo(buf []byte, rAddr net.Addr) (n int, err error) {
-	if c.isClosed() {
-		return 0, io.ErrClosedPipe
-	}
-	// each time we write to a new address, we'll register it with the mux
-	addr := rAddr.String()
-	if !c.containsAddress(addr) {
-		c.addAddress(addr)
-	}
-
-	return c.params.Mux.writeTo(buf, rAddr)
-}
-
-func (c *udpMuxedConn) LocalAddr() net.Addr {
-	return c.params.LocalAddr
-}
-
-func (c *udpMuxedConn) SetDeadline(tm time.Time) error {
-	return nil
-}
-
-func (c *udpMuxedConn) SetReadDeadline(tm time.Time) error {
-	return nil
-}
-
-func (c *udpMuxedConn) SetWriteDeadline(tm time.Time) error {
-	return nil
-}
-
-func (c *udpMuxedConn) CloseChannel() <-chan struct{} {
-	return c.closedChan
-}
-
-func (c *udpMuxedConn) Close() error {
-	var err error
-	c.closeOnce.Do(func() {
-		err = c.buf.Close()
-		close(c.closedChan)
-	})
-	return err
-}
-
-func (c *udpMuxedConn) isClosed() bool {
-	select {
-	case <-c.closedChan:
-		return true
-	default:
-		return false
-	}
-}
-
-func (c *udpMuxedConn) getAddresses() []string {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	addresses := make([]string, len(c.addresses))
-	copy(addresses, c.addresses)
-	return addresses
-}
-
-func (c *udpMuxedConn) addAddress(addr string) {
-	c.mu.Lock()
-	c.addresses = append(c.addresses, addr)
-	c.mu.Unlock()
-
-	// map it on mux
-	c.params.Mux.registerConnForAddress(c, addr)
-}
-
-func (c *udpMuxedConn) containsAddress(addr string) bool {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	for _, a := range c.addresses {
-		if addr == a {
-			return true
-		}
-	}
-	return false
-}
-
-func (c *udpMuxedConn) writePacket(data []byte, addr *net.UDPAddr) error {
-	// write two packets, address and data
-	buf := c.params.AddrPool.Get().(*bufferHolder) //nolint:forcetypeassert
-	defer c.params.AddrPool.Put(buf)
-
-	// format of buffer | data len | data bytes | addr len | addr bytes |
-	if len(buf.buf) < len(data)+maxAddrSize {
-		return io.ErrShortBuffer
-	}
-	// data len
-	binary.LittleEndian.PutUint16(buf.buf, uint16(len(data)))
-	offset := 2
-
-	// data
-	copy(buf.buf[offset:], data)
-	offset += len(data)
-
-	// write address first, leaving room for its length
-	n, err := encodeUDPAddr(addr, buf.buf[offset+2:])
-	if err != nil {
-		return err
-	}
-	total := offset + n + 2
-
-	// address len
-	binary.LittleEndian.PutUint16(buf.buf[offset:], uint16(n))
-
-	if _, err := c.buf.Write(buf.buf[:total]); err != nil {
-		return err
-	}
-	return nil
-}
-
-func encodeUDPAddr(addr *net.UDPAddr, buf []byte) (int, error) {
-	ipData, err := addr.IP.MarshalText()
-	if err != nil {
-		return 0, err
-	}
-	total := 2 + len(ipData) + 2 + len(addr.Zone)
-	if total > len(buf) {
-		return 0, io.ErrShortBuffer
-	}
-
-	binary.LittleEndian.PutUint16(buf, uint16(len(ipData)))
-	offset := 2
-	n := copy(buf[offset:], ipData)
-	offset += n
-	binary.LittleEndian.PutUint16(buf[offset:], uint16(addr.Port))
-	offset += 2
-	copy(buf[offset:], addr.Zone)
-	return total, nil
-}
-
-func decodeUDPAddr(buf []byte) (*net.UDPAddr, error) {
-	addr := net.UDPAddr{}
-
-	offset := 0
-	ipLen := int(binary.LittleEndian.Uint16(buf[:2]))
-	offset += 2
-	// basic bounds checking
-	if ipLen+offset > len(buf) {
-		return nil, io.ErrShortBuffer
-	}
-	if err := addr.IP.UnmarshalText(buf[offset : offset+ipLen]); err != nil {
-		return nil, err
-	}
-	offset += ipLen
-	addr.Port = int(binary.LittleEndian.Uint16(buf[offset : offset+2]))
-	offset += 2
-	zone := make([]byte, len(buf[offset:]))
-	copy(zone, buf[offset:])
-	addr.Zone = string(zone)
-
-	return &addr, nil
-}

iface/iface.go

@@ -1,57 +1,61 @@
 package iface
 
 import (
+	"fmt"
 	"net"
 	"sync"
 	"time"
 
-	"github.com/netbirdio/netbird/iface/bind"
-
 	log "github.com/sirupsen/logrus"
+	"golang.zx2c4.com/wireguard/wgctrl"
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )
 
 const (
 	DefaultMTU    = 1280
 	DefaultWgPort = 51820
-
-	defaultWgKeepAlive = 25 * time.Second
 )
 
+// NetInterface represents a generic network tunnel interface
+type NetInterface interface {
+	Close() error
+}
+
 // WGIface represents a interface instance
 type WGIface struct {
-	tun           *tunDevice
-	configurer    wGConfigurer
-	mu            sync.Mutex
-	userspaceBind bool
+	name         string
+	address      WGAddress
+	mtu          int
+	netInterface NetInterface
+	mu           sync.Mutex
 }
 
-// IsUserspaceBind indicates whether this interfaces is userspace with bind.ICEBind
-func (w *WGIface) IsUserspaceBind() bool {
-	return w.userspaceBind
-}
+// NewWGIFace Creates a new Wireguard interface instance
+func NewWGIFace(iface string, address string, mtu int) (*WGIface, error) {
+	wgIface := &WGIface{
+		name: iface,
+		mtu:  mtu,
+		mu:   sync.Mutex{},
+	}
 
-// GetBind returns a userspace implementation of WireGuard Bind interface
-func (w *WGIface) GetBind() *bind.ICEBind {
-	return w.tun.iceBind
-}
+	wgAddress, err := parseWGAddress(address)
+	if err != nil {
+		return wgIface, err
+	}
 
-// Create creates a new Wireguard interface, sets a given IP and brings it up.
-// Will reuse an existing one.
-func (w *WGIface) Create() error {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-	log.Debugf("create WireGuard interface %s", w.tun.DeviceName())
-	return w.tun.Create()
+	wgIface.address = wgAddress
+
+	return wgIface, nil
 }
 
 // Name returns the interface name
 func (w *WGIface) Name() string {
-	return w.tun.DeviceName()
+	return w.name
 }
 
 // Address returns the interface address
 func (w *WGIface) Address() WGAddress {
-	return w.tun.WgAddress()
+	return w.address
 }
 
 // Configure configures a Wireguard interface
@@ -59,8 +63,27 @@ func (w *WGIface) Address() WGAddress {
 func (w *WGIface) Configure(privateKey string, port int) error {
 	w.mu.Lock()
 	defer w.mu.Unlock()
-	log.Debugf("configuring Wireguard interface %s", w.tun.DeviceName())
-	return w.configurer.configureInterface(privateKey, port)
+
+	log.Debugf("configuring Wireguard interface %s", w.name)
+
+	log.Debugf("adding Wireguard private key")
+	key, err := wgtypes.ParseKey(privateKey)
+	if err != nil {
+		return err
+	}
+	fwmark := 0
+	config := wgtypes.Config{
+		PrivateKey:   &key,
+		ReplacePeers: true,
+		FirewallMark: &fwmark,
+		ListenPort:   &port,
+	}
+
+	err = w.configureDevice(config)
+	if err != nil {
+		return fmt.Errorf(`received error "%w" while configuring interface %s with port %d`, err, w.name, port)
+	}
+	return nil
 }
 
 // UpdateAddr updates address of the interface
@@ -73,26 +96,45 @@ func (w *WGIface) UpdateAddr(newAddr string) error {
 		return err
 	}
 
-	return w.tun.UpdateAddr(addr)
+	w.address = addr
+	return w.assignAddr()
 }
 
 // UpdatePeer updates existing Wireguard Peer or creates a new one if doesn't exist
 // Endpoint is optional
-func (w *WGIface) UpdatePeer(peerKey string, allowedIps string, endpoint *net.UDPAddr) error {
+func (w *WGIface) UpdatePeer(peerKey string, allowedIps string, keepAlive time.Duration, endpoint *net.UDPAddr, preSharedKey *wgtypes.Key) error {
 	w.mu.Lock()
 	defer w.mu.Unlock()
 
-	log.Debugf("updating interface %s peer %s: endpoint %s ", w.tun.DeviceName(), peerKey, endpoint)
-	return w.configurer.updatePeer(peerKey, allowedIps, endpoint)
-}
+	log.Debugf("updating interface %s peer %s: endpoint %s ", w.name, peerKey, endpoint)
 
-// RemovePeer removes a Wireguard Peer from the interface iface
-func (w *WGIface) RemovePeer(peerKey string) error {
-	w.mu.Lock()
-	defer w.mu.Unlock()
+	//parse allowed ips
+	_, ipNet, err := net.ParseCIDR(allowedIps)
+	if err != nil {
+		return err
+	}
 
-	log.Debugf("Removing peer %s from interface %s ", peerKey, w.tun.DeviceName())
-	return w.configurer.removePeer(peerKey)
+	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
+	if err != nil {
+		return err
+	}
+	peer := wgtypes.PeerConfig{
+		PublicKey:                   peerKeyParsed,
+		ReplaceAllowedIPs:           true,
+		AllowedIPs:                  []net.IPNet{*ipNet},
+		PersistentKeepaliveInterval: &keepAlive,
+		PresharedKey:                preSharedKey,
+		Endpoint:                    endpoint,
+	}
+
+	config := wgtypes.Config{
+		Peers: []wgtypes.PeerConfig{peer},
+	}
+	err = w.configureDevice(config)
+	if err != nil {
+		return fmt.Errorf(`received error "%w" while updating peer on interface %s with settings: allowed ips %s, endpoint %s`, err, w.name, allowedIps, endpoint.String())
+	}
+	return nil
 }
 
 // AddAllowedIP adds a prefix to the allowed IPs list of peer
@@ -100,8 +142,32 @@ func (w *WGIface) AddAllowedIP(peerKey string, allowedIP string) error {
 	w.mu.Lock()
 	defer w.mu.Unlock()
 
-	log.Debugf("adding allowed IP to interface %s and peer %s: allowed IP %s ", w.tun.DeviceName(), peerKey, allowedIP)
-	return w.configurer.addAllowedIP(peerKey, allowedIP)
+	log.Debugf("adding allowed IP to interface %s and peer %s: allowed IP %s ", w.name, peerKey, allowedIP)
+
+	_, ipNet, err := net.ParseCIDR(allowedIP)
+	if err != nil {
+		return err
+	}
+
+	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
+	if err != nil {
+		return err
+	}
+	peer := wgtypes.PeerConfig{
+		PublicKey:         peerKeyParsed,
+		UpdateOnly:        true,
+		ReplaceAllowedIPs: false,
+		AllowedIPs:        []net.IPNet{*ipNet},
+	}
+
+	config := wgtypes.Config{
+		Peers: []wgtypes.PeerConfig{peer},
+	}
+	err = w.configureDevice(config)
+	if err != nil {
+		return fmt.Errorf(`received error "%w" while adding allowed Ip to peer on interface %s with settings: allowed ips %s`, err, w.name, allowedIP)
+	}
+	return nil
 }
 
 // RemoveAllowedIP removes a prefix from the allowed IPs list of peer
@@ -109,13 +175,117 @@ func (w *WGIface) RemoveAllowedIP(peerKey string, allowedIP string) error {
 	w.mu.Lock()
 	defer w.mu.Unlock()
 
-	log.Debugf("removing allowed IP from interface %s and peer %s: allowed IP %s ", w.tun.DeviceName(), peerKey, allowedIP)
-	return w.configurer.removeAllowedIP(peerKey, allowedIP)
+	log.Debugf("removing allowed IP from interface %s and peer %s: allowed IP %s ", w.name, peerKey, allowedIP)
+
+	_, ipNet, err := net.ParseCIDR(allowedIP)
+	if err != nil {
+		return err
+	}
+
+	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
+	if err != nil {
+		return err
+	}
+
+	existingPeer, err := getPeer(w.name, peerKey)
+	if err != nil {
+		return err
+	}
+
+	newAllowedIPs := existingPeer.AllowedIPs
+
+	for i, existingAllowedIP := range existingPeer.AllowedIPs {
+		if existingAllowedIP.String() == ipNet.String() {
+			newAllowedIPs = append(existingPeer.AllowedIPs[:i], existingPeer.AllowedIPs[i+1:]...)
+			break
+		}
+	}
+
+	if err != nil {
+		return err
+	}
+	peer := wgtypes.PeerConfig{
+		PublicKey:         peerKeyParsed,
+		UpdateOnly:        true,
+		ReplaceAllowedIPs: true,
+		AllowedIPs:        newAllowedIPs,
+	}
+
+	config := wgtypes.Config{
+		Peers: []wgtypes.PeerConfig{peer},
+	}
+	err = w.configureDevice(config)
+	if err != nil {
+		return fmt.Errorf(`received error "%w" while removing allowed IP from peer on interface %s with settings: allowed ips %s`, err, w.name, allowedIP)
+	}
+	return nil
 }
 
-// Close closes the tunnel interface
-func (w *WGIface) Close() error {
+// RemovePeer removes a Wireguard Peer from the interface iface
+func (w *WGIface) RemovePeer(peerKey string) error {
 	w.mu.Lock()
 	defer w.mu.Unlock()
-	return w.tun.Close()
+
+	log.Debugf("Removing peer %s from interface %s ", peerKey, w.name)
+
+	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
+	if err != nil {
+		return err
+	}
+
+	peer := wgtypes.PeerConfig{
+		PublicKey: peerKeyParsed,
+		Remove:    true,
+	}
+
+	config := wgtypes.Config{
+		Peers: []wgtypes.PeerConfig{peer},
+	}
+	err = w.configureDevice(config)
+	if err != nil {
+		return fmt.Errorf(`received error "%w" while removing peer %s from interface %s`, err, peerKey, w.name)
+	}
+	return nil
+}
+
+func getPeer(ifaceName, peerPubKey string) (wgtypes.Peer, error) {
+	wg, err := wgctrl.New()
+	if err != nil {
+		return wgtypes.Peer{}, err
+	}
+	defer func() {
+		err = wg.Close()
+		if err != nil {
+			log.Errorf("got error while closing wgctl: %v", err)
+		}
+	}()
+
+	wgDevice, err := wg.Device(ifaceName)
+	if err != nil {
+		return wgtypes.Peer{}, err
+	}
+	for _, peer := range wgDevice.Peers {
+		if peer.PublicKey.String() == peerPubKey {
+			return peer, nil
+		}
+	}
+	return wgtypes.Peer{}, fmt.Errorf("peer not found")
+}
+
+// configureDevice configures the wireguard device
+func (w *WGIface) configureDevice(config wgtypes.Config) error {
+	wg, err := wgctrl.New()
+	if err != nil {
+		return err
+	}
+	defer wg.Close()
+
+	// validate if device with name exists
+	_, err = wg.Device(w.name)
+	if err != nil {
+		return err
+	}
+	log.Debugf("got Wireguard device %s", w.name)
+
+	return wg.ConfigureDevice(w.name, config)
 }

iface/iface_android.go

@@ -1,28 +0,0 @@
-package iface
-
-import (
-	"sync"
-
-	"github.com/pion/transport/v2"
-)
-
-// NewWGIFace Creates a new WireGuard interface instance
-func NewWGIFace(iFaceName string, address string, mtu int, preSharedKey *wgtypes.Key, tunAdapter TunAdapter, transportNet transport.Net) (*WGIface, error) {
-	wgIFace := &WGIface{
-		mu: sync.Mutex{},
-	}
-
-	wgAddress, err := parseWGAddress(address)
-	if err != nil {
-		return wgIFace, err
-	}
-
-	tun := newTunDevice(wgAddress, mtu, tunAdapter, transportNet)
-	wgIFace.tun = tun
-
-	wgIFace.configurer = newWGConfigurer(tun, preSharedKey)
-
-	wgIFace.userspaceBind = !WireGuardModuleIsLoaded()
-
-	return wgIFace, nil
-}

iface/iface_darwin.go

@@ -6,25 +6,23 @@ import (
 	log "github.com/sirupsen/logrus"
 )
 
-func (c *tunDevice) Create() error {
-	var err error
-	c.netInterface, err = c.createWithUserspace()
-	if err != nil {
-		return err
-	}
+// Create Creates a new Wireguard interface, sets a given IP and brings it up.
+func (w *WGIface) Create() error {
+	w.mu.Lock()
+	defer w.mu.Unlock()
 
-	return c.assignAddr()
+	return w.createWithUserspace()
 }
 
 // assignAddr Adds IP address to the tunnel interface and network route based on the range provided
-func (c *tunDevice) assignAddr() error {
-	cmd := exec.Command("ifconfig", c.name, "inet", c.address.IP.String(), c.address.IP.String())
+func (w *WGIface) assignAddr() error {
+	cmd := exec.Command("ifconfig", w.name, "inet", w.address.IP.String(), w.address.IP.String())
 	if out, err := cmd.CombinedOutput(); err != nil {
 		log.Infof(`adding addreess command "%v" failed with output %s and error: `, cmd.String(), out)
 		return err
 	}
 
-	routeCmd := exec.Command("route", "add", "-net", c.address.Network.String(), "-interface", c.name)
+	routeCmd := exec.Command("route", "add", "-net", w.address.Network.String(), "-interface", w.name)
 	if out, err := routeCmd.CombinedOutput(); err != nil {
 		log.Printf(`adding route command "%v" failed with output %s and error: `, routeCmd.String(), out)
 		return err

iface/iface_linux.go

@@ -1,5 +1,3 @@
-//go:build linux && !android
-
 package iface
 
 import (
@@ -10,34 +8,32 @@ import (
 	"github.com/vishvananda/netlink"
 )
 
-func (c *tunDevice) Create() error {
-	if WireGuardModuleIsLoaded() {
+// Create creates a new Wireguard interface, sets a given IP and brings it up.
+// Will reuse an existing one.
+func (w *WGIface) Create() error {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+
+	if WireguardModuleIsLoaded() {
 		log.Info("using kernel WireGuard")
-		return c.createWithKernel()
+		return w.createWithKernel()
+	} else {
+		if !tunModuleIsLoaded() {
+			return fmt.Errorf("couldn't check or load tun module")
+		}
+		log.Info("using userspace WireGuard")
+		return w.createWithUserspace()
 	}
-
-	if !tunModuleIsLoaded() {
-		return fmt.Errorf("couldn't check or load tun module")
-	}
-	log.Info("using userspace WireGuard")
-	var err error
-	c.netInterface, err = c.createWithUserspace()
-	if err != nil {
-		return err
-	}
-
-	return c.assignAddr()
-
 }
 
-// createWithKernel Creates a new WireGuard interface using kernel WireGuard module.
+// createWithKernel Creates a new Wireguard interface using kernel Wireguard module.
 // Works for Linux and offers much better network performance
-func (c *tunDevice) createWithKernel() error {
+func (w *WGIface) createWithKernel() error {
 
-	link := newWGLink(c.name)
+	link := newWGLink(w.name)
 
 	// check if interface exists
-	l, err := netlink.LinkByName(c.name)
+	l, err := netlink.LinkByName(w.name)
 	if err != nil {
 		switch err.(type) {
 		case netlink.LinkNotFoundError:
@@ -55,33 +51,33 @@ func (c *tunDevice) createWithKernel() error {
 		}
 	}
 
-	log.Debugf("adding device: %s", c.name)
+	log.Debugf("adding device: %s", w.name)
 	err = netlink.LinkAdd(link)
 	if os.IsExist(err) {
-		log.Infof("interface %s already exists. Will reuse.", c.name)
+		log.Infof("interface %s already exists. Will reuse.", w.name)
 	} else if err != nil {
 		return err
 	}
 
-	c.netInterface = link
+	w.netInterface = link
 
-	err = c.assignAddr()
+	err = w.assignAddr()
 	if err != nil {
 		return err
 	}
 
 	// todo do a discovery
-	log.Debugf("setting MTU: %d interface: %s", c.mtu, c.name)
-	err = netlink.LinkSetMTU(link, c.mtu)
+	log.Debugf("setting MTU: %d interface: %s", w.mtu, w.name)
+	err = netlink.LinkSetMTU(link, w.mtu)
 	if err != nil {
-		log.Errorf("error setting MTU on interface: %s", c.name)
+		log.Errorf("error setting MTU on interface: %s", w.name)
 		return err
 	}
 
-	log.Debugf("bringing up interface: %s", c.name)
+	log.Debugf("bringing up interface: %s", w.name)
 	err = netlink.LinkSetUp(link)
 	if err != nil {
-		log.Errorf("error bringing up interface: %s", c.name)
+		log.Errorf("error bringing up interface: %s", w.name)
 		return err
 	}
 
@@ -89,8 +85,8 @@ func (c *tunDevice) createWithKernel() error {
 }
 
 // assignAddr Adds IP address to the tunnel interface
-func (c *tunDevice) assignAddr() error {
-	link := newWGLink(c.name)
+func (w *WGIface) assignAddr() error {
+	link := newWGLink(w.name)
 
 	//delete existing addresses
 	list, err := netlink.AddrList(link, 0)
@@ -106,11 +102,11 @@ func (c *tunDevice) assignAddr() error {
 		}
 	}
 
-	log.Debugf("adding address %s to interface: %s", c.address.String(), c.name)
-	addr, _ := netlink.ParseAddr(c.address.String())
+	log.Debugf("adding address %s to interface: %s", w.address.String(), w.name)
+	addr, _ := netlink.ParseAddr(w.address.String())
 	err = netlink.AddrAdd(link, addr)
 	if os.IsExist(err) {
-		log.Infof("interface %s already has the address: %s", c.name, c.address.String())
+		log.Infof("interface %s already has the address: %s", w.name, w.address.String())
 	} else if err != nil {
 		return err
 	}

iface/iface_nonandroid.go

@@ -1,28 +0,0 @@
-//go:build !android
-
-package iface
-
-import (
-	"github.com/pion/transport/v2"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-
-	"sync"
-)
-
-// NewWGIFace Creates a new WireGuard interface instance
-func NewWGIFace(iFaceName string, address string, mtu int, preSharedKey *wgtypes.Key, tunAdapter TunAdapter, transportNet transport.Net) (*WGIface, error) {
-	wgIFace := &WGIface{
-		mu: sync.Mutex{},
-	}
-
-	wgAddress, err := parseWGAddress(address)
-	if err != nil {
-		return wgIFace, err
-	}
-
-	wgIFace.tun = newTunDevice(iFaceName, wgAddress, mtu, transportNet)
-
-	wgIFace.configurer = newWGConfigurer(iFaceName, preSharedKey)
-	wgIFace.userspaceBind = !WireGuardModuleIsLoaded()
-	return wgIFace, nil
-}