v0.35.0

⚠️ Breaking Changes ⚠️

• Resource Manager: ConnLimitPerCIDR is now called ConnLimitPerSubnet. The field previously named BitMask is now called PrefixLength. Apologies for the churn, but the old names were vague and confusing.

🔦 Highlights

• Resource Manager: Renames ConnLimitPerCIDR to ConnLimitPerSubnet
• Resource Manager: Able to provide connection limits for specific IP address blocks.
  • By default we new allow unlimited connections from localhost. Should help fix tests that broke with the previous behavior of limiting to only 8 connections per IP address.

What's Changed

• rcmgr: Support specific network prefix in conn limiter by @MarcoPolo in #2807

Full Changelog: v0.34.1...v0.35.0

v0.34.1

Refer to the v0.34.0 release notes for breaking changes in v0.34

What's Changed

• rcmgr: Backwards compatibility if you wrap default impl by @MarcoPolo in #2805
• config: fix "Insecure-security" constructor by @sukunrt in #2810

Full Changelog: v0.34.0...v0.34.1

v0.34.0

⚠️ Breaking Changes ⚠️

1. Transient Connections are now called Limited Connections. The prior terminology was confusing to many, and conflicted with the transient definition in the resource manager. The term actually referred to a connection that was relayed and limited in some aspect (either data or time).
2. libp2phttp: The well-known resource for libp2p protocols has changed. See the discussion thread for context. This means that new clients will not be able to reach the well-known endpoint automatically on old servers, and new servers won't respond to the old well-known endpoint to old clients. If you do not fully control the deployment of this, you should set EnableCompatibilityWithLegacyWellKnownEndpoint in libp2phttp.Host to true to enable backwards compatibility. This is not the default behavior because libp2phttp is still experimental and things are generally permitted to break. In this case supporting backwards compatibility was simple enough and we generally don't like breaking users even on an experimental feature.
3. ResourceManager: This probably only affects 0.01% of use cases. The resource manager is now IP aware. Meaning it will set limits for how many connections it tracks per IP address or IP Address range (CIDR subnet). Look at ‎WithLimitPeersPerCIDR‎ for how to configure it. Almost all users will not need to touch this. If you're tests are suddenly breaking, this is might be why

🔦 Highlights

WebRTC Direct

• We've significantly improved support for webrtc-direct transport with multiple security and performance fixes.
• Based on the experience of webrtc-direct on v0.34 we intend to make it non experimental in v0.35

Transient Connections are now called Limited Connections

• Connections to peers over relayed or other limited connections, previously called transient are now called limited throughout the code. Limited is more descriptive of the connection's behavior and it avoids conflict with Resource Manager's Transient scope.
• For Connections, the Transient connection state has been renamed to Limited. This is a breaking change and you'll have to replace uses of conn.Stat().Transient with conn.Stat().Limited
• Network context functions like network.WithUseTransient are deprecated, use their limited alternatives like network.WithUseLimited.

Limited Connectedness state

• Peers connected to the host via relayed or any other limited connection now report their connectivity state as Limited.
• This state is also reflected in EvtPeerConnectednessChanged event. Consumers only interested in peers connected over Unlimited connections can ignore events with Limited Connectedness. NOTE: This changes the behavior of the Connected Connectedness state. Previously it included all limited connections and now it doesn't. To keep existing behavior in your code you can replace checks connectedness == network.Connected with connectedness != network.NotConnected

What's Changed

• webrtc: setup datachannel handlers before connecting to a peer by @sukunrt in #2716
• webrtc: close mux when closing listener by @sukunrt in #2717
• ping: use context.Afterfunc to avoid a lingering goroutine by @Jorropo in #2723
• Small code improvements by @AnomalRoil in #2722
• webrtc: use a common logger for all pion logging by @sukunrt in #2718
• fix: ReserveMemory error cannot be printed by @wlynxg in #2725
• webrtc: fix bug with logger wrapper by @sukunrt in #2727
• chore: update examples to v0.33.0 by @sukunrt in #2728
• webrtc: increase receive buffer size on listener by @sukunrt in #2730
• security: remove unnecessary noise code by @Dreamacro in #2738
• chore: bump quic-go by @MarcoPolo in #2742
• add more info to "protocol mux failed" by @zhiqiangxu in #2734
• webrtc: set sctp receive buffer size to 100kB by @sukunrt in #2745
• ci: uci/copy-templates by @web3-bot in #2747
• use Fx to start and stop the host, swarm, autorelay and quicreuse by @marten-seemann in #2118
• quicreuse: remove workaround for quic-go listener close deadlock by @sukunrt in #2746
• Use any port, not a specific one for HTTP examples by @MarcoPolo in #2748
• feat: add tls WithKeyLogWriter option by @wlynxg in #2750
• webrtc: add NullResourceManager, fixes panic by @dozyio in #2752
• webrtc: run onDone callback immediately on close by @sukunrt in #2729
• autonat: Clean up after close by @MarcoPolo in #2749
• quic: make server cmd use RFC 9000 instead of draft-29 by @MarcoPolo in #2753
• libp2phttp: Rename well-known resource by @MarcoPolo in #2757
• fix: revert gorilla/websocket from 1.5.1 to 1.5.0 by @wlynxg in #2763
• Update chat with rendezvous example by @MarcoPolo in #2769
• Identify: emit useful events after identification by @MarcoPolo in #2759
• libp2phttp: Return connection: close when doing http over streams by @MarcoPolo in #2756
• Update: update incomplete readmes by @apenzk in #2767
• Fix comment by @MarcoPolo in #2775
• basichost: append certhash for webrtc addresses provided via address factory by @sukunrt in #2774
• Add a "transient" network connectivity state by @Stebalien in #2696
• webrtc: add webrtc addresses to host normalizer by @sukunrt in #2784
• Update github.com/quic-go/quic-go dependency by @fasmat in #2780
• fix: DNS protocol address is not reserved by @wlynxg in #2792
• identify: refactor observed address manager to do address mapping at thin waist(IP+TCP/UDP) layer by @sukunrt in #2793
• rcmgr: Add conn_limiter to limit number of conns per ip cidr by @MarcoPolo in #2788

New Contributors

• @AnomalRoil made their first contribution in #2722
• @wlynxg made their first contribution in #2725
• @Dreamacro made their first contribution in #2738
• @zhiqiangxu made their first contribution in #2734
• @apenzk made their first contribution in #2767
• @fasmat made their first contribution in #2780

Full Changelog: v0.33.0...v0.34.0

v0.33.2

A patch update to bring in a fix from go-multiaddr

Full Changelog: v0.33.1...v0.33.2

v0.33.1

The release updates the quic-go dependency to v0.42.0. This update includes a mitigation for a memory exhaustion attack against QUIC's connection ID mechanism.

Full Changelog: v0.33.0...v0.33.1

v0.33.0

What's Changed

🔦 Highlights

TLS encryption for TCP by default

For TCP Connections, the default encryption scheme has been changed from noise to TLS for better performance. See PR for details.

Note: When making TCP connections to nodes that only support noise this will add 1 extra round trip for connection establishment. If you wish to avoid this and keep noise the default, configure your node to prefer noise over TLS like

	node, err := libp2p.New(
        ... other options
		libp2p.Security("/noise", noise.New),
		libp2p.Security("/tls/1.0.0", libp2ptls.New),
	)

Misc

• WebRTC streams now wait for a FIN_ACK before closing data channels. For more details see the specs PR: libp2p/specs#582
• Removed unused public function crypto.GenerateEKeyPair. This was used in SECIO which has been long deprecated.
• This release drops support for go1.20.

Changelog

• Update docs from RSA to Ed25519 by @librick in #2606
• examples: remove unused 'SetStreamHandler' by @joohhnnn in #2598
• chore: update examples to v0.32 by @sukunrt in #2626
• ci: ignore protoc version comment on go generate by @galargh in #2631
• pstoremanager: fix race condition when removing peers from peer store by @marten-seemann in #2644
• chore: add resource manager dashboard to docker-compose by @burdiyan in #2641
• chore: fix typos by @shuoer86 in #2608
• Fix Swarm Grafana Dashboard by @burdiyan in #2640
• tcp: fix build on loong64 by @wojiushixiaobai in #2655
• rcmgr: fix connmgr connection limit conflict warning by @sukunrt in #2648
• webrtc: clarify that there is no reuseport functionality by @sukunrt in #2652
• security: remove separate licenses for Noise and TLS by @marten-seemann in #2663
• chore: update go security policy url by @sukunrt in #2665
• chore: update go-libp2p-asn-util by @Jorropo in #2673
• chore: fix typos in comment by @bodhi-crypo in #2674
• examples: call NewStream from only one side by @Halimao in #2677
• chore: update chat-with-mdns example readme by @Halimao in #2678
• chore: remove unnecessary conversions by @estensen in #2680
• webrtc: fix flaky TestMaxInFlightRequests by @sukunrt in #2682
• defaults: do TLS by default for encryption by @Jorropo in #2650
• chore: Fixed spelling errors in some files. by @keienWang in #2689
• chore(p2p/host): typo fix by @fakefraud in #2683
• chore: update go-multiaddr 0.12.2 by @Jorropo in #2691
• libp2phttp: fix flaky ExampleHost_listenOnHTTPTransportAndStreams by @sukunrt in #2697
• chore: fix typos by @GoodDaisy in #2694
• fix:Add HTTPS to documentation link by @keienWang in #2695
• chore(cfg): Add config.yml for new issues by @dhuseby in #2688
• chore: testify fixes by @dozyio in #2666
• chore: drop support for go1.20 by @sukunrt in #2708
• chore: remove unused GenerateEKeyPair function by @sukunrt in #2711
• quic: upgrade quic-go to v0.41.0 by @sukunrt in #2710
• webrtc: wait for FIN_ACK before closing data channels by @sukunrt in #2615
• chore: update dependencies for v0.33 by @sukunrt in #2713

New Contributors

• @joohhnnn made their first contribution in #2598
• @galargh made their first contribution in #2631
• @burdiyan made their first contribution in #2641
• @shuoer86 made their first contribution in #2608
• @wojiushixiaobai made their first contribution in #2655
• @bodhi-crypo made their first contribution in #2674
• @Halimao made their first contribution in #2677
• @keienWang made their first contribution in #2689
• @fakefraud made their first contribution in #2683
• @GoodDaisy made their first contribution in #2694
• @dhuseby made their first contribution in #2688
• @dozyio made their first contribution in #2666

Full Changelog: v0.32.1...v0.33.0

v0.32.2

This release contains the quic-go fix for the Honeybadger vulnerability: https://github.com/quic-go/quic-go/releases/tag/v0.39.4

Full Changelog: v0.32.1...v0.32.2

v0.31.1

This release contains the quic-go fix for the Honeybadger vulnerability: https://github.com/quic-go/quic-go/releases/tag/v0.38.2

v0.30.1

This release contains the quic-go fix for the Honeybadger vulnerability: https://github.com/quic-go/quic-go/releases/tag/v0.37.7

v0.32.1

What's Changed

• swarm: fix timer Leak in the dial loop by @Jorropo in #2636

Full Changelog: v0.32.0...v0.32.1