cleanup: align with version 0.5.0

.github/workflows/build-performance.yml

@@ -111,6 +111,9 @@ jobs:
     steps:
       - name: Pre-Cleanup
         run: |
+          # stop docker randomly disrupting container network
+          sudo systemctl restart docker || true
+          # cleanup previous results if any
           sudo rm -rf docker/server-data-env/output/* || true
 
       - name: Install the github cli

.github/workflows/integration.yml

@@ -24,7 +24,7 @@ on:
         default: false
         required: true
   push:
-    branches: [ "main", "testing-*", "issue*" ]
+    branches: [ "main", "dev-*" ]
 
 run-name: Code Integration [${{ github.event_name }}][${{ github.head_ref || github.ref_name }}] rev.${{ github.sha }}
 

.github/workflows/release.yml

@@ -20,7 +20,6 @@ on:
 
 run-name: Release (version ${{ inputs.version_tag }}, draft ${{ inputs.test_release }}) [${{ github.event_name }}][${{ github.head_ref || github.ref_name }}]
 
-
 jobs:
   check-release:
     runs-on: ubuntu-latest
@@ -83,7 +82,7 @@ jobs:
 
       - uses: actions/upload-artifact@v4
         with:
-          name: qpep_user_manual
+          name: qpep_user_manual_b${{ github.run_id }}
           path: "docs/*.pdf"
 
   build-mac-os:
@@ -471,13 +470,15 @@ jobs:
       - name: Download UserManual Artifact
         uses: actions/download-artifact@v4
         with:
-          name: qpep_user_manual
+          name: qpep_user_manual_b${{ github.run_id }}
 
       - name: Prepare archives
         run: |
            cd ${{ github.workspace }}
            7z a -tzip qpep_windows_b${{ github.run_id }}.zip ${{ github.workspace }}/installer.msi
            7z a -tzip qpep_linux_b${{ github.run_id }}.zip ${{ github.workspace }}/qpep
+	   7z a -tzip qpep_macos_b${{ github.run_id }}.zip ${{ github.workspace }}/*.pkg
+           7z a -tzip qpep_user_manual_b${{ github.run_id }}.zip ${{ github.workspace }}/user_manual.pdf
 
       - name: Create Release
         id: create_release
@@ -526,12 +527,12 @@ jobs:
           asset_content_type: application/zip
 
       - name: Attach UserManual Release Asset
-        id: upload-release-asset
+        id: upload-usermanual-asset
         uses: actions/upload-release-asset@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
-          asset_path: qpep_user_manual.zip
+          asset_path: qpep_user_manual_b${{ github.run_id }}.zip
           asset_name: qpep_user_manual_v${{ github.event.inputs.version_tag }}_b${{ github.run_id }}.zip
           asset_content_type: application/zip

.github/workflows/run-performance.yml

@@ -166,6 +166,7 @@ jobs:
         shell: cmd
         run: |
           cd docker/speedtests/
+          set CGO_ENABLED=0
           go test speed_test.go -v -c -o speedtests.test
 
           .\speedtests.test -target_url http://${{ inputs.server_public_address }}:8080/target_${{ matrix.download_size }}M.dat ^
@@ -215,7 +216,9 @@ jobs:
 
       - name: Reset Proxy
         if: always()
+        shell: cmd
         run: |
+          set CGO_ENABLED=0
           go run docker/speedtests/utils/reset_proxy_util.go
 
       - name: Generate results

docker/client-env/qpep.yml.tpl

@@ -1,29 +1,24 @@
 
-# client
-gateway: <QPEP_GATEWAY>
-port: <QPEP_PORT>
-apiport: 444
-listenaddress: <QPEP_ADDRESS>
-listenport: 9443
+client:
+  local_address: <QPEP_ADDRESS>
+  local_port: 9443
+  gateway_address: <QPEP_GATEWAY>
+  gateway_port: <QPEP_PORT>
 
-# backend
-backend: <QPEP_BACKEND>
-ccalgorithm: <QPEP_CCA>
-ccslowstart: <QPEP_SLOWSTART>
-buffersize: 512 # in Kb
+protocol:
+  backend: <QPEP_BACKEND>
+  buffersize: 512
+  idletimeout: 30s
+  ccalgorithm: <QPEP_CCA>
+  ccslowstart: <QPEP_SLOWSTART>
 
-# certificate
-certificate: server_cert.pem
+security:
+  certificate: server_cert.pem
 
-# default
-acks: 10
-ackdelay: 25
-congestion: 4
-decimate: 4
-decimatetime: 100
-maxretries: 50
-multistream: true
-verbose: false
-preferproxy: true
-varackdelay: 0
-threads: 4
+general:
+  api_port: 444
+  max_retries: 20
+  diverter_threads: 4
+  use_multistream: true
+  prefer_proxy: true
+  verbose: false

docker/server-data-env/logstash/Dockerfile

@@ -1,5 +1,5 @@
 
-FROM opensearchproject/logstash-oss-with-opensearch-output-plugin:8.6.1
+FROM opensearchproject/logstash-oss-with-opensearch-output-plugin:8.9.0
 USER "root"
 
 WORKDIR /usr/share/logstash/bin

docker/server-env/server/config/qpep.yml.tpl

@@ -1,38 +1,30 @@
 
-# server
-gateway: ${QPEP_GATEWAY}
-port: 443
-apiport: 444
-listenaddress: ${QPEP_ADDRESS}
-listenport: ${QPEP_PORT}
+server:
+  local_address: ${QPEP_ADDRESS}
+  local_port: ${QPEP_PORT}
 
-# backend
-backend: ${QPEP_BACKEND}
-ccalgorithm: ${QPEP_CCA}
-ccslowstart: ${QPEP_SLOWSTART}
-buffersize: 512 # in Kb
+protocol:
+  backend: ${QPEP_BACKEND}
+  buffersize: 512
+  idletimeout: 30s
+  ccalgorithm: ${QPEP_CCA}
+  ccslowstart: ${QPEP_SLOWSTART}
 
-# certificate
-certificate: server_cert.pem
-certificate_key: server_key.pem
+security:
+  certificate: server_cert.pem
+  private_key: server_key.pem
 
-# broker settings
 analytics:
   enabled: true
   topic: /qpep
   address: ${QPEP_BROKER}
   port: 1883
   protocol: tcp
 
-# default
-acks: 10
-ackdelay: 25
-congestion: 4
-decimate: 4
-decimatetime: 100
-maxretries: 100
-multistream: true
-verbose: false
-preferproxy: true
-varackdelay: 0
-threads: 4
+general:
+  api_port: 444
+  max_retries: 20
+  diverter_threads: 4
+  use_multistream: true
+  prefer_proxy: true
+  verbose: false

docker/speedtests/speed_test.go

@@ -22,6 +22,7 @@ var targetURL = flag.String("target_url", "", "url to download")
 var connections = flag.Int("connections_num", 1, "simultaneous tcp connections to make to the server")
 var expectedSize = flag.Int("expect_mb", 10, "size in MBs of the target file")
 var debugProxy = flag.String("debug_proxy", "", "url to download")
+var debugVerbose = flag.Bool("debug_verbose", false, "print verbose output")
 
 var testlog log.Logger
 
@@ -185,7 +186,9 @@ func (s *SpeedTestsConfigSuite) TestRun() {
 				toRead -= int64(read)
 				flagActivity = time.Now().Unix()
 
-				test.Logf("#%d read: %d, total: %d, toRead: %d", id, read, resp.ContentLength, toRead)
+				if *debugVerbose {
+					test.Logf("#%d read: %d, total: %d, toRead: %d", id, read, resp.ContentLength, toRead)
+				}
 				if time.Since(start) > 100*time.Millisecond {
 					start = time.Now()
 					//test.Logf("#%d bytes to read: %d", id, toRead)

docs/user-manual.md

@@ -36,15 +36,17 @@ goals are to:
 
 \bigskip
 
-The acceleration of the TCP connections is accomplished on the client side by redirecting, in one of two ways, those connections that would have normally be sent over the high latency network:
+The acceleration of the TCP connections is accomplished on the client side by redirecting, with following methods, those connections that would have normally be sent over the high latency network:
 
 1. WinDivert Driver (*Windows Only*)
 
-2. Local Proxy
+2. IPtables redirect (*Linux Only*)
+
+3. Local Proxy
 
 \bigskip
 
-Both methods do seamlessly bridge, in the form of QUIC streams, the TCP connections originated on the local machine through to a QUIC tunnel which is received on the server machine.
+The methods do seamlessly bridge, in the form of QUIC streams, the TCP connections originated on the local machine through to a QUIC tunnel which is received on the server machine.
 
 \bigskip
 
@@ -79,7 +81,7 @@ The benefits of using the QUIC protocol over UDP are too numerous to list here,
 
 \newpage
 
-QPep supports different backend implementations of the QUIC protocol at the moment:
+QPep supports different backend implementations of the QUIC protocol currently:
 
 * _[Quicly](https://github.com/h2o/quicly)_ : Through the [Quicly-Go](https://github.com/Project-Faster/quicly-go) wrapper, which supports the new SEARCH CCA slowstart implementation
 
@@ -112,8 +114,6 @@ Refer to https://github.com/Project-Faster/qpep/releases to download the latest
 ### Windows
 
 > Before proceding be sure to have Administrator rights for your local machine
->
-> QPep currently only supports client mode on windows currently
 
 Once obtained the install.msi file, open it and you'll be greeted by the intro screen:
 
@@ -187,10 +187,7 @@ are created in the installation directory.
 
 #### Notes on redirection
 
-On Linux platform, setting the `prefer_proxy: true` value will not work as on the other platforms, proxy settings on Linux cannot
-be set dynamically.
-
-This implies that only `prefer_proxy: false` is actually useful and should be set as such.
+On Linux platform, setting the `prefer_proxy: true` parameter has no effect as only the iptables diverter is usable dynamically.
 
 
 \newpage
@@ -245,6 +242,8 @@ analytics:
   topic: data-topic
 
 limits:
+  ignored_ports:
+    - 3389      # example exclude RDP in TCP mode
   incoming:
     - 192.168.1.100: 100K
   outgoing:
@@ -343,7 +342,9 @@ Parameters used to configure the support for sending performance statistics to m
 
 #### Limits
 
-Allows to set speed limits for incoming and outgoing connections.
+Allows to set limits for incoming and outgoing connections.
+
+* **ignored_ports** : List of ports to ignore in redirection (implicitly contains port 53 for DNS)
 
 * **incoming** : Map composed by key / value pairs where the key is the address of the incoming connection and the value is the bytes per second specification (eg. 100K)
 
@@ -439,7 +440,7 @@ From left to right:
 Based on these parameters we can draft the two configurations for the client and the server.
 
 
-Client configuraiton
+Client configuration
 ------
 
 A possible configuration file `qpep.yml` for the client would be:

go.mod

@@ -28,13 +28,13 @@ require (
 	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d
 	github.com/nyaosorg/go-windows-dbg v0.0.0-20210914123807-2acba179a4e5
 	github.com/project-faster/dialog v1.1.0
+	github.com/project-faster/systray v1.4.0
 	github.com/segmentio/fasthash v1.0.3
 	github.com/stretchr/testify v1.8.2
 	gonum.org/v1/plot v0.12.0
 )
 
 require (
-	bou.ke/monkey v1.0.2 // indirect
 	git.sr.ht/~sbinet/gg v0.3.1 // indirect
 	github.com/TheTitanrain/w32 v0.0.0-20180517000239-4f5cfb03fabf // indirect
 	github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b // indirect
@@ -54,7 +54,6 @@ require (
 	github.com/golang/mock v1.6.0 // indirect
 	github.com/google/pprof v0.0.0-20230207041349-798e818bf904 // indirect
 	github.com/gorilla/websocket v1.4.2 // indirect
-	github.com/kardianos/service v1.2.2 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect

service/service.go

@@ -280,7 +280,7 @@ func (p *QPepService) Main() error {
 		}
 		// be sure to clear proxy and diverter settings on exit
 		gateway.SetSystemProxy(false)
-		gateway.SetConnectionDiverter(false, "", "", 0, 0, 0, 0)
+		gateway.SetConnectionDiverter(false, "", "", 0, 0, 0, 0, []int{})
 	}()
 
 	logger.Info("Main")
@@ -348,7 +348,7 @@ func (p *QPepService) Logger(errs chan<- error) (kservice.Logger, error) {
 // runAsClient method wraps the logic to setup the system as client mode
 func runAsClient(execContext context.Context, cancel context.CancelFunc) {
 	logger.Info("Running Client")
-	windivert.EnableDiverterLogging(configuration.QPepConfig.General.Verbose)
+	windivert.EnableDiverterLogging(flags.Globals.Verbose)
 	go client.RunClient(execContext, cancel)
 }
 

shared/configuration/defaults.go

@@ -33,8 +33,9 @@ var DefaultConfig = QPepConfigType{
 		Verbose:              false,
 	},
 	Limits: &LimitsDefinition{
-		Incoming: nil,
-		Outgoing: nil,
+		Incoming:     nil,
+		Outgoing:     nil,
+		IgnoredPorts: []int{},
 	},
 	Analytics: &AnalyticsDefinition{
 		Enabled:        false,

shared/configuration/definitions.go

@@ -72,6 +72,8 @@ type LimitsDefinition struct {
 	Incoming map[string]string `yaml:"incoming"`
 	// Outgoing (yaml:destinations) key defines the speed limits for outgoing connections
 	Outgoing map[string]string `yaml:"outgoing"`
+	// IgnoredPorts list of network ports to be excluded from redirection
+	IgnoredPorts []int `yaml:"ignored_ports"`
 }
 
 // AnalyticsDefinition struct models the configuration values for the analytics client, by default it
@@ -143,6 +145,7 @@ func (q *LimitsDefinition) merge(r *LimitsDefinition) {
 	if r != nil {
 		q.Incoming = r.Incoming
 		q.Outgoing = r.Outgoing
+		q.IgnoredPorts = r.IgnoredPorts
 	}
 }
 

windivert/WinDivertEngine.cpp

@@ -34,7 +34,7 @@ UINT32 allowedGatewayInterface = 0; //!< Allowed interface id to be redirected
  * @param numThreads    Number of worker threads to use (1-8)
  * @return DIVERT_OK    if everything ok, an error otherwise
  */
-int InitializeWinDivertEngine(char* gatewayHost, char* listenHost, int gatewayPort, int listenPort, int numThreads) 
+int InitializeWinDivertEngine(char* gatewayHost, char* listenHost, int gatewayPort, int listenPort, int numThreads, int* ranges, int len_ranges)
 {
     if( gatewayPort < 1 || gatewayPort > 65536 || numThreads < 1 || numThreads > MAX_THREADS ) {
         logNativeMessageToGo(0, "Cannot initialize windiver engine with provided data, gateway port:%d, threads:%d", gatewayPort, numThreads);
@@ -50,8 +50,11 @@ int InitializeWinDivertEngine(char* gatewayHost, char* listenHost, int gatewayPo
     InitializeSRWLock(&sharedRWLock);
 
     // The filter for windivert, captures outbound tcp packets which are not directed at the client listening port
-    char filterOut[256] = "";
-    snprintf(filterOut, 256, FILTER_OUTBOUND, listenPort);
+    char filterOut[FILTER_MAX] = "";
+    int wr = snprintf(filterOut, FILTER_MAX_SIZE, FILTER_OUTBOUND, listenPort );
+    for( int i=0; i<1024 && i < len_ranges; i++ ) {
+      wr += snprintf( filterOut+wr, FILTER_MAX_SIZE-wr, FILTER_IGNORE, ranges[i], ranges[i] );
+    }
     logNativeMessageToGo(0, "Filtering outbound with %s", filterOut);
 
     // Open Windivert engine