fix(recv): panic on expired fragment get

2026-06-18 00:40:25 +08:00 · 2026-04-09 01:44:24 +08:00
parent b86a65819c
commit 9e642f875a
8 changed files with 338 additions and 36 deletions
--- a/README.md
+++ b/README.md
@@ -4,16 +4,38 @@
  </a><br>
  <h1>WireGold</h1>
  Wire Golang Guard = WireGold<br><br>
+
+  English | [中文](README_ZH.md)
 </div>

-## Usage
-> If you are running in windows, remember to select the `wintun.dll` of your arch in `lower/wintun` and place it alongside the compiled exe
+## Overview
+
+WireGold is a pure Go Layer 3 VPN inspired by WireGuard.
+
+### Features
+
+- **Encryption**: XChaCha20-Poly1305 (AEAD) + Curve25519 key exchange + BLAKE2B integrity check
+- **Transport**: UDP / UDP-Lite / TCP / Raw IP
+- **Encoding**: Optional Base16384 encoding to traverse text-only filters
+- **Anti-censorship**: XOR mask header obfuscation + randomized MTU scaling + optional double-send
+- **Compression**: Optional Zstd payload compression
+- **NAT traversal**: Built-in Hello/Query/Notify protocol for keepalive and hole punching
+- **Routing**: Multi-hop forwarding with TTL decrement and routing table management
+- **Key rotation**: 32 preshared key slots with random index selection per packet
+
+
+## Usage
+
+> On Windows, place the `wintun.dll` matching your architecture (from `lower/wintun/`) alongside the executable.
+
+> For high-latency lossy links, consider pairing with [UDPspeeder](https://github.com/wangyu-/UDPspeeder).

-> It is highly recommanded to use [UDPspeeder](https://github.com/wangyu-/UDPspeeder) together if you are using a High-latency Lossy Link
 ```bash
 wg [-c config.yaml] [-d|w] [-g] [-h] [-p] [-l log.txt]
 ```
-#### Instructions
+
+#### Flags
+
 ```bash
  -c string
        specify conf file (default "config.yaml")
@@ -28,10 +50,10 @@ wg [-c config.yaml] [-d|w] [-g] [-h] [-p] [-l log.txt]
  -w    only show logs above warn level
 ```

-## Config file example
+## Configuration

- **macos mojave**: max mtu (under ipv4 endpoint) is `9159`
- **ipv6 endpoint**: the recommand mtu is `1280~1500` to prevent the big segments from being dropped
+- **macOS Mojave**: max MTU (IPv4 endpoint) is `9159`
+- **IPv6 endpoint**: recommended MTU `1280–1500` to avoid oversized segment drops

 ```yaml
 IP: 192.168.233.1
@@ -68,11 +90,28 @@ Peers:
    AllowTrans: false
 ```

-## Benckmark on localhost
-> This benckmark is tested on Mac Book Air M1 within battery mode.
+### Configuration Reference

-### UDP MTU 4096
-```bash
+| Field | Description |
+|-------|-------------|
+| `AllowedIPs` | Prefix `x` to accept packets from the subnet without creating a system route; prefix `y` to add an internal route table entry only |
+| `Mask` | XOR mask for header obfuscation |
+| `Base14` | Enable Base16384 encoding |
+| `MTURandomRange` | Randomly shrink MTU by up to this value (never grows), adding traffic fingerprint randomness |
+| `DoublePacket` | Send every packet twice to counter heavy packet loss |
+| `KeepAliveSeconds` | NAT keepalive interval in seconds; 0 disables keepalive |
+| `QueryList` | Peer IPs to query for NAT traversal |
+| `UseZstd` | Enable Zstd compression |
+| `AllowTrans` | Allow this peer to relay traffic for other peers |
+
+## Benchmark (localhost)
+
+> MacBook Air M1, battery mode
+
+<details>
+<summary>UDP MTU 4096</summary>
+
+```
 goos: darwin
 goarch: arm64
 pkg: github.com/fumiama/WireGold/upper/services/tunnel
@@ -102,8 +141,12 @@ BenchmarkTunnelUDP/4096-normal-b14-8                2620            432984 ns/op
 BenchmarkTunnelUDP/4096-preshared-nob14-8           2750            395736 ns/op          10.35 MB/s     7348747 B/op        315 allocs/op
 BenchmarkTunnelUDP/4096-preshared-b14-8             2628            431785 ns/op           9.49 MB/s     7961597 B/op        407 allocs/op
 ```
-### UDP MTU 1024
-```bash
+</details>
+
+<details>
+<summary>UDP MTU 1024</summary>
+
+```
 goos: darwin
 goarch: arm64
 pkg: github.com/fumiama/WireGold/upper/services/tunnel
@@ -133,8 +176,12 @@ BenchmarkTunnelUDPSmallMTU/4096-normal-b14-8        2240            504749 ns/op
 BenchmarkTunnelUDPSmallMTU/4096-preshared-nob14-8   2594            392716 ns/op          10.43 MB/s     7480678 B/op        460 allocs/op
 BenchmarkTunnelUDPSmallMTU/4096-preshared-b14-8     2234            506134 ns/op           8.09 MB/s     9066223 B/op        691 allocs/op
 ```
-### TCP MTU 4096
-```bash
+</details>
+
+<details>
+<summary>TCP MTU 4096</summary>
+
+```
 goos: darwin
 goarch: arm64
 pkg: github.com/fumiama/WireGold/upper/services/tunnel
@@ -164,8 +211,12 @@ BenchmarkTunnelTCP/4096-normal-b14-8                2374            465704 ns/op
 BenchmarkTunnelTCP/4096-preshared-nob14-8           2532            436310 ns/op           9.39 MB/s     7510565 B/op        477 allocs/op
 BenchmarkTunnelTCP/4096-preshared-b14-8             2360            459261 ns/op           8.92 MB/s     8037878 B/op        566 allocs/op
 ```
-### TCP MTU 1024
-```bash
+</details>
+
+<details>
+<summary>TCP MTU 1024</summary>
+
+```
 goos: darwin
 goarch: arm64
 pkg: github.com/fumiama/WireGold/upper/services/tunnel
@@ -195,3 +246,4 @@ BenchmarkTunnelTCPSmallMTU/4096-normal-b14-8        1868            564007 ns/op
 BenchmarkTunnelTCPSmallMTU/4096-preshared-nob14-8   2263            491698 ns/op           8.33 MB/s     7925404 B/op        869 allocs/op
 BenchmarkTunnelTCPSmallMTU/4096-preshared-b14-8     2050            559663 ns/op           7.32 MB/s     9211292 B/op       1086 allocs/op
 ```
+</details>