@decentnetwork/lan 0.1.26 → 0.1.28

package/dist/carrier/peer-manager.d.ts

@@ -119,6 +119,20 @@ export declare class PeerManager extends EventEmitter {
      * Get an existing session for a peer (for routing logic).
      */
     getSession(pubkey: string): PacketSession | null;
+    /**
+     * Snapshot of all current PacketSession entries keyed by their peer
+     * userid. Used by PacketRouter to "adopt" sessions that were created
+     * BEFORE the router itself was constructed — without this, any
+     * HANDSHAKE_REQ that lands during the small window between
+     * peerManager.start() and the PacketRouter constructor leaves a
+     * session with no "packet" listener attached. Symptom: peer
+     * stats show `packetsForwarded=N` outbound but our `packetsReceived=0`,
+     * pings flow one way and time out the other.
+     */
+    getAllSessions(): Array<{
+        pubkey: string;
+        session: PacketSession;
+    }>;
     /**
      * Internal: Create and register a session.
      */

package/dist/carrier/peer-manager.js

@@ -296,6 +296,19 @@ export class PeerManager extends EventEmitter {
     getSession(pubkey) {
         return this.sessions.get(pubkey) || null;
     }
+    /**
+     * Snapshot of all current PacketSession entries keyed by their peer
+     * userid. Used by PacketRouter to "adopt" sessions that were created
+     * BEFORE the router itself was constructed — without this, any
+     * HANDSHAKE_REQ that lands during the small window between
+     * peerManager.start() and the PacketRouter constructor leaves a
+     * session with no "packet" listener attached. Symptom: peer
+     * stats show `packetsForwarded=N` outbound but our `packetsReceived=0`,
+     * pings flow one way and time out the other.
+     */
+    getAllSessions() {
+        return Array.from(this.sessions, ([pubkey, session]) => ({ pubkey, session }));
+    }
     /**
      * Internal: Create and register a session.
      */

package/dist/daemon/server.js

@@ -218,9 +218,29 @@ export class DaemonServer {
             // 6. Optional dora (DHCP-style) registration. When enabled and the
             // server is reachable, dora hands us a virtual IP and tells us
             // who else is on the network — eliminating the manual ipam.yaml
-            // sync between operators. On any failure we fall through to the
-            // IP already loaded from config + ipam.yaml.
+            // sync between operators.
+            //
+            // Fallback policy when dora is unreachable: DON'T use
+            // config.network.ip blindly. `agentnet init` defaults every
+            // fresh install to 10.86.1.10, so two new peers that can't
+            // reach dora will BOTH claim the same fallback and silently
+            // collide — symptom seen in the wild as packets going to the
+            // wrong daemon and 100% loss to legitimate peers. Use the
+            // deterministic-from-userid IP instead (sha256(userid) → last
+            // two octets of 10.86.X.Y). That guarantees every peer gets a
+            // unique IP keyed off identity, with no shared default to
+            // collide on. If dora comes up later, the
+            // onAllocatedIpChanged callback swaps the TUN to dora's value.
             let tunIp = this.config.network.ip;
+            const ownUserid = this.peerManager.getPubkey();
+            const deterministicFallback = Ipam.deterministicIpForUserid(ownUserid);
+            if (tunIp === "10.86.1.10" || !tunIp) {
+                // The init-default fallback IP — every fresh decentlan installs with
+                // this. Override with a per-identity deterministic value before
+                // dora even gets to try.
+                tunIp = deterministicFallback;
+                this.logger.info(`Using deterministic fallback IP ${tunIp} (derived from userid; avoids the 10.86.1.10 init-default collision)`);
+            }
             if (this.config.dora?.enabled && (this.config.dora.userids?.length ?? 0) > 0) {
                 // Need to be on the Carrier network before dora can talk to its
                 // server. Wait synchronously here — without joinNetwork the
@@ -234,7 +254,11 @@ export class DaemonServer {
                     peerManager: this.peerManager,
                     ipam: this.ipam,
                     nodeName: this.config.node.name,
-                    preferredIp: this.config.network.ip,
+                    // Hand dora our deterministic fallback as the requestedIp so
+                    // a successful register returns the same IP across restarts
+                    // (avoids the dora-stole-someone-else's-IP race that bit us
+                    // when ubuntu was momentarily offline during reallocation).
+                    preferredIp: tunIp,
                     // Fires when dora's background retry eventually succeeds
                     // AFTER the initial bootstrap already returned the fallback
                     // IP. At that point the TUN is up on the fallback (e.g.

package/dist/router/packet-router.d.ts

@@ -80,5 +80,15 @@ export declare class PacketRouter extends EventEmitter {
      * Handle incoming packet (Carrier -> peer -> TUN).
      */
     private handleIncomingPacket;
+    /**
+     * Attach the "packet" listener to a single session. Shared by both the
+     * session-opened event handler AND the adopt-existing-sessions pass
+     * run when PacketRouter starts. The WeakSet check makes calling this
+     * multiple times for the same session safe — without it, an early
+     * session would get two listeners and every inbound packet would be
+     * written to TUN twice (visible as `(DUP!)` ICMP replies on the
+     * sender side).
+     */
+    private attachSessionListener;
     private setupCarrierHandlers;
 }

package/dist/router/packet-router.js

@@ -339,22 +339,51 @@ export class PacketRouter extends EventEmitter {
             this.recordDrop(parsed.dstIp, "tun-write-failed", msg);
         }
     }
+    /**
+     * Attach the "packet" listener to a single session. Shared by both the
+     * session-opened event handler AND the adopt-existing-sessions pass
+     * run when PacketRouter starts. The WeakSet check makes calling this
+     * multiple times for the same session safe — without it, an early
+     * session would get two listeners and every inbound packet would be
+     * written to TUN twice (visible as `(DUP!)` ICMP replies on the
+     * sender side).
+     */
+    attachSessionListener(pubkey, session) {
+        if (this.listenedSessions.has(session))
+            return;
+        this.listenedSessions.add(session);
+        this.sessionManager.registerInboundSession(pubkey, session);
+        session.on("packet", (packet) => {
+            this.handleIncomingPacket(pubkey, packet).catch((err) => {
+                this.logger.error("Incoming packet error:", err);
+            });
+        });
+    }
     setupCarrierHandlers() {
-        // When PeerManager creates a session (inbound or outbound), register packet handler.
-        // Guard against double-attachment: this event fires from both the responder-side
-        // handshake-req handler and the initiator-side openPacketSession completion. Without
-        // the WeakSet check, each peer-arriving packet would be written to TUN twice, which
-        // shows up as `(DUP!)` ICMP replies on the sender side.
+        // Adopt any sessions that already exist by the time PacketRouter is
+        // constructed. PeerManager.start() opens Carrier and friends can
+        // start handshaking IMMEDIATELY; if Vultr (or any peer) sends a
+        // HANDSHAKE_REQ before PacketRouter is built, PeerManager's
+        // session-opened event fires with nobody listening — the session
+        // ends up in PeerManager.sessions but its "packet" callback is
+        // never wired, so every inbound DATA frame is silently dropped.
+        // Symptom seen in the wild: Vultr stats `packetsForwarded=N`
+        // outbound but mac-dev stats `packetsReceived=0`, pings flow one
+        // way and time out the other.
+        for (const { pubkey, session } of this.peerManager.getAllSessions()) {
+            this.attachSessionListener(pubkey, session);
+        }
+        // When PeerManager creates a session AFTER this point (inbound or
+        // outbound), register the packet handler. Guard against double-
+        // attachment: this event fires from both the responder-side
+        // handshake-req handler and the initiator-side openPacketSession
+        // completion. Without the WeakSet check, each peer-arriving packet
+        // would be written to TUN twice, which shows up as `(DUP!)` ICMP
+        // replies on the sender side.
         this.peerManager.on("session-opened", ({ pubkey }) => {
             const session = this.peerManager.getSession(pubkey);
             if (session && !this.listenedSessions.has(session)) {
-                this.listenedSessions.add(session);
-                this.sessionManager.registerInboundSession(pubkey, session);
-                session.on("packet", (packet) => {
-                    this.handleIncomingPacket(pubkey, packet).catch((err) => {
-                        this.logger.error("Incoming packet error:", err);
-                    });
-                });
+                this.attachSessionListener(pubkey, session);
             }
         });
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@decentnetwork/lan",
-  "version": "0.1.26",
+  "version": "0.1.28",
   "description": "Private virtual LAN for self-hosted services and AI agents, built on Elastos Carrier. NAT-traversal, name service, ACL, all over a peer-to-peer mesh — no public IP required.",
   "type": "module",
   "main": "./dist/index.js",