@decentnetwork/lan 0.1.76 → 0.1.77

package/dist/carrier/packet-session.d.ts

@@ -6,15 +6,13 @@ import type { PacketFrame } from "./types.js";
 export interface PacketSessionOptions {
     peerId: string;
     sessionId: number;
-    /** Send a raw decentlan frame over the given Carrier custom packet id
-     *  (PACKET_ID_DL_SESSION for handshake, PACKET_ID_DL_IP for data). */
-    sendFrame: (frame: Uint8Array, packetId: number) => Promise<void>;
+    sendText: (text: string) => Promise<void>;
     onClose?: () => void;
 }
 export declare class PacketSession extends EventEmitter {
     private peerId;
     private sessionId;
-    private sendFrame;
+    private sendText;
     private isActive;
     private handshakeTimeout;
     private handshakePromise;

package/dist/carrier/packet-session.js

@@ -3,11 +3,11 @@
  */
 import { EventEmitter } from "events";
 import { FrameCodec } from "./frame.js";
-import { FRAME_OPCODE_HANDSHAKE_REQ, FRAME_OPCODE_DATA, PACKET_ID_DL_SESSION, PACKET_ID_DL_IP, } from "./types.js";
+import { FRAME_OPCODE_HANDSHAKE_REQ, FRAME_OPCODE_DATA, } from "./types.js";
 export class PacketSession extends EventEmitter {
     peerId;
     sessionId;
-    sendFrame;
+    sendText;
     isActive = false;
     handshakeTimeout = null;
     handshakePromise = null;
@@ -15,7 +15,7 @@ export class PacketSession extends EventEmitter {
         super();
         this.peerId = opts.peerId;
         this.sessionId = opts.sessionId;
-        this.sendFrame = opts.sendFrame;
+        this.sendText = opts.sendText;
         this.on("close", () => {
             if (opts.onClose) {
                 opts.onClose();
@@ -38,8 +38,9 @@ export class PacketSession extends EventEmitter {
             return this.handshakePromise;
         }
         this.handshakePromise = new Promise((resolve, reject) => {
-            // Send handshake request (lossless session channel — must arrive)
+            // Send handshake request
             const frame = FrameCodec.encode(new Uint8Array(0), this.sessionId, FRAME_OPCODE_HANDSHAKE_REQ);
+            const frameBase64 = Buffer.from(frame).toString("base64");
             // 30s default — Carrier express relay can add several seconds of latency
             // for cross-region peers. Configurable via AGENTNET_HANDSHAKE_TIMEOUT_MS.
             const timeoutMs = parseInt(process.env.AGENTNET_HANDSHAKE_TIMEOUT_MS || "30000", 10);
@@ -66,7 +67,7 @@ export class PacketSession extends EventEmitter {
                 this.handshakePromise = null;
                 reject(new Error(`Handshake aborted for peer ${this.peerId}`));
             });
-            this.sendFrame(frame, PACKET_ID_DL_SESSION).catch((error) => {
+            this.sendText(frameBase64).catch((error) => {
                 if (this.handshakeTimeout) {
                     clearTimeout(this.handshakeTimeout);
                 }
@@ -81,10 +82,9 @@ export class PacketSession extends EventEmitter {
             throw new Error("Packet session not active. Call handshake() first.");
         }
         const frame = FrameCodec.encode(packet, this.sessionId, FRAME_OPCODE_DATA);
+        const frameBase64 = Buffer.from(frame).toString("base64");
         try {
-            // IP data → lossy custom packet (best-effort; inner TCP handles
-            // reliability — see docs/PROTOCOL.md, avoids TCP-over-TCP).
-            await this.sendFrame(frame, PACKET_ID_DL_IP);
+            await this.sendText(frameBase64);
         }
         catch (error) {
             // Don't tear down the whole session for a single failed sendText —

package/dist/carrier/peer-manager.d.ts

@@ -152,16 +152,5 @@ export declare class PeerManager extends EventEmitter {
      * Send a HANDSHAKE_ACK frame to a peer.
      */
     private sendHandshakeAck;
-    /**
-     * Send a dora control message to a dora server over the dora custom packet
-     * (162, lossless). Replaces the old `DORA:`-prefixed text on packet 64.
-     */
-    sendDora(userid: string, text: string): Promise<void>;
-    /**
-     * Route a decoded decentlan frame to its packet-session, creating or
-     * replacing the session on a HANDSHAKE_REQ (handles the Carrier re-pair
-     * case where both sides hold different sessionIds).
-     */
-    private handleDecodedFrame;
     private setupEventHandlers;
 }

package/dist/carrier/peer-manager.js

@@ -6,8 +6,13 @@ import { Peer } from "@decentnetwork/peer";
 import { EventEmitter } from "events";
 import { PacketSession } from "./packet-session.js";
 import { FrameCodec } from "./frame.js";
-import { FRAME_OPCODE_HANDSHAKE_ACK, PACKET_ID_DL_SESSION, PACKET_ID_DL_DORA, PACKET_ID_DL_IP, } from "./types.js";
+import { FRAME_OPCODE_HANDSHAKE_ACK, } from "./types.js";
 import { Logger } from "../utils/logger.js";
+// Dora wire-prefix. Kept inline (rather than imported from @decentnetwork/dora) to
+// avoid coupling peer-manager — a transport-layer module — to an
+// application-protocol package. The prefix is part of decentlan's text
+// channel contract and must match the constant defined in dora's types.ts.
+const DORA_PREFIX = "DORA:";
 export class PeerManager extends EventEmitter {
     peer = null;
     identity = null;
@@ -326,11 +331,11 @@ export class PeerManager extends EventEmitter {
         const session = new PacketSession({
             peerId: pubkey,
             sessionId,
-            sendFrame: async (frame, packetId) => {
+            sendText: async (text) => {
                 if (!this.peer) {
                     throw new Error("Peer not available");
                 }
-                await this.peer.sendCustomPacket(pubkey, packetId, frame);
+                await this.peer.sendText(pubkey, text);
             },
             onClose: () => {
                 this.sessions.delete(pubkey);
@@ -359,42 +364,8 @@ export class PeerManager extends EventEmitter {
             throw new Error("Peer not available");
         }
         const frame = FrameCodec.encode(new Uint8Array(0), sessionId, FRAME_OPCODE_HANDSHAKE_ACK);
-        await this.peer.sendCustomPacket(pubkey, PACKET_ID_DL_SESSION, frame);
-    }
-    /**
-     * Send a dora control message to a dora server over the dora custom packet
-     * (162, lossless). Replaces the old `DORA:`-prefixed text on packet 64.
-     */
-    async sendDora(userid, text) {
-        if (!this.peer) {
-            throw new Error("Peer not created. Call create() first.");
-        }
-        await this.peer.sendCustomPacket(userid, PACKET_ID_DL_DORA, Buffer.from(text, "utf-8"));
-    }
-    /**
-     * Route a decoded decentlan frame to its packet-session, creating or
-     * replacing the session on a HANDSHAKE_REQ (handles the Carrier re-pair
-     * case where both sides hold different sessionIds).
-     */
-    handleDecodedFrame(pubkey, frame) {
-        let session = this.sessions.get(pubkey);
-        if (FrameCodec.isHandshakeRequest(frame.opcode)) {
-            if (session && session.getSessionId() !== frame.sessionId) {
-                this.logger.info(`Replacing stale session for ${pubkey} (old=${session.getSessionId()}, new=${frame.sessionId})`);
-                session.close();
-                session = undefined;
-            }
-            if (!session) {
-                this.logger.info(`Auto-creating session for inbound peer ${pubkey} (sessionId=${frame.sessionId})`);
-                session = this.createSession(pubkey, frame.sessionId);
-            }
-        }
-        if (session) {
-            session.handleIncomingFrame(frame);
-        }
-        else {
-            this.logger.debug(`No session for peer ${pubkey}, ignoring frame opcode=0x${frame.opcode.toString(16)}`);
-        }
+        const frameBase64 = Buffer.from(frame).toString("base64");
+        await this.peer.sendText(pubkey, frameBase64);
     }
     setupEventHandlers() {
         if (!this.peer) {
@@ -435,37 +406,54 @@ export class PeerManager extends EventEmitter {
                 }
             }
         });
-        // Packet 64 (PACKET_ID_MESSAGE) is now CHAT only — plain Carrier text,
-        // interoperable with native Carrier clients. IP traffic and dora moved to
-        // their own custom packets (onCustomPacket below). See docs/PROTOCOL.md.
+        // Text messages contain our framed packets
         this.peer.onText((message) => {
-            // Empty messages are kickSessionEstablishment keepalives — ignore.
-            if (message.text.length === 0) {
-                return;
-            }
-            this.emit("message", message.pubkey, message.text);
-        });
-        // decentlan custom packets: IP data (192, lossy), session handshake
-        // (161, lossless), dora control (162, lossless). Each on its own Carrier
-        // packet id — a chat message can never be mistaken for an IP packet, and
-        // no crafted message can inject onto the TUN.
-        this.peer.onCustomPacket(({ pubkey, id, data }) => {
             try {
-                if (id === PACKET_ID_DL_DORA) {
-                    this.emit("dora-message", pubkey, Buffer.from(data).toString("utf-8"));
+                // Silently skip empty messages — kickSessionEstablishment sends
+                // an empty sendText to trigger the SDK's #initiateSession path,
+                // and the receiver doesn't need to log a warning for that.
+                if (message.text.length === 0) {
+                    return;
+                }
+                // Dora messages share the same text channel as packet frames but
+                // carry a `DORA:` ASCII prefix that's not valid base64. Route them
+                // to whoever is subscribed (DoraClient/DoraServer in daemon).
+                if (message.text.startsWith(DORA_PREFIX)) {
+                    this.emit("dora-message", message.pubkey, message.text);
+                    return;
+                }
+                const frameData = Buffer.from(message.text, "base64");
+                const frame = FrameCodec.decode(new Uint8Array(frameData));
+                if (!frame) {
+                    this.logger.warn(`Invalid frame from ${message.pubkey}`);
                     return;
                 }
-                if (id === PACKET_ID_DL_IP || id === PACKET_ID_DL_SESSION) {
-                    const frame = FrameCodec.decode(data);
-                    if (!frame) {
-                        this.logger.warn(`Invalid frame from ${pubkey} (packet ${id})`);
-                        return;
+                let session = this.sessions.get(message.pubkey);
+                // For HANDSHAKE_REQ: always create or REPLACE the session with the
+                // new sessionId. Without this, after a Carrier session drop + re-pair
+                // the peer's new HANDSHAKE_REQ would be dropped because the existing
+                // local session has the old sessionId — so the responder never sends
+                // HANDSHAKE_ACK and the initiator times out forever.
+                if (FrameCodec.isHandshakeRequest(frame.opcode)) {
+                    if (session && session.getSessionId() !== frame.sessionId) {
+                        this.logger.info(`Replacing stale session for ${message.pubkey} (old=${session.getSessionId()}, new=${frame.sessionId})`);
+                        session.close();
+                        session = undefined;
                     }
-                    this.handleDecodedFrame(pubkey, frame);
+                    if (!session) {
+                        this.logger.info(`Auto-creating session for inbound peer ${message.pubkey} (sessionId=${frame.sessionId})`);
+                        session = this.createSession(message.pubkey, frame.sessionId);
+                    }
+                }
+                if (session) {
+                    session.handleIncomingFrame(frame);
+                }
+                else {
+                    this.logger.debug(`No session for peer ${message.pubkey}, ignoring frame opcode=0x${frame.opcode.toString(16)}`);
                 }
             }
             catch (error) {
-                this.logger.error(`Error processing custom packet from ${pubkey}:`, error);
+                this.logger.error(`Error processing frame from ${message.pubkey}:`, error);
             }
         });
         // Friend requests

package/dist/carrier/types.d.ts

@@ -8,6 +8,3 @@ export declare const FRAME_OPCODE_HANDSHAKE_ACK = 2;
 export declare const FRAME_OPCODE_DATA = 16;
 export declare const FRAME_MAGIC = 170;
 export declare const FRAME_HEADER_SIZE = 6;
-export declare const PACKET_ID_DL_SESSION = 161;
-export declare const PACKET_ID_DL_DORA = 162;
-export declare const PACKET_ID_DL_IP = 192;

package/dist/carrier/types.js

@@ -9,10 +9,3 @@ export const FRAME_OPCODE_DATA = 0x10;
 // Frame structure
 export const FRAME_MAGIC = 0xaa;
 export const FRAME_HEADER_SIZE = 6; // magic(1) + length(2) + sessionId(2) + opcode(1)
-// decentlan application packet IDs in toxcore's custom ranges (see
-// docs/PROTOCOL.md). Sent via peer.sendCustomPacket / received via
-// peer.onCustomPacket — a separate channel from chat (PACKET_ID_MESSAGE 64),
-// so IP traffic can never be confused with a Carrier message.
-export const PACKET_ID_DL_SESSION = 161; // lossless: session handshake frames (must arrive)
-export const PACKET_ID_DL_DORA = 162; // lossless: dora control (must arrive)
-export const PACKET_ID_DL_IP = 192; // lossy: IP data frames (best-effort; inner TCP retransmits)

package/dist/dora/dora-integration.js

@@ -40,7 +40,7 @@ export class DoraIntegration {
         this.logger = new Logger({ prefix: "Dora" });
         this.client = new DoraClient({
             registryUserids: opts.config.userids ?? [],
-            sendText: (toUserid, text) => opts.peerManager.sendDora(toUserid, text),
+            sendText: (toUserid, text) => opts.peerManager.sendText(toUserid, text),
             onText: (handler) => {
                 opts.peerManager.on("dora-message", (fromUserid, text) => {
                     handler(fromUserid, text);

package/dist/proxy/connect-proxy.js

@@ -126,11 +126,15 @@ export class ConnectProxy {
         }
         let bytes = 0;
         let closed = false;
+        let lastBytes = -1;
+        let idleTimer;
         const upstream = net.connect(port, host);
         const tearDown = (reason) => {
             if (closed)
                 return;
             closed = true;
+            if (idleTimer)
+                clearInterval(idleTimer);
             upstream.destroy();
             clientSocket.destroy();
             this.stats.active = Math.max(0, this.stats.active - 1);
@@ -181,6 +185,26 @@ export class ConnectProxy {
         upstream.on("end", () => tearDown("upstream end"));
         clientSocket.on("error", (err) => tearDown(`client error: ${err.message}`));
         clientSocket.on("end", () => tearDown("client end"));
+        // "close" catches abrupt teardowns (RST / socket destroyed) that never
+        // emit "end" — without these, a half-dead tunnel leaks.
+        upstream.on("close", () => tearDown("upstream close"));
+        clientSocket.on("close", () => tearDown("client close"));
+        // Idle reaper: when the Carrier path drops mid-stream the broken side
+        // sends no FIN, so neither "end" nor "error" fires and the sockets would
+        // leak until the kernel's multi-hour TCP keepalive — they pile up under
+        // load (1080p opens many high-bandwidth tunnels; two clients on one exit
+        // compounds it) and starve the exit. If no bytes flow in EITHER direction
+        // across two idle ticks, tear it down. Active streaming keeps `bytes`
+        // climbing (and backpressure pauses a one-sided flow), so only genuinely
+        // dead tunnels are reaped. Tunable via AGENTNET_TUNNEL_IDLE_MS.
+        const idleMs = Number(process.env.AGENTNET_TUNNEL_IDLE_MS) || 120_000;
+        idleTimer = setInterval(() => {
+            if (bytes === lastBytes)
+                tearDown("idle (no data — Carrier path likely dropped)");
+            else
+                lastBytes = bytes;
+        }, idleMs);
+        idleTimer.unref?.();
     }
     refuse(clientSocket, src, srcName, target, code, reason) {
         this.stats.totalRefused += 1;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@decentnetwork/lan",
-  "version": "0.1.76",
+  "version": "0.1.77",
   "description": "Private virtual LAN for self-hosted services and AI agents, built on Elastos Carrier. NAT-traversal, name service, ACL, all over a peer-to-peer mesh — no public IP required.",
   "type": "module",
   "main": "./dist/index.js",
@@ -77,7 +77,7 @@
   },
   "dependencies": {
     "@decentnetwork/dora": "^0.1.6",
-    "@decentnetwork/peer": "^0.1.33",
+    "@decentnetwork/peer": "^0.1.32",
     "js-yaml": "^4.1.0",
     "yargs": "^17.7.2"
   },