@usex/mikrotik-mcp 2.2.0 → 2.3.0

package/dist/cli.js

@@ -258,880 +258,8 @@ var logger = {
   error: (m) => emit("error", m)
 };
 
-// src/mac-telnet/protocol.ts
-import { createHash as createHash2, randomBytes as randomBytes2, randomInt } from "crypto";
-import { createSocket } from "dgram";
-import { readFileSync as readFileSync2 } from "fs";
-import { networkInterfaces } from "os";
-
-// src/mac-telnet/ec-srp5.ts
-import { createHash, randomBytes } from "crypto";
-var EC_SRP5_PUBKEY_LEN = 33;
-var P = BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed");
-var A = BigInt("0x2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa984914a144");
-var B = BigInt("0x7b425ed097b425ed097b425ed097b425ed097b425ed097b4260b5e9c7710c864");
-var N = BigInt("0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed");
-var GX = BigInt("0x2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad245a");
-var GY = BigInt("0x5f51e65e475f794b1fe122d388b72eb36dc2b28192839e4dd6163a5d81312c14");
-var W2M = BigInt("0x555555555555555555555555555555555555555555555555555555555552db9c");
-var M2W = BigInt("0x2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad2451");
-var SQRT_M1 = modPow(2n, (P - 1n) / 4n, P);
-var G = { x: GX, y: GY };
-function mod(value, m) {
-  const r = value % m;
-  return r < 0n ? r + m : r;
-}
-function modPow(base, exp, m) {
-  let result = 1n;
-  let b = mod(base, m);
-  let e = exp;
-  while (e > 0n) {
-    if (e & 1n)
-      result = result * b % m;
-    b = b * b % m;
-    e >>= 1n;
-  }
-  return result;
-}
-function modInv(value) {
-  return modPow(value, P - 2n, P);
-}
-function modSqrt(a) {
-  const aa = mod(a, P);
-  if (aa === 0n)
-    return 0n;
-  let x = modPow(aa, (P + 3n) / 8n, P);
-  if (x * x % P === aa)
-    return x;
-  x = mod(x * SQRT_M1, P);
-  if (x * x % P === aa)
-    return x;
-  return null;
-}
-function bytesToBigIntBE(bytes) {
-  let value = 0n;
-  for (const byte of bytes)
-    value = value << 8n | BigInt(byte);
-  return value;
-}
-function bigIntToBytesBE(value, length) {
-  const out = new Uint8Array(length);
-  let v = value;
-  for (let i = length - 1;i >= 0; i -= 1) {
-    out[i] = Number(v & 0xffn);
-    v >>= 8n;
-  }
-  return out;
-}
-function sha256(...chunks) {
-  const hash = createHash("sha256");
-  for (const chunk of chunks)
-    hash.update(chunk);
-  return new Uint8Array(hash.digest());
-}
-function concatBytes(parts) {
-  const total = parts.reduce((sum, part) => sum + part.length, 0);
-  const out = new Uint8Array(total);
-  let cursor = 0;
-  for (const part of parts) {
-    out.set(part, cursor);
-    cursor += part.length;
-  }
-  return out;
-}
-function pointAdd(p, q) {
-  if (p === null)
-    return q;
-  if (q === null)
-    return p;
-  if (p.x === q.x) {
-    if (mod(p.y + q.y, P) === 0n)
-      return null;
-    return pointDouble(p);
-  }
-  const slope = mod((q.y - p.y) * modInv(mod(q.x - p.x, P)), P);
-  const x = mod(slope * slope - p.x - q.x, P);
-  const y = mod(slope * (p.x - x) - p.y, P);
-  return { x, y };
-}
-function pointDouble(p) {
-  if (p === null)
-    return null;
-  if (p.y === 0n)
-    return null;
-  const slope = mod((3n * p.x * p.x + A) * modInv(mod(2n * p.y, P)), P);
-  const x = mod(slope * slope - 2n * p.x, P);
-  const y = mod(slope * (p.x - x) - p.y, P);
-  return { x, y };
-}
-function scalarMul(scalar, point) {
-  let result = null;
-  let addend = point;
-  let k = scalar;
-  while (k > 0n) {
-    if (k & 1n)
-      result = pointAdd(result, addend);
-    addend = pointDouble(addend);
-    k >>= 1n;
-  }
-  return result;
-}
-function liftX(xWeier, parity) {
-  const x = mod(xWeier, P);
-  const rhs = mod(x * x * x + A * x + B, P);
-  const y0 = modSqrt(rhs);
-  if (y0 === null)
-    return null;
-  const y = Number(y0 & 1n) === (parity & 1) ? y0 : mod(-y0, P);
-  return { x, y };
-}
-function encodePoint(point) {
-  if (point === null) {
-    throw new Error("Cannot encode the EC-SRP5 point at infinity.");
-  }
-  const out = new Uint8Array(EC_SRP5_PUBKEY_LEN);
-  out.set(bigIntToBytesBE(mod(point.x + W2M, P), 32), 0);
-  out[32] = Number(point.y & 1n);
-  return out;
-}
-function decodePoint(key) {
-  if (key.length !== EC_SRP5_PUBKEY_LEN) {
-    throw new Error(`EC-SRP5 public key must be ${EC_SRP5_PUBKEY_LEN} bytes (got ${key.length}).`);
-  }
-  const xWeier = mod(bytesToBigIntBE(key.subarray(0, 32)) + M2W, P);
-  const point = liftX(xWeier, key[32]);
-  if (point === null) {
-    throw new Error("EC-SRP5 public key X is not a valid curve point.");
-  }
-  return point;
-}
-function ecSrp5Keygen(privBytes) {
-  const priv = privBytes ? Uint8Array.from(privBytes) : new Uint8Array(randomBytes(32));
-  if (priv.length !== 32) {
-    throw new Error("EC-SRP5 private key seed must be 32 bytes.");
-  }
-  priv[0] = priv[0] & 248;
-  priv[31] = priv[31] & 127;
-  priv[31] = priv[31] | 64;
-  const privateKey = bytesToBigIntBE(priv);
-  return { privateKey, publicKey: encodePoint(scalarMul(privateKey, G)) };
-}
-function ecSrp5Id(username, password, salt) {
-  const inner = sha256(new TextEncoder().encode(`${username}:${password}`));
-  return sha256(salt, inner);
-}
-function redp1(montgomeryX, parity) {
-  let seed = bytesToBigIntBE(sha256(montgomeryX));
-  for (;; ) {
-    const candidate = sha256(bigIntToBytesBE(seed, 32));
-    const xWeier = mod(bytesToBigIntBE(candidate) + M2W, P);
-    const point = liftX(xWeier, parity);
-    if (point !== null)
-      return point;
-    seed = mod(seed + 1n, 1n << 256n);
-  }
-}
-function ecSrp5ClientShared(privateKey, serverKey, clientKey, validator) {
-  const serverPoint = decodePoint(serverKey);
-  const v = bytesToBigIntBE(validator);
-  const vG = scalarMul(v, G);
-  if (vG === null) {
-    throw new Error("EC-SRP5 validator produced the point at infinity.");
-  }
-  const gamma = redp1(bigIntToBytesBE(mod(vG.x + W2M, P), 32), 1);
-  const wB = pointAdd(serverPoint, gamma);
-  const j = sha256(clientKey.subarray(0, 32), serverKey.subarray(0, 32));
-  const scalar = mod(v * bytesToBigIntBE(j) + privateKey, N);
-  const pt = scalarMul(scalar, wB);
-  if (pt === null) {
-    throw new Error("EC-SRP5 shared point computed as infinity.");
-  }
-  const z2 = bigIntToBytesBE(mod(pt.x + W2M, P), 32);
-  return { j, z: z2 };
-}
-function ecSrp5ClientProof(privateKey, serverKey, clientKey, validator) {
-  const { j, z: z2 } = ecSrp5ClientShared(privateKey, serverKey, clientKey, validator);
-  return sha256(j, z2);
-}
-
-// src/mac-telnet/mtwei.ts
-function mtweiOfferValue(username, publicKey) {
-  return concatBytes([new TextEncoder().encode(username), Uint8Array.of(0), publicKey]);
-}
-
-// src/mac-telnet/protocol.ts
-var MAC_TELNET_PORT = 20561;
-var MAC_TELNET_HEADER_LEN = 22;
-var MAC_TELNET_CONTROL_HEADER_LEN = 9;
-var MAC_TELNET_CONTROL_MAGIC = Uint8Array.of(86, 52, 18, 255);
-var MAC_TELNET_CLIENT_TYPE = Uint8Array.of(0, 21);
-var MAC_TELNET_RETRANSMIT_SCHEDULE_MS = [
-  15,
-  20,
-  30,
-  50,
-  90,
-  170,
-  330,
-  660,
-  1000
-];
-var MAC_TELNET_KEEPALIVE_IDLE_MS = 8000;
-var MacTelnetPacketType = {
-  sessionStart: 0,
-  data: 1,
-  ack: 2,
-  ping: 4,
-  pong: 5,
-  end: 255
-};
-var MacTelnetControlType = {
-  beginAuth: 0,
-  passwordSalt: 1,
-  password: 2,
-  username: 3,
-  terminalType: 4,
-  terminalWidth: 5,
-  terminalHeight: 6,
-  packetError: 7,
-  endAuth: 9
-};
-function parseMac(value) {
-  const parts = value.trim().split(/[:\-.]/);
-  if (parts.length !== 6) {
-    throw new Error(`"${value}" is not a 6-octet MAC address. Provide a MAC like aa:bb:cc:dd:ee:ff.`);
-  }
-  const octets = new Uint8Array(6);
-  for (let index = 0;index < 6; index += 1) {
-    const octet = Number.parseInt(parts[index], 16);
-    if (!Number.isInteger(octet) || octet < 0 || octet > 255) {
-      throw new Error(`"${value}" has an invalid octet "${parts[index]}". Each octet must be a two-digit hex value (00\u2013ff).`);
-    }
-    octets[index] = octet;
-  }
-  return octets;
-}
-function macEquals(a, b) {
-  if (a.length !== b.length)
-    return false;
-  for (let index = 0;index < a.length; index += 1) {
-    if (a[index] !== b[index])
-      return false;
-  }
-  return true;
-}
-function encodeHeader(options) {
-  const data = new Uint8Array(MAC_TELNET_HEADER_LEN);
-  const view = new DataView(data.buffer);
-  data[0] = 1;
-  data[1] = options.type;
-  data.set(options.sourceMac, 2);
-  data.set(options.destinationMac, 8);
-  const sessionKeyOffset = options.fromServer ? 16 : 14;
-  const clientTypeOffset = options.fromServer ? 14 : 16;
-  view.setUint16(sessionKeyOffset, options.sessionKey & 65535, false);
-  data.set(MAC_TELNET_CLIENT_TYPE, clientTypeOffset);
-  view.setUint32(18, options.counter >>> 0, false);
-  return data;
-}
-function decodeHeader(bytes, options = {}) {
-  if (bytes.length < MAC_TELNET_HEADER_LEN) {
-    throw new Error(`MAC-Telnet packet is too short (${bytes.length} bytes, need at least ${MAC_TELNET_HEADER_LEN}).`);
-  }
-  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
-  const fromServer = options.fromServer ?? true;
-  const sessionKeyOffset = fromServer ? 16 : 14;
-  return {
-    version: bytes[0],
-    type: bytes[1],
-    sourceMac: bytes.slice(2, 8),
-    destinationMac: bytes.slice(8, 14),
-    sessionKey: view.getUint16(sessionKeyOffset, false),
-    counter: view.getUint32(18, false)
-  };
-}
-function encodeControlBlock(type, value = new Uint8Array(0)) {
-  const block = new Uint8Array(MAC_TELNET_CONTROL_HEADER_LEN + value.length);
-  block.set(MAC_TELNET_CONTROL_MAGIC, 0);
-  block[4] = type;
-  new DataView(block.buffer).setUint32(5, value.length >>> 0, false);
-  block.set(value, MAC_TELNET_CONTROL_HEADER_LEN);
-  return block;
-}
-function parseControlBlocks(payload) {
-  const blocks = [];
-  let offset = 0;
-  while (offset < payload.length) {
-    const remaining = payload.length - offset;
-    const hasMagic = remaining >= MAC_TELNET_CONTROL_HEADER_LEN && payload[offset] === MAC_TELNET_CONTROL_MAGIC[0] && payload[offset + 1] === MAC_TELNET_CONTROL_MAGIC[1] && payload[offset + 2] === MAC_TELNET_CONTROL_MAGIC[2] && payload[offset + 3] === MAC_TELNET_CONTROL_MAGIC[3];
-    if (!hasMagic) {
-      blocks.push({ type: "plaindata", value: payload.slice(offset) });
-      break;
-    }
-    const type = payload[offset + 4];
-    const length = new DataView(payload.buffer, payload.byteOffset + offset + 5, 4).getUint32(0, false);
-    const valueStart = offset + MAC_TELNET_CONTROL_HEADER_LEN;
-    const valueEnd = valueStart + length;
-    if (valueEnd > payload.length) {
-      throw new Error(`MAC-Telnet control block claims ${length} bytes but only ${payload.length - valueStart} remain.`);
-    }
-    blocks.push({ type, value: payload.slice(valueStart, valueEnd) });
-    offset = valueEnd;
-  }
-  return blocks;
-}
-function macTelnetPasswordHash(password, salt) {
-  const digest = createHash2("md5").update(Buffer.from([0])).update(Buffer.from(password, "utf8")).update(salt).digest();
-  const out = new Uint8Array(17);
-  out[0] = 0;
-  out.set(digest, 1);
-  return out;
-}
-function encodeTerminalDimension(value) {
-  const out = new Uint8Array(2);
-  new DataView(out.buffer).setUint16(0, value & 65535, true);
-  return out;
-}
-function concatBytes2(parts) {
-  const total = parts.reduce((sum, part) => sum + part.length, 0);
-  const out = new Uint8Array(total);
-  let cursor = 0;
-  for (const part of parts) {
-    out.set(part, cursor);
-    cursor += part.length;
-  }
-  return out;
-}
-function buildPacket(options) {
-  const header = encodeHeader({
-    type: options.type,
-    sourceMac: options.sourceMac,
-    destinationMac: options.destinationMac,
-    sessionKey: options.sessionKey,
-    counter: options.counter
-  });
-  if (!options.payload || options.payload.length === 0)
-    return header;
-  return concatBytes2([header, options.payload]);
-}
-function createUdpMacTelnetTransport(options) {
-  const socket = createSocket({ type: "udp4", reuseAddr: true });
-  let handler;
-  socket.on("message", (message) => {
-    handler?.(new Uint8Array(message));
-  });
-  const readyPromise = new Promise((resolve, reject) => {
-    socket.once("error", reject);
-    socket.bind(0, () => {
-      if (options.broadcast) {
-        try {
-          socket.setBroadcast(true);
-        } catch {}
-      }
-      resolve();
-    });
-  });
-  return {
-    send(bytes) {
-      socket.send(bytes, options.port, options.host);
-    },
-    close() {
-      try {
-        socket.close();
-      } catch {}
-    },
-    onMessage(next) {
-      handler = next;
-    },
-    ready() {
-      return readyPromise;
-    }
-  };
-}
-function isZeroMac(mac) {
-  return mac.every((octet) => octet === 0);
-}
-function tryParseMac(value) {
-  if (!value)
-    return;
-  try {
-    return parseMac(value);
-  } catch {
-    return;
-  }
-}
-function hardwareMacOf(name) {
-  try {
-    const sys = readFileSync2(`/sys/class/net/${name}/address`, "utf8").trim();
-    const mac = tryParseMac(sys);
-    if (mac && !isZeroMac(mac))
-      return mac;
-  } catch {}
-  return;
-}
-function ipv4ToInt(addr) {
-  const parts = addr.split(".");
-  if (parts.length !== 4)
-    return;
-  let value = 0;
-  for (const part of parts) {
-    const octet = Number(part);
-    if (!Number.isInteger(octet) || octet < 0 || octet > 255)
-      return;
-    value = value << 8 | octet;
-  }
-  return value >>> 0;
-}
-function intToIpv4(value) {
-  return [24, 16, 8, 0].map((shift) => value >>> shift & 255).join(".");
-}
-function directedBroadcast(address, netmask) {
-  const addr = ipv4ToInt(address);
-  const mask = ipv4ToInt(netmask);
-  if (addr === undefined || mask === undefined)
-    return;
-  return intToIpv4((addr & mask | ~mask >>> 0) >>> 0);
-}
-function listBroadcastInterfaces() {
-  const out = [];
-  for (const [name, infos] of Object.entries(networkInterfaces())) {
-    for (const info of infos ?? []) {
-      if (info.family !== "IPv4" || info.internal)
-        continue;
-      let mac = tryParseMac(info.mac);
-      if (!mac || isZeroMac(mac))
-        mac = hardwareMacOf(name);
-      if (!mac || isZeroMac(mac))
-        continue;
-      const broadcast = directedBroadcast(info.address, info.netmask);
-      if (!broadcast)
-        continue;
-      out.push({ name, address: info.address, broadcast, mac });
-    }
-  }
-  return out;
-}
-async function egressAddressFor(host, port) {
-  return await new Promise((resolve) => {
-    const probe = createSocket("udp4");
-    const done = (addr) => {
-      try {
-        probe.close();
-      } catch {}
-      resolve(addr);
-    };
-    probe.on("error", () => done(undefined));
-    try {
-      probe.connect(port, host, () => {
-        try {
-          done(probe.address().address);
-        } catch {
-          done(undefined);
-        }
-      });
-    } catch {
-      done(undefined);
-    }
-  });
-}
-async function resolveEgressMac(host, port) {
-  const localAddr = await egressAddressFor(host, port);
-  if (!localAddr)
-    return;
-  for (const ifc of listBroadcastInterfaces()) {
-    if (ifc.address === localAddr)
-      return ifc.mac;
-  }
-  return;
-}
-async function discoverMacTelnetRoute(opts) {
-  const interfaces = listBroadcastInterfaces();
-  if (interfaces.length === 0)
-    return;
-  const sessionKey = opts.sessionKey ?? randomInt(65536);
-  return await new Promise((resolve) => {
-    const socket = createSocket({ type: "udp4", reuseAddr: true });
-    let settled = false;
-    const timers = [];
-    const finish = (route) => {
-      if (settled)
-        return;
-      settled = true;
-      for (const t of timers)
-        clearTimeout(t);
-      try {
-        socket.close();
-      } catch {}
-      resolve(route);
-    };
-    socket.on("error", () => finish(undefined));
-    socket.on("message", (message) => {
-      let header;
-      try {
-        header = decodeHeader(new Uint8Array(message), { fromServer: true });
-      } catch {
-        return;
-      }
-      if (header.version !== 1 || header.sessionKey !== sessionKey)
-        return;
-      if (header.type !== MacTelnetPacketType.ack && header.type !== MacTelnetPacketType.data) {
-        return;
-      }
-      if (!macEquals(header.sourceMac, opts.destinationMac))
-        return;
-      const winner = interfaces.find((ifc) => macEquals(ifc.mac, header.destinationMac));
-      if (winner)
-        finish({ sourceMac: winner.mac, host: winner.broadcast });
-    });
-    const spray = () => {
-      for (const ifc of interfaces) {
-        const packet = buildPacket({
-          type: MacTelnetPacketType.sessionStart,
-          sourceMac: ifc.mac,
-          destinationMac: opts.destinationMac,
-          sessionKey,
-          counter: 0
-        });
-        try {
-          socket.send(packet, opts.port, ifc.broadcast);
-        } catch {}
-      }
-    };
-    socket.bind(0, () => {
-      try {
-        socket.setBroadcast(true);
-      } catch {}
-      spray();
-      timers.push(setTimeout(spray, 250));
-      timers.push(setTimeout(spray, 700));
-      timers.push(setTimeout(() => finish(undefined), opts.timeoutMs));
-    });
-  });
-}
-var DEFAULT_MAC_TELNET_BROADCAST = "255.255.255.255";
-function randomLocalMac() {
-  const octets = new Uint8Array(randomBytes2(6));
-  octets[0] = octets[0] & 254 | 2;
-  return octets;
-}
-function isBroadcastHost(host) {
-  return host === DEFAULT_MAC_TELNET_BROADCAST || host.endsWith(".255");
-}
-async function resolveMacTelnetRoute(config) {
-  if (config.explicitSourceMac) {
-    return { sourceMac: config.explicitSourceMac, host: config.host };
-  }
-  if (config.host === DEFAULT_MAC_TELNET_BROADCAST) {
-    const route = await discoverMacTelnetRoute({
-      destinationMac: config.destinationMac,
-      port: config.port,
-      timeoutMs: Math.min(config.timeoutMs, 5000)
-    });
-    if (route)
-      return route;
-  }
-  const sourceMac = await resolveEgressMac(config.host, config.port) ?? randomLocalMac();
-  return { sourceMac, host: config.host };
-}
-
-class MacTelnetSession {
-  options;
-  sessionKey;
-  state = "init";
-  outCounter = 0;
-  lastInCounter = null;
-  mtweiKeypair;
-  lastAckCounter = 0;
-  maxOutAck = -1;
-  pending;
-  activitySinceTick = false;
-  idleMs = 0;
-  lastTickMs;
-  constructor(options) {
-    this.options = options;
-    this.sessionKey = options.sessionKey ?? randomInt(65536);
-  }
-  get key() {
-    return this.sessionKey;
-  }
-  start() {
-    if (this.state !== "init")
-      return;
-    const bytes = this.sendPacket(MacTelnetPacketType.sessionStart);
-    this.pending = { bytes, ackTarget: 0, attempts: 0, elapsedMs: 0 };
-    this.state = "session-start-sent";
-  }
-  handlePacket(bytes) {
-    if (this.state === "closed")
-      return;
-    let header;
-    try {
-      header = decodeHeader(bytes, { fromServer: true });
-    } catch {
-      return;
-    }
-    switch (header.type) {
-      case MacTelnetPacketType.ack:
-        if (this.matchesSession(header))
-          this.onAck(header);
-        return;
-      case MacTelnetPacketType.data:
-        if (this.matchesSession(header))
-          this.onDataPacket(header, bytes);
-        return;
-      case MacTelnetPacketType.end:
-        if (this.matchesSession(header))
-          this.onEnd(header);
-        return;
-      case MacTelnetPacketType.ping:
-        if (header.version === 1 && macEquals(header.destinationMac, this.options.sourceMac)) {
-          this.onPing(header);
-        }
-    }
-  }
-  matchesSession(header) {
-    return header.version === 1 && header.sessionKey === this.sessionKey && macEquals(header.sourceMac, this.options.destinationMac) && macEquals(header.destinationMac, this.options.sourceMac);
-  }
-  onPing(header) {
-    this.activitySinceTick = true;
-    this.emit(encodeHeader({
-      type: MacTelnetPacketType.pong,
-      sourceMac: this.options.sourceMac,
-      destinationMac: this.options.destinationMac,
-      sessionKey: header.sessionKey,
-      counter: header.counter
-    }));
-  }
-  onAck(header) {
-    this.activitySinceTick = true;
-    this.maxOutAck = Math.max(this.maxOutAck, header.counter);
-    if (this.pending && this.maxOutAck >= this.pending.ackTarget) {
-      this.pending = undefined;
-    }
-    if (this.state !== "session-start-sent")
-      return;
-    const blocks = [encodeControlBlock(MacTelnetControlType.beginAuth)];
-    if (this.options.offerMtwei !== false) {
-      this.mtweiKeypair = ecSrp5Keygen();
-      blocks.push(encodeControlBlock(MacTelnetControlType.passwordSalt, mtweiOfferValue(this.identityUsername(), this.mtweiKeypair.publicKey)));
-    }
-    this.sendData(blocks);
-    this.state = "auth-begin-sent";
-  }
-  identityUsername() {
-    return this.options.username.split("+", 1)[0] ?? this.options.username;
-  }
-  onDataPacket(header, bytes) {
-    this.activitySinceTick = true;
-    const payload = bytes.subarray(MAC_TELNET_HEADER_LEN);
-    this.acknowledge(header.counter, payload.length);
-    if (!this.acceptCounter(header.counter))
-      return;
-    let blocks;
-    try {
-      blocks = parseControlBlocks(payload);
-    } catch (error) {
-      this.fail(error);
-      return;
-    }
-    for (const block of blocks)
-      this.handleControlBlock(block);
-  }
-  handleControlBlock(block) {
-    switch (block.type) {
-      case MacTelnetControlType.passwordSalt:
-        this.handlePasswordSalt(block.value);
-        return;
-      case MacTelnetControlType.endAuth:
-        if (this.state === "auth-sent") {
-          this.state = "auth-complete";
-        }
-        return;
-      case "plaindata":
-        this.handleTerminalData(block.value);
-        return;
-      case MacTelnetControlType.packetError:
-        this.fail(new Error(`The device reported a MAC-Telnet error: ${new TextDecoder().decode(block.value)}. ` + "Check the credentials and that MAC-Telnet is enabled on the device."));
-    }
-  }
-  handleTerminalData(data) {
-    if (this.state === "auth-complete") {
-      if (/login failed/i.test(new TextDecoder().decode(data))) {
-        this.fail(new Error("MAC-Telnet login failed: incorrect username or password."));
-        return;
-      }
-      this.state = "ready";
-      this.options.onReady?.();
-      if (data.length > 0)
-        this.options.onData?.(data);
-      return;
-    }
-    if (this.state === "ready" && data.length > 0)
-      this.options.onData?.(data);
-  }
-  handlePasswordSalt(salt) {
-    if (this.state !== "auth-begin-sent")
-      return;
-    let passwordValue;
-    if (salt.length === 16) {
-      passwordValue = macTelnetPasswordHash(this.options.password, salt);
-    } else if (salt.length === EC_SRP5_PUBKEY_LEN + 16) {
-      if (!this.mtweiKeypair) {
-        this.fail(new Error("The device requires MTWEI but this session did not offer it. " + "Leave MTWEI enabled (the default) so the client advertises a public key."));
-        return;
-      }
-      const serverKey = salt.subarray(0, EC_SRP5_PUBKEY_LEN);
-      const mtweiSalt = salt.subarray(EC_SRP5_PUBKEY_LEN);
-      const validator = ecSrp5Id(this.identityUsername(), this.options.password, mtweiSalt);
-      passwordValue = ecSrp5ClientProof(this.mtweiKeypair.privateKey, serverKey, this.mtweiKeypair.publicKey, validator);
-    } else {
-      this.fail(new Error(`The device offered an unsupported MAC-Telnet salt length (${salt.length}). ` + "Expected 16 (MD5) or 49 (MTWEI); confirm the device and RouterOS version."));
-      return;
-    }
-    const username = new TextEncoder().encode(this.options.username);
-    const terminalType = new TextEncoder().encode(this.options.terminalType ?? "vt102");
-    const blocks = [
-      encodeControlBlock(MacTelnetControlType.password, passwordValue),
-      encodeControlBlock(MacTelnetControlType.username, username),
-      encodeControlBlock(MacTelnetControlType.terminalType, terminalType),
-      encodeControlBlock(MacTelnetControlType.terminalWidth, encodeTerminalDimension(this.options.terminalWidth ?? 80)),
-      encodeControlBlock(MacTelnetControlType.terminalHeight, encodeTerminalDimension(this.options.terminalHeight ?? 24))
-    ];
-    this.sendData(blocks);
-    this.state = "auth-sent";
-  }
-  onEnd(header) {
-    this.emit(encodeHeader({
-      type: MacTelnetPacketType.end,
-      sourceMac: this.options.sourceMac,
-      destinationMac: this.options.destinationMac,
-      sessionKey: header.sessionKey,
-      counter: 0
-    }));
-    if (this.state === "auth-complete") {
-      this.fail(new Error("MAC-Telnet login failed: the device closed the session after authentication. " + "Check the credentials configured for this device."));
-      return;
-    }
-    this.close();
-  }
-  sendInput(bytes) {
-    if (this.state !== "ready") {
-      throw new Error("Cannot send input before the MAC-Telnet session is ready.");
-    }
-    this.sendData([bytes]);
-  }
-  end() {
-    if (this.state === "closed")
-      return;
-    this.emit(encodeHeader({
-      type: MacTelnetPacketType.end,
-      sourceMac: this.options.sourceMac,
-      destinationMac: this.options.destinationMac,
-      sessionKey: this.sessionKey,
-      counter: this.outCounter
-    }));
-    this.close();
-  }
-  close(error) {
-    if (this.state === "closed")
-      return;
-    this.state = "closed";
-    this.pending = undefined;
-    this.options.sink.close();
-    this.options.onClose?.(error);
-  }
-  fail(error) {
-    this.close(error);
-  }
-  emit(bytes) {
-    try {
-      this.options.sink.send(bytes);
-    } catch {}
-  }
-  acceptCounter(counter) {
-    if (this.lastInCounter === null) {
-      this.lastInCounter = counter;
-      return true;
-    }
-    if (counter > this.lastInCounter) {
-      this.lastInCounter = counter;
-      return true;
-    }
-    return false;
-  }
-  acknowledge(counter, payloadLength) {
-    this.lastAckCounter = counter + payloadLength >>> 0;
-    this.activitySinceTick = true;
-    this.emit(encodeHeader({
-      type: MacTelnetPacketType.ack,
-      sourceMac: this.options.sourceMac,
-      destinationMac: this.options.destinationMac,
-      sessionKey: this.sessionKey,
-      counter: this.lastAckCounter
-    }));
-  }
-  sendPacket(type, payload) {
-    const bytes = buildPacket({
-      type,
-      sourceMac: this.options.sourceMac,
-      destinationMac: this.options.destinationMac,
-      sessionKey: this.sessionKey,
-      counter: this.outCounter,
-      payload
-    });
-    this.activitySinceTick = true;
-    this.emit(bytes);
-    return bytes;
-  }
-  sendData(parts) {
-    const payload = concatBytes2(parts);
-    const bytes = this.sendPacket(MacTelnetPacketType.data, payload);
-    this.outCounter = this.outCounter + payload.length >>> 0;
-    this.pending = {
-      bytes,
-      ackTarget: this.outCounter,
-      attempts: 0,
-      elapsedMs: 0
-    };
-  }
-  tick(nowMs) {
-    if (this.state === "closed")
-      return;
-    const delta = this.lastTickMs === undefined ? 0 : Math.max(0, nowMs - this.lastTickMs);
-    this.lastTickMs = nowMs;
-    if (this.activitySinceTick) {
-      this.idleMs = 0;
-      this.activitySinceTick = false;
-    } else {
-      this.idleMs += delta;
-    }
-    if (this.idleMs >= MAC_TELNET_KEEPALIVE_IDLE_MS) {
-      this.sendKeepalive();
-      this.idleMs = 0;
-    }
-    const pending = this.pending;
-    if (pending && pending.attempts < MAC_TELNET_RETRANSMIT_SCHEDULE_MS.length) {
-      pending.elapsedMs += delta;
-      const wait = MAC_TELNET_RETRANSMIT_SCHEDULE_MS[pending.attempts];
-      if (pending.elapsedMs >= wait) {
-        this.emit(pending.bytes);
-        pending.attempts += 1;
-        pending.elapsedMs = 0;
-      }
-    }
-  }
-  sendKeepalive() {
-    this.emit(encodeHeader({
-      type: MacTelnetPacketType.ack,
-      sourceMac: this.options.sourceMac,
-      destinationMac: this.options.destinationMac,
-      sessionKey: this.sessionKey,
-      counter: this.lastAckCounter
-    }));
-  }
-}
-
 // src/mac-telnet/console.ts
+import { MacTelnetSession } from "@tikoci/centrs/protocols";
 var ESC = "\x1B";
 var enc = new TextEncoder;
 var ANSI_CSI = new RegExp(`${ESC}\\[[0-9;?]*[ -/]*[@-~]`, "g");
@@ -1384,6 +512,15 @@ class MacTelnetConsole {
 }
 
 // src/mac-telnet/client.ts
+import {
+  DEFAULT_MAC_TELNET_BROADCAST,
+  isBroadcastHost,
+  MAC_TELNET_PORT,
+  createUdpMacTelnetTransport,
+  parseMac,
+  resolveMacTelnetRoute
+} from "@tikoci/centrs/protocols";
+
 class MikroTikMacTelnetClient {
   transport = null;
   console = null;
@@ -1456,7 +593,7 @@ class MikroTikMacTelnetClient {
 }
 
 // src/ssh/client.ts
-import { readFileSync as readFileSync3 } from "fs";
+import { readFileSync as readFileSync2 } from "fs";
 import { Client } from "ssh2";
 function decodeOutput(data) {
   if (!data || data.length === 0)
@@ -1491,7 +628,7 @@ class MikroTikSSHClient {
         cfg.privateKey = this.opts.privateKey;
       } else if (this.opts.keyFilename) {
         try {
-          cfg.privateKey = readFileSync3(this.opts.keyFilename);
+          cfg.privateKey = readFileSync2(this.opts.keyFilename);
         } catch (e) {
           this.lastError = `could not read key file ${this.opts.keyFilename}: ${e instanceof Error ? e.message : String(e)}`;
           logger.error(`Failed to read SSH key file ${this.opts.keyFilename}: ${String(e)}`);
@@ -2350,8 +1487,8 @@ function defineTool(def) {
 function registerTools(server, modules, opts = {}) {
   let count = 0;
   const seen = new Set;
-  for (const mod2 of modules) {
-    for (const tool of mod2) {
+  for (const mod of modules) {
+    for (const tool of mod) {
       if (seen.has(tool.name)) {
         throw new Error(`Duplicate tool name registered: ${tool.name}`);
       }
@@ -2486,7 +1623,7 @@ ${result}`;
 ];
 
 // src/core/ui-resources.ts
-import { readFileSync as readFileSync4 } from "fs";
+import { readFileSync as readFileSync3 } from "fs";
 import { join as join3 } from "path";
 import { registerAppResource, RESOURCE_MIME_TYPE } from "@modelcontextprotocol/ext-apps/server";
 
@@ -2533,7 +1670,7 @@ function registerUiResources(server) {
     registerAppResource(server, view.name, uri, { description: view.description, mimeType: RESOURCE_MIME_TYPE }, () => {
       let html;
       try {
-        html = readFileSync4(file, "utf8");
+        html = readFileSync3(file, "utf8");
       } catch {
         html = placeholderHtml(view);
       }
@@ -18499,7 +17636,7 @@ var moduleCatalog = [
 var allToolModules = moduleCatalog.map((m) => m.tools);
 
 // src/observability/dashboard.ts
-import { readFileSync as readFileSync5 } from "fs";
+import { readFileSync as readFileSync4 } from "fs";
 import { join as join4 } from "path";
 var {serve } = globalThis.Bun;
 
@@ -18512,6 +17649,16 @@ function getDeviceStatus(name) {
   return statuses.get(name) ?? UNKNOWN;
 }
 async function probeDevice(name, dc) {
+  if (dc.mac) {
+    const status2 = {
+      reachable: null,
+      checkedAt: Date.now(),
+      latencyMs: null,
+      error: "MAC-Telnet device \u2014 reachability is verified on tool use, not background-probed."
+    };
+    statuses.set(name, status2);
+    return status2;
+  }
   const client = createDeviceClient({
     ...dc,
     timeoutMs: Math.min(dc.timeoutMs ?? 1e4, 8000)
@@ -18819,7 +17966,7 @@ function json(body, status = 200) {
 }
 function dashboardHtml() {
   try {
-    return readFileSync5(join4(UI_DIST_DIR, "observability.html"), "utf8");
+    return readFileSync4(join4(UI_DIST_DIR, "observability.html"), "utf8");
   } catch {
     return `<!doctype html><meta charset=utf-8><body style="font:14px system-ui;padding:24px;background:#0b0d10;color:#e8eaed">
 <h2>MikroTik MCP \u2014 Observability Dashboard</h2>
@@ -18892,8 +18039,11 @@ function devicesPayload(store2) {
     name,
     host: dc.host,
     port: dc.port,
+    mac: dc.mac,
+    transport: dc.mac ? "mac-telnet" : "ssh",
+    address: dc.mac ? dc.mac : `${dc.host}:${dc.port}`,
     username: dc.username,
-    authMode: dc.keyFilename || dc.privateKey ? "key" : dc.password ? "password" : "none",
+    authMode: dc.mac ? "mac-telnet" : dc.keyFilename || dc.privateKey ? "key" : dc.password ? "password" : "none",
     isDefault: name === cfg.defaultDevice,
     description: dc.description,
     status: getDeviceStatus(name),
@@ -19104,7 +18254,7 @@ function corsHeaders(origin, configured) {
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 
 // src/prompts/index.ts
-import { readFileSync as readFileSync6, readdirSync } from "fs";
+import { readFileSync as readFileSync5, readdirSync } from "fs";
 import { join as join5 } from "path";
 import { z as z87 } from "zod";
 function parseFrontmatter(raw) {
@@ -19176,7 +18326,7 @@ function registerPrompts(server) {
   for (const file of files) {
     let parsed;
     try {
-      parsed = parseFrontmatter(readFileSync6(join5(PROMPTS_DIR, file), "utf8"));
+      parsed = parseFrontmatter(readFileSync5(join5(PROMPTS_DIR, file), "utf8"));
     } catch (e) {
       logger.warn(`Skipping prompt ${file}: ${String(e)}`);
       continue;
@@ -19208,7 +18358,7 @@ function registerPrompts(server) {
 // package.json
 var package_default = {
   name: "@usex/mikrotik-mcp",
-  version: "2.2.0",
+  version: "2.3.0",
   description: "Bun-native MCP server for MikroTik RouterOS \u2014 200+ tools over SSH for firewall, NAT, routing, DHCP, DNS, WireGuard, wireless, QoS and more.",
   keywords: [
     "ai",
@@ -19282,6 +18432,7 @@ var package_default = {
   dependencies: {
     "@modelcontextprotocol/ext-apps": "^1.7.4",
     "@modelcontextprotocol/sdk": "^1.29.0",
+    "@tikoci/centrs": "^0.1.0",
     ssh2: "^1.17.0",
     zod: "^4.4.3"
   },
@@ -19525,8 +18676,8 @@ function warnIfPlaintextPasswordInContainer(anyPassword) {
 function listTools() {
   const risk = (a) => a.readOnlyHint ? "READ" : a.destructiveHint ? "DESTRUCTIVE" : "WRITE";
   let total = 0;
-  for (const mod2 of allToolModules) {
-    for (const t of mod2) {
+  for (const mod of allToolModules) {
+    for (const t of mod) {
       total++;
       process.stdout.write(`${risk(t.annotations).padEnd(12)} ${t.name.padEnd(34)} ${t.title}
 `);