feat(p2p): add ICMP backend support

Author: fumiama

README.md

@@ -15,7 +15,7 @@ WireGold is a pure Go Layer 3 VPN inspired by WireGuard.
 ### Features
 
 - **Encryption**: XChaCha20-Poly1305 (AEAD) + Curve25519 key exchange + BLAKE2B integrity check
-- **Transport**: UDP / UDP-Lite / TCP / Raw IP
+- **Transport**: UDP / UDP-Lite / TCP / Raw IP / ICMP
 - **Encoding**: Optional Base16384 encoding to traverse text-only filters
 - **Anti-censorship**: XOR mask header obfuscation + randomized MTU scaling + optional double-send
 - **Compression**: Optional Zstd payload compression
@@ -54,14 +54,17 @@ wg [-c config.yaml] [-d|w] [-g] [-h] [-p] [-l log.txt]
 
 - **macOS Mojave**: max MTU (IPv4 endpoint) is `9159`
 - **IPv6 endpoint**: recommended MTU `1280–1500` to avoid oversized segment drops
+- **ICMP / Raw IP endpoint**: use bare IP address without port (e.g. `0.0.0.0`), requires root/admin privileges
 
 ```yaml
 IP: 192.168.233.1
 SubNet: 192.168.233.0/24
 PrivateKey: 暲菉斂狧污爉窫擸紈卆帞蔩慈睠庮扝憚瞼縀
+Network: udp  # udp (default), udplite, tcp, ip, icmp
 EndPoint: 0.0.0.0:56789
 MTU: 1504
 SpeedLoop: 4096
+MaxTTL: 64
 Mask: 0x1234567890abcdef
 Base14: true
 Peers:
@@ -94,6 +97,9 @@ Peers:
 
 | Field | Description |
 |-------|-------------|
+| `Network` | Transport protocol: `udp` (default), `udplite`, `tcp`, `ip`, `icmp` |
+| `MaxTTL` | Initial TTL for outgoing packets; default `64` |
+| `SpeedLoop` | Log receive throughput statistics every N packets; default `4096` |
 | `AllowedIPs` | Prefix `x` to accept packets from the subnet without creating a system route; prefix `y` to add an internal route table entry only |
 | `Mask` | XOR mask for header obfuscation |
 | `Base14` | Enable Base16384 encoding |

README_ZH.md

@@ -15,7 +15,7 @@ WireGold 是一个纯 Go 实现的第 3 层 VPN，灵感来自 WireGuard。
 ### 主要特性
 
 - **加密**: XChaCha20-Poly1305 (AEAD) + Curve25519 密钥交换 + BLAKE2B 完整性校验
-- **传输**: 支持 UDP / UDP-Lite / TCP / Raw IP 多种底层传输
+- **传输**: 支持 UDP / UDP-Lite / TCP / Raw IP / ICMP 多种底层传输
 - **编码**: 可选 Base16384 编码以穿越文本过滤
 - **抗审查**: XOR 掩码混淆报头 + 随机 MTU 放缩 + 可选双倍发包
 - **压缩**: 可选 Zstd 数据压缩
@@ -53,14 +53,17 @@ wg [-c config.yaml] [-d|w] [-g] [-h] [-p] [-l log.txt]
 
 - **macOS Mojave**: 最大 MTU (IPv4 endpoint) 为 `9159`
 - **IPv6 endpoint**: 推荐 MTU `1280~1500`，避免大分片被丢弃
+- **ICMP / Raw IP endpoint**: 使用裸 IP 地址，无需端口号 (如 `0.0.0.0`)。需要 root/管理员权限
 
 ```yaml
 IP: 192.168.233.1
 SubNet: 192.168.233.0/24
 PrivateKey: 暲菉斂狧污爉窫擸紈卆帞蔩慈睠庮扝憚瞼縀
+Network: udp  # udp (默认), udplite, tcp, ip, icmp
 EndPoint: 0.0.0.0:56789
 MTU: 1504
 SpeedLoop: 4096
+MaxTTL: 64
 Mask: 0x1234567890abcdef
 Base14: true
 Peers:
@@ -93,6 +96,9 @@ Peers:
 
 | 字段 | 说明 |
 |------|------|
+| `Network` | 传输协议: `udp` (默认), `udplite`, `tcp`, `ip`, `icmp` |
+| `MaxTTL` | 发包初始 TTL，默认 `64` |
+| `SpeedLoop` | 每收到 N 个包时输出一次吞吐统计，默认 `4096` |
 | `AllowedIPs` | 前缀 `x` 表示只接受该网段报文但不建系统路由；前缀 `y` 表示只添加内部路由表条目 |
 | `Mask` | XOR 掩码，用于混淆报头 |
 | `Base14` | 启用 Base16384 编码 |

go.mod

@@ -12,12 +12,13 @@ require (
 	github.com/fumiama/water v0.0.0-20211231134027-da391938d6ac
 	github.com/klauspost/compress v1.18.5
 	github.com/sirupsen/logrus v1.9.4
-	golang.org/x/crypto v0.49.0
+	golang.org/x/crypto v0.50.0
+	golang.org/x/net v0.53.0
+	golang.org/x/sys v0.43.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	github.com/fumiama/wintun v0.0.0-20211229152851-8bc97c8034c0 // indirect
-	golang.org/x/sys v0.43.0 // indirect
-	golang.org/x/text v0.35.0 // indirect
+	golang.org/x/text v0.36.0 // indirect
 )

go.sum

@@ -30,18 +30,20 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
-golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
+golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI=
+golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA=
+golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
 golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
-golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
+golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
+golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

gold/link/me.go

@@ -208,7 +208,10 @@ func (m *Me) NetworkConfigs() []any {
 
 func (m *Me) Close() error {
 	for i := 0; i < len(m.jobs); i++ {
-		close(m.jobs[i])
+		jb := m.jobs[i]
+		if jb != nil {
+			close(jb)
+		}
 	}
 	m.connections = nil
 	if bin.IsNonNilInterface(m.conn) {

gold/link/peer.go

@@ -137,8 +137,8 @@ func (m *Me) extractPeer(srcip, dstip net.IP, addr p2p.EndPoint) *Link {
 		logrus.Warnln(file.Header(), "packet from", srcip, "to", dstip, "is refused")
 		return nil
 	}
-	if bin.IsNilInterface(p.endpoint) || !p.endpoint.Euqal(addr) {
-		if m.ep.Network() == "tcp" && !addr.Euqal(p.endpoint) {
+	if bin.IsNilInterface(p.endpoint) || !p.endpoint.Equal(addr) {
+		if m.ep.Network() == "tcp" && !addr.Equal(p.endpoint) {
 			logrus.Infoln(file.Header(), "set endpoint of peer", p.peerip, "to", addr.String())
 			p.endpoint = addr
 		} else { // others are all no status link

gold/link/send.go

@@ -75,16 +75,12 @@ func (l *Link) write2peer(b pbuf.Bytes, seq uint32) {
 	if l.doublepacket {
 		err := l.write2peer1(b, seq)
 		if err != nil {
-			if config.ShowDebugLog {
-				logrus.Warnln("[send] double wr2peer", l.peerip, "err:", err)
-			}
+			logrus.Warnln("[send] double wr2peer", l.peerip, "err:", err)
 		}
 	}
 	err := l.write2peer1(b, seq)
 	if err != nil {
-		if config.ShowDebugLog {
-			logrus.Warnln("[send] wr2peer", l.peerip, "err:", err)
-		}
+		logrus.Warnln("[send] wr2peer", l.peerip, "err:", err)
 	}
 }
 

gold/p2p/define.go

@@ -23,7 +23,7 @@ func Register(network string, initializer Initializer) (actual Initializer, hase
 type EndPoint interface {
 	fmt.Stringer
 	Network() string
-	Euqal(EndPoint) bool
+	Equal(EndPoint) bool
 	Listen() (Conn, error)
 }