* main: (32 commits)
cmd/syncthing: Implement generate as a subcommand with optional API credential setting (fixes#8021) (#8043)
lib/model: Correct "reverting folder" log entry
lib/model: Correct handling of fakefs cache
gui, lib: Fix tracking deleted locally-changed on encrypted (fixes#7715) (#7726)
lib/config: Move the bcrypt password hashing to GUIConfiguration (#8028)
lib/syncthing: Clean up / refactor LoadOrGenerateCertificate() utility function. (#8025)
lib/api: http.Request.BasicAuth instead of custom code (#8039)
Normalize CLI options to always use two dashes. (#8037)
gui: Display identicons for discovered device IDs. (#8022)
cmd/syncthing/cli: indexDumpSize doesn't need a heap (#8024)
lib/model: Optimize jobQueue performance and memory use (#8023)
lib/model: Limit the number of default hashers on Android (ref #2220)
lib/model: Set mod. time after writing trailer in shortcut (ref #7992)
lib/protocol: Simplify codeToError, errorToCode
lib/protocol: Eliminate nativeModel on Unix
gui: Add direct link to Ignore Patterns from folder panel (fixes#4293) (#7993)
gui: Translate theme names in settings (#8006)
lib/model: Pull when a new connection is established (fixes#8012) (#8013)
gui, man, authors: Update docs, translations, and contributors
gui, man, authors: Update docs, translations, and contributors
...
The locking protocol in nat.Mapping was racy:
* Mapping.addressMap RLock'd, but then returned a map shared between
caller and Mapping, so the lock didn't do anything.
* Operations inside Service.{verifyExistingMappings,acquireNewMappings}
would lock the map for every update, but that means callers to
Mapping.ExternalAddresses can be looping over the map while the
Service methods are concurrently modifying it. When the Go runtime
detects that happening, it panics.
* Mapping.expires was read and updated without locking.
The Service methods now lock the map once and release the lock only when
done.
Also, subscribers no longer get the added and removed addresses, because
none of them were using the information. This was changed for a previous
attempt to retain the fine-grained locking and not reverted because it
simplifies the code.
LoadOrGenerateCertificate() takes two file path arguments, but then
uses the locations package to determine the actual path. Fix that
with a minimally invasive change, by using the arguments instead.
Factor out GenerateCertificate().
The only caller of this function is cmd/syncthing, which passes the
same values, so this is technically a no-op.
* lib/tlsutil: Make storing generated certificate optional. Avoid
temporary cert and key files in tests, keep cert in memory.
Registry.Get used a full sort to get the minimum of a list, and the sort
was broken because util.AddressUnspecifiedLess assumed it could find out
whether an address is IPv4 or IPv6 from its Network method. However,
net.(TCP|UDP)Addr.Network always returns "tcp"/"udp".
Establish a connection over both TCP and QUIC and transmit a simple
message over it. Presumably this should weed out panics and crap from
the QUIC package at test time...
Before this patch, IPv4-compatible addresses (::ffff:aaa.bbb.ccc.ddd)
may be used if a quic6://some.domain:port is specified and both IPv4 and
IPv6 addresses exist for that domain name.
* Trigger connection loop on config device addition (fixes#7600)
* Also check for device address equality
* Move EqualStrings from api_test to utils, and use in connections/service.go
* Make sure CommitConfiguration cannot block due on the deviceAddressesChanged channel
* Update lib/connections/service.go
Co-authored-by: Jakob Borg <jakob@kastelo.net>
This truncates times meant for API consumption to second precision,
where fractions won't typically matter or add any value. Exception to
this is timestamps on logs and events, and of course I'm not touching
things like file metadata.
I'm not 100% certain this is an exhaustive change, but it's the things I
found by grepping and following the breadcrumbs from lib/api...
I also considered general-but-ugly solutions, like having the API
serializer itself do reflection magic or even regexps on returned
objects, but decided against it because aurgh...
This adds two new configuration options:
// The number of connections at which we stop trying to connect to more
// devices, zero meaning no limit. Does not affect incoming connections.
ConnectionLimitEnough int
// The maximum number of connections which we will allow in total, zero
// meaning no limit. Affects incoming connections and prevents
// attempting outgoing connections.
ConnectionLimitMax int
These can be used to limit the number of concurrent connections in
various ways.
This adds a statistic to track the last connection duration per device.
It isn't used for much in this PR, but it's available for #7223 to use
in deciding how to order device connection attempts (deprioritizing
devices that just dropped our connection the last time).
This breaks out some methods from the connection loop to make it simpler
to manage and understand.
Some slight simplifications to remove the `seen` variable (we can filter
`nextDial` based on times are in the future or not, so we don't need to
track `seen`) and adding a minimum loop interval (5s) in case some
dialer goes haywire and requests a 0s redial interval or such.
Otherwise no significant behavioral changes.
