install error

README-ZH.md

@@ -1,22 +1,30 @@
-[English](/README.md)|中文  
+# [English](/README.md)|中文  
 网站: [openp2p.cn](https://openp2p.cn)
 ## OpenP2P是什么
-它是一个开源、免费、轻量级的P2P共享网络。任何设备接入OpenP2P，随时随地访问它们。
+它是一个开源、免费、轻量级的P2P共享网络。任何设备接入OpenP2P，随时随地访问它们。相比BT网络用来共享文件，OpenP2P网络用来共享带宽。
 我们的目标是：充分利用带宽，利用共享节点转发数据，建设一个远程连接的通用基础设施。
 
 ## 为什么选择OpenP2P
-### 免费
-完全免费，满足大部分用户的核心白票需求。不像其它类似的产品，我们不需要有公网IP的服务器，不需要花钱买服务。了解它原理即可理解为什么能做到免费。
-### 安全
-代码开源，接受各位大佬检验。下面详细展开
-### 轻量
+### 1. 免费
+完全免费，满足大部分用户的核心白票需求。不像其它类似的产品，OpenP2P不需要有公网IP的服务器，不需要花钱买服务。了解它原理即可理解为什么能做到免费。
+### 2. 共享
+你的设备会形成一个私有P2P网络，它们之间共享带宽，提供网络数据转发服务。
+当你的私有P2P网络下没有可以提供转发服务的节点时，会尝试在公共P2P网络寻找转发节点。
+默认会开启共享限速10mbps，只有你用户下提供了共享节点才能使用别人的共享节点。这非常公平，也是这个项目的初衷。
+我们建议你在带宽足够的地方（比如办公室，家里的百兆光纤）加入共享网络。
+如果你不想共享任何节点，或设置共享带宽，请查看[详细使用说明](/USAGE-ZH.md)
+### 3. 安全
+代码开源，P2P隧道使用TLS1.3+AES双重加密，共享节点临时授权使用TOTP一次性密码
+
+[查看详细](#安全性)
+### 4. 轻量
 文件大小2MB+，运行内存2MB+；全部在应用层实现，没有虚拟网卡，没有内核程序
-### 跨平台
+### 5. 跨平台
 因为轻量，所以很容易支持各个平台。支持主流的操作系统：Windows,Linux,MacOS；和主流的cpu架构：386、amd64、arm、arm64、mipsle、mipsle64、mips、mips64
-### 高效
+### 6. 高效
 P2P直连可以让你的设备跑满带宽。不论你的设备在任何网络环境，无论NAT1-4（Cone或Symmetric），都支持。依靠Quic协议优秀的拥塞算法，能在糟糕的网络环境获得高带宽低延时。
 
-### 二次开发
+### 7. 二次开发
 基于OpenP2P只需数行代码，就能让原来只能局域网通信的程序，变成任何内网都能通信
 
 ## 快速入门
@@ -27,15 +35,15 @@ P2P直连可以让你的设备跑满带宽。不论你的设备在任何网络
 以一个最常见的例子说明OpenP2P如何使用：远程办公，在家里连入办公室Windows电脑。  
 相信很多人在疫情下远程办公是刚需。
 1. 先确认办公室电脑已开启远程桌面功能（如何开启参考官方说明https://docs.microsoft.com/zh-cn/windows-server/remote/remote-desktop-services/clients/remote-desktop-allow-access）
-2. 在办公室下载最新的[OpenP2P](https://gitee.com/tenderiron/openp2p/releases/),解压出来,在命令行执行
+2. 在办公室下载最新的`OpenP2P`[下载页](https://openp2p.cn/),解压出来,在命令行执行
    ```
    openp2p.exe install -node OFFICEPC1 -user USERNAME1 -password PASSWORD1  
    ```
    
-   > :warning: **切记将标记大写的参数改成自己的**
+   > :warning: **切记将标记大写的参数改成自己的,3个参数的长度必须>=8个字符**
 
    ![image](/doc/images/officelisten.png)
-3. 在家里下载最新的[OpenP2P](https://gitee.com/tenderiron/openp2p/releases/),解压出来,在命令行执行
+3. 在家里下载最新的OpenP2P,解压出来,在命令行执行
    ```
    openp2p.exe -d -node HOMEPC123 -user USERNAME1 -password PASSWORD1 --peernode OFFICEPC1 --dstip 127.0.0.1 --dstport 3389 --srcport 23389 --protocol tcp
    ```
@@ -50,16 +58,17 @@ P2P直连可以让你的设备跑满带宽。不论你的设备在任何网络
 
    ![image](/doc/images/afterconnect.png)
 
-## [详细使用说明](/USAGE-ZH.md)
+## 详细使用说明
+[这里](/USAGE-ZH.md)详细介绍如何使用和运行参数
+
 ## 典型应用场景
 特别适合大流量的内网访问
-### 远程办公
-Windows MSTSC、VNC等远程桌面，SSH，内网各种ERP系统
-### 远程访问NAS
-管理大量视频、图片
-### 远程监控摄像头
-### 远程刷机
-### 远程数据备份
+>*  远程办公: Windows MSTSC、VNC等远程桌面，SSH，内网各种ERP系统
+>*  远程访问内网ERP系统
+>*  远程访问NAS: 管理大量视频、图片
+>*  远程监控摄像头
+>*  远程刷机
+>*  远程数据备份
 ---
 ## 概要设计
 ### 原型
@@ -69,18 +78,14 @@ Windows MSTSC、VNC等远程桌面，SSH，内网各种ERP系统
 ### P2PApp
 它是项目里最重要的概念，一个P2PApp就是把远程的一个服务（mstsc/ssh等）通过P2P网络映射到本地监听。二次开发或者我们提供的Restful API，主要工作就是管理P2PApp
 ![image](/doc/images/appdetail.png)
-## 共享
-默认会开启共享限速10mbps，只有你用户下提供了共享节点才能使用别人的共享节点。这非常公平，也是这个项目的初衷。
-我们建议你在带宽足够的地方（比如办公室，家里的百兆光纤）加入共享网络。
-如果你仍然不想共享任何节点，请查看运行参数
 ## 安全性
 加入OpenP2P共享网络的节点，只能凭授权访问。共享节点只会中转数据，别人无法访问内网任何资源。
-### TLS1.3+AES
+### 1. TLS1.3+AES
 两个节点间通信数据走业界最安全的TLS1.3通道。通信内容还会使用AES加密，双重安全，密钥是通过服务端作换。有效阻止中间人攻击
-### 共享的中转节点是否会获得我的数据
+### 2. 共享的中转节点是否会获得我的数据
 没错，中转节点天然就是一个中间人，所以才加上AES加密通信内容保证安全。中转节点是无法获取明文的
 
-### 中转节点是如何校验权限的
+### 3. 中转节点是如何校验权限的
 服务端有个调度模型，根据带宽、ping值、稳定性、服务时长，尽可能地使共享节点均匀地提供服务。连接共享节点使用TOTP密码，hmac-sha256算法校验，它是一次性密码，和我们平时使用的手机验证码或银行密码器一样的原理。
 
 ## 编译

README.md

@@ -1,25 +1,32 @@
-English|[中文](/README-ZH.md)  
+# English|[中文](/README-ZH.md)  
 Website: [openp2p.cn](https://openp2p.cn)
 ## What is OpenP2P
-It is an open source, free, and lightweight P2P sharing network. As long as any device joins in, you can access them anywhere.
+It is an open source, free, and lightweight P2P sharing network. As long as any device joins in, you can access them anywhere. Compared with the BT network used to share files, the OpenP2P network is used to share bandwidth.
 Our goal is to make full use of bandwidth, use shared nodes to relay data, and build a common infrastructure for remote connections.
 ## Why OpenP2P
-### Free
-Totaly free, fullfills most of users(especially free-rider). Unlike other similar products, we don't need a server with public IP, and don't need to pay for services.By understanding its principle, you can understand why it can be done for free.
+### 1. Free
+Totaly free, fullfills most of users(especially free-rider). Unlike other similar products, OpenP2p doesn't need a server with public IP, and doesn't need to pay for services.By understanding its principle, you can understand why it can be done for free.
+### 2. Share
+Your devices will form a private P2P network, share bandwidth between them, and provide network data forwarding services.
+When there is no node that can provide forwarding services in your private P2P network, you will try to find forwarding nodes in the public P2P network.
+10mbps is its default setting of share speed limit. Only when you have shared their nodes, you are allowed to use others' shared nodes. This is very fair, and it is also the original intention of this project.
+We recommend that you join a shared network in a place with sufficient bandwidth (such as an office or home with 100M optical fiber).
+If you are not willing to contribute any node to the OpenP2P share network, please refer to the [usage](/USAGE.md) for your own setting.
+### 3. Safe
+The code is open source, the P2P tunnel uses TLS1.3+AES double encryption, and the shared node temporarily authorizes the use of the TOTP one-time password
+  
+[details](#Safety)
 
-### Safe
-Open source, trustable(see details below)
-
-### Lightweight
+### 4. Lightweight
 2MB+ filesize, 2MB+ memory. It runs at appllication layer, no vitrual NIC, no kernel driver.
 
-### Cross-platform
+### 5. Cross-platform
 Benefit from lightweight, it easily supports most of major OS, like Windows, Linux, MacOS, also most of CPU architecture, like 386、amd64、arm、arm64、mipsle、mipsle64、mips、mips64.
 
-### Efficient
+### 6. Efficient
 P2P direct connection lets your devices make good use of bandwidth.  Your device can be connected in any network environments, even supports NAT1-4 (Cone or Symmetric). Relying on the excellent congestion algorithm of the Quic protocol, high bandwidth and low latency can be obtained in a bad network environment.
 
-### Integration
+### 7. Integration
 Your applicaiton can call OpenP2P with a few code to make any internal networks communicate with each other.
 
 ## Get Started
@@ -36,23 +43,23 @@ Under the outbreak of covid-19 pandemic, surely remote work becomes a fundamenta
    Output sample
    ![image](/doc/images/officelisten_linux.png)
 
-2. Download the latest version of [OpenP2P](https://github.com/openp2p-cn/openp2p/releases),unzip the downloaded package, and execute below command line.
+2. Download the latest version of `OpenP2P` [Download Page](https://openp2p.cn/),unzip the downloaded package, and execute below command line.
    ```
-   tar xvf openp2p0.95.3.linux-amd64.tar.gz
+   tar xzvf ${PackageName}
    ./openp2p install -node OFFICEPC1 -user USERNAME1 -password PASSWORD1
    ```
 
-   > :warning: **Must change the parameters marked in uppercase to your own**
+   > :warning: **Must change the parameters marked in UPPERCASE to your own. These 3 parameters must >= 8 charaters**
 
    Output sample
    ![image](/doc/images/officeexecute_linux.png)
 
-3. Download the same package of [OpenP2P](https://github.com/openp2p-cn/openp2p/releases) on your home device，unzip and execute below command line.
+3. Download OpenP2P on your home device，unzip and execute below command line.
    ```
    openp2p.exe -d -node HOMEPC123 -user USERNAME1 -password PASSWORD1 --peernode OFFICEPC1 --dstip 127.0.0.1 --dstport 22 --srcport 22022 --protocol tcp
    ```
    
-   > :warning: **Must change the parameters marked in uppercase to your own**
+   > :warning: **Must change the parameters marked in UPPERCASE to your own**
 
    Output sample  
    ![image](/doc/images/homeconnect_windows.png)  
@@ -67,18 +74,17 @@ Under the outbreak of covid-19 pandemic, surely remote work becomes a fundamenta
    ![image](/doc/images/sshconnect.png)
 
 
-## [Usage](/USAGE.md)
+## Usage
+[Here](/USAGE.md) is a detailed description of how to use and running parameters
 
 ## Scenarios 
 Especially suitable for large traffic intranet access.
-### Remote work
-Windows MSTSC, VNC and other remote desktops, SSH, various ERP systems in the intranet
-
-### Remote Access NAS
-Manage a large number of videos and pictures
-### Remote Access Camera
-### Remote Flashing Phone
-### Remotely Data Backup
+>*  Remote work: Windows MSTSC, VNC and other remote desktops, SSH, various ERP systems in the intranet
+>*  Remote access ERP systems in the intranet
+>*  Remote access NAS: Manage a large number of videos and pictures
+>*  Remote access camera
+>*  Remote flashing phone
+>*  Remotely data backup
 ---
 ## Overview Design
 ### Prototype
@@ -89,19 +95,16 @@ Manage a large number of videos and pictures
 P2PAPP is the most import concept in this project, one P2PApp is able to map the remote service(mstsc/ssh) to the local listening. The main job of re-development or restful API we provide is to manage P2PApp.
 
 ![image](/doc/images/appdetail.png)
-## Share
-10mbps is its default setting of share speed limit. Only when your users have shared their nodes, they are allowed to use others' shared nodes. This is very fair, and it is also the original intention of this project.
-We recommend that you join a shared network in a place with sufficient bandwidth (such as an office or home with 100M optical fiber).
-If you are still not willing to contribute any node to the OpenP2P share network, please refer to the operating parameters for your own setting.
+
 ## Safety
 The nodes which have joined the OpenP2P share network can vist each other by authentications. Shared nodes will only relay data, and others cannot access any resources in the intranet.
 
-### TLS1.3+AES
+### 1. TLS1.3+AES
 The communication data between the two nodes uses the industry's most secure TLS1.3 channel. The communication content will also use AES encryption, double security, the key is exchanged through the server. Effectively prevent man-in-the-middle attacks.
 
-### Will the shared node capture my data?
+### 2. Will the shared node capture my data?
 That's right, the relay node is naturally an man-in-middle, so AES encryption is added to ensure the security of the communication content. The relay node cannot obtain the plaintext.
-### How does the shared relay node verify the authority?
+### 3. How does the shared relay node verify the authority?
 The server side has a scheduling model, which calculate  bandwith, ping value,stability and service duration to provide a well-proportioned service to every share node. It uses TOTP(Time-based One-time Password) with hmac-sha256 algorithem, its theory as same as the cellphone validation code or bank cipher coder.
 
 ## Build

config.go

@@ -48,7 +48,10 @@ func (c *Config) add(app AppConfig) {
 
 func (c *Config) save() {
 	data, _ := json.MarshalIndent(c, "", "")
-	ioutil.WriteFile("config.json", data, 0644)
+	err := ioutil.WriteFile("config.json", data, 0644)
+	if err != nil {
+		gLog.Println(LevelERROR, "save config.json error:", err)
+	}
 }
 
 func (c *Config) load() error {
@@ -77,7 +80,7 @@ type NetworkConfig struct {
 	os             string
 	publicIP       string
 	natType        int
-	shareBandwidth int
+	ShareBandwidth int
 	// server info
 	ServerHost string
 	ServerPort int

daemon.go

@@ -129,9 +129,34 @@ func install() {
 	shareBandwidth := installFlag.Int("sharebandwidth", 10, "N mbps share bandwidth limit, private node no limit")
 	// logLevel := installFlag.Int("loglevel", 1, "0:debug 1:info 2:warn 3:error")
 	installFlag.Parse(os.Args[2:])
+	checkParams(*node, *user, *password)
+	gConf.Network.ServerHost = *serverHost
+	gConf.Network.User = *user
+	gConf.Network.Node = *node
+	gConf.Network.Password = *password
+	gConf.Network.ServerPort = 27182
+	gConf.Network.UDPPort1 = 27182
+	gConf.Network.UDPPort2 = 27183
+	gConf.Network.NoShare = *noShare
+	gConf.Network.ShareBandwidth = *shareBandwidth
+	config := AppConfig{}
+	config.PeerNode = *peerNode
+	config.PeerUser = *peerUser
+	config.PeerPassword = *peerPassword
+	config.DstHost = *dstIP
+	config.DstPort = *dstPort
+	config.SrcPort = *srcPort
+	config.Protocol = *protocol
+	gConf.add(config)
+	os.MkdirAll(defaultInstallPath, 0775)
+	err := os.Chdir(defaultInstallPath)
+	if err != nil {
+		gLog.Println(LevelERROR, "cd error:", err)
+	}
+	gConf.save()
 
 	// copy files
-	os.MkdirAll(defaultInstallPath, 0775)
+
 	targetPath := filepath.Join(defaultInstallPath, defaultBinName)
 	binPath, _ := os.Executable()
 	src, errFiles := os.Open(binPath) // can not use args[0], on Windows call openp2p is ok(=openp2p.exe)
@@ -153,34 +178,13 @@ func install() {
 	}
 	src.Close()
 	dst.Close()
-	gConf.Network.ServerHost = *serverHost
-	gConf.Network.User = *user
-	gConf.Network.Node = *node
-	gConf.Network.Password = *password
-	gConf.Network.ServerPort = 27182
-	gConf.Network.UDPPort1 = 27182
-	gConf.Network.UDPPort2 = 27183
-	gConf.Network.NoShare = *noShare
-	gConf.Network.shareBandwidth = *shareBandwidth
-	config := AppConfig{}
-	config.PeerNode = *peerNode
-	config.PeerUser = *peerUser
-	config.PeerPassword = *peerPassword
-	config.DstHost = *dstIP
-	config.DstPort = *dstPort
-	config.SrcPort = *srcPort
-	config.Protocol = *protocol
-	gConf.add(config)
-	// TODO other params
-	os.Chdir(defaultInstallPath)
-	gConf.save()
 
 	// install system service
 	d := daemon{}
 
 	// args := []string{""}
 	gLog.Println(LevelINFO, "targetPath:", targetPath)
-	err := d.Control("install", targetPath, []string{"-d", "-f"})
+	err = d.Control("install", targetPath, []string{"-d", "-f"})
 	if err != nil {
 		gLog.Println(LevelERROR, "install system service error:", err)
 	} else {
@@ -210,3 +214,18 @@ func uninstall() {
 	os.Rename(binPath, binPath+"0")
 	os.RemoveAll(defaultInstallPath)
 }
+
+func checkParams(node, user, password string) {
+	if len(node) < 8 {
+		gLog.Println(LevelERROR, "node name too short, it must >=8 charaters")
+		os.Exit(9)
+	}
+	if len(user) < 8 {
+		gLog.Println(LevelERROR, "user name too short, it must >=8 charaters")
+		os.Exit(9)
+	}
+	if len(password) < 8 {
+		gLog.Println(LevelERROR, "password too short, it must >=8 charaters")
+		os.Exit(9)
+	}
+}

errorcode.go

@@ -0,0 +1,13 @@
+package main
+
+import (
+	"errors"
+)
+
+// error message
+var (
+	// ErrorS2S string = "s2s is not supported"
+	// ErrorHandshake string = "handshake error"
+	ErrorS2S       = errors.New("s2s is not supported")
+	ErrorHandshake = errors.New("handshake error")
+)

nat.go

@@ -39,6 +39,35 @@ func natTest(serverHost string, serverPort int, localPort int, echoPort int) (pu
 	}
 	natRsp := NatDetectRsp{}
 	err = json.Unmarshal(buffer[openP2PHeaderSize:nRead], &natRsp)
+
+	// testing for public ip
+	if echoPort != 0 {
+		for {
+			gLog.Printf(LevelINFO, "public ip test start %s:%d", natRsp.IP, echoPort)
+			conn, err := net.ListenUDP("udp", nil)
+			if err != nil {
+				break
+			}
+			defer conn.Close()
+			dst, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", natRsp.IP, echoPort))
+			if err != nil {
+				break
+			}
+			conn.WriteTo([]byte("echo"), dst)
+			buf := make([]byte, 1600)
+
+			// wait for echo testing
+			conn.SetReadDeadline(time.Now().Add(PublicIPEchoTimeout))
+			_, _, err = conn.ReadFromUDP(buf)
+			if err == nil {
+				gLog.Println(LevelINFO, "public ip:YES")
+				natRsp.IsPublicIP = 1
+			} else {
+				gLog.Println(LevelINFO, "public ip:NO")
+			}
+			break
+		}
+	}
 	return natRsp.IP, natRsp.IsPublicIP, natRsp.Port, nil
 }
 

openp2p.go

@@ -22,6 +22,14 @@ func main() {
 		case "update":
 			gLog = InitLogger(filepath.Dir(os.Args[0]), "openp2p", LevelDEBUG, 1024*1024, LogFileAndConsole)
 			update()
+			targetPath := filepath.Join(defaultInstallPath, defaultBinName)
+			d := daemon{}
+			err := d.Control("restart", targetPath, []string{"-d", "-f"})
+			if err != nil {
+				gLog.Println(LevelERROR, "restart service error:", err)
+			} else {
+				gLog.Println(LevelINFO, "restart service ok.")
+			}
 			return
 		case "install":
 			install()
@@ -50,6 +58,7 @@ func main() {
 	byDaemon := flag.Bool("bydaemon", false, "start by daemon")
 	logLevel := flag.Int("loglevel", 1, "0:debug 1:info 2:warn 3:error")
 	flag.Parse()
+
 	gLog = InitLogger(filepath.Dir(os.Args[0]), "openp2p", LogLevel(*logLevel), 1024*1024, LogFileAndConsole)
 	gLog.Println(LevelINFO, "openp2p start. version: ", OpenP2PVersion)
 	if *daemonMode {
@@ -59,18 +68,7 @@ func main() {
 	}
 	if !*configFile {
 		// validate cmd params
-		if *node == "" {
-			gLog.Println(LevelERROR, "node name not set", os.Args, len(os.Args), os.Args[0])
-			return
-		}
-		if *user == "" {
-			gLog.Println(LevelERROR, "user name not set")
-			return
-		}
-		if *password == "" {
-			gLog.Println(LevelERROR, "password not set")
-			return
-		}
+		checkParams(*node, *user, *password)
 		if *peerNode != "" {
 			if *dstPort == 0 {
 				gLog.Println(LevelERROR, "dstPort not set")
@@ -109,7 +107,7 @@ func main() {
 			UDPPort1:       27182,
 			UDPPort2:       27183,
 			ipv6:           "240e:3b7:621:def0:fda4:dd7f:36a1:2803", // TODO: detect real ipv6
-			shareBandwidth: *shareBandwidth,
+			ShareBandwidth: *shareBandwidth,
 		}
 	}
 	// gConf.save() // not change config file

p2papp.go

@@ -24,6 +24,9 @@ type p2pApp struct {
 }
 
 func (app *p2pApp) isActive() bool {
+	if app.tunnel == nil {
+		return false
+	}
 	if app.rtid == 0 { // direct mode app heartbeat equals to tunnel heartbeat
 		return app.tunnel.isActive()
 	}
@@ -119,7 +122,9 @@ func (app *p2pApp) close() {
 	if app.listener != nil {
 		app.listener.Close()
 	}
-	app.tunnel.closeOverlayConns(app.id)
+	if app.tunnel != nil {
+		app.tunnel.closeOverlayConns(app.id)
+	}
 	app.wg.Wait()
 }
 

p2pnetwork.go

@@ -30,7 +30,8 @@ type P2PNetwork struct {
 	restartCh chan bool
 	wg        sync.WaitGroup
 	writeMtx  sync.Mutex
-	serverTs  uint64
+	serverTs  int64
+	localTs   int64
 	// msgMap    sync.Map
 	msgMap     map[uint64]chan []byte //key: nodeID
 	msgMapMtx  sync.Mutex
@@ -48,7 +49,7 @@ func P2PNetworkInstance(config *NetworkConfig) *P2PNetwork {
 				online:    false,
 				running:   true,
 				msgMap:    make(map[uint64]chan []byte),
-				limiter:   newBandwidthLimiter(config.shareBandwidth),
+				limiter:   newBandwidthLimiter(config.ShareBandwidth),
 			}
 			instance.msgMap[0] = make(chan []byte) // for gateway
 			if config != nil {
@@ -249,7 +250,7 @@ func (pn *P2PNetwork) AddApp(config AppConfig) error {
 		PeerUser:       config.PeerUser,
 		PeerNatType:    peerNatType,
 		PeerIP:         peerIP,
-		ShareBandwidth: pn.config.shareBandwidth,
+		ShareBandwidth: pn.config.ShareBandwidth,
 		RelayNode:      relayNode,
 		Version:        OpenP2PVersion,
 	}
@@ -391,7 +392,6 @@ func (pn *P2PNetwork) init() error {
 		q.Add("password", pn.config.Password)
 		q.Add("version", OpenP2PVersion)
 		q.Add("nattype", fmt.Sprintf("%d", pn.config.natType))
-		q.Add("timestamp", fmt.Sprintf("%d", time.Now().Unix()))
 
 		noShareStr := "false"
 		if pn.config.NoShare {
@@ -465,8 +465,9 @@ func (pn *P2PNetwork) handleMessage(t int, msg []byte) {
 			gLog.Printf(LevelERROR, "login error:%d, detail:%s", rsp.Error, rsp.Detail)
 			pn.running = false
 		} else {
-			gLog.Printf(LevelINFO, "login ok. Server ts=%d, local ts=%d", rsp.Ts, time.Now().Unix())
 			pn.serverTs = rsp.Ts
+			pn.localTs = time.Now().Unix()
+			gLog.Printf(LevelINFO, "login ok. Server ts=%d, local ts=%d", rsp.Ts, pn.localTs)
 		}
 	case MsgHeartbeat:
 		gLog.Printf(LevelDEBUG, "P2PNetwork heartbeat ok")
@@ -609,7 +610,9 @@ func (pn *P2PNetwork) handlePush(subType uint16, msg []byte) error {
 		gLog.Printf(LevelINFO, "%s is connecting...", req.From)
 		gLog.Println(LevelDEBUG, "push connect response to ", req.From)
 		// verify token or name&password
-		if VerifyTOTP(req.Token, pn.config.User, pn.config.Password, time.Now().Unix()) || (req.User == pn.config.User && req.Password == pn.config.Password) {
+		if VerifyTOTP(req.Token, pn.config.User, pn.config.Password, time.Now().Unix()+(pn.serverTs-pn.localTs)) || // localTs may behind, auto adjust ts
+			VerifyTOTP(req.Token, pn.config.User, pn.config.Password, time.Now().Unix()) ||
+			(req.User == pn.config.User && req.Password == pn.config.Password) {
 			gLog.Printf(LevelINFO, "Access Granted\n")
 			config := AppConfig{}
 			config.peerNatType = req.NatType
@@ -618,8 +621,8 @@ func (pn *P2PNetwork) handlePush(subType uint16, msg []byte) error {
 			config.PeerNode = req.From
 			// share relay node will limit bandwidth
 			if req.User != pn.config.User || req.Password != pn.config.Password {
-				gLog.Printf(LevelINFO, "set share bandwidth %d mbps", pn.config.shareBandwidth)
-				config.shareBandwidth = pn.config.shareBandwidth
+				gLog.Printf(LevelINFO, "set share bandwidth %d mbps", pn.config.ShareBandwidth)
+				config.shareBandwidth = pn.config.ShareBandwidth
 			}
 			// go pn.AddTunnel(config, req.ID)
 			go pn.addDirectTunnel(config, req.ID)

protocol.go

@@ -4,14 +4,13 @@ import (
 	"bytes"
 	"encoding/binary"
 	"encoding/json"
-	"errors"
 	"hash/crc64"
 	"math/big"
 	"net"
 	"time"
 )
 
-const OpenP2PVersion = "0.96.0"
+const OpenP2PVersion = "0.97.1"
 const ProducnName string = "openp2p"
 
 type openP2PHeader struct {
@@ -127,18 +126,10 @@ const (
 	AESKeySize                   = 16
 	MaxRetry                     = 10
 	RetryInterval                = time.Second * 30
-	PublicIPEchoTimeout          = time.Second * 5
+	PublicIPEchoTimeout          = time.Second * 3
 	NatTestTimeout               = time.Second * 10
 )
 
-// error message
-var (
-	// ErrorS2S string = "s2s is not supported"
-	// ErrorHandshake string = "handshake error"
-	ErrorS2S       = errors.New("s2s is not supported")
-	ErrorHandshake = errors.New("handshake error")
-)
-
 // NATNone has public ip
 const (
 	NATNone      = 0
@@ -198,7 +189,7 @@ type PushRsp struct {
 type LoginRsp struct {
 	Error  int    `json:"error,omitempty"`
 	Detail string `json:"detail,omitempty"`
-	Ts     uint64 `json:"ts,omitempty"`
+	Ts     int64  `json:"ts,omitempty"`
 }
 
 type NatDetectReq struct {