go-ethereum

forks/go-ethereum

Fork 1

mirror of https://github.com/ethereum/go-ethereum.git synced 2026-06-04 14:08:39 +00:00

Commit graph

Author	SHA1	Message	Date
cui	38667bc64e	p2p/nat: server list contains IPv6 servers (#35084 ) stun-list.txt includes 10 bracketd IPv6 server, but the dial network is fixed to "udp4"	2026-06-02 17:13:36 +02:00
ozpool	45698e9cb9	p2p/nat: bump pion/stun to v3 to pull in fixed pion/dtls (#34980 ) ### Summary Closes #34621. `github.com/pion/dtls/v2` is affected by [CVE-2026-26014](https://nvd.nist.gov/vuln/detail/CVE-2026-26014); the fix lives in `github.com/pion/dtls/v3`. In this tree, dtls/v2 is pulled in indirectly via `github.com/pion/stun/v2 v2.0.0` (declared at `go.mod:53`), which is the only direct consumer — `p2p/nat/stun.go` is the sole call site. `github.com/pion/stun/v3` already uses dtls/v3, so bumping `stun` upgrades the vulnerable dependency without touching `pion/dtls` directly. ### API check The v3 surface used by `p2p/nat/stun.go` is byte-identical in shape to v2: \| Symbol \| v2 \| v3 \| \|---\|---\|---\| \| `Dial` \| `func Dial(network, address string) (Client, error)` \| same \| \| `Build` \| `func Build(setters ...Setter) (Message, error)` \| same \| \| `TransactionID` \| `var TransactionID Setter` \| same \| \| `BindingRequest` \| `var BindingRequest = NewType(MethodBinding, ClassRequest)` \| same \| \| `Event` \| `type Event struct` \| same \| \| `XORMappedAddress` \| `type XORMappedAddress struct { … GetFrom(*Message) error }` \| same \| \| `DefaultPort` \| `const DefaultPort = 3478` \| same \| So the code change is just the import rename plus an alias rename to keep the local label honest (`stunV2` → `stunV3`). ### Change `go.mod` / `go.sum`: - Replace direct `github.com/pion/stun/v2 v2.0.0` with `github.com/pion/stun/v3 v3.0.1`. - `go mod tidy` drops every `pion/dtls/v2` and `pion/stun/v2` entry from `go.sum` and pulls `pion/dtls/v3 v3.0.7`, `pion/stun/v3 v3.0.1`, `pion/transport/v3 v3.0.8` as the new indirect set. `p2p/nat/stun.go`: - Update the import path and rename the alias from `stunV2` to `stunV3`. ### Verification - `go build ./p2p/nat/` clean. - `go test ./p2p/nat/ -count=1` passes (26s). - `grep 'pion/dtls/v2\\|pion/stun/v2' go.sum` returns zero matches. ### Notes - `pion/dtls` is not imported directly anywhere in the tree, so no other code needs touching. - `pion/transport/v3` was already in the dependency graph (the `stun/v3` upgrade just bumps the patch from v3.0.1 → v3.0.8); the v2 transport drops out cleanly.	2026-05-27 13:38:18 +02:00
zhen peng	75526bb8e0	p2p/nat: add stun protocol (#31064 ) This implements a basic mechanism to query the node's external IP using a STUN server. There is a built-in list of public STUN servers for convenience. The new detection mechanism must be selected explicitly using `--nat=stun` and is not enabled by default in Geth. Fixes #30881 --------- Co-authored-by: Felix Lange <fjl@twurst.com>	2025-01-24 16:16:02 +01:00

Author

SHA1

Message

Date

cui

38667bc64e

p2p/nat: server list contains IPv6 servers (#35084 )

stun-list.txt includes 10 bracketd IPv6 server, but the dial network is
fixed to "udp4"

2026-06-02 17:13:36 +02:00

ozpool

45698e9cb9

p2p/nat: bump pion/stun to v3 to pull in fixed pion/dtls (#34980 )

### Summary

Closes #34621.

`github.com/pion/dtls/v2` is affected by
[CVE-2026-26014](https://nvd.nist.gov/vuln/detail/CVE-2026-26014); the
fix lives in `github.com/pion/dtls/v3`. In this tree, dtls/v2 is pulled
in indirectly via `github.com/pion/stun/v2 v2.0.0` (declared at
`go.mod:53`), which is the only direct consumer — `p2p/nat/stun.go` is
the sole call site.

`github.com/pion/stun/v3` already uses dtls/v3, so bumping `stun`
upgrades the vulnerable dependency without touching `pion/dtls`
directly.

### API check

The v3 surface used by `p2p/nat/stun.go` is byte-identical in shape to
v2:

| Symbol | v2 | v3 |
|---|---|---|
| `Dial` | `func Dial(network, address string) (*Client, error)` | same
|
| `Build` | `func Build(setters ...Setter) (*Message, error)` | same |
| `TransactionID` | `var TransactionID Setter` | same |
| `BindingRequest` | `var BindingRequest = NewType(MethodBinding,
ClassRequest)` | same |
| `Event` | `type Event struct` | same |
| `XORMappedAddress` | `type XORMappedAddress struct { …
GetFrom(*Message) error }` | same |
| `DefaultPort` | `const DefaultPort = 3478` | same |

So the code change is just the import rename plus an alias rename to
keep the local label honest (`stunV2` → `stunV3`).

### Change

`go.mod` / `go.sum`:

- Replace direct `github.com/pion/stun/v2 v2.0.0` with
`github.com/pion/stun/v3 v3.0.1`.
- `go mod tidy` drops every `pion/dtls/v2` and `pion/stun/v2` entry from
`go.sum` and pulls `pion/dtls/v3 v3.0.7`, `pion/stun/v3 v3.0.1`,
`pion/transport/v3 v3.0.8` as the new indirect set.

`p2p/nat/stun.go`:

- Update the import path and rename the alias from `stunV2` to `stunV3`.

### Verification

- `go build ./p2p/nat/` clean.
- `go test ./p2p/nat/ -count=1` passes (26s).
- `grep 'pion/dtls/v2\|pion/stun/v2' go.sum` returns zero matches.

### Notes

- `pion/dtls` is not imported directly anywhere in the tree, so no other
code needs touching.
- `pion/transport/v3` was already in the dependency graph (the `stun/v3`
upgrade just bumps the patch from v3.0.1 → v3.0.8); the v2 transport
drops out cleanly.

2026-05-27 13:38:18 +02:00

zhen peng

75526bb8e0

p2p/nat: add stun protocol (#31064 )

This implements a basic mechanism to query the node's external IP using
a STUN server. There is a built-in list of public STUN servers for convenience.
The new detection mechanism must be selected explicitly using `--nat=stun` 
and is not enabled by default in Geth.

Fixes #30881

---------

Co-authored-by: Felix Lange <fjl@twurst.com>

2025-01-24 16:16:02 +01:00

3 commits