Expose config and tunnel as a public API.

This refactor tries to expose all the useful functi...

Additionally, I'm instrumenting the integration test, and merging the
coverage profile so that ...

As part of a previous commit ($64), I reverted a recent "fix" that was
inverting the local-remo...

# Checklist

* [x] I have read the contribution guidelines
* [x] Iff you changed code related...

In order to allo tracing of events, we refactor the configuration handling. We move
options to ...

Exercise reliable service passing a vector of packet ID to simulate
packet loss.

Additionall...

Add a utility script to convert a pcap containing a reference OpenVPN
handshake into a string c...

Tests for down and up workers in reliable service, covering reordering
towards the upper layer ...

# Checklist

* [x] I have read the contribution guidelines
* [x] Iff you changed code related...

# Checklist

* [x] I have read the contribution guidelines
* [x] Iff you changed code related...

# Checklist

* [x] I have read the contribution guidelines
* [x] Iff you changed code related...

This is a follow-up to the ongoing architectural refactor after the last
merged layer (#54).

...

We were not tracking the netmask passed by the remote (in the ifconfig
option). This will be us...

This is the seventh (and in a sense, last) commit in the series of
incremental refactoring of t...

This is the sixth commit in the series of incremental refactoring of the
current minivpn tree.
...

This is the fifth commit in the series of incremental refactoring of the
current minivpn tree.
...

This is the fourth commit in the series of incremental refactoring of
the current minivpn tree....

This is the third commit in the series of incremental refactoring of the
current minivpn tree.
...

This is the second commit in the series of incremental refactoring of
the current minivpn tree....

This commit introduces the lower layer in the new layered minivpn architecture. This new archite...

minor change, but we've updated the backend to allocate only a uint8.
255 network events should ...

this was a pending refactor: we really don't need to instatiate the hmac
each time.

we also don...

decompression was only working for AEAD (GCM) before.
the compress=stub case seems not to be wor...

As pointed out by the security audit, the use of P_DATA_V1 format was
too conspicuous. In order ...

MIV-01-005: Possible DoS via Slice Bounds Out of Range (High)
During the fuzzing process of the ...

Revert a change by which we had ceased to explicitely set min and max
TLS version. Apparently uT...

Here I add a simple retry strategy that increments the port by one if
the default or configured ...

On the topic of the canary stack protections, check
https://github.com/golang/go/issues/21871#is...

Otherwise, bogus provider names will lead to the creation of arbitrary
folders.

- Reference: MI...

MIV-01-008 Possible File Disclosure via Error Messages (Info)

It was found that the minivpn cli...

MIV-01-004: Possible DoS via Index Out of Range (Medium)
During the fuzzing process of the miniv...

MIV-01-003: Possible DoS via nil Pointer Dereference (Medium)
During the fuzzing process of the ...

During the fuzzing process of the minivpn/vpn package, it was found that
the bytesPadPKCS7 funct...

MIV-01-001: Possible DoS via index out of range (Low)
During the fuzzing process of the minivpn/...

both ways are valid ways of specifying a tunnel gateway

The credentials file is now limited to a subdirectory of the base dir.
While there, the parsing ...

- store rtt as time.Duration
- improve error handling

the current backoff mechanism for read re...

To allow serial use, Pinger needs a new constructor to avoid
closing the underlying connection.

- add listener channel so that we can subscribe to event transitions
from the outside.
- parse...

Clean up the public interface and remove the unnecessary indirection
layer caused by RawDialer.
...

while doing this, I also attempted to improve tests around client
and muxer, mainly to keep test...

until I figure out what the vcs timestamp in the gosec step is about.

wireguard/tun/netstack depends in net/netip which has only landed in Go
stdlib in 1.18.

Make the implementation in extras/pinger more robust. For this:

* I vendored the icmp-ping im...

The regular TLS verification does not work for VPN gateways, because we don't know the common na...

this didn't make much sense when we're embracing uTLS

a clientHello has been captured from the standard openvpn
implementation, and we make use of uTL...

After review today with bassosimone, I think much of the comlexity of
the dialer can be removed....