Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.24 as awg
+FROM golang:1.20 as awg
 COPY . /awg
 WORKDIR /awg
 RUN go mod download && \
@@ -6,7 +6,7 @@ RUN go mod download && \
     go build -ldflags '-linkmode external -extldflags "-fno-PIC -static"' -v -o /usr/bin
 
 FROM alpine:3.19
-ARG AWGTOOLS_RELEASE="1.0.20241018"
+ARG AWGTOOLS_RELEASE="1.0.20240213"
 RUN apk --no-cache add iproute2 iptables bash && \
     cd /usr/bin/ && \
     wget https://github.com/amnezia-vpn/amneziawg-tools/releases/download/v${AWGTOOLS_RELEASE}/alpine-3.19-amneziawg-tools.zip && \

Makefile

@@ -9,7 +9,7 @@ MAKEFLAGS += --no-print-directory
 
 generate-version-and-build:
 	@export GIT_CEILING_DIRECTORIES="$(realpath $(CURDIR)/..)" && \
-	tag="$$(git describe --tags --dirty 2>/dev/null)" && \
+	tag="$$(git describe --dirty 2>/dev/null)" && \
 	ver="$$(printf 'package main\n\nconst Version = "%s"\n' "$$tag")" && \
 	[ "$$(cat version.go 2>/dev/null)" != "$$ver" ] && \
 	echo "$$ver" > version.go && \

conn/bind_std.go

@@ -298,6 +298,11 @@ func (s *StdNetBind) BatchSize() int {
 	return 1
 }
 
+func (s *StdNetBind) GetOffloadInfo() string {
+	return fmt.Sprintf("ipv4TxOffload: %v, ipv4RxOffload: %v\nipv6TxOffload: %v, ipv6RxOffload: %v",
+		s.ipv4TxOffload, s.ipv4RxOffload, s.ipv6TxOffload, s.ipv6RxOffload)
+}
+
 func (s *StdNetBind) Close() error {
 	s.mu.Lock()
 	defer s.mu.Unlock()

conn/bind_windows.go

@@ -328,6 +328,10 @@ func (bind *WinRingBind) BatchSize() int {
 	return 1
 }
 
+func (bind *WinRingBind) GetOffloadInfo() string {
+	return ""
+}
+
 func (bind *WinRingBind) SetMark(mark uint32) error {
 	return nil
 }

conn/bindtest/bindtest.go

@@ -91,6 +91,8 @@ func (c *ChannelBind) Close() error {
 
 func (c *ChannelBind) BatchSize() int { return 1 }
 
+func (c *ChannelBind) GetOffloadInfo() string { return "" }
+
 func (c *ChannelBind) SetMark(mark uint32) error { return nil }
 
 func (c *ChannelBind) makeReceiveFunc(ch chan []byte) conn.ReceiveFunc {

conn/conn.go

@@ -55,6 +55,8 @@ type Bind interface {
 	// BatchSize is the number of buffers expected to be passed to
 	// the ReceiveFuncs, and the maximum expected to be passed to SendBatch.
 	BatchSize() int
+
+	GetOffloadInfo() string
 }
 
 // BindSocketToInterface is implemented by Bind objects that support being

device/device.go

@@ -95,7 +95,6 @@ type Device struct {
 	isASecOn abool.AtomicBool
 	aSecMux  sync.RWMutex
 	aSecCfg  aSecCfgType
-	junkCreator junkCreator
 }
 
 type aSecCfgType struct {
@@ -548,6 +547,7 @@ func (device *Device) BindUpdate() error {
 	}
 
 	device.log.Verbosef("UDP bind has been updated")
+	device.log.Verbosef(netc.bind.GetOffloadInfo())
 	return nil
 }
 
@@ -800,7 +800,6 @@ func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {
 	}
 
 	device.isASecOn.SetTo(isASecOn)
-	device.junkCreator, err = NewJunkCreator(device)
 	device.aSecMux.Unlock()
 
 	return err

device/device_test.go

@@ -109,7 +109,7 @@ func genASecurityConfigs(tb testing.TB) (cfgs, endpointCfgs [2]string) {
 		"replace_peers", "true",
 		"jc", "5",
 		"jmin", "500",
-		"jmax", "1000",
+		"jmax", "501",
 		"s1", "30",
 		"s2", "40",
 		"h1", "123456",
@@ -131,7 +131,7 @@ func genASecurityConfigs(tb testing.TB) (cfgs, endpointCfgs [2]string) {
 		"replace_peers", "true",
 		"jc", "5",
 		"jmin", "500",
-		"jmax", "1000",
+		"jmax", "501",
 		"s1", "30",
 		"s2", "40",
 		"h1", "123456",
@@ -274,7 +274,7 @@ func TestTwoDevicePing(t *testing.T) {
 	})
 }
 
-func TestASecurityTwoDevicePing(t *testing.T) {
+func TestTwoDevicePingASecurity(t *testing.T) {
 	goroutineLeakCheck(t)
 	pair := genTestPair(t, true, true)
 	t.Run("ping 1.0.0.1", func(t *testing.T) {

device/junk_creator.go

@@ -1,69 +0,0 @@
-package device
-
-import (
-	"bytes"
-	crand "crypto/rand"
-	"fmt"
-	v2 "math/rand/v2"
-)
-
-type junkCreator struct {
-	device   *Device
-	cha8Rand *v2.ChaCha8
-}
-
-func NewJunkCreator(d *Device) (junkCreator, error) {
-	buf := make([]byte, 32)
-	_, err := crand.Read(buf)
-	if err != nil {
-		return junkCreator{}, err
-	}
-	return junkCreator{device: d, cha8Rand: v2.NewChaCha8([32]byte(buf))}, nil
-}
-
-// Should be called with aSecMux RLocked
-func (jc *junkCreator) createJunkPackets() ([][]byte, error) {
-	if jc.device.aSecCfg.junkPacketCount == 0 {
-		return nil, nil
-	}
-
-	junks := make([][]byte, 0, jc.device.aSecCfg.junkPacketCount)
-	for i := 0; i < jc.device.aSecCfg.junkPacketCount; i++ {
-		packetSize := jc.randomPacketSize()
-		junk, err := jc.randomJunkWithSize(packetSize)
-		if err != nil {
-			return nil, fmt.Errorf("Failed to create junk packet: %v", err)
-		}
-		junks = append(junks, junk)
-	}
-	return junks, nil
-}
-
-// Should be called with aSecMux RLocked
-func (jc *junkCreator) randomPacketSize() int {
-	return int(
-		jc.cha8Rand.Uint64()%uint64(
-			jc.device.aSecCfg.junkPacketMaxSize-jc.device.aSecCfg.junkPacketMinSize,
-		),
-	) + jc.device.aSecCfg.junkPacketMinSize
-}
-
-// Should be called with aSecMux RLocked
-func (jc *junkCreator) appendJunk(writer *bytes.Buffer, size int) error {
-	headerJunk, err := jc.randomJunkWithSize(size)
-	if err != nil {
-		return fmt.Errorf("failed to create header junk: %v", err)
-	}
-	_, err = writer.Write(headerJunk)
-	if err != nil {
-		return fmt.Errorf("failed to write header junk: %v", err)
-	}
-	return nil
-}
-
-// Should be called with aSecMux RLocked
-func (jc *junkCreator) randomJunkWithSize(size int) ([]byte, error) {
-	junk := make([]byte, size)
-	_, err := jc.cha8Rand.Read(junk)
-	return junk, err
-}

device/junk_creator_test.go

@@ -1,124 +0,0 @@
-package device
-
-import (
-	"bytes"
-	"fmt"
-	"testing"
-
-	"github.com/amnezia-vpn/amneziawg-go/conn/bindtest"
-	"github.com/amnezia-vpn/amneziawg-go/tun/tuntest"
-)
-
-func setUpJunkCreator(t *testing.T) (junkCreator, error) {
-	cfg, _ := genASecurityConfigs(t)
-	tun := tuntest.NewChannelTUN()
-	binds := bindtest.NewChannelBinds()
-	level := LogLevelVerbose
-	dev := NewDevice(
-		tun.TUN(),
-		binds[0],
-		NewLogger(level, ""),
-	)
-
-	if err := dev.IpcSet(cfg[0]); err != nil {
-		t.Errorf("failed to configure device %v", err)
-		dev.Close()
-		return junkCreator{}, err
-	}
-
-	jc, err := NewJunkCreator(dev)
-
-	if err != nil {
-		t.Errorf("failed to create junk creator %v", err)
-		dev.Close()
-		return junkCreator{}, err
-	}
-
-	return jc, nil
-}
-
-func Test_junkCreator_createJunkPackets(t *testing.T) {
-	jc, err := setUpJunkCreator(t)
-	if err != nil {
-		return
-	}
-	t.Run("", func(t *testing.T) {
-		got, err := jc.createJunkPackets()
-		if err != nil {
-			t.Errorf(
-				"junkCreator.createJunkPackets() = %v; failed",
-				err,
-			)
-			return
-		}
-		seen := make(map[string]bool)
-		for _, junk := range got {
-			key := string(junk)
-			if seen[key] {
-				t.Errorf(
-					"junkCreator.createJunkPackets() = %v, duplicate key: %v",
-					got,
-					junk,
-				)
-				return
-			}
-			seen[key] = true
-		}
-	})
-}
-
-func Test_junkCreator_randomJunkWithSize(t *testing.T) {
-	t.Run("", func(t *testing.T) {
-		jc, err := setUpJunkCreator(t)
-		if err != nil {
-			return
-		}
-		r1, _ := jc.randomJunkWithSize(10)
-		r2, _ := jc.randomJunkWithSize(10)
-		fmt.Printf("%v\n%v\n", r1, r2)
-		if bytes.Equal(r1, r2) {
-			t.Errorf("same junks %v", err)
-			jc.device.Close()
-			return
-		}
-	})
-}
-
-func Test_junkCreator_randomPacketSize(t *testing.T) {
-	jc, err := setUpJunkCreator(t)
-	if err != nil {
-		return
-	}
-	for range [30]struct{}{} {
-		t.Run("", func(t *testing.T) {
-			if got := jc.randomPacketSize(); jc.device.aSecCfg.junkPacketMinSize > got ||
-				got > jc.device.aSecCfg.junkPacketMaxSize {
-				t.Errorf(
-					"junkCreator.randomPacketSize() = %v, not between range [%v,%v]",
-					got,
-					jc.device.aSecCfg.junkPacketMinSize,
-					jc.device.aSecCfg.junkPacketMaxSize,
-				)
-			}
-		})
-	}
-}
-
-func Test_junkCreator_appendJunk(t *testing.T) {
-	jc, err := setUpJunkCreator(t)
-	if err != nil {
-		return
-	}
-	t.Run("", func(t *testing.T) {
-		s := "apple"
-		buffer := bytes.NewBuffer([]byte(s))
-		err := jc.appendJunk(buffer, 30)
-		if err != nil &&
-			buffer.Len() != len(s)+30 {
-			t.Errorf("appendWithJunk() size don't match")
-		}
-		read := make([]byte, 50)
-		buffer.Read(read)
-		fmt.Println(string(read))
-	})
-}

device/send.go

@@ -9,6 +9,7 @@ import (
 	"bytes"
 	"encoding/binary"
 	"errors"
+	"math/rand"
 	"net"
 	"os"
 	"sync"
@@ -128,7 +129,7 @@ func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
 	var junkedHeader []byte
 	if peer.device.isAdvancedSecurityOn() {
 		peer.device.aSecMux.RLock()
-		junks, err := peer.device.junkCreator.createJunkPackets()
+		junks, err := peer.createJunkPackets()
 		peer.device.aSecMux.RUnlock()
 
 		if err != nil {
@@ -149,7 +150,7 @@ func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
 		if peer.device.aSecCfg.initPacketJunkSize != 0 {
 			buf := make([]byte, 0, peer.device.aSecCfg.initPacketJunkSize)
 			writer := bytes.NewBuffer(buf[:0])
-			err = peer.device.junkCreator.appendJunk(writer, peer.device.aSecCfg.initPacketJunkSize)
+			err = appendJunk(writer, peer.device.aSecCfg.initPacketJunkSize)
 			if err != nil {
 				peer.device.log.Errorf("%v - %v", peer, err)
 				peer.device.aSecMux.RUnlock()
@@ -199,7 +200,7 @@ func (peer *Peer) SendHandshakeResponse() error {
 		if peer.device.aSecCfg.responsePacketJunkSize != 0 {
 			buf := make([]byte, 0, peer.device.aSecCfg.responsePacketJunkSize)
 			writer := bytes.NewBuffer(buf[:0])
-			err = peer.device.junkCreator.appendJunk(writer, peer.device.aSecCfg.responsePacketJunkSize)
+			err = appendJunk(writer, peer.device.aSecCfg.responsePacketJunkSize)
 			if err != nil {
 				peer.device.aSecMux.RUnlock()
 				peer.device.log.Errorf("%v - %v", peer, err)
@@ -468,6 +469,31 @@ top:
 	}
 }
 
+func (peer *Peer) createJunkPackets() ([][]byte, error) {
+	if peer.device.aSecCfg.junkPacketCount == 0 {
+		return nil, nil
+	}
+
+	junks := make([][]byte, 0, peer.device.aSecCfg.junkPacketCount)
+	for i := 0; i < peer.device.aSecCfg.junkPacketCount; i++ {
+		packetSize := rand.Intn(
+			peer.device.aSecCfg.junkPacketMaxSize-peer.device.aSecCfg.junkPacketMinSize,
+		) + peer.device.aSecCfg.junkPacketMinSize
+
+		junk, err := randomJunkWithSize(packetSize)
+		if err != nil {
+			peer.device.log.Errorf(
+				"%v - Failed to create junk packet: %v",
+				peer,
+				err,
+			)
+			return nil, err
+		}
+		junks = append(junks, junk)
+	}
+	return junks, nil
+}
+
 func (peer *Peer) FlushStagedPackets() {
 	for {
 		select {

device/util.go

@@ -0,0 +1,25 @@
+package device
+
+import (
+	"bytes"
+	crand "crypto/rand"
+	"fmt"
+)
+
+func appendJunk(writer *bytes.Buffer, size int) error {
+	headerJunk, err := randomJunkWithSize(size)
+	if err != nil {
+		return fmt.Errorf("failed to create header junk: %v", err)
+	}
+	_, err = writer.Write(headerJunk)
+	if err != nil {
+		return fmt.Errorf("failed to write header junk: %v", err)
+	}
+	return nil
+}
+
+func randomJunkWithSize(size int) ([]byte, error) {
+	junk := make([]byte, size)
+	_, err := crand.Read(junk)
+	return junk, err
+}

device/util_test.go

@@ -0,0 +1,27 @@
+package device
+
+import (
+	"bytes"
+	"fmt"
+	"testing"
+)
+
+func Test_randomJunktWithSize(t *testing.T) {
+	junk, err := randomJunkWithSize(30)
+	fmt.Println(string(junk), len(junk), err)
+}
+
+func Test_appendJunk(t *testing.T) {
+	t.Run("", func(t *testing.T) {
+		s := "apple"
+		buffer := bytes.NewBuffer([]byte(s))
+		err := appendJunk(buffer, 30)
+		if err != nil &&
+			buffer.Len() != len(s)+30 {
+			t.Errorf("appendWithJunk() size don't match")
+		}
+		read := make([]byte, 50)
+		buffer.Read(read)
+		fmt.Println(string(read))
+	})
+}

go.mod

@@ -1,17 +1,17 @@
 module github.com/amnezia-vpn/amneziawg-go
 
-go 1.24
+go 1.20
 
 require (
 	github.com/tevino/abool/v2 v2.1.0
-	golang.org/x/crypto v0.36.0
+	golang.org/x/crypto v0.19.0
-	golang.org/x/net v0.37.0
+	golang.org/x/net v0.21.0
-	golang.org/x/sys v0.31.0
+	golang.org/x/sys v0.17.0
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2
-	gvisor.dev/gvisor v0.0.0-20250130013005-04f9204697c6
+	gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259
 )
 
 require (
-	github.com/google/btree v1.1.3 // indirect
+	github.com/google/btree v1.0.1 // indirect
-	golang.org/x/time v0.9.0 // indirect
+	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
 )

go.sum

@@ -1,20 +1,16 @@
-github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
+github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
-github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
+github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/tevino/abool/v2 v2.1.0 h1:7w+Vf9f/5gmKT4m4qkayb33/92M+Um45F2BkHOR+L/c=
 github.com/tevino/abool/v2 v2.1.0/go.mod h1:+Lmlqk6bHDWHqN1cbxqhwEAwMPXgc8I1SDEamtseuXY=
-golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
-golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
-golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
+golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
-golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
-golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
-golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
-gvisor.dev/gvisor v0.0.0-20250130013005-04f9204697c6 h1:6B7MdW3OEbJqOMr7cEYU9bkzvCjUBX/JlXk12xcANuQ=
+gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 h1:TbRPT0HtzFP3Cno1zZo7yPzEEnfu8EjLfl6IU9VfqkQ=
-gvisor.dev/gvisor v0.0.0-20250130013005-04f9204697c6/go.mod h1:5DMfjtclAbTIjbXqO1qCe2K5GKKxWz2JHvCChuTcJEM=
+gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259/go.mod h1:AVgIgHMwK63XvmAzWG9vLQ41YnVHN0du0tEC46fI7yY=