v0.7.0 — idle-wedge fix (persistent-keepalive) + crypto-verification tooling
Fixed
Idle DERP-relayed sessions no longer wedge (persistent-keepalive + periodic tick). A purely event-driven WireGuard endpoint advances its timers only on packet send/recv, so an idle tunnel went silent ~10s after the last packet and the dataplane then blocked forever on I/O with no timer wakeup — the NAT/relay mapping went cold and the next dial could never re-handshake (504 until restart). Fix: a per-peer persistent keepalive (default 25s, opt-in via PeerConfig::persistent_keepalive_interval) that re-arms unconditionally and emits an empty authenticated packet to hold the path warm (no upward jitter, stays under the ~30s NAT floor, does not advance the rekey clock), plus a clock-driven periodic tick so it fires on a truly idle tunnel. WG semantics verified canonical against the spec + boringtun + wireguard-go.
Added (verification / hardening — no runtime behavior change)
Cryptographic-verification tooling: a direct BLAKE2s-256 KAT (incl. the 16-byte cookie-MAC short-key path), a dudect constant-time leakage-detection bench over the AEAD tag-verify path, a cargo-fuzz target for the Tailnet-Lock CBOR decoder + a stable-CI smoke test + a Go fxamacker/cbor differential oracle, and docs/CRYPTO_VERIFICATION_STATUS.md (a four-axis framing of what "cryptographically verified" means here). Reconciled docs/CRYPTOGRAPHY.md §6 with the lockfile.
API note
Adds a public persistent_keepalive_interval: Option<Duration> field to PeerConfig/Config — a source-visible addition, hence the minor bump (0.6.10 → 0.7.0). None preserves the prior purely-reactive behavior.
This project is not associated with Tailscale Inc.