mr-karan
diff --git a/‎Makefile‎
Lines changed: 1 addition & 1 deletion b/‎Makefile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎cmd/server/init.go‎
Lines changed: 31 additions & 8 deletions b/‎cmd/server/init.go‎
Lines changed: 31 additions & 8 deletions
diff --git a/‎cmd/server/main.go‎
Lines changed: 9 additions & 5 deletions b/‎cmd/server/main.go‎
Lines changed: 9 additions & 5 deletions
diff --git a/‎go.mod‎
Lines changed: 3 additions & 3 deletions b/‎go.mod‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎go.sum‎
Lines changed: 5 additions & 14 deletions b/‎go.sum‎
Lines changed: 5 additions & 14 deletions
diff --git a/‎internal/api/handlers.go‎
Lines changed: 2 additions & 2 deletions b/‎internal/api/handlers.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎internal/api/proxy.go‎
Lines changed: 49 additions & 25 deletions b/‎internal/api/proxy.go‎
Lines changed: 49 additions & 25 deletions
@@ -18,4 +18,4 @@ fresh: build run
 
 .PHONY: lint
 lint:
-	docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.43.0 golangci-lint run -v
+	docker run --rm -v $(PWD):/app -w /app golangci/golangci-lint:v1.43.0 golangci-lint run -v
@@ -2,25 +2,48 @@ package main
 
 import (
 	"fmt"
+	"log/slog"
 	"os"
 	"strings"
 
-	"github.com/zerodha/logf"
-
 	"github.com/knadh/koanf"
 	"github.com/knadh/koanf/parsers/toml"
 	"github.com/knadh/koanf/providers/env"
 	"github.com/knadh/koanf/providers/file"
 	flag "github.com/spf13/pflag"
 )
 
-// initLogger initializes logger instance.
-func initLogger(ko *koanf.Koanf) logf.Logger {
-	opts := logf.Opts{EnableColor: true, EnableCaller: true}
-	if ko.String("app.log_level") == "debug" {
-		opts.Level = logf.DebugLevel
+// initLogger initializes slog logger instance.
+func initLogger(ko *koanf.Koanf) *slog.Logger {
+	// Parse log level from config
+	var level slog.Level
+	switch strings.ToLower(ko.String("app.log_level")) {
+	case "debug":
+		level = slog.LevelDebug
+	case "info":
+		level = slog.LevelInfo
+	case "warn", "warning":
+		level = slog.LevelWarn
+	case "error":
+		level = slog.LevelError
+	default:
+		level = slog.LevelInfo
+	}
+
+	// Configure handler options
+	opts := &slog.HandlerOptions{
+		Level:     level,
+		AddSource: true, // Enable caller information
 	}
-	return logf.New(opts)
+
+	// Create text handler for console output
+	handler := slog.NewTextHandler(os.Stdout, opts)
+	logger := slog.New(handler)
+
+	// Set as default logger
+	slog.SetDefault(logger)
+
+	return logger
 }
 
 // initConfig loads config to `ko` object.
 
@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"log/slog"
 	"os"
 	"os/signal"
 	"sync"
@@ -30,12 +31,13 @@ func main() {
 	ko := initConfig("config.sample.toml", "ARBOK_SERVER")
 	logger := initLogger(ko)
 
-	logger.Info("starting arbok server", "version", buildString)
+	logger.Info("starting arbok server", slog.String("version", buildString))
 
 	// Parse configuration
 	cfg, err := parseConfig(ko)
 	if err != nil {
-		logger.Fatal("config error", "error", err)
+		logger.Error("config error", slog.Any("error", err))
+		os.Exit(1)
 	}
 
 	// Initialize WireGuard tunnel
@@ -47,7 +49,8 @@ func main() {
 		PrivateKey: cfg.Server.PrivateKey,
 	})
 	if err != nil {
-		logger.Fatal("failed to initialize tunnel", "error", err)
+		logger.Error("failed to initialize tunnel", slog.Any("error", err))
+		os.Exit(1)
 	}
 
 	// Initialize registry
@@ -57,7 +60,8 @@ func main() {
 		CleanupInterval: cfg.Tunnel.CleanupInterval,
 	}, logger)
 	if err != nil {
-		logger.Fatal("failed to initialize registry", "error", err)
+		logger.Error("failed to initialize registry", slog.Any("error", err))
+		os.Exit(1)
 	}
 
 	// Initialize authenticator
@@ -86,7 +90,7 @@ func main() {
 	go func() {
 		defer wg.Done()
 		if err := tun.Up(ctx); err != nil {
-			logger.Error("tunnel error", "error", err)
+			logger.Error("tunnel error", slog.Any("error", err))
 		}
 	}()
 
 
@@ -10,22 +10,22 @@ require (
 	github.com/gorilla/mux v1.8.1
 	github.com/knadh/koanf v1.5.0
 	github.com/spf13/pflag v1.0.7
-	github.com/vishvananda/netlink v1.3.1
-	github.com/zerodha/logf v0.5.5
 	golang.org/x/crypto v0.40.0
 	golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb
 )
 
 require (
 	github.com/fsnotify/fsnotify v1.9.0 // indirect
+	github.com/google/btree v1.1.3 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/valyala/fastrand v1.1.0 // indirect
 	github.com/valyala/histogram v1.2.0 // indirect
-	github.com/vishvananda/netns v0.0.5 // indirect
 	golang.org/x/net v0.42.0 // indirect
 	golang.org/x/sys v0.34.0 // indirect
+	golang.org/x/time v0.12.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
+	gvisor.dev/gvisor v0.0.0-20250503011706-39ed1f5ac29c // indirect
 )
@@ -80,8 +80,8 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
-github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
+github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
+github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -237,22 +237,15 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/valyala/fastrand v1.1.0 h1:f+5HkLW4rsgzdNoleUOB69hyT9IlD2ZQh9GyDMfb5G8=
 github.com/valyala/fastrand v1.1.0/go.mod h1:HWqCzkrkg6QXT8V2EXWvXCoow7vLwOFN002oeRzjapQ=
 github.com/valyala/histogram v1.2.0 h1:wyYGAZZt3CpwUiIb9AU/Zbllg1llXyrtApRS815OLoQ=
 github.com/valyala/histogram v1.2.0/go.mod h1:Hb4kBwb4UxsaNbbbh+RRz8ZR6pdodR57tzWUS3BUzXY=
-github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW6bV0=
-github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4=
-github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY=
-github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/zerodha/logf v0.5.5 h1:AhxHlixHNYwhFjvlgTv6uO4VBKYKxx2I6SbHoHtWLBk=
-github.com/zerodha/logf v0.5.5/go.mod h1:HWpfKsie+WFFpnUnUxelT6Z0FC6xu9+qt+oXNMPg6y8=
 go.etcd.io/etcd/api/v3 v3.5.4/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A=
 go.etcd.io/etcd/client/pkg/v3 v3.5.4/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v3 v3.5.4/go.mod h1:ZaRkVgBZC+L+dLCjTcF1hRXpgZXQPOvnA/Ak/gq3kiY=
@@ -336,8 +329,6 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
 golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -348,8 +339,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
-golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
+golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 
@@ -131,7 +131,7 @@ func (s *Server) handleDeleteTunnel(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Remove peer from WireGuard
-	if err := s.tun.RemovePeer(t.PublicKey); err != nil {
+	if err := s.tun.RemovePeer(t.PublicKey, t.AllowedIP); err != nil {
 		s.logger.Error("failed to remove peer", "error", err, "tunnel_id", t.ID)
 	}
 
@@ -240,7 +240,7 @@ PostUp = echo "🐍 Arbok tunnel active! Local port %d → %s"
 
 [Peer]
 PublicKey = %s
-AllowedIPs = 10.100.0.1/32
+AllowedIPs = 10.100.0.0/24
 Endpoint = %s
 PersistentKeepalive = 25`, 
 		t.AllowedIP,
 
@@ -2,6 +2,7 @@ package api
 
 import (
 	"bufio"
+	"context"
 	"fmt"
 	"io"
 	"net"
@@ -12,7 +13,7 @@ import (
 	"time"
 )
 
-// createReverseProxy creates a reverse proxy for a tunnel
+// createReverseProxy creates a reverse proxy for a tunnel using netstack
 func (s *Server) createReverseProxy(targetIP string, port uint16) *httputil.ReverseProxy {
 	target := &url.URL{
 		Scheme: "http",
@@ -21,13 +22,12 @@ func (s *Server) createReverseProxy(targetIP string, port uint16) *httputil.Reve
 
 	proxy := httputil.NewSingleHostReverseProxy(target)
 
-	// Customize the transport for better performance
+	// Get netstack from tunnel for userspace networking
+	tnet := s.tun.GetNetstack()
+	
+	// Customize the transport to use netstack (userspace WireGuard networking)
 	proxy.Transport = &http.Transport{
-		Proxy: http.ProxyFromEnvironment,
-		DialContext: (&net.Dialer{
-			Timeout:   30 * time.Second,
-			KeepAlive: 30 * time.Second,
-		}).DialContext,
+		DialContext:           tnet.DialContext, // Use netstack instead of kernel networking
 		ForceAttemptHTTP2:     true,
 		MaxIdleConns:          100,
 		IdleConnTimeout:       90 * time.Second,
@@ -75,21 +75,29 @@ func (s *Server) createReverseProxy(targetIP string, port uint16) *httputil.Reve
 	return proxy
 }
 
-// handleTunnelTrafficWithProxy handles incoming traffic and proxies it to the tunnel
-func (s *Server) handleTunnelTrafficWithProxy(w http.ResponseWriter, r *http.Request) {
-	// Extract subdomain from host
-	host := r.Host
-	if idx := strings.Index(host, ":"); idx != -1 {
+// extractSubdomain extracts the subdomain from a host header value.
+// It handles port stripping and returns just the subdomain portion.
+func extractSubdomain(host string) string {
+	// Remove port if present
+	if idx := strings.IndexByte(host, ':'); idx != -1 {
 		host = host[:idx]
 	}
 
-	parts := strings.Split(host, ".")
-	if len(parts) < 2 {
-		http.Error(w, "Invalid host", http.StatusBadRequest)
+	// Extract subdomain (first part before first dot)
+	if idx := strings.IndexByte(host, '.'); idx != -1 {
+		return host[:idx]
+	}
+	return host
+}
+
+// handleTunnelTrafficWithProxy handles incoming traffic and proxies it to the tunnel
+func (s *Server) handleTunnelTrafficWithProxy(w http.ResponseWriter, r *http.Request) {
+	// Extract subdomain from host
+	subdomain := extractSubdomain(r.Host)
+	if subdomain == "" {
+		http.Error(w, "Invalid host header", http.StatusBadRequest)
 		return
 	}
-	
-	subdomain := parts[0]
 	tunnel := s.registry.GetTunnelBySubdomain(subdomain)
 	if tunnel == nil {
 		http.Error(w, "Tunnel not found", http.StatusNotFound)
@@ -121,7 +129,7 @@ func (s *Server) handleWebSocket(w http.ResponseWriter, r *http.Request, targetI
 		targetURL += "?" + r.URL.RawQuery
 	}
 
-	targetConn, resp, err := websocketDial(targetURL, r.Header)
+	targetConn, resp, err := s.websocketDial(targetURL, r.Header)
 	if err != nil {
 		s.logger.Error("websocket dial error", "error", err, "target", targetURL)
 		http.Error(w, "Bad Gateway", http.StatusBadGateway)
@@ -150,31 +158,47 @@ func (s *Server) handleWebSocket(w http.ResponseWriter, r *http.Request, targetI
 		return
 	}
 
-	// Proxy data between connections
+	// Use context for proper cancellation
+	ctx, cancel := context.WithCancel(r.Context())
+	defer cancel()
+
+	// Proxy data between connections with proper cleanup
 	errc := make(chan error, 2)
 	go func() {
+		defer cancel() // Cancel context when one direction completes
 		_, err := io.Copy(targetConn, clientConn)
 		errc <- err
 	}()
 	go func() {
+		defer cancel() // Cancel context when one direction completes
 		_, err := io.Copy(clientConn, targetConn)
 		errc <- err
 	}()
 
-	// Wait for either copy to complete
-	<-errc
+	// Wait for either copy to complete or context cancellation
+	select {
+	case <-ctx.Done():
+		return
+	case <-errc:
+		return
+	}
 }
 
-// websocketDial dials a WebSocket connection
-func websocketDial(targetURL string, headers http.Header) (net.Conn, *http.Response, error) {
+// websocketDial dials a WebSocket connection using the tunnel's netstack
+func (s *Server) websocketDial(targetURL string, headers http.Header) (net.Conn, *http.Response, error) {
 	// Parse the URL
 	u, err := url.Parse(targetURL)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	// Dial TCP connection
-	conn, err := net.DialTimeout("tcp", u.Host, 10*time.Second)
+	// Get netstack from tunnel for userspace networking
+	tnet := s.tun.GetNetstack()
+	
+	// Dial TCP connection using netstack (userspace WireGuard networking)
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+	conn, err := tnet.DialContext(ctx, "tcp", u.Host)
 	if err != nil {
 		return nil, nil, err
 	}
Original file line number	Diff line number	Diff line change
`@@ -131,7 +131,7 @@ func (s Server) handleDeleteTunnel(w http.ResponseWriter, r http.Request) {`
`131`	`131`	`}`
`132`	`132`
`133`	`133`	`// Remove peer from WireGuard`
`134`		`- if err := s.tun.RemovePeer(t.PublicKey); err != nil {`
	`134`	`+ if err := s.tun.RemovePeer(t.PublicKey, t.AllowedIP); err != nil {`
`135`	`135`	`s.logger.Error("failed to remove peer", "error", err, "tunnel_id", t.ID)`
`136`	`136`	`}`
`137`	`137`
`@@ -240,7 +240,7 @@ PostUp = echo "🐍 Arbok tunnel active! Local port %d → %s"`
`240`	`240`
`241`	`241`	`[Peer]`
`242`	`242`	`PublicKey = %s`
`243`		`-AllowedIPs = 10.100.0.1/32`
	`243`	`+AllowedIPs = 10.100.0.0/24`
`244`	`244`	`Endpoint = %s`
`245`	`245`	PersistentKeepalive = 25`,
`246`	`246`	`t.AllowedIP,`