Bump version to 0.5.3

From: https://github.com/ekzhang/bore/pull/162#discussion_r2042195219

.github/workflows/ci.yml

@@ -1,13 +1,17 @@
 name: CI
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - main
+  pull_request:
 
 jobs:
   rust:
     name: Build and Test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - uses: actions-rs/toolchain@v1
         with:
@@ -22,7 +26,7 @@ jobs:
     name: Rustfmt
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - uses: actions-rs/toolchain@v1
         with:
@@ -36,7 +40,7 @@ jobs:
     name: Clippy
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - uses: actions-rs/toolchain@v1
         with:

.github/workflows/docker.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Docker meta
         id: meta
@@ -40,9 +40,7 @@ jobs:
         id: docker_build
         uses: docker/build-push-action@v3
         with:
-          # This doesn't work now because of an issue in multi-platform Docker builds.
+          platforms: linux/amd64,linux/arm64
-          #   -> see https://github.com/rust-lang/rust/issues/97520
-          # platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

.github/workflows/mean_bean_ci.yml

@@ -1,12 +1,16 @@
 name: Mean Bean CI
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - main
+  pull_request:
 
 jobs:
   install-cross:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 50
 
@@ -18,7 +22,7 @@ jobs:
           matches: ${{ matrix.platform }}
           token: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: actions/upload-artifact@v1
+      - uses: actions/upload-artifact@v4
         with:
           name: cross-${{ matrix.platform }}
           path: ${{ steps.cross.outputs.install_path }}
@@ -33,11 +37,11 @@ jobs:
       matrix:
         channel: [stable]
         target:
-          - x86_64-apple-darwin
+          - aarch64-apple-darwin
 
     steps:
       - name: Setup | Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       - name: Setup | Rust
         uses: actions-rs/toolchain@v1
         with:
@@ -57,12 +61,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: install-cross
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 50
 
       - name: Download Cross
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v4
         with:
           name: cross-linux-musl
           path: /tmp/
@@ -85,8 +89,11 @@ jobs:
       matrix:
         channel: [stable]
         target:
+          - aarch64-unknown-linux-musl
+          - arm-unknown-linux-musleabi
           - arm-unknown-linux-gnueabi
           - armv7-unknown-linux-gnueabihf
+          - armv7-unknown-linux-musleabihf
           - i686-unknown-linux-musl
           - x86_64-unknown-linux-musl
 
@@ -98,7 +105,7 @@ jobs:
     # artifacts are downloaded first.
     needs: install-cross
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 50
       - run: ci/set_rust_version.bash ${{ matrix.channel }} ${{ matrix.target }}

.github/workflows/mean_bean_deploy.yml

@@ -16,7 +16,7 @@ jobs:
   install-cross:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 50
 
@@ -28,7 +28,7 @@ jobs:
           matches: ${{ matrix.platform }}
           token: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: actions/upload-artifact@v1
+      - uses: actions/upload-artifact@v4
         with:
           name: cross-${{ matrix.platform }}
           path: ${{ steps.cross.outputs.install_path }}
@@ -50,7 +50,7 @@ jobs:
         uses: dawidd6/action-get-tag@v1
 
       - name: Setup | Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       # Cache files between builds
       - name: Setup | Cache Cargo
@@ -102,8 +102,11 @@ jobs:
     strategy:
       matrix:
         target:
+          - aarch64-unknown-linux-musl
+          - arm-unknown-linux-musleabi
           - arm-unknown-linux-gnueabi
           - armv7-unknown-linux-gnueabihf
+          - armv7-unknown-linux-musleabihf
           - i686-unknown-linux-musl
           - x86_64-unknown-linux-musl
     steps:
@@ -111,8 +114,8 @@ jobs:
         id: tag
         uses: dawidd6/action-get-tag@v1
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v1
+      - uses: actions/download-artifact@v4
         with:
           name: cross-linux-musl
           path: /tmp/
@@ -160,7 +163,7 @@ jobs:
         id: tag
         uses: dawidd6/action-get-tag@v1
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - run: bash ci/set_rust_version.bash stable ${{ matrix.target }}
       - run: bash ci/build.bash cargo ${{ matrix.target }} RELEASE
       - run: |

Cargo.lock

@@ -113,7 +113,7 @@ dependencies = [
 
 [[package]]
 name = "bore-cli"
-version = "0.5.0"
+version = "0.5.3"
 dependencies = [
  "anyhow",
  "clap",
@@ -409,18 +409,9 @@ checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8"
 
 [[package]]
 name = "hermit-abi"
-version = "0.2.6"
+version = "0.3.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ee512640fe35acbfb4bb779db6f0d80704c2cacfa2e39b601ef3e3f47d1ae4c7"
+checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024"
-dependencies = [
- "libc",
-]
-
-[[package]]
-name = "hermit-abi"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fed44880c466736ef9a5c5b5facefb5ed0785676d0c02d612db14e54f0d84286"
 
 [[package]]
 name = "hex"
@@ -452,7 +443,7 @@ version = "1.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9c66c74d2ae7e79a5a8f7ac924adbe38ee42a859c6539ad869eb51f0b52dc220"
 dependencies = [
- "hermit-abi 0.3.1",
+ "hermit-abi",
  "libc",
  "windows-sys 0.48.0",
 ]
@@ -463,7 +454,7 @@ version = "0.4.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "adcf93614601c8129ddf72e2d5633df827ba6551541c6d8c59520a371475be1f"
 dependencies = [
- "hermit-abi 0.3.1",
+ "hermit-abi",
  "io-lifetimes",
  "rustix",
  "windows-sys 0.48.0",
@@ -551,11 +542,11 @@ dependencies = [
 
 [[package]]
 name = "num_cpus"
-version = "1.15.0"
+version = "1.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fac9e2da13b5eb447a6ce3d392f23a29d8694bff781bf03a16cd9ac8697593b"
+checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43"
 dependencies = [
- "hermit-abi 0.2.6",
+ "hermit-abi",
  "libc",
 ]
 
@@ -868,10 +859,11 @@ dependencies = [
 
 [[package]]
 name = "tracing"
-version = "0.1.38"
+version = "0.1.37"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf9cf6a813d3f40c88b0b6b6f29a5c95c6cdbf97c1f9cc53fb820200f5ad814d"
+checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8"
 dependencies = [
+ "cfg-if",
  "pin-project-lite",
  "tracing-attributes",
  "tracing-core",
@@ -900,20 +892,20 @@ dependencies = [
 
 [[package]]
 name = "tracing-log"
-version = "0.1.3"
+version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "78ddad33d2d10b1ed7eb9d1f518a5674713876e97e5bb9b7345a7984fbb4f922"
+checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3"
 dependencies = [
- "lazy_static",
  "log",
+ "once_cell",
  "tracing-core",
 ]
 
 [[package]]
 name = "tracing-subscriber"
-version = "0.3.17"
+version = "0.3.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "30a651bc37f915e81f087d86e62a18eec5f79550c7faff886f7090b4ea757c77"
+checksum = "e8189decb5ac0fa7bc8b96b7cb9b2701d60d48805aca84a238004d665fcc4008"
 dependencies = [
  "nu-ansi-term",
  "sharded-slab",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "bore-cli"
-version = "0.5.0"
+version = "0.5.3"
 authors = ["Eric Zhang <ekzhang1@gmail.com>"]
 license = "MIT"
 description = "A modern, simple TCP tunnel in Rust that exposes local ports to a remote server, bypassing standard NAT connection firewalls."
@@ -29,7 +29,7 @@ sha2 = "0.10.2"
 tokio = { version = "1.17.0", features = ["rt-multi-thread", "io-util", "macros", "net", "time"] }
 tokio-util = { version = "0.7.1", features = ["codec"] }
 tracing = "0.1.32"
-tracing-subscriber = "0.3.10"
+tracing-subscriber = "0.3.18"
 uuid = { version = "1.2.1", features = ["serde", "v4"] }
 
 [dev-dependencies]

Dockerfile

@@ -1,4 +1,4 @@
-FROM rust:alpine as builder
+FROM rust:alpine AS builder
 WORKDIR /home/rust/src
 RUN apk --no-cache add musl-dev
 COPY . .

README.md

@@ -23,20 +23,48 @@ Similar to [localtunnel](https://github.com/localtunnel/localtunnel) and [ngrok]
 
 ## Installation
 
-If you're on macOS, `bore` is packaged as a Homebrew formula.
+### macOS
+
+`bore` is packaged as a Homebrew core formula.
 
 ```shell
-brew install ekzhang/bore/bore
+brew install bore-cli
 ```
 
+### Linux
+
+#### Arch Linux
+
+`bore` is available in the AUR as `bore`.
+
+```shell
+yay -S bore # or your favorite AUR helper
+```
+
+#### Gentoo Linux
+
+`bore` is available in the [gentoo-zh](https://github.com/microcai/gentoo-zh) overlay.
+
+```shell
+sudo eselect repository enable gentoo-zh
+sudo emerge --sync gentoo-zh
+sudo emerge net-proxy/bore
+```
+
+### Binary Distribution
+
 Otherwise, the easiest way to install bore is from prebuilt binaries. These are available on the [releases page](https://github.com/ekzhang/bore/releases) for macOS, Windows, and Linux. Just unzip the appropriate file for your platform and move the `bore` executable into a folder on your PATH.
 
+### Cargo
+
 You also can build `bore` from source using [Cargo](https://doc.rust-lang.org/cargo/), the Rust package manager. This command installs the `bore` binary at a user-accessible path.
 
 ```shell
 cargo install bore-cli
 ```
 
+### Docker
+
 We also publish versioned Docker images for each release. The image is built for an AMD 64-bit architecture. They're tagged with the specific version and allow you to run the statically-linked `bore` binary from a minimal "scratch" container.
 
 ```shell
@@ -65,14 +93,14 @@ Starts a local proxy to the remote server
 Usage: bore local [OPTIONS] --to <TO> <LOCAL_PORT>
 
 Arguments:
-  <LOCAL_PORT>  The local port to expose
+  <LOCAL_PORT>  The local port to expose [env: BORE_LOCAL_PORT=]
 
 Options:
   -l, --local-host <HOST>  The local host to expose [default: localhost]
   -t, --to <TO>            Address of the remote server to expose local ports to [env: BORE_SERVER=]
   -p, --port <PORT>        Optional port on the remote server to select [default: 0]
   -s, --secret <SECRET>    Optional secret for authentication [env: BORE_SECRET]
-  -h, --help               Print help information
+  -h, --help               Print help
 ```
 
 ### Self-Hosting
@@ -85,6 +113,8 @@ bore server
 
 That's all it takes! After the server starts running at a given address, you can then update the `bore local` command with option `--to <ADDRESS>` to forward a local port to this remote server.
 
+It's possible to specify different IP addresses for the control server and for the tunnels. This setup is useful for cases where you might want the control server to be on a private network while allowing tunnel connections over a public interface, or vice versa.
+
 The full options for the `bore server` command are shown below.
 
 ```shell
@@ -93,10 +123,12 @@ Runs the remote proxy server
 Usage: bore server [OPTIONS]
 
 Options:
-      --min-port <MIN_PORT>  Minimum accepted TCP port number [default: 1024]
+      --min-port <MIN_PORT>          Minimum accepted TCP port number [env: BORE_MIN_PORT=] [default: 1024]
-      --max-port <MAX_PORT>  Maximum accepted TCP port number [default: 65535]
+      --max-port <MAX_PORT>          Maximum accepted TCP port number [env: BORE_MAX_PORT=] [default: 65535]
   -s, --secret <SECRET>              Optional secret for authentication [env: BORE_SECRET]
-  -h, --help                 Print help information
+      --bind-addr <BIND_ADDR>        IP address to bind to, clients must reach this [default: 0.0.0.0]
+      --bind-tunnels <BIND_TUNNELS>  IP address where tunnels will listen on, defaults to --bind-addr
+  -h, --help                         Print help
 ```
 
 ## Protocol

ci/test.bash

@@ -12,5 +12,21 @@ TARGET_TRIPLE=$2
 required_arg $CROSS 'CROSS'
 required_arg $TARGET_TRIPLE '<Target Triple>'
 
+max_attempts=3
+count=0
+
+while [ $count -lt $max_attempts ]; do
     $CROSS test --target $TARGET_TRIPLE
-$CROSS test --target $TARGET_TRIPLE --all-features
+    status=$?
+    if [ $status -eq 0 ]; then
+        echo "Test passed"
+        break
+    else
+        echo "Test failed, attempt $(($count + 1))"
+    fi
+    count=$(($count + 1))
+done
+
+if [ $status -ne 0 ]; then
+    echo "Test failed after $max_attempts attempts"
+fi

src/main.rs

@@ -1,3 +1,5 @@
+use std::net::IpAddr;
+
 use anyhow::Result;
 use bore_cli::{client::Client, server::Server};
 use clap::{error::ErrorKind, CommandFactory, Parser, Subcommand};
@@ -14,6 +16,7 @@ enum Command {
     /// Starts a local proxy to the remote server.
     Local {
         /// The local port to expose.
+        #[clap(env = "BORE_LOCAL_PORT")]
         local_port: u16,
 
         /// The local host to expose.
@@ -36,16 +39,24 @@ enum Command {
     /// Runs the remote proxy server.
     Server {
         /// Minimum accepted TCP port number.
-        #[clap(long, default_value_t = 1024)]
+        #[clap(long, default_value_t = 1024, env = "BORE_MIN_PORT")]
         min_port: u16,
 
         /// Maximum accepted TCP port number.
-        #[clap(long, default_value_t = 65535)]
+        #[clap(long, default_value_t = 65535, env = "BORE_MAX_PORT")]
         max_port: u16,
 
         /// Optional secret for authentication.
         #[clap(short, long, env = "BORE_SECRET", hide_env_values = true)]
         secret: Option<String>,
+
+        /// IP address to bind to, clients must reach this.
+        #[clap(long, default_value = "0.0.0.0")]
+        bind_addr: IpAddr,
+
+        /// IP address where tunnels will listen on, defaults to --bind-addr.
+        #[clap(long)]
+        bind_tunnels: Option<IpAddr>,
     },
 }
 
@@ -66,6 +77,8 @@ async fn run(command: Command) -> Result<()> {
             min_port,
             max_port,
             secret,
+            bind_addr,
+            bind_tunnels,
         } => {
             let port_range = min_port..=max_port;
             if port_range.is_empty() {
@@ -73,7 +86,10 @@ async fn run(command: Command) -> Result<()> {
                     .error(ErrorKind::InvalidValue, "port range is empty")
                     .exit();
             }
-            Server::new(port_range, secret.as_deref()).listen().await?;
+            let mut server = Server::new(port_range, secret.as_deref());
+            server.set_bind_addr(bind_addr);
+            server.set_bind_tunnels(bind_tunnels.unwrap_or(bind_addr));
+            server.listen().await?;
         }
     }
 

src/server.rs

@@ -1,6 +1,7 @@
 //! Server implementation for the `bore` service.
 
-use std::{io, net::SocketAddr, ops::RangeInclusive, sync::Arc, time::Duration};
+use std::net::{IpAddr, Ipv4Addr};
+use std::{io, ops::RangeInclusive, sync::Arc, time::Duration};
 
 use anyhow::Result;
 use dashmap::DashMap;
@@ -23,6 +24,12 @@ pub struct Server {
 
     /// Concurrent map of IDs to incoming connections.
     conns: Arc<DashMap<Uuid, TcpStream>>,
+
+    /// IP address where the control server will bind to.
+    bind_addr: IpAddr,
+
+    /// IP address where tunnels will listen on.
+    bind_tunnels: IpAddr,
 }
 
 impl Server {
@@ -33,15 +40,26 @@ impl Server {
             port_range,
             conns: Arc::new(DashMap::new()),
             auth: secret.map(Authenticator::new),
+            bind_addr: IpAddr::V4(Ipv4Addr::UNSPECIFIED),
+            bind_tunnels: IpAddr::V4(Ipv4Addr::UNSPECIFIED),
         }
     }
 
+    /// Set the IP address where tunnels will listen on.
+    pub fn set_bind_addr(&mut self, bind_addr: IpAddr) {
+        self.bind_addr = bind_addr;
+    }
+
+    /// Set the IP address where the control server will bind to.
+    pub fn set_bind_tunnels(&mut self, bind_tunnels: IpAddr) {
+        self.bind_tunnels = bind_tunnels;
+    }
+
     /// Start the server, listening for new connections.
     pub async fn listen(self) -> Result<()> {
         let this = Arc::new(self);
-        let addr = SocketAddr::from(([0, 0, 0, 0], CONTROL_PORT));
+        let listener = TcpListener::bind((this.bind_addr, CONTROL_PORT)).await?;
-        let listener = TcpListener::bind(&addr).await?;
+        info!(addr = ?this.bind_addr, "server listening");
-        info!(?addr, "server listening");
 
         loop {
             let (stream, addr) = listener.accept().await?;
@@ -62,7 +80,7 @@ impl Server {
 
     async fn create_listener(&self, port: u16) -> Result<TcpListener, &'static str> {
         let try_bind = |port: u16| async move {
-            TcpListener::bind(("0.0.0.0", port))
+            TcpListener::bind((self.bind_tunnels, port))
                 .await
                 .map_err(|err| match err.kind() {
                     io::ErrorKind::AddrInUse => "port already in use",
@@ -120,8 +138,9 @@ impl Server {
                         return Ok(());
                     }
                 };
+                let host = listener.local_addr()?.ip();
                 let port = listener.local_addr()?.port();
-                info!(?port, "new client");
+                info!(?host, ?port, "new client");
                 stream.send(ServerMessage::Hello(port)).await?;
 
                 loop {

src/shared.rs

@@ -14,7 +14,7 @@ use uuid::Uuid;
 /// TCP port used for control connections with the server.
 pub const CONTROL_PORT: u16 = 7835;
 
-/// Maxmium byte length for a JSON frame in the stream.
+/// Maximum byte length for a JSON frame in the stream.
 pub const MAX_FRAME_LENGTH: usize = 256;
 
 /// Timeout for network connections and initial protocol messages.