release: v0.32.0

Cargo.toml

@@ -6,7 +6,7 @@ members = [
 
 [package]
 name = "saorsa-transport"
-version = "0.31.0"
+version = "0.32.0"
 edition = "2024"
 rust-version = "1.88.0"
 license = "MIT OR Apache-2.0"
@@ -39,11 +39,18 @@ exclude = [
 [features]
 # Default features include essential functionality with 100% PQC support
 # v0.15.0: Simplified feature flags - crypto is always enabled
-default = ["platform-verifier", "network-discovery"]
+default = ["platform-verifier", "network-discovery", "upnp"]
 
 # Platform-specific certificate verification
 platform-verifier = ["dep:rustls-platform-verifier"]
 
+# UPnP IGD port mapping for best-effort NAT traversal assistance.
+# When enabled, the endpoint will opportunistically request a UDP port
+# mapping from a local Internet Gateway Device. Failure is silent and
+# non-fatal — the endpoint behaves identically to a non-UPnP build when
+# no gateway is available.
+upnp = ["dep:igd-next"]
+
 # Configure `tracing` to log events via `log` if no `tracing` subscriber exists
 log = ["tracing/log"]
 
@@ -113,6 +120,12 @@ rustls-post-quantum = { version = "0.2", features = ["aws-lc-rs-unstable"] }
 socket2 = { version = "0.5", optional = true }
 nix = { version = "0.29", features = ["resource", "net"], optional = true }
 
+# UPnP IGD port mapping (optional)
+# Used by the `upnp` feature for best-effort UDP port mapping. The
+# implementation never blocks startup and silently degrades when the
+# router does not support or has disabled UPnP IGD.
+igd-next = { version = "0.17", default-features = false, features = ["aio_tokio"], optional = true }
+
 # BLE transport dependencies (cross-platform, optional)
 # btleplug supports Linux (BlueZ), macOS (Core Bluetooth), and Windows (WinRT)
 btleplug = { version = "0.11", optional = true }

benches/connection_router.rs

@@ -38,7 +38,7 @@ fn bench_engine_selection(c: &mut Criterion) {
 
     // Benchmark UDP address selection
     group.bench_function("udp_address", |b| {
-        let mut router = ConnectionRouter::new(RouterConfig::default());
+        let router = ConnectionRouter::new(RouterConfig::default());
         b.iter(|| {
             let engine = router.select_engine_for_addr(black_box(&udp_transport));
             black_box(engine)
@@ -47,7 +47,7 @@ fn bench_engine_selection(c: &mut Criterion) {
 
     // Benchmark BLE address selection
     group.bench_function("ble_address", |b| {
-        let mut router = ConnectionRouter::new(RouterConfig::default());
+        let router = ConnectionRouter::new(RouterConfig::default());
         b.iter(|| {
             let engine = router.select_engine_for_addr(black_box(&ble_transport));
             black_box(engine)
@@ -56,7 +56,7 @@ fn bench_engine_selection(c: &mut Criterion) {
 
     // Benchmark LoRa address selection
     group.bench_function("lora_address", |b| {
-        let mut router = ConnectionRouter::new(RouterConfig::default());
+        let router = ConnectionRouter::new(RouterConfig::default());
         b.iter(|| {
             let engine = router.select_engine_for_addr(black_box(&lora_transport));
             black_box(engine)
@@ -76,7 +76,7 @@ fn bench_engine_selection_detailed(c: &mut Criterion) {
 
     // Benchmark broadband selection
     group.bench_function("broadband_detailed", |b| {
-        let mut router = ConnectionRouter::new(RouterConfig::default());
+        let router = ConnectionRouter::new(RouterConfig::default());
         b.iter(|| {
             let result = router.select_engine_detailed(black_box(&broadband_caps));
             black_box(result)
@@ -85,7 +85,7 @@ fn bench_engine_selection_detailed(c: &mut Criterion) {
 
     // Benchmark BLE selection
     group.bench_function("ble_detailed", |b| {
-        let mut router = ConnectionRouter::new(RouterConfig::default());
+        let router = ConnectionRouter::new(RouterConfig::default());
         b.iter(|| {
             let result = router.select_engine_detailed(black_box(&ble_caps));
             black_box(result)
@@ -94,7 +94,7 @@ fn bench_engine_selection_detailed(c: &mut Criterion) {
 
     // Benchmark LoRa selection
     group.bench_function("lora_detailed", |b| {
-        let mut router = ConnectionRouter::new(RouterConfig::default());
+        let router = ConnectionRouter::new(RouterConfig::default());
         b.iter(|| {
             let result = router.select_engine_detailed(black_box(&lora_caps));
             black_box(result)
@@ -112,7 +112,7 @@ fn bench_fallback_selection(c: &mut Criterion) {
 
     // Benchmark with QUIC available
     group.bench_function("quic_available", |b| {
-        let mut router = ConnectionRouter::new(RouterConfig::default());
+        let router = ConnectionRouter::new(RouterConfig::default());
         b.iter(|| {
             let result = router.select_engine_with_fallback(
                 black_box(&broadband_caps),
@@ -125,7 +125,7 @@ fn bench_fallback_selection(c: &mut Criterion) {
 
     // Benchmark with fallback needed
     group.bench_function("quic_fallback", |b| {
-        let mut router = ConnectionRouter::new(RouterConfig::default());
+        let router = ConnectionRouter::new(RouterConfig::default());
         b.iter(|| {
             let result = router.select_engine_with_fallback(
                 black_box(&broadband_caps),
@@ -184,7 +184,7 @@ fn bench_constrained_connect(c: &mut Criterion) {
 
     // Benchmark constrained connection creation
     group.bench_function("ble_connect", |b| {
-        let mut router = ConnectionRouter::new(RouterConfig::default());
+        let router = ConnectionRouter::new(RouterConfig::default());
         b.iter(|| {
             let result = router.connect(black_box(&ble_addr));
             black_box(result)
@@ -215,11 +215,11 @@ fn bench_stats_tracking(c: &mut Criterion) {
 
     // Benchmark selection with stats update
     group.bench_function("selection_with_stats", |b| {
-        let mut router = ConnectionRouter::new(RouterConfig::default());
+        let router = ConnectionRouter::new(RouterConfig::default());
         b.iter(|| {
             let _ = router.select_engine_for_addr(black_box(&udp_addr));
             let _ = router.select_engine_for_addr(black_box(&ble_addr));
-            let stats = router.stats().clone();
+            let stats = router.stats().snapshot();
             black_box(stats)
         });
     });

benches/nat_traversal.rs

@@ -565,6 +565,7 @@ fn bench_pair_generation(c: &mut Criterion) {
                             CandidateSource::Observed { .. } => 1,
                             CandidateSource::Peer => 2,
                             CandidateSource::Predicted => 3,
+                            CandidateSource::PortMapped => 4,
                         };
 
                         for remote in &remote_candidates {
@@ -585,6 +586,7 @@ fn bench_pair_generation(c: &mut Criterion) {
                                     CandidateSource::Observed { .. } => 1,
                                     CandidateSource::Peer => 2,
                                     CandidateSource::Predicted => 3,
+                                    CandidateSource::PortMapped => 4,
                                 };
 
                                 // Calculate priority

examples/simple_p2p.rs

@@ -39,6 +39,7 @@ async fn main() -> anyhow::Result<()> {
                     addr,
                     public_key,
                     side,
+                    ..
                 } => {
                     println!(
                         "Connected to peer at {} (side: {:?}, has key: {})",

src/bin/e2e-test-node.rs

@@ -713,6 +713,7 @@ async fn handle_event(
             addr,
             public_key: _,
             side,
+            traversal_method: _,
         } => {
             let direction = if side.is_client() {
                 "outbound"

src/bin/saorsa-transport.rs

@@ -170,6 +170,14 @@ struct Args {
     /// Chunk size for data generation/verification (bytes)
     #[arg(long, default_value = "65536")]
     chunk_size: usize,
+
+    /// Disable best-effort UPnP IGD port mapping. By default the endpoint
+    /// asks the local router to forward its UDP port — pass this flag to
+    /// skip the UPnP probe entirely (useful when the router is known to
+    /// be hostile or when running on infrastructure that does not need
+    /// it). NAT traversal still works without UPnP via hole punching.
+    #[arg(long)]
+    no_upnp: bool,
 }
 
 /// CLI subcommands
@@ -371,6 +379,15 @@ async fn main() -> anyhow::Result<()> {
     }
     // v0.13.0: No mode-based NAT config - all nodes are symmetric
 
+    if args.no_upnp {
+        let nat = saorsa_transport::unified_config::NatConfig {
+            upnp: saorsa_transport::upnp::UpnpConfig::disabled(),
+            ..saorsa_transport::unified_config::NatConfig::default()
+        };
+        builder = builder.nat(nat);
+        info!("UPnP IGD port mapping disabled (--no-upnp)");
+    }
+
     let config = builder.build()?;
 
     // Create endpoint