[client] Phase 3.5 + 3.7d-h of #5989: network-change ICE recovery + GUI mode tab (stack 2/4)

client/android/client.go

@@ -394,6 +394,66 @@ func (c *Client) RemoveConnectionListener() {
 	c.recorder.RemoveConnectionListener()
 }
 
+// GetServerPushedConnectionMode returns the canonical name of the
+// connection mode the management server most recently pushed via
+// PeerConfig (independent of any local profile/env override). Returns
+// an empty string when the engine has not connected yet or the server
+// has not pushed a value -- the Android UI then knows to display
+// just "Follow server" without the (currently: ...) suffix.
+func (c *Client) GetServerPushedConnectionMode() string {
+	cm := c.connMgrSafe()
+	if cm == nil {
+		return ""
+	}
+	return cm.ServerPushedMode().String()
+}
+
+// GetServerPushedRelayTimeoutSecs returns the relay timeout in seconds
+// most recently pushed by the management server, or 0 when no value
+// has been received. Used by the Android UI as a hint.
+func (c *Client) GetServerPushedRelayTimeoutSecs() int64 {
+	cm := c.connMgrSafe()
+	if cm == nil {
+		return 0
+	}
+	return int64(cm.ServerPushedRelayTimeoutSecs())
+}
+
+// GetServerPushedP2pTimeoutSecs returns the ICE-only timeout (seconds)
+// most recently pushed by the management server.
+func (c *Client) GetServerPushedP2pTimeoutSecs() int64 {
+	cm := c.connMgrSafe()
+	if cm == nil {
+		return 0
+	}
+	return int64(cm.ServerPushedP2pTimeoutSecs())
+}
+
+// GetServerPushedP2pRetryMaxSecs returns the ICE-backoff cap (seconds)
+// most recently pushed by the management server.
+func (c *Client) GetServerPushedP2pRetryMaxSecs() int64 {
+	cm := c.connMgrSafe()
+	if cm == nil {
+		return 0
+	}
+	return int64(cm.ServerPushedP2pRetryMaxSecs())
+}
+
+// connMgrSafe is a small helper that walks the Client -> ConnectClient
+// -> Engine -> ConnMgr chain and returns nil at the first nil pointer.
+// Each accessor that surfaces engine state to the Android UI uses it.
+func (c *Client) connMgrSafe() *internal.ConnMgr {
+	cc := c.getConnectClient()
+	if cc == nil {
+		return nil
+	}
+	engine := cc.Engine()
+	if engine == nil {
+		return nil
+	}
+	return engine.ConnMgr()
+}
+
 func (c *Client) toggleRoute(command routeCommand) error {
 	return command.toggleRoute()
 }

client/android/preferences.go

@@ -307,6 +307,91 @@ func (p *Preferences) SetBlockInbound(block bool) {
 	p.configInput.BlockInbound = &block
 }
 
+// GetConnectionMode returns the locally configured connection-mode override
+// (canonical lower-kebab-case: "relay-forced", "p2p", "p2p-lazy",
+// "p2p-dynamic", "follow-server"), or empty string if no local override
+// is configured -- the daemon will then follow the server-pushed value.
+func (p *Preferences) GetConnectionMode() (string, error) {
+	if p.configInput.ConnectionMode != nil {
+		return *p.configInput.ConnectionMode, nil
+	}
+	cfg, err := profilemanager.ReadConfig(p.configInput.ConfigPath)
+	if err != nil {
+		return "", err
+	}
+	return cfg.ConnectionMode, nil
+}
+
+// SetConnectionMode stores a local override for the connection mode.
+// Pass an empty string to clear the override (revert to following the
+// server-pushed value).
+func (p *Preferences) SetConnectionMode(mode string) {
+	m := mode
+	p.configInput.ConnectionMode = &m
+}
+
+// GetRelayTimeoutSeconds returns the locally configured relay-worker
+// inactivity timeout in seconds, or 0 if no override is set (follow
+// server-pushed value, or built-in default if the server has none).
+func (p *Preferences) GetRelayTimeoutSeconds() (int64, error) {
+	if p.configInput.RelayTimeoutSeconds != nil {
+		return int64(*p.configInput.RelayTimeoutSeconds), nil
+	}
+	cfg, err := profilemanager.ReadConfig(p.configInput.ConfigPath)
+	if err != nil {
+		return 0, err
+	}
+	return int64(cfg.RelayTimeoutSeconds), nil
+}
+
+// SetRelayTimeoutSeconds stores a local override for the relay timeout.
+// Pass 0 to clear the override.
+func (p *Preferences) SetRelayTimeoutSeconds(secs int64) {
+	v := uint32(secs)
+	p.configInput.RelayTimeoutSeconds = &v
+}
+
+// GetP2pTimeoutSeconds returns the locally configured ICE-worker
+// inactivity timeout in seconds (only effective in p2p-dynamic mode),
+// or 0 if no override is set.
+func (p *Preferences) GetP2pTimeoutSeconds() (int64, error) {
+	if p.configInput.P2pTimeoutSeconds != nil {
+		return int64(*p.configInput.P2pTimeoutSeconds), nil
+	}
+	cfg, err := profilemanager.ReadConfig(p.configInput.ConfigPath)
+	if err != nil {
+		return 0, err
+	}
+	return int64(cfg.P2pTimeoutSeconds), nil
+}
+
+// SetP2pTimeoutSeconds stores a local override for the p2p timeout.
+// Pass 0 to clear the override.
+func (p *Preferences) SetP2pTimeoutSeconds(secs int64) {
+	v := uint32(secs)
+	p.configInput.P2pTimeoutSeconds = &v
+}
+
+// GetP2pRetryMaxSeconds returns the locally configured cap on the
+// per-peer ICE-failure backoff schedule, or 0 if no override is set.
+func (p *Preferences) GetP2pRetryMaxSeconds() (int64, error) {
+	if p.configInput.P2pRetryMaxSeconds != nil {
+		return int64(*p.configInput.P2pRetryMaxSeconds), nil
+	}
+	cfg, err := profilemanager.ReadConfig(p.configInput.ConfigPath)
+	if err != nil {
+		return 0, err
+	}
+	return int64(cfg.P2pRetryMaxSeconds), nil
+}
+
+// SetP2pRetryMaxSeconds stores a local override for the backoff cap.
+// Pass 0 to clear the override.
+func (p *Preferences) SetP2pRetryMaxSeconds(secs int64) {
+	v := uint32(secs)
+	p.configInput.P2pRetryMaxSeconds = &v
+}
+
 // Commit writes out the changes to the config file
 func (p *Preferences) Commit() error {
 	_, err := profilemanager.UpdateOrCreateConfig(p.configInput)

client/cmd/root.go

@@ -39,6 +39,10 @@ const (
 	extraIFaceBlackListFlag  = "extra-iface-blacklist"
 	dnsRouteIntervalFlag     = "dns-router-interval"
 	enableLazyConnectionFlag = "enable-lazy-connection"
+	connectionModeFlag       = "connection-mode"
+	relayTimeoutFlag         = "relay-timeout"
+	p2pTimeoutFlag           = "p2p-timeout"
+	p2pRetryMaxFlag          = "p2p-retry-max"
 	mtuFlag                  = "mtu"
 )
 
@@ -72,6 +76,10 @@ var (
 	anonymizeFlag           bool
 	dnsRouteInterval        time.Duration
 	lazyConnEnabled         bool
+	connectionMode          string
+	relayTimeoutSecs        uint32
+	p2pTimeoutSecs          uint32
+	p2pRetryMaxSecs         uint32
 	mtu                     uint16
 	profilesDisabled        bool
 	updateSettingsDisabled  bool
@@ -192,6 +200,15 @@ func init() {
 	upCmd.PersistentFlags().BoolVar(&rosenpassPermissive, rosenpassPermissiveFlag, false, "[Experimental] Enable Rosenpass in permissive mode to allow this peer to accept WireGuard connections without requiring Rosenpass functionality from peers that do not have Rosenpass enabled.")
 	upCmd.PersistentFlags().BoolVar(&autoConnectDisabled, disableAutoConnectFlag, false, "Disables auto-connect feature. If enabled, then the client won't connect automatically when the service starts.")
 	upCmd.PersistentFlags().BoolVar(&lazyConnEnabled, enableLazyConnectionFlag, false, "[Experimental] Enable the lazy connection feature. If enabled, the client will establish connections on-demand. Note: this setting may be overridden by management configuration.")
+	upCmd.PersistentFlags().StringVar(&connectionMode, connectionModeFlag, "",
+		"[Experimental] Peer connection mode: relay-forced, p2p, p2p-lazy, p2p-dynamic, or follow-server. "+
+			"Overrides the server-pushed value when set. Use follow-server to clear a previously-set local override.")
+	upCmd.PersistentFlags().Uint32Var(&relayTimeoutSecs, relayTimeoutFlag, 0,
+		"[Experimental] Relay-worker idle timeout in seconds. 0 = use server-pushed value (or built-in default).")
+	upCmd.PersistentFlags().Uint32Var(&p2pTimeoutSecs, p2pTimeoutFlag, 0,
+		"[Experimental] ICE-worker idle timeout in seconds. 0 = use server-pushed value (or built-in default). Only effective in p2p-dynamic mode (Phase 2).")
+	upCmd.PersistentFlags().Uint32Var(&p2pRetryMaxSecs, p2pRetryMaxFlag, 0,
+		"[Experimental] Maximum ICE-failure-backoff interval in seconds. 0 = use server-pushed value (or built-in default 15 min). Effective in p2p-dynamic mode (Phase 3 of #5989).")
 
 }
 

client/cmd/service.go

@@ -57,6 +57,24 @@ func init() {
 	installCmd.Flags().StringSliceVar(&serviceEnvVars, "service-env", nil, serviceEnvDesc)
 	reconfigureCmd.Flags().StringSliceVar(&serviceEnvVars, "service-env", nil, serviceEnvDesc)
 
+	// Profile-level connection-mode + timeout flags. Same semantics as on
+	// `netbird up` but writeable at install time so server/headless
+	// installs can pre-seed the active profile before the daemon starts.
+	// Same package-level vars are shared with upCmd; on `up` they take
+	// effect through setupConfig(), here we apply them once before
+	// installing the service so the daemon picks them up on first run.
+	for _, c := range []*cobra.Command{installCmd, reconfigureCmd} {
+		c.Flags().StringVar(&connectionMode, connectionModeFlag, "",
+			"[Experimental] Peer connection mode: relay-forced, p2p, p2p-lazy, p2p-dynamic, or follow-server. "+
+				"Overrides the server-pushed value when set. Use follow-server to clear a previously-set local override.")
+		c.Flags().Uint32Var(&relayTimeoutSecs, relayTimeoutFlag, 0,
+			"[Experimental] Relay-worker idle timeout in seconds. 0 = use server-pushed value (or built-in default).")
+		c.Flags().Uint32Var(&p2pTimeoutSecs, p2pTimeoutFlag, 0,
+			"[Experimental] ICE-worker idle timeout in seconds. 0 = use server-pushed value. Only effective in p2p-dynamic mode.")
+		c.Flags().Uint32Var(&p2pRetryMaxSecs, p2pRetryMaxFlag, 0,
+			"[Experimental] Maximum ICE-failure-backoff interval in seconds. 0 = use server-pushed value (or built-in default 15 min).")
+	}
+
 	rootCmd.AddCommand(serviceCmd)
 }
 

client/cmd/service_installer.go

@@ -15,6 +15,7 @@ import (
 	"github.com/kardianos/service"
 	"github.com/spf13/cobra"
 
+	"github.com/netbirdio/netbird/client/internal/profilemanager"
 	"github.com/netbirdio/netbird/util"
 )
 
@@ -131,6 +132,12 @@ var installCmd = &cobra.Command{
 			cmd.PrintErrf("Warning: failed to load saved service params: %v\n", err)
 		}
 
+		// Persist any profile-level connection-mode/timeout flags that
+		// were explicitly set so the daemon picks them up on first start.
+		if err := applyConnectionModeFlagsToProfile(cmd); err != nil {
+			cmd.PrintErrf("Warning: failed to persist connection-mode flags: %v\n", err)
+		}
+
 		svcConfig, err := createServiceConfigForInstall()
 		if err != nil {
 			return err
@@ -157,6 +164,52 @@ var installCmd = &cobra.Command{
 	},
 }
 
+// applyConnectionModeFlagsToProfile writes the connection-mode +
+// timeout flags into the active profile's config file so the daemon
+// will use them on its next startup. Only fields whose flag was
+// explicitly set are touched; missing flags leave the existing
+// profile values intact. Used by install + reconfigure so headless
+// deployments can pre-seed everything in a single command.
+func applyConnectionModeFlagsToProfile(cmd *cobra.Command) error {
+	anyChanged := false
+	for _, name := range []string{connectionModeFlag, relayTimeoutFlag, p2pTimeoutFlag, p2pRetryMaxFlag} {
+		if f := cmd.Flag(name); f != nil && f.Changed {
+			anyChanged = true
+			break
+		}
+	}
+	if !anyChanged {
+		return nil
+	}
+
+	cfgPath := profilemanager.DefaultConfigPath
+	if configPath != "" {
+		cfgPath = configPath
+	}
+	if cfgPath == "" {
+		return fmt.Errorf("default config path is not set on this platform; pass --config")
+	}
+
+	ic := profilemanager.ConfigInput{ConfigPath: cfgPath}
+	if cmd.Flag(connectionModeFlag).Changed {
+		ic.ConnectionMode = &connectionMode
+	}
+	if cmd.Flag(relayTimeoutFlag).Changed {
+		ic.RelayTimeoutSeconds = &relayTimeoutSecs
+	}
+	if cmd.Flag(p2pTimeoutFlag).Changed {
+		ic.P2pTimeoutSeconds = &p2pTimeoutSecs
+	}
+	if cmd.Flag(p2pRetryMaxFlag).Changed {
+		ic.P2pRetryMaxSeconds = &p2pRetryMaxSecs
+	}
+	if _, err := profilemanager.UpdateOrCreateConfig(ic); err != nil {
+		return fmt.Errorf("write profile %s: %w", cfgPath, err)
+	}
+	cmd.Println("connection-mode/timeout flags persisted to profile:", cfgPath)
+	return nil
+}
+
 var uninstallCmd = &cobra.Command{
 	Use:   "uninstall",
 	Short: "uninstalls NetBird service from system",
@@ -207,6 +260,10 @@ This command will temporarily stop the service, update its configuration, and re
 			cmd.PrintErrf("Warning: failed to load saved service params: %v\n", err)
 		}
 
+		if err := applyConnectionModeFlagsToProfile(cmd); err != nil {
+			cmd.PrintErrf("Warning: failed to persist connection-mode flags: %v\n", err)
+		}
+
 		wasRunning, err := isServiceRunning()
 		if err != nil && !errors.Is(err, ErrGetServiceStatus) {
 			return fmt.Errorf("check service status: %w", err)

client/cmd/up.go

@@ -338,7 +338,7 @@
 	return nil
 }
 
 func setupSetConfigReq(customDNSAddressConverted []byte, cmd *cobra.Command, profileName, username string) *proto.SetConfigRequest {
 	var req proto.SetConfigRequest
 	req.ProfileName = profileName
 	req.Username = username
@@ -439,10 +439,23 @@
 		req.LazyConnectionEnabled = &lazyConnEnabled
 	}
 
+	if cmd.Flag(connectionModeFlag).Changed {
+		req.ConnectionMode = &connectionMode
+	}
+	if cmd.Flag(relayTimeoutFlag).Changed {
+		req.RelayTimeoutSeconds = &relayTimeoutSecs
+	}
+	if cmd.Flag(p2pTimeoutFlag).Changed {
+		req.P2PTimeoutSeconds = &p2pTimeoutSecs
+	}
+	if cmd.Flag(p2pRetryMaxFlag).Changed {
+		req.P2PRetryMaxSeconds = &p2pRetryMaxSecs
+	}
+
 	return &req
 }
 
 func setupConfig(customDNSAddressConverted []byte, cmd *cobra.Command, configFilePath string) (*profilemanager.ConfigInput, error) {
 	ic := profilemanager.ConfigInput{
 		ManagementURL:       managementURL,
 		ConfigPath:          configFilePath,
@@ -555,10 +568,23 @@
 	if cmd.Flag(enableLazyConnectionFlag).Changed {
 		ic.LazyConnectionEnabled = &lazyConnEnabled
 	}
+
+	if cmd.Flag(connectionModeFlag).Changed {
+		ic.ConnectionMode = &connectionMode
+	}
+	if cmd.Flag(relayTimeoutFlag).Changed {
+		ic.RelayTimeoutSeconds = &relayTimeoutSecs
+	}
+	if cmd.Flag(p2pTimeoutFlag).Changed {
+		ic.P2pTimeoutSeconds = &p2pTimeoutSecs
+	}
+	if cmd.Flag(p2pRetryMaxFlag).Changed {
+		ic.P2pRetryMaxSeconds = &p2pRetryMaxSecs
+	}
 	return &ic, nil
 }
 
 func setupLoginRequest(providedSetupKey string, customDNSAddressConverted []byte, cmd *cobra.Command) (*proto.LoginRequest, error) {
 	loginRequest := proto.LoginRequest{
 		SetupKey:            providedSetupKey,
 		ManagementUrl:       managementURL,
@@ -669,6 +695,19 @@
 	if cmd.Flag(enableLazyConnectionFlag).Changed {
 		loginRequest.LazyConnectionEnabled = &lazyConnEnabled
 	}
+
+	if cmd.Flag(connectionModeFlag).Changed {
+		loginRequest.ConnectionMode = &connectionMode
+	}
+	if cmd.Flag(relayTimeoutFlag).Changed {
+		loginRequest.RelayTimeoutSeconds = &relayTimeoutSecs
+	}
+	if cmd.Flag(p2pTimeoutFlag).Changed {
+		loginRequest.P2PTimeoutSeconds = &p2pTimeoutSecs
+	}
+	if cmd.Flag(p2pRetryMaxFlag).Changed {
+		loginRequest.P2PRetryMaxSeconds = &p2pRetryMaxSecs
+	}
 	return &loginRequest, nil
 }