[client, management] Phase 3.7i of #5989: peer-status visibility — RemotePeerConfig + conn-state pusher + Peers UI (stack 3/4)

client/android/client.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"os"
 	"slices"
+	"strings"
 	"sync"
 	"time"
 
@@ -295,17 +296,50 @@ func (c *Client) SetInfoLogLevel() {
 
 // PeersList return with the list of the PeerInfos
 func (c *Client) PeersList() *PeerInfoArray {
+	// Refresh WireGuard counters (BytesRx/Tx + LastWireguardHandshake)
+	// from the kernel/uapi interface before snapshotting. Without this
+	// the Android UI sees the stale values that were last written when
+	// the peer was opened/closed (typically 0), because the desktop
+	// CLI's Status RPC is what normally drives RefreshWireGuardStats.
+	// Phase 3.7i.
+	if err := c.recorder.RefreshWireGuardStats(); err != nil {
+		log.Debugf("PeersList: refresh wg stats: %v", err)
+	}
 
 	fullStatus := c.recorder.GetFullStatus()
 
 	peerInfos := make([]PeerInfo, len(fullStatus.Peers))
 	for n, p := range fullStatus.Peers {
 		pi := PeerInfo{
-			p.IP,
-			p.FQDN,
-			int(p.ConnStatus),
-			PeerRoutes{routes: maps.Keys(p.GetRoutes())},
+			IP:         p.IP,
+			FQDN:       p.FQDN,
+			ConnStatus: int(p.ConnStatus),
+			Routes:     PeerRoutes{routes: maps.Keys(p.GetRoutes())},
+		}
+
+		// Phase 3.7i (#5989): enrichment fields.
+		pi.Relayed = p.Relayed
+		pi.ServerOnline = p.ServerOnline
+		pi.LocalIceCandidateEndpoint = p.LocalIceCandidateEndpoint
+		pi.RemoteIceCandidateEndpoint = p.RemoteIceCandidateEndpoint
+		pi.RelayServerAddress = p.RelayServerAddress
+		if !p.LastWireguardHandshake.IsZero() {
+			pi.LastWireguardHandshake = p.LastWireguardHandshake.Format(time.RFC3339)
+		}
+		if !p.RemoteLastSeenAtServer.IsZero() {
+			pi.LastSeenAtServer = p.RemoteLastSeenAtServer.Format(time.RFC3339)
+		}
+		pi.LatencyMs = p.Latency.Milliseconds()
+		pi.BytesRx = p.BytesRx
+		pi.BytesTx = p.BytesTx
+		pi.EffectiveConnectionMode = p.RemoteEffectiveConnectionMode
+		pi.ConfiguredConnectionMode = p.RemoteConfiguredConnectionMode
+		if len(p.RemoteGroups) > 0 {
+			pi.Groups = strings.Join(p.RemoteGroups, ",")
 		}
+		// AgentVersion / OsVersion: peer.State does not expose these fields;
+		// left empty until daemon surfaces them (future phase).
+
 		peerInfos[n] = pi
 	}
 	return &PeerInfoArray{items: peerInfos}
@@ -394,6 +428,102 @@ func (c *Client) RemoveConnectionListener() {
 	c.recorder.RemoveConnectionListener()
 }
 
+// GetServerPushedConnectionMode returns the canonical name of the
+// connection mode the management server most recently pushed via
+// PeerConfig (independent of any local profile/env override). Returns
+// an empty string when the engine has not connected yet or the server
+// has not pushed a value -- the Android UI then knows to display
+// just "Follow server" without the (currently: ...) suffix.
+func (c *Client) GetServerPushedConnectionMode() string {
+	cm := c.connMgrSafe()
+	if cm == nil {
+		return ""
+	}
+	return cm.ServerPushedMode().String()
+}
+
+// GetServerPushedRelayTimeoutSecs returns the relay timeout in seconds
+// most recently pushed by the management server, or 0 when no value
+// has been received. Used by the Android UI as a hint.
+func (c *Client) GetServerPushedRelayTimeoutSecs() int64 {
+	cm := c.connMgrSafe()
+	if cm == nil {
+		return 0
+	}
+	return int64(cm.ServerPushedRelayTimeoutSecs())
+}
+
+// GetServerPushedP2pTimeoutSecs returns the ICE-only timeout (seconds)
+// most recently pushed by the management server.
+func (c *Client) GetServerPushedP2pTimeoutSecs() int64 {
+	cm := c.connMgrSafe()
+	if cm == nil {
+		return 0
+	}
+	return int64(cm.ServerPushedP2pTimeoutSecs())
+}
+
+// GetServerPushedP2pRetryMaxSecs returns the ICE-backoff cap (seconds)
+// most recently pushed by the management server.
+func (c *Client) GetServerPushedP2pRetryMaxSecs() int64 {
+	cm := c.connMgrSafe()
+	if cm == nil {
+		return 0
+	}
+	return int64(cm.ServerPushedP2pRetryMaxSecs())
+}
+
+// GetConfiguredPeersTotal returns the total number of configured peers
+// (server-online + server-offline). Phase 3.7i (#5989).
+func (c *Client) GetConfiguredPeersTotal() int64 {
+	return int64(c.recorder.GetFullStatus().ConfiguredPeersTotal)
+}
+
+// GetServerOnlinePeers returns the number of peers that are reachable via
+// the server (P2P + Relayed + Idle). Phase 3.7i (#5989).
+func (c *Client) GetServerOnlinePeers() int64 {
+	return int64(c.recorder.GetFullStatus().ServerOnlinePeers)
+}
+
+// GetP2PConnectedPeers returns the number of peers connected via direct
+// P2P (ICE). Phase 3.7i (#5989).
+func (c *Client) GetP2PConnectedPeers() int64 {
+	return int64(c.recorder.GetFullStatus().P2PConnectedPeers)
+}
+
+// GetRelayedConnectedPeers returns the number of peers connected via relay.
+// Phase 3.7i (#5989).
+func (c *Client) GetRelayedConnectedPeers() int64 {
+	return int64(c.recorder.GetFullStatus().RelayedConnectedPeers)
+}
+
+// GetIdleOnlinePeers returns the number of peers that are online on the
+// server but have no active connection yet. Phase 3.7i (#5989).
+func (c *Client) GetIdleOnlinePeers() int64 {
+	return int64(c.recorder.GetFullStatus().IdleOnlinePeers)
+}
+
+// GetServerOfflinePeers returns the number of peers that are not reachable
+// via the server. Phase 3.7i (#5989).
+func (c *Client) GetServerOfflinePeers() int64 {
+	return int64(c.recorder.GetFullStatus().ServerOfflinePeers)
+}
+
+// connMgrSafe is a small helper that walks the Client -> ConnectClient
+// -> Engine -> ConnMgr chain and returns nil at the first nil pointer.
+// Each accessor that surfaces engine state to the Android UI uses it.
+func (c *Client) connMgrSafe() *internal.ConnMgr {
+	cc := c.getConnectClient()
+	if cc == nil {
+		return nil
+	}
+	engine := cc.Engine()
+	if engine == nil {
+		return nil
+	}
+	return engine.ConnMgr()
+}
+
 func (c *Client) toggleRoute(command routeCommand) error {
 	return command.toggleRoute()
 }

client/android/peer_notifier.go

@@ -17,6 +17,24 @@ type PeerInfo struct {
 	FQDN       string
 	ConnStatus int
 	Routes     PeerRoutes
+
+	// Phase 3.7i (#5989): per-peer enrichment fields. Strings for
+	// gomobile-friendliness (no time.Time / no []string).
+	Relayed                       bool
+	ServerOnline                  bool
+	LocalIceCandidateEndpoint     string
+	RemoteIceCandidateEndpoint    string
+	RelayServerAddress            string
+	LastWireguardHandshake        string // RFC3339; "" if zero
+	LastSeenAtServer              string // RFC3339; "" if zero
+	LatencyMs                     int64
+	BytesRx                       int64
+	BytesTx                       int64
+	EffectiveConnectionMode       string
+	ConfiguredConnectionMode      string
+	Groups                        string // comma-separated
+	AgentVersion                  string
+	OsVersion                     string
 }
 
 func (p *PeerInfo) GetPeerRoutes() *PeerRoutes {

client/android/preferences.go

@@ -307,6 +307,91 @@ func (p *Preferences) SetBlockInbound(block bool) {
 	p.configInput.BlockInbound = &block
 }
 
+// GetConnectionMode returns the locally configured connection-mode override
+// (canonical lower-kebab-case: "relay-forced", "p2p", "p2p-lazy",
+// "p2p-dynamic", "follow-server"), or empty string if no local override
+// is configured -- the daemon will then follow the server-pushed value.
+func (p *Preferences) GetConnectionMode() (string, error) {
+	if p.configInput.ConnectionMode != nil {
+		return *p.configInput.ConnectionMode, nil
+	}
+	cfg, err := profilemanager.ReadConfig(p.configInput.ConfigPath)
+	if err != nil {
+		return "", err
+	}
+	return cfg.ConnectionMode, nil
+}
+
+// SetConnectionMode stores a local override for the connection mode.
+// Pass an empty string to clear the override (revert to following the
+// server-pushed value).
+func (p *Preferences) SetConnectionMode(mode string) {
+	m := mode
+	p.configInput.ConnectionMode = &m
+}
+
+// GetRelayTimeoutSeconds returns the locally configured relay-worker
+// inactivity timeout in seconds, or 0 if no override is set (follow
+// server-pushed value, or built-in default if the server has none).
+func (p *Preferences) GetRelayTimeoutSeconds() (int64, error) {
+	if p.configInput.RelayTimeoutSeconds != nil {
+		return int64(*p.configInput.RelayTimeoutSeconds), nil
+	}
+	cfg, err := profilemanager.ReadConfig(p.configInput.ConfigPath)
+	if err != nil {
+		return 0, err
+	}
+	return int64(cfg.RelayTimeoutSeconds), nil
+}
+
+// SetRelayTimeoutSeconds stores a local override for the relay timeout.
+// Pass 0 to clear the override.
+func (p *Preferences) SetRelayTimeoutSeconds(secs int64) {
+	v := uint32(secs)
+	p.configInput.RelayTimeoutSeconds = &v
+}
+
+// GetP2pTimeoutSeconds returns the locally configured ICE-worker
+// inactivity timeout in seconds (only effective in p2p-dynamic mode),
+// or 0 if no override is set.
+func (p *Preferences) GetP2pTimeoutSeconds() (int64, error) {
+	if p.configInput.P2pTimeoutSeconds != nil {
+		return int64(*p.configInput.P2pTimeoutSeconds), nil
+	}
+	cfg, err := profilemanager.ReadConfig(p.configInput.ConfigPath)
+	if err != nil {
+		return 0, err
+	}
+	return int64(cfg.P2pTimeoutSeconds), nil
+}
+
+// SetP2pTimeoutSeconds stores a local override for the p2p timeout.
+// Pass 0 to clear the override.
+func (p *Preferences) SetP2pTimeoutSeconds(secs int64) {
+	v := uint32(secs)
+	p.configInput.P2pTimeoutSeconds = &v
+}
+
+// GetP2pRetryMaxSeconds returns the locally configured cap on the
+// per-peer ICE-failure backoff schedule, or 0 if no override is set.
+func (p *Preferences) GetP2pRetryMaxSeconds() (int64, error) {
+	if p.configInput.P2pRetryMaxSeconds != nil {
+		return int64(*p.configInput.P2pRetryMaxSeconds), nil
+	}
+	cfg, err := profilemanager.ReadConfig(p.configInput.ConfigPath)
+	if err != nil {
+		return 0, err
+	}
+	return int64(cfg.P2pRetryMaxSeconds), nil
+}
+
+// SetP2pRetryMaxSeconds stores a local override for the backoff cap.
+// Pass 0 to clear the override.
+func (p *Preferences) SetP2pRetryMaxSeconds(secs int64) {
+	v := uint32(secs)
+	p.configInput.P2pRetryMaxSeconds = &v
+}
+
 // Commit writes out the changes to the config file
 func (p *Preferences) Commit() error {
 	_, err := profilemanager.UpdateOrCreateConfig(p.configInput)

client/cmd/root.go

@@ -39,6 +39,10 @@ const (
 	extraIFaceBlackListFlag  = "extra-iface-blacklist"
 	dnsRouteIntervalFlag     = "dns-router-interval"
 	enableLazyConnectionFlag = "enable-lazy-connection"
+	connectionModeFlag       = "connection-mode"
+	relayTimeoutFlag         = "relay-timeout"
+	p2pTimeoutFlag           = "p2p-timeout"
+	p2pRetryMaxFlag          = "p2p-retry-max"
 	mtuFlag                  = "mtu"
 )
 
@@ -72,6 +76,10 @@ var (
 	anonymizeFlag           bool
 	dnsRouteInterval        time.Duration
 	lazyConnEnabled         bool
+	connectionMode          string
+	relayTimeoutSecs        uint32
+	p2pTimeoutSecs          uint32
+	p2pRetryMaxSecs         uint32
 	mtu                     uint16
 	profilesDisabled        bool
 	updateSettingsDisabled  bool
@@ -192,6 +200,15 @@ func init() {
 	upCmd.PersistentFlags().BoolVar(&rosenpassPermissive, rosenpassPermissiveFlag, false, "[Experimental] Enable Rosenpass in permissive mode to allow this peer to accept WireGuard connections without requiring Rosenpass functionality from peers that do not have Rosenpass enabled.")
 	upCmd.PersistentFlags().BoolVar(&autoConnectDisabled, disableAutoConnectFlag, false, "Disables auto-connect feature. If enabled, then the client won't connect automatically when the service starts.")
 	upCmd.PersistentFlags().BoolVar(&lazyConnEnabled, enableLazyConnectionFlag, false, "[Experimental] Enable the lazy connection feature. If enabled, the client will establish connections on-demand. Note: this setting may be overridden by management configuration.")
+	upCmd.PersistentFlags().StringVar(&connectionMode, connectionModeFlag, "",
+		"[Experimental] Peer connection mode: relay-forced, p2p, p2p-lazy, p2p-dynamic, or follow-server. "+
+			"Overrides the server-pushed value when set. Use follow-server to clear a previously-set local override.")
+	upCmd.PersistentFlags().Uint32Var(&relayTimeoutSecs, relayTimeoutFlag, 0,
+		"[Experimental] Relay-worker idle timeout in seconds. 0 = use server-pushed value (or built-in default).")
+	upCmd.PersistentFlags().Uint32Var(&p2pTimeoutSecs, p2pTimeoutFlag, 0,
+		"[Experimental] ICE-worker idle timeout in seconds. 0 = use server-pushed value (or built-in default). Only effective in p2p-dynamic mode (Phase 2).")
+	upCmd.PersistentFlags().Uint32Var(&p2pRetryMaxSecs, p2pRetryMaxFlag, 0,
+		"[Experimental] Maximum ICE-failure-backoff interval in seconds. 0 = use server-pushed value (or built-in default 15 min). Effective in p2p-dynamic mode (Phase 3 of #5989).")
 
 }
 

client/cmd/service.go

@@ -57,6 +57,24 @@ func init() {
 	installCmd.Flags().StringSliceVar(&serviceEnvVars, "service-env", nil, serviceEnvDesc)
 	reconfigureCmd.Flags().StringSliceVar(&serviceEnvVars, "service-env", nil, serviceEnvDesc)
 
+	// Profile-level connection-mode + timeout flags. Same semantics as on
+	// `netbird up` but writeable at install time so server/headless
+	// installs can pre-seed the active profile before the daemon starts.
+	// Same package-level vars are shared with upCmd; on `up` they take
+	// effect through setupConfig(), here we apply them once before
+	// installing the service so the daemon picks them up on first run.
+	for _, c := range []*cobra.Command{installCmd, reconfigureCmd} {
+		c.Flags().StringVar(&connectionMode, connectionModeFlag, "",
+			"[Experimental] Peer connection mode: relay-forced, p2p, p2p-lazy, p2p-dynamic, or follow-server. "+
+				"Overrides the server-pushed value when set. Use follow-server to clear a previously-set local override.")
+		c.Flags().Uint32Var(&relayTimeoutSecs, relayTimeoutFlag, 0,
+			"[Experimental] Relay-worker idle timeout in seconds. 0 = use server-pushed value (or built-in default).")
+		c.Flags().Uint32Var(&p2pTimeoutSecs, p2pTimeoutFlag, 0,
+			"[Experimental] ICE-worker idle timeout in seconds. 0 = use server-pushed value. Only effective in p2p-dynamic mode.")
+		c.Flags().Uint32Var(&p2pRetryMaxSecs, p2pRetryMaxFlag, 0,
+			"[Experimental] Maximum ICE-failure-backoff interval in seconds. 0 = use server-pushed value (or built-in default 15 min).")
+	}
+
 	rootCmd.AddCommand(serviceCmd)
 }