This change adds the ability for peers to report additional candidate endpoints for other peers to attempt connections with outside of the endpoint reported by the coordinating server.
While not a complete solution to the full spectrum of NAT traversal issues (TURN-esque proxying is still notably missing), it allows peers within the same NAT to connect to each other via their LAN addresses, which is a win nonetheless. In the future, more advanced candidate discovery could be used to punch through additional types of NAT cone types as well.
Co-authored-by: Matěj Laitl <matej@laitl.cz>
* Tidy code a bit thanks to clippy
Clippy 1.54 newly detects some redundant constructs, that's nice.
sort_unstable() should yield exact same results as sort() for `Vec<&str>`
and could be faster, clippy says.
* Add clippy to CI
* Exit with code 1 (error) if wizard failed.
Should prevent error code 0 after
`creation failed: failed to create database (are you not running as root?).`
and similar errors.
* Switch error messages from stdin to stderr for init_wizard
This commit adds a subcommand to both the client and server to allow
changing the name of a peer. The peer retains all the same attributes as
before (public keys, IPs, admin/disabled status, etc.).
Closes#87
This subcommand takes a shell as an argument and generates shell
completions for that shell to stdout.
example:
```
$ innernet completions bash
OR
$ innernet-server completions bash
```
This commit adds a `delete-cidr` to both the client and server. It walks
through the prompts just like adding a CIDR.
Only eligible CIDRs are presented to the user. Eligibilty requires:
- CIDR has no child CIDRs
- CIDR has no assigned peers
Closes#23
Based on the conversation from #5 (comment) - this changes innernet's behavior on Linux from automatically falling back to the userspace, instead requiring --backend userspace to be specified.
This should help people avoid weird situations in environments like Docker.
The server now expects a UNIX timestamp after which the invitation will be expired. If a peer invite hasn't been redeemed after it expires, the server will clean up old entries and allow the IP to be re-allocated for a new invite.
Closes#24
Scripts that demonstrate building a network of docker containers, doubling as an integration test for innernet.
Includes a number of improvements to the recent non-interactive CLI changes as well.
This may become a warning rather than an action later, but for now
let's make sure older installations that had incorrect permissions
are taken care of.
This is a stop-gap CSRF protection mechanism from unsophisticated attacks. It's to be considered a temporary solution until a more complete one can be implemented, but it should be sufficient in most cases for the time being.
See https://github.com/tonarino/innernet/issues/38 for further discussion.
Jake McGinty