Commit Graph

94 Commits (b2e414984e007121ce8b7f84877bfe935d209c17)

Author SHA1 Message Date
Florian Badie b2e414984e
Update netlink-packet-route to 0.21 (#324)
Fixes: https://github.com/tonarino/innernet/issues/303
2024-10-24 09:42:39 +02:00
refi64 dbac0dc530
hostsfile: Copy the SELinux context to the temp file before overwrite (#273)
* hostsfile: Copy the SELinux context to the temp file before overwrite

On SELinux-enabled systems, /etc/hosts has a different type `net_conf_t`
than the other files in /etc, so the temporary file that overwrites it
ends up with the wrong context, resulting in many system services
becoming unable to access the file. To fix this, manually look up the
context /etc/hosts has and copy it to the temporary file before
the rename.

In order to avoid depending on libselinux on systems that don't use it,
this support is gated behind the new "selinux" feature. It *is*
installed and enabled in the Dockerfile, however, in order to ensure
that it still builds.

* Appease clippy

* Add info about selinux feature to README.md

* Remove unused ClientError struct

* Reformatted & repositioned and improved doc about selinux

---------

Co-authored-by: Brian Schwind <brianmschwind@gmail.com>
Co-authored-by: Jürgen Botz <jurgen@botz.org>
2024-07-01 10:16:43 +09:00
Ryo Kawaguchi 3c69de4e4e
Add a new client / server command to rename CIDR (#310)
* Add a new client / server command to rename CIDR.

* Add a docker test case

* Apply suggestions from code review

Co-authored-by: Matěj Laitl <matej@laitl.cz>
Co-authored-by: Jake McGinty <me@jakebot.org>

---------

Co-authored-by: Matěj Laitl <matej@laitl.cz>
Co-authored-by: Jake McGinty <me@jakebot.org>
2024-04-23 06:12:36 +09:00
Saber Haj Rabiee 15602388f6
fix nightly build (#304)
* fix nightly build

* update toml dep in server for consistency

* cargo update

* fix clippy errors
2024-04-19 00:09:23 +09:00
Linus Kendall aa1ac515e8
Add CLI parameters for disable/enable peer (#248)
* Add CLI parameters for disable/enable peer

Fixes tonarino/innernet#214.

* Formatting

* Remove redundant clones

* Require name for yes param

Yes param only makes sense if name is provided.

* Formatting
2024-01-15 22:43:00 +01:00
Matěj Laitl b385ec6549
Fix clippy 1.72 and 1.73 lints (#289)
Classic PR of mine.
2023-10-16 09:22:53 +02:00
Jake McGinty 33cee129d1
Various dependency updates (#265)
* update netlink-*, toml, clap, other small dependencies
* switch back to x25519-dalek from curve25519-dalek
2023-06-01 01:25:46 -05:00
Brian Schwind 0057a703ff
Turn ChangeString into a PeerChange enum (#263)
* Turn ChangeString into a PeerChange enum, don't print NAT traversal reattempt as a modification

* Remove the ChangeString type

* Fix a stupid copy-paste error
2023-06-01 12:11:31 +09:00
Jake McGinty ebeac3db76 migrate from lazy_static to once_cell across project 2023-05-30 11:24:40 +02:00
Matěj Laitl 0dc92de722 Auto-apply clippy lint fixes from Rust 1.67 2023-02-05 03:13:54 +09:00
Jake McGinty e98c0659ef meta: cargo fmt 2022-08-10 16:40:32 -06:00
Jake McGinty 1fb5874527 meta: appease clippy 2022-08-10 16:39:09 -06:00
Jake McGinty c9dbeefaaa shared: update nix to 0.24 2022-08-10 16:30:45 -06:00
Richard Schneider ca22927558
External endpoint IP prompt change (#222)
* Change phrasing of external IP address prompt

* Remove println! call in ask_endpoint
2022-08-11 06:16:12 +09:00
Ali MJ Al-Nasrawy df3b4ae78f avoid a rustc bug
context: https://github.com/rust-lang/rust/pull/98835
2022-08-01 13:43:43 +02:00
Jake McGinty bb6bac3964 meta: cargo fmt 2022-03-15 11:07:05 +09:00
Jake McGinty 5e645ef9f5 shared: set default mtu of 1280 2022-03-15 11:01:26 +09:00
Jake McGinty e544391303 meta: update dependencies 2022-03-15 10:47:52 +09:00
Jake McGinty c4c34d5c10 wireguard-control: {generate => get}_public() 2022-02-04 17:56:18 -06:00
Jake McGinty 9ba864be56 meta: cargo fmt 2022-02-05 04:18:05 +09:00
Jake McGinty 83e0750cde client: set default MTU to 1412 for all interfaces
Since peer endpoints can be either IPv4 or IPv6, it doesn't make sense
to specify a default MTU that could only work with IPv4 based on only
the server's endpoint.

Setting to 1412 instead of 1420 in order to accomodate PPPoE peers,
which should fit most internet situations.
2022-02-05 04:15:28 +09:00
Jake McGinty 6d26385ba3
client: re-attempt NAT traversal on all unconnected peers (#195)
fixes #173
2022-02-03 01:49:51 +09:00
Jake McGinty a77cbb4f49
meta: switch from ipnetwork to ipnet (#193) 2022-02-01 14:01:21 +09:00
Jake McGinty 110bace5c7
client: enable IPv6 NAT candidate reporting (#192) 2022-02-01 12:21:31 +09:00
Jake McGinty ddac328ae5 client: make more commands automation-friendly
Fixes #190
2022-01-31 06:10:45 +00:00
Jake McGinty 8dd11977af meta: structopt 0.3 -> clap 3 2022-01-11 01:51:32 -06:00
Jake McGinty 09e68c2c01
(linux) wireguard-control: migrate from `wireguard-control-sys` to `netlink` crates (#177)
also introduces a new `netlink-request` crate to help modularize the netlink code. this currently depends on a fork of the `netlink` project, but we should be able to use the official version soon.
2022-01-07 18:35:21 +09:00
Jake McGinty ec754e60c4 client: non-interactive `set-listen-port` and `override-endpoint`
closes #158
2021-11-16 18:46:45 +09:00
Jake McGinty ae2c554b23
{client, server}: make config/data directories configurable (#172)
* client: allow config/data dirs to be changed

* server: allow config/data dirs to be changed

* meta: cargo clippy & cargo fmt

* shared: use const for Duration instead of lazy_static
2021-11-15 18:11:13 +09:00
Jake McGinty bce7af20ce client: fix NAT traverse helptext 2021-11-14 10:24:25 +09:00
Jake McGinty d7c491c8f3 client: granular control over NAT traversal
added to `innernet {up,fetch,install}`:

  --no-nat-traversal: Doesn't attempt NAT traversal
    (prevents long time delays in execution of command)

  --exclude-nat-candidates: Exclude a list of CIDRs from being
    considered candidates

  --no-nat-candidates: Don't report NAT candidates.
    (shorthand for '--exclude-nat-candidates 0.0.0.0/0')

Closes #160
2021-11-12 14:42:10 +09:00
Jake McGinty 991c6435c1 client: wait after updating interface before attempting NAT traversal
otherwise, the server-reported IP itself won't have time to check
if a handshake succeeds or not.
2021-11-11 18:34:31 +09:00
Jake McGinty b0d0ee8565 fix tests 2021-11-06 18:54:52 +09:00
Jake McGinty d7cf24c63c server: validate hostname in 'new'
fixes #164
2021-11-05 12:36:35 +09:00
Jake McGinty c09d828414 shared: follow-up to bfa5d5e, double- to single-quote in opt rustdocs 2021-09-21 12:50:21 +09:00
Jake McGinty cacd80b283 server: prompt for listen port before endpoint
also fix a logic bug if user cancels port selection in client
when trying to override endpoint.

fixes #148
2021-09-15 20:43:40 +09:00
Jake McGinty 4fa689d400 meta: rename wgctrl to wireguard-control
in preparation for publishing on crates.io
2021-09-15 12:43:20 +09:00
Jake McGinty c94d9d2c03 shared: fix chmod in InterfaceConfig 2021-09-14 17:16:16 +09:00
Jake McGinty cf3510918a
server: report local candidates for peers to connect (#151)
Before, only clients would report local addresses for NAT traversal. Servers should too! This will be helpful in common situations when the server is run inside the same LAN as other peers, and there's no NAT hairpinning enabled (or possible) on the router.

closes #146
2021-09-14 15:48:27 +09:00
Jake McGinty c618d7949b meta: cargo update && cargo fmt 2021-09-13 00:48:49 +09:00
Jake McGinty 3689b068a2 shared: create dirs with 700 permissions
Closes #150
2021-09-13 00:43:27 +09:00
Jake McGinty f715689540 shared(wg): remove leftover debug println on macOS
Closes #143
2021-09-12 20:34:02 +09:00
Jake McGinty 8903604caa
NAT traversal: ICE-esque candidate selection (#134)
This change adds the ability for peers to report additional candidate endpoints for other peers to attempt connections with outside of the endpoint reported by the coordinating server.

While not a complete solution to the full spectrum of NAT traversal issues (TURN-esque proxying is still notably missing), it allows peers within the same NAT to connect to each other via their LAN addresses, which is a win nonetheless. In the future, more advanced candidate discovery could be used to punch through additional types of NAT cone types as well.

Co-authored-by: Matěj Laitl <matej@laitl.cz>
2021-09-01 18:58:46 +09:00
Jake McGinty fd06b8054d shared(types): better self-documenting REJECT_AFTER_TYPE... type 2021-08-10 15:51:51 +09:00
Matěj Laitl eb90cc53a5
Fix clippy warnings, add clippy to CI (#127)
* Tidy code a bit thanks to clippy

Clippy 1.54 newly detects some redundant constructs, that's nice.

sort_unstable() should yield exact same results as sort() for `Vec<&str>`
and could be faster, clippy says.

* Add clippy to CI
2021-08-09 20:35:42 +09:00
Jake McGinty e97eb737a4
shared(PeerDiff): refactor struct and update peer endpoints only when handshake failed
The past behavior of clients was to, on every fetch from the server, update each of its peer's endpoints with the one reported from the server. While this wasn't a problem on certain types of NATs to help with holepunching, in some situations it caused previously working connections to no longer work (when one peer had a port-restricted or symmetric cone type NAT).
2021-08-05 09:38:14 +09:00
Jake McGinty bbfb11e175 meta: cargo update & clippy fixes 2021-07-27 14:14:50 +09:00
Jake McGinty 4afa8a8a4e shared(types): CidrTree: re-add with_root, rewrite leaves() 2021-06-23 20:54:05 +09:00
Jake McGinty 62e6464064 shared(types): undo with_root until a rewrite of leaves() 2021-06-23 20:31:22 +09:00
Jake McGinty 3c8530d956 shared: add with_root method in CidrTree 2021-06-23 16:11:37 +09:00