The past behavior of clients was to, on every fetch from the server, update each of its peer's endpoints with the one reported from the server. While this wasn't a problem on certain types of NATs to help with holepunching, in some situations it caused previously working connections to no longer work (when one peer had a port-restricted or symmetric cone type NAT).
* wgctrl-rs(userspace): clean stale namefiles on starting up interface
Fixes#114
* wgctrl-rs(userspace): check connectability of interface socket in enumerate()
Based on the conversation from #5 (comment) - this changes innernet's behavior on Linux from automatically falling back to the userspace, instead requiring --backend userspace to be specified.
This should help people avoid weird situations in environments like Docker.
This is a stop-gap CSRF protection mechanism from unsophisticated attacks. It's to be considered a temporary solution until a more complete one can be implemented, but it should be sufficient in most cases for the time being.
See https://github.com/tonarino/innernet/issues/38 for further discussion.
It was dropping the last character in the name, and I modified it to
instead just error on any &str that has a '\0' in it. The strictness
feels acceptable and simplifies the code a bit.
wgctrl-rs will now look for the WG_USERSPACE_IMPLEMENTATION or
WG_QUICK_USERSPACE_IMPLEMENTATION environment variables to
override the default wireguard-go userspace implementation choice.
Closes#34
Jake McGinty