mirror of
https://github.com/yggdrasil-network/yggdrasil-go.git
synced 2024-11-27 12:05:23 +00:00
remove TunnelRouting from config, remove Signing from key names
This commit is contained in:
parent
e83b5d08a8
commit
85fae23919
@ -68,13 +68,12 @@ type NodeConfig struct {
|
|||||||
AdminListen string `comment:"Listen address for admin connections. Default is to listen for local\nconnections either on TCP/9001 or a UNIX socket depending on your\nplatform. Use this value for yggdrasilctl -endpoint=X. To disable\nthe admin socket, use the value \"none\" instead."`
|
AdminListen string `comment:"Listen address for admin connections. Default is to listen for local\nconnections either on TCP/9001 or a UNIX socket depending on your\nplatform. Use this value for yggdrasilctl -endpoint=X. To disable\nthe admin socket, use the value \"none\" instead."`
|
||||||
MulticastInterfaces []string `comment:"Regular expressions for which interfaces multicast peer discovery\nshould be enabled on. If none specified, multicast peer discovery is\ndisabled. The default value is .* which uses all interfaces."`
|
MulticastInterfaces []string `comment:"Regular expressions for which interfaces multicast peer discovery\nshould be enabled on. If none specified, multicast peer discovery is\ndisabled. The default value is .* which uses all interfaces."`
|
||||||
AllowedPublicKeys []string `comment:"List of peer encryption public keys to allow incoming TCP peering\nconnections from. If left empty/undefined then all connections will\nbe allowed by default. This does not affect outgoing peerings, nor\ndoes it affect link-local peers discovered via multicast."`
|
AllowedPublicKeys []string `comment:"List of peer encryption public keys to allow incoming TCP peering\nconnections from. If left empty/undefined then all connections will\nbe allowed by default. This does not affect outgoing peerings, nor\ndoes it affect link-local peers discovered via multicast."`
|
||||||
SigningPublicKey string `comment:"Your public signing key. You should not ordinarily need to share\nthis with anyone."`
|
PublicKey string `comment:"Your public signing key. Your peers may ask you for this to put\ninto their AllowedPublicKeys configuration."`
|
||||||
SigningPrivateKey string `comment:"Your private signing key. DO NOT share this with anyone!"`
|
PrivateKey string `comment:"Your private signing key. DO NOT share this with anyone!"`
|
||||||
LinkLocalTCPPort uint16 `comment:"The port number to be used for the link-local TCP listeners for the\nconfigured MulticastInterfaces. This option does not affect listeners\nspecified in the Listen option. Unless you plan to firewall link-local\ntraffic, it is best to leave this as the default value of 0. This\noption cannot currently be changed by reloading config during runtime."`
|
LinkLocalTCPPort uint16 `comment:"The port number to be used for the link-local TCP listeners for the\nconfigured MulticastInterfaces. This option does not affect listeners\nspecified in the Listen option. Unless you plan to firewall link-local\ntraffic, it is best to leave this as the default value of 0. This\noption cannot currently be changed by reloading config during runtime."`
|
||||||
IfName string `comment:"Local network interface name for TUN adapter, or \"auto\" to select\nan interface automatically, or \"none\" to run without TUN."`
|
IfName string `comment:"Local network interface name for TUN adapter, or \"auto\" to select\nan interface automatically, or \"none\" to run without TUN."`
|
||||||
IfMTU MTU `comment:"Maximum Transmission Unit (MTU) size for your local TUN interface.\nDefault is the largest supported size for your platform. The lowest\npossible value is 1280."`
|
IfMTU MTU `comment:"Maximum Transmission Unit (MTU) size for your local TUN interface.\nDefault is the largest supported size for your platform. The lowest\npossible value is 1280."`
|
||||||
SessionFirewall SessionFirewall `comment:"The session firewall controls who can send/receive network traffic\nto/from. This is useful if you want to protect this node without\nresorting to using a real firewall. This does not affect traffic\nbeing routed via this node to somewhere else. Rules are prioritised as\nfollows: blacklist, whitelist, always allow outgoing, direct, remote."`
|
SessionFirewall SessionFirewall `comment:"The session firewall controls who can send/receive network traffic\nto/from. This is useful if you want to protect this node without\nresorting to using a real firewall. This does not affect traffic\nbeing routed via this node to somewhere else. Rules are prioritised as\nfollows: blacklist, whitelist, always allow outgoing, direct, remote."`
|
||||||
TunnelRouting TunnelRouting `comment:"Allow tunneling non-Yggdrasil traffic over Yggdrasil. This effectively\nallows you to use Yggdrasil to route to, or to bridge other networks,\nsimilar to a VPN tunnel. Tunnelling works between any two nodes and\ndoes not require them to be directly peered."`
|
|
||||||
NodeInfoPrivacy bool `comment:"By default, nodeinfo contains some defaults including the platform,\narchitecture and Yggdrasil version. These can help when surveying\nthe network and diagnosing network routing problems. Enabling\nnodeinfo privacy prevents this, so that only items specified in\n\"NodeInfo\" are sent back if specified."`
|
NodeInfoPrivacy bool `comment:"By default, nodeinfo contains some defaults including the platform,\narchitecture and Yggdrasil version. These can help when surveying\nthe network and diagnosing network routing problems. Enabling\nnodeinfo privacy prevents this, so that only items specified in\n\"NodeInfo\" are sent back if specified."`
|
||||||
NodeInfo map[string]interface{} `comment:"Optional node info. This must be a { \"key\": \"value\", ... } map\nor set as null. This is entirely optional but, if set, is visible\nto the whole network on request."`
|
NodeInfo map[string]interface{} `comment:"Optional node info. This must be a { \"key\": \"value\", ... } map\nor set as null. This is entirely optional but, if set, is visible\nto the whole network on request."`
|
||||||
}
|
}
|
||||||
@ -89,16 +88,6 @@ type SessionFirewall struct {
|
|||||||
BlacklistPublicKeys []string `comment:"List of public keys from which network traffic is always rejected,\nregardless of the whitelist, AllowFromDirect or AllowFromRemote."`
|
BlacklistPublicKeys []string `comment:"List of public keys from which network traffic is always rejected,\nregardless of the whitelist, AllowFromDirect or AllowFromRemote."`
|
||||||
}
|
}
|
||||||
|
|
||||||
// TunnelRouting contains the crypto-key routing tables for tunneling regular
|
|
||||||
// IPv4 or IPv6 subnets across the Yggdrasil network.
|
|
||||||
type TunnelRouting struct {
|
|
||||||
Enable bool `comment:"Enable or disable tunnel routing."`
|
|
||||||
IPv6RemoteSubnets map[string]string `comment:"IPv6 subnets belonging to remote nodes, mapped to the node's public\nkey, e.g. { \"aaaa:bbbb:cccc::/e\": \"boxpubkey\", ... }"`
|
|
||||||
IPv6LocalSubnets []string `comment:"IPv6 subnets belonging to this node's end of the tunnels. Only traffic\nfrom these ranges (or the Yggdrasil node's IPv6 address/subnet)\nwill be tunnelled."`
|
|
||||||
IPv4RemoteSubnets map[string]string `comment:"IPv4 subnets belonging to remote nodes, mapped to the node's public\nkey, e.g. { \"a.b.c.d/e\": \"boxpubkey\", ... }"`
|
|
||||||
IPv4LocalSubnets []string `comment:"IPv4 subnets belonging to this node's end of the tunnels. Only traffic\nfrom these ranges will be tunnelled."`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Generates default configuration and returns a pointer to the resulting
|
// Generates default configuration and returns a pointer to the resulting
|
||||||
// NodeConfig. This is used when outputting the -genconf parameter and also when
|
// NodeConfig. This is used when outputting the -genconf parameter and also when
|
||||||
// using -autoconf.
|
// using -autoconf.
|
||||||
@ -109,8 +98,8 @@ func GenerateConfig() *NodeConfig {
|
|||||||
cfg := NodeConfig{}
|
cfg := NodeConfig{}
|
||||||
cfg.Listen = []string{}
|
cfg.Listen = []string{}
|
||||||
cfg.AdminListen = defaults.GetDefaults().DefaultAdminListen
|
cfg.AdminListen = defaults.GetDefaults().DefaultAdminListen
|
||||||
cfg.SigningPublicKey = hex.EncodeToString(spub[:])
|
cfg.PublicKey = hex.EncodeToString(spub[:])
|
||||||
cfg.SigningPrivateKey = hex.EncodeToString(spriv[:])
|
cfg.PrivateKey = hex.EncodeToString(spriv[:])
|
||||||
cfg.Peers = []string{}
|
cfg.Peers = []string{}
|
||||||
cfg.InterfacePeers = map[string][]string{}
|
cfg.InterfacePeers = map[string][]string{}
|
||||||
cfg.AllowedPublicKeys = []string{}
|
cfg.AllowedPublicKeys = []string{}
|
||||||
@ -129,8 +118,8 @@ func GenerateConfig() *NodeConfig {
|
|||||||
// NewSigningKeys replaces the signing keypair in the NodeConfig with a new
|
// NewSigningKeys replaces the signing keypair in the NodeConfig with a new
|
||||||
// signing keypair. The signing keys are used by the switch to derive the
|
// signing keypair. The signing keys are used by the switch to derive the
|
||||||
// structure of the spanning tree.
|
// structure of the spanning tree.
|
||||||
func (cfg *NodeConfig) NewSigningKeys() {
|
func (cfg *NodeConfig) NewKeys() {
|
||||||
spub, spriv := crypto.NewSigKeys()
|
spub, spriv := crypto.NewSigKeys()
|
||||||
cfg.SigningPublicKey = hex.EncodeToString(spub[:])
|
cfg.PublicKey = hex.EncodeToString(spub[:])
|
||||||
cfg.SigningPrivateKey = hex.EncodeToString(spriv[:])
|
cfg.PrivateKey = hex.EncodeToString(spriv[:])
|
||||||
}
|
}
|
||||||
|
@ -43,16 +43,17 @@ func (c *Core) _init() error {
|
|||||||
|
|
||||||
current := c.config.GetCurrent()
|
current := c.config.GetCurrent()
|
||||||
|
|
||||||
sigPriv, err := hex.DecodeString(current.SigningPrivateKey)
|
sigPriv, err := hex.DecodeString(current.PrivateKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if len(sigPriv) < ed25519.PrivateKeySize {
|
if len(sigPriv) < ed25519.PrivateKeySize {
|
||||||
return errors.New("SigningPrivateKey is incorrect length")
|
return errors.New("PrivateKey is incorrect length")
|
||||||
}
|
}
|
||||||
|
|
||||||
c.secret = ed25519.PrivateKey(sigPriv)
|
c.secret = ed25519.PrivateKey(sigPriv)
|
||||||
c.public = c.secret.Public().(ed25519.PublicKey)
|
c.public = c.secret.Public().(ed25519.PublicKey)
|
||||||
|
// TODO check public against current.PublicKey, error if they don't match
|
||||||
|
|
||||||
c.PacketConn, err = iw.NewPacketConn(c.secret)
|
c.PacketConn, err = iw.NewPacketConn(c.secret)
|
||||||
return err
|
return err
|
||||||
|
Loading…
Reference in New Issue
Block a user