Commit Graph

158 Commits

Author SHA1 Message Date
Neil Alexander
7790a19e4c
New detail in getMulticastInterfaces admin endpoint 2024-11-23 14:49:48 +00:00
Neil
9398cae230
Expose download/upload rate per peer (#1206) 2024-11-19 08:42:27 +00:00
Klemens Nanni
c22a746a1d
Rewrite chuser() for simplicity and correctness (#1203)
- Use unambiguous variable names (w/o package name conflict).
- Fail on invalid input such as the empty string or `:`.
- Do not change group without user, i.e. fail on `:group`.
- Parse input using mnemonic APIs.
- Do not juggle between integer types.
- Unset supplementary groups.
- Use set[ug]id(2) to follow the idiom of OpenBSD base programs.
  (cannot use setres[ug]id(2) as macOS does not have them.)

Includes/Supersedes #1202.
Fixes #927.

I only tested on OpenBSD (so far), but other systems should just work.
2024-11-17 21:37:07 +00:00
Neil Alexander
42873be09b
Reusable peer lookup/dial logic 2024-11-17 21:14:54 +00:00
Klemens Nanni
75d2080e53
Set groups when dropping privileges to not leak supplementary group access (#1202)
Changing the real and effective user/group IDs and the saved
set-user/group-ID is not enough to get rid of intial access permissions.

The list of groups must be cleared also, otherwise a process changing
from, e.g. `root:root` to `nobody:nobody` retains rights to access
`:wheel` files (assuming `root` is a member of the `wheel` group).

For example:
```
# id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)
# ./yggdrasil -autoconf -logto /dev/null -user nobody &
[1] 4337
# ps -o command,user,group,supgrp -U nobody
COMMAND          USER     GROUP    SUPGRP
./yggdrasil -aut nobody   nobody   wheel,kmem,sys,tty,operator,staff,guest
```

Fix that so the process runs as mere
```
COMMAND          USER     GROUP    SUPGRP
./yggdrasil -aut nobody   nobody   nobody
```

Fixes #927.
2024-11-11 19:28:28 +00:00
Klemens Nanni
1ee61dcefa
zap obsolete nonexistent command from usage (#1184) 2024-10-17 13:22:22 +01:00
Arceliar
43a1a3de64 update ironwood dependency 2024-09-28 18:52:04 -05:00
cathugger
34f087de1c
argument to change uid/gid (#927)
different from
https://github.com/yggdrasil-network/yggdrasil-go/pull/817 in that it
can resolve user names, automatically use user's primary gid & allows
specifying gid in the same argument, with `:` eg `username:groupname`.
feel free to criticize & suggest different argument name & description
because i didn't put much of thought to that.

---------

Co-authored-by: Neil <git@neilalexander.dev>
Co-authored-by: VNAT <xepjk@protonmail.com>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2024-09-22 15:46:54 +00:00
Neil
c4b29b735c
Link costing based on average RTT (#1171)
This PR updates Ironwood to include the new RTT-based link costing and
updates `yggdrasilctl` to report the cost in `getPeers`.

Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2024-09-21 22:05:23 +00:00
Revertron
4fbdeb4e3f
Fixed Windows service life-cycle. (#1153)
This fix fixes two issues:
https://github.com/yggdrasil-network/yggdrasil-go/issues/993 &
https://github.com/yggdrasil-network/yggdrasil-go/issues/1098
2024-07-25 13:55:14 +01:00
Neil
f788a18bef
Measure RTT, report in getPeers (#1143)
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2024-05-30 22:46:06 +01:00
Paul Donald
f56f9c124c
Minor Fixes (#1107)
* Minor comment fixes.

* Optimize PeerEntry for memory efficiency

* Improve NodeConfig for memory alignment
2024-05-27 21:57:28 +01:00
Neil Alexander
81f2c711b4
Fix panic in getPeers on abstract UNIX socket names
Fixes #1111
2024-01-15 23:14:43 +00:00
Neil Alexander
fef553ed18
Tweak logging 2023-11-26 16:28:48 +00:00
Neil Alexander
f6f669617f
Fix -normaliseconf when using PrivateKeyPath 2023-11-26 16:20:52 +00:00
Neil
49c424ef21
Add -publickey command line switch (#1096)
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2023-11-04 18:42:51 +00:00
Neil Alexander
a6b316ef08
Release: Yggdrasil 0.5.1 2023-10-28 16:21:50 +01:00
Neil
0b578a637a
Debian package updates (#1073)
* Update Debian package

* Don't put `AdminListen` in config by default, fix path in Debian package

* Fix path in unit file

* Preserve original service files for other packages

---------

Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2023-10-28 14:58:52 +01:00
Arceliar
d17ac39789 update ironwood dependency, add a debug API call for lookups 2023-10-28 05:26:43 -05:00
Neil Alexander
a60771344a
Remove DHT from yggdrasilctl help text (fixes #1069) 2023-10-23 23:42:31 +01:00
Neil Alexander
094f80f39c
Fix RetryPeersNow, move startup logging, don't set TUN address if not available 2023-10-22 15:51:30 +01:00
John Jolly
8ea20cd205 Add output for threadcount and key generation time to cmd/genkey
This change is to display information about the key generation process.

Specifically, two bits of information are now displayed
 * The number of threads created to search for keys, and
 * The time taken to generate a successful "next best" key
2023-10-21 18:21:47 +01:00
Neil
854cd75f04
Merge pull request #1042 from pfactum/syslog-no-timestamp
cmd/yggdrasil: do not log timestamps to syslog
2023-10-11 23:58:12 +01:00
Neil Alexander
2a21241738
Multicast passwords 2023-10-11 19:28:28 +01:00
Neil Alexander
45b773eade
Remove TLS root validation
This is just too complicated compared to the per-peer/per-listener/per-interface password
approach.
2023-10-11 18:25:35 +01:00
Neil Alexander
ff96740ac7
Fail to start if no configuration provided 2023-07-15 20:12:14 +01:00
Neil Alexander
57d9a2399f
Revise multicast format to include protocol version, discriminator for TLS roots 2023-06-18 20:54:49 +01:00
Oleksandr Natalenko
f6c0d8406d cmd/yggdrasil: do not log timestamps to syslog
It is expected a syslog implementation be it rsyslog or journald to
have their own timestamping, so there's no point in duplicating that
info.

Signed-off-by: Oleksandr Natalenko <oleksandr@natalenko.name>
2023-06-08 21:44:46 +02:00
Neil Alexander
a233e775eb
yggdrasilctl tweaks 2023-05-19 20:57:14 +01:00
Neil Alexander
7afa23be4c
Link refactoring, admin socket changes 2023-05-19 19:09:05 +01:00
Arceliar
5e95246c26 update to ironwood v0.0.0-20230513191034-495699d87ae4 with API changes 2023-05-13 14:44:38 -05:00
Arceliar
e99c870d51 update admin functions and fix core tests 2023-03-26 16:49:40 -05:00
Neil Alexander
a148f4cfec
More updates for Ygg v0.5 2023-03-19 10:33:07 +00:00
solanav
0da871f528
Fix #884 (#916)
* Fixed #884

* Remove yggdrasil and yggdrasilctl

* Fixed #884

Co-authored-by: asolana <asolana@deloitte.es>
Co-authored-by: solanav <solanav1337@gmail.com>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2022-11-08 22:19:43 +00:00
Neil Alexander
6112c9cf18
Fix build 2022-11-01 18:34:49 +00:00
Neil Alexander
f08dec822a
Priority support (#964)
* Allow setting link priorities

* Fix a bug

* Allow setting priority on listeners and multicast interfaces

* Update `yggdrasilctl`

* Update to Arceliar/ironwood#5
2022-10-26 09:24:24 +01:00
Neil Alexander
69782ad87b Improve shutdown behaviour (fixes #891) 2022-10-15 16:07:32 +01:00
Neil Alexander
ee21c56e43 Fix setting nodeinfo (closes #954) 2022-10-15 15:42:52 +01:00
Neil Alexander
962665189c Tweaks to yggdrasilctl 2022-10-02 13:15:11 +01:00
Neil Alexander
c922eba2d8
Fix sending arguments to the admin socket in yggdrasilctl 2022-09-24 21:28:09 +01:00
Neil Alexander
01c44a087b
Rename tuntap package to tun
We haven't had TAP support in ages.
2022-09-24 14:41:47 +01:00
Neil Alexander
b67c313f44
Admin socket and yggdrasilctl improvements
This refactors the request parsing, as well as improving the output for some request types. It also tweaks `yggdrasilctl` output, which should help with #947.
2022-09-24 12:22:38 +01:00
Neil Alexander
5ef61faeff
Link refactor (#941)
* Link refactoring

* More refactoring

* More tweaking

* Cleaner shutdowns, UNIX socket support, more tweaks

* Actorise links, remove mutex

* SOCKS support
2022-09-17 20:07:00 +01:00
Neil Alexander
88a393a7b3 Load listen addresses 2022-09-03 17:26:12 +01:00
Neil Alexander
dc9720e580 Extend getSessions admin call to include uptime/TX/RX 2022-09-03 16:55:57 +01:00
Neil Alexander
9cdfd59476 Tidy up a bit, make sure to copy the private key at startup 2022-09-03 12:34:29 +01:00
Neil Alexander
a7d06e048a Refactor TUN setup (isolated config) 2022-09-03 12:20:57 +01:00
Neil Alexander
b1f61fb0a8 Refactor admin socket setup (isolated config) 2022-09-03 11:54:46 +01:00
Neil Alexander
493208fb37 Refactor multicast setup (isolated config, etc) 2022-09-03 11:42:05 +01:00
Neil Alexander
c6fe81b5d2
Admin socket and yggdrasilctl refactoring (#939) 2022-09-03 10:50:43 +01:00