Creating UNIX sockets the listen() goroutine that races against the main
one dropping to an unprivileged user may cause startup failure when
privdrop happens before privileged filesystem access.
Setup or fail in New() and only do listen(2) in listen() to avoid this.
```
# yggdrasil -autoconf -user nobody
2024/11/03 21:15:27 Build name: yggdrasil-go
2024/11/03 21:15:27 Build version: 0.5.9
...
2024/11/03 21:15:27 Admin socket failed to listen: listen unix /var/run/yggdrasil.sock: bind: permission denied
```
Rerun, now the order is flipped:
```
# yggdrasil -autoconf -user nobody
2024/11/03 21:15:34 Build name: yggdrasil-go
2024/11/03 21:15:34 Build version: 0.5.9
[...]
2024/11/03 21:15:34 UNIX admin socket listening on /var/run/yggdrasil.sock
[...]
```
Fixes#927.
No need to extract it again when the url package provides it for us:
```
$ jq -n '{"AdminListen":"unix:///tmp/ygg.sock"}' | ./yggdrasil -useconf | grep 'admin socket'
2024/10/08 22:41:11 UNIX admin socket listening on /tmp/ygg.sock
```
Follow-up on #1176
This stood out to me while reading the code: [7:] is skipping "unix://",
so why not do that?
Doing so reveals a bug in the last line changed, where chmod(2) failure
would print just the prefix, not everything but it... easy to miss, but
now this kind of bug can no longer happen.
This cleans up the mess to configure an IP address on a tun(4) device.
Handrolling a hardcoded ioctl(2) request is far from perfect, but Go
(golang.org/sys/unix) is to blame here.
Tested on OpenBSD 7.6 -current where yggdrasil now drives the interface
would use of ifconfig or other helpers.
This PR updates Ironwood to include the new RTT-based link costing and
updates `yggdrasilctl` to report the cost in `getPeers`.
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
So, the function waiting for TUN to come up never succeeds:
```
func waitForTUNUp(ch <-chan wgtun.Event) bool {
t := time.After(time.Second * 5)
for {
select {
case ev := <-ch:
if ev == wgtun.EventUp {
return true
}
case <-t:
return false
}
}
}
```
I've tried the sleep for one second, and it works flawlessly on several
PCs.
Another point - sometimes, if the service stop abruptly (in case of some
errors) there is an old hidden device in the system, that we need to
uninstall, and then create new.
ws:// can be listened and dialed
wss:// is a convenience link for ws:// that supports dialing to ws://
peer.
---------
Signed-off-by: Vasyl Gello <vasek.gello@gmail.com>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
This PR updates the Wireguard dependency and updates to use new
vectorised reads/writes, which should reduce the number of syscalls and
improve performance.
This will only make a difference on Linux as this is the only platform
for which the Wireguard TUN library supports vectorised reads/writes.
For other platforms, single reads and writes will be performed as usual.
---------
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
* Don't panic when connect returns `nil` (fixes#1086)
It isn't clear to me why this would happen but let's guard the condition anyway.
* Log inconsistent error state
---------
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
* Update Debian package
* Don't put `AdminListen` in config by default, fix path in Debian package
* Fix path in unit file
* Preserve original service files for other packages
---------
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>