Release: Yggdrasil 0.5.0

Yggdrasil 0.5 release notes
2025-08-27 02:31:53 +00:00 · 2023-10-28 15:23:01 +01:00 · 2023-10-28 15:11:34 +01:00 · 2023-10-28 15:07:45 +01:00 · 2023-10-28 14:58:52 +01:00 · 2023-10-28 06:36:01 -05:00
28 changed files with 326 additions and 121 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -119,6 +119,32 @@ jobs:
      - name: Unit tests
        run: go test -v ./...

+  build-freebsd:
+    strategy:
+      fail-fast: false
+      matrix:
+        goversion: ["1.20", "1.21"]
+        goos:
+          - freebsd
+          - openbsd
+
+    name: Build (Cross ${{ matrix.goos }}, Go ${{ matrix.goversion }})
+    needs: [lint]
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ matrix.goversion }}
+
+      - name: Build Yggdrasil
+        run: go build -v ./...
+        env:
+          GOOS: ${{ matrix.goos }}
+
  tests-ok:
    name: All tests passed
    needs: [lint, codeql, build-linux, build-windows, build-macos]
--- a/.github/workflows/pkg.yml
+++ b/.github/workflows/pkg.yml
@@ -16,7 +16,7 @@ jobs:

    name: Package (Debian, ${{ matrix.pkgarch }})

-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    steps:
      - uses: actions/checkout@v3
        with:
@@ -107,7 +107,7 @@ jobs:

    name: Package (Router, ${{ matrix.pkgarch }})

-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    steps:
      - uses: actions/checkout@v3
        with:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,7 +26,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - in case of vulnerabilities.
 -->

-## [0.5.0] - Release Candidate 1
+## [0.5.0] - 2023-10-28

 ### Added

--- a/2
+++ b/2
@@ -6,7 +6,7 @@ PKGSRC=${PKGSRC:-github.com/yggdrasil-network/yggdrasil-go/src/version}
 PKGNAME=${PKGNAME:-$(sh contrib/semver/name.sh)}
 PKGVER=${PKGVER:-$(sh contrib/semver/version.sh --bare)}

-LDFLAGS="-X $PKGSRC.buildName=$PKGNAME -X $PKGSRC.buildVersion=$PKGVER"
+LDFLAGS="${LDFLAGS} -X $PKGSRC.buildName=$PKGNAME -X $PKGSRC.buildVersion=$PKGVER"
 ARGS="-v"

 while getopts "utc:l:dro:p" option
--- a/cmd/genkeys/main.go
+++ b/cmd/genkeys/main.go
@@ -16,6 +16,7 @@ import (
 	"fmt"
 	"net"
 	"runtime"
+	"time"

 	"github.com/yggdrasil-network/yggdrasil-go/src/address"
 )
@@ -27,6 +28,8 @@ type keySet struct {

 func main() {
 	threads := runtime.GOMAXPROCS(0)
+	fmt.Println("Threads:", threads)
+	start := time.Now()
 	var currentBest ed25519.PublicKey
 	newKeys := make(chan keySet, threads)
 	for i := 0; i < threads; i++ {
@@ -36,7 +39,7 @@ func main() {
 		newKey := <-newKeys
 		if isBetter(currentBest, newKey.pub) || len(currentBest) == 0 {
 			currentBest = newKey.pub
-			fmt.Println("-----")
+			fmt.Println("-----", time.Since(start))
 			fmt.Println("Priv:", hex.EncodeToString(newKey.priv))
 			fmt.Println("Pub:", hex.EncodeToString(newKey.pub))
 			addr := address.AddrForKey(newKey.pub)
--- a/cmd/yggdrasil/main.go
+++ b/cmd/yggdrasil/main.go
@@ -67,7 +67,7 @@ func main() {

 	case "syslog":
 		if syslogger, err := gsyslog.NewLogger(gsyslog.LOG_NOTICE, "DAEMON", version.BuildName()); err == nil {
-			logger = log.New(syslogger, "", log.Flags() &^ (log.Ldate | log.Ltime))
+			logger = log.New(syslogger, "", log.Flags()&^(log.Ldate|log.Ltime))
 		}

 	default:
@@ -113,6 +113,7 @@ func main() {
 		_ = f.Close()

 	case *genconf:
+		cfg.AdminListen = ""
 		var bs []byte
 		if *confjson {
 			bs, err = json.MarshalIndent(cfg, "", "  ")
@@ -205,6 +206,10 @@ func main() {
 		if n.core, err = core.New(cfg.Certificate, logger, options...); err != nil {
 			panic(err)
 		}
+		address, subnet := n.core.Address(), n.core.Subnet()
+		logger.Infof("Your public key is %s", hex.EncodeToString(n.core.PublicKey()))
+		logger.Infof("Your IPv6 address is %s", address.String())
+		logger.Infof("Your IPv6 subnet is %s", subnet.String())
 	}

 	// Setup the admin socket.
@@ -212,6 +217,9 @@ func main() {
 		options := []admin.SetupOption{
 			admin.ListenAddress(cfg.AdminListen),
 		}
+		if cfg.LogLookups {
+			options = append(options, admin.LogLookups{})
+		}
 		if n.admin, err = admin.New(n.core, logger, options...); err != nil {
 			panic(err)
 		}
--- a/cmd/yggdrasilctl/cmd_line_env.go
+++ b/cmd/yggdrasilctl/cmd_line_env.go
@@ -39,8 +39,8 @@ func (cmdLineEnv *CmdLineEnv) parseFlagsAndArgs() {
 		fmt.Println("  - ", os.Args[0], "list")
 		fmt.Println("  - ", os.Args[0], "getPeers")
 		fmt.Println("  - ", os.Args[0], "setTunTap name=auto mtu=1500 tap_mode=false")
-		fmt.Println("  - ", os.Args[0], "-endpoint=tcp://localhost:9001 getDHT")
-		fmt.Println("  - ", os.Args[0], "-endpoint=unix:///var/run/ygg.sock getDHT")
+		fmt.Println("  - ", os.Args[0], "-endpoint=tcp://localhost:9001 getPeers")
+		fmt.Println("  - ", os.Args[0], "-endpoint=unix:///var/run/ygg.sock getPeers")
 	}

 	server := flag.String("endpoint", cmdLineEnv.endpoint, "Admin socket endpoint")
--- a/contrib/.DS_Store
+++ b/contrib/.DS_Store
--- a/contrib/deb/generate.sh
+++ b/contrib/deb/generate.sh
@@ -21,6 +21,9 @@ if [ $PKGBRANCH = "master" ]; then
  PKGREPLACES=yggdrasil-develop
 fi

+export LDFLAGS="-X github.com/yggdrasil-network/yggdrasil-go/src/config.defaultConfig=/etc/yggdrasil/yggdrasil.conf"
+export LDFLAGS="${LDFLAGS} -X github.com/yggdrasil-network/yggdrasil-go/src/config.defaultAdminListen=unix://var/run/yggdrasil/yggdrasil.sock"
+
 if [ $PKGARCH = "amd64" ]; then GOARCH=amd64 GOOS=linux ./build
 elif [ $PKGARCH = "i386" ]; then GOARCH=386 GOOS=linux ./build
 elif [ $PKGARCH = "mipsel" ]; then GOARCH=mipsle GOOS=linux ./build
@@ -38,7 +41,7 @@ echo "Building $PKGFILE"
 mkdir -p /tmp/$PKGNAME/
 mkdir -p /tmp/$PKGNAME/debian/
 mkdir -p /tmp/$PKGNAME/usr/bin/
-mkdir -p /tmp/$PKGNAME/etc/systemd/system/
+mkdir -p /tmp/$PKGNAME/lib/systemd/system/

 cat > /tmp/$PKGNAME/debian/changelog << EOF
 Please see https://github.com/yggdrasil-network/yggdrasil-go/
@@ -68,35 +71,52 @@ EOF
 cat > /tmp/$PKGNAME/debian/install << EOF
 usr/bin/yggdrasil usr/bin
 usr/bin/yggdrasilctl usr/bin
-etc/systemd/system/*.service etc/systemd/system
+lib/systemd/system/*.service lib/systemd/system
 EOF
 cat > /tmp/$PKGNAME/debian/postinst << EOF
 #!/bin/sh

+systemctl daemon-reload
+
 if ! getent group yggdrasil 2>&1 > /dev/null; then
-  groupadd --system --force yggdrasil || echo "Failed to create group 'yggdrasil' - please create it manually and reinstall"
+  groupadd --system --force yggdrasil
 fi

-if [ -f /etc/yggdrasil.conf ];
+if [ ! -d /etc/yggdrasil ];
+then
+    mkdir -p /etc/yggdrasil
+    chown root:yggdrasil /etc/yggdrasil
+    chmod 750 /etc/yggdrasil
+fi
+
+if [ ! -f /etc/yggdrasil/yggdrasil.conf ];
+then
+    test -f /etc/yggdrasil.conf && mv /etc/yggdrasil.conf /etc/yggdrasil/yggdrasil.conf
+fi
+
+if [ -f /etc/yggdrasil/yggdrasil.conf ];
 then
  mkdir -p /var/backups
  echo "Backing up configuration file to /var/backups/yggdrasil.conf.`date +%Y%m%d`"
-  cp /etc/yggdrasil.conf /var/backups/yggdrasil.conf.`date +%Y%m%d`
-  echo "Normalising and updating /etc/yggdrasil.conf"
-  /usr/bin/yggdrasil -useconf -normaliseconf < /var/backups/yggdrasil.conf.`date +%Y%m%d` > /etc/yggdrasil.conf
-  chgrp yggdrasil /etc/yggdrasil.conf
+  cp /etc/yggdrasil/yggdrasil.conf /var/backups/yggdrasil.conf.`date +%Y%m%d`

-  if command -v systemctl >/dev/null; then
-    systemctl daemon-reload >/dev/null || true
-    systemctl enable yggdrasil || true
-    systemctl start yggdrasil || true
-  fi
+  echo "Normalising and updating /etc/yggdrasil/yggdrasil.conf"
+  /usr/bin/yggdrasil -useconf -normaliseconf < /var/backups/yggdrasil.conf.`date +%Y%m%d` > /etc/yggdrasil/yggdrasil.conf
+  
+  chown root:yggdrasil /etc/yggdrasil/yggdrasil.conf
+  chmod 640 /etc/yggdrasil/yggdrasil.conf
 else
-  echo "Generating initial configuration file /etc/yggdrasil.conf"
-  echo "Please familiarise yourself with this file before starting Yggdrasil"
-  sh -c 'umask 0027 && /usr/bin/yggdrasil -genconf > /etc/yggdrasil.conf'
-  chgrp yggdrasil /etc/yggdrasil.conf
+  echo "Generating initial configuration file /etc/yggdrasil/yggdrasil.conf"
+  /usr/bin/yggdrasil -genconf > /etc/yggdrasil/yggdrasil.conf
+
+  chown root:yggdrasil /etc/yggdrasil/yggdrasil.conf
+  chmod 640 /etc/yggdrasil/yggdrasil.conf
 fi
+
+systemctl enable yggdrasil
+systemctl restart yggdrasil
+
+exit 0
 EOF
 cat > /tmp/$PKGNAME/debian/prerm << EOF
 #!/bin/sh
@@ -110,13 +130,14 @@ EOF

 cp yggdrasil /tmp/$PKGNAME/usr/bin/
 cp yggdrasilctl /tmp/$PKGNAME/usr/bin/
-cp contrib/systemd/*.service /tmp/$PKGNAME/etc/systemd/system/
+cp contrib/systemd/yggdrasil-default-config.service.debian /tmp/$PKGNAME/lib/systemd/system/yggdrasil-default-config.service
+cp contrib/systemd/yggdrasil.service.debian /tmp/$PKGNAME/lib/systemd/system/yggdrasil.service

-tar -czvf /tmp/$PKGNAME/data.tar.gz -C /tmp/$PKGNAME/ \
+tar --no-xattrs -czvf /tmp/$PKGNAME/data.tar.gz -C /tmp/$PKGNAME/ \
  usr/bin/yggdrasil usr/bin/yggdrasilctl \
-  etc/systemd/system/yggdrasil.service \
-  etc/systemd/system/yggdrasil-default-config.service
-tar -czvf /tmp/$PKGNAME/control.tar.gz -C /tmp/$PKGNAME/debian .
+  lib/systemd/system/yggdrasil.service \
+  lib/systemd/system/yggdrasil-default-config.service
+tar --no-xattrs -czvf /tmp/$PKGNAME/control.tar.gz -C /tmp/$PKGNAME/debian .
 echo 2.0 > /tmp/$PKGNAME/debian-binary

 ar -r $PKGFILE \
--- a/contrib/mobile/mobile.go
+++ b/contrib/mobile/mobile.go
@@ -48,6 +48,7 @@ func (m *Yggdrasil) StartJSON(configjson []byte) error {
 	logger.EnableLevel("error")
 	logger.EnableLevel("warn")
 	logger.EnableLevel("info")
+	m.logger = logger
 	m.config = config.GenerateConfig()
 	if err := m.config.UnmarshalHJSON(configjson); err != nil {
 		return err
@@ -70,16 +71,24 @@ func (m *Yggdrasil) StartJSON(configjson []byte) error {
 			}
 			options = append(options, core.AllowedPublicKey(k[:]))
 		}
+		for _, lAddr := range m.config.Listen {
+			options = append(options, core.ListenAddress(lAddr))
+		}
 		var err error
 		m.core, err = core.New(m.config.Certificate, logger, options...)
 		if err != nil {
 			panic(err)
 		}
+		address, subnet := m.core.Address(), m.core.Subnet()
+		logger.Infof("Your public key is %s", hex.EncodeToString(m.core.PublicKey()))
+		logger.Infof("Your IPv6 address is %s", address.String())
+		logger.Infof("Your IPv6 subnet is %s", subnet.String())
 	}

 	// Setup the multicast module.
 	if len(m.config.MulticastInterfaces) > 0 {
 		var err error
+		logger.Infof("Initializing multicast %s", "")
 		options := []multicast.SetupOption{}
 		for _, intf := range m.config.MulticastInterfaces {
 			options = append(options, multicast.MulticastInterface{
@@ -91,9 +100,10 @@ func (m *Yggdrasil) StartJSON(configjson []byte) error {
 				Password: intf.Password,
 			})
 		}
+		logger.Infof("Starting multicast %s", "")
 		m.multicast, err = multicast.New(m.core, m.logger, options...)
 		if err != nil {
-			m.logger.Errorln("An error occurred starting multicast:", err)
+			logger.Errorln("An error occurred starting multicast:", err)
 		}
 	}

@@ -152,15 +162,20 @@ func (m *Yggdrasil) RecvBuffer(buf []byte) (int, error) {
 func (m *Yggdrasil) Stop() error {
 	logger := log.New(m.log, "", 0)
 	logger.EnableLevel("info")
-	logger.Infof("Stop the mobile Yggdrasil instance %s", "")
-	if err := m.multicast.Stop(); err != nil {
-		return err
+	logger.Infof("Stopping the mobile Yggdrasil instance %s", "")
+	if m.multicast != nil {
+		logger.Infof("Stopping multicast %s", "")
+		if err := m.multicast.Stop(); err != nil {
+			return err
+		}
 	}
+	logger.Infof("Stopping TUN device %s", "")
 	if m.tun != nil {
 		if err := m.tun.Stop(); err != nil {
 			return err
 		}
 	}
+	logger.Infof("Stopping Yggdrasil core %s", "")
 	m.core.Stop()
 	return nil
 }
@@ -208,8 +223,11 @@ func (m *Yggdrasil) GetPeersJSON() (result string) {
 		IP string
 	}{}
 	for _, v := range m.core.GetPeers() {
-		a := address.AddrForKey(v.Key)
-		ip := net.IP(a[:]).String()
+		var ip string
+		if v.Key != nil {
+			a := address.AddrForKey(v.Key)
+			ip = net.IP(a[:]).String()
+		}
 		peers = append(peers, struct {
 			core.PeerInfo
 			IP string
--- a/contrib/systemd/yggdrasil-default-config.service.debian
+++ b/contrib/systemd/yggdrasil-default-config.service.debian
@@ -0,0 +1,13 @@
+[Unit]
+Description=Yggdrasil default config generator
+ConditionPathExists=|!/etc/yggdrasil/yggdrasil.conf
+ConditionFileNotEmpty=|!/etc/yggdrasil/yggdrasil.conf
+Wants=local-fs.target
+After=local-fs.target
+
+[Service]
+Type=oneshot
+Group=yggdrasil
+ExecStartPre=/usr/bin/mkdir -p /etc/yggdrasil
+ExecStart=/usr/bin/yggdrasil -genconf > /etc/yggdrasil/yggdrasil.conf
+ExecStartPost=/usr/bin/chmod -R 0640 /etc/yggdrasil
--- a/contrib/systemd/yggdrasil.service.debian
+++ b/contrib/systemd/yggdrasil.service.debian
@@ -0,0 +1,25 @@
+[Unit]
+Description=Yggdrasil Network
+Wants=network-online.target
+Wants=yggdrasil-default-config.service
+After=network-online.target
+After=yggdrasil-default-config.service
+
+[Service]
+Group=yggdrasil
+ProtectHome=true
+ProtectSystem=strict
+NoNewPrivileges=true
+RuntimeDirectory=yggdrasil
+ReadWritePaths=/var/run/yggdrasil/ /run/yggdrasil/
+SyslogIdentifier=yggdrasil
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
+ExecStartPre=+-/sbin/modprobe tun
+ExecStart=/usr/bin/yggdrasil -useconffile /etc/yggdrasil/yggdrasil.conf
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=always
+TimeoutStopSec=5
+
+[Install]
+WantedBy=multi-user.target
--- a/go.mod
+++ b/go.mod
@@ -3,14 +3,14 @@ module github.com/yggdrasil-network/yggdrasil-go
 go 1.20

 require (
-	github.com/Arceliar/ironwood v0.0.0-20230805085300-86206813435f
+	github.com/Arceliar/ironwood v0.0.0-20231028101932-ceac99571f43
 	github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d
 	github.com/cheggaaa/pb/v3 v3.1.4
 	github.com/gologme/log v1.3.0
 	github.com/hashicorp/go-syslog v1.0.0
 	github.com/hjson/hjson-go/v4 v4.3.0
 	github.com/kardianos/minwinsvc v1.0.2
-	github.com/quic-go/quic-go v0.39.0
+	github.com/quic-go/quic-go v0.39.3
 	github.com/vishvananda/netlink v1.1.0
 	golang.org/x/crypto v0.14.0
 	golang.org/x/mobile v0.0.0-20231006135142-2b44d11868fe
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,5 @@
-github.com/Arceliar/ironwood v0.0.0-20230805085300-86206813435f h1:Fz0zG7ZyQQqk+ROnmHuGrIZO250Lx/YHmp9o48XE+Vw=
-github.com/Arceliar/ironwood v0.0.0-20230805085300-86206813435f/go.mod h1:5x7fWW0mshe9WQ1lvSMmmHBYC3BeHH9gpwW5tz7cbfw=
+github.com/Arceliar/ironwood v0.0.0-20231028101932-ceac99571f43 h1:M4NczBPk7Fy0Uy2YvNoXwSkk3dGoGTOYtUjyqpOC5ko=
+github.com/Arceliar/ironwood v0.0.0-20231028101932-ceac99571f43/go.mod h1:5x7fWW0mshe9WQ1lvSMmmHBYC3BeHH9gpwW5tz7cbfw=
 github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d h1:UK9fsWbWqwIQkMCz1CP+v5pGbsGoWAw6g4AyvMpm1EM=
 github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d/go.mod h1:BCnxhRf47C/dy/e/D2pmB8NkB3dQVIrkD98b220rx5Q=
 github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
@@ -52,8 +52,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/quic-go/qtls-go1-20 v0.3.4 h1:MfFAPULvst4yoMgY9QmtpYmfij/em7O8UUi+bNVm7Cg=
 github.com/quic-go/qtls-go1-20 v0.3.4/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k=
-github.com/quic-go/quic-go v0.39.0 h1:AgP40iThFMY0bj8jGxROhw3S0FMGa8ryqsmi9tBH3So=
-github.com/quic-go/quic-go v0.39.0/go.mod h1:T09QsDQWjLiQ74ZmacDfqZmhY/NLnw5BC40MANNNZ1Q=
+github.com/quic-go/quic-go v0.39.3 h1:o3YB6t2SR+HU/pgwF29kJ6g4jJIJEwEZ8CKia1h1TKg=
+github.com/quic-go/quic-go v0.39.3/go.mod h1:T09QsDQWjLiQ74ZmacDfqZmhY/NLnw5BC40MANNNZ1Q=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
--- a/src/admin/options.go
+++ b/src/admin/options.go
@@ -1,9 +1,24 @@
 package admin

+import (
+	"crypto/ed25519"
+	"encoding/hex"
+	"encoding/json"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/Arceliar/ironwood/network"
+
+	"github.com/yggdrasil-network/yggdrasil-go/src/address"
+)
+
 func (c *AdminSocket) _applyOption(opt SetupOption) {
 	switch v := opt.(type) {
 	case ListenAddress:
 		c.config.listenaddr = v
+	case LogLookups:
+		c.logLookups()
 	}
 }

@@ -14,3 +29,51 @@ type SetupOption interface {
 type ListenAddress string

 func (a ListenAddress) isSetupOption() {}
+
+type LogLookups struct{}
+
+func (l LogLookups) isSetupOption() {}
+
+func (a *AdminSocket) logLookups() {
+	type resi struct {
+		Address string   `json:"addr"`
+		Key     string   `json:"key"`
+		Path    []uint64 `json:"path"`
+		Time    int64    `json:"time"`
+	}
+	type res struct {
+		Infos []resi `json:"infos"`
+	}
+	type info struct {
+		path []uint64
+		time time.Time
+	}
+	type edk [ed25519.PublicKeySize]byte
+	infos := make(map[edk]info)
+	var m sync.Mutex
+	a.core.PacketConn.PacketConn.Debug.SetDebugLookupLogger(func(l network.DebugLookupInfo) {
+		var k edk
+		copy(k[:], l.Key[:])
+		m.Lock()
+		infos[k] = info{path: l.Path, time: time.Now()}
+		m.Unlock()
+	})
+	_ = a.AddHandler(
+		"lookups", "Dump a record of lookups received in the past hour", []string{},
+		func(in json.RawMessage) (interface{}, error) {
+			m.Lock()
+			rs := make([]resi, 0, len(infos))
+			for k, v := range infos {
+				if time.Since(v.time) > 24*time.Hour {
+					// TODO? automatic cleanup, so we don't need to call lookups periodically to prevent leaks
+					delete(infos, k)
+				}
+				a := address.AddrForKey(ed25519.PublicKey(k[:]))
+				addr := net.IP(a[:]).String()
+				rs = append(rs, resi{Address: addr, Key: hex.EncodeToString(k[:]), Path: v.path, Time: v.time.Unix()})
+			}
+			m.Unlock()
+			return &res{Infos: rs}, nil
+		},
+	)
+}
--- a/src/admin/removepeer.go
+++ b/src/admin/removepeer.go
@@ -1,5 +1,10 @@
 package admin

+import (
+	"fmt"
+	"net/url"
+)
+
 type RemovePeerRequest struct {
 	Uri   string `json:"uri"`
 	Sintf string `json:"interface,omitempty"`
@@ -8,5 +13,9 @@ type RemovePeerRequest struct {
 type RemovePeerResponse struct{}

 func (a *AdminSocket) removePeerHandler(req *RemovePeerRequest, res *RemovePeerResponse) error {
-	return a.core.RemovePeer(req.Uri, req.Sintf)
+	u, err := url.Parse(req.Uri)
+	if err != nil {
+		return fmt.Errorf("unable to parse peering URI: %w", err)
+	}
+	return a.core.RemovePeer(u, req.Sintf)
 }
--- a/src/config/config.go
+++ b/src/config/config.go
@@ -46,13 +46,14 @@ type NodeConfig struct {
 	Peers               []string                   `comment:"List of connection strings for outbound peer connections in URI format,\ne.g. tls://a.b.c.d:e or socks://a.b.c.d:e/f.g.h.i:j. These connections\nwill obey the operating system routing table, therefore you should\nuse this section when you may connect via different interfaces."`
 	InterfacePeers      map[string][]string        `comment:"List of connection strings for outbound peer connections in URI format,\narranged by source interface, e.g. { \"eth0\": [ \"tls://a.b.c.d:e\" ] }.\nNote that SOCKS peerings will NOT be affected by this option and should\ngo in the \"Peers\" section instead."`
 	Listen              []string                   `comment:"Listen addresses for incoming connections. You will need to add\nlisteners in order to accept incoming peerings from non-local nodes.\nMulticast peer discovery will work regardless of any listeners set\nhere. Each listener should be specified in URI format as above, e.g.\ntls://0.0.0.0:0 or tls://[::]:0 to listen on all interfaces."`
-	AdminListen         string                     `comment:"Listen address for admin connections. Default is to listen for local\nconnections either on TCP/9001 or a UNIX socket depending on your\nplatform. Use this value for yggdrasilctl -endpoint=X. To disable\nthe admin socket, use the value \"none\" instead."`
+	AdminListen         string                     `json:",omitempty" comment:"Listen address for admin connections. Default is to listen for local\nconnections either on TCP/9001 or a UNIX socket depending on your\nplatform. Use this value for yggdrasilctl -endpoint=X. To disable\nthe admin socket, use the value \"none\" instead."`
 	MulticastInterfaces []MulticastInterfaceConfig `comment:"Configuration for which interfaces multicast peer discovery should be\nenabled on. Each entry in the list should be a json object which may\ncontain Regex, Beacon, Listen, and Port. Regex is a regular expression\nwhich is matched against an interface name, and interfaces use the\nfirst configuration that they match gainst. Beacon configures whether\nor not the node should send link-local multicast beacons to advertise\ntheir presence, while listening for incoming connections on Port.\nListen controls whether or not the node listens for multicast beacons\nand opens outgoing connections."`
 	AllowedPublicKeys   []string                   `comment:"List of peer public keys to allow incoming peering connections\nfrom. If left empty/undefined then all connections will be allowed\nby default. This does not affect outgoing peerings, nor does it\naffect link-local peers discovered via multicast."`
 	IfName              string                     `comment:"Local network interface name for TUN adapter, or \"auto\" to select\nan interface automatically, or \"none\" to run without TUN."`
 	IfMTU               uint64                     `comment:"Maximum Transmission Unit (MTU) size for your local TUN interface.\nDefault is the largest supported size for your platform. The lowest\npossible value is 1280."`
 	NodeInfoPrivacy     bool                       `comment:"By default, nodeinfo contains some defaults including the platform,\narchitecture and Yggdrasil version. These can help when surveying\nthe network and diagnosing network routing problems. Enabling\nnodeinfo privacy prevents this, so that only items specified in\n\"NodeInfo\" are sent back if specified."`
 	NodeInfo            map[string]interface{}     `comment:"Optional node info. This must be a { \"key\": \"value\", ... } map\nor set as null. This is entirely optional but, if set, is visible\nto the whole network on request."`
+	LogLookups          bool                       `json:",omitempty"`
 }

 type MulticastInterfaceConfig struct {
--- a/src/core/api.go
+++ b/src/core/api.go
@@ -3,7 +3,6 @@ package core
 import (
 	"crypto/ed25519"
 	"encoding/json"
-	"fmt"
 	"net"
 	"net/url"
 	"sync/atomic"
@@ -192,28 +191,8 @@ func (c *Core) AddPeer(u *url.URL, sintf string) error {

 // RemovePeer removes a peer. The peer should be specified in URI format, see AddPeer.
 // The peer is not disconnected immediately.
-func (c *Core) RemovePeer(uri string, sourceInterface string) error {
-	return fmt.Errorf("not implemented yet")
-	/*
-		var err error
-		phony.Block(c, func() {
-			peer := Peer{uri, sourceInterface}
-			linkInfo, ok := c.config._peers[peer]
-			if !ok {
-				err = fmt.Errorf("peer not configured")
-				return
-			}
-			if ok && linkInfo != nil {
-				c.links.Act(nil, func() {
-					if link := c.links._links[*linkInfo]; link != nil {
-						_ = link.conn.Close()
-					}
-				})
-			}
-			delete(c.config._peers, peer)
-		})
-		return err
-	*/
+func (c *Core) RemovePeer(u *url.URL, sintf string) error {
+	return c.links.remove(u, sintf, linkTypePersistent)
 }

 // CallPeer calls a peer once. This should be specified in the peer URI format,
--- a/src/core/core.go
+++ b/src/core/core.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/ed25519"
 	"crypto/tls"
-	"encoding/hex"
 	"fmt"
 	"io"
 	"net"
@@ -104,10 +103,6 @@ func New(cert *tls.Certificate, logger Logger, opts ...SetupOption) (*Core, erro
 	); err != nil {
 		return nil, fmt.Errorf("error creating encryption: %w", err)
 	}
-	address, subnet := c.Address(), c.Subnet()
-	c.log.Infof("Your public key is %s", hex.EncodeToString(c.public))
-	c.log.Infof("Your IPv6 address is %s", address.String())
-	c.log.Infof("Your IPv6 subnet is %s", subnet.String())
 	c.proto.init(c)
 	if err := c.links.init(c); err != nil {
 		return nil, fmt.Errorf("error initialising links: %w", err)
@@ -140,7 +135,14 @@ func New(cert *tls.Certificate, logger Logger, opts ...SetupOption) (*Core, erro
 }

 func (c *Core) RetryPeersNow() {
-	// TODO: figure out a way to retrigger peer connections.
+	phony.Block(&c.links, func() {
+		for _, l := range c.links._links {
+			select {
+			case l.kick <- struct{}{}:
+			default:
+			}
+		}
+	})
 }

 // Stop shuts down the Yggdrasil node.
--- a/src/core/debug.go
+++ b/src/core/debug.go
@@ -1,6 +1,3 @@
-//go:build debug
-// +build debug
-
 package core

 import (
@@ -8,28 +5,13 @@ import (
 	"net/http"
 	_ "net/http/pprof"
 	"os"
-	"runtime"
-
-	"github.com/gologme/log"
 )

-// Start the profiler in debug builds, if the required environment variable is set.
+// Start the profiler if the required environment variable is set.
 func init() {
 	envVarName := "PPROFLISTEN"
-	hostPort := os.Getenv(envVarName)
-	switch {
-	case hostPort == "":
-		fmt.Fprintf(os.Stderr, "DEBUG: %s not set, profiler not started.\n", envVarName)
-	default:
+	if hostPort := os.Getenv(envVarName); hostPort != "" {
 		fmt.Fprintf(os.Stderr, "DEBUG: Starting pprof on %s\n", hostPort)
-		go func() { fmt.Println(http.ListenAndServe(hostPort, nil)) }()
+		go fmt.Println(http.ListenAndServe(hostPort, nil))
 	}
 }
-
-// Starts the function profiler. This is only supported when built with
-// '-tags build'.
-func StartProfiler(log *log.Logger) error {
-	runtime.SetBlockProfileRate(1)
-	go func() { log.Println(http.ListenAndServe("localhost:6060", nil)) }()
-	return nil
-}
--- a/src/core/link.go
+++ b/src/core/link.go
@@ -53,9 +53,11 @@ type linkInfo struct {

 // link tracks the state of a connection, either persistent or non-persistent
 type link struct {
-	kick      chan struct{} // Attempt to reconnect now, if backing off
-	linkType  linkType      // Type of link, i.e. outbound/inbound, persistent/ephemeral
-	linkProto string        // Protocol carrier of link, e.g. TCP, AWDL
+	ctx       context.Context    // Connection context
+	cancel    context.CancelFunc // Stop future redial attempts (when peer removed)
+	kick      chan struct{}      // Attempt to reconnect now, if backing off
+	linkType  linkType           // Type of link, i.e. outbound/inbound, persistent/ephemeral
+	linkProto string             // Protocol carrier of link, e.g. TCP, AWDL
 	// The remaining fields can only be modified safely from within the links actor
 	_conn    *linkConn // Connected link, if any, nil if not connected
 	_err     error     // Last error on the connection, if any
@@ -129,6 +131,7 @@ type linkError string
 func (e linkError) Error() string { return string(e) }

 const ErrLinkAlreadyConfigured = linkError("peer is already configured")
+const ErrLinkNotConfigured = linkError("peer is not configured")
 const ErrLinkPriorityInvalid = linkError("priority value is invalid")
 const ErrLinkPinnedKeyInvalid = linkError("pinned public key is invalid")
 const ErrLinkPasswordInvalid = linkError("password is invalid")
@@ -199,6 +202,7 @@ func (l *links) add(u *url.URL, sintf string, linkType linkType) error {
 			linkProto: strings.ToUpper(u.Scheme),
 			kick:      make(chan struct{}),
 		}
+		state.ctx, state.cancel = context.WithCancel(l.core.ctx)

 		// Store the state of the link so that it can be queried later.
 		l._links[info] = state
@@ -218,12 +222,14 @@ func (l *links) add(u *url.URL, sintf string, linkType linkType) error {
 			backoff++
 			duration := time.Second * time.Duration(math.Exp2(float64(backoff)))
 			select {
-			case <-time.After(duration):
-				return true
 			case <-state.kick:
 				return true
+			case <-state.ctx.Done():
+				return false
 			case <-l.core.ctx.Done():
 				return false
+			case <-time.After(duration):
+				return true
 			}
 		}

@@ -232,19 +238,25 @@ func (l *links) add(u *url.URL, sintf string, linkType linkType) error {
 		// then the loop will run endlessly, using backoffs as needed.
 		// Otherwise the loop will end, cleaning up the link entry.
 		go func() {
-			defer func() {
-				phony.Block(l, func() {
-					if l._links[info] == state {
-						delete(l._links, info)
-					}
-				})
-			}()
+			defer phony.Block(l, func() {
+				if l._links[info] == state {
+					delete(l._links, info)
+				}
+			})

 			// This loop will run each and every time we want to attempt
 			// a connection to this peer.
 			// TODO get rid of this loop, this is *exactly* what time.AfterFunc is for, we should just send a signal to the links actor to kick off a goroutine as needed
 			for {
-				conn, err := l.connect(u, info, options)
+				select {
+				case <-state.ctx.Done():
+					// The peering context has been cancelled, so don't try
+					// to dial again.
+					return
+				default:
+				}
+
+				conn, err := l.connect(state.ctx, u, info, options)
 				if err != nil {
 					if linkType == linkTypePersistent {
 						// If the link is a persistent configured peering,
@@ -319,13 +331,39 @@ func (l *links) add(u *url.URL, sintf string, linkType linkType) error {
 					}
 					return
 				}
-				break
 			}
 		}()
 	})
 	return retErr
 }

+func (l *links) remove(u *url.URL, sintf string, linkType linkType) error {
+	var retErr error
+	phony.Block(l, func() {
+		// Generate the link info and see whether we think we already
+		// have an open peering to this peer.
+		lu := urlForLinkInfo(*u)
+		info := linkInfo{
+			uri:   lu.String(),
+			sintf: sintf,
+		}
+
+		// If this peer is already configured then we will close the
+		// connection and stop it from retrying.
+		state, ok := l._links[info]
+		if ok && state != nil {
+			state.cancel()
+			if conn := state._conn; conn != nil {
+				retErr = conn.Close()
+			}
+			return
+		}
+
+		retErr = ErrLinkNotConfigured
+	})
+	return retErr
+}
+
 func (l *links) listen(u *url.URL, sintf string) (*Listener, error) {
 	ctx, cancel := context.WithCancel(l.core.ctx)
 	var protocol linkProtocol
@@ -374,7 +412,7 @@ func (l *links) listen(u *url.URL, sintf string) (*Listener, error) {
 		for {
 			conn, err := listener.Accept()
 			if err != nil {
-				continue
+				return
 			}
 			go func(conn net.Conn) {
 				defer conn.Close()
@@ -453,7 +491,7 @@ func (l *links) listen(u *url.URL, sintf string) (*Listener, error) {
 	return li, nil
 }

-func (l *links) connect(u *url.URL, info linkInfo, options linkOptions) (net.Conn, error) {
+func (l *links) connect(ctx context.Context, u *url.URL, info linkInfo, options linkOptions) (net.Conn, error) {
 	var dialer linkProtocol
 	switch strings.ToLower(u.Scheme) {
 	case "tcp":
@@ -485,7 +523,7 @@ func (l *links) connect(u *url.URL, info linkInfo, options linkOptions) (net.Con
 	default:
 		return nil, ErrLinkUnrecognisedSchema
 	}
-	return dialer.dial(l.core.ctx, u, info, options)
+	return dialer.dial(ctx, u, info, options)
 }

 func (l *links) handler(linkType linkType, options linkOptions, conn net.Conn) error {
--- a/src/core/tls.go
+++ b/src/core/tls.go
@@ -8,7 +8,7 @@ import (
 func (c *Core) generateTLSConfig(cert *tls.Certificate) (*tls.Config, error) {
 	config := &tls.Config{
 		Certificates: []tls.Certificate{*cert},
-		ClientAuth:   tls.RequireAnyClientCert,
+		ClientAuth:   tls.NoClientCert,
 		GetClientCertificate: func(cri *tls.CertificateRequestInfo) (*tls.Certificate, error) {
 			return cert, nil
 		},
--- a/src/tun/tun.go
+++ b/src/tun/tun.go
@@ -44,7 +44,7 @@ type TunAdapter struct {
 	isOpen      bool
 	isEnabled   bool // Used by the writer to drop sessionTraffic if not enabled
 	config      struct {
-    fd   int32
+		fd   int32
 		name InterfaceName
 		mtu  InterfaceMTU
 	}
@@ -116,7 +116,10 @@ func (tun *TunAdapter) _start() error {
 	tun.addr = tun.rwc.Address()
 	tun.subnet = tun.rwc.Subnet()
 	prefix := address.GetPrefix()
-	addr := fmt.Sprintf("%s/%d", net.IP(tun.addr[:]).String(), 8*len(prefix[:])-1)
+	var addr string
+	if tun.addr.IsValid() {
+		addr = fmt.Sprintf("%s/%d", net.IP(tun.addr[:]).String(), 8*len(prefix[:])-1)
+	}
 	if tun.config.name == "none" || tun.config.name == "dummy" {
 		tun.log.Debugln("Not starting TUN as ifname is none or dummy")
 		tun.isEnabled = false
--- a/src/tun/tun_bsd.go
+++ b/src/tun/tun_bsd.go
@@ -86,7 +86,10 @@ func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
 	} else {
 		tun.mtu = 0
 	}
-	return tun.setupAddress(addr)
+	if addr != "" {
+		return tun.setupAddress(addr)
+	}
+	return nil
 }

 // Configures the "utun" adapter from an existing file descriptor.
--- a/src/tun/tun_darwin.go
+++ b/src/tun/tun_darwin.go
@@ -32,7 +32,10 @@ func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
 	} else {
 		tun.mtu = 0
 	}
-	return tun.setupAddress(addr)
+	if addr != "" {
+		return tun.setupAddress(addr)
+	}
+	return nil
 }

 // Configures the "utun" adapter from an existing file descriptor.
--- a/src/tun/tun_linux.go
+++ b/src/tun/tun_linux.go
@@ -27,7 +27,10 @@ func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
 	} else {
 		tun.mtu = 0
 	}
-	return tun.setupAddress(addr)
+	if addr != "" {
+		return tun.setupAddress(addr)
+	}
+	return nil
 }

 // Configures the "utun" adapter from an existing file descriptor.
--- a/src/tun/tun_other.go
+++ b/src/tun/tun_other.go
@@ -24,7 +24,10 @@ func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
 	} else {
 		tun.mtu = 0
 	}
-	return tun.setupAddress(addr)
+	if addr != "" {
+		return tun.setupAddress(addr)
+	}
+	return nil
 }

 // Configures the "utun" adapter from an existing file descriptor.
--- a/src/tun/tun_windows.go
+++ b/src/tun/tun_windows.go
@@ -35,9 +35,11 @@ func (tun *TunAdapter) setup(ifname string, addr string, mtu uint64) error {
 			return err
 		}
 		tun.iface = iface
-		if err = tun.setupAddress(addr); err != nil {
-			tun.log.Errorln("Failed to set up TUN address:", err)
-			return err
+		if addr != "" {
+			if err = tun.setupAddress(addr); err != nil {
+				tun.log.Errorln("Failed to set up TUN address:", err)
+				return err
+			}
 		}
 		if err = tun.setupMTU(getSupportedMTU(mtu)); err != nil {
 			tun.log.Errorln("Failed to set up TUN MTU:", err)
Author	SHA1	Message	Date
Neil Alexander	d781fef760	Release: Yggdrasil 0.5.0	2023-10-28 15:23:01 +01:00
Neil Alexander	b332664acb	Release: Yggdrasil 0.5.0	2023-10-28 15:11:34 +01:00
Neil Alexander	01c1498bd5	Yggdrasil 0.5 release notes	2023-10-28 15:07:45 +01:00
Neil	0b578a637a	Debian package updates (#1073 ) * Update Debian package * Don't put `AdminListen` in config by default, fix path in Debian package * Fix path in unit file * Preserve original service files for other packages --------- Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>	2023-10-28 14:58:52 +01:00
Arceliar	82c54f87ea	clean up some debug API output	2023-10-28 06:36:01 -05:00
Arceliar	d17ac39789	update ironwood dependency, add a debug API call for lookups	2023-10-28 05:26:43 -05:00
Neil Alexander	ea6ccf552f	Update dependencies, test cross-builds for FreeBSD and OpenBSD in CI	2023-10-27 23:16:13 +01:00
Neil	1ac3d540e7	Merge pull request #1070 from Revertron/fix_mobile	2023-10-25 20:31:15 +01:00
Revertron	6873fd44ff	Fixes logger, adds some log messages.	2023-10-25 20:59:19 +02:00
Neil Alexander	8afa737a8d	Use `ubuntu-20.04` image for router packages in CI	2023-10-24 22:44:33 +01:00
Neil Alexander	7934158f5f	Use `ubuntu-20.04` image for Debian packages in CI	2023-10-24 12:10:48 +01:00
Neil Alexander	a60771344a	Remove DHT from `yggdrasilctl` help text (fixes #1069 )	2023-10-23 23:42:31 +01:00
Neil Alexander	90c6288f7c	Yggdrasil 0.5 RC3	2023-10-23 22:26:53 +01:00
Neil Alexander	094f80f39c	Fix `RetryPeersNow`, move startup logging, don't set TUN address if not available	2023-10-22 15:51:30 +01:00
Neil Alexander	955aa4af79	Remove unnecessary pprof log line	2023-10-22 10:29:19 +01:00
Neil Alexander	73c6c25bd9	Restore `removePeer` method	2023-10-22 10:27:41 +01:00
Neil Alexander	80e56eafcd	Allow `PPROFLISTEN` on all builds	2023-10-21 21:36:28 +01:00
Alex Akselrod	6a9493757d	mobile: add support for `Listen` in config (#1063 ) Co-authored-by: Neil <git@neilalexander.dev>	2023-10-21 17:33:17 +00:00
John Jolly	8ea20cd205	Add output for threadcount and key generation time to cmd/genkey This change is to display information about the key generation process. Specifically, two bits of information are now displayed * The number of threads created to search for keys, and * The time taken to generate a successful "next best" key	2023-10-21 18:21:47 +01:00
Neil Alexander	a2dffeff33	Version 0.5 RC2 release notes	2023-10-18 22:52:37 +01:00
Neil Alexander	a2053b51fe	Yggdrasil 0.5 RC2	2023-10-18 22:44:14 +01:00
Neil Alexander	aceb037c57	Fix panic in mobile `GetPeersJSON`	2023-10-18 22:38:10 +01:00
Neil Alexander	bcd80b043f	Don't tightloop when a listener can no longer accept connections	2023-10-17 21:41:21 +01:00
Neil Alexander	74ca02edfd	Don't require TLS client certificate	2023-10-15 23:06:10 +01:00