summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Felix Fietkau [Wed, 31 May 2023 08:41:16 +0000 (10:41 +0200)]
wg-linux: increase default messages size
Makes the need for splitting messages less likely
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 31 May 2023 08:40:40 +0000 (10:40 +0200)]
wg-linux: add support for splitting netlink messages for allowed ips
Fixes an issue when too many allowed ips are set for one peer
(e.g. when using a gateway)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 30 May 2023 18:11:13 +0000 (20:11 +0200)]
host: fix crash parsing gateway when no endpoint is specified
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Christian Marangi [Fri, 26 May 2023 17:25:35 +0000 (19:25 +0200)]
pex-msg: fix memory leak on fread fail in pex_msg_update_request_init
Fix Coverty Scan CID
1521052 memory leak on fread fail in
pex_msg_update_request_init.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Felix Fietkau [Fri, 5 May 2023 12:37:19 +0000 (14:37 +0200)]
utils: fix ipv4 checksum issue
The parameter order for protocol and length was accidentally reversed,
leading to issues for packets > 256 bytes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 17 Feb 2023 11:32:52 +0000 (12:32 +0100)]
network: prevent adding endpoint routes for addresses on the network
Sometimes a peer might be reachable only over another peer. In that case
PEX could announce an endpoint address already covered by the network routes.
When connecting, asking netifd to route that address breaks access, since
it's only reachable over unet.
Detect this case and skip the netifd host route request.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 16 Sep 2022 19:21:28 +0000 (21:21 +0200)]
unet-cli: add stun server list editing support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 16 Sep 2022 19:14:20 +0000 (21:14 +0200)]
pex: update last query sent timestamp
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 16 Sep 2022 18:18:33 +0000 (20:18 +0200)]
pex: avoid sending a query to a host more than once every 15 seconds
Avoids unnecessary packet spam
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 16 Sep 2022 18:14:14 +0000 (20:14 +0200)]
host: keep multiple endpoint candidates, one for each type
Some discovery methods might be more reliable than others. Avoid having
them overwrite each other's discovery result
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 16 Sep 2022 16:47:11 +0000 (18:47 +0200)]
pex: automatically create host entries from incoming endpoint port notifications
Improves turnaround time on initial connect
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 16 Sep 2022 16:37:48 +0000 (18:37 +0200)]
unet-cli: add DHT support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 16 Sep 2022 13:25:20 +0000 (15:25 +0200)]
pex: improve handling of a longer list of PEX hosts
Instead of rotating and picking one every 5 seconds, pick one from the list
every 500ms, but enforce a minimum interval of 10 seconds per host between
pings
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 16 Sep 2022 09:00:15 +0000 (11:00 +0200)]
pex: add support for figuring out the external data port via STUN servers
When establishing a direct connection on the auth/PEX port via DHT, both sides
need to know the externally mapped data port number in order to establish a
wireguard connection.
If there is an existing data connection, the port can be queried via PEX
over the tunnel. If that is not available, an external public server is needed
in order to poke a hole in the NAT. The easiest way to do this is to use
STUN, since there are a lot of public servers available.
The servers can be configured via the network data, based on the assumption,
that an auth exchange with network data update can be done directly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 15 Sep 2022 20:02:09 +0000 (22:02 +0200)]
utils: add support for passings address family to network_get_endpoint()
Can be used to limit results to IPv4 addresses
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 15 Sep 2022 19:47:20 +0000 (21:47 +0200)]
pex: add utility function to get the sockets based on type / address family
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 15 Sep 2022 19:44:47 +0000 (21:44 +0200)]
pex: move raw ip send code to sendto_rawudp() in utils.c
This allows it to be reused for other purposes later
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 15 Sep 2022 19:18:42 +0000 (21:18 +0200)]
pex: move rx header check to callback function
Fixes some length check bugs in the cli code and allows other protocols to be
used on the global PEX port.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 10 Sep 2022 10:33:03 +0000 (12:33 +0200)]
pex: keep active pex hosts after the specified timeout
Keep them as long as they have sent us a valid message in the last minute
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 10 Sep 2022 06:43:22 +0000 (08:43 +0200)]
add DHT discovery service
This uses the BitTorrent 'Mainline' DHT in order to find peers.
It operates on the global PEX port, in order to allow exchanging network data
through double NAT. Only the IPv4 DHT is used at the moment.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 16 Sep 2022 16:38:08 +0000 (18:38 +0200)]
ubus: notify on network updates
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 5 Sep 2022 10:30:07 +0000 (12:30 +0200)]
pex: add support for sending/receiving global PEX messages via unix socket
This can be used for allowing another protocol (e.g. DHT) to run on the same
port, making it easier to deal with NAT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 16 Sep 2022 12:55:33 +0000 (14:55 +0200)]
pex: remove pex event debug spam
Makes debugging output more readable
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 16 Sep 2022 12:54:45 +0000 (14:54 +0200)]
pex: reduce unnecessary ping traffic
Only ping once after the idle time exceeds keepalive time.
Do not ping if no endpoint address is known yet
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 5 Sep 2022 09:40:42 +0000 (11:40 +0200)]
wg-linux: ship a copy of linux/wireguard.h
Makes it possible to build unetd on hosts with older toolchain headers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 4 Sep 2022 16:44:55 +0000 (18:44 +0200)]
cli: fix typo
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 1 Sep 2022 18:38:50 +0000 (20:38 +0200)]
ubus: add reload command
This will reload all explicitly configured files (network json, peer lists)
without causing unnecessary network disruption
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 1 Sep 2022 17:42:10 +0000 (19:42 +0200)]
network: add support for configuring extra peers via a separate json file
Peers added to this file are only used locally and not advertised on the
network. Peers should use IP addresses that are part of locally announced
or otherwise configured subnets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 31 Aug 2022 18:37:05 +0000 (20:37 +0200)]
ubus: add support for adding auth_connect hosts at runtime
These hosts always need to have a timeout value. After the timeout, they
are automatically deleted. Other than that, they work just like regular
configured auth_host entries
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 31 Aug 2022 12:48:22 +0000 (14:48 +0200)]
ubus: add support for querying active networks
Shows configuration, local host name, peer connection status
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 31 Aug 2022 11:03:39 +0000 (13:03 +0200)]
pex: add support for sending endpoint notification from the wg port via raw socket
This makes it possible to use the global PEX socket (used for network data updates)
to be used to receive the endpoint address in a way that works through NAT.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 29 Aug 2022 18:52:20 +0000 (20:52 +0200)]
add support for disabling VXLAN/eBPF support
This makes it easier to backport or de-bloat on smaller systems
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 29 Aug 2022 18:37:12 +0000 (20:37 +0200)]
add support for overriding peer-exchange-port for individual hosts
This can also be used to disable PEX completely for non-unetd host entries
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 29 Aug 2022 11:16:47 +0000 (13:16 +0200)]
scripts/update-cmd.pl: run update two times
Removing an IP address can clear device routes with matching network/mask.
Running the update a second time ensures that they get recreated
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 29 Aug 2022 11:10:28 +0000 (13:10 +0200)]
scripts/update-cmd.pl: set device up before adding routes/addresses
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 29 Aug 2022 11:08:29 +0000 (13:08 +0200)]
scripts/update-cmd.pl: reorder add/remove calls to better deal with dynamic changes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 28 Aug 2022 18:39:47 +0000 (20:39 +0200)]
pex-msg: fix siphash key initializer
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 28 Aug 2022 17:56:31 +0000 (19:56 +0200)]
build.sh: force use of -fPIC on static libraries to fix build error
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 28 Aug 2022 17:56:12 +0000 (19:56 +0200)]
unet-cli: fix formatting of help text
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Jo-Philipp Wich [Wed, 24 Aug 2022 22:58:44 +0000 (00:58 +0200)]
unet-cli: enable ucode strict mode
Enable strict mode and explicitly declare all used variables.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Felix Fietkau [Thu, 25 Aug 2022 10:38:32 +0000 (12:38 +0200)]
unet-cli: fix reference to missing variable
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 25 Aug 2022 10:40:17 +0000 (12:40 +0200)]
unet-cli: pass host object to set_host()
Avoids accessing global net_data from within the function
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 25 Aug 2022 10:37:24 +0000 (12:37 +0200)]
unet-cli: pass service object to set_service()
Avoids accessing global net_data from within the function
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Jo-Philipp Wich [Wed, 24 Aug 2022 22:49:10 +0000 (00:49 +0200)]
unet-cli: use modern module imports
Instead of loading the entire `fs` module space using `require()`, utilize
the `import` statement to load the fs function we actually use.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 24 Aug 2022 22:43:07 +0000 (00:43 +0200)]
unet-cli: use modern ucode syntax
Refactor various places in the script to use modern syntax, such as
template strings or `in` lookups.
Also introduce a simple `assert()` helper function to deal with the
repeated `if (!cond) { warn(msg); exit(1) }` pattern.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Felix Fietkau [Thu, 25 Aug 2022 10:16:31 +0000 (12:16 +0200)]
fix build errors when built against glibc
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 25 Aug 2022 10:16:07 +0000 (12:16 +0200)]
build.sh: add libbpf
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 25 Aug 2022 10:15:40 +0000 (12:15 +0200)]
build: explicitly link in libelf and zlib
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 24 Aug 2022 12:02:48 +0000 (14:02 +0200)]
network: add support for specifying a host gateway
A host will only use its gateway as a peer, and connections from
other hosts will be routed through the gateway host
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 24 Aug 2022 08:58:49 +0000 (10:58 +0200)]
unet-cli: bring up interface on ssh add
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 23 Aug 2022 21:42:59 +0000 (23:42 +0200)]
unet-cli: allow editing remote host domain
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 23 Aug 2022 21:37:27 +0000 (23:37 +0200)]
network: fix writing domain suffix to hosts file
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 22 Aug 2022 20:14:32 +0000 (22:14 +0200)]
add network json editor written in ucode
reformat example json to match its output
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 23 Aug 2022 21:11:28 +0000 (23:11 +0200)]
host: deal with host/peer null pointers in debug messages
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 23 Aug 2022 21:06:09 +0000 (23:06 +0200)]
pex: remove connected check in pex_msg_send
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 16 Aug 2022 20:49:58 +0000 (22:49 +0200)]
pex: remove extra newline in debug message
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 16 Aug 2022 18:31:16 +0000 (20:31 +0200)]
host: avoid running connect timer if the network is not up
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 16 Aug 2022 18:30:49 +0000 (20:30 +0200)]
network: fix potential use-after-free
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 16 Aug 2022 15:48:07 +0000 (17:48 +0200)]
network: check for empty string arguments
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 13 Aug 2022 12:57:43 +0000 (14:57 +0200)]
add protocol for exchanging signed network data
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 23 Aug 2022 20:35:54 +0000 (22:35 +0200)]
pex: fix null pointer check
check for local_host null pointer before dereferencing it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 6 Aug 2022 13:51:18 +0000 (15:51 +0200)]
fix SPDX tag
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 6 Aug 2022 06:38:32 +0000 (08:38 +0200)]
curve25519: rely on utils.h
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 5 Aug 2022 13:32:15 +0000 (15:32 +0200)]
add chacha20 implementation
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 3 Aug 2022 20:27:01 +0000 (22:27 +0200)]
pex: use pubkey directly instead of accessing local_host in pex_msg_init()
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 1 Aug 2022 15:57:46 +0000 (17:57 +0200)]
add support for loading signed network files
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 31 Jul 2022 19:56:36 +0000 (21:56 +0200)]
add cli tool for signing network json files
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 29 Jul 2022 11:14:22 +0000 (13:14 +0200)]
add
ed25519 code to libunet
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 13 Aug 2022 12:55:02 +0000 (14:55 +0200)]
bpf_skb_utils: fix skb parsing on older kernels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 2 Aug 2022 19:05:49 +0000 (21:05 +0200)]
mss-bpf: remove unused-but-set variable
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 2 Aug 2022 18:58:43 +0000 (20:58 +0200)]
utils: free the correct addrinfo
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 1 Aug 2022 05:48:39 +0000 (07:48 +0200)]
remove dummy mode
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 9 Jul 2022 15:44:12 +0000 (17:44 +0200)]
mss-bpf: rework the code to use a common skb parser header file
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 2 Aug 2022 16:48:52 +0000 (18:48 +0200)]
utils: fix memory leak in network_get_endpoint()
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 30 Jun 2022 15:40:33 +0000 (17:40 +0200)]
bpf: ignore errors on program attach
Fixes issues with old kernels, which return errors for no reason
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 29 Jun 2022 18:35:29 +0000 (20:35 +0200)]
build: move some code to libunet
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 29 Jun 2022 18:12:48 +0000 (20:12 +0200)]
vxlan: add bpf program to fix up tcp mss values
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 28 Jun 2022 12:06:30 +0000 (14:06 +0200)]
vxlan: fix endian of the configured port
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 27 Jun 2022 15:55:15 +0000 (17:55 +0200)]
vxlan: add missing options
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 23 Jun 2022 11:09:48 +0000 (13:09 +0200)]
add some documentation about the PEX protocol
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 23 Jun 2022 08:46:19 +0000 (10:46 +0200)]
example: create wireguard and tunnel device
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 17 Jun 2022 12:26:00 +0000 (14:26 +0200)]
service: filter out duplicate members
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 15 Jun 2022 13:12:25 +0000 (15:12 +0200)]
service: add vxlan tunnel support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 31 May 2022 12:06:07 +0000 (14:06 +0200)]
services: switch to vlist
preparatation for supporting service types
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 31 May 2022 10:30:14 +0000 (12:30 +0200)]
add missing copyright header
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 23 May 2022 17:57:30 +0000 (19:57 +0200)]
add script for standalone builds
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 23 May 2022 13:04:57 +0000 (15:04 +0200)]
make ubus support optional (enabled by default)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 5 May 2022 08:49:46 +0000 (10:49 +0200)]
initial commit
Signed-off-by: Felix Fietkau <nbd@nbd.name>