2497 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
mirefly42	e7c0bd20dc	Prevent freebsd service from generating a config readable by everyone	2025-05-02 17:00:55 +07:00
mirefly42	3c226e26ec	Prevent busybox-init service from generating a config readable by everyone	2025-05-02 17:00:55 +07:00
mirefly42	d372b033b6	Prevent systemd service from generating a config readable by everyone	2025-05-02 17:00:35 +07:00
mirefly42	9cf0a75940	Prevent openrc service from generating a config readable by everyone	2025-05-02 14:55:14 +07:00
Sergey Alirzaev	47818a1a7c	apparmor: add yggdrasilctl policy (#1235)	2025-04-15 17:17:52 +01:00
Sergey Alirzaev	6377d7f071	contrib/openrc: remove SIGHUP logic (#1236) ... as it is long gone from the daemon code and unexpectedly kills the daemon	2025-04-15 17:15:09 +01:00
Neil Alexander	5b8dbc8b1e	Add summary helpers to mobile wrapper	2025-03-31 10:18:57 +01:00
patrini32	73705ff09d	Typo fix (#1232)	2025-02-20 09:45:49 +00:00
Neil Alexander	3b18909f70	Update dependencies	2025-02-18 12:57:58 +00:00
Neil Alexander	58b727d1f0	Add Go 1.24 to CI	2025-02-18 12:52:21 +00:00
Klemens Nanni	782c0250d7	Use pledge(2) on OpenBSD (#1215) ... Straight forward thanks to all privileged operations being done early enough during startup.	2024-12-22 11:04:26 +00:00
Neil Alexander	213f72b840	Yggdrasil 0.5.12	2024-12-18 22:34:30 +00:00
Neil Alexander	1fbcf3b3c2	Rename latency_ms to latency in getPeers response since it isn't even milliseconds anymore	2024-12-18 22:21:23 +00:00
Peter Gervai	22bc9c44e2	genkeys print the number of generated keys (#1217) ... It is good to know how many resources have we carelessly wasted. :-)	2024-12-18 19:56:46 +00:00
Neil	9c73bacab9	Update to Go 1.22, quic-go/quic-go@v0.48.2 (#1218) ... Our dependencies are now moving beyond Go 1.21 so need to update. Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>	2024-12-13 23:33:26 +00:00
Neil Alexander	04be129878	Update to Arceliar/ironwood@743fe2f	2024-12-13 23:12:36 +00:00
Neil Alexander	657f7e0db3	Fix empty user/group detection on chuser ... This should fix #1216.	2024-12-13 16:55:25 +00:00
Neil	7adf5f18b7	Yggdrasil 0.5.11 (#1214) ... Changelog updates. Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>	2024-12-12 19:26:54 +00:00
Neil Alexander	69451fe969	Specify TLS 1.2-TLS 1.3 supported range for client connections ... Should fix #1208.	2024-12-12 19:07:55 +00:00
Klemens Nanni	2d587740c1	genkeys, yggdrasilctl: Use pledge(2) on OpenBSD (#1193) ... Restrict system operations of CLI tools with https://man.openbsd.org/pledge.2. https://pkg.go.dev/suah.dev/protect abstracts the OS specific code, i.e. is a NOOP on non-OpenBSD systems. This PR is to gauge upstream interest in this direction; my OpenBSD port of yggdrasil already pledges the daemon, resulting in minimal runtime privileges, but there are still a few rough edges: https://github.com/jasperla/openbsd-wip/blob/master/net/yggdrasil/patches/patch-cmd_yggdrasil_main_go#L80 --------- Co-authored-by: Neil <git@neilalexander.dev>	2024-12-12 18:48:24 +00:00
Neil Alexander	b2b0396d48	Update dependencies	2024-12-12 18:42:53 +00:00
Klemens Nanni	83ec58afc7	Use unveil(2) on OpenBSD (#1194) ... After #1175 removed ioctl(2) fallback code shelling out to ifconfig(8), there is no code left (compiled on OpenBSD) that would fork(2) or execve(2). Drop the ability to run any executable file to double down on this, thus reducing the attack surface of this this experimental, internet facing daemon running as root. pledge(2) is doable, but needs more polish. unveil(2), however, is as simple as it gets. On other systems, this code is a NOOP, but can still help to implement similar safety belts.	2024-12-12 18:37:02 +00:00
Neil Alexander	b436052b2d	Update to Arceliar/ironwood@9deb08d	2024-12-10 19:02:13 +00:00
Neil	3ed4a92288	Yggdrasil 0.5.10 (#1207) ... Changelog updates. Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>	2024-11-24 12:56:24 +00:00
Neil Alexander	bdb2d399c5	Update dependencies	2024-11-23 14:55:14 +00:00
Neil Alexander	7790a19e4c	New detail in getMulticastInterfaces admin endpoint	2024-11-23 14:49:48 +00:00
Neil Alexander	d3b4de46ea	Improvements to how link shutdowns are handled	2024-11-23 13:43:34 +00:00
Neil Alexander	2454970e4d	Tweaks to configuration	2024-11-22 09:47:33 +00:00
Neil Alexander	b98f98318f	Tweaks to link handling	2024-11-22 09:44:30 +00:00
Neil Alexander	ff9e90c5aa	Update link cost calculation and next-hop selection (update to Arceliar/ironwood@75a6e82)	2024-11-22 09:31:38 +00:00
Neil	9398cae230	Expose download/upload rate per peer (#1206)	2024-11-19 08:42:27 +00:00
Klemens Nanni	c22a746a1d	Rewrite chuser() for simplicity and correctness (#1203) ... - Use unambiguous variable names (w/o package name conflict). - Fail on invalid input such as the empty string or `:`. - Do not change group without user, i.e. fail on `:group`. - Parse input using mnemonic APIs. - Do not juggle between integer types. - Unset supplementary groups. - Use set[ug]id(2) to follow the idiom of OpenBSD base programs. (cannot use setres[ug]id(2) as macOS does not have them.) Includes/Supersedes #1202. Fixes #927. I only tested on OpenBSD (so far), but other systems should just work.	2024-11-17 21:37:07 +00:00
Neil Alexander	67ec5a92b3	Fix some lint issues	2024-11-17 21:29:26 +00:00
Neil Alexander	42873be09b	Reusable peer lookup/dial logic	2024-11-17 21:14:54 +00:00
Klemens Nanni	75d2080e53	Set groups when dropping privileges to not leak supplementary group access (#1202) ... Changing the real and effective user/group IDs and the saved set-user/group-ID is not enough to get rid of intial access permissions. The list of groups must be cleared also, otherwise a process changing from, e.g. `root:root` to `nobody:nobody` retains rights to access `:wheel` files (assuming `root` is a member of the `wheel` group). For example: ``` # id uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest) # ./yggdrasil -autoconf -logto /dev/null -user nobody & [1] 4337 # ps -o command,user,group,supgrp -U nobody COMMAND USER GROUP SUPGRP ./yggdrasil -aut nobody nobody wheel,kmem,sys,tty,operator,staff,guest ``` Fix that so the process runs as mere ``` COMMAND USER GROUP SUPGRP ./yggdrasil -aut nobody nobody nobody ``` Fixes #927.	2024-11-11 19:28:28 +00:00
Klemens Nanni	834680045a	Create admin socket synchronously before privdrop (#1201) ... Creating UNIX sockets the listen() goroutine that races against the main one dropping to an unprivileged user may cause startup failure when privdrop happens before privileged filesystem access. Setup or fail in New() and only do listen(2) in listen() to avoid this. ``` # yggdrasil -autoconf -user nobody 2024/11/03 21:15:27 Build name: yggdrasil-go 2024/11/03 21:15:27 Build version: 0.5.9 ... 2024/11/03 21:15:27 Admin socket failed to listen: listen unix /var/run/yggdrasil.sock: bind: permission denied ``` Rerun, now the order is flipped: ``` # yggdrasil -autoconf -user nobody 2024/11/03 21:15:34 Build name: yggdrasil-go 2024/11/03 21:15:34 Build version: 0.5.9 [...] 2024/11/03 21:15:34 UNIX admin socket listening on /var/run/yggdrasil.sock [...] ``` Fixes #927.	2024-11-11 19:27:02 +00:00
Neil Alexander	eef613993f	Raise link error when SNI supplied on unsupported link type ... Closes #1196	2024-10-27 21:06:56 +00:00
Neil Alexander	ff0ef7ff56	Update comments in default configuration file	2024-10-27 20:59:05 +00:00
Neil Alexander	ef110b0181	Update Debian package metadata	2024-10-27 20:38:15 +00:00
Neil Alexander	b20ad846a1	When IfName is none, start queue goroutine, otherwise iprwc blocks and some handlers don't run	2024-10-20 21:28:04 +01:00
Neil	0b9c8bd020	Yggdrasil 0.5.9 (#1191) ... Changelog updates. Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>	2024-10-19 17:09:46 +01:00
Neil Alexander	0b9469100c	Update dependencies	2024-10-17 13:23:11 +01:00
Klemens Nanni	a6429390da	Use UNIX socket patch from url struct (#1186) ... No need to extract it again when the url package provides it for us: ``` $ jq -n '{"AdminListen":"unix:///tmp/ygg.sock"}' | ./yggdrasil -useconf | grep 'admin socket' 2024/10/08 22:41:11 UNIX admin socket listening on /tmp/ygg.sock ``` Follow-up on #1176	2024-10-17 13:22:46 +01:00
Klemens Nanni	1ee61dcefa	zap obsolete nonexistent command from usage (#1184)	2024-10-17 13:22:22 +01:00
Neil Alexander	81e345c1ae	Update to Arceliar/ironwood@f6fb9da97a	2024-10-16 09:46:36 +01:00
Neil Alexander	a038a6a8ef	Update to Arceliar/ironwood@4ea1ec6d68	2024-10-13 21:33:47 +01:00
Neil Alexander	01e73792fe	Update to Arceliar/ironwood@0ac2ff3eef	2024-10-13 20:06:07 +01:00
Neil Alexander	d22dc9ecc9	TUN: Skip ErrTooManySegments	2024-10-10 09:23:13 +01:00
Klemens Nanni	874083da79	Replace repeated subscripts with single TrimPrefix (#1176) ... This stood out to me while reading the code: [7:] is skipping "unix://", so why not do that? Doing so reveals a bug in the last line changed, where chmod(2) failure would print just the prefix, not everything but it... easy to miss, but now this kind of bug can no longer happen.	2024-09-30 14:25:04 +01:00
Klemens Nanni	ccda1075c0	Fix ioctl(2) code for OpenBSD (#1175) ... This cleans up the mess to configure an IP address on a tun(4) device. Handrolling a hardcoded ioctl(2) request is far from perfect, but Go (golang.org/sys/unix) is to blame here. Tested on OpenBSD 7.6 -current where yggdrasil now drives the interface would use of ifconfig or other helpers.	2024-09-30 14:24:20 +01:00