* hostsfile: Copy the SELinux context to the temp file before overwrite
On SELinux-enabled systems, /etc/hosts has a different type `net_conf_t`
than the other files in /etc, so the temporary file that overwrites it
ends up with the wrong context, resulting in many system services
becoming unable to access the file. To fix this, manually look up the
context /etc/hosts has and copy it to the temporary file before
the rename.
In order to avoid depending on libselinux on systems that don't use it,
this support is gated behind the new "selinux" feature. It *is*
installed and enabled in the Dockerfile, however, in order to ensure
that it still builds.
* Appease clippy
* Add info about selinux feature to README.md
* Remove unused ClientError struct
* Reformatted & repositioned and improved doc about selinux
---------
Co-authored-by: Brian Schwind <brianmschwind@gmail.com>
Co-authored-by: Jürgen Botz <jurgen@botz.org>
* Add --interactive mode to docker-tests to facilitate interactive testing
of innernet commands.
* Add a section to README about testing.
* Fix href tag
* Add a new client / server command to rename CIDR.
* Add a docker test case
* Apply suggestions from code review
Co-authored-by: Matěj Laitl <matej@laitl.cz>
Co-authored-by: Jake McGinty <me@jakebot.org>
---------
Co-authored-by: Matěj Laitl <matej@laitl.cz>
Co-authored-by: Jake McGinty <me@jakebot.org>
* Use our Endpoints type alias
* Add the recent wireguard endpoint to NAT candidates if a peer has an endpoint override
* Simplify logic in the inject_endpoints() function
Co-authored-by: Matěj Laitl <matej@laitl.cz>
* Specify mock wireguard endpoints for developer 1 and 2 in the test data
* Add a test for verifying the wireguard endpoint is returned in the list of NAT candidates
* Remove FromStr usage
* Appease clippy
---------
Co-authored-by: Matěj Laitl <matej@laitl.cz>
* Add CLI parameters for disable/enable peer
Fixestonarino/innernet#214.
* Formatting
* Remove redundant clones
* Require name for yes param
Yes param only makes sense if name is provided.
* Formatting
Follow-up to #203. In that issues we've found out that the built packages don't work correctly on some Debian versions.
We've (@mcginty I think?) when manually removed them from the 1.5.4 release artifacts, and they have been provided by 3rd party repositories since.
So drop the CI jobs.
* hostsfile: change internal map from hash to btree
This change makes the innernet section of /etc/hosts always ordered and
deterministic. We can take advantage of that to avoid writes, that will
be done in another commit.
* hostsfile: reduce number of writes if content hasn't changed
* hostsfile: return bool to inform if file has been written
This commit also makes the logs print accordingly to the new behavior.
* hostsfile: remove has_content_changed in favor of comparing old and new sections
* hostsfile: print the correct hosts path in log message
* hostsfile: remove unnecessary intermediate variable
* Turn ChangeString into a PeerChange enum, don't print NAT traversal reattempt as a modification
* Remove the ChangeString type
* Fix a stupid copy-paste error
* Add a missing call to reset a peer's endpoint when NAT traversal fails to connect to any endpoint candidates
* Simplify the process of resetting a peer to its server-reported endpoint
The recommended netlink buffer size is based on the system's page size,
which means that the current size is far too small for systems with 16k
or 64k pages, such as Asahi Linux or RHEL's kernel-64k for ARM64. On
these systems, the server fails to start with errors like this:
Error: Decode error occurred: invalid netlink buffer: length field says 1444 the buffer is 1260 bytes long
Instead, follow the kernel's own netlink docs to compute the buffer
size. The approach here matches the approach merged into Chromium
recently:
https://chromium-review.googlesource.com/c/chromium/src/+/4312885
The maintenance badge leads to https://gist.github.com/cheerfulstoic/d107229326a01ff0f333a1d3476e068d
_Actively Maintained_ is described there as
> The maintainer(s) of this project are responding to issues and integrating code contributions
...which should set the correct expectations for people stumbling upon. Not explicitly said, but I count that also means we'll be doing (minor, mostly) releases.
Should fix#242.
We depend on `getrandom` feature of `rand_core`, but we weren't specifying that.
It worked because `curve25519-dalek 4.0.0-pre.2` was pulling the `getrandom` feature of `rand_core`, but after updating it to `4.0.0-pre.5` it stopped pulling `rand_core` altogether.
After the cargo-update, all out dependencies are on their newest version, sans clap 3.2, which could be updated to 4.0. It has quite some breaking API changes, so I'll leave that for a separate PR.
Using nightly one leads to having to resolve lints more frequently than rust releases, which is
getting inconvenient.
It also leads to a small compatibility issue with stable clippy: if we need to #[allow] a lint that
is only present in nightly clippy, then stable clippy complains about unknown ling in the `allow`.
* client: Update enable_or_disable_peer exit message to be more accurate
* server: Implement disable-peer and enable-peer commands
* server: Immediately apply enable- and disable-peer to device