diff options
| author | Linus Färnstrand <linus@mullvad.net> | 2023-03-23 09:53:54 +0100 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2023-03-23 09:53:54 +0100 |
| commit | 4be8566136bcb9070adcf9a9ec688bb3bccdbe07 (patch) | |
| tree | 3e35a2dc259fdc133de351c6af0a22513d693acf | |
| parent | 9dc003e9dfd2225c083c495c59263f1839b95e03 (diff) | |
| parent | 5d6267c0ee7e7886aaa03c3ffeb886d769d6c54c (diff) | |
| download | mullvadvpn-4be8566136bcb9070adcf9a9ec688bb3bccdbe07.tar.xz mullvadvpn-4be8566136bcb9070adcf9a9ec688bb3bccdbe07.zip | |
Merge branch 'remove-port-443-from-wireguard-over-tcp-des-97'
| -rw-r--r-- | CHANGELOG.md | 4 | ||||
| -rw-r--r-- | gui/src/renderer/components/WireguardSettings.tsx | 2 | ||||
| -rw-r--r-- | mullvad-daemon/src/migrations/v6.rs | 23 | ||||
| -rw-r--r-- | mullvad-relay-selector/src/lib.rs | 2 |
4 files changed, 28 insertions, 3 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index c1afb27555..f74ad21a5e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -57,6 +57,10 @@ Line wrap the file at 100 chars. Th - Deprecated support for Debian 10. This also means dropping support for glibc older than 2.31 and Linux kernels older than 5.10. +### Removed +- Remove port 443 as valid port for WireGuard over TCP. Keep only port 80 and 5001. The reason is + to free up port 443 for other TCP based obfuscation later. + ### Fixed - Fix close to expiry notification not showing unless app is opened once within the last three days in the desktop app. diff --git a/gui/src/renderer/components/WireguardSettings.tsx b/gui/src/renderer/components/WireguardSettings.tsx index edcc397e4a..aa3b58fea2 100644 --- a/gui/src/renderer/components/WireguardSettings.tsx +++ b/gui/src/renderer/components/WireguardSettings.tsx @@ -37,7 +37,7 @@ import SettingsHeader, { HeaderTitle } from './SettingsHeader'; const MIN_WIREGUARD_MTU_VALUE = 1280; const MAX_WIREGUARD_MTU_VALUE = 1420; const WIREUGARD_UDP_PORTS = [51820, 53]; -const UDP2TCP_PORTS = [80, 443, 5001]; +const UDP2TCP_PORTS = [80, 5001]; function mapPortToSelectorItem(value: number): SelectorItem<number> { return { label: value.toString(), value }; diff --git a/mullvad-daemon/src/migrations/v6.rs b/mullvad-daemon/src/migrations/v6.rs index 3fa6da7d43..b5ba7fdf5b 100644 --- a/mullvad-daemon/src/migrations/v6.rs +++ b/mullvad-daemon/src/migrations/v6.rs @@ -1,4 +1,5 @@ use super::{Error, Result}; +use mullvad_types::relay_constraints::Constraint; use mullvad_types::settings::SettingsVersion; // ====================================================== @@ -24,6 +25,9 @@ pub enum QuantumResistantState { /// /// The `use_pq_safe_psk` tunnel option is replaced by `quantum_resistant`, which /// is optional. `false` is mapped to `None`. `true` is mapped to `Some(true)`. +/// +/// Migrate WireGuard over TCP port setting away from Only(443) (to auto), +/// since it's no longer a valid port. pub fn migrate(settings: &mut serde_json::Value) -> Result<()> { if !version_matches(settings) { return Ok(()); @@ -31,6 +35,8 @@ pub fn migrate(settings: &mut serde_json::Value) -> Result<()> { migrate_pq_setting(settings)?; + migrate_udp2tcp_port_443(settings); + // TODO // log::info!("Migrating settings format to V7"); @@ -62,6 +68,19 @@ fn migrate_pq_setting(settings: &mut serde_json::Value) -> Result<()> { Ok(()) } +/// If udp2tcp port constraint is set to `Only(443)`, change that to `Any` +fn migrate_udp2tcp_port_443(settings: &mut serde_json::Value) -> Option<()> { + let port_constraint = settings + .get_mut("obfuscation_settings")? + .get_mut("udp2tcp")? + .get_mut("port")?; + if port_constraint == &serde_json::json!(Constraint::Only(443)) { + log::info!("Migrating udp2tcp port setting from 443 -> any"); + *port_constraint = serde_json::json!(Constraint::<u16>::Any); + } + None +} + fn version_matches(settings: &mut serde_json::Value) -> bool { settings .get("settings_version") @@ -110,7 +129,9 @@ mod test { "obfuscation_settings": { "selected_obfuscation": "udp2_tcp", "udp2tcp": { - "port": "any" + "port": { + "only": 443 + } } }, "bridge_state": "auto", diff --git a/mullvad-relay-selector/src/lib.rs b/mullvad-relay-selector/src/lib.rs index ee7ed1c298..f752d220d3 100644 --- a/mullvad-relay-selector/src/lib.rs +++ b/mullvad-relay-selector/src/lib.rs @@ -43,7 +43,7 @@ const RELAYS_FILENAME: &str = "relays.json"; const WIREGUARD_EXIT_PORT: Constraint<u16> = Constraint::Only(51820); const WIREGUARD_EXIT_IP_VERSION: Constraint<IpVersion> = Constraint::Only(IpVersion::V4); -const UDP2TCP_PORTS: [u16; 3] = [80, 443, 5001]; +const UDP2TCP_PORTS: [u16; 2] = [80, 5001]; /// Minimum number of bridges to keep for selection when filtering by distance. const MIN_BRIDGE_COUNT: usize = 5; |