| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
|
|
Use the Debug implementation in the one case where the Display
implementation was used.
|
|
|
|
|
|
|
|
Previously, the `mullvad-api` would tell the `mullvad-daemon` that it
wanted a new API endpoint by calling a certain callback
(`ApiEndpointUpdateCallback`), which would asynchronously resolve a new
API endpoint and tell the daemon to punch an appropriate hole in the
firewall for that particular endpoint before the `mullvad-api` crate
would consume it.
The logic of the callback can be moved inside `AccessModeSelector`,
which simplifies the contract between `mullvad-daemon` and `mullvad-api`
somewhat.
|
|
|
|
This PR has a couple of different purposes
- Allow users to use socks5 local proxies with the CLI without
having to be root nor use split-tunneling. This only works for
OpenVPN.
- Unify the types used by different proxy parts of the codebase,
such as the Access Methods as well as some already existing
OpenVPN proxy code.
This PR changes the firewall on all desktop platforms as well as changes
the routing table slightly on MacOS and Windows.
On Linux the firewall code is modified to apply the appropriate firewall
marks to all packages that go to a remote endpoint corresponding to the
remote part of a local socks5 proxy. The firewall marks will allow the
routing to be done without having to modify the routing table.
On MacOS and Windows the routing table is modified to allow packages to
go to that same endpoint to pass outside the VPN tunnel, it will
additionally punch a hole in the firewall.
The PR also migrates the settings file from version 7 to version 8 in order
to properly and neatly unify Proxy related types.
Finally it provides some slight extensions to the gRPC interface in
order to allow for control over the custom proxy settings.
|
|
The default setting will (always) be to only allow processes with
root-privilege to send/receive traffic from an allowed endpoint.
This change is only supposed to be used with the local SOCKS5 api access
method.
|
|
|
|
|
|
- Rename `mullvad_types::api_access.rs` -> `mullvad_types::access_method.rs`
- Rename `ApiAccessMethodId` to simply `Id`
Prefer to prefix with module name `access_method` to disambiguate use
of `Id` instead, like `access_method::Id`
- Remove dead code
- Remove `AccessMethodSettingsUpdate`
- Remove the `retry_attempt` struct field from
`ApiConnectionModeProvider`, as it is no longer used for anything.
- Fix typos
- `GetApiAddressess` is now correctly spelled `GetApiAddresses` (a
single trailing "s")
- Deprecate the name `ApiAccessMethod` in favor of `AccessMethodSetting`
- To decrease the confusion between `AccessMethod` &
`ApiAccessMethod`. `AccessMethodSetting` adds some app-specific
settings details on top of an `AccessMethod`, which is not too far
fetched with the new naming convention.
- Refactor proto file
- Rename protobuf message `AccessMethodSettingAdd` to `NewAccessMethodSetting`
- `AccessMethod` is now its own message
- `AccessMethods` is removed
- Add `ApiAccessMethodAdd` protobuf message
- The `ApiAccessMethodAdd` returns a `UUID` for the . One important
change is that new `AccessMethodSetting`s are created in the daemon,
rather than in the CLI/other clients. This means that the daemon now
has full control over generating new `AccessMethodSetting`s from
`AccessMethod`s.
- Clean up conversion code to/from `AccessMethod` protobuf types
- Simplify `UpdateApiAccessMethod` RPC
- Remove the extranous `ApiAccessMethodUpdate` data type
- get rid of `ApiAccessMethodUpdate` protobuf message. Use `UUID` of
`ApiAccessMethod` to identify which struct to edit.
- get rid of `ApiAccessMethodUpdate` struct
|
|
- Refactor `RemoveApiAccessMethod` to be based on UUID
- Remove debug-prints in `mullvad api-access list` et al
- Get rid of `GetApiAccessMethods` RPC
- Use the more generic RPC `GetSettings` to get hold of all API access
methods instead
- Rename `mullvad_types::access_method` to `mullvad_types::api_access`
- Remove (unjustified) `#[inline(always)]` attributes
|
|
- General code cleanup
- Fix some typos
- Add some doc comments
- Address several `TODO` comments
- Fix `clippy` warnings
- Removed unused dependency `mullvad-api` from `mullvad-cli`
- Removed unused dependency `rand` from `mullvad-daemon`
- Rename `mullvad proxy` to `mullvad api-access`
- Rename `mullvad_types::api_access_method` -> `mullvad_types::access_method`
- Remove unused `mullvad api-access edit` arguments
- Fix `Display` for `ProxyConfig` printing arguments in the wrong order
- Re-phrase `mullvad api-access test`
- If the API call failed, point out which tested access method that
did not work.
- Fix missing `socket_bypass_tx` value for Android
- Refactor `ApiAccessMethod` proto definition
- Simplify protobuf definitions of `SOCKS5` api access methods
- Remove the `Socks5` enum in favor of implementing `Socks5Local` and
`Socks5Remote` directly.
- Move `enabled` and `name` out of the individual messages and put them
next to the `oneof access_method` in `ApiAccessMethod` proto definition
- Use derived `PartialEq` and `Hash` from `AccessMethod`
- Instead of hand-rolling `Hash` and implementing an ad-hoc version of
half of `PartialEq`, these can now be derived and used as one would
imaging due to the refactoring wherer `name` and `enabled` was moved
out of `AccessMethod` into `ApiAccessMethod`.
|
|
The daemon has to add a rule to allow traffix to/from the remote server
which the locally running SOCKS5-proxy communicates with.
|
|
- Add a new datastructures for distinguishing between built-in & custom
api access methods
- Implement `TryFrom` instead of `From` for fallible conversions
- Do not panic if a protobuf-message is ill-formatted
- Do not allow removal of built-in api access methods
- Refactor notification logic in `access_methods.rs`
- Rename `mullvad proxy api` to simply `mullvad proxy`
- Since there are no other kinds of proxies at the moment, the
subcommand `proxy api` does not make much sense.
- Remove left-over comments
|
|
- Rename `InnerConnectionMode` variant `Proxied` to `Shadowsocks`
- Move proxy/socket connection logic to `InnerConnectMode` impl block
- Move `handle_x_connection` functions to `InnerConnectionMode` impl block
- These functions does not need to be visible in the entire module, really.
- Refactor some code into standalone functions
- Mostly for visibilities' sake, but it also helps `rustc` with inferring
the return type of each match arm inside of `stream_fut`.
|
|
|
|
|
|
|
|
|
|
This commit fixes most of the remaining clippy warnings in the codebase.
These warnings were the more semantically difficult ones to fix.
There are some warnings that remain from the rebase that will be fixed
in the upcoming PR.
|
|
|
|
|
