| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
- Add option to automatically shutdown daemon on after running through
the same safety routine as `PrepareRestart`. This is exposed via a new
gRPC call called `PrepareRestartV2`.
- Add help text for enabling full disk access to the CLI
|
|
|
|
I ran `cargo doc` and fixed as many broken links as I could find.
|
|
|
|
Removes superfluous lifetime definitions. Simplifying the code
|
|
Implement a system built on 'queries' for selecting appropriate relays.
A query is a set of constraints which dictates which relay(s) that *can*
be chosen by the relay selector.
The user's settings can naturally be expressed as a query. The semantics
of merging two queries in a way that always prefer user settings is
defined by the new `Intersection` trait.
Split `mullvad-relay-selector` into several modules:
- `query.rs`: Definition of a query on different types of relays. This
module is integral to the new API of `mullvad-relay-selector`
- `matcher.rs`: Logic for filtering out candidate relays based on a
query.
- `detailer.rs`: Logic for deriving connection details for the selected
relay.
- `tests/`: Integration tests for the new relay selector. These tests
only use the public APIs of `RelaySelector` and make sure that the
output matches the expected output in different scenarios.
|
|
|
|
`err_derive` is unmaintained and will probably stop working with rust
edition 2024. `thiserror` is almost a drop-in replacement. This commit
simply replaces all occurences of `derive(err_derive::Error)` with
`derive(thiserror::Error)` and fixes the attributes, but the Error and
Display impls should be identical.
|
|
|
|
|
|
|
|
|
|
The printing of lockdown mode by `mullvad status` does not reflect the
current setting unless the tunnel state has also been updated.
|
|
Add `locked_down` field to disconnected tunnel state.
|
|
|
|
Validate SOCKS credentials by checking that both `username` and
`password` both have a length between 1 and 255 bytes.
Link to RFC detailing SOCKS5 username/password authentication:
https://datatracker.ietf.org/doc/html/rfc1929
|
|
|
|
|
|
|
|
in the CLI
|
|
|
|
|
|
Since Rust 1.75.0 the `version` field is optional. The version
defaults to "0.0.0" if it's not specified, and `publish` defaults
to false if no version has been given. So by not specifying
a version we get both `version = "0.0.0" and `publish = false`
"for free"
|
|
Add a new `InternalDaemonEvent` for announcing when the current API
access method changes.
|
|
|
|
|
|
This PR has a couple of different purposes
- Allow users to use socks5 local proxies with the CLI without
having to be root nor use split-tunneling. This only works for
OpenVPN.
- Unify the types used by different proxy parts of the codebase,
such as the Access Methods as well as some already existing
OpenVPN proxy code.
This PR changes the firewall on all desktop platforms as well as changes
the routing table slightly on MacOS and Windows.
On Linux the firewall code is modified to apply the appropriate firewall
marks to all packages that go to a remote endpoint corresponding to the
remote part of a local socks5 proxy. The firewall marks will allow the
routing to be done without having to modify the routing table.
On MacOS and Windows the routing table is modified to allow packages to
go to that same endpoint to pass outside the VPN tunnel, it will
additionally punch a hole in the firewall.
The PR also migrates the settings file from version 7 to version 8 in order
to properly and neatly unify Proxy related types.
Finally it provides some slight extensions to the gRPC interface in
order to allow for control over the custom proxy settings.
|
|
|
|
Add `geoip::GeoIpHandler`, which sends an
`InternalDaemonEvent::LocationEvent` when the location arrives. It also
handles aborting in-flight requests and retries.
|
|
Make the daemon send two tunnel state updates, one with out IP being
empty, and another with it being filled when am.i.mullvad.net responds.
Update CLI for this change. Other front ends are left out.
|
|
Perform testing of access methods asynchronously in a separate `tokio`
task as to not block the daemon from handling other daemon events during
the testing window
|
|
Move access method testing logic to `mullvad-daemon`, which means that
the implementation details of how the test works is opaque to whatever
frontend which wants to issue a test of some (configured) access method.
|
|
|
|
|
|
The command
`relay set tunnel wireguard entry-location` is replaced with
`relay set tunnel wireguard entry location` and
`relay set tunnel wireguard custom-list` is replaced with
`relay set tunnel wireguard entry custom-list`.
This is intended to communicate that the `custom-list` also affects
the entry relay and are mutually exclusive.
|
|
|
|
The fn exists and returns error on hostname having wrong server type.
Allow any host in custom-lists, only the currently configured tunnel
protocol for `relay set location`, only bridges for the `bridge`
subcommand and only wireguard servers in for the `wireguard` entry
command.
Reduce repeated init of rpc client
Refactor inconsistent filtering on hostname
|
|
|
|
Refactor: Unwrap result return type
Refactor: for loop to iter map
|
|
|
|
|
|
|
|
|
|
In particular, `access_methods::Socks5Local`,
`access_methods::Socks5Remote` & `access_methods::Shadowsocks` have got
new constructors which are all infallible.
|
|
|
|
|
|
SOCKS5 optionally supports username+password authentication, which has
been implemented previously. This commit addresses a bug in the argument
parsing, which made username+password required arguments when adding a
remote SOCKS5 api access method using `mullvad api-access add socks5
remote`.
Apparently, this is a known pitfall with `clap`: https://github.com/clap-rs/clap/issues/5092
|
|
|
|
i.e. the user has to explicitly pass the `--cipher` flag to `mullvad
api-access add shadowsocks ..` subcommand to configure a non-default cipher.
|
