| Age | Commit message (Collapse) | Author | Files | Lines |
|
`err_derive` is unmaintained and will probably stop working with rust
edition 2024. `thiserror` is almost a drop-in replacement. This commit
simply replaces all occurences of `derive(err_derive::Error)` with
`derive(thiserror::Error)` and fixes the attributes, but the Error and
Display impls should be identical.
|
|
|
|
|
|
|
|
Try to detect available IP versions by looking at the available routes
on the host. On Linux, we check if there exists IPv4 and/or IPv6 routes
to some public IP addresses. On macOS and Windows, we check if there
exists default routes for IPv4 and/or IPv6. On Android, we check if
there is any connectivity at all.
The intention is to be able to generate better default constraints for
tunnel endpoints. If we can detect "working" IPv4 and/or IPv6 and
forward this information to a `TunnelParametersGenerator`, we may choose
to connect to a Wireguard relay using IPv6 as part of our
retry-strategy. This has not been possible before.
|
|
If the current access method is disabled, select the next available
access method from the daemon settings.
|
|
Add a new RPC call `TestCustomApiAccessMethod` for testing access methods on
the fly, without having to save them to the daemon settings first. This
only works for custom access methods.
|
|
feature is enabled
Move the logic for using overridden API endpoints for API calls from
`mullvad-api::rest` to `mullvad_daemon::api`. This is in line with how
the interaction between the two crates work for a normal release build,
i.e. when the `api-override` feature is disabled.
This commit also removes references to `force_direct_connection` in the
Android code. The flag does not exist in the `mullvad-*` rust crates
anymore, so it would be erroneous to try to serialize/deserialize the
value from the Android client.
|
|
Until now, `AccessModeSelector` has not been able to resolve API
endpoints on it's own. This has happened at some later stage, for
example in the `mullvad-api` crate. However, for testing the `Direct`
access method, it is very useful to be able to resolve the actual
endpoint without involving the daemon's "API runtime".
|
|
Previously, the `mullvad-api` would tell the `mullvad-daemon` that it
wanted a new API endpoint by calling a certain callback
(`ApiEndpointUpdateCallback`), which would asynchronously resolve a new
API endpoint and tell the daemon to punch an appropriate hole in the
firewall for that particular endpoint before the `mullvad-api` crate
would consume it.
The logic of the callback can be moved inside `AccessModeSelector`,
which simplifies the contract between `mullvad-daemon` and `mullvad-api`
somewhat.
|
|
Add a new `InternalDaemonEvent` for announcing when the current API
access method changes.
|
|
|
|
This PR has a couple of different purposes
- Allow users to use socks5 local proxies with the CLI without
having to be root nor use split-tunneling. This only works for
OpenVPN.
- Unify the types used by different proxy parts of the codebase,
such as the Access Methods as well as some already existing
OpenVPN proxy code.
This PR changes the firewall on all desktop platforms as well as changes
the routing table slightly on MacOS and Windows.
On Linux the firewall code is modified to apply the appropriate firewall
marks to all packages that go to a remote endpoint corresponding to the
remote part of a local socks5 proxy. The firewall marks will allow the
routing to be done without having to modify the routing table.
On MacOS and Windows the routing table is modified to allow packages to
go to that same endpoint to pass outside the VPN tunnel, it will
additionally punch a hole in the firewall.
The PR also migrates the settings file from version 7 to version 8 in order
to properly and neatly unify Proxy related types.
Finally it provides some slight extensions to the gRPC interface in
order to allow for control over the custom proxy settings.
|
|
Not all errors which the running `AccessModeSelector` will encounter is
fatal, and as such we should not bring the running instance down in
every case. Instead, if the error is not fatal, the main loop of the
`AccessModeSelector` should continue to process new commands.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Construct an `AccessModeSelectorHandle` by calling
`AccessModeSelector::spawn`, which is consistent with how actors are
spawned in other parts of the `mullvad-daemon`.
|
|
- Naming of structs/enums/variables
- Add documentation
- Change existing doc comment to better reflect their context / any new naming
|
|
Perform testing of access methods asynchronously in a separate `tokio`
task as to not block the daemon from handling other daemon events during
the testing window
|
|
Make sure that access method settings can never be empty, as
`ConnectionModesIterator` should never work with an empty collection
|
|
The default setting will (always) be to only allow processes with
root-privilege to send/receive traffic from an allowed endpoint.
This change is only supposed to be used with the local SOCKS5 api access
method.
|
|
|
|
- Get rid of extraneous calls to `clone`
- Address nit: combine similar match arms into a single match arm
- Fix `clippy` lint "unused `async` for function with no await statements"
- Fix protobuf field numbers should start from 1
- This was not the case for `Socks5Local` & `Shadowsocks`
- Refactor code for opening proxy connections
- Cut down on duplicated code for setting up a proxied connection in
`mullvad-api`. The difference between different connection modes is
how they wrap the underlying `TCP` stream.
- Remove `enable_access_method` & `disable_access_method` from RPC-client
|
|
- Add a new RPC message: `GetCurrentApiAccessMethod`.
This message may be used to retrieve the access method which is
currently in use by the daemon for connecting to the Mullvad API.
- Add `mullvad api-access status` for showing the API access method in use
|
|
- Rename `mullvad_types::api_access.rs` -> `mullvad_types::access_method.rs`
- Rename `ApiAccessMethodId` to simply `Id`
Prefer to prefix with module name `access_method` to disambiguate use
of `Id` instead, like `access_method::Id`
- Remove dead code
- Remove `AccessMethodSettingsUpdate`
- Remove the `retry_attempt` struct field from
`ApiConnectionModeProvider`, as it is no longer used for anything.
- Fix typos
- `GetApiAddressess` is now correctly spelled `GetApiAddresses` (a
single trailing "s")
- Deprecate the name `ApiAccessMethod` in favor of `AccessMethodSetting`
- To decrease the confusion between `AccessMethod` &
`ApiAccessMethod`. `AccessMethodSetting` adds some app-specific
settings details on top of an `AccessMethod`, which is not too far
fetched with the new naming convention.
- Refactor proto file
- Rename protobuf message `AccessMethodSettingAdd` to `NewAccessMethodSetting`
- `AccessMethod` is now its own message
- `AccessMethods` is removed
- Add `ApiAccessMethodAdd` protobuf message
- The `ApiAccessMethodAdd` returns a `UUID` for the . One important
change is that new `AccessMethodSetting`s are created in the daemon,
rather than in the CLI/other clients. This means that the daemon now
has full control over generating new `AccessMethodSetting`s from
`AccessMethod`s.
- Clean up conversion code to/from `AccessMethod` protobuf types
- Simplify `UpdateApiAccessMethod` RPC
- Remove the extranous `ApiAccessMethodUpdate` data type
- get rid of `ApiAccessMethodUpdate` protobuf message. Use `UUID` of
`ApiAccessMethod` to identify which struct to edit.
- get rid of `ApiAccessMethodUpdate` struct
|
|
`ConnectionModesIterator`
Move the duty of filtering active `AccessMethod`s from
`ConnectionModesIterator` to the daemon. This provides more flexibility
in the iterator as it does not need to know about `AccessMethod` at all.
|
|
- Refactor `RemoveApiAccessMethod` to be based on UUID
- Remove debug-prints in `mullvad api-access list` et al
- Get rid of `GetApiAccessMethods` RPC
- Use the more generic RPC `GetSettings` to get hold of all API access
methods instead
- Rename `mullvad_types::access_method` to `mullvad_types::api_access`
- Remove (unjustified) `#[inline(always)]` attributes
|
|
- Replace rpcs `ReplaceApiAccessMethod` and `ToggleApiAccessMethod` in
favor of a commmon `UpdateApiAccessMethod` (which resembles
`ReplaceApiAccessMethod` in a lot of ways).
- `UpdateApiAccessMethod` works with unique identifiers instead of array
indices to pinpoint which API access method to update.
- Toggling an API access method to be enabled/disabled now happens via `UpdateApiAccessMethod`
- Add the useful `UUID` protobuf type definition, which
conveys more information that a raw string.
- Refactor `SetApiAccessMethod` to use API access method ID
- Update `ApiAcessMethod` messages to use `UUID` type for uuid values
- Use unique id for removing custom `ApiAccessMethods`
|
|
- General code cleanup
- Fix some typos
- Add some doc comments
- Address several `TODO` comments
- Fix `clippy` warnings
- Removed unused dependency `mullvad-api` from `mullvad-cli`
- Removed unused dependency `rand` from `mullvad-daemon`
- Rename `mullvad proxy` to `mullvad api-access`
- Rename `mullvad_types::api_access_method` -> `mullvad_types::access_method`
- Remove unused `mullvad api-access edit` arguments
- Fix `Display` for `ProxyConfig` printing arguments in the wrong order
- Re-phrase `mullvad api-access test`
- If the API call failed, point out which tested access method that
did not work.
- Fix missing `socket_bypass_tx` value for Android
- Refactor `ApiAccessMethod` proto definition
- Simplify protobuf definitions of `SOCKS5` api access methods
- Remove the `Socks5` enum in favor of implementing `Socks5Local` and
`Socks5Remote` directly.
- Move `enabled` and `name` out of the individual messages and put them
next to the `oneof access_method` in `ApiAccessMethod` proto definition
- Use derived `PartialEq` and `Hash` from `AccessMethod`
- Instead of hand-rolling `Hash` and implementing an ad-hoc version of
half of `PartialEq`, these can now be derived and used as one would
imaging due to the refactoring wherer `name` and `enabled` was moved
out of `AccessMethod` into `ApiAccessMethod`.
|
|
Allow for settings a specific Access Method to use
|
|
Just a bookkeeping feature for the end user
|
|
- Fix removal of API access methods from daemon settings
When removing an API access method, we now compare the ID (hash) of the
"access method-to-remove" with the access methods stored in the daemon
settings. This is because using the `==`/`!=` operator on two
similiar `AccessMethod`s only differing in the `enabled` field will be
different from hashing the objects and comparing those instead. The hash
does not consider the `enabled` field in its calculation.
|
|
Add `mullvad api-access enable/disable`, which allows for toggling API
access methods On/Off.
Make `ApiConnectionModeProvider` consider status of access method.
`ApiConnectionModeProvider` will only be able to return access methods
which are enabled, as it will disregard those which are disabled.
Add logic to guarantee the invariant that at least one API access method
is available for selection by the `ApiConnectionModeProvider`
|
|
The daemon has to add a rule to allow traffix to/from the remote server
which the locally running SOCKS5-proxy communicates with.
|
|
- Add a new datastructures for distinguishing between built-in & custom
api access methods
- Implement `TryFrom` instead of `From` for fallible conversions
- Do not panic if a protobuf-message is ill-formatted
- Do not allow removal of built-in api access methods
- Refactor notification logic in `access_methods.rs`
- Rename `mullvad proxy api` to simply `mullvad proxy`
- Since there are no other kinds of proxies at the moment, the
subcommand `proxy api` does not make much sense.
- Remove left-over comments
|
|
|
|
This is a giant commit which performs only a clippy --fix.
Auditing can happen in two ways, either by reading every line or by
running a `cargo clippy --fix` on the previous commit and make sure that
the result is the same.
|
|
module in mullvad-daemon
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|