| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
The 2024 edition contains new formatting rules.
All of these are not compatible with the 2021
formatting style, but most of them are.
To change the formatting to be as close to the
new style as possible while remaining compatible
with the 2021 edition, I first ran
`cargo +beta fmt` with the edition set to 2024,
then, with the edition set to 2021, I ran
`cargo fmt`.
|
|
|
|
|
|
Co-authored-by: Jonatan Rhodin <jonatan.rhodin@mullvad.net>
|
|
|
|
|
|
|
|
Use the Debug implementation in the one case where the Display
implementation was used.
|
|
|
|
|
|
|
|
|
|
I ran `cargo doc` and fixed as many broken links as I could find.
|
|
`err_derive` is unmaintained and will probably stop working with rust
edition 2024. `thiserror` is almost a drop-in replacement. This commit
simply replaces all occurences of `derive(err_derive::Error)` with
`derive(thiserror::Error)` and fixes the attributes, but the Error and
Display impls should be identical.
|
|
|
|
|
|
|
|
Try to detect available IP versions by looking at the available routes
on the host. On Linux, we check if there exists IPv4 and/or IPv6 routes
to some public IP addresses. On macOS and Windows, we check if there
exists default routes for IPv4 and/or IPv6. On Android, we check if
there is any connectivity at all.
The intention is to be able to generate better default constraints for
tunnel endpoints. If we can detect "working" IPv4 and/or IPv6 and
forward this information to a `TunnelParametersGenerator`, we may choose
to connect to a Wireguard relay using IPv6 as part of our
retry-strategy. This has not been possible before.
|
|
If the current access method is disabled, select the next available
access method from the daemon settings.
|
|
Add a new RPC call `TestCustomApiAccessMethod` for testing access methods on
the fly, without having to save them to the daemon settings first. This
only works for custom access methods.
|
|
feature is enabled
Move the logic for using overridden API endpoints for API calls from
`mullvad-api::rest` to `mullvad_daemon::api`. This is in line with how
the interaction between the two crates work for a normal release build,
i.e. when the `api-override` feature is disabled.
This commit also removes references to `force_direct_connection` in the
Android code. The flag does not exist in the `mullvad-*` rust crates
anymore, so it would be erroneous to try to serialize/deserialize the
value from the Android client.
|
|
Until now, `AccessModeSelector` has not been able to resolve API
endpoints on it's own. This has happened at some later stage, for
example in the `mullvad-api` crate. However, for testing the `Direct`
access method, it is very useful to be able to resolve the actual
endpoint without involving the daemon's "API runtime".
|
|
Previously, the `mullvad-api` would tell the `mullvad-daemon` that it
wanted a new API endpoint by calling a certain callback
(`ApiEndpointUpdateCallback`), which would asynchronously resolve a new
API endpoint and tell the daemon to punch an appropriate hole in the
firewall for that particular endpoint before the `mullvad-api` crate
would consume it.
The logic of the callback can be moved inside `AccessModeSelector`,
which simplifies the contract between `mullvad-daemon` and `mullvad-api`
somewhat.
|
|
Add a new `InternalDaemonEvent` for announcing when the current API
access method changes.
|
|
|
|
This PR has a couple of different purposes
- Allow users to use socks5 local proxies with the CLI without
having to be root nor use split-tunneling. This only works for
OpenVPN.
- Unify the types used by different proxy parts of the codebase,
such as the Access Methods as well as some already existing
OpenVPN proxy code.
This PR changes the firewall on all desktop platforms as well as changes
the routing table slightly on MacOS and Windows.
On Linux the firewall code is modified to apply the appropriate firewall
marks to all packages that go to a remote endpoint corresponding to the
remote part of a local socks5 proxy. The firewall marks will allow the
routing to be done without having to modify the routing table.
On MacOS and Windows the routing table is modified to allow packages to
go to that same endpoint to pass outside the VPN tunnel, it will
additionally punch a hole in the firewall.
The PR also migrates the settings file from version 7 to version 8 in order
to properly and neatly unify Proxy related types.
Finally it provides some slight extensions to the gRPC interface in
order to allow for control over the custom proxy settings.
|
|
Not all errors which the running `AccessModeSelector` will encounter is
fatal, and as such we should not bring the running instance down in
every case. Instead, if the error is not fatal, the main loop of the
`AccessModeSelector` should continue to process new commands.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Construct an `AccessModeSelectorHandle` by calling
`AccessModeSelector::spawn`, which is consistent with how actors are
spawned in other parts of the `mullvad-daemon`.
|
|
- Naming of structs/enums/variables
- Add documentation
- Change existing doc comment to better reflect their context / any new naming
|
|
Perform testing of access methods asynchronously in a separate `tokio`
task as to not block the daemon from handling other daemon events during
the testing window
|
|
Make sure that access method settings can never be empty, as
`ConnectionModesIterator` should never work with an empty collection
|
|
The default setting will (always) be to only allow processes with
root-privilege to send/receive traffic from an allowed endpoint.
This change is only supposed to be used with the local SOCKS5 api access
method.
|
|
|
|
- Get rid of extraneous calls to `clone`
- Address nit: combine similar match arms into a single match arm
- Fix `clippy` lint "unused `async` for function with no await statements"
- Fix protobuf field numbers should start from 1
- This was not the case for `Socks5Local` & `Shadowsocks`
- Refactor code for opening proxy connections
- Cut down on duplicated code for setting up a proxied connection in
`mullvad-api`. The difference between different connection modes is
how they wrap the underlying `TCP` stream.
- Remove `enable_access_method` & `disable_access_method` from RPC-client
|
|
- Add a new RPC message: `GetCurrentApiAccessMethod`.
This message may be used to retrieve the access method which is
currently in use by the daemon for connecting to the Mullvad API.
- Add `mullvad api-access status` for showing the API access method in use
|
|
- Rename `mullvad_types::api_access.rs` -> `mullvad_types::access_method.rs`
- Rename `ApiAccessMethodId` to simply `Id`
Prefer to prefix with module name `access_method` to disambiguate use
of `Id` instead, like `access_method::Id`
- Remove dead code
- Remove `AccessMethodSettingsUpdate`
- Remove the `retry_attempt` struct field from
`ApiConnectionModeProvider`, as it is no longer used for anything.
- Fix typos
- `GetApiAddressess` is now correctly spelled `GetApiAddresses` (a
single trailing "s")
- Deprecate the name `ApiAccessMethod` in favor of `AccessMethodSetting`
- To decrease the confusion between `AccessMethod` &
`ApiAccessMethod`. `AccessMethodSetting` adds some app-specific
settings details on top of an `AccessMethod`, which is not too far
fetched with the new naming convention.
- Refactor proto file
- Rename protobuf message `AccessMethodSettingAdd` to `NewAccessMethodSetting`
- `AccessMethod` is now its own message
- `AccessMethods` is removed
- Add `ApiAccessMethodAdd` protobuf message
- The `ApiAccessMethodAdd` returns a `UUID` for the . One important
change is that new `AccessMethodSetting`s are created in the daemon,
rather than in the CLI/other clients. This means that the daemon now
has full control over generating new `AccessMethodSetting`s from
`AccessMethod`s.
- Clean up conversion code to/from `AccessMethod` protobuf types
- Simplify `UpdateApiAccessMethod` RPC
- Remove the extranous `ApiAccessMethodUpdate` data type
- get rid of `ApiAccessMethodUpdate` protobuf message. Use `UUID` of
`ApiAccessMethod` to identify which struct to edit.
- get rid of `ApiAccessMethodUpdate` struct
|
|
`ConnectionModesIterator`
Move the duty of filtering active `AccessMethod`s from
`ConnectionModesIterator` to the daemon. This provides more flexibility
in the iterator as it does not need to know about `AccessMethod` at all.
|
|
- Refactor `RemoveApiAccessMethod` to be based on UUID
- Remove debug-prints in `mullvad api-access list` et al
- Get rid of `GetApiAccessMethods` RPC
- Use the more generic RPC `GetSettings` to get hold of all API access
methods instead
- Rename `mullvad_types::access_method` to `mullvad_types::api_access`
- Remove (unjustified) `#[inline(always)]` attributes
|
|
- Replace rpcs `ReplaceApiAccessMethod` and `ToggleApiAccessMethod` in
favor of a commmon `UpdateApiAccessMethod` (which resembles
`ReplaceApiAccessMethod` in a lot of ways).
- `UpdateApiAccessMethod` works with unique identifiers instead of array
indices to pinpoint which API access method to update.
- Toggling an API access method to be enabled/disabled now happens via `UpdateApiAccessMethod`
- Add the useful `UUID` protobuf type definition, which
conveys more information that a raw string.
- Refactor `SetApiAccessMethod` to use API access method ID
- Update `ApiAcessMethod` messages to use `UUID` type for uuid values
- Use unique id for removing custom `ApiAccessMethods`
|
|
- General code cleanup
- Fix some typos
- Add some doc comments
- Address several `TODO` comments
- Fix `clippy` warnings
- Removed unused dependency `mullvad-api` from `mullvad-cli`
- Removed unused dependency `rand` from `mullvad-daemon`
- Rename `mullvad proxy` to `mullvad api-access`
- Rename `mullvad_types::api_access_method` -> `mullvad_types::access_method`
- Remove unused `mullvad api-access edit` arguments
- Fix `Display` for `ProxyConfig` printing arguments in the wrong order
- Re-phrase `mullvad api-access test`
- If the API call failed, point out which tested access method that
did not work.
- Fix missing `socket_bypass_tx` value for Android
- Refactor `ApiAccessMethod` proto definition
- Simplify protobuf definitions of `SOCKS5` api access methods
- Remove the `Socks5` enum in favor of implementing `Socks5Local` and
`Socks5Remote` directly.
- Move `enabled` and `name` out of the individual messages and put them
next to the `oneof access_method` in `ApiAccessMethod` proto definition
- Use derived `PartialEq` and `Hash` from `AccessMethod`
- Instead of hand-rolling `Hash` and implementing an ad-hoc version of
half of `PartialEq`, these can now be derived and used as one would
imaging due to the refactoring wherer `name` and `enabled` was moved
out of `AccessMethod` into `ApiAccessMethod`.
|
|
Allow for settings a specific Access Method to use
|
