| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Change API access methods settings format to encode that built-in access
methods always exist by making them distinct values of the
`AccessMethod` settings.
This change was also propagated to the corresponding protobuf
definition, such that any client may make use of this fact as well.
The appropriate settings migration was added.
|
|
Implement `SettingsPersister.try_update`, which allow the caller to
signal a failed settings update, hindering a bad settings update from
being applied.
|
|
Add a new RPC call `TestCustomApiAccessMethod` for testing access methods on
the fly, without having to save them to the daemon settings first. This
only works for custom access methods.
|
|
|
|
The printing of lockdown mode by `mullvad status` does not reflect the
current setting unless the tunnel state has also been updated.
|
|
Add `locked_down` field to disconnected tunnel state.
|
|
Validate SOCKS credentials by checking that both `username` and
`password` both have a length between 1 and 255 bytes.
Link to RFC detailing SOCKS5 username/password authentication:
https://datatracker.ietf.org/doc/html/rfc1929
|
|
feature is enabled
Move the logic for using overridden API endpoints for API calls from
`mullvad-api::rest` to `mullvad_daemon::api`. This is in line with how
the interaction between the two crates work for a normal release build,
i.e. when the `api-override` feature is disabled.
This commit also removes references to `force_direct_connection` in the
Android code. The flag does not exist in the `mullvad-*` rust crates
anymore, so it would be erroneous to try to serialize/deserialize the
value from the Android client.
|
|
|
|
|
|
|
|
|
|
Since the `AccessModeSelector` knows how to resolve endpoints on it's
own, we no longer have to re-use the existing `MullvadRestHandle` from
the daemon. Instead, we may spawn a completely new `ApiProxy` and except
the appropriate endpoint in the firewall without affecting the running
`MullvadRestHandle`.
|
|
|
|
This commit implements the daemon logic for handling a
`NewAccessMethodEvent`. Such an event occur when `AccessModeSelector`
announces that a new access method is active, and it will cause the
daemon to except some API endpoint in the firewall. It may conditionally
broadcast the new access method to all clients.
|
|
Until now, `AccessModeSelector` has not been able to resolve API
endpoints on it's own. This has happened at some later stage, for
example in the `mullvad-api` crate. However, for testing the `Direct`
access method, it is very useful to be able to resolve the actual
endpoint without involving the daemon's "API runtime".
|
|
Previously, the `mullvad-api` would tell the `mullvad-daemon` that it
wanted a new API endpoint by calling a certain callback
(`ApiEndpointUpdateCallback`), which would asynchronously resolve a new
API endpoint and tell the daemon to punch an appropriate hole in the
firewall for that particular endpoint before the `mullvad-api` crate
would consume it.
The logic of the callback can be moved inside `AccessModeSelector`,
which simplifies the contract between `mullvad-daemon` and `mullvad-api`
somewhat.
|
|
Add a new `InternalDaemonEvent` for announcing when the current API
access method changes.
|
|
|
|
These lints where missed because the problems were inside tests.
Note that "targets" does not refer to OS/architectures.
```
> cargo build --help
...
Target Selection:
--lib Build only this package's library
--bins Build all binaries
--bin [<NAME>] Build only the specified binary
--examples Build all examples
--example [<NAME>] Build only the specified example
--tests Build all test targets
--test [<NAME>] Build only the specified test target
--benches Build all bench targets
--bench [<NAME>] Build only the specified bench target
--all-targets Build all targets
```
|
|
|
|
|
|
This PR has a couple of different purposes
- Allow users to use socks5 local proxies with the CLI without
having to be root nor use split-tunneling. This only works for
OpenVPN.
- Unify the types used by different proxy parts of the codebase,
such as the Access Methods as well as some already existing
OpenVPN proxy code.
This PR changes the firewall on all desktop platforms as well as changes
the routing table slightly on MacOS and Windows.
On Linux the firewall code is modified to apply the appropriate firewall
marks to all packages that go to a remote endpoint corresponding to the
remote part of a local socks5 proxy. The firewall marks will allow the
routing to be done without having to modify the routing table.
On MacOS and Windows the routing table is modified to allow packages to
go to that same endpoint to pass outside the VPN tunnel, it will
additionally punch a hole in the firewall.
The PR also migrates the settings file from version 7 to version 8 in order
to properly and neatly unify Proxy related types.
Finally it provides some slight extensions to the gRPC interface in
order to allow for control over the custom proxy settings.
|
|
Add proper checks around disabling the last enabled access method. If
the daemon detects that any one access method update would cause the
last enabled access method to become disabled, it will find & toggle the
`Direct` access method setting to be enabled.
|
|
Not all errors which the running `AccessModeSelector` will encounter is
fatal, and as such we should not bring the running instance down in
every case. Instead, if the error is not fatal, the main loop of the
`AccessModeSelector` should continue to process new commands.
|
|
|
|
|
|
Add `geoip::GeoIpHandler`, which sends an
`InternalDaemonEvent::LocationEvent` when the location arrives. It also
handles aborting in-flight requests and retries.
|
|
Make the daemon send two tunnel state updates, one with out IP being
empty, and another with it being filled when am.i.mullvad.net responds.
Update CLI for this change. Other front ends are left out.
|
|
|
|
|
|
Separate concerns of `SettingsPersister`'s error recovery and the
deserialization of `Settings` from file.
|
|
|
|
|
|
|
|
This includes refactoring reading of the state cache into a higher-order
function.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Construct an `AccessModeSelectorHandle` by calling
`AccessModeSelector::spawn`, which is consistent with how actors are
spawned in other parts of the `mullvad-daemon`.
|
|
- Naming of structs/enums/variables
- Add documentation
- Change existing doc comment to better reflect their context / any new naming
|
|
Perform testing of access methods asynchronously in a separate `tokio`
task as to not block the daemon from handling other daemon events during
the testing window
|
|
Move access method testing logic to `mullvad-daemon`, which means that
the implementation details of how the test works is opaque to whatever
frontend which wants to issue a test of some (configured) access method.
|
|
|
|
|
|
has actually handled the request
|
