| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Add `locked_down` field to disconnected tunnel state.
|
|
|
|
Validate SOCKS credentials by checking that both `username` and
`password` both have a length between 1 and 255 bytes.
Link to RFC detailing SOCKS5 username/password authentication:
https://datatracker.ietf.org/doc/html/rfc1929
|
|
|
|
Since Rust 1.75.0 the `version` field is optional. The version
defaults to "0.0.0" if it's not specified, and `publish` defaults
to false if no version has been given. So by not specifying
a version we get both `version = "0.0.0" and `publish = false`
"for free"
|
|
|
|
Add a new `InternalDaemonEvent` for announcing when the current API
access method changes.
|
|
|
|
This PR has a couple of different purposes
- Allow users to use socks5 local proxies with the CLI without
having to be root nor use split-tunneling. This only works for
OpenVPN.
- Unify the types used by different proxy parts of the codebase,
such as the Access Methods as well as some already existing
OpenVPN proxy code.
This PR changes the firewall on all desktop platforms as well as changes
the routing table slightly on MacOS and Windows.
On Linux the firewall code is modified to apply the appropriate firewall
marks to all packages that go to a remote endpoint corresponding to the
remote part of a local socks5 proxy. The firewall marks will allow the
routing to be done without having to modify the routing table.
On MacOS and Windows the routing table is modified to allow packages to
go to that same endpoint to pass outside the VPN tunnel, it will
additionally punch a hole in the firewall.
The PR also migrates the settings file from version 7 to version 8 in order
to properly and neatly unify Proxy related types.
Finally it provides some slight extensions to the gRPC interface in
order to allow for control over the custom proxy settings.
|
|
|
|
Make the daemon send two tunnel state updates, one with out IP being
empty, and another with it being filled when am.i.mullvad.net responds.
Update CLI for this change. Other front ends are left out.
|
|
Perform testing of access methods asynchronously in a separate `tokio`
task as to not block the daemon from handling other daemon events during
the testing window
|
|
Move access method testing logic to `mullvad-daemon`, which means that
the implementation details of how the test works is opaque to whatever
frontend which wants to issue a test of some (configured) access method.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
In particular, `access_methods::Socks5Local`,
`access_methods::Socks5Remote` & `access_methods::Shadowsocks` have got
new constructors which are all infallible.
|
|
|
|
|
|
Loosen up relay constraints in
`test_quantum_resistant_multihop_udp2tcp_tunnel`, which makes the test
more resilient to changes in the testing environment.
|
|
|
|
|
|
|
|
Add the option to authenticate against remote SOCKS5 proxies with a
username+password combination. It was an oversight that this was not
added from the start.
|
|
- Get rid of extraneous calls to `clone`
- Address nit: combine similar match arms into a single match arm
- Fix `clippy` lint "unused `async` for function with no await statements"
- Fix protobuf field numbers should start from 1
- This was not the case for `Socks5Local` & `Shadowsocks`
- Refactor code for opening proxy connections
- Cut down on duplicated code for setting up a proxied connection in
`mullvad-api`. The difference between different connection modes is
how they wrap the underlying `TCP` stream.
- Remove `enable_access_method` & `disable_access_method` from RPC-client
|
|
- Add a new RPC message: `GetCurrentApiAccessMethod`.
This message may be used to retrieve the access method which is
currently in use by the daemon for connecting to the Mullvad API.
- Add `mullvad api-access status` for showing the API access method in use
|
|
- Rename `mullvad_types::api_access.rs` -> `mullvad_types::access_method.rs`
- Rename `ApiAccessMethodId` to simply `Id`
Prefer to prefix with module name `access_method` to disambiguate use
of `Id` instead, like `access_method::Id`
- Remove dead code
- Remove `AccessMethodSettingsUpdate`
- Remove the `retry_attempt` struct field from
`ApiConnectionModeProvider`, as it is no longer used for anything.
- Fix typos
- `GetApiAddressess` is now correctly spelled `GetApiAddresses` (a
single trailing "s")
- Deprecate the name `ApiAccessMethod` in favor of `AccessMethodSetting`
- To decrease the confusion between `AccessMethod` &
`ApiAccessMethod`. `AccessMethodSetting` adds some app-specific
settings details on top of an `AccessMethod`, which is not too far
fetched with the new naming convention.
- Refactor proto file
- Rename protobuf message `AccessMethodSettingAdd` to `NewAccessMethodSetting`
- `AccessMethod` is now its own message
- `AccessMethods` is removed
- Add `ApiAccessMethodAdd` protobuf message
- The `ApiAccessMethodAdd` returns a `UUID` for the . One important
change is that new `AccessMethodSetting`s are created in the daemon,
rather than in the CLI/other clients. This means that the daemon now
has full control over generating new `AccessMethodSetting`s from
`AccessMethod`s.
- Clean up conversion code to/from `AccessMethod` protobuf types
- Simplify `UpdateApiAccessMethod` RPC
- Remove the extranous `ApiAccessMethodUpdate` data type
- get rid of `ApiAccessMethodUpdate` protobuf message. Use `UUID` of
`ApiAccessMethod` to identify which struct to edit.
- get rid of `ApiAccessMethodUpdate` struct
|
|
`ApiAccessMethod` was just an app-centric wrapper around `AccessMethod`.
|
|
- Refactor `RemoveApiAccessMethod` to be based on UUID
- Remove debug-prints in `mullvad api-access list` et al
- Get rid of `GetApiAccessMethods` RPC
- Use the more generic RPC `GetSettings` to get hold of all API access
methods instead
- Rename `mullvad_types::access_method` to `mullvad_types::api_access`
- Remove (unjustified) `#[inline(always)]` attributes
|
|
- Replace rpcs `ReplaceApiAccessMethod` and `ToggleApiAccessMethod` in
favor of a commmon `UpdateApiAccessMethod` (which resembles
`ReplaceApiAccessMethod` in a lot of ways).
- `UpdateApiAccessMethod` works with unique identifiers instead of array
indices to pinpoint which API access method to update.
- Toggling an API access method to be enabled/disabled now happens via `UpdateApiAccessMethod`
- Add the useful `UUID` protobuf type definition, which
conveys more information that a raw string.
- Refactor `SetApiAccessMethod` to use API access method ID
- Update `ApiAcessMethod` messages to use `UUID` type for uuid values
- Use unique id for removing custom `ApiAccessMethods`
|
|
- General code cleanup
- Fix some typos
- Add some doc comments
- Address several `TODO` comments
- Fix `clippy` warnings
- Removed unused dependency `mullvad-api` from `mullvad-cli`
- Removed unused dependency `rand` from `mullvad-daemon`
- Rename `mullvad proxy` to `mullvad api-access`
- Rename `mullvad_types::api_access_method` -> `mullvad_types::access_method`
- Remove unused `mullvad api-access edit` arguments
- Fix `Display` for `ProxyConfig` printing arguments in the wrong order
- Re-phrase `mullvad api-access test`
- If the API call failed, point out which tested access method that
did not work.
- Fix missing `socket_bypass_tx` value for Android
- Refactor `ApiAccessMethod` proto definition
- Simplify protobuf definitions of `SOCKS5` api access methods
- Remove the `Socks5` enum in favor of implementing `Socks5Local` and
`Socks5Remote` directly.
- Move `enabled` and `name` out of the individual messages and put them
next to the `oneof access_method` in `ApiAccessMethod` proto definition
- Use derived `PartialEq` and `Hash` from `AccessMethod`
- Instead of hand-rolling `Hash` and implementing an ad-hoc version of
half of `PartialEq`, these can now be derived and used as one would
imaging due to the refactoring wherer `name` and `enabled` was moved
out of `AccessMethod` into `ApiAccessMethod`.
|
|
For quickly assessing whether an api access method can reach the API or not.
|
|
Allow for settings a specific Access Method to use
|
|
Just a bookkeeping feature for the end user
|
|
Add `mullvad api-access enable/disable`, which allows for toggling API
access methods On/Off.
Make `ApiConnectionModeProvider` consider status of access method.
`ApiConnectionModeProvider` will only be able to return access methods
which are enabled, as it will disregard those which are disabled.
Add logic to guarantee the invariant that at least one API access method
is available for selection by the `ApiConnectionModeProvider`
|
|
|
|
- Add a new datastructures for distinguishing between built-in & custom
api access methods
- Implement `TryFrom` instead of `From` for fallible conversions
- Do not panic if a protobuf-message is ill-formatted
- Do not allow removal of built-in api access methods
- Refactor notification logic in `access_methods.rs`
- Rename `mullvad proxy api` to simply `mullvad proxy`
- Since there are no other kinds of proxies at the moment, the
subcommand `proxy api` does not make much sense.
- Remove left-over comments
|
|
Allow a user to edit an existing custom api proxy method
|
|
Allow the user to manually remove a custom api proxy.
|
|
Add daemon logic for storing custom access methods & allow a user to add
a custom socks5 or shadowsocks proxy.
Add all the necessary information for establishing Socks5
connections (both using a local Socks-proxy as well as the normal,
remote-proxy, use case) and Shadowsocks connections.
Add `api_access_settings` to `mullvad-daemon`
Naturally, the Protobuf types has to be mirrored on the Rust/daemon side
and lots of boilerplate code had to be written to convert between the two.
|
|
|
|
When infra has deployed these block lists to the relays,
this setting will allow blocking social media domains
directly with the app
|
|
|
|
|
|
|
|
|
|
|
