Compare commits

..

No commits in common. "7edb649c3218498dc253bd4fdae97dd1d7365838" and "c062728f73fff8744f13923f8e58b7d582dfb2db" have entirely different histories.

13 changed files with 61 additions and 63 deletions

View File

@ -2,7 +2,7 @@
This project follows [semantic versioning](http://semver.org). This project follows [semantic versioning](http://semver.org).
### v1.2.0 (2019-12-20) ### Unreleased
- [added] Added service restrictions to systemd - [added] Added service restrictions to systemd
- [changed] Rust version 1.40.0 - [changed] Rust version 1.40.0
@ -10,7 +10,6 @@ This project follows [semantic versioning](http://semver.org).
- [changed] Set builders to Ubuntu 16.04 and CentOS 7 - [changed] Set builders to Ubuntu 16.04 and CentOS 7
- [changed] Set keepalive to 120 secs when NAT is detected - [changed] Set keepalive to 120 secs when NAT is detected
- [changed] Deleting beacon file at shutdown - [changed] Deleting beacon file at shutdown
- [changed] Updated dependencies
- [fixed] Added parameter keepalive to manpage - [fixed] Added parameter keepalive to manpage
- [fixed] Fixed problems on stats file when dropping permissions - [fixed] Fixed problems on stats file when dropping permissions
- [fixed] Deleting files before overwriting them - [fixed] Deleting files before overwriting them

13
Cargo.lock generated
View File

@ -500,8 +500,13 @@ dependencies = [
[[package]] [[package]]
name = "time" name = "time"
version = "0.2.0" version = "0.1.42"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)",
"redox_syscall 0.1.56 (registry+https://github.com/rust-lang/crates.io-index)",
"winapi 0.3.8 (registry+https://github.com/rust-lang/crates.io-index)",
]
[[package]] [[package]]
name = "unicode-bidi" name = "unicode-bidi"
@ -556,7 +561,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
[[package]] [[package]]
name = "vpncloud" name = "vpncloud"
version = "1.2.0" version = "1.1.0"
dependencies = [ dependencies = [
"cc 1.0.48 (registry+https://github.com/rust-lang/crates.io-index)", "cc 1.0.48 (registry+https://github.com/rust-lang/crates.io-index)",
"daemonize 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)", "daemonize 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)",
@ -576,7 +581,7 @@ dependencies = [
"signal 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)", "signal 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)",
"siphasher 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)", "siphasher 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
"tempfile 3.1.0 (registry+https://github.com/rust-lang/crates.io-index)", "tempfile 3.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
"time 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", "time 0.1.42 (registry+https://github.com/rust-lang/crates.io-index)",
"yaml-rust 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)", "yaml-rust 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
] ]
@ -778,7 +783,7 @@ dependencies = [
"checksum syn 1.0.11 (registry+https://github.com/rust-lang/crates.io-index)" = "dff0acdb207ae2fe6d5976617f887eb1e35a2ba52c13c7234c790960cdad9238" "checksum syn 1.0.11 (registry+https://github.com/rust-lang/crates.io-index)" = "dff0acdb207ae2fe6d5976617f887eb1e35a2ba52c13c7234c790960cdad9238"
"checksum tempfile 3.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "7a6e24d9338a0a5be79593e2fa15a648add6138caa803e2d5bc782c371732ca9" "checksum tempfile 3.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "7a6e24d9338a0a5be79593e2fa15a648add6138caa803e2d5bc782c371732ca9"
"checksum thread_local 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)" = "c6b53e329000edc2b34dbe8545fd20e55a333362d0a321909685a19bd28c3f1b" "checksum thread_local 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)" = "c6b53e329000edc2b34dbe8545fd20e55a333362d0a321909685a19bd28c3f1b"
"checksum time 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "fcc26de0a81a07c8352b548977862908fa9863e0e6e4f0eb36b2a9f4f8845585" "checksum time 0.1.42 (registry+https://github.com/rust-lang/crates.io-index)" = "db8dcfca086c1143c9270ac42a2bbd8a7ee477b78ac8e45b19abfb0cbede4b6f"
"checksum unicode-bidi 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)" = "49f2bd0c6468a8230e1db229cff8029217cf623c767ea5d60bfbd42729ea54d5" "checksum unicode-bidi 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)" = "49f2bd0c6468a8230e1db229cff8029217cf623c767ea5d60bfbd42729ea54d5"
"checksum unicode-normalization 0.1.11 (registry+https://github.com/rust-lang/crates.io-index)" = "b561e267b2326bb4cebfc0ef9e68355c7abe6c6f522aeac2f5bf95d56c59bdcf" "checksum unicode-normalization 0.1.11 (registry+https://github.com/rust-lang/crates.io-index)" = "b561e267b2326bb4cebfc0ef9e68355c7abe6c6f522aeac2f5bf95d56c59bdcf"
"checksum unicode-segmentation 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "e83e153d1053cbb5a118eeff7fd5be06ed99153f00dbcd8ae310c5fb2b22edc0" "checksum unicode-segmentation 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "e83e153d1053cbb5a118eeff7fd5be06ed99153f00dbcd8ae310c5fb2b22edc0"

View File

@ -1,6 +1,6 @@
[package] [package]
name = "vpncloud" name = "vpncloud"
version = "1.2.0" version = "1.1.0"
authors = ["Dennis Schwerdel <schwerdel@googlemail.com>"] authors = ["Dennis Schwerdel <schwerdel@googlemail.com>"]
build = "build.rs" build = "build.rs"
license = "GPL-3.0" license = "GPL-3.0"
@ -12,7 +12,7 @@ readme = "README.md"
edition = "2018" edition = "2018"
[dependencies] [dependencies]
time = "0.2" time = "0.1"
docopt = "^1" docopt = "^1"
serde = "1.0" serde = "1.0"
serde_derive = "1.0" serde_derive = "1.0"

View File

@ -1,19 +1,3 @@
vpncloud (1.2.0) stable; urgency=medium
* [added] Added service restrictions to systemd
* [changed] Rust version 1.40.0
* [changed] Also drop privileges in foreground mode
* [changed] Set builders to Ubuntu 16.04 and CentOS 7
* [changed] Set keepalive to 120 secs when NAT is detected
* [changed] Deleting beacon file at shutdown
* [changed] Updated dependencies
* [fixed] Added parameter keepalive to manpage
* [fixed] Fixed problems on stats file when dropping permissions
* [fixed] Deleting files before overwriting them
* [fixed] Fixed duplicate port bindings
-- Dennis Schwerdel <schwerdel@googlemail.com> Fri, 20 Dec 2019 16:31:07 +0100
vpncloud (1.1.0) stable; urgency=medium vpncloud (1.1.0) stable; urgency=medium
* [added] Exchange peer timeout and adapt keepalive accordingly * [added] Exchange peer timeout and adapt keepalive accordingly

View File

@ -149,7 +149,6 @@ fn create_test_node() -> TestNode {
true, true,
vec![], vec![],
Crypto::None, Crypto::None,
None,
None None
) )
} }

View File

@ -445,7 +445,7 @@ impl<D: Device, P: Protocol, T: Table, S: Socket, TS: TimeSource> GenericCloud<D
debug!("Connecting to {:?}", addr); debug!("Connecting to {:?}", addr);
let subnets = self.addresses.clone(); let subnets = self.addresses.clone();
let node_id = self.node_id; let node_id = self.node_id;
let mut msg = Message::Init(0, node_id, subnets, self.peer_timeout_publish); let mut msg = Message::Init(0, node_id, subnets.clone(), self.peer_timeout_publish);
self.send_msg(addr, &mut msg) self.send_msg(addr, &mut msg)
} }

View File

@ -447,6 +447,7 @@ fn config_merge() {
group: Some("root".to_string()), group: Some("root".to_string()),
pid_file: Some("/run/vpncloud-mynet.run".to_string()), pid_file: Some("/run/vpncloud-mynet.run".to_string()),
stats_file: Some("/var/log/vpncloud-mynet.stats".to_string()), stats_file: Some("/var/log/vpncloud-mynet.stats".to_string()),
daemonize: true daemonize: true,
..Default::default()
}); });
} }

View File

@ -171,7 +171,9 @@ fn encrypt_decrypt_chacha20poly1305() {
let msg_bytes = msg.as_bytes(); let msg_bytes = msg.as_bytes();
let mut buffer = [0u8; 1024]; let mut buffer = [0u8; 1024];
let header = [0u8; 8]; let header = [0u8; 8];
buffer[..msg_bytes.len()].clone_from_slice(&msg_bytes); for i in 0..msg_bytes.len() {
buffer[i] = msg_bytes[i];
}
let mut nonce1 = [0u8; 12]; let mut nonce1 = [0u8; 12];
let size = sender.encrypt(&mut buffer, msg_bytes.len(), &mut nonce1, &header); let size = sender.encrypt(&mut buffer, msg_bytes.len(), &mut nonce1, &header);
assert_eq!(size, msg_bytes.len() + sender.additional_bytes()); assert_eq!(size, msg_bytes.len() + sender.additional_bytes());
@ -193,7 +195,9 @@ fn encrypt_decrypt_aes256() {
let msg_bytes = msg.as_bytes(); let msg_bytes = msg.as_bytes();
let mut buffer = [0u8; 1024]; let mut buffer = [0u8; 1024];
let header = [0u8; 8]; let header = [0u8; 8];
buffer[..msg_bytes.len()].clone_from_slice(&msg_bytes); for i in 0..msg_bytes.len() {
buffer[i] = msg_bytes[i];
}
let mut nonce1 = [0u8; 12]; let mut nonce1 = [0u8; 12];
let size = sender.encrypt(&mut buffer, msg_bytes.len(), &mut nonce1, &header); let size = sender.encrypt(&mut buffer, msg_bytes.len(), &mut nonce1, &header);
assert_eq!(size, msg_bytes.len() + sender.additional_bytes()); assert_eq!(size, msg_bytes.len() + sender.additional_bytes());

View File

@ -59,7 +59,7 @@ use crate::{
const VERSION: u8 = 1; const VERSION: u8 = 1;
const MAGIC: HeaderMagic = *b"vpn\x01"; const MAGIC: HeaderMagic = *b"vpn\x01";
static USAGE: &str = include_str!("usage.txt"); static USAGE: &'static str = include_str!("usage.txt");
#[derive(Deserialize, Debug, Default)] #[derive(Deserialize, Debug, Default)]
@ -127,7 +127,7 @@ impl log::Log for DualLogger {
println!("{} - {}", record.level(), record.args()); println!("{} - {}", record.level(), record.args());
let mut file = self.file.lock().expect("Lock poisoned"); let mut file = self.file.lock().expect("Lock poisoned");
if let Some(ref mut file) = *file { if let Some(ref mut file) = *file {
let time = time::PrimitiveDateTime::now().format("%F %T"); let time = time::strftime("%F %T", &time::now()).expect("Failed to format timestamp");
writeln!(file, "{} - {} - {}", time, record.level(), record.args()) writeln!(file, "{} - {} - {}", time, record.level(), record.args())
.expect("Failed to write to logfile"); .expect("Failed to write to logfile");
} }
@ -240,7 +240,6 @@ impl<P: Protocol> AnyCloud<P> {
} }
#[allow(clippy::cognitive_complexity)]
fn run<P: Protocol>(config: Config) { fn run<P: Protocol>(config: Config) {
let device = try_fail!( let device = try_fail!(
TunTapDevice::new(&config.device_name, config.device_type, config.device_path.as_ref().map(|s| s as &str)), TunTapDevice::new(&config.device_name, config.device_type, config.device_path.as_ref().map(|s| s as &str)),

View File

@ -60,7 +60,6 @@ fn connect_nat_3_peers() {
} }
#[test] #[test]
#[allow(clippy::cognitive_complexity)]
fn nat_keepalive() { fn nat_keepalive() {
init_debug_logger(); init_debug_logger();
MockTimeSource::set_time(0); MockTimeSource::set_time(0);

View File

@ -5,7 +5,6 @@
use super::*; use super::*;
#[test] #[test]
#[allow(clippy::cognitive_complexity)]
fn connect_v4() { fn connect_v4() {
let mut node1 = create_tap_node(false); let mut node1 = create_tap_node(false);
let node1_addr = addr!("1.2.3.4:5678"); let node1_addr = addr!("1.2.3.4:5678");
@ -57,7 +56,6 @@ fn connect_v6() {
} }
#[test] #[test]
#[allow(clippy::cognitive_complexity)]
fn cross_connect() { fn cross_connect() {
let mut node1 = create_tap_node(false); let mut node1 = create_tap_node(false);
let node1_addr = addr!("1.1.1.1:1111"); let node1_addr = addr!("1.1.1.1:1111");

View File

@ -190,7 +190,11 @@ pub fn decode<'a>(data: &'a mut [u8], magic: HeaderMagic, crypto: &Crypto) -> Re
pos += read; pos += read;
addrs.push(range); addrs.push(range);
} }
let peer_timeout = if data.len() >= pos + 2 { Encoder::read_u16(&data[pos..]) } else { 1800 }; let mut peer_timeout = 1800;
if data.len() >= pos + 2 {
peer_timeout = Encoder::read_u16(&data[pos..]);
// pos += 2; never read
}
Message::Init(stage, node_id, addrs, peer_timeout) Message::Init(stage, node_id, addrs, peer_timeout)
} }
3 => Message::Close, 3 => Message::Close,
@ -349,10 +353,12 @@ fn udpmessage_packet() {
let res = encode(&mut msg, &mut [], MAGIC, &mut crypto); let res = encode(&mut msg, &mut [], MAGIC, &mut crypto);
assert_eq!(res.len(), 13); assert_eq!(res.len(), 13);
assert_eq!(&res[..8], &[118, 112, 110, 1, 0, 0, 0, 0]); assert_eq!(&res[..8], &[118, 112, 110, 1, 0, 0, 0, 0]);
buf[..res.len()].clone_from_slice(&res); for i in 0..res.len() {
buf[i] = res[i];
}
len = res.len(); len = res.len();
} }
let msg2 = decode(&mut buf[..len], MAGIC, &crypto).unwrap(); let msg2 = decode(&mut buf[..len], MAGIC, &mut crypto).unwrap();
assert_eq!(msg, msg2); assert_eq!(msg, msg2);
} }
@ -367,7 +373,9 @@ fn udpmessage_encrypted() {
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
]; ];
let mut orig_payload = [0; 133]; let mut orig_payload = [0; 133];
orig_payload[..payload.len()].clone_from_slice(&payload); for i in 0..payload.len() {
orig_payload[i] = payload[i];
}
let orig_msg = Message::Data(&mut orig_payload, 64, 69); let orig_msg = Message::Data(&mut orig_payload, 64, 69);
let mut msg = Message::Data(&mut payload, 64, 69); let mut msg = Message::Data(&mut payload, 64, 69);
let mut buf = [0; 1024]; let mut buf = [0; 1024];
@ -376,10 +384,12 @@ fn udpmessage_encrypted() {
let res = encode(&mut msg, &mut [], MAGIC, &mut crypto); let res = encode(&mut msg, &mut [], MAGIC, &mut crypto);
assert_eq!(res.len(), 41); assert_eq!(res.len(), 41);
assert_eq!(&res[..8], &[118, 112, 110, 1, 1, 0, 0, 0]); assert_eq!(&res[..8], &[118, 112, 110, 1, 1, 0, 0, 0]);
buf[..res.len()].clone_from_slice(&res); for i in 0..res.len() {
buf[i] = res[i];
}
len = res.len(); len = res.len();
} }
let msg2 = decode(&mut buf[..len], MAGIC, &crypto).unwrap(); let msg2 = decode(&mut buf[..len], MAGIC, &mut crypto).unwrap();
assert_eq!(orig_msg, msg2); assert_eq!(orig_msg, msg2);
} }
@ -404,16 +414,16 @@ fn udpmessage_peers() {
assert_eq!(res[i], should[i]); assert_eq!(res[i], should[i]);
} }
} }
let msg2 = decode(&mut should, MAGIC, &crypto).unwrap(); let msg2 = decode(&mut should, MAGIC, &mut crypto).unwrap();
assert_eq!(msg, msg2); assert_eq!(msg, msg2);
// Missing IPv4 count // Missing IPv4 count
assert!(decode(&mut [118, 112, 110, 1, 0, 0, 0, 1], MAGIC, &crypto).is_err()); assert!(decode(&mut [118, 112, 110, 1, 0, 0, 0, 1], MAGIC, &mut crypto).is_err());
// Truncated IPv4 // Truncated IPv4
assert!(decode(&mut [118, 112, 110, 1, 0, 0, 0, 1, 1], MAGIC, &crypto).is_err()); assert!(decode(&mut [118, 112, 110, 1, 0, 0, 0, 1, 1], MAGIC, &mut crypto).is_err());
// Missing IPv6 count // Missing IPv6 count
assert!(decode(&mut [118, 112, 110, 1, 0, 0, 0, 1, 1, 1, 2, 3, 4, 0, 0], MAGIC, &crypto).is_err()); assert!(decode(&mut [118, 112, 110, 1, 0, 0, 0, 1, 1, 1, 2, 3, 4, 0, 0], MAGIC, &mut crypto).is_err());
// Truncated IPv6 // Truncated IPv6
assert!(decode(&mut [118, 112, 110, 1, 0, 0, 0, 1, 1, 1, 2, 3, 4, 0, 0, 1], MAGIC, &crypto).is_err()); assert!(decode(&mut [118, 112, 110, 1, 0, 0, 0, 1, 1, 1, 2, 3, 4, 0, 0, 1], MAGIC, &mut crypto).is_err());
} }
#[test] #[test]
@ -438,7 +448,7 @@ fn udpmessage_init() {
assert_eq!(res[i], should[i]); assert_eq!(res[i], should[i]);
} }
} }
let msg2 = decode(&mut should, MAGIC, &crypto).unwrap(); let msg2 = decode(&mut should, MAGIC, &mut crypto).unwrap();
assert_eq!(msg, msg2); assert_eq!(msg, msg2);
} }
@ -453,31 +463,31 @@ fn udpmessage_close() {
assert_eq!(res.len(), 8); assert_eq!(res.len(), 8);
assert_eq!(&res, &should); assert_eq!(&res, &should);
} }
let msg2 = decode(&mut should, MAGIC, &crypto).unwrap(); let msg2 = decode(&mut should, MAGIC, &mut crypto).unwrap();
assert_eq!(msg, msg2); assert_eq!(msg, msg2);
} }
#[test] #[test]
fn udpmessage_invalid() { fn udpmessage_invalid() {
let crypto = Crypto::None; let mut crypto = Crypto::None;
assert!(decode(&mut [0x76, 0x70, 0x6e, 1, 0, 0, 0, 0], MAGIC, &crypto).is_ok()); assert!(decode(&mut [0x76, 0x70, 0x6e, 1, 0, 0, 0, 0], MAGIC, &mut crypto).is_ok());
// too short // too short
assert!(decode(&mut [], MAGIC, &crypto).is_err()); assert!(decode(&mut [], MAGIC, &mut crypto).is_err());
// invalid protocol // invalid protocol
assert!(decode(&mut [0, 1, 2, 0, 0, 0, 0, 0], MAGIC, &crypto).is_err()); assert!(decode(&mut [0, 1, 2, 0, 0, 0, 0, 0], MAGIC, &mut crypto).is_err());
// invalid version // invalid version
assert!(decode(&mut [0x76, 0x70, 0x6e, 0xaa, 0, 0, 0, 0], MAGIC, &crypto).is_err()); assert!(decode(&mut [0x76, 0x70, 0x6e, 0xaa, 0, 0, 0, 0], MAGIC, &mut crypto).is_err());
// invalid crypto // invalid crypto
assert!(decode(&mut [0x76, 0x70, 0x6e, 1, 0xaa, 0, 0, 0], MAGIC, &crypto).is_err()); assert!(decode(&mut [0x76, 0x70, 0x6e, 1, 0xaa, 0, 0, 0], MAGIC, &mut crypto).is_err());
// invalid msg type // invalid msg type
assert!(decode(&mut [0x76, 0x70, 0x6e, 1, 0, 0, 0, 0xaa], MAGIC, &crypto).is_err()); assert!(decode(&mut [0x76, 0x70, 0x6e, 1, 0, 0, 0, 0xaa], MAGIC, &mut crypto).is_err());
} }
#[test] #[test]
fn udpmessage_invalid_crypto() { fn udpmessage_invalid_crypto() {
let crypto = Crypto::from_shared_key(CryptoMethod::ChaCha20, "test"); let mut crypto = Crypto::from_shared_key(CryptoMethod::ChaCha20, "test");
// truncated crypto // truncated crypto
assert!(decode(&mut [0x76, 0x70, 0x6e, 1, 1, 0, 0, 0], MAGIC, &crypto).is_err()); assert!(decode(&mut [0x76, 0x70, 0x6e, 1, 1, 0, 0, 0], MAGIC, &mut crypto).is_err());
} }
#[test] #[test]

View File

@ -254,9 +254,9 @@ impl TimeSource for MockTimeSource {
/// Helper function that multiplies the base62 data in buf[0..buflen] by 16 and adds m to it /// Helper function that multiplies the base62 data in buf[0..buflen] by 16 and adds m to it
fn base62_add_mult_16(buf: &mut [u8], mut buflen: usize, m: u8) -> usize { fn base62_add_mult_16(buf: &mut [u8], mut buflen: usize, m: u8) -> usize {
let mut d: usize = m as usize; let mut d: usize = m as usize;
for item in buf.iter_mut().take(buflen) { for i in 0..buflen {
d += *item as usize * 16; d += buf[i] as usize * 16;
*item = (d % 62) as u8; buf[i] = (d % 62) as u8;
d /= 62; d /= 62;
} }
assert!(d < 62); assert!(d < 62);
@ -298,9 +298,9 @@ pub fn from_base62(data: &str) -> Result<Vec<u8>, char> {
'a'..='z' => ((c as usize) % ('a' as usize)) + 36, 'a'..='z' => ((c as usize) % ('a' as usize)) + 36,
_ => return Err(c) _ => return Err(c)
}; };
for item in &mut buf { for i in 0..buf.len() {
val += *item as usize * 62; val += buf[i] as usize * 62;
*item = (val % 256) as u8; buf[i] = (val % 256) as u8;
val /= 256; val /= 256;
} }
if val > 0 { if val > 0 {