Compare commits

..

No commits in common. "7edb649c3218498dc253bd4fdae97dd1d7365838" and "c062728f73fff8744f13923f8e58b7d582dfb2db" have entirely different histories.

13 changed files with 61 additions and 63 deletions

View File

@ -2,7 +2,7 @@
This project follows [semantic versioning](http://semver.org).
### v1.2.0 (2019-12-20)
### Unreleased
- [added] Added service restrictions to systemd
- [changed] Rust version 1.40.0
@ -10,7 +10,6 @@ This project follows [semantic versioning](http://semver.org).
- [changed] Set builders to Ubuntu 16.04 and CentOS 7
- [changed] Set keepalive to 120 secs when NAT is detected
- [changed] Deleting beacon file at shutdown
- [changed] Updated dependencies
- [fixed] Added parameter keepalive to manpage
- [fixed] Fixed problems on stats file when dropping permissions
- [fixed] Deleting files before overwriting them

13
Cargo.lock generated
View File

@ -500,8 +500,13 @@ dependencies = [
[[package]]
name = "time"
version = "0.2.0"
version = "0.1.42"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)",
"redox_syscall 0.1.56 (registry+https://github.com/rust-lang/crates.io-index)",
"winapi 0.3.8 (registry+https://github.com/rust-lang/crates.io-index)",
]
[[package]]
name = "unicode-bidi"
@ -556,7 +561,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
[[package]]
name = "vpncloud"
version = "1.2.0"
version = "1.1.0"
dependencies = [
"cc 1.0.48 (registry+https://github.com/rust-lang/crates.io-index)",
"daemonize 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)",
@ -576,7 +581,7 @@ dependencies = [
"signal 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)",
"siphasher 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
"tempfile 3.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
"time 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
"time 0.1.42 (registry+https://github.com/rust-lang/crates.io-index)",
"yaml-rust 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
]
@ -778,7 +783,7 @@ dependencies = [
"checksum syn 1.0.11 (registry+https://github.com/rust-lang/crates.io-index)" = "dff0acdb207ae2fe6d5976617f887eb1e35a2ba52c13c7234c790960cdad9238"
"checksum tempfile 3.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "7a6e24d9338a0a5be79593e2fa15a648add6138caa803e2d5bc782c371732ca9"
"checksum thread_local 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)" = "c6b53e329000edc2b34dbe8545fd20e55a333362d0a321909685a19bd28c3f1b"
"checksum time 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "fcc26de0a81a07c8352b548977862908fa9863e0e6e4f0eb36b2a9f4f8845585"
"checksum time 0.1.42 (registry+https://github.com/rust-lang/crates.io-index)" = "db8dcfca086c1143c9270ac42a2bbd8a7ee477b78ac8e45b19abfb0cbede4b6f"
"checksum unicode-bidi 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)" = "49f2bd0c6468a8230e1db229cff8029217cf623c767ea5d60bfbd42729ea54d5"
"checksum unicode-normalization 0.1.11 (registry+https://github.com/rust-lang/crates.io-index)" = "b561e267b2326bb4cebfc0ef9e68355c7abe6c6f522aeac2f5bf95d56c59bdcf"
"checksum unicode-segmentation 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "e83e153d1053cbb5a118eeff7fd5be06ed99153f00dbcd8ae310c5fb2b22edc0"

View File

@ -1,6 +1,6 @@
[package]
name = "vpncloud"
version = "1.2.0"
version = "1.1.0"
authors = ["Dennis Schwerdel <schwerdel@googlemail.com>"]
build = "build.rs"
license = "GPL-3.0"
@ -12,7 +12,7 @@ readme = "README.md"
edition = "2018"
[dependencies]
time = "0.2"
time = "0.1"
docopt = "^1"
serde = "1.0"
serde_derive = "1.0"

View File

@ -1,19 +1,3 @@
vpncloud (1.2.0) stable; urgency=medium
* [added] Added service restrictions to systemd
* [changed] Rust version 1.40.0
* [changed] Also drop privileges in foreground mode
* [changed] Set builders to Ubuntu 16.04 and CentOS 7
* [changed] Set keepalive to 120 secs when NAT is detected
* [changed] Deleting beacon file at shutdown
* [changed] Updated dependencies
* [fixed] Added parameter keepalive to manpage
* [fixed] Fixed problems on stats file when dropping permissions
* [fixed] Deleting files before overwriting them
* [fixed] Fixed duplicate port bindings
-- Dennis Schwerdel <schwerdel@googlemail.com> Fri, 20 Dec 2019 16:31:07 +0100
vpncloud (1.1.0) stable; urgency=medium
* [added] Exchange peer timeout and adapt keepalive accordingly

View File

@ -149,7 +149,6 @@ fn create_test_node() -> TestNode {
true,
vec![],
Crypto::None,
None,
None
)
}

View File

@ -445,7 +445,7 @@ impl<D: Device, P: Protocol, T: Table, S: Socket, TS: TimeSource> GenericCloud<D
debug!("Connecting to {:?}", addr);
let subnets = self.addresses.clone();
let node_id = self.node_id;
let mut msg = Message::Init(0, node_id, subnets, self.peer_timeout_publish);
let mut msg = Message::Init(0, node_id, subnets.clone(), self.peer_timeout_publish);
self.send_msg(addr, &mut msg)
}

View File

@ -447,6 +447,7 @@ fn config_merge() {
group: Some("root".to_string()),
pid_file: Some("/run/vpncloud-mynet.run".to_string()),
stats_file: Some("/var/log/vpncloud-mynet.stats".to_string()),
daemonize: true
daemonize: true,
..Default::default()
});
}

View File

@ -171,7 +171,9 @@ fn encrypt_decrypt_chacha20poly1305() {
let msg_bytes = msg.as_bytes();
let mut buffer = [0u8; 1024];
let header = [0u8; 8];
buffer[..msg_bytes.len()].clone_from_slice(&msg_bytes);
for i in 0..msg_bytes.len() {
buffer[i] = msg_bytes[i];
}
let mut nonce1 = [0u8; 12];
let size = sender.encrypt(&mut buffer, msg_bytes.len(), &mut nonce1, &header);
assert_eq!(size, msg_bytes.len() + sender.additional_bytes());
@ -193,7 +195,9 @@ fn encrypt_decrypt_aes256() {
let msg_bytes = msg.as_bytes();
let mut buffer = [0u8; 1024];
let header = [0u8; 8];
buffer[..msg_bytes.len()].clone_from_slice(&msg_bytes);
for i in 0..msg_bytes.len() {
buffer[i] = msg_bytes[i];
}
let mut nonce1 = [0u8; 12];
let size = sender.encrypt(&mut buffer, msg_bytes.len(), &mut nonce1, &header);
assert_eq!(size, msg_bytes.len() + sender.additional_bytes());

View File

@ -59,7 +59,7 @@ use crate::{
const VERSION: u8 = 1;
const MAGIC: HeaderMagic = *b"vpn\x01";
static USAGE: &str = include_str!("usage.txt");
static USAGE: &'static str = include_str!("usage.txt");
#[derive(Deserialize, Debug, Default)]
@ -127,7 +127,7 @@ impl log::Log for DualLogger {
println!("{} - {}", record.level(), record.args());
let mut file = self.file.lock().expect("Lock poisoned");
if let Some(ref mut file) = *file {
let time = time::PrimitiveDateTime::now().format("%F %T");
let time = time::strftime("%F %T", &time::now()).expect("Failed to format timestamp");
writeln!(file, "{} - {} - {}", time, record.level(), record.args())
.expect("Failed to write to logfile");
}
@ -240,7 +240,6 @@ impl<P: Protocol> AnyCloud<P> {
}
#[allow(clippy::cognitive_complexity)]
fn run<P: Protocol>(config: Config) {
let device = try_fail!(
TunTapDevice::new(&config.device_name, config.device_type, config.device_path.as_ref().map(|s| s as &str)),

View File

@ -60,7 +60,6 @@ fn connect_nat_3_peers() {
}
#[test]
#[allow(clippy::cognitive_complexity)]
fn nat_keepalive() {
init_debug_logger();
MockTimeSource::set_time(0);

View File

@ -5,7 +5,6 @@
use super::*;
#[test]
#[allow(clippy::cognitive_complexity)]
fn connect_v4() {
let mut node1 = create_tap_node(false);
let node1_addr = addr!("1.2.3.4:5678");
@ -57,7 +56,6 @@ fn connect_v6() {
}
#[test]
#[allow(clippy::cognitive_complexity)]
fn cross_connect() {
let mut node1 = create_tap_node(false);
let node1_addr = addr!("1.1.1.1:1111");

View File

@ -190,7 +190,11 @@ pub fn decode<'a>(data: &'a mut [u8], magic: HeaderMagic, crypto: &Crypto) -> Re
pos += read;
addrs.push(range);
}
let peer_timeout = if data.len() >= pos + 2 { Encoder::read_u16(&data[pos..]) } else { 1800 };
let mut peer_timeout = 1800;
if data.len() >= pos + 2 {
peer_timeout = Encoder::read_u16(&data[pos..]);
// pos += 2; never read
}
Message::Init(stage, node_id, addrs, peer_timeout)
}
3 => Message::Close,
@ -349,10 +353,12 @@ fn udpmessage_packet() {
let res = encode(&mut msg, &mut [], MAGIC, &mut crypto);
assert_eq!(res.len(), 13);
assert_eq!(&res[..8], &[118, 112, 110, 1, 0, 0, 0, 0]);
buf[..res.len()].clone_from_slice(&res);
for i in 0..res.len() {
buf[i] = res[i];
}
len = res.len();
}
let msg2 = decode(&mut buf[..len], MAGIC, &crypto).unwrap();
let msg2 = decode(&mut buf[..len], MAGIC, &mut crypto).unwrap();
assert_eq!(msg, msg2);
}
@ -367,7 +373,9 @@ fn udpmessage_encrypted() {
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
];
let mut orig_payload = [0; 133];
orig_payload[..payload.len()].clone_from_slice(&payload);
for i in 0..payload.len() {
orig_payload[i] = payload[i];
}
let orig_msg = Message::Data(&mut orig_payload, 64, 69);
let mut msg = Message::Data(&mut payload, 64, 69);
let mut buf = [0; 1024];
@ -376,10 +384,12 @@ fn udpmessage_encrypted() {
let res = encode(&mut msg, &mut [], MAGIC, &mut crypto);
assert_eq!(res.len(), 41);
assert_eq!(&res[..8], &[118, 112, 110, 1, 1, 0, 0, 0]);
buf[..res.len()].clone_from_slice(&res);
for i in 0..res.len() {
buf[i] = res[i];
}
len = res.len();
}
let msg2 = decode(&mut buf[..len], MAGIC, &crypto).unwrap();
let msg2 = decode(&mut buf[..len], MAGIC, &mut crypto).unwrap();
assert_eq!(orig_msg, msg2);
}
@ -404,16 +414,16 @@ fn udpmessage_peers() {
assert_eq!(res[i], should[i]);
}
}
let msg2 = decode(&mut should, MAGIC, &crypto).unwrap();
let msg2 = decode(&mut should, MAGIC, &mut crypto).unwrap();
assert_eq!(msg, msg2);
// Missing IPv4 count
assert!(decode(&mut [118, 112, 110, 1, 0, 0, 0, 1], MAGIC, &crypto).is_err());
assert!(decode(&mut [118, 112, 110, 1, 0, 0, 0, 1], MAGIC, &mut crypto).is_err());
// Truncated IPv4
assert!(decode(&mut [118, 112, 110, 1, 0, 0, 0, 1, 1], MAGIC, &crypto).is_err());
assert!(decode(&mut [118, 112, 110, 1, 0, 0, 0, 1, 1], MAGIC, &mut crypto).is_err());
// Missing IPv6 count
assert!(decode(&mut [118, 112, 110, 1, 0, 0, 0, 1, 1, 1, 2, 3, 4, 0, 0], MAGIC, &crypto).is_err());
assert!(decode(&mut [118, 112, 110, 1, 0, 0, 0, 1, 1, 1, 2, 3, 4, 0, 0], MAGIC, &mut crypto).is_err());
// Truncated IPv6
assert!(decode(&mut [118, 112, 110, 1, 0, 0, 0, 1, 1, 1, 2, 3, 4, 0, 0, 1], MAGIC, &crypto).is_err());
assert!(decode(&mut [118, 112, 110, 1, 0, 0, 0, 1, 1, 1, 2, 3, 4, 0, 0, 1], MAGIC, &mut crypto).is_err());
}
#[test]
@ -438,7 +448,7 @@ fn udpmessage_init() {
assert_eq!(res[i], should[i]);
}
}
let msg2 = decode(&mut should, MAGIC, &crypto).unwrap();
let msg2 = decode(&mut should, MAGIC, &mut crypto).unwrap();
assert_eq!(msg, msg2);
}
@ -453,31 +463,31 @@ fn udpmessage_close() {
assert_eq!(res.len(), 8);
assert_eq!(&res, &should);
}
let msg2 = decode(&mut should, MAGIC, &crypto).unwrap();
let msg2 = decode(&mut should, MAGIC, &mut crypto).unwrap();
assert_eq!(msg, msg2);
}
#[test]
fn udpmessage_invalid() {
let crypto = Crypto::None;
assert!(decode(&mut [0x76, 0x70, 0x6e, 1, 0, 0, 0, 0], MAGIC, &crypto).is_ok());
let mut crypto = Crypto::None;
assert!(decode(&mut [0x76, 0x70, 0x6e, 1, 0, 0, 0, 0], MAGIC, &mut crypto).is_ok());
// too short
assert!(decode(&mut [], MAGIC, &crypto).is_err());
assert!(decode(&mut [], MAGIC, &mut crypto).is_err());
// invalid protocol
assert!(decode(&mut [0, 1, 2, 0, 0, 0, 0, 0], MAGIC, &crypto).is_err());
assert!(decode(&mut [0, 1, 2, 0, 0, 0, 0, 0], MAGIC, &mut crypto).is_err());
// invalid version
assert!(decode(&mut [0x76, 0x70, 0x6e, 0xaa, 0, 0, 0, 0], MAGIC, &crypto).is_err());
assert!(decode(&mut [0x76, 0x70, 0x6e, 0xaa, 0, 0, 0, 0], MAGIC, &mut crypto).is_err());
// invalid crypto
assert!(decode(&mut [0x76, 0x70, 0x6e, 1, 0xaa, 0, 0, 0], MAGIC, &crypto).is_err());
assert!(decode(&mut [0x76, 0x70, 0x6e, 1, 0xaa, 0, 0, 0], MAGIC, &mut crypto).is_err());
// invalid msg type
assert!(decode(&mut [0x76, 0x70, 0x6e, 1, 0, 0, 0, 0xaa], MAGIC, &crypto).is_err());
assert!(decode(&mut [0x76, 0x70, 0x6e, 1, 0, 0, 0, 0xaa], MAGIC, &mut crypto).is_err());
}
#[test]
fn udpmessage_invalid_crypto() {
let crypto = Crypto::from_shared_key(CryptoMethod::ChaCha20, "test");
let mut crypto = Crypto::from_shared_key(CryptoMethod::ChaCha20, "test");
// truncated crypto
assert!(decode(&mut [0x76, 0x70, 0x6e, 1, 1, 0, 0, 0], MAGIC, &crypto).is_err());
assert!(decode(&mut [0x76, 0x70, 0x6e, 1, 1, 0, 0, 0], MAGIC, &mut crypto).is_err());
}
#[test]

View File

@ -254,9 +254,9 @@ impl TimeSource for MockTimeSource {
/// Helper function that multiplies the base62 data in buf[0..buflen] by 16 and adds m to it
fn base62_add_mult_16(buf: &mut [u8], mut buflen: usize, m: u8) -> usize {
let mut d: usize = m as usize;
for item in buf.iter_mut().take(buflen) {
d += *item as usize * 16;
*item = (d % 62) as u8;
for i in 0..buflen {
d += buf[i] as usize * 16;
buf[i] = (d % 62) as u8;
d /= 62;
}
assert!(d < 62);
@ -298,9 +298,9 @@ pub fn from_base62(data: &str) -> Result<Vec<u8>, char> {
'a'..='z' => ((c as usize) % ('a' as usize)) + 36,
_ => return Err(c)
};
for item in &mut buf {
val += *item as usize * 62;
*item = (val % 256) as u8;
for i in 0..buf.len() {
val += buf[i] as usize * 62;
buf[i] = (val % 256) as u8;
val /= 256;
}
if val > 0 {