project/unetd.git
2 years agounet-cli: add DHT support
Felix Fietkau [Fri, 16 Sep 2022 16:37:48 +0000 (18:37 +0200)]
unet-cli: add DHT support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agopex: improve handling of a longer list of PEX hosts
Felix Fietkau [Fri, 16 Sep 2022 13:25:20 +0000 (15:25 +0200)]
pex: improve handling of a longer list of PEX hosts

Instead of rotating and picking one every 5 seconds, pick one from the list
every 500ms, but enforce a minimum interval of 10 seconds per host between
pings

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agopex: add support for figuring out the external data port via STUN servers
Felix Fietkau [Fri, 16 Sep 2022 09:00:15 +0000 (11:00 +0200)]
pex: add support for figuring out the external data port via STUN servers

When establishing a direct connection on the auth/PEX port via DHT, both sides
need to know the externally mapped data port number in order to establish a
wireguard connection.
If there is an existing data connection, the port can be queried via PEX
over the tunnel. If that is not available, an external public server is needed
in order to poke a hole in the NAT. The easiest way to do this is to use
STUN, since there are a lot of public servers available.

The servers can be configured via the network data, based on the assumption,
that an auth exchange with network data update can be done directly

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoutils: add support for passings address family to network_get_endpoint()
Felix Fietkau [Thu, 15 Sep 2022 20:02:09 +0000 (22:02 +0200)]
utils: add support for passings address family to network_get_endpoint()

Can be used to limit results to IPv4 addresses

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agopex: add utility function to get the sockets based on type / address family
Felix Fietkau [Thu, 15 Sep 2022 19:47:20 +0000 (21:47 +0200)]
pex: add utility function to get the sockets based on type / address family

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agopex: move raw ip send code to sendto_rawudp() in utils.c
Felix Fietkau [Thu, 15 Sep 2022 19:44:47 +0000 (21:44 +0200)]
pex: move raw ip send code to sendto_rawudp() in utils.c

This allows it to be reused for other purposes later

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agopex: move rx header check to callback function
Felix Fietkau [Thu, 15 Sep 2022 19:18:42 +0000 (21:18 +0200)]
pex: move rx header check to callback function

Fixes some length check bugs in the cli code and allows other protocols to be
used on the global PEX port.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agopex: keep active pex hosts after the specified timeout
Felix Fietkau [Sat, 10 Sep 2022 10:33:03 +0000 (12:33 +0200)]
pex: keep active pex hosts after the specified timeout

Keep them as long as they have sent us a valid message in the last minute

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoadd DHT discovery service
Felix Fietkau [Sat, 10 Sep 2022 06:43:22 +0000 (08:43 +0200)]
add DHT discovery service

This uses the BitTorrent 'Mainline' DHT in order to find peers.
It operates on the global PEX port, in order to allow exchanging network data
through double NAT. Only the IPv4 DHT is used at the moment.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoubus: notify on network updates
Felix Fietkau [Fri, 16 Sep 2022 16:38:08 +0000 (18:38 +0200)]
ubus: notify on network updates

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agopex: add support for sending/receiving global PEX messages via unix socket
Felix Fietkau [Mon, 5 Sep 2022 10:30:07 +0000 (12:30 +0200)]
pex: add support for sending/receiving global PEX messages via unix socket

This can be used for allowing another protocol (e.g. DHT) to run on the same
port, making it easier to deal with NAT

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agopex: remove pex event debug spam
Felix Fietkau [Fri, 16 Sep 2022 12:55:33 +0000 (14:55 +0200)]
pex: remove pex event debug spam

Makes debugging output more readable

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agopex: reduce unnecessary ping traffic
Felix Fietkau [Fri, 16 Sep 2022 12:54:45 +0000 (14:54 +0200)]
pex: reduce unnecessary ping traffic

Only ping once after the idle time exceeds keepalive time.
Do not ping if no endpoint address is known yet

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agowg-linux: ship a copy of linux/wireguard.h
Felix Fietkau [Mon, 5 Sep 2022 09:40:42 +0000 (11:40 +0200)]
wg-linux: ship a copy of linux/wireguard.h

Makes it possible to build unetd on hosts with older toolchain headers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agocli: fix typo
Felix Fietkau [Sun, 4 Sep 2022 16:44:55 +0000 (18:44 +0200)]
cli: fix typo

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoubus: add reload command
Felix Fietkau [Thu, 1 Sep 2022 18:38:50 +0000 (20:38 +0200)]
ubus: add reload command

This will reload all explicitly configured files (network json, peer lists)
without causing unnecessary network disruption

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agonetwork: add support for configuring extra peers via a separate json file
Felix Fietkau [Thu, 1 Sep 2022 17:42:10 +0000 (19:42 +0200)]
network: add support for configuring extra peers via a separate json file

Peers added to this file are only used locally and not advertised on the
network. Peers should use IP addresses that are part of locally announced
or otherwise configured subnets

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoubus: add support for adding auth_connect hosts at runtime
Felix Fietkau [Wed, 31 Aug 2022 18:37:05 +0000 (20:37 +0200)]
ubus: add support for adding auth_connect hosts at runtime

These hosts always need to have a timeout value. After the timeout, they
are automatically deleted. Other than that, they work just like regular
configured auth_host entries

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoubus: add support for querying active networks
Felix Fietkau [Wed, 31 Aug 2022 12:48:22 +0000 (14:48 +0200)]
ubus: add support for querying active networks

Shows configuration, local host name, peer connection status

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agopex: add support for sending endpoint notification from the wg port via raw socket
Felix Fietkau [Wed, 31 Aug 2022 11:03:39 +0000 (13:03 +0200)]
pex: add support for sending endpoint notification from the wg port via raw socket

This makes it possible to use the global PEX socket (used for network data updates)
to be used to receive the endpoint address in a way that works through NAT.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoadd support for disabling VXLAN/eBPF support
Felix Fietkau [Mon, 29 Aug 2022 18:52:20 +0000 (20:52 +0200)]
add support for disabling VXLAN/eBPF support

This makes it easier to backport or de-bloat on smaller systems

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoadd support for overriding peer-exchange-port for individual hosts
Felix Fietkau [Mon, 29 Aug 2022 18:37:12 +0000 (20:37 +0200)]
add support for overriding peer-exchange-port for individual hosts

This can also be used to disable PEX completely for non-unetd host entries

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoscripts/update-cmd.pl: run update two times
Felix Fietkau [Mon, 29 Aug 2022 11:16:47 +0000 (13:16 +0200)]
scripts/update-cmd.pl: run update two times

Removing an IP address can clear device routes with matching network/mask.
Running the update a second time ensures that they get recreated

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoscripts/update-cmd.pl: set device up before adding routes/addresses
Felix Fietkau [Mon, 29 Aug 2022 11:10:28 +0000 (13:10 +0200)]
scripts/update-cmd.pl: set device up before adding routes/addresses

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoscripts/update-cmd.pl: reorder add/remove calls to better deal with dynamic changes
Felix Fietkau [Mon, 29 Aug 2022 11:08:29 +0000 (13:08 +0200)]
scripts/update-cmd.pl: reorder add/remove calls to better deal with dynamic changes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agopex-msg: fix siphash key initializer
Felix Fietkau [Sun, 28 Aug 2022 18:39:47 +0000 (20:39 +0200)]
pex-msg: fix siphash key initializer

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agobuild.sh: force use of -fPIC on static libraries to fix build error
Felix Fietkau [Sun, 28 Aug 2022 17:56:31 +0000 (19:56 +0200)]
build.sh: force use of -fPIC on static libraries to fix build error

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agounet-cli: fix formatting of help text
Felix Fietkau [Sun, 28 Aug 2022 17:56:12 +0000 (19:56 +0200)]
unet-cli: fix formatting of help text

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agounet-cli: enable ucode strict mode
Jo-Philipp Wich [Wed, 24 Aug 2022 22:58:44 +0000 (00:58 +0200)]
unet-cli: enable ucode strict mode

Enable strict mode and explicitly declare all used variables.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2 years agounet-cli: fix reference to missing variable
Felix Fietkau [Thu, 25 Aug 2022 10:38:32 +0000 (12:38 +0200)]
unet-cli: fix reference to missing variable

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agounet-cli: pass host object to set_host()
Felix Fietkau [Thu, 25 Aug 2022 10:40:17 +0000 (12:40 +0200)]
unet-cli: pass host object to set_host()

Avoids accessing global net_data from within the function

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agounet-cli: pass service object to set_service()
Felix Fietkau [Thu, 25 Aug 2022 10:37:24 +0000 (12:37 +0200)]
unet-cli: pass service object to set_service()

Avoids accessing global net_data from within the function

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agounet-cli: use modern module imports
Jo-Philipp Wich [Wed, 24 Aug 2022 22:49:10 +0000 (00:49 +0200)]
unet-cli: use modern module imports

Instead of loading the entire `fs` module space using `require()`, utilize
the `import` statement to load the fs function we actually use.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2 years agounet-cli: use modern ucode syntax
Jo-Philipp Wich [Wed, 24 Aug 2022 22:43:07 +0000 (00:43 +0200)]
unet-cli: use modern ucode syntax

Refactor various places in the script to use modern syntax, such as
template strings or `in` lookups.

Also introduce a simple `assert()` helper function to deal with the
repeated `if (!cond) { warn(msg); exit(1) }` pattern.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2 years agofix build errors when built against glibc
Felix Fietkau [Thu, 25 Aug 2022 10:16:31 +0000 (12:16 +0200)]
fix build errors when built against glibc

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agobuild.sh: add libbpf
Felix Fietkau [Thu, 25 Aug 2022 10:16:07 +0000 (12:16 +0200)]
build.sh: add libbpf

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agobuild: explicitly link in libelf and zlib
Felix Fietkau [Thu, 25 Aug 2022 10:15:40 +0000 (12:15 +0200)]
build: explicitly link in libelf and zlib

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agonetwork: add support for specifying a host gateway
Felix Fietkau [Wed, 24 Aug 2022 12:02:48 +0000 (14:02 +0200)]
network: add support for specifying a host gateway

A host will only use its gateway as a peer, and connections from
other hosts will be routed through the gateway host

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agounet-cli: bring up interface on ssh add
Felix Fietkau [Wed, 24 Aug 2022 08:58:49 +0000 (10:58 +0200)]
unet-cli: bring up interface on ssh add

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agounet-cli: allow editing remote host domain
Felix Fietkau [Tue, 23 Aug 2022 21:42:59 +0000 (23:42 +0200)]
unet-cli: allow editing remote host domain

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agonetwork: fix writing domain suffix to hosts file
Felix Fietkau [Tue, 23 Aug 2022 21:37:27 +0000 (23:37 +0200)]
network: fix writing domain suffix to hosts file

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoadd network json editor written in ucode
Felix Fietkau [Mon, 22 Aug 2022 20:14:32 +0000 (22:14 +0200)]
add network json editor written in ucode

reformat example json to match its output

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agohost: deal with host/peer null pointers in debug messages
Felix Fietkau [Tue, 23 Aug 2022 21:11:28 +0000 (23:11 +0200)]
host: deal with host/peer null pointers in debug messages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agopex: remove connected check in pex_msg_send
Felix Fietkau [Tue, 23 Aug 2022 21:06:09 +0000 (23:06 +0200)]
pex: remove connected check in pex_msg_send

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agopex: remove extra newline in debug message
Felix Fietkau [Tue, 16 Aug 2022 20:49:58 +0000 (22:49 +0200)]
pex: remove extra newline in debug message

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agohost: avoid running connect timer if the network is not up
Felix Fietkau [Tue, 16 Aug 2022 18:31:16 +0000 (20:31 +0200)]
host: avoid running connect timer if the network is not up

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agonetwork: fix potential use-after-free
Felix Fietkau [Tue, 16 Aug 2022 18:30:49 +0000 (20:30 +0200)]
network: fix potential use-after-free

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agonetwork: check for empty string arguments
Felix Fietkau [Tue, 16 Aug 2022 15:48:07 +0000 (17:48 +0200)]
network: check for empty string arguments

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoadd protocol for exchanging signed network data
Felix Fietkau [Sat, 13 Aug 2022 12:57:43 +0000 (14:57 +0200)]
add protocol for exchanging signed network data

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agopex: fix null pointer check
Felix Fietkau [Tue, 23 Aug 2022 20:35:54 +0000 (22:35 +0200)]
pex: fix null pointer check

check for local_host null pointer before dereferencing it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agofix SPDX tag
Felix Fietkau [Sat, 6 Aug 2022 13:51:18 +0000 (15:51 +0200)]
fix SPDX tag

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agocurve25519: rely on utils.h
Felix Fietkau [Sat, 6 Aug 2022 06:38:32 +0000 (08:38 +0200)]
curve25519: rely on utils.h

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoadd chacha20 implementation
Felix Fietkau [Fri, 5 Aug 2022 13:32:15 +0000 (15:32 +0200)]
add chacha20 implementation

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agopex: use pubkey directly instead of accessing local_host in pex_msg_init()
Felix Fietkau [Wed, 3 Aug 2022 20:27:01 +0000 (22:27 +0200)]
pex: use pubkey directly instead of accessing local_host in pex_msg_init()

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoadd support for loading signed network files
Felix Fietkau [Mon, 1 Aug 2022 15:57:46 +0000 (17:57 +0200)]
add support for loading signed network files

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoadd cli tool for signing network json files
Felix Fietkau [Sun, 31 Jul 2022 19:56:36 +0000 (21:56 +0200)]
add cli tool for signing network json files

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoadd ed25519 code to libunet
Felix Fietkau [Fri, 29 Jul 2022 11:14:22 +0000 (13:14 +0200)]
add ed25519 code to libunet

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agobpf_skb_utils: fix skb parsing on older kernels
Felix Fietkau [Sat, 13 Aug 2022 12:55:02 +0000 (14:55 +0200)]
bpf_skb_utils: fix skb parsing on older kernels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomss-bpf: remove unused-but-set variable
Felix Fietkau [Tue, 2 Aug 2022 19:05:49 +0000 (21:05 +0200)]
mss-bpf: remove unused-but-set variable

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoutils: free the correct addrinfo
Felix Fietkau [Tue, 2 Aug 2022 18:58:43 +0000 (20:58 +0200)]
utils: free the correct addrinfo

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoremove dummy mode
Felix Fietkau [Mon, 1 Aug 2022 05:48:39 +0000 (07:48 +0200)]
remove dummy mode

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomss-bpf: rework the code to use a common skb parser header file
Felix Fietkau [Sat, 9 Jul 2022 15:44:12 +0000 (17:44 +0200)]
mss-bpf: rework the code to use a common skb parser header file

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoutils: fix memory leak in network_get_endpoint()
Felix Fietkau [Tue, 2 Aug 2022 16:48:52 +0000 (18:48 +0200)]
utils: fix memory leak in network_get_endpoint()

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agobpf: ignore errors on program attach
Felix Fietkau [Thu, 30 Jun 2022 15:40:33 +0000 (17:40 +0200)]
bpf: ignore errors on program attach

Fixes issues with old kernels, which return errors for no reason

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agobuild: move some code to libunet
Felix Fietkau [Wed, 29 Jun 2022 18:35:29 +0000 (20:35 +0200)]
build: move some code to libunet

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agovxlan: add bpf program to fix up tcp mss values
Felix Fietkau [Wed, 29 Jun 2022 18:12:48 +0000 (20:12 +0200)]
vxlan: add bpf program to fix up tcp mss values

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agovxlan: fix endian of the configured port
Felix Fietkau [Tue, 28 Jun 2022 12:06:30 +0000 (14:06 +0200)]
vxlan: fix endian of the configured port

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agovxlan: add missing options
Felix Fietkau [Mon, 27 Jun 2022 15:55:15 +0000 (17:55 +0200)]
vxlan: add missing options

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoadd some documentation about the PEX protocol
Felix Fietkau [Thu, 23 Jun 2022 11:09:48 +0000 (13:09 +0200)]
add some documentation about the PEX protocol

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoexample: create wireguard and tunnel device
Felix Fietkau [Thu, 23 Jun 2022 08:46:19 +0000 (10:46 +0200)]
example: create wireguard and tunnel device

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoservice: filter out duplicate members
Felix Fietkau [Fri, 17 Jun 2022 12:26:00 +0000 (14:26 +0200)]
service: filter out duplicate members

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoservice: add vxlan tunnel support
Felix Fietkau [Wed, 15 Jun 2022 13:12:25 +0000 (15:12 +0200)]
service: add vxlan tunnel support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoservices: switch to vlist
Felix Fietkau [Tue, 31 May 2022 12:06:07 +0000 (14:06 +0200)]
services: switch to vlist

preparatation for supporting service types

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoadd missing copyright header
Felix Fietkau [Tue, 31 May 2022 10:30:14 +0000 (12:30 +0200)]
add missing copyright header

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoadd script for standalone builds
Felix Fietkau [Mon, 23 May 2022 17:57:30 +0000 (19:57 +0200)]
add script for standalone builds

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomake ubus support optional (enabled by default)
Felix Fietkau [Mon, 23 May 2022 13:04:57 +0000 (15:04 +0200)]
make ubus support optional (enabled by default)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoinitial commit
Felix Fietkau [Thu, 5 May 2022 08:49:46 +0000 (10:49 +0200)]
initial commit

Signed-off-by: Felix Fietkau <nbd@nbd.name>