Merge branch 'future' into neil/mptcp

cmd/yggdrasil/main.go

@@ -3,7 +3,6 @@ package main
 import (
 	"context"
 	"crypto/ed25519"
-	"crypto/sha1"
 	"encoding/hex"
 	"encoding/json"
 	"flag"
@@ -45,8 +44,6 @@ func main() {
 	useconffile := flag.String("useconffile", "", "read HJSON/JSON config from specified file path")
 	normaliseconf := flag.Bool("normaliseconf", false, "use in combination with either -useconf or -useconffile, outputs your configuration normalised")
 	exportkey := flag.Bool("exportkey", false, "use in combination with either -useconf or -useconffile, outputs your private key in PEM format")
-	exportcsr := flag.Bool("exportcsr", false, "use in combination with either -useconf or -useconffile, outputs your self-signed certificate request in PEM format")
-	exportcert := flag.Bool("exportcert", false, "use in combination with either -useconf or -useconffile, outputs your self-signed certificate in PEM format")
 	confjson := flag.Bool("json", false, "print configuration from -genconf or -normaliseconf as JSON instead of HJSON")
 	autoconf := flag.Bool("autoconf", false, "automatic mode (dynamic IP, peer with IPv6 neighbors)")
 	ver := flag.Bool("version", false, "prints the version of this build")
@@ -177,30 +174,10 @@ func main() {
 		}
 		fmt.Println(string(pem))
 		return
-
-	case *exportcsr:
-		pem, err := cfg.GenerateCertificateSigningRequest()
-		if err != nil {
-			panic(err)
-		}
-		fmt.Println(string(pem))
-		return
-
-	case *exportcert:
-		pem, err := cfg.MarshalPEMCertificate()
-		if err != nil {
-			panic(err)
-		}
-		fmt.Println(string(pem))
-		return
 	}
 
 	n := &node{}
 
-	// Track certificate fingerprints for configured roots, so
-	// that we can match them using the multicast discriminator.
-	fingerprints := map[[20]byte]struct{}{}
-
 	// Setup the Yggdrasil node itself.
 	{
 		options := []core.SetupOption{
@@ -218,10 +195,6 @@ func main() {
 				options = append(options, core.Peer{URI: peer, SourceInterface: intf})
 			}
 		}
-		for _, root := range cfg.RootCertificates {
-			options = append(options, core.RootCertificate(*root))
-			fingerprints[sha1.Sum(root.Raw[:])] = struct{}{}
-		}
 		for _, allowed := range cfg.AllowedPublicKeys {
 			k, err := hex.DecodeString(allowed)
 			if err != nil {
@@ -257,31 +230,9 @@ func main() {
 				Listen:   intf.Listen,
 				Port:     intf.Port,
 				Priority: uint8(intf.Priority),
+				Password: intf.Password,
 			})
 		}
-		if len(fingerprints) > 0 {
-			var matcher multicast.DiscriminatorMatch = func(b []byte) bool {
-				// Break apart the discriminator into 20-byte chunks and
-				// see whether any of them match the configured root CA
-				// fingerprints. If any of them match, we'll return true.
-				var f [20]byte
-				for len(b) >= len(f) {
-					b = b[copy(f[:], b):]
-					if _, ok := fingerprints[f]; ok {
-						return true
-					}
-				}
-				return false
-			}
-			// Populate our own discriminator with the fingerprints of our
-			// configured root CAs.
-			var discriminator multicast.Discriminator
-			for f := range fingerprints {
-				discriminator = append(discriminator, f[:]...)
-			}
-			options = append(options, matcher)
-			options = append(options, discriminator)
-		}
 		if n.multicast, err = multicast.New(n.core, logger, options...); err != nil {
 			panic(err)
 		}

contrib/mobile/build

@@ -37,7 +37,7 @@ if [ $IOS ]; then
   echo "Building framework for iOS"
   go get golang.org/x/mobile/bind
   gomobile bind \
-    -target ios -tags mobile -o Yggdrasil.xcframework \
+    -target ios,macos -tags mobile -o Yggdrasil.xcframework \
     -ldflags="$LDFLAGS $STRIP" -gcflags="$GCFLAGS" \
     ./contrib/mobile ./src/config;
 fi

contrib/mobile/mobile.go

@@ -13,6 +13,7 @@ import (
 	"github.com/yggdrasil-network/yggdrasil-go/src/core"
 	"github.com/yggdrasil-network/yggdrasil-go/src/ipv6rwc"
 	"github.com/yggdrasil-network/yggdrasil-go/src/multicast"
+	"github.com/yggdrasil-network/yggdrasil-go/src/tun"
 	"github.com/yggdrasil-network/yggdrasil-go/src/version"
 
 	_ "golang.org/x/mobile/bind"
@@ -28,7 +29,9 @@ type Yggdrasil struct {
 	iprwc     *ipv6rwc.ReadWriteCloser
 	config    *config.NodeConfig
 	multicast *multicast.Multicast
+	tun       *tun.TunAdapter // optional
 	log       MobileLogger
+	logger    *log.Logger
 }
 
 // StartAutoconfigure starts a node with a randomly generated config
@@ -39,6 +42,8 @@ func (m *Yggdrasil) StartAutoconfigure() error {
 // StartJSON starts a node with the given JSON config. You can get JSON config
 // (rather than HJSON) by using the GenerateConfigJSON() function
 func (m *Yggdrasil) StartJSON(configjson []byte) error {
+	setMemLimitIfPossible()
+
 	logger := log.New(m.log, "", 0)
 	logger.EnableLevel("error")
 	logger.EnableLevel("warn")
@@ -65,9 +70,6 @@ func (m *Yggdrasil) StartJSON(configjson []byte) error {
 			}
 			options = append(options, core.AllowedPublicKey(k[:]))
 		}
-		for _, root := range m.config.RootCertificates {
-			options = append(options, core.RootCertificate(*root))
-		}
 		var err error
 		m.core, err = core.New(m.config.Certificate, logger, options...)
 		if err != nil {
@@ -86,11 +88,12 @@ func (m *Yggdrasil) StartJSON(configjson []byte) error {
 				Listen:   intf.Listen,
 				Port:     intf.Port,
 				Priority: uint8(intf.Priority),
+				Password: intf.Password,
 			})
 		}
-		m.multicast, err = multicast.New(m.core, logger, options...)
+		m.multicast, err = multicast.New(m.core, m.logger, options...)
 		if err != nil {
-			logger.Errorln("An error occurred starting multicast:", err)
+			m.logger.Errorln("An error occurred starting multicast:", err)
 		}
 	}
 
@@ -153,6 +156,11 @@ func (m *Yggdrasil) Stop() error {
 	if err := m.multicast.Stop(); err != nil {
 		return err
 	}
+	if m.tun != nil {
+		if err := m.tun.Stop(); err != nil {
+			return err
+		}
+	}
 	m.core.Stop()
 	return nil
 }

contrib/mobile/mobile_ios.go

@@ -15,6 +15,8 @@ void Log(const char *text) {
 import "C"
 import (
 	"unsafe"
+
+	"github.com/yggdrasil-network/yggdrasil-go/src/tun"
 )
 
 type MobileLogger struct {
@@ -26,3 +28,13 @@ func (nsl MobileLogger) Write(p []byte) (n int, err error) {
 	C.Log(cstr)
 	return len(p), nil
 }
+
+func (m *Yggdrasil) TakeOverTUN(fd int32) error {
+	options := []tun.SetupOption{
+		tun.FileDescriptor(fd),
+		tun.InterfaceMTU(m.iprwc.MTU()),
+	}
+	var err error
+	m.tun, err = tun.New(m.iprwc, m.logger, options...)
+	return err
+}

contrib/mobile/mobile_mem_go120.go

@@ -0,0 +1,10 @@
+//go:build go1.20
+// +build go1.20
+
+package mobile
+
+import "runtime/debug"
+
+func setMemLimitIfPossible() {
+	debug.SetMemoryLimit(1024 * 1024 * 40)
+}

contrib/mobile/mobile_mem_other.go

@@ -0,0 +1,8 @@
+//go:build !go1.20
+// +build !go1.20
+
+package mobile
+
+func setMemLimitIfPossible() {
+	// not supported by this Go version
+}

contrib/mobile/mobile_test.go

@@ -1,9 +1,21 @@
 package mobile
 
-import "testing"
+import (
+	"os"
+	"testing"
+
+	"github.com/gologme/log"
+)
 
 func TestStartYggdrasil(t *testing.T) {
-	ygg := &Yggdrasil{}
+	logger := log.New(os.Stdout, "", 0)
+	logger.EnableLevel("error")
+	logger.EnableLevel("warn")
+	logger.EnableLevel("info")
+
+	ygg := &Yggdrasil{
+		logger: logger,
+	}
 	if err := ygg.StartAutoconfigure(); err != nil {
 		t.Fatalf("Failed to start Yggdrasil: %s", err)
 	}

go.mod

@@ -5,42 +5,43 @@ go 1.20
 require (
 	github.com/Arceliar/ironwood v0.0.0-20230805085300-86206813435f
 	github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d
-	github.com/cheggaaa/pb/v3 v3.0.8
-	github.com/gologme/log v1.2.0
+	github.com/cheggaaa/pb/v3 v3.1.4
+	github.com/gologme/log v1.3.0
 	github.com/hashicorp/go-syslog v1.0.0
 	github.com/hjson/hjson-go/v4 v4.3.0
 	github.com/kardianos/minwinsvc v1.0.2
-	github.com/quic-go/quic-go v0.37.4
+	github.com/quic-go/quic-go v0.39.0
 	github.com/vishvananda/netlink v1.1.0
-	golang.org/x/mobile v0.0.0-20221110043201-43a038452099
-	golang.org/x/net v0.10.0
-	golang.org/x/sys v0.8.0
-	golang.org/x/text v0.9.0
-	golang.zx2c4.com/wireguard v0.0.0-20211017052713-f87e87af0d9a
-	golang.zx2c4.com/wireguard/windows v0.4.12
+	golang.org/x/crypto v0.14.0
+	golang.org/x/mobile v0.0.0-20231006135142-2b44d11868fe
+	golang.org/x/net v0.17.0
+	golang.org/x/sys v0.13.0
+	golang.org/x/text v0.13.0
+	golang.zx2c4.com/wireguard v0.0.0-20230223181233-21636207a675
+	golang.zx2c4.com/wireguard/windows v0.5.3
 )
 
 require (
 	github.com/bits-and-blooms/bitset v1.5.0 // indirect
 	github.com/bits-and-blooms/bloom/v3 v3.3.1 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
-	github.com/golang/mock v1.6.0 // indirect
 	github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
-	github.com/mattn/go-colorable v0.1.8 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/onsi/ginkgo/v2 v2.9.5 // indirect
-	github.com/quic-go/qtls-go1-20 v0.3.1 // indirect
+	github.com/quic-go/qtls-go1-20 v0.3.4 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
-	golang.org/x/crypto v0.8.0 // indirect
+	go.uber.org/mock v0.3.0 // indirect
 	golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect
-	golang.org/x/mod v0.10.0 // indirect
-	golang.org/x/tools v0.9.1 // indirect
+	golang.org/x/mod v0.13.0 // indirect
+	golang.org/x/tools v0.14.0 // indirect
+	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 )
 
 require (
 	github.com/VividCortex/ewma v1.2.0 // indirect
-	github.com/fatih/color v1.12.0 // indirect
-	github.com/mattn/go-isatty v0.0.13 // indirect
-	github.com/mattn/go-runewidth v0.0.13 // indirect
+	github.com/fatih/color v1.15.0 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
 )