re6stnet:a412977df36c8975e3ad01876413e4d9c9de59b2 commitshttps://lab.nexedi.com/nexedi/re6stnet/-/commits/a412977df36c8975e3ad01876413e4d9c9de59b22021-07-01T15:35:25+02:00https://lab.nexedi.com/nexedi/re6stnet/-/commit/a412977df36c8975e3ad01876413e4d9c9de59b2Empty commit to rebuild Debian package with greater version2021-07-01T15:35:25+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/5bdb32e6deb27624123e7966e769650df2fa7dc1debian: drop init scripts2021-06-30T19:45:34+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/ba573ab79903858e73766ede84d63bc283f52bf4Make nodes ask registry for their country2021-06-07T17:28:23+02:00Julien Muchembledjm@nexedi.com
To prepare for the removal of geoip2, we want nodes to ask the registry
for their country. geoip2 is kept in this update since nodes will still
need to figure out countries of other nodes which haven't updated yet.
Once all nodes will be updated to this version, geoip2 will be ready to
be deleted.
See merge request <a href="/nexedi/re6stnet/-/merge_requests/32" data-original="nexedi/re6stnet!32" data-link="false" data-link-reference="false" data-project="206" data-merge-request="4841" data-project-path="nexedi/re6stnet" data-iid="32" data-mr-title="Make nodes ask registry for their country" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">!32</a>https://lab.nexedi.com/nexedi/re6stnet/-/commit/dd943d7c03b6f86b29ecdbf7f537d3eee8a66be2Reduce width of lines over 80 characters2021-06-07T11:28:45+02:00Johan Hugéjohan.huge@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/3bc45368c64a6f23f6deb29e54a164469f489cd5Make country tunnel parameter naming consistent2021-06-07T11:28:45+02:00Johan Hugéjohan.huge@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/04a736f12bff97c78ff5284fb73fea30db5d0889Replace tab by spaces2021-06-07T11:28:45+02:00Johan Hugéjohan.huge@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/47d374bc1348541d377b5f6908a7d2be030d56a6Make nodes ask registry for their country2021-06-07T11:28:45+02:00Johan Hugéjohan.huge@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/e7229916d1cf83521c65fa79b1c626f69c7590acAdd getCountry RPC2021-06-07T11:28:42+02:00Johan Hugéjohan.huge@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/0f97c0266bb36dbb4723f7623a6ee0cba83169a3Fix issue causing nodes to ignore countries after restart2021-05-04T14:18:39+02:00Johan Hugéjohan.huge@nexedi.com
If a node restarts and has its address with its country in the cache, it
won't set the _country attribute, and will therefore ignore countries
when making tunnels.
See merge request <a href="/nexedi/re6stnet/-/merge_requests/31" data-original="nexedi/re6stnet!31" data-link="false" data-link-reference="false" data-project="206" data-merge-request="4765" data-project-path="nexedi/re6stnet" data-iid="31" data-mr-title="Fix issue causing nodes to ignore countries after restart" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">!31</a>https://lab.nexedi.com/nexedi/re6stnet/-/commit/e8629de5fdd23bee672970a976b519e0a60f1292Do not kill a preferred tunnel if it would recreate the same tunnel afterwards2021-04-08T16:32:42+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/721f9d4355b40c8cdcdc9bb91383c37a30fa8940fix typo in documentation2021-03-31T10:05:47+02:00Thomas Gambierthomas.gambier@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/1adefd5d1cdb073bd12b8dc25bd67199ea7ec83fsame_country: fix UnicodeEncodeError in Peer.encode2021-03-27T18:32:02+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/ecda9f0657601616fdeee92c9b3e193357552c4dFix TypeError in _updateCountry2021-03-23T12:00:09+01:00Johan Hugéjohan.huge@nexedi.com
Addresses passed to _updateCountry can contain countries if
cache.my_address is used to initialize address in BaseTunnelManager init
function, which causes resolve to be called with too many arguments.https://lab.nexedi.com/nexedi/re6stnet/-/commit/bbde1c0d4e106c7e7345d32ab280c0d180c745d3Fix two issues related to handleHello2021-03-22T18:06:19+01:00Johan Hugéjohan.huge@nexedi.com
In some circumstances, the hello_protocol attribute could get modified
on the wrong peer, which would raise an AttributeError.
On reception of seqno 1 from a peer with protocol < 7, protocol could be
equal to zero which would cause handleHello to not return True, causing
the handshake to fail.https://lab.nexedi.com/nexedi/re6stnet/-/commit/85d77bd84aef55c7ab0b0af36a203bcd69d29d42New --country option; add country in addresses2021-02-11T14:42:26+01:00Johan Hugéjohan.huge@nexedi.com
This commit concerns networks that use the --same-country option.
We recently discovered that the IP geolocation database contains
incorrect entries. To work around this, the protocol needs to be
changed by adding the country as 4th field in addresses (the first 3
are: ip, port, protocol) and the new --country option allows a node
to announce a country that differs from the one the GeoIP DB.
Thanks to the previous commits it's possible to implement backward
compatibility, by not sending the 4th field (country) to nodes that
can't parse it. Of course, these old nodes would continue to not
create appropriate tunnels and after a while, the administrator of
the network may decide to increase registry's --min-protocol (7).
In a network with only nodes that implement this last version of the
protocol, the nodes may only use the GeoIP DB to resolve their own IPs.
See merge request <a href="/nexedi/re6stnet/-/merge_requests/27" data-original="nexedi/re6stnet!27" data-link="false" data-link-reference="false" data-project="206" data-merge-request="4561" data-project-path="nexedi/re6stnet" data-iid="27" data-mr-title="WIP: Add version protocol in hello handshakes and add country in addresses" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">nexedi/re6stnet!27</a>https://lab.nexedi.com/nexedi/re6stnet/-/commit/bb7e637659d0ee82a6e38233cac119b9bd09c20fAdd protocol to handshake with registry2021-02-11T14:41:25+01:00Johan Hugéjohan.huge@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/4f327e1b5d4ced9ad424acd8d1cdf022d928c452Add protocol to handshake between nodes2021-02-11T14:38:48+01:00Julien Muchembledjm@nexedi.com
There is a need to be able to extend the protocol without breaking
compatibility with old nodes. This is done by sending version.protocol
during inter-node handshake, in seqno 1 and seqno 2, so that a node
knows what version the peers speak and use appropriate format.
This is implemented with partial backward compatibility: handshake with
an old node succeeds when the new node does not have to send seqno 1.https://lab.nexedi.com/nexedi/re6stnet/-/commit/ee93c63ec8de040bb4f38b228e928381cd93f5b4doc: clarify system configuration when using --default2020-12-22T13:37:53+01:00Johan Hugéjohan.huge@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/426e929942a9eea219a8bc4d502289dce7e032e0doc: update manpage about automatic startup2020-12-03T12:04:28+01:00Julien Muchembledjm@nexedi.com
Behaviour changed in commit <a href="/jhuge/re6stnet/-/commit/5a8e41868c76cf7f1c3827c01a743ab8dca57ae2" data-original="5a8e41868c76cf7f1c3827c01a743ab8dca57ae2" data-link="false" data-link-reference="false" data-project="1297" data-commit="5a8e41868c76cf7f1c3827c01a743ab8dca57ae2" data-reference-type="commit" data-container="body" data-placement="top" data-html="true" title="Drop NetworkManager/ifupdown support for setups that are bound to an interface" class="gfm gfm-commit has-tooltip">5a8e4186</a>.https://lab.nexedi.com/nexedi/re6stnet/-/commit/4397261559f7803f14f5a5d8345407abcf598833fixup! debian: also ship systemd units2020-01-13T13:56:50+01:00Julien Muchembledjm@nexedi.com
On machines using systemd, services were not enabled by default.https://lab.nexedi.com/nexedi/re6stnet/-/commit/5b765db035e611b2d03ef81962b7d2ace503e440Bump protocol version2020-01-10T17:24:35+01:00Julien Muchembledjm@nexedi.com
To reenable RTT-based metric, we usually want to force old nodes
to upgrade, so that they don't always look faster that others.https://lab.nexedi.com/nexedi/re6stnet/-/commit/8c2adc3622dd83e2f3ee6545fd057ad60100fa13Tell babeld that openvpn interfaces are of type tunnel2020-01-10T15:07:49+01:00Julien Muchembledjm@nexedi.com
This reenables RTT-based metric, which
was disabled since we moved to v1.8+.https://lab.nexedi.com/nexedi/re6stnet/-/commit/21ad8a0788259e54829728b36489975f785b4714debian: fix removal of obsolete files in /etc2020-01-02T20:22:23+01:00Julien Muchembledjm@nexedi.com
See commit <a href="/zf.huang/re6stnet/-/commit/5a8e41868c76cf7f1c3827c01a743ab8dca57ae2" data-original="5a8e41868c76cf7f1c3827c01a743ab8dca57ae2" data-link="false" data-link-reference="false" data-project="1454" data-commit="5a8e41868c76cf7f1c3827c01a743ab8dca57ae2" data-reference-type="commit" data-container="body" data-placement="top" data-html="true" title="Drop NetworkManager/ifupdown support for setups that are bound to an interface" class="gfm gfm-commit has-tooltip">5a8e4186</a>.https://lab.nexedi.com/nexedi/re6stnet/-/commit/889fde3b4f34dff0e2d10c46c7ae17e6b44dab20Drop support for Python 2.62019-12-27T17:17:38+01:00Julien Muchembledjm@nexedi.com
Commit <a href="/jhuge/re6stnet/-/commit/40d4e4969bbf8718fb7933b9514e77fcfab4f50b" data-original="40d4e4969bbf8718fb7933b9514e77fcfab4f50b" data-link="false" data-link-reference="false" data-project="1297" data-commit="40d4e4969bbf8718fb7933b9514e77fcfab4f50b" data-reference-type="commit" data-container="body" data-placement="top" data-html="true" title="Backward compatibility for Python 2.6" class="gfm gfm-commit has-tooltip">40d4e496</a> is not reverted
because Python 3 will also require to keep the distinction between
blob and text.https://lab.nexedi.com/nexedi/re6stnet/-/commit/c8b11bf3a672326529590242fabdbe0c0543ea90debian: do not stop re6stnet until after the package upgrade has been completed2019-12-27T16:21:17+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/41218752d32b5709cdc1353458511aa525b3c323debian: Squeeze is not supported anymore2019-12-27T16:21:17+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/09219dadde4d1100928352fcb2091dbbc11ea0bcdebian: also ship systemd units2019-12-27T16:21:17+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/5a8e41868c76cf7f1c3827c01a743ab8dca57ae2Drop NetworkManager/ifupdown support for setups that are bound to an interface2019-12-27T16:21:17+01:00Julien Muchembledjm@nexedi.com
This feature was mainly for laptops but users:
- often don't care having the daemon running all the time;
- may not want to use the 'main-interface' option because the interface that
provides internet access is not always the same, e.g. wifi & wired;
- may want other kinds of conditions,
e.g. only specific wifi access points.
So in practice, main-interface is currently only use to set up a DHCP server or
provide IPv6 autoconfiguration. For such case, it is preferred to start/stop
re6stnet like a normal service.https://lab.nexedi.com/nexedi/re6stnet/-/commit/4198f9d59760cefdb6cfcca7b5fb8fa2490f0423Document that /etc/re6stnet does not have to contain a dh2048.pem file2019-12-27T15:07:00+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/321ed7f0139b6b6b99b079a0da02994d1d6909e5fixup! Fix renewal of expired certificate with recent OpenSSL2019-12-11T12:08:35+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/6532a739ba36c102616a957878f8eba1a19f73c0New release of babeld2019-12-11T12:01:17+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/9fab68eef98061e6a95d5ff5a55078b2cd0b16a8Fix file descriptor leaks2019-11-08T18:33:22+01:00Julien Muchembledjm@nexedi.com
This should fix strange bugs after running the demo for a long time,
with certificate renewal happening every few minutes.https://lab.nexedi.com/nexedi/re6stnet/-/commit/343e910a4e000cb794e1d52f522e0dc13a86bde2Remove --ipv6, reuse --ip instead2019-11-07T15:54:32+01:00Julien Muchembledjm@nexedi.com
The previous commit, which adds --ipv6, has the issue
that it does not check whether given IPs are valid.
Since IPv4 & IPv6 use completely different address
representation, --ip can be used for both.https://lab.nexedi.com/nexedi/re6stnet/-/commit/0106e2f9aa3beb8461af08066dfc912125a2e0e5New --ipv6 option and fix learning of external IPv6 from other peers2019-11-06T21:30:17+01:00Julien Muchembledjm@nexedi.com
When re6st attempts to use UPnP and IPv6 is enabled at the same time,
the external IPv4 was published for IPv6 protocols.
For example, machine6 in the demo had:
10.0.1.3,1194,tcp;10.0.1.3,1194,udp;10.0.1.3,1195,udp6
This caused re6stnet to crash (socket.gaierror) if GEOIP2_MMDB is set.
With this commit, IPv4 & IPv6 are now processed independently.https://lab.nexedi.com/nexedi/re6stnet/-/commit/ebee829d2cd98d6a0fe04990f34ce2ca1fe4e294Adapt HMAC to upstream option 'no_hmac_verify'2019-10-31T22:45:50+01:00Killian Lufaukillian.lufau@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/21eacdba757b875ff211ac2123ca52587f4a88ebdemo: some clean-up in hmac test2019-10-31T22:45:50+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/a1f90d18ec8f62e15f6c28ddaf70d2ea09fbb664Fix renewal of expired certificate with recent OpenSSL2019-10-22T09:17:59+02:00Julien Muchembledjm@nexedi.com
/reviewed-on <a href="https://lab.nexedi.com/nexedi/re6stnet/merge_requests/21" data-original="https://lab.nexedi.com/nexedi/re6stnet/merge_requests/21" data-link="false" data-link-reference="true" data-project="206" data-merge-request="3313" data-project-path="nexedi/re6stnet" data-iid="21" data-mr-title="Fix renewal of expired certificate with recent OpenSSL" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">!21</a>https://lab.nexedi.com/nexedi/re6stnet/-/commit/1098ba6fb2ba28c71d5c2079b78280e2f3b86866demo: Add testing of HMAC2019-07-04T13:59:59+02:00Killian Lufaukillian.lufau@nexedi.com
/reviewed-on <a href="https://lab.nexedi.com/nexedi/re6stnet/merge_requests/19" data-original="https://lab.nexedi.com/nexedi/re6stnet/merge_requests/19" data-link="false" data-link-reference="true" data-project="206" data-merge-request="3028" data-project-path="nexedi/re6stnet" data-iid="19" data-mr-title="Add testing of HMAC" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">nexedi/re6stnet!19</a>https://lab.nexedi.com/nexedi/re6stnet/-/commit/d02331997e5fe04f2c27b079d6879936474e8152Fix handling of private methods2019-07-03T14:31:33+02:00Killian Lufaukillian.lufau@nexedi.com
The detection of the attribute `_private` was performed on a string
object representing the name of the method instead of the method itself,
leading to the registry allowing anyone to call private methods.https://lab.nexedi.com/nexedi/re6stnet/-/commit/d868f09a90059006fb9fd79377c3b73af7efa8b8demo: add another re6st network2019-06-27T16:37:12+02:00Killian Lufaukillian.lufau@nexedi.com
The purpose is to check that HMAC prevents routes from being exchanged
between the 2 networks. This happened when 2 nodes of 2 different re6st
networks are in the same LAN, and it caused many issues.
/reviewed-on <a href="https://lab.nexedi.com/nexedi/re6stnet/merge_requests/15" data-original="https://lab.nexedi.com/nexedi/re6stnet/merge_requests/15" data-link="false" data-link-reference="true" data-project="206" data-merge-request="2935" data-project-path="nexedi/re6stnet" data-iid="15" data-mr-title="demo: add another re6st network" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">!15</a>