nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge d079387225 into 623faf794a

Browse Source
This commit is contained in:
Martin Weinelt 2018-02-04 18:22:05 +00:00 committed by GitHub
commit 59eb3c20f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 59 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/user/site.rst
View File

@ -198,6 +198,12 @@ mesh_vpn
defines the MTU of the VPN interface, determining a proper MTU value is described defines the MTU of the VPN interface, determining a proper MTU value is described
in the :ref:`FAQ <faq-mtu>`. in the :ref:`FAQ <faq-mtu>`.
By default information that could be used to associate client traffic with a nodes
IP address is not advertised to protect the nodes privacy. This usually requires
the attacker to be able to observe the link over which the tunnel flows.
If this is of no concern in your threat-model this behaviour can be disabled by
setting *pubkey_privacy* to `false`.
The `fastd` section configures settings specific to the *fastd* VPN The `fastd` section configures settings specific to the *fastd* VPN
implementation. implementation.

1
package/gluon-mesh-vpn-core/check_site.lua
View File

@ -1,5 +1,6 @@
need_boolean(in_site({'mesh_vpn', 'enabled'}), false) need_boolean(in_site({'mesh_vpn', 'enabled'}), false)
need_number({'mesh_vpn', 'mtu'}) need_number({'mesh_vpn', 'mtu'})
need_boolean(in_site({'mesh_vpn', 'pubkey_privacy'}), false)
need_boolean(in_site({'mesh_vpn', 'bandwidth_limit', 'enabled'}), false) need_boolean(in_site({'mesh_vpn', 'bandwidth_limit', 'enabled'}), false)
need_number(in_site({'mesh_vpn', 'bandwidth_limit', 'ingress'}), false) need_number(in_site({'mesh_vpn', 'bandwidth_limit', 'ingress'}), false)

52
package/gluon-mesh-vpn-fastd/src/respondd.c
View File

@ -73,6 +73,56 @@ static struct json_object * get_fastd_version(void) {
return ret; return ret;
} }
static struct json_object * get_fastd_public_key(void) {
FILE *f = popen("/etc/init.d/fastd show_key mesh_vpn", "r");
if (!f)
return NULL;
char *line = NULL;
size_t len = 0;
ssize_t r= getline(&line, &len, f);
pclose(f);
if (r >= 0) {
len = strlen(line); /* The len given by getline is the buffer size, not the string length */
if (len && line[len-1] == '\n')
line[len-1] = 0;
}
else {
free(line);
line = NULL;
}
return gluonutil_wrap_and_free_string(line);
}
static bool get_pubkey_privacy(void) {
bool ret = true;
struct json_object *site = NULL;
site = gluonutil_load_site_config();
if (!site)
goto end;
struct json_object *mesh_vpn;
if (!json_object_object_get_ex(site, "mesh_vpn", &mesh_vpn))
goto end;
struct json_object *pubkey_privacy;
if (!json_object_object_get_ex(mesh_vpn, "pubkey_privacy", &pubkey_privacy))
goto end;
ret = json_object_get_boolean(pubkey_privacy);
end:
json_object_put(site);
return ret;
}
static struct json_object * get_fastd(void) { static struct json_object * get_fastd(void) {
bool enabled = false; bool enabled = false;
struct json_object *ret = json_object_new_object(); struct json_object *ret = json_object_new_object();
@ -100,6 +150,8 @@ disabled:
disabled_nofree: disabled_nofree:
json_object_object_add(ret, "version", get_fastd_version()); json_object_object_add(ret, "version", get_fastd_version());
json_object_object_add(ret, "enabled", json_object_new_boolean(enabled)); json_object_object_add(ret, "enabled", json_object_new_boolean(enabled));
if (enabled && !get_pubkey_privacy())
json_object_object_add(ret, "public_key", get_fastd_public_key());
return ret; return ret;
} }