per-path peer endpoints & glorytun path status

[miegl]

This pull request does 2 things:

• it allows setting per-path endpoints (https://github.com/angt/mud/pull/6) - fixes https://github.com/angt/glorytun/issues/44
• adds back the detailed glorytun path command under glorytun path status

The first change obviously requires some breaking CLI changes:

• the user no longer creates a client tunnel with glorytun bind <ipaddr> <port> to <peeraddr> <peerport>
• instead the peer endpoint is specified when creating a path - glorytun path up <ipaddr> peer <peeraddr> <peerport>
• when creating a master tunnel the master options has to be used - glorytun bind <ipaddr> <port> master
• master is the side that controls the path, slave learns the available paths from master - i.e. client is now master, server is now slave

[angt]

Hi,

Thanks a lot for taking the time to do this :)

Some random notes, before the real review:

• I don't think it's the best time to introduce the word master in the code. And in that scenario I was going to use active/passive for client/server.
• You need to rebase your work, a big change was coming in the CLI and your PR removes it. Ok, you've brought the old path back to life :)

[miegl]

* I don't think it's the best time to introduce the word `master` in the code.
  And in that scenario I was going to use active/passive for client/server.

Sure, I don't live under a rock, but client/server doesn't really describe the relationship and active/passive just seems off. But if the current political climate is a reason big enough to come up with different terminology, then sure, let's change it so something else.

[miegl]

Now that the terminology has changed (https://github.com/angt/mud/commit/da0f01b374287388b00e5f2885bd27f2fd5da168), I think we need rethink this PR. Active is sadly not a replacement for master, as something like glorytun bind <ipaddr> <port> active suggests a completely different thing.

Two possible solutions:

• set the interface to master/active mode when successfully bringing up a path with glorytun path - kinda hacky, not the best solution
• end slavery once and for all and make both sides of the tunnel equal. This would probably involve some protocol changes but its probably the better way to go, as it would also add some flexibility.

[angt]

Hi,

active means: I do the ping, key exchange, etc (clients). passive means: I just wait and do nothing (servers).

This is quite important because the passivity of the server can be seen as one of the golden rules of the project.

I don't think I'm going to add the master nor passive/active flag at start. I just want to move the to option to the path command.

Also, I apologize for my slow reactivity on the subject, I'm on vacation for a few more weeks. As soon as I have time I will move faster on many of the current issues.

[miegl]

Hi angt, no rush, enjoy your vacation :)

Why exactly is the passivity a golden rule of the project? In my eyes making both side equal doesn't look too bad, and also its better if we want to support multiple peers in the future.

[angt]

As a vpn, open to the world, the passivity (and laziness) of the server is an important notion for security :)

[angt]

Hi,

I added a new commit to allows the same behavior as your PR but without breaking CLI. As I'm still on vacation I don't have time to test and refine the code but in the end it should work. Some parts are unfinished but not critical, I'll fix them later.

Don't hesitate if you have any comments or ideas, I'll look at it in the following weeks.

[angt]

Oops, I lied about not breaking the CLI. I took the opportunity to add the set subcommand that was planned for the upcoming path status redesign.

[miegl]

Awesome, thanks for implementing this! I'll try it out and think of improvements. BTW is there a channel I can reach you over?

[angt]

Great, it's really a draft so don't hesitate if you have any ideas, I'll take it. There is also a lot of modifications and so a lot of bugs to fix before 0.4..

The simplest way to reach me is by mail :)