## Summary
- ipv6rwc: validate IPv6 packet length before reading the version nibble
in writePC
- config: guard the BOM check against configs shorter than two bytes
- admin: replace unchecked net.Error type assertion with errors.As;
tolerate empty unix socket paths
- multicast: log and continue on ReadFrom errors instead of panicking;
use checked type assertion on UDPAddr
- mobile: reject negative length in SendBuffer; nil-check AddrForKey in
GetPeersJSON and SummaryForConfig
- admin/get{tree,paths,sessions}: skip entries when AddrForKey returns
nil instead of dereferencing
- core/nodeinfo: validate the requested public key length in
nodeInfoAdminHandler, matching the other proto handlers
- add regression tests for the panic paths
## Why
A handful of error paths and platform-API edge cases reach fixed-size
indexing or unchecked type assertions before any length validation.
Most are reachable only locally (an empty config piped to -useconf,
a 0-byte packet from the mobile bindings, an admin DialTimeout error
that doesn't satisfy net.Error on some platforms), but they crash the
daemon hard. Have them return errors or skip the entry instead.
## Testing
- go test ./...
- go vet ./...
Currently, all init scripts, except for systemd, will generate a config
file with default permissions, which is usually `rw-r--r--`.
This is bad, because the config contains a private key.
The systemd service does `chmod 640` after creating the config, which is
much better than just leaving it readable for everyone forever, but
there is still a slight chance that some malicious program might steal
the private key during the time window between key creation and chmod.
For this reason, in this pull request I use `umask 037`, so the config
won't have read permission for others in the first place.
Note that I have only tested openrc and systemd services.
Also, I'm not sure what to do with the contrib/msi/build-msi.sh script,
which creates a bat file that generates a config. I don't know anything
about file permissions on windows, however, it seems that the bat file
generates the config into a user's personal directory, so maybe it's
already somewhat fine.
# Summary
This PR addresses failures to run Yggdrasil on ARM systems. The root
cause was the lack of ARM artifacts/images, which led to exec format
error and similar issues.
## What’s added:
- ```Dockerfile.multiarch``` — multi-stage Go build that correctly
propagates GOOS/GOARCH for linux/amd64, linux/arm64, linux/armhf and
linux/armel platform.
- ```entrypoint.sh``` - Introduced ENV **ALLOW_IPV6_FORWARDING**. When
set to a truthy value (e.g., true), the entrypoint executes: ```sysctl
-w net.ipv6.conf.all.forwarding=1```.
- GitHub Action for multi-arch builds and publishing to GHCR — triggered
via ```workflow_dispatch```, push to ```master``` and release via tags
(with docker semantic tags e.g. v0.5.12 → 0.5.12, 0.5, 0).
Example published images:
[https://github.com/Forne/yggdrasil-go/pkgs/container/yggdrasil-go](https://github.com/Forne/yggdrasil-go/pkgs/container/yggdrasil-go)
## Testing
✅ Ubuntu (24.04, amd64) — image runs correctly.
✅ macOS (Apple Silicon, arm64) — image runs correctly.
✅ MikroTik RouterOS (arm64) — image runs under the RouterOS container
package.
This PR updates Ironwood to include the new RTT-based link costing and
updates `yggdrasilctl` to report the cost in `getPeers`.
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
* Update Debian package
* Don't put `AdminListen` in config by default, fix path in Debian package
* Fix path in unit file
* Preserve original service files for other packages
---------
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
* Allow setting link priorities
* Fix a bug
* Allow setting priority on listeners and multicast interfaces
* Update `yggdrasilctl`
* Update to Arceliar/ironwood#5
* Link refactoring
* More refactoring
* More tweaking
* Cleaner shutdowns, UNIX socket support, more tweaks
* Actorise links, remove mutex
* SOCKS support
* Do not exit on multicast errors (mobile)
* Consistency with cmd/yggdrasil/main.go
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
