the server component had a small bug, empty checking the wrong variable before building a list of allowed zones

when using a config without any Fqdns defined this would result in the server refusing the client access to tunnel anything if any zones where about to be used


tup proxies services on the local network to a remote gateway, all traffic between the remote server and the service on the local network is sent through a wireguard tunnel

think of tup as an open source and self-hosted alternative to ngrok and cloudflare tunnel

tupd (the server) can be found at: https://drive.proton.me/urls/GEJM1HT0DW#aOop4p7zxaPA

the tup client can be found at: https://drive.proton.me/urls/63SE9PW020#GFzZrprg9wjZ


I also noticed all file extensions were not inspectable directly in the drive (even though everything is only text files), I apologize for that, I believe transparancy is a very important key factor

I’ve complemented with .diff files generated with diff from GNU diffutils, there are ‘full’ diff files for both tup and tupd (ending with _full.diff), and there is also a diff file for only the changes between tupd-0.5 and tupd-0.6 (tupd-0.6.diff)

the ‘full’ diff files can also be applied to an empty directory with GNU patch like this:

mkdir tupd-0.6
patch --directory=tupd-0.6/ --strip=1 < tupd-0.6_full.diff

Since my project is not uploaded by me to any git service many people didn’t look on how it can be used so I want to give a few examples of the client, more explanations and examples can be found in the README.md and EXAMPLE.md of the client

Syntax: tup [-zone <zone>] [@][host]:[#]<port>

Examples:

tup :8080 this would proxy http://127.0.0.1:8080 onto a random subdomain on default zone, for example: https://xyz123.zone.domain.tld

tup 192.168.1.11:8080 this would proxy http://192.168.1.11:8080 onto a random subdomain on default zone

Syntax: tup -fqdn <domain> [@][host]:[#][@]<port>

Examples:

tup -fqdn sub.domain.tld :8080 this would proxy http://127.0.0.1:8080 directly onto https://sub.domain.tld

tup -fqdn sub.domain.tld 192.168.1.11:@8443 this would proxy https://192.168.1.11:8443 directly onto https://sub.domain.tld, skipping caddy and its tls termination on the server, same as a raw tcp proxy / sni proxy

Syntax: tup -udp|-tcp [rport:][@][host]:<port>

Examples:

tup -udp :27015 this would proxy udp://127.0.0.1:27015 onto a random UDP port on the server

tup -udp 27016:27015 this would proxy udp://127.0.0.1:27015 onto UDP port 27016 on the server

tup -udp 27016:192.168.1.11:27015 this would proxy udp://192.168.1.11:27015 onto UDP port 27016 on the server

tup -tcp :3306 this would proxy tcp://127.0.0.1:3306 onto a random TCP port on the server

I also want to clarify that the code is released with the Unlicense template, dedicating my software to the public domain

  • ramielrowe@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    5 months ago

    Gotta be honest, downloading security related software from a random drive is sending off sketchy vibes. Fundamentally, it’s no different than a random untrusted git repo. But, I really would suggest using some source control rather than trying to roll your own with diff archives.

    Likewise, I would also suggest adding in some unit and functional tests. Not only would it help maintain software quality, but also build confidence in other folks using the software you are releasing.

    • S_S@lemy.lolOP
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      3
      ·
      5 months ago

      I totally agree it is no different than a random untrusted git repo, so I believe no additional trust is gained if I uploaded it to any of them

      I think version control this way is totally fine, every commit in the linux kernel is mailed as a text diff on the different mailing lists

      As of trusting this or any security related software I believe you have to ultimately read and understand the software you are using, or someone you trust has to do it, I can’t do that, I can only answer questions as they arrive

      I also agree unit tests are probably a good idea for those reasons as well, I don’t have any right now but I’m open to do them some time or receive patches with them

      I like your feedback, thanks for it

      • ramielrowe@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 months ago

        Git was literally written by Linus to manage the source of the kernel. Sure patches are proposed via mailing list, but the actual source is hosted and managed via git. It is literally the gold standard, and source control is a foundational piece of software development. Same with not just unit tests, but functional testing too. You absolutely should not be putting off testing.

  • EarMaster@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    5 months ago

    I like the idea, but may I ask why you don’t use a version control system like Git (or anything else that fits your needs)?

    • S_S@lemy.lolOP
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      2
      ·
      edit-2
      5 months ago

      Thanks

      I just don’t think I need to use one on every one of my projects, it didn’t add any (or enough) value to me for this project for bringing in another tool into the development or release process

      For me this isn’t controversial to skip either, I’m using (and even contributing some to) software all the time with just using folder archives without needing to use any repo tools, historically a lot of software development haven’t need it as well

      • ramielrowe@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        5 months ago

        Github and Gitlab are free, and both even allow private repos for free at this point. Git is practically one of the first tools I install on a dev machine. Likewise, git is the defacto means of package management in golang. It’s so built in that module names are repo URLs.

        • S_S@lemy.lolOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 months ago

          Yes I know it is built in into the package management in golang and other languages, I’m pulling things into my project that way

          I know it is free also and that I can have private repos, it is one of the first tools I also install on dev machines

          But I don’t see how that means I always have to use git or any other VCS for every project I make, it is a good tool, but why do I have to use it if it doesn’t help me?

          • EarMaster@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            You don’t have to. Absolutely not.

            But: As a potential user it provides some additional features your solution lacks. I can easily fork or clone your repo and change things if I need to. If I think it benefits the project I can easily offer these changes back to you, if I don’t I can still profit from future development on your side and incorporate my changes into it. I can very easily check what has changed between two versions without relying (trusting) your changelogs or performing a manual diff.

            But most importantly it is a matter of trust. Not so much trust in your intentions and the possibility of malicious code (Git won’t prevent that), but it obfuscates your code unnecessarily making it harder to continue if you at some point decide to stop maintaining it or even detect vulnerabilities as it is not easily accessible without knowing where to look for it.

            • S_S@lemy.lolOP
              link
              fedilink
              English
              arrow-up
              0
              arrow-down
              1
              ·
              5 months ago

              Sure it might creates some hurdles for potential contributors, and cause some discomfort for users

              For the user case I believe downloading the archive or even the diff text and applying it is quite straight forward, there isn’t any more steps in that than if it was in a repo, it is another way of pulling the code, I’m pretty used to handle software this way anyway, but most people aren’t, I even doubt people would have pulled the SVN URL if I had released it on SourceForge for example, they would have downloaded the source archive from the website, so I don’t believe that the fact that I don’t upload it to a git/svn service makes it much harder for a user

              It is a lot more work to setup a git repo, create an account somewhere, manage ssh keys, setting up configs, making commits, pushing code etc for me

              Offers changes back to me is more a me problem, if you create a git repo and send me the patches or URL I can figure the rest out, anyone doing that can still benefit from my diff files as they can be applied to a git repository as well, or they could create two repositories (or branches), one with just my changes and one with theirs mixed in, and get full three way merge as well

              For the easily checking what has changed it is quite the same thing, there is an extra step unfortunately

              For the relying and trusting me all I can offer is the transparency, I don’t believe many people would notice when a project get forced pushed either, some developers might use the same directory every time to make a pull, and then it would tell them there’s a mismatch, but it is a legit concern nonetheless

              I think using git solves that a bit, you would notice if something was forced pushed, as the auto-updating would fail with an error, but applying patches would also fail the same way, but that is of course a manual operation, having it in a SVN repo feels like it would produce the same problem also

              SVN is probably as much of obfuscating as these files because git is what everyone uses, so it is more a problem of not using git than not using a (D)VCS I believe

              Yea finding it is hard, there are a lot of other benefits with centralized social development platforms, but there was also a time before all that started, I think this community in particular is about not giving up to centralized platforms

              If I ever stop the development, die, go rouge, get hacked or anything else I hope the community figures that out on their own and solves the problem then, anyone who wants should download the text diff files and/or the tar.gz files and take a few different checksums of them so they do not change maliciously at least

              • EarMaster@lemmy.world
                link
                fedilink
                English
                arrow-up
                0
                ·
                5 months ago

                I think you have realized that every comment here was about your decision not to use Git. I don’t think there is much more to say about this…

                • S_S@lemy.lolOP
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  5 months ago

                  Yes unfortunately most of the comments on my last post was also about me not using git and git platforms, seems very controversial.

                  I totally understand it, I’ve also wanted to have everything git and social development platform before when it was new

  • Shimitar@feddit.it
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 months ago

    Why not publish on github or gitlab? Or setup a gitea/similar website and post it?

    I did so with a few of my small stuff.

    • S_S@lemy.lolOP
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      1
      ·
      5 months ago

      I just like to release it this way, I didn’t have much reason or benefits to releasing it on a git service, hosted or my own

      • Shimitar@feddit.it
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        Indeed you are, but if you release it you probably want people to use it, otherwise why release at all? Going github/gitlab way just make that easier.

        You are free to do what you want ofc, just my thoughts.