Merge branch 'main' into daemon

.dockerignore

@@ -0,0 +1,5 @@
+# Xcode
+Apple/
+
+# Rust
+target/

.github/workflows/build-docker.yml

@@ -0,0 +1,45 @@
+name: Build Docker
+on:
+  push:
+    branches:
+    - main
+  pull_request:
+    branches:
+    - "*"
+jobs:
+  build:
+    name: Build Docker Image
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+    steps:
+    - name: Setup QEMU
+      uses: docker/setup-qemu-action@v2
+      with:
+        platforms: arm64
+    - name: Setup BuildKit
+      uses: docker/setup-buildx-action@v2
+    - name: Authenticate
+      uses: docker/login-action@v2
+      with:
+        registry: ghcr.io
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - name: Extract Metadata
+      id: meta
+      uses: docker/metadata-action@v4
+      with:
+        images: ghcr.io/${{ github.repository }}
+        tags: |
+          type=sha
+          type=raw,value=latest,enable={{is_default_branch}}
+    - name: Build and Push
+      uses: docker/build-push-action@v4
+      with:
+        platforms: ${{ github.event_name != 'pull_request' && 'linux/amd64,linux/arm64' || 'linux/amd64'  }}
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max

.vscode/settings.json

@@ -19,5 +19,5 @@
     ],
     "[rust]": {
         "editor.defaultFormatter": "rust-lang.rust-analyzer",
-    },
+    }
 }

Cargo.toml

@@ -1,2 +1,2 @@
 [workspace]
-members = ["burrow", "tun-async", "tun"]
+members = ["burrow", "tun"]

Dockerfile

@@ -0,0 +1,75 @@
+FROM docker.io/library/rust:1.70.0-slim-bookworm AS builder
+
+ARG TARGETPLATFORM
+ARG LLVM_VERSION=16
+
+ENV KEYRINGS /etc/apt/keyrings
+
+RUN set -eux && \
+    mkdir -p $KEYRINGS && \
+    apt-get update && \
+    apt-get install --no-install-recommends -y gpg curl musl-dev && \
+    curl --proto '=https' --tlsv1.2 -sSf https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor --output $KEYRINGS/llvm.gpg && \
+    echo "deb [signed-by=$KEYRINGS/llvm.gpg] http://apt.llvm.org/bookworm/ llvm-toolchain-bookworm-$LLVM_VERSION main" > /etc/apt/sources.list.d/llvm.list && \
+    apt-get update && \
+    apt-get install --no-install-recommends -y clang-$LLVM_VERSION llvm-$LLVM_VERSION lld-$LLVM_VERSION && \
+    ln -s clang-$LLVM_VERSION /usr/bin/clang && \
+    ln -s clang /usr/bin/clang++ && \
+    ln -s lld-$LLVM_VERSION /usr/bin/ld.lld && \
+    ln -s clang-$LLVM_VERSION /usr/bin/clang-cl && \
+    ln -s llvm-ar-$LLVM_VERSION /usr/bin/llvm-lib && \
+    ln -s lld-link-$LLVM_VERSION /usr/bin/lld-link && \
+    update-alternatives --install /usr/bin/cc cc /usr/bin/clang 100 && \
+    update-alternatives --install /usr/bin/c++ c++ /usr/bin/clang++ 100 && \
+    apt-get remove -y --auto-remove && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN case $TARGETPLATFORM in \
+     "linux/arm64") LLVM_TARGET=aarch64-unknown-linux-musl ;; \
+     "linux/amd64") LLVM_TARGET=x86_64-unknown-linux-musl ;; \
+     *) exit 1 ;; \
+    esac && \
+    rustup target add $LLVM_TARGET
+
+ENV CC_x86_64_unknown_linux_musl=clang-$LLVM_VERSION \
+    AR_x86_64_unknown_linux_musl=llvm-ar-$LLVM_VERSION \
+    CC_aarch64_unknown_linux_musl=clang-$LLVM_VERSION \
+    AR_aarch64_unknown_linux_musl=llvm-ar-$LLVM_VERSION \
+    CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_RUSTFLAGS="-L/usr/lib/x86_64-linux-musl -L/lib/x86_64-linux-musl -C linker=rust-lld" \
+    CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUSTFLAGS="-L/usr/lib/aarch64-linux-musl -L/lib/aarch64-linux-musl -C linker=rust-lld" \
+    CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
+
+COPY . .
+
+RUN case $TARGETPLATFORM in \
+     "linux/arm64") LLVM_TARGET=aarch64-unknown-linux-musl ;; \
+     "linux/amd64") LLVM_TARGET=x86_64-unknown-linux-musl ;; \
+     *) exit 1 ;; \
+    esac && \
+    cargo install --path burrow --target $LLVM_TARGET
+
+WORKDIR /tmp/rootfs
+
+RUN set -eux && \
+    mkdir -p ./bin ./etc ./tmp ./data && \
+    mv /usr/local/cargo/bin/burrow ./bin/burrow && \
+    echo 'burrow:x:10001:10001::/tmp:/sbin/nologin' > ./etc/passwd && \
+    echo 'burrow:x:10001:' > ./etc/group && \
+    chown -R 10001:10001 ./tmp ./data && \
+    chmod 0777 ./tmp
+
+FROM scratch as runtime
+LABEL \
+    # https://github.com/opencontainers/image-spec/blob/master/annotations.md
+    org.opencontainers.image.title="burrow" \
+    org.opencontainers.image.description="Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club." \
+    org.opencontainers.image.url="https://github.com/hackclub/burrow" \
+    org.opencontainers.image.source="https://github.com/hackclub/burrow" \
+    org.opencontainers.image.vendor="hackclub" \
+    org.opencontainers.image.licenses="GPL-3.0"
+
+USER 10001:10001
+COPY --from=builder /tmp/rootfs /
+WORKDIR /data
+
+ENTRYPOINT ["/bin/burrow"]

README.md

@@ -28,7 +28,7 @@ To start burrowing, download the latest release build in the release section.
 
 ## Hack Club
 
-Hack Club is a global community of high-school hackers from all around the world! Start your hack club by visiting the [Hack Club Page](https://hackclub.com/)
+Hack Club is a global community of high-school hackers from all around the world! Start your own Hack Club, attend an upcoming hackathon or join our online community at [hackclub.com](https://hackclub.com/).
 
 ## License 
 

tun/Cargo.toml

@@ -16,6 +16,14 @@ byteorder = "1.4"
 log = "0.4"
 serde = { version = "1", features = ["derive"], optional = true }
 
+futures = { version = "0.3.28", optional = true }
+
+[features]
+tokio = ["tokio/net", "dep:futures"]
+
+[target.'cfg(feature = "tokio")'.dev-dependencies]
+tokio = { features = ["rt", "macros"] }
+
 [target.'cfg(windows)'.dependencies]
 lazy_static = "1.4"
 libloading = "0.7"

tun/src/lib.rs

@@ -8,5 +8,9 @@ pub(crate) mod imp;
 
 mod options;
 
+#[cfg(any(target_os = "linux", target_vendor = "apple"))]
+#[cfg(feature = "tokio")]
+pub mod tokio;
+
 pub use imp::{TunInterface, TunQueue};
 pub use options::TunOptions;

tun/src/tokio/mod.rs

@@ -0,0 +1,58 @@
+use std::io;
+use tokio::io::unix::AsyncFd;
+
+pub struct TunInterface {
+    inner: AsyncFd<crate::TunInterface>,
+}
+
+impl TunInterface {
+    pub fn new(tun: crate::TunInterface) -> io::Result<Self> {
+        Ok(Self {
+            inner: AsyncFd::new(tun)?,
+        })
+    }
+
+    pub async fn write(&self, buf: &[u8]) -> io::Result<usize> {
+        loop {
+            let mut guard = self.inner.writable().await?;
+            match guard.try_io(|inner| inner.get_ref().send(buf)) {
+                Ok(result) => return result,
+                Err(_would_block) => continue,
+            }
+        }
+    }
+
+    pub async fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
+        loop {
+            let mut guard = self.inner.readable_mut().await?;
+            match guard.try_io(|inner| (*inner).get_mut().recv(buf)) {
+                Ok(result) => return result,
+                Err(_would_block) => continue,
+            }
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use std::net::Ipv4Addr;
+
+    use super::*;
+    #[tokio::test]
+    async fn test_create() {
+        let tun = crate::TunInterface::new().unwrap();
+        let _async_tun = TunInterface::new(tun).unwrap();
+    }
+
+    #[tokio::test]
+    async fn test_write() {
+        let tun = crate::TunInterface::new().unwrap();
+        tun.set_ipv4_addr(Ipv4Addr::from([192, 168, 1, 10]))
+            .unwrap();
+        let async_tun = TunInterface::new(tun).unwrap();
+        let mut buf = [0u8; 1500];
+        buf[0] = 6 << 4;
+        let bytes_written = async_tun.write(&buf).await.unwrap();
+        assert!(bytes_written > 0);
+    }
+}