[management, client] Add IPv6 overlay support (#5631)

2026-05-13 20:29:55 +00:00 · 2026-05-07 18:33:37 +09:00
parent f23aaa9ae7
commit 205ebcfda2
229 changed files with 10155 additions and 2816 deletions
--- a/client/wasm/cmd/main.go
+++ b/client/wasm/cmd/main.go
@@ -5,6 +5,8 @@ package main
 import (
 	"context"
 	"fmt"
+	"net"
+	"strconv"
 	"sync"
 	"syscall/js"
 	"time"
@@ -83,6 +85,10 @@ func parseClientOptions(jsOptions js.Value) (netbird.Options, error) {
 		options.DeviceName = deviceName.String()
 	}

+	if disableIPv6 := jsOptions.Get("disableIPv6"); !disableIPv6.IsNull() && !disableIPv6.IsUndefined() {
+		options.DisableIPv6 = disableIPv6.Bool()
+	}
+
 	return options, nil
 }

@@ -163,39 +169,58 @@ func createSSHMethod(client *netbird.Client) js.Func {
 			})
 		}

-		var jwtToken string
-		if len(args) > 3 && !args[3].IsNull() && !args[3].IsUndefined() {
-			jwtToken = args[3].String()
-		}
+		jwtToken, ipVersion := parseSSHOptions(args)

 		return createPromise(func(resolve, reject js.Value) {
-			sshClient := ssh.NewClient(client)
-
-			if err := sshClient.Connect(host, port, username, jwtToken); err != nil {
+			jsInterface, err := connectSSH(client, host, port, username, jwtToken, ipVersion)
+			if err != nil {
 				reject.Invoke(err.Error())
 				return
 			}
-
-			if err := sshClient.StartSession(80, 24); err != nil {
-				if closeErr := sshClient.Close(); closeErr != nil {
-					log.Errorf("Error closing SSH client: %v", closeErr)
-				}
-				reject.Invoke(err.Error())
-				return
-			}
-
-			jsInterface := ssh.CreateJSInterface(sshClient)
 			resolve.Invoke(jsInterface)
 		})
 	})
 }

-func performPing(client *netbird.Client, hostname string) {
+func parseSSHOptions(args []js.Value) (jwtToken string, ipVersion int) {
+	if len(args) > 3 && !args[3].IsNull() && !args[3].IsUndefined() {
+		jwtToken = args[3].String()
+	}
+	if len(args) > 4 {
+		ipVersion = jsIPVersion(args[4])
+	}
+	return
+}
+
+func connectSSH(client *netbird.Client, host string, port int, username, jwtToken string, ipVersion int) (js.Value, error) {
+	sshClient := ssh.NewClient(client)
+
+	if err := sshClient.Connect(host, port, username, jwtToken, ipVersion); err != nil {
+		return js.Undefined(), err
+	}
+
+	if err := sshClient.StartSession(80, 24); err != nil {
+		if closeErr := sshClient.Close(); closeErr != nil {
+			log.Errorf("Error closing SSH client: %v", closeErr)
+		}
+		return js.Undefined(), err
+	}
+
+	return ssh.CreateJSInterface(sshClient), nil
+}
+
+func performPing(client *netbird.Client, hostname string, ipVersion int) {
 	ctx, cancel := context.WithTimeout(context.Background(), pingTimeout)
 	defer cancel()

+	// Default to ping4 to avoid dual-stack ICMP endpoint issues in wireguard-go netstack.
+	network := "ping4"
+	if ipVersion == 6 {
+		network = "ping6"
+	}
+
 	start := time.Now()
-	conn, err := client.Dial(ctx, "ping", hostname)
+	conn, err := client.Dial(ctx, network, hostname)
 	if err != nil {
 		js.Global().Get("console").Call("log", fmt.Sprintf("Ping to %s failed: %v", hostname, err))
 		return
@@ -222,27 +247,39 @@ func performPing(client *netbird.Client, hostname string) {
 	}

 	latency := time.Since(start)
-	js.Global().Get("console").Call("log", fmt.Sprintf("Ping to %s: %dms", hostname, latency.Milliseconds()))
+	remote := conn.RemoteAddr().String()
+	msg := fmt.Sprintf("Ping to %s: %dms", hostname, latency.Milliseconds())
+	if remote != hostname {
+		msg += fmt.Sprintf(" (via %s)", remote)
+	}
+	js.Global().Get("console").Call("log", msg)
 }

-func performPingTCP(client *netbird.Client, hostname string, port int) {
+func performPingTCP(client *netbird.Client, hostname string, port, ipVersion int) {
 	ctx, cancel := context.WithTimeout(context.Background(), pingTimeout)
 	defer cancel()

-	address := fmt.Sprintf("%s:%d", hostname, port)
+	network := ipVersionNetwork("tcp", ipVersion)
+
+	address := net.JoinHostPort(hostname, fmt.Sprintf("%d", port))
 	start := time.Now()
-	conn, err := client.Dial(ctx, "tcp", address)
+	conn, err := client.Dial(ctx, network, address)
 	if err != nil {
 		js.Global().Get("console").Call("log", fmt.Sprintf("TCP ping to %s failed: %v", address, err))
 		return
 	}
 	latency := time.Since(start)

+	remote := conn.RemoteAddr().String()
 	if err := conn.Close(); err != nil {
 		log.Debugf("failed to close TCP connection: %v", err)
 	}

-	js.Global().Get("console").Call("log", fmt.Sprintf("TCP ping to %s succeeded: %dms", address, latency.Milliseconds()))
+	msg := fmt.Sprintf("TCP ping to %s succeeded: %dms", address, latency.Milliseconds())
+	if remote != address {
+		msg += fmt.Sprintf(" (via %s)", remote)
+	}
+	js.Global().Get("console").Call("log", msg)
 }

 // createPingMethod creates the ping method
@@ -259,8 +296,12 @@ func createPingMethod(client *netbird.Client) js.Func {
 		}

 		hostname := args[0].String()
+		var ipVersion int
+		if len(args) > 1 {
+			ipVersion = jsIPVersion(args[1])
+		}
 		return createPromise(func(resolve, reject js.Value) {
-			performPing(client, hostname)
+			performPing(client, hostname, ipVersion)
 			resolve.Invoke(js.Undefined())
 		})
 	})
@@ -287,8 +328,12 @@ func createPingTCPMethod(client *netbird.Client) js.Func {

 		hostname := args[0].String()
 		port := args[1].Int()
+		var ipVersion int
+		if len(args) > 2 {
+			ipVersion = jsIPVersion(args[2])
+		}
 		return createPromise(func(resolve, reject js.Value) {
-			performPingTCP(client, hostname, port)
+			performPingTCP(client, hostname, port, ipVersion)
 			resolve.Invoke(js.Undefined())
 		})
 	})
@@ -461,6 +506,31 @@ func createSetLogLevelMethod(client *netbird.Client) js.Func {
 	})
 }

+// ipVersionNetwork appends "4" or "6" to a base network string (e.g. "tcp" -> "tcp4").
+func ipVersionNetwork(base string, ipVersion int) string {
+	switch ipVersion {
+	case 4:
+		return base + "4"
+	case 6:
+		return base + "6"
+	default:
+		return base
+	}
+}
+
+// jsIPVersion extracts an IP version (4 or 6) from a JS string or number.
+func jsIPVersion(v js.Value) int {
+	switch v.Type() {
+	case js.TypeNumber:
+		return v.Int()
+	case js.TypeString:
+		n, _ := strconv.Atoi(v.String())
+		return n
+	default:
+		return 0
+	}
+}
+
 // createStartCaptureMethod creates the programmable packet capture method.
 // Returns a JS interface with onpacket callback and stop() method.
 //
--- a/client/wasm/internal/rdp/rdcleanpath.go
+++ b/client/wasm/internal/rdp/rdcleanpath.go
@@ -82,7 +82,7 @@ func NewRDCleanPathProxy(client interface {

 // CreateProxy creates a new proxy endpoint for the given destination
 func (p *RDCleanPathProxy) CreateProxy(hostname, port string) js.Value {
-	destination := fmt.Sprintf("%s:%s", hostname, port)
+	destination := net.JoinHostPort(hostname, port)

 	return js.Global().Get("Promise").New(js.FuncOf(func(_ js.Value, args []js.Value) any {
 		resolve := args[0]
--- a/client/wasm/internal/ssh/client.go
+++ b/client/wasm/internal/ssh/client.go
@@ -6,6 +6,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"net"
 	"sync"
 	"time"

@@ -45,9 +46,10 @@ func NewClient(nbClient *netbird.Client) *Client {
 	}
 }

-// Connect establishes an SSH connection through NetBird network
-func (c *Client) Connect(host string, port int, username, jwtToken string) error {
-	addr := fmt.Sprintf("%s:%d", host, port)
+// Connect establishes an SSH connection through NetBird network.
+// ipVersion may be 4, 6, or 0 for automatic selection.
+func (c *Client) Connect(host string, port int, username, jwtToken string, ipVersion int) error {
+	addr := net.JoinHostPort(host, fmt.Sprintf("%d", port))
 	logrus.Infof("SSH: Connecting to %s as %s", addr, username)

 	authMethods, err := c.getAuthMethods(jwtToken)
@@ -62,10 +64,18 @@ func (c *Client) Connect(host string, port int, username, jwtToken string) error
 		Timeout:         sshDialTimeout,
 	}

+	network := "tcp"
+	switch ipVersion {
+	case 4:
+		network = "tcp4"
+	case 6:
+		network = "tcp6"
+	}
+
 	ctx, cancel := context.WithTimeout(context.Background(), sshDialTimeout)
 	defer cancel()

-	conn, err := c.nbClient.Dial(ctx, "tcp", addr)
+	conn, err := c.nbClient.Dial(ctx, network, addr)
 	if err != nil {
 		return fmt.Errorf("dial %s: %w", addr, err)
 	}