Merge branch 'main' into feature/port-forwarding

2026-04-25 03:36:41 +00:00 · 2025-02-20 11:31:04 +01:00
parent e6d4653b08 62a0c358f9
commit 8755211a60
191 changed files with 10566 additions and 3093 deletions
--- a/client/server/debug.go
+++ b/client/server/debug.go
@@ -538,7 +538,24 @@ func (s *Server) SetLogLevel(_ context.Context, req *proto.SetLogLevelRequest) (
 	}

 	log.SetLevel(level)
+
+	if s.connectClient == nil {
+		return nil, fmt.Errorf("connect client not initialized")
+	}
+	engine := s.connectClient.Engine()
+	if engine == nil {
+		return nil, fmt.Errorf("engine not initialized")
+	}
+
+	fwManager := engine.GetFirewallManager()
+	if fwManager == nil {
+		return nil, fmt.Errorf("firewall manager not initialized")
+	}
+
+	fwManager.SetLogLevel(level)
+
 	log.Infof("Log level set to %s", level.String())
+
 	return &proto.SetLogLevelResponse{}, nil
 }

--- a/client/server/event.go
+++ b/client/server/event.go
@@ -0,0 +1,36 @@
+package server
+
+import (
+	"context"
+
+	log "github.com/sirupsen/logrus"
+
+	"github.com/netbirdio/netbird/client/proto"
+)
+
+func (s *Server) SubscribeEvents(req *proto.SubscribeRequest, stream proto.DaemonService_SubscribeEventsServer) error {
+	subscription := s.statusRecorder.SubscribeToEvents()
+	defer func() {
+		s.statusRecorder.UnsubscribeFromEvents(subscription)
+		log.Debug("client unsubscribed from events")
+	}()
+
+	log.Debug("client subscribed to events")
+
+	for {
+		select {
+		case event := <-subscription.Events():
+			if err := stream.Send(event); err != nil {
+				log.Warnf("error sending event to %v: %v", req, err)
+				return err
+			}
+		case <-stream.Context().Done():
+			return nil
+		}
+	}
+}
+
+func (s *Server) GetEvents(context.Context, *proto.GetEventsRequest) (*proto.GetEventsResponse, error) {
+	events := s.statusRecorder.GetEventHistory()
+	return &proto.GetEventsResponse{Events: events}, nil
+}
--- a/client/server/server.go
+++ b/client/server/server.go
@@ -404,6 +404,11 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 		s.latestConfigInput.BlockLANAccess = msg.BlockLanAccess
 	}

+	if msg.DisableNotifications != nil {
+		inputConfig.DisableNotifications = msg.DisableNotifications
+		s.latestConfigInput.DisableNotifications = msg.DisableNotifications
+	}
+
 	s.mutex.Unlock()

 	if msg.OptionalPreSharedKey != nil {
@@ -687,6 +692,7 @@ func (s *Server) Status(

 		fullStatus := s.statusRecorder.GetFullStatus()
 		pbFullStatus := toProtoFullStatus(fullStatus)
+		pbFullStatus.Events = s.statusRecorder.GetEventHistory()
 		statusResponse.FullStatus = pbFullStatus
 	}

@@ -736,17 +742,18 @@ func (s *Server) GetConfig(_ context.Context, _ *proto.GetConfigRequest) (*proto
 	}

 	return &proto.GetConfigResponse{
-		ManagementUrl:       managementURL,
-		ConfigFile:          s.latestConfigInput.ConfigPath,
-		LogFile:             s.logFile,
-		PreSharedKey:        preSharedKey,
-		AdminURL:            adminURL,
-		InterfaceName:       s.config.WgIface,
-		WireguardPort:       int64(s.config.WgPort),
-		DisableAutoConnect:  s.config.DisableAutoConnect,
-		ServerSSHAllowed:    *s.config.ServerSSHAllowed,
-		RosenpassEnabled:    s.config.RosenpassEnabled,
-		RosenpassPermissive: s.config.RosenpassPermissive,
+		ManagementUrl:        managementURL,
+		ConfigFile:           s.latestConfigInput.ConfigPath,
+		LogFile:              s.logFile,
+		PreSharedKey:         preSharedKey,
+		AdminURL:             adminURL,
+		InterfaceName:        s.config.WgIface,
+		WireguardPort:        int64(s.config.WgPort),
+		DisableAutoConnect:   s.config.DisableAutoConnect,
+		ServerSSHAllowed:     *s.config.ServerSSHAllowed,
+		RosenpassEnabled:     s.config.RosenpassEnabled,
+		RosenpassPermissive:  s.config.RosenpassPermissive,
+		DisableNotifications: s.config.DisableNotifications,
 	}, nil
 }
 func (s *Server) onSessionExpire() {
--- a/client/server/trace.go
+++ b/client/server/trace.go
@@ -0,0 +1,123 @@
+package server
+
+import (
+	"context"
+	"fmt"
+	"net"
+
+	fw "github.com/netbirdio/netbird/client/firewall/manager"
+	"github.com/netbirdio/netbird/client/firewall/uspfilter"
+	"github.com/netbirdio/netbird/client/proto"
+)
+
+type packetTracer interface {
+	TracePacketFromBuilder(builder *uspfilter.PacketBuilder) (*uspfilter.PacketTrace, error)
+}
+
+func (s *Server) TracePacket(_ context.Context, req *proto.TracePacketRequest) (*proto.TracePacketResponse, error) {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+
+	if s.connectClient == nil {
+		return nil, fmt.Errorf("connect client not initialized")
+	}
+	engine := s.connectClient.Engine()
+	if engine == nil {
+		return nil, fmt.Errorf("engine not initialized")
+	}
+
+	fwManager := engine.GetFirewallManager()
+	if fwManager == nil {
+		return nil, fmt.Errorf("firewall manager not initialized")
+	}
+
+	tracer, ok := fwManager.(packetTracer)
+	if !ok {
+		return nil, fmt.Errorf("firewall manager does not support packet tracing")
+	}
+
+	srcIP := net.ParseIP(req.GetSourceIp())
+	if req.GetSourceIp() == "self" {
+		srcIP = engine.GetWgAddr()
+	}
+
+	dstIP := net.ParseIP(req.GetDestinationIp())
+	if req.GetDestinationIp() == "self" {
+		dstIP = engine.GetWgAddr()
+	}
+
+	if srcIP == nil || dstIP == nil {
+		return nil, fmt.Errorf("invalid IP address")
+	}
+
+	var tcpState *uspfilter.TCPState
+	if flags := req.GetTcpFlags(); flags != nil {
+		tcpState = &uspfilter.TCPState{
+			SYN: flags.GetSyn(),
+			ACK: flags.GetAck(),
+			FIN: flags.GetFin(),
+			RST: flags.GetRst(),
+			PSH: flags.GetPsh(),
+			URG: flags.GetUrg(),
+		}
+	}
+
+	var dir fw.RuleDirection
+	switch req.GetDirection() {
+	case "in":
+		dir = fw.RuleDirectionIN
+	case "out":
+		dir = fw.RuleDirectionOUT
+	default:
+		return nil, fmt.Errorf("invalid direction")
+	}
+
+	var protocol fw.Protocol
+	switch req.GetProtocol() {
+	case "tcp":
+		protocol = fw.ProtocolTCP
+	case "udp":
+		protocol = fw.ProtocolUDP
+	case "icmp":
+		protocol = fw.ProtocolICMP
+	default:
+		return nil, fmt.Errorf("invalid protocolcol")
+	}
+
+	builder := &uspfilter.PacketBuilder{
+		SrcIP:     srcIP,
+		DstIP:     dstIP,
+		Protocol:  protocol,
+		SrcPort:   uint16(req.GetSourcePort()),
+		DstPort:   uint16(req.GetDestinationPort()),
+		Direction: dir,
+		TCPState:  tcpState,
+		ICMPType:  uint8(req.GetIcmpType()),
+		ICMPCode:  uint8(req.GetIcmpCode()),
+	}
+	trace, err := tracer.TracePacketFromBuilder(builder)
+	if err != nil {
+		return nil, fmt.Errorf("trace packet: %w", err)
+	}
+
+	resp := &proto.TracePacketResponse{}
+
+	for _, result := range trace.Results {
+		stage := &proto.TraceStage{
+			Name:    result.Stage.String(),
+			Message: result.Message,
+			Allowed: result.Allowed,
+		}
+		if result.ForwarderAction != nil {
+			details := fmt.Sprintf("%s to %s", result.ForwarderAction.Action, result.ForwarderAction.RemoteAddr)
+			stage.ForwardingDetails = &details
+		}
+		resp.Stages = append(resp.Stages, stage)
+	}
+
+	if len(trace.Results) > 0 {
+		resp.FinalDisposition = trace.Results[len(trace.Results)-1].Allowed
+	}
+
+	return resp, nil
+}