sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-05-01 14:46:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,820 Commits 385 Branches 327 Tags
0c2fa38e26a94eaec0a8103d253b87e0ee4a3eb1
Commit Graph

74 Commits

Author SHA1 Message Date
Viktor Liu
0c2fa38e26 Exclude benchmark from CI 2025-01-03 11:27:52 +01:00
Viktor Liu
0b9854b2b1 Fix tests 2025-01-03 00:01:40 +01:00
Viktor Liu
f772a21f37 Fix log level handling 2025-01-02 19:02:40 +01:00
Viktor Liu
e912f2d7c0 Fix double close in logger 2025-01-02 19:02:40 +01:00
Viktor Liu
568d064089 Drop certain forwarded icmp packets 2025-01-02 19:02:40 +01:00
Viktor Liu
911f86ded8 Support local IPs in netstack mode 2025-01-02 19:02:40 +01:00
Viktor Liu
2b8092dfad Close endpoints 2025-01-02 16:41:54 +01:00
Viktor Liu
c3c6afa37b Merge branch 'main' into userspace-router 2025-01-02 16:25:04 +01:00
Viktor Liu
fa27369b59 Fix linter issues 2025-01-02 16:21:03 +01:00
Viktor Liu
657413b8a6 Move icmp acceptance logic 2025-01-02 15:59:53 +01:00
Viktor Liu
d85e57e819 Handle other icmp types in forwarder 2025-01-02 15:59:53 +01:00
Viktor Liu
7667886794 Add more tcp logging 2025-01-02 15:17:53 +01:00
Viktor Liu
a12a9ac290 Handle all local IPs 2025-01-02 14:59:41 +01:00
Viktor Liu
ed22d79f04 Add more control with env vars, also allow to pass traffic to native firewall 2025-01-02 13:40:36 +01:00
Viktor Liu
509b4e2132 Lower udp timeout and add teardown messages 2024-12-31 16:06:17 +01:00
Viktor Liu
fb1a10755a Fix lint and test issues 2024-12-31 14:38:59 +01:00
Viktor Liu
abbdf20f65 [client] Allow inbound rosenpass port (#3109) 2024-12-31 14:08:48 +01:00
Viktor Liu
9feaa8d767 Add icmp forwarder 2024-12-31 12:23:16 +01:00
Viktor Liu
6a97d44d5d Improve udp implementation 2024-12-31 00:34:05 +01:00
Viktor Liu
d2616544fe Add logger 2024-12-31 00:34:05 +01:00
Viktor Liu
fad82ee65c Add stop methods and improve udp implementation 2024-12-30 14:30:53 +01:00
Viktor Liu
4199da4a45 Add userspace routing 2024-12-30 01:38:28 +01:00
Viktor Liu
b3c87cb5d1 [client] Fix inbound tracking in userspace firewall (#3111) 
* Don't create state for inbound SYN

* Allow final ack in some cases

* Relax state machine test a little
 2024-12-26 00:51:27 +01:00
Viktor Liu
ad9f044aad [client] Add stateful userspace firewall and remove egress filters (#3093) 
- Add stateful firewall functionality for UDP/TCP/ICMP in userspace firewalll
- Removes all egress drop rules/filters, still needs refactoring so we don't add output rules to any chains/filters.
- on Linux, if the OUTPUT policy is DROP  then we don't do anything about it (no extra allow rules). This is up to the user, if they don't want anything leaving their machine they'll have to manage these rules explicitly.
 2024-12-23 18:22:17 +01:00
Viktor Liu
8866394eb6 [client] Don't choke on non-existent interface in route updates (#2922) 2024-12-03 15:33:41 +01:00
Viktor Liu
5142dc52c1 [client] Persist route selection (#2810) 2024-12-02 17:55:02 +01:00
Viktor Liu
0ecd5f2118 [client] Test nftables for incompatible iptables rules (#2948) 2024-11-25 15:11:56 +01:00
Viktor Liu
940d0c48c6 [client] Don't return error in userspace mode without firewall (#2924) 2024-11-25 15:11:31 +01:00
Viktor Liu
1bbabf70b0 [client] Fix allow netbird rule verdict (#2925) 
* Fix allow netbird rule verdict

* Fix chain name
 2024-11-21 16:53:37 +01:00
Viktor Liu
39329e12a1 [client] Improve state write timeout and abort work early on timeout (#2882) 
* Improve state write timeout and abort work early on timeout

* Don't block on initial persist state
 2024-11-13 13:46:00 +01:00
Viktor Liu
509e184e10 [client] Use the prerouting chain to mark for masquerading to support older systems (#2808) 2024-11-07 12:37:04 +01:00
Viktor Liu
940f8b4547 [client] Remove legacy forwarding rules in userspace mode (#2782) 2024-10-28 12:29:29 +01:00
Viktor Liu
0fd874fa45 [client] Make native firewall init fail firewall creation (#2784) 2024-10-28 10:02:27 +01:00
Viktor Liu
8016710d24 [client] Cleanup firewall state on startup (#2768) 2024-10-24 14:46:24 +02:00
Viktor Liu
869537c951 [client] Cleanup dns and route states on startup (#2757) 2024-10-24 10:53:46 +02:00
Viktor Liu
8c8900be57 [client] Exclude loopback from NAT (#2747) 2024-10-16 17:35:59 +02:00
Viktor Liu
3a88ac78ff [client] Add table filter rules using iptables (#2727) 
This specifically concerns the established/related rule since this one is not compatible with iptables-nft even if it is generated the same way by iptables-translate.
 2024-10-12 10:44:48 +02:00
Viktor Liu
09bdd271f1 [client] Improve route acl (#2705) 
- Update nftables library to v0.2.0
- Mark traffic that was originally destined for local and applies the input rules in the forward chain if said traffic was redirected (e.g. by Docker)
- Add nft rules to internal map only if flush was successful
- Improve error message if handle is 0 (= not found or hasn't been refreshed)
- Add debug logging when route rules are added
- Replace nftables userdata (rule ID) with a rule hash
 2024-10-10 15:54:34 +02:00
Zoltan Papp
fd67892cb4 [client] Refactor/iface pkg (#2646) 
Refactor the flat code structure
 2024-10-02 18:24:22 +02:00
Bethuel Mmbaga
ff7863785f [management, client] Add access control support to network routes (#2100) 2024-10-02 13:41:00 +02:00
Maycon Santos
926e11b086 Remove default allow for UDP on unmatched packet (#2300) 
This fixes an issue where UDP rules were ineffective for userspace clients (Windows/macOS)
 2024-07-22 15:35:17 +02:00
Viktor Liu
6aae797baf Add loopback ignore rule to nat chains (#2190) 
This makes sure loopback traffic is not affected by NAT
 2024-06-25 09:43:36 +02:00
Maycon Santos
6a2929011d Refactor firewall manager check (#2054) 
Some systems don't play nice with a test chain
So we dropped the idea, and instead we check for the filter table

With this check, we might face a case where iptables is selected once and on the 
next netbird up/down it will go back to using nftables
 2024-05-27 08:37:32 +02:00
Maycon Santos
f3214527ea Use info log-level for firewall manager discover (#2045) 
* Use info log-level for firewall manager discover

* Update client/firewall/create_linux.go

Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com>

---------

Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com>
 2024-05-24 13:03:19 +02:00
Maycon Santos
6b01b0020e Enhance firewall manager checks to detect unsupported iptables (#2038) 
Our nftables firewall manager may cause issues when rules are created using older iptable versions
 2024-05-23 16:09:51 +02:00
Bethuel Mmbaga
263abe4862 Fix windows route exec path (#1946) 
* Enable release workflow on PR and upload binaries

 add GetSystem32Command to validate if a command is in the path

it will fall back to the full system32, assuming the OS driver is C

---------

Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
 2024-05-09 13:48:15 +02:00
Zoltan Papp
13b63eebc1 Remove comments from iptables commands (#1928) 2024-05-06 17:12:34 +02:00
Zoltan Papp
3591795a58 Fix allow netbird traffic for nftables and userspace (#1446) 
Add default allow rules for input and output chains as part of the allownetbird call for userspace mode
 2024-01-11 12:21:58 +01:00
Zoltan Papp
69dbcbd362 Remove duplicated chain add (#1444) 
Remove duplicated chain add operation
 2024-01-08 13:29:53 +01:00
Zoltan Papp
006ba32086 Fix/acl for forward (#1305) 
Fix ACL on routed traffic and code refactor
 2023-12-08 10:48:21 +01:00