- Port dnat changes from https://github.com/netbirdio/netbird/pull/4015 (nftables/iptables/userspace)
- For userspace: rewrite the original port to the target port
- Remember original destination port in conntrack
- Rewrite the source port back to the original port for replies
- Redirect incoming port 5353 to 22054 (tcp/udp)
- Revert port changes based on the network map received from management
- Adjust tracer to show NAT stages
* integrate api
integrate api with stream and implement some client side
* fix typo and fix validation
* use real daemon address
* redo the connect via address
* Refactor the debug bundle generator to be ready to use from engine (#4469)
* fix tests
* fix lint
* fix bug with stream
* try refactor status 1
* fix convert fullStatus to statusOutput & add logFile
* fix tests
* fix tests
* fix not enough arguments in call to nbstatus.ConvertToStatusOutputOverview
* fix status_test
* fix(engine): avoid deadlock when stopping engine during debug bundle
* use atomic for lock-free
* use new lock
---------
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
fix lint
clean up
fix MarkPendingJobsAsFailed
apply feedbacks 1
fix typo
change api and apply new schema
fix lint
fix api object
clean switch case
apply feedback 2
fix error handle in create job
get rid of any/interface type in job database
fix sonar issue
use RawJson for both parameters and results
running go mod tidy
update package
fix 1
update codegen
fix code-gen
fix snyk
fix snyk hopefully
* new bi-directional stream for jobs
* create bidirectional job channel to send requests from the server and receive responses from the client
* fix tests
* fix lint and close bug
* fix lint
* clean up & fix close of closed channel
* add nolint:staticcheck
* remove some redundant code from the job channel PR since this one is a cleaner rewrite
* cleanup removes a pending job safely
* change proto
* rename to jobRequest
* apply feedback 1
* apply feedback 2
* fix typo
* apply feedback 3
* apply last feedback
makes the DNS forwarder port configurable in the management and client components, while changing the well-known port from 5454 to 22054. The change includes version-aware port assignment to ensure backward compatibility.
- Adds a configurable `ForwarderPort` field to the DNS configuration protocol
- Implements version-based port computation that returns the new port (22054) only when all peers support version 0.59.0 or newer
- Updates the client to dynamically restart the DNS forwarder when the port changes
DNS record filtering to only include peers that a peer can connect to, reducing unnecessary DNS data in the peer's network map.
- Adds a new `filterZoneRecordsForPeers` function to filter DNS records based on peer connectivity
- Modifies `GetPeerNetworkMap` to use filtered DNS records instead of all records in the custom zone
- Includes comprehensive test coverage for the new filtering functionality
This PR adds user approval functionality to the management system, allowing administrators to manually approve new users joining via domain matching. When enabled, users are blocked with pending approval status until explicitly approved by an admin.
Adds UserApprovalRequired setting to control manual user approval requirement
Introduces user approval and rejection endpoints with corresponding business logic
Prevents pending approval users from adding peers or logging in
