The status cmd will not be blocked by the ICE probe
Refactor the TURN and STUN probe, and cache the results. The NetBird status command will indicate a "checking…" state.
- Port dnat changes from https://github.com/netbirdio/netbird/pull/4015 (nftables/iptables/userspace)
- For userspace: rewrite the original port to the target port
- Remember original destination port in conntrack
- Rewrite the source port back to the original port for replies
- Redirect incoming port 5353 to 22054 (tcp/udp)
- Revert port changes based on the network map received from management
- Adjust tracer to show NAT stages
* integrate api
integrate api with stream and implement some client side
* fix typo and fix validation
* use real daemon address
* redo the connect via address
* Refactor the debug bundle generator to be ready to use from engine (#4469)
* fix tests
* fix lint
* fix bug with stream
* try refactor status 1
* fix convert fullStatus to statusOutput & add logFile
* fix tests
* fix tests
* fix not enough arguments in call to nbstatus.ConvertToStatusOutputOverview
* fix status_test
* fix(engine): avoid deadlock when stopping engine during debug bundle
* use atomic for lock-free
* use new lock
---------
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
* new bi-directional stream for jobs
* create bidirectional job channel to send requests from the server and receive responses from the client
* fix tests
* fix lint and close bug
* fix lint
* clean up & fix close of closed channel
* add nolint:staticcheck
* remove some redundant code from the job channel PR since this one is a cleaner rewrite
* cleanup removes a pending job safely
* change proto
* rename to jobRequest
* apply feedback 1
* apply feedback 2
* fix typo
* apply feedback 3
* apply last feedback
makes the DNS forwarder port configurable in the management and client components, while changing the well-known port from 5454 to 22054. The change includes version-aware port assignment to ensure backward compatibility.
- Adds a configurable `ForwarderPort` field to the DNS configuration protocol
- Implements version-based port computation that returns the new port (22054) only when all peers support version 0.59.0 or newer
- Updates the client to dynamically restart the DNS forwarder when the port changes
- Move `util/grpc` and `util/net` to `client` so `internal` packages can be accessed
- Add methods to return the next best interface after the NetBird interface.
- Use `IP_UNICAST_IF` sock opt to force the outgoing interface for the NetBird `net.Dialer` and `net.ListenerConfig` to avoid routing loops. The interface is picked by the new route lookup method.
- Some refactoring to avoid import cycles
- Old behavior is available through `NB_USE_LEGACY_ROUTING=true` env var
Deduplicate STUN package sending.
Originally, because every peer shared the same UDP address, the library could not distinguish which STUN message was associated with which candidate. As a result, the Pion library responded from all candidates for every STUN message.
In this PR, speed up the GRPC message processing, force the recreation of the ICE agent when getting a new, remote offer (do not wait for local STUN timeout).
This PR introduces a new inactivity package responsible for monitoring peer activity and notifying when peers become inactive.
Introduces a new Signal message type to close the peer connection after the idle timeout is reached.
Periodically checks the last activity of registered peers via a Bind interface.
Notifies via a channel when peers exceed a configurable inactivity threshold.
Default settings
DefaultInactivityThreshold is set to 15 minutes, with a minimum allowed threshold of 1 minute.
Limitations
This inactivity check does not support kernel WireGuard integration. In kernel–user space communication, the user space side will always be responsible for closing the connection.
In the conn_mgr we must distinguish two contexts. One is relevant for lazy-manager, and one (engine context) is relevant for peer creation. If we use the incorrect context, then when we disable the lazy connection feature, we cancel the peer connections too, instead of just the lazy manager.
