sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-29 21:56:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,838 Commits 384 Branches 326 Tags
7dfe7e426e9e2eab98165c01d209a9e015973bb3
Commit Graph

685 Commits

Author SHA1 Message Date
Viktor Liu
7dfe7e426e Always use userspace routing in netstack mode 2025-01-03 18:38:57 +01:00
Viktor Liu
eaadb75144 Add env var to force userspace routing if native routing is available 2025-01-03 18:02:35 +01:00
Viktor Liu
0b116b3941 Use native firewall for nat/firewall operations if available 2025-01-03 17:52:36 +01:00
Viktor Liu
f69dd6fb62 Make extra IPs from interfaces optional 2025-01-03 16:54:46 +01:00
Viktor Liu
62a20f5f1a Add local IPs test 2025-01-03 16:50:00 +01:00
Viktor Liu
a6ad4dcf22 Close endpoint when stopping udp forwarder 2025-01-03 16:40:51 +01:00
Viktor Liu
f26b418e83 Allow to set firewall log level 2025-01-03 16:04:00 +01:00
Viktor Liu
979fe6bb6a Reduce complexity and fix linter issues 2025-01-03 15:43:28 +01:00
Viktor Liu
c68be6b61b Remove fractions of seconds 2025-01-03 15:18:36 +01:00
Viktor Liu
fc799effda Set log level from logrus 2025-01-03 15:16:30 +01:00
Viktor Liu
955b2b98e1 Complete route ACLs and add tests 2025-01-03 15:16:23 +01:00
Viktor Liu
9490e9095b Reduce complexity 2025-01-03 11:50:51 +01:00
Viktor Liu
d711172f67 Fix benchmarks 2025-01-03 11:30:55 +01:00
Viktor Liu
0c2fa38e26 Exclude benchmark from CI 2025-01-03 11:27:52 +01:00
Viktor Liu
88b420da6d Remove linux restriction 2025-01-03 00:23:35 +01:00
Viktor Liu
2930288f2d Fix test expectation 2025-01-03 00:22:09 +01:00
Viktor Liu
0b9854b2b1 Fix tests 2025-01-03 00:01:40 +01:00
Viktor Liu
f772a21f37 Fix log level handling 2025-01-02 19:02:40 +01:00
Viktor Liu
e912f2d7c0 Fix double close in logger 2025-01-02 19:02:40 +01:00
Viktor Liu
568d064089 Drop certain forwarded icmp packets 2025-01-02 19:02:40 +01:00
Viktor Liu
911f86ded8 Support local IPs in netstack mode 2025-01-02 19:02:40 +01:00
Viktor Liu
2b8092dfad Close endpoints 2025-01-02 16:41:54 +01:00
Viktor Liu
c3c6afa37b Merge branch 'main' into userspace-router 2025-01-02 16:25:04 +01:00
Viktor Liu
fa27369b59 Fix linter issues 2025-01-02 16:21:03 +01:00
Viktor Liu
657413b8a6 Move icmp acceptance logic 2025-01-02 15:59:53 +01:00
Viktor Liu
d85e57e819 Handle other icmp types in forwarder 2025-01-02 15:59:53 +01:00
Viktor Liu
7667886794 Add more tcp logging 2025-01-02 15:17:53 +01:00
Viktor Liu
a12a9ac290 Handle all local IPs 2025-01-02 14:59:41 +01:00
Viktor Liu
ed22d79f04 Add more control with env vars, also allow to pass traffic to native firewall 2025-01-02 13:40:36 +01:00
Viktor Liu
509b4e2132 Lower udp timeout and add teardown messages 2024-12-31 16:06:17 +01:00
Viktor Liu
fb1a10755a Fix lint and test issues 2024-12-31 14:38:59 +01:00
Viktor Liu
abbdf20f65 [client] Allow inbound rosenpass port (#3109) 2024-12-31 14:08:48 +01:00
Viktor Liu
43ef64cf67 [client] Ignore case when matching domains in handler chain (#3133) 2024-12-31 14:07:21 +01:00
Viktor Liu
9feaa8d767 Add icmp forwarder 2024-12-31 12:23:16 +01:00
Viktor Liu
6a97d44d5d Improve udp implementation 2024-12-31 00:34:05 +01:00
Viktor Liu
d2616544fe Add logger 2024-12-31 00:34:05 +01:00
Viktor Liu
fad82ee65c Add stop methods and improve udp implementation 2024-12-30 14:30:53 +01:00
Viktor Liu
4199da4a45 Add userspace routing 2024-12-30 01:38:28 +01:00
Viktor Liu
b3c87cb5d1 [client] Fix inbound tracking in userspace firewall (#3111) 
* Don't create state for inbound SYN

* Allow final ack in some cases

* Relax state machine test a little
 2024-12-26 00:51:27 +01:00
Viktor Liu
0dbaddc7be [client] Don't fail debug if log file is console (#3103) 2024-12-24 15:05:23 +01:00
Viktor Liu
ad9f044aad [client] Add stateful userspace firewall and remove egress filters (#3093) 
- Add stateful firewall functionality for UDP/TCP/ICMP in userspace firewalll
- Removes all egress drop rules/filters, still needs refactoring so we don't add output rules to any chains/filters.
- on Linux, if the OUTPUT policy is DROP  then we don't do anything about it (no extra allow rules). This is up to the user, if they don't want anything leaving their machine they'll have to manage these rules explicitly.
 2024-12-23 18:22:17 +01:00
Viktor Liu
05930ee6b1 [client] Add firewall rules to the debug bundle (#3089) 
Adds the following to the debug bundle:
- iptables: `iptables-save`, `iptables -v -n -L`
- nftables: `nft list ruleset` or if not available formatted output from netlink (WIP)
 2024-12-23 15:57:15 +01:00
Viktor Liu
b48cf1bf65 [client] Reduce DNS handler chain lock contention (#3099) 2024-12-21 15:56:52 +01:00
Zoltan Papp
82b4e58ad0 Do not start DNS forwarder on client side (#3094) 2024-12-20 16:20:50 +01:00
Viktor Liu
ddc365f7a0 [client, management] Add new network concept (#3047) 
---------

Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com>
Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com>
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
 2024-12-20 11:30:28 +01:00
Maycon Santos
37ad370344 [client] Avoid using iota on mixed const block (#3057) 
Used the values as resolved when the first iota value was the second const in the block.
 2024-12-16 18:09:31 +01:00
Jesse R Codling
3844516aa7 [client] fix: reformat IPv6 ICE addresses when punching (#3050) 
Should fix #2327 and #2606 by checking for IPv6 addresses from ICE
 2024-12-16 09:58:54 +01:00
M. Essam
a4a30744ad Fix race condition with systray ready (#2993) 2024-12-14 12:17:53 -08:00
Maycon Santos
dcba6a6b7e fix: client/Dockerfile to reduce vulnerabilities (#3019) 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201
- https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
 2024-12-11 16:46:51 +01:00
Maycon Santos
2147bf75eb [client] Add peer conn init limit (#3001) 
Limit the peer connection initialization to 200 peers at the same time
 2024-12-09 17:10:31 +01:00