* Feat add basic support for IPv6 networks
Newly generated networks automatically generate an IPv6 prefix of size
64 within the ULA address range, devices obtain a randomly generated
address within this prefix.
Currently, this is Linux only and does not yet support all features
(routes currently cause an error).
* Fix firewall configuration for IPv6 networks
* Fix routing configuration for IPv6 networks
* Feat provide info on IPv6 support for specific client to mgmt server
* Feat allow configuration of IPv6 support through API, improve stability
* Feat add IPv6 support to new firewall implementation
* Fix peer list item response not containing IPv6 address
* Fix nftables breaking on IPv6 address change
* Fix build issues for non-linux systems
* Fix intermittent disconnections when IPv6 is enabled
* Fix test issues and make some minor revisions
* Fix some more testing issues
* Fix more CI issues due to IPv6
* Fix more testing issues
* Add inheritance of IPv6 enablement status from groups
* Fix IPv6 events not having associated messages
* Address first review comments regarding IPv6 support
* Fix IPv6 table being created even when IPv6 is disabled
Also improved stability of IPv6 route and firewall handling on client side
* Fix IPv6 routes not being removed
* Fix DNS IPv6 issues, limit IPv6 nameservers to IPv6 peers
* Improve code for IPv6 DNS server selection, add AAAA custom records
* Ensure IPv6 routes can only exist for IPv6 routing peers
* Fix IPv6 network generation randomness
* Fix a bunch of compilation issues and test failures
* Replace method calls that are unavailable in Go 1.21
* Fix nil dereference in cleanUpDefaultForwardRules6
* Fix nil pointer dereference when persisting IPv6 network in sqlite
* Clean up of client-side code changes for IPv6
* Fix nil dereference in rule mangling and compilation issues
* Add a bunch of client-side test cases for IPv6
* Fix IPv6 tests running on unsupported environments
* Fix import cycle in tests
* Add missing method SupportsIPv6() for windows
* Require IPv6 default route for IPv6 tests
* Fix panics in routemanager tests on non-linux
* Fix some more route manager tests concerning IPv6
* Add some final client-side tests
* Add IPv6 tests for management code, small fixes
* Fix linting issues
* Fix small test suite issues
* Fix linter issues and builds on macOS and Windows again
* fix builds for iOS because of IPv6 breakage
* Add gocritic linter
`gocritic` provides diagnostics that check for bugs, performance, and style issues
We disable the following checks:
- commentFormatting
- captLocal
- deprecatedComment
This PR contains many `//nolint:gocritic` to disable `appendAssign`.
Add a default firewall rule to allow netbird traffic to be handled
by the access control managers.
Userspace manager behavior:
- When running on Windows, a default rule is add on Windows firewall
- For Linux, we are using one of the Kernel managers to add a single rule
- This PR doesn't handle macOS
Kernel manager behavior:
- For NFtables, if there is a filter table, an INPUT rule is added
- Iptables follows the previous flow if running on kernel mode. If running
on userspace mode, it adds a single rule for INPUT and OUTPUT chains
A new checkerFW package has been introduced to consolidate checks across
route and access control managers.
It supports a new environment variable to skip nftables and allow iptables tests
* use ipset for iptables
* Update unit-tests for iptables
* Remove debug code
* Update dependencies
* Create separate sets for dPort and sPort rules
* Fix iptables tests
* Fix 0.0.0.0 processing in iptables with ipset
* Optimize rules with All groups
* Use IP sets in ACLs (nftables implementation)
* Fix squash rule when we receive optimized rules list from management
* Extend protocol and firewall manager to handle old management
* Send correct empty firewall rules list when delete peer
* Add extra tests for firewall manager and uspfilter
* Work with inconsistent state
* Review note
* Update comment
