Introduce `mergeDefaultIFaceBlacklist` to ensure new defaults are appended to the interface blacklist while preserving user modifications. Add tests to verify behavior, including migration of old configs and handling of user-removed entries.
In Kubernetes environments using Cilium or similar CNI plugins, pod
CIDR addresses (e.g. 100.65.x.x) from the RFC 6598 CGNAT range
(100.64.0.0/10) were being gathered as valid ICE host candidates.
This caused WireGuard endpoints to resolve to non-routable pod IPs,
producing overlay-routed connections with degraded latency instead of
true P2P paths between hosts.
Add three layers of defense:
- Expand the default interface blacklist with common Kubernetes CNI
interface prefixes (cilium_, lxc, cali, flannel, cni, weave)
- Filter local and remote ICE candidates whose addresses fall within
the CGNAT range but outside the NetBird WireGuard network
- Reject UDP mux writes to CGNAT addresses as a defense-in-depth
fallback
- Connect on daemon start only if the file existed before
- fixed a bug that happened when the default profile config was removed, which would recreate it and reset the active profile to the default.
* updates to client file writing
* numerous
* minor
* - Align OnLoginSuccess behavior with Android (only call on nil error)
- Remove verbose debug logging from WaitToken in device_flow.go
- Improve TUN FD=0 fallback comments and warning messages
- Document why config save after login differs from Android
* Add nolint directive for staticcheck SA1029 in login.go
* Fix CodeRabbit review issues for iOS/tvOS SDK
- Remove goroutine from OnLoginSuccess callback, invoke synchronously
- Stop treating PermissionDenied as success, propagate as permanent error
- Replace context.TODO() with bounded timeout context (30s) in RequestAuthInfo
- Handle DirectUpdateOrCreateConfig errors in IsLoginRequired and LoginForMobile
- Add permission enforcement to DirectUpdateOrCreateConfig for existing configs
- Fix variable shadowing in device_ios.go where err was masked by := in else block
* Address additional CodeRabbit review issues for iOS/tvOS SDK
- Make tunFd == 0 a hard error with exported ErrInvalidTunnelFD (remove dead fallback code)
- Apply defaults in ConfigFromJSON to prevent partially-initialized configs
- Add nil guards for listener/urlOpener interfaces in public SDK entry points
- Reorder config save before OnLoginSuccess to prevent teardown race
- Add explanatory comment for urlOpener.Open goroutine
* Make urlOpener.Open() synchronous in device auth flow
