Add an upload bundle option with the flag --upload-bundle; by default, the upload will use a NetBird address, which can be replaced using the flag --upload-bundle-url.
The upload server is available under the /upload-server path. The release change will push a docker image to netbirdio/upload image repository.
The server supports using s3 with pre-signed URL for direct upload and local file for storing bundles.
This PR fixes configuration inconsistencies and updates the store engine type usage throughout the management code. Key changes include:
- Replacing outdated server.Config references with types.Config and updating related flag variables (e.g. types.MgmtConfigPath).
- Converting engine constants (SqliteStoreEngine, PostgresStoreEngine, MysqlStoreEngine) to use types.Engine for consistent type–safety.
- Adjusting various test and migration code paths to correctly reference the new configuration and engine types.
adds NetFlow functionality to track and log network traffic information between peers, with features including:
- Flow logging for TCP, UDP, and ICMP traffic
- Integration with connection tracking system
- Resource ID tracking in NetFlow events
- DNS and exit node collection configuration
- Flow API and Redis cache in management
- Memory-based flow storage implementation
- Kernel conntrack counters and userspace counters
- TCP state machine improvements for more accurate tracking
- Migration from net.IP to netip.Addr in the userspace firewall
* [misc] Add vendor/ to .gitignore
Ignore the vendor/ tree created if someone runs "go mod vendor"
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update google.golang.org/protobuf to latest
Updating protobuf runtime library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update google.golang.org/grpc to latest
Updating grpc library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update golang.org/x/net to latest
Updating x/net library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update golang.org/x/oauth2 to latest
Updating x/oauth2 library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update github.com/stretchr/testify to latest
Updating testify library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update opentelemetry to latest
Updating otel library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update golang.org/x/time to latest
Updating x/time library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [management] Update google.golang.org/api to latest
Updating google.golang.org/api library to fix indirect dependency issues with
older versions of OpenTelemetry.
See: #3240
Signed-off-by: Christian Stewart <christian@aperture.us>
---------
Signed-off-by: Christian Stewart <christian@aperture.us>
The nhooyr.io/websocket package was renamed to github.com/coder/websocket when
the project was transferred to "coder" as the new maintainer.
Use the new import path and update go.mod and go.sum accordingly.
Signed-off-by: Christian Stewart <christian@aperture.us>
Code cleaning around the util/net package. The goal was to write a more understandable source code but modify nothing on the logic.
Protect the WireGuard UDP listeners with marks.
The implementation can support the VPN permission revocation events in thread safe way. It will be important if we start to support the running time route and DNS update features.
- uniformize the file name convention: [struct_name] _ [functions] _ [os].go
- code cleaning in net_linux.go
- move env variables to env.go file
- Update nftables library to v0.2.0
- Mark traffic that was originally destined for local and applies the input rules in the forward chain if said traffic was redirected (e.g. by Docker)
- Add nft rules to internal map only if flush was successful
- Improve error message if handle is 0 (= not found or hasn't been refreshed)
- Add debug logging when route rules are added
- Replace nftables userdata (rule ID) with a rule hash
This update adds new relay integration for NetBird clients. The new relay is based on web sockets and listens on a single port.
- Adds new relay implementation with websocket with single port relaying mechanism
- refactor peer connection logic, allowing upgrade and downgrade from/to P2P connection
- peer connections are faster since it connects first to relay and then upgrades to P2P
- maintains compatibility with old clients by not using the new relay
- updates infrastructure scripts with new relay service
