makes the DNS forwarder port configurable in the management and client components, while changing the well-known port from 5454 to 22054. The change includes version-aware port assignment to ensure backward compatibility.
- Adds a configurable `ForwarderPort` field to the DNS configuration protocol
- Implements version-based port computation that returns the new port (22054) only when all peers support version 0.59.0 or newer
- Updates the client to dynamically restart the DNS forwarder when the port changes
The Relayed connection setup is optimistic. It does not have any confirmation of an established end-to-end connection. Peers start sending WireGuard handshake packets immediately after the successful offer-answer handshake.
Meanwhile, for successful P2P connection negotiation, we change the WireGuard endpoint address, but this change does not trigger new handshake initiation. Because the peer switched from Relayed connection to P2P, the packets from the Relay server are dropped and must wait for the next WireGuard handshake via P2P.
To avoid this scenario, the relayed WireGuard proxy no longer drops the packets. Instead, it rewrites the source address to the new P2P endpoint and continues forwarding the packets.
We still have one corner case: if the Relayed server negotiation chooses a server that has not been used before. In this case, one side of the peer connection will be slower to reach the Relay server, and the Relay server will drop the handshake packet.
If everything goes well we should see exactly 5 seconds improvements between the WireGuard configuration time and the handshake time.
* integrate api
integrate api with stream and implement some client side
* fix typo and fix validation
* use real daemon address
* redo the connect via address
* Refactor the debug bundle generator to be ready to use from engine (#4469)
* fix tests
* fix lint
* fix bug with stream
* try refactor status 1
* fix convert fullStatus to statusOutput & add logFile
* fix tests
* fix tests
* fix not enough arguments in call to nbstatus.ConvertToStatusOutputOverview
* fix status_test
* fix(engine): avoid deadlock when stopping engine during debug bundle
* use atomic for lock-free
* use new lock
---------
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
- Move `util/grpc` and `util/net` to `client` so `internal` packages can be accessed
- Add methods to return the next best interface after the NetBird interface.
- Use `IP_UNICAST_IF` sock opt to force the outgoing interface for the NetBird `net.Dialer` and `net.ListenerConfig` to avoid routing loops. The interface is picked by the new route lookup method.
- Some refactoring to avoid import cycles
- Old behavior is available through `NB_USE_LEGACY_ROUTING=true` env var
The client status is not enough to protect the RPC calls from concurrency issues, because it is handled internally in the client in an asynchronous way.
Deduplicate STUN package sending.
Originally, because every peer shared the same UDP address, the library could not distinguish which STUN message was associated with which candidate. As a result, the Pion library responded from all candidates for every STUN message.
* new bi-directional stream for jobs
* create bidirectional job channel to send requests from the server and receive responses from the client
* fix tests
* fix lint and close bug
* fix lint
* clean up & fix close of closed channel
* add nolint:staticcheck
* remove some redundant code from the job channel PR since this one is a cleaner rewrite
* cleanup removes a pending job safely
* change proto
* rename to jobRequest
* apply feedback 1
* apply feedback 2
* fix typo
* apply feedback 3
* apply last feedback
In this PR, speed up the GRPC message processing, force the recreation of the ICE agent when getting a new, remote offer (do not wait for local STUN timeout).
