modify store lock logs

.github/workflows/golang-test-linux.yml

@@ -194,7 +194,6 @@ jobs:
             -v "${HOST_GOMODCACHE}:${CONTAINER_GOMODCACHE}" \
             -e CGO_ENABLED=1 \
             -e CI=true \
-            -e DOCKER_CI=true \
             -e GOARCH=${GOARCH_TARGET} \
             -e GOCACHE=${CONTAINER_GOCACHE} \
             -e GOMODCACHE=${CONTAINER_GOMODCACHE} \
@@ -202,7 +201,7 @@ jobs:
             sh -c ' \
               apk update; apk add --no-cache \
                 ca-certificates iptables ip6tables dbus dbus-dev libpcap-dev build-base; \
-              go test -buildvcs=false -tags devcert -v -timeout 10m -p 1 $(go list -buildvcs=false ./... | grep -v -e /management -e /signal -e /relay -e /client/ui -e /upload-server)
+              go test -buildvcs=false -tags devcert -v -timeout 10m -p 1 $(go list -buildvcs=false ./... | grep -v -e /management -e /signal -e /relay -e /client/ui)
             '
 
   test_relay:

.goreleaser.yaml

@@ -96,20 +96,6 @@ builds:
       - -s -w -X github.com/netbirdio/netbird/version.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
     mod_timestamp: "{{ .CommitTimestamp }}"
 
-  - id: netbird-upload
-    dir: upload-server
-    env: [CGO_ENABLED=0]
-    binary: netbird-upload
-    goos:
-      - linux
-    goarch:
-      - amd64
-      - arm64
-      - arm
-    ldflags:
-      - -s -w -X github.com/netbirdio/netbird/version.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
-    mod_timestamp: "{{ .CommitTimestamp }}"
-
 universal_binaries:
   - id: netbird
 
@@ -423,52 +409,6 @@ dockers:
       - "--label=org.opencontainers.image.revision={{.FullCommit}}"
       - "--label=org.opencontainers.image.version={{.Version}}"
       - "--label=maintainer=dev@netbird.io"
-  - image_templates:
-      - netbirdio/upload:{{ .Version }}-amd64
-    ids:
-      - netbird-upload
-    goarch: amd64
-    use: buildx
-    dockerfile: upload-server/Dockerfile
-    build_flag_templates:
-      - "--platform=linux/amd64"
-      - "--label=org.opencontainers.image.created={{.Date}}"
-      - "--label=org.opencontainers.image.title={{.ProjectName}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - "--label=maintainer=dev@netbird.io"
-  - image_templates:
-      - netbirdio/upload:{{ .Version }}-arm64v8
-    ids:
-      - netbird-upload
-    goarch: arm64
-    use: buildx
-    dockerfile: upload-server/Dockerfile
-    build_flag_templates:
-      - "--platform=linux/arm64"
-      - "--label=org.opencontainers.image.created={{.Date}}"
-      - "--label=org.opencontainers.image.title={{.ProjectName}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - "--label=maintainer=dev@netbird.io"
-  - image_templates:
-      - netbirdio/upload:{{ .Version }}-arm
-    ids:
-      - netbird-upload
-    goarch: arm
-    goarm: 6
-    use: buildx
-    dockerfile: upload-server/Dockerfile
-    build_flag_templates:
-      - "--platform=linux/arm"
-      - "--label=org.opencontainers.image.created={{.Date}}"
-      - "--label=org.opencontainers.image.title={{.ProjectName}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - "--label=maintainer=dev@netbird.io"
 docker_manifests:
   - name_template: netbirdio/netbird:{{ .Version }}
     image_templates:
@@ -535,17 +475,7 @@ docker_manifests:
       - netbirdio/management:{{ .Version }}-debug-arm64v8
       - netbirdio/management:{{ .Version }}-debug-arm
       - netbirdio/management:{{ .Version }}-debug-amd64
-  - name_template: netbirdio/upload:{{ .Version }}
-    image_templates:
-      - netbirdio/upload:{{ .Version }}-arm64v8
-      - netbirdio/upload:{{ .Version }}-arm
-      - netbirdio/upload:{{ .Version }}-amd64
 
-  - name_template: netbirdio/upload:latest
-    image_templates:
-      - netbirdio/upload:{{ .Version }}-arm64v8
-      - netbirdio/upload:{{ .Version }}-arm
-      - netbirdio/upload:{{ .Version }}-amd64
 brews:
   - ids:
       - default

client/cmd/debug.go

@@ -87,27 +87,16 @@ func debugBundle(cmd *cobra.Command, _ []string) error {
 	}()
 
 	client := proto.NewDaemonServiceClient(conn)
-	request := &proto.DebugBundleRequest{
+	resp, err := client.DebugBundle(cmd.Context(), &proto.DebugBundleRequest{
 		Anonymize:  anonymizeFlag,
 		Status:     getStatusOutput(cmd, anonymizeFlag),
 		SystemInfo: debugSystemInfoFlag,
-	}
-	if debugUploadBundle {
-		request.UploadURL = debugUploadBundleURL
-	}
-	resp, err := client.DebugBundle(cmd.Context(), request)
+	})
 	if err != nil {
 		return fmt.Errorf("failed to bundle debug: %v", status.Convert(err).Message())
 	}
-	cmd.Printf("Local file:\n%s\n", resp.GetPath())
 
-	if resp.GetUploadFailureReason() != "" {
-		return fmt.Errorf("upload failed: %s", resp.GetUploadFailureReason())
-	}
-
-	if debugUploadBundle {
-		cmd.Printf("Upload file key:\n%s\n", resp.GetUploadedKey())
-	}
+	cmd.Println(resp.GetPath())
 
 	return nil
 }
@@ -222,19 +211,23 @@ func runForDuration(cmd *cobra.Command, args []string) error {
 
 	headerPreDown := fmt.Sprintf("----- Netbird pre-down - Timestamp: %s - Duration: %s", time.Now().Format(time.RFC3339), duration)
 	statusOutput = fmt.Sprintf("%s\n%s\n%s", statusOutput, headerPreDown, getStatusOutput(cmd, anonymizeFlag))
-	request := &proto.DebugBundleRequest{
+
+	resp, err := client.DebugBundle(cmd.Context(), &proto.DebugBundleRequest{
 		Anonymize:  anonymizeFlag,
 		Status:     statusOutput,
 		SystemInfo: debugSystemInfoFlag,
-	}
-	if debugUploadBundle {
-		request.UploadURL = debugUploadBundleURL
-	}
-	resp, err := client.DebugBundle(cmd.Context(), request)
+	})
 	if err != nil {
 		return fmt.Errorf("failed to bundle debug: %v", status.Convert(err).Message())
 	}
 
+	// Disable network map persistence after creating the debug bundle
+	if _, err := client.SetNetworkMapPersistence(cmd.Context(), &proto.SetNetworkMapPersistenceRequest{
+		Enabled: false,
+	}); err != nil {
+		return fmt.Errorf("failed to disable network map persistence: %v", status.Convert(err).Message())
+	}
+
 	if stateWasDown {
 		if _, err := client.Down(cmd.Context(), &proto.DownRequest{}); err != nil {
 			return fmt.Errorf("failed to down: %v", status.Convert(err).Message())
@@ -249,15 +242,7 @@ func runForDuration(cmd *cobra.Command, args []string) error {
 		cmd.Println("Log level restored to", initialLogLevel.GetLevel())
 	}
 
-	cmd.Printf("Local file:\n%s\n", resp.GetPath())
-
-	if resp.GetUploadFailureReason() != "" {
-		return fmt.Errorf("upload failed: %s", resp.GetUploadFailureReason())
-	}
-
-	if debugUploadBundle {
-		cmd.Printf("Upload file key:\n%s\n", resp.GetUploadedKey())
-	}
+	cmd.Println(resp.GetPath())
 
 	return nil
 }

client/cmd/root.go

@@ -22,7 +22,6 @@ import (
 	"google.golang.org/grpc/credentials/insecure"
 
 	"github.com/netbirdio/netbird/client/internal"
-	"github.com/netbirdio/netbird/upload-server/types"
 )
 
 const (
@@ -40,8 +39,6 @@ const (
 	dnsRouteIntervalFlag    = "dns-router-interval"
 	systemInfoFlag          = "system-info"
 	blockLANAccessFlag      = "block-lan-access"
-	uploadBundle            = "upload-bundle"
-	uploadBundleURL         = "upload-bundle-url"
 )
 
 var (
@@ -78,8 +75,6 @@ var (
 	debugSystemInfoFlag     bool
 	dnsRouteInterval        time.Duration
 	blockLANAccess          bool
-	debugUploadBundle       bool
-	debugUploadBundleURL    string
 
 	rootCmd = &cobra.Command{
 		Use:          "netbird",
@@ -186,8 +181,6 @@ func init() {
 	upCmd.PersistentFlags().BoolVar(&autoConnectDisabled, disableAutoConnectFlag, false, "Disables auto-connect feature. If enabled, then the client won't connect automatically when the service starts.")
 
 	debugCmd.PersistentFlags().BoolVarP(&debugSystemInfoFlag, systemInfoFlag, "S", true, "Adds system information to the debug bundle")
-	debugCmd.PersistentFlags().BoolVarP(&debugUploadBundle, uploadBundle, "U", false, fmt.Sprintf("Uploads the debug bundle to a server from URL defined by %s", uploadBundleURL))
-	debugCmd.PersistentFlags().StringVar(&debugUploadBundleURL, uploadBundleURL, types.DefaultBundleURL, "Service URL to get an URL to upload the debug bundle")
 }
 
 // SetupCloseHandler handles SIGTERM signal and exits with success

client/internal/dns/handler_chain_test.go

@@ -1,6 +1,7 @@
 package dns_test
 
 import (
+	"net"
 	"testing"
 
 	"github.com/miekg/dns"
@@ -8,7 +9,6 @@ import (
 	"github.com/stretchr/testify/mock"
 
 	nbdns "github.com/netbirdio/netbird/client/internal/dns"
-	"github.com/netbirdio/netbird/client/internal/dns/test"
 )
 
 // TestHandlerChain_ServeDNS_Priorities tests that handlers are executed in priority order
@@ -30,7 +30,7 @@ func TestHandlerChain_ServeDNS_Priorities(t *testing.T) {
 	r.SetQuestion("example.com.", dns.TypeA)
 
 	// Create test writer
-	w := &nbdns.ResponseWriterChain{ResponseWriter: &test.MockResponseWriter{}}
+	w := &nbdns.ResponseWriterChain{ResponseWriter: &mockResponseWriter{}}
 
 	// Setup expectations - only highest priority handler should be called
 	dnsRouteHandler.On("ServeDNS", mock.Anything, r).Once()
@@ -142,7 +142,7 @@ func TestHandlerChain_ServeDNS_DomainMatching(t *testing.T) {
 
 			r := new(dns.Msg)
 			r.SetQuestion(tt.queryDomain, dns.TypeA)
-			w := &nbdns.ResponseWriterChain{ResponseWriter: &test.MockResponseWriter{}}
+			w := &nbdns.ResponseWriterChain{ResponseWriter: &mockResponseWriter{}}
 
 			chain.ServeDNS(w, r)
 
@@ -259,7 +259,7 @@ func TestHandlerChain_ServeDNS_OverlappingDomains(t *testing.T) {
 			// Create and execute request
 			r := new(dns.Msg)
 			r.SetQuestion(tt.queryDomain, dns.TypeA)
-			w := &nbdns.ResponseWriterChain{ResponseWriter: &test.MockResponseWriter{}}
+			w := &nbdns.ResponseWriterChain{ResponseWriter: &mockResponseWriter{}}
 			chain.ServeDNS(w, r)
 
 			// Verify expectations
@@ -316,7 +316,7 @@ func TestHandlerChain_ServeDNS_ChainContinuation(t *testing.T) {
 	}).Once()
 
 	// Execute
-	w := &nbdns.ResponseWriterChain{ResponseWriter: &test.MockResponseWriter{}}
+	w := &nbdns.ResponseWriterChain{ResponseWriter: &mockResponseWriter{}}
 	chain.ServeDNS(w, r)
 
 	// Verify all handlers were called in order
@@ -325,6 +325,20 @@ func TestHandlerChain_ServeDNS_ChainContinuation(t *testing.T) {
 	handler3.AssertExpectations(t)
 }
 
+// mockResponseWriter implements dns.ResponseWriter for testing
+type mockResponseWriter struct {
+	mock.Mock
+}
+
+func (m *mockResponseWriter) LocalAddr() net.Addr       { return nil }
+func (m *mockResponseWriter) RemoteAddr() net.Addr      { return nil }
+func (m *mockResponseWriter) WriteMsg(*dns.Msg) error   { return nil }
+func (m *mockResponseWriter) Write([]byte) (int, error) { return 0, nil }
+func (m *mockResponseWriter) Close() error              { return nil }
+func (m *mockResponseWriter) TsigStatus() error         { return nil }
+func (m *mockResponseWriter) TsigTimersOnly(bool)       {}
+func (m *mockResponseWriter) Hijack()                   {}
+
 func TestHandlerChain_PriorityDeregistration(t *testing.T) {
 	tests := []struct {
 		name string
@@ -411,7 +425,7 @@ func TestHandlerChain_PriorityDeregistration(t *testing.T) {
 			// Create test request
 			r := new(dns.Msg)
 			r.SetQuestion(tt.query, dns.TypeA)
-			w := &nbdns.ResponseWriterChain{ResponseWriter: &test.MockResponseWriter{}}
+			w := &nbdns.ResponseWriterChain{ResponseWriter: &mockResponseWriter{}}
 
 			// Setup expectations
 			for priority, handler := range handlers {
@@ -457,7 +471,7 @@ func TestHandlerChain_MultiPriorityHandling(t *testing.T) {
 	chain.AddHandler(testDomain, matchHandler, nbdns.PriorityMatchDomain)
 
 	// Test 1: Initial state
-	w1 := &nbdns.ResponseWriterChain{ResponseWriter: &test.MockResponseWriter{}}
+	w1 := &nbdns.ResponseWriterChain{ResponseWriter: &mockResponseWriter{}}
 	// Highest priority handler (routeHandler) should be called
 	routeHandler.On("ServeDNS", mock.Anything, r).Return().Once()
 	matchHandler.On("ServeDNS", mock.Anything, r).Maybe()   // Ensure others are not expected yet
@@ -476,7 +490,7 @@ func TestHandlerChain_MultiPriorityHandling(t *testing.T) {
 	// Test 2: Remove highest priority handler
 	chain.RemoveHandler(testDomain, nbdns.PriorityDNSRoute)
 
-	w2 := &nbdns.ResponseWriterChain{ResponseWriter: &test.MockResponseWriter{}}
+	w2 := &nbdns.ResponseWriterChain{ResponseWriter: &mockResponseWriter{}}
 	// Now middle priority handler (matchHandler) should be called
 	matchHandler.On("ServeDNS", mock.Anything, r).Return().Once()
 	defaultHandler.On("ServeDNS", mock.Anything, r).Maybe() // Ensure default is not expected yet
@@ -492,7 +506,7 @@ func TestHandlerChain_MultiPriorityHandling(t *testing.T) {
 	// Test 3: Remove middle priority handler
 	chain.RemoveHandler(testDomain, nbdns.PriorityMatchDomain)
 
-	w3 := &nbdns.ResponseWriterChain{ResponseWriter: &test.MockResponseWriter{}}
+	w3 := &nbdns.ResponseWriterChain{ResponseWriter: &mockResponseWriter{}}
 	// Now lowest priority handler (defaultHandler) should be called
 	defaultHandler.On("ServeDNS", mock.Anything, r).Return().Once()
 
@@ -505,7 +519,7 @@ func TestHandlerChain_MultiPriorityHandling(t *testing.T) {
 	// Test 4: Remove last handler
 	chain.RemoveHandler(testDomain, nbdns.PriorityDefault)
 
-	w4 := &nbdns.ResponseWriterChain{ResponseWriter: &test.MockResponseWriter{}}
+	w4 := &nbdns.ResponseWriterChain{ResponseWriter: &mockResponseWriter{}}
 	chain.ServeDNS(w4, r) // Call ServeDNS on the now empty chain for this domain
 
 	for _, m := range mocks {
@@ -661,7 +675,7 @@ func TestHandlerChain_CaseSensitivity(t *testing.T) {
 			// Execute request
 			r := new(dns.Msg)
 			r.SetQuestion(tt.query, dns.TypeA)
-			chain.ServeDNS(&test.MockResponseWriter{}, r)
+			chain.ServeDNS(&mockResponseWriter{}, r)
 
 			// Verify each handler was called exactly as expected
 			for _, h := range tt.addHandlers {
@@ -805,7 +819,7 @@ func TestHandlerChain_DomainSpecificityOrdering(t *testing.T) {
 
 			r := new(dns.Msg)
 			r.SetQuestion(tt.query, dns.TypeA)
-			w := &nbdns.ResponseWriterChain{ResponseWriter: &test.MockResponseWriter{}}
+			w := &nbdns.ResponseWriterChain{ResponseWriter: &mockResponseWriter{}}
 
 			// Setup handler expectations
 			for pattern, handler := range handlers {
@@ -955,7 +969,7 @@ func TestHandlerChain_AddRemoveRoundtrip(t *testing.T) {
 			handler := &nbdns.MockHandler{}
 			r := new(dns.Msg)
 			r.SetQuestion(tt.queryPattern, dns.TypeA)
-			w := &nbdns.ResponseWriterChain{ResponseWriter: &test.MockResponseWriter{}}
+			w := &nbdns.ResponseWriterChain{ResponseWriter: &mockResponseWriter{}}
 
 			// First verify no handler is called before adding any
 			chain.ServeDNS(w, r)

client/internal/dns/local.go

@@ -0,0 +1,130 @@
+package dns
+
+import (
+	"fmt"
+	"strings"
+	"sync"
+
+	"github.com/miekg/dns"
+	log "github.com/sirupsen/logrus"
+
+	nbdns "github.com/netbirdio/netbird/dns"
+)
+
+type registrationMap map[string]struct{}
+
+type localResolver struct {
+	registeredMap registrationMap
+	records       sync.Map // key: string (domain_class_type), value: []dns.RR
+}
+
+func (d *localResolver) MatchSubdomains() bool {
+	return true
+}
+
+func (d *localResolver) stop() {
+}
+
+// String returns a string representation of the local resolver
+func (d *localResolver) String() string {
+	return fmt.Sprintf("local resolver [%d records]", len(d.registeredMap))
+}
+
+// ID returns the unique handler ID
+func (d *localResolver) id() handlerID {
+	return "local-resolver"
+}
+
+// ServeDNS handles a DNS request
+func (d *localResolver) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
+	if len(r.Question) > 0 {
+		log.Tracef("received local question: domain=%s type=%v class=%v", r.Question[0].Name, r.Question[0].Qtype, r.Question[0].Qclass)
+	}
+
+	replyMessage := &dns.Msg{}
+	replyMessage.SetReply(r)
+	replyMessage.RecursionAvailable = true
+
+	// lookup all records matching the question
+	records := d.lookupRecords(r)
+	if len(records) > 0 {
+		replyMessage.Rcode = dns.RcodeSuccess
+		replyMessage.Answer = append(replyMessage.Answer, records...)
+	} else {
+		replyMessage.Rcode = dns.RcodeNameError
+	}
+
+	err := w.WriteMsg(replyMessage)
+	if err != nil {
+		log.Debugf("got an error while writing the local resolver response, error: %v", err)
+	}
+}
+
+// lookupRecords fetches *all* DNS records matching the first question in r.
+func (d *localResolver) lookupRecords(r *dns.Msg) []dns.RR {
+	if len(r.Question) == 0 {
+		return nil
+	}
+	question := r.Question[0]
+	question.Name = strings.ToLower(question.Name)
+	key := buildRecordKey(question.Name, question.Qclass, question.Qtype)
+
+	value, found := d.records.Load(key)
+	if !found {
+		// alternatively check if we have a cname
+		if question.Qtype != dns.TypeCNAME {
+			r.Question[0].Qtype = dns.TypeCNAME
+			return d.lookupRecords(r)
+		}
+
+		return nil
+	}
+
+	records, ok := value.([]dns.RR)
+	if !ok {
+		log.Errorf("failed to cast records to []dns.RR, records: %v", value)
+		return nil
+	}
+
+	// if there's more than one record, rotate them (round-robin)
+	if len(records) > 1 {
+		first := records[0]
+		records = append(records[1:], first)
+		d.records.Store(key, records)
+	}
+
+	return records
+}
+
+// registerRecord stores a new record by appending it to any existing list
+func (d *localResolver) registerRecord(record nbdns.SimpleRecord) (string, error) {
+	rr, err := dns.NewRR(record.String())
+	if err != nil {
+		return "", fmt.Errorf("register record: %w", err)
+	}
+
+	rr.Header().Rdlength = record.Len()
+	header := rr.Header()
+	key := buildRecordKey(header.Name, header.Class, header.Rrtype)
+
+	// load any existing slice of records, then append
+	existing, _ := d.records.LoadOrStore(key, []dns.RR{})
+	records := existing.([]dns.RR)
+	records = append(records, rr)
+
+	// store updated slice
+	d.records.Store(key, records)
+	return key, nil
+}
+
+// deleteRecord removes *all* records under the recordKey.
+func (d *localResolver) deleteRecord(recordKey string) {
+	d.records.Delete(dns.Fqdn(recordKey))
+}
+
+// buildRecordKey consistently generates a key: name_class_type
+func buildRecordKey(name string, class, qType uint16) string {
+	return fmt.Sprintf("%s_%d_%d", dns.Fqdn(name), class, qType)
+}
+
+func (d *localResolver) probeAvailability() {}

client/internal/dns/local/local.go

@@ -1,149 +0,0 @@
-package local
-
-import (
-	"fmt"
-	"slices"
-	"strings"
-	"sync"
-
-	"github.com/miekg/dns"
-	log "github.com/sirupsen/logrus"
-	"golang.org/x/exp/maps"
-
-	"github.com/netbirdio/netbird/client/internal/dns/types"
-	nbdns "github.com/netbirdio/netbird/dns"
-)
-
-type Resolver struct {
-	mu      sync.RWMutex
-	records map[dns.Question][]dns.RR
-}
-
-func NewResolver() *Resolver {
-	return &Resolver{
-		records: make(map[dns.Question][]dns.RR),
-	}
-}
-
-func (d *Resolver) MatchSubdomains() bool {
-	return true
-}
-
-// String returns a string representation of the local resolver
-func (d *Resolver) String() string {
-	return fmt.Sprintf("local resolver [%d records]", len(d.records))
-}
-
-func (d *Resolver) Stop() {}
-
-// ID returns the unique handler ID
-func (d *Resolver) ID() types.HandlerID {
-	return "local-resolver"
-}
-
-func (d *Resolver) ProbeAvailability() {}
-
-// ServeDNS handles a DNS request
-func (d *Resolver) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
-	if len(r.Question) == 0 {
-		log.Debugf("received local resolver request with no question")
-		return
-	}
-	question := r.Question[0]
-	question.Name = strings.ToLower(dns.Fqdn(question.Name))
-
-	log.Tracef("received local question: domain=%s type=%v class=%v", r.Question[0].Name, question.Qtype, question.Qclass)
-
-	replyMessage := &dns.Msg{}
-	replyMessage.SetReply(r)
-	replyMessage.RecursionAvailable = true
-
-	// lookup all records matching the question
-	records := d.lookupRecords(question)
-	if len(records) > 0 {
-		replyMessage.Rcode = dns.RcodeSuccess
-		replyMessage.Answer = append(replyMessage.Answer, records...)
-	} else {
-		// TODO: return success if we have a different record type for the same name, relevant for search domains
-		replyMessage.Rcode = dns.RcodeNameError
-	}
-
-	if err := w.WriteMsg(replyMessage); err != nil {
-		log.Warnf("failed to write the local resolver response: %v", err)
-	}
-}
-
-// lookupRecords fetches *all* DNS records matching the first question in r.
-func (d *Resolver) lookupRecords(question dns.Question) []dns.RR {
-	d.mu.RLock()
-	records, found := d.records[question]
-
-	if !found {
-		d.mu.RUnlock()
-		// alternatively check if we have a cname
-		if question.Qtype != dns.TypeCNAME {
-			question.Qtype = dns.TypeCNAME
-			return d.lookupRecords(question)
-		}
-		return nil
-	}
-
-	recordsCopy := slices.Clone(records)
-	d.mu.RUnlock()
-
-	// if there's more than one record, rotate them (round-robin)
-	if len(recordsCopy) > 1 {
-		d.mu.Lock()
-		records = d.records[question]
-		if len(records) > 1 {
-			first := records[0]
-			records = append(records[1:], first)
-			d.records[question] = records
-		}
-		d.mu.Unlock()
-	}
-
-	return recordsCopy
-}
-
-func (d *Resolver) Update(update []nbdns.SimpleRecord) {
-	d.mu.Lock()
-	defer d.mu.Unlock()
-
-	maps.Clear(d.records)
-
-	for _, rec := range update {
-		if err := d.registerRecord(rec); err != nil {
-			log.Warnf("failed to register the record (%s): %v", rec, err)
-			continue
-		}
-	}
-}
-
-// RegisterRecord stores a new record by appending it to any existing list
-func (d *Resolver) RegisterRecord(record nbdns.SimpleRecord) error {
-	d.mu.Lock()
-	defer d.mu.Unlock()
-
-	return d.registerRecord(record)
-}
-
-// registerRecord performs the registration with the lock already held
-func (d *Resolver) registerRecord(record nbdns.SimpleRecord) error {
-	rr, err := dns.NewRR(record.String())
-	if err != nil {
-		return fmt.Errorf("register record: %w", err)
-	}
-
-	rr.Header().Rdlength = record.Len()
-	header := rr.Header()
-	q := dns.Question{
-		Name:   strings.ToLower(dns.Fqdn(header.Name)),
-		Qtype:  header.Rrtype,
-		Qclass: header.Class,
-	}
-
-	d.records[q] = append(d.records[q], rr)
-
-	return nil
-}

client/internal/dns/local/local_test.go

@@ -1,472 +0,0 @@
-package local
-
-import (
-	"strings"
-	"testing"
-
-	"github.com/miekg/dns"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-
-	"github.com/netbirdio/netbird/client/internal/dns/test"
-	nbdns "github.com/netbirdio/netbird/dns"
-)
-
-func TestLocalResolver_ServeDNS(t *testing.T) {
-	recordA := nbdns.SimpleRecord{
-		Name:  "peera.netbird.cloud.",
-		Type:  1,
-		Class: nbdns.DefaultClass,
-		TTL:   300,
-		RData: "1.2.3.4",
-	}
-
-	recordCNAME := nbdns.SimpleRecord{
-		Name:  "peerb.netbird.cloud.",
-		Type:  5,
-		Class: nbdns.DefaultClass,
-		TTL:   300,
-		RData: "www.netbird.io",
-	}
-
-	testCases := []struct {
-		name                string
-		inputRecord         nbdns.SimpleRecord
-		inputMSG            *dns.Msg
-		responseShouldBeNil bool
-	}{
-		{
-			name:        "Should Resolve A Record",
-			inputRecord: recordA,
-			inputMSG:    new(dns.Msg).SetQuestion(recordA.Name, dns.TypeA),
-		},
-		{
-			name:        "Should Resolve CNAME Record",
-			inputRecord: recordCNAME,
-			inputMSG:    new(dns.Msg).SetQuestion(recordCNAME.Name, dns.TypeCNAME),
-		},
-		{
-			name:                "Should Not Write When Not Found A Record",
-			inputRecord:         recordA,
-			inputMSG:            new(dns.Msg).SetQuestion("not.found.com", dns.TypeA),
-			responseShouldBeNil: true,
-		},
-	}
-
-	for _, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			resolver := NewResolver()
-			_ = resolver.RegisterRecord(testCase.inputRecord)
-			var responseMSG *dns.Msg
-			responseWriter := &test.MockResponseWriter{
-				WriteMsgFunc: func(m *dns.Msg) error {
-					responseMSG = m
-					return nil
-				},
-			}
-
-			resolver.ServeDNS(responseWriter, testCase.inputMSG)
-
-			if responseMSG == nil || len(responseMSG.Answer) == 0 {
-				if testCase.responseShouldBeNil {
-					return
-				}
-				t.Fatalf("should write a response message")
-			}
-
-			answerString := responseMSG.Answer[0].String()
-			if !strings.Contains(answerString, testCase.inputRecord.Name) {
-				t.Fatalf("answer doesn't contain the same domain name: \nWant: %s\nGot:%s", testCase.name, answerString)
-			}
-			if !strings.Contains(answerString, dns.Type(testCase.inputRecord.Type).String()) {
-				t.Fatalf("answer doesn't contain the correct type: \nWant: %s\nGot:%s", dns.Type(testCase.inputRecord.Type).String(), answerString)
-			}
-			if !strings.Contains(answerString, testCase.inputRecord.RData) {
-				t.Fatalf("answer doesn't contain the same address: \nWant: %s\nGot:%s", testCase.inputRecord.RData, answerString)
-			}
-		})
-	}
-}
-
-// TestLocalResolver_Update_StaleRecord verifies that updating
-// a record correctly replaces the old one, preventing stale entries.
-func TestLocalResolver_Update_StaleRecord(t *testing.T) {
-	recordName := "host.example.com."
-	recordType := dns.TypeA
-	recordClass := dns.ClassINET
-
-	record1 := nbdns.SimpleRecord{
-		Name: recordName, Type: int(recordType), Class: nbdns.DefaultClass, TTL: 300, RData: "1.1.1.1",
-	}
-	record2 := nbdns.SimpleRecord{
-		Name: recordName, Type: int(recordType), Class: nbdns.DefaultClass, TTL: 300, RData: "2.2.2.2",
-	}
-
-	recordKey := dns.Question{Name: recordName, Qtype: uint16(recordClass), Qclass: recordType}
-
-	resolver := NewResolver()
-
-	update1 := []nbdns.SimpleRecord{record1}
-	update2 := []nbdns.SimpleRecord{record2}
-
-	// Apply first update
-	resolver.Update(update1)
-
-	// Verify first update
-	resolver.mu.RLock()
-	rrSlice1, found1 := resolver.records[recordKey]
-	resolver.mu.RUnlock()
-
-	require.True(t, found1, "Record key %s not found after first update", recordKey)
-	require.Len(t, rrSlice1, 1, "Should have exactly 1 record after first update")
-	assert.Contains(t, rrSlice1[0].String(), record1.RData, "Record after first update should be %s", record1.RData)
-
-	// Apply second update
-	resolver.Update(update2)
-
-	// Verify second update
-	resolver.mu.RLock()
-	rrSlice2, found2 := resolver.records[recordKey]
-	resolver.mu.RUnlock()
-
-	require.True(t, found2, "Record key %s not found after second update", recordKey)
-	require.Len(t, rrSlice2, 1, "Should have exactly 1 record after update overwriting the key")
-	assert.Contains(t, rrSlice2[0].String(), record2.RData, "The single record should be the updated one (%s)", record2.RData)
-	assert.NotContains(t, rrSlice2[0].String(), record1.RData, "The stale record (%s) should not be present", record1.RData)
-}
-
-// TestLocalResolver_MultipleRecords_SameQuestion verifies that multiple records
-// with the same question are stored properly
-func TestLocalResolver_MultipleRecords_SameQuestion(t *testing.T) {
-	resolver := NewResolver()
-
-	recordName := "multi.example.com."
-	recordType := dns.TypeA
-
-	// Create two records with the same name and type but different IPs
-	record1 := nbdns.SimpleRecord{
-		Name: recordName, Type: int(recordType), Class: nbdns.DefaultClass, TTL: 300, RData: "10.0.0.1",
-	}
-	record2 := nbdns.SimpleRecord{
-		Name: recordName, Type: int(recordType), Class: nbdns.DefaultClass, TTL: 300, RData: "10.0.0.2",
-	}
-
-	update := []nbdns.SimpleRecord{record1, record2}
-
-	// Apply update with both records
-	resolver.Update(update)
-
-	// Create question that matches both records
-	question := dns.Question{
-		Name:   recordName,
-		Qtype:  recordType,
-		Qclass: dns.ClassINET,
-	}
-
-	// Verify both records are stored
-	resolver.mu.RLock()
-	records, found := resolver.records[question]
-	resolver.mu.RUnlock()
-
-	require.True(t, found, "Records for question %v not found", question)
-	require.Len(t, records, 2, "Should have exactly 2 records for the same question")
-
-	// Verify both record data values are present
-	recordStrings := []string{records[0].String(), records[1].String()}
-	assert.Contains(t, recordStrings[0]+recordStrings[1], record1.RData, "First record data should be present")
-	assert.Contains(t, recordStrings[0]+recordStrings[1], record2.RData, "Second record data should be present")
-}
-
-// TestLocalResolver_RecordRotation verifies that records are rotated in a round-robin fashion
-func TestLocalResolver_RecordRotation(t *testing.T) {
-	resolver := NewResolver()
-
-	recordName := "rotation.example.com."
-	recordType := dns.TypeA
-
-	// Create three records with the same name and type but different IPs
-	record1 := nbdns.SimpleRecord{
-		Name: recordName, Type: int(recordType), Class: nbdns.DefaultClass, TTL: 300, RData: "192.168.1.1",
-	}
-	record2 := nbdns.SimpleRecord{
-		Name: recordName, Type: int(recordType), Class: nbdns.DefaultClass, TTL: 300, RData: "192.168.1.2",
-	}
-	record3 := nbdns.SimpleRecord{
-		Name: recordName, Type: int(recordType), Class: nbdns.DefaultClass, TTL: 300, RData: "192.168.1.3",
-	}
-
-	update := []nbdns.SimpleRecord{record1, record2, record3}
-
-	// Apply update with all three records
-	resolver.Update(update)
-
-	msg := new(dns.Msg).SetQuestion(recordName, recordType)
-
-	// First lookup - should return the records in original order
-	var responses [3]*dns.Msg
-
-	// Perform three lookups to verify rotation
-	for i := 0; i < 3; i++ {
-		responseWriter := &test.MockResponseWriter{
-			WriteMsgFunc: func(m *dns.Msg) error {
-				responses[i] = m
-				return nil
-			},
-		}
-
-		resolver.ServeDNS(responseWriter, msg)
-	}
-
-	// Verify all three responses contain answers
-	for i, resp := range responses {
-		require.NotNil(t, resp, "Response %d should not be nil", i)
-		require.Len(t, resp.Answer, 3, "Response %d should have 3 answers", i)
-	}
-
-	// Verify the first record in each response is different due to rotation
-	firstRecordIPs := []string{
-		responses[0].Answer[0].String(),
-		responses[1].Answer[0].String(),
-		responses[2].Answer[0].String(),
-	}
-
-	// Each record should be different (rotated)
-	assert.NotEqual(t, firstRecordIPs[0], firstRecordIPs[1], "First lookup should differ from second lookup due to rotation")
-	assert.NotEqual(t, firstRecordIPs[1], firstRecordIPs[2], "Second lookup should differ from third lookup due to rotation")
-	assert.NotEqual(t, firstRecordIPs[0], firstRecordIPs[2], "First lookup should differ from third lookup due to rotation")
-
-	// After three rotations, we should have cycled through all records
-	assert.Contains(t, firstRecordIPs[0]+firstRecordIPs[1]+firstRecordIPs[2], record1.RData)
-	assert.Contains(t, firstRecordIPs[0]+firstRecordIPs[1]+firstRecordIPs[2], record2.RData)
-	assert.Contains(t, firstRecordIPs[0]+firstRecordIPs[1]+firstRecordIPs[2], record3.RData)
-}
-
-// TestLocalResolver_CaseInsensitiveMatching verifies that DNS record lookups are case-insensitive
-func TestLocalResolver_CaseInsensitiveMatching(t *testing.T) {
-	resolver := NewResolver()
-
-	// Create record with lowercase name
-	lowerCaseRecord := nbdns.SimpleRecord{
-		Name:  "lower.example.com.",
-		Type:  int(dns.TypeA),
-		Class: nbdns.DefaultClass,
-		TTL:   300,
-		RData: "10.10.10.10",
-	}
-
-	// Create record with mixed case name
-	mixedCaseRecord := nbdns.SimpleRecord{
-		Name:  "MiXeD.ExAmPlE.CoM.",
-		Type:  int(dns.TypeA),
-		Class: nbdns.DefaultClass,
-		TTL:   300,
-		RData: "20.20.20.20",
-	}
-
-	// Update resolver with the records
-	resolver.Update([]nbdns.SimpleRecord{lowerCaseRecord, mixedCaseRecord})
-
-	testCases := []struct {
-		name          string
-		queryName     string
-		expectedRData string
-		shouldResolve bool
-	}{
-		{
-			name:          "Query lowercase with lowercase record",
-			queryName:     "lower.example.com.",
-			expectedRData: "10.10.10.10",
-			shouldResolve: true,
-		},
-		{
-			name:          "Query uppercase with lowercase record",
-			queryName:     "LOWER.EXAMPLE.COM.",
-			expectedRData: "10.10.10.10",
-			shouldResolve: true,
-		},
-		{
-			name:          "Query mixed case with lowercase record",
-			queryName:     "LoWeR.eXaMpLe.CoM.",
-			expectedRData: "10.10.10.10",
-			shouldResolve: true,
-		},
-		{
-			name:          "Query lowercase with mixed case record",
-			queryName:     "mixed.example.com.",
-			expectedRData: "20.20.20.20",
-			shouldResolve: true,
-		},
-		{
-			name:          "Query uppercase with mixed case record",
-			queryName:     "MIXED.EXAMPLE.COM.",
-			expectedRData: "20.20.20.20",
-			shouldResolve: true,
-		},
-		{
-			name:          "Query with different casing pattern",
-			queryName:     "mIxEd.ExaMpLe.cOm.",
-			expectedRData: "20.20.20.20",
-			shouldResolve: true,
-		},
-		{
-			name:          "Query non-existent domain",
-			queryName:     "nonexistent.example.com.",
-			shouldResolve: false,
-		},
-	}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			var responseMSG *dns.Msg
-
-			// Create DNS query with the test case name
-			msg := new(dns.Msg).SetQuestion(tc.queryName, dns.TypeA)
-
-			// Create mock response writer to capture the response
-			responseWriter := &test.MockResponseWriter{
-				WriteMsgFunc: func(m *dns.Msg) error {
-					responseMSG = m
-					return nil
-				},
-			}
-
-			// Perform DNS query
-			resolver.ServeDNS(responseWriter, msg)
-
-			// Check if we expect a successful resolution
-			if !tc.shouldResolve {
-				if responseMSG == nil || len(responseMSG.Answer) == 0 {
-					// Expected no answer, test passes
-					return
-				}
-				t.Fatalf("Expected no resolution for %s, but got answer: %v", tc.queryName, responseMSG.Answer)
-			}
-
-			// Verify we got a response
-			require.NotNil(t, responseMSG, "Should have received a response message")
-			require.Greater(t, len(responseMSG.Answer), 0, "Response should contain at least one answer")
-
-			// Verify the response contains the expected data
-			answerString := responseMSG.Answer[0].String()
-			assert.Contains(t, answerString, tc.expectedRData,
-				"Answer should contain the expected IP address %s, got: %s",
-				tc.expectedRData, answerString)
-		})
-	}
-}
-
-// TestLocalResolver_CNAMEFallback verifies that the resolver correctly falls back
-// to checking for CNAME records when the requested record type isn't found
-func TestLocalResolver_CNAMEFallback(t *testing.T) {
-	resolver := NewResolver()
-
-	// Create a CNAME record (but no A record for this name)
-	cnameRecord := nbdns.SimpleRecord{
-		Name:  "alias.example.com.",
-		Type:  int(dns.TypeCNAME),
-		Class: nbdns.DefaultClass,
-		TTL:   300,
-		RData: "target.example.com.",
-	}
-
-	// Create an A record for the CNAME target
-	targetRecord := nbdns.SimpleRecord{
-		Name:  "target.example.com.",
-		Type:  int(dns.TypeA),
-		Class: nbdns.DefaultClass,
-		TTL:   300,
-		RData: "192.168.100.100",
-	}
-
-	// Update resolver with both records
-	resolver.Update([]nbdns.SimpleRecord{cnameRecord, targetRecord})
-
-	testCases := []struct {
-		name          string
-		queryName     string
-		queryType     uint16
-		expectedType  string
-		expectedRData string
-		shouldResolve bool
-	}{
-		{
-			name:          "Directly query CNAME record",
-			queryName:     "alias.example.com.",
-			queryType:     dns.TypeCNAME,
-			expectedType:  "CNAME",
-			expectedRData: "target.example.com.",
-			shouldResolve: true,
-		},
-		{
-			name:          "Query A record but get CNAME fallback",
-			queryName:     "alias.example.com.",
-			queryType:     dns.TypeA,
-			expectedType:  "CNAME",
-			expectedRData: "target.example.com.",
-			shouldResolve: true,
-		},
-		{
-			name:          "Query AAAA record but get CNAME fallback",
-			queryName:     "alias.example.com.",
-			queryType:     dns.TypeAAAA,
-			expectedType:  "CNAME",
-			expectedRData: "target.example.com.",
-			shouldResolve: true,
-		},
-		{
-			name:          "Query direct A record",
-			queryName:     "target.example.com.",
-			queryType:     dns.TypeA,
-			expectedType:  "A",
-			expectedRData: "192.168.100.100",
-			shouldResolve: true,
-		},
-		{
-			name:          "Query non-existent name",
-			queryName:     "nonexistent.example.com.",
-			queryType:     dns.TypeA,
-			shouldResolve: false,
-		},
-	}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			var responseMSG *dns.Msg
-
-			// Create DNS query with the test case parameters
-			msg := new(dns.Msg).SetQuestion(tc.queryName, tc.queryType)
-
-			// Create mock response writer to capture the response
-			responseWriter := &test.MockResponseWriter{
-				WriteMsgFunc: func(m *dns.Msg) error {
-					responseMSG = m
-					return nil
-				},
-			}
-
-			// Perform DNS query
-			resolver.ServeDNS(responseWriter, msg)
-
-			// Check if we expect a successful resolution
-			if !tc.shouldResolve {
-				if responseMSG == nil || len(responseMSG.Answer) == 0 || responseMSG.Rcode != dns.RcodeSuccess {
-					// Expected no resolution, test passes
-					return
-				}
-				t.Fatalf("Expected no resolution for %s, but got answer: %v", tc.queryName, responseMSG.Answer)
-			}
-
-			// Verify we got a successful response
-			require.NotNil(t, responseMSG, "Should have received a response message")
-			require.Equal(t, dns.RcodeSuccess, responseMSG.Rcode, "Response should have success status code")
-			require.Greater(t, len(responseMSG.Answer), 0, "Response should contain at least one answer")
-
-			// Verify the response contains the expected data
-			answerString := responseMSG.Answer[0].String()
-			assert.Contains(t, answerString, tc.expectedType,
-				"Answer should be of type %s, got: %s", tc.expectedType, answerString)
-			assert.Contains(t, answerString, tc.expectedRData,
-				"Answer should contain the expected data %s, got: %s", tc.expectedRData, answerString)
-		})
-	}
-}

client/internal/dns/local_test.go

@@ -0,0 +1,88 @@
+package dns
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/miekg/dns"
+
+	nbdns "github.com/netbirdio/netbird/dns"
+)
+
+func TestLocalResolver_ServeDNS(t *testing.T) {
+	recordA := nbdns.SimpleRecord{
+		Name:  "peera.netbird.cloud.",
+		Type:  1,
+		Class: nbdns.DefaultClass,
+		TTL:   300,
+		RData: "1.2.3.4",
+	}
+
+	recordCNAME := nbdns.SimpleRecord{
+		Name:  "peerb.netbird.cloud.",
+		Type:  5,
+		Class: nbdns.DefaultClass,
+		TTL:   300,
+		RData: "www.netbird.io",
+	}
+
+	testCases := []struct {
+		name                string
+		inputRecord         nbdns.SimpleRecord
+		inputMSG            *dns.Msg
+		responseShouldBeNil bool
+	}{
+		{
+			name:        "Should Resolve A Record",
+			inputRecord: recordA,
+			inputMSG:    new(dns.Msg).SetQuestion(recordA.Name, dns.TypeA),
+		},
+		{
+			name:        "Should Resolve CNAME Record",
+			inputRecord: recordCNAME,
+			inputMSG:    new(dns.Msg).SetQuestion(recordCNAME.Name, dns.TypeCNAME),
+		},
+		{
+			name:                "Should Not Write When Not Found A Record",
+			inputRecord:         recordA,
+			inputMSG:            new(dns.Msg).SetQuestion("not.found.com", dns.TypeA),
+			responseShouldBeNil: true,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			resolver := &localResolver{
+				registeredMap: make(registrationMap),
+			}
+			_, _ = resolver.registerRecord(testCase.inputRecord)
+			var responseMSG *dns.Msg
+			responseWriter := &mockResponseWriter{
+				WriteMsgFunc: func(m *dns.Msg) error {
+					responseMSG = m
+					return nil
+				},
+			}
+
+			resolver.ServeDNS(responseWriter, testCase.inputMSG)
+
+			if responseMSG == nil || len(responseMSG.Answer) == 0 {
+				if testCase.responseShouldBeNil {
+					return
+				}
+				t.Fatalf("should write a response message")
+			}
+
+			answerString := responseMSG.Answer[0].String()
+			if !strings.Contains(answerString, testCase.inputRecord.Name) {
+				t.Fatalf("answer doesn't contain the same domain name: \nWant: %s\nGot:%s", testCase.name, answerString)
+			}
+			if !strings.Contains(answerString, dns.Type(testCase.inputRecord.Type).String()) {
+				t.Fatalf("answer doesn't contain the correct type: \nWant: %s\nGot:%s", dns.Type(testCase.inputRecord.Type).String(), answerString)
+			}
+			if !strings.Contains(answerString, testCase.inputRecord.RData) {
+				t.Fatalf("answer doesn't contain the same address: \nWant: %s\nGot:%s", testCase.inputRecord.RData, answerString)
+			}
+		})
+	}
+}

client/internal/dns/mock_test.go

@@ -0,0 +1,26 @@
+package dns
+
+import (
+	"net"
+
+	"github.com/miekg/dns"
+)
+
+type mockResponseWriter struct {
+	WriteMsgFunc func(m *dns.Msg) error
+}
+
+func (rw *mockResponseWriter) WriteMsg(m *dns.Msg) error {
+	if rw.WriteMsgFunc != nil {
+		return rw.WriteMsgFunc(m)
+	}
+	return nil
+}
+
+func (rw *mockResponseWriter) LocalAddr() net.Addr       { return nil }
+func (rw *mockResponseWriter) RemoteAddr() net.Addr      { return nil }
+func (rw *mockResponseWriter) Write([]byte) (int, error) { return 0, nil }
+func (rw *mockResponseWriter) Close() error              { return nil }
+func (rw *mockResponseWriter) TsigStatus() error         { return nil }
+func (rw *mockResponseWriter) TsigTimersOnly(bool)       {}
+func (rw *mockResponseWriter) Hijack()                   {}

client/internal/dns/server.go

@@ -15,8 +15,6 @@ import (
 	"golang.org/x/exp/maps"
 
 	"github.com/netbirdio/netbird/client/iface/netstack"
-	"github.com/netbirdio/netbird/client/internal/dns/local"
-	"github.com/netbirdio/netbird/client/internal/dns/types"
 	"github.com/netbirdio/netbird/client/internal/listener"
 	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/client/internal/statemanager"
@@ -48,6 +46,8 @@ type Server interface {
 	ProbeAvailability()
 }
 
+type handlerID string
+
 type nsGroupsByDomain struct {
 	domain string
 	groups []*nbdns.NameServerGroup
@@ -61,7 +61,7 @@ type DefaultServer struct {
 	mux                sync.Mutex
 	service            service
 	dnsMuxMap          registeredHandlerMap
-	localResolver      *local.Resolver
+	localResolver      *localResolver
 	wgInterface        WGIface
 	hostManager        hostManager
 	updateSerial       uint64
@@ -84,9 +84,9 @@ type DefaultServer struct {
 
 type handlerWithStop interface {
 	dns.Handler
-	Stop()
-	ProbeAvailability()
-	ID() types.HandlerID
+	stop()
+	probeAvailability()
+	id() handlerID
 }
 
 type handlerWrapper struct {
@@ -95,7 +95,7 @@ type handlerWrapper struct {
 	priority int
 }
 
-type registeredHandlerMap map[types.HandlerID]handlerWrapper
+type registeredHandlerMap map[handlerID]handlerWrapper
 
 // NewDefaultServer returns a new dns server
 func NewDefaultServer(
@@ -171,14 +171,16 @@ func newDefaultServer(
 	handlerChain := NewHandlerChain()
 	ctx, stop := context.WithCancel(ctx)
 	defaultServer := &DefaultServer{
-		ctx:            ctx,
-		ctxCancel:      stop,
-		disableSys:     disableSys,
-		service:        dnsService,
-		handlerChain:   handlerChain,
-		extraDomains:   make(map[domain.Domain]int),
-		dnsMuxMap:      make(registeredHandlerMap),
-		localResolver:  local.NewResolver(),
+		ctx:          ctx,
+		ctxCancel:    stop,
+		disableSys:   disableSys,
+		service:      dnsService,
+		handlerChain: handlerChain,
+		extraDomains: make(map[domain.Domain]int),
+		dnsMuxMap:    make(registeredHandlerMap),
+		localResolver: &localResolver{
+			registeredMap: make(registrationMap),
+		},
 		wgInterface:    wgInterface,
 		statusRecorder: statusRecorder,
 		stateManager:   stateManager,
@@ -401,7 +403,7 @@ func (s *DefaultServer) ProbeAvailability() {
 		wg.Add(1)
 		go func(mux handlerWithStop) {
 			defer wg.Done()
-			mux.ProbeAvailability()
+			mux.probeAvailability()
 		}(mux.handler)
 	}
 	wg.Wait()
@@ -418,7 +420,7 @@ func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
 		s.service.Stop()
 	}
 
-	localMuxUpdates, localRecords, err := s.buildLocalHandlerUpdate(update.CustomZones)
+	localMuxUpdates, localRecordsByDomain, err := s.buildLocalHandlerUpdate(update.CustomZones)
 	if err != nil {
 		return fmt.Errorf("local handler updater: %w", err)
 	}
@@ -432,7 +434,7 @@ func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
 	s.updateMux(muxUpdates)
 
 	// register local records
-	s.localResolver.Update(localRecords)
+	s.updateLocalResolver(localRecordsByDomain)
 
 	s.currentConfig = dnsConfigToHostDNSConfig(update, s.service.RuntimeIP(), s.service.RuntimePort())
 
@@ -514,9 +516,11 @@ func (s *DefaultServer) handleErrNoGroupaAll(err error) {
 	)
 }
 
-func (s *DefaultServer) buildLocalHandlerUpdate(customZones []nbdns.CustomZone) ([]handlerWrapper, []nbdns.SimpleRecord, error) {
+func (s *DefaultServer) buildLocalHandlerUpdate(
+	customZones []nbdns.CustomZone,
+) ([]handlerWrapper, map[string][]nbdns.SimpleRecord, error) {
 	var muxUpdates []handlerWrapper
-	var localRecords []nbdns.SimpleRecord
+	localRecords := make(map[string][]nbdns.SimpleRecord)
 
 	for _, customZone := range customZones {
 		if len(customZone.Records) == 0 {
@@ -530,13 +534,17 @@ func (s *DefaultServer) buildLocalHandlerUpdate(customZones []nbdns.CustomZone)
 			priority: PriorityMatchDomain,
 		})
 
+		// group all records under this domain
 		for _, record := range customZone.Records {
+			var class uint16 = dns.ClassINET
 			if record.Class != nbdns.DefaultClass {
 				log.Warnf("received an invalid class type: %s", record.Class)
 				continue
 			}
-			// zone records contain the fqdn, so we can just flatten them
-			localRecords = append(localRecords, record)
+
+			key := buildRecordKey(record.Name, class, uint16(record.Type))
+
+			localRecords[key] = append(localRecords[key], record)
 		}
 	}
 
@@ -619,7 +627,7 @@ func (s *DefaultServer) createHandlersForDomainGroup(domainGroup nsGroupsByDomai
 		}
 
 		if len(handler.upstreamServers) == 0 {
-			handler.Stop()
+			handler.stop()
 			log.Errorf("received a nameserver group with an invalid nameserver list")
 			continue
 		}
@@ -648,7 +656,7 @@ func (s *DefaultServer) updateMux(muxUpdates []handlerWrapper) {
 	// this will introduce a short period of time when the server is not able to handle DNS requests
 	for _, existing := range s.dnsMuxMap {
 		s.deregisterHandler([]string{existing.domain}, existing.priority)
-		existing.handler.Stop()
+		existing.handler.stop()
 	}
 
 	muxUpdateMap := make(registeredHandlerMap)
@@ -659,7 +667,7 @@ func (s *DefaultServer) updateMux(muxUpdates []handlerWrapper) {
 			containsRootUpdate = true
 		}
 		s.registerHandler([]string{update.domain}, update.handler, update.priority)
-		muxUpdateMap[update.handler.ID()] = update
+		muxUpdateMap[update.handler.id()] = update
 	}
 
 	// If there's no root update and we had a root handler, restore it
@@ -675,6 +683,33 @@ func (s *DefaultServer) updateMux(muxUpdates []handlerWrapper) {
 	s.dnsMuxMap = muxUpdateMap
 }
 
+func (s *DefaultServer) updateLocalResolver(update map[string][]nbdns.SimpleRecord) {
+	// remove old records that are no longer present
+	for key := range s.localResolver.registeredMap {
+		_, found := update[key]
+		if !found {
+			s.localResolver.deleteRecord(key)
+		}
+	}
+
+	updatedMap := make(registrationMap)
+	for _, recs := range update {
+		for _, rec := range recs {
+			// convert the record to a dns.RR and register
+			key, err := s.localResolver.registerRecord(rec)
+			if err != nil {
+				log.Warnf("got an error while registering the record (%s), error: %v",
+					rec.String(), err)
+				continue
+			}
+
+			updatedMap[key] = struct{}{}
+		}
+	}
+
+	s.localResolver.registeredMap = updatedMap
+}
+
 func getNSHostPort(ns nbdns.NameServer) string {
 	return fmt.Sprintf("%s:%d", ns.IP.String(), ns.Port)
 }

client/internal/dns/server_test.go

@@ -23,9 +23,6 @@ import (
 	"github.com/netbirdio/netbird/client/iface/device"
 	pfmock "github.com/netbirdio/netbird/client/iface/mocks"
 	"github.com/netbirdio/netbird/client/iface/wgaddr"
-	"github.com/netbirdio/netbird/client/internal/dns/local"
-	"github.com/netbirdio/netbird/client/internal/dns/test"
-	"github.com/netbirdio/netbird/client/internal/dns/types"
 	"github.com/netbirdio/netbird/client/internal/netflow"
 	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/client/internal/statemanager"
@@ -110,7 +107,6 @@ func generateDummyHandler(domain string, servers []nbdns.NameServer) *upstreamRe
 }
 
 func TestUpdateDNSServer(t *testing.T) {
-
 	nameServers := []nbdns.NameServer{
 		{
 			IP:     netip.MustParseAddr("8.8.8.8"),
@@ -124,21 +120,22 @@ func TestUpdateDNSServer(t *testing.T) {
 		},
 	}
 
-	dummyHandler := local.NewResolver()
+	dummyHandler := &localResolver{}
 
 	testCases := []struct {
 		name                string
 		initUpstreamMap     registeredHandlerMap
-		initLocalRecords    []nbdns.SimpleRecord
+		initLocalMap        registrationMap
 		initSerial          uint64
 		inputSerial         uint64
 		inputUpdate         nbdns.Config
 		shouldFail          bool
 		expectedUpstreamMap registeredHandlerMap
-		expectedLocalQs     []dns.Question
+		expectedLocalMap    registrationMap
 	}{
 		{
 			name:            "Initial Config Should Succeed",
+			initLocalMap:    make(registrationMap),
 			initUpstreamMap: make(registeredHandlerMap),
 			initSerial:      0,
 			inputSerial:     1,
@@ -162,30 +159,30 @@ func TestUpdateDNSServer(t *testing.T) {
 				},
 			},
 			expectedUpstreamMap: registeredHandlerMap{
-				generateDummyHandler("netbird.io", nameServers).ID(): handlerWrapper{
+				generateDummyHandler("netbird.io", nameServers).id(): handlerWrapper{
 					domain:   "netbird.io",
 					handler:  dummyHandler,
 					priority: PriorityMatchDomain,
 				},
-				dummyHandler.ID(): handlerWrapper{
+				dummyHandler.id(): handlerWrapper{
 					domain:   "netbird.cloud",
 					handler:  dummyHandler,
 					priority: PriorityMatchDomain,
 				},
-				generateDummyHandler(".", nameServers).ID(): handlerWrapper{
+				generateDummyHandler(".", nameServers).id(): handlerWrapper{
 					domain:   nbdns.RootZone,
 					handler:  dummyHandler,
 					priority: PriorityDefault,
 				},
 			},
-			expectedLocalQs: []dns.Question{{Name: "peera.netbird.cloud.", Qtype: dns.TypeA, Qclass: dns.ClassINET}},
+			expectedLocalMap: registrationMap{buildRecordKey(zoneRecords[0].Name, 1, 1): struct{}{}},
 		},
 		{
-			name:             "New Config Should Succeed",
-			initLocalRecords: []nbdns.SimpleRecord{{Name: "netbird.cloud", Type: 1, Class: nbdns.DefaultClass, TTL: 300, RData: "10.0.0.1"}},
+			name:         "New Config Should Succeed",
+			initLocalMap: registrationMap{"netbird.cloud": struct{}{}},
 			initUpstreamMap: registeredHandlerMap{
-				generateDummyHandler(zoneRecords[0].Name, nameServers).ID(): handlerWrapper{
-					domain:   "netbird.cloud",
+				generateDummyHandler(zoneRecords[0].Name, nameServers).id(): handlerWrapper{
+					domain:   buildRecordKey(zoneRecords[0].Name, 1, 1),
 					handler:  dummyHandler,
 					priority: PriorityMatchDomain,
 				},
@@ -208,7 +205,7 @@ func TestUpdateDNSServer(t *testing.T) {
 				},
 			},
 			expectedUpstreamMap: registeredHandlerMap{
-				generateDummyHandler("netbird.io", nameServers).ID(): handlerWrapper{
+				generateDummyHandler("netbird.io", nameServers).id(): handlerWrapper{
 					domain:   "netbird.io",
 					handler:  dummyHandler,
 					priority: PriorityMatchDomain,
@@ -219,22 +216,22 @@ func TestUpdateDNSServer(t *testing.T) {
 					priority: PriorityMatchDomain,
 				},
 			},
-			expectedLocalQs: []dns.Question{{Name: zoneRecords[0].Name, Qtype: 1, Qclass: 1}},
+			expectedLocalMap: registrationMap{buildRecordKey(zoneRecords[0].Name, 1, 1): struct{}{}},
 		},
 		{
-			name:             "Smaller Config Serial Should Be Skipped",
-			initLocalRecords: []nbdns.SimpleRecord{},
-			initUpstreamMap:  make(registeredHandlerMap),
-			initSerial:       2,
-			inputSerial:      1,
-			shouldFail:       true,
+			name:            "Smaller Config Serial Should Be Skipped",
+			initLocalMap:    make(registrationMap),
+			initUpstreamMap: make(registeredHandlerMap),
+			initSerial:      2,
+			inputSerial:     1,
+			shouldFail:      true,
 		},
 		{
-			name:             "Empty NS Group Domain Or Not Primary Element Should Fail",
-			initLocalRecords: []nbdns.SimpleRecord{},
-			initUpstreamMap:  make(registeredHandlerMap),
-			initSerial:       0,
-			inputSerial:      1,
+			name:            "Empty NS Group Domain Or Not Primary Element Should Fail",
+			initLocalMap:    make(registrationMap),
+			initUpstreamMap: make(registeredHandlerMap),
+			initSerial:      0,
+			inputSerial:     1,
 			inputUpdate: nbdns.Config{
 				ServiceEnable: true,
 				CustomZones: []nbdns.CustomZone{
@@ -252,11 +249,11 @@ func TestUpdateDNSServer(t *testing.T) {
 			shouldFail: true,
 		},
 		{
-			name:             "Invalid NS Group Nameservers list Should Fail",
-			initLocalRecords: []nbdns.SimpleRecord{},
-			initUpstreamMap:  make(registeredHandlerMap),
-			initSerial:       0,
-			inputSerial:      1,
+			name:            "Invalid NS Group Nameservers list Should Fail",
+			initLocalMap:    make(registrationMap),
+			initUpstreamMap: make(registeredHandlerMap),
+			initSerial:      0,
+			inputSerial:     1,
 			inputUpdate: nbdns.Config{
 				ServiceEnable: true,
 				CustomZones: []nbdns.CustomZone{
@@ -274,11 +271,11 @@ func TestUpdateDNSServer(t *testing.T) {
 			shouldFail: true,
 		},
 		{
-			name:             "Invalid Custom Zone Records list Should Skip",
-			initLocalRecords: []nbdns.SimpleRecord{},
-			initUpstreamMap:  make(registeredHandlerMap),
-			initSerial:       0,
-			inputSerial:      1,
+			name:            "Invalid Custom Zone Records list Should Skip",
+			initLocalMap:    make(registrationMap),
+			initUpstreamMap: make(registeredHandlerMap),
+			initSerial:      0,
+			inputSerial:     1,
 			inputUpdate: nbdns.Config{
 				ServiceEnable: true,
 				CustomZones: []nbdns.CustomZone{
@@ -293,17 +290,17 @@ func TestUpdateDNSServer(t *testing.T) {
 					},
 				},
 			},
-			expectedUpstreamMap: registeredHandlerMap{generateDummyHandler(".", nameServers).ID(): handlerWrapper{
+			expectedUpstreamMap: registeredHandlerMap{generateDummyHandler(".", nameServers).id(): handlerWrapper{
 				domain:   ".",
 				handler:  dummyHandler,
 				priority: PriorityDefault,
 			}},
 		},
 		{
-			name:             "Empty Config Should Succeed and Clean Maps",
-			initLocalRecords: []nbdns.SimpleRecord{{Name: "netbird.cloud", Type: int(dns.TypeA), Class: nbdns.DefaultClass, TTL: 300, RData: "10.0.0.1"}},
+			name:         "Empty Config Should Succeed and Clean Maps",
+			initLocalMap: registrationMap{"netbird.cloud": struct{}{}},
 			initUpstreamMap: registeredHandlerMap{
-				generateDummyHandler(zoneRecords[0].Name, nameServers).ID(): handlerWrapper{
+				generateDummyHandler(zoneRecords[0].Name, nameServers).id(): handlerWrapper{
 					domain:   zoneRecords[0].Name,
 					handler:  dummyHandler,
 					priority: PriorityMatchDomain,
@@ -313,13 +310,13 @@ func TestUpdateDNSServer(t *testing.T) {
 			inputSerial:         1,
 			inputUpdate:         nbdns.Config{ServiceEnable: true},
 			expectedUpstreamMap: make(registeredHandlerMap),
-			expectedLocalQs:     []dns.Question{},
+			expectedLocalMap:    make(registrationMap),
 		},
 		{
-			name:             "Disabled Service Should clean map",
-			initLocalRecords: []nbdns.SimpleRecord{{Name: "netbird.cloud", Type: int(dns.TypeA), Class: nbdns.DefaultClass, TTL: 300, RData: "10.0.0.1"}},
+			name:         "Disabled Service Should clean map",
+			initLocalMap: registrationMap{"netbird.cloud": struct{}{}},
 			initUpstreamMap: registeredHandlerMap{
-				generateDummyHandler(zoneRecords[0].Name, nameServers).ID(): handlerWrapper{
+				generateDummyHandler(zoneRecords[0].Name, nameServers).id(): handlerWrapper{
 					domain:   zoneRecords[0].Name,
 					handler:  dummyHandler,
 					priority: PriorityMatchDomain,
@@ -329,7 +326,7 @@ func TestUpdateDNSServer(t *testing.T) {
 			inputSerial:         1,
 			inputUpdate:         nbdns.Config{ServiceEnable: false},
 			expectedUpstreamMap: make(registeredHandlerMap),
-			expectedLocalQs:     []dns.Question{},
+			expectedLocalMap:    make(registrationMap),
 		},
 	}
 
@@ -380,7 +377,7 @@ func TestUpdateDNSServer(t *testing.T) {
 			}()
 
 			dnsServer.dnsMuxMap = testCase.initUpstreamMap
-			dnsServer.localResolver.Update(testCase.initLocalRecords)
+			dnsServer.localResolver.registeredMap = testCase.initLocalMap
 			dnsServer.updateSerial = testCase.initSerial
 
 			err = dnsServer.UpdateDNSServer(testCase.inputSerial, testCase.inputUpdate)
@@ -402,23 +399,15 @@ func TestUpdateDNSServer(t *testing.T) {
 				}
 			}
 
-			var responseMSG *dns.Msg
-			responseWriter := &test.MockResponseWriter{
-				WriteMsgFunc: func(m *dns.Msg) error {
-					responseMSG = m
-					return nil
-				},
-			}
-			for _, q := range testCase.expectedLocalQs {
-				dnsServer.localResolver.ServeDNS(responseWriter, &dns.Msg{
-					Question: []dns.Question{q},
-				})
+			if len(dnsServer.localResolver.registeredMap) != len(testCase.expectedLocalMap) {
+				t.Fatalf("update local failed, registered map size is different than expected, want %d, got %d", len(testCase.expectedLocalMap), len(dnsServer.localResolver.registeredMap))
 			}
 
-			if len(testCase.expectedLocalQs) > 0 {
-				assert.NotNil(t, responseMSG, "response message should not be nil")
-				assert.Equal(t, dns.RcodeSuccess, responseMSG.Rcode, "response code should be success")
-				assert.NotEmpty(t, responseMSG.Answer, "response message should have answers")
+			for key := range testCase.expectedLocalMap {
+				_, found := dnsServer.localResolver.registeredMap[key]
+				if !found {
+					t.Fatalf("update local failed, key %s was not found in the localResolver.registeredMap: %#v", key, dnsServer.localResolver.registeredMap)
+				}
 			}
 		})
 	}
@@ -502,12 +491,11 @@ func TestDNSFakeResolverHandleUpdates(t *testing.T) {
 	dnsServer.dnsMuxMap = registeredHandlerMap{
 		"id1": handlerWrapper{
 			domain:   zoneRecords[0].Name,
-			handler:  &local.Resolver{},
+			handler:  &localResolver{},
 			priority: PriorityMatchDomain,
 		},
 	}
-	//dnsServer.localResolver.RegisteredMap = local.RegistrationMap{local.BuildRecordKey("netbird.cloud", dns.ClassINET, dns.TypeA): struct{}{}}
-	dnsServer.localResolver.Update([]nbdns.SimpleRecord{{Name: "netbird.cloud", Type: int(dns.TypeA), Class: nbdns.DefaultClass, TTL: 300, RData: "10.0.0.1"}})
+	dnsServer.localResolver.registeredMap = registrationMap{"netbird.cloud": struct{}{}}
 	dnsServer.updateSerial = 0
 
 	nameServers := []nbdns.NameServer{
@@ -594,7 +582,7 @@ func TestDNSServerStartStop(t *testing.T) {
 			}
 			time.Sleep(100 * time.Millisecond)
 			defer dnsServer.Stop()
-			err = dnsServer.localResolver.RegisterRecord(zoneRecords[0])
+			_, err = dnsServer.localResolver.registerRecord(zoneRecords[0])
 			if err != nil {
 				t.Error(err)
 			}
@@ -642,11 +630,13 @@ func TestDNSServerStartStop(t *testing.T) {
 func TestDNSServerUpstreamDeactivateCallback(t *testing.T) {
 	hostManager := &mockHostConfigurator{}
 	server := DefaultServer{
-		ctx:           context.Background(),
-		service:       NewServiceViaMemory(&mocWGIface{}),
-		localResolver: local.NewResolver(),
-		handlerChain:  NewHandlerChain(),
-		hostManager:   hostManager,
+		ctx:     context.Background(),
+		service: NewServiceViaMemory(&mocWGIface{}),
+		localResolver: &localResolver{
+			registeredMap: make(registrationMap),
+		},
+		handlerChain: NewHandlerChain(),
+		hostManager:  hostManager,
 		currentConfig: HostDNSConfig{
 			Domains: []DomainConfig{
 				{false, "domain0", false},
@@ -1014,7 +1004,7 @@ func TestHandlerChain_DomainPriorities(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			r := new(dns.Msg)
 			r.SetQuestion(tc.query, dns.TypeA)
-			w := &ResponseWriterChain{ResponseWriter: &test.MockResponseWriter{}}
+			w := &ResponseWriterChain{ResponseWriter: &mockResponseWriter{}}
 
 			if mh, ok := tc.expectedHandler.(*MockHandler); ok {
 				mh.On("ServeDNS", mock.Anything, r).Once()
@@ -1047,9 +1037,9 @@ type mockHandler struct {
 }
 
 func (m *mockHandler) ServeDNS(dns.ResponseWriter, *dns.Msg) {}
-func (m *mockHandler) Stop()                                 {}
-func (m *mockHandler) ProbeAvailability()                    {}
-func (m *mockHandler) ID() types.HandlerID                   { return types.HandlerID(m.Id) }
+func (m *mockHandler) stop()                                 {}
+func (m *mockHandler) probeAvailability()                    {}
+func (m *mockHandler) id() handlerID                         { return handlerID(m.Id) }
 
 type mockService struct{}
 
@@ -1123,7 +1113,7 @@ func TestDefaultServer_UpdateMux(t *testing.T) {
 		name             string
 		initialHandlers  registeredHandlerMap
 		updates          []handlerWrapper
-		expectedHandlers map[string]string // map[HandlerID]domain
+		expectedHandlers map[string]string // map[handlerID]domain
 		description      string
 	}{
 		{
@@ -1419,7 +1409,7 @@ func TestDefaultServer_UpdateMux(t *testing.T) {
 
 			// Check each expected handler
 			for id, expectedDomain := range tt.expectedHandlers {
-				handler, exists := server.dnsMuxMap[types.HandlerID(id)]
+				handler, exists := server.dnsMuxMap[handlerID(id)]
 				assert.True(t, exists, "Expected handler %s not found", id)
 				if exists {
 					assert.Equal(t, expectedDomain, handler.domain,
@@ -1428,9 +1418,9 @@ func TestDefaultServer_UpdateMux(t *testing.T) {
 			}
 
 			// Verify no unexpected handlers exist
-			for HandlerID := range server.dnsMuxMap {
-				_, expected := tt.expectedHandlers[string(HandlerID)]
-				assert.True(t, expected, "Unexpected handler found: %s", HandlerID)
+			for handlerID := range server.dnsMuxMap {
+				_, expected := tt.expectedHandlers[string(handlerID)]
+				assert.True(t, expected, "Unexpected handler found: %s", handlerID)
 			}
 
 			// Verify the handlerChain state and order
@@ -1706,7 +1696,7 @@ func TestExtraDomains(t *testing.T) {
 				handlerChain:   NewHandlerChain(),
 				wgInterface:    &mocWGIface{},
 				hostManager:    mockHostConfig,
-				localResolver:  &local.Resolver{},
+				localResolver:  &localResolver{},
 				service:        mockSvc,
 				statusRecorder: peer.NewRecorder("test"),
 				extraDomains:   make(map[domain.Domain]int),
@@ -1791,7 +1781,7 @@ func TestExtraDomainsRefCounting(t *testing.T) {
 		ctx:            context.Background(),
 		handlerChain:   NewHandlerChain(),
 		hostManager:    mockHostConfig,
-		localResolver:  &local.Resolver{},
+		localResolver:  &localResolver{},
 		service:        mockSvc,
 		statusRecorder: peer.NewRecorder("test"),
 		extraDomains:   make(map[domain.Domain]int),
@@ -1843,7 +1833,7 @@ func TestUpdateConfigWithExistingExtraDomains(t *testing.T) {
 		ctx:            context.Background(),
 		handlerChain:   NewHandlerChain(),
 		hostManager:    mockHostConfig,
-		localResolver:  &local.Resolver{},
+		localResolver:  &localResolver{},
 		service:        mockSvc,
 		statusRecorder: peer.NewRecorder("test"),
 		extraDomains:   make(map[domain.Domain]int),
@@ -1926,7 +1916,7 @@ func TestDomainCaseHandling(t *testing.T) {
 		ctx:            context.Background(),
 		handlerChain:   NewHandlerChain(),
 		hostManager:    mockHostConfig,
-		localResolver:  &local.Resolver{},
+		localResolver:  &localResolver{},
 		service:        mockSvc,
 		statusRecorder: peer.NewRecorder("test"),
 		extraDomains:   make(map[domain.Domain]int),

client/internal/dns/test/mock.go

@@ -1,26 +0,0 @@
-package test
-
-import (
-	"net"
-
-	"github.com/miekg/dns"
-)
-
-type MockResponseWriter struct {
-	WriteMsgFunc func(m *dns.Msg) error
-}
-
-func (rw *MockResponseWriter) WriteMsg(m *dns.Msg) error {
-	if rw.WriteMsgFunc != nil {
-		return rw.WriteMsgFunc(m)
-	}
-	return nil
-}
-
-func (rw *MockResponseWriter) LocalAddr() net.Addr       { return nil }
-func (rw *MockResponseWriter) RemoteAddr() net.Addr      { return nil }
-func (rw *MockResponseWriter) Write([]byte) (int, error) { return 0, nil }
-func (rw *MockResponseWriter) Close() error              { return nil }
-func (rw *MockResponseWriter) TsigStatus() error         { return nil }
-func (rw *MockResponseWriter) TsigTimersOnly(bool)       {}
-func (rw *MockResponseWriter) Hijack()                   {}

client/internal/dns/types/types.go

@@ -1,3 +0,0 @@
-package types
-
-type HandlerID string

client/internal/dns/upstream.go

@@ -19,7 +19,6 @@ import (
 	log "github.com/sirupsen/logrus"
 
 	"github.com/netbirdio/netbird/client/iface"
-	"github.com/netbirdio/netbird/client/internal/dns/types"
 	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/client/proto"
 )
@@ -82,21 +81,21 @@ func (u *upstreamResolverBase) String() string {
 }
 
 // ID returns the unique handler ID
-func (u *upstreamResolverBase) ID() types.HandlerID {
+func (u *upstreamResolverBase) id() handlerID {
 	servers := slices.Clone(u.upstreamServers)
 	slices.Sort(servers)
 
 	hash := sha256.New()
 	hash.Write([]byte(u.domain + ":"))
 	hash.Write([]byte(strings.Join(servers, ",")))
-	return types.HandlerID("upstream-" + hex.EncodeToString(hash.Sum(nil)[:8]))
+	return handlerID("upstream-" + hex.EncodeToString(hash.Sum(nil)[:8]))
 }
 
 func (u *upstreamResolverBase) MatchSubdomains() bool {
 	return true
 }
 
-func (u *upstreamResolverBase) Stop() {
+func (u *upstreamResolverBase) stop() {
 	log.Debugf("stopping serving DNS for upstreams %s", u.upstreamServers)
 	u.cancel()
 }
@@ -199,9 +198,9 @@ func (u *upstreamResolverBase) checkUpstreamFails(err error) {
 	)
 }
 
-// ProbeAvailability tests all upstream servers simultaneously and
+// probeAvailability tests all upstream servers simultaneously and
 // disables the resolver if none work
-func (u *upstreamResolverBase) ProbeAvailability() {
+func (u *upstreamResolverBase) probeAvailability() {
 	u.mutex.Lock()
 	defer u.mutex.Unlock()
 

client/internal/dns/upstream_test.go

@@ -8,8 +8,6 @@ import (
 	"time"
 
 	"github.com/miekg/dns"
-
-	"github.com/netbirdio/netbird/client/internal/dns/test"
 )
 
 func TestUpstreamResolver_ServeDNS(t *testing.T) {
@@ -68,7 +66,7 @@ func TestUpstreamResolver_ServeDNS(t *testing.T) {
 			}
 
 			var responseMSG *dns.Msg
-			responseWriter := &test.MockResponseWriter{
+			responseWriter := &mockResponseWriter{
 				WriteMsgFunc: func(m *dns.Msg) error {
 					responseMSG = m
 					return nil
@@ -132,7 +130,7 @@ func TestUpstreamResolver_DeactivationReactivation(t *testing.T) {
 	resolver.failsTillDeact = 0
 	resolver.reactivatePeriod = time.Microsecond * 100
 
-	responseWriter := &test.MockResponseWriter{
+	responseWriter := &mockResponseWriter{
 		WriteMsgFunc: func(m *dns.Msg) error { return nil },
 	}
 

client/internal/dnsfwd/forwarder.go

@@ -33,8 +33,6 @@ type DNSForwarder struct {
 
 	dnsServer *dns.Server
 	mux       *dns.ServeMux
-	tcpServer *dns.Server
-	tcpMux    *dns.ServeMux
 
 	mutex      sync.RWMutex
 	fwdEntries []*ForwarderEntry
@@ -52,41 +50,22 @@ func NewDNSForwarder(listenAddress string, ttl uint32, firewall firewall.Manager
 }
 
 func (f *DNSForwarder) Listen(entries []*ForwarderEntry) error {
-	log.Infof("starting DNS forwarder on address=%s", f.listenAddress)
-
-	// UDP server
+	log.Infof("listen DNS forwarder on address=%s", f.listenAddress)
 	mux := dns.NewServeMux()
-	f.mux = mux
-	f.dnsServer = &dns.Server{
+
+	dnsServer := &dns.Server{
 		Addr:    f.listenAddress,
 		Net:     "udp",
 		Handler: mux,
 	}
-	// TCP server
-	tcpMux := dns.NewServeMux()
-	f.tcpMux = tcpMux
-	f.tcpServer = &dns.Server{
-		Addr:    f.listenAddress,
-		Net:     "tcp",
-		Handler: tcpMux,
-	}
+	f.dnsServer = dnsServer
+	f.mux = mux
 
 	f.UpdateDomains(entries)
 
-	errCh := make(chan error, 2)
-
-	go func() {
-		log.Infof("DNS UDP listener running on %s", f.listenAddress)
-		errCh <- f.dnsServer.ListenAndServe()
-	}()
-	go func() {
-		log.Infof("DNS TCP listener running on %s", f.listenAddress)
-		errCh <- f.tcpServer.ListenAndServe()
-	}()
-
-	// return the first error we get (e.g. bind failure or shutdown)
-	return <-errCh
+	return dnsServer.ListenAndServe()
 }
+
 func (f *DNSForwarder) UpdateDomains(entries []*ForwarderEntry) {
 	f.mutex.Lock()
 	defer f.mutex.Unlock()
@@ -98,41 +77,31 @@ func (f *DNSForwarder) UpdateDomains(entries []*ForwarderEntry) {
 	}
 
 	oldDomains := filterDomains(f.fwdEntries)
+
 	for _, d := range oldDomains {
 		f.mux.HandleRemove(d.PunycodeString())
-		f.tcpMux.HandleRemove(d.PunycodeString())
 	}
 
 	newDomains := filterDomains(entries)
 	for _, d := range newDomains {
-		f.mux.HandleFunc(d.PunycodeString(), f.handleDNSQueryUDP)
-		f.tcpMux.HandleFunc(d.PunycodeString(), f.handleDNSQueryTCP)
+		f.mux.HandleFunc(d.PunycodeString(), f.handleDNSQuery)
 	}
 
 	f.fwdEntries = entries
+
 	log.Debugf("Updated domains from %v to %v", oldDomains, newDomains)
 }
 
 func (f *DNSForwarder) Close(ctx context.Context) error {
-	var result *multierror.Error
-
-	if f.dnsServer != nil {
-		if err := f.dnsServer.ShutdownContext(ctx); err != nil {
-			result = multierror.Append(result, fmt.Errorf("UDP shutdown: %w", err))
-		}
+	if f.dnsServer == nil {
+		return nil
 	}
-	if f.tcpServer != nil {
-		if err := f.tcpServer.ShutdownContext(ctx); err != nil {
-			result = multierror.Append(result, fmt.Errorf("TCP shutdown: %w", err))
-		}
-	}
-
-	return nberrors.FormatErrorOrNil(result)
+	return f.dnsServer.ShutdownContext(ctx)
 }
 
-func (f *DNSForwarder) handleDNSQuery(w dns.ResponseWriter, query *dns.Msg) *dns.Msg {
+func (f *DNSForwarder) handleDNSQuery(w dns.ResponseWriter, query *dns.Msg) {
 	if len(query.Question) == 0 {
-		return nil
+		return
 	}
 	question := query.Question[0]
 	log.Tracef("received DNS request for DNS forwarder: domain=%v type=%v class=%v",
@@ -154,53 +123,20 @@ func (f *DNSForwarder) handleDNSQuery(w dns.ResponseWriter, query *dns.Msg) *dns
 		if err := w.WriteMsg(resp); err != nil {
 			log.Errorf("failed to write DNS response: %v", err)
 		}
-		return nil
+		return
 	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), upstreamTimeout)
 	defer cancel()
 	ips, err := net.DefaultResolver.LookupNetIP(ctx, network, domain)
 	if err != nil {
-		f.handleDNSError(w, query, resp, domain, err)
-		return nil
+		f.handleDNSError(w, resp, domain, err)
+		return
 	}
 
 	f.updateInternalState(domain, ips)
 	f.addIPsToResponse(resp, domain, ips)
 
-	return resp
-}
-
-func (f *DNSForwarder) handleDNSQueryUDP(w dns.ResponseWriter, query *dns.Msg) {
-
-	resp := f.handleDNSQuery(w, query)
-	if resp == nil {
-		return
-	}
-
-	opt := query.IsEdns0()
-	maxSize := dns.MinMsgSize
-	if opt != nil {
-		// client advertised a larger EDNS0 buffer
-		maxSize = int(opt.UDPSize())
-	}
-
-	// if our response is too big, truncate and set the TC bit
-	if resp.Len() > maxSize {
-		resp.Truncate(maxSize)
-	}
-
-	if err := w.WriteMsg(resp); err != nil {
-		log.Errorf("failed to write DNS response: %v", err)
-	}
-}
-
-func (f *DNSForwarder) handleDNSQueryTCP(w dns.ResponseWriter, query *dns.Msg) {
-	resp := f.handleDNSQuery(w, query)
-	if resp == nil {
-		return
-	}
-
 	if err := w.WriteMsg(resp); err != nil {
 		log.Errorf("failed to write DNS response: %v", err)
 	}
@@ -243,7 +179,7 @@ func (f *DNSForwarder) updateFirewall(matchingEntries []*ForwarderEntry, prefixe
 }
 
 // handleDNSError processes DNS lookup errors and sends an appropriate error response
-func (f *DNSForwarder) handleDNSError(w dns.ResponseWriter, query, resp *dns.Msg, domain string, err error) {
+func (f *DNSForwarder) handleDNSError(w dns.ResponseWriter, resp *dns.Msg, domain string, err error) {
 	var dnsErr *net.DNSError
 
 	switch {
@@ -255,7 +191,7 @@ func (f *DNSForwarder) handleDNSError(w dns.ResponseWriter, query, resp *dns.Msg
 		}
 
 		if dnsErr.Server != "" {
-			log.Warnf("failed to resolve query for type=%s domain=%s server=%s: %v", dns.TypeToString[query.Question[0].Qtype], domain, dnsErr.Server, err)
+			log.Warnf("failed to resolve query for domain=%s server=%s: %v", domain, dnsErr.Server, err)
 		} else {
 			log.Warnf(errResolveFailed, domain, err)
 		}

client/internal/dnsfwd/manager.go

@@ -33,7 +33,6 @@ type Manager struct {
 	statusRecorder *peer.Status
 
 	fwRules      []firewall.Rule
-	tcpRules     []firewall.Rule
 	dnsForwarder *DNSForwarder
 }
 
@@ -108,13 +107,6 @@ func (m *Manager) allowDNSFirewall() error {
 	}
 	m.fwRules = dnsRules
 
-	tcpRules, err := m.firewall.AddPeerFiltering(nil, net.IP{0, 0, 0, 0}, firewall.ProtocolTCP, nil, dport, firewall.ActionAccept, "")
-	if err != nil {
-		log.Errorf("failed to add allow DNS router rules, err: %v", err)
-		return err
-	}
-	m.tcpRules = tcpRules
-
 	return nil
 }
 
@@ -125,13 +117,7 @@ func (m *Manager) dropDNSFirewall() error {
 			mErr = multierror.Append(mErr, fmt.Errorf("failed to delete DNS router rules, err: %v", err))
 		}
 	}
-	for _, rule := range m.tcpRules {
-		if err := m.firewall.DeletePeerRule(rule); err != nil {
-			mErr = multierror.Append(mErr, fmt.Errorf("failed to delete DNS router rules, err: %v", err))
-		}
-	}
 
 	m.fwRules = nil
-	m.tcpRules = nil
 	return nberrors.FormatErrorOrNil(mErr)
 }

client/internal/networkmonitor/check_change_bsd.go

@@ -19,7 +19,7 @@ import (
 func checkChange(ctx context.Context, nexthopv4, nexthopv6 systemops.Nexthop) error {
 	fd, err := unix.Socket(syscall.AF_ROUTE, syscall.SOCK_RAW, syscall.AF_UNSPEC)
 	if err != nil {
-		return fmt.Errorf("open routing socket: %v", err)
+		return fmt.Errorf("failed to open routing socket: %v", err)
 	}
 	defer func() {
 		err := unix.Close(fd)

client/internal/networkmonitor/check_change_windows.go

@@ -13,7 +13,7 @@ import (
 func checkChange(ctx context.Context, nexthopv4, nexthopv6 systemops.Nexthop) error {
 	routeMonitor, err := systemops.NewRouteMonitor(ctx)
 	if err != nil {
-		return fmt.Errorf("create route monitor: %w", err)
+		return fmt.Errorf("failed to create route monitor: %w", err)
 	}
 	defer func() {
 		if err := routeMonitor.Stop(); err != nil {
@@ -38,46 +38,32 @@ func checkChange(ctx context.Context, nexthopv4, nexthopv6 systemops.Nexthop) er
 }
 
 func routeChanged(route systemops.RouteUpdate, nexthopv4, nexthopv6 systemops.Nexthop) bool {
-	if intf := route.NextHop.Intf; intf != nil && isSoftInterface(intf.Name) {
-		log.Debugf("Network monitor: ignoring default route change for next hop with soft interface %s", route.NextHop)
-		return false
-	}
-
-	// TODO: for the empty nexthop ip (on-link), determine the family differently
-	nexthop := nexthopv4
-	if route.NextHop.IP.Is6() {
-		nexthop = nexthopv6
+	intf := "<nil>"
+	if route.Interface != nil {
+		intf = route.Interface.Name
+		if isSoftInterface(intf) {
+			log.Debugf("Network monitor: ignoring default route change for soft interface %s", intf)
+			return false
+		}
 	}
 
 	switch route.Type {
-	case systemops.RouteModified, systemops.RouteAdded:
-		return handleRouteAddedOrModified(route, nexthop)
-	case systemops.RouteDeleted:
-		return handleRouteDeleted(route, nexthop)
-	}
-
-	return false
-}
-
-func handleRouteAddedOrModified(route systemops.RouteUpdate, nexthop systemops.Nexthop) bool {
-	// For added/modified routes, we care about different next hops
-	if !nexthop.Equal(route.NextHop) {
-		action := "changed"
-		if route.Type == systemops.RouteAdded {
-			action = "added"
+	case systemops.RouteModified:
+		// TODO: get routing table to figure out if our route is affected for modified routes
+		log.Infof("Network monitor: default route changed: via %s, interface %s", route.NextHop, intf)
+		return true
+	case systemops.RouteAdded:
+		if route.NextHop.Is4() && route.NextHop != nexthopv4.IP || route.NextHop.Is6() && route.NextHop != nexthopv6.IP {
+			log.Infof("Network monitor: default route added: via %s, interface %s", route.NextHop, intf)
+			return true
+		}
+	case systemops.RouteDeleted:
+		if nexthopv4.Intf != nil && route.NextHop == nexthopv4.IP || nexthopv6.Intf != nil && route.NextHop == nexthopv6.IP {
+			log.Infof("Network monitor: default route removed: via %s, interface %s", route.NextHop, intf)
+			return true
 		}
-		log.Infof("Network monitor: default route %s: via %s", action, route.NextHop)
-		return true
 	}
-	return false
-}
 
-func handleRouteDeleted(route systemops.RouteUpdate, nexthop systemops.Nexthop) bool {
-	// For deleted routes, we care about our tracked next hop being deleted
-	if nexthop.Equal(route.NextHop) {
-		log.Infof("Network monitor: default route removed: via %s", route.NextHop)
-		return true
-	}
 	return false
 }
 

client/internal/networkmonitor/check_change_windows_test.go

@@ -1,404 +0,0 @@
-package networkmonitor
-
-import (
-	"net"
-	"net/netip"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-
-	"github.com/netbirdio/netbird/client/internal/routemanager/systemops"
-)
-
-func TestRouteChanged(t *testing.T) {
-	tests := []struct {
-		name      string
-		route     systemops.RouteUpdate
-		nexthopv4 systemops.Nexthop
-		nexthopv6 systemops.Nexthop
-		expected  bool
-	}{
-		{
-			name: "soft interface should be ignored",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteModified,
-				Destination: netip.PrefixFrom(netip.IPv4Unspecified(), 0),
-				NextHop: systemops.Nexthop{
-					IP: netip.MustParseAddr("192.168.1.1"),
-					Intf: &net.Interface{
-						Name: "ISATAP-Interface", // isSoftInterface checks name
-					},
-				},
-			},
-			nexthopv4: systemops.Nexthop{
-				IP: netip.MustParseAddr("192.168.1.2"),
-			},
-			nexthopv6: systemops.Nexthop{
-				IP: netip.MustParseAddr("2001:db8::1"),
-			},
-			expected: false,
-		},
-		{
-			name: "modified route with different v4 nexthop IP should return true",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteModified,
-				Destination: netip.PrefixFrom(netip.IPv4Unspecified(), 0),
-				NextHop: systemops.Nexthop{
-					IP: netip.MustParseAddr("192.168.1.1"),
-					Intf: &net.Interface{
-						Index: 1, Name: "eth0",
-					},
-				},
-			},
-			nexthopv4: systemops.Nexthop{
-				IP: netip.MustParseAddr("192.168.1.2"),
-				Intf: &net.Interface{
-					Index: 1, Name: "eth0",
-				},
-			},
-			nexthopv6: systemops.Nexthop{
-				IP: netip.MustParseAddr("2001:db8::1"),
-			},
-			expected: true,
-		},
-		{
-			name: "modified route with same v4 nexthop (IP and Intf Index) should return false",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteModified,
-				Destination: netip.PrefixFrom(netip.IPv4Unspecified(), 0),
-				NextHop: systemops.Nexthop{
-					IP: netip.MustParseAddr("192.168.1.1"),
-					Intf: &net.Interface{
-						Index: 1, Name: "eth0",
-					},
-				},
-			},
-			nexthopv4: systemops.Nexthop{
-				IP: netip.MustParseAddr("192.168.1.1"),
-				Intf: &net.Interface{
-					Index: 1, Name: "eth0",
-				},
-			},
-			nexthopv6: systemops.Nexthop{
-				IP: netip.MustParseAddr("2001:db8::1"),
-			},
-			expected: false,
-		},
-		{
-			name: "added route with different v6 nexthop IP should return true",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteAdded,
-				Destination: netip.PrefixFrom(netip.IPv6Unspecified(), 0),
-				NextHop: systemops.Nexthop{
-					IP: netip.MustParseAddr("2001:db8::2"),
-					Intf: &net.Interface{
-						Index: 1, Name: "eth0",
-					},
-				},
-			},
-			nexthopv4: systemops.Nexthop{
-				IP: netip.MustParseAddr("192.168.1.1"),
-			},
-			nexthopv6: systemops.Nexthop{
-				IP: netip.MustParseAddr("2001:db8::1"),
-				Intf: &net.Interface{
-					Index: 1, Name: "eth0",
-				},
-			},
-			expected: true,
-		},
-		{
-			name: "added route with same v6 nexthop (IP and Intf Index) should return false",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteAdded,
-				Destination: netip.PrefixFrom(netip.IPv6Unspecified(), 0),
-				NextHop: systemops.Nexthop{
-					IP: netip.MustParseAddr("2001:db8::1"),
-					Intf: &net.Interface{
-						Index: 1, Name: "eth0",
-					},
-				},
-			},
-			nexthopv4: systemops.Nexthop{
-				IP: netip.MustParseAddr("192.168.1.1"),
-			},
-			nexthopv6: systemops.Nexthop{
-				IP: netip.MustParseAddr("2001:db8::1"),
-				Intf: &net.Interface{
-					Index: 1, Name: "eth0",
-				},
-			},
-			expected: false,
-		},
-		{
-			name: "deleted route matching tracked v4 nexthop (IP and Intf Index) should return true",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteDeleted,
-				Destination: netip.PrefixFrom(netip.IPv4Unspecified(), 0),
-				NextHop: systemops.Nexthop{
-					IP: netip.MustParseAddr("192.168.1.1"),
-					Intf: &net.Interface{
-						Index: 1, Name: "eth0",
-					},
-				},
-			},
-			nexthopv4: systemops.Nexthop{
-				IP: netip.MustParseAddr("192.168.1.1"),
-				Intf: &net.Interface{
-					Index: 1, Name: "eth0",
-				},
-			},
-			nexthopv6: systemops.Nexthop{
-				IP: netip.MustParseAddr("2001:db8::1"),
-			},
-			expected: true,
-		},
-		{
-			name: "deleted route not matching tracked v4 nexthop (different IP) should return false",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteDeleted,
-				Destination: netip.PrefixFrom(netip.IPv4Unspecified(), 0),
-				NextHop: systemops.Nexthop{
-					IP: netip.MustParseAddr("192.168.1.3"), // Different IP
-					Intf: &net.Interface{
-						Index: 1, Name: "eth0",
-					},
-				},
-			},
-			nexthopv4: systemops.Nexthop{
-				IP: netip.MustParseAddr("192.168.1.1"),
-				Intf: &net.Interface{
-					Index: 1, Name: "eth0",
-				},
-			},
-			nexthopv6: systemops.Nexthop{
-				IP: netip.MustParseAddr("2001:db8::1"),
-			},
-			expected: false,
-		},
-		{
-			name: "modified v4 route with same IP, different Intf Index should return true",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteModified,
-				Destination: netip.PrefixFrom(netip.IPv4Unspecified(), 0),
-				NextHop: systemops.Nexthop{
-					IP:   netip.MustParseAddr("192.168.1.1"),
-					Intf: &net.Interface{Index: 2, Name: "eth1"}, // Different Intf Index
-				},
-			},
-			nexthopv4: systemops.Nexthop{
-				IP:   netip.MustParseAddr("192.168.1.1"),
-				Intf: &net.Interface{Index: 1, Name: "eth0"},
-			},
-			expected: true,
-		},
-		{
-			name: "modified v4 route with same IP, one Intf nil, other non-nil should return true",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteModified,
-				Destination: netip.PrefixFrom(netip.IPv4Unspecified(), 0),
-				NextHop: systemops.Nexthop{
-					IP:   netip.MustParseAddr("192.168.1.1"),
-					Intf: nil, // Intf is nil
-				},
-			},
-			nexthopv4: systemops.Nexthop{
-				IP:   netip.MustParseAddr("192.168.1.1"),
-				Intf: &net.Interface{Index: 1, Name: "eth0"}, // Tracked Intf is not nil
-			},
-			expected: true,
-		},
-		{
-			name: "added v4 route with same IP, different Intf Index should return true",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteAdded,
-				Destination: netip.PrefixFrom(netip.IPv4Unspecified(), 0),
-				NextHop: systemops.Nexthop{
-					IP:   netip.MustParseAddr("192.168.1.1"),
-					Intf: &net.Interface{Index: 2, Name: "eth1"}, // Different Intf Index
-				},
-			},
-			nexthopv4: systemops.Nexthop{
-				IP:   netip.MustParseAddr("192.168.1.1"),
-				Intf: &net.Interface{Index: 1, Name: "eth0"},
-			},
-			expected: true,
-		},
-		{
-			name: "deleted v4 route with same IP, different Intf Index should return false",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteDeleted,
-				Destination: netip.PrefixFrom(netip.IPv4Unspecified(), 0),
-				NextHop: systemops.Nexthop{ // This is the route being deleted
-					IP:   netip.MustParseAddr("192.168.1.1"),
-					Intf: &net.Interface{Index: 1, Name: "eth0"},
-				},
-			},
-			nexthopv4: systemops.Nexthop{ // This is our tracked nexthop
-				IP:   netip.MustParseAddr("192.168.1.1"),
-				Intf: &net.Interface{Index: 2, Name: "eth1"}, // Different Intf Index
-			},
-			expected: false, // Because nexthopv4.Equal(route.NextHop) will be false
-		},
-		{
-			name: "modified v6 route with different IP, same Intf Index should return true",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteModified,
-				Destination: netip.PrefixFrom(netip.IPv6Unspecified(), 0),
-				NextHop: systemops.Nexthop{
-					IP:   netip.MustParseAddr("2001:db8::3"), // Different IP
-					Intf: &net.Interface{Index: 1, Name: "eth0"},
-				},
-			},
-			nexthopv6: systemops.Nexthop{
-				IP:   netip.MustParseAddr("2001:db8::1"),
-				Intf: &net.Interface{Index: 1, Name: "eth0"},
-			},
-			expected: true,
-		},
-		{
-			name: "modified v6 route with same IP, different Intf Index should return true",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteModified,
-				Destination: netip.PrefixFrom(netip.IPv6Unspecified(), 0),
-				NextHop: systemops.Nexthop{
-					IP:   netip.MustParseAddr("2001:db8::1"),
-					Intf: &net.Interface{Index: 2, Name: "eth1"}, // Different Intf Index
-				},
-			},
-			nexthopv6: systemops.Nexthop{
-				IP:   netip.MustParseAddr("2001:db8::1"),
-				Intf: &net.Interface{Index: 1, Name: "eth0"},
-			},
-			expected: true,
-		},
-		{
-			name: "modified v6 route with same IP, same Intf Index should return false",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteModified,
-				Destination: netip.PrefixFrom(netip.IPv6Unspecified(), 0),
-				NextHop: systemops.Nexthop{
-					IP:   netip.MustParseAddr("2001:db8::1"),
-					Intf: &net.Interface{Index: 1, Name: "eth0"},
-				},
-			},
-			nexthopv6: systemops.Nexthop{
-				IP:   netip.MustParseAddr("2001:db8::1"),
-				Intf: &net.Interface{Index: 1, Name: "eth0"},
-			},
-			expected: false,
-		},
-		{
-			name: "deleted v6 route matching tracked nexthop (IP and Intf Index) should return true",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteDeleted,
-				Destination: netip.PrefixFrom(netip.IPv6Unspecified(), 0),
-				NextHop: systemops.Nexthop{
-					IP:   netip.MustParseAddr("2001:db8::1"),
-					Intf: &net.Interface{Index: 1, Name: "eth0"},
-				},
-			},
-			nexthopv6: systemops.Nexthop{
-				IP:   netip.MustParseAddr("2001:db8::1"),
-				Intf: &net.Interface{Index: 1, Name: "eth0"},
-			},
-			expected: true,
-		},
-		{
-			name: "deleted v6 route not matching tracked nexthop (different IP) should return false",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteDeleted,
-				Destination: netip.PrefixFrom(netip.IPv6Unspecified(), 0),
-				NextHop: systemops.Nexthop{
-					IP:   netip.MustParseAddr("2001:db8::3"), // Different IP
-					Intf: &net.Interface{Index: 1, Name: "eth0"},
-				},
-			},
-			nexthopv6: systemops.Nexthop{
-				IP:   netip.MustParseAddr("2001:db8::1"),
-				Intf: &net.Interface{Index: 1, Name: "eth0"},
-			},
-			expected: false,
-		},
-		{
-			name: "deleted v6 route not matching tracked nexthop (same IP, different Intf Index) should return false",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteDeleted,
-				Destination: netip.PrefixFrom(netip.IPv6Unspecified(), 0),
-				NextHop: systemops.Nexthop{ // This is the route being deleted
-					IP:   netip.MustParseAddr("2001:db8::1"),
-					Intf: &net.Interface{Index: 1, Name: "eth0"},
-				},
-			},
-			nexthopv6: systemops.Nexthop{ // This is our tracked nexthop
-				IP:   netip.MustParseAddr("2001:db8::1"),
-				Intf: &net.Interface{Index: 2, Name: "eth1"}, // Different Intf Index
-			},
-			expected: false,
-		},
-		{
-			name: "unknown route type should return false",
-			route: systemops.RouteUpdate{
-				Type:        systemops.RouteUpdateType(99), // Unknown type
-				Destination: netip.PrefixFrom(netip.IPv4Unspecified(), 0),
-				NextHop: systemops.Nexthop{
-					IP:   netip.MustParseAddr("192.168.1.1"),
-					Intf: &net.Interface{Index: 1, Name: "eth0"},
-				},
-			},
-			nexthopv4: systemops.Nexthop{
-				IP:   netip.MustParseAddr("192.168.1.2"), // Different from route.NextHop
-				Intf: &net.Interface{Index: 1, Name: "eth0"},
-			},
-			expected: false,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			result := routeChanged(tt.route, tt.nexthopv4, tt.nexthopv6)
-			assert.Equal(t, tt.expected, result)
-		})
-	}
-}
-
-func TestIsSoftInterface(t *testing.T) {
-	tests := []struct {
-		name     string
-		ifname   string
-		expected bool
-	}{
-		{
-			name:     "ISATAP interface should be detected",
-			ifname:   "ISATAP tunnel adapter",
-			expected: true,
-		},
-		{
-			name:     "lowercase soft interface should be detected",
-			ifname:   "isatap.{14A5CF17-CA72-43EC-B4EA-B4B093641B7D}",
-			expected: true,
-		},
-		{
-			name:     "Teredo interface should be detected",
-			ifname:   "Teredo Tunneling Pseudo-Interface",
-			expected: true,
-		},
-		{
-			name:     "regular interface should not be detected as soft",
-			ifname:   "eth0",
-			expected: false,
-		},
-		{
-			name:     "another regular interface should not be detected as soft",
-			ifname:   "wlan0",
-			expected: false,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			result := isSoftInterface(tt.ifname)
-			assert.Equal(t, tt.expected, result)
-		})
-	}
-}

client/internal/networkmonitor/monitor.go

@@ -118,12 +118,9 @@ func (nw *NetworkMonitor) Stop() {
 }
 
 func (nw *NetworkMonitor) checkChanges(ctx context.Context, event chan struct{}, nexthop4 systemops.Nexthop, nexthop6 systemops.Nexthop) {
-	defer close(event)
 	for {
 		if err := checkChangeFn(ctx, nexthop4, nexthop6); err != nil {
-			if !errors.Is(err, context.Canceled) {
-				log.Errorf("Network monitor: failed to check for changes: %v", err)
-			}
+			close(event)
 			return
 		}
 		// prevent blocking

client/internal/routemanager/systemops/systemops.go

@@ -1,7 +1,6 @@
 package systemops
 
 import (
-	"fmt"
 	"net"
 	"net/netip"
 	"sync"
@@ -16,20 +15,6 @@ type Nexthop struct {
 	Intf *net.Interface
 }
 
-// Equal checks if two nexthops are equal.
-func (n Nexthop) Equal(other Nexthop) bool {
-	return n.IP == other.IP && (n.Intf == nil && other.Intf == nil ||
-		n.Intf != nil && other.Intf != nil && n.Intf.Index == other.Intf.Index)
-}
-
-// String returns a string representation of the nexthop.
-func (n Nexthop) String() string {
-	if n.Intf == nil {
-		return n.IP.String()
-	}
-	return fmt.Sprintf("%s @ %d (%s)", n.IP.String(), n.Intf.Index, n.Intf.Name)
-}
-
 type ExclusionCounter = refcounter.Counter[netip.Prefix, struct{}, Nexthop]
 
 type SysOps struct {

client/internal/routemanager/systemops/systemops_windows.go

@@ -33,7 +33,8 @@ type RouteUpdateType int
 type RouteUpdate struct {
 	Type        RouteUpdateType
 	Destination netip.Prefix
-	NextHop     Nexthop
+	NextHop     netip.Addr
+	Interface   *net.Interface
 }
 
 // RouteMonitor provides a way to monitor changes in the routing table.
@@ -230,15 +231,15 @@ func (rm *RouteMonitor) parseUpdate(row *MIB_IPFORWARD_ROW2, notificationType MI
 		intf, err := net.InterfaceByIndex(idx)
 		if err != nil {
 			log.Warnf("failed to get interface name for index %d: %v", idx, err)
-			update.NextHop.Intf = &net.Interface{
+			update.Interface = &net.Interface{
 				Index: idx,
 			}
 		} else {
-			update.NextHop.Intf = intf
+			update.Interface = intf
 		}
 	}
 
-	log.Tracef("Received route update with destination %v, next hop %v, interface %v", row.DestinationPrefix, row.NextHop, update.NextHop.Intf)
+	log.Tracef("Received route update with destination %v, next hop %v, interface %v", row.DestinationPrefix, row.NextHop, update.Interface)
 	dest := parseIPPrefix(row.DestinationPrefix, idx)
 	if !dest.Addr().IsValid() {
 		return RouteUpdate{}, fmt.Errorf("invalid destination: %v", row)
@@ -261,7 +262,7 @@ func (rm *RouteMonitor) parseUpdate(row *MIB_IPFORWARD_ROW2, notificationType MI
 
 	update.Type = updateType
 	update.Destination = dest
-	update.NextHop.IP = nexthop
+	update.NextHop = nexthop
 
 	return update, nil
 }

client/proto/daemon.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.9
+// 	protoc        v4.24.3
 // source: daemon.proto
 
 package proto
@@ -2277,7 +2277,6 @@ type DebugBundleRequest struct {
 	Anonymize  bool   `protobuf:"varint,1,opt,name=anonymize,proto3" json:"anonymize,omitempty"`
 	Status     string `protobuf:"bytes,2,opt,name=status,proto3" json:"status,omitempty"`
 	SystemInfo bool   `protobuf:"varint,3,opt,name=systemInfo,proto3" json:"systemInfo,omitempty"`
-	UploadURL  string `protobuf:"bytes,4,opt,name=uploadURL,proto3" json:"uploadURL,omitempty"`
 }
 
 func (x *DebugBundleRequest) Reset() {
@@ -2333,21 +2332,12 @@ func (x *DebugBundleRequest) GetSystemInfo() bool {
 	return false
 }
 
-func (x *DebugBundleRequest) GetUploadURL() string {
-	if x != nil {
-		return x.UploadURL
-	}
-	return ""
-}
-
 type DebugBundleResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Path                string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
-	UploadedKey         string `protobuf:"bytes,2,opt,name=uploadedKey,proto3" json:"uploadedKey,omitempty"`
-	UploadFailureReason string `protobuf:"bytes,3,opt,name=uploadFailureReason,proto3" json:"uploadFailureReason,omitempty"`
+	Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
 }
 
 func (x *DebugBundleResponse) Reset() {
@@ -2389,20 +2379,6 @@ func (x *DebugBundleResponse) GetPath() string {
 	return ""
 }
 
-func (x *DebugBundleResponse) GetUploadedKey() string {
-	if x != nil {
-		return x.UploadedKey
-	}
-	return ""
-}
-
-func (x *DebugBundleResponse) GetUploadFailureReason() string {
-	if x != nil {
-		return x.UploadFailureReason
-	}
-	return ""
-}
-
 type GetLogLevelRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -3948,251 +3924,244 @@ var file_daemon_proto_rawDesc = []byte{
 	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2c, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20,
 	0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x46, 0x6f, 0x72,
 	0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x05, 0x72, 0x75, 0x6c,
-	0x65, 0x73, 0x22, 0x88, 0x01, 0x0a, 0x12, 0x44, 0x65, 0x62, 0x75, 0x67, 0x42, 0x75, 0x6e, 0x64,
-	0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x6e, 0x6f,
-	0x6e, 0x79, 0x6d, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x61, 0x6e,
-	0x6f, 0x6e, 0x79, 0x6d, 0x69, 0x7a, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75,
-	0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
-	0x1e, 0x0a, 0x0a, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x49, 0x6e, 0x66, 0x6f, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x08, 0x52, 0x0a, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x49, 0x6e, 0x66, 0x6f, 0x12,
-	0x1c, 0x0a, 0x09, 0x75, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x55, 0x52, 0x4c, 0x18, 0x04, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x09, 0x75, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x55, 0x52, 0x4c, 0x22, 0x7d, 0x0a,
-	0x13, 0x44, 0x65, 0x62, 0x75, 0x67, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x20, 0x0a, 0x0b, 0x75, 0x70, 0x6c, 0x6f,
-	0x61, 0x64, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x75,
-	0x70, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x30, 0x0a, 0x13, 0x75, 0x70,
-	0x6c, 0x6f, 0x61, 0x64, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x52, 0x65, 0x61, 0x73, 0x6f,
-	0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x75, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x46,
-	0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x14, 0x0a, 0x12,
-	0x47, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x22, 0x3d, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65,
-	0x6c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x26, 0x0a, 0x05, 0x6c, 0x65, 0x76,
-	0x65, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x10, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
-	0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x05, 0x6c, 0x65, 0x76, 0x65,
-	0x6c, 0x22, 0x3c, 0x0a, 0x12, 0x53, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x10, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
-	0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x22,
-	0x15, 0x0a, 0x13, 0x53, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1b, 0x0a, 0x05, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12,
-	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
-	0x61, 0x6d, 0x65, 0x22, 0x13, 0x0a, 0x11, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65,
-	0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x3b, 0x0a, 0x12, 0x4c, 0x69, 0x73, 0x74,
-	0x53, 0x74, 0x61, 0x74, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x25,
-	0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d,
-	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x06, 0x73,
-	0x74, 0x61, 0x74, 0x65, 0x73, 0x22, 0x44, 0x0a, 0x11, 0x43, 0x6c, 0x65, 0x61, 0x6e, 0x53, 0x74,
-	0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74,
-	0x61, 0x74, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09,
-	0x73, 0x74, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x61, 0x6c, 0x6c,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x61, 0x6c, 0x6c, 0x22, 0x3b, 0x0a, 0x12, 0x43,
-	0x6c, 0x65, 0x61, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x65, 0x12, 0x25, 0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, 0x6e, 0x65, 0x64, 0x5f, 0x73, 0x74, 0x61,
-	0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x63, 0x6c, 0x65, 0x61, 0x6e,
-	0x65, 0x64, 0x53, 0x74, 0x61, 0x74, 0x65, 0x73, 0x22, 0x45, 0x0a, 0x12, 0x44, 0x65, 0x6c, 0x65,
-	0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1d,
-	0x0a, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x09, 0x73, 0x74, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x10, 0x0a,
-	0x03, 0x61, 0x6c, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x61, 0x6c, 0x6c, 0x22,
-	0x3c, 0x0a, 0x13, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65,
-	0x64, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d,
-	0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x53, 0x74, 0x61, 0x74, 0x65, 0x73, 0x22, 0x3b, 0x0a,
-	0x1f, 0x53, 0x65, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4d, 0x61, 0x70, 0x50, 0x65,
-	0x72, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x22, 0x22, 0x0a, 0x20, 0x53, 0x65,
+	0x65, 0x73, 0x22, 0x6a, 0x0a, 0x12, 0x44, 0x65, 0x62, 0x75, 0x67, 0x42, 0x75, 0x6e, 0x64, 0x6c,
+	0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x6e, 0x6f, 0x6e,
+	0x79, 0x6d, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x61, 0x6e, 0x6f,
+	0x6e, 0x79, 0x6d, 0x69, 0x7a, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1e,
+	0x0a, 0x0a, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x49, 0x6e, 0x66, 0x6f, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x08, 0x52, 0x0a, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x49, 0x6e, 0x66, 0x6f, 0x22, 0x29,
+	0x0a, 0x13, 0x44, 0x65, 0x62, 0x75, 0x67, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0x14, 0x0a, 0x12, 0x47, 0x65, 0x74,
+	0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22,
+	0x3d, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x26, 0x0a, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x10, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c,
+	0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0x3c,
+	0x0a, 0x12, 0x53, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0e, 0x32, 0x10, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67,
+	0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0x15, 0x0a, 0x13,
+	0x53, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0x1b, 0x0a, 0x05, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x22, 0x13, 0x0a, 0x11, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x73, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x3b, 0x0a, 0x12, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x74, 0x61,
+	0x74, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x25, 0x0a, 0x06, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x64, 0x61,
+	0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x73, 0x22, 0x44, 0x0a, 0x11, 0x43, 0x6c, 0x65, 0x61, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74, 0x61,
+	0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x61, 0x6c, 0x6c, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x03, 0x61, 0x6c, 0x6c, 0x22, 0x3b, 0x0a, 0x12, 0x43, 0x6c, 0x65, 0x61,
+	0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x25,
+	0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, 0x6e, 0x65, 0x64, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x73,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x63, 0x6c, 0x65, 0x61, 0x6e, 0x65, 0x64, 0x53,
+	0x74, 0x61, 0x74, 0x65, 0x73, 0x22, 0x45, 0x0a, 0x12, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x53,
+	0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x09, 0x73, 0x74, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x61, 0x6c,
+	0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x61, 0x6c, 0x6c, 0x22, 0x3c, 0x0a, 0x13,
+	0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x64, 0x65, 0x6c,
+	0x65, 0x74, 0x65, 0x64, 0x53, 0x74, 0x61, 0x74, 0x65, 0x73, 0x22, 0x3b, 0x0a, 0x1f, 0x53, 0x65,
 	0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4d, 0x61, 0x70, 0x50, 0x65, 0x72, 0x73, 0x69,
-	0x73, 0x74, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x76,
-	0x0a, 0x08, 0x54, 0x43, 0x50, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x79,
-	0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x73, 0x79, 0x6e, 0x12, 0x10, 0x0a, 0x03,
-	0x61, 0x63, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x61, 0x63, 0x6b, 0x12, 0x10,
-	0x0a, 0x03, 0x66, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x66, 0x69, 0x6e,
-	0x12, 0x10, 0x0a, 0x03, 0x72, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x72,
-	0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x73, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52,
-	0x03, 0x70, 0x73, 0x68, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x03, 0x75, 0x72, 0x67, 0x22, 0x80, 0x03, 0x0a, 0x12, 0x54, 0x72, 0x61, 0x63, 0x65,
-	0x50, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1b, 0x0a,
-	0x09, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x08, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70, 0x12, 0x25, 0x0a, 0x0e, 0x64, 0x65,
-	0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x70, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x0d, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49,
-	0x70, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x1f, 0x0a,
-	0x0b, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01,
-	0x28, 0x0d, 0x52, 0x0a, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x29,
-	0x0a, 0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f,
-	0x72, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x64, 0x69, 0x72,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x64, 0x69,
-	0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x09, 0x74, 0x63, 0x70, 0x5f, 0x66,
-	0x6c, 0x61, 0x67, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x64, 0x61, 0x65,
-	0x6d, 0x6f, 0x6e, 0x2e, 0x54, 0x43, 0x50, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x48, 0x00, 0x52, 0x08,
-	0x74, 0x63, 0x70, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x88, 0x01, 0x01, 0x12, 0x20, 0x0a, 0x09, 0x69,
-	0x63, 0x6d, 0x70, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x01,
-	0x52, 0x08, 0x69, 0x63, 0x6d, 0x70, 0x54, 0x79, 0x70, 0x65, 0x88, 0x01, 0x01, 0x12, 0x20, 0x0a,
-	0x09, 0x69, 0x63, 0x6d, 0x70, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d,
-	0x48, 0x02, 0x52, 0x08, 0x69, 0x63, 0x6d, 0x70, 0x43, 0x6f, 0x64, 0x65, 0x88, 0x01, 0x01, 0x42,
-	0x0c, 0x0a, 0x0a, 0x5f, 0x74, 0x63, 0x70, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x42, 0x0c, 0x0a,
-	0x0a, 0x5f, 0x69, 0x63, 0x6d, 0x70, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x42, 0x0c, 0x0a, 0x0a, 0x5f,
-	0x69, 0x63, 0x6d, 0x70, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x22, 0x9f, 0x01, 0x0a, 0x0a, 0x54, 0x72,
-	0x61, 0x63, 0x65, 0x53, 0x74, 0x61, 0x67, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07,
-	0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d,
-	0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65,
-	0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64,
-	0x12, 0x32, 0x0a, 0x12, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x64,
-	0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x11,
-	0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c,
-	0x73, 0x88, 0x01, 0x01, 0x42, 0x15, 0x0a, 0x13, 0x5f, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64,
-	0x69, 0x6e, 0x67, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x6e, 0x0a, 0x13, 0x54,
-	0x72, 0x61, 0x63, 0x65, 0x50, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x12, 0x2a, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x67, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x54, 0x72, 0x61, 0x63,
-	0x65, 0x53, 0x74, 0x61, 0x67, 0x65, 0x52, 0x06, 0x73, 0x74, 0x61, 0x67, 0x65, 0x73, 0x12, 0x2b,
-	0x0a, 0x11, 0x66, 0x69, 0x6e, 0x61, 0x6c, 0x5f, 0x64, 0x69, 0x73, 0x70, 0x6f, 0x73, 0x69, 0x74,
-	0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x66, 0x69, 0x6e, 0x61, 0x6c,
-	0x44, 0x69, 0x73, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x12, 0x0a, 0x10, 0x53,
-	0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22,
-	0x93, 0x04, 0x0a, 0x0b, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12,
-	0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12,
-	0x38, 0x0a, 0x08, 0x73, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x0e, 0x32, 0x1c, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x79, 0x73, 0x74, 0x65,
-	0x6d, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x2e, 0x53, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x52,
-	0x08, 0x73, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x12, 0x38, 0x0a, 0x08, 0x63, 0x61, 0x74,
-	0x65, 0x67, 0x6f, 0x72, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x64, 0x61,
-	0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x45, 0x76, 0x65, 0x6e, 0x74,
-	0x2e, 0x43, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x79, 0x52, 0x08, 0x63, 0x61, 0x74, 0x65, 0x67,
-	0x6f, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x20, 0x0a,
-	0x0b, 0x75, 0x73, 0x65, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x05, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x0b, 0x75, 0x73, 0x65, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12,
-	0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x06, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09,
-	0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x3d, 0x0a, 0x08, 0x6d, 0x65, 0x74,
-	0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x61,
-	0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x45, 0x76, 0x65, 0x6e, 0x74,
-	0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08,
-	0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x1a, 0x3b, 0x0a, 0x0d, 0x4d, 0x65, 0x74, 0x61,
-	0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76,
-	0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x3a, 0x0a, 0x08, 0x53, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74,
-	0x79, 0x12, 0x08, 0x0a, 0x04, 0x49, 0x4e, 0x46, 0x4f, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x57,
-	0x41, 0x52, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x52, 0x52, 0x4f,
-	0x52, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x43, 0x52, 0x49, 0x54, 0x49, 0x43, 0x41, 0x4c, 0x10,
-	0x03, 0x22, 0x52, 0x0a, 0x08, 0x43, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x79, 0x12, 0x0b, 0x0a,
-	0x07, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x44, 0x4e,
-	0x53, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x41, 0x55, 0x54, 0x48, 0x45, 0x4e, 0x54, 0x49, 0x43,
-	0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x43, 0x4f, 0x4e, 0x4e, 0x45,
-	0x43, 0x54, 0x49, 0x56, 0x49, 0x54, 0x59, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x59, 0x53,
-	0x54, 0x45, 0x4d, 0x10, 0x04, 0x22, 0x12, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x45, 0x76, 0x65, 0x6e,
-	0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x40, 0x0a, 0x11, 0x47, 0x65, 0x74,
-	0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2b,
-	0x0a, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13,
+	0x73, 0x74, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a,
+	0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07,
+	0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x22, 0x22, 0x0a, 0x20, 0x53, 0x65, 0x74, 0x4e, 0x65,
+	0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4d, 0x61, 0x70, 0x50, 0x65, 0x72, 0x73, 0x69, 0x73, 0x74, 0x65,
+	0x6e, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x76, 0x0a, 0x08, 0x54,
+	0x43, 0x50, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x79, 0x6e, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x73, 0x79, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x61, 0x63, 0x6b,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x61, 0x63, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x66,
+	0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x66, 0x69, 0x6e, 0x12, 0x10, 0x0a,
+	0x03, 0x72, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x72, 0x73, 0x74, 0x12,
+	0x10, 0x0a, 0x03, 0x70, 0x73, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x70, 0x73,
+	0x68, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03,
+	0x75, 0x72, 0x67, 0x22, 0x80, 0x03, 0x0a, 0x12, 0x54, 0x72, 0x61, 0x63, 0x65, 0x50, 0x61, 0x63,
+	0x6b, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f,
+	0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73,
+	0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70, 0x12, 0x25, 0x0a, 0x0e, 0x64, 0x65, 0x73, 0x74, 0x69,
+	0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0d, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x70, 0x12, 0x1a,
+	0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f,
+	0x75, 0x72, 0x63, 0x65, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52,
+	0x0a, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x64,
+	0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18,
+	0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x64, 0x69, 0x72, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x09, 0x74, 0x63, 0x70, 0x5f, 0x66, 0x6c, 0x61, 0x67,
+	0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e,
+	0x2e, 0x54, 0x43, 0x50, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x48, 0x00, 0x52, 0x08, 0x74, 0x63, 0x70,
+	0x46, 0x6c, 0x61, 0x67, 0x73, 0x88, 0x01, 0x01, 0x12, 0x20, 0x0a, 0x09, 0x69, 0x63, 0x6d, 0x70,
+	0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x01, 0x52, 0x08, 0x69,
+	0x63, 0x6d, 0x70, 0x54, 0x79, 0x70, 0x65, 0x88, 0x01, 0x01, 0x12, 0x20, 0x0a, 0x09, 0x69, 0x63,
+	0x6d, 0x70, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x02, 0x52,
+	0x08, 0x69, 0x63, 0x6d, 0x70, 0x43, 0x6f, 0x64, 0x65, 0x88, 0x01, 0x01, 0x42, 0x0c, 0x0a, 0x0a,
+	0x5f, 0x74, 0x63, 0x70, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x69,
+	0x63, 0x6d, 0x70, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x69, 0x63, 0x6d,
+	0x70, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x22, 0x9f, 0x01, 0x0a, 0x0a, 0x54, 0x72, 0x61, 0x63, 0x65,
+	0x53, 0x74, 0x61, 0x67, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73,
+	0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73,
+	0x61, 0x67, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x12, 0x32, 0x0a,
+	0x12, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x64, 0x65, 0x74, 0x61,
+	0x69, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x11, 0x66, 0x6f, 0x72,
+	0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x88, 0x01,
+	0x01, 0x42, 0x15, 0x0a, 0x13, 0x5f, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67,
+	0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x6e, 0x0a, 0x13, 0x54, 0x72, 0x61, 0x63,
+	0x65, 0x50, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
+	0x2a, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x67, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x65, 0x53, 0x74,
+	0x61, 0x67, 0x65, 0x52, 0x06, 0x73, 0x74, 0x61, 0x67, 0x65, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x66,
+	0x69, 0x6e, 0x61, 0x6c, 0x5f, 0x64, 0x69, 0x73, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x66, 0x69, 0x6e, 0x61, 0x6c, 0x44, 0x69, 0x73,
+	0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x12, 0x0a, 0x10, 0x53, 0x75, 0x62, 0x73,
+	0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x93, 0x04, 0x0a,
+	0x0b, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x0e, 0x0a, 0x02,
+	0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x38, 0x0a, 0x08,
+	0x73, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c,
 	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x45, 0x76,
-	0x65, 0x6e, 0x74, 0x52, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x2a, 0x62, 0x0a, 0x08, 0x4c,
-	0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f,
-	0x57, 0x4e, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x50, 0x41, 0x4e, 0x49, 0x43, 0x10, 0x01, 0x12,
-	0x09, 0x0a, 0x05, 0x46, 0x41, 0x54, 0x41, 0x4c, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x52,
-	0x52, 0x4f, 0x52, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x57, 0x41, 0x52, 0x4e, 0x10, 0x04, 0x12,
-	0x08, 0x0a, 0x04, 0x49, 0x4e, 0x46, 0x4f, 0x10, 0x05, 0x12, 0x09, 0x0a, 0x05, 0x44, 0x45, 0x42,
-	0x55, 0x47, 0x10, 0x06, 0x12, 0x09, 0x0a, 0x05, 0x54, 0x52, 0x41, 0x43, 0x45, 0x10, 0x07, 0x32,
-	0xb3, 0x0b, 0x0a, 0x0d, 0x44, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
-	0x65, 0x12, 0x36, 0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x14, 0x2e, 0x64, 0x61, 0x65,
-	0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x0c, 0x57, 0x61, 0x69,
-	0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d,
-	0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
-	0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x2d, 0x0a, 0x02, 0x55, 0x70, 0x12, 0x11, 0x2e, 0x64,
-	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
-	0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
-	0x12, 0x33, 0x0a, 0x04, 0x44, 0x6f, 0x77, 0x6e, 0x12, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
-	0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e,
-	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x42, 0x0a, 0x09, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x12, 0x18, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x64,
-	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x0c, 0x4c, 0x69, 0x73,
-	0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x12, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d,
-	0x6f, 0x6e, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
-	0x4c, 0x69, 0x73, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x51, 0x0a, 0x0e, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74,
-	0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x12, 0x1d, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
-	0x6e, 0x2e, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x73,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e,
-	0x2e, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x53, 0x0a, 0x10, 0x44, 0x65, 0x73,
-	0x65, 0x6c, 0x65, 0x63, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x12, 0x1d, 0x2e,
-	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x4e, 0x65, 0x74,
-	0x77, 0x6f, 0x72, 0x6b, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x64,
-	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x4e, 0x65, 0x74, 0x77,
-	0x6f, 0x72, 0x6b, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4a,
-	0x0a, 0x0f, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65,
-	0x73, 0x12, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e,
-	0x2e, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x73,
-	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x0b, 0x44, 0x65,
-	0x62, 0x75, 0x67, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x1a, 0x2e, 0x64, 0x61, 0x65, 0x6d,
-	0x6f, 0x6e, 0x2e, 0x44, 0x65, 0x62, 0x75, 0x67, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44,
-	0x65, 0x62, 0x75, 0x67, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x0b, 0x47, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65,
-	0x76, 0x65, 0x6c, 0x12, 0x1a, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74,
-	0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c,
-	0x65, 0x76, 0x65, 0x6c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x48,
-	0x0a, 0x0b, 0x53, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x1a, 0x2e,
-	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76,
-	0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d,
-	0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x45, 0x0a, 0x0a, 0x4c, 0x69, 0x73, 0x74,
-	0x53, 0x74, 0x61, 0x74, 0x65, 0x73, 0x12, 0x19, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
-	0x4c, 0x69, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x1a, 0x1a, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53,
-	0x74, 0x61, 0x74, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12,
-	0x45, 0x0a, 0x0a, 0x43, 0x6c, 0x65, 0x61, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x19, 0x2e,
-	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x43, 0x6c, 0x65, 0x61, 0x6e, 0x53, 0x74, 0x61, 0x74,
-	0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
-	0x6e, 0x2e, 0x43, 0x6c, 0x65, 0x61, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x0b, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65,
-	0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1a, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44,
-	0x65, 0x6c, 0x65, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x1a, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74,
-	0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
-	0x12, 0x6f, 0x0a, 0x18, 0x53, 0x65, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4d, 0x61,
-	0x70, 0x50, 0x65, 0x72, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x27, 0x2e, 0x64,
-	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b,
-	0x4d, 0x61, 0x70, 0x50, 0x65, 0x72, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53,
-	0x65, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4d, 0x61, 0x70, 0x50, 0x65, 0x72, 0x73,
-	0x69, 0x73, 0x74, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
-	0x00, 0x12, 0x48, 0x0a, 0x0b, 0x54, 0x72, 0x61, 0x63, 0x65, 0x50, 0x61, 0x63, 0x6b, 0x65, 0x74,
-	0x12, 0x1a, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x65, 0x50,
-	0x61, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x64,
-	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x65, 0x50, 0x61, 0x63, 0x6b, 0x65,
-	0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x44, 0x0a, 0x0f, 0x53,
-	0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x18,
-	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62,
-	0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
-	0x6e, 0x2e, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x22, 0x00, 0x30,
-	0x01, 0x12, 0x42, 0x0a, 0x09, 0x47, 0x65, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x18,
-	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74,
-	0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
-	0x6e, 0x2e, 0x47, 0x65, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x65, 0x6e, 0x74, 0x2e, 0x53, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x52, 0x08, 0x73, 0x65,
+	0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x12, 0x38, 0x0a, 0x08, 0x63, 0x61, 0x74, 0x65, 0x67, 0x6f,
+	0x72, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
+	0x6e, 0x2e, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x2e, 0x43, 0x61,
+	0x74, 0x65, 0x67, 0x6f, 0x72, 0x79, 0x52, 0x08, 0x63, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x79,
+	0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x75, 0x73,
+	0x65, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0b, 0x75, 0x73, 0x65, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x38, 0x0a, 0x09,
+	0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d,
+	0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x3d, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61,
+	0x74, 0x61, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
+	0x6e, 0x2e, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65,
+	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x6d, 0x65, 0x74,
+	0x61, 0x64, 0x61, 0x74, 0x61, 0x1a, 0x3b, 0x0a, 0x0d, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
+	0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02,
+	0x38, 0x01, 0x22, 0x3a, 0x0a, 0x08, 0x53, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x12, 0x08,
+	0x0a, 0x04, 0x49, 0x4e, 0x46, 0x4f, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x57, 0x41, 0x52, 0x4e,
+	0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x02,
+	0x12, 0x0c, 0x0a, 0x08, 0x43, 0x52, 0x49, 0x54, 0x49, 0x43, 0x41, 0x4c, 0x10, 0x03, 0x22, 0x52,
+	0x0a, 0x08, 0x43, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x79, 0x12, 0x0b, 0x0a, 0x07, 0x4e, 0x45,
+	0x54, 0x57, 0x4f, 0x52, 0x4b, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x44, 0x4e, 0x53, 0x10, 0x01,
+	0x12, 0x12, 0x0a, 0x0e, 0x41, 0x55, 0x54, 0x48, 0x45, 0x4e, 0x54, 0x49, 0x43, 0x41, 0x54, 0x49,
+	0x4f, 0x4e, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x49,
+	0x56, 0x49, 0x54, 0x59, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x59, 0x53, 0x54, 0x45, 0x4d,
+	0x10, 0x04, 0x22, 0x12, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x40, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x45, 0x76, 0x65,
+	0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2b, 0x0a, 0x06, 0x65,
+	0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64, 0x61,
+	0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x45, 0x76, 0x65, 0x6e, 0x74,
+	0x52, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x2a, 0x62, 0x0a, 0x08, 0x4c, 0x6f, 0x67, 0x4c,
+	0x65, 0x76, 0x65, 0x6c, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10,
+	0x00, 0x12, 0x09, 0x0a, 0x05, 0x50, 0x41, 0x4e, 0x49, 0x43, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05,
+	0x46, 0x41, 0x54, 0x41, 0x4c, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x52, 0x52, 0x4f, 0x52,
+	0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x57, 0x41, 0x52, 0x4e, 0x10, 0x04, 0x12, 0x08, 0x0a, 0x04,
+	0x49, 0x4e, 0x46, 0x4f, 0x10, 0x05, 0x12, 0x09, 0x0a, 0x05, 0x44, 0x45, 0x42, 0x55, 0x47, 0x10,
+	0x06, 0x12, 0x09, 0x0a, 0x05, 0x54, 0x52, 0x41, 0x43, 0x45, 0x10, 0x07, 0x32, 0xb3, 0x0b, 0x0a,
+	0x0d, 0x44, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x36,
+	0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e,
+	0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e,
+	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x0c, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53,
+	0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
+	0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69,
+	0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x22, 0x00, 0x12, 0x2d, 0x0a, 0x02, 0x55, 0x70, 0x12, 0x11, 0x2e, 0x64, 0x61, 0x65, 0x6d,
+	0x6f, 0x6e, 0x2e, 0x55, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x64,
+	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x22, 0x00, 0x12, 0x39, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x15, 0x2e, 0x64,
+	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61,
+	0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x33, 0x0a,
+	0x04, 0x44, 0x6f, 0x77, 0x6e, 0x12, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44,
+	0x6f, 0x77, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x64, 0x61, 0x65,
+	0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x22, 0x00, 0x12, 0x42, 0x0a, 0x09, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
+	0x18, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x64, 0x61, 0x65, 0x6d,
+	0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x4e, 0x65,
+	0x74, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x12, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
+	0x4c, 0x69, 0x73, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x69, 0x73,
+	0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x22, 0x00, 0x12, 0x51, 0x0a, 0x0e, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x4e, 0x65, 0x74,
+	0x77, 0x6f, 0x72, 0x6b, 0x73, 0x12, 0x1d, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53,
+	0x65, 0x6c, 0x65, 0x63, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x65,
+	0x6c, 0x65, 0x63, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x53, 0x0a, 0x10, 0x44, 0x65, 0x73, 0x65, 0x6c, 0x65,
+	0x63, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x12, 0x1d, 0x2e, 0x64, 0x61, 0x65,
+	0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72,
+	0x6b, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x64, 0x61, 0x65, 0x6d,
+	0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b,
+	0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4a, 0x0a, 0x0f, 0x46,
+	0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x12, 0x14,
+	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x46, 0x6f,
+	0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x0b, 0x44, 0x65, 0x62, 0x75, 0x67,
+	0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x1a, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
+	0x44, 0x65, 0x62, 0x75, 0x67, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x65, 0x62, 0x75,
+	0x67, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x00, 0x12, 0x48, 0x0a, 0x0b, 0x47, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c,
+	0x12, 0x1a, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x4c, 0x6f, 0x67,
+	0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x64,
+	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65,
+	0x6c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x0b, 0x53,
+	0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x1a, 0x2e, 0x64, 0x61, 0x65,
+	0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
+	0x53, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x45, 0x0a, 0x0a, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x74, 0x61,
+	0x74, 0x65, 0x73, 0x12, 0x19, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x69, 0x73,
+	0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a,
+	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74,
+	0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x45, 0x0a, 0x0a,
+	0x43, 0x6c, 0x65, 0x61, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x19, 0x2e, 0x64, 0x61, 0x65,
+	0x6d, 0x6f, 0x6e, 0x2e, 0x43, 0x6c, 0x65, 0x61, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x43,
+	0x6c, 0x65, 0x61, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x0b, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x53, 0x74, 0x61,
+	0x74, 0x65, 0x12, 0x1a, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x65, 0x6c, 0x65,
+	0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b,
+	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x53, 0x74,
+	0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x6f, 0x0a,
+	0x18, 0x53, 0x65, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4d, 0x61, 0x70, 0x50, 0x65,
+	0x72, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x27, 0x2e, 0x64, 0x61, 0x65, 0x6d,
+	0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x74, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4d, 0x61, 0x70,
+	0x50, 0x65, 0x72, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x28, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x74, 0x4e,
+	0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4d, 0x61, 0x70, 0x50, 0x65, 0x72, 0x73, 0x69, 0x73, 0x74,
+	0x65, 0x6e, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x48,
+	0x0a, 0x0b, 0x54, 0x72, 0x61, 0x63, 0x65, 0x50, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x1a, 0x2e,
+	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x65, 0x50, 0x61, 0x63, 0x6b,
+	0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d,
+	0x6f, 0x6e, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x65, 0x50, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x44, 0x0a, 0x0f, 0x53, 0x75, 0x62, 0x73,
+	0x63, 0x72, 0x69, 0x62, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x18, 0x2e, 0x64, 0x61,
+	0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53,
+	0x79, 0x73, 0x74, 0x65, 0x6d, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x22, 0x00, 0x30, 0x01, 0x12, 0x42,
+	0x0a, 0x09, 0x47, 0x65, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x18, 0x2e, 0x64, 0x61,
+	0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47,
+	0x65, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x22, 0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (

client/proto/daemon.proto

@@ -336,13 +336,10 @@ message DebugBundleRequest {
   bool anonymize = 1;
   string status = 2;
   bool systemInfo = 3;
-  string uploadURL = 4;
 }
 
 message DebugBundleResponse {
   string path = 1;
-  string uploadedKey = 2;
-  string uploadFailureReason = 3;
 }
 
 enum LogLevel {

client/server/debug.go

@@ -4,24 +4,16 @@ package server
 
 import (
 	"context"
-	"crypto/sha256"
-	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
-	"net/http"
-	"os"
 
 	log "github.com/sirupsen/logrus"
 
 	"github.com/netbirdio/netbird/client/internal/debug"
 	"github.com/netbirdio/netbird/client/proto"
 	mgmProto "github.com/netbirdio/netbird/management/proto"
-	"github.com/netbirdio/netbird/upload-server/types"
 )
 
-const maxBundleUploadSize = 50 * 1024 * 1024
-
 // DebugBundle creates a debug bundle and returns the location.
 func (s *Server) DebugBundle(_ context.Context, req *proto.DebugBundleRequest) (resp *proto.DebugBundleResponse, err error) {
 	s.mutex.Lock()
@@ -50,104 +42,7 @@ func (s *Server) DebugBundle(_ context.Context, req *proto.DebugBundleRequest) (
 		return nil, fmt.Errorf("generate debug bundle: %w", err)
 	}
 
-	if req.GetUploadURL() == "" {
-		return &proto.DebugBundleResponse{Path: path}, nil
-	}
-	key, err := uploadDebugBundle(context.Background(), req.GetUploadURL(), s.config.ManagementURL.String(), path)
-	if err != nil {
-		log.Errorf("failed to upload debug bundle to %s: %v", req.GetUploadURL(), err)
-		return &proto.DebugBundleResponse{Path: path, UploadFailureReason: err.Error()}, nil
-	}
-
-	log.Infof("debug bundle uploaded to %s with key %s", req.GetUploadURL(), key)
-
-	return &proto.DebugBundleResponse{Path: path, UploadedKey: key}, nil
-}
-
-func uploadDebugBundle(ctx context.Context, url, managementURL, filePath string) (key string, err error) {
-	response, err := getUploadURL(ctx, url, managementURL)
-	if err != nil {
-		return "", err
-	}
-
-	err = upload(ctx, filePath, response)
-	if err != nil {
-		return "", err
-	}
-	return response.Key, nil
-}
-
-func upload(ctx context.Context, filePath string, response *types.GetURLResponse) error {
-	fileData, err := os.Open(filePath)
-	if err != nil {
-		return fmt.Errorf("open file: %w", err)
-	}
-
-	defer fileData.Close()
-
-	stat, err := fileData.Stat()
-	if err != nil {
-		return fmt.Errorf("stat file: %w", err)
-	}
-
-	if stat.Size() > maxBundleUploadSize {
-		return fmt.Errorf("file size exceeds maximum limit of %d bytes", maxBundleUploadSize)
-	}
-
-	req, err := http.NewRequestWithContext(ctx, "PUT", response.URL, fileData)
-	if err != nil {
-		return fmt.Errorf("create PUT request: %w", err)
-	}
-
-	req.ContentLength = stat.Size()
-	req.Header.Set("Content-Type", "application/octet-stream")
-
-	putResp, err := http.DefaultClient.Do(req)
-	if err != nil {
-		return fmt.Errorf("upload failed: %v", err)
-	}
-	defer putResp.Body.Close()
-
-	if putResp.StatusCode != http.StatusOK {
-		body, _ := io.ReadAll(putResp.Body)
-		return fmt.Errorf("upload status %d: %s", putResp.StatusCode, string(body))
-	}
-	return nil
-}
-
-func getUploadURL(ctx context.Context, url string, managementURL string) (*types.GetURLResponse, error) {
-	id := getURLHash(managementURL)
-	getReq, err := http.NewRequestWithContext(ctx, "GET", url+"?id="+id, nil)
-	if err != nil {
-		return nil, fmt.Errorf("create GET request: %w", err)
-	}
-
-	getReq.Header.Set(types.ClientHeader, types.ClientHeaderValue)
-
-	resp, err := http.DefaultClient.Do(getReq)
-	if err != nil {
-		return nil, fmt.Errorf("get presigned URL: %w", err)
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		body, _ := io.ReadAll(resp.Body)
-		return nil, fmt.Errorf("get presigned URL status %d: %s", resp.StatusCode, string(body))
-	}
-
-	urlBytes, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, fmt.Errorf("read response body: %w", err)
-	}
-	var response types.GetURLResponse
-	if err := json.Unmarshal(urlBytes, &response); err != nil {
-		return nil, fmt.Errorf("unmarshal response: %w", err)
-	}
-	return &response, nil
-}
-
-func getURLHash(url string) string {
-	return fmt.Sprintf("%x", sha256.Sum256([]byte(url)))
+	return &proto.DebugBundleResponse{Path: path}, nil
 }
 
 // GetLogLevel gets the current logging level for the server.

client/server/debug_test.go

@@ -1,49 +0,0 @@
-package server
-
-import (
-	"context"
-	"errors"
-	"net/http"
-	"os"
-	"path/filepath"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/netbirdio/netbird/upload-server/server"
-	"github.com/netbirdio/netbird/upload-server/types"
-)
-
-func TestUpload(t *testing.T) {
-	if os.Getenv("DOCKER_CI") == "true" {
-		t.Skip("Skipping upload test on docker ci")
-	}
-	testDir := t.TempDir()
-	testURL := "http://localhost:8080"
-	t.Setenv("SERVER_URL", testURL)
-	t.Setenv("STORE_DIR", testDir)
-	srv := server.NewServer()
-	go func() {
-		if err := srv.Start(); err != nil && !errors.Is(err, http.ErrServerClosed) {
-			t.Errorf("Failed to start server: %v", err)
-		}
-	}()
-	t.Cleanup(func() {
-		if err := srv.Stop(); err != nil {
-			t.Errorf("Failed to stop server: %v", err)
-		}
-	})
-
-	file := filepath.Join(t.TempDir(), "tmpfile")
-	fileContent := []byte("test file content")
-	err := os.WriteFile(file, fileContent, 0640)
-	require.NoError(t, err)
-	key, err := uploadDebugBundle(context.Background(), testURL+types.GetURLPath, testURL, file)
-	require.NoError(t, err)
-	id := getURLHash(testURL)
-	require.Contains(t, key, id+"/")
-	expectedFilePath := filepath.Join(testDir, key)
-	createdFileContent, err := os.ReadFile(expectedFilePath)
-	require.NoError(t, err)
-	require.Equal(t, fileContent, createdFileContent)
-}

client/ui/client_ui.go

@@ -51,17 +51,14 @@ const (
 )
 
 func main() {
-	daemonAddr, showSettings, showNetworks, showDebug, errorMsg, saveLogsInFile := parseFlags()
+	daemonAddr, showSettings, showNetworks, errorMsg, saveLogsInFile := parseFlags()
 
 	// Initialize file logging if needed.
-	var logFile string
 	if saveLogsInFile {
-		file, err := initLogFile()
-		if err != nil {
+		if err := initLogFile(); err != nil {
 			log.Errorf("error while initializing log: %v", err)
 			return
 		}
-		logFile = file
 	}
 
 	// Create the Fyne application.
@@ -75,13 +72,13 @@ func main() {
 	}
 
 	// Create the service client (this also builds the settings or networks UI if requested).
-	client := newServiceClient(daemonAddr, logFile, a, showSettings, showNetworks, showDebug)
+	client := newServiceClient(daemonAddr, a, showSettings, showNetworks)
 
 	// Watch for theme/settings changes to update the icon.
 	go watchSettingsChanges(a, client)
 
 	// Run in window mode if any UI flag was set.
-	if showSettings || showNetworks || showDebug {
+	if showSettings || showNetworks {
 		a.Run()
 		return
 	}
@@ -102,7 +99,7 @@ func main() {
 }
 
 // parseFlags reads and returns all needed command-line flags.
-func parseFlags() (daemonAddr string, showSettings, showNetworks, showDebug bool, errorMsg string, saveLogsInFile bool) {
+func parseFlags() (daemonAddr string, showSettings, showNetworks bool, errorMsg string, saveLogsInFile bool) {
 	defaultDaemonAddr := "unix:///var/run/netbird.sock"
 	if runtime.GOOS == "windows" {
 		defaultDaemonAddr = "tcp://127.0.0.1:41731"
@@ -110,17 +107,25 @@ func parseFlags() (daemonAddr string, showSettings, showNetworks, showDebug bool
 	flag.StringVar(&daemonAddr, "daemon-addr", defaultDaemonAddr, "Daemon service address to serve CLI requests [unix|tcp]://[path|host:port]")
 	flag.BoolVar(&showSettings, "settings", false, "run settings window")
 	flag.BoolVar(&showNetworks, "networks", false, "run networks window")
-	flag.BoolVar(&showDebug, "debug", false, "run debug window")
 	flag.StringVar(&errorMsg, "error-msg", "", "displays an error message window")
-	flag.BoolVar(&saveLogsInFile, "use-log-file", false, fmt.Sprintf("save logs in a file: %s/netbird-ui-PID.log", os.TempDir()))
+
+	tmpDir := "/tmp"
+	if runtime.GOOS == "windows" {
+		tmpDir = os.TempDir()
+	}
+	flag.BoolVar(&saveLogsInFile, "use-log-file", false, fmt.Sprintf("save logs in a file: %s/netbird-ui-PID.log", tmpDir))
 	flag.Parse()
 	return
 }
 
 // initLogFile initializes logging into a file.
-func initLogFile() (string, error) {
-	logFile := path.Join(os.TempDir(), fmt.Sprintf("netbird-ui-%d.log", os.Getpid()))
-	return logFile, util.InitLog("trace", logFile)
+func initLogFile() error {
+	tmpDir := "/tmp"
+	if runtime.GOOS == "windows" {
+		tmpDir = os.TempDir()
+	}
+	logFile := path.Join(tmpDir, fmt.Sprintf("netbird-ui-%d.log", os.Getpid()))
+	return util.InitLog("trace", logFile)
 }
 
 // watchSettingsChanges listens for Fyne theme/settings changes and updates the client icon.
@@ -163,10 +168,9 @@ var iconConnectingMacOS []byte
 var iconErrorMacOS []byte
 
 type serviceClient struct {
-	ctx    context.Context
-	cancel context.CancelFunc
-	addr   string
-	conn   proto.DaemonServiceClient
+	ctx  context.Context
+	addr string
+	conn proto.DaemonServiceClient
 
 	icAbout              []byte
 	icConnected          []byte
@@ -227,14 +231,13 @@ type serviceClient struct {
 	daemonVersion        string
 	updateIndicationLock sync.Mutex
 	isUpdateIconActive   bool
-	showNetworks         bool
-	wNetworks            fyne.Window
+	showRoutes           bool
+	wRoutes              fyne.Window
 
 	eventManager *event.Manager
 
 	exitNodeMu     sync.Mutex
 	mExitNodeItems []menuHandler
-	logFile        string
 }
 
 type menuHandler struct {
@@ -245,30 +248,25 @@ type menuHandler struct {
 // newServiceClient instance constructor
 //
 // This constructor also builds the UI elements for the settings window.
-func newServiceClient(addr string, logFile string, a fyne.App, showSettings bool, showNetworks bool, showDebug bool) *serviceClient {
-	ctx, cancel := context.WithCancel(context.Background())
+func newServiceClient(addr string, a fyne.App, showSettings bool, showRoutes bool) *serviceClient {
 	s := &serviceClient{
-		ctx:              ctx,
-		cancel:           cancel,
+		ctx:              context.Background(),
 		addr:             addr,
 		app:              a,
-		logFile:          logFile,
 		sendNotification: false,
 
 		showAdvancedSettings: showSettings,
-		showNetworks:         showNetworks,
+		showRoutes:           showRoutes,
 		update:               version.NewUpdate(),
 	}
 
 	s.setNewIcons()
 
-	switch {
-	case showSettings:
+	if showSettings {
 		s.showSettingsUI()
-	case showNetworks:
+		return s
+	} else if showRoutes {
 		s.showNetworksUI()
-	case showDebug:
-		s.showDebugUI()
 	}
 
 	return s
@@ -315,8 +313,6 @@ func (s *serviceClient) updateIcon() {
 func (s *serviceClient) showSettingsUI() {
 	// add settings window UI elements.
 	s.wSettings = s.app.NewWindow("NetBird Settings")
-	s.wSettings.SetOnClosed(s.cancel)
-
 	s.iMngURL = widget.NewEntry()
 	s.iAdminURL = widget.NewEntry()
 	s.iConfigFile = widget.NewEntry()
@@ -747,10 +743,11 @@ func (s *serviceClient) onTrayReady() {
 					s.runSelfCommand("settings", "true")
 				}()
 			case <-s.mCreateDebugBundle.ClickedCh:
-				s.mCreateDebugBundle.Disable()
 				go func() {
-					defer s.mCreateDebugBundle.Enable()
-					s.runSelfCommand("debug", "true")
+					if err := s.createAndOpenDebugBundle(); err != nil {
+						log.Errorf("Failed to create debug bundle: %v", err)
+						s.app.SendNotification(fyne.NewNotification("Error", "Failed to create debug bundle"))
+					}
 				}()
 			case <-s.mQuit.ClickedCh:
 				systray.Quit()
@@ -792,7 +789,7 @@ func (s *serviceClient) onTrayReady() {
 func (s *serviceClient) runSelfCommand(command, arg string) {
 	proc, err := os.Executable()
 	if err != nil {
-		log.Errorf("Error getting executable path: %v", err)
+		log.Errorf("show %s failed with error: %v", command, err)
 		return
 	}
 
@@ -801,48 +798,14 @@ func (s *serviceClient) runSelfCommand(command, arg string) {
 		fmt.Sprintf("--daemon-addr=%s", s.addr),
 	)
 
-	if out := s.attachOutput(cmd); out != nil {
-		defer func() {
-			if err := out.Close(); err != nil {
-				log.Errorf("Error closing log file %s: %v", s.logFile, err)
-			}
-		}()
-	}
-
-	log.Printf("Running command: %s --%s=%s --daemon-addr=%s", proc, command, arg, s.addr)
-
-	err = cmd.Run()
-
-	if err != nil {
-		var exitErr *exec.ExitError
-		if errors.As(err, &exitErr) {
-			log.Printf("Command '%s %s' failed with exit code %d", command, arg, exitErr.ExitCode())
-		} else {
-			log.Printf("Failed to start/run command '%s %s': %v", command, arg, err)
-		}
+	out, err := cmd.CombinedOutput()
+	if exitErr, ok := err.(*exec.ExitError); ok && exitErr.ExitCode() == 1 {
+		log.Errorf("start %s UI: %v, %s", command, err, string(out))
 		return
 	}
-
-	log.Printf("Command '%s %s' completed successfully.", command, arg)
-}
-
-func (s *serviceClient) attachOutput(cmd *exec.Cmd) *os.File {
-	if s.logFile == "" {
-		// attach child's streams to parent's streams
-		cmd.Stdout = os.Stdout
-		cmd.Stderr = os.Stderr
-
-		return nil
+	if len(out) != 0 {
+		log.Infof("command %s executed: %s", command, string(out))
 	}
-
-	out, err := os.OpenFile(s.logFile, os.O_WRONLY|os.O_APPEND, 0)
-	if err != nil {
-		log.Errorf("Failed to open log file %s: %v", s.logFile, err)
-		return nil
-	}
-	cmd.Stdout = out
-	cmd.Stderr = out
-	return out
 }
 
 func normalizedVersion(version string) string {
@@ -855,7 +818,9 @@ func normalizedVersion(version string) string {
 
 // onTrayExit is called when the tray icon is closed.
 func (s *serviceClient) onTrayExit() {
-	s.cancel()
+	for _, item := range s.mExitNodeItems {
+		item.cancel()
+	}
 }
 
 // getSrvClient connection to the service.
@@ -864,7 +829,7 @@ func (s *serviceClient) getSrvClient(timeout time.Duration) (proto.DaemonService
 		return s.conn, nil
 	}
 
-	ctx, cancel := context.WithTimeout(s.ctx, timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 
 	conn, err := grpc.DialContext(

client/ui/debug.go

@@ -3,721 +3,48 @@
 package main
 
 import (
-	"context"
 	"fmt"
 	"path/filepath"
-	"strconv"
-	"sync"
-	"time"
 
 	"fyne.io/fyne/v2"
-	"fyne.io/fyne/v2/container"
-	"fyne.io/fyne/v2/dialog"
-	"fyne.io/fyne/v2/widget"
-	log "github.com/sirupsen/logrus"
 	"github.com/skratchdot/open-golang/open"
 
-	"github.com/netbirdio/netbird/client/internal"
 	"github.com/netbirdio/netbird/client/proto"
 	nbstatus "github.com/netbirdio/netbird/client/status"
-	uptypes "github.com/netbirdio/netbird/upload-server/types"
 )
 
-// Initial state for the debug collection
-type debugInitialState struct {
-	wasDown      bool
-	logLevel     proto.LogLevel
-	isLevelTrace bool
-}
-
-// Debug collection parameters
-type debugCollectionParams struct {
-	duration          time.Duration
-	anonymize         bool
-	systemInfo        bool
-	upload            bool
-	uploadURL         string
-	enablePersistence bool
-}
-
-// UI components for progress tracking
-type progressUI struct {
-	statusLabel *widget.Label
-	progressBar *widget.ProgressBar
-	uiControls  []fyne.Disableable
-	window      fyne.Window
-}
-
-func (s *serviceClient) showDebugUI() {
-	w := s.app.NewWindow("NetBird Debug")
-	w.SetOnClosed(s.cancel)
-
-	w.Resize(fyne.NewSize(600, 500))
-	w.SetFixedSize(true)
-
-	anonymizeCheck := widget.NewCheck("Anonymize sensitive information (public IPs, domains, ...)", nil)
-	systemInfoCheck := widget.NewCheck("Include system information (routes, interfaces, ...)", nil)
-	systemInfoCheck.SetChecked(true)
-	uploadCheck := widget.NewCheck("Upload bundle automatically after creation", nil)
-	uploadCheck.SetChecked(true)
-
-	uploadURLLabel := widget.NewLabel("Debug upload URL:")
-	uploadURL := widget.NewEntry()
-	uploadURL.SetText(uptypes.DefaultBundleURL)
-	uploadURL.SetPlaceHolder("Enter upload URL")
-
-	uploadURLContainer := container.NewVBox(
-		uploadURLLabel,
-		uploadURL,
-	)
-
-	uploadCheck.OnChanged = func(checked bool) {
-		if checked {
-			uploadURLContainer.Show()
-		} else {
-			uploadURLContainer.Hide()
-		}
-	}
-
-	debugModeContainer := container.NewHBox()
-	runForDurationCheck := widget.NewCheck("Run with trace logs before creating bundle", nil)
-	runForDurationCheck.SetChecked(true)
-
-	forLabel := widget.NewLabel("for")
-
-	durationInput := widget.NewEntry()
-	durationInput.SetText("1")
-	minutesLabel := widget.NewLabel("minute")
-	durationInput.Validator = func(s string) error {
-		return validateMinute(s, minutesLabel)
-	}
-
-	noteLabel := widget.NewLabel("Note: NetBird will be brought up and down during collection")
-
-	runForDurationCheck.OnChanged = func(checked bool) {
-		if checked {
-			forLabel.Show()
-			durationInput.Show()
-			minutesLabel.Show()
-			noteLabel.Show()
-		} else {
-			forLabel.Hide()
-			durationInput.Hide()
-			minutesLabel.Hide()
-			noteLabel.Hide()
-		}
-	}
-
-	debugModeContainer.Add(runForDurationCheck)
-	debugModeContainer.Add(forLabel)
-	debugModeContainer.Add(durationInput)
-	debugModeContainer.Add(minutesLabel)
-
-	statusLabel := widget.NewLabel("")
-	statusLabel.Hide()
-
-	progressBar := widget.NewProgressBar()
-	progressBar.Hide()
-
-	createButton := widget.NewButton("Create Debug Bundle", nil)
-
-	// UI controls that should be disabled during debug collection
-	uiControls := []fyne.Disableable{
-		anonymizeCheck,
-		systemInfoCheck,
-		uploadCheck,
-		uploadURL,
-		runForDurationCheck,
-		durationInput,
-		createButton,
-	}
-
-	createButton.OnTapped = s.getCreateHandler(
-		statusLabel,
-		progressBar,
-		uploadCheck,
-		uploadURL,
-		anonymizeCheck,
-		systemInfoCheck,
-		runForDurationCheck,
-		durationInput,
-		uiControls,
-		w,
-	)
-
-	content := container.NewVBox(
-		widget.NewLabel("Create a debug bundle to help troubleshoot issues with NetBird"),
-		widget.NewLabel(""),
-		anonymizeCheck,
-		systemInfoCheck,
-		uploadCheck,
-		uploadURLContainer,
-		widget.NewLabel(""),
-		debugModeContainer,
-		noteLabel,
-		widget.NewLabel(""),
-		statusLabel,
-		progressBar,
-		createButton,
-	)
-
-	paddedContent := container.NewPadded(content)
-	w.SetContent(paddedContent)
-
-	w.Show()
-}
-
-func validateMinute(s string, minutesLabel *widget.Label) error {
-	if val, err := strconv.Atoi(s); err != nil || val < 1 {
-		return fmt.Errorf("must be a number ≥ 1")
-	}
-	if s == "1" {
-		minutesLabel.SetText("minute")
-	} else {
-		minutesLabel.SetText("minutes")
-	}
-	return nil
-}
-
-// disableUIControls disables the provided UI controls
-func disableUIControls(controls []fyne.Disableable) {
-	for _, control := range controls {
-		control.Disable()
-	}
-}
-
-// enableUIControls enables the provided UI controls
-func enableUIControls(controls []fyne.Disableable) {
-	for _, control := range controls {
-		control.Enable()
-	}
-}
-
-func (s *serviceClient) getCreateHandler(
-	statusLabel *widget.Label,
-	progressBar *widget.ProgressBar,
-	uploadCheck *widget.Check,
-	uploadURL *widget.Entry,
-	anonymizeCheck *widget.Check,
-	systemInfoCheck *widget.Check,
-	runForDurationCheck *widget.Check,
-	duration *widget.Entry,
-	uiControls []fyne.Disableable,
-	w fyne.Window,
-) func() {
-	return func() {
-		disableUIControls(uiControls)
-		statusLabel.Show()
-
-		var url string
-		if uploadCheck.Checked {
-			url = uploadURL.Text
-			if url == "" {
-				statusLabel.SetText("Error: Upload URL is required when upload is enabled")
-				enableUIControls(uiControls)
-				return
-			}
-		}
-
-		params := &debugCollectionParams{
-			anonymize:         anonymizeCheck.Checked,
-			systemInfo:        systemInfoCheck.Checked,
-			upload:            uploadCheck.Checked,
-			uploadURL:         url,
-			enablePersistence: true,
-		}
-
-		runForDuration := runForDurationCheck.Checked
-		if runForDuration {
-			minutes, err := time.ParseDuration(duration.Text + "m")
-			if err != nil {
-				statusLabel.SetText(fmt.Sprintf("Error: Invalid duration: %v", err))
-				enableUIControls(uiControls)
-				return
-			}
-			params.duration = minutes
-
-			statusLabel.SetText(fmt.Sprintf("Running in debug mode for %d minutes...", int(minutes.Minutes())))
-			progressBar.Show()
-			progressBar.SetValue(0)
-
-			go s.handleRunForDuration(
-				statusLabel,
-				progressBar,
-				uiControls,
-				w,
-				params,
-			)
-			return
-		}
-
-		statusLabel.SetText("Creating debug bundle...")
-		go s.handleDebugCreation(
-			anonymizeCheck.Checked,
-			systemInfoCheck.Checked,
-			uploadCheck.Checked,
-			url,
-			statusLabel,
-			uiControls,
-			w,
-		)
-	}
-}
-
-func (s *serviceClient) handleRunForDuration(
-	statusLabel *widget.Label,
-	progressBar *widget.ProgressBar,
-	uiControls []fyne.Disableable,
-	w fyne.Window,
-	params *debugCollectionParams,
-) {
-	progressUI := &progressUI{
-		statusLabel: statusLabel,
-		progressBar: progressBar,
-		uiControls:  uiControls,
-		window:      w,
-	}
-
+func (s *serviceClient) createAndOpenDebugBundle() error {
 	conn, err := s.getSrvClient(failFastTimeout)
 	if err != nil {
-		handleError(progressUI, fmt.Sprintf("Failed to get client for debug: %v", err))
-		return
-	}
-
-	initialState, err := s.getInitialState(conn)
-	if err != nil {
-		handleError(progressUI, err.Error())
-		return
-	}
-
-	statusOutput, err := s.collectDebugData(conn, initialState, params, progressUI)
-	if err != nil {
-		handleError(progressUI, err.Error())
-		return
-	}
-
-	if err := s.createDebugBundleFromCollection(conn, params, statusOutput, progressUI); err != nil {
-		handleError(progressUI, err.Error())
-		return
-	}
-
-	s.restoreServiceState(conn, initialState)
-
-	progressUI.statusLabel.SetText("Bundle created successfully")
-}
-
-// Get initial state of the service
-func (s *serviceClient) getInitialState(conn proto.DaemonServiceClient) (*debugInitialState, error) {
-	statusResp, err := conn.Status(s.ctx, &proto.StatusRequest{})
-	if err != nil {
-		return nil, fmt.Errorf(" get status: %v", err)
-	}
-
-	logLevelResp, err := conn.GetLogLevel(s.ctx, &proto.GetLogLevelRequest{})
-	if err != nil {
-		return nil, fmt.Errorf("get log level: %v", err)
-	}
-
-	wasDown := statusResp.Status != string(internal.StatusConnected) &&
-		statusResp.Status != string(internal.StatusConnecting)
-
-	initialLogLevel := logLevelResp.GetLevel()
-	initialLevelTrace := initialLogLevel >= proto.LogLevel_TRACE
-
-	return &debugInitialState{
-		wasDown:      wasDown,
-		logLevel:     initialLogLevel,
-		isLevelTrace: initialLevelTrace,
-	}, nil
-}
-
-// Handle progress tracking during collection
-func startProgressTracker(ctx context.Context, wg *sync.WaitGroup, duration time.Duration, progress *progressUI) {
-	progress.progressBar.Show()
-	progress.progressBar.SetValue(0)
-
-	startTime := time.Now()
-	endTime := startTime.Add(duration)
-	wg.Add(1)
-
-	go func() {
-		defer wg.Done()
-		ticker := time.NewTicker(500 * time.Millisecond)
-		defer ticker.Stop()
-
-		for {
-			select {
-			case <-ctx.Done():
-				return
-			case <-ticker.C:
-				remaining := time.Until(endTime)
-				if remaining <= 0 {
-					remaining = 0
-				}
-
-				elapsed := time.Since(startTime)
-				progressVal := float64(elapsed) / float64(duration)
-				if progressVal > 1.0 {
-					progressVal = 1.0
-				}
-
-				progress.progressBar.SetValue(progressVal)
-				progress.statusLabel.SetText(fmt.Sprintf("Running with trace logs... %s remaining", formatDuration(remaining)))
-			}
-		}
-	}()
-
-}
-
-func (s *serviceClient) configureServiceForDebug(
-	conn proto.DaemonServiceClient,
-	state *debugInitialState,
-	enablePersistence bool,
-) error {
-	if state.wasDown {
-		if _, err := conn.Up(s.ctx, &proto.UpRequest{}); err != nil {
-			return fmt.Errorf("bring service up: %v", err)
-		}
-		log.Info("Service brought up for debug")
-		time.Sleep(time.Second * 10)
-	}
-
-	if !state.isLevelTrace {
-		if _, err := conn.SetLogLevel(s.ctx, &proto.SetLogLevelRequest{Level: proto.LogLevel_TRACE}); err != nil {
-			return fmt.Errorf("set log level to TRACE: %v", err)
-		}
-		log.Info("Log level set to TRACE for debug")
-	}
-
-	if _, err := conn.Down(s.ctx, &proto.DownRequest{}); err != nil {
-		return fmt.Errorf("bring service down: %v", err)
-	}
-	time.Sleep(time.Second)
-
-	if enablePersistence {
-		if _, err := conn.SetNetworkMapPersistence(s.ctx, &proto.SetNetworkMapPersistenceRequest{
-			Enabled: true,
-		}); err != nil {
-			return fmt.Errorf("enable network map persistence: %v", err)
-		}
-		log.Info("Network map persistence enabled for debug")
-	}
-
-	if _, err := conn.Up(s.ctx, &proto.UpRequest{}); err != nil {
-		return fmt.Errorf("bring service back up: %v", err)
-	}
-	time.Sleep(time.Second * 3)
-
-	return nil
-}
-
-func (s *serviceClient) collectDebugData(
-	conn proto.DaemonServiceClient,
-	state *debugInitialState,
-	params *debugCollectionParams,
-	progress *progressUI,
-) (string, error) {
-	ctx, cancel := context.WithTimeout(s.ctx, params.duration)
-	defer cancel()
-	var wg sync.WaitGroup
-	startProgressTracker(ctx, &wg, params.duration, progress)
-
-	if err := s.configureServiceForDebug(conn, state, params.enablePersistence); err != nil {
-		return "", err
-	}
-
-	postUpStatus, err := conn.Status(s.ctx, &proto.StatusRequest{GetFullPeerStatus: true})
-	if err != nil {
-		log.Warnf("Failed to get post-up status: %v", err)
-	}
-
-	var postUpStatusOutput string
-	if postUpStatus != nil {
-		overview := nbstatus.ConvertToStatusOutputOverview(postUpStatus, params.anonymize, "", nil, nil, nil)
-		postUpStatusOutput = nbstatus.ParseToFullDetailSummary(overview)
-	}
-	headerPostUp := fmt.Sprintf("----- NetBird post-up - Timestamp: %s", time.Now().Format(time.RFC3339))
-	statusOutput := fmt.Sprintf("%s\n%s", headerPostUp, postUpStatusOutput)
-
-	wg.Wait()
-	progress.progressBar.Hide()
-	progress.statusLabel.SetText("Collecting debug data...")
-
-	preDownStatus, err := conn.Status(s.ctx, &proto.StatusRequest{GetFullPeerStatus: true})
-	if err != nil {
-		log.Warnf("Failed to get pre-down status: %v", err)
-	}
-
-	var preDownStatusOutput string
-	if preDownStatus != nil {
-		overview := nbstatus.ConvertToStatusOutputOverview(preDownStatus, params.anonymize, "", nil, nil, nil)
-		preDownStatusOutput = nbstatus.ParseToFullDetailSummary(overview)
-	}
-	headerPreDown := fmt.Sprintf("----- NetBird pre-down - Timestamp: %s - Duration: %s",
-		time.Now().Format(time.RFC3339), params.duration)
-	statusOutput = fmt.Sprintf("%s\n%s\n%s", statusOutput, headerPreDown, preDownStatusOutput)
-
-	return statusOutput, nil
-}
-
-// Create the debug bundle with collected data
-func (s *serviceClient) createDebugBundleFromCollection(
-	conn proto.DaemonServiceClient,
-	params *debugCollectionParams,
-	statusOutput string,
-	progress *progressUI,
-) error {
-	progress.statusLabel.SetText("Creating debug bundle with collected logs...")
-
-	request := &proto.DebugBundleRequest{
-		Anonymize:  params.anonymize,
-		Status:     statusOutput,
-		SystemInfo: params.systemInfo,
-	}
-
-	if params.upload {
-		request.UploadURL = params.uploadURL
-	}
-
-	resp, err := conn.DebugBundle(s.ctx, request)
-	if err != nil {
-		return fmt.Errorf("create debug bundle: %v", err)
-	}
-
-	// Show appropriate dialog based on upload status
-	localPath := resp.GetPath()
-	uploadFailureReason := resp.GetUploadFailureReason()
-	uploadedKey := resp.GetUploadedKey()
-
-	if params.upload {
-		if uploadFailureReason != "" {
-			showUploadFailedDialog(progress.window, localPath, uploadFailureReason)
-		} else {
-			showUploadSuccessDialog(progress.window, localPath, uploadedKey)
-		}
-	} else {
-		showBundleCreatedDialog(progress.window, localPath)
-	}
-
-	enableUIControls(progress.uiControls)
-	return nil
-}
-
-// Restore service to original state
-func (s *serviceClient) restoreServiceState(conn proto.DaemonServiceClient, state *debugInitialState) {
-	if state.wasDown {
-		if _, err := conn.Down(s.ctx, &proto.DownRequest{}); err != nil {
-			log.Errorf("Failed to restore down state: %v", err)
-		} else {
-			log.Info("Service state restored to down")
-		}
-	}
-
-	if !state.isLevelTrace {
-		if _, err := conn.SetLogLevel(s.ctx, &proto.SetLogLevelRequest{Level: state.logLevel}); err != nil {
-			log.Errorf("Failed to restore log level: %v", err)
-		} else {
-			log.Info("Log level restored to original setting")
-		}
-	}
-}
-
-// Handle errors during debug collection
-func handleError(progress *progressUI, errMsg string) {
-	log.Errorf("%s", errMsg)
-	progress.statusLabel.SetText(errMsg)
-	progress.progressBar.Hide()
-	enableUIControls(progress.uiControls)
-}
-
-func (s *serviceClient) handleDebugCreation(
-	anonymize bool,
-	systemInfo bool,
-	upload bool,
-	uploadURL string,
-	statusLabel *widget.Label,
-	uiControls []fyne.Disableable,
-	w fyne.Window,
-) {
-	log.Infof("Creating debug bundle (Anonymized: %v, System Info: %v, Upload Attempt: %v)...",
-		anonymize, systemInfo, upload)
-
-	resp, err := s.createDebugBundle(anonymize, systemInfo, uploadURL)
-	if err != nil {
-		log.Errorf("Failed to create debug bundle: %v", err)
-		statusLabel.SetText(fmt.Sprintf("Error creating bundle: %v", err))
-		enableUIControls(uiControls)
-		return
-	}
-
-	localPath := resp.GetPath()
-	uploadFailureReason := resp.GetUploadFailureReason()
-	uploadedKey := resp.GetUploadedKey()
-
-	if upload {
-		if uploadFailureReason != "" {
-			showUploadFailedDialog(w, localPath, uploadFailureReason)
-		} else {
-			showUploadSuccessDialog(w, localPath, uploadedKey)
-		}
-	} else {
-		showBundleCreatedDialog(w, localPath)
-	}
-
-	enableUIControls(uiControls)
-	statusLabel.SetText("Bundle created successfully")
-}
-
-func (s *serviceClient) createDebugBundle(anonymize bool, systemInfo bool, uploadURL string) (*proto.DebugBundleResponse, error) {
-	conn, err := s.getSrvClient(failFastTimeout)
-	if err != nil {
-		return nil, fmt.Errorf("get client: %v", err)
+		return fmt.Errorf("get client: %v", err)
 	}
 
 	statusResp, err := conn.Status(s.ctx, &proto.StatusRequest{GetFullPeerStatus: true})
 	if err != nil {
-		log.Warnf("failed to get status for debug bundle: %v", err)
+		return fmt.Errorf("failed to get status: %v", err)
 	}
 
-	var statusOutput string
-	if statusResp != nil {
-		overview := nbstatus.ConvertToStatusOutputOverview(statusResp, anonymize, "", nil, nil, nil)
-		statusOutput = nbstatus.ParseToFullDetailSummary(overview)
-	}
+	overview := nbstatus.ConvertToStatusOutputOverview(statusResp, true, "", nil, nil, nil)
+	statusOutput := nbstatus.ParseToFullDetailSummary(overview)
 
-	request := &proto.DebugBundleRequest{
-		Anonymize:  anonymize,
+	resp, err := conn.DebugBundle(s.ctx, &proto.DebugBundleRequest{
+		Anonymize:  true,
 		Status:     statusOutput,
-		SystemInfo: systemInfo,
-	}
-
-	if uploadURL != "" {
-		request.UploadURL = uploadURL
-	}
-
-	resp, err := conn.DebugBundle(s.ctx, request)
+		SystemInfo: true,
+	})
 	if err != nil {
-		return nil, fmt.Errorf("failed to create debug bundle via daemon: %v", err)
+		return fmt.Errorf("failed to create debug bundle: %v", err)
 	}
 
-	return resp, nil
-}
-
-// formatDuration formats a duration in HH:MM:SS format
-func formatDuration(d time.Duration) string {
-	d = d.Round(time.Second)
-	h := d / time.Hour
-	d %= time.Hour
-	m := d / time.Minute
-	d %= time.Minute
-	s := d / time.Second
-	return fmt.Sprintf("%02d:%02d:%02d", h, m, s)
-}
-
-// createButtonWithAction creates a button with the given label and action
-func createButtonWithAction(label string, action func()) *widget.Button {
-	button := widget.NewButton(label, action)
-	return button
-}
-
-// showUploadFailedDialog displays a dialog when upload fails
-func showUploadFailedDialog(w fyne.Window, localPath, failureReason string) {
-	content := container.NewVBox(
-		widget.NewLabel(fmt.Sprintf("Bundle upload failed:\n%s\n\n"+
-			"A local copy was saved at:\n%s", failureReason, localPath)),
-	)
-
-	customDialog := dialog.NewCustom("Upload Failed", "Cancel", content, w)
-
-	buttonBox := container.NewHBox(
-		createButtonWithAction("Open file", func() {
-			log.Infof("Attempting to open local file: %s", localPath)
-			if openErr := open.Start(localPath); openErr != nil {
-				log.Errorf("Failed to open local file '%s': %v", localPath, openErr)
-				dialog.ShowError(fmt.Errorf("open the local file:\n%s\n\nError: %v", localPath, openErr), w)
-			}
-		}),
-		createButtonWithAction("Open folder", func() {
-			folderPath := filepath.Dir(localPath)
-			log.Infof("Attempting to open local folder: %s", folderPath)
-			if openErr := open.Start(folderPath); openErr != nil {
-				log.Errorf("Failed to open local folder '%s': %v", folderPath, openErr)
-				dialog.ShowError(fmt.Errorf("open the local folder:\n%s\n\nError: %v", folderPath, openErr), w)
-			}
-		}),
-	)
-
-	content.Add(buttonBox)
-	customDialog.Show()
-}
-
-// showUploadSuccessDialog displays a dialog when upload succeeds
-func showUploadSuccessDialog(w fyne.Window, localPath, uploadedKey string) {
-	log.Infof("Upload key: %s", uploadedKey)
-	keyEntry := widget.NewEntry()
-	keyEntry.SetText(uploadedKey)
-	keyEntry.Disable()
-
-	content := container.NewVBox(
-		widget.NewLabel("Bundle uploaded successfully!"),
-		widget.NewLabel(""),
-		widget.NewLabel("Upload key:"),
-		keyEntry,
-		widget.NewLabel(""),
-		widget.NewLabel(fmt.Sprintf("Local copy saved at:\n%s", localPath)),
-	)
-
-	customDialog := dialog.NewCustom("Upload Successful", "OK", content, w)
-
-	copyBtn := createButtonWithAction("Copy key", func() {
-		w.Clipboard().SetContent(uploadedKey)
-		log.Info("Upload key copied to clipboard")
-	})
-
-	buttonBox := createButtonBox(localPath, w, copyBtn)
-	content.Add(buttonBox)
-	customDialog.Show()
-}
-
-// showBundleCreatedDialog displays a dialog when bundle is created without upload
-func showBundleCreatedDialog(w fyne.Window, localPath string) {
-	content := container.NewVBox(
-		widget.NewLabel(fmt.Sprintf("Bundle created locally at:\n%s\n\n"+
-			"Administrator privileges may be required to access the file.", localPath)),
-	)
-
-	customDialog := dialog.NewCustom("Debug Bundle Created", "Cancel", content, w)
-
-	buttonBox := createButtonBox(localPath, w, nil)
-	content.Add(buttonBox)
-	customDialog.Show()
-}
-
-func createButtonBox(localPath string, w fyne.Window, elems ...fyne.Widget) *fyne.Container {
-	box := container.NewHBox()
-	for _, elem := range elems {
-		box.Add(elem)
+	bundleDir := filepath.Dir(resp.GetPath())
+	if err := open.Start(bundleDir); err != nil {
+		return fmt.Errorf("failed to open debug bundle directory: %v", err)
 	}
 
-	fileBtn := createButtonWithAction("Open file", func() {
-		log.Infof("Attempting to open local file: %s", localPath)
-		if openErr := open.Start(localPath); openErr != nil {
-			log.Errorf("Failed to open local file '%s': %v", localPath, openErr)
-			dialog.ShowError(fmt.Errorf("open the local file:\n%s\n\nError: %v", localPath, openErr), w)
-		}
-	})
+	s.app.SendNotification(fyne.NewNotification(
+		"Debug Bundle",
+		fmt.Sprintf("Debug bundle created at %s. Administrator privileges are required to access it.", resp.GetPath()),
+	))
 
-	folderBtn := createButtonWithAction("Open folder", func() {
-		folderPath := filepath.Dir(localPath)
-		log.Infof("Attempting to open local folder: %s", folderPath)
-		if openErr := open.Start(folderPath); openErr != nil {
-			log.Errorf("Failed to open local folder '%s': %v", folderPath, openErr)
-			dialog.ShowError(fmt.Errorf("open the local folder:\n%s\n\nError: %v", folderPath, openErr), w)
-		}
-	})
-
-	box.Add(fileBtn)
-	box.Add(folderBtn)
-
-	return box
+	return nil
 }

client/ui/network.go

@@ -34,8 +34,7 @@ const (
 type filter string
 
 func (s *serviceClient) showNetworksUI() {
-	s.wNetworks = s.app.NewWindow("Networks")
-	s.wNetworks.SetOnClosed(s.cancel)
+	s.wRoutes = s.app.NewWindow("Networks")
 
 	allGrid := container.New(layout.NewGridLayout(3))
 	go s.updateNetworks(allGrid, allNetworks)
@@ -79,8 +78,8 @@ func (s *serviceClient) showNetworksUI() {
 
 	content := container.NewBorder(nil, buttonBox, nil, nil, scrollContainer)
 
-	s.wNetworks.SetContent(content)
-	s.wNetworks.Show()
+	s.wRoutes.SetContent(content)
+	s.wRoutes.Show()
 
 	s.startAutoRefresh(10*time.Second, tabs, allGrid, overlappingGrid, exitNodeGrid)
 }
@@ -149,7 +148,7 @@ func (s *serviceClient) updateNetworks(grid *fyne.Container, f filter) {
 		grid.Add(resolvedIPsSelector)
 	}
 
-	s.wNetworks.Content().Refresh()
+	s.wRoutes.Content().Refresh()
 	grid.Refresh()
 }
 
@@ -306,7 +305,7 @@ func (s *serviceClient) getNetworksRequest(f filter, appendRoute bool) *proto.Se
 func (s *serviceClient) showError(err error) {
 	wrappedMessage := wrapText(err.Error(), 50)
 
-	dialog.ShowError(fmt.Errorf("%s", wrappedMessage), s.wNetworks)
+	dialog.ShowError(fmt.Errorf("%s", wrappedMessage), s.wRoutes)
 }
 
 func (s *serviceClient) startAutoRefresh(interval time.Duration, tabs *container.AppTabs, allGrid, overlappingGrid, exitNodesGrid *fyne.Container) {
@@ -317,15 +316,14 @@ func (s *serviceClient) startAutoRefresh(interval time.Duration, tabs *container
 		}
 	}()
 
-	s.wNetworks.SetOnClosed(func() {
+	s.wRoutes.SetOnClosed(func() {
 		ticker.Stop()
-		s.cancel()
 	})
 }
 
 func (s *serviceClient) updateNetworksBasedOnDisplayTab(tabs *container.AppTabs, allGrid, overlappingGrid, exitNodesGrid *fyne.Container) {
 	grid, f := getGridAndFilterFromTab(tabs, allGrid, overlappingGrid, exitNodesGrid)
-	s.wNetworks.Content().Refresh()
+	s.wRoutes.Content().Refresh()
 	s.updateNetworks(grid, f)
 }
 
@@ -375,7 +373,7 @@ func (s *serviceClient) recreateExitNodeMenu(exitNodes []*proto.Network) {
 			node.Selected,
 		)
 
-		ctx, cancel := context.WithCancel(s.ctx)
+		ctx, cancel := context.WithCancel(context.Background())
 		s.mExitNodeItems = append(s.mExitNodeItems, menuHandler{
 			MenuItem: menuItem,
 			cancel:   cancel,

dns/dns.go

@@ -66,17 +66,17 @@ func (s SimpleRecord) String() string {
 func (s SimpleRecord) Len() uint16 {
 	emptyString := s.RData == ""
 	switch s.Type {
-	case int(dns.TypeA):
+	case 1:
 		if emptyString {
 			return 0
 		}
 		return net.IPv4len
-	case int(dns.TypeCNAME):
+	case 5:
 		if emptyString || s.RData == "." {
 			return 1
 		}
 		return uint16(len(s.RData) + 1)
-	case int(dns.TypeAAAA):
+	case 28:
 		if emptyString {
 			return 0
 		}

go.mod

@@ -33,9 +33,6 @@ require (
 	fyne.io/fyne/v2 v2.5.3
 	fyne.io/systray v1.11.0
 	github.com/TheJumpCloud/jcapi-go v3.0.0+incompatible
-	github.com/aws/aws-sdk-go-v2 v1.36.3
-	github.com/aws/aws-sdk-go-v2/config v1.29.14
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.79.2
 	github.com/c-robinson/iplib v1.0.3
 	github.com/caddyserver/certmagic v0.21.3
 	github.com/cilium/ebpf v0.15.0
@@ -126,22 +123,20 @@ require (
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/Microsoft/hcsshim v0.12.3 // indirect
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.67 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.15 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.30.3 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.27.27 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.27 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 // indirect
 	github.com/aws/aws-sdk-go-v2/service/route53 v1.42.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 // indirect
-	github.com/aws/smithy-go v1.22.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 // indirect
+	github.com/aws/smithy-go v1.20.3 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/caddyserver/zerossl v0.1.3 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect

go.sum

@@ -74,44 +74,34 @@ github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kd
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM=
-github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10 h1:zAybnyUQXIZ5mok5Jqwlf58/TFE7uvd3IAsa1aF9cXs=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10/go.mod h1:qqvMj6gHLR/EXWZw4ZbqlPbQUyenf4h82UQUlKc+l14=
-github.com/aws/aws-sdk-go-v2/config v1.29.14 h1:f+eEi/2cKCg9pqKBoAIwRGzVb70MRKqWX4dg1BDcSJM=
-github.com/aws/aws-sdk-go-v2/config v1.29.14/go.mod h1:wVPHWcIFv3WO89w0rE10gzf17ZYy+UVS1Geq8Iei34g=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.67 h1:9KxtdcIA/5xPNQyZRgUSpYOE6j9Bc4+D7nZua0KGYOM=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.67/go.mod h1:p3C44m+cfnbv763s52gCqrjaqyPikj9Sg47kUVaNZQQ=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30/go.mod h1:Jpne2tDnYiFascUEs2AWHJL9Yp7A5ZVy3TNyxaAjD6M=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 h1:ZK5jHhnrioRkUNOc+hOgQKlUL5JeC3S6JgLxtQ+Rm0Q=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34/go.mod h1:p4VfIceZokChbA9FzMbRGz5OV+lekcVtHlPKEO0gSZY=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 h1:SZwFm17ZUNNg5Np0ioo/gq8Mn6u9w19Mri8DnJ15Jf0=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34/go.mod h1:dFZsC0BLo346mvKQLWmoJxT+Sjp+qcVR1tRVHQGOH9Q=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34 h1:ZNTqv4nIdE/DiBfUUfXcLZ/Spcuz+RjeziUtNJackkM=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34/go.mod h1:zf7Vcd1ViW7cPqYWEHLHJkS50X0JS2IKz9Cgaj6ugrs=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b5IzM/lum78bZ590jy36+d/aFLgKF/4Vd1xPE=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.0 h1:lguz0bmOoGzozP9XfRJR1QIayEYo+2vP/No3OfLF0pU=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.0/go.mod h1:iu6FSzgt+M2/x3Dk8zhycdIcHjEFb36IS8HVUVFoMg0=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.15 h1:moLQUoVq91LiqT1nbvzDukyqAlCv89ZmwaHw/ZFlFZg=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.15/go.mod h1:ZH34PJUc8ApjBIfgQCFvkWcUDBtl/WTD+uiYHjd8igA=
+github.com/aws/aws-sdk-go-v2 v1.30.3 h1:jUeBtG0Ih+ZIFH0F4UkmL9w3cSpaMv9tYYDbzILP8dY=
+github.com/aws/aws-sdk-go-v2 v1.30.3/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc=
+github.com/aws/aws-sdk-go-v2/config v1.27.27 h1:HdqgGt1OAP0HkEDDShEl0oSYa9ZZBSOmKpdpsDMdO90=
+github.com/aws/aws-sdk-go-v2/config v1.27.27/go.mod h1:MVYamCg76dFNINkZFu4n4RjDixhVr51HLj4ErWzrVwg=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.27 h1:2raNba6gr2IfA0eqqiP2XiQ0UVOpGPgDSi0I9iAP+UI=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.27/go.mod h1:gniiwbGahQByxan6YjQUMcW4Aov6bLC3m+evgcoN4r4=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 h1:KreluoV8FZDEtI6Co2xuNk/UqI9iwMrOx/87PBNIKqw=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11/go.mod h1:SeSUYBLsMYFoRvHE0Tjvn7kbxaUhl75CJi1sbfhMxkU=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 h1:SoNJ4RlFEQEbtDcCEt+QG56MY4fm4W8rYirAmq+/DdU=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15/go.mod h1:U9ke74k1n2bf+RIgoX1SXFed1HLs51OgUSs+Ph0KJP8=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 h1:C6WHdGnTDIYETAm5iErQUiVNsclNx9qbJVPIt03B6bI=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15/go.mod h1:ZQLZqhcu+JhSrA9/NXRm8SkDvsycE+JkV3WGY41e+IM=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3/go.mod h1:GlAeCkHwugxdHaueRr4nhPuY+WW+gR8UjlcqzPr1SPI=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 h1:HGErhhrxZlQ044RiM+WdoZxp0p+EGM62y3L6pwA4olE=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17/go.mod h1:RkZEx4l0EHYDJpWppMJ3nD9wZJAa8/0lq9aVC+r2UII=
 github.com/aws/aws-sdk-go-v2/service/route53 v1.42.3 h1:MmLCRqP4U4Cw9gJ4bNrCG0mWqEtBlmAVleyelcHARMU=
 github.com/aws/aws-sdk-go-v2/service/route53 v1.42.3/go.mod h1:AMPjK2YnRh0YgOID3PqhJA1BRNfXDfGOnSsKHtAe8yA=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.79.2 h1:tWUG+4wZqdMl/znThEk9tcCy8tTMxq8dW0JTgamohrY=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.79.2/go.mod h1:U5SNqwhXB3Xe6F47kXvWihPl/ilGaEDe8HD/50Z9wxc=
-github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 h1:1Gw+9ajCV1jogloEv1RRnvfRFia2cL6c9cuKV2Ps+G8=
-github.com/aws/aws-sdk-go-v2/service/sso v1.25.3/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 h1:hXmVKytPfTy5axZ+fYbR5d0cFmC3JvwLm5kM83luako=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs=
-github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 h1:1XuUZ8mYJw9B6lzAkXhqHlJd/XvaX32evhproijJEZY=
-github.com/aws/aws-sdk-go-v2/service/sts v1.33.19/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4=
-github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ=
-github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
+github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 h1:BXx0ZIxvrJdSgSvKTZ+yRBeSqqgPM89VPlulEcl37tM=
+github.com/aws/aws-sdk-go-v2/service/sso v1.22.4/go.mod h1:ooyCOXjvJEsUw7x+ZDHeISPMhtwI3ZCB7ggFMcFfWLU=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 h1:yiwVzJW2ZxZTurVbYWA7QOrAaCYQR72t0wrSBfoesUE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4/go.mod h1:0oxfLkpz3rQ/CHlx5hB7H69YUpFiI1tql6Q6Ne+1bCw=
+github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 h1:ZsDKRLXGWHk8WdtyYMoGNO7bTudrvuKpDKgMVRlepGE=
+github.com/aws/aws-sdk-go-v2/service/sts v1.30.3/go.mod h1:zwySh8fpFyXp9yOr/KVzxOl8SRqgf/IDw5aUt9UKFcQ=
+github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE=
+github.com/aws/smithy-go v1.20.3/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=

management/client/grpc.go

@@ -128,7 +128,13 @@ func (c *GrpcClient) Sync(ctx context.Context, sysInfo *system.Info, msgHandler
 			return err
 		}
 
-		return c.handleStream(ctx, *serverPubKey, sysInfo, msgHandler)
+		streamErr := c.handleStream(ctx, *serverPubKey, sysInfo, msgHandler)
+		if c.conn.GetState() != connectivity.Shutdown {
+			if err := c.conn.Close(); err != nil {
+				log.Warnf("failed closing connection to Management service: %s", err)
+			}
+		}
+		return streamErr
 	}
 
 	err := backoff.Retry(operation, defaultBackoff(ctx))

management/client/rest/accounts.go

@@ -20,9 +20,7 @@ func (a *AccountsAPI) List(ctx context.Context) ([]api.Account, error) {
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.Account](resp)
 	return ret, err
 }
@@ -38,9 +36,7 @@ func (a *AccountsAPI) Update(ctx context.Context, accountID string, request api.
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.Account](resp)
 	return &ret, err
 }
@@ -52,9 +48,7 @@ func (a *AccountsAPI) Delete(ctx context.Context, accountID string) error {
 	if err != nil {
 		return err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 
 	return nil
 }

management/client/rest/dns.go

@@ -20,9 +20,7 @@ func (a *DNSAPI) ListNameserverGroups(ctx context.Context) ([]api.NameserverGrou
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.NameserverGroup](resp)
 	return ret, err
 }
@@ -34,9 +32,7 @@ func (a *DNSAPI) GetNameserverGroup(ctx context.Context, nameserverGroupID strin
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.NameserverGroup](resp)
 	return &ret, err
 }
@@ -52,9 +48,7 @@ func (a *DNSAPI) CreateNameserverGroup(ctx context.Context, request api.PostApiD
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.NameserverGroup](resp)
 	return &ret, err
 }
@@ -70,9 +64,7 @@ func (a *DNSAPI) UpdateNameserverGroup(ctx context.Context, nameserverGroupID st
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.NameserverGroup](resp)
 	return &ret, err
 }
@@ -84,9 +76,7 @@ func (a *DNSAPI) DeleteNameserverGroup(ctx context.Context, nameserverGroupID st
 	if err != nil {
 		return err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 
 	return nil
 }
@@ -98,9 +88,7 @@ func (a *DNSAPI) GetSettings(ctx context.Context) (*api.DNSSettings, error) {
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.DNSSettings](resp)
 	return &ret, err
 }
@@ -116,9 +104,7 @@ func (a *DNSAPI) UpdateSettings(ctx context.Context, request api.PutApiDnsSettin
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.DNSSettings](resp)
 	return &ret, err
 }

management/client/rest/events.go

@@ -18,9 +18,7 @@ func (a *EventsAPI) List(ctx context.Context) ([]api.Event, error) {
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.Event](resp)
 	return ret, err
 }

management/client/rest/geo.go

@@ -18,9 +18,7 @@ func (a *GeoLocationAPI) ListCountries(ctx context.Context) ([]api.Country, erro
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.Country](resp)
 	return ret, err
 }
@@ -32,9 +30,7 @@ func (a *GeoLocationAPI) ListCountryCities(ctx context.Context, countryCode stri
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.City](resp)
 	return ret, err
 }

management/client/rest/groups.go

@@ -20,9 +20,7 @@ func (a *GroupsAPI) List(ctx context.Context) ([]api.Group, error) {
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.Group](resp)
 	return ret, err
 }
@@ -34,9 +32,7 @@ func (a *GroupsAPI) Get(ctx context.Context, groupID string) (*api.Group, error)
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.Group](resp)
 	return &ret, err
 }
@@ -52,9 +48,7 @@ func (a *GroupsAPI) Create(ctx context.Context, request api.PostApiGroupsJSONReq
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.Group](resp)
 	return &ret, err
 }
@@ -70,9 +64,7 @@ func (a *GroupsAPI) Update(ctx context.Context, groupID string, request api.PutA
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.Group](resp)
 	return &ret, err
 }
@@ -84,9 +76,7 @@ func (a *GroupsAPI) Delete(ctx context.Context, groupID string) error {
 	if err != nil {
 		return err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 
 	return nil
 }

management/client/rest/networks.go

@@ -20,9 +20,7 @@ func (a *NetworksAPI) List(ctx context.Context) ([]api.Network, error) {
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.Network](resp)
 	return ret, err
 }
@@ -34,9 +32,7 @@ func (a *NetworksAPI) Get(ctx context.Context, networkID string) (*api.Network,
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.Network](resp)
 	return &ret, err
 }
@@ -52,9 +48,7 @@ func (a *NetworksAPI) Create(ctx context.Context, request api.PostApiNetworksJSO
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.Network](resp)
 	return &ret, err
 }
@@ -70,9 +64,7 @@ func (a *NetworksAPI) Update(ctx context.Context, networkID string, request api.
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.Network](resp)
 	return &ret, err
 }
@@ -84,9 +76,7 @@ func (a *NetworksAPI) Delete(ctx context.Context, networkID string) error {
 	if err != nil {
 		return err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 
 	return nil
 }
@@ -112,9 +102,7 @@ func (a *NetworkResourcesAPI) List(ctx context.Context) ([]api.NetworkResource,
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.NetworkResource](resp)
 	return ret, err
 }
@@ -126,9 +114,7 @@ func (a *NetworkResourcesAPI) Get(ctx context.Context, networkResourceID string)
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.NetworkResource](resp)
 	return &ret, err
 }
@@ -144,9 +130,7 @@ func (a *NetworkResourcesAPI) Create(ctx context.Context, request api.PostApiNet
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.NetworkResource](resp)
 	return &ret, err
 }
@@ -162,9 +146,7 @@ func (a *NetworkResourcesAPI) Update(ctx context.Context, networkResourceID stri
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.NetworkResource](resp)
 	return &ret, err
 }
@@ -176,9 +158,7 @@ func (a *NetworkResourcesAPI) Delete(ctx context.Context, networkResourceID stri
 	if err != nil {
 		return err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 
 	return nil
 }
@@ -204,9 +184,7 @@ func (a *NetworkRoutersAPI) List(ctx context.Context) ([]api.NetworkRouter, erro
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.NetworkRouter](resp)
 	return ret, err
 }
@@ -218,9 +196,7 @@ func (a *NetworkRoutersAPI) Get(ctx context.Context, networkRouterID string) (*a
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.NetworkRouter](resp)
 	return &ret, err
 }
@@ -236,9 +212,7 @@ func (a *NetworkRoutersAPI) Create(ctx context.Context, request api.PostApiNetwo
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.NetworkRouter](resp)
 	return &ret, err
 }
@@ -254,9 +228,7 @@ func (a *NetworkRoutersAPI) Update(ctx context.Context, networkRouterID string,
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.NetworkRouter](resp)
 	return &ret, err
 }
@@ -268,9 +240,7 @@ func (a *NetworkRoutersAPI) Delete(ctx context.Context, networkRouterID string)
 	if err != nil {
 		return err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 
 	return nil
 }

management/client/rest/peers.go

@@ -20,9 +20,7 @@ func (a *PeersAPI) List(ctx context.Context) ([]api.Peer, error) {
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.Peer](resp)
 	return ret, err
 }
@@ -34,9 +32,7 @@ func (a *PeersAPI) Get(ctx context.Context, peerID string) (*api.Peer, error) {
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.Peer](resp)
 	return &ret, err
 }
@@ -52,9 +48,7 @@ func (a *PeersAPI) Update(ctx context.Context, peerID string, request api.PutApi
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.Peer](resp)
 	return &ret, err
 }
@@ -66,9 +60,7 @@ func (a *PeersAPI) Delete(ctx context.Context, peerID string) error {
 	if err != nil {
 		return err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 
 	return nil
 }
@@ -80,9 +72,7 @@ func (a *PeersAPI) ListAccessiblePeers(ctx context.Context, peerID string) ([]ap
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.Peer](resp)
 	return ret, err
 }

management/client/rest/policies.go

@@ -20,9 +20,7 @@ func (a *PoliciesAPI) List(ctx context.Context) ([]api.Policy, error) {
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.Policy](resp)
 	return ret, err
 }
@@ -34,9 +32,7 @@ func (a *PoliciesAPI) Get(ctx context.Context, policyID string) (*api.Policy, er
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.Policy](resp)
 	return &ret, err
 }
@@ -52,9 +48,7 @@ func (a *PoliciesAPI) Create(ctx context.Context, request api.PostApiPoliciesJSO
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.Policy](resp)
 	return &ret, err
 }
@@ -70,9 +64,7 @@ func (a *PoliciesAPI) Update(ctx context.Context, policyID string, request api.P
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.Policy](resp)
 	return &ret, err
 }
@@ -84,9 +76,7 @@ func (a *PoliciesAPI) Delete(ctx context.Context, policyID string) error {
 	if err != nil {
 		return err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 
 	return nil
 }

management/client/rest/posturechecks.go

@@ -20,9 +20,7 @@ func (a *PostureChecksAPI) List(ctx context.Context) ([]api.PostureCheck, error)
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.PostureCheck](resp)
 	return ret, err
 }
@@ -34,9 +32,7 @@ func (a *PostureChecksAPI) Get(ctx context.Context, postureCheckID string) (*api
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.PostureCheck](resp)
 	return &ret, err
 }
@@ -52,9 +48,7 @@ func (a *PostureChecksAPI) Create(ctx context.Context, request api.PostApiPostur
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.PostureCheck](resp)
 	return &ret, err
 }
@@ -70,9 +64,7 @@ func (a *PostureChecksAPI) Update(ctx context.Context, postureCheckID string, re
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.PostureCheck](resp)
 	return &ret, err
 }
@@ -84,9 +76,7 @@ func (a *PostureChecksAPI) Delete(ctx context.Context, postureCheckID string) er
 	if err != nil {
 		return err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 
 	return nil
 }

management/client/rest/routes.go

@@ -20,9 +20,7 @@ func (a *RoutesAPI) List(ctx context.Context) ([]api.Route, error) {
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.Route](resp)
 	return ret, err
 }
@@ -34,9 +32,7 @@ func (a *RoutesAPI) Get(ctx context.Context, routeID string) (*api.Route, error)
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.Route](resp)
 	return &ret, err
 }
@@ -52,9 +48,7 @@ func (a *RoutesAPI) Create(ctx context.Context, request api.PostApiRoutesJSONReq
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.Route](resp)
 	return &ret, err
 }
@@ -70,9 +64,7 @@ func (a *RoutesAPI) Update(ctx context.Context, routeID string, request api.PutA
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.Route](resp)
 	return &ret, err
 }
@@ -84,9 +76,7 @@ func (a *RoutesAPI) Delete(ctx context.Context, routeID string) error {
 	if err != nil {
 		return err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 
 	return nil
 }

management/client/rest/setupkeys.go

@@ -20,9 +20,7 @@ func (a *SetupKeysAPI) List(ctx context.Context) ([]api.SetupKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.SetupKey](resp)
 	return ret, err
 }
@@ -34,9 +32,7 @@ func (a *SetupKeysAPI) Get(ctx context.Context, setupKeyID string) (*api.SetupKe
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.SetupKey](resp)
 	return &ret, err
 }
@@ -52,9 +48,7 @@ func (a *SetupKeysAPI) Create(ctx context.Context, request api.PostApiSetupKeysJ
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.SetupKeyClear](resp)
 	return &ret, err
 }
@@ -70,9 +64,7 @@ func (a *SetupKeysAPI) Update(ctx context.Context, setupKeyID string, request ap
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.SetupKey](resp)
 	return &ret, err
 }
@@ -84,9 +76,7 @@ func (a *SetupKeysAPI) Delete(ctx context.Context, setupKeyID string) error {
 	if err != nil {
 		return err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 
 	return nil
 }

management/client/rest/tokens.go

@@ -20,9 +20,7 @@ func (a *TokensAPI) List(ctx context.Context, userID string) ([]api.PersonalAcce
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.PersonalAccessToken](resp)
 	return ret, err
 }
@@ -34,9 +32,7 @@ func (a *TokensAPI) Get(ctx context.Context, userID, tokenID string) (*api.Perso
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.PersonalAccessToken](resp)
 	return &ret, err
 }
@@ -52,9 +48,7 @@ func (a *TokensAPI) Create(ctx context.Context, userID string, request api.PostA
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.PersonalAccessTokenGenerated](resp)
 	return &ret, err
 }
@@ -66,9 +60,7 @@ func (a *TokensAPI) Delete(ctx context.Context, userID, tokenID string) error {
 	if err != nil {
 		return err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 
 	return nil
 }

management/client/rest/users.go

@@ -20,9 +20,7 @@ func (a *UsersAPI) List(ctx context.Context) ([]api.User, error) {
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[[]api.User](resp)
 	return ret, err
 }
@@ -38,9 +36,7 @@ func (a *UsersAPI) Create(ctx context.Context, request api.PostApiUsersJSONReque
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.User](resp)
 	return &ret, err
 }
@@ -56,9 +52,7 @@ func (a *UsersAPI) Update(ctx context.Context, userID string, request api.PutApi
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 	ret, err := parseResponse[api.User](resp)
 	return &ret, err
 }
@@ -70,9 +64,7 @@ func (a *UsersAPI) Delete(ctx context.Context, userID string) error {
 	if err != nil {
 		return err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 
 	return nil
 }
@@ -84,9 +76,7 @@ func (a *UsersAPI) ResendInvitation(ctx context.Context, userID string) error {
 	if err != nil {
 		return err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 
 	return nil
 }
@@ -98,9 +88,7 @@ func (a *UsersAPI) Current(ctx context.Context) (*api.User, error) {
 	if err != nil {
 		return nil, err
 	}
-	if resp.Body != nil {
-		defer resp.Body.Close()
-	}
+	defer resp.Body.Close()
 
 	ret, err := parseResponse[api.User](resp)
 	return &ret, err

management/client/rest/users_test.go

@@ -30,8 +30,11 @@ var (
 		Issued:        ptr("api"),
 		LastLogin:     &time.Time{},
 		Name:          "M. Essam",
-		Role:          "user",
-		Status:        api.UserStatusActive,
+		Permissions: &api.UserPermissions{
+			DashboardView: ptr(api.UserPermissionsDashboardViewFull),
+		},
+		Role:   "user",
+		Status: api.UserStatusActive,
 	}
 )
 

management/cmd/management.go

@@ -176,7 +176,7 @@ var (
 			if disableSingleAccMode {
 				mgmtSingleAccModeDomain = ""
 			}
-			eventStore, key, err := integrations.InitEventStore(ctx, config.Datadir, config.DataStoreEncryptionKey, appMetrics)
+			eventStore, key, err := integrations.InitEventStore(ctx, config.Datadir, config.DataStoreEncryptionKey)
 			if err != nil {
 				return fmt.Errorf("failed to initialize database: %s", err)
 			}

management/server/account.go

@@ -603,15 +603,11 @@ func (am *DefaultAccountManager) DeleteAccount(ctx context.Context, accountID, u
 	}
 
 	for _, otherUser := range account.Users {
-		if otherUser.Id == userID {
+		if otherUser.IsServiceUser {
 			continue
 		}
 
-		if otherUser.IsServiceUser {
-			err = am.deleteServiceUser(ctx, accountID, userID, otherUser)
-			if err != nil {
-				return err
-			}
+		if otherUser.Id == userID {
 			continue
 		}
 
@@ -716,7 +712,7 @@ func (am *DefaultAccountManager) loadAccount(ctx context.Context, accountID any)
 	log.WithContext(ctx).Debugf("account %s not found in cache, reloading", accountID)
 	accountIDString := fmt.Sprintf("%v", accountID)
 
-	accountUsers, err := am.Store.GetAccountUsers(ctx, store.LockingStrengthShare, accountIDString)
+	account, err := am.Store.GetAccount(ctx, accountIDString)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -725,7 +721,7 @@ func (am *DefaultAccountManager) loadAccount(ctx context.Context, accountID any)
 	if err != nil {
 		return nil, nil, err
 	}
-	log.WithContext(ctx).Debugf("%d entries received from IdP management for account %s", len(userData), accountIDString)
+	log.WithContext(ctx).Debugf("%d entries received from IdP management", len(userData))
 
 	dataMap := make(map[string]*idp.UserData, len(userData))
 	for _, datum := range userData {
@@ -733,7 +729,7 @@ func (am *DefaultAccountManager) loadAccount(ctx context.Context, accountID any)
 	}
 
 	matchedUserData := make([]*idp.UserData, 0)
-	for _, user := range accountUsers {
+	for _, user := range account.Users {
 		if user.IsServiceUser {
 			continue
 		}
@@ -1599,7 +1595,7 @@ func (am *DefaultAccountManager) handleUserPeer(ctx context.Context, transaction
 }
 
 func (am *DefaultAccountManager) getFreeDNSLabel(ctx context.Context, s store.Store, accountID string, peerHostName string) (string, error) {
-	existingLabels, err := s.GetPeerLabelsInAccount(ctx, store.LockingStrengthShare, accountID)
+	existingLabels, err := s.GetPeerLabelsInAccountForName(ctx, store.LockingStrengthShare, accountID, peerHostName)
 	if err != nil {
 		return "", fmt.Errorf("failed to get peer dns labels: %w", err)
 	}

management/server/account/manager.go

@@ -16,7 +16,6 @@ import (
 	"github.com/netbirdio/netbird/management/server/posture"
 	"github.com/netbirdio/netbird/management/server/store"
 	"github.com/netbirdio/netbird/management/server/types"
-	"github.com/netbirdio/netbird/management/server/users"
 	"github.com/netbirdio/netbird/route"
 )
 
@@ -116,5 +115,5 @@ type Manager interface {
 	CreateAccountByPrivateDomain(ctx context.Context, initiatorId, domain string) (*types.Account, error)
 	UpdateToPrimaryAccount(ctx context.Context, accountId string) (*types.Account, error)
 	GetOwnerInfo(ctx context.Context, accountId string) (*types.UserInfo, error)
-	GetCurrentUserInfo(ctx context.Context, userAuth nbcontext.UserAuth) (*users.UserInfoWithPermissions, error)
+	GetCurrentUserInfo(ctx context.Context, accountID, userID string) (*types.UserInfo, error)
 }

management/server/account_test.go

@@ -853,42 +853,6 @@ func TestAccountManager_DeleteAccount(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	account.Users["service-user-1"] = &types.User{
-		Id:            "service-user-1",
-		Role:          types.UserRoleAdmin,
-		IsServiceUser: true,
-		Issued:        types.UserIssuedAPI,
-		PATs: map[string]*types.PersonalAccessToken{
-			"pat-1": {
-				ID:          "pat-1",
-				UserID:      "service-user-1",
-				Name:        "service-user-1",
-				HashedToken: "hashedToken",
-				CreatedAt:   time.Now(),
-			},
-		},
-	}
-	account.Users[userId] = &types.User{
-		Id:            "service-user-2",
-		Role:          types.UserRoleUser,
-		IsServiceUser: true,
-		Issued:        types.UserIssuedAPI,
-		PATs: map[string]*types.PersonalAccessToken{
-			"pat-2": {
-				ID:          "pat-2",
-				UserID:      userId,
-				Name:        userId,
-				HashedToken: "hashedToken",
-				CreatedAt:   time.Now(),
-			},
-		},
-	}
-
-	err = manager.Store.SaveAccount(context.Background(), account)
-	if err != nil {
-		t.Fatal(err)
-	}
-
 	err = manager.DeleteAccount(context.Background(), account.Id, userId)
 	if err != nil {
 		t.Fatal(err)
@@ -898,14 +862,6 @@ func TestAccountManager_DeleteAccount(t *testing.T) {
 	if err == nil {
 		t.Fatal(fmt.Errorf("expected to get an error when trying to get deleted account, got %v", getAccount))
 	}
-
-	pats, err := manager.Store.GetUserPATs(context.Background(), store.LockingStrengthShare, "service-user-1")
-	require.NoError(t, err)
-	assert.Len(t, pats, 0)
-
-	pats, err = manager.Store.GetUserPATs(context.Background(), store.LockingStrengthShare, userId)
-	require.NoError(t, err)
-	assert.Len(t, pats, 0)
 }
 
 func BenchmarkTest_GetAccountWithclaims(b *testing.B) {

management/server/http/api/openapi.yml

@@ -216,25 +216,11 @@ components:
     UserPermissions:
       type: object
       properties:
-        is_restricted:
-          type: boolean
-          description: Indicates whether this User's Peers view is restricted
-        modules:
-          type: object
-          additionalProperties:
-            type: object
-            additionalProperties:
-              type: boolean
-            propertyNames:
-              type: string
-              description: The operation type
-          propertyNames:
-            type: string
-            description: The module name
-          example: {"networks": { "read": true, "create": false, "update": false, "delete": false}, "peers": { "read": false, "create": false, "update": false, "delete": false} }
-      required:
-        - modules
-        - is_restricted
+        dashboard_view:
+          description: User's permission to view the dashboard
+          type: string
+          enum: [ "limited", "blocked", "full" ]
+          example: limited
     UserRequest:
       type: object
       properties:
@@ -2029,32 +2015,6 @@ components:
         - policy_name
         - icmp_type
         - icmp_code
-    NetworkTrafficEventsResponse:
-      type: object
-      properties:
-        data:
-          type: array
-          description: List of network traffic events
-          items:
-            $ref: "#/components/schemas/NetworkTrafficEvent"
-        page:
-          type: integer
-          description: Current page number
-        page_size:
-          type: integer
-          description: Number of items per page
-        total_records:
-          type: integer
-          description: Total number of event records available
-        total_pages:
-          type: integer
-          description: Total number of pages available
-      required:
-        - data
-        - page
-        - page_size
-        - total_records
-        - total_pages
   responses:
     not_found:
       description: Resource not found
@@ -4271,77 +4231,15 @@ paths:
       tags: [ Events ]
       x-cloud-only: true
       x-experimental: true
-      parameters:
-        - name: page
-          in: query
-          description: Page number
-          required: false
-          schema:
-            type: integer
-            minimum: 1
-            default: 1
-        - name: page_size
-          in: query
-          description: Number of items per page
-          required: false
-          schema:
-            type: integer
-            minimum: 1
-            maximum: 50000
-            default: 1000
-        - name: user_id
-          in: query
-          description: Filter by user ID
-          required: false
-          schema:
-            type: string
-        - name: protocol
-          in: query
-          description: Filter by protocol
-          required: false
-          schema:
-            type: integer
-        - name: type
-          in: query
-          description: Filter by event type
-          required: false
-          schema:
-            type: string
-            enum: [TYPE_UNKNOWN, TYPE_START, TYPE_END, TYPE_DROP]
-        - name: direction
-          in: query
-          description: Filter by direction
-          required: false
-          schema:
-            type: string
-            enum: [INGRESS, EGRESS, DIRECTION_UNKNOWN]
-        - name: search
-          in: query
-          description: Filters events with a partial match on user email, source and destination names and source and destination addresses
-          required: false
-          schema:
-            type: string
-        - name: start_date
-          in: query
-          description: Start date for filtering events (ISO 8601 format, e.g., 2024-01-01T00:00:00Z).
-          required: false
-          schema:
-            type: string
-            format: date-time
-        - name: end_date
-          in: query
-          description: End date for filtering events (ISO 8601 format, e.g., 2024-01-31T23:59:59Z).
-          required: false
-          schema:
-            type: string
-            format: date-time
       responses:
         "200":
           description: List of network traffic events
           content:
             application/json:
               schema:
-                $ref: "#/components/schemas/NetworkTrafficEventsResponse"
+                type: array
+                items:
+                  $ref: "#/components/schemas/NetworkTrafficEvent"
         '400':
           "$ref": "#/components/responses/bad_request"
         '401':

management/server/http/api/types.gen.go

@@ -178,19 +178,11 @@ const (
 	UserStatusInvited UserStatus = "invited"
 )
 
-// Defines values for GetApiEventsNetworkTrafficParamsType.
+// Defines values for UserPermissionsDashboardView.
 const (
-	GetApiEventsNetworkTrafficParamsTypeTYPEDROP    GetApiEventsNetworkTrafficParamsType = "TYPE_DROP"
-	GetApiEventsNetworkTrafficParamsTypeTYPEEND     GetApiEventsNetworkTrafficParamsType = "TYPE_END"
-	GetApiEventsNetworkTrafficParamsTypeTYPESTART   GetApiEventsNetworkTrafficParamsType = "TYPE_START"
-	GetApiEventsNetworkTrafficParamsTypeTYPEUNKNOWN GetApiEventsNetworkTrafficParamsType = "TYPE_UNKNOWN"
-)
-
-// Defines values for GetApiEventsNetworkTrafficParamsDirection.
-const (
-	GetApiEventsNetworkTrafficParamsDirectionDIRECTIONUNKNOWN GetApiEventsNetworkTrafficParamsDirection = "DIRECTION_UNKNOWN"
-	GetApiEventsNetworkTrafficParamsDirectionEGRESS           GetApiEventsNetworkTrafficParamsDirection = "EGRESS"
-	GetApiEventsNetworkTrafficParamsDirectionINGRESS          GetApiEventsNetworkTrafficParamsDirection = "INGRESS"
+	UserPermissionsDashboardViewBlocked UserPermissionsDashboardView = "blocked"
+	UserPermissionsDashboardViewFull    UserPermissionsDashboardView = "full"
+	UserPermissionsDashboardViewLimited UserPermissionsDashboardView = "limited"
 )
 
 // AccessiblePeer defines model for AccessiblePeer.
@@ -930,24 +922,6 @@ type NetworkTrafficEvent struct {
 	UserName *string `json:"user_name"`
 }
 
-// NetworkTrafficEventsResponse defines model for NetworkTrafficEventsResponse.
-type NetworkTrafficEventsResponse struct {
-	// Data List of network traffic events
-	Data []NetworkTrafficEvent `json:"data"`
-
-	// Page Current page number
-	Page int `json:"page"`
-
-	// PageSize Number of items per page
-	PageSize int `json:"page_size"`
-
-	// TotalPages Total number of pages available
-	TotalPages int `json:"total_pages"`
-
-	// TotalRecords Total number of event records available
-	TotalRecords int `json:"total_records"`
-}
-
 // NetworkTrafficLocation defines model for NetworkTrafficLocation.
 type NetworkTrafficLocation struct {
 	// CityName Name of the city (if known).
@@ -1750,11 +1724,13 @@ type UserCreateRequest struct {
 
 // UserPermissions defines model for UserPermissions.
 type UserPermissions struct {
-	// IsRestricted Indicates whether this User's Peers view is restricted
-	IsRestricted bool                       `json:"is_restricted"`
-	Modules      map[string]map[string]bool `json:"modules"`
+	// DashboardView User's permission to view the dashboard
+	DashboardView *UserPermissionsDashboardView `json:"dashboard_view,omitempty"`
 }
 
+// UserPermissionsDashboardView User's permission to view the dashboard
+type UserPermissionsDashboardView string
+
 // UserRequest defines model for UserRequest.
 type UserRequest struct {
 	// AutoGroups Group IDs to auto-assign to peers registered by this user
@@ -1767,42 +1743,6 @@ type UserRequest struct {
 	Role string `json:"role"`
 }
 
-// GetApiEventsNetworkTrafficParams defines parameters for GetApiEventsNetworkTraffic.
-type GetApiEventsNetworkTrafficParams struct {
-	// Page Page number
-	Page *int `form:"page,omitempty" json:"page,omitempty"`
-
-	// PageSize Number of items per page
-	PageSize *int `form:"page_size,omitempty" json:"page_size,omitempty"`
-
-	// UserId Filter by user ID
-	UserId *string `form:"user_id,omitempty" json:"user_id,omitempty"`
-
-	// Protocol Filter by protocol
-	Protocol *int `form:"protocol,omitempty" json:"protocol,omitempty"`
-
-	// Type Filter by event type
-	Type *GetApiEventsNetworkTrafficParamsType `form:"type,omitempty" json:"type,omitempty"`
-
-	// Direction Filter by direction
-	Direction *GetApiEventsNetworkTrafficParamsDirection `form:"direction,omitempty" json:"direction,omitempty"`
-
-	// Search Filters events with a partial match on user email, source and destination names and source and destination addresses
-	Search *string `form:"search,omitempty" json:"search,omitempty"`
-
-	// StartDate Start date for filtering events (ISO 8601 format, e.g., 2024-01-01T00:00:00Z).
-	StartDate *time.Time `form:"start_date,omitempty" json:"start_date,omitempty"`
-
-	// EndDate End date for filtering events (ISO 8601 format, e.g., 2024-01-31T23:59:59Z).
-	EndDate *time.Time `form:"end_date,omitempty" json:"end_date,omitempty"`
-}
-
-// GetApiEventsNetworkTrafficParamsType defines parameters for GetApiEventsNetworkTraffic.
-type GetApiEventsNetworkTrafficParamsType string
-
-// GetApiEventsNetworkTrafficParamsDirection defines parameters for GetApiEventsNetworkTraffic.
-type GetApiEventsNetworkTrafficParamsDirection string
-
 // GetApiPeersParams defines parameters for GetApiPeers.
 type GetApiPeersParams struct {
 	// Name Filter peers by name

management/server/http/handlers/users/users_handler.go

@@ -13,7 +13,6 @@ import (
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/status"
 	"github.com/netbirdio/netbird/management/server/types"
-	"github.com/netbirdio/netbird/management/server/users"
 
 	nbcontext "github.com/netbirdio/netbird/management/server/context"
 )
@@ -273,33 +272,15 @@ func (h *handler) getCurrentUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	user, err := h.accountManager.GetCurrentUserInfo(ctx, userAuth)
+	accountID, userID := userAuth.AccountId, userAuth.UserId
+
+	user, err := h.accountManager.GetCurrentUserInfo(ctx, accountID, userID)
 	if err != nil {
 		util.WriteError(r.Context(), err, w)
 		return
 	}
 
-	util.WriteJSONObject(r.Context(), w, toUserWithPermissionsResponse(user, userAuth.UserId))
-}
-
-func toUserWithPermissionsResponse(user *users.UserInfoWithPermissions, userID string) *api.User {
-	response := toUserResponse(user.UserInfo, userID)
-
-	// stringify modules and operations keys
-	modules := make(map[string]map[string]bool)
-	for module, operations := range user.Permissions {
-		modules[string(module)] = make(map[string]bool)
-		for op, val := range operations {
-			modules[string(module)][string(op)] = val
-		}
-	}
-
-	response.Permissions = &api.UserPermissions{
-		IsRestricted: user.Restricted,
-		Modules:      modules,
-	}
-
-	return response
+	util.WriteJSONObject(r.Context(), w, toUserResponse(user, userID))
 }
 
 func toUserResponse(user *types.UserInfo, currenUserID string) *api.User {
@@ -335,5 +316,8 @@ func toUserResponse(user *types.UserInfo, currenUserID string) *api.User {
 		IsBlocked:     user.IsBlocked,
 		LastLogin:     &user.LastLogin,
 		Issued:        &user.Issued,
+		Permissions: &api.UserPermissions{
+			DashboardView: (*api.UserPermissionsDashboardView)(&user.Permissions.DashboardView),
+		},
 	}
 }

management/server/http/handlers/users/users_handler_test.go

@@ -13,16 +13,12 @@ import (
 
 	"github.com/gorilla/mux"
 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 
 	nbcontext "github.com/netbirdio/netbird/management/server/context"
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/mock_server"
-	"github.com/netbirdio/netbird/management/server/permissions/modules"
-	"github.com/netbirdio/netbird/management/server/permissions/roles"
 	"github.com/netbirdio/netbird/management/server/status"
 	"github.com/netbirdio/netbird/management/server/types"
-	"github.com/netbirdio/netbird/management/server/users"
 )
 
 const (
@@ -111,7 +107,7 @@ func initUsersTestData() *handler {
 					return nil, status.Errorf(status.NotFound, "user with ID %s does not exists", userID)
 				}
 
-				info, err := update.Copy().ToUserInfo(nil)
+				info, err := update.Copy().ToUserInfo(nil, &types.Settings{RegularUsersViewBlocked: false})
 				if err != nil {
 					return nil, err
 				}
@@ -128,8 +124,8 @@ func initUsersTestData() *handler {
 
 				return nil
 			},
-			GetCurrentUserInfoFunc: func(ctx context.Context, userAuth nbcontext.UserAuth) (*users.UserInfoWithPermissions, error) {
-				switch userAuth.UserId {
+			GetCurrentUserInfoFunc: func(ctx context.Context, accountID, userID string) (*types.UserInfo, error) {
+				switch userID {
 				case "not-found":
 					return nil, status.NewUserNotFoundError("not-found")
 				case "not-of-account":
@@ -139,68 +135,52 @@ func initUsersTestData() *handler {
 				case "service-user":
 					return nil, status.NewPermissionDeniedError()
 				case "owner":
-					return &users.UserInfoWithPermissions{
-						UserInfo: &types.UserInfo{
-							ID:            "owner",
-							Name:          "",
-							Role:          "owner",
-							Status:        "active",
-							IsServiceUser: false,
-							IsBlocked:     false,
-							NonDeletable:  false,
-							Issued:        "api",
+					return &types.UserInfo{
+						ID:            "owner",
+						Name:          "",
+						Role:          "owner",
+						Status:        "active",
+						IsServiceUser: false,
+						IsBlocked:     false,
+						NonDeletable:  false,
+						Issued:        "api",
+						Permissions: types.UserPermissions{
+							DashboardView: "full",
 						},
-						Permissions: mergeRolePermissions(roles.Owner),
 					}, nil
 				case "regular-user":
-					return &users.UserInfoWithPermissions{
-						UserInfo: &types.UserInfo{
-							ID:            "regular-user",
-							Name:          "",
-							Role:          "user",
-							Status:        "active",
-							IsServiceUser: false,
-							IsBlocked:     false,
-							NonDeletable:  false,
-							Issued:        "api",
+					return &types.UserInfo{
+						ID:            "regular-user",
+						Name:          "",
+						Role:          "user",
+						Status:        "active",
+						IsServiceUser: false,
+						IsBlocked:     false,
+						NonDeletable:  false,
+						Issued:        "api",
+						Permissions: types.UserPermissions{
+							DashboardView: "limited",
 						},
-						Permissions: mergeRolePermissions(roles.User),
 					}, nil
 
 				case "admin-user":
-					return &users.UserInfoWithPermissions{
-						UserInfo: &types.UserInfo{
-							ID:            "admin-user",
-							Name:          "",
-							Role:          "admin",
-							Status:        "active",
-							IsServiceUser: false,
-							IsBlocked:     false,
-							NonDeletable:  false,
-							LastLogin:     time.Time{},
-							Issued:        "api",
+					return &types.UserInfo{
+						ID:            "admin-user",
+						Name:          "",
+						Role:          "admin",
+						Status:        "active",
+						IsServiceUser: false,
+						IsBlocked:     false,
+						NonDeletable:  false,
+						LastLogin:     time.Time{},
+						Issued:        "api",
+						Permissions: types.UserPermissions{
+							DashboardView: "full",
 						},
-						Permissions: mergeRolePermissions(roles.Admin),
-					}, nil
-				case "restricted-user":
-					return &users.UserInfoWithPermissions{
-						UserInfo: &types.UserInfo{
-							ID:            "restricted-user",
-							Name:          "",
-							Role:          "user",
-							Status:        "active",
-							IsServiceUser: false,
-							IsBlocked:     false,
-							NonDeletable:  false,
-							LastLogin:     time.Time{},
-							Issued:        "api",
-						},
-						Permissions: mergeRolePermissions(roles.User),
-						Restricted:  true,
 					}, nil
 				}
 
-				return nil, fmt.Errorf("user id %s not handled", userAuth.UserId)
+				return nil, fmt.Errorf("user id %s not handled", userID)
 			},
 		},
 	}
@@ -566,7 +546,6 @@ func TestCurrentUser(t *testing.T) {
 		name           string
 		expectedStatus int
 		requestAuth    nbcontext.UserAuth
-		expectedResult *api.User
 	}{
 		{
 			name:           "without auth",
@@ -596,78 +575,16 @@ func TestCurrentUser(t *testing.T) {
 			name:           "owner",
 			requestAuth:    nbcontext.UserAuth{UserId: "owner"},
 			expectedStatus: http.StatusOK,
-			expectedResult: &api.User{
-				Id:            "owner",
-				Role:          "owner",
-				Status:        "active",
-				IsBlocked:     false,
-				IsCurrent:     ptr(true),
-				IsServiceUser: ptr(false),
-				AutoGroups:    []string{},
-				Issued:        ptr("api"),
-				LastLogin:     ptr(time.Time{}),
-				Permissions: &api.UserPermissions{
-					Modules: stringifyPermissionsKeys(mergeRolePermissions(roles.Owner)),
-				},
-			},
 		},
 		{
 			name:           "regular user",
 			requestAuth:    nbcontext.UserAuth{UserId: "regular-user"},
 			expectedStatus: http.StatusOK,
-			expectedResult: &api.User{
-				Id:            "regular-user",
-				Role:          "user",
-				Status:        "active",
-				IsBlocked:     false,
-				IsCurrent:     ptr(true),
-				IsServiceUser: ptr(false),
-				AutoGroups:    []string{},
-				Issued:        ptr("api"),
-				LastLogin:     ptr(time.Time{}),
-				Permissions: &api.UserPermissions{
-					Modules: stringifyPermissionsKeys(mergeRolePermissions(roles.User)),
-				},
-			},
 		},
 		{
 			name:           "admin user",
 			requestAuth:    nbcontext.UserAuth{UserId: "admin-user"},
 			expectedStatus: http.StatusOK,
-			expectedResult: &api.User{
-				Id:            "admin-user",
-				Role:          "admin",
-				Status:        "active",
-				IsBlocked:     false,
-				IsCurrent:     ptr(true),
-				IsServiceUser: ptr(false),
-				AutoGroups:    []string{},
-				Issued:        ptr("api"),
-				LastLogin:     ptr(time.Time{}),
-				Permissions: &api.UserPermissions{
-					Modules: stringifyPermissionsKeys(mergeRolePermissions(roles.Admin)),
-				},
-			},
-		},
-		{
-			name:           "restricted user",
-			requestAuth:    nbcontext.UserAuth{UserId: "restricted-user"},
-			expectedStatus: http.StatusOK,
-			expectedResult: &api.User{
-				Id:            "restricted-user",
-				Role:          "user",
-				Status:        "active",
-				IsBlocked:     false,
-				IsCurrent:     ptr(true),
-				IsServiceUser: ptr(false),
-				AutoGroups:    []string{},
-				Issued:        ptr("api"),
-				LastLogin:     ptr(time.Time{}),
-				Permissions: &api.UserPermissions{
-					IsRestricted: true,
-					Modules:      stringifyPermissionsKeys(mergeRolePermissions(roles.User)),
-				},
-			},
 		},
 	}
 
@@ -686,42 +603,10 @@ func TestCurrentUser(t *testing.T) {
 			res := rr.Result()
 			defer res.Body.Close()
 
-			assert.Equal(t, tc.expectedStatus, rr.Code, "handler returned wrong status code")
-
-			if tc.expectedResult != nil {
-				var result api.User
-				require.NoError(t, json.NewDecoder(res.Body).Decode(&result))
-				assert.EqualValues(t, *tc.expectedResult, result)
+			if status := rr.Code; status != tc.expectedStatus {
+				t.Fatalf("handler returned wrong status code: got %v want %v",
+					status, tc.expectedStatus)
 			}
 		})
 	}
 }
-
-func ptr[T any, PT *T](x T) PT {
-	return &x
-}
-
-func mergeRolePermissions(role roles.RolePermissions) roles.Permissions {
-	permissions := roles.Permissions{}
-
-	for k := range modules.All {
-		if rolePermissions, ok := role.Permissions[k]; ok {
-			permissions[k] = rolePermissions
-			continue
-		}
-		permissions[k] = role.AutoAllowNew
-	}
-
-	return permissions
-}
-
-func stringifyPermissionsKeys(permissions roles.Permissions) map[string]map[string]bool {
-	modules := make(map[string]map[string]bool)
-	for module, operations := range permissions {
-		modules[string(module)] = make(map[string]bool)
-		for op, val := range operations {
-			modules[string(module)][string(op)] = val
-		}
-	}
-	return modules
-}

management/server/migration/migration.go

@@ -352,24 +352,3 @@ func MigrateNewField[T any](ctx context.Context, db *gorm.DB, columnName string,
 	log.WithContext(ctx).Infof("Migration of empty %s to default value in table %s completed", columnName, tableName)
 	return nil
 }
-
-func DropIndex[T any](ctx context.Context, db *gorm.DB, indexName string) error {
-	var model T
-
-	if !db.Migrator().HasTable(&model) {
-		log.WithContext(ctx).Debugf("table for %T does not exist, no migration needed", model)
-		return nil
-	}
-
-	if !db.Migrator().HasIndex(&model, indexName) {
-		log.WithContext(ctx).Debugf("index %s does not exist in table %T, no migration needed", indexName, model)
-		return nil
-	}
-
-	if err := db.Migrator().DropIndex(&model, indexName); err != nil {
-		return fmt.Errorf("failed to drop index %s: %w", indexName, err)
-	}
-
-	log.WithContext(ctx).Infof("dropped index %s from table %T", indexName, model)
-	return nil
-}

management/server/migration/migration_test.go

@@ -227,25 +227,3 @@ func TestMigrateSetupKeyToHashedSetupKey_ForAlreadyMigratedKey_Case2(t *testing.
 
 	assert.Equal(t, "9+FQcmNd2GCxIK+SvHmtp6PPGV4MKEicDS+xuSQmvlE=", key.Key, "Key should be hashed")
 }
-
-func TestDropIndex(t *testing.T) {
-	db := setupDatabase(t)
-
-	err := db.AutoMigrate(&types.SetupKey{})
-	require.NoError(t, err, "Failed to auto-migrate tables")
-
-	err = db.Save(&types.SetupKey{
-		Id:  "1",
-		Key: "9+FQcmNd2GCxIK+SvHmtp6PPGV4MKEicDS+xuSQmvlE=",
-	}).Error
-	require.NoError(t, err, "Failed to insert setup key")
-
-	exist := db.Migrator().HasIndex(&types.SetupKey{}, "idx_setup_keys_account_id")
-	assert.True(t, exist, "Should have the index")
-
-	err = migration.DropIndex[types.SetupKey](context.Background(), db, "idx_setup_keys_account_id")
-	require.NoError(t, err, "Migration should not fail to remove index")
-
-	exist = db.Migrator().HasIndex(&types.SetupKey{}, "idx_setup_keys_account_id")
-	assert.False(t, exist, "Should not have the index")
-}

management/server/mock_server/account_mock.go

@@ -19,7 +19,6 @@ import (
 	"github.com/netbirdio/netbird/management/server/posture"
 	"github.com/netbirdio/netbird/management/server/store"
 	"github.com/netbirdio/netbird/management/server/types"
-	"github.com/netbirdio/netbird/management/server/users"
 	"github.com/netbirdio/netbird/route"
 )
 
@@ -116,7 +115,7 @@ type MockAccountManager struct {
 	CreateAccountByPrivateDomainFunc    func(ctx context.Context, initiatorId, domain string) (*types.Account, error)
 	UpdateToPrimaryAccountFunc          func(ctx context.Context, accountId string) (*types.Account, error)
 	GetOwnerInfoFunc                    func(ctx context.Context, accountID string) (*types.UserInfo, error)
-	GetCurrentUserInfoFunc              func(ctx context.Context, userAuth nbcontext.UserAuth) (*users.UserInfoWithPermissions, error)
+	GetCurrentUserInfoFunc              func(ctx context.Context, accountID, userID string) (*types.UserInfo, error)
 	GetAccountMetaFunc                  func(ctx context.Context, accountID, userID string) (*types.AccountMeta, error)
 }
 
@@ -883,9 +882,9 @@ func (am *MockAccountManager) GetOwnerInfo(ctx context.Context, accountId string
 	return nil, status.Errorf(codes.Unimplemented, "method GetOwnerInfo is not implemented")
 }
 
-func (am *MockAccountManager) GetCurrentUserInfo(ctx context.Context, userAuth nbcontext.UserAuth) (*users.UserInfoWithPermissions, error) {
+func (am *MockAccountManager) GetCurrentUserInfo(ctx context.Context, accountID, userID string) (*types.UserInfo, error) {
 	if am.GetCurrentUserInfoFunc != nil {
-		return am.GetCurrentUserInfoFunc(ctx, userAuth)
+		return am.GetCurrentUserInfoFunc(ctx, accountID, userID)
 	}
 	return nil, status.Errorf(codes.Unimplemented, "method GetCurrentUserInfo is not implemented")
 }

management/server/peer.go

@@ -49,9 +49,20 @@ func (am *DefaultAccountManager) GetPeers(ctx context.Context, accountID, userID
 		return nil, err
 	}
 
-	// @note if the user has permission to read peers it shows all account peers
+	peers := make([]*nbpeer.Peer, 0)
+	peersMap := make(map[string]*nbpeer.Peer)
+
+	for _, peer := range accountPeers {
+		if user.IsRegularUser() && user.Id != peer.UserID {
+			// only display peers that belong to the current user if the current user is not an admin
+			continue
+		}
+		peers = append(peers, peer)
+		peersMap[peer.ID] = peer
+	}
+
 	if allowed {
-		return accountPeers, nil
+		return peers, nil
 	}
 
 	settings, err := am.Store.GetAccountSettings(ctx, store.LockingStrengthShare, accountID)
@@ -59,22 +70,10 @@ func (am *DefaultAccountManager) GetPeers(ctx context.Context, accountID, userID
 		return nil, fmt.Errorf("failed to get account settings: %w", err)
 	}
 
-	if user.IsRestrictable() && settings.RegularUsersViewBlocked {
+	if settings.RegularUsersViewBlocked {
 		return []*nbpeer.Peer{}, nil
 	}
 
-	// @note if it does not have permission read peers then only display it's own peers
-	peers := make([]*nbpeer.Peer, 0)
-	peersMap := make(map[string]*nbpeer.Peer)
-
-	for _, peer := range accountPeers {
-		if user.Id != peer.UserID {
-			continue
-		}
-		peers = append(peers, peer)
-		peersMap[peer.ID] = peer
-	}
-
 	return am.getUserAccessiblePeers(ctx, accountID, peersMap, peers)
 }
 
@@ -233,7 +232,7 @@ func (am *DefaultAccountManager) UpdatePeer(ctx context.Context, accountID, user
 		}
 
 		if peer.Name != update.Name {
-			existingLabels, err := getPeerDNSLabels(ctx, transaction, accountID)
+			existingLabels, err := getPeerDNSLabels(ctx, transaction, accountID, update.Name)
 			if err != nil {
 				return err
 			}
@@ -1468,13 +1467,13 @@ func getPeerGroupIDs(ctx context.Context, transaction store.Store, accountID str
 	return groupIDs, err
 }
 
-func getPeerDNSLabels(ctx context.Context, transaction store.Store, accountID string) (types.LookupMap, error) {
-	dnsLabels, err := transaction.GetPeerLabelsInAccount(ctx, store.LockingStrengthShare, accountID)
+func getPeerDNSLabels(ctx context.Context, transaction store.Store, accountID string, peerName string) (types.LookupMap, error) {
+	dnsLabels, err := transaction.GetPeerLabelsInAccountForName(ctx, store.LockingStrengthShare, accountID, peerName)
 	if err != nil {
 		return nil, err
 	}
 
-	existingLabels := make(types.LookupMap)
+	existingLabels := make(types.LookupMap, len(dnsLabels))
 	for _, label := range dnsLabels {
 		existingLabels[label] = struct{}{}
 	}

management/server/permissions/manager.go

@@ -20,8 +20,6 @@ type Manager interface {
 	ValidateUserPermissions(ctx context.Context, accountID, userID string, module modules.Module, operation operations.Operation) (bool, error)
 	ValidateRoleModuleAccess(ctx context.Context, accountID string, role roles.RolePermissions, module modules.Module, operation operations.Operation) bool
 	ValidateAccountAccess(ctx context.Context, accountID string, user *types.User, allowOwnerAndAdmin bool) error
-
-	GetPermissionsByRole(ctx context.Context, role types.UserRole) (roles.Permissions, error)
 }
 
 type managerImpl struct {
@@ -98,22 +96,3 @@ func (m *managerImpl) ValidateAccountAccess(ctx context.Context, accountID strin
 	}
 	return nil
 }
-
-func (m *managerImpl) GetPermissionsByRole(ctx context.Context, role types.UserRole) (roles.Permissions, error) {
-	roleMap, ok := roles.RolesMap[role]
-	if !ok {
-		return roles.Permissions{}, status.NewUserRoleNotFoundError(string(role))
-	}
-
-	permissions := roles.Permissions{}
-
-	for k := range modules.All {
-		if rolePermissions, ok := roleMap.Permissions[k]; ok {
-			permissions[k] = rolePermissions
-			continue
-		}
-		permissions[k] = roleMap.AutoAllowNew
-	}
-
-	return permissions, nil
-}

management/server/permissions/manager_mock.go

@@ -38,21 +38,6 @@ func (m *MockManager) EXPECT() *MockManagerMockRecorder {
 	return m.recorder
 }
 
-// GetPermissionsByRole mocks base method.
-func (m *MockManager) GetPermissionsByRole(ctx context.Context, role types.UserRole) (roles.Permissions, error) {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "GetPermissionsByRole", ctx, role)
-	ret0, _ := ret[0].(roles.Permissions)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
-}
-
-// GetPermissionsByRole indicates an expected call of GetPermissionsByRole.
-func (mr *MockManagerMockRecorder) GetPermissionsByRole(ctx, role interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetPermissionsByRole", reflect.TypeOf((*MockManager)(nil).GetPermissionsByRole), ctx, role)
-}
-
 // ValidateAccountAccess mocks base method.
 func (m *MockManager) ValidateAccountAccess(ctx context.Context, accountID string, user *types.User, allowOwnerAndAdmin bool) error {
 	m.ctrl.T.Helper()

management/server/permissions/modules/module.go

@@ -17,19 +17,3 @@ const (
 	SetupKeys   Module = "setup_keys"
 	Pats        Module = "pats"
 )
-
-var All = map[Module]struct{}{
-	Networks:    {},
-	Peers:       {},
-	Groups:      {},
-	Settings:    {},
-	Accounts:    {},
-	Dns:         {},
-	Nameservers: {},
-	Events:      {},
-	Policies:    {},
-	Routes:      {},
-	Users:       {},
-	SetupKeys:   {},
-	Pats:        {},
-}

management/server/permissions/roles/network_admin.go

@@ -23,9 +23,9 @@ var NetworkAdmin = RolePermissions{
 		},
 		modules.Groups: {
 			operations.Read:   true,
-			operations.Create: true,
-			operations.Update: true,
-			operations.Delete: true,
+			operations.Create: false,
+			operations.Update: false,
+			operations.Delete: false,
 		},
 		modules.Settings: {
 			operations.Read:   true,
@@ -87,11 +87,5 @@ var NetworkAdmin = RolePermissions{
 			operations.Update: true,
 			operations.Delete: true,
 		},
-		modules.Peers: {
-			operations.Read:   true,
-			operations.Create: false,
-			operations.Update: false,
-			operations.Delete: false,
-		},
 	},
 }

management/server/store/sql_store.go

@@ -116,10 +116,11 @@ func (s *SqlStore) AcquireGlobalLock(ctx context.Context) (unlock func()) {
 	log.WithContext(ctx).Tracef("acquiring global lock")
 	start := time.Now()
 	s.globalAccountLock.Lock()
+	lockTime := time.Now()
 
 	unlock = func() {
 		s.globalAccountLock.Unlock()
-		log.WithContext(ctx).Tracef("released global lock in %v", time.Since(start))
+		log.WithContext(ctx).Tracef("released global lock: acquired in %v, hold for %v", time.Since(start), time.Since(lockTime))
 	}
 
 	took := time.Since(start)
@@ -139,10 +140,11 @@ func (s *SqlStore) AcquireWriteLockByUID(ctx context.Context, uniqueID string) (
 	value, _ := s.resourceLocks.LoadOrStore(uniqueID, &sync.RWMutex{})
 	mtx := value.(*sync.RWMutex)
 	mtx.Lock()
+	lockTime := time.Now()
 
 	unlock = func() {
 		mtx.Unlock()
-		log.WithContext(ctx).Tracef("released write lock for ID %s in %v", uniqueID, time.Since(start))
+		log.WithContext(ctx).Tracef("released write lock for ID %s: acquired in %v, hold for %v", uniqueID, time.Since(start), time.Since(lockTime))
 	}
 
 	return unlock
@@ -156,10 +158,11 @@ func (s *SqlStore) AcquireReadLockByUID(ctx context.Context, uniqueID string) (u
 	value, _ := s.resourceLocks.LoadOrStore(uniqueID, &sync.RWMutex{})
 	mtx := value.(*sync.RWMutex)
 	mtx.RLock()
+	lockTime := time.Now()
 
 	unlock = func() {
 		mtx.RUnlock()
-		log.WithContext(ctx).Tracef("released read lock for ID %s in %v", uniqueID, time.Since(start))
+		log.WithContext(ctx).Tracef("released read lock for ID %s: acquired in %v, hold for %v", uniqueID, time.Since(start), time.Since(lockTime))
 	}
 
 	return unlock
@@ -802,7 +805,7 @@ func (s *SqlStore) GetAccountByPeerPubKey(ctx context.Context, peerKey string) (
 
 func (s *SqlStore) GetAnyAccountID(ctx context.Context) (string, error) {
 	var account types.Account
-	result := s.db.WithContext(ctx).Select("id").Order("created_at desc").Limit(1).Find(&account)
+	result := s.db.WithContext(ctx).Select("id").Limit(1).Find(&account)
 	if result.Error != nil {
 		return "", status.NewGetAccountFromStoreError(result.Error)
 	}
@@ -873,7 +876,7 @@ func (s *SqlStore) GetAccountIDBySetupKey(ctx context.Context, setupKey string)
 	return accountID, nil
 }
 
-func (s *SqlStore) GetTakenIPs(ctx context.Context, lockStrength LockingStrength, accountID string) ([]net.IP, error) {
+func (s *SqlStore) GetTakenIPs(ctx context.Context, lockStrength LockingStrength, accountID string) (map[string]struct{}, error) {
 	var ipJSONStrings []string
 
 	// Fetch the IP addresses as JSON strings
@@ -887,23 +890,22 @@ func (s *SqlStore) GetTakenIPs(ctx context.Context, lockStrength LockingStrength
 		return nil, status.Errorf(status.Internal, "issue getting IPs from store: %s", result.Error)
 	}
 
-	// Convert the JSON strings to net.IP objects
-	ips := make([]net.IP, len(ipJSONStrings))
-	for i, ipJSON := range ipJSONStrings {
+	ips := make(map[string]struct{}, len(ipJSONStrings))
+	for _, ipJSON := range ipJSONStrings {
 		var ip net.IP
 		if err := json.Unmarshal([]byte(ipJSON), &ip); err != nil {
 			return nil, status.Errorf(status.Internal, "issue parsing IP JSON from store")
 		}
-		ips[i] = ip
+		ips[ip.String()] = struct{}{}
 	}
 
 	return ips, nil
 }
 
-func (s *SqlStore) GetPeerLabelsInAccount(ctx context.Context, lockStrength LockingStrength, accountID string) ([]string, error) {
+func (s *SqlStore) GetPeerLabelsInAccountForName(ctx context.Context, lockStrength LockingStrength, accountID string, peerName string) ([]string, error) {
 	var labels []string
 	result := s.db.Clauses(clause.Locking{Strength: string(lockStrength)}).Model(&nbpeer.Peer{}).
-		Where("account_id = ?", accountID).
+		Where("account_id = ? AND dns_label LIKE ?", accountID, peerName+"%").
 		Pluck("dns_label", &labels)
 
 	if result.Error != nil {
@@ -1196,12 +1198,6 @@ func (s *SqlStore) AddPeerToAllGroup(ctx context.Context, lockStrength LockingSt
 		return status.Errorf(status.Internal, "issue finding group 'All': %s", result.Error)
 	}
 
-	for _, existingPeerID := range group.Peers {
-		if existingPeerID == peerID {
-			return nil
-		}
-	}
-
 	group.Peers = append(group.Peers, peerID)
 
 	if err := s.db.Clauses(clause.Locking{Strength: string(lockStrength)}).Save(&group).Error; err != nil {
@@ -1683,26 +1679,18 @@ func (s *SqlStore) SavePolicy(ctx context.Context, lockStrength LockingStrength,
 }
 
 func (s *SqlStore) DeletePolicy(ctx context.Context, lockStrength LockingStrength, accountID, policyID string) error {
-	return s.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
-		if err := tx.Where("policy_id = ?", policyID).Delete(&types.PolicyRule{}).Error; err != nil {
-			return fmt.Errorf("delete policy rules: %w", err)
-		}
+	result := s.db.Clauses(clause.Locking{Strength: string(lockStrength)}).
+		Delete(&types.Policy{}, accountAndIDQueryCondition, accountID, policyID)
+	if err := result.Error; err != nil {
+		log.WithContext(ctx).Errorf("failed to delete policy from store: %s", err)
+		return status.Errorf(status.Internal, "failed to delete policy from store")
+	}
 
-		result := tx.Clauses(clause.Locking{Strength: string(lockStrength)}).
-			Where(accountAndIDQueryCondition, accountID, policyID).
-			Delete(&types.Policy{})
+	if result.RowsAffected == 0 {
+		return status.NewPolicyNotFoundError(policyID)
+	}
 
-		if err := result.Error; err != nil {
-			log.WithContext(ctx).Errorf("failed to delete policy from store: %s", err)
-			return status.Errorf(status.Internal, "failed to delete policy from store")
-		}
-
-		if result.RowsAffected == 0 {
-			return status.NewPolicyNotFoundError(policyID)
-		}
-
-		return nil
-	})
+	return nil
 }
 
 // GetAccountPostureChecks retrieves posture checks for an account.

management/server/store/sql_store_test.go

@@ -60,10 +60,10 @@ func Test_NewStore(t *testing.T) {
 
 	runTestForAllEngines(t, "", func(t *testing.T, store Store) {
 		if store == nil {
-			t.Fatalf("expected to create a new Store")
+			t.Errorf("expected to create a new Store")
 		}
 		if len(store.GetAllAccounts(context.Background())) != 0 {
-			t.Fatalf("expected to create a new empty Accounts map when creating a new FileStore")
+			t.Errorf("expected to create a new empty Accounts map when creating a new FileStore")
 		}
 	})
 }
@@ -992,19 +992,20 @@ func TestSqlite_GetPeerLabelsInAccount(t *testing.T) {
 	_, err = store.GetAccount(context.Background(), existingAccountID)
 	require.NoError(t, err)
 
-	labels, err := store.GetPeerLabelsInAccount(context.Background(), LockingStrengthShare, existingAccountID)
-	require.NoError(t, err)
-	assert.Equal(t, []string{}, labels)
-
 	peer1 := &nbpeer.Peer{
 		ID:        "peer1",
 		AccountID: existingAccountID,
 		DNSLabel:  "peer1.domain.test",
 	}
+
+	labels, err := store.GetPeerLabelsInAccountForName(context.Background(), LockingStrengthShare, existingAccountID, peer1.DNSLabel)
+	require.NoError(t, err)
+	assert.Equal(t, []string{}, labels)
+
 	err = store.AddPeerToAccount(context.Background(), LockingStrengthUpdate, peer1)
 	require.NoError(t, err)
 
-	labels, err = store.GetPeerLabelsInAccount(context.Background(), LockingStrengthShare, existingAccountID)
+	labels, err = store.GetPeerLabelsInAccountForName(context.Background(), LockingStrengthShare, existingAccountID, peer1.DNSLabel)
 	require.NoError(t, err)
 	assert.Equal(t, []string{"peer1.domain.test"}, labels)
 
@@ -1016,7 +1017,7 @@ func TestSqlite_GetPeerLabelsInAccount(t *testing.T) {
 	err = store.AddPeerToAccount(context.Background(), LockingStrengthUpdate, peer2)
 	require.NoError(t, err)
 
-	labels, err = store.GetPeerLabelsInAccount(context.Background(), LockingStrengthShare, existingAccountID)
+	labels, err = store.GetPeerLabelsInAccountForName(context.Background(), LockingStrengthShare, existingAccountID, peer2.DNSLabel)
 	require.NoError(t, err)
 	assert.Equal(t, []string{"peer1.domain.test", "peer2.domain.test"}, labels)
 }
@@ -1115,7 +1116,7 @@ func TestSqlite_CreateAndGetObjectInTransaction(t *testing.T) {
 
 	group := &types.Group{
 		ID:        "group-id",
-		AccountID: "bf1c8084-ba50-4ce7-9439-34653001fc3b",
+		AccountID: "account-id",
 		Name:      "group-name",
 		Issued:    "api",
 		Peers:     nil,

management/server/store/store.go

@@ -115,7 +115,7 @@ type Store interface {
 	SavePostureChecks(ctx context.Context, lockStrength LockingStrength, postureCheck *posture.Checks) error
 	DeletePostureChecks(ctx context.Context, lockStrength LockingStrength, accountID, postureChecksID string) error
 
-	GetPeerLabelsInAccount(ctx context.Context, lockStrength LockingStrength, accountId string) ([]string, error)
+	GetPeerLabelsInAccountForName(ctx context.Context, lockStrength LockingStrength, accountId string, dnsName string) ([]string, error)
 	AddPeerToAllGroup(ctx context.Context, lockStrength LockingStrength, accountID string, peerID string) error
 	AddPeerToGroup(ctx context.Context, lockStrength LockingStrength, accountId string, peerId string, groupID string) error
 	GetPeerGroups(ctx context.Context, lockStrength LockingStrength, accountId string, peerId string) ([]*types.Group, error)
@@ -150,7 +150,7 @@ type Store interface {
 	SaveNameServerGroup(ctx context.Context, lockStrength LockingStrength, nameServerGroup *dns.NameServerGroup) error
 	DeleteNameServerGroup(ctx context.Context, lockStrength LockingStrength, accountID, nameServerGroupID string) error
 
-	GetTakenIPs(ctx context.Context, lockStrength LockingStrength, accountId string) ([]net.IP, error)
+	GetTakenIPs(ctx context.Context, lockStrength LockingStrength, accountId string) (map[string]struct{}, error)
 	IncrementNetworkSerial(ctx context.Context, lockStrength LockingStrength, accountId string) error
 	GetAccountNetwork(ctx context.Context, lockStrength LockingStrength, accountId string) (*types.Network, error)
 
@@ -315,15 +315,6 @@ func getMigrations(ctx context.Context) []migrationFunc {
 		func(db *gorm.DB) error {
 			return migration.MigrateNewField[routerTypes.NetworkRouter](ctx, db, "enabled", true)
 		},
-		func(db *gorm.DB) error {
-			return migration.DropIndex[networkTypes.Network](ctx, db, "idx_networks_id")
-		},
-		func(db *gorm.DB) error {
-			return migration.DropIndex[resourceTypes.NetworkResource](ctx, db, "idx_network_resources_id")
-		},
-		func(db *gorm.DB) error {
-			return migration.DropIndex[routerTypes.NetworkRouter](ctx, db, "idx_network_routers_id")
-		},
 	}
 }
 

management/server/telemetry/app_metrics.go

@@ -29,7 +29,6 @@ type MockAppMetrics struct {
 	StoreMetricsFunc             func() *StoreMetrics
 	UpdateChannelMetricsFunc     func() *UpdateChannelMetrics
 	AddAccountManagerMetricsFunc func() *AccountManagerMetrics
-	EventStreamingMetricsFunc    func() *EventStreamingMetrics
 }
 
 // GetMeter mocks the GetMeter function of the AppMetrics interface
@@ -104,14 +103,6 @@ func (mock *MockAppMetrics) AccountManagerMetrics() *AccountManagerMetrics {
 	return nil
 }
 
-// EventStreamingMetrics mocks the EventStreamingMetrics function of the AppMetrics interface
-func (mock *MockAppMetrics) EventStreamingMetrics() *EventStreamingMetrics {
-	if mock.EventStreamingMetricsFunc != nil {
-		return mock.EventStreamingMetricsFunc()
-	}
-	return nil
-}
-
 // AppMetrics is metrics interface
 type AppMetrics interface {
 	GetMeter() metric2.Meter
@@ -123,7 +114,6 @@ type AppMetrics interface {
 	StoreMetrics() *StoreMetrics
 	UpdateChannelMetrics() *UpdateChannelMetrics
 	AccountManagerMetrics() *AccountManagerMetrics
-	EventStreamingMetrics() *EventStreamingMetrics
 }
 
 // defaultAppMetrics are core application metrics based on OpenTelemetry https://opentelemetry.io/
@@ -138,7 +128,6 @@ type defaultAppMetrics struct {
 	storeMetrics          *StoreMetrics
 	updateChannelMetrics  *UpdateChannelMetrics
 	accountManagerMetrics *AccountManagerMetrics
-	eventStreamingMetrics *EventStreamingMetrics
 }
 
 // IDPMetrics returns metrics for the idp package
@@ -171,16 +160,6 @@ func (appMetrics *defaultAppMetrics) AccountManagerMetrics() *AccountManagerMetr
 	return appMetrics.accountManagerMetrics
 }
 
-// EventStreamingMetrics returns metrics for the event streaming module
-func (appMetrics *defaultAppMetrics) EventStreamingMetrics() *EventStreamingMetrics {
-	return appMetrics.eventStreamingMetrics
-}
-
-// RegisterEventStreamingMetrics sets the event streaming metrics
-func (appMetrics *defaultAppMetrics) RegisterEventStreamingMetrics(metrics *EventStreamingMetrics) {
-	appMetrics.eventStreamingMetrics = metrics
-}
-
 // Close stop application metrics HTTP handler and closes listener.
 func (appMetrics *defaultAppMetrics) Close() error {
 	if appMetrics.listener == nil {
@@ -205,10 +184,10 @@ func (appMetrics *defaultAppMetrics) Expose(ctx context.Context, port int, endpo
 	}
 	appMetrics.listener = listener
 	go func() {
-		if err := http.Serve(listener, rootRouter); err != nil && err != http.ErrServerClosed {
-			log.WithContext(ctx).Errorf("metrics server error: %v", err)
+		err := http.Serve(listener, rootRouter)
+		if err != nil {
+			return
 		}
-		log.WithContext(ctx).Info("metrics server stopped")
 	}()
 
 	log.WithContext(ctx).Infof("enabled application metrics and exposing on http://%s", listener.Addr().String())
@@ -225,7 +204,7 @@ func (appMetrics *defaultAppMetrics) GetMeter() metric2.Meter {
 func NewDefaultAppMetrics(ctx context.Context) (AppMetrics, error) {
 	exporter, err := prometheus.New()
 	if err != nil {
-		return nil, fmt.Errorf("failed to create prometheus exporter: %w", err)
+		return nil, err
 	}
 
 	provider := metric.NewMeterProvider(metric.WithReader(exporter))
@@ -234,32 +213,32 @@ func NewDefaultAppMetrics(ctx context.Context) (AppMetrics, error) {
 
 	idpMetrics, err := NewIDPMetrics(ctx, meter)
 	if err != nil {
-		return nil, fmt.Errorf("failed to initialize IDP metrics: %w", err)
+		return nil, err
 	}
 
 	middleware, err := NewMetricsMiddleware(ctx, meter)
 	if err != nil {
-		return nil, fmt.Errorf("failed to initialize HTTP middleware metrics: %w", err)
+		return nil, err
 	}
 
 	grpcMetrics, err := NewGRPCMetrics(ctx, meter)
 	if err != nil {
-		return nil, fmt.Errorf("failed to initialize gRPC metrics: %w", err)
+		return nil, err
 	}
 
 	storeMetrics, err := NewStoreMetrics(ctx, meter)
 	if err != nil {
-		return nil, fmt.Errorf("failed to initialize store metrics: %w", err)
+		return nil, err
 	}
 
 	updateChannelMetrics, err := NewUpdateChannelMetrics(ctx, meter)
 	if err != nil {
-		return nil, fmt.Errorf("failed to initialize update channel metrics: %w", err)
+		return nil, err
 	}
 
 	accountManagerMetrics, err := NewAccountManagerMetrics(ctx, meter)
 	if err != nil {
-		return nil, fmt.Errorf("failed to initialize account manager metrics: %w", err)
+		return nil, err
 	}
 
 	return &defaultAppMetrics{

management/server/types/group.go

@@ -14,7 +14,7 @@ const (
 // Group of the peers for ACL
 type Group struct {
 	// ID of the group
-	ID string `gorm:"primaryKey"`
+	ID string
 
 	// AccountID is a reference to Account that this object belongs
 	AccountID string `json:"-" gorm:"index"`

management/server/types/network.go

@@ -1,6 +1,8 @@
 package types
 
 import (
+	"encoding/binary"
+	"fmt"
 	"math/rand"
 	"net"
 	"sync"
@@ -13,7 +15,6 @@ import (
 	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/management/proto"
 	nbpeer "github.com/netbirdio/netbird/management/server/peer"
-	"github.com/netbirdio/netbird/management/server/status"
 	"github.com/netbirdio/netbird/management/server/util"
 	"github.com/netbirdio/netbird/route"
 )
@@ -160,25 +161,74 @@ func (n *Network) Copy() *Network {
 // AllocatePeerIP pics an available IP from an net.IPNet.
 // This method considers already taken IPs and reuses IPs if there are gaps in takenIps
 // E.g. if ipNet=100.30.0.0/16 and takenIps=[100.30.0.1, 100.30.0.4] then the result would be 100.30.0.2 or 100.30.0.3
-func AllocatePeerIP(ipNet net.IPNet, takenIps []net.IP) (net.IP, error) {
-	takenIPMap := make(map[string]struct{})
-	takenIPMap[ipNet.IP.String()] = struct{}{}
-	for _, ip := range takenIps {
-		takenIPMap[ip.String()] = struct{}{}
+func AllocatePeerIP(ipNet net.IPNet, takenIps map[string]struct{}) (net.IP, error) {
+	numOfIPsInSubnet := numOfIPs(ipNet)
+	if len(takenIps) < numOfIPsInSubnet {
+		ip, err := allocateRandomFreeIP(ipNet, takenIps, numOfIPsInSubnet)
+		if err == nil {
+			return ip, nil
+		}
+	}
+	return allocateNextFreeIP(ipNet, takenIps, numOfIPsInSubnet)
+}
+
+func allocateNextFreeIP(ipNet net.IPNet, takenIps map[string]struct{}, numIPs int) (net.IP, error) {
+	ip := ipNet.IP.Mask(ipNet.Mask)
+
+	ip4 := ip.To4()
+	if ip4 == nil {
+		return nil, fmt.Errorf("only IPv4 is supported")
+	}
+	start := binary.BigEndian.Uint32(ip4)
+
+	for i := uint32(1); i < uint32(numIPs-1); i++ {
+		candidate := make(net.IP, 4)
+		binary.BigEndian.PutUint32(candidate, start+i)
+
+		if _, taken := takenIps[candidate.String()]; !taken {
+			return candidate, nil
+		}
 	}
 
-	ips, _ := generateIPs(&ipNet, takenIPMap)
+	return nil, fmt.Errorf("no available IPs in network %s", ipNet.String())
+}
 
-	if len(ips) == 0 {
-		return nil, status.Errorf(status.PreconditionFailed, "failed allocating new IP for the ipNet %s - network is out of IPs", ipNet.String())
+func allocateRandomFreeIP(ipNet net.IPNet, takenIps map[string]struct{}, numIPs int) (net.IP, error) {
+	ip := ipNet.IP.Mask(ipNet.Mask)
+	ip4 := ip.To4()
+	if ip4 == nil {
+		return nil, fmt.Errorf("only IPv4 is supported")
+	}
+	start := binary.BigEndian.Uint32(ip4)
+
+	r := rand.New(rand.NewSource(time.Now().UnixNano()))
+
+	const maxTries = 1000
+	for i := 0; i < maxTries; i++ {
+		randomOffset := uint32(r.Intn(numIPs-2)) + 1
+		candidate := make(net.IP, 4)
+		binary.BigEndian.PutUint32(candidate, start+randomOffset)
+
+		if _, taken := takenIps[candidate.String()]; !taken {
+			return candidate, nil
+		}
 	}
 
-	// pick a random IP
-	s := rand.NewSource(time.Now().Unix())
-	r := rand.New(s)
-	intn := r.Intn(len(ips))
+	for i := uint32(1); i < uint32(numIPs-1); i++ {
+		candidate := make(net.IP, 4)
+		binary.BigEndian.PutUint32(candidate, start+i)
+		if _, taken := takenIps[candidate.String()]; !taken {
+			return candidate, nil
+		}
+	}
 
-	return ips[intn], nil
+	return nil, fmt.Errorf("failed to randomly generate ip in network %s", ipNet.String())
+}
+
+func numOfIPs(ipNet net.IPNet) int {
+	ones, bits := ipNet.Mask.Size()
+	numIPs := 1 << (bits - ones)
+	return numIPs
 }
 
 // generateIPs generates a list of all possible IPs of the given network excluding IPs specified in the exclusion list

management/server/types/network_test.go

@@ -17,23 +17,23 @@ func TestNewNetwork(t *testing.T) {
 
 func TestAllocatePeerIP(t *testing.T) {
 	ipNet := net.IPNet{IP: net.ParseIP("100.64.0.0"), Mask: net.IPMask{255, 255, 255, 0}}
-	var ips []net.IP
+	var ips map[string]struct{}
 	for i := 0; i < 252; i++ {
 		ip, err := AllocatePeerIP(ipNet, ips)
 		if err != nil {
 			t.Fatal(err)
 		}
-		ips = append(ips, ip)
+		ips[ip.String()] = struct{}{}
 	}
 
 	assert.Len(t, ips, 252)
 
 	uniq := make(map[string]struct{})
-	for _, ip := range ips {
-		if _, ok := uniq[ip.String()]; !ok {
-			uniq[ip.String()] = struct{}{}
+	for ip := range ips {
+		if _, ok := uniq[ip]; !ok {
+			uniq[ip] = struct{}{}
 		} else {
-			t.Errorf("found duplicate IP %s", ip.String())
+			t.Errorf("found duplicate IP %s", ip)
 		}
 	}
 }
@@ -49,3 +49,42 @@ func TestGenerateIPs(t *testing.T) {
 		t.Errorf("expected last ip to be: 100.64.0.253, got %s", ips[len(ips)-1].String())
 	}
 }
+
+func BenchmarkAllocatePeerIP(b *testing.B) {
+	testCase := []struct {
+		name       string
+		numUsedIPs int
+	}{
+		{"1000", 1000},
+		{"10000", 10000},
+		{"30000", 30000},
+		{"40000", 40000},
+		{"60000", 60000},
+	}
+	network := NewNetwork()
+
+	for _, tc := range testCase {
+		b.Run(tc.name, func(b *testing.B) {
+			usedIPs := generateUsedIPs(network.Net, tc.numUsedIPs)
+			b.ResetTimer()
+			for i := 0; i < b.N; i++ {
+				_, err := AllocatePeerIP(network.Net, usedIPs)
+				if err != nil {
+					b.Fatal(err)
+				}
+			}
+		})
+	}
+}
+
+func generateUsedIPs(ipNet net.IPNet, numIPs int) map[string]struct{} {
+	usedIPs := make(map[string]struct{}, numIPs)
+	for i := 0; i < numIPs; i++ {
+		ip, err := AllocatePeerIP(ipNet, usedIPs)
+		if err != nil {
+			return nil
+		}
+		usedIPs[ip.String()] = struct{}{}
+	}
+	return usedIPs
+}

management/server/types/user.go

@@ -65,6 +65,11 @@ type UserInfo struct {
 	LastLogin            time.Time                                  `json:"last_login"`
 	Issued               string                                     `json:"issued"`
 	IntegrationReference integration_reference.IntegrationReference `json:"-"`
+	Permissions          UserPermissions                            `json:"permissions"`
+}
+
+type UserPermissions struct {
+	DashboardView string `json:"dashboard_view"`
 }
 
 // User represents a user of the system
@@ -127,18 +132,21 @@ func (u *User) IsRegularUser() bool {
 	return !u.HasAdminPower() && !u.IsServiceUser
 }
 
-// IsRestrictable checks whether a user is in a restrictable role.
-func (u *User) IsRestrictable() bool {
-	return u.Role == UserRoleUser || u.Role == UserRoleBillingAdmin
-}
-
 // ToUserInfo converts a User object to a UserInfo object.
-func (u *User) ToUserInfo(userData *idp.UserData) (*UserInfo, error) {
+func (u *User) ToUserInfo(userData *idp.UserData, settings *Settings) (*UserInfo, error) {
 	autoGroups := u.AutoGroups
 	if autoGroups == nil {
 		autoGroups = []string{}
 	}
 
+	dashboardViewPermissions := "full"
+	if !u.HasAdminPower() {
+		dashboardViewPermissions = "limited"
+		if settings.RegularUsersViewBlocked {
+			dashboardViewPermissions = "blocked"
+		}
+	}
+
 	if userData == nil {
 		return &UserInfo{
 			ID:            u.Id,
@@ -151,6 +159,9 @@ func (u *User) ToUserInfo(userData *idp.UserData) (*UserInfo, error) {
 			IsBlocked:     u.Blocked,
 			LastLogin:     u.GetLastLogin(),
 			Issued:        u.Issued,
+			Permissions: UserPermissions{
+				DashboardView: dashboardViewPermissions,
+			},
 		}, nil
 	}
 	if userData.ID != u.Id {
@@ -173,6 +184,9 @@ func (u *User) ToUserInfo(userData *idp.UserData) (*UserInfo, error) {
 		IsBlocked:     u.Blocked,
 		LastLogin:     u.GetLastLogin(),
 		Issued:        u.Issued,
+		Permissions: UserPermissions{
+			DashboardView: dashboardViewPermissions,
+		},
 	}, nil
 }
 

management/server/user.go

@@ -12,7 +12,6 @@ import (
 
 	"github.com/netbirdio/netbird/management/server/activity"
 	nbContext "github.com/netbirdio/netbird/management/server/context"
-	nbcontext "github.com/netbirdio/netbird/management/server/context"
 	"github.com/netbirdio/netbird/management/server/idp"
 	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 	"github.com/netbirdio/netbird/management/server/permissions/modules"
@@ -20,7 +19,6 @@ import (
 	"github.com/netbirdio/netbird/management/server/status"
 	"github.com/netbirdio/netbird/management/server/store"
 	"github.com/netbirdio/netbird/management/server/types"
-	"github.com/netbirdio/netbird/management/server/users"
 	"github.com/netbirdio/netbird/management/server/util"
 )
 
@@ -124,6 +122,11 @@ func (am *DefaultAccountManager) inviteNewUser(ctx context.Context, accountID, u
 		CreatedAt:            time.Now().UTC(),
 	}
 
+	settings, err := am.Store.GetAccountSettings(ctx, store.LockingStrengthShare, accountID)
+	if err != nil {
+		return nil, err
+	}
+
 	if err = am.Store.SaveUser(ctx, store.LockingStrengthUpdate, newUser); err != nil {
 		return nil, err
 	}
@@ -135,7 +138,7 @@ func (am *DefaultAccountManager) inviteNewUser(ctx context.Context, accountID, u
 
 	am.StoreEvent(ctx, userID, newUser.Id, accountID, activity.UserInvited, nil)
 
-	return newUser.ToUserInfo(idpUser)
+	return newUser.ToUserInfo(idpUser, settings)
 }
 
 // createNewIdpUser validates the invite and creates a new user in the IdP
@@ -357,7 +360,6 @@ func (am *DefaultAccountManager) CreatePAT(ctx context.Context, accountID string
 		return nil, err
 	}
 
-	// @note this is essential to prevent non admin users with Pats create permission frpm creating one for a service user
 	if initiatorUserID != targetUserID && !(initiatorUser.HasAdminPower() && targetUser.IsServiceUser) {
 		return nil, status.NewAdminPermissionError()
 	}
@@ -725,14 +727,19 @@ func handleOwnerRoleTransfer(ctx context.Context, transaction store.Store, initi
 // If the AccountManager has a non-nil idpManager and the User is not a service user,
 // it will attempt to look up the UserData from the cache.
 func (am *DefaultAccountManager) getUserInfo(ctx context.Context, user *types.User, accountID string) (*types.UserInfo, error) {
+	settings, err := am.Store.GetAccountSettings(ctx, store.LockingStrengthShare, accountID)
+	if err != nil {
+		return nil, err
+	}
+
 	if !isNil(am.idpManager) && !user.IsServiceUser {
 		userData, err := am.lookupUserInCache(ctx, user.Id, accountID)
 		if err != nil {
 			return nil, err
 		}
-		return user.ToUserInfo(userData)
+		return user.ToUserInfo(userData, settings)
 	}
-	return user.ToUserInfo(nil)
+	return user.ToUserInfo(nil, settings)
 }
 
 // validateUserUpdate validates the update operation for a user.
@@ -872,12 +879,17 @@ func (am *DefaultAccountManager) BuildUserInfosForAccount(ctx context.Context, a
 		queriedUsers = append(queriedUsers, usersFromIntegration...)
 	}
 
+	settings, err := am.Store.GetAccountSettings(ctx, store.LockingStrengthShare, accountID)
+	if err != nil {
+		return nil, err
+	}
+
 	userInfosMap := make(map[string]*types.UserInfo)
 
 	// in case of self-hosted, or IDP doesn't return anything, we will return the locally stored userInfo
 	if len(queriedUsers) == 0 {
 		for _, accountUser := range accountUsers {
-			info, err := accountUser.ToUserInfo(nil)
+			info, err := accountUser.ToUserInfo(nil, settings)
 			if err != nil {
 				return nil, err
 			}
@@ -890,7 +902,7 @@ func (am *DefaultAccountManager) BuildUserInfosForAccount(ctx context.Context, a
 	for _, localUser := range accountUsers {
 		var info *types.UserInfo
 		if queriedUser, contains := findUserInIDPUserdata(localUser.Id, queriedUsers); contains {
-			info, err = localUser.ToUserInfo(queriedUser)
+			info, err = localUser.ToUserInfo(queriedUser, settings)
 			if err != nil {
 				return nil, err
 			}
@@ -900,6 +912,14 @@ func (am *DefaultAccountManager) BuildUserInfosForAccount(ctx context.Context, a
 				name = localUser.ServiceUserName
 			}
 
+			dashboardViewPermissions := "full"
+			if !localUser.HasAdminPower() {
+				dashboardViewPermissions = "limited"
+				if settings.RegularUsersViewBlocked {
+					dashboardViewPermissions = "blocked"
+				}
+			}
+
 			info = &types.UserInfo{
 				ID:            localUser.Id,
 				Email:         "",
@@ -909,6 +929,7 @@ func (am *DefaultAccountManager) BuildUserInfosForAccount(ctx context.Context, a
 				Status:        string(types.UserStatusActive),
 				IsServiceUser: localUser.IsServiceUser,
 				NonDeletable:  localUser.NonDeletable,
+				Permissions:   types.UserPermissions{DashboardView: dashboardViewPermissions},
 			}
 		}
 		userInfosMap[info.ID] = info
@@ -1218,10 +1239,8 @@ func validateUserInvite(invite *types.UserInfo) error {
 	return nil
 }
 
-// GetCurrentUserInfo retrieves the account's current user info and permissions
-func (am *DefaultAccountManager) GetCurrentUserInfo(ctx context.Context, userAuth nbcontext.UserAuth) (*users.UserInfoWithPermissions, error) {
-	accountID, userID := userAuth.AccountId, userAuth.UserId
-
+// GetCurrentUserInfo retrieves the account's current user info
+func (am *DefaultAccountManager) GetCurrentUserInfo(ctx context.Context, accountID, userID string) (*types.UserInfo, error) {
 	user, err := am.Store.GetUserByUserID(ctx, store.LockingStrengthShare, userID)
 	if err != nil {
 		return nil, err
@@ -1239,25 +1258,10 @@ func (am *DefaultAccountManager) GetCurrentUserInfo(ctx context.Context, userAut
 		return nil, err
 	}
 
-	settings, err := am.Store.GetAccountSettings(ctx, store.LockingStrengthShare, accountID)
-	if err != nil {
-		return nil, err
-	}
-
 	userInfo, err := am.getUserInfo(ctx, user, accountID)
 	if err != nil {
 		return nil, err
 	}
 
-	userWithPermissions := &users.UserInfoWithPermissions{
-		UserInfo:   userInfo,
-		Restricted: !userAuth.IsChild && user.IsRestrictable() && settings.RegularUsersViewBlocked,
-	}
-
-	permissions, err := am.permissionsManager.GetPermissionsByRole(ctx, user.Role)
-	if err == nil {
-		userWithPermissions.Permissions = permissions
-	}
-
-	return userWithPermissions, nil
+	return userInfo, nil
 }

management/server/user_test.go

@@ -13,10 +13,7 @@ import (
 	nbcache "github.com/netbirdio/netbird/management/server/cache"
 	nbcontext "github.com/netbirdio/netbird/management/server/context"
 	"github.com/netbirdio/netbird/management/server/permissions"
-	"github.com/netbirdio/netbird/management/server/permissions/modules"
-	"github.com/netbirdio/netbird/management/server/permissions/roles"
 	"github.com/netbirdio/netbird/management/server/status"
-	"github.com/netbirdio/netbird/management/server/users"
 	"github.com/netbirdio/netbird/management/server/util"
 
 	nbpeer "github.com/netbirdio/netbird/management/server/peer"
@@ -1023,6 +1020,90 @@ func TestDefaultAccountManager_ListUsers(t *testing.T) {
 	assert.Equal(t, 2, regular)
 }
 
+func TestDefaultAccountManager_ListUsers_DashboardPermissions(t *testing.T) {
+	testCases := []struct {
+		name                         string
+		role                         types.UserRole
+		limitedViewSettings          bool
+		expectedDashboardPermissions string
+	}{
+		{
+			name:                         "Regular user, no limited view settings",
+			role:                         types.UserRoleUser,
+			limitedViewSettings:          false,
+			expectedDashboardPermissions: "limited",
+		},
+		{
+			name:                         "Admin user, no limited view settings",
+			role:                         types.UserRoleAdmin,
+			limitedViewSettings:          false,
+			expectedDashboardPermissions: "full",
+		},
+		{
+			name:                         "Owner, no limited view settings",
+			role:                         types.UserRoleOwner,
+			limitedViewSettings:          false,
+			expectedDashboardPermissions: "full",
+		},
+		{
+			name:                         "Regular user, limited view settings",
+			role:                         types.UserRoleUser,
+			limitedViewSettings:          true,
+			expectedDashboardPermissions: "blocked",
+		},
+		{
+			name:                         "Admin user, limited view settings",
+			role:                         types.UserRoleAdmin,
+			limitedViewSettings:          true,
+			expectedDashboardPermissions: "full",
+		},
+		{
+			name:                         "Owner, limited view settings",
+			role:                         types.UserRoleOwner,
+			limitedViewSettings:          true,
+			expectedDashboardPermissions: "full",
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			store, cleanup, err := store.NewTestStoreFromSQL(context.Background(), "", t.TempDir())
+			if err != nil {
+				t.Fatalf("Error when creating store: %s", err)
+			}
+			t.Cleanup(cleanup)
+
+			account := newAccountWithId(context.Background(), mockAccountID, mockUserID, "")
+			account.Users["normal_user1"] = types.NewUser("normal_user1", testCase.role, false, false, "", []string{}, types.UserIssuedAPI)
+			account.Settings.RegularUsersViewBlocked = testCase.limitedViewSettings
+			delete(account.Users, mockUserID)
+
+			err = store.SaveAccount(context.Background(), account)
+			if err != nil {
+				t.Fatalf("Error when saving account: %s", err)
+			}
+
+			permissionsManager := permissions.NewManager(store)
+			am := DefaultAccountManager{
+				Store:              store,
+				eventStore:         &activity.InMemoryEventStore{},
+				permissionsManager: permissionsManager,
+			}
+
+			users, err := am.ListUsers(context.Background(), mockAccountID)
+			if err != nil {
+				t.Fatalf("Error when checking user role: %s", err)
+			}
+
+			assert.Equal(t, 1, len(users))
+
+			userInfo, _ := users[0].ToUserInfo(nil, account.Settings)
+			assert.Equal(t, testCase.expectedDashboardPermissions, userInfo.Permissions.DashboardView)
+		})
+	}
+
+}
+
 func TestDefaultAccountManager_ExternalCache(t *testing.T) {
 	store, cleanup, err := store.NewTestStoreFromSQL(context.Background(), "", t.TempDir())
 	if err != nil {
@@ -1573,154 +1654,121 @@ func TestDefaultAccountManager_GetCurrentUserInfo(t *testing.T) {
 
 	tt := []struct {
 		name           string
-		userAuth       nbcontext.UserAuth
+		accountId      string
+		userId         string
 		expectedErr    error
-		expectedResult *users.UserInfoWithPermissions
+		expectedResult *types.UserInfo
 	}{
 		{
 			name:        "not found",
-			userAuth:    nbcontext.UserAuth{AccountId: account1.Id, UserId: "not-found"},
+			accountId:   account1.Id,
+			userId:      "not-found",
 			expectedErr: status.NewUserNotFoundError("not-found"),
 		},
 		{
 			name:        "not part of account",
-			userAuth:    nbcontext.UserAuth{AccountId: account1.Id, UserId: "account2Owner"},
+			accountId:   account1.Id,
+			userId:      "account2Owner",
 			expectedErr: status.NewUserNotPartOfAccountError(),
 		},
 		{
 			name:        "blocked",
-			userAuth:    nbcontext.UserAuth{AccountId: account1.Id, UserId: "blocked-user"},
+			accountId:   account1.Id,
+			userId:      "blocked-user",
 			expectedErr: status.NewUserBlockedError(),
 		},
 		{
 			name:        "service user",
-			userAuth:    nbcontext.UserAuth{AccountId: account1.Id, UserId: "service-user"},
+			accountId:   account1.Id,
+			userId:      "service-user",
 			expectedErr: status.NewPermissionDeniedError(),
 		},
 		{
-			name:     "owner user",
-			userAuth: nbcontext.UserAuth{AccountId: account1.Id, UserId: "account1Owner"},
-			expectedResult: &users.UserInfoWithPermissions{
-				UserInfo: &types.UserInfo{
-					ID:                   "account1Owner",
-					Name:                 "",
-					Role:                 "owner",
-					AutoGroups:           []string{},
-					Status:               "active",
-					IsServiceUser:        false,
-					IsBlocked:            false,
-					NonDeletable:         false,
-					LastLogin:            time.Time{},
-					Issued:               "api",
-					IntegrationReference: integration_reference.IntegrationReference{},
+			name:      "owner user",
+			accountId: account1.Id,
+			userId:    "account1Owner",
+			expectedResult: &types.UserInfo{
+				ID:                   "account1Owner",
+				Name:                 "",
+				Role:                 "owner",
+				AutoGroups:           []string{},
+				Status:               "active",
+				IsServiceUser:        false,
+				IsBlocked:            false,
+				NonDeletable:         false,
+				LastLogin:            time.Time{},
+				Issued:               "api",
+				IntegrationReference: integration_reference.IntegrationReference{},
+				Permissions: types.UserPermissions{
+					DashboardView: "full",
 				},
-				Permissions: mergeRolePermissions(roles.Owner),
 			},
 		},
 		{
-			name:     "regular user",
-			userAuth: nbcontext.UserAuth{AccountId: account1.Id, UserId: "regular-user"},
-			expectedResult: &users.UserInfoWithPermissions{
-				UserInfo: &types.UserInfo{
-					ID:                   "regular-user",
-					Name:                 "",
-					Role:                 "user",
-					Status:               "active",
-					IsServiceUser:        false,
-					IsBlocked:            false,
-					NonDeletable:         false,
-					LastLogin:            time.Time{},
-					Issued:               "api",
-					IntegrationReference: integration_reference.IntegrationReference{},
+			name:      "regular user",
+			accountId: account1.Id,
+			userId:    "regular-user",
+			expectedResult: &types.UserInfo{
+				ID:                   "regular-user",
+				Name:                 "",
+				Role:                 "user",
+				Status:               "active",
+				IsServiceUser:        false,
+				IsBlocked:            false,
+				NonDeletable:         false,
+				LastLogin:            time.Time{},
+				Issued:               "api",
+				IntegrationReference: integration_reference.IntegrationReference{},
+				Permissions: types.UserPermissions{
+					DashboardView: "limited",
 				},
-				Permissions: mergeRolePermissions(roles.User),
 			},
 		},
 		{
-			name:     "admin user",
-			userAuth: nbcontext.UserAuth{AccountId: account1.Id, UserId: "admin-user"},
-			expectedResult: &users.UserInfoWithPermissions{
-				UserInfo: &types.UserInfo{
-					ID:                   "admin-user",
-					Name:                 "",
-					Role:                 "admin",
-					Status:               "active",
-					IsServiceUser:        false,
-					IsBlocked:            false,
-					NonDeletable:         false,
-					LastLogin:            time.Time{},
-					Issued:               "api",
-					IntegrationReference: integration_reference.IntegrationReference{},
+			name:      "admin user",
+			accountId: account1.Id,
+			userId:    "admin-user",
+			expectedResult: &types.UserInfo{
+				ID:                   "admin-user",
+				Name:                 "",
+				Role:                 "admin",
+				Status:               "active",
+				IsServiceUser:        false,
+				IsBlocked:            false,
+				NonDeletable:         false,
+				LastLogin:            time.Time{},
+				Issued:               "api",
+				IntegrationReference: integration_reference.IntegrationReference{},
+				Permissions: types.UserPermissions{
+					DashboardView: "full",
 				},
-				Permissions: mergeRolePermissions(roles.Admin),
 			},
 		},
 		{
-			name:     "settings blocked regular user",
-			userAuth: nbcontext.UserAuth{AccountId: account2.Id, UserId: "settings-blocked-user"},
-			expectedResult: &users.UserInfoWithPermissions{
-				UserInfo: &types.UserInfo{
-					ID:                   "settings-blocked-user",
-					Name:                 "",
-					Role:                 "user",
-					Status:               "active",
-					IsServiceUser:        false,
-					IsBlocked:            false,
-					NonDeletable:         false,
-					LastLogin:            time.Time{},
-					Issued:               "api",
-					IntegrationReference: integration_reference.IntegrationReference{},
+			name:      "settings blocked regular user",
+			accountId: account2.Id,
+			userId:    "settings-blocked-user",
+			expectedResult: &types.UserInfo{
+				ID:                   "settings-blocked-user",
+				Name:                 "",
+				Role:                 "user",
+				Status:               "active",
+				IsServiceUser:        false,
+				IsBlocked:            false,
+				NonDeletable:         false,
+				LastLogin:            time.Time{},
+				Issued:               "api",
+				IntegrationReference: integration_reference.IntegrationReference{},
+				Permissions: types.UserPermissions{
+					DashboardView: "blocked",
 				},
-				Permissions: mergeRolePermissions(roles.User),
-				Restricted:  true,
-			},
-		},
-
-		{
-			name:     "settings blocked regular user child account",
-			userAuth: nbcontext.UserAuth{AccountId: account2.Id, UserId: "settings-blocked-user", IsChild: true},
-			expectedResult: &users.UserInfoWithPermissions{
-				UserInfo: &types.UserInfo{
-					ID:                   "settings-blocked-user",
-					Name:                 "",
-					Role:                 "user",
-					Status:               "active",
-					IsServiceUser:        false,
-					IsBlocked:            false,
-					NonDeletable:         false,
-					LastLogin:            time.Time{},
-					Issued:               "api",
-					IntegrationReference: integration_reference.IntegrationReference{},
-				},
-				Permissions: mergeRolePermissions(roles.User),
-				Restricted:  false,
-			},
-		},
-		{
-			name:     "settings blocked owner user",
-			userAuth: nbcontext.UserAuth{AccountId: account2.Id, UserId: "account2Owner"},
-			expectedResult: &users.UserInfoWithPermissions{
-				UserInfo: &types.UserInfo{
-					ID:                   "account2Owner",
-					Name:                 "",
-					Role:                 "owner",
-					AutoGroups:           []string{},
-					Status:               "active",
-					IsServiceUser:        false,
-					IsBlocked:            false,
-					NonDeletable:         false,
-					LastLogin:            time.Time{},
-					Issued:               "api",
-					IntegrationReference: integration_reference.IntegrationReference{},
-				},
-				Permissions: mergeRolePermissions(roles.Owner),
 			},
 		},
 	}
 
 	for _, tc := range tt {
 		t.Run(tc.name, func(t *testing.T) {
-			result, err := am.GetCurrentUserInfo(context.Background(), tc.userAuth)
+			result, err := am.GetCurrentUserInfo(context.Background(), tc.accountId, tc.userId)
 
 			if tc.expectedErr != nil {
 				assert.Equal(t, err, tc.expectedErr)
@@ -1732,17 +1780,3 @@ func TestDefaultAccountManager_GetCurrentUserInfo(t *testing.T) {
 		})
 	}
 }
-
-func mergeRolePermissions(role roles.RolePermissions) roles.Permissions {
-	permissions := roles.Permissions{}
-
-	for k := range modules.All {
-		if rolePermissions, ok := role.Permissions[k]; ok {
-			permissions[k] = rolePermissions
-			continue
-		}
-		permissions[k] = role.AutoAllowNew
-	}
-
-	return permissions
-}

management/server/users/user.go

@@ -1,14 +0,0 @@
-package users
-
-import (
-	"github.com/netbirdio/netbird/management/server/permissions/roles"
-	"github.com/netbirdio/netbird/management/server/types"
-)
-
-// Wrapped UserInfo with Role Permissions
-type UserInfoWithPermissions struct {
-	*types.UserInfo
-
-	Permissions roles.Permissions
-	Restricted  bool
-}

relay/client/dialer/quic/quic.go

@@ -28,16 +28,6 @@ func (d Dialer) Dial(ctx context.Context, address string) (net.Conn, error) {
 		return nil, err
 	}
 
-	// Get the base TLS config
-	tlsClientConfig := quictls.ClientQUICTLSConfig()
-
-	// Set ServerName to hostname if not an IP address
-	host, _, splitErr := net.SplitHostPort(quicURL)
-	if splitErr == nil && net.ParseIP(host) == nil {
-		// It's a hostname, not an IP - modify directly
-		tlsClientConfig.ServerName = host
-	}
-
 	quicConfig := &quic.Config{
 		KeepAlivePeriod:   30 * time.Second,
 		MaxIdleTimeout:    4 * time.Minute,
@@ -57,7 +47,7 @@ func (d Dialer) Dial(ctx context.Context, address string) (net.Conn, error) {
 		return nil, err
 	}
 
-	session, err := quic.Dial(ctx, udpConn, udpAddr, tlsClientConfig, quicConfig)
+	session, err := quic.Dial(ctx, udpConn, udpAddr, quictls.ClientQUICTLSConfig(), quicConfig)
 	if err != nil {
 		if errors.Is(err, context.Canceled) {
 			return nil, err
@@ -71,29 +61,12 @@ func (d Dialer) Dial(ctx context.Context, address string) (net.Conn, error) {
 }
 
 func prepareURL(address string) (string, error) {
-	var host string
-	var defaultPort string
-
-	switch {
-	case strings.HasPrefix(address, "rels://"):
-		host = address[7:]
-		defaultPort = "443"
-	case strings.HasPrefix(address, "rel://"):
-		host = address[6:]
-		defaultPort = "80"
-	default:
+	if !strings.HasPrefix(address, "rel://") && !strings.HasPrefix(address, "rels://") {
 		return "", fmt.Errorf("unsupported scheme: %s", address)
 	}
 
-	finalHost, finalPort, err := net.SplitHostPort(host)
-	if err != nil {
-		if strings.Contains(err.Error(), "missing port") {
-			return host + ":" + defaultPort, nil
-		}
-
-		// return any other split error as is
-		return "", err
+	if strings.HasPrefix(address, "rels://") {
+		return address[7:], nil
 	}
-
-	return finalHost + ":" + finalPort, nil
+	return address[6:], nil
 }

release_files/install.sh

@@ -199,21 +199,6 @@ install_native_binaries() {
     fi
 }
 
-# Handle macOS .pkg installer
-install_pkg() {
-  case "$(uname -m)" in
-    x86_64) ARCH="amd64" ;;
-    arm64|aarch64) ARCH="arm64" ;;
-    *) echo "Unsupported macOS arch: $(uname -m)" >&2; exit 1 ;;
-  esac
-
-  PKG_URL=$(curl -sIL -o /dev/null -w '%{url_effective}' "https://pkgs.netbird.io/macos/${ARCH}")
-  echo "Downloading NetBird macOS installer from https://pkgs.netbird.io/macos/${ARCH}"
-  curl -fsSL -o /tmp/netbird.pkg "${PKG_URL}"
-  ${SUDO} installer -pkg /tmp/netbird.pkg -target /
-  rm -f /tmp/netbird.pkg
-}
-
 check_use_bin_variable() {
     if [ "${USE_BIN_INSTALL}-x" = "true-x" ]; then
       echo "The installation will be performed using binary files"
@@ -224,22 +209,16 @@ check_use_bin_variable() {
 
 install_netbird() {
     if [ -x "$(command -v netbird)" ]; then
-      status_output="$(netbird status 2>&1 || true)"
+        status_output=$(netbird status)
+        if echo "$status_output" | grep -q 'Management: Connected' && echo "$status_output" | grep -q 'Signal: Connected'; then
+            echo "NetBird service is running, please stop it before proceeding"
+            exit 1
+        fi
 
-      if echo "$status_output" | grep -q 'failed to connect to daemon error: context deadline exceeded'; then
-          echo "Warning: could not reach NetBird daemon (timeout), proceeding anyway"
-      else
-          if echo "$status_output" | grep -q 'Management: Connected' && \
-              echo "$status_output" | grep -q 'Signal: Connected'; then
-              echo "NetBird service is running, please stop it before proceeding"
-              exit 1
-          fi
-
-          if [ -n "$status_output" ]; then
-              echo "NetBird seems to be installed already, please remove it before proceeding"
-              exit 1
-          fi
-      fi
+        if [ -n "$status_output" ]; then
+            echo "NetBird seems to be installed already, please remove it before proceeding"
+            exit 1
+        fi
     fi
 
     # Run the installation, if a desktop environment is not detected
@@ -286,16 +265,6 @@ install_netbird() {
         ${SUDO} pacman -Syy
         add_aur_repo
     ;;
-    pkg)
-        # Check if the package is already installed
-        if [ -f /Library/Receipts/netbird.pkg ]; then
-            echo "NetBird is already installed. Please remove it before proceeding."
-            exit 1
-        fi
-
-        # Install the package
-        install_pkg
-    ;;
     brew)
         # Remove Netbird if it had been installed using Homebrew before
         if brew ls --versions netbird >/dev/null 2>&1; then
@@ -305,7 +274,7 @@ install_netbird() {
             netbird service stop
             netbird service uninstall
 
-            # Unlink the app
+            # Unlik the app
             brew unlink netbird
         fi
 
@@ -343,7 +312,7 @@ install_netbird() {
     echo "package_manager=$PACKAGE_MANAGER" | ${SUDO} tee "$CONFIG_FILE" > /dev/null
 
     # Load and start netbird service
-    if [ "$PACKAGE_MANAGER" != "rpm-ostree" ] && [ "$PACKAGE_MANAGER" != "pkg" ]; then
+    if [ "$PACKAGE_MANAGER" != "rpm-ostree" ]; then
         if ! ${SUDO} netbird service install 2>&1; then
             echo "NetBird service has already been loaded"
         fi
@@ -482,8 +451,9 @@ if type uname >/dev/null 2>&1; then
             # Check the availability of a compatible package manager
             if check_use_bin_variable; then
                 PACKAGE_MANAGER="bin"
-            else
-              PACKAGE_MANAGER="pkg"
+            elif [ -x "$(command -v brew)" ]; then
+                PACKAGE_MANAGER="brew"
+                echo "The installation will be performed using brew package manager"
             fi
 		;;
 	esac
@@ -501,4 +471,4 @@ case "$UPDATE_FLAG" in
     ;;
     *)
       install_netbird
-esac
+esac

sharedsock/sock_linux.go

@@ -234,7 +234,7 @@ func (s *SharedSocket) read(receiver receiver) {
 }
 
 // ReadFrom reads packets received in the packetDemux channel
-func (s *SharedSocket) ReadFrom(b []byte) (int, net.Addr, error) {
+func (s *SharedSocket) ReadFrom(b []byte) (n int, addr net.Addr, err error) {
 	var pkt rcvdPacket
 	select {
 	case <-s.ctx.Done():
@@ -263,7 +263,8 @@ func (s *SharedSocket) ReadFrom(b []byte) (int, net.Addr, error) {
 
 	decodedLayers := make([]gopacket.LayerType, 0, 3)
 
-	if err := parser.DecodeLayers(pkt.buf, &decodedLayers); err != nil {
+	err = parser.DecodeLayers(pkt.buf, &decodedLayers)
+	if err != nil {
 		return 0, nil, err
 	}
 
@@ -272,8 +273,8 @@ func (s *SharedSocket) ReadFrom(b []byte) (int, net.Addr, error) {
 		Port: int(udp.SrcPort),
 	}
 
-	n := copy(b, payload)
-	return n, remoteAddr, nil
+	copy(b, payload)
+	return int(udp.Length), remoteAddr, nil
 }
 
 // WriteTo builds a UDP packet and writes it using the specific IP version writer

upload-server/Dockerfile

@@ -1,3 +0,0 @@
-FROM gcr.io/distroless/base:debug
-ENTRYPOINT [ "/go/bin/netbird-upload" ]
-COPY netbird-upload /go/bin/netbird-upload

upload-server/main.go

@@ -1,22 +0,0 @@
-package main
-
-import (
-	"errors"
-	"log"
-	"net/http"
-
-	"github.com/netbirdio/netbird/upload-server/server"
-	"github.com/netbirdio/netbird/util"
-)
-
-func main() {
-	err := util.InitLog("info", "console")
-	if err != nil {
-		log.Fatalf("Failed to initialize logger: %v", err)
-	}
-
-	srv := server.NewServer()
-	if err = srv.Start(); err != nil && !errors.Is(err, http.ErrServerClosed) {
-		log.Fatalf("Failed to start server: %v", err)
-	}
-}

upload-server/server/local.go

@@ -1,124 +0,0 @@
-package server
-
-import (
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"os"
-	"path/filepath"
-
-	log "github.com/sirupsen/logrus"
-
-	"github.com/netbirdio/netbird/upload-server/types"
-)
-
-const (
-	defaultDir = "/var/lib/netbird"
-	putHandler = "/{dir}/{file}"
-)
-
-type local struct {
-	url string
-	dir string
-}
-
-func configureLocalHandlers(mux *http.ServeMux) error {
-	envURL, ok := os.LookupEnv("SERVER_URL")
-	if !ok {
-		return fmt.Errorf("SERVER_URL environment variable is required")
-	}
-	_, err := url.Parse(envURL)
-	if err != nil {
-		return fmt.Errorf("SERVER_URL environment variable is invalid: %w", err)
-	}
-
-	dir := defaultDir
-	envDir, ok := os.LookupEnv("STORE_DIR")
-	if ok {
-		if !filepath.IsAbs(envDir) {
-			return fmt.Errorf("STORE_DIR environment variable should point to an absolute path, e.g. /tmp")
-		}
-		log.Infof("Using local directory: %s", envDir)
-		dir = envDir
-	}
-
-	l := &local{
-		url: envURL,
-		dir: dir,
-	}
-	mux.HandleFunc(types.GetURLPath, l.handlerGetUploadURL)
-	mux.HandleFunc(putURLPath+putHandler, l.handlePutRequest)
-
-	return nil
-}
-
-func (l *local) handlerGetUploadURL(w http.ResponseWriter, r *http.Request) {
-	if !isValidRequest(w, r) {
-		return
-	}
-
-	objectKey := getObjectKey(w, r)
-	if objectKey == "" {
-		return
-	}
-
-	uploadURL, err := l.getUploadURL(objectKey)
-	if err != nil {
-		http.Error(w, "failed to get upload URL", http.StatusInternalServerError)
-		log.Errorf("Failed to get upload URL: %v", err)
-		return
-	}
-
-	respondGetRequest(w, uploadURL, objectKey)
-}
-
-func (l *local) getUploadURL(objectKey string) (string, error) {
-	parsedUploadURL, err := url.Parse(l.url)
-	if err != nil {
-		return "", fmt.Errorf("failed to parse upload URL: %w", err)
-	}
-	newURL := parsedUploadURL.JoinPath(parsedUploadURL.Path, putURLPath, objectKey)
-	return newURL.String(), nil
-}
-
-func (l *local) handlePutRequest(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodPut {
-		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
-		return
-	}
-
-	body, err := io.ReadAll(r.Body)
-	if err != nil {
-		http.Error(w, fmt.Sprintf("failed to read body: %v", err), http.StatusInternalServerError)
-		return
-	}
-
-	uploadDir := r.PathValue("dir")
-	if uploadDir == "" {
-		http.Error(w, "missing dir path", http.StatusBadRequest)
-		return
-	}
-	uploadFile := r.PathValue("file")
-	if uploadFile == "" {
-		http.Error(w, "missing file name", http.StatusBadRequest)
-		return
-	}
-
-	dirPath := filepath.Join(l.dir, uploadDir)
-	err = os.MkdirAll(dirPath, 0750)
-	if err != nil {
-		http.Error(w, "failed to create upload dir", http.StatusInternalServerError)
-		log.Errorf("Failed to create upload dir: %v", err)
-		return
-	}
-
-	file := filepath.Join(dirPath, uploadFile)
-	if err := os.WriteFile(file, body, 0600); err != nil {
-		http.Error(w, "failed to write file", http.StatusInternalServerError)
-		log.Errorf("Failed to write file %s: %v", file, err)
-		return
-	}
-	log.Infof("Uploading file %s", file)
-	w.WriteHeader(http.StatusOK)
-}

upload-server/server/local_test.go

@@ -1,65 +0,0 @@
-package server
-
-import (
-	"bytes"
-	"encoding/json"
-	"net/http"
-	"net/http/httptest"
-	"os"
-	"path/filepath"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/netbirdio/netbird/upload-server/types"
-)
-
-func Test_LocalHandlerGetUploadURL(t *testing.T) {
-	mockURL := "http://localhost:8080"
-	t.Setenv("SERVER_URL", mockURL)
-	t.Setenv("STORE_DIR", t.TempDir())
-
-	mux := http.NewServeMux()
-	err := configureLocalHandlers(mux)
-	require.NoError(t, err)
-
-	req := httptest.NewRequest(http.MethodGet, types.GetURLPath+"?id=test-file", nil)
-	req.Header.Set(types.ClientHeader, types.ClientHeaderValue)
-
-	rec := httptest.NewRecorder()
-	mux.ServeHTTP(rec, req)
-
-	require.Equal(t, http.StatusOK, rec.Code)
-
-	var response types.GetURLResponse
-	err = json.Unmarshal(rec.Body.Bytes(), &response)
-	require.NoError(t, err)
-	require.Contains(t, response.URL, "test-file/")
-	require.NotEmpty(t, response.Key)
-	require.Contains(t, response.Key, "test-file/")
-
-}
-
-func Test_LocalHandlePutRequest(t *testing.T) {
-	mockDir := t.TempDir()
-	mockURL := "http://localhost:8080"
-	t.Setenv("SERVER_URL", mockURL)
-	t.Setenv("STORE_DIR", mockDir)
-
-	mux := http.NewServeMux()
-	err := configureLocalHandlers(mux)
-	require.NoError(t, err)
-
-	fileContent := []byte("test file content")
-	req := httptest.NewRequest(http.MethodPut, putURLPath+"/uploads/test.txt", bytes.NewReader(fileContent))
-
-	rec := httptest.NewRecorder()
-	mux.ServeHTTP(rec, req)
-
-	require.Equal(t, http.StatusOK, rec.Code)
-
-	expectedFilePath := filepath.Join(mockDir, "uploads", "test.txt")
-	createdFileContent, err := os.ReadFile(expectedFilePath)
-	require.NoError(t, err)
-	require.Equal(t, fileContent, createdFileContent)
-}

upload-server/server/s3.go

@@ -1,69 +0,0 @@
-package server
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"os"
-	"time"
-
-	"github.com/aws/aws-sdk-go-v2/aws"
-	"github.com/aws/aws-sdk-go-v2/config"
-	"github.com/aws/aws-sdk-go-v2/service/s3"
-	log "github.com/sirupsen/logrus"
-
-	"github.com/netbirdio/netbird/upload-server/types"
-)
-
-type sThree struct {
-	ctx           context.Context
-	bucket        string
-	presignClient *s3.PresignClient
-}
-
-func configureS3Handlers(mux *http.ServeMux) error {
-	bucket := os.Getenv(bucketVar)
-	region, ok := os.LookupEnv("AWS_REGION")
-	if !ok {
-		return fmt.Errorf("AWS_REGION environment variable is required")
-	}
-	ctx := context.Background()
-	cfg, err := config.LoadDefaultConfig(ctx, config.WithRegion(region))
-	if err != nil {
-		return fmt.Errorf("unable to load SDK config: %w", err)
-	}
-
-	client := s3.NewFromConfig(cfg)
-
-	handler := &sThree{
-		ctx:           ctx,
-		bucket:        bucket,
-		presignClient: s3.NewPresignClient(client),
-	}
-	mux.HandleFunc(types.GetURLPath, handler.handlerGetUploadURL)
-	return nil
-}
-
-func (s *sThree) handlerGetUploadURL(w http.ResponseWriter, r *http.Request) {
-	if !isValidRequest(w, r) {
-		return
-	}
-
-	objectKey := getObjectKey(w, r)
-	if objectKey == "" {
-		return
-	}
-
-	req, err := s.presignClient.PresignPutObject(s.ctx, &s3.PutObjectInput{
-		Bucket: aws.String(s.bucket),
-		Key:    aws.String(objectKey),
-	}, s3.WithPresignExpires(15*time.Minute))
-
-	if err != nil {
-		http.Error(w, "failed to presign URL", http.StatusInternalServerError)
-		log.Errorf("Presign error: %v", err)
-		return
-	}
-
-	respondGetRequest(w, req.URL, objectKey)
-}

upload-server/server/s3_test.go

@@ -1,103 +0,0 @@
-package server
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-	"net/http/httptest"
-	"os"
-	"runtime"
-	"testing"
-
-	"github.com/aws/aws-sdk-go-v2/config"
-	"github.com/aws/aws-sdk-go-v2/service/s3"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"github.com/testcontainers/testcontainers-go"
-	"github.com/testcontainers/testcontainers-go/wait"
-
-	"github.com/netbirdio/netbird/upload-server/types"
-)
-
-func Test_S3HandlerGetUploadURL(t *testing.T) {
-	if runtime.GOOS != "linux" && os.Getenv("CI") == "true" {
-		t.Skip("Skipping test on non-Linux and CI environment due to docker dependency")
-	}
-	if runtime.GOOS == "windows" {
-		t.Skip("Skipping test on Windows due to potential docker dependency")
-	}
-
-	awsEndpoint := "http://127.0.0.1:4566"
-	awsRegion := "us-east-1"
-
-	ctx := context.Background()
-	containerRequest := testcontainers.ContainerRequest{
-		Image:        "localstack/localstack:s3-latest",
-		ExposedPorts: []string{"4566:4566/tcp"},
-		WaitingFor:   wait.ForLog("Ready"),
-	}
-
-	c, err := testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{
-		ContainerRequest: containerRequest,
-		Started:          true,
-	})
-	if err != nil {
-		t.Error(err)
-	}
-	defer func(c testcontainers.Container, ctx context.Context) {
-		if err := c.Terminate(ctx); err != nil {
-			t.Log(err)
-		}
-	}(c, ctx)
-
-	t.Setenv("AWS_REGION", awsRegion)
-	t.Setenv("AWS_ENDPOINT_URL", awsEndpoint)
-	t.Setenv("AWS_ACCESS_KEY_ID", "test")
-	t.Setenv("AWS_SECRET_ACCESS_KEY", "test")
-
-	cfg, err := config.LoadDefaultConfig(ctx, config.WithRegion(awsRegion), config.WithBaseEndpoint(awsEndpoint))
-	if err != nil {
-		t.Error(err)
-	}
-
-	client := s3.NewFromConfig(cfg, func(o *s3.Options) {
-		o.UsePathStyle = true
-		o.BaseEndpoint = cfg.BaseEndpoint
-	})
-
-	bucketName := "test"
-	if _, err := client.CreateBucket(ctx, &s3.CreateBucketInput{
-		Bucket: &bucketName,
-	}); err != nil {
-		t.Error(err)
-	}
-
-	list, err := client.ListBuckets(ctx, &s3.ListBucketsInput{})
-	if err != nil {
-		t.Error(err)
-	}
-
-	assert.Equal(t, len(list.Buckets), 1)
-	assert.Equal(t, *list.Buckets[0].Name, bucketName)
-
-	t.Setenv(bucketVar, bucketName)
-
-	mux := http.NewServeMux()
-	err = configureS3Handlers(mux)
-	require.NoError(t, err)
-
-	req := httptest.NewRequest(http.MethodGet, types.GetURLPath+"?id=test-file", nil)
-	req.Header.Set(types.ClientHeader, types.ClientHeaderValue)
-
-	rec := httptest.NewRecorder()
-	mux.ServeHTTP(rec, req)
-
-	require.Equal(t, http.StatusOK, rec.Code)
-
-	var response types.GetURLResponse
-	err = json.Unmarshal(rec.Body.Bytes(), &response)
-	require.NoError(t, err)
-	require.Contains(t, response.URL, "test-file/")
-	require.NotEmpty(t, response.Key)
-	require.Contains(t, response.Key, "test-file/")
-}

upload-server/server/server.go

@@ -1,109 +0,0 @@
-package server
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-	"os"
-	"time"
-
-	"github.com/google/uuid"
-	log "github.com/sirupsen/logrus"
-
-	"github.com/netbirdio/netbird/upload-server/types"
-)
-
-const (
-	putURLPath = "/upload"
-	bucketVar  = "BUCKET"
-)
-
-type Server struct {
-	srv *http.Server
-}
-
-func NewServer() *Server {
-	address := os.Getenv("SERVER_ADDRESS")
-	if address == "" {
-		log.Infof("SERVER_ADDRESS environment variable was not set, using 0.0.0.0:8080")
-		address = "0.0.0.0:8080"
-	}
-	mux := http.NewServeMux()
-	err := configureMux(mux)
-	if err != nil {
-		log.Fatalf("Failed to configure server: %v", err)
-	}
-	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		http.Error(w, "not found", http.StatusNotFound)
-	})
-
-	return &Server{
-		srv: &http.Server{Addr: address, Handler: mux},
-	}
-}
-
-func (s *Server) Start() error {
-	log.Infof("Starting upload server on %s", s.srv.Addr)
-	return s.srv.ListenAndServe()
-}
-
-func (s *Server) Stop() error {
-	if s.srv != nil {
-		log.Infof("Stopping upload server on %s", s.srv.Addr)
-		ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
-		defer cancel()
-		return s.srv.Shutdown(ctx)
-	}
-	return nil
-}
-
-func configureMux(mux *http.ServeMux) error {
-	_, ok := os.LookupEnv(bucketVar)
-	if ok {
-		return configureS3Handlers(mux)
-	} else {
-		return configureLocalHandlers(mux)
-	}
-}
-
-func getObjectKey(w http.ResponseWriter, r *http.Request) string {
-	id := r.URL.Query().Get("id")
-	if id == "" {
-		http.Error(w, "id query param required", http.StatusBadRequest)
-		return ""
-	}
-
-	return id + "/" + uuid.New().String()
-}
-
-func isValidRequest(w http.ResponseWriter, r *http.Request) bool {
-	if r.Method != http.MethodGet {
-		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
-		return false
-	}
-
-	if r.Header.Get(types.ClientHeader) != types.ClientHeaderValue {
-		http.Error(w, "unauthorized", http.StatusUnauthorized)
-		return false
-	}
-	return true
-}
-func respondGetRequest(w http.ResponseWriter, uploadURL string, objectKey string) {
-	response := types.GetURLResponse{
-		URL: uploadURL,
-		Key: objectKey,
-	}
-
-	rdata, err := json.Marshal(response)
-	if err != nil {
-		http.Error(w, "failed to marshal response", http.StatusInternalServerError)
-		log.Errorf("Marshal error: %v", err)
-		return
-	}
-
-	w.WriteHeader(http.StatusOK)
-	_, err = w.Write(rdata)
-	if err != nil {
-		log.Errorf("Write error: %v", err)
-	}
-}

upload-server/types/upload.go

@@ -1,18 +0,0 @@
-package types
-
-const (
-	// ClientHeader is the header used to identify the client
-	ClientHeader = "x-nb-client"
-	// ClientHeaderValue is the value of the ClientHeader
-	ClientHeaderValue = "netbird"
-	// GetURLPath is the path for the GetURL request
-	GetURLPath = "/upload-url"
-
-	DefaultBundleURL = "https://upload.debug.netbird.io" + GetURLPath
-)
-
-// GetURLResponse is the response for the GetURL request
-type GetURLResponse struct {
-	URL string
-	Key string
-}