sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-16 07:16:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
92d5418c02b068bab33aeacb6bd20f585a31c9b6
netbird/client/internal/peer
History
Zoltán Papp 09da089a90 [client] filter CGNAT and CNI addresses from ICE candidates 
In Kubernetes environments using Cilium or similar CNI plugins, pod
 CIDR addresses (e.g. 100.65.x.x) from the RFC 6598 CGNAT range
 (100.64.0.0/10) were being gathered as valid ICE host candidates.
 This caused WireGuard endpoints to resolve to non-routable pod IPs,
 producing overlay-routed connections with degraded latency instead of
 true P2P paths between hosts.

 Add three layers of defense:
 - Expand the default interface blacklist with common Kubernetes CNI
   interface prefixes (cilium_, lxc, cali, flannel, cni, weave)
 - Filter local and remote ICE candidates whose addresses fall within
   the CGNAT range but outside the NetBird WireGuard network
 - Reject UDP mux writes to CGNAT addresses as a defense-in-depth
   fallback
2026-03-09 16:30:11 +01:00
..
conntype
[client] Feature/lazy connection (#3379)
2025-05-21 11:12:28 +02:00
dispatcher
[client] Feature/lazy connection (#3379)
2025-05-21 11:12:28 +02:00
guard
[client] Use stdnet with a context to avoid DNS deadlocks (#4781)
2025-11-13 20:16:45 +01:00
ice
Fix nil pointer panic in ICE agent during sleep/wake cycles (#5261)
2026-02-05 12:06:28 +01:00
id
[client] Feature/lazy connection (#3379)
2025-05-21 11:12:28 +02:00
worker
[client] Feature/lazy connection (#3379)
2025-05-21 11:12:28 +02:00
conn_status_test.go
[client] Feature/lazy connection (#3379)
2025-05-21 11:12:28 +02:00
conn_status.go
[client] Feature/lazy connection (#3379)
2025-05-21 11:12:28 +02:00
conn_test.go
[Client] Remove connection semaphore (#5419)
2026-02-23 20:58:53 +01:00
conn.go
[Client] Remove connection semaphore (#5419)
2026-02-23 20:58:53 +01:00
endpoint.go
[client] Refactor WG endpoint setup with role-based proxy activation (#5277)
2026-02-17 19:28:26 +01:00
env.go
[client,management] Rewrite the SSH feature (#4015)
2025-11-17 17:10:41 +01:00
error_test.go
Test conn (#199)
2022-01-21 13:52:19 +01:00
error.go
Test conn (#199)
2022-01-21 13:52:19 +01:00
handshaker_listener_test.go
[client] Recreate agent when receive new session id (#4564)
2025-10-08 17:14:24 +02:00
handshaker_listener.go
[client] Recreate agent when receive new session id (#4564)
2025-10-08 17:14:24 +02:00
handshaker.go
[client] Recreate agent when receive new session id (#4564)
2025-10-08 17:14:24 +02:00
iface.go
[client] Remove endpoint address on peer disconnect, retain status for activity recording (#4228)
2025-10-08 03:12:16 +02:00
listener.go
Add OnDisconnecting service callback (#767)
2023-03-29 10:39:54 +02:00
nilcheck.go
[client] Nil check on ICE remote conn (#2806)
2024-10-31 23:18:35 +01:00
notifier_test.go
Update calculate server state (#796)
2023-04-10 18:22:25 +02:00
notifier.go
[client, android] Fix/notifier threading (#3807)
2025-05-27 17:12:04 +02:00
route.go
[client] Set up firewall rules for dns routes dynamically based on dns response (#3702)
2025-04-24 17:37:28 +02:00
session_id.go
[client] Fix/ice handshake (#4281)
2025-08-18 20:09:50 +02:00
signaler.go
[client] Update Pion ICE to the latest version (#4388)
2025-09-01 10:42:01 +02:00
state_dump.go
[client] add profiling dumps to debug package (#3517)
2025-03-23 13:46:09 +01:00
status_test.go
[client] Refactor peer state change subscription mechanism (#3910)
2025-06-03 09:20:33 +02:00
status.go
[client] Fix/health result in bundle (#5164)
2026-01-23 17:06:07 +01:00
wg_watcher_test.go
[client] Extend WG watcher for ICE connection too (#5133)
2026-01-21 10:42:13 +01:00
wg_watcher.go
Reset WireGuard endpoint on ICE session change during relay fallback (#5283)
2026-02-16 20:59:29 +01:00
worker_ice.go
[client] filter CGNAT and CNI addresses from ICE candidates
2026-03-09 16:30:11 +01:00
worker_relay.go
[client] Extend WG watcher for ICE connection too (#5133)
2026-01-21 10:42:13 +01:00