sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-05-31 21:19:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e09d51c1a83254eabec57b1bba6ba8bba319ce9a
netbird/proxy/internal
History
mlsmaycon e09d51c1a8 fix(proxy): gate tunnel-peer fast-path on inbound listener marker 
forwardWithTunnelPeer previously accepted any RFC1918 / ULA / CGNAT
source IP, so a public client whose address happened to fall in those
ranges could bypass the configured operator auth scheme by colliding
with a known tunnel IP. The fast-path is now gated on
TunnelLookupFromContext(r.Context()) being present — that context value
is attached only by the per-account inbound (overlay) listener, so the
host-facing listener never enters this branch.

Tests updated to reflect the new requirement: requests that don't
carry the inbound marker now fall through to the regular auth flow.
2026-05-26 21:58:23 +02:00
..
accesslog
[management, proxy] Add CrowdSec IP reputation integration for reverse proxy (#5722)
2026-04-14 12:14:58 +02:00
acme
[management,proxy,client] Add L4 capabilities (TLS/TCP/UDP) (#5530)
2026-03-13 18:36:44 +01:00
auth
fix(proxy): gate tunnel-peer fast-path on inbound listener marker
2026-05-26 21:58:23 +02:00
certwatch
[proxy] Wildcard certificate support (#5583)
2026-03-12 16:00:28 +01:00
conntrack
[management,proxy,client] Add L4 capabilities (TLS/TCP/UDP) (#5530)
2026-03-13 18:36:44 +01:00
crowdsec
[management, proxy] Add CrowdSec IP reputation integration for reverse proxy (#5722)
2026-04-14 12:14:58 +02:00
debug
[proxy, client] Bound embed client WireGuard per-Device memory (#5962)
2026-05-26 11:51:53 +02:00
flock
[management, reverse proxy] Add reverse proxy feature (#5291)
2026-02-13 19:37:43 +01:00
geolocation
[proxy, management] Add header auth, access restrictions, and session idle timeout (#5587)
2026-03-16 15:22:00 +01:00
grpc
[management, reverse proxy] Add reverse proxy feature (#5291)
2026-02-13 19:37:43 +01:00
health
[management, reverse proxy] Add reverse proxy feature (#5291)
2026-02-13 19:37:43 +01:00
k8s
[management, reverse proxy] Add reverse proxy feature (#5291)
2026-02-13 19:37:43 +01:00
metrics
[proxy] concurrent proxy snapshot apply (#6207)
2026-05-20 18:21:22 +02:00
netutil
[management,proxy,client] Add L4 capabilities (TLS/TCP/UDP) (#5530)
2026-03-13 18:36:44 +01:00
proxy
[management, client, proxy] add expose NetBird-only services over tunnel peers (#6226)
2026-05-25 17:41:50 +02:00
responsewriter
[proxy] Support WebSocket (#5312)
2026-02-17 12:53:34 +01:00
restrict
[management, client, proxy] add expose NetBird-only services over tunnel peers (#6226)
2026-05-25 17:41:50 +02:00
roundtrip
[proxy, client] Bound embed client WireGuard per-Device memory (#5962)
2026-05-26 11:51:53 +02:00
tcp
[management, client, proxy] add expose NetBird-only services over tunnel peers (#6226)
2026-05-25 17:41:50 +02:00
types
[management, client, proxy] add expose NetBird-only services over tunnel peers (#6226)
2026-05-25 17:41:50 +02:00
udp
[management, proxy] Add CrowdSec IP reputation integration for reverse proxy (#5722)
2026-04-14 12:14:58 +02:00