16eaae306a
Bump dario.cat/mergo from 1.0.0 to 1.0.1 ( #1200 )
...
Bumps [dario.cat/mergo](https://github.com/imdario/mergo ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/imdario/mergo/releases )
- [Commits](https://github.com/imdario/mergo/compare/v1.0.0...v1.0.1 )
---
updated-dependencies:
- dependency-name: dario.cat/mergo
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-09 17:53:26 -04:00
35603d1c39
add PKCS11 support ( #1153 )
...
* add PKCS11 support
* add pkcs11 build option to the makefile, add a stub pkclient to avoid forcing CGO onto people
* don't print the pkcs11 option on nebula-cert keygen if not compiled in
* remove linux-arm64-pkcs11 from the all target to fix CI
* correctly serialize ec keys
* nebula-cert: support PKCS#11 for sign and ca
* fix gofmt lint
* clean up some logic with regard to closing sessions
* pkclient: handle empty correctly for TPM2
* Update Makefile and Actions
---------
Co-authored-by: Morgan Jones <me@numin.it>
Co-authored-by: John Maguire <contact@johnmaguire.me>
2024-09-09 17:51:58 -04:00
ab81b62ea0
v1.9.4 ( #1210 )
...
Update CHANGELOG for Nebula v1.9.4
2024-09-09 14:11:44 -04:00
45bbad2f21
Bump the golang-x-dependencies group with 4 updates ( #1195 )
...
Bumps the golang-x-dependencies group with 4 updates: [golang.org/x/crypto](https://github.com/golang/crypto ), [golang.org/x/net](https://github.com/golang/net ), [golang.org/x/sys](https://github.com/golang/sys ) and [golang.org/x/term](https://github.com/golang/term ).
Updates `golang.org/x/crypto` from 0.25.0 to 0.26.0
- [Commits](https://github.com/golang/crypto/compare/v0.25.0...v0.26.0 )
Updates `golang.org/x/net` from 0.27.0 to 0.28.0
- [Commits](https://github.com/golang/net/compare/v0.27.0...v0.28.0 )
Updates `golang.org/x/sys` from 0.23.0 to 0.24.0
- [Commits](https://github.com/golang/sys/compare/v0.23.0...v0.24.0 )
Updates `golang.org/x/term` from 0.22.0 to 0.23.0
- [Commits](https://github.com/golang/term/compare/v0.22.0...v0.23.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/term
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 16:47:36 -04:00
3dc56e1184
Support UDP dialling with gvisor ( #1181 )
2024-08-26 12:38:32 -05:00
0736cfa562
udp: fix endianness for port ( #1194 )
...
If the host OS is already big endian, we were swapping bytes when we
shouldn't have. Use the Go helper to make sure we do the endianness
correctly
Fixes : #1189
2024-08-14 12:53:00 -04:00
248cf194cd
fix integer wraparound in the calculation of handshake timeouts on 32-bit targets ( #1185 )
...
Fixes : #1169
2024-08-13 09:25:18 -04:00
8a6a0f0636
Bump the golang-x-dependencies group with 2 updates ( #1190 )
...
Bumps the golang-x-dependencies group with 2 updates: [golang.org/x/sync](https://github.com/golang/sync ) and [golang.org/x/sys](https://github.com/golang/sys ).
Updates `golang.org/x/sync` from 0.7.0 to 0.8.0
- [Commits](https://github.com/golang/sync/compare/v0.7.0...v0.8.0 )
Updates `golang.org/x/sys` from 0.22.0 to 0.23.0
- [Commits](https://github.com/golang/sys/compare/v0.22.0...v0.23.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sync
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-07 11:58:46 -04:00
f5f6c269ac
fix rare panic when local index collision happens ( #1191 )
...
A local index collision happens when two tunnels attempt to use the same
random int32 index ID. This is a rare chance, and we have code to deal
with it, but we have a panic because we return the wrong thing in this
case. This change should fix the panic.
2024-08-07 11:53:32 -04:00
9a63fa0a07
Make some Nebula state programmatically available via control object ( #1188 )
2024-08-01 13:40:05 -04:00
e264a0ff88
Switch most everything to netip in prep for ipv6 in the overlay ( #1173 )
2024-07-31 10:18:56 -05:00
00458302ca
Bump the golang-x-dependencies group with 4 updates ( #1174 )
...
Bumps the golang-x-dependencies group with 4 updates: [golang.org/x/crypto](https://github.com/golang/crypto ), [golang.org/x/net](https://github.com/golang/net ), [golang.org/x/sys](https://github.com/golang/sys ) and [golang.org/x/term](https://github.com/golang/term ).
Updates `golang.org/x/crypto` from 0.24.0 to 0.25.0
- [Commits](https://github.com/golang/crypto/compare/v0.24.0...v0.25.0 )
Updates `golang.org/x/net` from 0.26.0 to 0.27.0
- [Commits](https://github.com/golang/net/compare/v0.26.0...v0.27.0 )
Updates `golang.org/x/sys` from 0.21.0 to 0.22.0
- [Commits](https://github.com/golang/sys/compare/v0.21.0...v0.22.0 )
Updates `golang.org/x/term` from 0.21.0 to 0.22.0
- [Commits](https://github.com/golang/term/compare/v0.21.0...v0.22.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/term
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 11:42:33 -04:00
e6009b8491
github actions: use macos-latest ( #1171 )
...
macos-11 was deprecated and removed:
> The macos-11 label has been deprecated and will no longer be available after 28 June 2024.
We can just use macos-latest instead.
2024-07-02 11:50:51 -04:00
b9aace1e58
Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 ( #1147 )
...
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang ) from 1.19.0 to 1.19.1.
- [Release notes](https://github.com/prometheus/client_golang/releases )
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 14:54:51 -04:00
a76723eaf5
Bump Apple-Actions/import-codesign-certs from 2 to 3 ( #1146 )
...
Bumps [Apple-Actions/import-codesign-certs](https://github.com/apple-actions/import-codesign-certs ) from 2 to 3.
- [Release notes](https://github.com/apple-actions/import-codesign-certs/releases )
- [Commits](https://github.com/apple-actions/import-codesign-certs/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: Apple-Actions/import-codesign-certs
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 14:54:05 -04:00
8109cf2170
Add puncuation to doc comment ( #1164 )
...
* Add puncuation to doc comment
* Fix list formatting inside `EncryptDanger` doc comment
2024-06-24 14:50:17 -04:00
97e9834f82
cleanup SK_MEMINFO vars ( #1162 )
...
We had to manually define these types before, but the latest release of
`golang.org/x/sys` adds these definitions:
- 6dfb94eaa3https://github.com/slackhq/nebula/pull/1161
2024-06-24 14:47:14 -04:00
506ba5ab5b
Bump github.com/miekg/dns from 1.1.59 to 1.1.61 ( #1168 )
...
Bumps [github.com/miekg/dns](https://github.com/miekg/dns ) from 1.1.59 to 1.1.61.
- [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release )
- [Commits](https://github.com/miekg/dns/compare/v1.1.59...v1.1.61 )
---
updated-dependencies:
- dependency-name: github.com/miekg/dns
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 14:46:27 -04:00
d372df56ab
Bump google.golang.org/protobuf in the protobuf-dependencies group ( #1167 )
...
Bumps the protobuf-dependencies group with 1 update: google.golang.org/protobuf.
Updates `google.golang.org/protobuf` from 1.34.1 to 1.34.2
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: protobuf-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 14:45:52 -04:00
40cfd00e87
Bump the golang-x-dependencies group with 4 updates ( #1161 )
...
Bumps the golang-x-dependencies group with 4 updates: [golang.org/x/crypto](https://github.com/golang/crypto ), [golang.org/x/net](https://github.com/golang/net ), [golang.org/x/sys](https://github.com/golang/sys ) and [golang.org/x/term](https://github.com/golang/term ).
Updates `golang.org/x/crypto` from 0.23.0 to 0.24.0
- [Commits](https://github.com/golang/crypto/compare/v0.23.0...v0.24.0 )
Updates `golang.org/x/net` from 0.25.0 to 0.26.0
- [Commits](https://github.com/golang/net/compare/v0.25.0...v0.26.0 )
Updates `golang.org/x/sys` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/sys/compare/v0.20.0...v0.21.0 )
Updates `golang.org/x/term` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/term/compare/v0.20.0...v0.21.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/term
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-10 16:08:43 -04:00
b14bad586a
v1.9.3 ( #1160 )
...
Update CHANGELOG for Nebula v1.9.3
2024-06-06 13:17:07 -04:00
4c066d8c32
initialize messageCounter to 2 instead of verifying later ( #1156 )
...
Clean up the messageCounter checks added in #1154 . Instead of checking that
messageCounter is still at 2, just initialize it to 2 and only increment for
non-handshake messages. Handshake packets will always be packets 1 and 2.
2024-06-06 13:03:07 -04:00
249ae41fec
v1.9.2 ( #1155 )
...
Update CHANGELOG for Nebula v1.9.2
2024-06-03 15:50:02 -04:00
d9cae9e062
ensure messageCounter is set before handshake is complete ( #1154 )
...
Ensure we set messageCounter to 2 before the handshake is marked as
complete.
2024-06-03 15:40:51 -04:00
a92056a7db
v1.9.1 ( #1152 )
...
Update CHANGELOG for Nebula v1.9.1
2024-05-29 14:06:46 -04:00
4eb1da0958
remove deadlock in GetOrHandshake ( #1151 )
...
We had a rare deadlock in GetOrHandshake because we kept the hostmap
lock when we do the call to StartHandshake. StartHandshake can block
while sending to the lighthouse query worker channel, and that worker
needs to be able to grab the hostmap lock to do its work. Other calls
for StartHandshake don't hold the hostmap lock so we should be able to
drop it here.
This lock was originally added with: https://github.com/slackhq/nebula/pull/954
2024-05-29 12:52:52 -04:00
50b24c102e
v1.9.0 ( #1137 )
...
Update CHANGELOG for Nebula v1.9.0
Co-authored-by: John Maguire <john@defined.net>
2024-05-08 10:31:24 -04:00
c0130f8161
Bump the golang-x-dependencies group with 4 updates ( #1138 )
...
Bumps the golang-x-dependencies group with 4 updates: [golang.org/x/crypto](https://github.com/golang/crypto ), [golang.org/x/net](https://github.com/golang/net ), [golang.org/x/sys](https://github.com/golang/sys ) and [golang.org/x/term](https://github.com/golang/term ).
Updates `golang.org/x/crypto` from 0.22.0 to 0.23.0
- [Commits](https://github.com/golang/crypto/compare/v0.22.0...v0.23.0 )
Updates `golang.org/x/net` from 0.24.0 to 0.25.0
- [Commits](https://github.com/golang/net/compare/v0.24.0...v0.25.0 )
Updates `golang.org/x/sys` from 0.19.0 to 0.20.0
- [Commits](https://github.com/golang/sys/compare/v0.19.0...v0.20.0 )
Updates `golang.org/x/term` from 0.19.0 to 0.20.0
- [Commits](https://github.com/golang/term/compare/v0.19.0...v0.20.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/term
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-06 16:17:50 -04:00
f19a28645e
Bump google.golang.org/protobuf in the protobuf-dependencies group ( #1139 )
...
Bumps the protobuf-dependencies group with 1 update: google.golang.org/protobuf.
Updates `google.golang.org/protobuf` from 1.34.0 to 1.34.1
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: protobuf-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-06 16:17:05 -04:00
fd1906b16f
minor text fixes ( #1135 )
2024-05-03 20:43:40 -05:00
d6e4b88bb5
release: use download-action v4 in docker section ( #1134 )
...
We missed this upgrade in #1047
2024-05-03 11:35:55 -04:00
18f69af455
Bump actions/download-artifact from 3 to 4 ( #1047 )
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 3 to 4.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-02 11:25:22 -04:00
aa18d7fa4f
Bump actions/upload-artifact from 3 to 4 ( #1046 )
...
* Bump actions/upload-artifact from 3 to 4
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* try to fix upload conflict
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Wade Simmons <wsimmons@slack-corp.com>
2024-05-02 11:24:58 -04:00
b5c3486796
Push Docker images as part of the release workflow ( #1037 )
2024-05-02 09:37:11 -04:00
f39bfbb7fa
Bump google.golang.org/protobuf in the protobuf-dependencies group ( #1133 )
...
Bumps the protobuf-dependencies group with 1 update: google.golang.org/protobuf.
Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.0
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: protobuf-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-30 11:45:05 -04:00
4f4941e187
Add Vagrant based smoke tests ( #1067 )
...
* WIP smoke test freebsd
* fix bitrot
We now test that the firewall blocks inbound on host3 from host2
* WIP ipv6 test
* cleanup
* rename to make clear
* fix filename
* restore
* no sudo docker
* WIP
* WIP
* WIP
* WIP
* extra smoke tests
* WIP
* WIP
* add over improvements made in smoke.sh
* more tests
* use generic/freebsd14
* cleanup from test
* smoke test openbsd-amd64
* add netbsd-amd64
* try to fix vagrant
2024-04-30 11:02:16 -04:00
5f17db5dfa
Add support for LoongArch64 ( #1003 )
2024-04-30 09:55:44 -05:00
f31bab5f1a
Add support for SSH CAs ( #1098 )
...
- Accept certs signed by trusted CAs
- Username must match the cert principal if set
- Any username can be used if cert principal is empty
- Don't allow removed pubkeys/CAs to be used after reload
2024-04-30 10:50:17 -04:00
9cd944d320
chore: fix function name in comment ( #1111 )
2024-04-30 09:43:38 -05:00
f7db0eb5cc
Remove Vagrant example ( #1129 )
2024-04-30 09:40:24 -05:00
7e7d5e00ca
Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 ( #1086 )
...
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang ) from 1.18.0 to 1.19.0.
- [Release notes](https://github.com/prometheus/client_golang/releases )
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prometheus/client_golang/compare/v1.18.0...v1.19.0 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-30 10:30:18 -04:00
24f336ec56
switch off deprecated elliptic.Marshal ( #1108 )
...
elliptic.Marshal was deprecated, we can replace it with the ECDH methods
even though we aren't using ECDH here. See:
- f03fb147d7https://github.com/golang/go/issues/63963
2024-04-30 10:02:49 -04:00
d7f52dec41
Fix errant capitalisation in DNS TXT response ( #1127 )
...
Co-authored-by: Oliver Marriott <hello@omarriott.com>
2024-04-30 09:58:56 -04:00
e54f9dd206
dns_server.go: parseQuery: set NXDOMAIN if there's no Answer to return ( #845 )
2024-04-30 09:56:57 -04:00
df78158cfa
Create service script for open-rc ( #711 )
2024-04-30 09:53:00 -04:00
8b55caa15e
Remove Arch nebula.service file ( #1132 )
2024-04-30 07:45:23 -04:00
7ed9f2a688
add ssh command to print device info ( #763 )
2024-04-29 16:09:34 -05:00
3aca576b07
update to go1.22 ( #981 )
...
* update to go1.21
Since the first minor version update has already been released, we can
probably feel comfortable updating to go1.21. This version now enforces
that the go version on the system is compatible with the version
specified in go.mod, so we can remove the old logic around checking the
minimum version in the Makefile.
- https://go.dev/doc/go1.21#tools
> To improve forwards compatibility, Go 1.21 now reads the go line in a go.work or go.mod file as a strict minimum requirement: go 1.21.0 means that the workspace or module cannot be used with Go 1.20 or with Go 1.21rc1. This allows projects that depend on fixes made in later versions of Go to ensure that they are not used with earlier versions. It also gives better error reporting for projects that make use of new Go features: when the problem is that a newer Go version is needed, that problem is reported clearly, instead of attempting to build the code and printing errors about unresolved imports or syntax errors.
* update to go1.22
* bump gvisor
* fix merge conflicts
* use latest gvisor `go` branch
Need to use the latest commit on the `go` branch, see:
- https://github.com/google/gvisor?tab=readme-ov-file#using-go-get
* mod tidy
* more fixes
* give smoketest more time
Is this why it is failing?
* also a little more sleep here
---------
Co-authored-by: Jack Doan <me@jackdoan.com>
2024-04-29 16:44:42 -04:00
a99618e95c
Don't log invalid certificates ( #1116 )
2024-04-29 15:21:00 -05:00
8e94eb974e
Add suggested filenames for collected profiles in the ssh commands ( #1109 )
2024-04-29 15:20:46 -05:00
dependabot[bot]