e07524a654
Move all of tun into overlay ( #577 )
2021-11-11 16:37:29 -06:00
88ce0edf76
Start the overlay package with the old Inside interface ( #576 )
2021-11-10 21:52:26 -06:00
4453964e34
Move util to test, contextual errors to util ( #575 )
2021-11-10 21:47:38 -06:00
19a9a4221e
v1.5.0 ( #574 )
...
Update CHANGELOG for Nebula v1.5.0
2021-11-10 22:32:26 -05:00
1915fab619
tun_darwin ( #163 )
...
- Remove water and replace with syscalls for tun setup
- Support named interfaces
- Set up routes with syscalls instead of os/exec
Co-authored-by: Wade Simmons <wade@wades.im>
2021-11-09 20:24:24 -05:00
7801b589b6
Sign and notarize darwin universal binaries ( #571 )
2021-11-09 10:49:54 -06:00
b6391292d1
Move wintun distributable into release zip for windows ( #572 )
2021-11-08 21:55:10 -06:00
999efdb2e8
docs: improve grammar and readability for README.md ( #225 )
2021-11-08 17:32:31 -06:00
304b12f63f
create ConnectionState before adding to HostMap ( #535 )
...
We have a few small race conditions with creating the HostInfo.ConnectionState
since we add the host info to the pendingHostMap before we set this
field. We can make everything a lot easier if we just add an "init"
function so that we can set this field in the hostinfo before we add it
to the hostmap.
2021-11-08 14:46:22 -05:00
16be0ce566
Add Wintun support ( #289 )
2021-11-08 12:36:31 -06:00
0577c097fb
Fix flaky test ( #567 )
2021-11-04 14:49:56 -05:00
eb66e13dc4
Use CGO_ENABLED=0 ( #421 )
...
Set `CGO_ENABLED` to 0 when building
2021-11-04 14:20:44 -04:00
a22c134bf5
Update dependencies, November 2021 ( #564 )
...
*Direct Dependencies*
Updated github.com/anmitsu/go-shlex 648efa6222...38f4b401e2https://github.com/flynn/noise/compare/4bdb43be3117...v1.0.0
Updated github.com/golang/protobuf https://github.com/golang/protobuf/compare/v1.5.0...v1.5.2
Updated github.com/kardianos/service https://github.com/kardianos/service/compare/v1.1.0...v1.2.0
Updated github.com/miekg/dns https://github.com/miekg/dns/compare/v1.1.25...v1.1.43
Updated github.com/nbrownus/go-metrics-prometheus https://github.com/nbrownus/go-metrics-prometheus/compare/6e6d5173d99c...974a6260965f
Updated github.com/prometheus/client_golang https://github.com/prometheus/client_golang/compare/v1.2.1...v1.11.0
Updated github.com/rcrowley/go-metrics https://github.com/rcrowley/go-metrics/compare/cac0b30c2563...cf1acfcdf475
Updated github.com/sirupsen/logrus https://github.com/sirupsen/logrus/compare/v1.4.2...v1.8.1
Updated github.com/songgao/water https://github.com/songgao/water/compare/fd331bda3f4b...2b4b6d7c09d8
Updated github.com/stretchr/testify https://github.com/stretchr/testify/compare/v1.6.1...v1.7.0
Updated github.com/vishvananda/netlink https://github.com/vishvananda/netlink/compare/00009fb8606a...v1.1.0
Updated golang.org/x/crypto https://github.com/golang/crypto/compare/0c34fe9e7dc2...089bfa567519
Updated golang.org/x/net https://github.com/golang/net/compare/e18ecbb05110...4a448f8816b3
Updated golang.org/x/sys https://github.com/golang/sys/compare/f84b799fce68...4dd72447c267
Updated google.golang.org/protobuf v1.26.0...v1.27.1
Updated gopkg.in/yaml.v2 v2.2.7...v2.4.0
*Indirect Dependencies*
Updated github.com/alecthomas/units https://github.com/alecthomas/units/compare/c3de453c63f4...f65c72e2690d
Updated github.com/cespare/xxhash https://github.com/cespare/xxhash/compare/v2.1.1...v2.1.2
Updated github.com/go-logfmt/logfmt https://github.com/go-logfmt/logfmt/compare/v0.4.0...v0.5.0
Updated github.com/json-iterator/go https://github.com/json-iterator/go/compare/v1.1.7...v1.1.11
Updated github.com/julienschmidt/httprouter https://github.com/julienschmidt/httprouter/compare/v1.2.0...v1.3.0
Updated github.com/konsorten/go-windows-terminal-sequences https://github.com/konsorten/go-windows-terminal-sequences/compare/v1.0.2...v1.0.3
Updated github.com/mwitkow/go-conntrack https://github.com/mwitkow/go-conntrack/compare/cc309e4a2223...2f068394615f
Updated github.com/pkg/errors https://github.com/pkg/errors/compare/v0.8.1...v0.9.1
Updated github.com/prometheus/client_model https://github.com/prometheus/client_model/compare/d1d2010b5bee...v0.2.0
Updated github.com/prometheus/common https://github.com/prometheus/common/compare/v0.7.0...v0.32.1
Updated github.com/prometheus/procfs https://github.com/prometheus/procfs/compare/v0.0.8...v0.7.3
Updated github.com/vishvananda/netns https://github.com/vishvananda/netns/compare/0a2b9b5464df...50045581ed74
Updated golang.org/x/sync https://github.com/golang/sync/compare/67f06af15bc9...036812b2e83c
Updated golang.org/x/term https://github.com/golang/term/compare/7de9c90e9dd1...03fcf44c2211
Updated golang.org/x/text https://github.com/golang/text/compare/v0.3.3...v0.3.6
Added cloud.google.com/go v0.65.0
Added cloud.google.com/go/bigquery v1.8.0
Added cloud.google.com/go/datastore v1.1.0
Added cloud.google.com/go/pubsub v1.3.1
Added cloud.google.com/go/storage v1.10.0
Added dmitri.shuralyov.com/gpu/mtl 666a987793e9
Added github.com/BurntSushi/toml https://github.com/BurntSushi/toml/tree/v0.3.1
Added github.com/BurntSushi/xgb https://github.com/BurntSushi/xgb/tree/27f122750802
Added github.com/census-instrumentation/opencensus-proto https://github.com/census-instrumentation/opencensus-proto/tree/v0.2.1
Added github.com/chzyer/logex https://github.com/chzyer/logex/tree/v1.1.10
Added github.com/chzyer/readline https://github.com/chzyer/readline/tree/2972be24d48e
Added github.com/chzyer/test https://github.com/chzyer/test/tree/a1ea475d72b1
Added github.com/client9/misspell https://github.com/client9/misspell/tree/v0.3.4
Added github.com/cncf/udpa/go https://github.com/cncf/udpa/go/tree/269d4d468f6f
Added github.com/envoyproxy/go-control-plane https://github.com/envoyproxy/go-control-plane/tree/v0.9.4
Added github.com/envoyproxy/protoc-gen-validate https://github.com/envoyproxy/protoc-gen-validate/tree/v0.1.0
Added github.com/go-gl/glfw https://github.com/go-gl/glfw/tree/e6da0acd62b1
Added github.com/go-gl/glfw/v3.3/glfw https://github.com/go-gl/glfw/v3.3/glfw/tree/6f7a984d4dc4
Added github.com/go-kit/log https://github.com/go-kit/log/tree/v0.1.0
Added github.com/golang/glog https://github.com/golang/glog/tree/23def4e6c14b
Added github.com/golang/groupcache https://github.com/golang/groupcache/tree/8c9f03a8e57e
Added github.com/golang/mock https://github.com/golang/mock/tree/v1.4.4
Added github.com/google/btree https://github.com/google/btree/tree/v1.0.0
Added github.com/google/martian https://github.com/google/martian/tree/v2.1.0+incompatible
Added github.com/google/martian https://github.com/google/martian/tree/v3.0.0
Added github.com/google/pprof https://github.com/google/pprof/tree/1a94d8640e99
Added github.com/google/renameio https://github.com/google/renameio/tree/v0.1.0
Added github.com/googleapis/gax-go https://github.com/googleapis/gax-go/tree/v2.0.5
Added github.com/hashicorp/golang-lru https://github.com/hashicorp/golang-lru/tree/v0.5.1
Added github.com/ianlancetaylor/demangle https://github.com/ianlancetaylor/demangle/tree/5e5cf60278f6
Added github.com/jpillora/backoff https://github.com/jpillora/backoff/tree/v1.0.0
Added github.com/jstemmer/go-junit-report https://github.com/jstemmer/go-junit-report/tree/v0.9.1
Added github.com/rogpeppe/go-internal https://github.com/rogpeppe/go-internal/tree/v1.3.0
Added go.opencensus.io v0.22.4
Added golang.org/x/exp https://github.com/golang/exp/tree/6cc2880d07d6
Added golang.org/x/image https://github.com/golang/image/tree/cff245a6509b
Added golang.org/x/mobile https://github.com/golang/mobile/tree/d2bd2a29d028
Added golang.org/x/oauth2 https://github.com/golang/oauth2/tree/f6687ab2804c
Added golang.org/x/time https://github.com/golang/time/tree/555d28b269f0
Added google.golang.org/api v0.30.0
Added google.golang.org/appengine v1.6.6
Added google.golang.org/genproto 8632dd797987
Added google.golang.org/grpc v1.31.0
Added gopkg.in/errgo.v2 v2.1.0
Added honnef.co/go/tools v0.0.1-2020.1.4
Added rsc.io/binaryregexp v0.2.0
Added rsc.io/quote v3.1.0
Added rsc.io/sampler v1.3.0
Removed github.com/flynn/go-shlex https://github.com/flynn/go-shlex/tree/3f9db97f8568
2021-11-04 10:25:13 -04:00
94aaab042f
Fix race between punchback and lighthouse handler reset ( #566 )
2021-11-03 21:54:27 -05:00
b358bbab80
Add an ability to specify metric for unsafe routes ( #474 )
2021-11-03 21:53:28 -05:00
bcabcfdaca
Rework some things into packages ( #489 )
2021-11-03 20:54:04 -05:00
1f75fb3c73
Add link to further documentation ( #563 )
2021-11-02 20:55:34 -05:00
6ae8ba26f7
Add a context object in nebula.Main to clean up on error ( #550 )
2021-11-02 13:14:26 -05:00
32cd9a93f1
Bump to go1.17 ( #553 )
2021-10-21 16:24:11 -05:00
97afe2ec48
Update changelog for #370 ( #551 )
2021-10-20 14:36:56 -05:00
32e2619323
Teardown tunnel automatically if peer's certificate expired ( #370 )
2021-10-20 13:23:33 -05:00
e8b08e49e6
update CHANGELOG for 532, 540 and 541 ( #549 )
...
- #532
- #540
- #541
Also fix some whitespace
2021-10-19 11:07:31 -04:00
ea2c186a77
remote_allow_ranges: allow inside CIDR specific remote_allow_lists ( #540 )
...
This allows you to configure remote allow lists specific to different
subnets of the inside CIDR. Example:
remote_allow_ranges:
10.42.42.0/24:
192.168.0.0/16: true
This would only allow hosts with a VPN IP in the 10.42.42.0/24 range to
have private IPs (and thus don't connect over public IPs).
The PR also refactors AllowList into RemoteAllowList and LocalAllowList to make it clearer which methods are allowed on which allow list.
2021-10-19 10:54:30 -04:00
ae5505bc74
handshake: update to preferred remote ( #532 )
...
If we receive a handshake packet for a tunnel that has already been
completed, check to see if the new remote is preferred. If so, update to
the preferred remote and send a test packet to influence the other side
to do the same.
2021-10-19 10:53:55 -04:00
afda79feac
documented "preferred_ranges" ( #541 )
...
Document the preferred config variable, and deprecate "local_range".
2021-10-19 10:53:36 -04:00
0e7bc290f8
Fix build on riscv64 ( #542 )
...
Add riscv64 build tag for udp_linux_64.go to fix build on riscv64
Co-authored-by: Wade Simmons <wade@wades.im>
2021-10-13 10:55:32 -04:00
3a8f533b24
refactor: use X25519 instead of ScalarBaseMult ( #533 )
...
As suggested in https://pkg.go.dev/golang.org/x/crypto/curve25519#ScalarBaseMult ,
use X25519 instead of ScalarBaseMult. When using Basepoint, it may employ
some precomputed values, enhancing performance.
Co-authored-by: Wade Simmons <wade@wades.im>
Co-authored-by: Wade Simmons <wadey@slack-corp.com>
2021-10-12 12:03:43 -04:00
34d002d695
Check CA cert and key match in nebula-cert sign ( #503 )
...
`func (nc *NebulaCertificate) VerifyPrivateKey(key []byte) error` would
previously return an error even if passed the correct private key for a
CA certificate `nc`.
That function has been updated to support CA certificates, and
nebula-cert now calls it before signing a new certificate. Previously,
it would perform all constraint checks against the CA certificate
provided, take a SHA256 fingerprint of the provided certificate, insert
it into the new node certificate, and then finally sign it with the
mismatching private key provided.
2021-10-01 12:43:33 -04:00
9f34c5e2ba
Typo Fix ( #523 )
2021-09-16 00:12:08 -05:00
3f5caf67ff
Add info about Distribution Packages. ( #414 )
2021-09-15 17:57:35 -05:00
e01213cd21
Update README.md ( #378 )
...
Add missing period.
2021-09-15 17:50:01 -05:00
af3674ac7b
add peer cert issuer to handshake log entries ( #510 )
...
Co-authored-by: Jack Adamson <jackadamson@users.noreply.github.com>
2021-08-31 11:57:38 +10:00
c726d20578
Fix single command ssh exec ( #483 )
2021-06-07 17:06:59 -05:00
d13f4b5948
fixed recv_errors spoofing condition ( #482 )
...
Hi @nbrownus
Fixed a small bug that was introduced in
df7c7ee#diff-5d05d02296a1953fd5fbcb3f4ab486bc5f7c34b14c3bdedb068008ec8ff5beb4
having problems due to it
2021-06-03 13:04:04 -04:00
2e1d6743be
v1.4.0 ( #458 )
...
Update CHANGELOG for Nebula v1.4.0
Co-authored-by: Wade Simmons <wade@wades.im>
2021-05-10 21:23:49 -04:00
d004fae4f9
Unlock the hostmap quickly, lock hostinfo instead ( #459 )
2021-05-05 13:10:55 -05:00
95f4c8a01b
Don't check for rebind if we are closing the tunnel ( #457 )
2021-05-04 19:15:24 -05:00
9ff73cb02f
Increase the timestamp resolution for handshakes ( #453 )
2021-05-03 14:10:00 -05:00
98c391396c
Remove log when no handshake message is sent ( #452 )
2021-04-30 18:19:40 -05:00
1bc6f5fe6c
Minor windows focused improvements ( #443 )
...
Co-authored-by: Wade Simmons <wadey@slack-corp.com>
2021-04-30 15:04:47 -05:00
44cb697552
Add more metrics ( #450 )
...
* Add more metrics
This change adds the following counter metrics:
Metrics to track packets dropped at the firewall:
firewall.dropped.local_ip
firewall.dropped.remote_ip
firewall.dropped.no_rule
Metrics to track handshakes attempts that have been initiated and ones
that have timed out (ones that have completed are tracked by the
existing "handshakes" histogram).
handshake_manager.initiated
handshake_manager.timed_out
Metrics to track when cached_packets are dropped because we run out of
buffer space, and how many are sent once the handshake completes.
hostinfo.cached_packets.dropped
hostinfo.cached_packets.sent
This change also notes how many cached packets we have when we log the
final "Handshake received" message for either stage1 for stage2.
* separate incoming/outgoing metrics
* remove "allowed" firewall metrics
We don't need this on the hotpath, they aren't worh it.
* don't need pointers here
2021-04-27 22:23:18 -04:00
db23fdf9bc
Dont apply race avoidance to existing handshakes, use the handshake time to determine who wins ( #451 )
...
Co-authored-by: Wade Simmons <wadey@slack-corp.com>
2021-04-27 21:15:34 -05:00
df7c7eec4a
Get out faster on nil udpAddr ( #449 )
2021-04-26 20:21:47 -05:00
6f37280e8e
Fully close tunnels when CloseAllTunnels is called ( #448 )
2021-04-26 10:42:24 -05:00
a0735dd7d5
Add locking around ssh conns to avoid concurrent map access on reload ( #447 )
2021-04-23 14:43:16 -05:00
1deb5d98e8
Fix tun funcs for ios and android ( #446 )
2021-04-22 15:23:40 -05:00
a1ee521d79
Fix a failed return in an error case ( #445 )
2021-04-17 18:47:31 -05:00
7859140711
Only set serveDns if the host is also configured to be a lighthouse. ( #433 )
2021-04-16 13:33:56 -05:00
17106f83a0
Ensure the Nebula device exists before attempting to bind to the Nebula IP ( #375 )
2021-04-16 10:34:28 -05:00
ab08be1e3e
Don't panic on a nil response from the lighthouse ( #442 )
2021-04-15 09:12:21 -05:00
Nate Brown