John Maguire
a0b280621d
Remove firewall.conntrack.max_connections from examples ( #684 )
2022-06-23 10:29:54 -05:00
Caleb Jasik
527f953c2c
Remove x509 config loading code ( #685 )
2022-06-23 10:27:34 -05:00
brad-defined
1a7c575011
Relay ( #678 )
...
Co-authored-by: Wade Simmons <wsimmons@slack-corp.com>
2022-06-21 13:35:23 -05:00
Don Stephan
332fa2b825
fix panic in handleInvalidCertificate ( #675 )
...
* fix panic in handleInvalidCertificate
when HandleMonitorTick fires, the hostmap can be nil which causes a panic to occur when trying to clean up the hostmap in handleInvalidCertificate. This fix just stops the invalidation from continuing if the hostmap doesn't exist.
* removed conditional for disconnectInvalid in HandleDeletionTick
2022-05-16 13:29:57 -04:00
Wade Simmons
45d1d2b6c6
Update dependencies - 2022-04 ( #664 )
...
Updated github.com/kardianos/service https://github.com/kardianos/service/compare/v1.2.0...v1.2.1
Updated github.com/miekg/dns https://github.com/miekg/dns/compare/v1.1.43...v1.1.48
Updated github.com/prometheus/client_golang https://github.com/prometheus/client_golang/compare/v1.11.0...v1.12.1
Updated github.com/prometheus/common https://github.com/prometheus/common/compare/v0.32.1...v0.33.0
Updated github.com/stretchr/testify https://github.com/stretchr/testify/compare/v1.7.0...v1.7.1
Updated golang.org/x/crypto 5770296d90...ae2d96664a
Updated golang.org/x/net 69e39bad7d...749bd193bc
Updated golang.org/x/sys 7861aae155...289d7a0edf
Updated golang.zx2c4.com/wireguard/windows v0.5.1...v0.5.3
Updated google.golang.org/protobuf v1.27.1...v1.28.0
2022-04-18 12:12:25 -04:00
Wade Simmons
3913062c43
build and test with go1.18 ( #656 )
...
- https://go.dev/doc/go1.18
2022-04-05 17:08:00 -04:00
Wade Simmons
b38bd36766
fix connection manager check when disconnect_invalid set ( #658 )
...
This restores the hostMap.QueryVpnIP block to how it looked before #370
was merged. I'm not sure why the patch from #370 wanted to continue on
if there was no match found in the hostmap, since there isn't anything
to do at that point (the tunnel has already been closed).
This was causing a crash because the handleInvalidCertificate check
expects the hostinfo to be passed in (but it is nil since there was no
hostinfo in the hostmap).
Fixes : #657
2022-04-04 13:38:36 -04:00
Nate Brown
d85e24f49f
Allow for self reported ips to the lighthouse ( #650 )
2022-04-04 12:35:23 -05:00
bitshop
7672c7087a
Add to build all windows-arm64 / bin-windows-arm64 build option ( #638 )
...
* Add to build all windows-arm64 / bin-winarm64 builds
* update release to build for windows-arm64
* cleanup
Co-authored-by: Wade Simmons <wsimmons@slack-corp.com>
2022-03-18 13:23:10 -04:00
Caleb Jasik
730a5c4a23
Update link to nebula docs ( #655 )
2022-03-18 11:15:16 -04:00
brad-defined
03498a0cb2
Make nebula advertise its dynamic port to lighthouses ( #653 )
2022-03-15 18:03:56 -05:00
Nate Brown
312a01dc09
Lighthouse reload support ( #649 )
...
Co-authored-by: John Maguire <contact@johnmaguire.me>
2022-03-14 12:35:13 -05:00
Nate Brown
bbe0a032bb
Fix windows unsafe_routes regression ( #648 )
2022-03-09 13:23:29 -06:00
Wade Simmons
b5b9d33ee7
v1.5.2 ( #612 )
...
Update CHANGELOG for Nebula v1.5.2
2021-12-14 16:48:56 -05:00
Wade Simmons
e434ba6523
fix unsafe routes darwin ( #610 )
...
With Nebula 1.4.0, if you create an unsafe_route that has a collision with an existing route on the system, the unsafe_route will be silently dropped (and the existing system route remains).
With Nebula 1.5.0, this same situation will cause Nebula to fail to start with an error (EEXIST).
This change restores the Nebula 1.4.0 behavior (but with a WARN log as well).
2021-12-14 11:52:49 -05:00
Wade Simmons
068a93d1f4
fix makeRouteTree allowMTU ( #611 )
...
With the previous implementation, we check if route.MTU is greater than zero,
but it will always be because we set it to the default MTU in
parseUnsafeRoutes. This change leaves it as zero in parseUnsafeRoutes so
it can be examined later.
2021-12-14 11:52:28 -05:00
Nate Brown
15fdabc3ab
v1.5.1 ( #606 )
...
Update CHANGELOG for Nebula v1.5.1
2021-12-13 20:43:25 -05:00
forfuncsake
1110756f0f
Allow setup of a CA pool from bytes that contain expired certs ( #599 )
...
Co-authored-by: Nate Brown <nbrown.us@gmail.com>
2021-12-09 21:24:56 -06:00
Nate Brown
e31006d546
Be more clear about ipv4 in nebula-cert ( #604 )
2021-12-07 21:40:30 -06:00
Wade Simmons
949ec78653
don't set ConnectionState to nil ( #590 )
...
* don't set ConnectionState to nil
We might have packets processing in another thread, so we can't safely
just set this to nil. Since we removed it from the hostmaps, the next
packets to process should start the handshake over again.
I believe this comment is outdated or incorrect, since the next
handshake will start over with a new HostInfo, I don't think there is
any way a counter reuse could happen:
> We must null the connectionstate or a counter reuse may happen
Here is a panic we saw that I think is related:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x93a037]
goroutine 59 [running, locked to thread]:
github.com/slackhq/nebula.(*Firewall).Drop(...)
github.com/slackhq/nebula/firewall.go:380
github.com/slackhq/nebula.(*Interface).consumeInsidePacket(...)
github.com/slackhq/nebula/inside.go:59
github.com/slackhq/nebula.(*Interface).listenIn(...)
github.com/slackhq/nebula/interface.go:233
created by github.com/slackhq/nebula.(*Interface).run
github.com/slackhq/nebula/interface.go:191
* use closeTunnel
2021-12-06 14:09:05 -05:00
Wade Simmons
127a116bfd
update golang.org/x/crypto ( #603 )
...
> Version v0.0.0-20211202192323-5770296d904e of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers.
>
> This issue was discovered and reported by Rod Hynes, Psiphon Inc., and is tracked as CVE-2021-43565 and Issue golang/go#49932 .
Updated golang.org/x/crypto 089bfa5675...5770296d90
Updated golang.org/x/net 4a448f8816...69e39bad7d
2021-12-06 14:07:05 -05:00
Wade Simmons
befce3f990
fix crash with `-test` ( #602 )
...
When running in `-test` mode, `tun` is set to nil. So we should move the
defer into the `!configTest` if block.
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x54855c]
goroutine 1 [running]:
github.com/slackhq/nebula.Main.func3(0x4000135e80, {0x0, 0x0})
github.com/slackhq/nebula/main.go:176 +0x2c
github.com/slackhq/nebula.Main(0x400022e060, 0x1, {0x76faa0, 0x5}, 0x4000230000, 0x0)
github.com/slackhq/nebula/main.go:316 +0x2414
main.main()
github.com/slackhq/nebula/cmd/nebula/main.go:54 +0x540
2021-12-06 14:06:16 -05:00
Wade Simmons
f60ed2b36d
overlay: fix tun.RouteFor getting *net.IP ( #595 )
...
tun.RouteFor expects the routeTree to have an iputil.VpnIp inside of it
instead of a *net.IP.
2021-12-06 09:35:31 -05:00
Nate Brown
48c47f5841
Warn if no lighthouses were configured on a non lighthouse node ( #587 )
2021-11-30 10:31:33 -06:00
Wade Simmons
75306487c5
fix `wintun` package to have // +build comments ( #598 )
...
Without these comments, gofmt 1.16.9 will complain. Since we otherwise
still support building with go1.16, lets add the comments to make it
easier to compile and gofmt.
Related: #588
2021-11-30 11:14:15 -05:00
Nate Brown
78d0d46bae
Remove WriteRaw, cidrTree -> routeTree to better describe its purpose, remove redundancy from field names ( #582 )
2021-11-12 12:47:09 -06:00
Nate Brown
467e605d5e
Push route handling into overlay, a few more nits fixed ( #581 )
2021-11-12 11:19:28 -06:00
Nate Brown
2f1f0d602f
Cleanup most of the remaining nits ( #578 )
2021-11-12 10:47:36 -06:00
Nate Brown
e07524a654
Move all of tun into overlay ( #577 )
2021-11-11 16:37:29 -06:00
Nate Brown
88ce0edf76
Start the overlay package with the old Inside interface ( #576 )
2021-11-10 21:52:26 -06:00
Nate Brown
4453964e34
Move util to test, contextual errors to util ( #575 )
2021-11-10 21:47:38 -06:00
Wade Simmons
19a9a4221e
v1.5.0 ( #574 )
...
Update CHANGELOG for Nebula v1.5.0
2021-11-10 22:32:26 -05:00
Chad Harp
1915fab619
tun_darwin ( #163 )
...
- Remove water and replace with syscalls for tun setup
- Support named interfaces
- Set up routes with syscalls instead of os/exec
Co-authored-by: Wade Simmons <wade@wades.im>
2021-11-09 20:24:24 -05:00
Nate Brown
7801b589b6
Sign and notarize darwin universal binaries ( #571 )
2021-11-09 10:49:54 -06:00
Nate Brown
b6391292d1
Move wintun distributable into release zip for windows ( #572 )
2021-11-08 21:55:10 -06:00
Terry Wang
999efdb2e8
docs: improve grammar and readability for README.md ( #225 )
2021-11-08 17:32:31 -06:00
Wade Simmons
304b12f63f
create ConnectionState before adding to HostMap ( #535 )
...
We have a few small race conditions with creating the HostInfo.ConnectionState
since we add the host info to the pendingHostMap before we set this
field. We can make everything a lot easier if we just add an "init"
function so that we can set this field in the hostinfo before we add it
to the hostmap.
2021-11-08 14:46:22 -05:00
CzBiX
16be0ce566
Add Wintun support ( #289 )
2021-11-08 12:36:31 -06:00
John Maguire
0577c097fb
Fix flaky test ( #567 )
2021-11-04 14:49:56 -05:00
Jake Howard
eb66e13dc4
Use CGO_ENABLED=0 ( #421 )
...
Set `CGO_ENABLED` to 0 when building
2021-11-04 14:20:44 -04:00
Wade Simmons
a22c134bf5
Update dependencies, November 2021 ( #564 )
...
*Direct Dependencies*
Updated github.com/anmitsu/go-shlex 648efa6222...38f4b401e2
Updated github.com/flynn/noise https://github.com/flynn/noise/compare/4bdb43be3117...v1.0.0
Updated github.com/golang/protobuf https://github.com/golang/protobuf/compare/v1.5.0...v1.5.2
Updated github.com/kardianos/service https://github.com/kardianos/service/compare/v1.1.0...v1.2.0
Updated github.com/miekg/dns https://github.com/miekg/dns/compare/v1.1.25...v1.1.43
Updated github.com/nbrownus/go-metrics-prometheus https://github.com/nbrownus/go-metrics-prometheus/compare/6e6d5173d99c...974a6260965f
Updated github.com/prometheus/client_golang https://github.com/prometheus/client_golang/compare/v1.2.1...v1.11.0
Updated github.com/rcrowley/go-metrics https://github.com/rcrowley/go-metrics/compare/cac0b30c2563...cf1acfcdf475
Updated github.com/sirupsen/logrus https://github.com/sirupsen/logrus/compare/v1.4.2...v1.8.1
Updated github.com/songgao/water https://github.com/songgao/water/compare/fd331bda3f4b...2b4b6d7c09d8
Updated github.com/stretchr/testify https://github.com/stretchr/testify/compare/v1.6.1...v1.7.0
Updated github.com/vishvananda/netlink https://github.com/vishvananda/netlink/compare/00009fb8606a...v1.1.0
Updated golang.org/x/crypto https://github.com/golang/crypto/compare/0c34fe9e7dc2...089bfa567519
Updated golang.org/x/net https://github.com/golang/net/compare/e18ecbb05110...4a448f8816b3
Updated golang.org/x/sys https://github.com/golang/sys/compare/f84b799fce68...4dd72447c267
Updated google.golang.org/protobuf v1.26.0...v1.27.1
Updated gopkg.in/yaml.v2 v2.2.7...v2.4.0
*Indirect Dependencies*
Updated github.com/alecthomas/units https://github.com/alecthomas/units/compare/c3de453c63f4...f65c72e2690d
Updated github.com/cespare/xxhash https://github.com/cespare/xxhash/compare/v2.1.1...v2.1.2
Updated github.com/go-logfmt/logfmt https://github.com/go-logfmt/logfmt/compare/v0.4.0...v0.5.0
Updated github.com/json-iterator/go https://github.com/json-iterator/go/compare/v1.1.7...v1.1.11
Updated github.com/julienschmidt/httprouter https://github.com/julienschmidt/httprouter/compare/v1.2.0...v1.3.0
Updated github.com/konsorten/go-windows-terminal-sequences https://github.com/konsorten/go-windows-terminal-sequences/compare/v1.0.2...v1.0.3
Updated github.com/mwitkow/go-conntrack https://github.com/mwitkow/go-conntrack/compare/cc309e4a2223...2f068394615f
Updated github.com/pkg/errors https://github.com/pkg/errors/compare/v0.8.1...v0.9.1
Updated github.com/prometheus/client_model https://github.com/prometheus/client_model/compare/d1d2010b5bee...v0.2.0
Updated github.com/prometheus/common https://github.com/prometheus/common/compare/v0.7.0...v0.32.1
Updated github.com/prometheus/procfs https://github.com/prometheus/procfs/compare/v0.0.8...v0.7.3
Updated github.com/vishvananda/netns https://github.com/vishvananda/netns/compare/0a2b9b5464df...50045581ed74
Updated golang.org/x/sync https://github.com/golang/sync/compare/67f06af15bc9...036812b2e83c
Updated golang.org/x/term https://github.com/golang/term/compare/7de9c90e9dd1...03fcf44c2211
Updated golang.org/x/text https://github.com/golang/text/compare/v0.3.3...v0.3.6
Added cloud.google.com/go v0.65.0
Added cloud.google.com/go/bigquery v1.8.0
Added cloud.google.com/go/datastore v1.1.0
Added cloud.google.com/go/pubsub v1.3.1
Added cloud.google.com/go/storage v1.10.0
Added dmitri.shuralyov.com/gpu/mtl 666a987793e9
Added github.com/BurntSushi/toml https://github.com/BurntSushi/toml/tree/v0.3.1
Added github.com/BurntSushi/xgb https://github.com/BurntSushi/xgb/tree/27f122750802
Added github.com/census-instrumentation/opencensus-proto https://github.com/census-instrumentation/opencensus-proto/tree/v0.2.1
Added github.com/chzyer/logex https://github.com/chzyer/logex/tree/v1.1.10
Added github.com/chzyer/readline https://github.com/chzyer/readline/tree/2972be24d48e
Added github.com/chzyer/test https://github.com/chzyer/test/tree/a1ea475d72b1
Added github.com/client9/misspell https://github.com/client9/misspell/tree/v0.3.4
Added github.com/cncf/udpa/go https://github.com/cncf/udpa/go/tree/269d4d468f6f
Added github.com/envoyproxy/go-control-plane https://github.com/envoyproxy/go-control-plane/tree/v0.9.4
Added github.com/envoyproxy/protoc-gen-validate https://github.com/envoyproxy/protoc-gen-validate/tree/v0.1.0
Added github.com/go-gl/glfw https://github.com/go-gl/glfw/tree/e6da0acd62b1
Added github.com/go-gl/glfw/v3.3/glfw https://github.com/go-gl/glfw/v3.3/glfw/tree/6f7a984d4dc4
Added github.com/go-kit/log https://github.com/go-kit/log/tree/v0.1.0
Added github.com/golang/glog https://github.com/golang/glog/tree/23def4e6c14b
Added github.com/golang/groupcache https://github.com/golang/groupcache/tree/8c9f03a8e57e
Added github.com/golang/mock https://github.com/golang/mock/tree/v1.4.4
Added github.com/google/btree https://github.com/google/btree/tree/v1.0.0
Added github.com/google/martian https://github.com/google/martian/tree/v2.1.0+incompatible
Added github.com/google/martian https://github.com/google/martian/tree/v3.0.0
Added github.com/google/pprof https://github.com/google/pprof/tree/1a94d8640e99
Added github.com/google/renameio https://github.com/google/renameio/tree/v0.1.0
Added github.com/googleapis/gax-go https://github.com/googleapis/gax-go/tree/v2.0.5
Added github.com/hashicorp/golang-lru https://github.com/hashicorp/golang-lru/tree/v0.5.1
Added github.com/ianlancetaylor/demangle https://github.com/ianlancetaylor/demangle/tree/5e5cf60278f6
Added github.com/jpillora/backoff https://github.com/jpillora/backoff/tree/v1.0.0
Added github.com/jstemmer/go-junit-report https://github.com/jstemmer/go-junit-report/tree/v0.9.1
Added github.com/rogpeppe/go-internal https://github.com/rogpeppe/go-internal/tree/v1.3.0
Added go.opencensus.io v0.22.4
Added golang.org/x/exp https://github.com/golang/exp/tree/6cc2880d07d6
Added golang.org/x/image https://github.com/golang/image/tree/cff245a6509b
Added golang.org/x/mobile https://github.com/golang/mobile/tree/d2bd2a29d028
Added golang.org/x/oauth2 https://github.com/golang/oauth2/tree/f6687ab2804c
Added golang.org/x/time https://github.com/golang/time/tree/555d28b269f0
Added google.golang.org/api v0.30.0
Added google.golang.org/appengine v1.6.6
Added google.golang.org/genproto 8632dd797987
Added google.golang.org/grpc v1.31.0
Added gopkg.in/errgo.v2 v2.1.0
Added honnef.co/go/tools v0.0.1-2020.1.4
Added rsc.io/binaryregexp v0.2.0
Added rsc.io/quote v3.1.0
Added rsc.io/sampler v1.3.0
Removed github.com/flynn/go-shlex https://github.com/flynn/go-shlex/tree/3f9db97f8568
2021-11-04 10:25:13 -04:00
Nate Brown
94aaab042f
Fix race between punchback and lighthouse handler reset ( #566 )
2021-11-03 21:54:27 -05:00
Donatas Abraitis
b358bbab80
Add an ability to specify metric for unsafe routes ( #474 )
2021-11-03 21:53:28 -05:00
Nate Brown
bcabcfdaca
Rework some things into packages ( #489 )
2021-11-03 20:54:04 -05:00
Nate Brown
1f75fb3c73
Add link to further documentation ( #563 )
2021-11-02 20:55:34 -05:00
brad-defined
6ae8ba26f7
Add a context object in nebula.Main to clean up on error ( #550 )
2021-11-02 13:14:26 -05:00
Nate Brown
32cd9a93f1
Bump to go1.17 ( #553 )
2021-10-21 16:24:11 -05:00
Nate Brown
97afe2ec48
Update changelog for #370 ( #551 )
2021-10-20 14:36:56 -05:00
Donatas Abraitis
32e2619323
Teardown tunnel automatically if peer's certificate expired ( #370 )
2021-10-20 13:23:33 -05:00
Wade Simmons
e8b08e49e6
update CHANGELOG for 532, 540 and 541 ( #549 )
...
- #532
- #540
- #541
Also fix some whitespace
2021-10-19 11:07:31 -04:00