3e9f0d57ac
[client] Fix windows info out of bounds panic ( #3196 )
2025-01-16 22:19:32 +01:00
bc7b2c6ba3
[client] Report client system flags to management server on login ( #3187 )
2025-01-16 13:58:00 +01:00
992a6c79b4
[client] Flush macOS DNS cache after changes ( #3185 )
2025-01-15 23:26:31 +01:00
78795a4a73
[client] Add block lan access flag for routers ( #3171 )
2025-01-15 17:39:47 +01:00
5a82477d48
[client] Remove outbound chains ( #3157 )
2025-01-15 16:57:41 +01:00
e4a25b6a60
[client-android] add serial, product model, product manufacturer ( #2958 )
...
Signed-off-by: Edouard Vanbelle <edouard.vanbelle@shadow.tech >
2025-01-15 16:02:16 +01:00
b34887a920
[client] Fix a panic on shutdown if dns host manager failed to initialize ( #3182 )
2025-01-15 13:14:46 +01:00
b9efda3ce8
[client] Disable DNS host manager for netstack mode ( #3183 )
2025-01-15 13:14:13 +01:00
15f0a665f8
[client] Allow ssh server on freebsd ( #3170 )
...
* Enable ssh server on freebsd
* Fix listening in netstack mode
* Fix panic if login cmd fails
* Tidy up go mod
2025-01-14 12:43:13 +01:00
9b5b632ff9
[client] Support non-openresolv for DNS on Linux ( #3176 )
2025-01-14 10:39:37 +01:00
522dd44bfa
[client] make /var/lib/netbird paths configurable ( #3084 )
...
- NB_STATE_DIR
- NB_UNCLEAN_SHUTDOWN_RESOLV_FILE
- NB_DNS_STATE_FILE
2025-01-13 10:15:01 +01:00
f48e33b395
[client] Don't fail on v6 ops when disabled via kernel params ( #3165 )
2025-01-10 18:16:21 +01:00
93f3e1b14b
[client] Prevent local routes in status from being overridden by updates ( #3166 )
2025-01-10 11:02:05 +01:00
d9905d1a57
[client] Add disable system flags ( #3153 )
2025-01-07 20:38:18 +01:00
6848e1e128
[client] Add rootless container and fix client routes in netstack mode ( #3150 )
2025-01-06 14:16:31 +01:00
f08605a7f1
[client] Enable network map persistence by default ( #3152 )
2025-01-06 14:11:43 +01:00
abbdf20f65
[client] Allow inbound rosenpass port ( #3109 )
2024-12-31 14:08:48 +01:00
43ef64cf67
[client] Ignore case when matching domains in handler chain ( #3133 )
2024-12-31 14:07:21 +01:00
b3c87cb5d1
[client] Fix inbound tracking in userspace firewall ( #3111 )
...
* Don't create state for inbound SYN
* Allow final ack in some cases
* Relax state machine test a little
2024-12-26 00:51:27 +01:00
0dbaddc7be
[client] Don't fail debug if log file is console ( #3103 )
2024-12-24 15:05:23 +01:00
ad9f044aad
[client] Add stateful userspace firewall and remove egress filters ( #3093 )
...
- Add stateful firewall functionality for UDP/TCP/ICMP in userspace firewalll
- Removes all egress drop rules/filters, still needs refactoring so we don't add output rules to any chains/filters.
- on Linux, if the OUTPUT policy is DROP then we don't do anything about it (no extra allow rules). This is up to the user, if they don't want anything leaving their machine they'll have to manage these rules explicitly.
2024-12-23 18:22:17 +01:00
05930ee6b1
[client] Add firewall rules to the debug bundle ( #3089 )
...
Adds the following to the debug bundle:
- iptables: `iptables-save`, `iptables -v -n -L`
- nftables: `nft list ruleset` or if not available formatted output from netlink (WIP)
2024-12-23 15:57:15 +01:00
b48cf1bf65
[client] Reduce DNS handler chain lock contention ( #3099 )
2024-12-21 15:56:52 +01:00
82b4e58ad0
Do not start DNS forwarder on client side ( #3094 )
2024-12-20 16:20:50 +01:00
ddc365f7a0
[client, management] Add new network concept ( #3047 )
...
---------
Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com >
Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com >
2024-12-20 11:30:28 +01:00
37ad370344
[client] Avoid using iota on mixed const block ( #3057 )
...
Used the values as resolved when the first iota value was the second const in the block.
2024-12-16 18:09:31 +01:00
3844516aa7
[client] fix: reformat IPv6 ICE addresses when punching ( #3050 )
...
Should fix #2327 and #2606 by checking for IPv6 addresses from ICE
2024-12-16 09:58:54 +01:00
a4a30744ad
Fix race condition with systray ready ( #2993 )
2024-12-14 12:17:53 -08:00
dcba6a6b7e
fix: client/Dockerfile to reduce vulnerabilities ( #3019 )
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201
- https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201
Co-authored-by: snyk-bot <snyk-bot@snyk.io >
2024-12-11 16:46:51 +01:00
2147bf75eb
[client] Add peer conn init limit ( #3001 )
...
Limit the peer connection initialization to 200 peers at the same time
2024-12-09 17:10:31 +01:00
e40a29ba17
[client] Add support for state manager on iOS ( #2996 )
2024-12-06 16:51:42 +01:00
e67fe89adb
Reduce max wait time to initialize peer connections ( #2984 )
...
* Reduce max wait time to initialize peer connections
setting rand time range to 100-300ms instead of 100-800ms
* remove min wait time
2024-12-05 13:03:11 +01:00
6cfbb1f320
[client] Init route selector early ( #2989 )
2024-12-05 12:41:12 +01:00
c853011a32
[client] Don't return error in rule removal if protocol is not supported ( #2990 )
2024-12-05 12:28:35 +01:00
b50b89ba14
[client] Cleanup status resources on engine stop ( #2981 )
...
cleanup leftovers from status recorder when stopping the engine
2024-12-04 14:09:04 +01:00
e5d42bc963
[client] Add state handling cmdline options ( #2821 )
2024-12-03 16:07:18 +01:00
8866394eb6
[client] Don't choke on non-existent interface in route updates ( #2922 )
2024-12-03 15:33:41 +01:00
17c20b45ce
[client] Add network map to debug bundle ( #2966 )
2024-12-03 14:50:12 +01:00
6285e0d23e
[client] Add netbird.err and netbird.out to debug bundle ( #2971 )
2024-12-03 12:43:17 +01:00
a4826cfb5f
[client] Get static system info once ( #2965 )
...
Get static system info once for Windows, Darwin, and Linux nodes
This should improve startup and peer authentication times
2024-12-03 10:22:04 +01:00
a0bf0bdcc0
Pass IP instead of net to Rosenpass ( #2975 )
2024-12-03 10:13:27 +01:00
dffce78a8c
[client] Fix debug bundle state anonymization test ( #2976 )
2024-12-02 20:19:34 +01:00
c7e7ad5030
[client] Add state file to debug bundle ( #2969 )
2024-12-02 18:04:02 +01:00
5142dc52c1
[client] Persist route selection ( #2810 )
2024-12-02 17:55:02 +01:00
ecb44ff306
[client] Add pprof build tag ( #2964 )
...
* Add pprof build tag
* Change env handling
2024-12-01 19:22:52 +01:00
e4a5fb3e91
Unspecified address: default NetworkTypeUDP4+NetworkTypeUDP6 ( #2804 )
2024-11-30 10:34:52 +01:00
9203690033
[client] Code cleaning in net pkg and fix exit node feature on Android( #2932 )
...
Code cleaning around the util/net package. The goal was to write a more understandable source code but modify nothing on the logic.
Protect the WireGuard UDP listeners with marks.
The implementation can support the VPN permission revocation events in thread safe way. It will be important if we start to support the running time route and DNS update features.
- uniformize the file name convention: [struct_name] _ [functions] _ [os].go
- code cleaning in net_linux.go
- move env variables to env.go file
2024-11-26 23:34:27 +01:00
9810386937
[client] Allow routing to fallback to exclusion routes if rules are not supported ( #2909 )
2024-11-25 15:19:56 +01:00
f1625b32bd
[client] Set up sysctl and routing table name only if routing rules are available ( #2933 )
2024-11-25 15:12:16 +01:00
0ecd5f2118
[client] Test nftables for incompatible iptables rules ( #2948 )
2024-11-25 15:11:56 +01:00
