netbird

mirror of https://github.com/netbirdio/netbird.git synced 2025-06-29 06:01:47 +02:00

Author	SHA1	Message	Date
pascal-fischer	7e5d3bdfe2	[signal] Move dummy signal message handling into dispatcher (#2686 )	2024-10-02 15:33:38 +02:00
Maycon Santos	b7b0828133	[client] Adjust relay worker log level and message (#2683 )	2024-10-02 15:14:09 +02:00
Bethuel Mmbaga	ff7863785f	[management, client] Add access control support to network routes (#2100 )	2024-10-02 13:41:00 +02:00
Maycon Santos	a3a479429e	Use the pkgs to get the latest version (#2682 ) * Use the pkgs to get the latest version * disable fail fast	2024-10-02 11:48:42 +02:00
Maycon Santos	5932298ce0	Add log setting to Caddy container (#2684 ) This avoids full disk on busy systems	2024-10-02 11:48:09 +02:00
Zoltan Papp	ee0ea86a0a	[relay-client] Fix Relay disconnection handling (#2680 ) * Fix Relay disconnection handling If has an active P2P connection meanwhile the Relay connection broken with the server then we removed the WireGuard peer configuration. * Change logs	2024-10-01 16:22:18 +02:00
Simen	24c0aaa745	Install sh alpine fixes (#2678 ) * Made changes to the peer install script that makes it work on alpine linux without changes * fix small oversight with doas fix * use try catch approach when curling binaries	2024-10-01 13:32:58 +02:00
pascal-fischer	16179db599	[management] Propagate metrics (#2667 )	2024-09-30 22:18:10 +02:00
Maycon Santos	e27f85b317	Update docker creds (#2677 )	2024-09-30 20:07:21 +02:00
Gianluca Boiano	2fd60b2cb4	Specify goreleaser version and update to 2 (#2673 )	2024-09-30 16:43:34 +02:00
Zoltan Papp	3dca6099d4	Fix ebpf close function (#2672 )	2024-09-30 10:34:57 +02:00
pascal-fischer	cfbcf507fb	propagate meter (#2668 )	2024-09-29 20:23:34 +02:00
pascal-fischer	52ae693c9e	[signal] add context to signal-dispatcher (#2662 )	2024-09-29 00:22:47 +02:00
adasauce	58ff7ab797	[management] improve zitadel idp error response detail by decoding errors (#2634 ) * [management] improve zitadel idp error response detail by decoding errors * [management] extend readZitadelError to be used for requestJWTToken more generically parse the error returned by zitadel. * fix lint --------- Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-09-27 22:21:34 +03:00
Bethuel Mmbaga	acb73bd64a	[management] Remove redundant get account calls in GetAccountFromToken (#2615 ) * refactor access control middleware and user access by JWT groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor jwt groups extractor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to get account when necessary Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * revert handles change Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove GetUserByID from account manager Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims to return account id Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to use GetAccountIDFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove locks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByName from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByID from store and refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor retrieval of policy and posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor user permissions and retrieves PAT Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor route, setupkey, nameserver and dns to get record(s) from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix add missing policy source posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add store lock Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add get account Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-09-27 17:10:50 +03:00
Zoltan Papp	4ebf6e1c4c	[client] Close the remote conn in proxy (#2626 ) Port the conn close call to eBPF proxy	2024-09-25 18:50:10 +02:00
pascal-fischer	1e4a0f77e2	Add get DB method to store (#2650 )	2024-09-25 18:22:27 +02:00
Viktor Liu	b51d75204b	[client] Anonymize relay address in status peers view (#2640 )	2024-09-24 20:58:18 +02:00
Viktor Liu	e7d52c8c95	[client] Fix error count formatting (#2641 )	2024-09-24 20:57:56 +02:00
Viktor Liu	ab82302c95	[client] Remove usage of custom dialer for localhost (#2639 ) * Downgrade error log level for network monitor warnings * Do not use custom dialer for localhost	2024-09-24 12:29:15 +02:00
pascal-fischer	d47be154ea	[misc] Fix ip range posture check example (#2628 )	2024-09-23 10:02:03 +02:00
Bethuel Mmbaga	35c892aea3	[management] Restrict accessible peers to user-owned peers for non-admins (#2618 ) * Restrict accessible peers to user-owned peers for non-admin users Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add service user test Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * reuse account from token Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * return error when peer not found Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-09-20 12:36:58 +03:00
Zoltan Papp	fc4b37f7bc	Exit from processConnResults after all tries (#2621 ) * Exit from processConnResults after all tries If all server is unavailable then the server picker never return because we never close the result channel. Count the number of the results and exit when we reached the expected size v0.29.4	2024-09-19 13:49:28 +02:00
Zoltan Papp	6f0fd1d1b3	- Increase queue size and drop the overflowed messages (#2617 ) - Explicit close the net.Conn in user space wgProxy when close the wgProxy - Add extra logs	2024-09-19 13:49:09 +02:00
Zoltan Papp	28cbb4b70f	[client] Cancel the context of wg watcher when the go routine exit (#2612 ) v0.29.3 0.29.3	2024-09-17 12:10:17 +02:00
Zoltan Papp	1104c9c048	[client] Fix race condition while read/write conn status in peer conn (#2607 )	2024-09-17 11:15:14 +02:00
Maycon Santos	5bc601111d	[relay] Add health check attempt threshold (#2609 ) * Add health check attempt threshold for receiver * Add health check attempt threshold for sender	2024-09-17 10:04:17 +02:00
Zoltan Papp	b74951f29e	[client] Enforce permissions on Win (#2568 ) Enforce folder permission on Windows, giving only administrators and system access to the NetBird folder.	2024-09-16 22:42:37 +02:00
Zoltan Papp	97e10e440c	Fix leaked server connections (#2596 ) Fix leaked server connections close unused connections in the client lib close deprecated connection in the server lib The Server Picker is reusable in the guard if we want in the future. So we can support the server address changes. --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> * Add logging --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>	2024-09-16 16:11:10 +02:00
pascal-fischer	6c50b0c84b	[management] Add transaction to addPeer (#2469 ) This PR removes the GetAccount and SaveAccount operations from the AddPeer and instead makes use of gorm.Transaction to add the new peer.	2024-09-16 15:47:03 +02:00
pascal-fischer	730dd1733e	[signal] Fix signal active peers metrics (#2591 )	2024-09-15 16:46:55 +02:00
Bethuel Mmbaga	82739e2832	[management] fix legacy decrypting of empty values (#2595 ) * allow legacy decrypting on empty values * validate source size and padding limits * added tests --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>	2024-09-15 16:22:46 +02:00
Maycon Santos	fa7767e612	Fix get management and signal state race condition (#2570 ) * Fix get management and signal state race condition * fix get full status lock	2024-09-15 16:07:26 +02:00
benniekiss	f1171198de	[management] Add command flag to set metrics port for signal and relay service, and update management port (#2599 ) * add flags to customize metrics port for relay and signal * change management default metrics port to match other services	2024-09-14 10:34:32 +02:00
Zoltan Papp	9e041b7f82	Fix blocked net.Conn Close call (#2600 )	2024-09-14 10:27:37 +02:00
Zoltan Papp	b4c8cf0a67	Change heartbeat timeout (#2598 )	2024-09-14 10:12:54 +02:00
Carlos Hernandez	1ef51a4ffa	[client] Ensure engine is stopped before starting it back (#2565 ) Before starting a new instance of the engine, check if it is nil and stop the current instance	2024-09-13 16:46:59 +02:00
Maycon Santos	f6d57e7a96	[misc] Support configurable max log size with var NB_LOG_MAX_SIZE_MB (#2592 ) * Support configurable max log size with var NB_LOG_MAX_SIZE_MB * add better logs v0.29.2	2024-09-12 19:56:55 +02:00
Zoltan Papp	ab892b8cf9	Fix wg handshake checking (#2590 ) * Fix wg handshake checking * Ensure in the initial handshake reading * Change the handshake period	2024-09-12 19:18:02 +02:00
Gianluca Boiano	33c9b2d989	fix: install.sh: avoid call of netbird executable after rpm installation (#2589 )	2024-09-12 17:32:47 +02:00
Bethuel Mmbaga	170e842422	[management] Add accessible peers endpoint (#2579 ) * move accessible peer to separate endpoint in api doc Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add endpoint to get accessible peers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update management/server/http/api/openapi.yml Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com> * Update management/server/http/api/openapi.yml Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com> * Update management/server/http/peers_handler.go Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com>	2024-09-12 16:19:27 +03:00
Maycon Santos	4c130a0291	Update Go version to 1.23 (#2588 )	2024-09-12 13:46:28 +02:00
Maycon Santos	afb9673bc4	[misc] Update core github actions (#2584 )	2024-09-11 21:49:05 +02:00
Bethuel Mmbaga	cf6210a6f4	[management] Add GCM encryption and migrate legacy encrypted events (#2569 ) * Add AES-GCM encryption Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * migrate legacy encrypted data to AES-GCM encryption Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor and use transaction when migrating data Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add events migration tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * skip migrating record on error Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Preallocate capacity for nonce to avoid allocations in Seal Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-09-11 20:09:57 +03:00
Maycon Santos	c59a39d27d	Update service package version (#2582 ) v0.29.1	2024-09-11 19:05:10 +02:00
Maycon Santos	47adb976f8	Remove pre-release step from workflow (#2583 )	2024-09-11 18:59:19 +02:00
Zoltan Papp	9cfc8f8aa4	[relay] change log levels (#2580 )	2024-09-11 18:36:19 +02:00
Viktor Liu	2d1bf3982d	[relay] Improve relay messages (#2574 ) Co-authored-by: Zoltán Papp <zoltan.pmail@gmail.com>	2024-09-11 16:20:30 +02:00
Viktor Liu	50ebbe482e	[client] Don't overwrite allowed IPs when updating the wg peer's endpoint address (#2578 ) This will fix broken routes on routing clients when upgrading/downgrading from/to relayed connections.	2024-09-11 16:05:13 +02:00
pascal-fischer	f43a0a0177	[client] Retry on tun creation for darwin (#2564 ) The interface creation on macOS seems to be asynchronus why the tun.create methode somethimes failes becasue the interface is not ready yet. To work around this issue we introduce a retry on tun.create v0.29.0	2024-09-09 19:02:10 +02:00

... 6 7 8 9 10 ...

1979 Commits