766e0cccc9
Add packet tracer
2025-01-03 21:09:40 +01:00
7dfe7e426e
Always use userspace routing in netstack mode
2025-01-03 18:38:57 +01:00
eaadb75144
Add env var to force userspace routing if native routing is available
2025-01-03 18:02:35 +01:00
0b116b3941
Use native firewall for nat/firewall operations if available
2025-01-03 17:52:36 +01:00
f69dd6fb62
Make extra IPs from interfaces optional
2025-01-03 16:54:46 +01:00
62a20f5f1a
Add local IPs test
2025-01-03 16:50:00 +01:00
a6ad4dcf22
Close endpoint when stopping udp forwarder
2025-01-03 16:40:51 +01:00
f26b418e83
Allow to set firewall log level
2025-01-03 16:04:00 +01:00
979fe6bb6a
Reduce complexity and fix linter issues
2025-01-03 15:43:28 +01:00
c68be6b61b
Remove fractions of seconds
2025-01-03 15:18:36 +01:00
fc799effda
Set log level from logrus
2025-01-03 15:16:30 +01:00
955b2b98e1
Complete route ACLs and add tests
2025-01-03 15:16:23 +01:00
9490e9095b
Reduce complexity
2025-01-03 11:50:51 +01:00
d711172f67
Fix benchmarks
2025-01-03 11:30:55 +01:00
0c2fa38e26
Exclude benchmark from CI
2025-01-03 11:27:52 +01:00
88b420da6d
Remove linux restriction
2025-01-03 00:23:35 +01:00
2930288f2d
Fix test expectation
2025-01-03 00:22:09 +01:00
0b9854b2b1
Fix tests
2025-01-03 00:01:40 +01:00
f772a21f37
Fix log level handling
2025-01-02 19:02:40 +01:00
e912f2d7c0
Fix double close in logger
2025-01-02 19:02:40 +01:00
568d064089
Drop certain forwarded icmp packets
2025-01-02 19:02:40 +01:00
911f86ded8
Support local IPs in netstack mode
2025-01-02 19:02:40 +01:00
2b8092dfad
Close endpoints
2025-01-02 16:41:54 +01:00
c3c6afa37b
Merge branch 'main' into userspace-router
2025-01-02 16:25:04 +01:00
fa27369b59
Fix linter issues
2025-01-02 16:21:03 +01:00
657413b8a6
Move icmp acceptance logic
2025-01-02 15:59:53 +01:00
d85e57e819
Handle other icmp types in forwarder
2025-01-02 15:59:53 +01:00
7667886794
Add more tcp logging
2025-01-02 15:17:53 +01:00
a12a9ac290
Handle all local IPs
2025-01-02 14:59:41 +01:00
ed22d79f04
Add more control with env vars, also allow to pass traffic to native firewall
2025-01-02 13:40:36 +01:00
509b4e2132
Lower udp timeout and add teardown messages
2024-12-31 16:06:17 +01:00
fb1a10755a
Fix lint and test issues
2024-12-31 14:38:59 +01:00
abbdf20f65
[client] Allow inbound rosenpass port ( #3109 )
2024-12-31 14:08:48 +01:00
43ef64cf67
[client] Ignore case when matching domains in handler chain ( #3133 )
2024-12-31 14:07:21 +01:00
9feaa8d767
Add icmp forwarder
2024-12-31 12:23:16 +01:00
6a97d44d5d
Improve udp implementation
2024-12-31 00:34:05 +01:00
d2616544fe
Add logger
2024-12-31 00:34:05 +01:00
fad82ee65c
Add stop methods and improve udp implementation
2024-12-30 14:30:53 +01:00
4199da4a45
Add userspace routing
2024-12-30 01:38:28 +01:00
b3c87cb5d1
[client] Fix inbound tracking in userspace firewall ( #3111 )
...
* Don't create state for inbound SYN
* Allow final ack in some cases
* Relax state machine test a little
2024-12-26 00:51:27 +01:00
0dbaddc7be
[client] Don't fail debug if log file is console ( #3103 )
2024-12-24 15:05:23 +01:00
ad9f044aad
[client] Add stateful userspace firewall and remove egress filters ( #3093 )
...
- Add stateful firewall functionality for UDP/TCP/ICMP in userspace firewalll
- Removes all egress drop rules/filters, still needs refactoring so we don't add output rules to any chains/filters.
- on Linux, if the OUTPUT policy is DROP then we don't do anything about it (no extra allow rules). This is up to the user, if they don't want anything leaving their machine they'll have to manage these rules explicitly.
2024-12-23 18:22:17 +01:00
05930ee6b1
[client] Add firewall rules to the debug bundle ( #3089 )
...
Adds the following to the debug bundle:
- iptables: `iptables-save`, `iptables -v -n -L`
- nftables: `nft list ruleset` or if not available formatted output from netlink (WIP)
2024-12-23 15:57:15 +01:00
b48cf1bf65
[client] Reduce DNS handler chain lock contention ( #3099 )
2024-12-21 15:56:52 +01:00
82b4e58ad0
Do not start DNS forwarder on client side ( #3094 )
2024-12-20 16:20:50 +01:00
ddc365f7a0
[client, management] Add new network concept ( #3047 )
...
---------
Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com >
Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com >
2024-12-20 11:30:28 +01:00
37ad370344
[client] Avoid using iota on mixed const block ( #3057 )
...
Used the values as resolved when the first iota value was the second const in the block.
2024-12-16 18:09:31 +01:00
3844516aa7
[client] fix: reformat IPv6 ICE addresses when punching ( #3050 )
...
Should fix #2327 and #2606 by checking for IPv6 addresses from ICE
2024-12-16 09:58:54 +01:00
a4a30744ad
Fix race condition with systray ready ( #2993 )
2024-12-14 12:17:53 -08:00
dcba6a6b7e
fix: client/Dockerfile to reduce vulnerabilities ( #3019 )
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201
- https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201
Co-authored-by: snyk-bot <snyk-bot@snyk.io >
2024-12-11 16:46:51 +01:00
