7e3ff3044c
Use mysql memory instead of fs
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2025-01-02 17:32:59 +03:00
79f94dd0bb
Refactor pat to support mysql
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2025-01-02 16:49:23 +03:00
525019b5ed
Use time pointer instead of sql.NullTime
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2025-01-02 15:48:50 +03:00
a3fe7bea38
Merge branch 'main' into feature/mysql-support
2025-01-02 14:54:14 +03:00
03fd656344
[management] Fix policy tests ( #3135 )
...
- Add firewall rule isEqual method
- Fix tests
2024-12-31 18:45:40 +01:00
18b049cd24
[management] remove sorting from network map generation ( #3126 )
2024-12-31 18:10:40 +01:00
2bdb4cb44a
[management] Preserve jwt groups when accessing API with PAT ( #3128 )
...
* Skip JWT group sync for token-based authentication
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-31 18:59:37 +03:00
abbdf20f65
[client] Allow inbound rosenpass port ( #3109 )
2024-12-31 14:08:48 +01:00
43ef64cf67
[client] Ignore case when matching domains in handler chain ( #3133 )
2024-12-31 14:07:21 +01:00
1adab0d06d
Revert caching test containers
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-30 18:38:51 +03:00
18316be09a
[management] add selfhosted metrics for networks ( #3118 )
2024-12-30 12:53:51 +01:00
1a623943c8
[management] Fix networks net map generation with posture checks ( #3124 )
2024-12-30 12:40:24 +01:00
9ee234ac35
Handle user lastLogin null time
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-30 13:56:05 +03:00
0207a326dc
Refactor and handle null time
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-27 20:05:38 +03:00
3f30eb7692
Terminate tests containers on defer instead of waiting
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-27 18:06:12 +03:00
80d1bed9ce
downgrade test containers
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-27 17:29:57 +03:00
0422b36acf
Fix unknown mysql config file path
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-27 16:42:59 +03:00
fbce8bb511
[management] remove ids from policy creation api ( #2997 )
2024-12-27 14:13:36 +01:00
445b626dc8
[management] Add missing group usage checks for network resources and routes access control ( #3117 )
...
* Prevent deletion of groups linked to routes access control groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Prevent deletion of groups linked to network resource
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-27 14:39:34 +03:00
b3c87cb5d1
[client] Fix inbound tracking in userspace firewall ( #3111 )
...
* Don't create state for inbound SYN
* Allow final ack in some cases
* Relax state machine test a little
2024-12-26 00:51:27 +01:00
0dbaddc7be
[client] Don't fail debug if log file is console ( #3103 )
2024-12-24 15:05:23 +01:00
626b36f6c5
Refactor tests containers
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-24 17:03:09 +03:00
0daccaeabb
fix merge
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-24 14:54:27 +03:00
214b863e40
Merge branch 'main' into feature/mysql-support
...
# Conflicts:
# management/server/account.go
# management/server/store/sql_store.go
# management/server/store/store.go
2024-12-24 14:43:54 +03:00
f75af15925
Downgrade test containers to v0.31.0
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-24 14:00:53 +03:00
ad9f044aad
[client] Add stateful userspace firewall and remove egress filters ( #3093 )
...
- Add stateful firewall functionality for UDP/TCP/ICMP in userspace firewalll
- Removes all egress drop rules/filters, still needs refactoring so we don't add output rules to any chains/filters.
- on Linux, if the OUTPUT policy is DROP then we don't do anything about it (no extra allow rules). This is up to the user, if they don't want anything leaving their machine they'll have to manage these rules explicitly.
2024-12-23 18:22:17 +01:00
05930ee6b1
[client] Add firewall rules to the debug bundle ( #3089 )
...
Adds the following to the debug bundle:
- iptables: `iptables-save`, `iptables -v -n -L`
- nftables: `nft list ruleset` or if not available formatted output from netlink (WIP)
2024-12-23 15:57:15 +01:00
e670068cab
[management] Run test sequential ( #3101 )
2024-12-23 14:37:09 +01:00
215c9047ba
MySQL Support ( #2837 )
...
* Update store.go
* Update sql_store.go
* Update store.go
* Update golang-test-linux.yml
* Update store.go
* Update go.mod
* Update go.mod
* Update go.sum
* Update store.go
* Update sql_store.go
* TestContainer
* Update go.sum
* Update store.go
* TestUtil Duplicate
* dsn fix
* go mod tidy
* NETBIRD_STORE_ENGINE_MYSQL_DSN
* Skip Test
* Update test-infrastructure-files.yml
* Update test-infrastructure-files.yml
* MYSQL_ROOT_PASSWORD added
* Update test-infrastructure-files.yml
* Update store.go
* Debug + Mysql JSON Query
* swicth/case convert
* Update store.go
* Update store.go
* Debug
* MySQL Test Version Change
* Root Test
* Ignore other sql tests.
* MySQL Connection Fix
* enable other tests
* The word "key" is a reserved word in MySQL.
* Remove Debugs
* Update sql_store.go
* Added default null value for datetime.
* Added default null value for datetime.
* MySQL Hooks
* MySQL Config File
* remove default values
* test timeout change
* MySQL max lifetime change
* WithConfigFile
* disable other tests
* Update mysql.cnf
* Update golang-test-linux.yml
* Delete sql_hooks.go
* enable other tests
* test timeout change
* update packets
* Fix the Inactivity Expiration problem
* Update sql_store.go
* Update mysql.cnf
* Update sql_store.go
* Update sql_store.go
* timeout change
* MySQL Connection LifeTime Change
* TestContainers have been optimized.
* Update store_ios.go
* Update sql_store.go
* timeout fix
* fix migration (setup keys)
* Update event.go
* Add disable option for event activities.
* Revert "Update event.go"
* Update event.go
* Fix Gorm Mysql Bug
* update go-jose module
* containerd module update
* containerd downgrade
* Revert commits
* Revert "Revert commits"
This reverts commit 62b3eac7994e46108915e8cfa87d161fabdc7606
2024-12-23 13:06:13 +03:00
b48cf1bf65
[client] Reduce DNS handler chain lock contention ( #3099 )
2024-12-21 15:56:52 +01:00
7ee7ada273
[management] Fix duplicate resource routes when routing peer is part of the source group ( #3095 )
...
* Remove duplicate resource routes when routing peer is part of the source group
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-20 21:10:53 +03:00
82b4e58ad0
Do not start DNS forwarder on client side ( #3094 )
2024-12-20 16:20:50 +01:00
ddc365f7a0
[client, management] Add new network concept ( #3047 )
...
---------
Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com >
Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com >
2024-12-20 11:30:28 +01:00
37ad370344
[client] Avoid using iota on mixed const block ( #3057 )
...
Used the values as resolved when the first iota value was the second const in the block.
2024-12-16 18:09:31 +01:00
703647da1e
fix client unsupported h2 protocol when only 443 activated ( #3009 )
...
When I remove 80 http port in Caddyfile, netbird client cannot connect server:443. Logs show error below:
{"level":"debug","ts":1733809631.4012625,"logger":"http.stdlib","msg":"http: TLS handshake error from redacted:41580: tls: client requested unsupported application protocols ([h2])"}
I wonder here h2 protocol is absent.
2024-12-16 14:17:46 +01:00
9eff58ae62
Upgrade x/crypto package ( #3055 )
...
Mitigates the CVE-2024-45337
2024-12-16 10:30:41 +01:00
3844516aa7
[client] fix: reformat IPv6 ICE addresses when punching ( #3050 )
...
Should fix #2327 and #2606 by checking for IPv6 addresses from ICE
2024-12-16 09:58:54 +01:00
f591e47404
Handle DNF5 install script ( #3026 )
2024-12-16 09:41:36 +01:00
287ae81195
[misc] split tests with management and rest ( #3051 )
...
optimize go cache for tests
2024-12-14 21:18:46 +01:00
a4a30744ad
Fix race condition with systray ready ( #2993 )
2024-12-14 12:17:53 -08:00
dcba6a6b7e
fix: client/Dockerfile to reduce vulnerabilities ( #3019 )
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201
- https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201
Co-authored-by: snyk-bot <snyk-bot@snyk.io >
2024-12-11 16:46:51 +01:00
6142828a9c
[management] restructure api files ( #3013 )
2024-12-10 15:59:25 +01:00
97bb74f824
Remove peer login log ( #3005 )
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-09 18:40:06 +01:00
2147bf75eb
[client] Add peer conn init limit ( #3001 )
...
Limit the peer connection initialization to 200 peers at the same time
2024-12-09 17:10:31 +01:00
e40a29ba17
[client] Add support for state manager on iOS ( #2996 )
2024-12-06 16:51:42 +01:00
ff330e644e
upgrade zcalusic/sysinfo@v1.1.3 (add serial for ARM arch) ( #2954 )
...
Signed-off-by: Edouard Vanbelle <edouard.vanbelle@shadow.tech >
2024-12-05 15:38:00 +01:00
713e320c4c
Update account peers on login on meta change ( #2991 )
...
* Update account peers on login on meta change
* Factor out LoginPeer peer not found handling
2024-12-05 14:15:23 +01:00
e67fe89adb
Reduce max wait time to initialize peer connections ( #2984 )
...
* Reduce max wait time to initialize peer connections
setting rand time range to 100-300ms instead of 100-800ms
* remove min wait time
2024-12-05 13:03:11 +01:00
6cfbb1f320
[client] Init route selector early ( #2989 )
2024-12-05 12:41:12 +01:00
c853011a32
[client] Don't return error in rule removal if protocol is not supported ( #2990 )
2024-12-05 12:28:35 +01:00
