6cb697eed6
[management] Refactor setup key to use store methods ( #2861 )
...
* Refactor setup key handling to use store methods
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add lock to get account groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add check for regular user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* get only required groups for auto-group validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add account lock and return auto groups map on validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix missing group removed from setup key activity
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Remove context from DB queries
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add user permission check and add setup events into events to store slice
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Retrieve all groups once during setup key auto-group validation
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix lint
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix sonar
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-11-11 19:46:10 +03:00
e0bed2b0fb
[client] Fix race conditions ( #2869 )
...
* Fix concurrent map access in status
* Fix race when retrieving ctx state error
* Fix race when accessing service controller server instance
2024-11-11 14:55:10 +01:00
30f025e7dd
[client] fix/proxy close ( #2873 )
...
When the remote peer switches the Relay instance then must to close the proxy connection to the old instance.
It can cause issues when the remote peer switch connects to the Relay instance multiple times and then reconnects to an instance it had previously connected to.
2024-11-11 14:18:38 +01:00
b4d7605147
[client] Remove loop after route calculation ( #2856 )
...
- ICE do not trigger disconnect callbacks if the stated did not change
- Fix route calculation callback loop
- Move route state updates into protected scope by mutex
- Do not calculate routes in case of peer.Open() and peer.Close()
2024-11-11 10:53:57 +01:00
08b6e9d647
[management] Fix api error message typo peers_group ( #2862 )
2024-11-08 23:28:02 +01:00
67ce14eaea
[management] Add peer lock to grpc server ( #2859 )
...
* add peer lock to grpc server
* remove sleep and put db update first
* don't export lock method
2024-11-08 18:47:22 +01:00
669904cd06
[management] Remove context from database calls ( #2863 )
2024-11-08 15:49:00 +01:00
4be826450b
[client] Use offload in WireGuard bind receiver ( #2815 )
...
Improve the performance on Linux and Android in case of P2P connections
2024-11-07 17:28:38 +01:00
738387f2de
Add benchmark tests to get account with claims ( #2761 )
...
* Add benchmark tests to get account with claims
* add users to account objects
* remove hardcoded env
2024-11-07 17:23:35 +01:00
baf0678ceb
[management] Fix potential panic on inactivity expiration log message ( #2854 )
2024-11-07 16:33:57 +01:00
7fef8f6758
[management] Enforce max conn of 1 for sqlite setups ( #2855 )
2024-11-07 16:32:35 +01:00
6829a64a2d
[client] Exclude split default route ip addresses from anonymization ( #2853 )
2024-11-07 16:29:32 +01:00
cbf500024f
[relay-server] Use X-Real-IP in case of reverse proxy ( #2848 )
...
* Use X-Real-IP in case of reverse proxy
* Use sprintf
2024-11-07 16:14:53 +01:00
509e184e10
[client] Use the prerouting chain to mark for masquerading to support older systems ( #2808 )
2024-11-07 12:37:04 +01:00
3e88b7c56e
[management] Fix network map update on peer validation ( #2849 )
2024-11-07 09:50:13 +01:00
b952d8693d
Fix cached device flow oauth ( #2833 )
...
This change removes the cached device flow oauth info when a down command is called
Removing the need for the agent to be restarted
2024-11-05 14:51:17 +01:00
5b46cc8e9c
Avoid failing all other matrix tests if one fails ( #2839 )
2024-11-05 13:28:42 +01:00
a9d06b883f
add all group to add peer affected peers network map check ( #2830 )
2024-11-01 22:09:08 +01:00
5f06b202c3
[client] Log windows panics ( #2829 )
2024-11-01 15:08:22 +01:00
0eb99c266a
Fix unused servers cleanup ( #2826 )
...
The cleanup loop did not manage those situations well when a connection failed or
the connection success but the code did not add a peer connection to it yet.
- in the cleanup loop check if a connection failed to a server
- after adding a foreign server connection force to keep it a minimum 5 sec
2024-11-01 12:33:29 +01:00
bac95ace18
[management] Add DB access duration to logs for context cancel ( #2781 )
2024-11-01 10:58:39 +01:00
9812de853b
Allocate new buffer for every package ( #2823 )
2024-11-01 00:33:25 +01:00
ad4f0a6fdf
[client] Nil check on ICE remote conn ( #2806 )
2024-10-31 23:18:35 +01:00
4c758c6e52
[management] remove network map diff calculations ( #2820 )
2024-10-31 19:24:15 +01:00
ec5095ba6b
Create FUNDING.yml ( #2814 )
2024-10-30 17:25:02 +01:00
49a54624f8
Create funding.json ( #2813 )
2024-10-30 17:18:27 +01:00
729bcf2b01
[management] add metrics to network map diff ( #2811 )
2024-10-30 16:53:23 +01:00
a0cdb58303
[client] Fix the broken dependency gvisor.dev/gvisor ( #2789 )
...
The release was removed which is described at
https://github.com/google/gvisor/issues/11085#issuecomment-2438974962 .
2024-10-29 20:17:40 +01:00
39c99781cb
fix meta is equal slices ( #2807 )
2024-10-29 19:54:38 +01:00
01f24907c5
[client] Fix multiple peer name filtering in netbird status command ( #2798 )
2024-10-29 17:49:41 +01:00
10480eb52f
[management] Setup key improvements ( #2775 )
2024-10-28 17:52:23 +01:00
1e44c5b574
[client] allow relay leader on iOS ( #2795 )
2024-10-28 16:55:00 +01:00
940f8b4547
[client] Remove legacy forwarding rules in userspace mode ( #2782 )
2024-10-28 12:29:29 +01:00
46e37fa04c
[client] Ignore route rules with no sources instead of erroring out ( #2786 )
2024-10-28 12:28:44 +01:00
b9f205b2ce
[misc] Update Zitadel from v2.54.10 to v2.64.1
2024-10-28 10:08:17 +01:00
0fd874fa45
[client] Make native firewall init fail firewall creation ( #2784 )
2024-10-28 10:02:27 +01:00
8016710d24
[client] Cleanup firewall state on startup ( #2768 )
2024-10-24 14:46:24 +02:00
4e918e55ba
[client] Fix controller re-connection ( #2758 )
...
Rethink the peer reconnection implementation
2024-10-24 11:43:14 +02:00
869537c951
[client] Cleanup dns and route states on startup ( #2757 )
2024-10-24 10:53:46 +02:00
44f2ce666e
[relay-client] Log exposed address ( #2771 )
...
* Log exposed address
2024-10-23 18:32:27 +02:00
563dca705c
[management] Fix session inactivity response ( #2770 )
2024-10-23 16:40:15 +02:00
7bda385e1b
[management] Optimize network map updates ( #2718 )
...
* Skip peer update on unchanged network map (#2236 )
* Enhance network updates by skipping unchanged messages
Optimizes the network update process
by skipping updates where no changes in the peer update message received.
* Add unit tests
* add locks
* Improve concurrency and update peer message handling
* Refactor account manager network update tests
* fix test
* Fix inverted network map update condition
* Add default group and policy to test data
* Run peer updates in a separate goroutine
* Refactor
* Refactor lock
* Fix peers update by including NetworkMap and posture Checks
* go mod tidy
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* [management] Skip account peers update if no changes affect peers (#2310 )
* Remove incrementing network serial and updating peers after group deletion
* Update account peer if posture check is linked to policy
* Remove account peers update on saving setup key
* Refactor group link checking into re-usable functions
* Add HasPeers function to group
* Refactor group management
* Optimize group change effects on account peers
* Update account peers if ns group has peers
* Refactor group changes
* Optimize account peers update in DNS settings
* Optimize update of account peers on jwt groups sync
* Refactor peer account updates for efficiency
* Optimize peer update on user deletion and changes
* Remove condition check for network serial update
* Optimize account peers updates on route changes
* Remove UpdatePeerSSHKey method
* Remove unused isPolicyRuleGroupsEmpty
* Add tests for peer update behavior on posture check changes
* Add tests for peer update behavior on policy changes
* Add tests for peer update behavior on group changes
* Add tests for peer update behavior on dns settings changes
* Refactor
* Add tests for peer update behavior on name server changes
* Add tests for peer update behavior on user changes
* Add tests for peer update behavior on route changes
* fix tests
* Add tests for peer update behavior on setup key changes
* Add tests for peer update behavior on peers changes
* fix merge
* Fix tests
* go mod tidy
* Add NameServer and Route comparators
* Update network map diff logic with custom comparators
* Add tests
* Refactor duplicate diff handling logic
* fix linter
* fix tests
* Refactor policy group handling and update logic.
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update route check by checking if group has peers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor posture check policy linking logic
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Simplify peer update condition in DNS management
Refactor the condition for updating account peers to remove redundant checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add policy tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add posture checks tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix user and setup key tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix account and route tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix typo
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix nameserver tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix routes tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix group tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* upgrade diff package
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix nameserver tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* use generic differ for netip.Addr and netip.Prefix
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* go mod tidy
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add peer tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix merge
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix management suite tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix postgres tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* enable diff nil structs comparison
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip the update only last sent the serial is larger
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* refactor peer and user
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip spell check for groupD
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor group, ns group, policy and posture checks
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip spell check for GroupD
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* update account policy check before verifying policy status
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Update management/server/route_test.go
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* add tests missing tests for dns setting groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add tests for posture checks changes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add ns group and policy tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add route and group tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* increase Linux test timeout to 10 minutes
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Run diff for client posture checks only
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add panic recovery and detailed logging in peer update comparison
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Fix tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
2024-10-23 13:05:02 +03:00
30ebcf38c7
[client] Eliminate UDP proxy in user-space mode ( #2712 )
...
In the case of user space WireGuard mode, use in-memory proxy between the TURN/Relay connection and the WireGuard Bind. We keep the UDP proxy and eBPF proxy for kernel mode.
The key change is the new wgproxy/bind and the iface/bind/ice_bind changes. Everything else is just to fulfill the dependencies.
2024-10-22 20:53:14 +02:00
0106a95f7a
lock account and use transaction ( #2767 )
...
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-10-22 13:29:17 +03:00
9929b22afc
Replace suite tests with regular go tests ( #2762 )
...
* Replace file suite tests with go tests
* Replace file suite tests with go tests
2024-10-21 14:39:28 +02:00
88e4fc2245
Release global lock on early error ( #2760 )
2024-10-19 18:32:17 +02:00
c8d8748dcf
Update sign workflow version ( #2756 )
2024-10-18 17:28:58 +02:00
507a40bd7f
Fix decompress zip path ( #2755 )
...
Since 0.30.2 the decompressed binary path from the signed package has changed
now it doesn't contain the arch suffix
this change handles that
2024-10-17 20:39:59 +02:00
ccd4ae6315
Fix domain information is up to date check ( #2754 )
2024-10-17 19:21:35 +02:00
96d2207684
Fix JSON function compatibility for SQLite and PostgreSQL ( #2746 )
...
resolves the issue with json_array_length compatibility between SQLite and PostgreSQL. It adjusts the query to conditionally cast types:
PostgreSQL: Casts to json with ::json.
SQLite: Uses the text representation directly.
2024-10-16 17:55:30 +02:00
