netbird

mirror of https://github.com/netbirdio/netbird.git synced 2025-06-28 21:51:40 +02:00

Author	SHA1	Message	Date
Emre Oksum	f942491b91	Update Zitadel version on quickstart script (#2744 ) Update Zitadel version at docker compose in quickstart script from 2.54.3 to 2.54.10 because 2.54.3 isn't stable and has a lot of bugs.	2024-10-16 17:51:21 +02:00
Viktor Liu	8c8900be57	[client] Exclude loopback from NAT (#2747 )	2024-10-16 17:35:59 +02:00
Maycon Santos	cee95461d1	[client] Add universal bin build and update sign workflow version (#2738 ) * Add universal binaries build for macOS * update sign pipeline version * handle info.plist in sign workflow	2024-10-15 15:03:17 +02:00
ctrl-zzz	49e65109d2	Add session expire functionality based on inactivity (#2326 ) Implemented inactivity expiration by checking the status of a peer: after a configurable period of time following netbird down, the peer shows login required.	2024-10-13 14:52:43 +02:00
Zoltan Papp	d93dd4fc7f	[relay-server] Move the handshake logic to separated struct (#2648 ) * Move the handshake logic to separated struct - The server will response to the client after it ready to process the peer - Preload the response messages * Fix deprecated lint issue * Fix error handling * [relay-server] Relay measure auth time (#2675) Measure the Relay client's authentication time	2024-10-12 18:21:34 +02:00
Viktor Liu	3a88ac78ff	[client] Add table filter rules using iptables (#2727 ) This specifically concerns the established/related rule since this one is not compatible with iptables-nft even if it is generated the same way by iptables-translate.	2024-10-12 10:44:48 +02:00
Maycon Santos	da3a053e2b	[management] Refactor getAccountIDWithAuthorizationClaims (#2715 ) This change restructures the getAccountIDWithAuthorizationClaims method to improve readability, maintainability, and performance. - have dedicated methods to handle possible cases - introduced Store.UpdateAccountDomainAttributes and Store.GetAccountUsers methods - Remove GetAccount and SaveAccount dependency - added tests	2024-10-12 08:35:51 +02:00
Zoltan Papp	0e95f16cdd	[relay,client] Relay/fix/wg roaming (#2691 ) If a peer connection switches from Relayed to ICE P2P, the Relayed proxy still consumes the data the other peer sends. Because the proxy is operating, the WireGuard switches back to the Relayed proxy automatically, thanks to the roaming feature. Extend the Proxy implementation with pause/resume functions. Before switching to the p2p connection, pause the WireGuard proxy operation to prevent unnecessary package sources. Consider waiting some milliseconds after the pause to be sure the WireGuard engine already processed all UDP msg in from the pipe.	2024-10-11 16:24:30 +02:00
pascal-fischer	b2379175fe	[signal] new signal dispatcher version (#2722 ) v0.30.1	2024-10-10 16:23:46 +02:00
Viktor Liu	09bdd271f1	[client] Improve route acl (#2705 ) - Update nftables library to v0.2.0 - Mark traffic that was originally destined for local and applies the input rules in the forward chain if said traffic was redirected (e.g. by Docker) - Add nft rules to internal map only if flush was successful - Improve error message if handle is 0 (= not found or hasn't been refreshed) - Add debug logging when route rules are added - Replace nftables userdata (rule ID) with a rule hash	2024-10-10 15:54:34 +02:00
Misha Bragin	208a2b7169	Add billing user role (#2714 )	2024-10-10 14:14:56 +02:00
pascal-fischer	8284ae959c	[management] Move testdata to sql files (#2693 )	2024-10-10 12:35:03 +02:00
Maycon Santos	6ce09bca16	Add support to envsub go management configurations (#2708 ) This change allows users to reference environment variables using Go template format, like {{ .EnvName }} Moved the previous file test code to file_suite_test.go.	2024-10-09 20:46:23 +02:00
pascal-fischer	b79c1d64cc	[management] Make max open db conns configurable (#2713 )	2024-10-09 20:17:25 +02:00
Misha Bragin	b1eda43f4b	Add Link to the Lawrence Systems video (#2711 )	2024-10-09 14:56:25 +02:00
pascal-fischer	d4ef84fe6e	[management] Propagate error in store errors (#2709 )	2024-10-09 14:33:58 +02:00
Viktor Liu	44e8107383	[client] Limit P2P attempts and restart on specific events (#2657 )	2024-10-08 11:21:11 +02:00
Bethuel Mmbaga	2c1f5e46d5	[management] Validate peer ownership during login (#2704 ) * check peer ownership in login Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update error message Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-10-07 19:06:26 +03:00
pascal-fischer	dbec24b520	[management] Remove admin check on getAccountByID (#2699 )	2024-10-06 17:01:13 +02:00
Carlos Hernandez	f603cd9202	[client] Check wginterface instead of engine ctx (#2676 ) Moving code to ensure wgInterface is gone right after context is cancelled/stop in the off chance that on next retry the backoff operation is permanently cancelled and interface is abandoned without destroying. v0.30.0	2024-10-04 19:15:16 +02:00
Bethuel Mmbaga	5897a48e29	fix wrong reference (#2695 ) Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-10-04 18:55:25 +03:00
Bethuel Mmbaga	8bf729c7b4	[management] Add AccountExists to AccountManager (#2694 ) * Add AccountExists method to account manager interface Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove unused code Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-10-04 18:09:40 +03:00
Bethuel Mmbaga	7f09b39769	[management] Refactor User JWT group sync (#2690 ) * Refactor GetAccountIDByUserOrAccountID Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * sync user jwt group changes Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * propagate jwt group changes to peers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix no jwt groups synced Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests and lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Move the account peer update outside the transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * move updateUserPeersInGroups to account manager Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * move event store outside of transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * get user with update lock Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Run jwt sync in transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-10-04 17:17:01 +03:00
pascal-fischer	158936fb15	[management] Remove file store (#2689 )	2024-10-03 15:50:35 +02:00
Maycon Santos	8934453b30	Update management base docker image (#2687 )	2024-10-02 19:29:51 +03:00
Zoltan Papp	fd67892cb4	[client] Refactor/iface pkg (#2646 ) Refactor the flat code structure	2024-10-02 18:24:22 +02:00
pascal-fischer	7e5d3bdfe2	[signal] Move dummy signal message handling into dispatcher (#2686 )	2024-10-02 15:33:38 +02:00
Maycon Santos	b7b0828133	[client] Adjust relay worker log level and message (#2683 )	2024-10-02 15:14:09 +02:00
Bethuel Mmbaga	ff7863785f	[management, client] Add access control support to network routes (#2100 )	2024-10-02 13:41:00 +02:00
Maycon Santos	a3a479429e	Use the pkgs to get the latest version (#2682 ) * Use the pkgs to get the latest version * disable fail fast	2024-10-02 11:48:42 +02:00
Maycon Santos	5932298ce0	Add log setting to Caddy container (#2684 ) This avoids full disk on busy systems	2024-10-02 11:48:09 +02:00
Zoltan Papp	ee0ea86a0a	[relay-client] Fix Relay disconnection handling (#2680 ) * Fix Relay disconnection handling If has an active P2P connection meanwhile the Relay connection broken with the server then we removed the WireGuard peer configuration. * Change logs	2024-10-01 16:22:18 +02:00
Simen	24c0aaa745	Install sh alpine fixes (#2678 ) * Made changes to the peer install script that makes it work on alpine linux without changes * fix small oversight with doas fix * use try catch approach when curling binaries	2024-10-01 13:32:58 +02:00
pascal-fischer	16179db599	[management] Propagate metrics (#2667 )	2024-09-30 22:18:10 +02:00
Maycon Santos	e27f85b317	Update docker creds (#2677 )	2024-09-30 20:07:21 +02:00
Gianluca Boiano	2fd60b2cb4	Specify goreleaser version and update to 2 (#2673 )	2024-09-30 16:43:34 +02:00
Zoltan Papp	3dca6099d4	Fix ebpf close function (#2672 )	2024-09-30 10:34:57 +02:00
pascal-fischer	cfbcf507fb	propagate meter (#2668 )	2024-09-29 20:23:34 +02:00
pascal-fischer	52ae693c9e	[signal] add context to signal-dispatcher (#2662 )	2024-09-29 00:22:47 +02:00
adasauce	58ff7ab797	[management] improve zitadel idp error response detail by decoding errors (#2634 ) * [management] improve zitadel idp error response detail by decoding errors * [management] extend readZitadelError to be used for requestJWTToken more generically parse the error returned by zitadel. * fix lint --------- Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-09-27 22:21:34 +03:00
Bethuel Mmbaga	acb73bd64a	[management] Remove redundant get account calls in GetAccountFromToken (#2615 ) * refactor access control middleware and user access by JWT groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor jwt groups extractor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to get account when necessary Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * revert handles change Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove GetUserByID from account manager Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims to return account id Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to use GetAccountIDFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove locks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByName from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByID from store and refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor retrieval of policy and posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor user permissions and retrieves PAT Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor route, setupkey, nameserver and dns to get record(s) from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix add missing policy source posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add store lock Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add get account Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-09-27 17:10:50 +03:00
Zoltan Papp	4ebf6e1c4c	[client] Close the remote conn in proxy (#2626 ) Port the conn close call to eBPF proxy	2024-09-25 18:50:10 +02:00
pascal-fischer	1e4a0f77e2	Add get DB method to store (#2650 )	2024-09-25 18:22:27 +02:00
Viktor Liu	b51d75204b	[client] Anonymize relay address in status peers view (#2640 )	2024-09-24 20:58:18 +02:00
Viktor Liu	e7d52c8c95	[client] Fix error count formatting (#2641 )	2024-09-24 20:57:56 +02:00
Viktor Liu	ab82302c95	[client] Remove usage of custom dialer for localhost (#2639 ) * Downgrade error log level for network monitor warnings * Do not use custom dialer for localhost	2024-09-24 12:29:15 +02:00
pascal-fischer	d47be154ea	[misc] Fix ip range posture check example (#2628 )	2024-09-23 10:02:03 +02:00
Bethuel Mmbaga	35c892aea3	[management] Restrict accessible peers to user-owned peers for non-admins (#2618 ) * Restrict accessible peers to user-owned peers for non-admin users Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add service user test Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * reuse account from token Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * return error when peer not found Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-09-20 12:36:58 +03:00
Zoltan Papp	fc4b37f7bc	Exit from processConnResults after all tries (#2621 ) * Exit from processConnResults after all tries If all server is unavailable then the server picker never return because we never close the result channel. Count the number of the results and exit when we reached the expected size v0.29.4	2024-09-19 13:49:28 +02:00
Zoltan Papp	6f0fd1d1b3	- Increase queue size and drop the overflowed messages (#2617 ) - Explicit close the net.Conn in user space wgProxy when close the wgProxy - Add extra logs	2024-09-19 13:49:09 +02:00

... 9 10 11 12 13 ...

2155 Commits