35c892aea3
[management] Restrict accessible peers to user-owned peers for non-admins ( #2618 )
...
* Restrict accessible peers to user-owned peers for non-admin users
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add service user test
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* reuse account from token
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* return error when peer not found
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-09-20 12:36:58 +03:00
fc4b37f7bc
Exit from processConnResults after all tries ( #2621 )
...
* Exit from processConnResults after all tries
If all server is unavailable then the server picker never return
because we never close the result channel.
Count the number of the results and exit when we reached the
expected size
v0.29.4
2024-09-19 13:49:28 +02:00
6f0fd1d1b3
- Increase queue size and drop the overflowed messages ( #2617 )
...
- Explicit close the net.Conn in user space wgProxy when close the wgProxy
- Add extra logs
2024-09-19 13:49:09 +02:00
28cbb4b70f
[client] Cancel the context of wg watcher when the go routine exit ( #2612 )
v0.29.3
0.29.3
2024-09-17 12:10:17 +02:00
1104c9c048
[client] Fix race condition while read/write conn status in peer conn ( #2607 )
2024-09-17 11:15:14 +02:00
5bc601111d
[relay] Add health check attempt threshold ( #2609 )
...
* Add health check attempt threshold for receiver
* Add health check attempt threshold for sender
2024-09-17 10:04:17 +02:00
b74951f29e
[client] Enforce permissions on Win ( #2568 )
...
Enforce folder permission on Windows, giving only administrators and system access to the NetBird folder.
2024-09-16 22:42:37 +02:00
97e10e440c
Fix leaked server connections ( #2596 )
...
Fix leaked server connections
close unused connections in the client lib
close deprecated connection in the server lib
The Server Picker is reusable in the guard if we want in the future. So we can support the server address changes.
---------
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
* Add logging
---------
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
2024-09-16 16:11:10 +02:00
6c50b0c84b
[management] Add transaction to addPeer ( #2469 )
...
This PR removes the GetAccount and SaveAccount operations from the AddPeer and instead makes use of gorm.Transaction to add the new peer.
2024-09-16 15:47:03 +02:00
730dd1733e
[signal] Fix signal active peers metrics ( #2591 )
2024-09-15 16:46:55 +02:00
82739e2832
[management] fix legacy decrypting of empty values ( #2595 )
...
* allow legacy decrypting on empty values
* validate source size and padding limits
* added tests
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com >
2024-09-15 16:22:46 +02:00
fa7767e612
Fix get management and signal state race condition ( #2570 )
...
* Fix get management and signal state race condition
* fix get full status lock
2024-09-15 16:07:26 +02:00
f1171198de
[management] Add command flag to set metrics port for signal and relay service, and update management port ( #2599 )
...
* add flags to customize metrics port for relay and signal
* change management default metrics port to match other services
2024-09-14 10:34:32 +02:00
9e041b7f82
Fix blocked net.Conn Close call ( #2600 )
2024-09-14 10:27:37 +02:00
b4c8cf0a67
Change heartbeat timeout ( #2598 )
2024-09-14 10:12:54 +02:00
1ef51a4ffa
[client] Ensure engine is stopped before starting it back ( #2565 )
...
Before starting a new instance of the engine, check if it is nil and stop the current instance
2024-09-13 16:46:59 +02:00
f6d57e7a96
[misc] Support configurable max log size with var NB_LOG_MAX_SIZE_MB ( #2592 )
...
* Support configurable max log size with var NB_LOG_MAX_SIZE_MB
* add better logs
v0.29.2
2024-09-12 19:56:55 +02:00
ab892b8cf9
Fix wg handshake checking ( #2590 )
...
* Fix wg handshake checking
* Ensure in the initial handshake reading
* Change the handshake period
2024-09-12 19:18:02 +02:00
33c9b2d989
fix: install.sh: avoid call of netbird executable after rpm installation ( #2589 )
2024-09-12 17:32:47 +02:00
170e842422
[management] Add accessible peers endpoint ( #2579 )
...
* move accessible peer to separate endpoint in api doc
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* add endpoint to get accessible peers
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Update management/server/http/api/openapi.yml
Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com >
* Update management/server/http/api/openapi.yml
Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com >
* Update management/server/http/peers_handler.go
Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com >
2024-09-12 16:19:27 +03:00
4c130a0291
Update Go version to 1.23 ( #2588 )
2024-09-12 13:46:28 +02:00
afb9673bc4
[misc] Update core github actions ( #2584 )
2024-09-11 21:49:05 +02:00
cf6210a6f4
[management] Add GCM encryption and migrate legacy encrypted events ( #2569 )
...
* Add AES-GCM encryption
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* migrate legacy encrypted data to AES-GCM encryption
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Refactor and use transaction when migrating data
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add events migration tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* fix lint
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* skip migrating record on error
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Preallocate capacity for nonce to avoid allocations in Seal
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-09-11 20:09:57 +03:00
c59a39d27d
Update service package version ( #2582 )
v0.29.1
2024-09-11 19:05:10 +02:00
47adb976f8
Remove pre-release step from workflow ( #2583 )
2024-09-11 18:59:19 +02:00
9cfc8f8aa4
[relay] change log levels ( #2580 )
2024-09-11 18:36:19 +02:00
2d1bf3982d
[relay] Improve relay messages ( #2574 )
...
Co-authored-by: Zoltán Papp <zoltan.pmail@gmail.com >
2024-09-11 16:20:30 +02:00
50ebbe482e
[client] Don't overwrite allowed IPs when updating the wg peer's endpoint address ( #2578 )
...
This will fix broken routes on routing clients when upgrading/downgrading from/to relayed connections.
2024-09-11 16:05:13 +02:00
f43a0a0177
[client] Retry on tun creation for darwin ( #2564 )
...
The interface creation on macOS seems to be asynchronus why the tun.create methode somethimes failes becasue the interface is not ready yet. To work around this issue we introduce a retry on tun.create
v0.29.0
2024-09-09 19:02:10 +02:00
51e1d3ab8f
fix: client/Dockerfile to reduce vulnerabilities ( #2548 )
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE319-OPENSSL-7895536
- https://snyk.io/vuln/SNYK-ALPINE319-OPENSSL-7895536
Co-authored-by: snyk-bot <snyk-bot@snyk.io >
2024-09-09 18:44:37 +02:00
12c36312b5
[management] Auto update geolite ( #2297 )
...
introduces helper functions to fetch and verify database versions, downloads new files if outdated, and deletes old ones. It also refactors filename handling to improve clarity and consistency, adding options to disable auto-updating via a flag. The changes aim to simplify GeoLite database management for admins.
2024-09-09 18:27:42 +02:00
c720d54de6
Fix error handling in openConnVia function ( #2560 )
2024-09-09 18:12:32 +02:00
28248ea9f4
add TestRecreation test ( #2558 )
2024-09-09 14:44:46 +02:00
0c039274a4
[relay] Feature/relay integration ( #2244 )
...
This update adds new relay integration for NetBird clients. The new relay is based on web sockets and listens on a single port.
- Adds new relay implementation with websocket with single port relaying mechanism
- refactor peer connection logic, allowing upgrade and downgrade from/to P2P connection
- peer connections are faster since it connects first to relay and then upgrades to P2P
- maintains compatibility with old clients by not using the new relay
- updates infrastructure scripts with new relay service
2024-09-08 12:06:14 +02:00
fcac02a92f
add log ( #2546 )
2024-09-06 19:04:34 +02:00
a7e46bf7b1
Reduce test logs ( #2550 )
2024-09-06 16:28:19 +02:00
fcf150f704
Use X-Frame-Options sameorigin header ( #2547 )
2024-09-06 15:39:08 +02:00
a33b11946d
[misc] Update slack url ( #2544 )
...
* Update slack url
* correct url
2024-09-05 22:28:31 +02:00
bdbd1db843
[client] Avoid panic when there is no conn client ( #2541 )
2024-09-05 15:09:46 +02:00
f2b5b2e9b5
[misc] Support rpm-ostree based distros in installation script ( #2508 )
...
* Detect rpm-ostree-based distro and use proper package manager
* Update kardianos/service module to fix folders detection
2024-09-04 20:22:52 +03:00
c52b406afa
[client] Avoid deadlock when auto connect and early exit ( #2528 )
2024-09-04 19:22:33 +02:00
1ff7a953a0
[relay] Store the StunTurn address in thread safe store ( #2470 )
...
Store the StunTurn address in atomic store
2024-09-04 11:14:58 +02:00
13e923b7c6
Fix service down ( #2519 )
2024-09-02 23:46:36 +02:00
13e7198046
[client] Destory WG interface on down timeout ( #2435 )
...
wait on engine down to not only wait for the interface to be down but completely removed. If the waiting loop reaches the timeout we will trigger an interface destroy. On the up command, it now waits until the engine is fully running before sending the response to the CLI. Includes a small refactor of probes to comply with sonar rules about parameter count in the function call
2024-09-02 19:19:14 +02:00
95174d4619
Update route API doc with max domain number ( #2516 )
2024-09-02 17:40:34 +02:00
92a0092ad5
[signal] Use signal dispatcher ( #2373 )
2024-08-30 15:44:07 +02:00
5ac6f56594
[relay] Replace the iface to interface ( #2473 )
...
Replace the iface to interface
2024-08-29 21:31:19 +02:00
880b81154f
Use new sign pipeline ( #2490 )
2024-08-28 14:46:35 +02:00
7efaf7eadb
[client] Use static requested GUID when creating Windows interface ( #2479 )
...
RequestedGUID is the GUID of the created network adapter, which then influences NLA generation deterministically.
With this change, NetBird should not generate multiple interfaces in every restart on Windows.
2024-08-27 19:21:14 +02:00
63a75d72fc
[misc] Test infrastructure files generation with postgres store ( #2478 )
2024-08-27 16:38:42 +02:00