f26b418e83
Allow to set firewall log level
2025-01-03 16:04:00 +01:00
3ce39905c6
Merge branch 'main' into userspace-router
2025-01-03 15:51:05 +01:00
d9487a5749
[misc] separate integration and benchmark test workflows ( #3147 )
2025-01-03 15:48:31 +01:00
979fe6bb6a
Reduce complexity and fix linter issues
2025-01-03 15:43:28 +01:00
cfa6d09c5e
[management] add peers benchmark ( #3143 )
2025-01-03 15:28:15 +01:00
a01253c3c8
[management] add users benchmark ( #3141 )
2025-01-03 15:24:30 +01:00
c68be6b61b
Remove fractions of seconds
2025-01-03 15:18:36 +01:00
fc799effda
Set log level from logrus
2025-01-03 15:16:30 +01:00
955b2b98e1
Complete route ACLs and add tests
2025-01-03 15:16:23 +01:00
9490e9095b
Reduce complexity
2025-01-03 11:50:51 +01:00
d711172f67
Fix benchmarks
2025-01-03 11:30:55 +01:00
0c2fa38e26
Exclude benchmark from CI
2025-01-03 11:27:52 +01:00
88b420da6d
Remove linux restriction
2025-01-03 00:23:35 +01:00
2930288f2d
Fix test expectation
2025-01-03 00:22:09 +01:00
0b9854b2b1
Fix tests
2025-01-03 00:01:40 +01:00
f772a21f37
Fix log level handling
2025-01-02 19:02:40 +01:00
e912f2d7c0
Fix double close in logger
2025-01-02 19:02:40 +01:00
568d064089
Drop certain forwarded icmp packets
2025-01-02 19:02:40 +01:00
911f86ded8
Support local IPs in netstack mode
2025-01-02 19:02:40 +01:00
bc013e4888
[management] exclude self from network map if self is routing peer ( #3142 )
2025-01-02 18:46:28 +01:00
2b8092dfad
Close endpoints
2025-01-02 16:41:54 +01:00
c3c6afa37b
Merge branch 'main' into userspace-router
2025-01-02 16:25:04 +01:00
fa27369b59
Fix linter issues
2025-01-02 16:21:03 +01:00
657413b8a6
Move icmp acceptance logic
2025-01-02 15:59:53 +01:00
d85e57e819
Handle other icmp types in forwarder
2025-01-02 15:59:53 +01:00
7667886794
Add more tcp logging
2025-01-02 15:17:53 +01:00
a12a9ac290
Handle all local IPs
2025-01-02 14:59:41 +01:00
782e3f8853
[management] Add integration test for the setup-keys API endpoints ( #2936 )
2025-01-02 13:51:01 +01:00
ed22d79f04
Add more control with env vars, also allow to pass traffic to native firewall
2025-01-02 13:40:36 +01:00
03fd656344
[management] Fix policy tests ( #3135 )
...
- Add firewall rule isEqual method
- Fix tests
2024-12-31 18:45:40 +01:00
18b049cd24
[management] remove sorting from network map generation ( #3126 )
2024-12-31 18:10:40 +01:00
2bdb4cb44a
[management] Preserve jwt groups when accessing API with PAT ( #3128 )
...
* Skip JWT group sync for token-based authentication
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Add tests
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-31 18:59:37 +03:00
509b4e2132
Lower udp timeout and add teardown messages
2024-12-31 16:06:17 +01:00
fb1a10755a
Fix lint and test issues
2024-12-31 14:38:59 +01:00
abbdf20f65
[client] Allow inbound rosenpass port ( #3109 )
2024-12-31 14:08:48 +01:00
43ef64cf67
[client] Ignore case when matching domains in handler chain ( #3133 )
2024-12-31 14:07:21 +01:00
9feaa8d767
Add icmp forwarder
2024-12-31 12:23:16 +01:00
6a97d44d5d
Improve udp implementation
2024-12-31 00:34:05 +01:00
d2616544fe
Add logger
2024-12-31 00:34:05 +01:00
fad82ee65c
Add stop methods and improve udp implementation
2024-12-30 14:30:53 +01:00
b43a8c56df
Update wireguard-go ref
2024-12-30 13:05:26 +01:00
18316be09a
[management] add selfhosted metrics for networks ( #3118 )
2024-12-30 12:53:51 +01:00
1a623943c8
[management] Fix networks net map generation with posture checks ( #3124 )
2024-12-30 12:40:24 +01:00
4199da4a45
Add userspace routing
2024-12-30 01:38:28 +01:00
fbce8bb511
[management] remove ids from policy creation api ( #2997 )
2024-12-27 14:13:36 +01:00
445b626dc8
[management] Add missing group usage checks for network resources and routes access control ( #3117 )
...
* Prevent deletion of groups linked to routes access control groups
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
* Prevent deletion of groups linked to network resource
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
---------
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com >
2024-12-27 14:39:34 +03:00
b3c87cb5d1
[client] Fix inbound tracking in userspace firewall ( #3111 )
...
* Don't create state for inbound SYN
* Allow final ack in some cases
* Relax state machine test a little
2024-12-26 00:51:27 +01:00
0dbaddc7be
[client] Don't fail debug if log file is console ( #3103 )
2024-12-24 15:05:23 +01:00
ad9f044aad
[client] Add stateful userspace firewall and remove egress filters ( #3093 )
...
- Add stateful firewall functionality for UDP/TCP/ICMP in userspace firewalll
- Removes all egress drop rules/filters, still needs refactoring so we don't add output rules to any chains/filters.
- on Linux, if the OUTPUT policy is DROP then we don't do anything about it (no extra allow rules). This is up to the user, if they don't want anything leaving their machine they'll have to manage these rules explicitly.
2024-12-23 18:22:17 +01:00
05930ee6b1
[client] Add firewall rules to the debug bundle ( #3089 )
...
Adds the following to the debug bundle:
- iptables: `iptables-save`, `iptables -v -n -L`
- nftables: `nft list ruleset` or if not available formatted output from netlink (WIP)
2024-12-23 15:57:15 +01:00
