JackDoan
0fb3fb798f
don't drop packets
2026-01-30 13:48:43 -06:00
JackDoan
c9d72fd87c
shutdown doesn't work
2026-01-30 13:44:50 -06:00
JackDoan
6f8424cef1
remove unreachable
2026-01-29 11:42:26 -06:00
JackDoan
a141d78cef
remove unreachable
2026-01-29 11:37:11 -06:00
JackDoan
13f8f0c308
use shutdown
2026-01-28 13:21:51 -06:00
Nate Brown
1584dca21c
Fix e2e tests
2026-01-28 12:59:09 -06:00
Nate Brown
f840812489
Fix tests
2026-01-28 12:59:09 -06:00
Nate Brown
252950c02d
Rebase cleanup
2026-01-28 12:59:09 -06:00
Nate Brown
e96e9e3cfa
Cleanup and note more work
2026-01-28 12:59:09 -06:00
Nate Brown
1f01a5543b
Try the timeout
2026-01-28 12:59:09 -06:00
Nate Brown
69bf8dadc6
Revert "More playing" way too much garbage emitted
...
This reverts commit fa098c551a .
2026-01-28 12:59:09 -06:00
Nate Brown
f446121e21
More playing
2026-01-28 12:59:09 -06:00
Nate Brown
c5393e7e07
Playing
2026-01-28 12:59:09 -06:00
Nate Brown
685364e10f
non-blocking io for linux
2026-01-28 12:59:09 -06:00
Nate Brown
69259e6307
Quietly log error on UDP_NETRESET ioctl on Windows. ( #1453 ) ( #1568 )
...
gofmt / Run gofmt (push) Failing after 3s
smoke-extra / Run extra smoke tests (push) Failing after 2s
smoke / Run multi node smoke test (push) Failing after 2s
Build and test / Build all and test on ubuntu-linux (push) Failing after 2s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
Co-authored-by: brad-defined <77982333+brad-defined@users.noreply.github.com >
2026-01-09 10:35:09 -06:00
Nate Brown
7aff313a17
Relax the restriction on routines from the config ( #1531 )
2025-11-19 13:10:11 -06:00
Nate Brown
99faab505c
Fix a potential bug with udp ipv4 only on darwin ( #1532 )
2025-11-19 09:56:58 -06:00
Nate Brown
52623820c2
Drop inactive tunnels ( #1427 )
2025-07-03 09:58:37 -05:00
Nate Brown
c2420642a0
Darwin udp fix ( #1428 )
2025-07-02 15:50:22 -05:00
brad-defined
b3a1f7b0a3
Disable UDP receive error returns due to ICMP messages on Windows. ( #1412 ) ( #1415 )
2025-07-02 11:37:41 -04:00
jampe
1d3c85338c
add so_mark sockopt support ( #1331 )
gofmt / Run gofmt (push) Successful in 10s
smoke-extra / Run extra smoke tests (push) Failing after 20s
smoke / Run multi node smoke test (push) Failing after 1m29s
Build and test / Build all and test on ubuntu-linux (push) Failing after 19m23s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m45s
Build and test / Build and test on linux with pkcs11 (push) Failing after 3m39s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-03-12 09:35:33 -05:00
Nate Brown
d97ed57a19
V2 certificate format ( #1216 )
...
Co-authored-by: Nate Brown <nbrown.us@gmail.com >
Co-authored-by: Jack Doan <jackdoan@rivian.com >
Co-authored-by: brad-defined <77982333+brad-defined@users.noreply.github.com >
Co-authored-by: Jack Doan <me@jackdoan.com >
2025-03-06 11:28:26 -06:00
Wade Simmons
0736cfa562
udp: fix endianness for port ( #1194 )
...
If the host OS is already big endian, we were swapping bytes when we
shouldn't have. Use the Go helper to make sure we do the endianness
correctly
Fixes : #1189
2024-08-14 12:53:00 -04:00
Nate Brown
e264a0ff88
Switch most everything to netip in prep for ipv6 in the overlay ( #1173 )
2024-07-31 10:18:56 -05:00
Wade Simmons
97e9834f82
cleanup SK_MEMINFO vars ( #1162 )
...
We had to manually define these types before, but the latest release of
`golang.org/x/sys` adds these definitions:
- https://github.com/golang/sys/commit/6dfb94eaa3bd0fcaa615f58e915f7214ce078beb
Since we just updated with this PR, we can clean this up now:
- https://github.com/slackhq/nebula/pull/1161
2024-06-24 14:47:14 -04:00
fyl
5f17db5dfa
Add support for LoongArch64 ( #1003 )
2024-04-30 09:55:44 -05:00
mrx
0f0534d739
Fix UDP listener on IPv4-only Linux ( #787 )
...
On some systems, IPv6 is disabled (for example, CIS benchmark recommends to disable it when not used), but currently all UDP connections are using AF_INET6 sockets.
When we are binding AF_INET6 socket to an address like ::ffff:1.2.3.4 (IPv4 addresses are parsed by net.ParseIP this way), we can't send or receive IPv6 packets anyway, so this will not break any scenarios.
---------
Co-authored-by: Wade Simmons <wsimmons@slack-corp.com >
2024-01-30 15:08:14 -05:00
Nate Brown
f7e392995a
Fix rebind to not put the socket in blocking mode ( #972 )
2023-09-07 11:56:09 -05:00
Nate Brown
0bffa76b5e
Build for openbsd ( #812 )
2023-07-27 14:27:35 -05:00
c0repwn3r
03e70210a5
Add support for NetBSD ( #916 )
2023-07-27 13:44:47 -05:00
Nate Brown
9c6592b159
Guard e2e udp and tun channels when closed ( #934 )
2023-07-26 12:52:14 -05:00
Nate Brown
a3e59a38ef
Use registered io on Windows when possible ( #905 )
2023-07-10 12:43:48 -05:00
Nate Brown
3bbf5f4e67
Use an interface for udp conns ( #901 )
2023-06-14 10:48:52 -05:00
brad-defined
9b03053191
update EncReader and EncWriter interface function args to have concrete types ( #844 )
...
* Update LightHouseHandlerFunc to remove EncWriter param.
* Move EncWriter to interface
* EncReader, too
2023-04-07 14:28:37 -04:00
Nate Brown
3cb4e0ef57
Allow listen.host to contain names ( #825 )
2023-04-05 11:29:26 -05:00
brad-defined
2801fb2286
Fix relay ( #827 )
...
Co-authored-by: Nate Brown <nbrown.us@gmail.com >
2023-03-30 11:09:20 -05:00
Wade Simmons
e1af37e46d
add calculated_remotes ( #759 )
...
* add calculated_remotes
This setting allows us to "guess" what the remote might be for a host
while we wait for the lighthouse response. For networks that hard
designed with in mind, it can help speed up handshake performance, as well as
improve resiliency in the case that all lighthouses are down.
Example:
lighthouse:
# ...
calculated_remotes:
# For any Nebula IPs in 10.0.10.0/24, this will apply the mask and add
# the calculated IP as an initial remote (while we wait for the response
# from the lighthouse). Both CIDRs must have the same mask size.
# For example, Nebula IP 10.0.10.123 will have a calculated remote of
# 192.168.1.123
10.0.10.0/24:
- mask: 192.168.1.0/24
port: 4242
* figure out what is up with this test
* add test
* better logic for sending handshakes
Keep track of the last light of hosts we sent handshakes to. Only log
handshake sent messages if the list has changed.
Remove the test Test_NewHandshakeManagerTrigger because it is faulty and
makes no sense. It relys on the fact that no handshake packets actually
get sent, but with these changes we would send packets now (which it
should!)
* use atomic.Pointer
* cleanup to make it clearer
* fix typo in example
2023-03-13 15:09:08 -04:00
Nate Brown
92cc32f844
Remove handshake race avoidance ( #820 )
...
Co-authored-by: Wade Simmons <wadey@slack-corp.com >
2023-03-13 12:35:14 -05:00
Nate Brown
feb3e1317f
Add a simple benchmark to e2e tests ( #739 )
2022-09-01 09:44:58 -05:00
Nate Brown
0d1ee4214a
Add relay e2e tests and output some mermaid sequence diagrams ( #691 )
2022-06-27 12:33:29 -05:00
brad-defined
1a7c575011
Relay ( #678 )
...
Co-authored-by: Wade Simmons <wsimmons@slack-corp.com >
2022-06-21 13:35:23 -05:00
Nate Brown
bcabcfdaca
Rework some things into packages ( #489 )
2021-11-03 20:54:04 -05:00