Ryan
2c6f81c224
config tweaks for batching
2025-11-06 10:01:20 -05:00
Ryan
ad37749c5e
add batching of packets
2025-11-06 09:42:13 -05:00
Ryan
a0f8cb2098
works properly
2025-11-05 22:09:06 -05:00
Ryan
d18d1aea67
first
2025-11-05 20:34:02 -05:00
Ryan
f5ff534671
make it work with dnclient
2025-11-05 19:25:32 -05:00
Nate Brown
2ea8a72d5c
dunno
2025-10-05 23:23:30 -05:00
Nate Brown
663232e1fc
Testing the concept
2025-10-05 23:23:10 -05:00
Nate Brown
2f48529e8b
Cleanup and note more work
2025-10-05 23:23:08 -05:00
Nate Brown
f3e1ad64cd
Try the timeout
2025-10-05 23:22:29 -05:00
Nate Brown
1d8112a329
Revert "More playing" way too much garbage emitted
...
This reverts commit fa098c551a
2025-10-05 23:22:29 -05:00
Nate Brown
31eea0cc94
More playing
2025-10-05 23:22:29 -05:00
Nate Brown
dbba4a4c77
Playing
2025-10-05 23:22:29 -05:00
Nate Brown
194fde45da
non-blocking io for linux
2025-10-05 23:22:27 -05:00
Nate Brown
f46b83f2c4
Remove more os.Exit calls and give a more reliable wait for stop function
2025-10-05 23:20:43 -05:00
Nate Brown
fb7f0c3657
Use x/net/route to manage routes directly ( #1488 )
2025-10-03 10:59:53 -05:00
sl274
b1f53d8d25
Support IPv6 tunneling in FreeBSD ( #1399 )
...
Recent merge of cert-v2 support introduced the ability to tunnel IPv6. However, FreeBSD's IPv6 tunneling does not work for 2 reasons:
* The ifconfig commands did not work for IPv6 addresses
* The tunnel device was not configured for link-layer mode, so it only supported IPv4
This PR improves FreeBSD tunneling support in 3 ways:
* Use ioctl instead of exec'ing ifconfig to configure the interface, with additional logic to support IPv6
* Configure the tunnel in link-layer mode, allowing IPv6 traffic
* Use readv() and writev() to communicate with the tunnel device, to avoid the need to copy the packet buffer
2025-10-02 21:54:30 -05:00
Jack Doan
8824eeaea2
helper functions to more correctly marshal curve 25519 public keys ( #1481 )
2025-10-02 13:56:41 -05:00
dependabot[bot]
071589f7c7
Bump actions/setup-go from 5 to 6 ( #1469 )
...
* Bump actions/setup-go from 5 to 6
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
* Hardcode the last one to go v1.25
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nate Brown <nbrown.us@gmail.com >
2025-10-02 00:05:12 -05:00
Jack Doan
f1e992f6dd
don't require a detailsVpnAddr in a HostUpdateNotification ( #1472 )
...
* don't require a detailsVpnAddr in a HostUpdateNotification
* don't send our own addr on HostUpdateNotification for v2
2025-09-29 13:43:12 -05:00
Jack Doan
1ea5f776d7
update to go 1.25, use the cool new ECDSA key marshalling functions ( #1483 )
...
* update to go 1.25, use the cool new ECDSA key marshalling functions
* bonk the runners
* actually bump go.mod
* bump golangci-lint
2025-09-29 13:02:25 -05:00
Henry Graham
4cdeb284ef
Set CKA_VALUE_LEN attribute in DeriveNoise ( #1482 )
2025-09-25 13:24:52 -05:00
Jack Doan
5cccd39465
update RemoteList.vpnAddrs when we complete a handshake ( #1467 )
2025-09-10 09:44:25 -05:00
Jack Doan
8196c22b5a
store lighthouses as a slice ( #1473 )
...
* store lighthouses as a slice. If you have fewer than 16 lighthouses (and fewer than 16 vpnaddrs on a host, I guess), it's faster
2025-09-10 09:43:25 -05:00
Jack Doan
65cc253c19
prevent linux from assigning ipv6 link-local addresses ( #1476 )
2025-09-09 13:25:23 -05:00
Wade Simmons
73cfa7b5b1
add firewall tests for ipv6 ( #1451 )
...
Test things like cidr and local_cidr with ipv6 addresses, to ensure
everything is working correctly.
2025-09-08 13:57:36 -04:00
Jack Doan
768325c9b4
cert-v2 chores ( #1466 )
2025-09-05 15:08:22 -05:00
Jack Doan
932e329164
Don't delete static host mappings for non-primary IPs ( #1464 )
...
* Don't delete a vpnaddr if it's part of a certificate that contains a vpnaddr that's in the static host map
* remove unused arg from ConnectionManager.shouldSwapPrimary()
2025-09-04 14:49:40 -05:00
Jack Doan
4bea299265
don't send recv errors for packets outside the connection window anymore ( #1463 )
...
* don't send recv errors for packets outside the connection window anymore
* Pull in fix from #1459 , add my opinion on maxRecvError
* remove recv_error counter entirely
2025-09-03 11:52:52 -05:00
Wade Simmons
5cff83b282
netlink: ignore route updates with no destination ( #1437 )
...
Currently we assume each route update must have a destination, but we
should check that it is set before we try to use it.
See: #1436
2025-08-25 13:05:35 -05:00
Wade Simmons
7da79685ff
fix lighthouse.calculated_remotes parsing ( #1438 )
...
gofmt / Run gofmt (push) Successful in 27s
smoke-extra / Run extra smoke tests (push) Failing after 21s
smoke / Run multi node smoke test (push) Failing after 1m21s
Build and test / Build all and test on ubuntu-linux (push) Failing after 18m9s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m16s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m41s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
This was broken with the change to yaml.v3:
- https://github.com/slackhq/nebula/pull/1148
We forgot to update these references to `map[string]any`.
Without this fix, Nebula crashes with an error like this:
{"error":"config `lighthouse.calculated_remotes` has invalid type: map[string]interface {}","level":"error","msg":"Invalid lighthouse.calculated_remotes","time":"2025-07-29T15:50:06.479499Z"}
2025-07-29 13:12:07 -04:00
brad-defined
91eff03418
Update slack OSS invite link ( #1435 )
gofmt / Run gofmt (push) Successful in 38s
smoke-extra / Run extra smoke tests (push) Failing after 21s
smoke / Run multi node smoke test (push) Failing after 1m21s
Build and test / Build all and test on ubuntu-linux (push) Failing after 19m47s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m24s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m29s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-07-15 16:05:28 -04:00
Nate Brown
52623820c2
Drop inactive tunnels ( #1427 )
2025-07-03 09:58:37 -05:00
Nate Brown
c2420642a0
Darwin udp fix ( #1428 )
2025-07-02 15:50:22 -05:00
brad-defined
b3a1f7b0a3
Disable UDP receive error returns due to ICMP messages on Windows. ( #1412 ) ( #1415 )
2025-07-02 11:37:41 -04:00
brad-defined
94142aded5
Fix relay migration panic by covering every possible relay state ( #1414 )
2025-07-02 08:48:02 -04:00
brad-defined
b158eb0c4c
Use a list for relay IPs instead of a map ( #1423 )
...
* Use a list for relay IPs instead of a map
* linter
2025-07-02 08:47:05 -04:00
dependabot[bot]
e4b7dbcfb0
Bump dario.cat/mergo from 1.0.1 to 1.0.2 ( #1408 )
...
Bumps [dario.cat/mergo](https://github.com/imdario/mergo ) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/imdario/mergo/releases )
- [Commits](https://github.com/imdario/mergo/compare/v1.0.1...v1.0.2 )
---
updated-dependencies:
- dependency-name: dario.cat/mergo
dependency-version: 1.0.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-01 23:30:40 -05:00
dependabot[bot]
882edf11d7
Bump github.com/vishvananda/netlink from 1.3.0 to 1.3.1 ( #1407 )
...
Bumps [github.com/vishvananda/netlink](https://github.com/vishvananda/netlink ) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/vishvananda/netlink/releases )
- [Commits](https://github.com/vishvananda/netlink/compare/v1.3.0...v1.3.1 )
---
updated-dependencies:
- dependency-name: github.com/vishvananda/netlink
dependency-version: 1.3.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-01 23:29:15 -05:00
dependabot[bot]
d34c2b8e06
Bump golangci/golangci-lint-action from 7 to 8 ( #1400 )
...
* Bump golangci/golangci-lint-action from 7 to 8
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 7 to 8.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v7...v8 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-version: '8'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
* bump golangci-lint version
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Wade Simmons <wsimmons@slack-corp.com >
2025-07-01 23:25:24 -05:00
brad-defined
442a52879b
Fix off by one error in IPv6 packet parser ( #1419 )
gofmt / Run gofmt (push) Successful in 39s
smoke-extra / Run extra smoke tests (push) Failing after 21s
smoke / Run multi node smoke test (push) Failing after 1m21s
Build and test / Build all and test on ubuntu-linux (push) Failing after 18m35s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m36s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m28s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-06-11 15:15:15 -04:00
Ian VanSchooten
061e733007
Fix slack invitation link in issue template ( #1406 )
gofmt / Run gofmt (push) Successful in 37s
smoke-extra / Run extra smoke tests (push) Failing after 22s
smoke / Run multi node smoke test (push) Failing after 1m22s
Build and test / Build all and test on ubuntu-linux (push) Failing after 18m29s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m33s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m30s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-05-13 12:00:22 -04:00
Andy George
92a9248083
Minor fixes to Readme shell snippets ( #1389 )
gofmt / Run gofmt (push) Successful in 12s
smoke-extra / Run extra smoke tests (push) Failing after 20s
smoke / Run multi node smoke test (push) Failing after 1m26s
Build and test / Build all and test on ubuntu-linux (push) Failing after 21m14s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m36s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m38s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-05-02 16:32:00 -04:00
John Maguire
83ff2461e2
Mention CA expiration in the README ( #1378 )
gofmt / Run gofmt (push) Successful in 10s
smoke-extra / Run extra smoke tests (push) Failing after 20s
smoke / Run multi node smoke test (push) Failing after 1m21s
Build and test / Build all and test on ubuntu-linux (push) Failing after 17m44s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m20s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m27s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-04-28 13:36:06 -04:00
maggie44
8536c57645
Allow configuration of logger and build version in gvisor service library ( #1239 )
gofmt / Run gofmt (push) Successful in 11s
smoke-extra / Run extra smoke tests (push) Failing after 20s
smoke / Run multi node smoke test (push) Failing after 1m23s
Build and test / Build all and test on ubuntu-linux (push) Failing after 18m26s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m30s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m35s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-04-21 13:45:59 -04:00
John Maguire
15b5a43300
Update issue and PR templates ( #1376 )
2025-04-21 13:45:48 -04:00
Andriyanov Nikita
e5ce8966d6
add netlink options ( #1326 )
...
* add netlink options
* force use buffer
* fix namings and add config examples
* fix linter
2025-04-21 13:44:33 -04:00
John Maguire
2dc30fc300
Support 32-bit machines in crypto test ( #1394 )
2025-04-21 13:28:43 -04:00
Wade Simmons
b8ea55eb90
optimize usage of bart ( #1395 )
...
gofmt / Run gofmt (push) Successful in 9s
smoke-extra / Run extra smoke tests (push) Failing after 19s
smoke / Run multi node smoke test (push) Failing after 1m19s
Build and test / Build all and test on ubuntu-linux (push) Failing after 18m41s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m47s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m47s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
Use `bart.Lite` and `.Contains` as suggested by the bart maintainer:
- 9455952eed (commitcomment-155362580)
2025-04-18 12:37:20 -04:00
dependabot[bot]
4eb056af9d
Bump github.com/prometheus/client_golang from 1.21.1 to 1.22.0 ( #1393 )
...
gofmt / Run gofmt (push) Successful in 24s
smoke-extra / Run extra smoke tests (push) Failing after 19s
smoke / Run multi node smoke test (push) Failing after 1m20s
Build and test / Build all and test on ubuntu-linux (push) Failing after 18m9s
Build and test / Build and test on linux with boringcrypto (push) Failing after 4m11s
Build and test / Build and test on linux with pkcs11 (push) Failing after 3m28s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang ) from 1.21.1 to 1.22.0.
- [Release notes](https://github.com/prometheus/client_golang/releases )
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prometheus/client_golang/compare/v1.21.1...v1.22.0 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
dependency-version: 1.22.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-17 06:43:55 -04:00
dependabot[bot]
e49f279004
Bump golang.org/x/net in the golang-x-dependencies group ( #1392 )
...
Bumps the golang-x-dependencies group with 1 update: [golang.org/x/net](https://github.com/golang/net ).
Updates `golang.org/x/net` from 0.38.0 to 0.39.0
- [Commits](https://github.com/golang/net/compare/v0.38.0...v0.39.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.39.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: golang-x-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-17 06:41:53 -04:00
