JackDoan
3b1e658bef
change Queue.Read signature
2026-05-14 14:31:02 -05:00
JackDoan
3192e47ff4
flatten tio.Capabilities
2026-05-14 14:28:07 -05:00
JackDoan
7bb5cd477e
new tun interface
2026-05-14 14:27:17 -05:00
JackDoan
c256f2cfbb
use less ram pls
2026-05-11 17:30:56 -05:00
JackDoan
0ff28504d7
drop in a logger
2026-05-11 17:10:05 -05:00
JackDoan
ed4d17d768
faster
...
grr heap usage!
2026-05-11 11:32:57 -05:00
JackDoan
7924cf0aa8
use clear()
2026-05-11 11:32:57 -05:00
JackDoan
49535ceb6c
scoot stuff around for e2e
2026-05-11 11:32:57 -05:00
JackDoan
924268cc1f
switch to ASM vector checksum
2026-05-11 11:32:57 -05:00
JackDoan
6a46a2913a
GSO/GRO offloads, with TCP+ECN and UDP support
2026-05-11 11:32:57 -05:00
JackDoan
4b4331ba42
better and batched tun interface
2026-05-11 11:32:57 -05:00
Nate Brown
696903d6d9
Add a way to set the network type on windows + tests ( #1710 )
gofmt / Run gofmt (push) Failing after 2s
smoke-extra / freebsd-amd64 (push) Failing after 2s
smoke-extra / linux-amd64-ipv6disable (push) Failing after 3s
smoke-extra / netbsd-amd64 (push) Failing after 3s
smoke-extra / openbsd-amd64 (push) Failing after 3s
smoke-extra / linux-386 (push) Failing after 3s
smoke / Run multi node smoke test (push) Failing after 2s
Build and test / Build all and test on ubuntu-linux (push) Failing after 3s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
smoke-extra / Run windows smoke test (push) Has been cancelled
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2026-05-07 20:17:38 -05:00
Nate Brown
c82db210ef
Change windows unsafe routes to link routes, fix sshd reload bug ( #1709 )
gofmt / Run gofmt (push) Failing after 3s
smoke-extra / freebsd-amd64 (push) Failing after 3s
smoke-extra / linux-amd64-ipv6disable (push) Failing after 2s
smoke-extra / netbsd-amd64 (push) Failing after 2s
smoke-extra / openbsd-amd64 (push) Failing after 3s
smoke-extra / linux-386 (push) Failing after 2s
smoke / Run multi node smoke test (push) Failing after 2s
Build and test / Build all and test on ubuntu-linux (push) Failing after 3s
Build and test / Build and test on linux with boringcrypto (push) Failing after 3s
Build and test / Build and test on linux with pkcs11 (push) Failing after 3s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2026-05-07 11:30:26 -05:00
Nate Brown
b7e9939e92
More stable e2e test harness, better for benchmarking ( #1702 )
gofmt / Run gofmt (push) Failing after 2s
smoke-extra / Run extra smoke tests (push) Failing after 2s
smoke / Run multi node smoke test (push) Failing after 3s
Build and test / Build all and test on ubuntu-linux (push) Failing after 2s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2s
Build and test / Build and test on linux with pkcs11 (push) Failing after 3s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2026-05-04 10:12:58 -05:00
Nate Brown
d0f02ba873
Switch to slog, remove logrus ( #1672 )
2026-04-27 09:41:47 -05:00
Nate Brown
8c71f2f3f9
FreeBSD tun needs to be non blocking as well ( #1666 )
2026-04-21 10:45:46 -05:00
Jack Doan
e80b9830a3
Remove more os.Exit calls and give a more reliable wait for stop function (attempt 3) ( #1661 )
2026-04-20 16:08:26 -05:00
Jack Doan
b3194236aa
udp_linux: wrap socket operations with syscall.RawConn for clean teardown ( #1654 )
...
gofmt / Run gofmt (push) Failing after 3s
smoke-extra / Run extra smoke tests (push) Failing after 2s
smoke / Run multi node smoke test (push) Failing after 3s
Build and test / Build all and test on ubuntu-linux (push) Failing after 3s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
remove runtime.LockOSThread() because it makes things worse now
remove the "custom" Write() method from tun_linux.go, the stdlib path via os.File performs better
We should change our guidance around number of routines, ~2 per thread (that you wish to use for Nebula) seems to be about right now
2026-04-14 18:25:24 -05:00
Jack Doan
42bee7cf17
Report if Nebula start fails because of tun device name ( #1588 )
...
gofmt / Run gofmt (push) Failing after 2s
smoke-extra / Run extra smoke tests (push) Failing after 2s
smoke / Run multi node smoke test (push) Failing after 2s
Build and test / Build all and test on ubuntu-linux (push) Failing after 2s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
* specifically report if nebula start fails because of tun device name
* close all routines when closing the tun
2026-01-28 10:03:36 -06:00
Wade Simmons
e1e92f017c
initialize routesFromSystem ( #1580 )
...
gofmt / Run gofmt (push) Failing after 3s
smoke-extra / Run extra smoke tests (push) Failing after 2s
smoke / Run multi node smoke test (push) Failing after 3s
Build and test / Build all and test on ubuntu-linux (push) Failing after 2s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
This is a regression introduced by #1573 . We need to initialize this
map.
Fixes : #1579
2026-01-20 11:15:20 -05:00
Nate Brown
ac3bd9cdd0
Avoid losing system originated unsafe routes on reload ( #1573 )
gofmt / Run gofmt (push) Failing after 3s
smoke-extra / Run extra smoke tests (push) Failing after 2s
smoke / Run multi node smoke test (push) Failing after 3s
Build and test / Build all and test on ubuntu-linux (push) Failing after 2s
Build and test / Build and test on linux with boringcrypto (push) Failing after 3s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2026-01-15 13:48:17 -06:00
Bryan Lee
12cf348c80
feat: support via gateway for v6 multihop for v4 routes ( #1521 )
...
Co-authored-by: Nate Brown <nbrown.us@gmail.com >
2025-11-19 22:21:03 -06:00
Nate Brown
7aff313a17
Relax the restriction on routines from the config ( #1531 )
2025-11-19 13:10:11 -06:00
Nate Brown
45c1d3eab3
Support for multi proto tun device on OpenBSD ( #1495 )
2025-10-08 16:56:42 -05:00
Nate Brown
eb89839d13
Support for multi proto tun device on NetBSD ( #1492 )
2025-10-07 20:17:50 -05:00
Nate Brown
fb7f0c3657
Use x/net/route to manage routes directly ( #1488 )
2025-10-03 10:59:53 -05:00
sl274
b1f53d8d25
Support IPv6 tunneling in FreeBSD ( #1399 )
...
Recent merge of cert-v2 support introduced the ability to tunnel IPv6. However, FreeBSD's IPv6 tunneling does not work for 2 reasons:
* The ifconfig commands did not work for IPv6 addresses
* The tunnel device was not configured for link-layer mode, so it only supported IPv4
This PR improves FreeBSD tunneling support in 3 ways:
* Use ioctl instead of exec'ing ifconfig to configure the interface, with additional logic to support IPv6
* Configure the tunnel in link-layer mode, allowing IPv6 traffic
* Use readv() and writev() to communicate with the tunnel device, to avoid the need to copy the packet buffer
2025-10-02 21:54:30 -05:00
Jack Doan
65cc253c19
prevent linux from assigning ipv6 link-local addresses ( #1476 )
2025-09-09 13:25:23 -05:00
Jack Doan
768325c9b4
cert-v2 chores ( #1466 )
2025-09-05 15:08:22 -05:00
Wade Simmons
5cff83b282
netlink: ignore route updates with no destination ( #1437 )
...
Currently we assume each route update must have a destination, but we
should check that it is set before we try to use it.
See: #1436
2025-08-25 13:05:35 -05:00
Andriyanov Nikita
e5ce8966d6
add netlink options ( #1326 )
...
* add netlink options
* force use buffer
* fix namings and add config examples
* fix linter
2025-04-21 13:44:33 -04:00
Wade Simmons
36bc9dd261
fix parseUnsafeRoutes for yaml.v3 ( #1371 )
...
We switched to yaml.v3 with #1148 , but missed this spot that was still
casting into `map[any]any` when yaml.v3 makes it `map[string]any`. Also
clean up a few more `interface{}` that were added as we changed them all
to `any` with #1148 .
2025-04-01 09:49:26 -04:00
Wade Simmons
879852c32a
upgrade to yaml.v3 ( #1148 )
...
gofmt / Run gofmt (push) Successful in 37s
smoke-extra / Run extra smoke tests (push) Failing after 20s
smoke / Run multi node smoke test (push) Failing after 1m25s
Build and test / Build all and test on ubuntu-linux (push) Failing after 18m51s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m44s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m27s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
* upgrade to yaml.v3
The main nice fix here is that maps unmarshal into `map[string]any`
instead of `map[any]any`, so it cleans things up a bit.
* add config.AsBool
Since yaml.v3 doesn't automatically convert yes to bool now, for
backwards compat
* use type aliases for m
* more cleanup
* more cleanup
* more cleanup
* go mod cleanup
2025-03-31 16:08:34 -04:00
dioss-Machiel
f86953ca56
Implement ECMP for unsafe_routes ( #1332 )
gofmt / Run gofmt (push) Successful in 27s
smoke-extra / Run extra smoke tests (push) Failing after 18s
smoke / Run multi node smoke test (push) Failing after 1m26s
Build and test / Build all and test on ubuntu-linux (push) Failing after 21m43s
Build and test / Build and test on linux with boringcrypto (push) Failing after 3m45s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m59s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-03-24 17:15:59 -05:00
Caleb Jasik
088af8edb2
Enable running testifylint in CI ( #1350 )
gofmt / Run gofmt (push) Successful in 10s
smoke-extra / Run extra smoke tests (push) Failing after 18s
smoke / Run multi node smoke test (push) Failing after 1m28s
Build and test / Build all and test on ubuntu-linux (push) Failing after 19m44s
Build and test / Build and test on linux with boringcrypto (push) Failing after 3m1s
Build and test / Build and test on linux with pkcs11 (push) Failing after 3m6s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-03-10 17:38:14 -05:00
Caleb Jasik
612637f529
Fix testifylint lint errors ( #1321 )
...
gofmt / Run gofmt (push) Successful in 11s
smoke-extra / Run extra smoke tests (push) Failing after 19s
smoke / Run multi node smoke test (push) Failing after 1m28s
Build and test / Build all and test on ubuntu-linux (push) Failing after 19m3s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m44s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2m54s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
* Fix bool-compare
* Fix empty
* Fix encoded-compare
* Fix error-is-as
* Fix error-nil
* Fix expected-actual
* Fix len
2025-03-10 10:18:34 -04:00
Nate Brown
d97ed57a19
V2 certificate format ( #1216 )
...
Co-authored-by: Nate Brown <nbrown.us@gmail.com >
Co-authored-by: Jack Doan <jackdoan@rivian.com >
Co-authored-by: brad-defined <77982333+brad-defined@users.noreply.github.com >
Co-authored-by: Jack Doan <me@jackdoan.com >
2025-03-06 11:28:26 -06:00
Nate Brown
e264a0ff88
Switch most everything to netip in prep for ipv6 in the overlay ( #1173 )
2024-07-31 10:18:56 -05:00
John Maguire
b5c3486796
Push Docker images as part of the release workflow ( #1037 )
2024-05-02 09:37:11 -04:00
Nate Brown
bbb15f8cb1
Unsafe route reload ( #1083 )
2024-03-28 15:17:28 -05:00
John Maguire
af2fc48378
Fix mobile builds ( #1035 )
2023-12-06 16:18:21 -05:00
Tristan Rice
1083279a45
add gvisor based service library ( #965 )
...
* add service/ library
2023-11-21 11:50:18 -05:00
Nate Brown
5181cb0474
Use generics for CIDRTrees to avoid casting issues ( #1004 )
2023-11-02 17:05:08 -05:00
Nate Brown
5fccbb8676
Retry wintun creation ( #985 )
2023-10-16 10:06:43 -05:00
Nate Brown
0bffa76b5e
Build for openbsd ( #812 )
2023-07-27 14:27:35 -05:00
c0repwn3r
03e70210a5
Add support for NetBSD ( #916 )
2023-07-27 13:44:47 -05:00
Nate Brown
9c6592b159
Guard e2e udp and tun channels when closed ( #934 )
2023-07-26 12:52:14 -05:00
John Maguire
8ba5d64dbc
Add support for naming FreeBSD tun devices ( #903 )
2023-06-22 12:13:31 -04:00
Nate Brown
a9cb2e06f4
Add ability to respect the system route table for unsafe route on linux ( #839 )
2023-05-09 10:36:55 -05:00
Nate Brown
397fe5f879
Add ability to skip installing unsafe routes on the os routing table ( #831 )
2023-04-10 12:32:37 -05:00
