671 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Jack Doan	42bee7cf17	Report if Nebula start fails because of tun device name (#1588) ... * specifically report if nebula start fails because of tun device name * close all routines when closing the tun	2026-01-28 10:03:36 -06:00
Caleb Jasik	02d8bcac68	Remove lighthouse goroutine leaks in lighthouse_test.go (#1589) ... Using <https://go.dev/doc/go1.26#goroutineleak-profiles> + Claude, I was able to run nebula's unit tests and e2e tests with the leak detector enabled. Added a TestMain that queries pprof to see if there are any reported goroutine leaks. I'd love to get some form of this in CI whenever go 1.26 comes out, though I'd also like to prove this is properly useful past the just five detections it got here. <details> <summary>TestMain</summary> ```go package nebula import ( "fmt" "os" "runtime/pprof" "strings" "testing" ) // TestMain runs after all tests and checks for goroutine leaks func TestMain(m *testing.M) { // Run all tests exitCode := m.Run() // Check for goroutine leaks after all tests complete prof := pprof.Lookup("goroutineleak") if prof != nil { var sb strings.Builder if err := prof.WriteTo(&sb, 2); err != nil { fmt.Fprintf(os.Stderr, "Failed to write goroutineleak profile: %v\n", err) os.Exit(1) } content := sb.String() leakedCount := strings.Count(content, "(leaked)") if leakedCount > 0 { fmt.Fprintf(os.Stderr, "\n=== GOROUTINE LEAK DETECTED ===\n") fmt.Fprintf(os.Stderr, "Found %d leaked goroutine(s) in package nebula\n\n", leakedCount) goros := strings.Split(content, "\n\n") for _, goro := range goros { if strings.Contains(goro, "(leaked)") { fmt.Fprintln(os.Stderr, goro) fmt.Fprintln(os.Stderr) } } os.Exit(1) } else { fmt.Println("✓ No goroutine leaks detected in package nebula") } } os.Exit(exitCode) } ``` </details> Also had to install go1.26rc2 and update the makefile to use that go binary + set ex: ```makefile test-goroutineleak: GOEXPERIMENT=goroutineleakprofile go1.26rc2 test -v ./... ```	2026-01-27 23:44:43 -06:00
Wade Simmons	0b02d982b2	v1.10.2 (#1584) ... Update CHANGELOG for Nebula v1.10.2 v1.10.2	2026-01-21 12:42:34 -05:00
Wade Simmons	e1e92f017c	initialize routesFromSystem (#1580) ... This is a regression introduced by #1573. We need to initialize this map. Fixes: #1579	2026-01-20 11:15:20 -05:00
zhetaicheleba	e5f60fa54f	chore: fix some typos in comments (#1582) ... Signed-off-by: zhetaicheleba <taicheleba@outlook.com>	2026-01-20 11:03:31 -05:00
dependabot[bot]	bf49e78243	Bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4 (#1581) ... Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.3 to 1.9.4. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-20 10:40:24 -05:00
Nate Brown	72a40007ea	v1.10.1 (#1575) ... Update CHANGELOG for Nebula v1.10.1 v1.10.1	2026-01-16 10:33:54 -05:00
Nate Brown	ac3bd9cdd0	Avoid losing system originated unsafe routes on reload (#1573)	2026-01-15 13:48:17 -06:00
dependabot[bot]	88379b89f5	Bump golang.org/x/net in the golang-x-dependencies group (#1571) ... Bumps the golang-x-dependencies group with 1 update: [golang.org/x/net](https://github.com/golang/net). Updates `golang.org/x/net` from 0.48.0 to 0.49.0 - [Commits](https://github.com/golang/net/compare/v0.48.0...v0.49.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.49.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-13 00:02:44 -06:00
Nate Brown	1283ff0db4	Add option to control accepting recv_error (#1569)	2026-01-13 00:00:27 -06:00
dependabot[bot]	523209ec0b	Bump github.com/miekg/dns from 1.1.68 to 1.1.69 (#1561) ... Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.68 to 1.1.69. - [Commits](https://github.com/miekg/dns/compare/v1.1.68...v1.1.69) --- updated-dependencies: - dependency-name: github.com/miekg/dns dependency-version: 1.1.69 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-12 16:16:42 -05:00
dependabot[bot]	a4a6143b6a	Bump google.golang.org/protobuf in the protobuf-dependencies group (#1560) ... Bumps the protobuf-dependencies group with 1 update: google.golang.org/protobuf. Updates `google.golang.org/protobuf` from 1.36.10 to 1.36.11 --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-version: 1.36.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: protobuf-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-12 16:16:01 -05:00
dependabot[bot]	1b2d639b14	Bump actions/download-artifact from 6 to 7 (#1557) ... Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6 to 7. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-12 15:40:47 -05:00
dependabot[bot]	9933970e67	Bump actions/upload-artifact from 5 to 6 (#1558) ... Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-12 15:40:13 -05:00
dependabot[bot]	d7a3f01465	Bump the golang-x-dependencies group across 1 directory with 4 updates (#1570) ... Bumps the golang-x-dependencies group with 1 update in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto). Updates `golang.org/x/crypto` from 0.45.0 to 0.47.0 - [Commits](https://github.com/golang/crypto/compare/v0.45.0...v0.47.0) Updates `golang.org/x/net` from 0.47.0 to 0.48.0 - [Commits](https://github.com/golang/net/compare/v0.47.0...v0.48.0) Updates `golang.org/x/sys` from 0.39.0 to 0.40.0 - [Commits](https://github.com/golang/sys/compare/v0.39.0...v0.40.0) Updates `golang.org/x/term` from 0.38.0 to 0.39.0 - [Commits](https://github.com/golang/term/compare/v0.38.0...v0.39.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.47.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies - dependency-name: golang.org/x/net dependency-version: 0.48.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies - dependency-name: golang.org/x/sys dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies - dependency-name: golang.org/x/term dependency-version: 0.39.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-12 15:35:34 -05:00
Nate Brown	69259e6307	Quietly log error on UDP_NETRESET ioctl on Windows. (#1453) (#1568) ... Co-authored-by: brad-defined <77982333+brad-defined@users.noreply.github.com>	2026-01-09 10:35:09 -06:00
brad-defined	2f71d6b22d	Ensure pubkey coherency when rehydrating a handshake cert (#1566) ... * Ensure pubkey coherency when rehydrating a handshake cert * Include a check during handshakes after cert verification that the noise pubkey matches the cert pubkey.	2026-01-09 09:52:03 -05:00
Jack Doan	3ec527e42c	cert.MarshalSigningPublicKeyToPEM should emit the 'ECDSA' variant of the banner (#1552) ... * cert.MarshalSigningPublicKeyToPEM should emit the 'ECDSA' variant of the banner * oof owie ouch my tests	2025-12-10 10:39:36 -06:00
Nate Brown	2d16940232	Slight improvement to hot path benchmark, add a relay hot path benchmark (#1539)	2025-12-09 22:29:26 -06:00
dependabot[bot]	cba294ffa4	Bump actions/checkout from 5 to 6 (#1541) ... Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-09 22:25:48 -06:00
dependabot[bot]	48406f85da	Bump the golang-x-dependencies group with 3 updates (#1550) ... Bumps the golang-x-dependencies group with 3 updates: [golang.org/x/sync](https://github.com/golang/sync), [golang.org/x/sys](https://github.com/golang/sys) and [golang.org/x/term](https://github.com/golang/term). Updates `golang.org/x/sync` from 0.18.0 to 0.19.0 - [Commits](https://github.com/golang/sync/compare/v0.18.0...v0.19.0) Updates `golang.org/x/sys` from 0.38.0 to 0.39.0 - [Commits](https://github.com/golang/sys/compare/v0.38.0...v0.39.0) Updates `golang.org/x/term` from 0.37.0 to 0.38.0 - [Commits](https://github.com/golang/term/compare/v0.37.0...v0.38.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-version: 0.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies - dependency-name: golang.org/x/sys dependency-version: 0.39.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies - dependency-name: golang.org/x/term dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-09 22:19:53 -06:00
dependabot[bot]	14a1af132e	Bump Apple-Actions/import-codesign-certs from 5 to 6 (#1549) ... Bumps [Apple-Actions/import-codesign-certs](https://github.com/apple-actions/import-codesign-certs) from 5 to 6. - [Release notes](https://github.com/apple-actions/import-codesign-certs/releases) - [Commits](https://github.com/apple-actions/import-codesign-certs/compare/v5...v6) --- updated-dependencies: - dependency-name: Apple-Actions/import-codesign-certs dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-09 22:17:50 -06:00
Nate Brown	59e24b98bd	v1.10.0 (#1534) ... Update CHANGELOG for Nebula v1.10.0 v1.10.0	2025-12-04 14:42:31 -05:00
Nate Brown	56067afca2	Stab at better logging when a relay is being used (#1533)	2025-12-03 17:48:29 -06:00
Nate Brown	64f202fa17	Make 0.0.0.0/0 and ::/0 not mean any address family, add any for that (#1538)	2025-11-21 13:46:36 -06:00
Jack Doan	6d7cf611c9	improve nebula-cert sign version auto-select (#1535)	2025-11-20 13:27:27 -06:00
Nate Brown	83ae8077f5	No need to clear counter 0 (#1537)	2025-11-20 13:22:58 -06:00
Bryan Lee	12cf348c80	feat: support via gateway for v6 multihop for v4 routes (#1521) ... Co-authored-by: Nate Brown <nbrown.us@gmail.com>	2025-11-19 22:21:03 -06:00
dependabot[bot]	a5ee928990	Bump golang.org/x/crypto in the golang-x-dependencies group (#1536) ... Bumps the golang-x-dependencies group with 1 update: [golang.org/x/crypto](https://github.com/golang/crypto). Updates `golang.org/x/crypto` from 0.44.0 to 0.45.0 - [Commits](https://github.com/golang/crypto/compare/v0.44.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-19 15:48:53 -06:00
Nate Brown	7aff313a17	Relax the restriction on routines from the config (#1531)	2025-11-19 13:10:11 -06:00
Jack Doan	297767b2e3	warn user if they configure a firewall rule that will allow way more traffic than you might expect (#1513) ... * warn user if they accidentally configure a firewall rule that will allow way more traffic than you might expect * add groups-contains-any warning	2025-11-19 11:06:34 -06:00
Nate Brown	99faab505c	Fix a potential bug with udp ipv4 only on darwin (#1532)	2025-11-19 09:56:58 -06:00
dependabot[bot]	584c2668b3	Bump golang.org/x/net in the golang-x-dependencies group (#1530) ... Bumps the golang-x-dependencies group with 1 update: [golang.org/x/net](https://github.com/golang/net). Updates `golang.org/x/net` from 0.46.0 to 0.47.0 - [Commits](https://github.com/golang/net/compare/v0.46.0...v0.47.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.47.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-18 21:25:03 -06:00
Wade Simmons	27ea667aee	add more tests around bits counters (#1441) ... Co-authored-by: Nate Brown <nbrown.us@gmail.com>	2025-11-18 16:42:21 -06:00
Hal Martin	4df8bcb1f5	nebula-cert: support reading CA passphrase from env (#1421) ... * nebula-cert: support reading CA passphrase from env This patch extends the `nebula-cert` command to support reading the CA passphrase from the environment variable `CA_PASSPHRASE`. Currently `nebula-cert` depends in an interactive session to obtain the CA passphrase. This presents a challenge for automation tools like ansible. With this change, ansible can store the CA passphrase in a vault and supply it to `nebula-cert` via the `CA_PASSPHRASE` environment variable for non-interactive signing. Signed-off-by: Hal Martin <1230969+halmartin@users.noreply.github.com> * name the variable NEBULA_CA_PASSPHRASE --------- Signed-off-by: Hal Martin <1230969+halmartin@users.noreply.github.com> Co-authored-by: JackDoan <me@jackdoan.com>	2025-11-17 14:41:08 -06:00
Wade Simmons	36c890eaad	populate default Build version if missing (#1386) ... * populate default Build version if missing Use the Go module information built into the binary if the Build var wasn't set during the build. This means if you install via a specific tag, you get: go install github.com/slackhq/nebula/cmd/nebula@v1.9.5 $ nebula -version Version: 1.9.5 And if you install master, you get: go install github.com/slackhq/nebula/cmd/nebula@master $ nebula -version Version: 1.9.5-0.20250408154034-18279ed17b10 * also default in the library * cleanup	2025-11-14 08:58:15 -05:00
dependabot[bot]	44001244f2	Bump github.com/gaissmai/bart from 0.25.0 to 0.26.0 (#1508) ... * Bump github.com/gaissmai/bart from 0.25.0 to 0.26.0 Bumps [github.com/gaissmai/bart](https://github.com/gaissmai/bart) from 0.25.0 to 0.26.0. - [Release notes](https://github.com/gaissmai/bart/releases) - [Commits](https://github.com/gaissmai/bart/compare/v0.25.0...v0.26.0) --- updated-dependencies: - dependency-name: github.com/gaissmai/bart dependency-version: 0.26.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix tests --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Wade Simmons <wsimmons@slack-corp.com>	2025-11-13 13:16:48 -05:00
Jack Doan	a89f95182c	Firewall types and cross-stack subnet stuff (#1509) ... * firewall can distinguish if the host connecting has an overlapping network, is a VPN peer without an overlapping network, or is a unsafe network * Cross stack subnet stuff (#1512) * experiment with not filtering out non-common addresses in hostinfo.networks * allow handshakes without overlaps * unsafe network test * change HostInfo.buildNetworks argument to reference the cert	2025-11-12 13:40:20 -06:00
dependabot[bot]	6a8a2992ff	Bump google.golang.org/protobuf in the protobuf-dependencies group (#1502) ... Bumps the protobuf-dependencies group with 1 update: google.golang.org/protobuf. Updates `google.golang.org/protobuf` from 1.36.8 to 1.36.10 --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-version: 1.36.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: protobuf-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-12 09:59:47 -06:00
dependabot[bot]	3d94dfe6a1	Bump the golang-x-dependencies group across 1 directory with 5 updates (#1526) ... Bumps the golang-x-dependencies group with 2 updates in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/sync](https://github.com/golang/sync). Updates `golang.org/x/crypto` from 0.43.0 to 0.44.0 - [Commits](https://github.com/golang/crypto/compare/v0.43.0...v0.44.0) Updates `golang.org/x/net` from 0.45.0 to 0.46.0 - [Commits](https://github.com/golang/net/compare/v0.45.0...v0.46.0) Updates `golang.org/x/sync` from 0.17.0 to 0.18.0 - [Commits](https://github.com/golang/sync/compare/v0.17.0...v0.18.0) Updates `golang.org/x/sys` from 0.37.0 to 0.38.0 - [Commits](https://github.com/golang/sys/compare/v0.37.0...v0.38.0) Updates `golang.org/x/term` from 0.36.0 to 0.37.0 - [Commits](https://github.com/golang/term/compare/v0.36.0...v0.37.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies - dependency-name: golang.org/x/net dependency-version: 0.46.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies - dependency-name: golang.org/x/sync dependency-version: 0.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies - dependency-name: golang.org/x/sys dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies - dependency-name: golang.org/x/term dependency-version: 0.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-12 09:55:34 -06:00
dependabot[bot]	3670e24fa0	Bump actions/checkout from 4 to 5 (#1450) ... Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-12 09:51:00 -06:00
dependabot[bot]	b348ee726e	Bump actions/download-artifact from 4 to 6 (#1516) ... Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 6. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v6) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-12 09:48:58 -06:00
dependabot[bot]	a941b65114	Bump actions/upload-artifact from 4 to 5 (#1515) ... Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-12 09:47:38 -06:00
dependabot[bot]	17101d425f	Bump golangci/golangci-lint-action from 8 to 9 (#1523) ... Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 8 to 9. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v8...v9) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-12 09:46:10 -06:00
Nate Brown	52f1908126	Don't log every blocklisted fingerprint (#1525)	2025-11-12 09:41:46 -06:00
Wade Simmons	48f1ae98ba	switch to go.yaml.in/yaml (#1478) ... The `gopkg.in/yaml.v3` library has been declared as Unmaintained: - https://github.com/go-yaml/yaml?tab=readme-ov-file#this-project-is-unmaintained The YAML org has taken over maintaining it and now publishes it as `go.yaml.in/yaml`: - https://github.com/yaml/go-yaml	2025-11-12 10:26:22 -05:00
Wade Simmons	97b3972c11	honor remote_allow_list in hole punch response (#1186) ... * honor remote_allow_ilst in hole punch response When we receive a "hole punch notification" from a Lighthouse, we send a hole punch packet to every remote of that host, even if we don't include those remotes in our "remote_allow_list". Change the logic here to check if the remote IP is in our allow list before sending the hole punch packet. * fix for netip * cleanup	2025-11-10 13:52:40 -05:00
Jack Doan	0f305d5397	don't block startup on failure to configure SSH (#1520)	2025-11-05 10:41:56 -06:00
Jack Doan	01909f4715	try to make certificate addition/removal reloadable in some cases (#1468) ... * try to make certificate addition/removal reloadable in some cases * very spicy change to respond to handshakes with cert versions we cannot match with a cert that we can indeed match * even spicier change to rehandshake if we detect our cert is lower-version than our peer, and we have a newer-version cert available * make tryRehandshake easier to understand	2025-11-03 19:38:44 -06:00
Jack Doan	770147264d	fix make bench (#1510)	2025-10-21 11:32:34 -05:00