34 Commits

Author	SHA1	Message	Date
JackDoan	5fa386bb70	test and stupid fix	2025-10-06 15:02:37 -05:00
JackDoan	dc3081ea49	nit	2025-10-02 09:31:42 -05:00
JackDoan	41273a94bb	even spicier change to rehandshake if we detect our cert is lower-version than our peer, and we have a newer-version cert available	2025-10-02 09:31:19 -05:00
JackDoan	0946831f88	very spicy change to respond to handshakes with cert versions we cannot match with a cert that we can indeed match	2025-10-02 09:31:19 -05:00
JackDoan	d2d3e21780	squish bug from cert removals	2025-10-02 09:31:19 -05:00
JackDoan	241b0a6d7f	don't wait forever	2025-10-02 09:31:19 -05:00
JackDoan	0721dde24b	working e2e test?!	2025-10-02 09:31:19 -05:00
Nate Brown	52623820c2	Drop inactive tunnels (#1427)	2025-07-03 09:58:37 -05:00
Wade Simmons	879852c32a	upgrade to yaml.v3 (#1148) ... * upgrade to yaml.v3 The main nice fix here is that maps unmarshal into `map[string]any` instead of `map[any]any`, so it cleans things up a bit. * add config.AsBool Since yaml.v3 doesn't automatically convert yes to bool now, for backwards compat * use type aliases for m * more cleanup * more cleanup * more cleanup * go mod cleanup	2025-03-31 16:08:34 -04:00
Caleb Jasik	088af8edb2	Enable running testifylint in CI (#1350)	2025-03-10 17:38:14 -05:00
Nate Brown	d97ed57a19	V2 certificate format (#1216) ... Co-authored-by: Nate Brown <nbrown.us@gmail.com> Co-authored-by: Jack Doan <jackdoan@rivian.com> Co-authored-by: brad-defined <77982333+brad-defined@users.noreply.github.com> Co-authored-by: Jack Doan <me@jackdoan.com>	2025-03-06 11:28:26 -06:00
Nate Brown	3e6c75573f	Fix static host map wrong responder situations, correct logging (#1259)	2024-10-23 14:28:02 -05:00
Nate Brown	08ac65362e	Cert interface (#1212)	2024-10-10 18:00:22 -05:00
Nate Brown	e264a0ff88	Switch most everything to netip in prep for ipv6 in the overlay (#1173)	2024-07-31 10:18:56 -05:00
Tristan Rice	1083279a45	add gvisor based service library (#965) ... * add service/ library	2023-11-21 11:50:18 -05:00
brad-defined	06b480e177	Fix relay migration (#964) ... * Fix for relay migration on rehandshaking issue. On rehandshake, the relay tunnel doesn't migrate to the new hostinfo object correctly, due to an incorrect Nebula IP sent in the CreateRelayRequest message. * Add a test for this case --------- Co-authored-by: Nate Brown <nbrown.us@gmail.com>	2023-09-05 09:29:27 -04:00
Wade Simmons	3d0da7c859	update mergo to 1.0.0 (#941) ... The mergo package has moved to a vanity URL. This causes fun issues with dependabot. Update to the new release: - https://github.com/darccio/mergo/releases/tag/v1.0.0 - https://github.com/darccio/mergo/compare/v0.3.15...v1.0.0	2023-08-02 14:00:20 -04:00
Nate Brown	9c6592b159	Guard e2e udp and tun channels when closed (#934)	2023-07-26 12:52:14 -05:00
Wade Simmons	e0185c4b01	Support NIST curve P256 (#769) ... * Support NIST curve P256 This change adds support for NIST curve P256. When you use `nebula-cert ca` or `nebula-cert keygen`, you can specify `-curve P256` to enable it. The curve to use is based on the curve defined in your CA certificate. Internally, we use ECDSA P256 to sign certificates, and ECDH P256 to do Noise handshakes. P256 is not supported natively in Noise Protocol, so we define `DHP256` in the `noiseutil` package to implement support for it. You cannot have a mixed network of Curve25519 and P256 certificates, since the Noise protocol will only attempt to parse using the Curve defined in the host's certificate. * verify the curves match in VerifyPrivateKey This would have failed anyways once we tried to actually use the bytes in the private key, but its better to detect the issue up front with a better error message. * add cert.Curve argument to Sign method * fix mismerge * use crypto/ecdh This is the preferred method for doing ECDH functions now, and also has a boringcrypto specific codepath. * remove other ecdh uses of crypto/elliptic use crypto/ecdh instead	2023-05-04 17:50:23 -04:00
Nate Brown	03e4a7f988	Rehandshaking (#838) ... Co-authored-by: Brad Higgins <brad@defined.net> Co-authored-by: Wade Simmons <wadey@slack-corp.com>	2023-05-04 15:16:37 -05:00
brad-defined	2801fb2286	Fix relay (#827) ... Co-authored-by: Nate Brown <nbrown.us@gmail.com>	2023-03-30 11:09:20 -05:00
Nate Brown	92cc32f844	Remove handshake race avoidance (#820) ... Co-authored-by: Wade Simmons <wadey@slack-corp.com>	2023-03-13 12:35:14 -05:00
Nate Brown	2ea360e5e2	Render hostmaps as mermaid graphs in e2e tests (#815)	2023-02-16 13:23:33 -06:00
Nate Brown	feb3e1317f	Add a simple benchmark to e2e tests (#739)	2022-09-01 09:44:58 -05:00
Nate Brown	0d1ee4214a	Add relay e2e tests and output some mermaid sequence diagrams (#691)	2022-06-27 12:33:29 -05:00
Nate Brown	bcabcfdaca	Rework some things into packages (#489)	2021-11-03 20:54:04 -05:00
Nate Brown	32cd9a93f1	Bump to go1.17 (#553)	2021-10-21 16:24:11 -05:00
Manuel Romei	3a8f533b24	refactor: use X25519 instead of ScalarBaseMult (#533) ... As suggested in https://pkg.go.dev/golang.org/x/crypto/curve25519#ScalarBaseMult, use X25519 instead of ScalarBaseMult. When using Basepoint, it may employ some precomputed values, enhancing performance. Co-authored-by: Wade Simmons <wade@wades.im> Co-authored-by: Wade Simmons <wadey@slack-corp.com>	2021-10-12 12:03:43 -04:00
Nathan Brown	710df6a876	Refactor remotes and handshaking to give every address a fair shot (#437)	2021-04-14 13:50:09 -05:00
Nathan Brown	64d8e5aa96	More LH cleanup (#429)	2021-04-01 10:23:31 -05:00
Nathan Brown	75f7bda0a4	Lighthouse performance pass (#418)	2021-03-31 17:32:02 -05:00
Nathan Brown	e7e55618ff	Include bad backets in the good handshake test (#428)	2021-03-31 13:36:10 -05:00
Nathan Brown	0c2e5973e1	Simple lie test (#427)	2021-03-31 10:26:35 -05:00
Nathan Brown	830d6d4639	Start of end to end testing with a good handshake between two nodes (#425)	2021-03-29 14:29:20 -05:00