personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2025-11-12 00:23:58 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
556 Commits 31 Branches 22 Tags
Commit Graph

556 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nate Brown
6a96df18cc
Change allow list to evaluate all vpnaddr tables when available (#1330) 2025-02-24 09:44:41 -06:00
Nate Brown
fbff6a1487
More correct ipv6 header parsing (#1323) 2025-02-04 16:36:34 -06:00
Nate Brown
e4daed3563
Make sure all vpnAddrs are hoisted to primary, resolve a few more TODOs (#1319) 2025-01-30 13:33:19 -06:00
Nate Brown
1ad0f57c1e
Remove unusable networks from remote tunnels at handshake time (#1318) 2025-01-27 16:40:11 -06:00
Nate Brown
84dd988f01
Cert v2 more todos (#1316) 2025-01-27 13:22:49 -06:00
Jack Doan
8704047395
enforce certificate correctness in TBSCertificate.SignWith (#1266) 
* enforce certificate correctness in TBSCertificate.SignWith

* check length, not nil

* Address review comments

* github hates me

---------

Co-authored-by: Nate Brown <nbrown.us@gmail.com>
Co-authored-by: Jack Doan <me@jackdoan.com>
 2025-01-09 16:13:10 -06:00
Jack Doan
3f31517018
[cert-v2] nebula-cert should verify all certs (#1291) 2025-01-06 15:07:55 -06:00
brad-defined
21a117a156
Reestablish relays when last hop fails (#1270) 2024-11-15 10:41:07 -06:00
Nate Brown
9d310e72c2
Resolve some todos (#1274) 2024-11-15 10:11:34 -06:00
Jack Doan
5380fef7b0
[cert-v2] punchy-respond on an address in common with the querying host (#1261) 2024-11-12 21:14:44 -06:00
Jack Doan
602dca8508
fix the tun_linux.go bug where we would crash if setting default mtu didn't work on the first try (#1268) 2024-11-11 21:15:37 -06:00
Jack Doan
2b1a59c779
address cert-v2 lighthouse TODOs (#1267) 2024-11-11 21:14:41 -06:00
brad-defined
028d31c011
deduplicate relays (#1265) 2024-11-05 12:52:01 -05:00
Jack Doan
8adba3960b finish off cert-v2 TODOs 2024-11-05 11:00:10 -05:00
Jack Doan
50850eeaf2 resolve setSignature TODO 2024-11-05 09:12:30 -05:00
Nate Brown
f30085eab8
Fixup cert package tests (#1253) 2024-10-31 15:41:52 -05:00
Nate Brown
f2c32421c4 Support for ipv6 in the overlay with v2 certificates 
---------

Co-authored-by: Jack Doan <jackdoan@rivian.com>
 2024-10-23 22:25:20 -05:00
Nate Brown
3e6c75573f
Fix static host map wrong responder situations, correct logging (#1259) 2024-10-23 14:28:02 -05:00
dependabot[bot]
3f6a7cb250
Bump google.golang.org/protobuf in the protobuf-dependencies group (#1250) 
Bumps the protobuf-dependencies group with 1 update: google.golang.org/protobuf.


Updates `google.golang.org/protobuf` from 1.34.2 to 1.35.1

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: protobuf-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-11 13:05:58 -04:00
dependabot[bot]
37415d57d0
Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.4 (#1228) 
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.19.1 to 1.20.4.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.19.1...v1.20.4)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-11 12:50:31 -04:00
dependabot[bot]
d3bf09ef8e
Bump github.com/gaissmai/bart from 0.11.1 to 0.13.0 (#1231) 
Bumps [github.com/gaissmai/bart](https://github.com/gaissmai/bart) from 0.11.1 to 0.13.0.
- [Release notes](https://github.com/gaissmai/bart/releases)
- [Commits](https://github.com/gaissmai/bart/compare/v0.11.1...v0.13.0)

---
updated-dependencies:
- dependency-name: github.com/gaissmai/bart
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-11 11:38:40 -04:00
dependabot[bot]
999418d0e9
Bump github.com/miekg/dns from 1.1.61 to 1.1.62 (#1201) 
Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.61 to 1.1.62.
- [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release)
- [Commits](https://github.com/miekg/dns/compare/v1.1.61...v1.1.62)

---
updated-dependencies:
- dependency-name: github.com/miekg/dns
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-11 11:36:43 -04:00
dependabot[bot]
97dd8c53c9
Bump github.com/vishvananda/netlink from 1.2.1-beta.2 to 1.3.0 (#1211) 
Bumps [github.com/vishvananda/netlink](https://github.com/vishvananda/netlink) from 1.2.1-beta.2 to 1.3.0.
- [Release notes](https://github.com/vishvananda/netlink/releases)
- [Commits](https://github.com/vishvananda/netlink/compare/v1.2.1-beta.2...v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/vishvananda/netlink
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-11 11:35:43 -04:00
dependabot[bot]
9c175b4faf
Bump the golang-x-dependencies group across 1 directory with 4 updates (#1237) 
Bumps the golang-x-dependencies group with 2 updates in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/net](https://github.com/golang/net).


Updates `golang.org/x/crypto` from 0.26.0 to 0.28.0
- [Commits](https://github.com/golang/crypto/compare/v0.26.0...v0.28.0)

Updates `golang.org/x/net` from 0.28.0 to 0.30.0
- [Commits](https://github.com/golang/net/compare/v0.28.0...v0.30.0)

Updates `golang.org/x/sys` from 0.24.0 to 0.26.0
- [Commits](https://github.com/golang/sys/compare/v0.24.0...v0.26.0)

Updates `golang.org/x/term` from 0.23.0 to 0.25.0
- [Commits](https://github.com/golang/term/compare/v0.23.0...v0.25.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-11 09:01:42 -04:00
Nate Brown
08ac65362e
Cert interface (#1212) 2024-10-10 18:00:22 -05:00
dependabot[bot]
16eaae306a
Bump dario.cat/mergo from 1.0.0 to 1.0.1 (#1200) 
Bumps [dario.cat/mergo](https://github.com/imdario/mergo) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/imdario/mergo/releases)
- [Commits](https://github.com/imdario/mergo/compare/v1.0.0...v1.0.1)

---
updated-dependencies:
- dependency-name: dario.cat/mergo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-09 17:53:26 -04:00
Jack Doan
35603d1c39
add PKCS11 support (#1153) 
* add PKCS11 support

* add pkcs11 build option to the makefile, add a stub pkclient to avoid forcing CGO onto people

* don't print the pkcs11 option on nebula-cert keygen if not compiled in

* remove linux-arm64-pkcs11 from the all target to fix CI

* correctly serialize ec keys

* nebula-cert: support PKCS#11 for sign and ca

* fix gofmt lint

* clean up some logic with regard to closing sessions

* pkclient: handle empty correctly for TPM2

* Update Makefile and Actions

---------

Co-authored-by: Morgan Jones <me@numin.it>
Co-authored-by: John Maguire <contact@johnmaguire.me>
 2024-09-09 17:51:58 -04:00
Wade Simmons
ab81b62ea0
v1.9.4 (#1210) 
Update CHANGELOG for Nebula v1.9.4
v1.9.4 		2024-09-09 14:11:44 -04:00
dependabot[bot]
45bbad2f21
Bump the golang-x-dependencies group with 4 updates (#1195) 
Bumps the golang-x-dependencies group with 4 updates: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/net](https://github.com/golang/net), [golang.org/x/sys](https://github.com/golang/sys) and [golang.org/x/term](https://github.com/golang/term).


Updates `golang.org/x/crypto` from 0.25.0 to 0.26.0
- [Commits](https://github.com/golang/crypto/compare/v0.25.0...v0.26.0)

Updates `golang.org/x/net` from 0.27.0 to 0.28.0
- [Commits](https://github.com/golang/net/compare/v0.27.0...v0.28.0)

Updates `golang.org/x/sys` from 0.23.0 to 0.24.0
- [Commits](https://github.com/golang/sys/compare/v0.23.0...v0.24.0)

Updates `golang.org/x/term` from 0.22.0 to 0.23.0
- [Commits](https://github.com/golang/term/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-03 16:47:36 -04:00
Jack Doan
3dc56e1184
Support UDP dialling with gvisor (#1181) 2024-08-26 12:38:32 -05:00
Wade Simmons
0736cfa562
udp: fix endianness for port (#1194) 
If the host OS is already big endian, we were swapping bytes when we
shouldn't have. Use the Go helper to make sure we do the endianness
correctly

Fixes: #1189
 2024-08-14 12:53:00 -04:00
Jack Doan
248cf194cd
fix integer wraparound in the calculation of handshake timeouts on 32-bit targets (#1185) 
Fixes: #1169
 2024-08-13 09:25:18 -04:00
dependabot[bot]
8a6a0f0636
Bump the golang-x-dependencies group with 2 updates (#1190) 
Bumps the golang-x-dependencies group with 2 updates: [golang.org/x/sync](https://github.com/golang/sync) and [golang.org/x/sys](https://github.com/golang/sys).


Updates `golang.org/x/sync` from 0.7.0 to 0.8.0
- [Commits](https://github.com/golang/sync/compare/v0.7.0...v0.8.0)

Updates `golang.org/x/sys` from 0.22.0 to 0.23.0
- [Commits](https://github.com/golang/sys/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-07 11:58:46 -04:00
Wade Simmons
f5f6c269ac
fix rare panic when local index collision happens (#1191) 
A local index collision happens when two tunnels attempt to use the same
random int32 index ID. This is a rare chance, and we have code to deal
with it, but we have a panic because we return the wrong thing in this
case. This change should fix the panic.
 2024-08-07 11:53:32 -04:00
brad-defined
9a63fa0a07
Make some Nebula state programmatically available via control object (#1188) 2024-08-01 13:40:05 -04:00
Nate Brown
e264a0ff88
Switch most everything to netip in prep for ipv6 in the overlay (#1173) 2024-07-31 10:18:56 -05:00
dependabot[bot]
00458302ca
Bump the golang-x-dependencies group with 4 updates (#1174) 
Bumps the golang-x-dependencies group with 4 updates: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/net](https://github.com/golang/net), [golang.org/x/sys](https://github.com/golang/sys) and [golang.org/x/term](https://github.com/golang/term).


Updates `golang.org/x/crypto` from 0.24.0 to 0.25.0
- [Commits](https://github.com/golang/crypto/compare/v0.24.0...v0.25.0)

Updates `golang.org/x/net` from 0.26.0 to 0.27.0
- [Commits](https://github.com/golang/net/compare/v0.26.0...v0.27.0)

Updates `golang.org/x/sys` from 0.21.0 to 0.22.0
- [Commits](https://github.com/golang/sys/compare/v0.21.0...v0.22.0)

Updates `golang.org/x/term` from 0.21.0 to 0.22.0
- [Commits](https://github.com/golang/term/compare/v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-29 11:42:33 -04:00
Wade Simmons
e6009b8491
github actions: use macos-latest (#1171) 
macos-11 was deprecated and removed:

> The macos-11 label has been deprecated and will no longer be available after 28 June 2024.

We can just use macos-latest instead.
 2024-07-02 11:50:51 -04:00
dependabot[bot]
b9aace1e58
Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 (#1147) 
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.19.0 to 1.19.1.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-24 14:54:51 -04:00
dependabot[bot]
a76723eaf5
Bump Apple-Actions/import-codesign-certs from 2 to 3 (#1146) 
Bumps [Apple-Actions/import-codesign-certs](https://github.com/apple-actions/import-codesign-certs) from 2 to 3.
- [Release notes](https://github.com/apple-actions/import-codesign-certs/releases)
- [Commits](https://github.com/apple-actions/import-codesign-certs/compare/v2...v3)

---
updated-dependencies:
- dependency-name: Apple-Actions/import-codesign-certs
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-24 14:54:05 -04:00
Caleb Jasik
8109cf2170
Add puncuation to doc comment (#1164) 
* Add puncuation to doc comment

* Fix list formatting inside `EncryptDanger` doc comment
 2024-06-24 14:50:17 -04:00
Wade Simmons
97e9834f82
cleanup SK_MEMINFO vars (#1162) 
We had to manually define these types before, but the latest release of
`golang.org/x/sys` adds these definitions:

- 6dfb94eaa3

Since we just updated with this PR, we can clean this up now:

- https://github.com/slackhq/nebula/pull/1161
 2024-06-24 14:47:14 -04:00
dependabot[bot]
506ba5ab5b
Bump github.com/miekg/dns from 1.1.59 to 1.1.61 (#1168) 
Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.59 to 1.1.61.
- [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release)
- [Commits](https://github.com/miekg/dns/compare/v1.1.59...v1.1.61)

---
updated-dependencies:
- dependency-name: github.com/miekg/dns
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-24 14:46:27 -04:00
dependabot[bot]
d372df56ab
Bump google.golang.org/protobuf in the protobuf-dependencies group (#1167) 
Bumps the protobuf-dependencies group with 1 update: google.golang.org/protobuf.


Updates `google.golang.org/protobuf` from 1.34.1 to 1.34.2

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: protobuf-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-24 14:45:52 -04:00
dependabot[bot]
40cfd00e87
Bump the golang-x-dependencies group with 4 updates (#1161) 
Bumps the golang-x-dependencies group with 4 updates: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/net](https://github.com/golang/net), [golang.org/x/sys](https://github.com/golang/sys) and [golang.org/x/term](https://github.com/golang/term).


Updates `golang.org/x/crypto` from 0.23.0 to 0.24.0
- [Commits](https://github.com/golang/crypto/compare/v0.23.0...v0.24.0)

Updates `golang.org/x/net` from 0.25.0 to 0.26.0
- [Commits](https://github.com/golang/net/compare/v0.25.0...v0.26.0)

Updates `golang.org/x/sys` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/sys/compare/v0.20.0...v0.21.0)

Updates `golang.org/x/term` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/term/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-10 16:08:43 -04:00
Wade Simmons
b14bad586a
v1.9.3 (#1160) 
Update CHANGELOG for Nebula v1.9.3
v1.9.3 		2024-06-06 13:17:07 -04:00
Wade Simmons
4c066d8c32
initialize messageCounter to 2 instead of verifying later (#1156) 
Clean up the messageCounter checks added in #1154. Instead of checking that
messageCounter is still at 2, just initialize it to 2 and only increment for
non-handshake messages. Handshake packets will always be packets 1 and 2.
 2024-06-06 13:03:07 -04:00
Wade Simmons
249ae41fec
v1.9.2 (#1155) 
Update CHANGELOG for Nebula v1.9.2
v1.9.2 		2024-06-03 15:50:02 -04:00
Wade Simmons
d9cae9e062
ensure messageCounter is set before handshake is complete (#1154) 
Ensure we set messageCounter to 2 before the handshake is marked as
complete.
 2024-06-03 15:40:51 -04:00
Wade Simmons
a92056a7db
v1.9.1 (#1152) 
Update CHANGELOG for Nebula v1.9.1
v1.9.1 		2024-05-29 14:06:46 -04:00