JackDoan
b0f139b578
remove udp-level RX reorder buf
2026-05-11 11:32:57 -05:00
JackDoan
e3e8622b98
disable sort-on-RX, CPU pinning seems to work for now
2026-05-11 11:32:57 -05:00
JackDoan
6a46a2913a
GSO/GRO offloads, with TCP+ECN and UDP support
2026-05-11 11:32:57 -05:00
JackDoan
4b4331ba42
better and batched tun interface
2026-05-11 11:32:57 -05:00
Nate Brown
696903d6d9
Add a way to set the network type on windows + tests ( #1710 )
gofmt / Run gofmt (push) Failing after 2s
smoke-extra / freebsd-amd64 (push) Failing after 2s
smoke-extra / linux-amd64-ipv6disable (push) Failing after 3s
smoke-extra / netbsd-amd64 (push) Failing after 3s
smoke-extra / openbsd-amd64 (push) Failing after 3s
smoke-extra / linux-386 (push) Failing after 3s
smoke / Run multi node smoke test (push) Failing after 2s
Build and test / Build all and test on ubuntu-linux (push) Failing after 3s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
smoke-extra / Run windows smoke test (push) Has been cancelled
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2026-05-07 20:17:38 -05:00
Nate Brown
b7e9939e92
More stable e2e test harness, better for benchmarking ( #1702 )
gofmt / Run gofmt (push) Failing after 2s
smoke-extra / Run extra smoke tests (push) Failing after 2s
smoke / Run multi node smoke test (push) Failing after 3s
Build and test / Build all and test on ubuntu-linux (push) Failing after 2s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2s
Build and test / Build and test on linux with pkcs11 (push) Failing after 3s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2026-05-04 10:12:58 -05:00
Nate Brown
d0f02ba873
Switch to slog, remove logrus ( #1672 )
2026-04-27 09:41:47 -05:00
Nate Brown
5f00ab4b74
Fix e2e tests writing after the tester tun is closed causing a panic ( #1681 )
gofmt / Run gofmt (push) Failing after 3s
smoke-extra / Run extra smoke tests (push) Failing after 3s
smoke / Run multi node smoke test (push) Failing after 3s
Build and test / Build all and test on ubuntu-linux (push) Failing after 2s
Build and test / Build and test on linux with boringcrypto (push) Failing after 3s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2026-04-22 17:18:06 -05:00
Jack Doan
e80b9830a3
Remove more os.Exit calls and give a more reliable wait for stop function (attempt 3) ( #1661 )
2026-04-20 16:08:26 -05:00
Jack Doan
b3194236aa
udp_linux: wrap socket operations with syscall.RawConn for clean teardown ( #1654 )
...
gofmt / Run gofmt (push) Failing after 3s
smoke-extra / Run extra smoke tests (push) Failing after 2s
smoke / Run multi node smoke test (push) Failing after 3s
Build and test / Build all and test on ubuntu-linux (push) Failing after 3s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
remove runtime.LockOSThread() because it makes things worse now
remove the "custom" Write() method from tun_linux.go, the stdlib path via os.File performs better
We should change our guidance around number of routines, ~2 per thread (that you wish to use for Nebula) seems to be about right now
2026-04-14 18:25:24 -05:00
Nate Brown
69259e6307
Quietly log error on UDP_NETRESET ioctl on Windows. ( #1453 ) ( #1568 )
...
gofmt / Run gofmt (push) Failing after 3s
smoke-extra / Run extra smoke tests (push) Failing after 2s
smoke / Run multi node smoke test (push) Failing after 2s
Build and test / Build all and test on ubuntu-linux (push) Failing after 2s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
Co-authored-by: brad-defined <77982333+brad-defined@users.noreply.github.com >
2026-01-09 10:35:09 -06:00
Nate Brown
7aff313a17
Relax the restriction on routines from the config ( #1531 )
2025-11-19 13:10:11 -06:00
Nate Brown
99faab505c
Fix a potential bug with udp ipv4 only on darwin ( #1532 )
2025-11-19 09:56:58 -06:00
Nate Brown
52623820c2
Drop inactive tunnels ( #1427 )
2025-07-03 09:58:37 -05:00
Nate Brown
c2420642a0
Darwin udp fix ( #1428 )
2025-07-02 15:50:22 -05:00
brad-defined
b3a1f7b0a3
Disable UDP receive error returns due to ICMP messages on Windows. ( #1412 ) ( #1415 )
2025-07-02 11:37:41 -04:00
jampe
1d3c85338c
add so_mark sockopt support ( #1331 )
gofmt / Run gofmt (push) Successful in 10s
smoke-extra / Run extra smoke tests (push) Failing after 20s
smoke / Run multi node smoke test (push) Failing after 1m29s
Build and test / Build all and test on ubuntu-linux (push) Failing after 19m23s
Build and test / Build and test on linux with boringcrypto (push) Failing after 2m45s
Build and test / Build and test on linux with pkcs11 (push) Failing after 3m39s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
2025-03-12 09:35:33 -05:00
Nate Brown
d97ed57a19
V2 certificate format ( #1216 )
...
Co-authored-by: Nate Brown <nbrown.us@gmail.com >
Co-authored-by: Jack Doan <jackdoan@rivian.com >
Co-authored-by: brad-defined <77982333+brad-defined@users.noreply.github.com >
Co-authored-by: Jack Doan <me@jackdoan.com >
2025-03-06 11:28:26 -06:00
Wade Simmons
0736cfa562
udp: fix endianness for port ( #1194 )
...
If the host OS is already big endian, we were swapping bytes when we
shouldn't have. Use the Go helper to make sure we do the endianness
correctly
Fixes : #1189
2024-08-14 12:53:00 -04:00
Nate Brown
e264a0ff88
Switch most everything to netip in prep for ipv6 in the overlay ( #1173 )
2024-07-31 10:18:56 -05:00
Wade Simmons
97e9834f82
cleanup SK_MEMINFO vars ( #1162 )
...
We had to manually define these types before, but the latest release of
`golang.org/x/sys` adds these definitions:
- 6dfb94eaa3https://github.com/slackhq/nebula/pull/1161
2024-06-24 14:47:14 -04:00
fyl
5f17db5dfa
Add support for LoongArch64 ( #1003 )
2024-04-30 09:55:44 -05:00
mrx
0f0534d739
Fix UDP listener on IPv4-only Linux ( #787 )
...
On some systems, IPv6 is disabled (for example, CIS benchmark recommends to disable it when not used), but currently all UDP connections are using AF_INET6 sockets.
When we are binding AF_INET6 socket to an address like ::ffff:1.2.3.4 (IPv4 addresses are parsed by net.ParseIP this way), we can't send or receive IPv6 packets anyway, so this will not break any scenarios.
---------
Co-authored-by: Wade Simmons <wsimmons@slack-corp.com >
2024-01-30 15:08:14 -05:00
Nate Brown
f7e392995a
Fix rebind to not put the socket in blocking mode ( #972 )
2023-09-07 11:56:09 -05:00
Nate Brown
0bffa76b5e
Build for openbsd ( #812 )
2023-07-27 14:27:35 -05:00
c0repwn3r
03e70210a5
Add support for NetBSD ( #916 )
2023-07-27 13:44:47 -05:00
Nate Brown
9c6592b159
Guard e2e udp and tun channels when closed ( #934 )
2023-07-26 12:52:14 -05:00
Nate Brown
a3e59a38ef
Use registered io on Windows when possible ( #905 )
2023-07-10 12:43:48 -05:00
Nate Brown
3bbf5f4e67
Use an interface for udp conns ( #901 )
2023-06-14 10:48:52 -05:00
brad-defined
9b03053191
update EncReader and EncWriter interface function args to have concrete types ( #844 )
...
* Update LightHouseHandlerFunc to remove EncWriter param.
* Move EncWriter to interface
* EncReader, too
2023-04-07 14:28:37 -04:00
Nate Brown
3cb4e0ef57
Allow listen.host to contain names ( #825 )
2023-04-05 11:29:26 -05:00
brad-defined
2801fb2286
Fix relay ( #827 )
...
Co-authored-by: Nate Brown <nbrown.us@gmail.com >
2023-03-30 11:09:20 -05:00
Wade Simmons
e1af37e46d
add calculated_remotes ( #759 )
...
* add calculated_remotes
This setting allows us to "guess" what the remote might be for a host
while we wait for the lighthouse response. For networks that hard
designed with in mind, it can help speed up handshake performance, as well as
improve resiliency in the case that all lighthouses are down.
Example:
lighthouse:
# ...
calculated_remotes:
# For any Nebula IPs in 10.0.10.0/24, this will apply the mask and add
# the calculated IP as an initial remote (while we wait for the response
# from the lighthouse). Both CIDRs must have the same mask size.
# For example, Nebula IP 10.0.10.123 will have a calculated remote of
# 192.168.1.123
10.0.10.0/24:
- mask: 192.168.1.0/24
port: 4242
* figure out what is up with this test
* add test
* better logic for sending handshakes
Keep track of the last light of hosts we sent handshakes to. Only log
handshake sent messages if the list has changed.
Remove the test Test_NewHandshakeManagerTrigger because it is faulty and
makes no sense. It relys on the fact that no handshake packets actually
get sent, but with these changes we would send packets now (which it
should!)
* use atomic.Pointer
* cleanup to make it clearer
* fix typo in example
2023-03-13 15:09:08 -04:00
Nate Brown
92cc32f844
Remove handshake race avoidance ( #820 )
...
Co-authored-by: Wade Simmons <wadey@slack-corp.com >
2023-03-13 12:35:14 -05:00
Nate Brown
feb3e1317f
Add a simple benchmark to e2e tests ( #739 )
2022-09-01 09:44:58 -05:00
Nate Brown
0d1ee4214a
Add relay e2e tests and output some mermaid sequence diagrams ( #691 )
2022-06-27 12:33:29 -05:00
brad-defined
1a7c575011
Relay ( #678 )
...
Co-authored-by: Wade Simmons <wsimmons@slack-corp.com >
2022-06-21 13:35:23 -05:00
Nate Brown
bcabcfdaca
Rework some things into packages ( #489 )
2021-11-03 20:54:04 -05:00
