v1.7.2 (#887 )

Update CHANGELOG for Nebula v1.7.2
Fix reconfig freeze attempting to send to an unbuffered, unread channel (#886 )
2025-11-22 00:15:37 +01:00 · 2023-06-01 11:05:07 -04:00 · 2023-05-31 16:05:46 -04:00 · 2023-05-23 13:24:33 -04:00 · 2023-05-18 15:39:24 -04:00 · 2023-05-18 14:13:32 -04:00
8 changed files with 86 additions and 107 deletions
--- a/.github/workflows/gofmt.yml
+++ b/.github/workflows/gofmt.yml
@@ -14,21 +14,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:

-    - name: Set up Go 1.20
-      uses: actions/setup-go@v2
-      with:
-        go-version: "1.20"
-      id: go
+    - uses: actions/checkout@v3

-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
-
-    - uses: actions/cache@v2
+    - uses: actions/setup-go@v4
      with:
-        path: ~/go/pkg/mod
-        key: ${{ runner.os }}-gofmt1.20-${{ hashFiles('**/go.sum') }}
-        restore-keys: |
-          ${{ runner.os }}-gofmt1.20-
+        go-version-file: 'go.mod'
+        check-latest: true

    - name: Install goimports
      run: |
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -10,13 +10,12 @@ jobs:
    name: Build Linux All
    runs-on: ubuntu-latest
    steps:
-      - name: Set up Go 1.20
-        uses: actions/setup-go@v2
-        with:
-          go-version: "1.20"
+      - uses: actions/checkout@v3

-      - name: Checkout code
-        uses: actions/checkout@v2
+      - uses: actions/setup-go@v4
+        with:
+          go-version-file: 'go.mod'
+          check-latest: true

      - name: Build
        run: |
@@ -34,13 +33,12 @@ jobs:
    name: Build Windows
    runs-on: windows-latest
    steps:
-      - name: Set up Go 1.20
-        uses: actions/setup-go@v2
-        with:
-          go-version: "1.20"
+      - uses: actions/checkout@v3

-      - name: Checkout code
-        uses: actions/checkout@v2
+      - uses: actions/setup-go@v4
+        with:
+          go-version-file: 'go.mod'
+          check-latest: true

      - name: Build
        run: |
@@ -68,13 +66,12 @@ jobs:
      HAS_SIGNING_CREDS: ${{ secrets.AC_USERNAME != '' }}
    runs-on: macos-11
    steps:
-      - name: Set up Go 1.20
-        uses: actions/setup-go@v2
-        with:
-          go-version: "1.20"
+      - uses: actions/checkout@v3

-      - name: Checkout code
-        uses: actions/checkout@v2
+      - uses: actions/setup-go@v4
+        with:
+          go-version-file: 'go.mod'
+          check-latest: true

      - name: Import certificates
        if: env.HAS_SIGNING_CREDS == 'true'
--- a/.github/workflows/smoke.yml
+++ b/.github/workflows/smoke.yml
@@ -18,21 +18,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:

-    - name: Set up Go 1.20
-      uses: actions/setup-go@v2
-      with:
-        go-version: "1.20"
-      id: go
+    - uses: actions/checkout@v3

-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
-
-    - uses: actions/cache@v2
+    - uses: actions/setup-go@v4
      with:
-        path: ~/go/pkg/mod
-        key: ${{ runner.os }}-go1.20-${{ hashFiles('**/go.sum') }}
-        restore-keys: |
-          ${{ runner.os }}-go1.20-
+        go-version-file: 'go.mod'
+        check-latest: true

    - name: build
      run: make bin-docker
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -18,21 +18,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:

-    - name: Set up Go 1.20
-      uses: actions/setup-go@v2
-      with:
-        go-version: "1.20"
-      id: go
+    - uses: actions/checkout@v3

-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
-
-    - uses: actions/cache@v2
+    - uses: actions/setup-go@v4
      with:
-        path: ~/go/pkg/mod
-        key: ${{ runner.os }}-go1.20-${{ hashFiles('**/go.sum') }}
-        restore-keys: |
-          ${{ runner.os }}-go1.20-
+        go-version-file: 'go.mod'
+        check-latest: true

    - name: Build
      run: make all
@@ -57,21 +48,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:

-    - name: Set up Go 1.20
-      uses: actions/setup-go@v2
-      with:
-        go-version: "1.20"
-      id: go
+    - uses: actions/checkout@v3

-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
-
-    - uses: actions/cache@v2
+    - uses: actions/setup-go@v4
      with:
-        path: ~/go/pkg/mod
-        key: ${{ runner.os }}-go1.20-${{ hashFiles('**/go.sum') }}
-        restore-keys: |
-          ${{ runner.os }}-go1.20-
+        go-version-file: 'go.mod'
+        check-latest: true

    - name: Build
      run: make bin-boringcrypto
@@ -90,21 +72,12 @@ jobs:
        os: [windows-latest, macos-11]
    steps:

-    - name: Set up Go 1.20
-      uses: actions/setup-go@v2
-      with:
-        go-version: "1.20"
-      id: go
+    - uses: actions/checkout@v3

-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
-
-    - uses: actions/cache@v2
+    - uses: actions/setup-go@v4
      with:
-        path: ~/go/pkg/mod
-        key: ${{ runner.os }}-go1.20-${{ hashFiles('**/go.sum') }}
-        restore-keys: |
-          ${{ runner.os }}-go1.20-
+        go-version-file: 'go.mod'
+        check-latest: true

    - name: Build nebula
      run: go build ./cmd/nebula
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ## [Unreleased]

+## [1.7.2] - 2023-06-01
+
+### Fixed
+
+- Fix a freeze during config reload if the `static_host_map` config was changed. (#886)
+
+## [1.7.1] - 2023-05-18
+
+### Fixed
+
+- Fix IPv4 addresses returned by `static_host_map` DNS lookup queries being
+  treated as IPv6 addresses. (#877)
+
 ## [1.7.0] - 2023-05-17

 ### Added
@@ -475,7 +488,9 @@ created.)

 - Initial public release.

-[Unreleased]: https://github.com/slackhq/nebula/compare/v1.7.0...HEAD
+[Unreleased]: https://github.com/slackhq/nebula/compare/v1.7.2...HEAD
+[1.7.2]: https://github.com/slackhq/nebula/releases/tag/v1.7.2
+[1.7.1]: https://github.com/slackhq/nebula/releases/tag/v1.7.1
 [1.7.0]: https://github.com/slackhq/nebula/releases/tag/v1.7.0
 [1.6.1]: https://github.com/slackhq/nebula/releases/tag/v1.6.1
 [1.6.0]: https://github.com/slackhq/nebula/releases/tag/v1.6.0
--- a/lighthouse.go
+++ b/lighthouse.go
@@ -262,6 +262,18 @@ func (lh *LightHouse) reload(c *config.C, initial bool) error {

 	//NOTE: many things will get much simpler when we combine static_host_map and lighthouse.hosts in config
 	if initial || c.HasChanged("static_host_map") || c.HasChanged("static_map.cadence") || c.HasChanged("static_map.network") || c.HasChanged("static_map.lookup_timeout") {
+		// Clean up. Entries still in the static_host_map will be re-built.
+		// Entries no longer present must have their (possible) background DNS goroutines stopped.
+		if existingStaticList := lh.staticList.Load(); existingStaticList != nil {
+			lh.RLock()
+			for staticVpnIp := range *existingStaticList {
+				if am, ok := lh.addrMap[staticVpnIp]; ok && am != nil {
+					am.hr.Cancel()
+				}
+			}
+			lh.RUnlock()
+		}
+		// Build a new list based on current config.
 		staticList := make(map[iputil.VpnIp]struct{})
 		err := lh.loadStaticMap(c, lh.myVpnNet, staticList)
 		if err != nil {
--- a/lighthouse_test.go
+++ b/lighthouse_test.go
@@ -12,6 +12,7 @@ import (
 	"github.com/slackhq/nebula/test"
 	"github.com/slackhq/nebula/udp"
 	"github.com/stretchr/testify/assert"
+	"gopkg.in/yaml.v2"
 )

 //TODO: Add a test to ensure udpAddr is copied and not reused
@@ -242,8 +243,17 @@ func TestLighthouse_reload(t *testing.T) {
 	lh, err := NewLightHouseFromConfig(context.Background(), l, c, &net.IPNet{IP: net.IP{10, 128, 0, 1}, Mask: net.IPMask{255, 255, 255, 0}}, nil, nil)
 	assert.NoError(t, err)

-	c.Settings["static_host_map"] = map[interface{}]interface{}{"10.128.0.2": []interface{}{"1.1.1.1:4242"}}
-	lh.reload(c, false)
+	nc := map[interface{}]interface{}{
+		"static_host_map": map[interface{}]interface{}{
+			"10.128.0.2": []interface{}{"1.1.1.1:4242"},
+		},
+	}
+	rc, err := yaml.Marshal(nc)
+	assert.NoError(t, err)
+	c.ReloadConfigString(string(rc))
+
+	err = lh.reload(c, false)
+	assert.NoError(t, err)
 }

 func newLHHostRequest(fromAddr *udp.Addr, myVpnIp, queryVpnIp iputil.VpnIp, lhh *LightHouseHandler) testLhReply {
--- a/remote_list.go
+++ b/remote_list.go
@@ -70,7 +70,7 @@ type hostnamesResults struct {
 	hostnames     []hostnamePort
 	network       string
 	lookupTimeout time.Duration
-	stop          chan struct{}
+	cancelFn      func()
 	l             *logrus.Logger
 	ips           atomic.Pointer[map[netip.AddrPort]struct{}]
 }
@@ -80,7 +80,6 @@ func NewHostnameResults(ctx context.Context, l *logrus.Logger, d time.Duration,
 		hostnames:     make([]hostnamePort, len(hostPorts)),
 		network:       network,
 		lookupTimeout: timeout,
-		stop:          make(chan (struct{})),
 		l:             l,
 	}

@@ -115,6 +114,8 @@ func NewHostnameResults(ctx context.Context, l *logrus.Logger, d time.Duration,

 	// Time for the DNS lookup goroutine
 	if performBackgroundLookup {
+		newCtx, cancel := context.WithCancel(ctx)
+		r.cancelFn = cancel
 		ticker := time.NewTicker(d)
 		go func() {
 			defer ticker.Stop()
@@ -154,9 +155,7 @@ func NewHostnameResults(ctx context.Context, l *logrus.Logger, d time.Duration,
 					onUpdate()
 				}
 				select {
-				case <-ctx.Done():
-					return
-				case <-r.stop:
+				case <-newCtx.Done():
 					return
 				case <-ticker.C:
 					continue
@@ -169,8 +168,8 @@ func NewHostnameResults(ctx context.Context, l *logrus.Logger, d time.Duration,
 }

 func (hr *hostnamesResults) Cancel() {
-	if hr != nil {
-		hr.stop <- struct{}{}
+	if hr != nil && hr.cancelFn != nil {
+		hr.cancelFn()
 	}
 }

@@ -582,20 +581,11 @@ func (r *RemoteList) unlockedCollect() {
 	dnsAddrs := r.hr.GetIPs()
 	for _, addr := range dnsAddrs {
 		if r.shouldAdd == nil || r.shouldAdd(addr.Addr()) {
-			switch {
-			case addr.Addr().Is4():
-				v4 := addr.Addr().As4()
-				addrs = append(addrs, &udp.Addr{
-					IP:   v4[:],
-					Port: addr.Port(),
-				})
-			case addr.Addr().Is6():
-				v6 := addr.Addr().As16()
-				addrs = append(addrs, &udp.Addr{
-					IP:   v6[:],
-					Port: addr.Port(),
-				})
-			}
+			v6 := addr.Addr().As16()
+			addrs = append(addrs, &udp.Addr{
+				IP:   v6[:],
+				Port: addr.Port(),
+			})
 		}
 	}
Author	SHA1	Message	Date
Nate Brown	57eb80e9fb	v1.7.2 (#887 ) Update CHANGELOG for Nebula v1.7.2	2023-06-01 11:05:07 -04:00
brad-defined	96f4dcaab8	Fix reconfig freeze attempting to send to an unbuffered, unread channel (#886 ) * Fixes a reocnfig freeze where the reconfig attempts to send to an unbuffered channel with no readers. Only create stop channel when a DNS goroutine is created, and only send when the channel exists. Buffer to size 1 so that the stop message can be immediately sent even if the goroutine is busy doing DNS lookups.	2023-05-31 16:05:46 -04:00
Wade Simmons	6d8c5f437c	GitHub actions update setup-go (#881 ) This does caching for us, so we can remove our manual caching of modules	2023-05-23 13:24:33 -04:00
John Maguire	165b671e70	v1.7.1 (#878 ) Update CHANGELOG for Nebula v1.7.1	2023-05-18 15:39:24 -04:00
brad-defined	6be0bad68a	Fix static_host_map DNS lookup Linux issue - put v4 addr into v6 slice(#877 )	2023-05-18 14:13:32 -04:00