Commit Graph

126 Commits

Author SHA1 Message Date
Ryan Huber a91a40212d
check that packet isn't bound for my vpn ip (#192) 2020-02-21 16:49:54 -08:00
Wade Simmons 179a369130
add configuration options for HandshakeManager (#179)
This change exposes the current constants we have defined for the handshake
manager as configuration options. This will allow us to test and tweak
with different intervals and wait rotations.

    # Handshake Manger Settings
    handshakes:
      # Total time to try a handshake = sequence of `try_interval * retries`
      # With 100ms interval and 20 retries it is 23.5 seconds
      try_interval: 100ms
      retries: 20

      # wait_rotation is the number of handshake attempts to do before starting to try non-local IP addresses
      wait_rotation: 5
2020-02-21 16:25:11 -05:00
Wade Simmons df69371620
use absolute paths on darwin and windows (#191)
We want to make sure to use the system binaries, and not whatever is in
the PATH.
2020-02-21 15:25:33 -05:00
Wade Simmons eda344d88f
add logging.timestamp_format config option (#187)
This change introduces logging.timestamp_format, which allows
configuration of the Logrus TimestampFormat setting. The primary purpose
of this change was to allow logging with millisecond precision. The
default for `text` and `json` formats remains the same for backwards
compatibility.

timestamp format is specified in Go time format, see:

 - https://golang.org/pkg/time/#pkg-constants

Default when `format: json`: "2006-01-02T15:04:05Z07:00" (RFC3339)
Default when `format: text`:
  when TTY attached: seconds since beginning of execution
  otherwise: "2006-01-02T15:04:05Z07:00" (RFC3339)

As an example, to log as RFC3339 with millisecond precision, set to:

    logging:
        timestamp_format: "2006-01-02T15:04:05.000Z07:00"
2020-02-21 15:25:00 -05:00
Wade Simmons 065e2ff88a
update golang.org/x/crypto (#188)
This version contains a fix for CVE-2020-9283, a remote crash bug:

- https://groups.google.com/forum/#!msg/golang-announce/3L45YRc91SY/ywEPcKLnGQAJ
2020-02-20 14:49:55 -05:00
Nathan Brown 45a5de2719
Print the udp listen address on startup (#181) 2020-02-06 21:17:43 -08:00
Wade Simmons 2d24ef7166
validate lighthouses and static hosts are in our subnet (#170)
Validate all lighthouse.hosts and static_host_map VPN IPs are in the
subnet defined in our cert. Exit with a fatal error if they are not in
our subnet, as this is an invalid configuration (we will not have the
proper routes set up to communicate with these hosts).

This error case could occur for the following invalid example:

    nebula-cert sign -name "lighthouse" -ip "10.0.1.1/24"
    nebula-cert sign -name "host" -ip "10.0.2.1/24"

    config.yaml:

        static_host_map:
            "10.0.1.1": ["lighthouse.local:4242"]
        lighthouse:
          hosts:
            - "10.0.1.1"

We will now return a fatal error for this config, since `10.0.1.1` is
not in the host cert's subnet of `10.0.2.1/24`
2020-01-20 15:52:55 -05:00
Wade Simmons 13941aa723
Prepare for 1.1.0 release. (#167)
Update the changelog to mark today as the release day for 1.1.0.
2020-01-17 12:29:42 -05:00
Wade Simmons 672edcaf73
add CHANGELOG.md (#166)
This is the initial creation of a CHANGELOG. When we are ready to cut
a release we can change the version at the top and update the links at
the bottom.
2020-01-17 09:23:54 -05:00
Ryan Huber 25bf80d8d3
add new invite link without expiration date (#165)
merging because link doesn't work rn and this is not a code change.
2020-01-16 10:09:45 -06:00
Alan Lam 5c126cd42b
conform to new build format for vagrant (#153)
* conform to new build format for vagrant
2020-01-08 11:32:28 -08:00
Ryan Huber 91f7b9c049
Update README.md
fix readme
2020-01-07 12:40:25 -06:00
Stephan 1592da921d fix(nebula-cert): flag duration is optional, so reflect this is the cli help (#117)
* fix: nebula-cert duration is optional, so reflect this is the cli help

nebula-cert sign defaults the duration flag to 1 second before the CA expires, so it is not required to be provided.

* tests: Fix test for duration flag help message

* nebula-cert: add duration default value hint
2020-01-06 10:51:29 -08:00
Chad Harp 4e0da13180 Support unsafe_routes on Darwin (#139)
* Support unsafe_routes on darwin

* fix formatting in tun_darwin.go (spaces to tabs)
2020-01-06 10:09:56 -08:00
Gábor Lipták e9b0498b21 Correct typo (#150) 2020-01-06 09:14:11 -08:00
Chad Harp efe741ad66 Allow ValidateLHStaticEntries to check all static host map entries (#141)
* Allow ValidateLHStaticEntries to check all static host map entries

* Cleaner fix for ValidateLHStaticEntries
2020-01-02 21:04:18 -05:00
Ryan Huber fd8ad5d0d7
Merge pull request #133 from slackhq/interval_zero_check
if interval is 0 don't even update lh (mobile use case)
2019-12-26 15:57:01 -06:00
Ryan Huber df8e45c13b if interval is 0 don't even update lh (mobile use case) 2019-12-26 21:12:31 +00:00
Wade Simmons 0eb5ce6b41
better windows targets in Makefile (#125)
This restores `make bin-windows` and also adds `make
build/nebula-windows-amd64.zip` to build the zip file.

Co-authored-by: Ryan Huber <rhuber@gmail.com>
2019-12-21 09:31:48 -05:00
Wade Simmons 8ed8419584
GitHub Action: add release script (#124)
This script will be triggered by any tag starting with `v[0-9]+.[0-9]+.[0-9]+` (i.e.
v1.1.0). It will create all of the .tar.gz files (or .zip for windows). The amd64 binaries will be
compiled on their target systems, the rest of the Linux architecures
will be cross compiled from the Linux amd64 host.

A SHASUM256.txt will also be generated and attached to the release.
2019-12-21 01:15:41 -05:00
Wade Simmons e728b81573
Merge pull request #122 from slackhq/better-makefile
Makefile improvements
2019-12-20 14:15:58 -05:00
Wade Simmons 4c1725772b make arm builds specific 2019-12-20 14:08:18 -05:00
Wade Simmons f6aabf14a6 fix whitespace 2019-12-20 13:55:15 -05:00
Wade Simmons bc7b3895f9 Makefile improvements
Simplify the makefile by using implicit rules. The new structure for the
build directory when using `make all` or `make release` is:

    build/$GOOS-$GOARCH-$GOARM/nebula

(The GOARM part is optional, and only used for linux-arm-6)

So, releases end up like `nebula-linux-amd64.tar.gz` or
`nebula-linux-arm-6.tar.gz`

This change also adds `-trimpath` to the build, to make the pathnames
more generic in our releases.
2019-12-20 13:48:41 -05:00
Nathan Brown fe8a71ed59
Merge pull request #121 from slackhq/txq-err
Make linux tx queue length an error log instead of a fatal on error
2019-12-20 09:21:46 -08:00
Nate Brown 9db16d226c Make linux tx queue length an error log instead of a fatal on error 2019-12-20 09:10:26 -08:00
Ryan Huber fe58cedd2e
Merge pull request #120 from slackhq/add_slack_link
add invitation link to readme
2019-12-20 08:33:38 -08:00
Ryan Huber 7ee692663d add invitation link to readme 2019-12-20 16:28:17 +00:00
Nathan Brown e465b13045
Merge pull request #113 from slackhq/fw-ca
Fixes the issues with caSha and caName
2019-12-19 09:06:50 -08:00
Nate Brown 2d8a8143de Actual fix for the real issue with tests 2019-12-18 21:23:59 -08:00
Nathan Brown b39fab3043
Merge pull request #114 from slackhq/mtu-optional
Move tun mtu failing to an error log instead of fatal
2019-12-18 16:57:40 -08:00
Nate Brown 55525654a8 Move tun mtu failing to an error log instead of fatal 2019-12-18 16:51:59 -08:00
Nate Brown 4e378fdb5b Add test for current bug in master, reduce log output in test 2019-12-18 11:06:51 -08:00
Nate Brown 99cac0da55 Remove println 2019-12-17 23:48:33 -08:00
Nate Brown c359a5cf71 Correct example config doc 2019-12-17 23:43:10 -08:00
Nate Brown 56657065e0 Fix ca* checks 2019-12-17 23:36:12 -08:00
Nathan Brown 8e6b72516b
Merge pull request #107 from slackhq/ca-ip
Support extra root assertions in `cert.Verify`
2019-12-17 19:09:52 -08:00
Nate Brown 328db6bb82 Root constraint usage and support in nebula-cert 2019-12-17 17:59:21 -08:00
Nate Brown 0dc9aafa14 Support root subnet asserts 2019-12-17 17:10:46 -08:00
Nate Brown 98d92ee4cf Support root IP assertions in cert.Verify 2019-12-17 17:06:13 -08:00
Wade Simmons 8b2ee5cf34
Merge pull request #99 from slackhq/update-deps-2019-12
Update dependencies, December 2019
2019-12-17 13:29:21 -05:00
Wade Simmons 3978664083
Merge pull request #100 from slackhq/smoke-test
Github Actions: Smoke test
2019-12-17 13:14:47 -05:00
Wade Simmons 0d1da7579e
Merge pull request #106 from slackhq/fix-listen-host
fix listen.host
2019-12-17 12:11:13 -05:00
Wade Simmons 5350b9ef6f fix listen.host
We were parsing listen.host, but not actually using it in the `bind`
call, so we were always binding to `0.0.0.0`.
2019-12-17 11:46:48 -05:00
Ryan Huber 2c8b0ec7b1
Merge pull request #105 from slackhq/fix_lighthouse_check
should be break not continue
2019-12-17 09:18:57 -06:00
Ryan Huber 5d0d916fc9 should be break not continue 2019-12-17 14:43:01 +00:00
Wade Simmons c321e40d24 generate the smoke config files 2019-12-17 08:38:59 -05:00
Wade Simmons 73c6d555b5 Github Actions: Smoke test
This change adds a new Github Action, a 3 node smoke test. It starts
three docker containers (one lighthouse and two standard nodes) and
tests that they can all ping each other. This should hopefully detect
any basic runtime failures in PRs.
2019-12-17 00:17:25 -05:00
Wade Simmons bdb442b970 Update dependencies, December 2019
Links to the diffs below, of note is this fix for `water` which might fix some
Windows issues:

- https://github.com/songgao/water/pull/70

*Direct Dependencies*

    Updated  github.com/golang/protobuf           https://github.com/golang/protobuf/compare/v1.3.1...v1.3.2
    Updated  github.com/imdario/mergo             https://github.com/imdario/mergo/compare/v0.3.7...v0.3.8
    Updated  github.com/miekg/dns                 https://github.com/miekg/dns/compare/v1.1.12...v1.1.25
    Updated  github.com/prometheus/client_golang  https://github.com/prometheus/client_golang/compare/v0.9.3...v1.2.1
    Updated  github.com/rcrowley/go-metrics       3113b8401b...cac0b30c25
    Updated  github.com/songgao/water             6ad6edefb1...fd331bda3f
    Updated  github.com/stretchr/testify          https://github.com/stretchr/testify/compare/v1.3.0...v1.4.0
    Updated  golang.org/x/crypto                  22d7a77e9e...e9b2fee464
    Updated  golang.org/x/net                     f3200d17e0...c0dbc17a35
    Updated  golang.org/x/sys                     dbbf3f1254...ac6580df44
    Updated  gopkg.in/yaml.v2                     v2.2.2...v2.2.7

*Indirect Dependencies*

    Updated  github.com/alecthomas/template      a0175ee3bc...fb15b899a7
    Updated  github.com/alecthomas/units         2efee857e7...c3de453c63
    Updated  github.com/beorn7/perks             https://github.com/beorn7/perks/compare/v1.0.0...v1.0.1
    Updated  github.com/cespare/xxhash           https://github.com/cespare/xxhash/compare/v1.1.0...v2.1.1
    Updated  github.com/go-kit/kit               https://github.com/go-kit/kit/compare/v0.8.0...v0.9.0
    Updated  github.com/pkg/errors               https://github.com/pkg/errors/compare/v0.8.0...v0.8.1
    Updated  github.com/prometheus/client_model  fd36f4220a...d1d2010b5b
    Updated  github.com/prometheus/common        https://github.com/prometheus/common/compare/v0.4.1...v0.7.0
    Updated  github.com/prometheus/procfs        https://github.com/prometheus/procfs/compare/a7aeb8df3389...v0.0.8
    Updated  github.com/vishvananda/netns        https://github.com/vishvananda/netns/compare/13995c7128cc...0a2b9b5464df
    Updated  golang.org/x/sync                   https://github.com/golang/sync/compare/112230192c58...cd5d95a43a6e
    Updated  golang.org/x/text                   https://github.com/golang/text/compare/v0.3.0...v0.3.2
    Added    github.com/google/go-cmp            https://github.com/google/go-cmp/tree/v0.3.1
    Added    github.com/google/gofuzz            https://github.com/google/gofuzz/tree/v1.0.0
    Added    github.com/json-iterator/go         https://github.com/json-iterator/go/tree/v1.1.7
    Added    github.com/modern-go/concurrent     https://github.com/modern-go/concurrent/tree/bacd9c7ef1dd
    Added    github.com/modern-go/reflect2       https://github.com/modern-go/reflect2/tree/v1.0.1
    Added    golang.org/x/tools                  https://github.com/golang/tools/tree/2ca718005c18
    Added    golang.org/x/xerrors                https://github.com/golang/xerrors/tree/a985d3407aa7
    Removed  github.com/OneOfOne/xxhash          https://github.com/OneOfOne/xxhash/tree/v1.2.2
    Removed  github.com/dgryski/go-sip13         https://github.com/dgryski/go-sip13/tree/e10d5fee7954
    Removed  github.com/oklog/ulid               https://github.com/oklog/ulid/tree/v1.3.1
    Removed  github.com/prometheus/tsdb          https://github.com/prometheus/tsdb/tree/v0.7.1
    Removed  github.com/spaolacci/murmur3        https://github.com/spaolacci/murmur3/tree/f09979ecbc72
2019-12-16 15:49:31 -05:00
Ryan Huber a680ac29f5
Merge pull request #98 from slackhq/warn_not_error
make this a warning, even though i believe it is fundamentally an error (in judgement)
2019-12-13 16:03:36 -06:00