673 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
Jay Wren	b7c3593edf	undo and cleanup	2026-01-15 16:54:10 -06:00
Jay Wren	4228ec01a3	batch encryption to reduce lock contention	2026-01-15 12:19:27 -05:00
Jay Wren	451b38b202	cleanup	2026-01-15 10:47:09 -05:00
Jay Wren	df37d5c18d	WIP?	2026-01-05 11:14:09 -05:00
Jay Wren	ada50e2ad5	handle virtio header in ctrl messages	2025-12-22 16:22:38 -05:00
Jay Wren	579e31e809	batch more writes	2025-12-22 16:15:07 -05:00
Jay Wren	3bc5f06ab1	write batching	2025-12-22 16:08:11 -05:00
Jay Wren	361da75d67	don't register metrics in loops	2025-12-22 15:56:47 -05:00
Jay Wren	8ca5ef96b8	zero copy even with virtioheder	2025-12-22 15:56:39 -05:00
Jay Wren	e5ab60fc35	preallocate nonce buffer	2025-12-22 15:53:44 -05:00
Jay Wren	849f756619	instruments	2025-12-22 15:53:40 -05:00
Jay Wren	21d1e71b5f	fix 32bit	2025-12-22 15:53:35 -05:00
Jay Wren	7cc84ab115	prealloc them buffers	2025-12-22 15:53:31 -05:00
Jay Wren	d75075fb70	write in batches	2025-12-22 15:53:26 -05:00
Jay Wren	08d3502613	reduce copying	2025-12-22 15:53:21 -05:00
Jay Wren	cd5da73e73	more nonblocking	2025-12-22 15:53:15 -05:00
Jay Wren	07d6516a43	hrm	2025-12-22 15:53:11 -05:00
Jay Wren	1d7a9d2384	just using the wg library works	2025-12-22 15:53:06 -05:00
Jay Wren	ba5a3e792c	only wg tun, no batching	2025-12-22 15:52:59 -05:00
Jack Doan	3ec527e42c	cert.MarshalSigningPublicKeyToPEM should emit the 'ECDSA' variant of the banner (#1552) ... * cert.MarshalSigningPublicKeyToPEM should emit the 'ECDSA' variant of the banner * oof owie ouch my tests	2025-12-10 10:39:36 -06:00
Nate Brown	2d16940232	Slight improvement to hot path benchmark, add a relay hot path benchmark (#1539)	2025-12-09 22:29:26 -06:00
dependabot[bot]	cba294ffa4	Bump actions/checkout from 5 to 6 (#1541) ... Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-09 22:25:48 -06:00
dependabot[bot]	48406f85da	Bump the golang-x-dependencies group with 3 updates (#1550) ... Bumps the golang-x-dependencies group with 3 updates: [golang.org/x/sync](https://github.com/golang/sync), [golang.org/x/sys](https://github.com/golang/sys) and [golang.org/x/term](https://github.com/golang/term). Updates `golang.org/x/sync` from 0.18.0 to 0.19.0 - [Commits](https://github.com/golang/sync/compare/v0.18.0...v0.19.0) Updates `golang.org/x/sys` from 0.38.0 to 0.39.0 - [Commits](https://github.com/golang/sys/compare/v0.38.0...v0.39.0) Updates `golang.org/x/term` from 0.37.0 to 0.38.0 - [Commits](https://github.com/golang/term/compare/v0.37.0...v0.38.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-version: 0.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies - dependency-name: golang.org/x/sys dependency-version: 0.39.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies - dependency-name: golang.org/x/term dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-09 22:19:53 -06:00
dependabot[bot]	14a1af132e	Bump Apple-Actions/import-codesign-certs from 5 to 6 (#1549) ... Bumps [Apple-Actions/import-codesign-certs](https://github.com/apple-actions/import-codesign-certs) from 5 to 6. - [Release notes](https://github.com/apple-actions/import-codesign-certs/releases) - [Commits](https://github.com/apple-actions/import-codesign-certs/compare/v5...v6) --- updated-dependencies: - dependency-name: Apple-Actions/import-codesign-certs dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-09 22:17:50 -06:00
Nate Brown	59e24b98bd	v1.10.0 (#1534) ... Update CHANGELOG for Nebula v1.10.0	2025-12-04 14:42:31 -05:00
Nate Brown	56067afca2	Stab at better logging when a relay is being used (#1533)	2025-12-03 17:48:29 -06:00
Nate Brown	64f202fa17	Make 0.0.0.0/0 and ::/0 not mean any address family, add any for that (#1538)	2025-11-21 13:46:36 -06:00
Jack Doan	6d7cf611c9	improve nebula-cert sign version auto-select (#1535)	2025-11-20 13:27:27 -06:00
Nate Brown	83ae8077f5	No need to clear counter 0 (#1537)	2025-11-20 13:22:58 -06:00
Bryan Lee	12cf348c80	feat: support via gateway for v6 multihop for v4 routes (#1521) ... Co-authored-by: Nate Brown <nbrown.us@gmail.com>	2025-11-19 22:21:03 -06:00
dependabot[bot]	a5ee928990	Bump golang.org/x/crypto in the golang-x-dependencies group (#1536) ... Bumps the golang-x-dependencies group with 1 update: [golang.org/x/crypto](https://github.com/golang/crypto). Updates `golang.org/x/crypto` from 0.44.0 to 0.45.0 - [Commits](https://github.com/golang/crypto/compare/v0.44.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-19 15:48:53 -06:00
Nate Brown	7aff313a17	Relax the restriction on routines from the config (#1531)	2025-11-19 13:10:11 -06:00
Jack Doan	297767b2e3	warn user if they configure a firewall rule that will allow way more traffic than you might expect (#1513) ... * warn user if they accidentally configure a firewall rule that will allow way more traffic than you might expect * add groups-contains-any warning	2025-11-19 11:06:34 -06:00
Nate Brown	99faab505c	Fix a potential bug with udp ipv4 only on darwin (#1532)	2025-11-19 09:56:58 -06:00
dependabot[bot]	584c2668b3	Bump golang.org/x/net in the golang-x-dependencies group (#1530) ... Bumps the golang-x-dependencies group with 1 update: [golang.org/x/net](https://github.com/golang/net). Updates `golang.org/x/net` from 0.46.0 to 0.47.0 - [Commits](https://github.com/golang/net/compare/v0.46.0...v0.47.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.47.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-18 21:25:03 -06:00
Wade Simmons	27ea667aee	add more tests around bits counters (#1441) ... Co-authored-by: Nate Brown <nbrown.us@gmail.com>	2025-11-18 16:42:21 -06:00
Hal Martin	4df8bcb1f5	nebula-cert: support reading CA passphrase from env (#1421) ... * nebula-cert: support reading CA passphrase from env This patch extends the `nebula-cert` command to support reading the CA passphrase from the environment variable `CA_PASSPHRASE`. Currently `nebula-cert` depends in an interactive session to obtain the CA passphrase. This presents a challenge for automation tools like ansible. With this change, ansible can store the CA passphrase in a vault and supply it to `nebula-cert` via the `CA_PASSPHRASE` environment variable for non-interactive signing. Signed-off-by: Hal Martin <1230969+halmartin@users.noreply.github.com> * name the variable NEBULA_CA_PASSPHRASE --------- Signed-off-by: Hal Martin <1230969+halmartin@users.noreply.github.com> Co-authored-by: JackDoan <me@jackdoan.com>	2025-11-17 14:41:08 -06:00
Wade Simmons	36c890eaad	populate default Build version if missing (#1386) ... * populate default Build version if missing Use the Go module information built into the binary if the Build var wasn't set during the build. This means if you install via a specific tag, you get: go install github.com/slackhq/nebula/cmd/nebula@v1.9.5 $ nebula -version Version: 1.9.5 And if you install master, you get: go install github.com/slackhq/nebula/cmd/nebula@master $ nebula -version Version: 1.9.5-0.20250408154034-18279ed17b10 * also default in the library * cleanup	2025-11-14 08:58:15 -05:00
dependabot[bot]	44001244f2	Bump github.com/gaissmai/bart from 0.25.0 to 0.26.0 (#1508) ... * Bump github.com/gaissmai/bart from 0.25.0 to 0.26.0 Bumps [github.com/gaissmai/bart](https://github.com/gaissmai/bart) from 0.25.0 to 0.26.0. - [Release notes](https://github.com/gaissmai/bart/releases) - [Commits](https://github.com/gaissmai/bart/compare/v0.25.0...v0.26.0) --- updated-dependencies: - dependency-name: github.com/gaissmai/bart dependency-version: 0.26.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix tests --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Wade Simmons <wsimmons@slack-corp.com>	2025-11-13 13:16:48 -05:00
Jack Doan	a89f95182c	Firewall types and cross-stack subnet stuff (#1509) ... * firewall can distinguish if the host connecting has an overlapping network, is a VPN peer without an overlapping network, or is a unsafe network * Cross stack subnet stuff (#1512) * experiment with not filtering out non-common addresses in hostinfo.networks * allow handshakes without overlaps * unsafe network test * change HostInfo.buildNetworks argument to reference the cert	2025-11-12 13:40:20 -06:00
dependabot[bot]	6a8a2992ff	Bump google.golang.org/protobuf in the protobuf-dependencies group (#1502) ... Bumps the protobuf-dependencies group with 1 update: google.golang.org/protobuf. Updates `google.golang.org/protobuf` from 1.36.8 to 1.36.10 --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-version: 1.36.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: protobuf-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-12 09:59:47 -06:00
dependabot[bot]	3d94dfe6a1	Bump the golang-x-dependencies group across 1 directory with 5 updates (#1526) ... Bumps the golang-x-dependencies group with 2 updates in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/sync](https://github.com/golang/sync). Updates `golang.org/x/crypto` from 0.43.0 to 0.44.0 - [Commits](https://github.com/golang/crypto/compare/v0.43.0...v0.44.0) Updates `golang.org/x/net` from 0.45.0 to 0.46.0 - [Commits](https://github.com/golang/net/compare/v0.45.0...v0.46.0) Updates `golang.org/x/sync` from 0.17.0 to 0.18.0 - [Commits](https://github.com/golang/sync/compare/v0.17.0...v0.18.0) Updates `golang.org/x/sys` from 0.37.0 to 0.38.0 - [Commits](https://github.com/golang/sys/compare/v0.37.0...v0.38.0) Updates `golang.org/x/term` from 0.36.0 to 0.37.0 - [Commits](https://github.com/golang/term/compare/v0.36.0...v0.37.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies - dependency-name: golang.org/x/net dependency-version: 0.46.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies - dependency-name: golang.org/x/sync dependency-version: 0.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies - dependency-name: golang.org/x/sys dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies - dependency-name: golang.org/x/term dependency-version: 0.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-12 09:55:34 -06:00
dependabot[bot]	3670e24fa0	Bump actions/checkout from 4 to 5 (#1450) ... Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-12 09:51:00 -06:00
dependabot[bot]	b348ee726e	Bump actions/download-artifact from 4 to 6 (#1516) ... Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 6. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v6) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-12 09:48:58 -06:00
dependabot[bot]	a941b65114	Bump actions/upload-artifact from 4 to 5 (#1515) ... Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-12 09:47:38 -06:00
dependabot[bot]	17101d425f	Bump golangci/golangci-lint-action from 8 to 9 (#1523) ... Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 8 to 9. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v8...v9) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-12 09:46:10 -06:00
Nate Brown	52f1908126	Don't log every blocklisted fingerprint (#1525)	2025-11-12 09:41:46 -06:00
Wade Simmons	48f1ae98ba	switch to go.yaml.in/yaml (#1478) ... The `gopkg.in/yaml.v3` library has been declared as Unmaintained: - https://github.com/go-yaml/yaml?tab=readme-ov-file#this-project-is-unmaintained The YAML org has taken over maintaining it and now publishes it as `go.yaml.in/yaml`: - https://github.com/yaml/go-yaml	2025-11-12 10:26:22 -05:00
Wade Simmons	97b3972c11	honor remote_allow_list in hole punch response (#1186) ... * honor remote_allow_ilst in hole punch response When we receive a "hole punch notification" from a Lighthouse, we send a hole punch packet to every remote of that host, even if we don't include those remotes in our "remote_allow_list". Change the logic here to check if the remote IP is in our allow list before sending the hole punch packet. * fix for netip * cleanup	2025-11-10 13:52:40 -05:00
Jack Doan	0f305d5397	don't block startup on failure to configure SSH (#1520)	2025-11-05 10:41:56 -06:00