starting refactor

.github/workflows/release.yml

@@ -20,7 +20,7 @@ on:
       - 'client/ui/**'
 
 env:
-  SIGN_PIPE_VER: "v0.0.10"
+  SIGN_PIPE_VER: "v0.0.9"
   GORELEASER_VER: "v1.14.1"
 
 concurrency:

.golangci.yaml

@@ -12,50 +12,6 @@ linters-settings:
     # Default: false
     check-type-assertions: false
 
-  gosec:
-    includes:
-      - G101 # Look for hard coded credentials
-      #- G102 # Bind to all interfaces
-      - G103 # Audit the use of unsafe block
-      - G104 # Audit errors not checked
-      - G106 # Audit the use of ssh.InsecureIgnoreHostKey
-      #- G107 # Url provided to HTTP request as taint input
-      - G108 # Profiling endpoint automatically exposed on /debug/pprof
-      - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32
-      - G110 # Potential DoS vulnerability via decompression bomb
-      - G111 # Potential directory traversal
-      #- G112 # Potential slowloris attack
-      - G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772)
-      #- G114 # Use of net/http serve function that has no support for setting timeouts
-      - G201 # SQL query construction using format string
-      - G202 # SQL query construction using string concatenation
-      - G203 # Use of unescaped data in HTML templates
-      #- G204 # Audit use of command execution
-      - G301 # Poor file permissions used when creating a directory
-      - G302 # Poor file permissions used with chmod
-      - G303 # Creating tempfile using a predictable path
-      - G304 # File path provided as taint input
-      - G305 # File traversal when extracting zip/tar archive
-      - G306 # Poor file permissions used when writing to a new file
-      - G307 # Poor file permissions used when creating a file with os.Create
-      #- G401 # Detect the usage of DES, RC4, MD5 or SHA1
-      #- G402 # Look for bad TLS connection settings
-      - G403 # Ensure minimum RSA key length of 2048 bits
-      #- G404 # Insecure random number source (rand)
-      #- G501 # Import blocklist: crypto/md5
-      - G502 # Import blocklist: crypto/des
-      - G503 # Import blocklist: crypto/rc4
-      - G504 # Import blocklist: net/http/cgi
-      #- G505 # Import blocklist: crypto/sha1
-      - G601 # Implicit memory aliasing of items from a range statement
-      - G602 # Slice access out of bounds
-
-  gocritic:
-    disabled-checks:
-      - commentFormatting
-      - captLocal
-      - deprecatedComment
-
   govet:
     # Enable all analyzers.
     # Default: false
@@ -86,8 +42,6 @@ linters:
     - dupword # dupword checks for duplicate words in the source code
     - durationcheck # durationcheck checks for two durations multiplied together
     - forbidigo # forbidigo forbids identifiers
-    - gocritic # provides diagnostics that check for bugs, performance and style issues
-    - gosec # inspects source code for security problems
     - mirror # mirror reports wrong mirror patterns of bytes/strings usage
     - misspell # misspess finds commonly misspelled English words in comments
     - nilerr # finds the code that returns nil even if it checks that the error is not nil
@@ -104,20 +58,19 @@ issues:
 
   exclude-rules:
     # allow fmt
-    - path: management/cmd/root\.go
+    - path: management/cmd/root.go
       linters: forbidigo
-    - path: signal/cmd/root\.go
+    - path: signal/cmd/root.go
       linters: forbidigo
-    - path: sharedsock/filter\.go
+    - path: sharedsock/filter.go
       linters:
       - unused
-    - path: client/firewall/iptables/rule\.go
+    - path: client/firewall/iptables/rule.go
       linters:
       - unused
-    - path: test\.go
+    - path: test.go
       linters:
       - mirror
-      - gosec
-    - path: mock\.go
+    - path: mock.go
       linters:
       - nilnil

client/cmd/login.go

@@ -85,7 +85,6 @@ var loginCmd = &cobra.Command{
 			PreSharedKey:         preSharedKey,
 			ManagementUrl:        managementURL,
 			IsLinuxDesktopClient: isLinuxRunningDesktop(),
-			Hostname:             hostName,
 		}
 
 		var loginErr error
@@ -115,7 +114,7 @@ var loginCmd = &cobra.Command{
 		if loginResp.NeedsSSOLogin {
 			openURL(cmd, loginResp.VerificationURIComplete, loginResp.UserCode)
 
-			_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode, Hostname: hostName})
+			_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode})
 			if err != nil {
 				return fmt.Errorf("waiting sso login failed with: %v", err)
 			}

client/cmd/status.go

@@ -234,7 +234,7 @@ func mapPeers(peers []*proto.PeerState) peersStateOutput {
 			continue
 		}
 		if isPeerConnected {
-			peersConnected++
+			peersConnected = peersConnected + 1
 
 			localICE = pbPeerState.GetLocalIceCandidateType()
 			remoteICE = pbPeerState.GetRemoteIceCandidateType()
@@ -407,7 +407,7 @@ func parsePeers(peers peersStateOutput) string {
 			peerState.LastStatusUpdate.Format("2006-01-02 15:04:05"),
 		)
 
-		peersString += peerString
+		peersString = peersString + peerString
 	}
 	return peersString
 }

client/cmd/up.go

@@ -149,7 +149,6 @@ func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {
 		CleanNATExternalIPs:  natExternalIPs != nil && len(natExternalIPs) == 0,
 		CustomDNSAddress:     customDNSAddressConverted,
 		IsLinuxDesktopClient: isLinuxRunningDesktop(),
-		Hostname:             hostName,
 	}
 
 	var loginErr error
@@ -180,7 +179,7 @@ func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {
 
 		openURL(cmd, loginResp.VerificationURIComplete, loginResp.UserCode)
 
-		_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode, Hostname: hostName})
+		_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode})
 		if err != nil {
 			return fmt.Errorf("waiting sso login failed with: %v", err)
 		}

client/firewall/iptables/manager_linux.go

@@ -463,16 +463,14 @@ func (m *Manager) actionToStr(action fw.Action) string {
 }
 
 func (m *Manager) transformIPsetName(ipsetName string, sPort, dPort string) string {
-	switch {
-	case ipsetName == "":
+	if ipsetName == "" {
 		return ""
-	case sPort != "" && dPort != "":
+	} else if sPort != "" && dPort != "" {
 		return ipsetName + "-sport-dport"
-	case sPort != "":
+	} else if sPort != "" {
 		return ipsetName + "-sport"
-	case dPort != "":
+	} else if dPort != "" {
 		return ipsetName + "-dport"
-	default:
-		return ipsetName
 	}
+	return ipsetName
 }

client/firewall/nftables/manager_linux.go

@@ -791,7 +791,7 @@ func (m *Manager) flushWithBackoff() (err error) {
 				return err
 			}
 			time.Sleep(backoffTime)
-			backoffTime *= 2
+			backoffTime = backoffTime * 2
 			continue
 		}
 		break

client/firewall/uspfilter/uspfilter.go

@@ -355,16 +355,14 @@ func (m *Manager) RemovePacketHook(hookID string) error {
 	for _, arr := range m.incomingRules {
 		for _, r := range arr {
 			if r.id == hookID {
-				rule := r
-				return m.DeleteRule(&rule)
+				return m.DeleteRule(&r)
 			}
 		}
 	}
 	for _, arr := range m.outgoingRules {
 		for _, r := range arr {
 			if r.id == hookID {
-				rule := r
-				return m.DeleteRule(&rule)
+				return m.DeleteRule(&r)
 			}
 		}
 	}

client/internal/acl/manager_test.go

@@ -189,33 +189,31 @@ func TestDefaultManagerSquashRules(t *testing.T) {
 	}
 
 	r := rules[0]
-	switch {
-	case r.PeerIP != "0.0.0.0":
+	if r.PeerIP != "0.0.0.0" {
 		t.Errorf("IP should be 0.0.0.0, got: %v", r.PeerIP)
 		return
-	case r.Direction != mgmProto.FirewallRule_IN:
+	} else if r.Direction != mgmProto.FirewallRule_IN {
 		t.Errorf("direction should be IN, got: %v", r.Direction)
 		return
-	case r.Protocol != mgmProto.FirewallRule_ALL:
+	} else if r.Protocol != mgmProto.FirewallRule_ALL {
 		t.Errorf("protocol should be ALL, got: %v", r.Protocol)
 		return
-	case r.Action != mgmProto.FirewallRule_ACCEPT:
+	} else if r.Action != mgmProto.FirewallRule_ACCEPT {
 		t.Errorf("action should be ACCEPT, got: %v", r.Action)
 		return
 	}
 
 	r = rules[1]
-	switch {
-	case r.PeerIP != "0.0.0.0":
+	if r.PeerIP != "0.0.0.0" {
 		t.Errorf("IP should be 0.0.0.0, got: %v", r.PeerIP)
 		return
-	case r.Direction != mgmProto.FirewallRule_OUT:
+	} else if r.Direction != mgmProto.FirewallRule_OUT {
 		t.Errorf("direction should be OUT, got: %v", r.Direction)
 		return
-	case r.Protocol != mgmProto.FirewallRule_ALL:
+	} else if r.Protocol != mgmProto.FirewallRule_ALL {
 		t.Errorf("protocol should be ALL, got: %v", r.Protocol)
 		return
-	case r.Action != mgmProto.FirewallRule_ACCEPT:
+	} else if r.Action != mgmProto.FirewallRule_ACCEPT {
 		t.Errorf("action should be ACCEPT, got: %v", r.Action)
 		return
 	}

client/internal/auth/device_flow.go

@@ -4,13 +4,12 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"github.com/netbirdio/netbird/client/internal"
 	"io"
 	"net/http"
 	"net/url"
 	"strings"
 	"time"
-
-	"github.com/netbirdio/netbird/client/internal"
 )
 
 // HostedGrantType grant type for device flow on Hosted
@@ -175,7 +174,7 @@ func (d *DeviceAuthorizationFlow) WaitToken(ctx context.Context, info AuthFlowIn
 				if tokenResponse.Error == "authorization_pending" {
 					continue
 				} else if tokenResponse.Error == "slow_down" {
-					interval += (3 * time.Second)
+					interval = interval + (3 * time.Second)
 					ticker.Reset(interval)
 					continue
 				}

client/internal/auth/oauth.go

@@ -92,15 +92,15 @@ func authenticateWithPKCEFlow(ctx context.Context, config *internal.Config) (OAu
 func authenticateWithDeviceCodeFlow(ctx context.Context, config *internal.Config) (OAuthFlow, error) {
 	deviceFlowInfo, err := internal.GetDeviceAuthorizationFlowInfo(ctx, config.PrivateKey, config.ManagementURL)
 	if err != nil {
-		switch s, ok := gstatus.FromError(err); {
-		case ok && s.Code() == codes.NotFound:
+		s, ok := gstatus.FromError(err)
+		if ok && s.Code() == codes.NotFound {
 			return nil, fmt.Errorf("no SSO provider returned from management. " +
 				"Please proceed with setting up this device using setup keys " +
 				"https://docs.netbird.io/how-to/register-machines-using-setup-keys")
-		case ok && s.Code() == codes.Unimplemented:
+		} else if ok && s.Code() == codes.Unimplemented {
 			return nil, fmt.Errorf("the management server, %s, does not support SSO providers, "+
 				"please update your server or use Setup Keys to login", config.ManagementURL)
-		default:
+		} else {
 			return nil, fmt.Errorf("getting device authorization flow info failed with error: %v", err)
 		}
 	}

client/internal/config.go

@@ -273,9 +273,9 @@ func parseURL(serviceName, serviceURL string) (*url.URL, error) {
 	if parsedMgmtURL.Port() == "" {
 		switch parsedMgmtURL.Scheme {
 		case "https":
-			parsedMgmtURL.Host += ":443"
+			parsedMgmtURL.Host = parsedMgmtURL.Host + ":443"
 		case "http":
-			parsedMgmtURL.Host += ":80"
+			parsedMgmtURL.Host = parsedMgmtURL.Host + ":80"
 		default:
 			log.Infof("unable to determine a default port for schema %s in URL %s", parsedMgmtURL.Scheme, serviceURL)
 		}

client/internal/connect.go

@@ -43,16 +43,6 @@ func RunClientMobile(ctx context.Context, config *Config, statusRecorder *peer.S
 	return runClient(ctx, config, statusRecorder, mobileDependency)
 }
 
-func RunClientiOS(ctx context.Context, config *Config, statusRecorder *peer.Status, fileDescriptor int32, networkChangeListener listener.NetworkChangeListener, dnsManager dns.IosDnsManager, interfaceName string) error {
-	mobileDependency := MobileDependency{
-		FileDescriptor:        fileDescriptor,
-		InterfaceName:         interfaceName,
-		NetworkChangeListener: networkChangeListener,
-		DnsManager:            dnsManager,
-	}
-	return runClient(ctx, config, statusRecorder, mobileDependency)
-}
-
 func runClient(ctx context.Context, config *Config, statusRecorder *peer.Status, mobileDependency MobileDependency) error {
 	log.Infof("starting NetBird client version %s", version.NetbirdVersion())
 

client/internal/dns/host.go

@@ -61,7 +61,7 @@ func newNoopHostMocker() hostManager {
 	}
 }
 
-func dnsConfigTohostDNSConfig(dnsConfig nbdns.Config, ip string, port int) hostDNSConfig {
+func dnsConfigToHostDNSConfig(dnsConfig nbdns.Config, ip string, port int) hostDNSConfig {
 	config := hostDNSConfig{
 		routeAll:   false,
 		serverIP:   ip,

client/internal/dns/host_android.go

@@ -3,7 +3,7 @@ package dns
 type androidHostManager struct {
 }
 
-func newHostManager() (hostManager, error) {
+func newHostManager(wgInterface WGIface) (hostManager, error) {
 	return &androidHostManager{}, nil
 }
 

client/internal/dns/host_darwin.go

@@ -1,5 +1,3 @@
-//go:build !ios
-
 package dns
 
 import (
@@ -34,7 +32,7 @@ type systemConfigurator struct {
 	createdKeys      map[string]struct{}
 }
 
-func newHostManager() (hostManager, error) {
+func newHostManager(_ WGIface) (hostManager, error) {
 	return &systemConfigurator{
 		createdKeys: make(map[string]struct{}),
 	}, nil

client/internal/dns/host_ios.go

@@ -1,45 +0,0 @@
-package dns
-
-import (
-	"strconv"
-	"strings"
-)
-
-type iosHostManager struct {
-	dnsManager IosDnsManager
-	config     hostDNSConfig
-}
-
-func newHostManager(dnsManager IosDnsManager) (hostManager, error) {
-	return &iosHostManager{
-		dnsManager: dnsManager,
-	}, nil
-}
-
-func (a iosHostManager) applyDNSConfig(config hostDNSConfig) error {
-	var configAsString []string
-	configAsString = append(configAsString, config.serverIP)
-	configAsString = append(configAsString, strconv.Itoa(config.serverPort))
-	configAsString = append(configAsString, strconv.FormatBool(config.routeAll))
-	var domainConfigAsString []string
-	for _, domain := range config.domains {
-		var domainAsString []string
-		domainAsString = append(domainAsString, strconv.FormatBool(domain.disabled))
-		domainAsString = append(domainAsString, domain.domain)
-		domainAsString = append(domainAsString, strconv.FormatBool(domain.matchOnly))
-		domainConfigAsString = append(domainConfigAsString, strings.Join(domainAsString, "|"))
-	}
-	domainConfig := strings.Join(domainConfigAsString, ";")
-	configAsString = append(configAsString, domainConfig)
-	outputString := strings.Join(configAsString, ",")
-	a.dnsManager.ApplyDns(outputString)
-	return nil
-}
-
-func (a iosHostManager) restoreHostDNS() error {
-	return nil
-}
-
-func (a iosHostManager) supportCustomPort() bool {
-	return false
-}

client/internal/dns/mockServer.go

@@ -14,7 +14,7 @@ type MockServer struct {
 }
 
 // Initialize mock implementation of Initialize from Server interface
-func (m *MockServer) Initialize(manager IosDnsManager) error {
+func (m *MockServer) Initialize() error {
 	if m.InitializeFunc != nil {
 		return m.InitializeFunc()
 	}
@@ -33,7 +33,7 @@ func (m *MockServer) DnsIP() string {
 }
 
 func (m *MockServer) OnUpdatedHostDNSServer(strings []string) {
-	// TODO implement me
+	//TODO implement me
 	panic("implement me")
 }
 

client/internal/dns/network_manager_linux.go

@@ -7,14 +7,13 @@ import (
 	"encoding/binary"
 	"fmt"
 	"net/netip"
+	"regexp"
 	"time"
 
 	"github.com/godbus/dbus/v5"
 	"github.com/hashicorp/go-version"
 	"github.com/miekg/dns"
 	log "github.com/sirupsen/logrus"
-
-	nbversion "github.com/netbirdio/netbird/version"
 )
 
 const (
@@ -123,7 +122,7 @@ func (n *networkManagerDbusConfigurator) applyDNSConfig(config hostDNSConfig) er
 		searchDomains = append(searchDomains, dns.Fqdn(dConf.domain))
 	}
 
-	newDomainList := append(searchDomains, matchDomains...) //nolint:gocritic
+	newDomainList := append(searchDomains, matchDomains...)
 
 	priority := networkManagerDbusSearchDomainOnlyPriority
 	switch {
@@ -290,7 +289,12 @@ func isNetworkManagerSupportedVersion() bool {
 }
 
 func parseVersion(inputVersion string) (*version.Version, error) {
-	if inputVersion == "" || !nbversion.SemverRegexp.MatchString(inputVersion) {
+	reg, err := regexp.Compile(version.SemverRegexpRaw)
+	if err != nil {
+		return nil, err
+	}
+
+	if inputVersion == "" || !reg.MatchString(inputVersion) {
 		return nil, fmt.Errorf("couldn't parse the provided version: Not SemVer")
 	}
 

client/internal/dns/notifier.go

@@ -52,6 +52,6 @@ func (n *notifier) notify() {
 	}
 
 	go func(l listener.NetworkChangeListener) {
-		l.OnNetworkChanged("")
+		l.OnNetworkChanged()
 	}(n.listener)
 }

client/internal/dns/server.go

@@ -19,14 +19,9 @@ type ReadyListener interface {
 	OnReady()
 }
 
-// IosDnsManager is a dns manager interface for iosß
-type IosDnsManager interface {
-	ApplyDns(string)
-}
-
 // Server is a dns server interface
 type Server interface {
-	Initialize(manager IosDnsManager) error
+	Initialize() error
 	Stop()
 	DnsIP() string
 	UpdateDNSServer(serial uint64, update nbdns.Config) error
@@ -55,9 +50,6 @@ type DefaultServer struct {
 	hostsDnsList     []string
 	hostsDnsListLock sync.Mutex
 
-	interfaceName string
-	wgAddr        string
-
 	// make sense on mobile only
 	searchDomainNotifier *notifier
 }
@@ -73,7 +65,7 @@ type muxUpdate struct {
 }
 
 // NewDefaultServer returns a new dns server
-func NewDefaultServer(ctx context.Context, wgInterface WGIface, customAddress string, interfaceName string, wgAddr string) (*DefaultServer, error) {
+func NewDefaultServer(ctx context.Context, wgInterface WGIface, customAddress string) (*DefaultServer, error) {
 	var addrPort *netip.AddrPort
 	if customAddress != "" {
 		parsedAddrPort, err := netip.ParseAddrPort(customAddress)
@@ -90,24 +82,24 @@ func NewDefaultServer(ctx context.Context, wgInterface WGIface, customAddress st
 		dnsService = newServiceViaListener(wgInterface, addrPort)
 	}
 
-	return newDefaultServer(ctx, wgInterface, dnsService, interfaceName, wgAddr), nil
+	return newDefaultServer(ctx, wgInterface, dnsService), nil
 }
 
 // NewDefaultServerPermanentUpstream returns a new dns server. It optimized for mobile systems
 func NewDefaultServerPermanentUpstream(ctx context.Context, wgInterface WGIface, hostsDnsList []string, config nbdns.Config, listener listener.NetworkChangeListener) *DefaultServer {
 	log.Debugf("host dns address list is: %v", hostsDnsList)
-	ds := newDefaultServer(ctx, wgInterface, newServiceViaMemory(wgInterface), "", "")
+	ds := newDefaultServer(ctx, wgInterface, newServiceViaMemory(wgInterface))
 	ds.permanent = true
 	ds.hostsDnsList = hostsDnsList
 	ds.addHostRootZone()
-	ds.currentConfig = dnsConfigTohostDNSConfig(config, ds.service.RuntimeIP(), ds.service.RuntimePort())
+	ds.currentConfig = dnsConfigToHostDNSConfig(config, ds.service.RuntimeIP(), ds.service.RuntimePort())
 	ds.searchDomainNotifier = newNotifier(ds.SearchDomains())
 	ds.searchDomainNotifier.setListener(listener)
 	setServerDns(ds)
 	return ds
 }
 
-func newDefaultServer(ctx context.Context, wgInterface WGIface, dnsService service, interfaceName string, wgAddr string) *DefaultServer {
+func newDefaultServer(ctx context.Context, wgInterface WGIface, dnsService service) *DefaultServer {
 	ctx, stop := context.WithCancel(ctx)
 	defaultServer := &DefaultServer{
 		ctx:       ctx,
@@ -117,9 +109,7 @@ func newDefaultServer(ctx context.Context, wgInterface WGIface, dnsService servi
 		localResolver: &localResolver{
 			registeredMap: make(registrationMap),
 		},
-		wgInterface:   wgInterface,
-		interfaceName: interfaceName,
-		wgAddr:        wgAddr,
+		wgInterface: wgInterface,
 	}
 
 	return defaultServer
@@ -134,8 +124,15 @@ func (s *DefaultServer) Initialize() (err error) {
 		return nil
 	}
 
-	s.hostManager, err = s.initialize()
-	return err
+	if s.permanent {
+		err = s.service.Listen()
+		if err != nil {
+			return err
+		}
+	}
+
+	s.hostManager, err = newHostManager(s.wgInterface)
+	return
 }
 
 // DnsIP returns the DNS resolver server IP address
@@ -255,11 +252,11 @@ func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
 	if err != nil {
 		return fmt.Errorf("not applying dns update, error: %v", err)
 	}
-	muxUpdates := append(localMuxUpdates, upstreamMuxUpdates...) //nolint:gocritic
+	muxUpdates := append(localMuxUpdates, upstreamMuxUpdates...)
 
 	s.updateMux(muxUpdates)
 	s.updateLocalResolver(localRecords)
-	s.currentConfig = dnsConfigTohostDNSConfig(update, s.service.RuntimeIP(), s.service.RuntimePort())
+	s.currentConfig = dnsConfigToHostDNSConfig(update, s.service.RuntimeIP(), s.service.RuntimePort())
 
 	hostUpdate := s.currentConfig
 	if s.service.RuntimePort() != defaultPort && !s.hostManager.supportCustomPort() {
@@ -315,7 +312,7 @@ func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.Nam
 			continue
 		}
 
-		handler := newUpstreamResolver(s.ctx, s.interfaceName, s.wgAddr)
+		handler := newUpstreamResolver(s.ctx)
 		for _, ns := range nsGroup.NameServers {
 			if ns.NSType != nbdns.UDPNameServerType {
 				log.Warnf("skipping nameserver %s with type %s, this peer supports only %s",
@@ -488,21 +485,10 @@ func (s *DefaultServer) upstreamCallbacks(
 }
 
 func (s *DefaultServer) addHostRootZone() {
-	handler := newUpstreamResolver(s.ctx, s.interfaceName, s.wgAddr)
+	handler := newUpstreamResolver(s.ctx)
 	handler.upstreamServers = make([]string, len(s.hostsDnsList))
 	for n, ua := range s.hostsDnsList {
-		a, err := netip.ParseAddr(ua)
-		if err != nil {
-			log.Errorf("invalid upstream IP address: %s, error: %s", ua, err)
-			continue
-		}
-
-		ipString := ua
-		if !a.Is4() {
-			ipString = fmt.Sprintf("[%s]", ua)
-		}
-
-		handler.upstreamServers[n] = fmt.Sprintf("%s:53", ipString)
+		handler.upstreamServers[n] = fmt.Sprintf("%s:53", ua)
 	}
 	handler.deactivate = func() {}
 	handler.reactivate = func() {}

client/internal/dns/server_android.go

@@ -1,10 +0,0 @@
-package dns
-
-func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	err = s.service.Listen()
-	if err != nil {
-		return err
-	}
-
-	return newHostManager()
-}

client/internal/dns/server_darwin.go

@@ -1,5 +0,0 @@
-package dns
-
-func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	return newHostManager()
-}

client/internal/dns/server_ios.go

@@ -1,6 +0,0 @@
-package dns
-
-func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	// todo add ioDnsManager to constuctor
-	return newHostManager(m.ioDnsManager)
-}

client/internal/dns/server_linux.go

@@ -1,5 +0,0 @@
-package dns
-
-func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	return newHostManager(s.wgInterface)
-}

client/internal/dns/server_test.go

@@ -268,11 +268,11 @@ func TestUpdateDNSServer(t *testing.T) {
 					t.Log(err)
 				}
 			}()
-			dnsServer, err := NewDefaultServer(context.Background(), wgIface, "", "", "")
+			dnsServer, err := NewDefaultServer(context.Background(), wgIface, "")
 			if err != nil {
 				t.Fatal(err)
 			}
-			err = dnsServer.Initialize(nil)
+			err = dnsServer.Initialize()
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -368,13 +368,13 @@ func TestDNSFakeResolverHandleUpdates(t *testing.T) {
 		return
 	}
 
-	dnsServer, err := NewDefaultServer(context.Background(), wgIface, "", "", "")
+	dnsServer, err := NewDefaultServer(context.Background(), wgIface, "")
 	if err != nil {
 		t.Errorf("create DNS server: %v", err)
 		return
 	}
 
-	err = dnsServer.Initialize(nil)
+	err = dnsServer.Initialize()
 	if err != nil {
 		t.Errorf("run DNS server: %v", err)
 		return
@@ -463,7 +463,7 @@ func TestDNSServerStartStop(t *testing.T) {
 
 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			dnsServer, err := NewDefaultServer(context.Background(), &mocWGIface{}, testCase.addrPort, "", "")
+			dnsServer, err := NewDefaultServer(context.Background(), &mocWGIface{}, testCase.addrPort)
 			if err != nil {
 				t.Fatalf("%v", err)
 			}
@@ -595,7 +595,7 @@ func TestDNSPermanent_updateHostDNS_emptyUpstream(t *testing.T) {
 	var dnsList []string
 	dnsConfig := nbdns.Config{}
 	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, dnsList, dnsConfig, nil)
-	err = dnsServer.Initialize(nil)
+	err = dnsServer.Initialize()
 	if err != nil {
 		t.Errorf("failed to initialize DNS server: %v", err)
 		return
@@ -619,7 +619,7 @@ func TestDNSPermanent_updateUpstream(t *testing.T) {
 	defer wgIFace.Close()
 	dnsConfig := nbdns.Config{}
 	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, []string{"8.8.8.8"}, dnsConfig, nil)
-	err = dnsServer.Initialize(nil)
+	err = dnsServer.Initialize()
 	if err != nil {
 		t.Errorf("failed to initialize DNS server: %v", err)
 		return
@@ -711,7 +711,7 @@ func TestDNSPermanent_matchOnly(t *testing.T) {
 	defer wgIFace.Close()
 	dnsConfig := nbdns.Config{}
 	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, []string{"8.8.8.8"}, dnsConfig, nil)
-	err = dnsServer.Initialize(nil)
+	err = dnsServer.Initialize()
 	if err != nil {
 		t.Errorf("failed to initialize DNS server: %v", err)
 		return

client/internal/dns/server_windows.go

@@ -1,5 +0,0 @@
-package dns
-
-func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	return newHostManager(s.wgInterface)
-}

client/internal/dns/upstream.go

@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"net"
-	"runtime"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -36,50 +35,20 @@ type upstreamResolver struct {
 	mutex            sync.Mutex
 	reactivatePeriod time.Duration
 	upstreamTimeout  time.Duration
-	lIP              net.IP
-	lNet             *net.IPNet
-	lName            string
-	iIndex           int
 
 	deactivate func()
 	reactivate func()
 }
 
-func getInterfaceIndex(interfaceName string) (int, error) {
-	iface, err := net.InterfaceByName(interfaceName)
-	if err != nil {
-		log.Errorf("unable to get interface by name error: %s", err)
-		return 0, err
-	}
-
-	return iface.Index, nil
-}
-
-func newUpstreamResolver(parentCTX context.Context, interfaceName string, wgAddr string) *upstreamResolver {
+func newUpstreamResolver(parentCTX context.Context) *upstreamResolver {
 	ctx, cancel := context.WithCancel(parentCTX)
-
-	// Specify the local IP address you want to bind to
-	localIP, localNet, err := net.ParseCIDR(wgAddr) // Should be our interface IP
-	if err != nil {
-		log.Errorf("error while parsing CIDR: %s", err)
-	}
-	index, err := getInterfaceIndex(interfaceName)
-
-	if err != nil {
-		log.Debugf("unable to get interface index for %s: %s", interfaceName, err)
-	}
-	localIFaceIndex := index // Should be our interface index
-
 	return &upstreamResolver{
 		ctx:              ctx,
 		cancel:           cancel,
+		upstreamClient:   &dns.Client{},
 		upstreamTimeout:  upstreamTimeout,
 		reactivatePeriod: reactivatePeriod,
 		failsTillDeact:   failsTillDeact,
-		lIP:              localIP,
-		lNet:             localNet,
-		iIndex:           localIFaceIndex,
-		lName:            interfaceName,
 	}
 }
 
@@ -101,57 +70,26 @@ func (u *upstreamResolver) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 	}
 
 	for _, upstream := range u.upstreamServers {
-		var (
-			exchangeErr error
-			t           time.Duration
-			rm          *dns.Msg
-		)
+		ctx, cancel := context.WithTimeout(u.ctx, u.upstreamTimeout)
+		rm, t, err := u.upstreamClient.ExchangeContext(ctx, r, upstream)
 
-		upstreamExchangeClient := &dns.Client{}
-		if runtime.GOOS != "ios" {
-			ctx, cancel := context.WithTimeout(u.ctx, u.upstreamTimeout)
-			rm, t, exchangeErr = upstreamExchangeClient.ExchangeContext(ctx, r, upstream)
-			cancel()
-		} else {
-			upstreamHost, _, err := net.SplitHostPort(upstream)
-			if err != nil {
-				log.Errorf("error while parsing upstream host: %s", err)
-				return
-			}
-			upstreamIP := net.ParseIP(upstreamHost)
-			if u.lNet.Contains(upstreamIP) || net.IP.IsPrivate(upstreamIP) {
-				upstreamExchangeClient = u.getClientPrivate()
-			}
-			rm, t, exchangeErr = upstreamExchangeClient.Exchange(r, upstream)
-		}
+		cancel()
 
-		if exchangeErr != nil {
-			if exchangeErr == context.DeadlineExceeded || isTimeout(exchangeErr) {
-				log.WithError(exchangeErr).WithField("upstream", upstream).
+		if err != nil {
+			if err == context.DeadlineExceeded || isTimeout(err) {
+				log.WithError(err).WithField("upstream", upstream).
 					Warn("got an error while connecting to upstream")
 				continue
 			}
 			u.failsCount.Add(1)
-			log.WithError(exchangeErr).WithField("upstream", upstream).
-				Error("got other error while querying the upstream")
-			return
-		}
-
-		if rm == nil {
-			log.WithError(exchangeErr).WithField("upstream", upstream).
-				Warn("no response from upstream")
-			return
-		}
-		// those checks need to be independent of each other due to memory address issues
-		if !rm.Response {
-			log.WithError(exchangeErr).WithField("upstream", upstream).
-				Warn("no response from upstream")
+			log.WithError(err).WithField("upstream", upstream).
+				Error("got an error while querying the upstream")
 			return
 		}
 
 		log.Tracef("took %s to query the upstream %s", t, upstream)
 
-		err := w.WriteMsg(rm)
+		err = w.WriteMsg(rm)
 		if err != nil {
 			log.WithError(err).Error("got an error while writing the upstream resolver response")
 		}
@@ -180,7 +118,6 @@ func (u *upstreamResolver) checkUpstreamFails() {
 	case <-u.ctx.Done():
 		return
 	default:
-		// todo test the deactivation logic, it seems to affect the client
 		log.Warnf("upstream resolving is disabled for %v", reactivatePeriod)
 		u.deactivate()
 		u.disabled = true

client/internal/dns/upstream_ios.go

@@ -1,44 +0,0 @@
-//go:build ios
-
-package dns
-
-import (
-	"net"
-	"syscall"
-
-	"github.com/miekg/dns"
-	log "github.com/sirupsen/logrus"
-	"golang.org/x/sys/unix"
-)
-
-// getClientPrivate returns a new DNS client bound to the local IP address of the Netbird interface
-// This method is needed for iOS
-func (u *upstreamResolver) getClientPrivate() *dns.Client {
-	dialer := &net.Dialer{
-		LocalAddr: &net.UDPAddr{
-			IP:   u.lIP,
-			Port: 0, // Let the OS pick a free port
-		},
-		Timeout: upstreamTimeout,
-		Control: func(network, address string, c syscall.RawConn) error {
-			var operr error
-			fn := func(s uintptr) {
-				operr = unix.SetsockoptInt(int(s), unix.IPPROTO_IP, unix.IP_BOUND_IF, u.iIndex)
-			}
-
-			if err := c.Control(fn); err != nil {
-				return err
-			}
-
-			if operr != nil {
-				log.Errorf("error while setting socket option: %s", operr)
-			}
-
-			return operr
-		},
-	}
-	client := &dns.Client{
-		Dialer: dialer,
-	}
-	return client
-}

client/internal/dns/upstream_nonios.go

@@ -1,19 +0,0 @@
-//go:build !ios
-
-package dns
-
-import (
-	"net"
-
-	"github.com/miekg/dns"
-)
-
-// getClientPrivate returns a new DNS client bound to the local IP address of the Netbird interface
-// This method is needed for iOS
-func (u *upstreamResolver) getClientPrivate() *dns.Client {
-	dialer := &net.Dialer{}
-	client := &dns.Client{
-		Dialer: dialer,
-	}
-	return client
-}

client/internal/dns/upstream_test.go

@@ -49,15 +49,15 @@ func TestUpstreamResolver_ServeDNS(t *testing.T) {
 			timeout:             upstreamTimeout,
 			responseShouldBeNil: true,
 		},
-		// {
+		//{
 		//	name:        "Should Resolve CNAME Record",
 		//	inputMSG:    new(dns.Msg).SetQuestion("one.one.one.one", dns.TypeCNAME),
-		// },
-		// {
+		//},
+		//{
 		//	name:                "Should Not Write When Not Found A Record",
 		//	inputMSG:            new(dns.Msg).SetQuestion("not.found.com", dns.TypeA),
 		//	responseShouldBeNil: true,
-		// },
+		//},
 	}
 	// should resolve if first upstream times out
 	// should not write when both fails
@@ -66,7 +66,7 @@ func TestUpstreamResolver_ServeDNS(t *testing.T) {
 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
 			ctx, cancel := context.WithCancel(context.TODO())
-			resolver := newUpstreamResolver(ctx, "", "")
+			resolver := newUpstreamResolver(ctx)
 			resolver.upstreamServers = testCase.InputServers
 			resolver.upstreamTimeout = testCase.timeout
 			if testCase.cancelCTX {

client/internal/ebpf/ebpf/manager_linux.go

@@ -50,7 +50,7 @@ func GetEbpfManagerInstance() manager.Manager {
 }
 
 func (tf *GeneralManager) setFeatureFlag(feature uint16) {
-	tf.featureFlags |= feature
+	tf.featureFlags = tf.featureFlags | feature
 }
 
 func (tf *GeneralManager) loadXdp() error {

client/internal/engine.go

@@ -204,28 +204,27 @@ func (e *Engine) Start() error {
 			e.dnsServer = dns.NewDefaultServerPermanentUpstream(e.ctx, e.wgInterface, e.mobileDep.HostDNSAddresses, *dnsConfig, e.mobileDep.NetworkChangeListener)
 			go e.mobileDep.DnsReadyListener.OnReady()
 		}
-	} else if e.dnsServer == nil {
-		e.dnsServer, err = dns.NewDefaultServer(e.ctx, e.wgInterface, e.config.CustomDNSAddress, e.mobileDep.InterfaceName, wgAddr)
-		if err != nil {
-			e.close()
-			return err
+	} else {
+		// todo fix custom address
+		if e.dnsServer == nil {
+			e.dnsServer, err = dns.NewDefaultServer(e.ctx, e.wgInterface, e.config.CustomDNSAddress)
+			if err != nil {
+				e.close()
+				return err
+			}
 		}
 	}
 
 	e.routeManager = routemanager.NewManager(e.ctx, e.config.WgPrivateKey.PublicKey().String(), e.wgInterface, e.statusRecorder, routes)
 	e.routeManager.SetRouteChangeListener(e.mobileDep.NetworkChangeListener)
 
-	switch runtime.GOOS {
-	case "android":
-		err = e.wgInterface.CreateOnAndroid(iface.MobileIFaceArguments{
+	if runtime.GOOS == "android" {
+		err = e.wgInterface.CreateOnMobile(iface.MobileIFaceArguments{
 			Routes:        e.routeManager.InitialRouteRange(),
 			Dns:           e.dnsServer.DnsIP(),
 			SearchDomains: e.dnsServer.SearchDomains(),
 		})
-	case "ios":
-		e.mobileDep.NetworkChangeListener.SetInterfaceIP(wgAddr)
-		err = e.wgInterface.CreateOniOS(e.mobileDep.FileDescriptor)
-	default:
+	} else {
 		err = e.wgInterface.Create()
 	}
 	if err != nil {
@@ -267,11 +266,7 @@ func (e *Engine) Start() error {
 		e.acl = acl
 	}
 
-	if runtime.GOOS == "ios" {
-		err = e.dnsServer.Initialize(e.mobileDep.DnsManager)
-	} else {
-		err = e.dnsServer.Initialize(nil)
-	}
+	err = e.dnsServer.Initialize()
 	if err != nil {
 		e.close()
 		return err
@@ -473,7 +468,7 @@ func (e *Engine) updateSSH(sshConf *mgmProto.SSHConfig) error {
 		}
 		// start SSH server if it wasn't running
 		if isNil(e.sshServer) {
-			// nil sshServer means it has not yet been started
+			//nil sshServer means it has not yet been started
 			var err error
 			e.sshServer, err = e.sshServerFunc(e.config.SSHKey,
 				fmt.Sprintf("%s:%d", e.wgInterface.Address().IP.String(), nbssh.DefaultSSHPort))
@@ -495,13 +490,15 @@ func (e *Engine) updateSSH(sshConf *mgmProto.SSHConfig) error {
 		} else {
 			log.Debugf("SSH server is already running")
 		}
-	} else if !isNil(e.sshServer) {
+	} else {
 		// Disable SSH server request, so stop it if it was running
-		err := e.sshServer.Stop()
-		if err != nil {
-			log.Warnf("failed to stop SSH server %v", err)
+		if !isNil(e.sshServer) {
+			err := e.sshServer.Stop()
+			if err != nil {
+				log.Warnf("failed to stop SSH server %v", err)
+			}
+			e.sshServer = nil
 		}
-		e.sshServer = nil
 	}
 	return nil
 }

client/internal/engine_test.go

@@ -869,7 +869,7 @@ loop:
 		case <-ticker.C:
 			totalConnected := 0
 			for _, engine := range engines {
-				totalConnected += getConnectedPeers(engine)
+				totalConnected = totalConnected + getConnectedPeers(engine)
 			}
 			if totalConnected == expectedConnected {
 				log.Infof("total connected=%d", totalConnected)

client/internal/listener/network_change.go

@@ -3,6 +3,5 @@ package listener
 // NetworkChangeListener is a callback interface for mobile system
 type NetworkChangeListener interface {
 	// OnNetworkChanged invoke when network settings has been changed
-	OnNetworkChanged(string)
-	SetInterfaceIP(string)
+	OnNetworkChanged()
 }

client/internal/mobile_dependency.go

@@ -14,7 +14,4 @@ type MobileDependency struct {
 	NetworkChangeListener listener.NetworkChangeListener
 	HostDNSAddresses      []string
 	DnsReadyListener      dns.ReadyListener
-	DnsManager            dns.IosDnsManager
-	FileDescriptor        int32
-	InterfaceName         string
 }

client/internal/peer/conn.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"net"
-	"runtime"
 	"strings"
 	"sync"
 	"time"
@@ -226,10 +225,6 @@ func (conn *Conn) candidateTypes() []ice.CandidateType {
 	if hasICEForceRelayConn() {
 		return []ice.CandidateType{ice.CandidateTypeRelay}
 	}
-	// TODO: remove this once we have refactored userspace proxy into the bind package
-	if runtime.GOOS == "ios" {
-		return []ice.CandidateType{ice.CandidateTypeHost, ice.CandidateTypeServerReflexive}
-	}
 	return []ice.CandidateType{ice.CandidateTypeHost, ice.CandidateTypeServerReflexive, ice.CandidateTypeRelay}
 }
 
@@ -469,7 +464,7 @@ func (conn *Conn) cleanup() error {
 	err := conn.statusRecorder.UpdatePeerState(peerState)
 	if err != nil {
 		// pretty common error because by that time Engine can already remove the peer and status won't be available.
-		// todo rethink status updates
+		//todo rethink status updates
 		log.Debugf("error while updating peer's %s state, err: %v", conn.config.Key, err)
 	}
 

client/internal/routemanager/client.go

@@ -12,8 +12,6 @@ import (
 	"github.com/netbirdio/netbird/route"
 )
 
-const minRangeBits = 7
-
 type routerPeerStatus struct {
 	connected bool
 	relayed   bool

client/internal/routemanager/firewall_ios.go

@@ -1,31 +0,0 @@
-//go:build ios
-
-package routemanager
-
-import (
-	"context"
-)
-
-// newFirewall returns a nil manager
-func newFirewall(context.Context) (firewallManager, error) {
-	return iOSFirewallManager{}, nil
-}
-
-type iOSFirewallManager struct {
-}
-
-func (i iOSFirewallManager) RestoreOrCreateContainers() error {
-	return nil
-}
-
-func (i iOSFirewallManager) InsertRoutingRules(pair routerPair) error {
-	return nil
-}
-
-func (i iOSFirewallManager) RemoveRoutingRules(pair routerPair) error {
-	return nil
-}
-
-func (i iOSFirewallManager) CleanRoutingRules() {
-	return
-}

client/internal/routemanager/firewall_nonlinux.go

@@ -1,5 +1,5 @@
-//go:build !linux && !ios
-// +build !linux,!ios
+//go:build !linux
+// +build !linux
 
 package routemanager
 

client/internal/routemanager/iptables_linux.go

@@ -173,7 +173,7 @@ func (i *iptablesManager) addJumpRules() error {
 		return err
 	}
 	if i.ipv4Client != nil {
-		rule := append(iptablesDefaultForwardingRule, ipv4Forwarding) //nolint:gocritic
+		rule := append(iptablesDefaultForwardingRule, ipv4Forwarding)
 
 		err = i.ipv4Client.Insert(iptablesFilterTable, iptablesForwardChain, 1, rule...)
 		if err != nil {
@@ -181,7 +181,7 @@ func (i *iptablesManager) addJumpRules() error {
 		}
 		i.rules[ipv4][ipv4Forwarding] = rule
 
-		rule = append(iptablesDefaultNatRule, ipv4Nat) //nolint:gocritic
+		rule = append(iptablesDefaultNatRule, ipv4Nat)
 		err = i.ipv4Client.Insert(iptablesNatTable, iptablesPostRoutingChain, 1, rule...)
 		if err != nil {
 			return err
@@ -190,14 +190,14 @@ func (i *iptablesManager) addJumpRules() error {
 	}
 
 	if i.ipv6Client != nil {
-		rule := append(iptablesDefaultForwardingRule, ipv6Forwarding) //nolint:gocritic
+		rule := append(iptablesDefaultForwardingRule, ipv6Forwarding)
 		err = i.ipv6Client.Insert(iptablesFilterTable, iptablesForwardChain, 1, rule...)
 		if err != nil {
 			return err
 		}
 		i.rules[ipv6][ipv6Forwarding] = rule
 
-		rule = append(iptablesDefaultNatRule, ipv6Nat) //nolint:gocritic
+		rule = append(iptablesDefaultNatRule, ipv6Nat)
 		err = i.ipv6Client.Insert(iptablesNatTable, iptablesPostRoutingChain, 1, rule...)
 		if err != nil {
 			return err

client/internal/routemanager/manager.go

@@ -155,7 +155,7 @@ func (m *DefaultManager) classifiesRoutes(newRoutes []*route.Route) (map[string]
 		if !ownNetworkIDs[networkID] {
 			// if prefix is too small, lets assume is a possible default route which is not yet supported
 			// we skip this route management
-			if newRoute.Network.Bits() < minRangeBits {
+			if newRoute.Network.Bits() < 7 {
 				log.Errorf("this agent version: %s, doesn't support default routes, received %s, skipping this route",
 					version.NetbirdVersion(), newRoute.Network)
 				continue

client/internal/routemanager/nftables_linux.go

@@ -300,7 +300,7 @@ func (n *nftablesManager) acceptForwardRule(sourceNetwork string) error {
 	dst := generateCIDRMatcherExpressions("destination", "0.0.0.0/0")
 
 	var exprs []expr.Any
-	exprs = append(src, append(dst, &expr.Verdict{ //nolint:gocritic
+	exprs = append(src, append(dst, &expr.Verdict{
 		Kind: expr.VerdictAccept,
 	})...)
 
@@ -322,7 +322,7 @@ func (n *nftablesManager) acceptForwardRule(sourceNetwork string) error {
 	src = generateCIDRMatcherExpressions("source", "0.0.0.0/0")
 	dst = generateCIDRMatcherExpressions("destination", sourceNetwork)
 
-	exprs = append(src, append(dst, &expr.Verdict{ //nolint:gocritic
+	exprs = append(src, append(dst, &expr.Verdict{
 		Kind: expr.VerdictAccept,
 	})...)
 
@@ -421,9 +421,9 @@ func (n *nftablesManager) insertRoutingRule(format, chain string, pair routerPai
 
 	var expression []expr.Any
 	if isNat {
-		expression = append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...) //nolint:gocritic
+		expression = append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
 	} else {
-		expression = append(sourceExp, append(destExp, exprCounterAccept...)...) //nolint:gocritic
+		expression = append(sourceExp, append(destExp, exprCounterAccept...)...)
 	}
 
 	ruleKey := genKey(format, pair.ID)

client/internal/routemanager/nftables_linux_test.go

@@ -44,7 +44,7 @@ func TestNftablesManager_RestoreOrCreateContainers(t *testing.T) {
 	sourceExp := generateCIDRMatcherExpressions("source", pair.source)
 	destExp := generateCIDRMatcherExpressions("destination", pair.destination)
 
-	forward4Exp := append(sourceExp, append(destExp, exprCounterAccept...)...) //nolint:gocritic
+	forward4Exp := append(sourceExp, append(destExp, exprCounterAccept...)...)
 	forward4RuleKey := genKey(forwardingFormat, pair.ID)
 	inserted4Forwarding := nftablesTestingClient.InsertRule(&nftables.Rule{
 		Table:    manager.tableIPv4,
@@ -53,7 +53,7 @@ func TestNftablesManager_RestoreOrCreateContainers(t *testing.T) {
 		UserData: []byte(forward4RuleKey),
 	})
 
-	nat4Exp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...) //nolint:gocritic
+	nat4Exp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
 	nat4RuleKey := genKey(natFormat, pair.ID)
 
 	inserted4Nat := nftablesTestingClient.InsertRule(&nftables.Rule{
@@ -76,7 +76,7 @@ func TestNftablesManager_RestoreOrCreateContainers(t *testing.T) {
 	sourceExp = generateCIDRMatcherExpressions("source", pair.source)
 	destExp = generateCIDRMatcherExpressions("destination", pair.destination)
 
-	forward6Exp := append(sourceExp, append(destExp, exprCounterAccept...)...) //nolint:gocritic
+	forward6Exp := append(sourceExp, append(destExp, exprCounterAccept...)...)
 	forward6RuleKey := genKey(forwardingFormat, pair.ID)
 	inserted6Forwarding := nftablesTestingClient.InsertRule(&nftables.Rule{
 		Table:    manager.tableIPv6,
@@ -85,7 +85,7 @@ func TestNftablesManager_RestoreOrCreateContainers(t *testing.T) {
 		UserData: []byte(forward6RuleKey),
 	})
 
-	nat6Exp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...) //nolint:gocritic
+	nat6Exp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
 	nat6RuleKey := genKey(natFormat, pair.ID)
 
 	inserted6Nat := nftablesTestingClient.InsertRule(&nftables.Rule{
@@ -149,7 +149,7 @@ func TestNftablesManager_InsertRoutingRules(t *testing.T) {
 
 			sourceExp := generateCIDRMatcherExpressions("source", testCase.inputPair.source)
 			destExp := generateCIDRMatcherExpressions("destination", testCase.inputPair.destination)
-			testingExpression := append(sourceExp, destExp...) //nolint:gocritic
+			testingExpression := append(sourceExp, destExp...)
 			fwdRuleKey := genKey(forwardingFormat, testCase.inputPair.ID)
 
 			found := 0
@@ -188,7 +188,7 @@ func TestNftablesManager_InsertRoutingRules(t *testing.T) {
 
 			sourceExp = generateCIDRMatcherExpressions("source", getInPair(testCase.inputPair).source)
 			destExp = generateCIDRMatcherExpressions("destination", getInPair(testCase.inputPair).destination)
-			testingExpression = append(sourceExp, destExp...) //nolint:gocritic
+			testingExpression = append(sourceExp, destExp...)
 			inFwdRuleKey := genKey(inForwardingFormat, testCase.inputPair.ID)
 
 			found = 0
@@ -252,7 +252,7 @@ func TestNftablesManager_RemoveRoutingRules(t *testing.T) {
 			sourceExp := generateCIDRMatcherExpressions("source", testCase.inputPair.source)
 			destExp := generateCIDRMatcherExpressions("destination", testCase.inputPair.destination)
 
-			forwardExp := append(sourceExp, append(destExp, exprCounterAccept...)...) //nolint:gocritic
+			forwardExp := append(sourceExp, append(destExp, exprCounterAccept...)...)
 			forwardRuleKey := genKey(forwardingFormat, testCase.inputPair.ID)
 			insertedForwarding := nftablesTestingClient.InsertRule(&nftables.Rule{
 				Table:    table,
@@ -261,7 +261,7 @@ func TestNftablesManager_RemoveRoutingRules(t *testing.T) {
 				UserData: []byte(forwardRuleKey),
 			})
 
-			natExp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...) //nolint:gocritic
+			natExp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
 			natRuleKey := genKey(natFormat, testCase.inputPair.ID)
 
 			insertedNat := nftablesTestingClient.InsertRule(&nftables.Rule{
@@ -274,7 +274,7 @@ func TestNftablesManager_RemoveRoutingRules(t *testing.T) {
 			sourceExp = generateCIDRMatcherExpressions("source", getInPair(testCase.inputPair).source)
 			destExp = generateCIDRMatcherExpressions("destination", getInPair(testCase.inputPair).destination)
 
-			forwardExp = append(sourceExp, append(destExp, exprCounterAccept...)...) //nolint:gocritic
+			forwardExp = append(sourceExp, append(destExp, exprCounterAccept...)...)
 			inForwardRuleKey := genKey(inForwardingFormat, testCase.inputPair.ID)
 			insertedInForwarding := nftablesTestingClient.InsertRule(&nftables.Rule{
 				Table:    table,
@@ -283,7 +283,7 @@ func TestNftablesManager_RemoveRoutingRules(t *testing.T) {
 				UserData: []byte(inForwardRuleKey),
 			})
 
-			natExp = append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...) //nolint:gocritic
+			natExp = append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
 			inNatRuleKey := genKey(inNatFormat, testCase.inputPair.ID)
 
 			insertedInNat := nftablesTestingClient.InsertRule(&nftables.Rule{

client/internal/routemanager/notifier.go

@@ -2,7 +2,6 @@ package routemanager
 
 import (
 	"sort"
-	"strings"
 	"sync"
 
 	"github.com/netbirdio/netbird/client/internal/listener"
@@ -51,6 +50,9 @@ func (n *notifier) onNewRoutes(idMap map[string][]*route.Route) {
 
 	n.routeRangers = newNets
 
+	if !n.hasDiff(n.initialRouteRangers, newNets) {
+		return
+	}
 	n.notify()
 }
 
@@ -62,7 +64,7 @@ func (n *notifier) notify() {
 	}
 
 	go func(l listener.NetworkChangeListener) {
-		l.OnNetworkChanged(strings.Join(n.routeRangers, ","))
+		l.OnNetworkChanged()
 	}(n.listener)
 }
 

client/internal/routemanager/server_android.go

@@ -1,5 +1,3 @@
-//go:build android
-
 package routemanager
 
 import (

client/internal/routemanager/systemops_bsd.go

@@ -27,24 +27,24 @@ const (
 	RTF_MULTICAST = 0x800000
 )
 
-func getRoutesFromTable() ([]netip.Prefix, error) {
+func existsInRouteTable(prefix netip.Prefix) (bool, error) {
 	tab, err := route.FetchRIB(syscall.AF_UNSPEC, route.RIBTypeRoute, 0)
 	if err != nil {
-		return nil, err
+		return false, err
 	}
 	msgs, err := route.ParseRIB(route.RIBTypeRoute, tab)
 	if err != nil {
-		return nil, err
+		return false, err
 	}
-	var prefixList []netip.Prefix
+
 	for _, msg := range msgs {
 		m := msg.(*route.RouteMessage)
 
 		if m.Version < 3 || m.Version > 5 {
-			return nil, fmt.Errorf("unexpected RIB message version: %d", m.Version)
+			return false, fmt.Errorf("unexpected RIB message version: %d", m.Version)
 		}
 		if m.Type != 4 /* RTM_GET */ {
-			return nil, fmt.Errorf("unexpected RIB message type: %d", m.Type)
+			return true, fmt.Errorf("unexpected RIB message type: %d", m.Type)
 		}
 
 		if m.Flags&RTF_UP == 0 ||
@@ -52,42 +52,31 @@ func getRoutesFromTable() ([]netip.Prefix, error) {
 			continue
 		}
 
-		addr, ok := toNetIPAddr(m.Addrs[0])
-		if !ok {
-			continue
+		dst, err := toIPAddr(m.Addrs[0])
+		if err != nil {
+			return true, fmt.Errorf("unexpected RIB destination: %v", err)
 		}
 
-		mask, ok := toNetIPMASK(m.Addrs[2])
-		if !ok {
-			continue
-		}
-		cidr, _ := mask.Size()
-
-		routePrefix := netip.PrefixFrom(addr, cidr)
-		if routePrefix.IsValid() {
-			prefixList = append(prefixList, routePrefix)
+		mask, _ := toIPAddr(m.Addrs[2])
+		cidr, _ := net.IPMask(mask.To4()).Size()
+		if dst.String() == prefix.Addr().String() && cidr == prefix.Bits() {
+			return true, nil
 		}
 	}
-	return prefixList, nil
+
+	return false, nil
 }
 
-func toNetIPAddr(a route.Addr) (netip.Addr, bool) {
+func toIPAddr(a route.Addr) (net.IP, error) {
 	switch t := a.(type) {
 	case *route.Inet4Addr:
 		ip := net.IPv4(t.IP[0], t.IP[1], t.IP[2], t.IP[3])
-		addr := netip.MustParseAddr(ip.String())
-		return addr, true
+		return ip, nil
+	case *route.Inet6Addr:
+		ip := make(net.IP, net.IPv6len)
+		copy(ip, t.IP[:])
+		return ip, nil
 	default:
-		return netip.Addr{}, false
-	}
-}
-
-func toNetIPMASK(a route.Addr) (net.IPMask, bool) {
-	switch t := a.(type) {
-	case *route.Inet4Addr:
-		mask := net.IPv4Mask(t.IP[0], t.IP[1], t.IP[2], t.IP[3])
-		return mask, true
-	default:
-		return nil, false
+		return net.IP{}, fmt.Errorf("unknown family: %v", t)
 	}
 }

client/internal/routemanager/systemops_ios.go

@@ -1,15 +0,0 @@
-//go:build ios
-
-package routemanager
-
-import (
-	"net/netip"
-)
-
-func addToRouteTableIfNoExists(prefix netip.Prefix, addr string) error {
-	return nil
-}
-
-func removeFromRouteTableIfNonSystem(prefix netip.Prefix, addr string) error {
-	return nil
-}

client/internal/routemanager/systemops_linux.go

@@ -60,26 +60,15 @@ func addToRouteTable(prefix netip.Prefix, addr string) error {
 	return nil
 }
 
-func removeFromRouteTable(prefix netip.Prefix, addr string) error {
+func removeFromRouteTable(prefix netip.Prefix) error {
 	_, ipNet, err := net.ParseCIDR(prefix.String())
 	if err != nil {
 		return err
 	}
 
-	addrMask := "/32"
-	if prefix.Addr().Unmap().Is6() {
-		addrMask = "/128"
-	}
-
-	ip, _, err := net.ParseCIDR(addr + addrMask)
-	if err != nil {
-		return err
-	}
-
 	route := &netlink.Route{
 		Scope: netlink.SCOPE_UNIVERSE,
 		Dst:   ipNet,
-		Gw:    ip,
 	}
 
 	err = netlink.RouteDel(route)
@@ -90,16 +79,15 @@ func removeFromRouteTable(prefix netip.Prefix, addr string) error {
 	return nil
 }
 
-func getRoutesFromTable() ([]netip.Prefix, error) {
+func existsInRouteTable(prefix netip.Prefix) (bool, error) {
 	tab, err := syscall.NetlinkRIB(syscall.RTM_GETROUTE, syscall.AF_UNSPEC)
 	if err != nil {
-		return nil, err
+		return true, err
 	}
 	msgs, err := syscall.ParseNetlinkMessage(tab)
 	if err != nil {
-		return nil, err
+		return true, err
 	}
-	var prefixList []netip.Prefix
 loop:
 	for _, m := range msgs {
 		switch m.Header.Type {
@@ -107,10 +95,9 @@ loop:
 			break loop
 		case syscall.RTM_NEWROUTE:
 			rt := (*routeInfoInMemory)(unsafe.Pointer(&m.Data[0]))
-			msg := m
-			attrs, err := syscall.ParseNetlinkRouteAttr(&msg)
+			attrs, err := syscall.ParseNetlinkRouteAttr(&m)
 			if err != nil {
-				return nil, err
+				return true, err
 			}
 			if rt.Family != syscall.AF_INET {
 				continue loop
@@ -118,21 +105,17 @@ loop:
 
 			for _, attr := range attrs {
 				if attr.Attr.Type == syscall.RTA_DST {
-					addr, ok := netip.AddrFromSlice(attr.Value)
-					if !ok {
-						continue
-					}
+					ip := net.IP(attr.Value)
 					mask := net.CIDRMask(int(rt.DstLen), len(attr.Value)*8)
 					cidr, _ := mask.Size()
-					routePrefix := netip.PrefixFrom(addr, cidr)
-					if routePrefix.IsValid() && routePrefix.Addr().Is4() {
-						prefixList = append(prefixList, routePrefix)
+					if ip.String() == prefix.Addr().String() && cidr == prefix.Bits() {
+						return true, nil
 					}
 				}
 			}
 		}
 	}
-	return prefixList, nil
+	return false, nil
 }
 
 func enableIPForwarding() error {
@@ -147,5 +130,5 @@ func enableIPForwarding() error {
 		return nil
 	}
 
-	return os.WriteFile(ipv4ForwardingPath, []byte("1"), 0644) //nolint:gosec
+	return os.WriteFile(ipv4ForwardingPath, []byte("1"), 0644)
 }

client/internal/routemanager/systemops_nonandroid.go

@@ -1,4 +1,4 @@
-//go:build !android && !ios
+//go:build !android
 
 package routemanager
 
@@ -14,6 +14,17 @@ import (
 var errRouteNotFound = fmt.Errorf("route not found")
 
 func addToRouteTableIfNoExists(prefix netip.Prefix, addr string) error {
+	defaultGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
+	if err != nil && err != errRouteNotFound {
+		return err
+	}
+
+	gatewayIP := netip.MustParseAddr(defaultGateway.String())
+	if prefix.Contains(gatewayIP) {
+		log.Warnf("skipping adding a new route for network %s because it overlaps with the default gateway: %s", prefix, gatewayIP)
+		return nil
+	}
+
 	ok, err := existsInRouteTable(prefix)
 	if err != nil {
 		return err
@@ -23,82 +34,20 @@ func addToRouteTableIfNoExists(prefix netip.Prefix, addr string) error {
 		return nil
 	}
 
-	ok, err = isSubRange(prefix)
-	if err != nil {
-		return err
-	}
-
-	if ok {
-		err := addRouteForCurrentDefaultGateway(prefix)
-		if err != nil {
-			log.Warnf("unable to add route for current default gateway route. Will proceed without it. error: %s", err)
-		}
-	}
-
 	return addToRouteTable(prefix, addr)
 }
 
-func addRouteForCurrentDefaultGateway(prefix netip.Prefix) error {
-	defaultGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
-	if err != nil && err != errRouteNotFound {
+func removeFromRouteTableIfNonSystem(prefix netip.Prefix, addr string) error {
+	addrIP := net.ParseIP(addr)
+	prefixGateway, err := getExistingRIBRouteGateway(prefix)
+	if err != nil {
 		return err
 	}
-
-	addr := netip.MustParseAddr(defaultGateway.String())
-
-	if !prefix.Contains(addr) {
-		log.Debugf("skipping adding a new route for gateway %s because it is not in the network %s", addr, prefix)
+	if prefixGateway != nil && !prefixGateway.Equal(addrIP) {
+		log.Warnf("route for network %s is pointing to a different gateway: %s, should be pointing to: %s, not removing", prefix, prefixGateway, addrIP)
 		return nil
 	}
-
-	gatewayPrefix := netip.PrefixFrom(addr, 32)
-
-	ok, err := existsInRouteTable(gatewayPrefix)
-	if err != nil {
-		return fmt.Errorf("unable to check if there is an existing route for gateway %s. error: %s", gatewayPrefix, err)
-	}
-
-	if ok {
-		log.Debugf("skipping adding a new route for gateway %s because it already exists", gatewayPrefix)
-		return nil
-	}
-
-	gatewayHop, err := getExistingRIBRouteGateway(gatewayPrefix)
-	if err != nil && err != errRouteNotFound {
-		return fmt.Errorf("unable to get the next hop for the default gateway address. error: %s", err)
-	}
-	log.Debugf("adding a new route for gateway %s with next hop %s", gatewayPrefix, gatewayHop)
-	return addToRouteTable(gatewayPrefix, gatewayHop.String())
-}
-
-func existsInRouteTable(prefix netip.Prefix) (bool, error) {
-	routes, err := getRoutesFromTable()
-	if err != nil {
-		return false, err
-	}
-	for _, tableRoute := range routes {
-		if tableRoute == prefix {
-			return true, nil
-		}
-	}
-	return false, nil
-}
-
-func isSubRange(prefix netip.Prefix) (bool, error) {
-	routes, err := getRoutesFromTable()
-	if err != nil {
-		return false, err
-	}
-	for _, tableRoute := range routes {
-		if tableRoute.Bits() > minRangeBits && tableRoute.Contains(prefix.Addr()) && tableRoute.Bits() < prefix.Bits() {
-			return true, nil
-		}
-	}
-	return false, nil
-}
-
-func removeFromRouteTableIfNonSystem(prefix netip.Prefix, addr string) error {
-	return removeFromRouteTable(prefix, addr)
+	return removeFromRouteTable(prefix)
 }
 
 func getExistingRIBRouteGateway(prefix netip.Prefix) (net.IP, error) {

client/internal/routemanager/systemops_nonandroid_test.go

@@ -24,13 +24,13 @@ func TestAddRemoveRoutes(t *testing.T) {
 		shouldBeRemoved        bool
 	}{
 		{
-			name:                   "Should Add And Remove Route 100.66.120.0/24",
+			name:                   "Should Add And Remove Route",
 			prefix:                 netip.MustParsePrefix("100.66.120.0/24"),
 			shouldRouteToWireguard: true,
 			shouldBeRemoved:        true,
 		},
 		{
-			name:                   "Should Not Add Or Remove Route 127.0.0.1/32",
+			name:                   "Should Not Add Or Remove Route",
 			prefix:                 netip.MustParsePrefix("127.0.0.1/32"),
 			shouldRouteToWireguard: false,
 			shouldBeRemoved:        false,
@@ -51,32 +51,29 @@ func TestAddRemoveRoutes(t *testing.T) {
 			require.NoError(t, err, "should create testing wireguard interface")
 
 			err = addToRouteTableIfNoExists(testCase.prefix, wgInterface.Address().IP.String())
-			require.NoError(t, err, "addToRouteTableIfNoExists should not return err")
+			require.NoError(t, err, "should not return err")
 
 			prefixGateway, err := getExistingRIBRouteGateway(testCase.prefix)
-			require.NoError(t, err, "getExistingRIBRouteGateway should not return err")
+			require.NoError(t, err, "should not return err")
 			if testCase.shouldRouteToWireguard {
 				require.Equal(t, wgInterface.Address().IP.String(), prefixGateway.String(), "route should point to wireguard interface IP")
 			} else {
 				require.NotEqual(t, wgInterface.Address().IP.String(), prefixGateway.String(), "route should point to a different interface")
 			}
-			exists, err := existsInRouteTable(testCase.prefix)
-			require.NoError(t, err, "existsInRouteTable should not return err")
-			if exists && testCase.shouldRouteToWireguard {
-				err = removeFromRouteTableIfNonSystem(testCase.prefix, wgInterface.Address().IP.String())
-				require.NoError(t, err, "removeFromRouteTableIfNonSystem should not return err")
 
-				prefixGateway, err = getExistingRIBRouteGateway(testCase.prefix)
-				require.NoError(t, err, "getExistingRIBRouteGateway should not return err")
+			err = removeFromRouteTableIfNonSystem(testCase.prefix, wgInterface.Address().IP.String())
+			require.NoError(t, err, "should not return err")
 
-				internetGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
-				require.NoError(t, err)
+			prefixGateway, err = getExistingRIBRouteGateway(testCase.prefix)
+			require.NoError(t, err, "should not return err")
 
-				if testCase.shouldBeRemoved {
-					require.Equal(t, internetGateway, prefixGateway, "route should be pointing to default internet gateway")
-				} else {
-					require.NotEqual(t, internetGateway, prefixGateway, "route should be pointing to a different gateway than the internet gateway")
-				}
+			internetGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
+			require.NoError(t, err)
+
+			if testCase.shouldBeRemoved {
+				require.Equal(t, internetGateway, prefixGateway, "route should be pointing to default internet gateway")
+			} else {
+				require.NotEqual(t, internetGateway, prefixGateway, "route should be pointing to a different gateway than the internet gateway")
 			}
 		})
 	}
@@ -218,66 +215,3 @@ func TestAddExistAndRemoveRouteNonAndroid(t *testing.T) {
 		})
 	}
 }
-
-func TestExistsInRouteTable(t *testing.T) {
-	addresses, err := net.InterfaceAddrs()
-	if err != nil {
-		t.Fatal("shouldn't return error when fetching interface addresses: ", err)
-	}
-
-	var addressPrefixes []netip.Prefix
-	for _, address := range addresses {
-		p := netip.MustParsePrefix(address.String())
-		if p.Addr().Is4() {
-			addressPrefixes = append(addressPrefixes, p.Masked())
-		}
-	}
-
-	for _, prefix := range addressPrefixes {
-		exists, err := existsInRouteTable(prefix)
-		if err != nil {
-			t.Fatal("shouldn't return error when checking if address exists in route table: ", err)
-		}
-		if !exists {
-			t.Fatalf("address %s should exist in route table", prefix)
-		}
-	}
-}
-
-func TestIsSubRange(t *testing.T) {
-	addresses, err := net.InterfaceAddrs()
-	if err != nil {
-		t.Fatal("shouldn't return error when fetching interface addresses: ", err)
-	}
-
-	var subRangeAddressPrefixes []netip.Prefix
-	var nonSubRangeAddressPrefixes []netip.Prefix
-	for _, address := range addresses {
-		p := netip.MustParsePrefix(address.String())
-		if !p.Addr().IsLoopback() && p.Addr().Is4() && p.Bits() < 32 {
-			p2 := netip.PrefixFrom(p.Masked().Addr(), p.Bits()+1)
-			subRangeAddressPrefixes = append(subRangeAddressPrefixes, p2)
-			nonSubRangeAddressPrefixes = append(nonSubRangeAddressPrefixes, p.Masked())
-		}
-	}
-
-	for _, prefix := range subRangeAddressPrefixes {
-		isSubRangePrefix, err := isSubRange(prefix)
-		if err != nil {
-			t.Fatal("shouldn't return error when checking if address is sub-range: ", err)
-		}
-		if !isSubRangePrefix {
-			t.Fatalf("address %s should be sub-range of an existing route in the table", prefix)
-		}
-	}
-
-	for _, prefix := range nonSubRangeAddressPrefixes {
-		isSubRangePrefix, err := isSubRange(prefix)
-		if err != nil {
-			t.Fatal("shouldn't return error when checking if address is sub-range: ", err)
-		}
-		if isSubRangePrefix {
-			t.Fatalf("address %s should not be sub-range of an existing route in the table", prefix)
-		}
-	}
-}

client/internal/routemanager/systemops_nonlinux.go

@@ -21,12 +21,8 @@ func addToRouteTable(prefix netip.Prefix, addr string) error {
 	return nil
 }
 
-func removeFromRouteTable(prefix netip.Prefix, addr string) error {
-	args := []string{"delete", prefix.String()}
-	if runtime.GOOS == "darwin" {
-		args = append(args, addr)
-	}
-	cmd := exec.Command("route", args...)
+func removeFromRouteTable(prefix netip.Prefix) error {
+	cmd := exec.Command("route", "delete", prefix.String())
 	out, err := cmd.Output()
 	if err != nil {
 		return err

client/internal/routemanager/systemops_windows.go

@@ -15,32 +15,23 @@ type Win32_IP4RouteTable struct {
 	Mask        string
 }
 
-func getRoutesFromTable() ([]netip.Prefix, error) {
+func existsInRouteTable(prefix netip.Prefix) (bool, error) {
 	var routes []Win32_IP4RouteTable
 	query := "SELECT Destination, Mask FROM Win32_IP4RouteTable"
 
 	err := wmi.Query(query, &routes)
 	if err != nil {
-		return nil, err
+		return true, err
 	}
 
-	var prefixList []netip.Prefix
 	for _, route := range routes {
-		addr, err := netip.ParseAddr(route.Destination)
-		if err != nil {
-			continue
-		}
-		maskSlice := net.ParseIP(route.Mask).To4()
-		if maskSlice == nil {
-			continue
-		}
-		mask := net.IPv4Mask(maskSlice[0], maskSlice[1], maskSlice[2], maskSlice[3])
+		ip := net.ParseIP(route.Mask)
+		ip = ip.To4()
+		mask := net.IPv4Mask(ip[0], ip[1], ip[2], ip[3])
 		cidr, _ := mask.Size()
-
-		routePrefix := netip.PrefixFrom(addr, cidr)
-		if routePrefix.IsValid() && routePrefix.Addr().Is4() {
-			prefixList = append(prefixList, routePrefix)
+		if route.Destination == prefix.Addr().String() && cidr == prefix.Bits() {
+			return true, nil
 		}
 	}
-	return prefixList, nil
+	return false, nil
 }

client/ios/NetBirdSDK/client.go

@@ -1,223 +0,0 @@
-package NetBirdSDK
-
-import (
-	"context"
-	"sync"
-	"time"
-
-	log "github.com/sirupsen/logrus"
-
-	"github.com/netbirdio/netbird/client/internal"
-	"github.com/netbirdio/netbird/client/internal/auth"
-	"github.com/netbirdio/netbird/client/internal/dns"
-	"github.com/netbirdio/netbird/client/internal/listener"
-	"github.com/netbirdio/netbird/client/internal/peer"
-	"github.com/netbirdio/netbird/client/system"
-	"github.com/netbirdio/netbird/formatter"
-)
-
-// ConnectionListener export internal Listener for mobile
-type ConnectionListener interface {
-	peer.Listener
-}
-
-// RouteListener export internal RouteListener for mobile
-type NetworkChangeListener interface {
-	listener.NetworkChangeListener
-}
-
-// DnsManager export internal dns Manager for mobile
-type DnsManager interface {
-	dns.IosDnsManager
-}
-
-// CustomLogger export internal CustomLogger for mobile
-type CustomLogger interface {
-	Debug(message string)
-	Info(message string)
-	Error(message string)
-}
-
-func init() {
-	formatter.SetLogcatFormatter(log.StandardLogger())
-}
-
-// Client struct manage the life circle of background service
-type Client struct {
-	cfgFile               string
-	recorder              *peer.Status
-	ctxCancel             context.CancelFunc
-	ctxCancelLock         *sync.Mutex
-	deviceName            string
-	osName                string
-	osVersion             string
-	networkChangeListener listener.NetworkChangeListener
-	onHostDnsFn           func([]string)
-	dnsManager            dns.IosDnsManager
-	loginComplete         bool
-}
-
-// NewClient instantiate a new Client
-func NewClient(cfgFile, deviceName string, osVersion string, osName string, networkChangeListener NetworkChangeListener, dnsManager DnsManager) *Client {
-	return &Client{
-		cfgFile:               cfgFile,
-		deviceName:            deviceName,
-		osName:                osName,
-		osVersion:             osVersion,
-		recorder:              peer.NewRecorder(""),
-		ctxCancelLock:         &sync.Mutex{},
-		networkChangeListener: networkChangeListener,
-		dnsManager:            dnsManager,
-	}
-}
-
-// Run start the internal client. It is a blocker function
-func (c *Client) Run(fd int32, interfaceName string) error {
-	log.Infof("Starting NetBird client")
-	log.Debugf("Tunnel uses interface: %s", interfaceName)
-	cfg, err := internal.UpdateOrCreateConfig(internal.ConfigInput{
-		ConfigPath: c.cfgFile,
-	})
-	if err != nil {
-		return err
-	}
-	c.recorder.UpdateManagementAddress(cfg.ManagementURL.String())
-
-	var ctx context.Context
-	//nolint
-	ctxWithValues := context.WithValue(context.Background(), system.DeviceNameCtxKey, c.deviceName)
-	//nolint
-	ctxWithValues = context.WithValue(ctxWithValues, system.OsNameCtxKey, c.osName)
-	//nolint
-	ctxWithValues = context.WithValue(ctxWithValues, system.OsVersionCtxKey, c.osVersion)
-	c.ctxCancelLock.Lock()
-	ctx, c.ctxCancel = context.WithCancel(ctxWithValues)
-	defer c.ctxCancel()
-	c.ctxCancelLock.Unlock()
-
-	auth := NewAuthWithConfig(ctx, cfg)
-	err = auth.Login()
-	if err != nil {
-		return err
-	}
-
-	log.Infof("Auth successful")
-	// todo do not throw error in case of cancelled context
-	ctx = internal.CtxInitState(ctx)
-	c.onHostDnsFn = func([]string) {}
-	return internal.RunClientiOS(ctx, cfg, c.recorder, fd, c.networkChangeListener, c.dnsManager, interfaceName)
-}
-
-// Stop the internal client and free the resources
-func (c *Client) Stop() {
-	c.ctxCancelLock.Lock()
-	defer c.ctxCancelLock.Unlock()
-	if c.ctxCancel == nil {
-		return
-	}
-
-	c.ctxCancel()
-}
-
-// ÏSetTraceLogLevel configure the logger to trace level
-func (c *Client) SetTraceLogLevel() {
-	log.SetLevel(log.TraceLevel)
-}
-
-// getStatusDetails return with the list of the PeerInfos
-func (c *Client) GetStatusDetails() *StatusDetails {
-
-	fullStatus := c.recorder.GetFullStatus()
-
-	peerInfos := make([]PeerInfo, len(fullStatus.Peers))
-	for n, p := range fullStatus.Peers {
-		pi := PeerInfo{
-			p.IP,
-			p.FQDN,
-			p.ConnStatus.String(),
-		}
-		peerInfos[n] = pi
-	}
-	return &StatusDetails{items: peerInfos, fqdn: fullStatus.LocalPeerState.FQDN, ip: fullStatus.LocalPeerState.IP}
-}
-
-// SetConnectionListener set the network connection listener
-func (c *Client) SetConnectionListener(listener ConnectionListener) {
-	c.recorder.SetConnectionListener(listener)
-}
-
-// RemoveConnectionListener remove connection listener
-func (c *Client) RemoveConnectionListener() {
-	c.recorder.RemoveConnectionListener()
-}
-
-func (c *Client) IsLoginRequired() bool {
-	var ctx context.Context
-	//nolint
-	ctxWithValues := context.WithValue(context.Background(), system.DeviceNameCtxKey, c.deviceName)
-	//nolint
-	ctxWithValues = context.WithValue(ctxWithValues, system.OsNameCtxKey, c.osName)
-	//nolint
-	ctxWithValues = context.WithValue(ctxWithValues, system.OsVersionCtxKey, c.osVersion)
-	c.ctxCancelLock.Lock()
-	defer c.ctxCancelLock.Unlock()
-	ctx, c.ctxCancel = context.WithCancel(ctxWithValues)
-
-	cfg, _ := internal.UpdateOrCreateConfig(internal.ConfigInput{
-		ConfigPath: c.cfgFile,
-	})
-
-	needsLogin, _ := internal.IsLoginRequired(ctx, cfg.PrivateKey, cfg.ManagementURL, cfg.SSHKey)
-	return needsLogin
-}
-
-func (c *Client) LoginForMobile() string {
-	var ctx context.Context
-	//nolint
-	ctxWithValues := context.WithValue(context.Background(), system.DeviceNameCtxKey, c.deviceName)
-	//nolint
-	ctxWithValues = context.WithValue(ctxWithValues, system.OsNameCtxKey, c.osName)
-	//nolint
-	ctxWithValues = context.WithValue(ctxWithValues, system.OsVersionCtxKey, c.osVersion)
-	c.ctxCancelLock.Lock()
-	defer c.ctxCancelLock.Unlock()
-	ctx, c.ctxCancel = context.WithCancel(ctxWithValues)
-
-	cfg, _ := internal.UpdateOrCreateConfig(internal.ConfigInput{
-		ConfigPath: c.cfgFile,
-	})
-
-	oAuthFlow, err := auth.NewOAuthFlow(ctx, cfg, false)
-	if err != nil {
-		return err.Error()
-	}
-
-	flowInfo, err := oAuthFlow.RequestAuthInfo(context.TODO())
-	if err != nil {
-		return err.Error()
-	}
-
-	// This could cause a potential race condition with loading the extension which need to be handled on swift side
-	go func() {
-		waitTimeout := time.Duration(flowInfo.ExpiresIn) * time.Second
-		waitCTX, cancel := context.WithTimeout(ctx, waitTimeout)
-		defer cancel()
-		tokenInfo, err := oAuthFlow.WaitToken(waitCTX, flowInfo)
-		if err != nil {
-			return
-		}
-		jwtToken := tokenInfo.GetTokenToUse()
-		_ = internal.Login(ctx, cfg, "", jwtToken)
-		c.loginComplete = true
-	}()
-
-	return flowInfo.VerificationURIComplete
-}
-
-func (c *Client) IsLoginComplete() bool {
-	return c.loginComplete
-}
-
-func (c *Client) ClearLoginComplete() {
-	c.loginComplete = false
-}

client/ios/NetBirdSDK/gomobile.go

@@ -1,5 +0,0 @@
-package NetBirdSDK
-
-import _ "golang.org/x/mobile/bind"
-
-// to keep our CI/CD that checks go.mod and go.sum files happy, we need to import the package above

client/ios/NetBirdSDK/logger.go

@@ -1,10 +0,0 @@
-package NetBirdSDK
-
-import (
-	"github.com/netbirdio/netbird/util"
-)
-
-// InitializeLog initializes the log file.
-func InitializeLog(logLevel string, filePath string) error {
-	return util.InitLog(logLevel, filePath)
-}

client/ios/NetBirdSDK/login.go

@@ -1,159 +0,0 @@
-package NetBirdSDK
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/cenkalti/backoff/v4"
-	log "github.com/sirupsen/logrus"
-	"google.golang.org/grpc/codes"
-	gstatus "google.golang.org/grpc/status"
-
-	"github.com/netbirdio/netbird/client/cmd"
-	"github.com/netbirdio/netbird/client/internal"
-	"github.com/netbirdio/netbird/client/system"
-)
-
-// SSOListener is async listener for mobile framework
-type SSOListener interface {
-	OnSuccess(bool)
-	OnError(error)
-}
-
-// ErrListener is async listener for mobile framework
-type ErrListener interface {
-	OnSuccess()
-	OnError(error)
-}
-
-// URLOpener it is a callback interface. The Open function will be triggered if
-// the backend want to show an url for the user
-type URLOpener interface {
-	Open(string)
-}
-
-// Auth can register or login new client
-type Auth struct {
-	ctx     context.Context
-	config  *internal.Config
-	cfgPath string
-}
-
-// NewAuth instantiate Auth struct and validate the management URL
-func NewAuth(cfgPath string, mgmURL string) (*Auth, error) {
-	inputCfg := internal.ConfigInput{
-		ManagementURL: mgmURL,
-	}
-
-	cfg, err := internal.CreateInMemoryConfig(inputCfg)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Auth{
-		ctx:     context.Background(),
-		config:  cfg,
-		cfgPath: cfgPath,
-	}, nil
-}
-
-// NewAuthWithConfig instantiate Auth based on existing config
-func NewAuthWithConfig(ctx context.Context, config *internal.Config) *Auth {
-	return &Auth{
-		ctx:    ctx,
-		config: config,
-	}
-}
-
-// SaveConfigIfSSOSupported test the connectivity with the management server by retrieving the server device flow info.
-// If it returns a flow info than save the configuration and return true. If it gets a codes.NotFound, it means that SSO
-// is not supported and returns false without saving the configuration. For other errors return false.
-func (a *Auth) SaveConfigIfSSOSupported() (bool, error) {
-	supportsSSO := true
-	err := a.withBackOff(a.ctx, func() (err error) {
-		_, err = internal.GetDeviceAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL)
-		if s, ok := gstatus.FromError(err); ok && s.Code() == codes.NotFound {
-			_, err = internal.GetPKCEAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL)
-			if s, ok := gstatus.FromError(err); ok && s.Code() == codes.NotFound {
-				supportsSSO = false
-				err = nil
-			}
-
-			return err
-		}
-
-		return err
-	})
-
-	if !supportsSSO {
-		return false, nil
-	}
-
-	if err != nil {
-		return false, fmt.Errorf("backoff cycle failed: %v", err)
-	}
-
-	err = internal.WriteOutConfig(a.cfgPath, a.config)
-	return true, err
-}
-
-// LoginWithSetupKeyAndSaveConfig test the connectivity with the management server with the setup key.
-func (a *Auth) LoginWithSetupKeyAndSaveConfig(setupKey string, deviceName string) error {
-	//nolint
-	ctxWithValues := context.WithValue(a.ctx, system.DeviceNameCtxKey, deviceName)
-
-	err := a.withBackOff(a.ctx, func() error {
-		backoffErr := internal.Login(ctxWithValues, a.config, setupKey, "")
-		if s, ok := gstatus.FromError(backoffErr); ok && (s.Code() == codes.PermissionDenied) {
-			// we got an answer from management, exit backoff earlier
-			return backoff.Permanent(backoffErr)
-		}
-		return backoffErr
-	})
-	if err != nil {
-		return fmt.Errorf("backoff cycle failed: %v", err)
-	}
-
-	return internal.WriteOutConfig(a.cfgPath, a.config)
-}
-
-func (a *Auth) Login() error {
-	var needsLogin bool
-
-	// check if we need to generate JWT token
-	err := a.withBackOff(a.ctx, func() (err error) {
-		needsLogin, err = internal.IsLoginRequired(a.ctx, a.config.PrivateKey, a.config.ManagementURL, a.config.SSHKey)
-		return
-	})
-	if err != nil {
-		return fmt.Errorf("backoff cycle failed: %v", err)
-	}
-
-	jwtToken := ""
-	if needsLogin {
-		return fmt.Errorf("Not authenticated")
-	}
-
-	err = a.withBackOff(a.ctx, func() error {
-		err := internal.Login(a.ctx, a.config, "", jwtToken)
-		if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.InvalidArgument || s.Code() == codes.PermissionDenied) {
-			return nil
-		}
-		return err
-	})
-	if err != nil {
-		return fmt.Errorf("backoff cycle failed: %v", err)
-	}
-
-	return nil
-}
-
-func (a *Auth) withBackOff(ctx context.Context, bf func() error) error {
-	return backoff.RetryNotify(
-		bf,
-		backoff.WithContext(cmd.CLIBackOffSettings, ctx),
-		func(err error, duration time.Duration) {
-			log.Warnf("retrying Login to the Management service in %v due to error %v", duration, err)
-		})
-}

client/ios/NetBirdSDK/peer_notifier.go

@@ -1,50 +0,0 @@
-package NetBirdSDK
-
-// PeerInfo describe information about the peers. It designed for the UI usage
-type PeerInfo struct {
-	IP         string
-	FQDN       string
-	ConnStatus string // Todo replace to enum
-}
-
-// PeerInfoCollection made for Java layer to get non default types as collection
-type PeerInfoCollection interface {
-	Add(s string) PeerInfoCollection
-	Get(i int) string
-	Size() int
-	GetFQDN() string
-	GetIP() string
-}
-
-// StatusDetails is the implementation of the PeerInfoCollection
-type StatusDetails struct {
-	items []PeerInfo
-	fqdn  string
-	ip    string
-}
-
-// Add new PeerInfo to the collection
-func (array StatusDetails) Add(s PeerInfo) StatusDetails {
-	array.items = append(array.items, s)
-	return array
-}
-
-// Get return an element of the collection
-func (array StatusDetails) Get(i int) *PeerInfo {
-	return &array.items[i]
-}
-
-// Size return with the size of the collection
-func (array StatusDetails) Size() int {
-	return len(array.items)
-}
-
-// GetFQDN return with the FQDN of the local peer
-func (array StatusDetails) GetFQDN() string {
-	return array.fqdn
-}
-
-// GetIP return with the IP of the local peer
-func (array StatusDetails) GetIP() string {
-	return array.ip
-}

client/ios/NetBirdSDK/preferences.go

@@ -1,78 +0,0 @@
-package NetBirdSDK
-
-import (
-	"github.com/netbirdio/netbird/client/internal"
-)
-
-// Preferences export a subset of the internal config for gomobile
-type Preferences struct {
-	configInput internal.ConfigInput
-}
-
-// NewPreferences create new Preferences instance
-func NewPreferences(configPath string) *Preferences {
-	ci := internal.ConfigInput{
-		ConfigPath: configPath,
-	}
-	return &Preferences{ci}
-}
-
-// GetManagementURL read url from config file
-func (p *Preferences) GetManagementURL() (string, error) {
-	if p.configInput.ManagementURL != "" {
-		return p.configInput.ManagementURL, nil
-	}
-
-	cfg, err := internal.ReadConfig(p.configInput.ConfigPath)
-	if err != nil {
-		return "", err
-	}
-	return cfg.ManagementURL.String(), err
-}
-
-// SetManagementURL store the given url and wait for commit
-func (p *Preferences) SetManagementURL(url string) {
-	p.configInput.ManagementURL = url
-}
-
-// GetAdminURL read url from config file
-func (p *Preferences) GetAdminURL() (string, error) {
-	if p.configInput.AdminURL != "" {
-		return p.configInput.AdminURL, nil
-	}
-
-	cfg, err := internal.ReadConfig(p.configInput.ConfigPath)
-	if err != nil {
-		return "", err
-	}
-	return cfg.AdminURL.String(), err
-}
-
-// SetAdminURL store the given url and wait for commit
-func (p *Preferences) SetAdminURL(url string) {
-	p.configInput.AdminURL = url
-}
-
-// GetPreSharedKey read preshared key from config file
-func (p *Preferences) GetPreSharedKey() (string, error) {
-	if p.configInput.PreSharedKey != nil {
-		return *p.configInput.PreSharedKey, nil
-	}
-
-	cfg, err := internal.ReadConfig(p.configInput.ConfigPath)
-	if err != nil {
-		return "", err
-	}
-	return cfg.PreSharedKey, err
-}
-
-// SetPreSharedKey store the given key and wait for commit
-func (p *Preferences) SetPreSharedKey(key string) {
-	p.configInput.PreSharedKey = &key
-}
-
-// Commit write out the changes into config file
-func (p *Preferences) Commit() error {
-	_, err := internal.UpdateOrCreateConfig(p.configInput)
-	return err
-}

client/ios/NetBirdSDK/preferences_test.go

@@ -1,120 +0,0 @@
-package NetBirdSDK
-
-import (
-	"path/filepath"
-	"testing"
-
-	"github.com/netbirdio/netbird/client/internal"
-)
-
-func TestPreferences_DefaultValues(t *testing.T) {
-	cfgFile := filepath.Join(t.TempDir(), "netbird.json")
-	p := NewPreferences(cfgFile)
-	defaultVar, err := p.GetAdminURL()
-	if err != nil {
-		t.Fatalf("failed to read default value: %s", err)
-	}
-
-	if defaultVar != internal.DefaultAdminURL {
-		t.Errorf("invalid default admin url: %s", defaultVar)
-	}
-
-	defaultVar, err = p.GetManagementURL()
-	if err != nil {
-		t.Fatalf("failed to read default management URL: %s", err)
-	}
-
-	if defaultVar != internal.DefaultManagementURL {
-		t.Errorf("invalid default management url: %s", defaultVar)
-	}
-
-	var preSharedKey string
-	preSharedKey, err = p.GetPreSharedKey()
-	if err != nil {
-		t.Fatalf("failed to read default preshared key: %s", err)
-	}
-
-	if preSharedKey != "" {
-		t.Errorf("invalid preshared key: %s", preSharedKey)
-	}
-}
-
-func TestPreferences_ReadUncommitedValues(t *testing.T) {
-	exampleString := "exampleString"
-	cfgFile := filepath.Join(t.TempDir(), "netbird.json")
-	p := NewPreferences(cfgFile)
-
-	p.SetAdminURL(exampleString)
-	resp, err := p.GetAdminURL()
-	if err != nil {
-		t.Fatalf("failed to read admin url: %s", err)
-	}
-
-	if resp != exampleString {
-		t.Errorf("unexpected admin url: %s", resp)
-	}
-
-	p.SetManagementURL(exampleString)
-	resp, err = p.GetManagementURL()
-	if err != nil {
-		t.Fatalf("failed to read management url: %s", err)
-	}
-
-	if resp != exampleString {
-		t.Errorf("unexpected management url: %s", resp)
-	}
-
-	p.SetPreSharedKey(exampleString)
-	resp, err = p.GetPreSharedKey()
-	if err != nil {
-		t.Fatalf("failed to read preshared key: %s", err)
-	}
-
-	if resp != exampleString {
-		t.Errorf("unexpected preshared key: %s", resp)
-	}
-}
-
-func TestPreferences_Commit(t *testing.T) {
-	exampleURL := "https://myurl.com:443"
-	examplePresharedKey := "topsecret"
-	cfgFile := filepath.Join(t.TempDir(), "netbird.json")
-	p := NewPreferences(cfgFile)
-
-	p.SetAdminURL(exampleURL)
-	p.SetManagementURL(exampleURL)
-	p.SetPreSharedKey(examplePresharedKey)
-
-	err := p.Commit()
-	if err != nil {
-		t.Fatalf("failed to save changes: %s", err)
-	}
-
-	p = NewPreferences(cfgFile)
-	resp, err := p.GetAdminURL()
-	if err != nil {
-		t.Fatalf("failed to read admin url: %s", err)
-	}
-
-	if resp != exampleURL {
-		t.Errorf("unexpected admin url: %s", resp)
-	}
-
-	resp, err = p.GetManagementURL()
-	if err != nil {
-		t.Fatalf("failed to read management url: %s", err)
-	}
-
-	if resp != exampleURL {
-		t.Errorf("unexpected management url: %s", resp)
-	}
-
-	resp, err = p.GetPreSharedKey()
-	if err != nil {
-		t.Fatalf("failed to read preshared key: %s", err)
-	}
-
-	if resp != examplePresharedKey {
-		t.Errorf("unexpected preshared key: %s", resp)
-	}
-}

client/proto/daemon.pb.go

@@ -43,7 +43,6 @@ type LoginRequest struct {
 	CleanNATExternalIPs  bool   `protobuf:"varint,6,opt,name=cleanNATExternalIPs,proto3" json:"cleanNATExternalIPs,omitempty"`
 	CustomDNSAddress     []byte `protobuf:"bytes,7,opt,name=customDNSAddress,proto3" json:"customDNSAddress,omitempty"`
 	IsLinuxDesktopClient bool   `protobuf:"varint,8,opt,name=isLinuxDesktopClient,proto3" json:"isLinuxDesktopClient,omitempty"`
-	Hostname             string `protobuf:"bytes,9,opt,name=hostname,proto3" json:"hostname,omitempty"`
 }
 
 func (x *LoginRequest) Reset() {
@@ -134,13 +133,6 @@ func (x *LoginRequest) GetIsLinuxDesktopClient() bool {
 	return false
 }
 
-func (x *LoginRequest) GetHostname() string {
-	if x != nil {
-		return x.Hostname
-	}
-	return ""
-}
-
 type LoginResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -218,7 +210,6 @@ type WaitSSOLoginRequest struct {
 	unknownFields protoimpl.UnknownFields
 
 	UserCode string `protobuf:"bytes,1,opt,name=userCode,proto3" json:"userCode,omitempty"`
-	Hostname string `protobuf:"bytes,2,opt,name=hostname,proto3" json:"hostname,omitempty"`
 }
 
 func (x *WaitSSOLoginRequest) Reset() {
@@ -260,13 +251,6 @@ func (x *WaitSSOLoginRequest) GetUserCode() string {
 	return ""
 }
 
-func (x *WaitSSOLoginRequest) GetHostname() string {
-	if x != nil {
-		return x.Hostname
-	}
-	return ""
-}
-
 type WaitSSOLoginResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -1067,7 +1051,7 @@ var file_daemon_proto_rawDesc = []byte{
 	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
 	0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
 	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74,
-	0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe6, 0x02, 0x0a, 0x0c, 0x4c, 0x6f,
+	0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xca, 0x02, 0x0a, 0x0c, 0x4c, 0x6f,
 	0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65,
 	0x74, 0x75, 0x70, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65,
 	0x74, 0x75, 0x70, 0x4b, 0x65, 0x79, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61,
@@ -1088,132 +1072,128 @@ var file_daemon_proto_rawDesc = []byte{
 	0x73, 0x73, 0x12, 0x32, 0x0a, 0x14, 0x69, 0x73, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x44, 0x65, 0x73,
 	0x6b, 0x74, 0x6f, 0x70, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08,
 	0x52, 0x14, 0x69, 0x73, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x44, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70,
-	0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61,
-	0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61,
-	0x6d, 0x65, 0x22, 0xb5, 0x01, 0x0a, 0x0d, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6e, 0x65, 0x65, 0x64, 0x73, 0x53, 0x53, 0x4f,
-	0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, 0x65, 0x65,
-	0x64, 0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73,
-	0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73,
-	0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49,
-	0x12, 0x38, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55,
-	0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x22, 0x4d, 0x0a, 0x13, 0x57, 0x61,
-	0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x1a, 0x0a,
-	0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x16, 0x0a, 0x14, 0x57, 0x61, 0x69,
-	0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x65, 0x22, 0x0b, 0x0a, 0x09, 0x55, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0c,
-	0x0a, 0x0a, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3d, 0x0a, 0x0d,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2c, 0x0a,
-	0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74,
-	0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c,
-	0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x82, 0x01, 0x0a, 0x0e,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16,
-	0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
-	0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x32, 0x0a, 0x0a, 0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74,
-	0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x64, 0x61, 0x65,
-	0x6d, 0x6f, 0x6e, 0x2e, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x0a,
-	0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x64, 0x61,
-	0x65, 0x6d, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0d, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
-	0x22, 0x0d, 0x0a, 0x0b, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22,
-	0x0e, 0x0a, 0x0c, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
-	0x12, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x22, 0xb3, 0x01, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6d, 0x61, 0x6e,
-	0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x12,
-	0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12,
-	0x18, 0x0a, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65,
-	0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a,
-	0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x22, 0xcf, 0x02, 0x0a, 0x09, 0x50, 0x65,
-	0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65,
-	0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12,
-	0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
-	0x46, 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x55, 0x70, 0x64,
-	0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65,
-	0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75,
-	0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79,
-	0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x65,
-	0x64, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x34, 0x0a, 0x15, 0x6c, 0x6f, 0x63,
-	0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79,
-	0x70, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49,
+	0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x22, 0xb5, 0x01, 0x0a, 0x0d, 0x4c, 0x6f, 0x67, 0x69, 0x6e,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6e, 0x65, 0x65, 0x64,
+	0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x0d, 0x6e, 0x65, 0x65, 0x64, 0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1a,
+	0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x76, 0x65,
+	0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x55, 0x52, 0x49, 0x12, 0x38, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x22, 0x31,
+	0x0a, 0x13, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64,
+	0x65, 0x22, 0x16, 0x0a, 0x14, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69,
+	0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x0b, 0x0a, 0x09, 0x55, 0x70, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0c, 0x0a, 0x0a, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3d, 0x0a, 0x0d, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2c, 0x0a, 0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c,
+	0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61,
+	0x74, 0x75, 0x73, 0x22, 0x82, 0x01, 0x0a, 0x0e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x32,
+	0x0a, 0x0a, 0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x46, 0x75, 0x6c, 0x6c,
+	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x0a, 0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74,
+	0x75, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x64, 0x61, 0x65, 0x6d, 0x6f,
+	0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x0d, 0x0a, 0x0b, 0x44, 0x6f, 0x77, 0x6e,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0e, 0x0a, 0x0c, 0x44, 0x6f, 0x77, 0x6e, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x12, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xb3, 0x01, 0x0a, 0x11,
+	0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55,
+	0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65,
+	0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69,
+	0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c,
+	0x65, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65,
+	0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72,
+	0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52,
+	0x4c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52,
+	0x4c, 0x22, 0xcf, 0x02, 0x0a, 0x09, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12,
+	0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12,
+	0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53,
+	0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e,
+	0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x46, 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53,
+	0x74, 0x61, 0x74, 0x75, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63,
+	0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12,
+	0x18, 0x0a, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x65, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x72,
+	0x65, 0x63, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63,
+	0x74, 0x12, 0x34, 0x0a, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e,
+	0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64,
+	0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x36, 0x0a, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74,
+	0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70,
+	0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49,
 	0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12,
-	0x36, 0x0a, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64,
-	0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64,
-	0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18,
-	0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x22, 0x76, 0x0a, 0x0e, 0x4c,
-	0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a,
-	0x02, 0x49, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a,
-	0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70,
-	0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x28, 0x0a, 0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49,
-	0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f,
-	0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x12,
-	0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66,
-	0x71, 0x64, 0x6e, 0x22, 0x3d, 0x0a, 0x0b, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61,
-	0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x4c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65,
-	0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
-	0x65, 0x64, 0x22, 0x41, 0x0a, 0x0f, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74,
-	0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x4c, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x6e,
-	0x65, 0x63, 0x74, 0x65, 0x64, 0x22, 0xef, 0x01, 0x0a, 0x0a, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74,
-	0x61, 0x74, 0x75, 0x73, 0x12, 0x41, 0x0a, 0x0f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
-	0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e,
-	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e,
-	0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
-	0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x35, 0x0a, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61,
-	0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64,
-	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74,
-	0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3e,
-	0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
-	0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0e,
-	0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x27,
-	0x0a, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e,
-	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65,
-	0x52, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x32, 0xf7, 0x02, 0x0a, 0x0d, 0x44, 0x61, 0x65, 0x6d,
-	0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x36, 0x0a, 0x05, 0x4c, 0x6f, 0x67,
-	0x69, 0x6e, 0x12, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69,
-	0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
-	0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
-	0x00, 0x12, 0x4b, 0x0a, 0x0c, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69,
-	0x6e, 0x12, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53,
-	0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c,
-	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c,
-	0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x2d,
-	0x0a, 0x02, 0x55, 0x70, 0x12, 0x11, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e,
-	0x2e, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x39, 0x0a,
-	0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e,
-	0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16,
-	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x33, 0x0a, 0x04, 0x44, 0x6f, 0x77, 0x6e,
-	0x12, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44,
-	0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x42, 0x0a,
-	0x09, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x2e, 0x64, 0x61, 0x65,
-	0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65,
-	0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
-	0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x33,
+	0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66,
+	0x71, 0x64, 0x6e, 0x22, 0x76, 0x0a, 0x0e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72,
+	0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x28, 0x0a,
+	0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49, 0x6e,
+	0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x22, 0x3d, 0x0a, 0x0b, 0x53,
+	0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52,
+	0x4c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09,
+	0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x22, 0x41, 0x0a, 0x0f, 0x4d, 0x61,
+	0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a,
+	0x03, 0x55, 0x52, 0x4c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c, 0x12,
+	0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x22, 0xef, 0x01,
+	0x0a, 0x0a, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x41, 0x0a, 0x0f,
+	0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d,
+	0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0f,
+	0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12,
+	0x35, 0x0a, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x69,
+	0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61,
+	0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3e, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50,
+	0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16,
+	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65,
+	0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65,
+	0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x27, 0x0a, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x18,
+	0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x50,
+	0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x32,
+	0xf7, 0x02, 0x0a, 0x0d, 0x44, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x12, 0x36, 0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x14, 0x2e, 0x64, 0x61, 0x65,
+	0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x0c, 0x57, 0x61, 0x69,
+	0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d,
+	0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
+	0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x2d, 0x0a, 0x02, 0x55, 0x70, 0x12, 0x11, 0x2e, 0x64,
+	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
+	0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
+	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
+	0x12, 0x33, 0x0a, 0x04, 0x44, 0x6f, 0x77, 0x6e, 0x12, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
+	0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e,
+	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x42, 0x0a, 0x09, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x12, 0x18, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x64,
+	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (

client/proto/daemon.proto

@@ -52,8 +52,6 @@ message LoginRequest {
   bytes customDNSAddress = 7;
 
   bool isLinuxDesktopClient = 8;
-
-  string hostname = 9;
 }
 
 message LoginResponse {
@@ -65,7 +63,6 @@ message LoginResponse {
 
 message WaitSSOLoginRequest {
   string userCode = 1;
-  string hostname = 2;
 }
 
 message WaitSSOLoginResponse {}

client/server/server.go

@@ -7,7 +7,6 @@ import (
 	"time"
 
 	"github.com/netbirdio/netbird/client/internal/auth"
-	"github.com/netbirdio/netbird/client/system"
 
 	log "github.com/sirupsen/logrus"
 	"google.golang.org/grpc/codes"
@@ -182,11 +181,6 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 		s.latestConfigInput.CustomDNSAddress = []byte{}
 	}
 
-	if msg.Hostname != "" {
-		// nolint
-		ctx = context.WithValue(ctx, system.DeviceNameCtxKey, msg.Hostname)
-	}
-
 	s.mutex.Unlock()
 
 	inputConfig.PreSharedKey = &msg.PreSharedKey
@@ -281,11 +275,6 @@ func (s *Server) WaitSSOLogin(callerCtx context.Context, msg *proto.WaitSSOLogin
 		ctx = metadata.NewOutgoingContext(ctx, md)
 	}
 
-	if msg.Hostname != "" {
-		// nolint
-		ctx = context.WithValue(ctx, system.DeviceNameCtxKey, msg.Hostname)
-	}
-
 	s.actCancel = cancel
 	s.mutex.Unlock()
 

client/ssh/client.go

@@ -2,12 +2,11 @@ package ssh
 
 import (
 	"fmt"
+	"golang.org/x/crypto/ssh"
+	"golang.org/x/term"
 	"net"
 	"os"
 	"time"
-
-	"golang.org/x/crypto/ssh"
-	"golang.org/x/term"
 )
 
 // Client wraps crypto/ssh Client to simplify usage
@@ -74,7 +73,8 @@ func (c *Client) OpenTerminal() error {
 
 	if err := session.Wait(); err != nil {
 		if e, ok := err.(*ssh.ExitError); ok {
-			if e.ExitStatus() == 130 {
+			switch e.ExitStatus() {
+			case 130:
 				return nil
 			}
 		}

client/system/info.go

@@ -12,12 +12,6 @@ import (
 // DeviceNameCtxKey context key for device name
 const DeviceNameCtxKey = "deviceName"
 
-// OsVersionCtxKey context key for operating system version
-const OsVersionCtxKey = "OsVersion"
-
-// OsNameCtxKey context key for operating system name
-const OsNameCtxKey = "OsName"
-
 // Info is an object that contains machine information
 // Most of the code is taken from https://github.com/matishsiao/goInfo
 type Info struct {

client/system/info_darwin.go

@@ -1,6 +1,3 @@
-//go:build !ios
-// +build !ios
-
 package system
 
 import (

client/system/info_ios.go

@@ -1,45 +0,0 @@
-//go:build ios
-// +build ios
-
-package system
-
-import (
-	"context"
-	"runtime"
-
-	"github.com/netbirdio/netbird/version"
-)
-
-// GetInfo retrieves and parses the system information
-func GetInfo(ctx context.Context) *Info {
-
-	// Convert fixed-size byte arrays to Go strings
-	sysName := extractOsName(ctx, "sysName")
-	swVersion := extractOsVersion(ctx, "swVersion")
-
-	gio := &Info{Kernel: sysName, OSVersion: swVersion, Core: swVersion, Platform: "unknown", OS: sysName, GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
-	// systemHostname, _ := os.Hostname()
-	gio.Hostname = extractDeviceName(ctx, "hostname")
-	gio.WiretrusteeVersion = version.NetbirdVersion()
-	gio.UIVersion = extractUserAgent(ctx)
-
-	return gio
-}
-
-// extractOsVersion extracts operating system version from context or returns the default
-func extractOsVersion(ctx context.Context, defaultName string) string {
-	v, ok := ctx.Value(OsVersionCtxKey).(string)
-	if !ok {
-		return defaultName
-	}
-	return v
-}
-
-// extractOsName extracts operating system name from context or returns the default
-func extractOsName(ctx context.Context, defaultName string) string {
-	v, ok := ctx.Value(OsNameCtxKey).(string)
-	if !ok {
-		return defaultName
-	}
-	return v
-}

client/system/info_linux.go

@@ -44,8 +44,8 @@ func GetInfo(ctx context.Context) *Info {
 		}
 	}
 
-	osStr := strings.ReplaceAll(info, "\n", "")
-	osStr = strings.ReplaceAll(osStr, "\r\n", "")
+	osStr := strings.Replace(info, "\n", "", -1)
+	osStr = strings.Replace(osStr, "\r\n", "", -1)
 	osInfo := strings.Split(osStr, " ")
 	if osName == "" {
 		osName = osInfo[3]

client/system/info_windows.go

@@ -5,24 +5,17 @@ import (
 	"fmt"
 	"os"
 	"runtime"
-	"strings"
 
 	log "github.com/sirupsen/logrus"
-	"github.com/yusufpapurcu/wmi"
 	"golang.org/x/sys/windows/registry"
 
 	"github.com/netbirdio/netbird/version"
 )
 
-type Win32_OperatingSystem struct {
-	Caption string
-}
-
 // GetInfo retrieves and parses the system information
 func GetInfo(ctx context.Context) *Info {
-	osName, osVersion := getOSNameAndVersion()
-	buildVersion := getBuildVersion()
-	gio := &Info{Kernel: "windows", OSVersion: osVersion, Core: buildVersion, Platform: "unknown", OS: osName, GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
+	ver := getOSVersion()
+	gio := &Info{Kernel: "windows", OSVersion: ver, Core: ver, Platform: "unknown", OS: "windows", GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
 	systemHostname, _ := os.Hostname()
 	gio.Hostname = extractDeviceName(ctx, systemHostname)
 	gio.WiretrusteeVersion = version.NetbirdVersion()
@@ -31,35 +24,7 @@ func GetInfo(ctx context.Context) *Info {
 	return gio
 }
 
-func getOSNameAndVersion() (string, string) {
-	var dst []Win32_OperatingSystem
-	query := wmi.CreateQuery(&dst, "")
-	err := wmi.Query(query, &dst)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	if len(dst) == 0 {
-		return "Windows", getBuildVersion()
-	}
-
-	split := strings.Split(dst[0].Caption, " ")
-
-	if len(split) < 3 {
-		return "Windows", getBuildVersion()
-	}
-
-	name := split[1]
-	version := split[2]
-	if split[2] == "Server" {
-		name = fmt.Sprintf("%s %s", split[1], split[2])
-		version = split[3]
-	}
-
-	return name, version
-}
-
-func getBuildVersion() string {
+func getOSVersion() string {
 	k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE)
 	if err != nil {
 		log.Error(err)

client/ui/client_ui.go

@@ -634,5 +634,5 @@ func checkPIDFile() error {
 		}
 	}
 
-	return os.WriteFile(pidFile, []byte(fmt.Sprintf("%d", os.Getpid())), 0o664) //nolint:gosec
+	return os.WriteFile(pidFile, []byte(fmt.Sprintf("%d", os.Getpid())), 0o664)
 }

dns/dns.go

@@ -86,8 +86,6 @@ func (s SimpleRecord) Len() uint16 {
 	}
 }
 
-var invalidHostMatcher = regexp.MustCompile(invalidHostLabel)
-
 // GetParsedDomainLabel returns a domain label with max 59 characters,
 // parsed for old Hosts.txt requirements, and converted to ASCII and lowercase
 func GetParsedDomainLabel(name string) (string, error) {
@@ -101,6 +99,8 @@ func GetParsedDomainLabel(name string) (string, error) {
 		return "", fmt.Errorf("unable to convert host label to ASCII, error: %v", err)
 	}
 
+	invalidHostMatcher := regexp.MustCompile(invalidHostLabel)
+
 	validHost := strings.ToLower(invalidHostMatcher.ReplaceAllString(ascii, "-"))
 	if len(validHost) > 58 {
 		validHost = validHost[:59]

go.mod

@@ -51,8 +51,7 @@ require (
 	github.com/miekg/dns v1.1.43
 	github.com/mitchellh/hashstructure/v2 v2.0.2
 	github.com/nadoo/ipset v0.5.0
-	github.com/netbirdio/management-integrations/additions v0.0.0-20231205113053-c462587ae695
-	github.com/netbirdio/management-integrations/integrations v0.0.0-20231205113053-c462587ae695
+	github.com/netbirdio/management-integrations/integrations v0.0.0-20231027143200-a966bce7db88
 	github.com/okta/okta-sdk-golang/v2 v2.18.0
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pion/logging v0.2.2

go.sum

@@ -495,10 +495,8 @@ github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRW
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/nadoo/ipset v0.5.0 h1:5GJUAuZ7ITQQQGne5J96AmFjRtI8Avlbk6CabzYWVUc=
 github.com/nadoo/ipset v0.5.0/go.mod h1:rYF5DQLRGGoQ8ZSWeK+6eX5amAuPqwFkWjhQlEITGJQ=
-github.com/netbirdio/management-integrations/additions v0.0.0-20231205113053-c462587ae695 h1:c/Rvyy/mqbFoKo6FS8ihQ3/3y+TAl0qDEH0pO2tXayM=
-github.com/netbirdio/management-integrations/additions v0.0.0-20231205113053-c462587ae695/go.mod h1:31FhBNvQ+riHEIu6LSTmqr8IeuSIsGfQffqV4LFmbwA=
-github.com/netbirdio/management-integrations/integrations v0.0.0-20231205113053-c462587ae695 h1:9HRnqSosRuKyOZgVN/hJW3DG2zVyt5AARmiQlSuDPIc=
-github.com/netbirdio/management-integrations/integrations v0.0.0-20231205113053-c462587ae695/go.mod h1:B0nMS3es77gOvPYhc0K91fAzTkQLi/jRq5TffUN3klM=
+github.com/netbirdio/management-integrations/integrations v0.0.0-20231027143200-a966bce7db88 h1:zhe8qseauBuYOS910jpl5sv8Tb+36zxQPXrwYXqll0g=
+github.com/netbirdio/management-integrations/integrations v0.0.0-20231027143200-a966bce7db88/go.mod h1:KSqjzHcqlodTWiuap5lRXxt5KT3vtYRoksL0KIrTK40=
 github.com/netbirdio/service v0.0.0-20230215170314-b923b89432b0 h1:hirFRfx3grVA/9eEyjME5/z3nxdJlN9kfQpvWWPk32g=
 github.com/netbirdio/service v0.0.0-20230215170314-b923b89432b0/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM=
 github.com/netbirdio/systray v0.0.0-20231030152038-ef1ed2a27949 h1:xbWM9BU6mwZZLHxEjxIX/V8Hv3HurQt4mReIE4mY4DM=

iface/iface_android.go

@@ -28,20 +28,14 @@ func NewWGIFace(ifaceName string, address string, mtu int, tunAdapter TunAdapter
 	return wgIFace, nil
 }
 
-// CreateOnAndroid creates a new Wireguard interface, sets a given IP and brings it up.
+// CreateOnMobile creates a new Wireguard interface, sets a given IP and brings it up.
 // Will reuse an existing one.
-func (w *WGIface) CreateOnAndroid(mIFaceArgs MobileIFaceArguments) error {
+func (w *WGIface) CreateOnMobile(mIFaceArgs MobileIFaceArguments) error {
 	w.mu.Lock()
 	defer w.mu.Unlock()
 	return w.tun.Create(mIFaceArgs)
 }
 
-// CreateOniOS creates a new Wireguard interface, sets a given IP and brings it up.
-// Will reuse an existing one.
-func (w *WGIface) CreateOniOS(tunFd int32) error {
-	return fmt.Errorf("this function has not implemented on mobile")
-}
-
 // Create this function make sense on mobile only
 func (w *WGIface) Create() error {
 	return fmt.Errorf("this function has not implemented on mobile")

iface/iface_ios.go

@@ -1,51 +0,0 @@
-//go:build ios
-// +build ios
-
-package iface
-
-import (
-	"fmt"
-	"sync"
-
-	"github.com/pion/transport/v2"
-)
-
-// NewWGIFace Creates a new WireGuard interface instance
-func NewWGIFace(ifaceName string, address string, mtu int, tunAdapter TunAdapter, transportNet transport.Net) (*WGIface, error) {
-	wgIFace := &WGIface{
-		mu: sync.Mutex{},
-	}
-
-	wgAddress, err := parseWGAddress(address)
-	if err != nil {
-		return wgIFace, err
-	}
-
-	tun := newTunDevice(wgAddress, mtu, tunAdapter, transportNet)
-	wgIFace.tun = tun
-
-	wgIFace.configurer = newWGConfigurer(tun)
-
-	wgIFace.userspaceBind = !WireGuardModuleIsLoaded()
-
-	return wgIFace, nil
-}
-
-// CreateOniOS creates a new Wireguard interface, sets a given IP and brings it up.
-// Will reuse an existing one.
-func (w *WGIface) CreateOniOS(tunFd int32) error {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-	return w.tun.Create(tunFd)
-}
-
-// CreateOnAndroid creates a new Wireguard interface, sets a given IP and brings it up.
-// Will reuse an existing one.
-func (w *WGIface) CreateOnAndroid(mIFaceArgs MobileIFaceArguments) error {
-	return fmt.Errorf("this function has not implemented on mobile")
-}
-
-// Create this function make sense on mobile only
-func (w *WGIface) Create() error {
-	return fmt.Errorf("this function has not implemented on mobile")
-}

iface/iface_nonandroid.go

@@ -1,5 +1,4 @@
-//go:build !android && !ios
-// +build !android,!ios
+//go:build !android
 
 package iface
 
@@ -28,13 +27,8 @@ func NewWGIFace(iFaceName string, address string, mtu int, tunAdapter TunAdapter
 	return wgIFace, nil
 }
 
-// CreateOnAndroid this function make sense on mobile only
-func (w *WGIface) CreateOnAndroid(mIFaceArgs MobileIFaceArguments) error {
-	return fmt.Errorf("this function has not implemented on non mobile")
-}
-
-// CreateOniOS this function make sense on mobile only
-func (w *WGIface) CreateOniOS(tunFd int32) error {
+// CreateOnMobile this function make sense on mobile only
+func (w *WGIface) CreateOnMobile(mIFaceArgs MobileIFaceArguments) error {
 	return fmt.Errorf("this function has not implemented on non mobile")
 }
 

iface/ipc_parser_android.go

@@ -1,6 +1,3 @@
-//go:build android
-// +build android
-
 package iface
 
 import (

iface/ipc_parser_ios.go

@@ -1,63 +0,0 @@
-//go:build ios
-// +build ios
-
-package iface
-
-import (
-	"encoding/hex"
-	"fmt"
-	"strings"
-
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-)
-
-func toWgUserspaceString(wgCfg wgtypes.Config) string {
-	var sb strings.Builder
-	if wgCfg.PrivateKey != nil {
-		hexKey := hex.EncodeToString(wgCfg.PrivateKey[:])
-		sb.WriteString(fmt.Sprintf("private_key=%s\n", hexKey))
-	}
-
-	if wgCfg.ListenPort != nil {
-		sb.WriteString(fmt.Sprintf("listen_port=%d\n", *wgCfg.ListenPort))
-	}
-
-	if wgCfg.ReplacePeers {
-		sb.WriteString("replace_peers=true\n")
-	}
-
-	if wgCfg.FirewallMark != nil {
-		sb.WriteString(fmt.Sprintf("fwmark=%d\n", *wgCfg.FirewallMark))
-	}
-
-	for _, p := range wgCfg.Peers {
-		hexKey := hex.EncodeToString(p.PublicKey[:])
-		sb.WriteString(fmt.Sprintf("public_key=%s\n", hexKey))
-
-		if p.PresharedKey != nil {
-			preSharedHexKey := hex.EncodeToString(p.PresharedKey[:])
-			sb.WriteString(fmt.Sprintf("preshared_key=%s\n", preSharedHexKey))
-		}
-
-		if p.Remove {
-			sb.WriteString("remove=true")
-		}
-
-		if p.ReplaceAllowedIPs {
-			sb.WriteString("replace_allowed_ips=true\n")
-		}
-
-		for _, aip := range p.AllowedIPs {
-			sb.WriteString(fmt.Sprintf("allowed_ip=%s\n", aip.String()))
-		}
-
-		if p.Endpoint != nil {
-			sb.WriteString(fmt.Sprintf("endpoint=%s\n", p.Endpoint.String()))
-		}
-
-		if p.PersistentKeepaliveInterval != nil {
-			sb.WriteString(fmt.Sprintf("persistent_keepalive_interval=%d\n", int(p.PersistentKeepaliveInterval.Seconds())))
-		}
-	}
-	return sb.String()
-}

iface/tun_android.go

@@ -1,6 +1,3 @@
-//go:build android
-// +build android
-
 package iface
 
 import (
@@ -59,7 +56,7 @@ func (t *tunDevice) Create(mIFaceArgs MobileIFaceArguments) error {
 	t.device = device.NewDevice(t.wrapper, t.iceBind, device.NewLogger(device.LogLevelSilent, "[wiretrustee] "))
 	// without this property mobile devices can discover remote endpoints if the configured one was wrong.
 	// this helps with support for the older NetBird clients that had a hardcoded direct mode
-	// t.device.DisableSomeRoamingForBrokenMobileSemantics()
+	//t.device.DisableSomeRoamingForBrokenMobileSemantics()
 
 	err = t.device.Up()
 	if err != nil {

iface/tun_darwin.go

@@ -1,6 +1,3 @@
-//go:build !ios
-// +build !ios
-
 package iface
 
 import (

iface/tun_ios.go

@@ -1,105 +0,0 @@
-//go:build ios
-// +build ios
-
-package iface
-
-import (
-	"os"
-	"strings"
-
-	"github.com/pion/transport/v2"
-	log "github.com/sirupsen/logrus"
-	"golang.org/x/sys/unix"
-	"golang.zx2c4.com/wireguard/device"
-	"golang.zx2c4.com/wireguard/tun"
-
-	"github.com/netbirdio/netbird/iface/bind"
-)
-
-type tunDevice struct {
-	address    WGAddress
-	mtu        int
-	tunAdapter TunAdapter
-	iceBind    *bind.ICEBind
-
-	fd      int
-	name    string
-	device  *device.Device
-	wrapper *DeviceWrapper
-}
-
-func newTunDevice(address WGAddress, mtu int, tunAdapter TunAdapter, transportNet transport.Net) *tunDevice {
-	return &tunDevice{
-		address:    address,
-		mtu:        mtu,
-		tunAdapter: tunAdapter,
-		iceBind:    bind.NewICEBind(transportNet),
-	}
-}
-
-func (t *tunDevice) Create(tunFd int32) error {
-	log.Infof("create tun interface")
-
-	dupTunFd, err := unix.Dup(int(tunFd))
-	if err != nil {
-		log.Errorf("Unable to dup tun fd: %v", err)
-		return err
-	}
-
-	err = unix.SetNonblock(dupTunFd, true)
-	if err != nil {
-		log.Errorf("Unable to set tun fd as non blocking: %v", err)
-		unix.Close(dupTunFd)
-		return err
-	}
-	tun, err := tun.CreateTUNFromFile(os.NewFile(uintptr(dupTunFd), "/dev/tun"), 0)
-	if err != nil {
-		log.Errorf("Unable to create new tun device from fd: %v", err)
-		unix.Close(dupTunFd)
-		return err
-	}
-
-	t.wrapper = newDeviceWrapper(tun)
-	log.Debug("Attaching to interface")
-	t.device = device.NewDevice(t.wrapper, t.iceBind, device.NewLogger(device.LogLevelSilent, "[wiretrustee] "))
-	// without this property mobile devices can discover remote endpoints if the configured one was wrong.
-	// this helps with support for the older NetBird clients that had a hardcoded direct mode
-	// t.device.DisableSomeRoamingForBrokenMobileSemantics()
-
-	err = t.device.Up()
-	if err != nil {
-		t.device.Close()
-		return err
-	}
-	log.Debugf("device is ready to use: %s", t.name)
-	return nil
-}
-
-func (t *tunDevice) Device() *device.Device {
-	return t.device
-}
-
-func (t *tunDevice) DeviceName() string {
-	return t.name
-}
-
-func (t *tunDevice) WgAddress() WGAddress {
-	return t.address
-}
-
-func (t *tunDevice) UpdateAddr(addr WGAddress) error {
-	// todo implement
-	return nil
-}
-
-func (t *tunDevice) Close() (err error) {
-	if t.device != nil {
-		t.device.Close()
-	}
-
-	return
-}
-
-func (t *tunDevice) routesToString(routes []string) string {
-	return strings.Join(routes, ";")
-}

iface/tun_linux.go

@@ -99,8 +99,7 @@ func (c *tunDevice) assignAddr() error {
 	}
 	if len(list) > 0 {
 		for _, a := range list {
-			addr := a
-			err = netlink.AddrDel(link, &addr)
+			err = netlink.AddrDel(link, &a)
 			if err != nil {
 				return err
 			}

iface/tun_unix.go

@@ -1,4 +1,4 @@
-//go:build (linux || darwin) && !android && !ios
+//go:build (linux || darwin) && !android
 
 package iface
 

iface/wg_configurer_ios.go

@@ -1,165 +0,0 @@
-//go:build ios
-// +build ios
-
-package iface
-
-import (
-	"encoding/hex"
-	"errors"
-	"fmt"
-	"net"
-	"strings"
-	"time"
-
-	log "github.com/sirupsen/logrus"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-)
-
-var (
-	errFuncNotImplemented = errors.New("function not implemented")
-)
-
-type wGConfigurer struct {
-	tunDevice *tunDevice
-}
-
-func newWGConfigurer(tunDevice *tunDevice) wGConfigurer {
-	return wGConfigurer{
-		tunDevice: tunDevice,
-	}
-}
-
-func (c *wGConfigurer) configureInterface(privateKey string, port int) error {
-	log.Debugf("adding Wireguard private key")
-	key, err := wgtypes.ParseKey(privateKey)
-	if err != nil {
-		return err
-	}
-	fwmark := 0
-	config := wgtypes.Config{
-		PrivateKey:   &key,
-		ReplacePeers: true,
-		FirewallMark: &fwmark,
-		ListenPort:   &port,
-	}
-
-	return c.tunDevice.Device().IpcSet(toWgUserspaceString(config))
-}
-
-func (c *wGConfigurer) updatePeer(peerKey string, allowedIps string, keepAlive time.Duration, endpoint *net.UDPAddr, preSharedKey *wgtypes.Key) error {
-	// parse allowed ips
-	_, ipNet, err := net.ParseCIDR(allowedIps)
-	if err != nil {
-		return err
-	}
-
-	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
-	if err != nil {
-		return err
-	}
-	peer := wgtypes.PeerConfig{
-		PublicKey:                   peerKeyParsed,
-		ReplaceAllowedIPs:           true,
-		AllowedIPs:                  []net.IPNet{*ipNet},
-		PersistentKeepaliveInterval: &keepAlive,
-		PresharedKey:                preSharedKey,
-		Endpoint:                    endpoint,
-	}
-
-	config := wgtypes.Config{
-		Peers: []wgtypes.PeerConfig{peer},
-	}
-
-	return c.tunDevice.Device().IpcSet(toWgUserspaceString(config))
-}
-
-func (c *wGConfigurer) removePeer(peerKey string) error {
-	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
-	if err != nil {
-		return err
-	}
-
-	peer := wgtypes.PeerConfig{
-		PublicKey: peerKeyParsed,
-		Remove:    true,
-	}
-
-	config := wgtypes.Config{
-		Peers: []wgtypes.PeerConfig{peer},
-	}
-	return c.tunDevice.Device().IpcSet(toWgUserspaceString(config))
-}
-
-func (c *wGConfigurer) addAllowedIP(peerKey string, allowedIP string) error {
-	_, ipNet, err := net.ParseCIDR(allowedIP)
-	if err != nil {
-		return err
-	}
-
-	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
-	if err != nil {
-		return err
-	}
-	peer := wgtypes.PeerConfig{
-		PublicKey:         peerKeyParsed,
-		UpdateOnly:        true,
-		ReplaceAllowedIPs: false,
-		AllowedIPs:        []net.IPNet{*ipNet},
-	}
-
-	config := wgtypes.Config{
-		Peers: []wgtypes.PeerConfig{peer},
-	}
-
-	return c.tunDevice.Device().IpcSet(toWgUserspaceString(config))
-}
-
-func (c *wGConfigurer) removeAllowedIP(peerKey string, ip string) error {
-	ipc, err := c.tunDevice.Device().IpcGet()
-	if err != nil {
-		return err
-	}
-
-	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
-	hexKey := hex.EncodeToString(peerKeyParsed[:])
-
-	lines := strings.Split(ipc, "\n")
-
-	output := ""
-	foundPeer := false
-	removedAllowedIP := false
-	for _, line := range lines {
-		line = strings.TrimSpace(line)
-
-		// If we're within the details of the found peer and encounter another public key,
-		// this means we're starting another peer's details. So, reset the flag.
-		if strings.HasPrefix(line, "public_key=") && foundPeer {
-			foundPeer = false
-		}
-
-		// Identify the peer with the specific public key
-		if line == fmt.Sprintf("public_key=%s", hexKey) {
-			foundPeer = true
-		}
-
-		// If we're within the details of the found peer and find the specific allowed IP, skip this line
-		if foundPeer && line == "allowed_ip="+ip {
-			removedAllowedIP = true
-			continue
-		}
-
-		// Append the line to the output string
-		if strings.HasPrefix(line, "private_key=") || strings.HasPrefix(line, "listen_port=") ||
-			strings.HasPrefix(line, "public_key=") || strings.HasPrefix(line, "preshared_key=") ||
-			strings.HasPrefix(line, "endpoint=") || strings.HasPrefix(line, "persistent_keepalive_interval=") ||
-			strings.HasPrefix(line, "allowed_ip=") {
-			output += line + "\n"
-		}
-	}
-
-	if !removedAllowedIP {
-		return fmt.Errorf("allowedIP not found")
-	} else {
-		return c.tunDevice.Device().IpcSet(output)
-	}
-}

iface/wg_configurer_nonandroid.go

@@ -1,4 +1,4 @@
-//go:build !android && !ios
+//go:build !android
 
 package iface
 
@@ -44,7 +44,7 @@ func (c *wGConfigurer) configureInterface(privateKey string, port int) error {
 }
 
 func (c *wGConfigurer) updatePeer(peerKey string, allowedIps string, keepAlive time.Duration, endpoint *net.UDPAddr, preSharedKey *wgtypes.Key) error {
-	// parse allowed ips
+	//parse allowed ips
 	_, ipNet, err := net.ParseCIDR(allowedIps)
 	if err != nil {
 		return err
@@ -141,7 +141,7 @@ func (c *wGConfigurer) removeAllowedIP(peerKey string, allowedIP string) error {
 
 	for i, existingAllowedIP := range existingPeer.AllowedIPs {
 		if existingAllowedIP.String() == ipNet.String() {
-			newAllowedIPs = append(existingPeer.AllowedIPs[:i], existingPeer.AllowedIPs[i+1:]...) //nolint:gocritic
+			newAllowedIPs = append(existingPeer.AllowedIPs[:i], existingPeer.AllowedIPs[i+1:]...)
 			break
 		}
 	}

management/client/client_test.go

@@ -285,7 +285,7 @@ func Test_SystemMetaDataFromClient(t *testing.T) {
 
 	testKey, err := wgtypes.GenerateKey()
 	if err != nil {
-		t.Fatal(err)
+		log.Fatal(err)
 	}
 
 	serverAddr := lis.Addr().String()
@@ -293,12 +293,12 @@ func Test_SystemMetaDataFromClient(t *testing.T) {
 
 	testClient, err := NewClient(ctx, serverAddr, testKey, false)
 	if err != nil {
-		t.Fatalf("error while creating testClient: %v", err)
+		log.Fatalf("error while creating testClient: %v", err)
 	}
 
 	key, err := testClient.GetServerPublicKey()
 	if err != nil {
-		t.Fatalf("error while getting server public key from testclient, %v", err)
+		log.Fatalf("error while getting server public key from testclient, %v", err)
 	}
 
 	var actualMeta *mgmtProto.PeerSystemMeta
@@ -364,7 +364,7 @@ func Test_GetDeviceAuthorizationFlow(t *testing.T) {
 
 	testKey, err := wgtypes.GenerateKey()
 	if err != nil {
-		t.Fatal(err)
+		log.Fatal(err)
 	}
 
 	serverAddr := lis.Addr().String()
@@ -372,7 +372,7 @@ func Test_GetDeviceAuthorizationFlow(t *testing.T) {
 
 	client, err := NewClient(ctx, serverAddr, testKey, false)
 	if err != nil {
-		t.Fatalf("error while creating testClient: %v", err)
+		log.Fatalf("error while creating testClient: %v", err)
 	}
 
 	expectedFlowInfo := &mgmtProto.DeviceAuthorizationFlow{
@@ -408,7 +408,7 @@ func Test_GetPKCEAuthorizationFlow(t *testing.T) {
 
 	testKey, err := wgtypes.GenerateKey()
 	if err != nil {
-		t.Fatal(err)
+		log.Fatal(err)
 	}
 
 	serverAddr := lis.Addr().String()
@@ -416,7 +416,7 @@ func Test_GetPKCEAuthorizationFlow(t *testing.T) {
 
 	client, err := NewClient(ctx, serverAddr, testKey, false)
 	if err != nil {
-		t.Fatalf("error while creating testClient: %v", err)
+		log.Fatalf("error while creating testClient: %v", err)
 	}
 
 	expectedFlowInfo := &mgmtProto.PKCEAuthorizationFlow{

management/server/account.go

@@ -17,18 +17,15 @@ import (
 
 	"github.com/eko/gocache/v3/cache"
 	cacheStore "github.com/eko/gocache/v3/store"
-	"github.com/netbirdio/management-integrations/additions"
 	gocache "github.com/patrickmn/go-cache"
 	"github.com/rs/xid"
 	log "github.com/sirupsen/logrus"
 
 	"github.com/netbirdio/netbird/base62"
 	nbdns "github.com/netbirdio/netbird/dns"
-	"github.com/netbirdio/netbird/management/server/account"
 	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/management/server/idp"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
-	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 	"github.com/netbirdio/netbird/management/server/status"
 	"github.com/netbirdio/netbird/route"
 )
@@ -67,17 +64,16 @@ type AccountManager interface {
 	GetAccountByUserOrAccountID(userID, accountID, domain string) (*Account, error)
 	GetAccountFromToken(claims jwtclaims.AuthorizationClaims) (*Account, *User, error)
 	GetAccountFromPAT(pat string) (*Account, *User, *PersonalAccessToken, error)
-	DeleteAccount(accountID, userID string) error
 	MarkPATUsed(tokenID string) error
 	GetUser(claims jwtclaims.AuthorizationClaims) (*User, error)
 	ListUsers(accountID string) ([]*User, error)
-	GetPeers(accountID, userID string) ([]*nbpeer.Peer, error)
+	GetPeers(accountID, userID string) ([]*Peer, error)
 	MarkPeerConnected(peerKey string, connected bool) error
 	DeletePeer(accountID, peerID, userID string) error
-	UpdatePeer(accountID, userID string, peer *nbpeer.Peer) (*nbpeer.Peer, error)
+	UpdatePeer(accountID, userID string, peer *Peer) (*Peer, error)
 	GetNetworkMap(peerID string) (*NetworkMap, error)
 	GetPeerNetwork(peerID string) (*Network, error)
-	AddPeer(setupKey, userID string, peer *nbpeer.Peer) (*nbpeer.Peer, *NetworkMap, error)
+	AddPeer(setupKey, userID string, peer *Peer) (*Peer, *NetworkMap, error)
 	CreatePAT(accountID string, initiatorUserID string, targetUserID string, tokenName string, expiresIn int) (*PersonalAccessTokenGenerated, error)
 	DeletePAT(accountID string, initiatorUserID string, targetUserID string, tokenID string) error
 	GetPAT(accountID string, initiatorUserID string, targetUserID string, tokenID string) (*PersonalAccessToken, error)
@@ -109,12 +105,11 @@ type AccountManager interface {
 	GetEvents(accountID, userID string) ([]*activity.Event, error)
 	GetDNSSettings(accountID string, userID string) (*DNSSettings, error)
 	SaveDNSSettings(accountID string, userID string, dnsSettingsToSave *DNSSettings) error
-	GetPeer(accountID, peerID, userID string) (*nbpeer.Peer, error)
+	GetPeer(accountID, peerID, userID string) (*Peer, error)
 	UpdateAccountSettings(accountID, userID string, newSettings *Settings) (*Account, error)
-	LoginPeer(login PeerLogin) (*nbpeer.Peer, *NetworkMap, error) // used by peer gRPC API
-	SyncPeer(sync PeerSync) (*nbpeer.Peer, *NetworkMap, error)    // used by peer gRPC API
+	LoginPeer(login PeerLogin) (*Peer, *NetworkMap, error) // used by peer gRPC API
+	SyncPeer(sync PeerSync) (*Peer, *NetworkMap, error)    // used by peer gRPC API
 	GetAllConnectedPeers() (map[string]struct{}, error)
-	HasConnectedChannel(peerID string) bool
 	GetExternalCacheManager() ExternalCacheManager
 }
 
@@ -163,24 +158,17 @@ type Settings struct {
 
 	// JWTGroupsClaimName from which we extract groups name to add it to account groups
 	JWTGroupsClaimName string
-
-	// Extra is a dictionary of Account settings
-	Extra *account.ExtraSettings `gorm:"embedded;embeddedPrefix:extra_"`
 }
 
 // Copy copies the Settings struct
 func (s *Settings) Copy() *Settings {
-	settings := &Settings{
+	return &Settings{
 		PeerLoginExpirationEnabled: s.PeerLoginExpirationEnabled,
 		PeerLoginExpiration:        s.PeerLoginExpiration,
 		JWTGroupsEnabled:           s.JWTGroupsEnabled,
 		JWTGroupsClaimName:         s.JWTGroupsClaimName,
 		GroupsPropagationEnabled:   s.GroupsPropagationEnabled,
 	}
-	if s.Extra != nil {
-		settings.Extra = s.Extra.Copy()
-	}
-	return settings
 }
 
 // Account represents a unique account of the system
@@ -196,8 +184,8 @@ type Account struct {
 	SetupKeys              map[string]*SetupKey              `gorm:"-"`
 	SetupKeysG             []SetupKey                        `json:"-" gorm:"foreignKey:AccountID;references:id"`
 	Network                *Network                          `gorm:"embedded;embeddedPrefix:network_"`
-	Peers                  map[string]*nbpeer.Peer           `gorm:"-"`
-	PeersG                 []nbpeer.Peer                     `json:"-" gorm:"foreignKey:AccountID;references:id"`
+	Peers                  map[string]*Peer                  `gorm:"-"`
+	PeersG                 []Peer                            `json:"-" gorm:"foreignKey:AccountID;references:id"`
 	Users                  map[string]*User                  `gorm:"-"`
 	UsersG                 []User                            `json:"-" gorm:"foreignKey:AccountID;references:id"`
 	Groups                 map[string]*Group                 `gorm:"-"`
@@ -232,7 +220,7 @@ type UserInfo struct {
 // getRoutesToSync returns the enabled routes for the peer ID and the routes
 // from the ACL peers that have distribution groups associated with the peer ID.
 // Please mind, that the returned route.Route objects will contain Peer.Key instead of Peer.ID.
-func (a *Account) getRoutesToSync(peerID string, aclPeers []*nbpeer.Peer) []*route.Route {
+func (a *Account) getRoutesToSync(peerID string, aclPeers []*Peer) []*route.Route {
 	routes, peerDisabledRoutes := a.getRoutingPeerRoutes(peerID)
 	peerRoutesMembership := make(lookupMap)
 	for _, r := range append(routes, peerDisabledRoutes...) {
@@ -356,22 +344,10 @@ func (a *Account) GetGroup(groupID string) *Group {
 
 // GetPeerNetworkMap returns a group by ID if exists, nil otherwise
 func (a *Account) GetPeerNetworkMap(peerID, dnsDomain string) *NetworkMap {
-	peer := a.Peers[peerID]
-	if peer == nil {
-		return &NetworkMap{
-			Network: a.Network.Copy(),
-		}
-	}
-	validatedPeers := additions.ValidatePeers([]*nbpeer.Peer{peer})
-	if len(validatedPeers) == 0 {
-		return &NetworkMap{
-			Network: a.Network.Copy(),
-		}
-	}
 	aclPeers, firewallRules := a.getPeerConnectionResources(peerID)
 	// exclude expired peers
-	var peersToConnect []*nbpeer.Peer
-	var expiredPeers []*nbpeer.Peer
+	var peersToConnect []*Peer
+	var expiredPeers []*Peer
 	for _, p := range aclPeers {
 		expired, _ := p.LoginExpired(a.Settings.PeerLoginExpiration)
 		if a.Settings.PeerLoginExpirationEnabled && expired {
@@ -409,8 +385,8 @@ func (a *Account) GetPeerNetworkMap(peerID, dnsDomain string) *NetworkMap {
 }
 
 // GetExpiredPeers returns peers that have been expired
-func (a *Account) GetExpiredPeers() []*nbpeer.Peer {
-	var peers []*nbpeer.Peer
+func (a *Account) GetExpiredPeers() []*Peer {
+	var peers []*Peer
 	for _, peer := range a.GetPeersWithExpiration() {
 		expired, _ := peer.LoginExpired(a.Settings.PeerLoginExpiration)
 		if expired {
@@ -449,8 +425,8 @@ func (a *Account) GetNextPeerExpiration() (time.Duration, bool) {
 }
 
 // GetPeersWithExpiration returns a list of peers that have Peer.LoginExpirationEnabled set to true and that were added by a user
-func (a *Account) GetPeersWithExpiration() []*nbpeer.Peer {
-	peers := make([]*nbpeer.Peer, 0)
+func (a *Account) GetPeersWithExpiration() []*Peer {
+	peers := make([]*Peer, 0)
 	for _, peer := range a.Peers {
 		if peer.LoginExpirationEnabled && peer.AddedWithSSOLogin() {
 			peers = append(peers, peer)
@@ -460,8 +436,8 @@ func (a *Account) GetPeersWithExpiration() []*nbpeer.Peer {
 }
 
 // GetPeers returns a list of all Account peers
-func (a *Account) GetPeers() []*nbpeer.Peer {
-	var peers []*nbpeer.Peer
+func (a *Account) GetPeers() []*Peer {
+	var peers []*Peer
 	for _, peer := range a.Peers {
 		peers = append(peers, peer)
 	}
@@ -475,7 +451,7 @@ func (a *Account) UpdateSettings(update *Settings) *Account {
 }
 
 // UpdatePeer saves new or replaces existing peer
-func (a *Account) UpdatePeer(update *nbpeer.Peer) {
+func (a *Account) UpdatePeer(update *Peer) {
 	a.Peers[update.ID] = update
 }
 
@@ -504,7 +480,7 @@ func (a *Account) DeletePeer(peerID string) {
 
 // FindPeerByPubKey looks for a Peer by provided WireGuard public key in the Account or returns error if it wasn't found.
 // It will return an object copy of the peer.
-func (a *Account) FindPeerByPubKey(peerPubKey string) (*nbpeer.Peer, error) {
+func (a *Account) FindPeerByPubKey(peerPubKey string) (*Peer, error) {
 	for _, peer := range a.Peers {
 		if peer.Key == peerPubKey {
 			return peer.Copy(), nil
@@ -515,8 +491,8 @@ func (a *Account) FindPeerByPubKey(peerPubKey string) (*nbpeer.Peer, error) {
 }
 
 // FindUserPeers returns a list of peers that user owns (created)
-func (a *Account) FindUserPeers(userID string) ([]*nbpeer.Peer, error) {
-	peers := make([]*nbpeer.Peer, 0)
+func (a *Account) FindUserPeers(userID string) ([]*Peer, error) {
+	peers := make([]*Peer, 0)
 	for _, peer := range a.Peers {
 		if peer.UserID == userID {
 			peers = append(peers, peer)
@@ -608,7 +584,7 @@ func (a *Account) getPeerDNSLabels() lookupMap {
 }
 
 func (a *Account) Copy() *Account {
-	peers := map[string]*nbpeer.Peer{}
+	peers := map[string]*Peer{}
 	for id, peer := range a.Peers {
 		peers[id] = peer.Copy()
 	}
@@ -685,7 +661,7 @@ func (a *Account) GetGroupAll() (*Group, error) {
 }
 
 // GetPeer looks up a Peer by ID
-func (a *Account) GetPeer(peerID string) *nbpeer.Peer {
+func (a *Account) GetPeer(peerID string) *Peer {
 	return a.Peers[peerID]
 }
 
@@ -895,17 +871,12 @@ func (am *DefaultAccountManager) UpdateAccountSettings(accountID, userID string,
 		return nil, err
 	}
 
-	err = additions.ValidateExtraSettings(newSettings.Extra, account.Settings.Extra, account.Peers, userID, accountID, am.eventStore)
-	if err != nil {
-		return nil, err
-	}
-
 	user, err := account.FindUser(userID)
 	if err != nil {
 		return nil, err
 	}
 
-	if !user.HasAdminPower() {
+	if !user.IsAdmin() {
 		return nil, status.Errorf(status.PermissionDenied, "user is not allowed to update account")
 	}
 
@@ -979,15 +950,14 @@ func (am *DefaultAccountManager) newAccount(userID, domain string) (*Account, er
 
 		_, err := am.Store.GetAccount(accountId)
 		statusErr, _ := status.FromError(err)
-		switch {
-		case err == nil:
+		if err == nil {
 			log.Warnf("an account with ID already exists, retrying...")
 			continue
-		case statusErr.Type() == status.NotFound:
+		} else if statusErr.Type() == status.NotFound {
 			newAccount := newAccountWithId(accountId, userID, domain)
 			am.StoreEvent(userID, newAccount.Id, accountId, activity.AccountCreated, nil)
 			return newAccount, nil
-		default:
+		} else {
 			return nil, err
 		}
 	}
@@ -1033,57 +1003,6 @@ func (am *DefaultAccountManager) warmupIDPCache() error {
 	return nil
 }
 
-// DeleteAccount deletes an account and all its users from local store and from the remote IDP if the requester is an admin and account owner
-func (am *DefaultAccountManager) DeleteAccount(accountID, userID string) error {
-	unlock := am.Store.AcquireAccountLock(accountID)
-	defer unlock()
-	account, err := am.Store.GetAccount(accountID)
-	if err != nil {
-		return err
-	}
-
-	user, err := account.FindUser(userID)
-	if err != nil {
-		return err
-	}
-
-	if !user.HasAdminPower() {
-		return status.Errorf(status.PermissionDenied, "user is not allowed to delete account")
-	}
-
-	if user.Id != account.CreatedBy {
-		return status.Errorf(status.PermissionDenied, "user is not allowed to delete account. Only account owner can delete account")
-	}
-	for _, otherUser := range account.Users {
-		if otherUser.IsServiceUser {
-			continue
-		}
-
-		if otherUser.Id == userID {
-			continue
-		}
-
-		deleteUserErr := am.deleteRegularUser(account, userID, otherUser.Id)
-		if deleteUserErr != nil {
-			return deleteUserErr
-		}
-	}
-
-	err = am.deleteRegularUser(account, userID, userID)
-	if err != nil {
-		log.Errorf("failed deleting user %s. error: %s", userID, err)
-		return err
-	}
-
-	err = am.Store.DeleteAccount(account)
-	if err != nil {
-		log.Errorf("failed deleting account %s. error: %s", accountID, err)
-		return err
-	}
-	log.Debugf("account %s deleted", accountID)
-	return nil
-}
-
 // GetAccountByUserOrAccountID looks for an account by user or accountID, if no account is provided and
 // userID doesn't have an account associated with it, one account is created
 func (am *DefaultAccountManager) GetAccountByUserOrAccountID(userID, accountID, domain string) (*Account, error) {
@@ -1677,15 +1596,9 @@ func (am *DefaultAccountManager) GetAllConnectedPeers() (map[string]struct{}, er
 	return am.peersUpdateManager.GetAllConnectedPeers(), nil
 }
 
-// HasConnectedChannel returns true if peers has channel in update manager, otherwise false
-func (am *DefaultAccountManager) HasConnectedChannel(peerID string) bool {
-	return am.peersUpdateManager.HasChannel(peerID)
-}
-
-var invalidDomainRegexp = regexp.MustCompile(`^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$`)
-
 func isDomainValid(domain string) bool {
-	return invalidDomainRegexp.MatchString(domain)
+	re := regexp.MustCompile(`^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$`)
+	return re.MatchString(domain)
 }
 
 // GetDNSDomain returns the configured dnsDomain
@@ -1731,12 +1644,12 @@ func newAccountWithId(accountID, userID, domain string) *Account {
 	log.Debugf("creating new account")
 
 	network := NewNetwork()
-	peers := make(map[string]*nbpeer.Peer)
+	peers := make(map[string]*Peer)
 	users := make(map[string]*User)
 	routes := make(map[string]*route.Route)
 	setupKeys := map[string]*SetupKey{}
 	nameServersGroups := make(map[string]*nbdns.NameServerGroup)
-	users[userID] = NewOwnerUser(userID)
+	users[userID] = NewAdminUser(userID)
 	dnsSettings := DNSSettings{
 		DisabledManagementGroups: make([]string, 0),
 	}

management/server/account/account.go

@@ -1,13 +0,0 @@
-package account
-
-type ExtraSettings struct {
-	// PeerApprovalEnabled enables or disables the need for peers bo be approved by an administrator
-	PeerApprovalEnabled bool
-}
-
-// Copy copies the ExtraSettings struct
-func (e *ExtraSettings) Copy() *ExtraSettings {
-	return &ExtraSettings{
-		PeerApprovalEnabled: e.PeerApprovalEnabled,
-	}
-}

management/server/account_test.go

@@ -15,7 +15,6 @@ import (
 
 	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/management/server/activity"
-	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 	"github.com/netbirdio/netbird/route"
 
 	"github.com/stretchr/testify/assert"
@@ -27,10 +26,10 @@ import (
 
 func verifyCanAddPeerToAccount(t *testing.T, manager AccountManager, account *Account, userID string) {
 	t.Helper()
-	peer := &nbpeer.Peer{
+	peer := &Peer{
 		Key:  "BhRPtynAAYRDy08+q4HTMsos8fs4plTP4NOSh7C1ry8=",
 		Name: "test-host@netbird.io",
-		Meta: nbpeer.PeerSystemMeta{
+		Meta: PeerSystemMeta{
 			Hostname:  "test-host@netbird.io",
 			GoOS:      "linux",
 			Kernel:    "Linux",
@@ -111,14 +110,13 @@ func verifyNewAccountHasDefaultFields(t *testing.T, account *Account, createdBy
 func TestAccount_GetPeerNetworkMap(t *testing.T) {
 	peerID1 := "peer-1"
 	peerID2 := "peer-2"
-	// peerID3 := "peer-3"
 	tt := []struct {
 		name                 string
 		accountSettings      Settings
 		peerID               string
 		expectedPeers        []string
 		expectedOfflinePeers []string
-		peers                map[string]*nbpeer.Peer
+		peers                map[string]*Peer
 	}{
 		{
 			name:                 "Should return ALL peers when global peer login expiration disabled",
@@ -126,14 +124,14 @@ func TestAccount_GetPeerNetworkMap(t *testing.T) {
 			peerID:               peerID1,
 			expectedPeers:        []string{peerID2},
 			expectedOfflinePeers: []string{},
-			peers: map[string]*nbpeer.Peer{
+			peers: map[string]*Peer{
 				"peer-1": {
 					ID:       peerID1,
 					Key:      "peer-1-key",
 					IP:       net.IP{100, 64, 0, 1},
 					Name:     peerID1,
 					DNSLabel: peerID1,
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						LastSeen:     time.Now().UTC(),
 						Connected:    false,
 						LoginExpired: true,
@@ -147,7 +145,7 @@ func TestAccount_GetPeerNetworkMap(t *testing.T) {
 					IP:       net.IP{100, 64, 0, 1},
 					Name:     peerID2,
 					DNSLabel: peerID2,
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						LastSeen:     time.Now().UTC(),
 						Connected:    false,
 						LoginExpired: false,
@@ -164,14 +162,14 @@ func TestAccount_GetPeerNetworkMap(t *testing.T) {
 			peerID:               peerID1,
 			expectedPeers:        []string{},
 			expectedOfflinePeers: []string{peerID2},
-			peers: map[string]*nbpeer.Peer{
+			peers: map[string]*Peer{
 				"peer-1": {
 					ID:       peerID1,
 					Key:      "peer-1-key",
 					IP:       net.IP{100, 64, 0, 1},
 					Name:     peerID1,
 					DNSLabel: peerID1,
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						LastSeen:     time.Now().UTC(),
 						Connected:    false,
 						LoginExpired: true,
@@ -186,7 +184,7 @@ func TestAccount_GetPeerNetworkMap(t *testing.T) {
 					IP:       net.IP{100, 64, 0, 1},
 					Name:     peerID2,
 					DNSLabel: peerID2,
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						LastSeen:     time.Now().UTC(),
 						Connected:    false,
 						LoginExpired: true,
@@ -197,159 +195,6 @@ func TestAccount_GetPeerNetworkMap(t *testing.T) {
 				},
 			},
 		},
-		// {
-		// 	name:                 "Should return only peers that are approved when peer approval is enabled",
-		// 	accountSettings:      Settings{PeerApprovalEnabled: true},
-		// 	peerID:               peerID1,
-		// 	expectedPeers:        []string{peerID3},
-		// 	expectedOfflinePeers: []string{},
-		// 	peers: map[string]*Peer{
-		// 		"peer-1": {
-		// 			ID:       peerID1,
-		// 			Key:      "peer-1-key",
-		// 			IP:       net.IP{100, 64, 0, 1},
-		// 			Name:     peerID1,
-		// 			DNSLabel: peerID1,
-		// 			Status: &PeerStatus{
-		// 				LastSeen:  time.Now().UTC(),
-		// 				Connected: false,
-		// 				Approved:  true,
-		// 			},
-		// 			UserID:    userID,
-		// 			LastLogin: time.Now().UTC().Add(-time.Hour * 24 * 30 * 30),
-		// 		},
-		// 		"peer-2": {
-		// 			ID:       peerID2,
-		// 			Key:      "peer-2-key",
-		// 			IP:       net.IP{100, 64, 0, 1},
-		// 			Name:     peerID2,
-		// 			DNSLabel: peerID2,
-		// 			Status: &PeerStatus{
-		// 				LastSeen:  time.Now().UTC(),
-		// 				Connected: false,
-		// 				Approved:  false,
-		// 			},
-		// 			UserID:    userID,
-		// 			LastLogin: time.Now().UTC().Add(-time.Hour * 24 * 30 * 30),
-		// 		},
-		// 		"peer-3": {
-		// 			ID:       peerID3,
-		// 			Key:      "peer-3-key",
-		// 			IP:       net.IP{100, 64, 0, 1},
-		// 			Name:     peerID3,
-		// 			DNSLabel: peerID3,
-		// 			Status: &PeerStatus{
-		// 				LastSeen:  time.Now().UTC(),
-		// 				Connected: false,
-		// 				Approved:  true,
-		// 			},
-		// 			UserID:    userID,
-		// 			LastLogin: time.Now().UTC().Add(-time.Hour * 24 * 30 * 30),
-		// 		},
-		// 	},
-		// },
-		// {
-		// 	name:                 "Should return all peers when peer approval is disabled",
-		// 	accountSettings:      Settings{PeerApprovalEnabled: false},
-		// 	peerID:               peerID1,
-		// 	expectedPeers:        []string{peerID2, peerID3},
-		// 	expectedOfflinePeers: []string{},
-		// 	peers: map[string]*Peer{
-		// 		"peer-1": {
-		// 			ID:       peerID1,
-		// 			Key:      "peer-1-key",
-		// 			IP:       net.IP{100, 64, 0, 1},
-		// 			Name:     peerID1,
-		// 			DNSLabel: peerID1,
-		// 			Status: &PeerStatus{
-		// 				LastSeen:  time.Now().UTC(),
-		// 				Connected: false,
-		// 				Approved:  true,
-		// 			},
-		// 			UserID:    userID,
-		// 			LastLogin: time.Now().UTC().Add(-time.Hour * 24 * 30 * 30),
-		// 		},
-		// 		"peer-2": {
-		// 			ID:       peerID2,
-		// 			Key:      "peer-2-key",
-		// 			IP:       net.IP{100, 64, 0, 1},
-		// 			Name:     peerID2,
-		// 			DNSLabel: peerID2,
-		// 			Status: &PeerStatus{
-		// 				LastSeen:  time.Now().UTC(),
-		// 				Connected: false,
-		// 				Approved:  false,
-		// 			},
-		// 			UserID:    userID,
-		// 			LastLogin: time.Now().UTC().Add(-time.Hour * 24 * 30 * 30),
-		// 		},
-		// 		"peer-3": {
-		// 			ID:       peerID3,
-		// 			Key:      "peer-3-key",
-		// 			IP:       net.IP{100, 64, 0, 1},
-		// 			Name:     peerID3,
-		// 			DNSLabel: peerID3,
-		// 			Status: &PeerStatus{
-		// 				LastSeen:  time.Now().UTC(),
-		// 				Connected: false,
-		// 				Approved:  true,
-		// 			},
-		// 			UserID:    userID,
-		// 			LastLogin: time.Now().UTC().Add(-time.Hour * 24 * 30 * 30),
-		// 		},
-		// 	},
-		// },
-		// {
-		// 	name:                 "Should return no peers when peer approval is enabled and the requesting peer is not approved",
-		// 	accountSettings:      Settings{PeerApprovalEnabled: true},
-		// 	peerID:               peerID1,
-		// 	expectedPeers:        []string{},
-		// 	expectedOfflinePeers: []string{},
-		// 	peers: map[string]*Peer{
-		// 		"peer-1": {
-		// 			ID:       peerID1,
-		// 			Key:      "peer-1-key",
-		// 			IP:       net.IP{100, 64, 0, 1},
-		// 			Name:     peerID1,
-		// 			DNSLabel: peerID1,
-		// 			Status: &PeerStatus{
-		// 				LastSeen:  time.Now().UTC(),
-		// 				Connected: false,
-		// 				Approved:  false,
-		// 			},
-		// 			UserID:    userID,
-		// 			LastLogin: time.Now().UTC().Add(-time.Hour * 24 * 30 * 30),
-		// 		},
-		// 		"peer-2": {
-		// 			ID:       peerID2,
-		// 			Key:      "peer-2-key",
-		// 			IP:       net.IP{100, 64, 0, 1},
-		// 			Name:     peerID2,
-		// 			DNSLabel: peerID2,
-		// 			Status: &PeerStatus{
-		// 				LastSeen:  time.Now().UTC(),
-		// 				Connected: false,
-		// 				Approved:  true,
-		// 			},
-		// 			UserID:    userID,
-		// 			LastLogin: time.Now().UTC().Add(-time.Hour * 24 * 30 * 30),
-		// 		},
-		// 		"peer-3": {
-		// 			ID:       peerID3,
-		// 			Key:      "peer-3-key",
-		// 			IP:       net.IP{100, 64, 0, 1},
-		// 			Name:     peerID3,
-		// 			DNSLabel: peerID3,
-		// 			Status: &PeerStatus{
-		// 				LastSeen:  time.Now().UTC(),
-		// 				Connected: false,
-		// 				Approved:  true,
-		// 			},
-		// 			UserID:    userID,
-		// 			LastLogin: time.Now().UTC().Add(-time.Hour * 24 * 30 * 30),
-		// 		},
-		// 	},
-		// },
 	}
 
 	netIP := net.IP{100, 64, 0, 0}
@@ -364,7 +209,6 @@ func TestAccount_GetPeerNetworkMap(t *testing.T) {
 
 	for _, testCase := range tt {
 		account := newAccountWithId("account-1", userID, "netbird.io")
-		account.UpdateSettings(&testCase.accountSettings)
 		account.Network = network
 		account.Peers = testCase.peers
 		for _, peer := range account.Peers {
@@ -462,7 +306,7 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		inputInitUserParams:         defaultInitAccount,
 		testingFunc:                 require.NotEqual,
 		expectedMSG:                 "account IDs shouldn't match",
-		expectedUserRole:            UserRoleOwner,
+		expectedUserRole:            UserRoleAdmin,
 		expectedDomainCategory:      "",
 		expectedDomain:              publicDomain,
 		expectedPrimaryDomainStatus: false,
@@ -484,7 +328,7 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		inputInitUserParams:         initUnknown,
 		testingFunc:                 require.NotEqual,
 		expectedMSG:                 "account IDs shouldn't match",
-		expectedUserRole:            UserRoleOwner,
+		expectedUserRole:            UserRoleAdmin,
 		expectedDomain:              unknownDomain,
 		expectedDomainCategory:      "",
 		expectedPrimaryDomainStatus: false,
@@ -502,7 +346,7 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		inputInitUserParams:         defaultInitAccount,
 		testingFunc:                 require.NotEqual,
 		expectedMSG:                 "account IDs shouldn't match",
-		expectedUserRole:            UserRoleOwner,
+		expectedUserRole:            UserRoleAdmin,
 		expectedDomain:              privateDomain,
 		expectedDomainCategory:      PrivateCategory,
 		expectedPrimaryDomainStatus: true,
@@ -543,7 +387,7 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		inputInitUserParams:         defaultInitAccount,
 		testingFunc:                 require.Equal,
 		expectedMSG:                 "account IDs should match",
-		expectedUserRole:            UserRoleOwner,
+		expectedUserRole:            UserRoleAdmin,
 		expectedDomain:              defaultInitAccount.Domain,
 		expectedDomainCategory:      PrivateCategory,
 		expectedPrimaryDomainStatus: true,
@@ -562,7 +406,7 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		inputInitUserParams:         defaultInitAccount,
 		testingFunc:                 require.Equal,
 		expectedMSG:                 "account IDs should match",
-		expectedUserRole:            UserRoleOwner,
+		expectedUserRole:            UserRoleAdmin,
 		expectedDomain:              defaultInitAccount.Domain,
 		expectedDomainCategory:      PrivateCategory,
 		expectedPrimaryDomainStatus: true,
@@ -580,7 +424,7 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		inputInitUserParams:         defaultInitAccount,
 		testingFunc:                 require.NotEqual,
 		expectedMSG:                 "account IDs shouldn't match",
-		expectedUserRole:            UserRoleOwner,
+		expectedUserRole:            UserRoleAdmin,
 		expectedDomain:              "",
 		expectedDomainCategory:      "",
 		expectedPrimaryDomainStatus: false,
@@ -902,31 +746,6 @@ func TestAccountManager_GetAccount(t *testing.T) {
 	}
 }
 
-func TestAccountManager_DeleteAccount(t *testing.T) {
-	manager, err := createManager(t)
-	if err != nil {
-		t.Fatal(err)
-		return
-	}
-
-	expectedId := "test_account"
-	userId := "account_creator"
-	account, err := createAccount(manager, expectedId, userId, "")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = manager.DeleteAccount(account.Id, userId)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	getAccount, err := manager.Store.GetAccount(account.Id)
-	if err == nil {
-		t.Fatal(fmt.Errorf("expected to get an error when trying to get deleted account, got %v", getAccount))
-	}
-}
-
 func TestAccountManager_AddPeer(t *testing.T) {
 	manager, err := createManager(t)
 	if err != nil {
@@ -961,9 +780,9 @@ func TestAccountManager_AddPeer(t *testing.T) {
 	expectedPeerKey := key.PublicKey().String()
 	expectedSetupKey := setupKey.Key
 
-	peer, _, err := manager.AddPeer(setupKey.Key, "", &nbpeer.Peer{
+	peer, _, err := manager.AddPeer(setupKey.Key, "", &Peer{
 		Key:  expectedPeerKey,
-		Meta: nbpeer.PeerSystemMeta{Hostname: expectedPeerKey},
+		Meta: PeerSystemMeta{Hostname: expectedPeerKey},
 	})
 	if err != nil {
 		t.Errorf("expecting peer to be added, got failure %v", err)
@@ -1029,9 +848,9 @@ func TestAccountManager_AddPeerWithUserID(t *testing.T) {
 	expectedPeerKey := key.PublicKey().String()
 	expectedUserID := userID
 
-	peer, _, err := manager.AddPeer("", userID, &nbpeer.Peer{
+	peer, _, err := manager.AddPeer("", userID, &Peer{
 		Key:  expectedPeerKey,
-		Meta: nbpeer.PeerSystemMeta{Hostname: expectedPeerKey},
+		Meta: PeerSystemMeta{Hostname: expectedPeerKey},
 	})
 	if err != nil {
 		t.Errorf("expecting peer to be added, got failure %v, account users: %v", err, account.CreatedBy)
@@ -1096,7 +915,7 @@ func TestAccountManager_NetworkUpdates(t *testing.T) {
 		return
 	}
 
-	getPeer := func() *nbpeer.Peer {
+	getPeer := func() *Peer {
 		key, err := wgtypes.GeneratePrivateKey()
 		if err != nil {
 			t.Fatal(err)
@@ -1104,9 +923,9 @@ func TestAccountManager_NetworkUpdates(t *testing.T) {
 		}
 		expectedPeerKey := key.PublicKey().String()
 
-		peer, _, err := manager.AddPeer(setupKey.Key, "", &nbpeer.Peer{
+		peer, _, err := manager.AddPeer(setupKey.Key, "", &Peer{
 			Key:  expectedPeerKey,
-			Meta: nbpeer.PeerSystemMeta{Hostname: expectedPeerKey},
+			Meta: PeerSystemMeta{Hostname: expectedPeerKey},
 		})
 		if err != nil {
 			t.Fatalf("expecting peer1 to be added, got failure %v", err)
@@ -1278,9 +1097,9 @@ func TestAccountManager_DeletePeer(t *testing.T) {
 
 	peerKey := key.PublicKey().String()
 
-	peer, _, err := manager.AddPeer(setupKey.Key, "", &nbpeer.Peer{
+	peer, _, err := manager.AddPeer(setupKey.Key, "", &Peer{
 		Key:  peerKey,
-		Meta: nbpeer.PeerSystemMeta{Hostname: peerKey},
+		Meta: PeerSystemMeta{Hostname: peerKey},
 	})
 	if err != nil {
 		t.Errorf("expecting peer to be added, got failure %v", err)
@@ -1339,7 +1158,7 @@ func TestGetUsersFromAccount(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	users := map[string]*User{"1": {Id: "1", Role: UserRoleOwner}, "2": {Id: "2", Role: "user"}, "3": {Id: "3", Role: "user"}}
+	users := map[string]*User{"1": {Id: "1", Role: "admin"}, "2": {Id: "2", Role: "user"}, "3": {Id: "3", Role: "user"}}
 	accountId := "test_account_id"
 
 	account, err := createAccount(manager, accountId, users["1"].Id, "")
@@ -1419,8 +1238,8 @@ func TestAccount_GetRoutesToSync(t *testing.T) {
 		t.Fatal(err)
 	}
 	account := &Account{
-		Peers: map[string]*nbpeer.Peer{
-			"peer-1": {Key: "peer-1", Meta: nbpeer.PeerSystemMeta{GoOS: "linux"}}, "peer-2": {Key: "peer-2", Meta: nbpeer.PeerSystemMeta{GoOS: "linux"}}, "peer-3": {Key: "peer-1", Meta: nbpeer.PeerSystemMeta{GoOS: "linux"}},
+		Peers: map[string]*Peer{
+			"peer-1": {Key: "peer-1", Meta: PeerSystemMeta{GoOS: "linux"}}, "peer-2": {Key: "peer-2", Meta: PeerSystemMeta{GoOS: "linux"}}, "peer-3": {Key: "peer-1", Meta: PeerSystemMeta{GoOS: "linux"}},
 		},
 		Groups: map[string]*Group{"group1": {ID: "group1", Peers: []string{"peer-1", "peer-2"}}},
 		Routes: map[string]*route.Route{
@@ -1463,7 +1282,7 @@ func TestAccount_GetRoutesToSync(t *testing.T) {
 		},
 	}
 
-	routes := account.getRoutesToSync("peer-2", []*nbpeer.Peer{{Key: "peer-1"}, {Key: "peer-3"}})
+	routes := account.getRoutesToSync("peer-2", []*Peer{{Key: "peer-1"}, {Key: "peer-3"}})
 
 	assert.Len(t, routes, 2)
 	routeIDs := make(map[string]struct{}, 2)
@@ -1473,7 +1292,7 @@ func TestAccount_GetRoutesToSync(t *testing.T) {
 	assert.Contains(t, routeIDs, "route-2")
 	assert.Contains(t, routeIDs, "route-3")
 
-	emptyRoutes := account.getRoutesToSync("peer-3", []*nbpeer.Peer{{Key: "peer-1"}, {Key: "peer-2"}})
+	emptyRoutes := account.getRoutesToSync("peer-3", []*Peer{{Key: "peer-1"}, {Key: "peer-2"}})
 
 	assert.Len(t, emptyRoutes, 0)
 }
@@ -1494,10 +1313,10 @@ func TestAccount_Copy(t *testing.T) {
 		Network: &Network{
 			Identifier: "net1",
 		},
-		Peers: map[string]*nbpeer.Peer{
+		Peers: map[string]*Peer{
 			"peer1": {
 				Key: "key1",
-				Status: &nbpeer.PeerStatus{
+				Status: &PeerStatus{
 					LastSeen:     time.Now(),
 					Connected:    true,
 					LoginExpired: false,
@@ -1624,9 +1443,9 @@ func TestDefaultAccountManager_UpdatePeer_PeerLoginExpiration(t *testing.T) {
 
 	key, err := wgtypes.GenerateKey()
 	require.NoError(t, err, "unable to generate WireGuard key")
-	peer, _, err := manager.AddPeer("", userID, &nbpeer.Peer{
+	peer, _, err := manager.AddPeer("", userID, &Peer{
 		Key:                    key.PublicKey().String(),
-		Meta:                   nbpeer.PeerSystemMeta{Hostname: "test-peer"},
+		Meta:                   PeerSystemMeta{Hostname: "test-peer"},
 		LoginExpirationEnabled: true,
 	})
 	require.NoError(t, err, "unable to add peer")
@@ -1673,9 +1492,9 @@ func TestDefaultAccountManager_MarkPeerConnected_PeerLoginExpiration(t *testing.
 
 	key, err := wgtypes.GenerateKey()
 	require.NoError(t, err, "unable to generate WireGuard key")
-	_, _, err = manager.AddPeer("", userID, &nbpeer.Peer{
+	_, _, err = manager.AddPeer("", userID, &Peer{
 		Key:                    key.PublicKey().String(),
-		Meta:                   nbpeer.PeerSystemMeta{Hostname: "test-peer"},
+		Meta:                   PeerSystemMeta{Hostname: "test-peer"},
 		LoginExpirationEnabled: true,
 	})
 	require.NoError(t, err, "unable to add peer")
@@ -1714,9 +1533,9 @@ func TestDefaultAccountManager_UpdateAccountSettings_PeerLoginExpiration(t *test
 
 	key, err := wgtypes.GenerateKey()
 	require.NoError(t, err, "unable to generate WireGuard key")
-	_, _, err = manager.AddPeer("", userID, &nbpeer.Peer{
+	_, _, err = manager.AddPeer("", userID, &Peer{
 		Key:                    key.PublicKey().String(),
-		Meta:                   nbpeer.PeerSystemMeta{Hostname: "test-peer"},
+		Meta:                   PeerSystemMeta{Hostname: "test-peer"},
 		LoginExpirationEnabled: true,
 	})
 	require.NoError(t, err, "unable to add peer")
@@ -1795,13 +1614,13 @@ func TestDefaultAccountManager_UpdateAccountSettings(t *testing.T) {
 func TestAccount_GetExpiredPeers(t *testing.T) {
 	type test struct {
 		name          string
-		peers         map[string]*nbpeer.Peer
+		peers         map[string]*Peer
 		expectedPeers map[string]struct{}
 	}
 	testCases := []test{
 		{
 			name: "Peers with login expiration disabled, no expired peers",
-			peers: map[string]*nbpeer.Peer{
+			peers: map[string]*Peer{
 				"peer-1": {
 					LoginExpirationEnabled: false,
 				},
@@ -1813,11 +1632,11 @@ func TestAccount_GetExpiredPeers(t *testing.T) {
 		},
 		{
 			name: "Two peers expired",
-			peers: map[string]*nbpeer.Peer{
+			peers: map[string]*Peer{
 				"peer-1": {
 					ID:                     "peer-1",
 					LoginExpirationEnabled: true,
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						LastSeen:     time.Now().UTC(),
 						Connected:    true,
 						LoginExpired: false,
@@ -1828,7 +1647,7 @@ func TestAccount_GetExpiredPeers(t *testing.T) {
 				"peer-2": {
 					ID:                     "peer-2",
 					LoginExpirationEnabled: true,
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						LastSeen:     time.Now().UTC(),
 						Connected:    true,
 						LoginExpired: false,
@@ -1840,7 +1659,7 @@ func TestAccount_GetExpiredPeers(t *testing.T) {
 				"peer-3": {
 					ID:                     "peer-3",
 					LoginExpirationEnabled: true,
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						LastSeen:     time.Now().UTC(),
 						Connected:    true,
 						LoginExpired: false,
@@ -1880,19 +1699,19 @@ func TestAccount_GetExpiredPeers(t *testing.T) {
 func TestAccount_GetPeersWithExpiration(t *testing.T) {
 	type test struct {
 		name          string
-		peers         map[string]*nbpeer.Peer
+		peers         map[string]*Peer
 		expectedPeers map[string]struct{}
 	}
 
 	testCases := []test{
 		{
 			name:          "No account peers, no peers with expiration",
-			peers:         map[string]*nbpeer.Peer{},
+			peers:         map[string]*Peer{},
 			expectedPeers: map[string]struct{}{},
 		},
 		{
 			name: "Peers with login expiration disabled, no peers with expiration",
-			peers: map[string]*nbpeer.Peer{
+			peers: map[string]*Peer{
 				"peer-1": {
 					LoginExpirationEnabled: false,
 					UserID:                 userID,
@@ -1906,7 +1725,7 @@ func TestAccount_GetPeersWithExpiration(t *testing.T) {
 		},
 		{
 			name: "Peers with login expiration enabled, return peers with expiration",
-			peers: map[string]*nbpeer.Peer{
+			peers: map[string]*Peer{
 				"peer-1": {
 					ID:                     "peer-1",
 					LoginExpirationEnabled: true,
@@ -1949,7 +1768,7 @@ func TestAccount_GetPeersWithExpiration(t *testing.T) {
 func TestAccount_GetNextPeerExpiration(t *testing.T) {
 	type test struct {
 		name                   string
-		peers                  map[string]*nbpeer.Peer
+		peers                  map[string]*Peer
 		expiration             time.Duration
 		expirationEnabled      bool
 		expectedNextRun        bool
@@ -1960,7 +1779,7 @@ func TestAccount_GetNextPeerExpiration(t *testing.T) {
 	testCases := []test{
 		{
 			name:                   "No peers, no expiration",
-			peers:                  map[string]*nbpeer.Peer{},
+			peers:                  map[string]*Peer{},
 			expiration:             time.Second,
 			expirationEnabled:      false,
 			expectedNextRun:        false,
@@ -1968,16 +1787,16 @@ func TestAccount_GetNextPeerExpiration(t *testing.T) {
 		},
 		{
 			name: "No connected peers, no expiration",
-			peers: map[string]*nbpeer.Peer{
+			peers: map[string]*Peer{
 				"peer-1": {
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						Connected: false,
 					},
 					LoginExpirationEnabled: true,
 					UserID:                 userID,
 				},
 				"peer-2": {
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						Connected: true,
 					},
 					LoginExpirationEnabled: false,
@@ -1991,16 +1810,16 @@ func TestAccount_GetNextPeerExpiration(t *testing.T) {
 		},
 		{
 			name: "Connected peers with disabled expiration, no expiration",
-			peers: map[string]*nbpeer.Peer{
+			peers: map[string]*Peer{
 				"peer-1": {
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						Connected: true,
 					},
 					LoginExpirationEnabled: false,
 					UserID:                 userID,
 				},
 				"peer-2": {
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						Connected: true,
 					},
 					LoginExpirationEnabled: false,
@@ -2014,9 +1833,9 @@ func TestAccount_GetNextPeerExpiration(t *testing.T) {
 		},
 		{
 			name: "Expired peers, no expiration",
-			peers: map[string]*nbpeer.Peer{
+			peers: map[string]*Peer{
 				"peer-1": {
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						Connected:    true,
 						LoginExpired: true,
 					},
@@ -2024,7 +1843,7 @@ func TestAccount_GetNextPeerExpiration(t *testing.T) {
 					UserID:                 userID,
 				},
 				"peer-2": {
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						Connected:    true,
 						LoginExpired: true,
 					},
@@ -2039,9 +1858,9 @@ func TestAccount_GetNextPeerExpiration(t *testing.T) {
 		},
 		{
 			name: "To be expired peer, return expiration",
-			peers: map[string]*nbpeer.Peer{
+			peers: map[string]*Peer{
 				"peer-1": {
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						Connected:    true,
 						LoginExpired: false,
 					},
@@ -2050,7 +1869,7 @@ func TestAccount_GetNextPeerExpiration(t *testing.T) {
 					UserID:                 userID,
 				},
 				"peer-2": {
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						Connected:    true,
 						LoginExpired: true,
 					},
@@ -2065,9 +1884,9 @@ func TestAccount_GetNextPeerExpiration(t *testing.T) {
 		},
 		{
 			name: "Peers added with setup keys, no expiration",
-			peers: map[string]*nbpeer.Peer{
+			peers: map[string]*Peer{
 				"peer-1": {
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						Connected:    true,
 						LoginExpired: false,
 					},
@@ -2075,7 +1894,7 @@ func TestAccount_GetNextPeerExpiration(t *testing.T) {
 					SetupKey:               "key",
 				},
 				"peer-2": {
-					Status: &nbpeer.PeerStatus{
+					Status: &PeerStatus{
 						Connected:    true,
 						LoginExpired: false,
 					},
@@ -2110,7 +1929,7 @@ func TestAccount_GetNextPeerExpiration(t *testing.T) {
 func TestAccount_SetJWTGroups(t *testing.T) {
 	// create a new account
 	account := &Account{
-		Peers: map[string]*nbpeer.Peer{
+		Peers: map[string]*Peer{
 			"peer1": {ID: "peer1", Key: "key1", UserID: "user1"},
 			"peer2": {ID: "peer2", Key: "key2", UserID: "user1"},
 			"peer3": {ID: "peer3", Key: "key3", UserID: "user1"},
@@ -2158,7 +1977,7 @@ func TestAccount_SetJWTGroups(t *testing.T) {
 
 func TestAccount_UserGroupsAddToPeers(t *testing.T) {
 	account := &Account{
-		Peers: map[string]*nbpeer.Peer{
+		Peers: map[string]*Peer{
 			"peer1": {ID: "peer1", Key: "key1", UserID: "user1"},
 			"peer2": {ID: "peer2", Key: "key2", UserID: "user1"},
 			"peer3": {ID: "peer3", Key: "key3", UserID: "user1"},
@@ -2194,7 +2013,7 @@ func TestAccount_UserGroupsAddToPeers(t *testing.T) {
 
 func TestAccount_UserGroupsRemoveFromPeers(t *testing.T) {
 	account := &Account{
-		Peers: map[string]*nbpeer.Peer{
+		Peers: map[string]*Peer{
 			"peer1": {ID: "peer1", Key: "key1", UserID: "user1"},
 			"peer2": {ID: "peer2", Key: "key2", UserID: "user1"},
 			"peer3": {ID: "peer3", Key: "key3", UserID: "user1"},

management/server/activity/codes.go

@@ -120,16 +120,6 @@ const (
 	IntegrationUpdated
 	// IntegrationDeleted indicates that the user deleted an integration
 	IntegrationDeleted
-	// AccountPeerApprovalEnabled indicates that the user enabled peer approval for the account
-	AccountPeerApprovalEnabled
-	// AccountPeerApprovalDisabled indicates that the user disabled peer approval for the account
-	AccountPeerApprovalDisabled
-	// PeerApproved indicates that the peer has been approved
-	PeerApproved
-	// PeerApprovalRevoked indicates that the peer approval has been revoked
-	PeerApprovalRevoked
-	// TransferredOwnerRole indicates that the user transferred the owner role of the account
-	TransferredOwnerRole
 )
 
 var activityMap = map[Activity]Code{
@@ -188,11 +178,6 @@ var activityMap = map[Activity]Code{
 	IntegrationCreated:                        {"Integration created", "integration.create"},
 	IntegrationUpdated:                        {"Integration updated", "integration.update"},
 	IntegrationDeleted:                        {"Integration deleted", "integration.delete"},
-	AccountPeerApprovalEnabled:                {"Account peer approval enabled", "account.setting.peer.approval.enable"},
-	AccountPeerApprovalDisabled:               {"Account peer approval disabled", "account.setting.peer.approval.disable"},
-	PeerApproved:                              {"Peer approved", "peer.approve"},
-	PeerApprovalRevoked:                       {"Peer approval revoked", "peer.approval.revoke"},
-	TransferredOwnerRole:                      {"Transferred owner role", "transferred.owner.role"},
 }
 
 // StringCode returns a string code of the activity

management/server/dns.go

@@ -10,7 +10,6 @@ import (
 	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/management/proto"
 	"github.com/netbirdio/netbird/management/server/activity"
-	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 	"github.com/netbirdio/netbird/management/server/status"
 )
 
@@ -48,8 +47,8 @@ func (am *DefaultAccountManager) GetDNSSettings(accountID string, userID string)
 		return nil, err
 	}
 
-	if !user.HasAdminPower() {
-		return nil, status.Errorf(status.PermissionDenied, "only users with admin power are allowed to view DNS settings")
+	if !user.IsAdmin() {
+		return nil, status.Errorf(status.PermissionDenied, "only admins are allowed to view DNS settings")
 	}
 	dnsSettings := account.DNSSettings.Copy()
 	return &dnsSettings, nil
@@ -70,8 +69,8 @@ func (am *DefaultAccountManager) SaveDNSSettings(accountID string, userID string
 		return err
 	}
 
-	if !user.HasAdminPower() {
-		return status.Errorf(status.PermissionDenied, "only users with admin power are allowed to update DNS settings")
+	if !user.IsAdmin() {
+		return status.Errorf(status.PermissionDenied, "only admins are allowed to update DNS settings")
 	}
 
 	if dnsSettingsToSave == nil {
@@ -201,7 +200,7 @@ func getPeerNSGroups(account *Account, peerID string) []*nbdns.NameServerGroup {
 }
 
 // peerIsNameserver returns true if the peer is a nameserver for a nsGroup
-func peerIsNameserver(peer *nbpeer.Peer, nsGroup *nbdns.NameServerGroup) bool {
+func peerIsNameserver(peer *Peer, nsGroup *nbdns.NameServerGroup) bool {
 	for _, ns := range nsGroup.NameServers {
 		if peer.IP.Equal(ns.IP.AsSlice()) {
 			return true

management/server/dns_test.go

@@ -8,7 +8,6 @@ import (
 
 	"github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/management/server/activity"
-	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 	"github.com/netbirdio/netbird/management/server/status"
 )
 
@@ -209,10 +208,10 @@ func createDNSStore(t *testing.T) (Store, error) {
 
 func initTestDNSAccount(t *testing.T, am *DefaultAccountManager) (*Account, error) {
 	t.Helper()
-	peer1 := &nbpeer.Peer{
+	peer1 := &Peer{
 		Key:  dnsPeer1Key,
 		Name: "test-host1@netbird.io",
-		Meta: nbpeer.PeerSystemMeta{
+		Meta: PeerSystemMeta{
 			Hostname:  "test-host1@netbird.io",
 			GoOS:      "linux",
 			Kernel:    "Linux",
@@ -224,10 +223,10 @@ func initTestDNSAccount(t *testing.T, am *DefaultAccountManager) (*Account, erro
 		},
 		DNSLabel: dnsPeer1Key,
 	}
-	peer2 := &nbpeer.Peer{
+	peer2 := &Peer{
 		Key:  dnsPeer2Key,
 		Name: "test-host2@netbird.io",
-		Meta: nbpeer.PeerSystemMeta{
+		Meta: PeerSystemMeta{
 			Hostname:  "test-host2@netbird.io",
 			GoOS:      "linux",
 			Kernel:    "Linux",

management/server/ephemeral.go

@@ -7,7 +7,6 @@ import (
 	log "github.com/sirupsen/logrus"
 
 	"github.com/netbirdio/netbird/management/server/activity"
-	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 )
 
 const (
@@ -73,7 +72,7 @@ func (e *EphemeralManager) Stop() {
 
 // OnPeerConnected remove the peer from the linked list of ephemeral peers. Because it has been called when the peer
 // is active the manager will not delete it while it is active.
-func (e *EphemeralManager) OnPeerConnected(peer *nbpeer.Peer) {
+func (e *EphemeralManager) OnPeerConnected(peer *Peer) {
 	if !peer.Ephemeral {
 		return
 	}
@@ -94,7 +93,7 @@ func (e *EphemeralManager) OnPeerConnected(peer *nbpeer.Peer) {
 
 // OnPeerDisconnected add the peer to the linked list of ephemeral peers. Because of the peer
 // is inactive it will be deleted after the ephemeralLifeTime period.
-func (e *EphemeralManager) OnPeerDisconnected(peer *nbpeer.Peer) {
+func (e *EphemeralManager) OnPeerDisconnected(peer *Peer) {
 	if !peer.Ephemeral {
 		return
 	}

management/server/ephemeral_test.go

@@ -4,8 +4,6 @@ import (
 	"fmt"
 	"testing"
 	"time"
-
-	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 )
 
 type MockStore struct {
@@ -126,7 +124,7 @@ func seedPeers(store *MockStore, numberOfPeers int, numberOfEphemeralPeers int)
 
 	for i := 0; i < numberOfPeers; i++ {
 		peerId := fmt.Sprintf("peer_%d", i)
-		p := &nbpeer.Peer{
+		p := &Peer{
 			ID:        peerId,
 			Ephemeral: false,
 		}
@@ -135,7 +133,7 @@ func seedPeers(store *MockStore, numberOfPeers int, numberOfEphemeralPeers int)
 
 	for i := 0; i < numberOfEphemeralPeers; i++ {
 		peerId := fmt.Sprintf("ephemeral_peer_%d", i)
-		p := &nbpeer.Peer{
+		p := &Peer{
 			ID:        peerId,
 			Ephemeral: true,
 		}

management/server/file_store.go

@@ -10,7 +10,6 @@ import (
 	"github.com/rs/xid"
 	log "github.com/sirupsen/logrus"
 
-	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 	"github.com/netbirdio/netbird/management/server/status"
 	"github.com/netbirdio/netbird/management/server/telemetry"
 
@@ -205,7 +204,7 @@ func restore(file string) (*FileStore, error) {
 		// Set the Peer.ID to the newly generated value.
 		// Replace all the mentions of Peer.Key as ID (groups and routes).
 		// Swap Peer.Key with Peer.ID in the Account.Peers map.
-		migrationPeers := make(map[string]*nbpeer.Peer) // key to Peer
+		migrationPeers := make(map[string]*Peer) // key to Peer
 		for key, peer := range account.Peers {
 			// set LastLogin for the peers that were onboarded before the peer login expiration feature
 			if peer.LastLogin.IsZero() {
@@ -352,41 +351,6 @@ func (s *FileStore) SaveAccount(account *Account) error {
 	return s.persist(s.storeFile)
 }
 
-func (s *FileStore) DeleteAccount(account *Account) error {
-	s.mux.Lock()
-	defer s.mux.Unlock()
-
-	if account.Id == "" {
-		return status.Errorf(status.InvalidArgument, "account id should not be empty")
-	}
-
-	for keyID := range account.SetupKeys {
-		delete(s.SetupKeyID2AccountID, strings.ToUpper(keyID))
-	}
-
-	// enforce peer to account index and delete peer to route indexes for rebuild
-	for _, peer := range account.Peers {
-		delete(s.PeerKeyID2AccountID, peer.Key)
-		delete(s.PeerID2AccountID, peer.ID)
-	}
-
-	for _, user := range account.Users {
-		for _, pat := range user.PATs {
-			delete(s.TokenID2UserID, pat.ID)
-			delete(s.HashedPAT2TokenID, pat.HashedToken)
-		}
-		delete(s.UserID2AccountID, user.Id)
-	}
-
-	if account.DomainCategory == PrivateCategory && account.IsDomainPrimaryAccount {
-		delete(s.PrivateDomain2AccountID, account.Domain)
-	}
-
-	delete(s.Accounts, account.Id)
-
-	return s.persist(s.storeFile)
-}
-
 // DeleteHashedPAT2TokenIDIndex removes an entry from the indexing map HashedPAT2TokenID
 func (s *FileStore) DeleteHashedPAT2TokenIDIndex(hashedToken string) error {
 	s.mux.Lock()
@@ -607,7 +571,7 @@ func (s *FileStore) SaveInstallationID(ID string) error {
 
 // SavePeerStatus stores the PeerStatus in memory. It doesn't attempt to persist data to speed up things.
 // PeerStatus will be saved eventually when some other changes occur.
-func (s *FileStore) SavePeerStatus(accountID, peerID string, peerStatus nbpeer.PeerStatus) error {
+func (s *FileStore) SavePeerStatus(accountID, peerID string, peerStatus PeerStatus) error {
 	s.mux.Lock()
 	defer s.mux.Unlock()
 

management/server/file_store_test.go

@@ -10,7 +10,6 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 	"github.com/netbirdio/netbird/util"
 )
 
@@ -36,7 +35,7 @@ func TestStalePeerIndices(t *testing.T) {
 
 	peerID := "some_peer"
 	peerKey := "some_peer_key"
-	account.Peers[peerID] = &nbpeer.Peer{
+	account.Peers[peerID] = &Peer{
 		ID:  peerID,
 		Key: peerKey,
 	}
@@ -90,13 +89,13 @@ func TestSaveAccount(t *testing.T) {
 	account := newAccountWithId("account_id", "testuser", "")
 	setupKey := GenerateDefaultSetupKey()
 	account.SetupKeys[setupKey.Key] = setupKey
-	account.Peers["testpeer"] = &nbpeer.Peer{
+	account.Peers["testpeer"] = &Peer{
 		Key:      "peerkey",
 		SetupKey: "peerkeysetupkey",
 		IP:       net.IP{127, 0, 0, 1},
-		Meta:     nbpeer.PeerSystemMeta{},
+		Meta:     PeerSystemMeta{},
 		Name:     "peer name",
-		Status:   &nbpeer.PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
+		Status:   &PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
 	}
 
 	// SaveAccount should trigger persist
@@ -122,71 +121,17 @@ func TestSaveAccount(t *testing.T) {
 	}
 }
 
-func TestDeleteAccount(t *testing.T) {
-	storeDir := t.TempDir()
-	storeFile := filepath.Join(storeDir, "store.json")
-	err := util.CopyFileContents("testdata/store.json", storeFile)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	store, err := NewFileStore(storeDir, nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-	var account *Account
-	for _, a := range store.Accounts {
-		account = a
-		break
-	}
-
-	require.NotNil(t, account, "failed to restore a FileStore file and get at least one account")
-
-	err = store.DeleteAccount(account)
-	require.NoError(t, err, "failed to delete account, error: %v", err)
-
-	_, ok := store.Accounts[account.Id]
-	require.False(t, ok, "failed to delete account")
-
-	for id := range account.Users {
-		_, ok := store.UserID2AccountID[id]
-		assert.False(t, ok, "failed to delete UserID2AccountID index")
-		for _, pat := range account.Users[id].PATs {
-			_, ok := store.HashedPAT2TokenID[pat.HashedToken]
-			assert.False(t, ok, "failed to delete HashedPAT2TokenID index")
-			_, ok = store.TokenID2UserID[pat.ID]
-			assert.False(t, ok, "failed to delete TokenID2UserID index")
-		}
-	}
-
-	for _, p := range account.Peers {
-		_, ok := store.PeerKeyID2AccountID[p.Key]
-		assert.False(t, ok, "failed to delete PeerKeyID2AccountID index")
-		_, ok = store.PeerID2AccountID[p.ID]
-		assert.False(t, ok, "failed to delete PeerID2AccountID index")
-	}
-
-	for id := range account.SetupKeys {
-		_, ok := store.SetupKeyID2AccountID[id]
-		assert.False(t, ok, "failed to delete SetupKeyID2AccountID index")
-	}
-
-	_, ok = store.PrivateDomain2AccountID[account.Domain]
-	assert.False(t, ok, "failed to delete PrivateDomain2AccountID index")
-
-}
-
 func TestStore(t *testing.T) {
 	store := newStore(t)
 
 	account := newAccountWithId("account_id", "testuser", "")
-	account.Peers["testpeer"] = &nbpeer.Peer{
+	account.Peers["testpeer"] = &Peer{
 		Key:      "peerkey",
 		SetupKey: "peerkeysetupkey",
 		IP:       net.IP{127, 0, 0, 1},
-		Meta:     nbpeer.PeerSystemMeta{},
+		Meta:     PeerSystemMeta{},
 		Name:     "peer name",
-		Status:   &nbpeer.PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
+		Status:   &PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
 	}
 	account.Groups["all"] = &Group{
 		ID:    "all",
@@ -601,19 +546,19 @@ func TestFileStore_SavePeerStatus(t *testing.T) {
 	}
 
 	// save status of non-existing peer
-	newStatus := nbpeer.PeerStatus{Connected: true, LastSeen: time.Now().UTC()}
+	newStatus := PeerStatus{Connected: true, LastSeen: time.Now().UTC()}
 	err = store.SavePeerStatus(account.Id, "non-existing-peer", newStatus)
 	assert.Error(t, err)
 
 	// save new status of existing peer
-	account.Peers["testpeer"] = &nbpeer.Peer{
+	account.Peers["testpeer"] = &Peer{
 		Key:      "peerkey",
 		ID:       "testpeer",
 		SetupKey: "peerkeysetupkey",
 		IP:       net.IP{127, 0, 0, 1},
-		Meta:     nbpeer.PeerSystemMeta{},
+		Meta:     PeerSystemMeta{},
 		Name:     "peer name",
-		Status:   &nbpeer.PeerStatus{Connected: false, LastSeen: time.Now().UTC()},
+		Status:   &PeerStatus{Connected: false, LastSeen: time.Now().UTC()},
 	}
 
 	err = store.SaveAccount(account)

management/server/group.go

@@ -170,7 +170,7 @@ func (am *DefaultAccountManager) DeleteGroup(accountId, userId, groupID string)
 			return status.Errorf(status.NotFound, "user not found")
 		}
 		if executingUser.Role != UserRoleAdmin || !executingUser.IsServiceUser {
-			return status.Errorf(status.PermissionDenied, "only service users with admin power can delete integration group")
+			return status.Errorf(status.PermissionDenied, "only admins service user can delete integration group")
 		}
 	}
 

management/server/group_test.go

@@ -57,7 +57,7 @@ func TestDefaultAccountManager_DeleteGroup(t *testing.T) {
 		{
 			"integration",
 			"grp-for-integration",
-			"only service users with admin power can delete integration group",
+			"only admins service user can delete integration group",
 		},
 	}
 

management/server/grpcserver.go

@@ -17,7 +17,6 @@ import (
 	"github.com/netbirdio/netbird/encryption"
 	"github.com/netbirdio/netbird/management/proto"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
-	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 	internalStatus "github.com/netbirdio/netbird/management/server/status"
 	"github.com/netbirdio/netbird/management/server/telemetry"
 )
@@ -197,7 +196,7 @@ func (s *GRPCServer) Sync(req *proto.EncryptedMessage, srv proto.ManagementServi
 	}
 }
 
-func (s *GRPCServer) cancelPeerRoutines(peer *nbpeer.Peer) {
+func (s *GRPCServer) cancelPeerRoutines(peer *Peer) {
 	s.peersUpdateManager.CloseChannel(peer.ID)
 	s.turnCredentialsManager.CancelRefresh(peer.ID)
 	_ = s.accountManager.MarkPeerConnected(peer.Key, false)
@@ -244,8 +243,8 @@ func mapError(err error) error {
 	return status.Errorf(codes.Internal, "failed handling request")
 }
 
-func extractPeerMeta(loginReq *proto.LoginRequest) nbpeer.PeerSystemMeta {
-	return nbpeer.PeerSystemMeta{
+func extractPeerMeta(loginReq *proto.LoginRequest) PeerSystemMeta {
+	return PeerSystemMeta{
 		Hostname:  loginReq.GetMeta().GetHostname(),
 		GoOS:      loginReq.GetMeta().GetGoOS(),
 		Kernel:    loginReq.GetMeta().GetKernel(),
@@ -414,7 +413,7 @@ func toWiretrusteeConfig(config *Config, turnCredentials *TURNCredentials) *prot
 	}
 }
 
-func toPeerConfig(peer *nbpeer.Peer, network *Network, dnsName string) *proto.PeerConfig {
+func toPeerConfig(peer *Peer, network *Network, dnsName string) *proto.PeerConfig {
 	netmask, _ := network.Net.Mask.Size()
 	fqdn := peer.FQDN(dnsName)
 	return &proto.PeerConfig{
@@ -424,7 +423,7 @@ func toPeerConfig(peer *nbpeer.Peer, network *Network, dnsName string) *proto.Pe
 	}
 }
 
-func toRemotePeerConfig(peers []*nbpeer.Peer, dnsName string) []*proto.RemotePeerConfig {
+func toRemotePeerConfig(peers []*Peer, dnsName string) []*proto.RemotePeerConfig {
 	remotePeers := []*proto.RemotePeerConfig{}
 	for _, rPeer := range peers {
 		fqdn := rPeer.FQDN(dnsName)
@@ -438,7 +437,7 @@ func toRemotePeerConfig(peers []*nbpeer.Peer, dnsName string) []*proto.RemotePee
 	return remotePeers
 }
 
-func toSyncResponse(config *Config, peer *nbpeer.Peer, turnCredentials *TURNCredentials, networkMap *NetworkMap, dnsName string) *proto.SyncResponse {
+func toSyncResponse(config *Config, peer *Peer, turnCredentials *TURNCredentials, networkMap *NetworkMap, dnsName string) *proto.SyncResponse {
 	wtConfig := toWiretrusteeConfig(config, turnCredentials)
 
 	pConfig := toPeerConfig(peer, networkMap.Network, dnsName)
@@ -478,7 +477,7 @@ func (s *GRPCServer) IsHealthy(ctx context.Context, req *proto.Empty) (*proto.Em
 }
 
 // sendInitialSync sends initial proto.SyncResponse to the peer requesting synchronization
-func (s *GRPCServer) sendInitialSync(peerKey wgtypes.Key, peer *nbpeer.Peer, networkMap *NetworkMap, srv proto.ManagementService_SyncServer) error {
+func (s *GRPCServer) sendInitialSync(peerKey wgtypes.Key, peer *Peer, networkMap *NetworkMap, srv proto.ManagementService_SyncServer) error {
 	// make secret time based TURN credentials optional
 	var turnCredentials *TURNCredentials
 	if s.config.TURNConfig.TimeBasedCredentials {

management/server/http/accounts_handler.go

@@ -8,7 +8,6 @@ import (
 	"github.com/gorilla/mux"
 
 	"github.com/netbirdio/netbird/management/server"
-	"github.com/netbirdio/netbird/management/server/account"
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
@@ -41,7 +40,7 @@ func (h *AccountsHandler) GetAllAccounts(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	if !user.HasAdminPower() {
+	if !user.IsAdmin() {
 		util.WriteError(status.Errorf(status.PermissionDenied, "the user has no permission to access account data"), w)
 		return
 	}
@@ -78,10 +77,6 @@ func (h *AccountsHandler) UpdateAccount(w http.ResponseWriter, r *http.Request)
 		PeerLoginExpiration:        time.Duration(float64(time.Second.Nanoseconds()) * float64(req.Settings.PeerLoginExpiration)),
 	}
 
-	if req.Settings.Extra != nil {
-		settings.Extra = &account.ExtraSettings{PeerApprovalEnabled: *req.Settings.Extra.PeerApprovalEnabled}
-	}
-
 	if req.Settings.JwtGroupsEnabled != nil {
 		settings.JWTGroupsEnabled = *req.Settings.JwtGroupsEnabled
 	}
@@ -103,45 +98,15 @@ func (h *AccountsHandler) UpdateAccount(w http.ResponseWriter, r *http.Request)
 	util.WriteJSONObject(w, &resp)
 }
 
-// DeleteAccount is a HTTP DELETE handler to delete an account
-func (h *AccountsHandler) DeleteAccount(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodDelete {
-		util.WriteErrorResponse("wrong HTTP method", http.StatusMethodNotAllowed, w)
-		return
-	}
-
-	claims := h.claimsExtractor.FromRequestContext(r)
-	vars := mux.Vars(r)
-	targetAccountID := vars["accountId"]
-	if len(targetAccountID) == 0 {
-		util.WriteError(status.Errorf(status.InvalidArgument, "invalid account ID"), w)
-		return
-	}
-
-	err := h.accountManager.DeleteAccount(targetAccountID, claims.UserId)
-	if err != nil {
-		util.WriteError(err, w)
-		return
-	}
-
-	util.WriteJSONObject(w, emptyObject{})
-}
-
 func toAccountResponse(account *server.Account) *api.Account {
-	settings := api.AccountSettings{
-		PeerLoginExpiration:        int(account.Settings.PeerLoginExpiration.Seconds()),
-		PeerLoginExpirationEnabled: account.Settings.PeerLoginExpirationEnabled,
-		GroupsPropagationEnabled:   &account.Settings.GroupsPropagationEnabled,
-		JwtGroupsEnabled:           &account.Settings.JWTGroupsEnabled,
-		JwtGroupsClaimName:         &account.Settings.JWTGroupsClaimName,
-	}
-
-	if account.Settings.Extra != nil {
-		settings.Extra = &api.AccountExtraSettings{PeerApprovalEnabled: &account.Settings.Extra.PeerApprovalEnabled}
-	}
-
 	return &api.Account{
-		Id:       account.Id,
-		Settings: settings,
+		Id: account.Id,
+		Settings: api.AccountSettings{
+			PeerLoginExpiration:        int(account.Settings.PeerLoginExpiration.Seconds()),
+			PeerLoginExpirationEnabled: account.Settings.PeerLoginExpirationEnabled,
+			GroupsPropagationEnabled:   &account.Settings.GroupsPropagationEnabled,
+			JwtGroupsEnabled:           &account.Settings.JWTGroupsEnabled,
+			JwtGroupsClaimName:         &account.Settings.JWTGroupsClaimName,
+		},
 	}
 }