Deduplicate STUN package sending.
Originally, because every peer shared the same UDP address, the library could not distinguish which STUN message was associated with which candidate. As a result, the Pion library responded from all candidates for every STUN message.
This PR adds a validate flow response feature to the management server by integrating an IntegratedValidator component. The main purpose is to enable validation of PKCE authorization flows through an integrated validator interface.
- Adds a new ValidateFlowResponse method to the IntegratedValidator interface
- Integrates the validator into the management server to validate PKCE authorization flows
- Updates dependency version for management-integrations
Add an upload bundle option with the flag --upload-bundle; by default, the upload will use a NetBird address, which can be replaced using the flag --upload-bundle-url.
The upload server is available under the /upload-server path. The release change will push a docker image to netbirdio/upload image repository.
The server supports using s3 with pre-signed URL for direct upload and local file for storing bundles.
This PR fixes configuration inconsistencies and updates the store engine type usage throughout the management code. Key changes include:
- Replacing outdated server.Config references with types.Config and updating related flag variables (e.g. types.MgmtConfigPath).
- Converting engine constants (SqliteStoreEngine, PostgresStoreEngine, MysqlStoreEngine) to use types.Engine for consistent type–safety.
- Adjusting various test and migration code paths to correctly reference the new configuration and engine types.
adds NetFlow functionality to track and log network traffic information between peers, with features including:
- Flow logging for TCP, UDP, and ICMP traffic
- Integration with connection tracking system
- Resource ID tracking in NetFlow events
- DNS and exit node collection configuration
- Flow API and Redis cache in management
- Memory-based flow storage implementation
- Kernel conntrack counters and userspace counters
- TCP state machine improvements for more accurate tracking
- Migration from net.IP to netip.Addr in the userspace firewall
* [misc] Add vendor/ to .gitignore
Ignore the vendor/ tree created if someone runs "go mod vendor"
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update google.golang.org/protobuf to latest
Updating protobuf runtime library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update google.golang.org/grpc to latest
Updating grpc library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update golang.org/x/net to latest
Updating x/net library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update golang.org/x/oauth2 to latest
Updating x/oauth2 library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update github.com/stretchr/testify to latest
Updating testify library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update opentelemetry to latest
Updating otel library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update golang.org/x/time to latest
Updating x/time library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [management] Update google.golang.org/api to latest
Updating google.golang.org/api library to fix indirect dependency issues with
older versions of OpenTelemetry.
See: #3240
Signed-off-by: Christian Stewart <christian@aperture.us>
---------
Signed-off-by: Christian Stewart <christian@aperture.us>
The nhooyr.io/websocket package was renamed to github.com/coder/websocket when
the project was transferred to "coder" as the new maintainer.
Use the new import path and update go.mod and go.sum accordingly.
Signed-off-by: Christian Stewart <christian@aperture.us>
