Proto commits in netbirdio/netbird

These commits are when the Protocol Buffers files have changed: (only the last 100 relevant commits are shown)

2025-05-02

Merge branch 'main' into feature/lazy-connection

2025-04-28

[client] Feature/upload bundle (#3734) Add an upload bundle option with the flag --upload-bundle; by default, the upload will use a NetBird address, which can be replaced using the flag --upload-bundle-url. The upload server is available under the /upload-server path. The release change will push a docker image to netbirdio/upload image repository. The server supports using s3 with pre-signed URL for direct upload and local file for storing bundles.

The documentation is generated from this commit.

2025-04-25

Merge branch 'main' into feature/lazy-connection

[client] Feature/lazy connection backward (#3718) Check the minimum version number of the remote peer, and if the remote peer does not support the lazy connection, then always use a permanent connection. Keep in mind just because the user updated the agent, the management server will not push a new network map with the new version information.

2025-04-23

Merge branch 'main' into feature/upload-bundle

The documentation is generated from this commit.

add UploadFailureReason

[management] Add firewall rule route ID and missing route domains (#3700)

2025-04-19

PoC version

2025-04-17

Add firewall rule route ID missing route domains

Merge branch 'main' into feature/buf-cli # Conflicts: # management/proto/management.pb.go

Merge branch 'feature/lazy-connection' into feature/lazy-connection-backward

Merge branch 'main' into feature/lazy-connection

2025-04-11

[management,client] Add support to configurable prompt login (#3660)

2025-04-09

[misc] buf cli proto lint, format and gen

2025-03-27

Add backward compatibility handling

2025-03-25

Add command line parameter to enable-disable lazy connection

2025-03-22

[client] Add initiator field to ack (#3563) added the new field and client handling

2025-03-21

Add initiator field and parse url (#3558) - Add initiator field to flow proto - Parse URL - Update a few trace logs

2025-03-20

[client,management] add netflow support to client and update management (#3414) adds NetFlow functionality to track and log network traffic information between peers, with features including: - Flow logging for TCP, UDP, and ICMP traffic - Integration with connection tracking system - Resource ID tracking in NetFlow events - DNS and exit node collection configuration - Flow API and Redis cache in management - Memory-based flow storage implementation - Kernel conntrack counters and userspace counters - TCP state machine improvements for more accurate tracking - Migration from net.IP to netip.Addr in the userspace firewall

2025-03-14

[management] Flow settings (#3509)

[client] add resource id fields to netflow events (#3445) * [client] add resource id fields to netflow events

2025-03-13

[management] fix force-push to feature/flow branch (#3500)

2025-03-11

Add source and destination resource IDs to FlowFields

2025-03-09

[client, management] Add port forwarding (#3275) Add initial support to ingress ports on the client code. - new types where added - new protocol messages and controller

2025-03-07

Use bytes for flows event id (#3439)

2025-03-05

Add policy IDs to firewall rules (#3440)

2025-03-04

Fix proto numbering (#3436)

Add kernel conntrack counters (#3434)

Add flow ACL IDs (#3421)

2025-02-28

Add routed packet drop flow (#3410)

update flow proto package name

2025-02-27

Move proto and rename port and icmp info (#3399)

Add event proto fields (#3397)

2025-02-25

rename flow proto messages

[management] Add flow proto (#3384)

[management] flow proto

Merge branch 'main' into feature/port-forwarding

2025-02-21

[client] Add netbird ui improvements (#3222)

2025-02-20

Merge branch 'main' into feature/port-forwarding

[client, management] Support DNS Labels for Peer Addressing (#3252) * [client] Support Extra DNS Labels for Peer Addressing * [management] Support Extra DNS Labels for Peer Addressing --------- Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com>

Merge branch 'main' into feature/port-forwarding

[client] Add UI client event notifications (#3207)

2025-02-07

[client] Add experimental support for userspace routing (#3134)

Merge branch 'main' into userspace-router

2025-02-05

Merge branch 'main' into feature/port-forwarding

[misc, client, management] Replace Wiretrustee with Netbird (#3267)

2025-01-29

Feature/port forwarding client ingress (#3242) Client-side forward handling Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com> --------- Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com>

2025-01-27

[client] Support port ranges in peer ACLs (#3232)

2025-01-24

Add forwarding commandline command

Manage Forwarding rules

2025-01-23

Merge branch 'port-range-acl' into userspace-router

Use uppercase field name

Support port ranges

2025-01-16

[client] Report client system flags to management server on login (#3187)

2025-01-15

Merge branch 'main' into userspace-router

[client] Add block lan access flag for routers (#3171)

2025-01-08

Merge branch 'main' into userspace-router

2025-01-07

[client] Add disable system flags (#3153)

2025-01-03

Add packet tracer

2024-12-20

[client, management] Add new network concept (#3047) --------- Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com> Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>

2024-12-13

[management] Add settings for routing peer dns resolution (#3040)

2024-12-12

Rename CLI commands and status output with the new network concept. (#3029) Rename CLI commands and status output with the new network concept. Updated the daemon gRPC API and renamed files.

2024-12-09

[management] Add structs for new networks concept (#3006)

2024-12-03

[client] Add state handling cmdline options (#2821)

[client] Add network map to debug bundle (#2966)

2024-10-02

[management, client] Add access control support to network routes (#2100)

2024-09-08

[relay] Feature/relay integration (#2244) This update adds new relay integration for NetBird clients. The new relay is based on web sockets and listens on a single port. - Adds new relay implementation with websocket with single port relaying mechanism - refactor peer connection logic, allowing upgrade and downgrade from/to P2P connection - peer connections are faster since it connects first to relay and then upgrades to P2P - maintains compatibility with old clients by not using the new relay - updates infrastructure scripts with new relay service

2024-08-13

Add support for IPv6 networks (on Linux clients) (#1459) * Feat add basic support for IPv6 networks Newly generated networks automatically generate an IPv6 prefix of size 64 within the ULA address range, devices obtain a randomly generated address within this prefix. Currently, this is Linux only and does not yet support all features (routes currently cause an error). * Fix firewall configuration for IPv6 networks * Fix routing configuration for IPv6 networks * Feat provide info on IPv6 support for specific client to mgmt server * Feat allow configuration of IPv6 support through API, improve stability * Feat add IPv6 support to new firewall implementation * Fix peer list item response not containing IPv6 address * Fix nftables breaking on IPv6 address change * Fix build issues for non-linux systems * Fix intermittent disconnections when IPv6 is enabled * Fix test issues and make some minor revisions * Fix some more testing issues * Fix more CI issues due to IPv6 * Fix more testing issues * Add inheritance of IPv6 enablement status from groups * Fix IPv6 events not having associated messages * Address first review comments regarding IPv6 support * Fix IPv6 table being created even when IPv6 is disabled Also improved stability of IPv6 route and firewall handling on client side * Fix IPv6 routes not being removed * Fix DNS IPv6 issues, limit IPv6 nameservers to IPv6 peers * Improve code for IPv6 DNS server selection, add AAAA custom records * Ensure IPv6 routes can only exist for IPv6 routing peers * Fix IPv6 network generation randomness * Fix a bunch of compilation issues and test failures * Replace method calls that are unavailable in Go 1.21 * Fix nil dereference in cleanUpDefaultForwardRules6 * Fix nil pointer dereference when persisting IPv6 network in sqlite * Clean up of client-side code changes for IPv6 * Fix nil dereference in rule mangling and compilation issues * Add a bunch of client-side test cases for IPv6 * Fix IPv6 tests running on unsupported environments * Fix import cycle in tests * Add missing method SupportsIPv6() for windows * Require IPv6 default route for IPv6 tests * Fix panics in routemanager tests on non-linux * Fix some more route manager tests concerning IPv6 * Add some final client-side tests * Add IPv6 tests for management code, small fixes * Fix linting issues * Fix small test suite issues * Fix linter issues and builds on macOS and Windows again * fix builds for iOS because of IPv6 breakage

2024-08-05

Merge branch 'main' into feature/relay-integration

2024-08-02

Extend client debug bundle (#2341) Adds readme (with --anonymize) Fixes archive file timestamps Adds routes info Adds interfaces Adds client config

2024-07-17

- remove direct field from status - add randomisation factor for reconnection - fix rosenpass status

2024-07-16

- Implement remote addr for conn - Eliminate cached offeranswer arguments - Fix exponent reset in conn reconnect loop - Fix on disconnected callback for permanent server - Add peer relay status for status details command

2024-07-08

- Revert typos in turnCfg string - merge main

2024-07-05

Integrate the relay authentication

2024-07-03

- add file based cert - print out the exposed address - handle empty exposed address

2024-06-19

Update configuration options for client UI (#2139) * Add additional configuration options to client UI * add quick settings options * Remove unused UI elements and client options * Add additional config properties to daemon protocol This update extends the daemon protocol to include new configuration properties: interfaceName, wireguardPort, disableAutoConnect, serverSSHAllowed, rosenpassEnabled, and rosenpassPermissive. * Refactor UI client settings and restart process * Fix disable connect option while connecting

2024-06-14

Integrate relay into peer conn - extend mgm with relay address - extend signaling with remote peer's relay address - start setup relay connection before engine start

2024-06-13

Release 0.28.0 (#2092) * compile client under freebsd (#1620) Compile netbird client under freebsd and now support netstack and userspace modes. Refactoring linux specific code to share same code with FreeBSD, move to *_unix.go files. Not implemented yet: Kernel mode not supported DNS probably does not work yet Routing also probably does not work yet SSH support did not tested yet Lack of test environment for freebsd (dedicated VM for github runners under FreeBSD required) Lack of tests for freebsd specific code info reporting need to review and also implement, for example OS reported as GENERIC instead of FreeBSD (lack of FreeBSD icon in management interface) Lack of proper client setup under FreeBSD Lack of FreeBSD port/package * Add DNS routes (#1943) Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added. This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records. * Add process posture check (#1693) Introduces a process posture check to validate the existence and active status of specific binaries on peer systems. The check ensures that files are present at specified paths, and that corresponding processes are running. This check supports Linux, Windows, and macOS systems. Co-authored-by: Evgenii <mail@skillcoder.com> Co-authored-by: Pascal Fischer <pascal@netbird.io> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com>

2024-05-24

Restore netbird state and log level after debug (#2047)

2024-05-07

Monitor network changes and restart engine on detection (#1904)

2024-04-26

Add client debug features (#1884) * Add status anonymization * Add OS/arch to the status command * Use human-friendly last-update status messages * Add debug bundle command to collect (anonymized) logs * Add debug log level command * And debug for a certain time span command

2024-04-23

Add route selection functionality for CLI and GUI (#1865)

2024-04-15

Extend management to sync meta and posture checks with peer (#1727) * Add method to retrieve peer's applied posture checks * Add posture checks in server response and update proto messages * Refactor * Extends peer metadata synchronization through SyncRequest and propagate posture changes on syncResponse * Remove account lock * Pass system info on sync * Fix tests * Refactor * resolve merge * Evaluate process check on client (#1749) * implement server and client sync peer meta alongside mocks * wip: add check file and process * Add files to peer metadata for process check * wip: update peer meta on first sync * Add files to peer's metadata * Evaluate process check using files from peer metadata * Fix panic and append windows path to files * Fix check network address and files equality * Evaluate active process on darwin * Evaluate active process on linux * Skip processing processes if no paths are set * Return network map on peer meta-sync and update account peer's * Update client network map on meta sync * Get system info with applied checks * Add windows package * Remove a network map from sync meta-response * Update checks proto message * Keep client checks state and sync meta on checks change * Evaluate a running process * skip build for android and ios * skip check file and process for android and ios * bump gopsutil version * fix tests * move process check to separate os file * refactor * evaluate info with checks on receiving management events * skip meta-update for an old client with no meta-sync support * Check if peer meta is empty without reflection

2024-04-12

Initial code

2024-03-28

support to configure extra blacklist of iface in "up" command (#1734) Support to configure extra blacklist of iface in "up" command

2024-03-20

Add latency checks to peer connection and status output (#1725) * adding peer healthcheck * generate proto file * fix return in udp mux and replace with continue * use ice agent for latency checks * fix status output * remove some logs * fix status test * revert bind and ebpf code * fix error handling on binding response callback * extend error handling on binding response callback --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>

2024-03-14

update protocol

2024-03-12

Send ssh and rosenpass config meta

Add routes and dns servers to status command (#1680) * Add routes (client and server) to status command * Add DNS servers to status output

2024-03-06

Implement API response cache (#1645) Apply peer validator cache mechanism --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> Co-authored-by: Yury Gargay <yury.gargay@gmail.com> Co-authored-by: Viktor Liu <viktor@netbird.io> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com> Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com> Co-authored-by: Misha Bragin <bangvalo@gmail.com>

2024-03-01

add environment meta from grpc to store (#1651)

2024-02-24

Add quantum resistance status output (#1608)

2024-02-21

Add permissive mode to rosenpass (#1599) * add rosenpass-permissive flag * Clarify rosenpass-permissive flag message Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> --------- Co-authored-by: Misha Bragin <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>

2024-02-20

Extend system meta (#1598) * wip: add posture checks structs * add netbird version check * Refactor posture checks and add version checks * Add posture check activities (#1445) * Integrate Endpoints for Posture Checks (#1432) * wip: add posture checks structs * add netbird version check * Refactor posture checks and add version checks * Implement posture and version checks in API models * Refactor API models and enhance posture check functionality * wip: add posture checks endpoints * go mod tidy * Reference the posture checks by id's in policy * Add posture checks management to server * Add posture checks management mocks * implement posture checks handlers * Add posture checks to account copy and fix tests * Refactor posture checks validation * wip: Add posture checks handler tests * Add JSON encoding support to posture checks * Encode posture checks to correct api response object * Refactored posture checks implementation to align with the new API schema * Refactor structure of `Checks` from slice to map * Cleanup * Add posture check activities (#1445) * Revert map to use list of checks * Add posture check activity events * Refactor posture check initialization in account test * Improve the handling of version range in posture check * Fix tests and linter * Remove max_version from NBVersionCheck * Added unit tests for NBVersionCheck * go mod tidy * Extend policy endpoint with posture checks (#1450) * Implement posture and version checks in API models * go mod tidy * Allow attaching posture checks to policy * Update error message for linked posture check on deleting * Refactor PostureCheck and Checks structures * go mod tidy * Add validation for non-existing posture checks * fix unit tests * use Wt version * Remove the enabled field, as posture check will now automatically be activated by default when attaching to a policy * wip: add posture checks structs * add netbird version check * Refactor posture checks and add version checks * Add posture check activities (#1445) * Integrate Endpoints for Posture Checks (#1432) * wip: add posture checks structs * add netbird version check * Refactor posture checks and add version checks * Implement posture and version checks in API models * Refactor API models and enhance posture check functionality * wip: add posture checks endpoints * go mod tidy * Reference the posture checks by id's in policy * Add posture checks management to server * Add posture checks management mocks * implement posture checks handlers * Add posture checks to account copy and fix tests * Refactor posture checks validation * wip: Add posture checks handler tests * Add JSON encoding support to posture checks * Encode posture checks to correct api response object * Refactored posture checks implementation to align with the new API schema * Refactor structure of `Checks` from slice to map * Cleanup * Add posture check activities (#1445) * Revert map to use list of checks * Add posture check activity events * Refactor posture check initialization in account test * Improve the handling of version range in posture check * Fix tests and linter * Remove max_version from NBVersionCheck * Added unit tests for NBVersionCheck * go mod tidy * Extend policy endpoint with posture checks (#1450) * Implement posture and version checks in API models * go mod tidy * Allow attaching posture checks to policy * Update error message for linked posture check on deleting * Refactor PostureCheck and Checks structures * go mod tidy * Add validation for non-existing posture checks * fix unit tests * use Wt version * Remove the enabled field, as posture check will now automatically be activated by default when attaching to a policy * Extend network map generation with posture checks (#1466) * Apply posture checks to network map generation * run policy posture checks on peers to connect * Refactor and streamline policy posture check process for peers to connect. * Add posture checks testing in a network map * Remove redundant nil check in policy.go * Refactor peer validation check in policy.go * Update 'Check' function signature and use logger for version check * Refactor posture checks run on sources and updated the validation func * Update peer validation * fix tests * improved test coverage for policy posture check * Refactoring * Extend NetBird agent to collect kernel version (#1495) * Add KernelVersion field to LoginRequest * Add KernelVersion to system info retrieval * Fix tests * Remove Core field from system info * Replace Core field with new OSVersion field in system info * Added WMI dependency to info_windows.go * Add OS Version posture checks (#1479) * Initial support of Geolocation service (#1491) * Add Geo Location posture check (#1500) * wip: implement geolocation check * add geo location posture checks to posture api * Merge branch 'feature/posture-checks' into geo-posture-check * Remove CityGeoNameID and update required fields in API * Add geoLocation checks to posture checks handler tests * Implement geo location-based checks for peers * Update test values and embed location struct in peer system * add support for country wide checks * initialize country code regex once * Fix peer meta core compability with older clients (#1515) * Refactor extraction of OSVersion in grpcserver * Ignore lint check * Fix peer meta core compability with older management (#1532) * Revert core field deprecation * fix tests * Extend peer meta with location information (#1517) This PR uses the geolocation service to resolve IP to location. The lookup happens once on the first connection - when a client calls the Sync func. The location is stored as part of the peer: * Add Locations endpoints (#1516) * add locations endpoints * Add sqlite3 check and database generation in geolite script * Add SQLite storage for geolocation data * Refactor file existence check into a separate function * Integrate geolocation services into management application * Refactoring * Refactor city retrieval to include Geonames ID * Add signature verification for GeoLite2 database download * Change to in-memory database for geolocation store * Merge manager to geolocation * Update GetAllCountries to return Country name and iso code * fix tests * Add reload to SqliteStore * Add geoname indexes * move db file check to connectDB * Add concurrency safety to SQL queries and database reloading The commit adds mutex locks to the GetAllCountries and GetCitiesByCountry functions to ensure thread-safety during database queries. Additionally, it introduces a mechanism to safely close the old database connection before a new connection is established upon reloading, which improves the reliability of database operations. Lastly, it moves the checking of database file existence to the connectDB function. * Add sha256 sum check to geolocation store before reload * Use read lock * Check SHA256 twice when reload geonames db --------- Co-authored-by: Yury Gargay <yury.gargay@gmail.com> * Add tests and validation for empty peer location in GeoLocationCheck (#1546) * Disallow Geo check creation/update without configured Geo DB (#1548) * Fix shared access to in memory copy of geonames.db (#1550) * Trim suffix in when evaluate Min Kernel Version in OS check * Add Valid Peer Windows Kernel version test * Add Geolocation handler tests (#1556) * Implement user admin checks in posture checks * Add geolocation handler tests * Mark initGeolocationTestData as helper func * Add error handling to geolocation database closure * Add cleanup function to close geolocation resources * Simplify checks definition serialisation (#1555) * Regenerate network map on posture check update (#1563) * change network state and generate map on posture check update * Refactoring * Make city name optional (#1575) * Do not return empty city name * Validate action param of geo location checks (#1577) We only support allow and deny * Switch realip middleware to upstream (#1578) * Be more silent in download-geolite2.sh script * Fix geonames db reload (#1580) * Ensure posture check name uniqueness when create (#1594) * Enhance the management of posture checks (#1595) * add a correct min version and kernel for os posture check example * handle error when geo or location db is nil * expose all peer location details in api response * Check for nil geolocation manager only * Validate posture check before save * bump open api version * add peer location fields to toPeerListItemResponse * Feautre/extend sys meta (#1536) * Collect network addresses * Add Linux sys product info * Fix peer meta comparison * Collect sys info on mac * Add windows sys info * Fix test * Fix test * Fix grpc client * Ignore test * Fix test * Collect IPv6 addresses * Change the IP to IP + net * fix tests * Use netip on server side * Serialize netip to json * Extend Peer metadata with cloud detection (#1552) * add cloud detection + test binary * test windows exe * Collect IPv6 addresses * Change the IP to IP + net * switch to forked cloud detect lib * new test builds * new GCE build * discontinue using library but local copy instead * fix imports * remove openstack check * add hierarchy to cloud check * merge IBM and SoftLayer * close resp bodies and use os lib for file reading * close more resp bodies * fix error check logic * parallelize IBM checks * fix response value * go mod tidy * include context + change kubernetes detection * add context in info functions * extract platform into separate field * fix imports * add missing wmi import --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> --------- Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com> * generate proto * remove test binaries --------- Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Yury Gargay <yury.gargay@gmail.com> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>

Disable SSH server by default on client side and add the flag --allow-server-ssh to enable it (#1508) This changes the default behavior for new peers, by requiring the agent to be executed with allow-server-ssh set to true in order for the management configuration to take effect.

feat: add --disable-auto-connectflag to prevent auto connection after daemon service start (fixes #444, fixes #1382) (#1161) With these changes, the command up supports the flag --disable-auto-connect that allows users to disable auto connection on the client after a computer restart or when the daemon restarts.

Add initial support of device posture checks (#1540) This PR implements the following posture checks: * Agent minimum version allowed * OS minimum version allowed * Geo-location based on connection IP For the geo-based location, we rely on GeoLite2 databases which are free IP geolocation databases. MaxMind was tested and we provide a script that easily allows to download of all necessary files, see infrastructure_files/download-geolite2.sh. The OpenAPI spec should extensively cover the life cycle of current version posture checks.

2024-01-22

Extend netbird status command to include health information (#1471) * Adds management, signal, and relay (STUN/TURN) health probes to the status command. * Adds a reason when the management or signal connections are disconnected. * Adds last wireguard handshake and received/sent bytes per peer

2024-01-19

Fix preshared key not persisted in config (#1474) * replace the preshared key attribute in LoginRequest protobuff with an optional replacement * mark old field as deprecated * fix ui client to also keep preshared key

2024-01-15

Add support for setting interface name and wireguard port (#1467) This PR adds support for setting the wireguard interface name and port with the netbird up command