Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IPv6 network support (PR just for running Actions) #1

Open
wants to merge 50 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
50 commits
Select commit Hold shift + click to select a range
602510c
Feat add basic support for IPv6 networks
pulsastrix Jul 27, 2023
b22b16c
Fix firewall configuration for IPv6 networks
pulsastrix Jul 28, 2023
eb01b82
Fix routing configuration for IPv6 networks
pulsastrix Nov 6, 2023
e66c2b1
Feat provide info on IPv6 support for specific client to mgmt server
pulsastrix Nov 29, 2023
9bd73d4
Feat allow configuration of IPv6 support through API, improve stability
pulsastrix Dec 14, 2023
2c684aa
Merge remote-tracking branch 'upstream/main' into feature/ipv6-networ…
pulsastrix Dec 24, 2023
e6c87af
Feat add IPv6 support to new firewall implementation
pulsastrix Dec 24, 2023
45d20d2
Fix peer list item response not containing IPv6 address
pulsastrix Dec 24, 2023
e299978
Merge remote-tracking branch 'upstream/main' into feature/ipv6-networ…
pulsastrix Dec 24, 2023
f6b8284
Fix nftables breaking on IPv6 address change
pulsastrix Jan 12, 2024
ea3d3bb
Merge remote-tracking branch 'upstream/main' into feature/ipv6-networ…
pulsastrix Jan 12, 2024
1fa25de
Fix build issues for non-linux systems
pulsastrix Jan 12, 2024
32b2b2f
Fix intermittent disconnections when IPv6 is enabled
pulsastrix Jan 12, 2024
8e6f530
Fix test issues and make some minor revisions
pulsastrix Jan 12, 2024
1763da2
Fix some more testing issues
pulsastrix Jan 13, 2024
fc41c78
Fix more CI issues due to IPv6
pulsastrix Feb 25, 2024
90fccfc
Merge remote-tracking branch 'upstream/main' into feature/ipv6-networ…
pulsastrix Feb 25, 2024
ab9f480
Fix more testing issues
pulsastrix Feb 26, 2024
4460f07
Add inheritance of IPv6 enablement status from groups
pulsastrix Feb 29, 2024
7a0df2c
Fix IPv6 events not having associated messages
pulsastrix Feb 29, 2024
dec1850
Address first review comments regarding IPv6 support
pulsastrix Feb 29, 2024
8de778f
Fix IPv6 table being created even when IPv6 is disabled
pulsastrix Feb 29, 2024
a4d0ee1
Fix IPv6 routes not being removed
pulsastrix Feb 29, 2024
9df5357
Fix DNS IPv6 issues, limit IPv6 nameservers to IPv6 peers
pulsastrix Feb 29, 2024
5f15d24
Improve code for IPv6 DNS server selection, add AAAA custom records
pulsastrix Feb 29, 2024
f05ef7d
Ensure IPv6 routes can only exist for IPv6 routing peers
pulsastrix Mar 1, 2024
58f6d14
Fix IPv6 network generation randomness
pulsastrix Mar 1, 2024
52dd3d5
Fix a bunch of compilation issues and test failures
pulsastrix Mar 2, 2024
a02e551
Replace method calls that are unavailable in Go 1.21
pulsastrix Mar 6, 2024
7176b34
Merge remote-tracking branch 'upstream/main' into feature/ipv6-networ…
pulsastrix Mar 6, 2024
f1dd455
Fix nil dereference in cleanUpDefaultForwardRules6
pulsastrix Mar 6, 2024
a5361f3
Fix nil pointer dereference when persisting IPv6 network in sqlite
pulsastrix Mar 6, 2024
ba25930
Clean up of client-side code changes for IPv6
pulsastrix Mar 7, 2024
0173c20
Fix nil dereference in rule mangling and compilation issues
pulsastrix Mar 7, 2024
03aa74b
Add a bunch of client-side test cases for IPv6
pulsastrix Mar 8, 2024
23204c7
Fix IPv6 tests running on unsupported environments
pulsastrix Mar 8, 2024
541740b
Fix import cycle in tests
pulsastrix Mar 8, 2024
162f29a
Add missing method SupportsIPv6() for windows
pulsastrix Mar 8, 2024
c088380
Require IPv6 default route for IPv6 tests
pulsastrix Mar 8, 2024
dd74e65
Fix panics in routemanager tests on non-linux
pulsastrix Mar 8, 2024
807fcea
Fix some more route manager tests concerning IPv6
pulsastrix Mar 8, 2024
160b1fe
Add some final client-side tests
pulsastrix Mar 10, 2024
e2d6dff
Add IPv6 tests for management code, small fixes
pulsastrix Mar 11, 2024
e49664f
Merge remote-tracking branch 'upstream/main' into feature/ipv6-networ…
pulsastrix Mar 11, 2024
a8bbc2f
Fix linting issues
pulsastrix Mar 11, 2024
4548069
Fix small test suite issues
pulsastrix Mar 11, 2024
46ce9a1
Merge remote-tracking branch 'upstream/main' into feature/ipv6-networ…
pulsastrix Jun 2, 2024
90934fa
Merge remote-tracking branch 'upstream/main' into feature/ipv6-networ…
pulsastrix Jun 2, 2024
09799d4
Fix linter issues and builds on macOS and Windows again
pulsastrix Jun 2, 2024
d8c48da
fix builds for iOS because of IPv6 breakage
pulsastrix Jun 8, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions client/firewall/create.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,9 @@ func NewFirewall(context context.Context, iface IFaceMapper) (firewall.Manager,
}
return fm, nil
}

// Returns true if the current firewall implementation supports IPv6.
// Currently false for anything non-linux.
func SupportsIPv6() bool {
return false
}
8 changes: 8 additions & 0 deletions client/firewall/create_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,8 @@ func NewFirewall(context context.Context, iface IFaceMapper) (firewall.Manager,
return nil, errUsp
}

// Note for devs: When adding IPv6 support to userspace bind, the implementation of AllowNetbird() has to be
// adjusted accordingly.
if err := fm.AllowNetbird(); err != nil {
log.Errorf("failed to allow netbird interface traffic: %v", err)
}
Expand All @@ -83,6 +85,12 @@ func NewFirewall(context context.Context, iface IFaceMapper) (firewall.Manager,
return fm, nil
}

// Returns true if the current firewall implementation supports IPv6.
// Currently true if the firewall is nftables.
func SupportsIPv6() bool {
return check() == NFTABLES
}

// check returns the firewall type based on common lib checks. It returns UNKNOWN if no firewall is found.
func check() FWType {
useIPTABLES := false
Expand Down
1 change: 1 addition & 0 deletions client/firewall/iface.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import "github.com/netbirdio/netbird/iface"
type IFaceMapper interface {
Name() string
Address() iface.WGAddress
Address6() *iface.WGAddress
IsUserspaceBind() bool
SetFilter(iface.PacketFilter) error
}
8 changes: 8 additions & 0 deletions client/firewall/iptables/manager_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,14 @@ type Manager struct {
router *routerManager
}

func (m *Manager) ResetV6Firewall() error {
return nil
}

func (m *Manager) V6Active() bool {
return false
}

// iFaceMapper defines subset methods of interface required for manager
type iFaceMapper interface {
Name() string
Expand Down
6 changes: 6 additions & 0 deletions client/firewall/iptables/router_linux_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,9 @@ func TestIptablesManager_InsertRoutingRules(t *testing.T) {

for _, testCase := range test.InsertRuleTestCases {
t.Run(testCase.Name, func(t *testing.T) {
if testCase.IsV6 {
t.Skip("Environment does not support IPv6, skipping IPv6 test...")
}
iptablesClient, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
require.NoError(t, err, "failed to init iptables client")

Expand Down Expand Up @@ -154,6 +157,9 @@ func TestIptablesManager_RemoveRoutingRules(t *testing.T) {

for _, testCase := range test.RemoveRuleTestCases {
t.Run(testCase.Name, func(t *testing.T) {
if testCase.IsV6 {
t.Skip("Environment does not support IPv6, skipping IPv6 test...")
}
iptablesClient, _ := iptables.NewWithProtocol(iptables.ProtocolIPv4)

manager, err := newRouterManager(context.TODO(), iptablesClient)
Expand Down
7 changes: 7 additions & 0 deletions client/firewall/manager/firewall.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,13 @@ type Manager interface {
// RemoveRoutingRules removes a routing firewall rule
RemoveRoutingRules(pair RouterPair) error

// ResetV6Firewall makes changes to the firewall to adapt to the IP address changes.
// It is expected that after calling this method ApplyFiltering will be called to re-add the firewall rules.
ResetV6Firewall() error

// V6Active returns whether IPv6 rules should/may be created by upper layers.
V6Active() bool

// Reset firewall to the default state
Reset() error

Expand Down
Loading
Loading