Commit Graph

71 Commits

Author SHA1 Message Date
Bas Westerbaan d0c10b34dd RTG-2276 Update qtls and go mod tidy 2022-10-11 02:08:19 +00:00
Sudarsan Reddy de07da02cd TUN-6772: Add a JWT Validator as an ingress verifier
This adds a new verifier interface that can be attached to ingress.Rule.
This would act as a middleware layer that gets executed at the start of
proxy.ProxyHTTP.

A jwt validator implementation for this verifier is also provided. The
validator downloads the public key from the access teams endpoint and
uses it to verify the JWT sent to cloudflared with the audtag (clientID)
information provided in the config.
2022-09-22 08:42:25 +00:00
Bas Westerbaan 11cbff4ff7 RTG-1339 Support post-quantum hybrid key exchange
Func spec: https://wiki.cfops.it/x/ZcBKHw
2022-09-07 19:32:53 +00:00
cthuang bad2e8e812 TUN-6666: Define packet package
This package defines IP and ICMP packet, decoders, encoder and flow
2022-08-24 11:36:57 +01:00
Sudarsan Reddy 065d8355c5 TUN-6637: Upgrade quic-go 2022-08-10 14:13:19 +00:00
Sudarsan Reddy 046a30e3c7 TUN-6637: Upgrade go version and quic-go 2022-08-08 15:49:10 +01:00
Devin Carr 2a177e0fc4 TUN-6583: Remove legacy --ui flag 2022-07-20 16:17:29 -07:00
Nuno Diegues 475939a77f TUN-6191: Update quic-go to v0.27.1 and with custom patch to allow keep alive period to be configurable
The idle period is set to 5sec.

We now also ping every second since last activity.
This makes the quic.Connection less prone to being closed with
no network activity, since we send multiple pings per idle
period, and thus a single packet loss cannot cause the problem.
2022-06-07 12:25:18 +01:00
Nuno Diegues 5e6f606f4e TUN-6293: Update yaml v3 to latest hotfix
This addresses https://security.snyk.io/vuln/SNYK-GOLANG-GOPKGINYAMLV3-2841557
by updating yaml v3 to latest version.

It also stops using yaml v2 directly (we were using both v2 and v3 mixed).
We still rely on yaml v2 indirectly, via urfave cli, though.

Note that the security vulnerability does not affect v2.
2022-05-30 17:38:55 +00:00
Devin Carr def8f57dbc TUN-5989: Add in-memory otlp exporter 2022-04-11 19:38:01 +00:00
Nuno Diegues b12272529f TUN-5995: Update prometheus to 1.12.1 to avoid vulnerabilities 2022-04-06 11:13:12 +00:00
João Oliveirinha 9422ea8ed8 CC-796: Remove dependency on unsupported version of go-oidc 2022-03-18 18:16:10 +00:00
João Oliveirinha 05b903a32e Revert "CC-796: Remove dependency on unsupported version of go-oidc"
This reverts commit 0899d6a136.
2022-03-18 10:03:58 +00:00
emmanuel 0899d6a136 CC-796: Remove dependency on unsupported version of go-oidc 2022-03-07 21:48:30 +00:00
cthuang 8a5343d0a5 TUN-5675: Remove github.com/dgrijalva/jwt-go dependency by upgrading coredns version 2022-01-25 15:24:13 +00:00
João Oliveirinha 74556bcd7d TUN-5547: Bump golang x/net package to fix http2 transport bugs 2022-01-17 11:13:25 +00:00
cthuang 6fa58aadba TUN-5623: Configure quic max datagram frame size to 1350 bytes for none Windows platforms 2022-01-11 14:55:43 +00:00
cthuang e71b88fcaa TUN-5408: Update quic package to v0.24.0 2021-11-10 22:10:38 +00:00
cthuang ff7c48568c TUN-5261: Collect QUIC metrics about RTT, packets and bytes transfered and log events at tracing level 2021-10-21 15:26:57 +01:00
cthuang d54c8cc745 TUN-5129: Use go 1.17 and copy .git folder to docker build to compute version 2021-09-21 15:50:35 +00:00
Sudarsan Reddy 414cb12f02 TUN-4961: Update quic-go to latest
- Updates fips-go to be the latest on cfsetup.yaml
- Updates sumtype's x/tools to be latest to avoid Internal: nil pkg
  errors with fips.
2021-08-27 12:26:00 +01:00
Sudarsan Reddy 1082ac1c36 TUN-4922: Downgrade quic-go library to 0.20.0 2021-08-13 15:45:13 +01:00
Sudarsan Reddy ed024d0741 TUN-4597: Add a QUIC server skeleton
- Added a QUIC server to accept streams
- Unit test for this server also tests ALPN
- Temporary echo capability for HTTP ConnectionType
2021-08-03 10:03:47 +00:00
Igor Postelnik 9018ee5d5e TUN-4116: Ingore credentials-file setting in configuration file during tunnel create and delete opeations.
This change has two parts:
1. Update to newer version of the urfave/cli fork that correctly sets flag value along the context hierarchy while respecting config file overide behavior of the most specific instance of the flag.
2. Redefine --credentials-file flag so that create and delete subcommand don't use value from the config file.
2021-03-24 08:15:36 -05:00
Igor Postelnik 6db934853d TUN-3963: Repoint urfave/cli/v2 library at patched branch at github.com/ipostelnik/cli/v2@fixed which correctly handles reading flags declared at multiple levels of subcommands. 2021-02-24 20:04:59 +00:00
Sudarsan Reddy b4700a52e3 TUN-3725: Warp-routing is independent of ingress
- Changed warp-routing configuration to its own yaml.
    - Ingress Rules host matching is indepedent of warp-routing.
2021-02-23 14:19:47 +00:00
cthuang 9d5bd256be TUN-3964: Revert "TUN-3922: Repoint urfave/cli/v2 library at patched branch at github.com/ipostelnik/cli/v2@fixed which correctly handles reading flags declared at multiple levels of subcommands."
This reverts commit 1670ee87fb.
2021-02-23 12:32:07 +00:00
Igor Postelnik 1670ee87fb TUN-3922: Repoint urfave/cli/v2 library at patched branch at github.com/ipostelnik/cli/v2@fixed which correctly handles reading flags declared at multiple levels of subcommands. 2021-02-18 18:12:20 +00:00
Igor Postelnik a8ae6de213 TUN-3924: Removed db-connect command. Added a placeholder handler for this command that informs users that command is no longer supported. 2021-02-17 20:13:51 -06:00
Nuno Diegues 6852047ef1 TUN-3747: Fix logging in Windows 2021-01-13 23:23:31 +00:00
Areg Harutyunyan 9bc1c0c70b TUN-3472: Set up rolling logger with zerolog and lumberjack 2020-12-23 14:15:37 -06:00
Areg Harutyunyan 870f5fa907 TUN-3470: Replace in-house logger calls with zerolog 2020-12-23 14:15:17 -06:00
Maxime Guerreiro 06404bf3e8 TUN-3650: Remove unused awsuploader package 2020-12-15 18:02:17 +01:00
cthuang 6b86f81c4a TUN-3403: Unit test for origin/proxy to test serving HTTP and Websocket 2020-11-11 15:12:15 +00:00
cthuang 6886e5f90a TUN-3467: Serialize cf-cloudflared-response-meta during package initialization using jsoniter 2020-11-11 15:11:42 +00:00
Rachel Williams d8ebde37ca TUN-3201: Create base cloudflared UI structure 2020-09-17 11:52:07 +04:00
Igor Postelnik 741cd66c9e TUN-3375: Upgrade coredns and prometheus dependencies 2020-09-09 13:14:38 -05:00
Adam Chalmers 7acea1ac99 TUN-3375: Upgrade x/text and gorilla websocket deps 2020-09-09 12:07:35 -05:00
cthuang a7562dff68 TUN-3233: List tunnels support filtering by deleted, name, existed at and id 2020-08-07 10:09:26 +01:00
Dalton 046be63253 AUTH-2596 added new logger package and replaced logrus 2020-05-27 17:07:19 -05:00
Adam Chalmers 2cf327ba01 TUN-2943: Copy certutil from edge into cloudflared 2020-05-04 17:37:29 -05:00
Dalton 41c358147c AUTH-2587 add config watcher and reload logic for access client forwarder 2020-04-29 11:07:35 -05:00
Areg Harutyunyan 6624a24040 TUN-2748: Insecure randomness vulnerability in github.com/miekg/dns 2020-03-05 13:52:45 +00:00
Ashcon Partovi 759cd019be Add db-connect, a SQL over HTTPS server 2019-11-12 20:34:39 +00:00
Chung-Ting Huang 13bf65ce4e TUN-2506: Expose active streams metrics 2019-11-07 14:09:31 -06:00
Nick Vollmar e5335b6c1b TUN-2502: Switch to go modules 2019-11-04 15:05:02 -06:00
Michael Borkenstein 91d9dca34e AUTH-2105: Adds support for local forwarding. Refactor auditlogger creation.
AUTH-2088: Adds dynamic destination routing
2019-10-10 15:25:03 -05:00
Dalton f130e6d4d7 AUTH-2021 - s3 bucket uploading for SSH logs 2019-08-29 16:54:54 -05:00
Michael Borkenstein baec3e289e AUTH-2018: Adds support for authorized keys and short lived certs 2019-08-28 09:58:42 -05:00
Adam Chalmers 4e1df1a211 TUN-2243: Revert "STOR-519: Add db-connect, a SQL over HTTPS server"
This reverts commit 5da2109811.
2019-08-26 16:50:12 -05:00