Commit Graph

1435 Commits

Author SHA1 Message Date
Devin Carr 598d3d2502 TUN-7594: Add nightly arm64 cloudflared internal deb publishes 2023-10-22 15:09:33 +02:00
Devin Carr 66a6ae3543 TUN-7590: Remove usages of ioutil 2023-10-22 15:09:33 +02:00
Devin Carr d0c0ae6c8f TUN-7589: Remove legacy golang.org/x/crypto/ssh/terminal package usage
Package has been moved to golang.org/x/term
2023-10-22 15:09:33 +02:00
Devin Carr b2654318b1 TUN-7586: Upgrade go-jose/go-jose/v3 and core-os/go-oidc/v3
Removes usages of gopkg.in/square/go-jose.v2 and gopkg.in/coreos/go-oidc.v2 packages.
2023-10-22 15:09:33 +02:00
Devin Carr 60a44fb030 Release 2023.7.1 2023-10-22 15:09:33 +02:00
Devin Carr 68bd9bb518 TUN-7582: Correct changelog wording for --management-diagnostics 2023-10-22 15:09:33 +02:00
João Oliveirinha 10d93092b5 TUN-7575: Add option to disable PTMU discovery over QUIC
This commit implements the option to disable PTMU discovery for QUIC
connections.
QUIC finds the PMTU during startup by increasing Ping packet frames
until Ping responses are not received anymore, and it seems to stick
with that PMTU forever.

This is no problem if the PTMU doesn't change over time, but if it does
it may case packet drops.
We add this hidden flag for debugging purposes in such situations as a
quick way to validate if problems that are being seen can be solved by
reducing the packet size to the edge.

Note however, that this option may impact UDP proxying since we expect
being able to send UDP packets of 1280 bytes over QUIC.
So, this option should not be used when tunnel is being used for UDP
proxying.
2023-10-22 15:09:33 +02:00
Devin Carr fdd4360914 Release 2023.7.0 2023-10-22 15:09:33 +02:00
Devin Carr 8cda225789 TUN-7477: Decrement UDP sessions on shutdown
When a tunnel connection is going down, any active UDP sessions
need to be cleared and the metric needs to be decremented.
2023-10-22 15:09:33 +02:00
Devin Carr 5e459fdbf7 TUN-7564: Support cf-trace-id for cloudflared access 2023-10-22 15:09:33 +02:00
Devin Carr 092a664f30 TUN-7553: Add flag to enable management diagnostic services
With the new flag --management-diagnostics (an opt-in flag)
cloudflared's will be able to report additional diagnostic information
over the management.argotunnel.com request path.
Additions include the /metrics prometheus endpoint; which is already
bound to a local port via --metrics.
/debug/pprof/(goroutine|heap) are also provided to allow for remotely
retrieving heap information from a running cloudflared connector.
2023-10-22 15:09:33 +02:00
Sudarsan Reddy 4f79a2baba TUN-7558: Flush on Writes for StreamBasedOriginProxy
In the streambased origin proxy flow (example ssh over access), there is
a chance when we do not flush on http.ResponseWriter writes. This PR
guarantees that the response writer passed to proxy stream has a flusher
embedded after writes. This means we write much more often back to the
ResponseWriter and are not waiting. Note, this is only something we do
when proxyHTTP-ing to a StreamBasedOriginProxy because we do not want to
have situations where we are not sending information that is needed by
the other side (eyeball).
2023-10-22 15:09:33 +02:00
João Oliveirinha 286addc102 TUN-7545: Add support for full bidirectionally streaming with close signal propagation 2023-10-22 15:09:33 +02:00
Devin Carr 1b9f55a002 TUN-7550: Add pprof endpoint to management service 2023-10-22 15:09:33 +02:00
Devin Carr a1419a73a5 TUN-7551: Complete removal of raven-go to sentry-go
Removes the final usage of raven-go and removes the dependency.
2023-10-22 15:09:33 +02:00
Devin Carr 6c0dd59701 TUN-7549: Add metrics route to management service 2023-10-22 15:09:33 +02:00
Devin Carr 4fd284dbe7 TUN-7543: Add --debug-stream flag to cloudflared access ssh
Allows for debugging the payloads that are sent in client mode to
the ssh server. Required to be run with --log-directory to capture
logging output. Additionally has maximum limit that is provided with
the flag that will only capture the first N number of reads plus
writes through the WebSocket stream. These reads/writes are not directly
captured at the packet boundary so some reconstruction from the
log messages will be required.

Added User-Agent for all out-going cloudflared access
tcp requests in client mode.
Added check to not run terminal logging in cloudflared access tcp
client mode to not obstruct the stdin and stdout.
2023-10-22 15:09:33 +02:00
João "Pisco" Fernandes a929dcca45 TUN-6011: Remove docker networks from ICMP Proxy test 2023-10-22 15:09:33 +02:00
EduardoGomes b0ce64a1c6 AUTH-5328 Pass cloudflared_token_check param when running cloudflared access login 2023-10-22 15:09:33 +02:00
Sudarsan Reddy 7550e0c12a Release 2023.6.1 2023-10-22 15:09:33 +02:00
Sudarsan Reddy c6b4bac76f TUN-7480: Added a timeout for unregisterUDP.
I deliberately kept this as an unregistertimeout because that was the
intent. In the future we could change this to a UDPConnConfig if we want
to pass multiple values here.

The idea of this PR is simply to add a configurable unregister UDP
timeout.
2023-10-22 15:09:33 +02:00
Devin Carr 136f232c00 TUN-7477: Add UDP/TCP session metrics
New gauge metrics are exposed in the prometheus endpoint to
capture the current and total TCP and UDP sessions that
cloudflared has proxied.
2023-10-22 15:09:33 +02:00
João Oliveirinha 33d56be77c TUN-7468: Increase the limit of incoming streams 2023-10-22 15:09:33 +02:00
João "Pisco" Fernandes f124bddc18 Release 2023.6.0 2023-10-22 15:09:33 +02:00
João Oliveirinha 112866090a TUN-7471: Fixes cloudflared not closing the quic stream on unregister UDP session
This code was leaking streams because it wasn't closing the quic stream
after unregistering from the edge.
2023-10-22 15:09:33 +02:00
João "Pisco" Fernandes f4ce7c6761 TUN-7463: Add default ingress rule if no ingress rules are provided when updating the configuration 2023-10-22 15:09:33 +02:00
Jean Khawand 72737a200c arm to .docker-images 2023-06-10 17:57:01 +02:00
Jean Khawand 31d3670de5 Dockerfile to support arm 32bit 2023-06-10 17:27:09 +02:00
Sudarsan Reddy 58b27a1ccf TUN-7447: Add a cover build to report code coverage 2023-05-31 14:59:05 +01:00
Devin Carr 867360c8dd Release 2023.5.1 2023-05-23 10:07:25 -07:00
Devin Carr cb97257815 TUN-7424: Add CORS headers to host_details responses 2023-05-16 22:18:57 -07:00
Devin Carr c43e07d6b7 TUN-7421: Add *.cloudflare.com to permitted Origins for management WebSocket requests 2023-05-11 10:13:39 -07:00
Devin Carr 9426b60308 TUN-7227: Migrate to devincarr/quic-go
The lucas-clemente/quic-go package moved namespaces and our branch
went stale, this new fork provides support for the new quic-go repo
and applies the max datagram frame size change.

Until the max datagram frame size support gets upstreamed into quic-go,
this can be used to unblock go 1.20 support as the old
lucas-clemente/quic-go will not get go 1.20 support.
2023-05-10 19:44:15 +00:00
Devin Carr ff9621bbd5 TUN-7404: Default configuration version set to -1
We need to set the default configuration to -1 to accommodate local
to remote configuration migrations that will set the configuration
version to 0. This make's sure to override the local configuration
with the new remote configuration when sent as it does a check against
the local current configuration version.
2023-05-05 12:47:17 -07:00
Devin Carr 7a0a618c0d Release 2023.5.0 2023-05-01 11:29:26 -07:00
João Oliveirinha 0be1ed5284 TUN-7398: Add support for quic safe stream to set deadline 2023-04-27 19:49:56 +01:00
Devin Carr 50a0c44cee TUN-7392: Ignore release checksum upload if asset already uploaded 2023-04-26 13:46:35 -07:00
Devin Carr 76391434c2 TUN-7393: Add json output for cloudflared tail
cloudflared tail now has a `--output=json` that will allow it to easily pipe into tools like jq for a more structured view of the streaming logs.
2023-04-26 15:41:00 +00:00
Sudarsan Reddy e8841c0fb3 TUN-7394: Retry StartFirstTunnel on quic.ApplicationErrors
This PR adds ApplicationError as one of the "try_again" error types for
startfirstTunnel. This ensures that these kind of errors (which we've
seen occur when a tunnel gets rate-limited) are retried.
2023-04-26 12:58:01 +01:00
Devin Carr aec1d8f653 TUN-7392: Ignore duplicate artifact uploads for github release 2023-04-25 21:44:24 +00:00
Devin Carr c7f343a3b4 TUN-7390: Remove Debian stretch builds 2023-04-25 21:44:08 +00:00
Devin Carr 7ecb6d3e88 Release 2023.4.2 2023-04-24 12:48:58 -07:00
Devin Carr 88c25d2c67 TUN-7133: Add sampling support for streaming logs
In addition to supporting sampling support for streaming logs,
cloudflared tail also supports this via `--sample 0.5` to sample 50%
of your log events.
2023-04-24 09:39:26 -07:00
Devin Carr 38cd455e4d TUN-7373: Streaming logs override for same actor
To help accommodate web browser interactions with websockets, when a
streaming logs session is requested for the same actor while already
serving a session for that user in a separate request, the original
request will be closed and the new request start streaming logs
instead. This should help with rogue sessions holding on for too long
with no client on the other side (before idle timeout or connection
close).
2023-04-21 11:54:37 -07:00
Devin Carr ee5e447d44 TUN-7141: Add component tests for streaming logs 2023-04-21 10:14:03 -07:00
Sudarsan Reddy 4d30a71434 TUN-7383: Bump requirements.txt 2023-04-20 16:49:26 +01:00
Jesse Li 39b7aed24e AUTH-4887 Add aud parameter to token transfer url 2023-04-19 21:01:24 +00:00
Devin Carr 4de1bc4bba TUN-7378: Remove RPC debug logs 2023-04-19 18:35:51 +00:00
Sudarsan Reddy e426693330 TUN-7361: Add a label to override hostname
It might make sense for users to sometimes name their cloudflared
connectors to make identification easier than relying on hostnames that
TUN-7360 provides. This PR provides a new --label option to cloudflared
tunnel that a user could provide to give custom names to their
connectors.
2023-04-19 13:56:32 +00:00
Devin Carr 0b5b9b8297 TUN-7130: Categorize UDP logs for streaming logs 2023-04-18 20:49:36 +00:00