Commit Graph

1560 Commits

Author SHA1 Message Date
James Royal 45236a1f7d VULN-44842 Add a flag that allows users to not send the Access JWT to stdout 2023-11-16 11:45:37 -06:00
Devin Carr e0a55f9c0e TUN-7965: Remove legacy incident status page check 2023-11-13 17:10:59 -08:00
Sudarsan Reddy c1d8c5e960 Release 2023.10.0 2023-10-31 09:11:23 +00:00
Devin Carr 7ae1d4668e TUN-7864: Document cloudflared versions support 2023-10-06 11:30:59 -07:00
João Oliveirinha adb7d40084 CUSTESC-33731: Make rule match test report rule in 0-index base
This changes guarantees that the coommand to report rule matches when
testing local config reports the rule number using the 0-based indexing.
This is to be consistent with the 0-based indexing on the log lines when
proxying requests.
2023-10-03 12:18:49 +01:00
João "Pisco" Fernandes 541c63d737 TUN-7824: Fix usage of systemctl status to detect which services are installed
## Summary
To determine which services were installed, cloudflared, was using the command
`systemctl status` this command gives an error if the service is installed
but isn't running, which makes the `uninstall services` command report wrongly
the services not installed. Therefore, this commit adapts it to use the
`systemctl list-units` command combined with a grep to find which services are
installed and need to be removed.
2023-09-22 15:35:55 +01:00
João Oliveirinha f1d6f0c0be TUN-7787: cloudflared only list ip routes targeted for cfd_tunnel 2023-09-20 16:05:50 +00:00
João "Pisco" Fernandes 958b6f1d24 TUN-7813: Improve tunnel delete command to use cascade delete
## Summary
Previously the force flag in the tunnel delete command was only explicitly deleting the
connections of a tunnel. Therefore, we are changing it to use the cascade query parameter
supported by the API. That parameter will delegate to the server the deletion of the tunnel
dependencies implicitly instead of the client doing it explicitly. This means that not only
the connections will get deleted, but also the tunnel routes, ensuring that no dependencies
are left without a non-deleted tunnel.
2023-09-20 12:35:43 +01:00
João Oliveirinha 6d1d91d9f9 TUN-7787: Refactor cloudflared to use new route endpoints based on route IDs
This commits makes sure that cloudflared starts using the new API
endpoints for managing routes.

Additionally, the delete route operation still allows deleting by CIDR
and VNet but it is being marked as deprecated in favor of specifying the
route ID.

The goal of this change is to make it simpler for the user to delete
routes without specifying Vnet.
2023-09-19 09:56:02 +00:00
João Oliveirinha fc0ecf4185 TUN-7776: Remove warp-routing flag from cloudflared 2023-09-18 10:02:56 +01:00
João Oliveirinha 349586007c TUN-7756: Clarify that QUIC is mandatory to support ICMP proxying 2023-09-05 15:58:19 +01:00
Chung-Ting Huang 569a7c3c9e Release 2023.8.2 2023-08-30 16:39:52 +01:00
Chung-Ting Huang bec683b67d TUN-7700: Implement feature selector to determine if connections will prefer post quantum cryptography 2023-08-29 09:05:33 +01:00
Chung-Ting Huang 38d3c3cae5 TUN-7707: Use X25519Kyber768Draft00 curve when post-quantum feature is enabled 2023-08-28 14:18:05 +00:00
Chung-Ting Huang f2d765351d Release 2023.8.1 2023-08-25 16:39:08 +01:00
Sudarsan Reddy 5d8f60873d TUN-7718: Update R2 Token to no longer encode secret
This is simply because we no longer use the legacy R2 secret that needed
this encoding.
2023-08-25 13:01:28 +00:00
Chung-Ting Huang b474778cf1 Release 2023.8.0 2023-08-23 10:28:23 +01:00
Devin Carr 65247b6f0f TUN-7584: Bump go 1.20.6
Pins all docker and cfsetup builds to a specific go patch version.
Also ran go fix on repo.
2023-07-26 13:52:40 -07:00
Devin Carr 5f3cfe044f Release 2023.7.3 2023-07-25 13:51:49 -07:00
Devin Carr 81fe0bd12b TUN-7628: Correct Host parsing for Access
Will no longer provide full hostname with path from provided
`--hostname` flag for cloudflared access to the Host header field.
This addresses certain issues caught from a security fix in go
1.19.11 and 1.20.6 in the net/http URL parsing.
2023-07-25 09:33:11 -07:00
João Oliveirinha bfeaa3418d TUN-7624: Fix flaky TestBackoffGracePeriod test in cloudflared 2023-07-24 14:39:25 +01:00
Devin Carr 9584adc38a Release 2023.7.2 2023-07-21 15:31:10 -07:00
Devin Carr 0096f2613c TUN-7587: Remove junos builds 2023-07-20 18:29:33 +00:00
João Oliveirinha ac82c8b08b TUN-7599: Onboard cloudflared to Software Dashboard 2023-07-19 13:30:35 +00:00
João "Pisco" Fernandes af3a66d60e TUN-7597: Add flag to disable auto-update services to be installed
Summary:
This commit adds a new flag "no-update-service" to the `cloudflared service install` command.

Previously, when installing cloudflared as a linux service it would always get auto-updates, now with this new flag it is possible to disable the auto updates of the service.

This flag allows to define whether we want cloudflared service to **perform auto updates or not**.
For **systemd this is done by removing the installation of the update service and timer**, for **sysv** this is done by **setting the cloudflared autoupdate flag**.
2023-07-19 11:06:11 +00:00
Devin Carr 42e0540395 TUN-7588: Update package coreos/go-systemd 2023-07-18 18:57:32 +00:00
Devin Carr 2ee90483bf TUN-7585: Remove h2mux compression
h2mux is already deprecated and will be eventually removed, in the meantime,
the compression tests cause flaky failures. Removing them and the brotli
code slims down our binaries and dependencies on CGO.
2023-07-18 18:14:19 +00:00
Devin Carr 2084a123c2 TUN-7594: Add nightly arm64 cloudflared internal deb publishes 2023-07-17 15:04:17 -07:00
Devin Carr b500e556bf TUN-7590: Remove usages of ioutil 2023-07-17 19:08:38 +00:00
Devin Carr 1b0b6bf7a8 TUN-7589: Remove legacy golang.org/x/crypto/ssh/terminal package usage
Package has been moved to golang.org/x/term
2023-07-17 19:02:15 +00:00
Devin Carr 85eee4849f TUN-7586: Upgrade go-jose/go-jose/v3 and core-os/go-oidc/v3
Removes usages of gopkg.in/square/go-jose.v2 and gopkg.in/coreos/go-oidc.v2 packages.
2023-07-17 19:02:03 +00:00
Devin Carr 9b8a533435 Release 2023.7.1 2023-07-13 12:31:33 -07:00
Devin Carr 5abb90b539 TUN-7582: Correct changelog wording for --management-diagnostics 2023-07-13 09:47:21 -07:00
João Oliveirinha 0c8bc56930 TUN-7575: Add option to disable PTMU discovery over QUIC
This commit implements the option to disable PTMU discovery for QUIC
connections.
QUIC finds the PMTU during startup by increasing Ping packet frames
until Ping responses are not received anymore, and it seems to stick
with that PMTU forever.

This is no problem if the PTMU doesn't change over time, but if it does
it may case packet drops.
We add this hidden flag for debugging purposes in such situations as a
quick way to validate if problems that are being seen can be solved by
reducing the packet size to the edge.

Note however, that this option may impact UDP proxying since we expect
being able to send UDP packets of 1280 bytes over QUIC.
So, this option should not be used when tunnel is being used for UDP
proxying.
2023-07-13 10:24:24 +01:00
Devin Carr fdab68aa08 Release 2023.7.0 2023-07-11 10:28:45 -07:00
Devin Carr 5aaab967a3 TUN-7477: Decrement UDP sessions on shutdown
When a tunnel connection is going down, any active UDP sessions
need to be cleared and the metric needs to be decremented.
2023-07-06 22:14:53 +00:00
Devin Carr ccad59dfab TUN-7564: Support cf-trace-id for cloudflared access 2023-07-06 19:03:40 +00:00
Devin Carr 8a3eade6d3 TUN-7553: Add flag to enable management diagnostic services
With the new flag --management-diagnostics (an opt-in flag)
cloudflared's will be able to report additional diagnostic information
over the management.argotunnel.com request path.
Additions include the /metrics prometheus endpoint; which is already
bound to a local port via --metrics.
/debug/pprof/(goroutine|heap) are also provided to allow for remotely
retrieving heap information from a running cloudflared connector.
2023-07-06 17:31:11 +00:00
Sudarsan Reddy 39847a70f2 TUN-7558: Flush on Writes for StreamBasedOriginProxy
In the streambased origin proxy flow (example ssh over access), there is
a chance when we do not flush on http.ResponseWriter writes. This PR
guarantees that the response writer passed to proxy stream has a flusher
embedded after writes. This means we write much more often back to the
ResponseWriter and are not waiting. Note, this is only something we do
when proxyHTTP-ing to a StreamBasedOriginProxy because we do not want to
have situations where we are not sending information that is needed by
the other side (eyeball).
2023-07-06 14:22:29 +00:00
João Oliveirinha d1e338ee48 TUN-7545: Add support for full bidirectionally streaming with close signal propagation 2023-07-06 11:54:26 +01:00
Devin Carr b243602d1c TUN-7550: Add pprof endpoint to management service 2023-07-05 20:29:00 +00:00
Devin Carr 960c5a7baf TUN-7551: Complete removal of raven-go to sentry-go
Removes the final usage of raven-go and removes the dependency.
2023-06-30 14:11:55 -07:00
Devin Carr aca3575b6d TUN-7549: Add metrics route to management service 2023-06-30 09:38:26 -07:00
Devin Carr 2b4815a9f5 TUN-7543: Add --debug-stream flag to cloudflared access ssh
Allows for debugging the payloads that are sent in client mode to
the ssh server. Required to be run with --log-directory to capture
logging output. Additionally has maximum limit that is provided with
the flag that will only capture the first N number of reads plus
writes through the WebSocket stream. These reads/writes are not directly
captured at the packet boundary so some reconstruction from the
log messages will be required.

Added User-Agent for all out-going cloudflared access
tcp requests in client mode.
Added check to not run terminal logging in cloudflared access tcp
client mode to not obstruct the stdin and stdout.
2023-06-29 10:29:15 -07:00
João "Pisco" Fernandes 729890d847 TUN-6011: Remove docker networks from ICMP Proxy test 2023-06-27 17:33:18 +01:00
EduardoGomes 31f424d589 AUTH-5328 Pass cloudflared_token_check param when running cloudflared access login 2023-06-20 11:48:38 +01:00
Sudarsan Reddy cb4bd8d065 Release 2023.6.1 2023-06-20 09:24:26 +01:00
Sudarsan Reddy 1abd22ef0a TUN-7480: Added a timeout for unregisterUDP.
I deliberately kept this as an unregistertimeout because that was the
intent. In the future we could change this to a UDPConnConfig if we want
to pass multiple values here.

The idea of this PR is simply to add a configurable unregister UDP
timeout.
2023-06-20 06:20:09 +00:00
Devin Carr a3bcf25fae TUN-7477: Add UDP/TCP session metrics
New gauge metrics are exposed in the prometheus endpoint to
capture the current and total TCP and UDP sessions that
cloudflared has proxied.
2023-06-19 16:28:37 +00:00
João Oliveirinha 20e36c5bf3 TUN-7468: Increase the limit of incoming streams 2023-06-19 10:41:56 +00:00