Commit Graph

1450 Commits

Author SHA1 Message Date
Chung-Ting Huang 76c8ff9d99 TUN-7700: Implement feature selector to determine if connections will prefer post quantum cryptography 2023-10-22 15:09:33 +02:00
Chung-Ting Huang 279e080e7e TUN-7707: Use X25519Kyber768Draft00 curve when post-quantum feature is enabled 2023-10-22 15:09:33 +02:00
Chung-Ting Huang f556d9c5f8 Release 2023.8.1 2023-10-22 15:09:33 +02:00
Sudarsan Reddy cd3bd18db9 TUN-7718: Update R2 Token to no longer encode secret
This is simply because we no longer use the legacy R2 secret that needed
this encoding.
2023-10-22 15:09:33 +02:00
Chung-Ting Huang 3636e996d0 Release 2023.8.0 2023-10-22 15:09:33 +02:00
Devin Carr 3f501a6859 TUN-7584: Bump go 1.20.6
Pins all docker and cfsetup builds to a specific go patch version.
Also ran go fix on repo.
2023-10-22 15:09:33 +02:00
Devin Carr 99311880ad Release 2023.7.3 2023-10-22 15:09:33 +02:00
Devin Carr d8ff56cfce TUN-7628: Correct Host parsing for Access
Will no longer provide full hostname with path from provided
`--hostname` flag for cloudflared access to the Host header field.
This addresses certain issues caught from a security fix in go
1.19.11 and 1.20.6 in the net/http URL parsing.
2023-10-22 15:09:33 +02:00
João Oliveirinha 96966b6ccf TUN-7624: Fix flaky TestBackoffGracePeriod test in cloudflared 2023-10-22 15:09:33 +02:00
Devin Carr 431cc05c31 Release 2023.7.2 2023-10-22 15:09:33 +02:00
Devin Carr e7cc6ed90b TUN-7587: Remove junos builds 2023-10-22 15:09:33 +02:00
João Oliveirinha e2a25f934f TUN-7599: Onboard cloudflared to Software Dashboard 2023-10-22 15:09:33 +02:00
João "Pisco" Fernandes 7a16bc79b3 TUN-7597: Add flag to disable auto-update services to be installed
Summary:
This commit adds a new flag "no-update-service" to the `cloudflared service install` command.

Previously, when installing cloudflared as a linux service it would always get auto-updates, now with this new flag it is possible to disable the auto updates of the service.

This flag allows to define whether we want cloudflared service to **perform auto updates or not**.
For **systemd this is done by removing the installation of the update service and timer**, for **sysv** this is done by **setting the cloudflared autoupdate flag**.
2023-10-22 15:09:33 +02:00
Devin Carr 9073a6b720 TUN-7588: Update package coreos/go-systemd 2023-10-22 15:09:33 +02:00
Devin Carr 893ac5c434 TUN-7585: Remove h2mux compression
h2mux is already deprecated and will be eventually removed, in the meantime,
the compression tests cause flaky failures. Removing them and the brotli
code slims down our binaries and dependencies on CGO.
2023-10-22 15:09:33 +02:00
Devin Carr 598d3d2502 TUN-7594: Add nightly arm64 cloudflared internal deb publishes 2023-10-22 15:09:33 +02:00
Devin Carr 66a6ae3543 TUN-7590: Remove usages of ioutil 2023-10-22 15:09:33 +02:00
Devin Carr d0c0ae6c8f TUN-7589: Remove legacy golang.org/x/crypto/ssh/terminal package usage
Package has been moved to golang.org/x/term
2023-10-22 15:09:33 +02:00
Devin Carr b2654318b1 TUN-7586: Upgrade go-jose/go-jose/v3 and core-os/go-oidc/v3
Removes usages of gopkg.in/square/go-jose.v2 and gopkg.in/coreos/go-oidc.v2 packages.
2023-10-22 15:09:33 +02:00
Devin Carr 60a44fb030 Release 2023.7.1 2023-10-22 15:09:33 +02:00
Devin Carr 68bd9bb518 TUN-7582: Correct changelog wording for --management-diagnostics 2023-10-22 15:09:33 +02:00
João Oliveirinha 10d93092b5 TUN-7575: Add option to disable PTMU discovery over QUIC
This commit implements the option to disable PTMU discovery for QUIC
connections.
QUIC finds the PMTU during startup by increasing Ping packet frames
until Ping responses are not received anymore, and it seems to stick
with that PMTU forever.

This is no problem if the PTMU doesn't change over time, but if it does
it may case packet drops.
We add this hidden flag for debugging purposes in such situations as a
quick way to validate if problems that are being seen can be solved by
reducing the packet size to the edge.

Note however, that this option may impact UDP proxying since we expect
being able to send UDP packets of 1280 bytes over QUIC.
So, this option should not be used when tunnel is being used for UDP
proxying.
2023-10-22 15:09:33 +02:00
Devin Carr fdd4360914 Release 2023.7.0 2023-10-22 15:09:33 +02:00
Devin Carr 8cda225789 TUN-7477: Decrement UDP sessions on shutdown
When a tunnel connection is going down, any active UDP sessions
need to be cleared and the metric needs to be decremented.
2023-10-22 15:09:33 +02:00
Devin Carr 5e459fdbf7 TUN-7564: Support cf-trace-id for cloudflared access 2023-10-22 15:09:33 +02:00
Devin Carr 092a664f30 TUN-7553: Add flag to enable management diagnostic services
With the new flag --management-diagnostics (an opt-in flag)
cloudflared's will be able to report additional diagnostic information
over the management.argotunnel.com request path.
Additions include the /metrics prometheus endpoint; which is already
bound to a local port via --metrics.
/debug/pprof/(goroutine|heap) are also provided to allow for remotely
retrieving heap information from a running cloudflared connector.
2023-10-22 15:09:33 +02:00
Sudarsan Reddy 4f79a2baba TUN-7558: Flush on Writes for StreamBasedOriginProxy
In the streambased origin proxy flow (example ssh over access), there is
a chance when we do not flush on http.ResponseWriter writes. This PR
guarantees that the response writer passed to proxy stream has a flusher
embedded after writes. This means we write much more often back to the
ResponseWriter and are not waiting. Note, this is only something we do
when proxyHTTP-ing to a StreamBasedOriginProxy because we do not want to
have situations where we are not sending information that is needed by
the other side (eyeball).
2023-10-22 15:09:33 +02:00
João Oliveirinha 286addc102 TUN-7545: Add support for full bidirectionally streaming with close signal propagation 2023-10-22 15:09:33 +02:00
Devin Carr 1b9f55a002 TUN-7550: Add pprof endpoint to management service 2023-10-22 15:09:33 +02:00
Devin Carr a1419a73a5 TUN-7551: Complete removal of raven-go to sentry-go
Removes the final usage of raven-go and removes the dependency.
2023-10-22 15:09:33 +02:00
Devin Carr 6c0dd59701 TUN-7549: Add metrics route to management service 2023-10-22 15:09:33 +02:00
Devin Carr 4fd284dbe7 TUN-7543: Add --debug-stream flag to cloudflared access ssh
Allows for debugging the payloads that are sent in client mode to
the ssh server. Required to be run with --log-directory to capture
logging output. Additionally has maximum limit that is provided with
the flag that will only capture the first N number of reads plus
writes through the WebSocket stream. These reads/writes are not directly
captured at the packet boundary so some reconstruction from the
log messages will be required.

Added User-Agent for all out-going cloudflared access
tcp requests in client mode.
Added check to not run terminal logging in cloudflared access tcp
client mode to not obstruct the stdin and stdout.
2023-10-22 15:09:33 +02:00
João "Pisco" Fernandes a929dcca45 TUN-6011: Remove docker networks from ICMP Proxy test 2023-10-22 15:09:33 +02:00
EduardoGomes b0ce64a1c6 AUTH-5328 Pass cloudflared_token_check param when running cloudflared access login 2023-10-22 15:09:33 +02:00
Sudarsan Reddy 7550e0c12a Release 2023.6.1 2023-10-22 15:09:33 +02:00
Sudarsan Reddy c6b4bac76f TUN-7480: Added a timeout for unregisterUDP.
I deliberately kept this as an unregistertimeout because that was the
intent. In the future we could change this to a UDPConnConfig if we want
to pass multiple values here.

The idea of this PR is simply to add a configurable unregister UDP
timeout.
2023-10-22 15:09:33 +02:00
Devin Carr 136f232c00 TUN-7477: Add UDP/TCP session metrics
New gauge metrics are exposed in the prometheus endpoint to
capture the current and total TCP and UDP sessions that
cloudflared has proxied.
2023-10-22 15:09:33 +02:00
João Oliveirinha 33d56be77c TUN-7468: Increase the limit of incoming streams 2023-10-22 15:09:33 +02:00
João "Pisco" Fernandes f124bddc18 Release 2023.6.0 2023-10-22 15:09:33 +02:00
João Oliveirinha 112866090a TUN-7471: Fixes cloudflared not closing the quic stream on unregister UDP session
This code was leaking streams because it wasn't closing the quic stream
after unregistering from the edge.
2023-10-22 15:09:33 +02:00
João "Pisco" Fernandes f4ce7c6761 TUN-7463: Add default ingress rule if no ingress rules are provided when updating the configuration 2023-10-22 15:09:33 +02:00
Jean Khawand 72737a200c arm to .docker-images 2023-06-10 17:57:01 +02:00
Jean Khawand 31d3670de5 Dockerfile to support arm 32bit 2023-06-10 17:27:09 +02:00
Sudarsan Reddy 58b27a1ccf TUN-7447: Add a cover build to report code coverage 2023-05-31 14:59:05 +01:00
Devin Carr 867360c8dd Release 2023.5.1 2023-05-23 10:07:25 -07:00
Devin Carr cb97257815 TUN-7424: Add CORS headers to host_details responses 2023-05-16 22:18:57 -07:00
Devin Carr c43e07d6b7 TUN-7421: Add *.cloudflare.com to permitted Origins for management WebSocket requests 2023-05-11 10:13:39 -07:00
Devin Carr 9426b60308 TUN-7227: Migrate to devincarr/quic-go
The lucas-clemente/quic-go package moved namespaces and our branch
went stale, this new fork provides support for the new quic-go repo
and applies the max datagram frame size change.

Until the max datagram frame size support gets upstreamed into quic-go,
this can be used to unblock go 1.20 support as the old
lucas-clemente/quic-go will not get go 1.20 support.
2023-05-10 19:44:15 +00:00
Devin Carr ff9621bbd5 TUN-7404: Default configuration version set to -1
We need to set the default configuration to -1 to accommodate local
to remote configuration migrations that will set the configuration
version to 0. This make's sure to override the local configuration
with the new remote configuration when sent as it does a check against
the local current configuration version.
2023-05-05 12:47:17 -07:00
Devin Carr 7a0a618c0d Release 2023.5.0 2023-05-01 11:29:26 -07:00