Commit Graph

1454 Commits

Author SHA1 Message Date
João Oliveirinha f2a2926ef6 TUN-7787: Refactor cloudflared to use new route endpoints based on route IDs
This commits makes sure that cloudflared starts using the new API
endpoints for managing routes.

Additionally, the delete route operation still allows deleting by CIDR
and VNet but it is being marked as deprecated in favor of specifying the
route ID.

The goal of this change is to make it simpler for the user to delete
routes without specifying Vnet.
2023-10-22 15:09:33 +02:00
João Oliveirinha 68bec886cf TUN-7776: Remove warp-routing flag from cloudflared 2023-10-22 15:09:33 +02:00
João Oliveirinha dcfc831752 TUN-7756: Clarify that QUIC is mandatory to support ICMP proxying 2023-10-22 15:09:33 +02:00
Chung-Ting Huang f941b7106f Release 2023.8.2 2023-10-22 15:09:33 +02:00
Chung-Ting Huang 76c8ff9d99 TUN-7700: Implement feature selector to determine if connections will prefer post quantum cryptography 2023-10-22 15:09:33 +02:00
Chung-Ting Huang 279e080e7e TUN-7707: Use X25519Kyber768Draft00 curve when post-quantum feature is enabled 2023-10-22 15:09:33 +02:00
Chung-Ting Huang f556d9c5f8 Release 2023.8.1 2023-10-22 15:09:33 +02:00
Sudarsan Reddy cd3bd18db9 TUN-7718: Update R2 Token to no longer encode secret
This is simply because we no longer use the legacy R2 secret that needed
this encoding.
2023-10-22 15:09:33 +02:00
Chung-Ting Huang 3636e996d0 Release 2023.8.0 2023-10-22 15:09:33 +02:00
Devin Carr 3f501a6859 TUN-7584: Bump go 1.20.6
Pins all docker and cfsetup builds to a specific go patch version.
Also ran go fix on repo.
2023-10-22 15:09:33 +02:00
Devin Carr 99311880ad Release 2023.7.3 2023-10-22 15:09:33 +02:00
Devin Carr d8ff56cfce TUN-7628: Correct Host parsing for Access
Will no longer provide full hostname with path from provided
`--hostname` flag for cloudflared access to the Host header field.
This addresses certain issues caught from a security fix in go
1.19.11 and 1.20.6 in the net/http URL parsing.
2023-10-22 15:09:33 +02:00
João Oliveirinha 96966b6ccf TUN-7624: Fix flaky TestBackoffGracePeriod test in cloudflared 2023-10-22 15:09:33 +02:00
Devin Carr 431cc05c31 Release 2023.7.2 2023-10-22 15:09:33 +02:00
Devin Carr e7cc6ed90b TUN-7587: Remove junos builds 2023-10-22 15:09:33 +02:00
João Oliveirinha e2a25f934f TUN-7599: Onboard cloudflared to Software Dashboard 2023-10-22 15:09:33 +02:00
João "Pisco" Fernandes 7a16bc79b3 TUN-7597: Add flag to disable auto-update services to be installed
Summary:
This commit adds a new flag "no-update-service" to the `cloudflared service install` command.

Previously, when installing cloudflared as a linux service it would always get auto-updates, now with this new flag it is possible to disable the auto updates of the service.

This flag allows to define whether we want cloudflared service to **perform auto updates or not**.
For **systemd this is done by removing the installation of the update service and timer**, for **sysv** this is done by **setting the cloudflared autoupdate flag**.
2023-10-22 15:09:33 +02:00
Devin Carr 9073a6b720 TUN-7588: Update package coreos/go-systemd 2023-10-22 15:09:33 +02:00
Devin Carr 893ac5c434 TUN-7585: Remove h2mux compression
h2mux is already deprecated and will be eventually removed, in the meantime,
the compression tests cause flaky failures. Removing them and the brotli
code slims down our binaries and dependencies on CGO.
2023-10-22 15:09:33 +02:00
Devin Carr 598d3d2502 TUN-7594: Add nightly arm64 cloudflared internal deb publishes 2023-10-22 15:09:33 +02:00
Devin Carr 66a6ae3543 TUN-7590: Remove usages of ioutil 2023-10-22 15:09:33 +02:00
Devin Carr d0c0ae6c8f TUN-7589: Remove legacy golang.org/x/crypto/ssh/terminal package usage
Package has been moved to golang.org/x/term
2023-10-22 15:09:33 +02:00
Devin Carr b2654318b1 TUN-7586: Upgrade go-jose/go-jose/v3 and core-os/go-oidc/v3
Removes usages of gopkg.in/square/go-jose.v2 and gopkg.in/coreos/go-oidc.v2 packages.
2023-10-22 15:09:33 +02:00
Devin Carr 60a44fb030 Release 2023.7.1 2023-10-22 15:09:33 +02:00
Devin Carr 68bd9bb518 TUN-7582: Correct changelog wording for --management-diagnostics 2023-10-22 15:09:33 +02:00
João Oliveirinha 10d93092b5 TUN-7575: Add option to disable PTMU discovery over QUIC
This commit implements the option to disable PTMU discovery for QUIC
connections.
QUIC finds the PMTU during startup by increasing Ping packet frames
until Ping responses are not received anymore, and it seems to stick
with that PMTU forever.

This is no problem if the PTMU doesn't change over time, but if it does
it may case packet drops.
We add this hidden flag for debugging purposes in such situations as a
quick way to validate if problems that are being seen can be solved by
reducing the packet size to the edge.

Note however, that this option may impact UDP proxying since we expect
being able to send UDP packets of 1280 bytes over QUIC.
So, this option should not be used when tunnel is being used for UDP
proxying.
2023-10-22 15:09:33 +02:00
Devin Carr fdd4360914 Release 2023.7.0 2023-10-22 15:09:33 +02:00
Devin Carr 8cda225789 TUN-7477: Decrement UDP sessions on shutdown
When a tunnel connection is going down, any active UDP sessions
need to be cleared and the metric needs to be decremented.
2023-10-22 15:09:33 +02:00
Devin Carr 5e459fdbf7 TUN-7564: Support cf-trace-id for cloudflared access 2023-10-22 15:09:33 +02:00
Devin Carr 092a664f30 TUN-7553: Add flag to enable management diagnostic services
With the new flag --management-diagnostics (an opt-in flag)
cloudflared's will be able to report additional diagnostic information
over the management.argotunnel.com request path.
Additions include the /metrics prometheus endpoint; which is already
bound to a local port via --metrics.
/debug/pprof/(goroutine|heap) are also provided to allow for remotely
retrieving heap information from a running cloudflared connector.
2023-10-22 15:09:33 +02:00
Sudarsan Reddy 4f79a2baba TUN-7558: Flush on Writes for StreamBasedOriginProxy
In the streambased origin proxy flow (example ssh over access), there is
a chance when we do not flush on http.ResponseWriter writes. This PR
guarantees that the response writer passed to proxy stream has a flusher
embedded after writes. This means we write much more often back to the
ResponseWriter and are not waiting. Note, this is only something we do
when proxyHTTP-ing to a StreamBasedOriginProxy because we do not want to
have situations where we are not sending information that is needed by
the other side (eyeball).
2023-10-22 15:09:33 +02:00
João Oliveirinha 286addc102 TUN-7545: Add support for full bidirectionally streaming with close signal propagation 2023-10-22 15:09:33 +02:00
Devin Carr 1b9f55a002 TUN-7550: Add pprof endpoint to management service 2023-10-22 15:09:33 +02:00
Devin Carr a1419a73a5 TUN-7551: Complete removal of raven-go to sentry-go
Removes the final usage of raven-go and removes the dependency.
2023-10-22 15:09:33 +02:00
Devin Carr 6c0dd59701 TUN-7549: Add metrics route to management service 2023-10-22 15:09:33 +02:00
Devin Carr 4fd284dbe7 TUN-7543: Add --debug-stream flag to cloudflared access ssh
Allows for debugging the payloads that are sent in client mode to
the ssh server. Required to be run with --log-directory to capture
logging output. Additionally has maximum limit that is provided with
the flag that will only capture the first N number of reads plus
writes through the WebSocket stream. These reads/writes are not directly
captured at the packet boundary so some reconstruction from the
log messages will be required.

Added User-Agent for all out-going cloudflared access
tcp requests in client mode.
Added check to not run terminal logging in cloudflared access tcp
client mode to not obstruct the stdin and stdout.
2023-10-22 15:09:33 +02:00
João "Pisco" Fernandes a929dcca45 TUN-6011: Remove docker networks from ICMP Proxy test 2023-10-22 15:09:33 +02:00
EduardoGomes b0ce64a1c6 AUTH-5328 Pass cloudflared_token_check param when running cloudflared access login 2023-10-22 15:09:33 +02:00
Sudarsan Reddy 7550e0c12a Release 2023.6.1 2023-10-22 15:09:33 +02:00
Sudarsan Reddy c6b4bac76f TUN-7480: Added a timeout for unregisterUDP.
I deliberately kept this as an unregistertimeout because that was the
intent. In the future we could change this to a UDPConnConfig if we want
to pass multiple values here.

The idea of this PR is simply to add a configurable unregister UDP
timeout.
2023-10-22 15:09:33 +02:00
Devin Carr 136f232c00 TUN-7477: Add UDP/TCP session metrics
New gauge metrics are exposed in the prometheus endpoint to
capture the current and total TCP and UDP sessions that
cloudflared has proxied.
2023-10-22 15:09:33 +02:00
João Oliveirinha 33d56be77c TUN-7468: Increase the limit of incoming streams 2023-10-22 15:09:33 +02:00
João "Pisco" Fernandes f124bddc18 Release 2023.6.0 2023-10-22 15:09:33 +02:00
João Oliveirinha 112866090a TUN-7471: Fixes cloudflared not closing the quic stream on unregister UDP session
This code was leaking streams because it wasn't closing the quic stream
after unregistering from the edge.
2023-10-22 15:09:33 +02:00
João "Pisco" Fernandes f4ce7c6761 TUN-7463: Add default ingress rule if no ingress rules are provided when updating the configuration 2023-10-22 15:09:33 +02:00
Jean Khawand 72737a200c arm to .docker-images 2023-06-10 17:57:01 +02:00
Jean Khawand 31d3670de5 Dockerfile to support arm 32bit 2023-06-10 17:27:09 +02:00
Sudarsan Reddy 58b27a1ccf TUN-7447: Add a cover build to report code coverage 2023-05-31 14:59:05 +01:00
Devin Carr 867360c8dd Release 2023.5.1 2023-05-23 10:07:25 -07:00
Devin Carr cb97257815 TUN-7424: Add CORS headers to host_details responses 2023-05-16 22:18:57 -07:00