Commit Graph

1561 Commits

Author SHA1 Message Date
Sudarsan Reddy 99b3736cc7 TUN-6999: cloudflared should attempt other edge addresses before falling back on protocol
This PR does two things:
It changes how we fallback to a lower protocol: The current state
is to try connecting with a protocol. If it fails, fall back to a
lower protocol. And try connecting with that and so on. With this PR,
if we fail to connect with a protocol, we will try to connect to other
edge addresses first. Only if we fail to connect to those will we
fall back to a lower protocol.
It fixes a behaviour where if we fail to connect to an edge addr,
we keep re-trying the same address over and over again.
This PR now switches between edge addresses on subsequent connecton attempts.
Note that through these switches, it still respects the backoff time.
(We are connecting to a different edge, but this helps to not bombard an edge
address with connect requests if a particular edge addresses stops working).
2022-12-14 13:17:21 +00:00
João Oliveirinha e517242194 TUN-6995: Disable quick-tunnels spin up by default
Before this change when running cloudflare tunnel command without any
subcommand and without any additional flag, we would spin up a
QuickTunnel.

This is really a strange behaviour because we can easily create unwanted
tunnels and results in bad user experience.
This also has the side effect on putting more burden in our services
that are probably just mistakes.

This commit fixes that by requiring  user to specify the url command
flag.
Running cloudflared tunnel alone will result in an error message
instead.
2022-12-13 12:03:32 +00:00
Sudarsan Reddy 7dee179652 TUN-7004: Dont show local config dirs for remotely configured tuns
cloudflared shows possible directories for config files to be present if
it doesn't see one when starting up. For remotely configured files, it
may not be necessary to have a config file present. This PR looks to see
if a token flag was provided, and if yes, does not log this message.
2022-12-13 11:03:00 +00:00
Sudarsan Reddy 78ca8002d2 TUN-7003: Add back a missing fi 2022-12-12 13:21:14 +00:00
Sudarsan Reddy c13b6df0a7 TUN-7003: Tempoarily disable erroneous notarize-app
This PR temporarily disables the xcrun notarize-app feature since this
is soemthing we've historically had broken. However, what changed now is
we set -e for the mac os scripts. We'll need to remove this to unblock
mac builds.

We could spend time as part of https://jira.cfdata.org/browse/TUN-5789
to look into this.
2022-12-12 13:06:06 +00:00
Sudarsan Reddy b8b35d99fa TUN-7002: Randomise first region selection
We previously always preferred region2 as the first region to connect
to if both the regions cloudflared connects to have the same number of
availabe addresses. This change randomises that choice. The first
connection, conn index: 0, can now either connect to region 1 or region
2.

More importantly, conn 0 and 2 and 1 and 3 need not belong to the same
region.
2022-12-07 17:46:15 +00:00
João Oliveirinha 61ccc0b303 TUN-6994: Improve logging config file not found 2022-12-07 13:13:44 +00:00
João Oliveirinha 7ef9bb89d3 TUN-7000: Reduce metric cardinality of closedConnections metric by removing error as tag 2022-12-07 11:09:16 +00:00
Sudarsan Reddy 45e8eb7275 TUN-6984: [CI] Don't fail on unset.
Dont fail on bash unset (set -u) because we initialise to machine
defaults if the variables are unset within this script.
2022-12-05 17:50:49 +00:00
Sudarsan Reddy 72503eeaaa TUN-6984: [CI] Ignore security import errors for code_sigining
This PR lets the script skip if the `security import`
command exits with a 1. This is okay becuase this script manually checks
this exit code to validate if its a duplicate error and if its not,
returns.
2022-12-05 16:23:15 +00:00
Sudarsan Reddy 09e33a0b17 TUN-6984: Add bash set x to improve visibility during builds 2022-12-05 13:59:38 +00:00
Sudarsan Reddy 4c10f68e2d TUN-6984: Set euo pipefile for homebrew builds 2022-11-30 15:05:21 +00:00
João Oliveirinha cf87ec7969 Release 2022.11.1 2022-11-30 10:12:03 +00:00
João Oliveirinha 64f15d9992 TUN-6981: We should close UDP socket if failed to connecto to edge 2022-11-29 15:13:34 +00:00
João Oliveirinha e3d35570e6 CUSTESC-23757: Fix a bug where a wildcard ingress rule would match an host without starting with a dot 2022-11-25 17:00:59 +00:00
João Oliveirinha b0663dce33 TUN-6970: Print newline when printing tunnel token 2022-11-24 16:03:47 +00:00
João Oliveirinha af59851f33 TUN-6963: Refactor Metrics service setup 2022-11-22 11:35:48 +00:00
João Oliveirinha c49621c723 Release 2022.11.0 2022-11-18 10:07:13 +00:00
Sudarsan Reddy 9339bb9485 TUN-6929: Use same protocol for other connections as first one
This PR changes protocol initialization of the other N connections to be
the same as the one we know the initial tunnel connected with. This is
so we homogenize connections and not lead to some connections being
QUIC-able and the others not.

There's also an improvement to the connection registered log so we know
what protocol every individual connection connected with from the
cloudflared side.
2022-11-17 10:28:04 +00:00
João Oliveirinha 19106cd609 TUN-6935: Cloudflared should use APIToken instead of serviceKey
This commit makes cloudflared use the API token provided during login
instead of service key.
In addition, it eliminates some of the old formats since those are
legacy and we only support cloudflared versions newer than 6 months.
2022-11-16 17:07:16 +00:00
João Oliveirinha b50f172bdb Revert "TUN-6935: Cloudflared should use APIToken instead of serviceKey"
This reverts commit 1c6316c1c9.
2022-11-16 12:05:09 +00:00
João Oliveirinha 1c6316c1c9 TUN-6935: Cloudflared should use APIToken instead of serviceKey
This commit makes cloudflared use the API token provided during login
instead of service key.
In addition, it eliminates some of the old formats since those are
legacy and we only support cloudflared versions newer than 6 months.
2022-11-16 10:04:17 +00:00
Devin Carr 1fe4878264 TUN-6937: Bump golang.org/x/* packages to new release tags 2022-11-14 17:25:11 +00:00
João Oliveirinha 85b44695f0 TUN-6941: Reduce log level to debug when failing to proxy ICMP reply 2022-11-14 11:22:38 +00:00
Joel May 6a1dad0ce2 ZTC-234: macOS tests 2022-11-11 19:43:26 +00:00
Joel May 2baea15387 ZTC-234: Replace ICMP funnels when ingress connection changes
Origintunneld has been observed to continue sending reply packets to the first incoming connection it received, even if a newer connection is observed to be sending the requests.

OTD uses the funnel library from cloudflared, which is why the changes are here.

In theory, cloudflared has the same type of bug where a ping session switching between quic connections will continue sending replies to the first connection.  This bug has not been tested or confirmed though, but this PR will fix if it exists.
2022-11-11 19:43:26 +00:00
João Oliveirinha a1d88a6cdd TUN-6927: Refactor validate access configuration to allow empty audTags only 2022-11-09 12:28:58 +00:00
Devin Carr 515ad7cbee TUN-6917: Bump go to 1.19.3 2022-11-07 09:19:19 -08:00
n0k0m3 1b5313cc28
Issue #574: Better ssh config for short-lived cert (#763)
This PR is made using suggestion from #574. The pros for this config is that it will work both Windows and Linux (tested), as well as in VSCode, which normally can't be done with the current generated ssh config (refers to #734)
2022-11-02 10:44:34 +00:00
João Oliveirinha dde83d5a7c TUN-6898: Refactor addPortIfMissing 2022-10-28 15:48:10 +01:00
João Oliveirinha e14238224d TUN-6898: Fix bug handling IPv6 based ingresses with missing port 2022-10-28 12:47:59 +01:00
João Oliveirinha 66d1f27507 Release 2022.10.3 2022-10-26 10:40:17 +01:00
João Oliveirinha e6c9ec0b39 TUN-6871: Add default feature to cloudflared to support EOF on QUIC connections 2022-10-24 13:14:47 +01:00
cthuang c3c050aa79 TUN-6867: Clear spans right after they are serialized to avoid returning duplicate spans 2022-10-19 16:20:40 +01:00
Chung-Ting b1de2a74fa TUN-6876: Fix flaky TestTraceICMPRouterEcho by taking account request span can return before reply 2022-10-19 15:01:24 +01:00
Sudarsan Reddy 4d32a64f98 Release 2022.10.2 2022-10-19 09:42:04 +01:00
cthuang 11f4d10174 TUN-6868: Return left padded tracing ID when tracing identity is converted to string 2022-10-18 21:31:54 +01:00
cthuang 60a12fcb27 TUN-6864: Don't reuse port in quic unit tests 2022-10-18 20:29:59 +00:00
Sudarsan Reddy 442af9ee38 TUN-6869: Fix Makefile complaining about missing GO packages
cloudflared's Makefile uses `shell go env GOOS` to determine the
LOCAL_OS regardless of it being provided. We therefore need pinned_go as
a dependency to run docker-generate-versions.
2022-10-18 13:49:19 +01:00
Sudarsan Reddy 2e895c3a4f Release 2022.10.1 2022-10-18 11:45:22 +01:00
cthuang e9d07e35c7 TUN-6861: Trace ICMP on Windows 2022-10-18 09:57:19 +01:00
cthuang 2d5234e021 TUN-6858: Trace ICMP reply 2022-10-18 09:51:57 +01:00
cthuang b6bd8c1f5e TUN-6604: Trace icmp echo request on Linux and Darwin 2022-10-17 20:01:05 +01:00
cthuang 495f9fb8bd TUN-6856: Refactor to lay foundation for tracing ICMP
Remove send and return methods from Funnel interface. Users of Funnel can provide their own send and return methods without wrapper to comply with the interface.
Move packet router to ingress package to avoid circular dependency
2022-10-17 19:48:35 +01:00
cthuang 225c344ceb TUN-6855: Add DatagramV2Type for IP packet with trace and tracing spans 2022-10-17 19:45:01 +01:00
João Oliveirinha 61007dd2dd TUN-6860: Send access configuration keys to the edge 2022-10-16 17:10:09 +00:00
João Oliveirinha b01006fe46 TUN-6853: Reuse source port when connecting to the edge for quic connections 2022-10-13 11:50:44 +01:00
Robin Brämer 872cb003a4
Fix log message (#591)
printing `seconds` is superfluous since time.Duration already adds the `s` suffix

Invalid log message would be
```
Retrying connection in up to 1s seconds
```

Co-authored-by: João Oliveirinha <joliveirinha@cloudflare.com>
2022-10-12 11:55:41 +01:00
Sven Höxter 2aca844570 drop usage of cat when sed is invoked to generate the manpage 2022-10-12 11:46:45 +01:00
Samuel Rhea 90e5255a0d fix link 2022-10-12 11:46:18 +01:00