brad-defined
brad-defined
The static_host_map is soft-reloadable, but reloads only in append mode. Tested against 1.6.0. If an entry is removed from the static_host_map and Nebula is reloaded, the old settings are not...
Only works for major versions.
Nebula Stage0 handshakes carry the initiator's cert identity, but include no hint as to which peer identity they're attempting to connect to. When connecting to a peer that shares the...
Migrate to the latest google protobuf. The gogo lib had a method to Marshal to a buffer that could avoid allocation. The new golang protobuf library also has a method...
I don't see these things used anywhere. A most consequential PR.
We had a couple of reports in Slack about the Nebula app spinning on startup: https://nebulaoss.slack.com/archives/CRWJJM52B/p1654479054750989 > Hello, I have the Nebula app on Android 11. When I open it,...
- Punchy writes 1-byte packets to all RemoteList addresses known in its host map. For NAT / Firewall maintenance, it should only send packets to current tunnel addresses. - Updated...
When working on [746](https://github.com/slackhq/nebula/pull/746) I noticed that there was inconsistent lock access to HostInfo.remote pointer. Inspired by [728](https://github.com/slackhq/nebula/pull/728) this PR makes HostInfo.remote an atomicPointer.
Blocklists in the Nebula config are a list of cert fingerprints identifying certificates that should not be honored during handshakes. Instead of only specifying the blocklist as a list of...