github slackhq/nebula v1.3.0
Release v1.3.0
on GitHub

latest releases: v1.9.4, v1.9.3, v1.9.2...
4 years ago

Added

  • You can emit statistics about non-message packets by setting the option
    stats.message_metrics. You can similarly emit detailed statistics about
    lighthouse packets by setting the option stats.lighthouse_metrics. See
    the example config for more details. (#230)

  • We now support freebsd/amd64. This is experimental, please give us feedback.
    (#103)

  • We now release a binary for linux/mips-softfloat which has also been
    stripped to reduce filesize and hopefully have a better chance on running on
    small mips devices. (#231)

  • You can set tun.disabled to true to run a standalone lighthouse without a
    tun device (and thus, without root). (#269)

  • You can set logging.disable_timestamp to remove timestamps from log lines,
    which is useful when output is redirected to a logging system that already
    adds timestamps. (#288)

Changed

  • Handshakes should now trigger faster, as we try to be proactive with sending
    them instead of waiting for the next timer tick in most cases. (#246, #265)

  • Previously, we would drop the conntrack table whenever firewall rules were
    changed during a SIGHUP. Now, we will maintain the table and just validate
    that an entry still matches with the new rule set. (#233)

  • Debug logs for firewall drops now include the reason. (#220, #239)

  • Logs for handshakes now include the fingerprint of the remote host. (#262)

  • Config item pki.blacklist is now pki.blocklist. (#272)

  • Better support for older Linux kernels. We now only set SO_REUSEPORT if
    tun.routines is greater than 1 (default is 1). We also only use the
    recvmmsg syscall if listen.batch is greater than 1 (default is 64).
    (#275)

  • It is possible to run Nebula as a library inside of another process now.
    Note that this is still experimental and the internal APIs around this might
    change in minor version releases. (#279)

Deprecated

  • pki.blacklist is deprecated in favor of pki.blocklist with the same
    functionality. Existing configs will continue to load for this release to
    allow for migrations. (#272)

Fixed

  • advmss is now set correctly for each route table entry when tun.routes
    is configured to have some routes with higher MTU. (#245)

  • Packets that arrive on the tun device with an unroutable destination IP are
    now dropped correctly, instead of wasting time making queries to the
    lighthouses for IP 0.0.0.0 (#267)

Check out latest releases or
releases around slackhq/nebula v1.3.0

Don't miss a new nebula release

NewReleases is sending notifications on new releases.

Get notifications