v0.22.26

Changes

Handle proxy dns responses correctly @scareything (#827)

There were two issues that prevented proxied dns queries from working:

1. The ziti connection that dns queries are sent over is not established (by design) when the first request is sent with ziti_write. The intent is to rely on ziti_write queueing the message until the connection is established, but there was a problem in ziti-sdk-c that caused crypto hash checks to fail for messages that were sent before the connection was ready. This was fixed with ziti-sdk-c 0.36.9.
2. The write callback associated with sending the dns query to the hosting tunneler was incorrectly treating the "length" parameter as "status", so even when a message was sent successfully, the tsdk responded to the original DNS client with SRVFAIL.

Declare data pointer as const @scareything (#825)

This fixes a build error when using Xcode 15.3

v0.22.25

Changes

Avoid invalid memory access when services with hostname intercept addresses become unavailable. @scareything (#822)

Avoid segvs when processing add command @scareything (#821)

v0.22.24

Changes

get ziti-sdk-c 0.36.7 / tlsuv 0.28.3 @scareything (#820)

tlsuv 0.28.3 fixes a bug that caused partial writes to fail.

install jq in container image @qrkourier (#818)

This enables health checks to parse the output of the tunnel_status command correctly, e.g., this liveness probe idea.

v0.22.23

Changes

get ziti-sdk-c 0.36.6 @scareything (#817)

Fixes transfer rate values in tunnel_status responses.

ci: Add dependabot for github-actions @mjtrangoni (#806)

fix mkdir command that enables clobbering tmp identity in container @qrkourier (#801)

document cross-compiling ZET and DEB @qrkourier (#794)

resolves #792

correct the deb and rpm hooks @qrkourier (#805)

Fixes these install errors on Debian caused by failing to check if the file exists before unblinking, and failing to quote a variable that might be undefined.

Setting up ziti-edge-tunnel (0.22.22) ...
unlink: cannot unlink '/opt/openziti/share/ziti-edge-tunnel.service': No such file or directory
/var/lib/dpkg/info/ziti-edge-tunnel.postinst: 109: [: !=: unexpected operator

v0.22.22

Changes

send dns queries upstream @scareything (#803)

fixes #802

add group ziti to container images @qrkourier (#804)

v0.22.21

Changes

update dependencies @ekoby (#797)

• ziti-sdk to v0.36.5
• vcpkg baseline to 2023.12.12

grant read on ziti identities to members of group 'ziti' @qrkourier (#787)

v0.22.20

Changes

Proxied DNS query fixes:

• handle failures on proxy resolve connections @ekoby (#773)
  ziti connections used for proxied DNS queries could be used when in an invalid state, potentially resulting in crashes.

• complete proxy dns request when ziti_write fails @scareything (#777)
  DNS clients for proxied DNS queries that failed due to ziti_write failures would not receive a response.

• only proxy dns queries for supported query types @scareything (#774)
  Any non-address (A or AAAA) query for a wildcard domain would be proxied to the hosting tunneler, but only MX, SRV, and TXT queries are supported.

Logging improvements:

• log tcp src and dst in LOG_STATE. also log tcp flags of incoming segments @scareything (#772)
  incoming segments now look like this:

  TRACE tunnel-sdk:tunnel_tcp.c:366 recv_tcp() received segment src[tcp:100.64.1.1:64905] dst[tcp:100.64.1.5:22] flags[PSH,ACK]

v0.22.19

Changes

avoid crash when client sends app data with source_ip set. @scareything (#770)

fixes #769

codespell: Add spelling check and fix all issues @mjtrangoni (#768)

v0.22.18

Changes

get ziti-sdk-c 0.35.12 @scareything (#767)

• Fixes a crash that could be triggered by tcp clients not closing cleanly

use buffer size when calling snprintf @scareything (#766)

• Warning messages that were logged when clients sent inconsistent app data were truncated

set TCP keepalive and nodelay on backend connections @ekoby (#765)

v0.22.17

Changes

update ziti-sdk-c to 0.35.11 @scareything (#764)