Merge pull request #52 from netfoundry/v0.8.0-release-candidate

V0.8.0 release candidate
netfoundry · Jun 23, 2024 · 7f7448d · 7f7448d
2 parents d85b41e + 6e52519
commit 7f7448d
Show file tree

Hide file tree

Showing 6 changed files with 1,794 additions and 758 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,15 @@
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ---
+# [0.8.0] - 2024-06-13
+
+###
+
+- Initial support for IPv6. Added basic neighbor discovery, inbound ipv6 echo (disabled by default)/ echo reply, Inbound ssh,  Outbound 
+  stateful tracking. IPv6 is disabled by default except for inbound ipv6 router advertisments so that the ipv6 auto-configuration(SLAAC) can occur before zfw enumerates ipv6 interfaces 
+  to ensure the ipv6 interface address is included in the ifindex_ip6_map.'
+- Removed unused tuple_key struct from zfw_xdp_tun_ingress.c
+
 # [0.7.8] - 2024-06-13
 
 ###

diff --git a/README.md b/README.md
@@ -7,6 +7,18 @@ filtering.  It can be used in conjunction with ufw's masquerade feature on a Wan
 the zfw_outbound_track.o is activated in the egress direction. It can also be used in conjunction with OpenZiti
 edge-routers.
 
+## New in release 0.8.0 - Initial support for ipv6
+- *Enabled via sudo zfw -6 <ifname | all> 
+  Note: Router discovery is always enabled even if ipv6 is disabled in order to ensure the ifindex_ip6_map gets populated.
+- Supports ipv6 neighbor discovery (redirects not supported)
+- *Supports inbound ipv6 echo (disabled by default can be enabled via zfw -e)/ echo reply 
+- *Supports inbound ssh (Can be disabled via zfw -x <ifname | all>) (Care should be taken as this affects IPv4 as well)
+- Supports outbound stateful host connections (Inbound only if outbound initiated)
+- Supports outbound passthrough tracking.  Sessions initiated from non-ebpf enabled interfaces out through interface(s) defined as ExternalInterface or with
+  "OutboundPassThroughTrack": true in /opt/openziti/etc/ebpf_config.json or manually applied with sudo zfw -X <ifname> -O /opt/openziti/zfw_outbound_track.o 
+   -z egress with allow stateful udp and tcp session traffic back in.
+- Monitor connection state via -M, --monitor <ifname> when -v verbose <ifname> enabled  
+*These setting need to be in /opt/openziti/bin/user_rules.sh to be persistent across reboots
 
 ## Build