feat(snownet): remove wireguard keep-alives (#3630)

`str0m` sends its own STUN keep-alives and @conectado has already removed the logic that uses the wireguard keep-alives to detect stale connections in 8234529cdf as part of the integration of `snownet`. We don't need two keep-alive mechanisms at once.
2026-01-27 10:18:54 +00:00 · 2024-02-14 13:34:44 +11:00
parent 02171189a8
commit 6b4f1a02a7
4 changed files with 6 additions and 77 deletions
--- a/rust/Cargo.lock
+++ b/rust/Cargo.lock
@@ -750,7 +750,7 @@ dependencies = [
 [[package]]
 name = "boringtun"
 version = "0.6.0"
-source = "git+https://github.com/thomaseizinger/boringtun?branch=feat/expose-last-seen#6fd54c027e6b78192a02de3e77d00552ec36968d"
+source = "git+https://github.com/cloudflare/boringtun?branch=master#f672bb6c1e1e371240a8d151f15854687eb740bb"
 dependencies = [
 "aead",
 "base64 0.13.1",
--- a/rust/Cargo.toml
+++ b/rust/Cargo.toml
@@ -47,7 +47,7 @@ firezone-tunnel = { path = "connlib/tunnel"}
 phoenix-channel = { path = "phoenix-channel"}

 [patch.crates-io]
-boringtun = { git = "https://github.com/thomaseizinger/boringtun", branch = "feat/expose-last-seen" }
+boringtun = { git = "https://github.com/cloudflare/boringtun", branch = "master" }
 webrtc = { git = "https://github.com/firezone/webrtc", branch = "expose-new-endpoint" }
 str0m = { git = "https://github.com/algesten/str0m", branch = "main" }

--- a/rust/connlib/snownet/src/info.rs
+++ b/rust/connlib/snownet/src/info.rs
@@ -1,62 +1,7 @@
-use crate::node::WIREGUARD_KEEP_ALIVE;
 use std::time::Instant;

 #[derive(Debug)]
 pub struct ConnectionInfo {
-    pub last_seen: Option<Instant>,
-
    /// When this instance of [`ConnectionInfo`] was created.
    pub generated_at: Instant,
 }
-
-impl ConnectionInfo {
-    pub fn missed_keep_alives(&self) -> u64 {
-        let Some(last_seen) = self.last_seen else {
-            return 0;
-        };
-
-        let duration = self.generated_at.duration_since(last_seen);
-
-        duration.as_secs() / WIREGUARD_KEEP_ALIVE as u64
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use std::time::Duration;
-
-    #[test]
-    fn no_missed_keep_alives_on_none() {
-        let info = info(None);
-
-        let missed_keep_alives = info.missed_keep_alives();
-
-        assert_eq!(missed_keep_alives, 0);
-    }
-
-    #[test]
-    fn more_than_5_sec_one_missed_keep_alive() {
-        let info = info(Some(Instant::now() - Duration::from_secs(6)));
-
-        let missed_keep_alives = info.missed_keep_alives();
-
-        assert_eq!(missed_keep_alives, 1);
-    }
-
-    #[test]
-    fn more_than_10_sec_two_missed_keep_alives() {
-        let info = info(Some(Instant::now() - Duration::from_secs(11)));
-
-        let missed_keep_alives = info.missed_keep_alives();
-
-        assert_eq!(missed_keep_alives, 2);
-    }
-
-    fn info(last_seen: Option<Instant>) -> ConnectionInfo {
-        ConnectionInfo {
-            last_seen,
-            generated_at: Instant::now(),
-        }
-    }
-}
--- a/rust/connlib/snownet/src/node.rs
+++ b/rust/connlib/snownet/src/node.rs
@@ -33,9 +33,6 @@ use stun_codec::rfc5389::attributes::{Realm, Username};
 // Note: Taken from boringtun
 const HANDSHAKE_RATE_LIMIT: u64 = 100;

-/// How often wireguard will send a keep-alive packet.
-pub(crate) const WIREGUARD_KEEP_ALIVE: u16 = 5;
-
 const MAX_UDP_SIZE: usize = (1 << 16) - 1;

 /// Manages a set of wireguard connections for a server.
@@ -572,7 +569,7 @@ where
                self.private_key.clone(),
                remote,
                Some(key),
-                Some(WIREGUARD_KEEP_ALIVE),
+                None,
                self.index.next(),
                Some(self.rate_limiter.clone()),
            ),
@@ -581,7 +578,6 @@ where
            next_timer_update: self.last_now,
            peer_socket: None,
            possible_sockets: HashSet::default(),
-            last_seen: None,
        }
    }

@@ -887,15 +883,9 @@ where
    TId: Eq + Hash + Copy,
 {
    fn stats(&self, now: Instant) -> impl Iterator<Item = (TId, ConnectionInfo)> + '_ {
-        self.established.iter().map(move |(id, c)| {
-            (
-                *id,
-                ConnectionInfo {
-                    last_seen: c.last_seen,
-                    generated_at: now,
-                },
-            )
-        })
+        self.established
+            .keys()
+            .map(move |id| (*id, ConnectionInfo { generated_at: now }))
    }

    fn agent_mut(&mut self, id: TId) -> Option<&mut IceAgent> {
@@ -1093,8 +1083,6 @@ struct Connection {
    tunnel: Tunn,
    next_timer_update: Instant,

-    last_seen: Option<Instant>,
-
    // When this is `Some`, we are connected.
    peer_socket: Option<PeerSocket>,
    // Socket addresses from which we might receive data (even before we are connected).
@@ -1210,10 +1198,6 @@ impl Connection {
        self.agent.handle_timeout(now);

        // TODO: `boringtun` is impure because it calls `Instant::now`.
-        self.last_seen = self
-            .tunnel
-            .time_since_last_received()
-            .and_then(|d| now.checked_sub(d));

        if now >= self.next_timer_update {
            self.next_timer_update = now + Duration::from_secs(1);