github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Feat/connlib full flow (#1722)

Browse Source 
With this PR the full control-plane message flow is working.

Meaning that if you do:

```
docker compose up -d
docker compose exec -it client "ping 172.20.0.2" # will fix this IP later
```

Messages start flowing to gateway. The gateway still not correctly
forwards the messages to the resource since masquerading is still not
working, although I suspect there might be an additional problem. Will
fix this in my next PR along with a README on how to test this whole
flow.

This PR also fixes how we sent the stamp secret to the gateway from the
relay, but I still see some warnings in the webrtc that I'm sure that
are due to a mismatch between how webrtc-rs and the relay handle
messages (The most important being `bind() failed: unexpected response
type`), I will take a look at that and a way to test that the flow works
when:
1. hole-punching is available
2. through relay when it's not
Since the flow right now works without hole-punching or relay since the
gateway is in the same network in the docker compose.
This commit is contained in:
Gabi
2023-07-03 16:25:37 -03:00
committed by GitHub
parent 5679d63206
commit 8967b53170
13 changed files with 459 additions and 222 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docker-compose.yml
View File

@@ -119,6 +119,7 @@ services:
environment:
FZ_URL: "ws://api:8081/"
FZ_SECRET: "SFMyNTY.g2gDaANkAAhpZGVudGl0eW0AAAAkN2RhN2QxY2QtMTExYy00NGE3LWI1YWMtNDAyN2I5ZDIzMGU1bQAAACAZ_F7tY7RZcWcaeGbwM9H9EBDdj2U4QPu2sBzD8Z_7R24GAMH8mfqIAWIB4TOA.2IZ089fjvNLoCsirq2PwNTfMHXf3285F6YcNquk6niU"
RUST_LOG: headless=trace,firezone_client_connlib=trace,firezone_tunnel=trace,libs_common=trace,warn
build:
context: rust
dockerfile: Dockerfile.dev
@@ -142,6 +143,7 @@ services:
environment:
FZ_URL: "ws://api:8081/"
FZ_SECRET: "SFMyNTY.g2gDaAJtAAAAJDNjZWYwNTY2LWFkZmQtNDhmZS1hMGYxLTU4MDY3OTYwOGY2Zm0AAABAamp0enhSRkpQWkdCYy1vQ1o5RHkyRndqd2FIWE1BVWRwenVScjJzUnJvcHg3NS16bmhfeHBfNWJUNU9uby1yYm4GAFvAb_mIAWIAAVGA.1DaY3H3fKzW5sqcciJqlHyG0uFctzOewofsVRGS7NrQ"
RUST_LOG: gateway=trace,firezone_gateway_connlib=trace,firezone_tunnel=trace,libs_common=trace,warn
build:
context: rust
dockerfile: Dockerfile.dev

311
rust/Cargo.lock generated
View File

@@ -2,6 +2,21 @@
# It is not intended for manual editing.
version = 3
[[package]]
name = "addr2line"
version = "0.20.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f4fa78e18c64fce05e902adecd7a5eed15a5e0a3439f7b0e169f0252214865e3"
dependencies = [
"gimli",
]
[[package]]
name = "adler"
version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
[[package]]
name = "aead"
version = "0.3.2"
@@ -256,13 +271,13 @@ dependencies = [
[[package]]
name = "async-trait"
version = "0.1.68"
version = "0.1.69"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b9ccdd8f2a161be9bd5c023df56f1b2a0bd1d83872ae53b71a84a12c9bf6e842"
checksum = "7b2d0f03b3640e3a630367e40c468cb7f309529c708ed1d88597047b0e7c6ef7"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.18",
"syn 2.0.23",
]
[[package]]
@@ -288,6 +303,21 @@ dependencies = [
"rand",
]
[[package]]
name = "backtrace"
version = "0.3.68"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4319208da049c43661739c5fade2ba182f09d1dc2299b32298d3a31692b17e12"
dependencies = [
"addr2line",
"cc 1.0.79 (registry+https://github.com/rust-lang/crates.io-index)",
"cfg-if 1.0.0",
"libc",
"miniz_oxide",
"object",
"rustc-demangle",
]
[[package]]
name = "base16ct"
version = "0.1.1"
@@ -342,6 +372,12 @@ version = "1.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
[[package]]
name = "bitflags"
version = "2.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "630be753d4e58660abd17930c71b647fe46c27ea6b63cc59e1e3851406972e42"
[[package]]
name = "blake2"
version = "0.10.6"
@@ -379,7 +415,7 @@ checksum = "8d696c370c750c948ada61c69a0ee2cbbb9c50b1019ddb86d9317157a99c2cae"
[[package]]
name = "boringtun"
version = "0.5.2"
source = "git+https://github.com/cloudflare/boringtun?rev=878385f#878385f171d60effac4ad1a9d4dee41e777528b8"
source = "git+https://github.com/firezone/boringtun?branch=master#9e45acd768d88ce0eb74219641fbc2463d1f7b66"
dependencies = [
"aead 0.5.2",
"base64 0.13.1",
@@ -524,9 +560,9 @@ dependencies = [
[[package]]
name = "clap"
version = "4.3.5"
version = "4.3.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2686c4115cb0810d9a984776e197823d08ec94f176549a89a9efded477c456dc"
checksum = "384e169cc618c613d5e3ca6404dda77a8685a63e08660dcc64abaf7da7cb0c7a"
dependencies = [
"clap_builder",
"clap_derive",
@@ -535,13 +571,12 @@ dependencies = [
[[package]]
name = "clap_builder"
version = "4.3.5"
version = "4.3.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2e53afce1efce6ed1f633cf0e57612fe51db54a1ee4fd8f8503d078fe02d69ae"
checksum = "ef137bbe35aab78bdb468ccfba75a5f4d8321ae011d34063770780545176af2d"
dependencies = [
"anstream",
"anstyle",
"bitflags",
"clap_lex",
"strsim",
]
@@ -555,7 +590,7 @@ dependencies = [
"heck",
"proc-macro2",
"quote",
"syn 2.0.18",
"syn 2.0.23",
]
[[package]]
@@ -609,9 +644,9 @@ dependencies = [
[[package]]
name = "const-oid"
version = "0.9.2"
version = "0.9.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "520fbf3c07483f94e3e3ca9d0cfd913d7718ef2483d2cfd91c0d9e91474ab913"
checksum = "6340df57935414636969091153f35f68d9f00bbc8fb4a9c6054706c213e6c6bc"
[[package]]
name = "convert_case"
@@ -715,18 +750,31 @@ dependencies = [
[[package]]
name = "curve25519-dalek"
version = "4.0.0-rc.2"
version = "4.0.0-rc.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "03d928d978dbec61a1167414f5ec534f24bea0d7a0d24dd9b6233d3d8223e585"
checksum = "436ace70fc06e06f7f689d2624dc4e2f0ea666efb5aa704215f7249ae6e047a7"
dependencies = [
"cfg-if 1.0.0",
"cpufeatures",
"curve25519-dalek-derive",
"fiat-crypto",
"packed_simd_2",
"platforms",
"rustc_version",
"subtle",
"zeroize",
]
[[package]]
name = "curve25519-dalek-derive"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "83fdaf97f4804dcebfa5862639bc9ce4121e82140bec2a987ac5140294865b5b"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.23",
]
[[package]]
name = "darling"
version = "0.14.4"
@@ -885,7 +933,7 @@ checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.18",
"syn 2.0.23",
]
[[package]]
@@ -1126,7 +1174,7 @@ checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.18",
"syn 2.0.23",
]
[[package]]
@@ -1212,6 +1260,12 @@ dependencies = [
"polyval",
]
[[package]]
name = "gimli"
version = "0.27.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b6c80984affa11d98d1b88b66ac8853f143217b399d3c74116778ff8fdb4ed2e"
[[package]]
name = "glob"
version = "0.3.1"
@@ -1247,15 +1301,6 @@ version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8"
[[package]]
name = "hermit-abi"
version = "0.2.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ee512640fe35acbfb4bb779db6f0d80704c2cacfa2e39b601ef3e3f47d1ae4c7"
dependencies = [
"libc",
]
[[package]]
name = "hermit-abi"
version = "0.3.1"
@@ -1383,7 +1428,7 @@ version = "1.0.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2"
dependencies = [
"hermit-abi 0.3.1",
"hermit-abi",
"libc",
"windows-sys 0.48.0",
]
@@ -1415,19 +1460,18 @@ checksum = "8e537132deb99c0eb4b752f0346b6a836200eaaa3516dd7e5514b63930a09e5d"
[[package]]
name = "ipnet"
version = "2.7.2"
version = "2.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "12b6ee2129af8d4fb011108c73d99a1b83a85977f23b82460c0ae2e25bb4b57f"
checksum = "28b29a3cd74f0f4598934efe3aeba42bae0eb4680554128851ebbecb02af14e6"
[[package]]
name = "is-terminal"
version = "0.4.7"
version = "0.4.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "adcf93614601c8129ddf72e2d5633df827ba6551541c6d8c59520a371475be1f"
checksum = "24fddda5af7e54bf7da53067d6e802dbcc381d0a8eef629df528e3ebf68755cb"
dependencies = [
"hermit-abi 0.3.1",
"io-lifetimes",
"rustix",
"hermit-abi",
"rustix 0.38.2",
"windows-sys 0.48.0",
]
@@ -1442,9 +1486,9 @@ dependencies = [
[[package]]
name = "itoa"
version = "1.0.6"
version = "1.0.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6"
checksum = "62b02a5381cc465bd3041d84623d0fa3b66738b52b8e2fc3bab8ad63ab032f4a"
[[package]]
name = "java-locator"
@@ -1511,9 +1555,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
[[package]]
name = "libc"
version = "0.2.146"
version = "0.2.147"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f92be4933c13fd498862a9e02a3055f8a8d9c039ce33db97306fd5a6caa7f29b"
checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3"
[[package]]
name = "libloading"
@@ -1525,12 +1569,6 @@ dependencies = [
"winapi",
]
[[package]]
name = "libm"
version = "0.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7fc7aa29613bd6a620df431842069224d8bc9011086b1db4c0e0cd47fa03ec9a"
[[package]]
name = "libm"
version = "0.2.7"
@@ -1570,6 +1608,12 @@ version = "0.3.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519"
[[package]]
name = "linux-raw-sys"
version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "09fc20d2ca12cb9f044c93e3bd6d32d523e6e2ec3db4f7b2939cd99026ecd3f0"
[[package]]
name = "lock_api"
version = "0.4.10"
@@ -1631,6 +1675,15 @@ version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
[[package]]
name = "miniz_oxide"
version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7"
dependencies = [
"adler",
]
[[package]]
name = "mio"
version = "0.8.8"
@@ -1661,7 +1714,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ea993e32c77d87f01236c38f572ecb6c311d592e56a06262a007fd2a6e31253c"
dependencies = [
"anyhow",
"bitflags",
"bitflags 1.3.2",
"byteorder",
"libc",
"netlink-packet-core",
@@ -1714,7 +1767,7 @@ version = "0.24.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fa52e972a9a719cecb6864fb88568781eb706bac2cd1d4f04a648542dbf78069"
dependencies = [
"bitflags",
"bitflags 1.3.2",
"cfg-if 1.0.0",
"libc",
"memoffset",
@@ -1727,7 +1780,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f346ff70e7dbfd675fe90590b92d59ef2de15a8779ae305ebcbfd3f0caf59be4"
dependencies = [
"autocfg",
"bitflags",
"bitflags 1.3.2",
"cfg-if 1.0.0",
"libc",
]
@@ -1738,7 +1791,7 @@ version = "0.26.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bfdda3d196821d6af13126e40375cdf7da646a96114af134d5f417a9a1dc8e1a"
dependencies = [
"bitflags",
"bitflags 1.3.2",
"cfg-if 1.0.0",
"libc",
"static_assertions",
@@ -1792,19 +1845,28 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd"
dependencies = [
"autocfg",
"libm 0.2.7",
"libm",
]
[[package]]
name = "num_cpus"
version = "1.15.0"
version = "1.16.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0fac9e2da13b5eb447a6ce3d392f23a29d8694bff781bf03a16cd9ac8697593b"
checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43"
dependencies = [
"hermit-abi 0.2.6",
"hermit-abi",
"libc",
]
[[package]]
name = "object"
version = "0.31.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8bda667d9f2b5051b8833f59f3bf748b28ef54f850f4fcb389a252aa383866d1"
dependencies = [
"memchr",
]
[[package]]
name = "oid-registry"
version = "0.4.0"
@@ -1879,16 +1941,6 @@ dependencies = [
"sha2",
]
[[package]]
name = "packed_simd_2"
version = "0.3.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a1914cd452d8fccd6f9db48147b29fd4ae05bea9dc5d9ad578509f72415de282"
dependencies = [
"cfg-if 1.0.0",
"libm 0.1.4",
]
[[package]]
name = "parking_lot"
version = "0.12.1"
@@ -1909,7 +1961,7 @@ dependencies = [
"libc",
"redox_syscall",
"smallvec",
"windows-targets 0.48.0",
"windows-targets 0.48.1",
]
[[package]]
@@ -1960,9 +2012,9 @@ dependencies = [
[[package]]
name = "pin-project-lite"
version = "0.2.9"
version = "0.2.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116"
checksum = "4c40d25201921e5ff0c862a505c6557ea88568a4e3ace775ab55e93f2f4f9d57"
[[package]]
name = "pin-utils"
@@ -2017,9 +2069,9 @@ checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
[[package]]
name = "proc-macro2"
version = "1.0.60"
version = "1.0.63"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dec2b086b7a862cf4de201096214fa870344cf922b2b30c167badb3af3195406"
checksum = "7b368fba921b0dce7e60f5e04ec15e565b3303972b42bcfde1d0713b881959eb"
dependencies = [
"unicode-ident",
]
@@ -2031,7 +2083,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4e35c06b98bf36aba164cc17cb25f7e232f5c4aeea73baa14b8a9f0d92dbfa65"
dependencies = [
"bit-set",
"bitflags",
"bitflags 1.3.2",
"byteorder",
"lazy_static",
"num-traits",
@@ -2052,9 +2104,9 @@ checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0"
[[package]]
name = "quote"
version = "1.0.28"
version = "1.0.29"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1b9ab9c7eadfd8df19006f1cf1a4aed13540ed5cbc047010ece5826e10825488"
checksum = "573015e8ab27661678357f27dc26460738fd2b6c86e46f386fde94cb5d913105"
dependencies = [
"proc-macro2",
]
@@ -2145,7 +2197,7 @@ version = "0.3.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29"
dependencies = [
"bitflags",
"bitflags 1.3.2",
]
[[package]]
@@ -2279,6 +2331,12 @@ dependencies = [
"webrtc-util",
]
[[package]]
name = "rustc-demangle"
version = "0.1.23"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76"
[[package]]
name = "rustc_version"
version = "0.4.0"
@@ -2299,15 +2357,28 @@ dependencies = [
[[package]]
name = "rustix"
version = "0.37.20"
version = "0.37.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b96e891d04aa506a6d1f318d2771bcb1c7dfda84e126660ace067c9b474bb2c0"
checksum = "8818fa822adcc98b18fedbb3632a6a33213c070556b5aa7c4c8cc21cff565c4c"
dependencies = [
"bitflags",
"bitflags 1.3.2",
"errno",
"io-lifetimes",
"libc",
"linux-raw-sys",
"linux-raw-sys 0.3.8",
"windows-sys 0.48.0",
]
[[package]]
name = "rustix"
version = "0.38.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "aabcb0461ebd01d6b79945797c27f8529082226cb630a9865a71870ff63532a4"
dependencies = [
"bitflags 2.3.3",
"errno",
"libc",
"linux-raw-sys 0.4.3",
"windows-sys 0.48.0",
]
@@ -2350,9 +2421,9 @@ dependencies = [
[[package]]
name = "rustls-pemfile"
version = "1.0.2"
version = "1.0.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d194b56d58803a43635bdc398cd17e383d6f71f9182b9a192c127ca42494a59b"
checksum = "2d3987094b1d07b653b7dfdc3f70ce9a1da9c51ac18c1b06b662e4f9a0e9f4b2"
dependencies = [
"base64 0.21.2",
]
@@ -2381,9 +2452,9 @@ dependencies = [
[[package]]
name = "ryu"
version = "1.0.13"
version = "1.0.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f91339c0467de62360649f8d3e185ca8de4224ff281f66000de5eb2a77a79041"
checksum = "fe232bdf6be8c8de797b22184ee71118d63780ea42ac85b61d1baa6d3b782ae9"
[[package]]
name = "same-file"
@@ -2396,11 +2467,11 @@ dependencies = [
[[package]]
name = "schannel"
version = "0.1.21"
version = "0.1.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "713cfb06c7059f3588fb8044c0fad1d09e3c01d225e25b9220dbfdcf16dbb1b3"
checksum = "0c3733bf4cf7ea0880754e19cb5a462007c4a8c1914bff372ccc95b464f1df88"
dependencies = [
"windows-sys 0.42.0",
"windows-sys 0.48.0",
]
[[package]]
@@ -2461,7 +2532,7 @@ version = "2.9.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1fc758eb7bffce5b308734e9b0c1468893cae9ff70ebf13e7090be8dcbcc83a8"
dependencies = [
"bitflags",
"bitflags 1.3.2",
"core-foundation",
"core-foundation-sys",
"libc",
@@ -2486,29 +2557,29 @@ checksum = "bebd363326d05ec3e2f532ab7660680f3b02130d780c299bca73469d521bc0ed"
[[package]]
name = "serde"
version = "1.0.164"
version = "1.0.165"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9e8c8cf938e98f769bc164923b06dce91cea1751522f46f8466461af04c9027d"
checksum = "c939f902bb7d0ccc5bce4f03297e161543c2dcb30914faf032c2bd0b7a0d48fc"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
version = "1.0.164"
version = "1.0.165"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d9735b638ccc51c28bf6914d90a2e9725b377144fc612c49a611fddd1b631d68"
checksum = "6eaae920e25fffe4019b75ff65e7660e72091e59dd204cb5849bbd6a3fd343d7"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.18",
"syn 2.0.23",
]
[[package]]
name = "serde_json"
version = "1.0.97"
version = "1.0.99"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bdf3bf93142acad5821c99197022e170842cdbc1c30482b98750c688c640842a"
checksum = "46266871c240a00b8f503b877622fe33430b3c7d963bdc0f2adc511e54a1eae3"
dependencies = [
"itoa",
"ryu",
@@ -2779,9 +2850,9 @@ dependencies = [
[[package]]
name = "syn"
version = "2.0.18"
version = "2.0.23"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "32d41677bcbe24c20c52e7c70b0d8db04134c5d1066bf98662e2871ad200ea3e"
checksum = "59fb7d6d8281a51045d62b8eb3a7d1ce347b76f312af50cd3dc0af39c87c1737"
dependencies = [
"proc-macro2",
"quote",
@@ -2810,7 +2881,7 @@ dependencies = [
"cfg-if 1.0.0",
"fastrand",
"redox_syscall",
"rustix",
"rustix 0.37.22",
"windows-sys 0.48.0",
]
@@ -2852,7 +2923,7 @@ checksum = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.18",
"syn 2.0.23",
]
[[package]]
@@ -2909,11 +2980,12 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
[[package]]
name = "tokio"
version = "1.28.2"
version = "1.29.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "94d7b1cfd2aa4011f2de74c2c4c63665e27a71006b0a192dcd2710272e73dfa2"
checksum = "532826ff75199d5833b9d2c5fe410f29235e25704ee5f0ef599fb51c21f4a4da"
dependencies = [
"autocfg",
"backtrace",
"bytes",
"libc",
"mio",
@@ -2934,7 +3006,7 @@ checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.18",
"syn 2.0.23",
]
[[package]]
@@ -3003,13 +3075,13 @@ dependencies = [
[[package]]
name = "tracing-attributes"
version = "0.1.25"
version = "0.1.26"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8803eee176538f94ae9a14b55b2804eb7e1441f8210b1c31290b3bccdccff73b"
checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.18",
"syn 2.0.23",
]
[[package]]
@@ -3225,9 +3297,9 @@ checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a"
[[package]]
name = "uuid"
version = "1.3.4"
version = "1.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0fa2982af2eec27de306107c027578ff7f423d65f7250e40ce0fea8f45248b81"
checksum = "d023da39d1fde5a8a3fe1f3e01ca9632ada0a63e9797de55a879d6e2236277be"
dependencies = [
"getrandom 0.2.10",
"serde",
@@ -3306,7 +3378,7 @@ dependencies = [
"once_cell",
"proc-macro2",
"quote",
"syn 2.0.18",
"syn 2.0.23",
"wasm-bindgen-shared",
]
@@ -3328,7 +3400,7 @@ checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.18",
"syn 2.0.23",
"wasm-bindgen-backend",
"wasm-bindgen-shared",
]
@@ -3564,7 +3636,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "93f1db1727772c05cf7a2cfece52c3aca8045ca1e176cd517d323489aa3c6d87"
dependencies = [
"async-trait",
"bitflags",
"bitflags 1.3.2",
"bytes",
"cc 1.0.79 (registry+https://github.com/rust-lang/crates.io-index)",
"ipnet",
@@ -3615,21 +3687,6 @@ version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
[[package]]
name = "windows-sys"
version = "0.42.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7"
dependencies = [
"windows_aarch64_gnullvm 0.42.2",
"windows_aarch64_msvc 0.42.2",
"windows_i686_gnu 0.42.2",
"windows_i686_msvc 0.42.2",
"windows_x86_64_gnu 0.42.2",
"windows_x86_64_gnullvm 0.42.2",
"windows_x86_64_msvc 0.42.2",
]
[[package]]
name = "windows-sys"
version = "0.45.0"
@@ -3645,7 +3702,7 @@ version = "0.48.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
dependencies = [
"windows-targets 0.48.0",
"windows-targets 0.48.1",
]
[[package]]
@@ -3665,9 +3722,9 @@ dependencies = [
[[package]]
name = "windows-targets"
version = "0.48.0"
version = "0.48.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7b1eb6f0cd7c80c79759c929114ef071b87354ce476d9d94271031c0497adfd5"
checksum = "05d4b17490f70499f20b9e791dcf6a299785ce8af4d709018206dc5b4953e95f"
dependencies = [
"windows_aarch64_gnullvm 0.48.0",
"windows_aarch64_msvc 0.48.0",
@@ -3779,11 +3836,11 @@ dependencies = [
[[package]]
name = "x25519-dalek"
version = "2.0.0-rc.2"
version = "2.0.0-rc.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fabd6e16dd08033932fc3265ad4510cc2eab24656058a6dcb107ffe274abcc95"
checksum = "ec7fae07da688e17059d5886712c933bb0520f15eff2e09cfa18e30968f4e63a"
dependencies = [
"curve25519-dalek 4.0.0-rc.2",
"curve25519-dalek 4.0.0-rc.3",
"rand_core 0.6.4",
"serde",
"zeroize",
@@ -3852,5 +3909,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.18",
"syn 2.0.23",
]

2
rust/Cargo.toml
View File

@@ -13,7 +13,7 @@ members = [
]
[workspace.dependencies]
boringtun = { git = "https://github.com/cloudflare/boringtun", rev = "878385f", default-features = false }
boringtun = { git = "https://github.com/firezone/boringtun", branch = "master", default-features = false }
swift-bridge = { git = "https://github.com/chinedufn/swift-bridge.git", rev = "4fbd30f" }
# Patched to use https://github.com/rust-lang/cc-rs/pull/708

4
rust/Dockerfile.dev
View File

@@ -17,6 +17,10 @@ COPY --from=BUILDER /usr/local/bin/$PACKAGE .
ENV RUST_BACKTRACE=1
ENV PATH "/app:$PATH"
ENV PACKAGE_NAME ${PACKAGE}
RUN apt-get update -y \
&& apt-get install -y iputils-ping \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Some black magics here:
# we need to use `/bin/sh -c` so that the env variable is correctly replaced
# but then everything in `CMD` is placed after the executed string, so we need

46
rust/connlib/libs/client/src/control.rs
View File

@@ -3,6 +3,7 @@ use std::{sync::Arc, time::Duration};
use crate::messages::{Connect, EgressMessages, InitClient, Messages, Relays};
use boringtun::x25519::StaticSecret;
use libs_common::{
control::PhoenixSenderWithTopic,
error_type::ErrorType::{Fatal, Recoverable},
messages::{Id, ResourceDescription},
Callbacks, ControlSession, Result,
@@ -10,14 +11,14 @@ use libs_common::{
use async_trait::async_trait;
use firezone_tunnel::{ControlSignal, Tunnel};
use tokio::sync::mpsc::{channel, Receiver, Sender};
const INTERNAL_CHANNEL_SIZE: usize = 256;
use tokio::sync::mpsc::Receiver;
#[async_trait]
impl ControlSignal for ControlSignaler {
async fn signal_connection_to(&self, resource: &ResourceDescription) -> Result<()> {
self.internal_sender
self.control_signal
// It's easier if self is not mut
.clone()
.send(EgressMessages::ListRelays {
resource_id: resource.id(),
})
@@ -34,7 +35,7 @@ pub struct ControlPlane<CB: Callbacks> {
#[derive(Clone)]
struct ControlSignaler {
internal_sender: Arc<Sender<EgressMessages>>,
control_signal: PhoenixSenderWithTopic,
}
impl<CB: Callbacks + 'static> ControlPlane<CB> {
@@ -75,14 +76,19 @@ impl<CB: Callbacks + 'static> ControlPlane<CB> {
async fn connect(
&mut self,
Connect {
rtc_sdp,
gateway_rtc_session_description,
resource_id,
gateway_public_key,
..
}: Connect,
) {
if let Err(e) = self
.tunnel
.recieved_offer_response(resource_id, rtc_sdp, gateway_public_key.0.into())
.recieved_offer_response(
resource_id,
gateway_rtc_session_description,
gateway_public_key.0.into(),
)
.await
{
self.tunnel.callbacks().on_error(&e, Recoverable);
@@ -113,17 +119,18 @@ impl<CB: Callbacks + 'static> ControlPlane<CB> {
}: Relays,
) {
let tunnel = Arc::clone(&self.tunnel);
let control_signaler = self.control_signaler.clone();
let mut control_signaler = self.control_signaler.clone();
tokio::spawn(async move {
match tunnel.request_connection(resource_id, relays).await {
Ok(connection_request) => {
if let Err(err) = control_signaler
.internal_sender
.send(EgressMessages::RequestConnection(connection_request))
.control_signal
// TODO: create a reference number and keep track for the response
.send_with_ref(EgressMessages::RequestConnection(connection_request), 0)
.await
{
tunnel.cleanup_connection(resource_id);
tunnel.callbacks().on_error(&err.into(), Recoverable);
tunnel.callbacks().on_error(&err, Recoverable);
}
}
Err(err) => {
@@ -153,20 +160,15 @@ impl<CB: Callbacks + 'static> ControlPlane<CB> {
}
#[async_trait]
impl<CB: Callbacks + 'static> ControlSession<Messages, EgressMessages, CB> for ControlPlane<CB> {
impl<CB: Callbacks + 'static> ControlSession<Messages, CB> for ControlPlane<CB> {
#[tracing::instrument(level = "trace", skip(private_key, callbacks))]
async fn start(
private_key: StaticSecret,
receiver: Receiver<Messages>,
control_signal: PhoenixSenderWithTopic,
callbacks: CB,
) -> Result<(Sender<Messages>, Receiver<EgressMessages>)> {
// This is kinda hacky, the buffer size is 1 so that we make sure that we
// process one message at a time, blocking if a previous message haven't been processed
// to force queue ordering.
let (sender, receiver) = channel::<Messages>(1);
let (internal_sender, internal_receiver) = channel(INTERNAL_CHANNEL_SIZE);
let internal_sender = Arc::new(internal_sender);
let control_signaler = ControlSignaler { internal_sender };
) -> Result<()> {
let control_signaler = ControlSignaler { control_signal };
let tunnel = Arc::new(Tunnel::new(private_key, control_signaler.clone(), callbacks).await?);
let control_plane = ControlPlane {
@@ -176,7 +178,7 @@ impl<CB: Callbacks + 'static> ControlSession<Messages, EgressMessages, CB> for C
tokio::spawn(async move { control_plane.start(receiver).await });
Ok((sender, internal_receiver))
Ok(())
}
fn socket_path() -> &'static str {

33
rust/connlib/libs/client/src/messages.rs
View File

@@ -17,9 +17,10 @@ pub struct RemoveResource {
#[derive(Debug, Deserialize, Serialize, Clone)]
pub struct Connect {
pub rtc_sdp: RTCSessionDescription,
pub gateway_rtc_session_description: RTCSessionDescription,
pub resource_id: Id,
pub gateway_public_key: Key,
pub persistent_keepalive: u64,
}
// Just because RTCSessionDescription doesn't implement partialeq
@@ -48,7 +49,6 @@ pub struct Relays {
#[allow(clippy::large_enum_variant)]
pub enum IngressMessages {
Init(InitClient),
Connect(Connect),
// Resources: arrive in an orderly fashion
ResourceAdded(ResourceDescription),
@@ -59,8 +59,10 @@ pub enum IngressMessages {
/// The replies that can arrive from the channel by a client
#[derive(Debug, Deserialize, Serialize, Clone, PartialEq, Eq)]
#[serde(untagged)]
#[allow(clippy::large_enum_variant)]
pub enum ReplyMessages {
Relays(Relays),
Connect(Connect),
}
/// The totality of all messages (might have a macro in the future to derive the other types)
@@ -81,7 +83,6 @@ impl From<IngressMessages> for Messages {
fn from(value: IngressMessages) -> Self {
match value {
IngressMessages::Init(m) => Self::Init(m),
IngressMessages::Connect(m) => Self::Connect(m),
IngressMessages::ResourceAdded(m) => Self::ResourceAdded(m),
IngressMessages::ResourceRemoved(m) => Self::ResourceRemoved(m),
IngressMessages::ResourceUpdated(m) => Self::ResourceUpdated(m),
@@ -93,6 +94,7 @@ impl From<ReplyMessages> for Messages {
fn from(value: ReplyMessages) -> Self {
match value {
ReplyMessages::Relays(m) => Self::Relays(m),
ReplyMessages::Connect(m) => Self::Connect(m),
}
}
}
@@ -123,6 +125,28 @@ mod test {
// TODO: request_connection tests
#[test]
fn connection_ready_deserialization() {
let message = r#"{
"ref": 0,
"topic": "device",
"event": "phx_reply",
"payload": {
"status": "ok",
"response": {
"resource_id": "ea6570d1-47c7-49d2-9dc3-efff1c0c9e0b",
"gateway_public_key": "dvy0IwyxAi+txSbAdT7WKgf7K4TekhKzrnYwt5WfbSM=",
"gateway_rtc_session_description": {
"sdp": "v=0\\r\\no=- 6423047867593421607 871431568 IN IP4 0.0.0.0\\r\\ns=-\\r\\nt=0 0\\r\\na=fingerprint:sha-256 65:8C:0B:EC:C5:B8:AB:2C:C7:47:F6:1A:6F:C3:4F:70:C7:06:34:84:FE:4E:FD:E5:C4:D2:4F:7C:ED:AF:0D:17\\r\\na=group:BUNDLE 0\\r\\nm=application 9 UDP/DTLS/SCTP webrtc-datachannel\\r\\nc=IN IP4 0.0.0.0\\r\\na=setup:active\\r\\na=mid:0\\r\\na=sendrecv\\r\\na=sctp-port:5000\\r\\na=ice-ufrag:zDSijpzITpzCfjbw\\r\\na=ice-pwd:QGufrJIKwqRjhDsNTdddVLFXmvGQJxke\\r\\na=candidate:167090039 1 udp 2130706431 :: 33628 typ host\\r\\na=candidate:167090039 2 udp 2130706431 :: 33628 typ host\\r\\na=candidate:1081386133 1 udp 2130706431 100.102.249.43 51575 typ host\\r\\na=candidate:1081386133 2 udp 2130706431 100.102.249.43 51575 typ host\\r\\na=candidate:1290078212 1 udp 2130706431 172.28.0.7 58698 typ host\\r\\na=candidate:1290078212 2 udp 2130706431 172.28.0.7 58698 typ host\\r\\na=candidate:349389859 1 udp 2130706431 172.20.0.3 51567 typ host\\r\\na=candidate:349389859 2 udp 2130706431 172.20.0.3 51567 typ host\\r\\na=candidate:936829106 1 udp 1694498815 172.28.0.7 35458 typ srflx raddr 0.0.0.0 rport 35458\\r\\na=candidate:936829106 2 udp 1694498815 172.28.0.7 35458 typ srflx raddr 0.0.0.0 rport 35458\\r\\na=candidate:936829106 1 udp 1694498815 172.28.0.7 46603 typ srflx raddr 0.0.0.0 rport 46603\\r\\na=candidate:936829106 2 udp 1694498815 172.28.0.7 46603 typ srflx raddr 0.0.0.0 rport 46603\\r\\na=end-of-candidates\\r\\n",
"type": "answer"
},
"persistent_keepalive": 25
}
}
}"#;
let _: PhoenixMessage<IngressMessages, ReplyMessages> =
serde_json::from_str(message).unwrap();
}
#[test]
fn init_phoenix_message() {
let m = PhoenixMessage::new(
@@ -148,8 +172,8 @@ mod test {
}),
],
}),
None,
);
println!("{}", serde_json::to_string(&m).unwrap());
let message = r#"{
"event": "init",
"payload": {
@@ -190,6 +214,7 @@ mod test {
EgressMessages::ListRelays {
resource_id: "f16ecfa0-a94f-4bfd-a2ef-1cc1f2ef3da3".parse().unwrap(),
},
None,
);
let message = r#"
{

84
rust/connlib/libs/common/src/control.rs
View File

@@ -89,11 +89,15 @@ where
/// Additionally, you can add a list of topic to join after connection ASAP.
///
/// See [struct-level docs][PhoenixChannel] for more info.
#[tracing::instrument(level = "trace", skip(self))]
pub async fn start(&mut self, topics: Vec<String>) -> Result<()> {
///
// TODO: this is not very elegant but it was the easiest way to do reset the exponential backoff for now
/// Furthermore, it calls the given callback once it connects to the portal.
#[tracing::instrument(level = "trace", skip(self, cb))]
pub async fn start(&mut self, topics: Vec<String>, cb: impl FnOnce()) -> Result<()> {
tracing::trace!("Trying to connect to the portal...");
let (ws_stream, _) = connect_async(make_request(&self.uri)?).await?;
cb();
tracing::trace!("Successfully connected to portal");
@@ -120,6 +124,7 @@ where
serde_json::to_string(&PhoenixMessage::<_, ()>::new(
topic,
EgressControlMessage::PhxJoin(Empty {}),
None,
))
.expect("we should always be able to serialize a join topic message"),
))
@@ -197,6 +202,16 @@ where
}
}
/// Obtains a new sender that can be used to send message with this [PhoenixChannel] to the portal for a fixed topic.
///
/// For more info see [PhoenixChannel::sender].
pub fn sender_with_topic(&self, topic: String) -> PhoenixSenderWithTopic {
PhoenixSenderWithTopic {
topic,
phoenix_sender: self.sender(),
}
}
/// Creates a new [PhoenixChannel] not started yet.
///
/// # Parameters:
@@ -237,11 +252,11 @@ pub struct PhoenixMessage<T, R> {
}
impl<T, R> PhoenixMessage<T, R> {
pub fn new(topic: impl Into<String>, payload: T) -> Self {
pub fn new(topic: impl Into<String>, payload: T, reference: Option<i32>) -> Self {
Self {
topic: topic.into(),
payload: Payload::Message(payload),
reference: None,
reference,
}
}
@@ -301,21 +316,74 @@ enum PhxReply<T> {
///
/// Messages won't be sent unless [PhoenixChannel::start] is running, internally
/// this sends messages through a future channel that are forwrarded then in [PhoenixChannel] event loop
#[derive(Clone, Debug)]
pub struct PhoenixSender {
sender: Sender<Message>,
}
/// Like a [PhoenixSender] with a fixed topic for simplicity
///
/// You can obtain it through [PhoenixChannel::sender_with_topic]
/// See [PhoenixSender] docs and use that if you need more control.
#[derive(Clone, Debug)]
pub struct PhoenixSenderWithTopic {
phoenix_sender: PhoenixSender,
topic: String,
}
impl PhoenixSenderWithTopic {
/// Sends a message to the associated topic using a [PhoenixSender]
///
/// See [PhoenixSender::send]
pub async fn send(&mut self, payload: impl Serialize) -> Result<()> {
self.phoenix_sender.send(&self.topic, payload).await
}
/// Sends a message to the associated topic using a [PhoenixSender] also setting the ref
///
/// See [PhoenixSender::send]
pub async fn send_with_ref(&mut self, payload: impl Serialize, reference: i32) -> Result<()> {
self.phoenix_sender
.send_with_ref(&self.topic, payload, reference)
.await
}
}
impl PhoenixSender {
async fn send_internal(
&mut self,
topic: impl Into<String>,
payload: impl Serialize,
reference: Option<i32>,
) -> Result<()> {
// We don't care about the reply type when serializing
let str = serde_json::to_string(&PhoenixMessage::<_, ()>::new(topic, payload, reference))?;
self.sender.send(Message::text(str)).await?;
Ok(())
}
/// Sends a message upstream to a connected [PhoenixChannel].
///
/// # Parameters
/// - topic: Phoenix topic
/// - payload: Message's payload
pub async fn send(&mut self, topic: impl Into<String>, payload: impl Serialize) -> Result<()> {
// We don't care about the reply type when serializing
let str = serde_json::to_string(&PhoenixMessage::<_, ()>::new(topic, payload))?;
self.sender.send(Message::text(str)).await?;
Ok(())
self.send_internal(topic, payload, None).await
}
/// Sends a message upstream to a connected [PhoenixChannel] using the given ref number.
///
/// # Parameters
/// - topic: Phoenix topic
/// - payload: Message's payload
/// - reference: Reference number used in the message, if the message has a response that same number will be used
pub async fn send_with_ref(
&mut self,
topic: impl Into<String>,
payload: impl Serialize,
reference: i32,
) -> Result<()> {
self.send_internal(topic, payload, Some(reference)).await
}
/// Join a phoenix topic, meaning that after this method is invoked [PhoenixChannel] will

47
rust/connlib/libs/common/src/messages/key.rs
View File

@@ -18,13 +18,22 @@ impl FromStr for Key {
fn from_str(s: &str) -> Result<Self, Self::Err> {
let mut key_bytes = [0u8; KEY_SIZE];
let bytes_decoded = STANDARD.decode_slice(s, &mut key_bytes)?;
if bytes_decoded != KEY_SIZE {
Err(base64::DecodeError::InvalidLength)?;
// decode_slice tries to estimate the size the decoded string before decoding
// if the passed buffer is smaller, it return an error.
// the problem is... the estimator is very bad! Meaning, decode_slice doesn't work
// we could use `decode_slice_unchecked`... or we could if we could trust the input, of course we can't
// (unless the portal sanitized the key beforehand which it doesn't) since someone could abuse this somehow
// to DoS a gateway by provinding a wrongly size public_key.
//:(
// so... we decode into a vec, check the length and convert to an array :)
// TODO: https://github.com/marshallpierce/rust-base64/issues/210
let bytes_decoded = STANDARD.decode(s)?;
if bytes_decoded.len() != KEY_SIZE {
Err(Error::Base64DecodeError(base64::DecodeError::InvalidLength))
} else {
key_bytes.copy_from_slice(&bytes_decoded);
Ok(Key(key_bytes))
}
Ok(Self(key_bytes))
}
}
@@ -52,3 +61,29 @@ impl Serialize for Key {
serializer.collect_str(&self)
}
}
#[cfg(test)]
mod test {
use boringtun::x25519::{PublicKey, StaticSecret};
use rand_core::OsRng;
use super::Key;
#[test]
fn can_deserialize_public_key() {
let public_key_string = r#""S6REkbStSNMfn8hpLkVxibjR+zz3RO/Gq40TprHJE2U=""#;
let actual_key: Key = serde_json::from_str(public_key_string).unwrap();
assert_eq!(actual_key.to_string(), public_key_string.trim_matches('"'));
}
#[test]
fn can_serialize_from_private_key_and_back() {
let private_key = StaticSecret::random_from_rng(OsRng);
let expected_public_key = PublicKey::from(&private_key);
let public_key = Key(expected_public_key.to_bytes());
let public_key_string = serde_json::to_string(&public_key).unwrap();
let actual_key: Key = serde_json::from_str(&public_key_string).unwrap();
let actual_public_key = PublicKey::from(actual_key.0);
assert_eq!(actual_public_key, expected_public_key);
}
}

46
rust/connlib/libs/common/src/session.rs
View File

@@ -8,15 +8,12 @@ use std::{
net::{Ipv4Addr, Ipv6Addr},
time::Duration,
};
use tokio::{
runtime::Runtime,
sync::mpsc::{Receiver, Sender},
};
use tokio::{runtime::Runtime, sync::mpsc::Receiver};
use url::Url;
use uuid::Uuid;
use crate::{
control::PhoenixChannel,
control::{PhoenixChannel, PhoenixSenderWithTopic},
error_type::ErrorType,
messages::{Key, ResourceDescription, ResourceDescriptionCidr},
Error, Result,
@@ -25,9 +22,14 @@ use crate::{
// TODO: Not the most tidy trait for a control-plane.
/// Trait that represents a control-plane.
#[async_trait]
pub trait ControlSession<T, U, CB: Callbacks> {
pub trait ControlSession<T, CB: Callbacks> {
/// Start control-plane with the given private-key in the background.
async fn start(private_key: StaticSecret, callbacks: CB) -> Result<(Sender<T>, Receiver<U>)>;
async fn start(
private_key: StaticSecret,
receiver: Receiver<T>,
control_signal: PhoenixSenderWithTopic,
callbacks: CB,
) -> Result<()>;
/// Either "gateway" or "client" used to get the control-plane URL.
fn socket_path() -> &'static str;
@@ -88,7 +90,7 @@ macro_rules! fatal_error {
impl<T, U, V, R, M, CB> Session<T, U, V, R, M, CB>
where
T: ControlSession<M, V, CB>,
T: ControlSession<M, CB>,
U: for<'de> serde::Deserialize<'de> + std::fmt::Debug + Send + 'static,
R: for<'de> serde::Deserialize<'de> + std::fmt::Debug + Send + 'static,
V: serde::Serialize + Send + 'static,
@@ -146,32 +148,37 @@ where
fn connect_inner(runtime: &Runtime, portal_url: Url, token: String, callbacks: CB) {
runtime.spawn(async move {
let private_key = StaticSecret::random_from_rng(OsRng);
let self_id = Uuid::new_v4();
let self_id = uuid::Uuid::new_v4();
let name_suffix: String = thread_rng().sample_iter(&Alphanumeric).take(8).map(char::from).collect();
let connect_url = fatal_error!(get_websocket_path(portal_url, token, T::socket_path(), &Key(PublicKey::from(&private_key).to_bytes()), &self_id.to_string(), &name_suffix), callbacks);
let (sender, mut receiver) = fatal_error!(T::start(private_key, callbacks.clone()).await, callbacks);
// This is kinda hacky, the buffer size is 1 so that we make sure that we
// process one message at a time, blocking if a previous message haven't been processed
// to force queue ordering.
let (control_plane_sender, control_plane_receiver) = tokio::sync::mpsc::channel(1);
let mut connection = PhoenixChannel::<_, U, R, M>::new(connect_url, move |msg| {
let sender = sender.clone();
let control_plane_sender = control_plane_sender.clone();
async move {
tracing::trace!("Received message: {msg:?}");
if let Err(e) = sender.send(msg).await {
if let Err(e) = control_plane_sender.send(msg).await {
tracing::warn!("Received a message after handler already closed: {e}. Probably message received during session clean up.");
}
}
});
// Used to send internal messages
let mut internal_sender = connection.sender();
let topic = T::socket_path().to_string();
let topic_send = topic.clone();
let internal_sender = connection.sender_with_topic(topic.clone());
fatal_error!(T::start(private_key, control_plane_receiver, internal_sender, callbacks.clone()).await, callbacks);
tokio::spawn(async move {
let mut exponential_backoff = ExponentialBackoffBuilder::default().build();
loop {
let result = connection.start(vec![topic.clone()]).await;
// `connection.start` calls the callback only after connecting
let result = connection.start(vec![topic.clone()], || exponential_backoff.reset()).await;
if let Some(t) = exponential_backoff.next_backoff() {
tracing::warn!("Error during connection to the portal, retrying in {} seconds", t.as_secs());
match result {
@@ -191,15 +198,6 @@ where
});
// TODO: Implement Sink for PhoenixEvent (created from a PhoenixSender event + topic)
// that way we can simply do receiver.forward(sender)
tokio::spawn(async move {
while let Some(message) = receiver.recv().await {
if let Err(err) = internal_sender.send(&topic_send, message).await {
tracing::error!("Channel already closed when trying to send message: {err}. Probably trying to send a message during session clean up.");
}
}
});
});
}

40
rust/connlib/libs/gateway/src/control.rs
View File

@@ -3,11 +3,12 @@ use std::{sync::Arc, time::Duration};
use boringtun::x25519::StaticSecret;
use firezone_tunnel::{ControlSignal, Tunnel};
use libs_common::{
control::PhoenixSenderWithTopic,
error_type::ErrorType::{Fatal, Recoverable},
messages::ResourceDescription,
Callbacks, ControlSession, Result,
};
use tokio::sync::mpsc::{channel, Receiver, Sender};
use tokio::sync::mpsc::Receiver;
use super::messages::{
ConnectionReady, EgressMessages, IngressMessages, InitGateway, RequestConnection,
@@ -15,8 +16,6 @@ use super::messages::{
use async_trait::async_trait;
const INTERNAL_CHANNEL_SIZE: usize = 256;
pub struct ControlPlane<CB: Callbacks> {
tunnel: Arc<Tunnel<ControlSignaler, CB>>,
control_signaler: ControlSignaler,
@@ -24,7 +23,7 @@ pub struct ControlPlane<CB: Callbacks> {
#[derive(Clone)]
struct ControlSignaler {
internal_sender: Arc<Sender<EgressMessages>>,
control_signal: PhoenixSenderWithTopic,
}
#[async_trait]
@@ -63,7 +62,7 @@ impl<CB: Callbacks + 'static> ControlPlane<CB> {
#[tracing::instrument(level = "trace", skip(self))]
fn connection_request(&self, connection_request: RequestConnection) {
let tunnel = Arc::clone(&self.tunnel);
let control_signaler = self.control_signaler.clone();
let mut control_signaler = self.control_signaler.clone();
tokio::spawn(async move {
match tunnel
.set_peer_connection_request(
@@ -74,17 +73,17 @@ impl<CB: Callbacks + 'static> ControlPlane<CB> {
)
.await
{
Ok(gateway_rtc_sdp) => {
Ok(gateway_rtc_session_description) => {
if let Err(err) = control_signaler
.internal_sender
.control_signal
.send(EgressMessages::ConnectionReady(ConnectionReady {
client_id: connection_request.device.id,
gateway_rtc_sdp,
reference: connection_request.reference,
gateway_rtc_session_description,
}))
.await
{
tunnel.cleanup_peer_connection(connection_request.device.id);
tunnel.callbacks().on_error(&err.into(), Recoverable);
tunnel.callbacks().on_error(&err, Recoverable);
}
}
Err(err) => {
@@ -120,23 +119,15 @@ impl<CB: Callbacks + 'static> ControlPlane<CB> {
}
#[async_trait]
impl<CB: Callbacks + 'static> ControlSession<IngressMessages, EgressMessages, CB>
for ControlPlane<CB>
{
impl<CB: Callbacks + 'static> ControlSession<IngressMessages, CB> for ControlPlane<CB> {
#[tracing::instrument(level = "trace", skip(private_key, callbacks))]
async fn start(
private_key: StaticSecret,
receiver: Receiver<IngressMessages>,
control_signal: PhoenixSenderWithTopic,
callbacks: CB,
) -> Result<(Sender<IngressMessages>, Receiver<EgressMessages>)> {
// This is kinda hacky, the buffer size is 1 so that we make sure that we
// process one message at a time, blocking if a previous message haven't been processed
// to force queue ordering.
// (couldn't find any other guarantee of the ordering of message)
let (sender, receiver) = channel::<IngressMessages>(1);
let (internal_sender, internal_receiver) = channel(INTERNAL_CHANNEL_SIZE);
let internal_sender = Arc::new(internal_sender);
let control_signaler = ControlSignaler { internal_sender };
) -> Result<()> {
let control_signaler = ControlSignaler { control_signal };
let tunnel = Arc::new(Tunnel::new(private_key, control_signaler.clone(), callbacks).await?);
let control_plane = ControlPlane {
@@ -144,10 +135,9 @@ impl<CB: Callbacks + 'static> ControlSession<IngressMessages, EgressMessages, CB
control_signaler,
};
// TODO: We should have some kind of callback from clients to surface errors here
tokio::spawn(async move { control_plane.start(receiver).await });
Ok((sender, internal_receiver))
Ok(())
}
fn socket_path() -> &'static str {

60
rust/connlib/libs/gateway/src/messages.rs
View File

@@ -40,6 +40,10 @@ pub struct RequestConnection {
pub relays: Vec<Relay>,
pub resource: ResourceDescription,
pub device: Device,
#[serde(rename = "ref")]
pub reference: String,
// TODO: this should be a DateTime or similar
pub expires_at: u64,
}
#[derive(Debug, Deserialize, Serialize, Clone, PartialEq, Eq)]
@@ -93,8 +97,9 @@ pub enum EgressMessages {
#[derive(Debug, Deserialize, Serialize, Clone)]
pub struct ConnectionReady {
pub client_id: Id,
pub gateway_rtc_sdp: RTCSessionDescription,
#[serde(rename = "ref")]
pub reference: String,
pub gateway_rtc_session_description: RTCSessionDescription,
}
#[cfg(test)]
@@ -103,6 +108,56 @@ mod test {
use super::{IngressMessages, InitGateway};
#[test]
fn request_connection_message() {
let message = r#"{
"ref": null,
"topic": "gateway",
"event": "request_connection",
"payload": {
"device": {
"id": "3a25ff38-f8d7-47de-9b30-c7c40c206083",
"peer": {
"ipv6": "fd00:2011:1111::3a:ab1b",
"public_key": "OR2dYCLwMEtwqtjOxSm4SU7BbHJDfM8ZCqK7HKXXxDw=",
"ipv4": "100.114.114.30",
"persistent_keepalive": 25,
"preshared_key": "sMeTuiJ3mezfpVdan948CmisIWbwBZ1z7jBNnbVtfVg="
},
"rtc_session_description": {
"sdp": "v=0\r\no=- 8696424395893049643 650344226 IN IP4 0.0.0.0\r\ns=-\r\nt=0 0\r\na=fingerprint:sha-256 AF:57:6F:03:CA:BD:0E:6E:F0:26:BA:B4:36:FE:2E:48:2D:FA:B7:39:84:BA:9E:FB:3F:DC:1F:46:ED:18:01:40\r\na=group:BUNDLE 0\r\nm=application 9 UDP/DTLS/SCTP webrtc-datachannel\r\nc=IN IP4 0.0.0.0\r\na=setup:actpass\r\na=mid:0\r\na=sendrecv\r\na=sctp-port:5000\r\na=ice-ufrag:KOLSoUEJdNfpgLoM\r\na=ice-pwd:WvOTEYbBZwpRgERbKVjkPGsGwZsUoyKQ\r\na=candidate:312688668 1 udp 2130706431 172.28.0.100 46924 typ host\r\na=candidate:312688668 2 udp 2130706431 172.28.0.100 46924 typ host\r\na=candidate:1090862588 1 udp 2130706431 100.114.114.30 32969 typ host\r\na=candidate:1090862588 2 udp 2130706431 100.114.114.30 32969 typ host\r\na=candidate:2835903154 1 udp 1694498815 172.28.0.100 59817 typ srflx raddr 0.0.0.0 rport 59817\r\na=candidate:2835903154 2 udp 1694498815 172.28.0.100 59817 typ srflx raddr 0.0.0.0 rport 59817\r\na=candidate:2835903154 1 udp 1694498815 172.28.0.100 45350 typ srflx raddr 0.0.0.0 rport 45350\r\na=candidate:2835903154 2 udp 1694498815 172.28.0.100 45350 typ srflx raddr 0.0.0.0 rport 45350\r\na=candidate:167090039 1 udp 2130706431 :: 55852 typ host\r\na=candidate:167090039 2 udp 2130706431 :: 55852 typ host\r\na=end-of-candidates\r\n",
"type": "offer"
}
},
"resource": {
"id": "ea6570d1-47c7-49d2-9dc3-efff1c0c9e0b",
"name": "172.20.0.1/16",
"type": "cidr",
"address": "172.20.0.0/16"
},
"ref": "78e1159d-9dc6-480d-b2ef-1fcec2cd5730",
"expires_at": 1719367575,
"actor": {
"id": "3b1d86a0-4737-4814-8add-cfec42669511"
},
"relays": [
{
"type": "stun",
"uri": "stun:172.28.0.101:3478"
},
{
"type": "turn",
"username": "1719367575:ZQHcVGkdnfgGmcP1",
"password": "ZWYiBeFHOJyYq0mcwAXjRpcuXIJJpzWlOXVdxwttrWg",
"uri": "turn:172.28.0.101:3478",
"expires_at": 1719367575
}
]
}
}"#;
// TODO: We are just testing we can deserialize for now.
let _: PhoenixMessage<IngressMessages, ()> = serde_json::from_str(message).unwrap();
}
#[test]
fn init_phoenix_message() {
let m = PhoenixMessage::new(
@@ -116,6 +171,7 @@ mod test {
ipv4_masquerade_enabled: true,
ipv6_masquerade_enabled: true,
}),
None,
);
let message = r#"{

2
rust/connlib/libs/tunnel/src/lib.rs
View File

@@ -369,11 +369,13 @@ where
}
TunnResult::WriteToTunnelV4(packet, addr) => {
if peer.is_allowed(addr) {
tracing::trace!("Writing received peer packet to iface");
tunnel.write4_device_infallible(packet).await;
}
}
TunnResult::WriteToTunnelV6(packet, addr) => {
if peer.is_allowed(addr) {
tracing::trace!("Writing received peer packet to iface");
tunnel.write6_device_infallible(packet).await;
}
}

4
rust/relay/src/main.rs
View File

@@ -83,8 +83,6 @@ async fn main() -> Result<()> {
let server = Server::new(args.public_ip4_addr, make_rng(args.rng_seed));
tracing::info!("Relay auth secret: {}", server.auth_secret());
let channel = if let Some(mut portal_url) = args.portal_ws_url {
if portal_url.scheme() == "ws" && !args.allow_insecure_ws {
bail!("Refusing to connect to portal over insecure connection, pass --allow-insecure-ws to override")
@@ -113,7 +111,7 @@ async fn main() -> Result<()> {
channel.join(
"relay",
JoinMessage {
stamp_secret: hex::encode(server.auth_secret()),
stamp_secret: server.auth_secret().to_string(),
},
);