From d3ff59ab840b3a785c96c54c68eed68ea25de10a Mon Sep 17 00:00:00 2001 From: Thomas Eizinger Date: Wed, 18 Jun 2025 00:04:13 +0200 Subject: [PATCH] chore(rust): bump str0m (#9564) The recent changes to str0m include a bug fix for network constellations where both peers are behind symmetric NAT and therefore need a relay-relay candidate pair to succeed. In the current version, such candidate pairs would erroneously be rejected as redundant with host candidates. Fixes: #9514 --- rust/Cargo.lock | 4 ++-- rust/Cargo.toml | 2 +- rust/connlib/snownet/src/allocation.rs | 20 +++++++++---------- website/src/components/Changelog/Android.tsx | 7 ++++++- website/src/components/Changelog/Apple.tsx | 7 ++++++- website/src/components/Changelog/GUI.tsx | 7 ++++++- website/src/components/Changelog/Gateway.tsx | 7 ++++++- website/src/components/Changelog/Headless.tsx | 7 ++++++- 8 files changed, 43 insertions(+), 18 deletions(-) diff --git a/rust/Cargo.lock b/rust/Cargo.lock index cf00b88e3..fce5e1673 100644 --- a/rust/Cargo.lock +++ b/rust/Cargo.lock @@ -6909,8 +6909,8 @@ checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" [[package]] name = "str0m" -version = "0.8.0" -source = "git+https://github.com/algesten/str0m?branch=main#a5b57274f5d726e15a254ef2864fe929181f0f3b" +version = "0.9.0" +source = "git+https://github.com/algesten/str0m?branch=main#ae56ce32718c0646a67c16bb58f8dd6e3c380658" dependencies = [ "combine", "crc", diff --git a/rust/Cargo.toml b/rust/Cargo.toml index 6eb214879..ac4e0f1f7 100644 --- a/rust/Cargo.toml +++ b/rust/Cargo.toml @@ -153,7 +153,7 @@ snownet = { path = "connlib/snownet" } socket-factory = { path = "connlib/socket-factory" } socket2 = { version = "0.5" } static_assertions = "1.1.0" -str0m = { version = "0.8.0", default-features = false, features = ["sha1"] } +str0m = { version = "0.9.0", default-features = false, features = ["sha1"] } strum = { version = "0.27.1", features = ["derive"] } stun_codec = "0.4.0" subprocess = "0.2.9" diff --git a/rust/connlib/snownet/src/allocation.rs b/rust/connlib/snownet/src/allocation.rs index c55fa050f..a06884c49 100644 --- a/rust/connlib/snownet/src/allocation.rs +++ b/rust/connlib/snownet/src/allocation.rs @@ -1307,7 +1307,7 @@ fn relay_candidate( return None; }; - let new_candidate = match Candidate::relayed(addr, local, Protocol::Udp) { + let new_candidate = match Candidate::relayed(addr, Protocol::Udp, local) { Ok(c) => c, Err(e) => { tracing::debug!( @@ -2117,7 +2117,7 @@ mod tests { assert_eq!( next_event, Some(Event::New( - Candidate::relayed(RELAY_ADDR_IP4, PEER1, Protocol::Udp).unwrap() + Candidate::relayed(RELAY_ADDR_IP4, Protocol::Udp, PEER1).unwrap() )) ); let next_event = allocation.poll_event(); @@ -2164,13 +2164,13 @@ mod tests { assert_eq!( allocation.poll_event(), Some(Event::Invalid( - Candidate::relayed(RELAY_ADDR_IP4, PEER1, Protocol::Udp).unwrap() + Candidate::relayed(RELAY_ADDR_IP4, Protocol::Udp, PEER1).unwrap() )) ); assert_eq!( allocation.poll_event(), Some(Event::Invalid( - Candidate::relayed(RELAY_ADDR_IP6, PEER1, Protocol::Udp).unwrap() + Candidate::relayed(RELAY_ADDR_IP6, Protocol::Udp, PEER1).unwrap() )) ); assert!(allocation.poll_event().is_none()); @@ -2481,8 +2481,8 @@ mod tests { assert_eq!( iter::from_fn(|| allocation.poll_event()).collect::>(), vec![ - Event::Invalid(Candidate::relayed(RELAY_ADDR_IP4, PEER1, Protocol::Udp).unwrap()), - Event::Invalid(Candidate::relayed(RELAY_ADDR_IP6, PEER1, Protocol::Udp).unwrap()), + Event::Invalid(Candidate::relayed(RELAY_ADDR_IP4, Protocol::Udp, PEER1).unwrap()), + Event::Invalid(Candidate::relayed(RELAY_ADDR_IP6, Protocol::Udp, PEER1).unwrap()), ] ) } @@ -2501,8 +2501,8 @@ mod tests { assert_eq!( iter::from_fn(|| allocation.poll_event()).collect::>(), vec![ - Event::Invalid(Candidate::relayed(RELAY_ADDR_IP4, PEER1, Protocol::Udp).unwrap()), - Event::Invalid(Candidate::relayed(RELAY_ADDR_IP6, PEER1, Protocol::Udp).unwrap()), + Event::Invalid(Candidate::relayed(RELAY_ADDR_IP4, Protocol::Udp, PEER1).unwrap()), + Event::Invalid(Candidate::relayed(RELAY_ADDR_IP6, Protocol::Udp, PEER1).unwrap()), ] ) } @@ -2533,8 +2533,8 @@ mod tests { assert_eq!( iter::from_fn(|| allocation.poll_event()).collect::>(), vec![ - Event::Invalid(Candidate::relayed(RELAY_ADDR_IP4, PEER1, Protocol::Udp).unwrap()), - Event::Invalid(Candidate::relayed(RELAY_ADDR_IP6, PEER1, Protocol::Udp).unwrap()), + Event::Invalid(Candidate::relayed(RELAY_ADDR_IP4, Protocol::Udp, PEER1).unwrap()), + Event::Invalid(Candidate::relayed(RELAY_ADDR_IP6, Protocol::Udp, PEER1).unwrap()), ] ); assert_eq!( diff --git a/website/src/components/Changelog/Android.tsx b/website/src/components/Changelog/Android.tsx index c5660f469..95b3248b3 100644 --- a/website/src/components/Changelog/Android.tsx +++ b/website/src/components/Changelog/Android.tsx @@ -20,7 +20,12 @@ export default function Android() { return ( {/* When you cut a release, remove any solved issues from the "known issues" lists over in `client-apps`. This must not be done when the issue's PR merges. */} - + + + Fixes an issue where connections would fail to establish if both + Client and Gateway were behind symmetric NAT. + + Fixes a minor issue that would cause background service panic when diff --git a/website/src/components/Changelog/Apple.tsx b/website/src/components/Changelog/Apple.tsx index 2174235d2..d66569ee7 100644 --- a/website/src/components/Changelog/Apple.tsx +++ b/website/src/components/Changelog/Apple.tsx @@ -24,7 +24,12 @@ export default function Apple() { return ( {/* When you cut a release, remove any solved issues from the "known issues" lists over in `client-apps`. This must not be done when the issue's PR merges. */} - + + + Fixes an issue where connections would fail to establish if both + Client and Gateway were behind symmetric NAT. + + Uses the new IP stack setting for DNS resources, which allows DNS diff --git a/website/src/components/Changelog/GUI.tsx b/website/src/components/Changelog/GUI.tsx index 1fdb6fee4..d150ce85c 100644 --- a/website/src/components/Changelog/GUI.tsx +++ b/website/src/components/Changelog/GUI.tsx @@ -10,7 +10,12 @@ export default function GUI({ os }: { os: OS }) { return ( {/* When you cut a release, remove any solved issues from the "known issues" lists over in `client-apps`. This must not be done when the issue's PR merges. */} - + + + Fixes an issue where connections would fail to establish if both + Client and Gateway were behind symmetric NAT. + + Fixes an issue that caused increased CPU and memory consumption. diff --git a/website/src/components/Changelog/Gateway.tsx b/website/src/components/Changelog/Gateway.tsx index d3f091029..0eca05189 100644 --- a/website/src/components/Changelog/Gateway.tsx +++ b/website/src/components/Changelog/Gateway.tsx @@ -22,7 +22,12 @@ export default function Gateway() { return ( - + + + Fixes an issue where connections would fail to establish if both + Client and Gateway were behind symmetric NAT. + + Fixes an issue where connections failed to establish on machines with diff --git a/website/src/components/Changelog/Headless.tsx b/website/src/components/Changelog/Headless.tsx index c1e5bdea8..eba08c10b 100644 --- a/website/src/components/Changelog/Headless.tsx +++ b/website/src/components/Changelog/Headless.tsx @@ -9,7 +9,12 @@ export default function Headless({ os }: { os: OS }) { return ( {/* When you cut a release, remove any solved issues from the "known issues" lists over in `client-apps`. This must not be done when the issue's PR merges. */} - + + + Fixes an issue where connections would fail to establish if both + Client and Gateway were behind symmetric NAT. + + Uses the new IP stack setting for DNS resources, which allows DNS