Bumps [secrecy](https://github.com/iqlusioninc/crates) from 0.8.0 to
0.10.3.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/iqlusioninc/crates/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Bumps [proptest-state-machine](https://github.com/proptest-rs/proptest)
from 0.4.0 to 0.5.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2885bc2f3d"><code>2885bc2</code></a>
new releases for proptest, proptest-macro, and state-machine</li>
<li><a
href="a85563f3cc"><code>a85563f</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/584">#584</a>
from wojciech-graj/main</li>
<li><a
href="5331517f52"><code>5331517</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/596">#596</a>
from alexanderkjall/fix-arithmetic-overflow</li>
<li><a
href="157f3c083f"><code>157f3c0</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/595">#595</a>
from ebegumisa/main</li>
<li><a
href="02fa1fcc45"><code>02fa1fc</code></a>
changelog: add <a
href="https://redirect.github.com/proptest-rs/proptest/issues/595">#595</a></li>
<li><a
href="27fd76fbbc"><code>27fd76f</code></a>
fix for 32 bit processors</li>
<li><a
href="d1716ca7b4"><code>d1716ca</code></a>
Add <code>ReferenceStateMachine</code> arg to
<code>SystemUnderTest::teardown</code></li>
<li><a
href="ea4ddeb0a8"><code>ea4ddeb</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/594">#594</a>
from proptest-rs/attr-macro-preserve-arg-names</li>
<li><a
href="f80c1e6e8d"><code>f80c1e6</code></a>
fix shorthand struct initialization lint</li>
<li><a
href="b7590fa642"><code>b7590fa</code></a>
add new test for complex patterns</li>
<li>Additional commits viewable in <a
href="https://github.com/proptest-rs/proptest/compare/proptest-state-machine-0.4.0...proptest-state-machine-0.5.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [tokio-tungstenite](https://github.com/snapview/tokio-tungstenite)
from 0.27.0 to 0.28.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/snapview/tokio-tungstenite/blob/master/CHANGELOG.md">tokio-tungstenite's
changelog</a>.</em></p>
<blockquote>
<h1>0.28.0</h1>
<ul>
<li>Update <code>tungstenite</code> to <code>0.18.0</code>. See <a
href="https://github.com/snapview/tungstenite-rs/blob/master/CHANGELOG.md"><code>tungstenite</code>
release</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="35d110c24c"><code>35d110c</code></a>
Implement into_inner to get the underlying stream (<a
href="https://redirect.github.com/snapview/tokio-tungstenite/issues/367">#367</a>)</li>
<li><a
href="f3ae75d1de"><code>f3ae75d</code></a>
Update <code>tungstenite</code> version and fix bugs</li>
<li><a
href="25b544e43f"><code>25b544e</code></a>
Allow getting a reference to the shared inner stream (<a
href="https://redirect.github.com/snapview/tokio-tungstenite/issues/363">#363</a>)</li>
<li>See full diff in <a
href="https://github.com/snapview/tokio-tungstenite/compare/v0.27.0...v0.28.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Upon moving the version string from PKG_VERSION and Cargo.toml, we lost
the bump version automation. To avoid more bugs here in the future, we
now check for the version marker across all Git-tracked files,
regardless of their extension.
Fixes#10748
---------
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 2.0.16 to
2.0.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/thiserror/releases">thiserror's
releases</a>.</em></p>
<blockquote>
<h2>2.0.17</h2>
<ul>
<li>Use differently named __private module per patch release (<a
href="https://redirect.github.com/dtolnay/thiserror/issues/434">#434</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="72ae716e6d"><code>72ae716</code></a>
Release 2.0.17</li>
<li><a
href="599fdce83a"><code>599fdce</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/thiserror/issues/434">#434</a>
from dtolnay/private</li>
<li><a
href="9ec05f6b38"><code>9ec05f6</code></a>
Use differently named __private module per patch release</li>
<li><a
href="d2c492b549"><code>d2c492b</code></a>
Raise minimum tested compiler to rust 1.76</li>
<li><a
href="fc3ab9501d"><code>fc3ab95</code></a>
Opt in to generate-macro-expansion when building on docs.rs</li>
<li><a
href="819fe29dbb"><code>819fe29</code></a>
Update ui test suite to nightly-2025-09-12</li>
<li><a
href="259f48c549"><code>259f48c</code></a>
Enforce trybuild >= 1.0.108</li>
<li><a
href="470e6a681c"><code>470e6a6</code></a>
Update ui test suite to nightly-2025-08-24</li>
<li><a
href="544e191e6e"><code>544e191</code></a>
Update actions/checkout@v4 -> v5</li>
<li><a
href="cbc1ebad3e"><code>cbc1eba</code></a>
Delete duplicate cap-lints flag from build script</li>
<li>See full diff in <a
href="https://github.com/dtolnay/thiserror/compare/2.0.16...2.0.17">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [quote](https://github.com/dtolnay/quote) from 1.0.40 to 1.0.41.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/quote/releases">quote's
releases</a>.</em></p>
<blockquote>
<h2>1.0.41</h2>
<ul>
<li>Improve compile error when repetition contains no interpolated value
that is an iterator (<a
href="https://redirect.github.com/dtolnay/quote/issues/302">#302</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="594c865ce8"><code>594c865</code></a>
Release 1.0.41</li>
<li><a
href="68956e650b"><code>68956e6</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/quote/issues/302">#302</a>
from dtolnay/hasiter</li>
<li><a
href="6a69784268"><code>6a69784</code></a>
Make diagnostic attribute conditional on compiler version</li>
<li><a
href="5f1924bd99"><code>5f1924b</code></a>
Tweak CheckHasIterator error message</li>
<li><a
href="c0adb26f41"><code>c0adb26</code></a>
Add diagnostic::on_unimplemented for no iterator in repetition</li>
<li><a
href="a1ddcab61b"><code>a1ddcab</code></a>
Combine HasIterator and ThereIsNoIteratorInRepetition to one type</li>
<li><a
href="bf48c854da"><code>bf48c85</code></a>
Switch to trait for checking iterator in repetition</li>
<li><a
href="d3b4777367"><code>d3b4777</code></a>
Update ui test suite to nightly-2025-09-27</li>
<li><a
href="3e6b04d98b"><code>3e6b04d</code></a>
Raise minimum tested compiler to rust 1.76</li>
<li><a
href="07deaaf89e"><code>07deaaf</code></a>
Opt in to generate-macro-expansion when building on docs.rs</li>
<li>Additional commits viewable in <a
href="https://github.com/dtolnay/quote/compare/1.0.40...1.0.41">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
To allow for better analysis of flow logs, we embed the resource name
and its address into the flow flogs. For the Internet Resource, the name
will be displayed as "Internet` and the address is either `0.0.0.0/0` or
`::/0` depending on the IP version of the packet. For CIDR resources,
the address is the subnet and for DNS resources, it is the domain
pattern.
Resolves: #10693
This improves the secret handling inside `firezone-cli` by using the
`rpassword` crate to hide the token from stdin and using `secrecy` to
zeroize the memory afterwards. To make it easier to test locally, we add
a dry run mode for local testing, hidden behind the `FZ_DRY_RUN` env
variable.
With this PR we add `cargo-deb` to our CI pipeline and build a debian
package for the Gateway. The debian package comes with several
configuration files that make it easy for admins to start and maintain a
Gateway installation:
- The embedded systemd unit file is essentially the same one as what we
currently install with the install script with some minor modifications.
- The token is read from `/etc/firezone/gateway-token` and passed as a
systemd credential. This allows us to set the permissions for this file
to `0400` and have it owned by `root:root`.
- The configuration is read from `/etc/firezone/gateway-env`.
- Both of these changes basically mean the user should never need to
touch the unit file itself.
- The `sysusers` configuration file ensures the `firezone` user and
group are present on the system.
- The `tmpfiles` configuration file ensures the necessary directories
are present.
All of the above is automatically installed and configured using the
post-installation script which is called by `apt` once the package is
installed.
In addition to the Gateway, we also package a first version of the
`firezone-cli`. Right now, `firezone-cli` (installed as `firezone`) has
three subcommands:
- `gateway authenticate`: Asks for the Gateway's token and installs it
at `/etc/firezone/gateway-token`. The user doesn't have to know how we
manage this token and can trust that we are using safe defaults.
- `gateway enable`: Enables and starts the systemd service.
- `gateway disable`: Disables the systemd service.
Right now, the `.deb` file is only uploaded to the preview APT
repository and not attached to the release. It should therefore not yet
be user-visible unless somebody pokes around a lot, meaning we can defer
documentation to a later PR and start testing it from the preview
repository for our own purposes.
Related: #10598Resolves: #8484Resolves: #10681
Currently, the default log level for both the Gateway and the headless
Client is actually `error` which basically means no logs at all. To
avoid having to create additional configuration as part of the Debian
packages, we set the default log level to `info`.
Unix tools often write a newline at the end of a file. When using the
file's contents as a token, they need to match byte-for-byte otherwise
we cannot authenticate to the portal. To ensure that, we trim the
content from the file before creating the `SecretString`.
Bumps [dns-lookup](https://github.com/keeperofdakeys/dns-lookup) from
2.1.1 to 3.0.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec8ceceb6b"><code>ec8cece</code></a>
Bump to version 3.0.0</li>
<li><a
href="8b650bd273"><code>8b650bd</code></a>
Bump to version 2.1.0</li>
<li><a
href="0d90628d54"><code>0d90628</code></a>
Update to 2021 edition</li>
<li><a
href="e4f5e19d80"><code>e4f5e19</code></a>
Apply clipply lints</li>
<li><a
href="1d02095eb7"><code>1d02095</code></a>
deps(socket2): update to 0.6 with windwos-sys 0.60</li>
<li><a
href="7745e71a61"><code>7745e71</code></a>
Update example lookup_host with collect in README</li>
<li><a
href="615ee8cc85"><code>615ee8c</code></a>
Downgrade windows-sys back to 0.52</li>
<li><a
href="aa1380981a"><code>aa13809</code></a>
Fix clippy errors</li>
<li><a
href="c5b86b6882"><code>c5b86b6</code></a>
Remove useless clippy feature</li>
<li><a
href="b581ca0c6a"><code>b581ca0</code></a>
Update deps</li>
<li>Additional commits viewable in <a
href="https://github.com/keeperofdakeys/dns-lookup/compare/2.1.1...3.0.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Bumps [winreg](https://github.com/gentoo90/winreg-rs) from 0.52.0 to
0.55.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gentoo90/winreg-rs/releases">winreg's
releases</a>.</em></p>
<blockquote>
<h2>0.55.0 (windows-sys)</h2>
<ul>
<li>Breaking change: Increate MSRV to 1.60</li>
<li>Breaking change: Upgrade <code>windows-sys</code> to version 0.59
(<a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/77">#77</a>)</li>
</ul>
<h2>0.54.0 (windows-sys)</h2>
<ul>
<li>Breaking change: Migrate to the 2021 edition of Rust (MSRV
1.56)</li>
<li>Breaking change: Upgrade <code>windows-sys</code> to version 0.52
(closes <a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/63">#63</a>,
<a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/70">#70</a>)</li>
</ul>
<h2>0.53.0 (windows-sys)</h2>
<ul>
<li>Don't stop deserialization of <code>Any</code> due to
<code>REG_NONE</code> (pullrequest <a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/67">#67</a>,
fixes <a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/66">#66</a>)</li>
<li>Implement (de)serialization of <code>Option</code> (<a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/56">#56</a>)</li>
<li>Add <code>RegKey</code> methods for creating/opening subkeys with
custom options (<a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/65">#65</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/gentoo90/winreg-rs/blob/master/CHANGELOG.md">winreg's
changelog</a>.</em></p>
<blockquote>
<h2>0.55.0</h2>
<ul>
<li>Breaking change: Increate MSRV to 1.60</li>
<li>Breaking change: Upgrade <code>windows-sys</code> to version 0.59
(<a
href="https://redirect.github.com/gentoo90/winreg-rs/pull/77">#77</a>)</li>
</ul>
<h2>0.54.0</h2>
<ul>
<li>Breaking change: Migrate to the 2021 edition of Rust (MSRV
1.56)</li>
<li>Breaking change: Upgrade <code>windows-sys</code> to version 0.52
(closes <a
href="https://redirect.github.com/gentoo90/winreg-rs/pull/63">#63</a>,
<a
href="https://redirect.github.com/gentoo90/winreg-rs/pull/70">#70</a>)</li>
</ul>
<h2>0.15.0, 0.53.0</h2>
<ul>
<li>Don't stop deserialization of <code>Any</code> due to
<code>REG_NONE</code> (pullrequest <a
href="https://redirect.github.com/gentoo90/winreg-rs/pull/67">#67</a>,
fixes <a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/66">#66</a>)</li>
<li>Implement (de)serialization of <code>Option</code> (<a
href="https://redirect.github.com/gentoo90/winreg-rs/issues/56">#56</a>)</li>
<li>Add <code>RegKey</code> methods for creating/opening subkeys with
custom options (<a
href="https://redirect.github.com/gentoo90/winreg-rs/pull/65">#65</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9243b23849"><code>9243b23</code></a>
Bump version to 0.55.0</li>
<li><a
href="f0440749e8"><code>f044074</code></a>
Upgrade <code>windows-sys</code> to version 0.59 (and MSRV to 1.60)</li>
<li><a
href="4574febe77"><code>4574feb</code></a>
Bump version to 0.54.0</li>
<li><a
href="105ca7aee3"><code>105ca7a</code></a>
Upgrade <code>windows-sys</code> to version 0.52</li>
<li><a
href="93aefdf523"><code>93aefdf</code></a>
Migrate to the 2021 edition of Rust</li>
<li><a
href="c9315d07f0"><code>c9315d0</code></a>
Clippy: remove unnecessary typecasts</li>
<li><a
href="e62111ee60"><code>e62111e</code></a>
Merge branch 'winapi'</li>
<li><a
href="049035fe94"><code>049035f</code></a>
Update the transaction example in the docs</li>
<li><a
href="5baac5d5a4"><code>5baac5d</code></a>
CI: upgrade actions to the latest versions</li>
<li><a
href="cbaeb4e00a"><code>cbaeb4e</code></a>
CI: check <code>Cargo.toml</code> formatting</li>
<li>Additional commits viewable in <a
href="https://github.com/gentoo90/winreg-rs/compare/v0.52.0...v0.55.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Whenever we route a packet from the Client to a DNS resource, we now
also capture the domain name. If this is the first packet and we are
thus creating a new flow, we'll save that domain in it. Later packets
for the same IP are rolled up under the same flow and thus don't need to
re-set the domain.
Resolves: #10691
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 24.5.0 to 24.5.2.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [etherparse](https://github.com/JulianSchmid/etherparse) from
0.17.0 to 0.19.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/JulianSchmid/etherparse/releases">etherparse's
releases</a>.</em></p>
<blockquote>
<h2>v0.19.0 Add basic ICMPv6 Neighbor Discovery Support</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: add ICMPv6 neighbour solicitation by <a
href="https://github.com/thomaseizinger"><code>@thomaseizinger</code></a>
in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/129">JulianSchmid/etherparse#129</a></li>
<li>Minor fixups for ICMPv6 NeighborSolicitation &
NeighborAdvertisement & Add RouterSolicitation &
RouterAdvertisement & Redirect by <a
href="https://github.com/JulianSchmid"><code>@JulianSchmid</code></a>
in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/130">JulianSchmid/etherparse#130</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/thomaseizinger"><code>@thomaseizinger</code></a>
made their first contribution in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/129">JulianSchmid/etherparse#129</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/JulianSchmid/etherparse/compare/v0.18.2...v0.19.0">https://github.com/JulianSchmid/etherparse/compare/v0.18.2...v0.19.0</a></p>
<h2>v0.18.2 Add core::error::Error implementation to non_std build</h2>
<h2>What's Changed</h2>
<ul>
<li>Implement core::error::Error for the error types by <a
href="https://github.com/xyzzyz"><code>@xyzzyz</code></a> in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/127">JulianSchmid/etherparse#127</a></li>
<li>Increment version 0.18.2 by <a
href="https://github.com/JulianSchmid"><code>@JulianSchmid</code></a>
in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/128">JulianSchmid/etherparse#128</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/xyzzyz"><code>@xyzzyz</code></a> made
their first contribution in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/127">JulianSchmid/etherparse#127</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/JulianSchmid/etherparse/compare/v0.18.1...v0.18.2">https://github.com/JulianSchmid/etherparse/compare/v0.18.1...v0.18.2</a></p>
<h2>v0.18.1 Add LaxPacketHeader:: from_linux_sll</h2>
<h2>What's Changed</h2>
<ul>
<li>Add from_linux_sll for LaxPacketHeaders by <a
href="https://github.com/shu-kitamura"><code>@shu-kitamura</code></a>
in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/125">JulianSchmid/etherparse#125</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/shu-kitamura"><code>@shu-kitamura</code></a>
made their first contribution in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/125">JulianSchmid/etherparse#125</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/JulianSchmid/etherparse/compare/v0.18.0...v0.18.1">https://github.com/JulianSchmid/etherparse/compare/v0.18.0...v0.18.1</a></p>
<h2>v0.18.0 MACsec Support & ECN+DSCP Support for IPv6</h2>
<h2>What are the major changes?</h2>
<ul>
<li>Support for MACsec (IEEE 802.1AE)</li>
<li>The <code>vlan</code> field in <code>SlicedPacket</code>,
<code>LaxSlicedPacket</code>, <code>PacketHeaders</code>,
<code>LaxPacketHeaders</code> has been replaced with
<code>link_exts</code>.</li>
<li><code>Ipv4Ecn</code> & <code>Ipv4Dscp</code> have been replaced
by <code>IpEcn</code> & <code>IpDscp</code>.</li>
<li><code>Ipv6Header</code> & <code>Ipv6HeaderSlice</code> now
supports the reading & setting of <code>IpEcn</code> &
<code>IpDscp</code> (thanks to <a
href="https://github.com/baxterjo"><code>@baxterjo</code></a>)</li>
<li><code>LaxEtherPayloadSlice</code> has been introduced &
<code>len_source</code> added to <code>EtherPayloadSlice</code>.</li>
<li><code>source_addr()</code> & <code>destination_addr()</code>
methods of <code>IpSlice</code>, <code>Ipv4HeaderSlice</code>,
<code>Ipv6Header</code>, <code>Ipv6HeaderSlice</code>,
<code>LaxIpSlice</code> are now available in non-std mode (thanks to <a
href="https://github.com/Dominaezzz"><code>@Dominaezzz</code></a>)</li>
<li>Minimum supported Rust version as been configured to 1.83.0 (thanks
to <a
href="https://github.com/baxterjo"><code>@baxterjo</code></a>)</li>
</ul>
<h3>What is MACsec (IEEE 802.1AE)?</h3>
<p>MACsec is a protocol that allows the signing and/or encryption of
packet contents from the link layer downwards. The main difference
between MACsec and IPSec is that IPSec is located after the IP header
while MACsec is located above the IP header and can also encrypt the
contents of the IP header itself while IPSSec does not encrypt the IP
header. As such MACsec is usually used to secure local networks, while
IPSec is more commonly used for VPNs and alike that leave the local
network.</p>
<h3>Changes needed for MACsec Support</h3>
<p>Adding MACsec support required some breaking changes, specifically on
how VLAN headers are handled. The MACsec SECTAG is a header that can be
present in the same locations as "VLAN" headers. It has no
fixed position and can be located before or after VLAN headers or after
the Ethernet 2 header without a VLAN header being present at all. This
invalidates the assumption <code>etherparse</code> had in previous
versions that VLAN headers are always directly located after the
Ethernet2 header and that if there are multiple VLAN headers that they
are directly located after each other. Now there could be a MACsec
header present in between VLAN headers.</p>
<p>To support the different combinations of MACSec & VLAN headers
the <code>vlan</code> field in <code>SlicedPacket</code>,
<code>PacketHeaders</code>, <code>LaxSlicedPacket</code> &
<code>LaxPacketHeaders</code> has been replaced with a
<code>link_exts</code> field that can contain up to three "link
extensions":</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b76f71ac3e"><code>b76f71a</code></a>
Update version to 0.19.0 for etherparse</li>
<li><a
href="9fd5758f78"><code>9fd5758</code></a>
Merge pull request <a
href="https://redirect.github.com/JulianSchmid/etherparse/issues/130">#130</a>
from JulianSchmid/coverage-fixups</li>
<li><a
href="cd9266d03f"><code>cd9266d</code></a>
Add Router & Redirect ICMPv6 messages</li>
<li><a
href="e50e502898"><code>e50e502</code></a>
Renamed neighbour_discovery.rs to neighbor_advertisement_header.rs</li>
<li><a
href="46b4dfbfcf"><code>46b4dfb</code></a>
Further tests for coverage</li>
<li><a
href="d821f04435"><code>d821f04</code></a>
Further tests for coverage</li>
<li><a
href="454c35c271"><code>454c35c</code></a>
Increment version to 0.19.0</li>
<li><a
href="79b915aa2d"><code>79b915a</code></a>
Minor fixups for ICMPv6</li>
<li><a
href="9e967ba879"><code>9e967ba</code></a>
Merge pull request <a
href="https://redirect.github.com/JulianSchmid/etherparse/issues/129">#129</a>
from thomaseizinger/feat/icmpv6-neighbour-soliciation</li>
<li><a
href="e59fc8498b"><code>e59fc84</code></a>
Add ICMPv6 neighbour solicitation</li>
<li>Additional commits viewable in <a
href="https://github.com/JulianSchmid/etherparse/compare/v0.17.0...v0.19.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Bumps [ringbuffer](https://github.com/NULLx76/ringbuffer) from 0.15.0 to
0.16.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/NULLx76/ringbuffer/releases">ringbuffer's
releases</a>.</em></p>
<blockquote>
<h2>0.16.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Implement nth and nth_back to provide a O(1) way of skipping through
elements by <a
href="https://github.com/cdellacqua"><code>@cdellacqua</code></a> in <a
href="https://redirect.github.com/NULLx76/ringbuffer/pull/142">NULLx76/ringbuffer#142</a></li>
<li>Increase copy speed by orders of magnitude by <a
href="https://github.com/cdellacqua"><code>@cdellacqua</code></a> in <a
href="https://redirect.github.com/NULLx76/ringbuffer/pull/142">NULLx76/ringbuffer#142</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/NULLx76/ringbuffer/compare/0.15.0...v0.16.0">https://github.com/NULLx76/ringbuffer/compare/0.15.0...v0.16.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8aaaec89b0"><code>8aaaec8</code></a>
Merge pull request <a
href="https://redirect.github.com/NULLx76/ringbuffer/issues/145">#145</a>
from NULLx76/v0.16.0</li>
<li><a
href="b6adc9520f"><code>b6adc95</code></a>
bump version to 0.16.0</li>
<li><a
href="5250e7bca3"><code>5250e7b</code></a>
fix toml</li>
<li><a
href="ecdc089764"><code>ecdc089</code></a>
Merge branch 'main' of github.com:NULLx76/ringbuffer</li>
<li><a
href="c89c9ae35d"><code>c89c9ae</code></a>
fix readme msrv</li>
<li><a
href="9f4b442a78"><code>9f4b442</code></a>
Merge pull request <a
href="https://redirect.github.com/NULLx76/ringbuffer/issues/141">#141</a>
from cdellacqua/main</li>
<li><a
href="400dac6032"><code>400dac6</code></a>
Merge pull request <a
href="https://redirect.github.com/NULLx76/ringbuffer/issues/144">#144</a>
from NULLx76/fix-ci</li>
<li><a
href="27ddaea900"><code>27ddaea</code></a>
update ci workflows</li>
<li><a
href="f0224853e1"><code>f022485</code></a>
Merge remote-tracking branch 'origin/main' into cdellacqua/main</li>
<li><a
href="a9383ff84e"><code>a9383ff</code></a>
Merge branch 'main' of github.com:NULLx76/ringbuffer</li>
<li>Additional commits viewable in <a
href="https://github.com/NULLx76/ringbuffer/compare/0.15.0...v0.16.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.22.0 to
3.23.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md">tempfile's
changelog</a>.</em></p>
<blockquote>
<h2>3.23.0</h2>
<ul>
<li>Remove need for the "nightly" feature to compile with
"wasip2".</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fe9f4a305b"><code>fe9f4a3</code></a>
chore: release v3.23.0 (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/381">#381</a>)</li>
<li><a
href="006c3fd55a"><code>006c3fd</code></a>
fix: use std::os::fd instead of std::os::wasi (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/380">#380</a>)</li>
<li><a
href="b0e6309a58"><code>b0e6309</code></a>
doc: Update COPYRIGHT link (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/377">#377</a>)</li>
<li><a
href="2d6fc3fb57"><code>2d6fc3f</code></a>
Fix formatting in Builder::disable_cleanup documentation (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/375">#375</a>)</li>
<li>See full diff in <a
href="https://github.com/Stebalien/tempfile/compare/v3.22.0...v3.23.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Even prior to #10373, failures in resolving a name on the Gateway for a
DNS resource resulted in a failure of setting up the DNS resource NAT.
Without the DNS resource NAT, packets for that resource bounced on the
Gateway because we didn't have any traffic filters.
A non-existent filter is being treated as a "traffic not allowed" error
and we respond with an ICMP permission denied error. For domains where
both the A and AAAA query result in NXDOMAIN, that isn't necessarily
appropriate. Instead, I am proposing that for such cases, we want to
return a regular "address/host unreachable" ICMP error instead of the
more specific "permission denied" variant.
To achieve that, we refactor the Gateway's peer state to be able to hold
an `Option<IpAddr>` inside the `TranslationState`. This allows us to
always insert an entry for each proxy IP, even if we did not resolve any
IPs for it. Then, when receiving traffic for a proxy IP where the
resolved IP is `None`, we reply with the appropriate ICMP error.
As part of this, we also simplify the assignment of the proxy IPs. With
the NAT64 module removed, there is no more reason to cross-assign IPv4
and IPv6 addresses. We can simply leave the mappings for e.g. IPv6 proxy
addresses empty if the AAAA query didn't resolve anything.
From the Client's perspective, not much changes. The DNS resource NAT
setup will now succeed, even for domains that don't resolve to anything.
This doesn't change any behaviour though as we are currently already
passing packets through for failed DNS resource NAT setups. The main
change is that we now send back a different ICMP error. Most
importantly, the "address/host unreachable variant" does not trigger
#10462.
Bumps
[futures-bounded](https://github.com/thomaseizinger/rust-futures-bounded)
from 0.2.4 to 0.3.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/thomaseizinger/rust-futures-bounded/blob/main/CHANGELOG.md">futures-bounded's
changelog</a>.</em></p>
<blockquote>
<h2>0.3.0</h2>
<ul>
<li>Allow for multiple timer implementations.
See <a
href="https://redirect.github.com/thomaseizinger/rust-futures-bounded/pull/5">PR
5</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/thomaseizinger/rust-futures-bounded/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Bumps [proptest-state-machine](https://github.com/proptest-rs/proptest)
from 0.3.1 to 0.4.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c073d523dc"><code>c073d52</code></a>
new releases for all crates (<a
href="https://redirect.github.com/proptest-rs/proptest/issues/578">#578</a>)</li>
<li><a
href="cea7a0215d"><code>cea7a02</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/574">#574</a>
from Nicolapps/nicolas/fix-proptest-derive-urls-in-er...</li>
<li><a
href="ff04a9e842"><code>ff04a9e</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/576">#576</a>
from proptest-rs/rand-0.9</li>
<li><a
href="febd329dc7"><code>febd329</code></a>
fix state-machine shrinking on <= 1 transitions</li>
<li><a
href="ba38531db8"><code>ba38531</code></a>
Fix not seeding custom RNG algorithm properly</li>
<li><a
href="0730e7e98d"><code>0730e7e</code></a>
Move from deprecated <code>Rng::gen()</code> to
<code>Rng::random()</code></li>
<li><a
href="d6a14ff8af"><code>d6a14ff</code></a>
Custom <code>usize</code> and <code>isize</code> implementation</li>
<li><a
href="fc7543e62c"><code>fc7543e</code></a>
update rand to 0.9</li>
<li><a
href="7683f5b693"><code>7683f5b</code></a>
Fix URLs in proptest-derive error messages</li>
<li><a
href="f7f3600133"><code>f7f3600</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/573">#573</a>
from Nicolapps/nicolas/fix-test-name</li>
<li>Additional commits viewable in <a
href="https://github.com/proptest-rs/proptest/compare/proptest-state-machine-0.3.1...proptest-state-machine-0.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Network flow logs are a common feature of VPNs. Due to the nature of a
shared exit node, it is of great interest to a network analyst, which
TCP connections are getting routed through the tunnel, who is initiating
them, for long do they last and how much traffic is sent across them.
With this PR, the Firezone Gateway gains the ability of detecting the
TCP and UDP flows that are being routed through it. The information we
want to attach to these flows is spread out over several layers of the
packet handling code. To simplify the implementation and not complicate
the APIs unnecessarily, we chose to rely on TLS (thread-local storage)
for gathering all the necessary data as a packet gets passed through the
various layers. When using a const initializer, the overhead of a TLS
variable over an actual local variable is basically zero. The entire
routing state of the Gateway is also never sent across any threads,
making TLS variables a particularly good choice for this problem.
In its MVP form, the detected flows are only emitted on stdout and also
that only if `flow_logs=trace` is set using `RUST_LOG`. Early adopters
of this feature are encouraged to enable these logs as described and
then ingest the Gateway's logs into the SIEM of their choice for further
analysis.
Related: #8353
When working on the `client-ffi` module on a Linux or Windows machine,
we currently see a lot of "unused code" warnings. We could feature-gate
the remaining functions too but that would result in not having
code-completion on those platforms at all.
To make working on this module more ergonomic, we add a dummy
constructor for the session.
The crates from https://github.com/open-i18n/rust-unic are unmaintained but they are still being pulled in via `tauri`. Unfortunately, we have to wait for an MSRV bump from `tauri` before the update of `urlpattern` can be completed. Until then, we need to ignore these advisories to keep our CI passing.
Related: https://github.com/tauri-apps/tauri/pull/14195
As far as I can tell, the `async_runtime` config option doesn't exist in
UniFFI, hence we remove that.
Whilst going through the UniFFI docs, I also noticed that there is a
specific flag about Android that we can toggle on. Effectively, this
uses the shared
[`SystemCleaner`](https://developer.android.com/reference/android/system/SystemCleaner)
instead of a per-thread one which is supposed to be more performant.
Finally, using immutable records seems like a good idea as mutating any
FFI-originated field is not going to be reflected in connlib's state.
Preventing that at compile-time has a good chance of reducing bugs.
This code appears to be configured out in CI and thus we don't run
clippy there. My IDE pointed these out however so it seems fair enough
to fix them. It is just unnecessary references, doesn't actually have an
impact on the functionality.
In the spirit of making Firezone as robust as possible, we make the FFI
calls infallible and complete as much of the task as possible. For
example, we don't fail `setDns` entirely just because we cannot parse a
single DNS server's IP.
Resolves: #10611
With the introduction of the DNS cache for Clients in #10533, we now
enable a behaviour where we don't necessarily need to establish a
connection to a Gateway to resolve a DNS query if we still have a valid
entry in the DNS cache. In particular, the proptests discovered that:
- a DNS query for an upstream resolver
- which happens to be a resource
- and has a valid entry in the DNS cache
- but (no longer) a connection to the corresponding Gateway
will now serve the cached DNS records instead of establishing a new
connection to the Gateway. As a result, the site status which we assert
in the proptests remains in "unknown" instead of the expected "online".
Modelling the caching behaviour in the tests is rather tedious. To avoid
that, we set the TTL of all simulated upstream DNS responses to 1 which
effectively bypasses the cache. Whilst not an ideal solution, it ensures
that CI is consistently green without flaky tests. The DNS cache itself
is already unit-tested.
Similar to how resources can be edited to change their address, IP stack
or other properties, they can also be moved between different sites.
Currently, `connlib` requires the portal to explicitly remove the
resource and then re-add it for this to work.
Our system gets more robust if we also detect that the sites of a
resource have changed and handle it like other addressability changes.
To ensure that this works correctly, we also extend the proptests to
simulate addressability changes of resources.
Resolves: #9881
Related: #10593
In order to support flow logs, we need to associate each IP packet that
gets routed with its corresponding resource ID. Currently, we only track
what is necessary for the actual routing behaviour: The IP addresses and
the filters. Therefore, we extend the data structures in `peer` to also
track the `ResourceId` now.
The entire code within `peer` became a bit hard to manage so I took this
opportunity to split it out into two dedicated modules.
This PR forms the base for recording flows logs in #10576.
dependabot[bot]