mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-28 02:18:50 +00:00
070de1205dd842ffbe574d099f5f736995bde283
5197 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
070de1205d |
build(deps): Bump the lifecycle group in /kotlin/android with 3 updates (#6119)
Bumps the lifecycle group in /kotlin/android with 3 updates: androidx.lifecycle:lifecycle-runtime-ktx, androidx.lifecycle:lifecycle-viewmodel-ktx and androidx.lifecycle:lifecycle-livedata-ktx. Updates `androidx.lifecycle:lifecycle-runtime-ktx` from 2.8.3 to 2.8.4 Updates `androidx.lifecycle:lifecycle-viewmodel-ktx` from 2.8.3 to 2.8.4 Updates `androidx.lifecycle:lifecycle-livedata-ktx` from 2.8.3 to 2.8.4 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
8a8a44ac6b |
build(deps): Bump androidx.test.espresso:espresso-core from 3.5.1 to 3.6.1 in /kotlin/android (#6120)
Bumps androidx.test.espresso:espresso-core from 3.5.1 to 3.6.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
298c749f24 |
build(deps): Bump androidx.fragment:fragment-testing from 1.8.1 to 1.8.2 in /kotlin/android (#6121)
Bumps androidx.fragment:fragment-testing from 1.8.1 to 1.8.2. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
a5df4a5844 |
build(deps-dev): Bump typescript from 5.5.2 to 5.5.4 in /website (#6130)
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.5.2 to 5.5.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Microsoft/TypeScript/releases">typescript's releases</a>.</em></p> <blockquote> <h2>TypeScript 5.5.4</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-5/">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.4%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.4 (Stable)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.3%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.3 (Stable)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.2%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.2 (Stable)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.1%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.1 (RC)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.0%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.0 (Beta)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> <li><a href="https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild">NuGet package</a> (soon!)</li> </ul> <h2>TypeScript 5.5.3</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-5/">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.3%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.3 (Stable)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.2%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.2 (Stable)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.1%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.1 (RC)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.0%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.0 (Beta)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> <li><a href="https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild">NuGet package</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
fc4248b8c7 |
build(deps): Bump @next/third-parties from 14.2.3 to 14.2.5 in /website (#6129)
Bumps [@next/third-parties](https://github.com/vercel/next.js/tree/HEAD/packages/third-parties) from 14.2.3 to 14.2.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases"><code>@next/third-parties</code>'s releases</a>.</em></p> <blockquote> <h2>v14.2.5</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>avoid merging global css in a way that leaks into other chunk groups (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/67373">#67373</a>)</li> <li>Fix server action edge redirect with middleware rewrite (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/67148">#67148</a>)</li> <li>fix(next): reject protocol-relative URLs in image optimization (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/65752">#65752</a>)</li> <li>fix(next-swc): correct path interop to filepath for wasm (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/65633">#65633</a>)</li> <li>Use addDependency to track metadata route file changes (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/66714">#66714</a>)</li> <li>Fix noindex is missing on static not-found page (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/67135">#67135</a>)</li> <li>perf: improve retrieving versionInfo on Turbo HMR (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/67309">#67309</a>)</li> <li>fix(next/image): handle invalid url (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/67465">#67465</a>)</li> <li>fix(next): initial prefetch cache not set properly with different search params (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/65977">#65977</a>)</li> <li>fix: Backport class properties fix (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/67377">#67377</a>)</li> <li>Upgrade acorn (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/67592">#67592</a>)</li> </ul> <h3>Misc</h3> <ul> <li>Log stdio for pull-turbo-cache script (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/66759">#66759</a>)</li> <li>Ensure turbo is setup when building in docker (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/66804">#66804</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, <a href="https://github.com/ijjk"><code>@ijjk</code></a>, <a href="https://github.com/emmerich"><code>@emmerich</code></a>, <a href="https://github.com/huozhi"><code>@huozhi</code></a>, <a href="https://github.com/kdy1"><code>@kdy1</code></a>, <a href="https://github.com/kwonoj"><code>@kwonoj</code></a>, <a href="https://github.com/styfle"><code>@styfle</code></a>, and <a href="https://github.com/sokra"><code>@sokra</code></a> for helping!</p> <h2>v14.2.4</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: ensure route handlers properly track dynamic access (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/66446">#66446</a>)</li> <li>fix NextRequest proxy in edge runtime (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/66551">#66551</a>)</li> <li>Fix next/dynamic with babel and src dir (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/65177">#65177</a>)</li> <li>Use vercel deployment url for metadataBase fallbacks (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/65089">#65089</a>)</li> <li>fix(next/image): detect react@19 for fetchPriority prop (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/65235">#65235</a>)</li> <li>Fix loading navigation with metadata and prefetch (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/66447">#66447</a>)</li> <li>prevent duplicate RSC fetch when action redirects (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/66620">#66620</a>)</li> <li>ensure router cache updates reference the latest cache values (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/66681">#66681</a>)</li> <li>Prevent append of trailing slash in cases where path ends with a file extension (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/66636">#66636</a>)</li> <li>Fix inconsistency with 404 getStaticProps cache-control (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/66674">#66674</a>)</li> <li>Use addDependency to track metadata route file changes (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/66714">#66714</a>)</li> <li>Add timeout/retry handling for fetch cache (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/66652">#66652</a>)</li> <li>fix: app-router prefetch crash when an invalid URL is passed to Link (<a href="https://github.com/vercel/next.js/tree/HEAD/packages/third-parties/issues/66755">#66755</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/ztanner"><code>@ztanner</code></a>, <a href="https://github.com/ijjk"><code>@ijjk</code></a>, <a href="https://github.com/wbinnssmith"><code>@wbinnssmith</code></a>, <a href="https://github.com/huozhi"><code>@huozhi</code></a>, and <a href="https://github.com/lubieowoce"><code>@lubieowoce</code></a> for helping!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Gabi
|
6ce4b6f171 |
fix(android): on full route dont allow bypass vpn (#6133)
If blocking non-vpn connections `allowBypass` breaks the VPN. To fix this, we disable `allowBypass` when full-route is enable. Fixes #4834 (hopefully) |
||
|
dependabot[bot]
|
5a1813a421 |
build(deps): Bump com.google.firebase:firebase-bom from 33.1.1 to 33.1.2 in /kotlin/android (#6123)
Bumps com.google.firebase:firebase-bom from 33.1.1 to 33.1.2. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Reactor Scram
|
23161ec840 |
chore(gui-client): release 1.1.8 (#6136)
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com> |
||
|
Patti
|
d38d12a1e9 | fix(website): Squashed all website change commits from patti/fix-responsiveness (#6135) | ||
|
dependabot[bot]
|
8f17ef933b |
build(deps-dev): Bump tailwindcss from 3.4.6 to 3.4.7 in /rust/gui-client (#6125)
Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss) from 3.4.6 to 3.4.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's releases</a>.</em></p> <blockquote> <h2>v3.4.7</h2> <h3>Fixed</h3> <ul> <li>Fix class detection in Slim templates with attached attributes and ID (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14019">#14019</a>)</li> <li>Ensure attribute values in <code>data-*</code> and <code>aria-*</code> modifiers are always quoted in the generated CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14037">#14037</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/blob/v3.4.7/CHANGELOG.md">tailwindcss's changelog</a>.</em></p> <blockquote> <h2>[3.4.7] - 2024-07-25</h2> <h3>Fixed</h3> <ul> <li>Fix class detection in Slim templates with attached attributes and ID (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14019">#14019</a>)</li> <li>Ensure attribute values in <code>data-*</code> and <code>aria-*</code> modifiers are always quoted in the generated CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14037">#14037</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
122f11892c |
build(deps-dev): Bump @types/node from 20.14.12 to 22.0.2 in /rust/gui-client (#6124)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 20.14.12 to 22.0.2. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Jamil
|
09c108cd20 |
fix(connlib): make Relay connectivity error log at ERROR level (#6105)
This almost always indicate a user-impacting connectivity error. For customers troubleshooting their Gateways by greping for `ERROR`, this will make these much easier to find. --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Andrew Dryga
|
8e1eb2429d |
fix(portal): Decrease WS timeouts for relays and gateways (#6112)
Related to #6095 |
||
|
Reactor Scram
|
78cca053a6 |
ci(client/tauri): upgrade pnpm from 8.x to 9.3 (#6114)
Closes #5859 The Git version was always showing `-modified` because the lockfile was made by pnpm 9, and pnpm would modify it to work with pnpm 8. |
||
|
Jamil
|
b1ed47ab41 |
docs: Mention stateless firewall ports (#6113)
This clears up any confusion for AWS users who have customized their ACLs. |
||
|
Reactor Scram
|
e856dc5eb2 |
refactor(client/kotlin): save settings the same way everything else gets saved (#6097)
We can reuse `Config` instead of repeating the names of the three strings everywhere. |
||
|
Brian Manifold
|
3edbbfc8a2 |
fix(portal): Fix placement of 'sign-in w/ providers' heading (#6106)
Small UI/UX change. The 'Sign in with a configured provider' header was always being shown, even if the account didn't have an OIDC provider configured (i.e. all new accounts) ### Before <img width="607" alt="Screenshot 2024-07-31 at 11 17 29 AM" src="https://github.com/user-attachments/assets/e6d6d79d-509d-4d29-a051-7d836aa5b720"> ### After <img width="593" alt="Screenshot 2024-07-31 at 12 21 58 PM" src="https://github.com/user-attachments/assets/db02979a-12b6-4620-b84c-0309931a6b52"> <img width="696" alt="Screenshot 2024-07-31 at 12 18 35 PM" src="https://github.com/user-attachments/assets/db2b94b1-05e1-4f81-a2c5-e2befb19957e"> |
||
|
Reactor Scram
|
ad64de7206 |
refactor(client/kotlin): remove interface layer that seemed redundant (#6102)
I'm opening PRs for small refactors around the code I'm changing for adding the Favorites menu. Just anything where I read it and, as a Kotlin noobie, took longer than expected to understand |
||
|
Jamil
|
7c6567c969 |
Update README.md
Signed-off-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Thomas Eizinger
|
1fb41a87ef |
chore: instruct users to use systemctl edit (#6098)
Edit to unit files are likely to be overwritten by upgrades to it. To prevent users from losing their edits, redirect them to use `systemd`'s `edit` functionality instead. Signed-off-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Gabi
|
5841f297a5 |
fix(gateway): prevent routing loops (#6096)
In some weird conditions there might be routing loops in the gateway too, so this fixes it and it doesn't do any harm. Could be the cause behind [these logs](https://github.com/firezone/firezone/issues/6067#issuecomment-2259081958) |
||
|
Thomas Eizinger
|
64d2d89542 |
test(connlib): add coverage for the Internet Resource (#6089)
With the upcoming feature of full-route tunneling aka an "Internet Resource", we need to expand the reference state machine in `tunnel_test`. In particular, packets to non-resources will now be routed the gateway if we have previously activated the Internet resource. This is reasonably easy to model as we can see from the small diff. Because `connlib` doesn't actually support the Internet resource yet, the code snippet for where it is added to the list of all possible resources to sample from is commented out. |
||
|
Thomas Eizinger
|
a25e1d10f0 |
chore: optimise tunnel_test debug output (#6088)
When `tunnel_test` fails, it prints the initial state in verbose debug formatting. Most of the fields in `RefClient` track state _during_ the runtime of the test and are all empty initially. The same thing applies to `Host`. To make this output easier to read and scroll, we ignore some of these fields in the debug output. |
||
|
Thomas Eizinger
|
308d49865d |
build(deps): remove proptest fork (#6084)
The bugfix we have been waiting on has been merged and thus we no longer need to rely on our fork. Related: https://github.com/proptest-rs/proptest/pull/482. |
||
|
Jamil
|
8533ec9650 |
fix(docs): Fix steps for tab (#6093)
Instructions are in the terraform tab, not GCP/AWS/Azure |
||
|
dependabot[bot]
|
bd49298240 |
build(deps): Bump tokio from 1.38.0 to 1.39.2 in /rust (#6082)
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.38.0 to 1.39.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tokio/releases">tokio's releases</a>.</em></p> <blockquote> <h2>Tokio v1.39.2</h2> <h1>1.39.2 (July 27th, 2024)</h1> <p>This release fixes a regression where the <code>select!</code> macro stopped accepting expressions that make use of temporary lifetime extension. (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6722">#6722</a>)</p> <p><a href="https://redirect.github.com/tokio-rs/tokio/issues/6722">#6722</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/6722">tokio-rs/tokio#6722</a></p> <h2>Tokio v1.39.1</h2> <h1>1.39.1 (July 23rd, 2024)</h1> <p>This release reverts "time: avoid traversing entries in the time wheel twice" because it contains a bug. (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6715">#6715</a>)</p> <p><a href="https://redirect.github.com/tokio-rs/tokio/issues/6715">#6715</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/6715">tokio-rs/tokio#6715</a></p> <h2>Tokio v1.39.0</h2> <h1>1.39.0 (July 23rd, 2024)</h1> <ul> <li>This release bumps the MSRV to 1.70. (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6645">#6645</a>)</li> <li>This release upgrades to mio v1. (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6635">#6635</a>)</li> <li>This release upgrades to windows-sys v0.52 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6154">#6154</a>)</li> </ul> <h3>Added</h3> <ul> <li>io: implement <code>AsyncSeek</code> for <code>Empty</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6663">#6663</a>)</li> <li>metrics: stabilize <code>num_alive_tasks</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6619">#6619</a>, <a href="https://redirect.github.com/tokio-rs/tokio/issues/6667">#6667</a>)</li> <li>process: add <code>Command::as_std_mut</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6608">#6608</a>)</li> <li>sync: add <code>watch::Sender::same_channel</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6637">#6637</a>)</li> <li>sync: add <code>{Receiver,UnboundedReceiver}::{sender_strong_count,sender_weak_count}</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6661">#6661</a>)</li> <li>sync: implement <code>Default</code> for <code>watch::Sender</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6626">#6626</a>)</li> <li>task: implement <code>Clone</code> for <code>AbortHandle</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6621">#6621</a>)</li> <li>task: stabilize <code>consume_budget</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6622">#6622</a>)</li> </ul> <h3>Changed</h3> <ul> <li>io: improve panic message of <code>ReadBuf::put_slice()</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6629">#6629</a>)</li> <li>io: read during write in <code>copy_bidirectional</code> and <code>copy</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6532">#6532</a>)</li> <li>runtime: replace <code>num_cpus</code> with <code>available_parallelism</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6709">#6709</a>)</li> <li>task: avoid stack overflow when passing large future to <code>block_on</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6692">#6692</a>)</li> <li>time: avoid traversing entries in the time wheel twice (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6584">#6584</a>)</li> <li>time: support <code>IntoFuture</code> with <code>timeout</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6666">#6666</a>)</li> <li>macros: support <code>IntoFuture</code> with <code>join!</code> and <code>select!</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6710">#6710</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>docs: fix docsrs builds with the fs feature enabled (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6585">#6585</a>)</li> <li>io: only use short-read optimization on known-to-be-compatible platforms (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6668">#6668</a>)</li> <li>time: fix overflow panic when using large durations with <code>Interval</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/6612">#6612</a>)</li> </ul> <h3>Added (unstable)</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
22ad454a19 |
fix(infra): Use simpler cluster_version (#6094)
<img width="1050" alt="Screenshot 2024-07-30 at 11 23 42 AM" src="https://github.com/user-attachments/assets/fbbcad57-4ada-4ef2-9a9e-d67ceac9e0a2"> --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Andrew Dryga
|
6d8ed3a6d5 |
fix(infra): Manually manage the version of Erlang cluster state (#6087)
Whenever we deploy we risk of having a "split brain" every time deployment doesn't finalize for all the components. This causes our API layer (relays, clients, gateways) to see each other but their status (due to missing presence) is rendered incorrectly in web. To solve this we will be managing the cluster state manually and changing it version every time there is a breaking change to the state, this is more prone to "human errors" but, since we don't change it much, still better for overall uptime of the portal. |
||
|
Reactor Scram
|
1c4a85ff40 |
chore(gui-client): make links more obvious in the menu (#6071)
Closes https://github.com/firezone/firezone/issues/5954 After: <img width="552" alt="image" src="https://github.com/user-attachments/assets/2f923e5a-091e-49ec-8b55-07cacb87e0a7"> Before:  Puts angle brackets around links, e.g. `example.com` will copy that text, but `<https://example.com>` will open `https://example.com`/ in the browser. The Tauri menu is a least-common-denominator of Linux and Windows, so it doesn't have nice features like blue underlines for hyperlinks. |
||
|
Reactor Scram
|
e6cbb5fa8a |
feat(gui-client/linux): network roaming (#5978)
Closes #5846 Will be moved down to the IPC service eventually. The goal for connection roaming is not for totally transparent "Change Wi-Fi networks without dropping SSH" handoffs, but just for Firezone to re-connect itself as quickly as possible so that everything above us can re-connect as quickly as it times out, and won't be hung up with a broken tunnel. |
||
|
Reactor Scram
|
7d1fa247c5 |
refactor(gui-client): refactor menu so it's testable (#6070)
Extracted from #5923 |
||
|
Jamil
|
9d8a15ebee |
ci: Use the same version of buildx for building, tagging, and merging images (#6066)
In debugging https://firezone.statuspage.io/incidents/3vjmjmbh92mw, we realized that we use potentially different versions of buildx. This PR fixes that. |
||
|
Jamil
|
4ca090e582 | fix(website): fix backed by and battlecard logo (#6092) | ||
|
Reactor Scram
|
cab6a5a21c |
chore(client/macos): align the signed-in-and-connected tray icon (#6069)
Closes #6052 The new icon is here https://www.figma.com/design/THvQQ1QxKlsk47H9DZ2bhN/Core-Library?node-id=1305-799&t=kASomGCOu5fsLmCs-0 The swipe diff makes it easy to see <img width="400" alt="image" src="https://github.com/user-attachments/assets/cde4da25-9c02-4ab2-b342-367868825217"> Also, **is the 95% opacity also intentional?** I saw that some icons have 100% opacity black, and the connecting icons are mixed 45% and 95%, and the signed-in icon was 95% opacity, so I stuck with that. |
||
|
Thomas Eizinger
|
c6b576d1b1 |
fix(gateway): ignore non-client packets (#6086)
On the gateway, the only packets we are interested in receiving on the TUN device are the ones destined for clients. To achieve this, we specifically set routes for the reserved IP ranges on our interface. Multicast packets as such as MLDV2 get sent to all packets and cause unnecessary noise in our logs. Thus, as a defense-in-depth measure, we drop all packets outside of the IP ranges reserved for our clients. |
||
|
Jamil
|
be15afdabd |
feat(website): New landing page hero and footer (#6075)
refs #5962 |
||
|
Thomas Eizinger
|
0230708182 |
feat(connlib): pick a single relay for each connection (#6060)
Currently, each connection always uses all relays. That is pretty wasteful in terms of bandwidth usage and processing power because we only ever need a a single relay for a connection. When we re-deploy relays, we actively invalidate them, meaning the connection gets cut instantly without waiting for an ICE timeout and the next packet will establish a new one. This is now also asserted with a dedicated transition in `tunnel_test`. To correctly simulate this in `tunnel_test`, we always cut the connection to all relays. This frees us from modelling `connlib`'s internal strategy for picking a relay which keeps the reference state simple. Resolves: #6014. |
||
|
dependabot[bot]
|
026feefc2c |
build(deps): Bump log from 0.4.21 to 0.4.22 in /rust (#6081)
Bumps [log](https://github.com/rust-lang/log) from 0.4.21 to 0.4.22. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/log/blob/master/CHANGELOG.md">log's changelog</a>.</em></p> <blockquote> <h2>[0.4.22] - 2024-06-27</h2> <h2>What's Changed</h2> <ul> <li>Add some clarifications to the library docs by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/620">rust-lang/log#620</a></li> <li>Add links to <code>colog</code> crate by <a href="https://github.com/chrivers"><code>@chrivers</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/621">rust-lang/log#621</a></li> <li>adding line_number test + updating some testing infrastructure by <a href="https://github.com/DIvkov575"><code>@DIvkov575</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/619">rust-lang/log#619</a></li> <li>Clarify the actual set of functions that can race in _racy variants by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/623">rust-lang/log#623</a></li> <li>Replace deprecated std::sync::atomic::spin_loop_hint() by <a href="https://github.com/Catamantaloedis"><code>@Catamantaloedis</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/625">rust-lang/log#625</a></li> <li>Check usage of max_level features by <a href="https://github.com/Thomasdezeeuw"><code>@Thomasdezeeuw</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/627">rust-lang/log#627</a></li> <li>Remove unneeded import by <a href="https://github.com/Thomasdezeeuw"><code>@Thomasdezeeuw</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/628">rust-lang/log#628</a></li> <li>Loosen orderings for logger initialization in <a href="https://redirect.github.com/rust-lang/log/pull/632">rust-lang/log#632</a>. Originally by <a href="https://github.com/pwoolcoc"><code>@pwoolcoc</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/599">rust-lang/log#599</a></li> <li>Use Location::caller() for file and line info in <a href="https://redirect.github.com/rust-lang/log/pull/633">rust-lang/log#633</a>. Originally by <a href="https://github.com/Cassy343"><code>@Cassy343</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/520">rust-lang/log#520</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/chrivers"><code>@chrivers</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/621">rust-lang/log#621</a></li> <li><a href="https://github.com/DIvkov575"><code>@DIvkov575</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/619">rust-lang/log#619</a></li> <li><a href="https://github.com/Catamantaloedis"><code>@Catamantaloedis</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/625">rust-lang/log#625</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rust-lang/log/compare/0.4.21...0.4.22">https://github.com/rust-lang/log/compare/0.4.21...0.4.22</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
14a93e0d4d |
refactor(connlib): use const ctors for IpNetwork (#6085)
|
||
|
dependabot[bot]
|
509f7ab6c4 |
build(deps): Bump zip from 2.1.3 to 2.1.5 in /rust (#6079)
Bumps [zip](https://github.com/zip-rs/zip2) from 2.1.3 to 2.1.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/zip-rs/zip2/releases">zip's releases</a>.</em></p> <blockquote> <h2>v2.1.5</h2> <h3><!-- raw HTML omitted -->🚜 Refactor</h3> <ul> <li>change invalid_state() return type to io::Result<!-- raw HTML omitted --></li> </ul> <h2>v2.1.4</h2> <h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3> <ul> <li>fix(<a href="https://redirect.github.com/zip-rs/zip2/pull/215">#215</a>): Upgrade to deflate64 0.1.9</li> <li>Panic when reading a file truncated in the middle of an XZ block header</li> <li>Some archives with over u16::MAX files were handled incorrectly or slowly (<a href="https://redirect.github.com/zip-rs/zip2/pull/189">#189</a>)</li> <li>Check number of files when deciding whether a CDE is the real one</li> <li>Could still select a fake CDE over a real one in some cases</li> <li>May have to consider multiple CDEs before filtering for validity</li> <li>We now keep searching for a real CDE header after read an invalid one from the file comment</li> <li>Always search for data start when opening an archive for append, and reject the header if data appears to start after central directory</li> <li><code>deep_copy_file</code> no longer allows overwriting an existing file, to match the behavior of <code>shallow_copy_file</code></li> <li>File start position was wrong when extra data was present</li> <li>Abort file if central extra data is too large</li> <li>Overflow panic when central directory extra data is too large</li> <li>ZIP64 header was being written twice when copying a file</li> <li>ZIP64 header was being written to central header twice</li> <li>Start position was incorrect when file had no extra data</li> <li>Allow all reserved headers we can create</li> <li>Fix a bug where alignment padding interacts with other extra-data fields</li> <li>Fix bugs involving alignment padding and Unicode extra fields</li> <li>Incorrect header when adding AES-encrypted files</li> <li>Parse the extra field and reject it if invalid</li> <li>Incorrect behavior following a rare combination of <code>merge_archive</code>, <code>abort_file</code> and <code>deep_copy_file</code>. As well, we now return an error when a file is being copied to itself.</li> <li>path_to_string now properly handles the case of an empty path</li> <li>Implement <code>Debug</code> for <code>ZipWriter</code> even when it's not implemented for the inner writer's type</li> <li>Fix an issue where the central directory could be incorrectly detected</li> <li><code>finish_into_readable()</code> would corrupt the archive if the central directory had moved</li> </ul> <h3><!-- raw HTML omitted -->🚜 Refactor</h3> <ul> <li>Verify with debug assertions that no FixedSizeBlock expects a multi-byte alignment (<a href="https://redirect.github.com/zip-rs/zip2/pull/198">#198</a>)</li> <li>Use new do_or_abort_file method</li> </ul> <h3><!-- raw HTML omitted -->⚡ Performance</h3> <ul> <li>Speed up CRC when encrypting small files</li> <li>Limit the number of extra fields</li> <li>Refactor extra-data validation</li> <li>Store extra data in plain vectors until after validation</li> <li>Only build one IndexMap after choosing among the possible valid headers</li> <li>Simplify validation of empty extra-data fields</li> <li>Validate automatic extra-data fields only once, even if several are present</li> <li>Remove redundant <code>validate_extra_data()</code> call</li> <li>Skip searching for the ZIP32 header if a valid ZIP64 header is present (<a href="https://redirect.github.com/zip-rs/zip2/pull/189">#189</a>)</li> </ul> <h3><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h3> <ul> <li>Fix a bug introduced by c934c824</li> <li>Fix a failing unit test</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/zip-rs/zip2/blob/master/CHANGELOG.md">zip's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/zip-rs/zip2/compare/v2.1.4...v2.1.5">2.1.5</a> - 2024-07-20</h2> <h3><!-- raw HTML omitted -->🚜 Refactor</h3> <ul> <li>change invalid_state() return type to io::Result<!-- raw HTML omitted --></li> </ul> <h2><a href="https://github.com/zip-rs/zip2/compare/v2.1.3...v2.1.4">2.1.4</a> - 2024-07-18</h2> <h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3> <ul> <li>fix(<a href="https://redirect.github.com/zip-rs/zip2/pull/215">#215</a>): Upgrade to deflate64 0.1.9</li> <li>Panic when reading a file truncated in the middle of an XZ block header</li> <li>Some archives with over u16::MAX files were handled incorrectly or slowly (<a href="https://redirect.github.com/zip-rs/zip2/pull/189">#189</a>)</li> <li>Check number of files when deciding whether a CDE is the real one</li> <li>Could still select a fake CDE over a real one in some cases</li> <li>May have to consider multiple CDEs before filtering for validity</li> <li>We now keep searching for a real CDE header after read an invalid one from the file comment</li> <li>Always search for data start when opening an archive for append, and reject the header if data appears to start after central directory</li> <li><code>deep_copy_file</code> no longer allows overwriting an existing file, to match the behavior of <code>shallow_copy_file</code></li> <li>File start position was wrong when extra data was present</li> <li>Abort file if central extra data is too large</li> <li>Overflow panic when central directory extra data is too large</li> <li>ZIP64 header was being written twice when copying a file</li> <li>ZIP64 header was being written to central header twice</li> <li>Start position was incorrect when file had no extra data</li> <li>Allow all reserved headers we can create</li> <li>Fix a bug where alignment padding interacts with other extra-data fields</li> <li>Fix bugs involving alignment padding and Unicode extra fields</li> <li>Incorrect header when adding AES-encrypted files</li> <li>Parse the extra field and reject it if invalid</li> <li>Incorrect behavior following a rare combination of <code>merge_archive</code>, <code>abort_file</code> and <code>deep_copy_file</code>. As well, we now return an error when a file is being copied to itself.</li> <li>path_to_string now properly handles the case of an empty path</li> <li>Implement <code>Debug</code> for <code>ZipWriter</code> even when it's not implemented for the inner writer's type</li> <li>Fix an issue where the central directory could be incorrectly detected</li> <li><code>finish_into_readable()</code> would corrupt the archive if the central directory had moved</li> </ul> <h3><!-- raw HTML omitted -->🚜 Refactor</h3> <ul> <li>Verify with debug assertions that no FixedSizeBlock expects a multi-byte alignment (<a href="https://redirect.github.com/zip-rs/zip2/pull/198">#198</a>)</li> <li>Use new do_or_abort_file method</li> </ul> <h3><!-- raw HTML omitted -->⚡ Performance</h3> <ul> <li>Speed up CRC when encrypting small files</li> <li>Limit the number of extra fields</li> <li>Refactor extra-data validation</li> <li>Store extra data in plain vectors until after validation</li> <li>Only build one IndexMap after choosing among the possible valid headers</li> <li>Simplify validation of empty extra-data fields</li> <li>Validate automatic extra-data fields only once, even if several are present</li> <li>Remove redundant <code>validate_extra_data()</code> call</li> <li>Skip searching for the ZIP32 header if a valid ZIP64 header is present (<a href="https://redirect.github.com/zip-rs/zip2/pull/189">#189</a>)</li> </ul> <h3><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Gabi
|
c3a45f53df |
fix(connlib): prevent routing loops on windows (#6032)
In `connlib`, traffic is sent through sockets via one of three ways: 1. Direct p2p traffic between clients and gateways: For these, we always explicitly set the source IP (and thus interface). 2. UDP traffic to the relays: For these, we let the OS pick an appropriate source interface. 3. WebSocket traffic over TCP to the portal: For this too, we let the OS pick the source interface. For (2) and (3), it is possible to run into routing loops, depending on the routes that we have configured on the TUN device. In Linux, we can prevent routing loops by marking a socket [0] and repeating the mark when we add routes [1]. Packets sent via a marked socket won't be routed by a rule that contains this mark. On Android, we can do something similar by "protecting" a socket via a syscall on the Java side [2]. On Windows, routing works slightly different. There, the source interface is determined based on a computed metric [3] [4]. To prevent routing loops on Windows, we thus need to find the "next best" interface after our TUN interface. We can achieve this with a combination of several syscalls: 1. List all interfaces on the machine 2. Ask Windows for the best route on each interface, except our TUN interface. 3. Sort by Windows' routing metric and pick the lowest one (lower is better). Thanks to the abstraction of `SocketFactory` that we already previously introduced, Integrating this into `connlib` isn't too difficult: 1. For TCP sockets, we simply resolve the best route after creating the socket and then bind it to that local interface. That way, all packets will always going via that interface, regardless of which routes are present on our TUN interface. 2. UDP is connection-less so we need to decide per-packet, which interface to use. "Pick the best interface for me" is modelled in `connlib` via the `DatagramOut::src` field being `None`. - To ensure those packets don't cause a routing loop, we introduce a "source IP resolver" for our `UdpSocket`. This function gets called every time we need to send a packet without a source IP. - For improved performance, we cache these results. The Windows client uses this source IP resolver to use the above devised strategy to find a suitable source IP. - In case the source IP resolution fails, we don't send the packet. This is important, otherwise, the kernel might choose our TUN interface again and trigger a routing loop. The last remark to make here is that this also works for connection roaming. The TCP socket gets thrown away when we reconnect to the portal. Thus, the new socket will pick the new best interface as it is re-created. The UDP sockets also get thrown away as part of roaming. That clears the above cache which is what we want: Upon roaming, the best interface for a given destination IP will likely have changed. [0]: |
||
|
Thomas Eizinger
|
194eebd164 |
fix(connlib): de-prioritise timeout handling (#6077)
`connlib`'s event loop performs work in a very particular order: 1. Local buffers like IP, UDP and DNS packets are emptied. 2. Time-sensitive tasks, if any, are performed. 3. New UDP packets are processed. 4. New IP packets (from the TUN device) are processed. This priority ensures we don't accept more work (i.e. new packets) until we have finished processing existing work. As a result, we can keep local buffers small and processing latencies low. I am not completely confident on the issue of #6067 but if the busy-loop originates from a bad timer, then the above priority means we never get to the part where we read new UDP or IP packets and components such a `PhoenixChannel` - which operate outside of `connlib'`s event loop - don't get any CPU time. A naive fix for this problem is to just de-prioritise the polling of the timer within `Io::poll`. I say naive because without additional changes, this could delay the processing of time-sensitive tasks on a very busy client / gateway where packets are constantly arriving and thus we never[^1] reach the part where the timer gets polled. To fix this, we make two distinct changes: 1. We pro-actively break from `connlib'`s event loop every 5000 iterations. This ensures that even on a very busy system, other components like the `PhoenixChannel` get a chance to do _some_ work once in a while. 2. In case we force-yield from the event loop, we call `handle_timeout` and immediately schedule a new wake-up. This ensures time does advance in regular intervals as well and we don't get wrongly suspended by the runtime. These changes don't prevent any timer-loops by themselves. With a timer-loop, we still busy-loop for 5000 iterations and thus unnecessarily burn through some CPU cycles. The important bit however is that we stay operational and can accept packets and portal messages. Any of them might change the state such that the timer value changes, thus allowing `connlib` to self-heal from this loop. Fixes: #6067. [^1]: This is an assumption based on the possible control flow. In practise, I believe that reading from the sockets or the TUN device is a much slower operation than processing the packets. Thus, we should eventually hit the the timer path too. |
||
|
Brian Manifold
|
edc80129c8 |
feat(portal): Add REST API closed beta page (#6027)
Why: * Before the REST API is release to all Firezone users a closed beta program will be run. Rather than blurring out the API Clients page for users that are not apart of the closed beta program, a 'beta' page will be shown that will allow users to request access to the closed beta. Once the REST API is released to all accounts, all of this can be removed. Closes: #5920 ### Screenshot <img width="1445" alt="Screenshot 2024-07-24 at 6 55 36 PM" src="https://github.com/user-attachments/assets/a09591bc-190c-4bd4-9716-9a74a0f09e0a"> |
||
|
dependabot[bot]
|
09916dea7e |
build(deps-dev): Bump typescript from 5.5.2 to 5.5.4 in /scripts/tests/browser (#5986)
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.5.2 to 5.5.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Microsoft/TypeScript/releases">typescript's releases</a>.</em></p> <blockquote> <h2>TypeScript 5.5.4</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-5/">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.4%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.4 (Stable)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.3%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.3 (Stable)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.2%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.2 (Stable)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.1%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.1 (RC)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.0%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.0 (Beta)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> <li><a href="https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild">NuGet package</a> (soon!)</li> </ul> <h2>TypeScript 5.5.3</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-5/">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.3%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.3 (Stable)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.2%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.2 (Stable)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.1%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.1 (RC)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+5.5.0%22+is%3Aclosed+">fixed issues query for TypeScript v5.5.0 (Beta)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> <li><a href="https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild">NuGet package</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Reactor Scram
|
6e24e0201e |
chore(rust): bump Rust to 1.80 (#6065)
Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Thomas Eizinger
|
b29341be62 |
fix(connlib): clear timeout after it fired (#6076)
We don't want the timer to fire multiple times at the same `Instant` unless it has been specifically set to that `Instant` again. Thus, clear the timer after it fired. I don't think this fixed #6067 but it can't hurt. |
||
|
Thomas Eizinger
|
fc4b8c7b46 |
refactor: rename reconnect to reset (#6057)
Connection roaming within `connlib` has changed a fair-bit since we introduced the `reconnect` function. The new implementation is basically a hard-reset of all state within `connlib`. Renaming this function across all layers makes this more obvious. Resolves: #6038. |
||
|
Thomas Eizinger
|
356dd12e7f |
chore(connlib): remove duplicate Device::poll_read function (#6072)
The `Device` implementation is no longer platform-specific so we can delete the duplicated `poll_read` function. |
||
|
Jamil
|
ff88bffc03 |
fix(ux): Trim whitespace from address before validation (#6061)
When a user copy-pastes an address into the `address` field that contains a leading or trailing whitespace, it's not apparent why the address is invalid. This is common when copy-pasting DNS names from cloud consoles that have poor UIs, such as Azure. Fixes #6059 |
||
|
Thomas Eizinger
|
5687befc9d |
ci: use correct service name in docker-compose.yml (#6055)
The compose service I defined is called `otel` not `otlp`. With this fix in place, the relay successfully connects to the OTLP exporter. it is worthwhile noting that the connection to the OTLP exporter itself is not critical for relay operation. Even if it fails, it won't affect the actual data plane. I do think it makes sense to still have a working OTLP exporter in the compose definition. As it makes it easier to test whether the ingestion of metrics and traces works as expected. |