Closes#3521 because now almost all of the `?` in the main loop will log
an error and not bail. This is nice for trivial things like copying a
resource when we're not signed in. (e.g. User opens the menu, the token
expires, user clicks something, it should just do nothing instead of
crashing)
Closes a long-standing TODO for moving more of the request handling code
inside `impl Controller`
In order to bind a channel to an IPv4 peer, the client must have
previously made an IPv4 allocation. The same applies to IPv6. The relay
will enforce this and reject the channel binding if that isn't the case
but we shouldn't rely on this in the client code. Instead, we should not
attempt to bind a channel if we haven't previously made an allocation
for that IP family.
We always try to make an allocation for both IPv4 and IPv6 but not every
relay may operate in a dual-socket mode. Thus, it may only return an
IPv4 or an IPv6 address.
Initially, I thought it could be useful to keep the connection around in
case we want to do an ICE restart. We don't do that (yet) so for now,
the safer option is to just clean up all the state and let the upper
layers deal with reestablishing it.
This should hopefully fix the repeated emitting of the
`ConnectionFailed` event.
Bumps [minidumper](https://github.com/EmbarkStudios/crash-handling) from
0.8.0 to 0.8.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/EmbarkStudios/crash-handling/releases">minidumper's
releases</a>.</em></p>
<blockquote>
<h2>minidumper-0.8.1</h2>
<h3>Changed</h3>
<ul>
<li><a
href="https://redirect.github.com/EmbarkStudios/crash-handling/pull/81">PR#81</a>
resolved <a
href="https://redirect.github.com/EmbarkStudios/crash-handling/issues/80">#80</a>
by updating <code>polling</code> to 0.3.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3b77c9b00d"><code>3b77c9b</code></a>
chore: Release</li>
<li><a
href="d34d00bc51"><code>d34d00b</code></a>
chore: Release</li>
<li><a
href="789c99498c"><code>789c994</code></a>
Update CHANGELOGs</li>
<li><a
href="addf1486f8"><code>addf148</code></a>
Update (<a
href="https://redirect.github.com/EmbarkStudios/crash-handling/issues/81">#81</a>)</li>
<li><a
href="16c2545f2a"><code>16c2545</code></a>
chore: Release</li>
<li><a
href="955629bab9"><code>955629b</code></a>
Update CHANGELOG</li>
<li><a
href="5e907ff389"><code>5e907ff</code></a>
Add Android support for the i686 and x86-64 targets (<a
href="https://redirect.github.com/EmbarkStudios/crash-handling/issues/76">#76</a>)</li>
<li><a
href="14bba1b81e"><code>14bba1b</code></a>
Fix using <code>crash-handler</code> under Miri (<a
href="https://redirect.github.com/EmbarkStudios/crash-handling/issues/75">#75</a>)</li>
<li>See full diff in <a
href="https://github.com/EmbarkStudios/crash-handling/compare/minidumper-0.8.0...minidumper-0.8.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Closes#3519
The actor name is saved in plain text in our AppData folder.
I did simple manual tests on my dev laptop:
- Restart the app, it reloads the actor name from disk
- Sign out of the app, the file is deleted from the disk
Caveats:
- If you un-install the app while signed in, the actor name will still
be there until something cleans up AppData. I don't think the MSI cleans
it up.
- If the token is present but the actor name is missing, I just treat it
as if the token was missing and make the app be signed-out, since this
will happen on dev systems until this PR has been merged for some time.
- If we try to delete the file and the file is NotFound, I just ignore
it.
The user is already passing us a mutable buffer so we might as well give
them a `MutableIpPacket` to allow them to further mutate it.
Extracted out of #3391.
Currently, we retry STUN bindings at a fixed interval if we don't
receive a response. This results in very noise logs if we attempt to
contact an IPv6 STUN server but don't have an IPv6 interface.
I had an idea that is quite a big deal. Instead of manually discovering
host candidates by iterating interfaces and adding all of them, we
automatically generate host candidates every time we receive traffic on
from a certain interface. Initially, you might think that this is a
catch-22: How do we generate traffic without having host candidates? The
answer is: relays!
When we initiate a new connection using `snownet`, we add a list of STUN
and TURN servers. We will immediately attempt to talk to both of them,
sending STUN bindings to the former and ALLOCATE requests to the latter.
As the replies come in, we know, which interface they have been received
on. That particular interface is an excellent `host` candidate because
we've already proven connectivity to a STUN or TURN server. In fact, for
hole-punching, we will need to send traffic via that same interface to
reach the gateway (otherwise the `srflx` candidate won't work anyway).
There is only one "edge"-case in which this doesn't work: When you want
to make a connection between a client and a gateway on the same subnet
yet without connectivity to a relay. At that point, I'd argue that your
network topology is broken anyway. If you can't talk to a relay, you
probably also cannot talk to the portal, meaning the signaling protocol
also doesn't work.
Closes#3531
I refactored it so that all the log-related files pull their path from
one function, so hopefully they won't skew in the future. The path could
still be wrong though. A smoke test might be able to catch that: #3534
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.152 to 0.2.153.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/libc/releases">libc's
releases</a>.</em></p>
<blockquote>
<h2>0.2.153</h2>
<h2>What's Changed</h2>
<ul>
<li>Add SOMAXCONN to vita on 0.2 (to fix std) by <a
href="https://github.com/pheki"><code>@pheki</code></a> in <a
href="https://redirect.github.com/rust-lang/libc/pull/3552">rust-lang/libc#3552</a></li>
<li>Fix CI for v0.2 by <a
href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a
href="https://redirect.github.com/rust-lang/libc/pull/3557">rust-lang/libc#3557</a></li>
<li>[Backport <a
href="https://redirect.github.com/rust-lang/libc/issues/3548">#3548</a>]
Add ioctl FS_IOC_{G,S}{ETVERSION,ETFLAGS} for LoongArch64 by <a
href="https://github.com/heiher"><code>@heiher</code></a> in <a
href="https://redirect.github.com/rust-lang/libc/pull/3570">rust-lang/libc#3570</a></li>
<li>Add MFD_NOEXEC_SEAL and MFD_EXEC by <a
href="https://github.com/rusty-snake"><code>@rusty-snake</code></a> in
<a
href="https://redirect.github.com/rust-lang/libc/pull/3553">rust-lang/libc#3553</a></li>
<li>Backport of <a
href="https://redirect.github.com/rust-lang/libc/issues/3546">#3546</a>
and update crate version to 0.2.153 by <a
href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a>
in <a
href="https://redirect.github.com/rust-lang/libc/pull/3554">rust-lang/libc#3554</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/rusty-snake"><code>@rusty-snake</code></a>
made their first contribution in <a
href="https://redirect.github.com/rust-lang/libc/pull/3553">rust-lang/libc#3553</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rust-lang/libc/compare/0.2.152...0.2.153">https://github.com/rust-lang/libc/compare/0.2.152...0.2.153</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ccf8a3e520"><code>ccf8a3e</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/libc/issues/3554">#3554</a>
from GuillaumeGomez/update-0.2</li>
<li><a
href="036fe2e41b"><code>036fe2e</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/libc/issues/3553">#3553</a>
from rusty-snake/mfd-exec</li>
<li><a
href="adaec1d02f"><code>adaec1d</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/libc/issues/3570">#3570</a>
from heiher/fs-ioctl</li>
<li><a
href="9a07431396"><code>9a07431</code></a>
Add ioctl FS_IOC_{G,S}{ETVERSION,ETFLAGS} for LoongArch64</li>
<li><a
href="3726d14766"><code>3726d14</code></a>
Update crate version to 0.2.153</li>
<li><a
href="d5d370016f"><code>d5d3700</code></a>
Ignore some android constants not found in tests</li>
<li><a
href="738f9014cc"><code>738f901</code></a>
Add missing constants for Android</li>
<li><a
href="8b68569939"><code>8b68569</code></a>
Add MFD_NOEXEC_SEAL and MFD_EXEC</li>
<li><a
href="b56e4b3490"><code>b56e4b3</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/libc/issues/3557">#3557</a>
from JohnTitor/fix-ci</li>
<li><a
href="941f82557a"><code>941f825</code></a>
Fix CI for v0.2</li>
<li>Additional commits viewable in <a
href="https://github.com/rust-lang/libc/compare/0.2.152...0.2.153">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [time](https://github.com/time-rs/time) from 0.3.31 to 0.3.32.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/time-rs/time/releases">time's
releases</a>.</em></p>
<blockquote>
<h2>v0.3.32</h2>
<p>See the <a
href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">changelog</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">time's
changelog</a>.</em></p>
<blockquote>
<h2>0.3.32 [2024-02-01]</h2>
<h3>Added</h3>
<ul>
<li>Methods to replace the day of the year.
<ul>
<li><code>Date::replace_ordinal</code></li>
<li><code>PrimitiveDateTime::replace_ordinal</code></li>
<li><code>OffsetDateTime::replace_ordinal</code></li>
</ul>
</li>
<li>Modules to treat an <code>OffsetDateTime</code> as a Unix timestamp
with subsecond precision for serde.
<ul>
<li><code>time::serde::timestamp::milliseconds</code></li>
<li><code>time::serde::timestamp::microseconds</code></li>
<li><code>time::serde::timestamp::nanoseconds</code></li>
</ul>
</li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>Duration::time_fn</code> is deprecated.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ff3255fbf0"><code>ff3255f</code></a>
v0.3.32 release</li>
<li><a
href="d3dd5c9542"><code>d3dd5c9</code></a>
Deprecate <code>Duration::time_fn</code></li>
<li><a
href="8a0dc706be"><code>8a0dc70</code></a>
Remove markdown files in favor of org-wide config</li>
<li><a
href="980878b1d1"><code>980878b</code></a>
Build docs using org-wide workflow, change audit</li>
<li><a
href="4baf6b3cdd"><code>4baf6b3</code></a>
Remove documentation of deprecated feature flag</li>
<li><a
href="be932d86ca"><code>be932d8</code></a>
Adds support to serialize and deserialize timestamps with different
resolutio...</li>
<li><a
href="bb397df38e"><code>bb397df</code></a>
Commit Cargo.lock</li>
<li><a
href="26b7c5f6bd"><code>26b7c5f</code></a>
Update alignment for <code>Parsed</code> in miri</li>
<li><a
href="6747ebe5f9"><code>6747ebe</code></a>
Update CI</li>
<li><a
href="589ff6be84"><code>589ff6b</code></a>
Update copyright year</li>
<li>Additional commits viewable in <a
href="https://github.com/time-rs/time/compare/v0.3.31...v0.3.32">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The only semantic changes are:
- Add context to Windows errors
- Refactor some `bail!`'s that could be `context`'s
The rest is updating comments:
- Add `SAFETY: TODO` for unmarked unsafe blocks
- Elaborate on existing SAFETY comments
- Close completed TODOs
- Link in Github issues for open TODOs
- Mark invariants or inter-dependencies between files that aren't
captured by tests or types yet
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
closes#3425
```[tasklist]
- [x] Switch to connlib-shared for BUNDLE_ID and stuff
- [x] Break out small things into other PRs if possible
- [x] Fix merge conflicts
```
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Co-authored-by: Gabi <gabrielalejandro7@gmail.com>
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 18.19.8 to 20.11.15.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Closes#3451
I can't get it to log, because the file logger is destroyed when Tauri
bails. But it shows an error dialog and prints to stderr.
Unfortunately the error dialogs don't have selectable text, but oddly
you _can_ do Ctrl+C on them, to get this:
```
---------------------------
Firezone Error
---------------------------
Firezone cannot start because WebView2 is not installed. Follow the instructions at <https://www.firezone.dev/kb/user-guides/windows-client>.
---------------------------
OK
---------------------------
```
I don't know where these numbers should go in the docs:
- 1 minute 30 seconds to install Firezone from MSI (including WebView2
download) on 80 Mbps wired Internet, with 2 CPU cores and 8 GB of RAM
allocated to the VM
- 2 minutes with 1 CPU core and 2 GB of RAM on the VM
# Gateways
- [x] When Gateway Group is deleted all gateways should be disconnected
- [x] When Gateway Group is updated (eg. routing) broadcast to all
affected gateway to disconnect all the clients
- [x] When Gateway is deleted it should be disconnected
- [x] When Gateway Token is revoked all gateways that use it should be
disconnected
# Relays
- [x] When Relay Group is deleted all relays should be disconnected
- [x] When Relay is deleted it should be disconnected
- [x] When Relay Token is revoked all gateways that use it should be
disconnected
# Clients
- [x] Remove Delete Client button, show clients using the token on the
Actors page (#2669)
- [x] When client is deleted disconnect it
- [ ] ~When Gateway is offline broadcast to the Clients connected to it
it's status~
- [x] Persist `last_used_token_id` in Clients and show it in tokens UI
# Resources
- [x] When Resource is deleted it should be removed from all gateways
and clients
- [x] When Resource connection is removed it should be deleted from
removed gateway groups
- [x] When Resource is updated (eg. traffic filters) all it's
authorizations should removed
# Authentication
- [x] When Token is deleted related sessions are terminated
- [x] When an Actor is deleted or disabled it should be disconnected
from browser and client
- [x] When Identity is deleted it's sessions should be disconnected from
browser and client
- [x] ^ Ensure the same happens for identities during IdP sync
- [x] When IdP is disabled act like all actors for it are disabled?
- [x] When IdP is deleted act like all actors for it are deleted?
# Authorization
- [x] When Policy is created clients that gain access to a resource
should get an update
- [x] When Policy is deleted we need to all authorizations it's made
- [x] When Policy is disabled we need to all authorizations it's made
- [x] When Actor Group adds or removes a user, related policies should
be re-evaluated
- [x] ^ Ensure the same happens for identities during IdP sync
# Settings
- [x] Re-send init message to Client when DNS settings change
# Code
- [x] Crear way to see all available topics and messages, do not use
binary topics any more
---------
Co-authored-by: conectado <gabrielalejandro7@gmail.com>
Currently, we always try to allocate a channel when the user calls
`bind_channel`. This is a problem if we try to re-connect to a peer. The
channel binding will still be active so `bind_channel` needs to be a
no-op.
Resolves: #3475.
Currently, the `bound` flag is not considered when attempting to relay
data. This isn't actively harmful because the relay will drop them but
it causes warnings in the logs. This PR adds a check to make sure we
only try to relay data via channels that are bound. Additionally, we now
handle failed channel bind requests by clearing the local state.
Currently, there is a bug in the relay where the channel state of
different peers overlaps because the data isn't indexed correctly by
both peers and clients.
This PR fixes this, introduces more debug assertions (this bug was
caught by one) and also adds some new-type wrappers to avoid conflating
peers with clients.
Closes#3217. I just now noticed that one was assigned to me
The sorting is naive, just sorts the UTF-8 encoded bytes, so lowercase
resources come after all uppercase resources, and it's probably very
wrong for anything outside Latin-1 and English locale. If the names are
identical, resource ID tie-breaks.
It turns out that we need to do some post-processing of the
`Transmit.source` attribute from `str0m`. In its current state, `str0m`
may also set that to a server-reflexive address which is **not** a local
socket. There is a longer discussion around this here:
https://github.com/algesten/str0m/issues/453.
This depends on an unmerged PR in `str0m`:
https://github.com/algesten/str0m/pull/455.
Previously, we still had a hard-coded rule in the relay that would not
allow us to relay to an IPv6 peer. We can remove that and properly check
this based on the allocated addresses.
Resolves: #3405.
`firezone-connection` was a working title that I never really quite
liked. Here is a proposal to rebrand it to `snownet`. That is a lot more
concise and derived from the fact that we are established a network of
connections using ICE.
Resolve the two TODOs mentioned in the code. As part of #3399, we
correctly are handling different combinations of available sockets and
requested addresses in the relay more gracefully. In particular, we
return whatever addresses we could allocate and only fail if we couldn't
allocate any at all.
The `Allocation` struct will extract whatever allocated addresses are
present in the response. Thus, it is safe for us to **always** request
both, an IPv4 and IPv6 address. A relay that only operates on one of
them will just return that one address.
Resolves: #3406.
