mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
3316d9098abb00550ce0dd646128908e5ecdbf6e
53 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Jamil
|
3316d9098a |
fix(android): Fix auth flow and callback thread safety, and pass fd through FFI (#1930)
* Refactor sharedPreferences to only save the AccountId * Update TeamId -> AccountId to match naming elsewhere * Update JWT -> Token to avoid confusion; this token is **not** a valid JWT and should be treated as an opaque token * Update FFI `connect` to accept an optional file descriptor (int32) as a first argument. This seemed to be the most straightforward way to pass it to the tunnel stack. Retrieving it via callback is another option, but retrieving return vars with the `jni` was more complex. We could have used a similar approach that we did in the Apple client (enumerating all fd's in the `new()` function until we found ours) but this approach is [explicitly documented/recommended](https://developer.android.com/reference/android/net/VpnService.Builder#establish()) by the Android docs so I figured it's not likely to break. Additionally, there was a thread safety bug in the recent JNI callback implementation that consistently crashed the VM with `JNI DETECTED ERROR IN APPLICATION: use of invalid jobject...`. The fix was to use `GlobalRef` which has the explicit purpose of outliving the `JNIEnv` lifetime so that no `static` lifetimes need to be used. --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Pratik Velani <pratikvelani@gmail.com> Co-authored-by: Gabi <gabrielalejandro7@gmail.com> |
||
|
dependabot[bot]
|
bf95d0480b |
build(deps): Bump clap from 4.3.21 to 4.3.23 in /rust (#1931)
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.21 to 4.3.23. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/releases">clap's releases</a>.</em></p> <blockquote> <h2>v4.3.23</h2> <h2>[4.3.23] - 2023-08-18</h2> <h3>Fixes</h3> <ul> <li>Fixed <code>UnknownArgumentValueParser</code> to not error on flag's absence</li> </ul> <h2>v4.3.22</h2> <h2>[4.3.22] - 2023-08-17</h2> <h3>Features</h3> <ul> <li>Add <code>UnknownArgumentValueParser</code> for injecting errors for improving the experience with errors</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's changelog</a>.</em></p> <blockquote> <h2>[4.3.23] - 2023-08-18</h2> <h3>Fixes</h3> <ul> <li>Fixed <code>UnknownArgumentValueParser</code> to not error on flag's absence</li> </ul> <h2>[4.3.22] - 2023-08-17</h2> <h3>Features</h3> <ul> <li>Add <code>UnknownArgumentValueParser</code> for injecting errors for improving the experience with errors</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Gabi
|
8621953fe6 |
connlib: fix how we handle disconnect (#1923)
Basically we were having a panic inside a panic before, when I tried to drop the runtime in `on_disconnect` since you can't drop a runtime within a runtime. This PR spawns a new thread that listen for disconnection and stops the runtime right there. This also fixes the timer for reconnections. Note: That I first stop it and the drop it which is redundant but I rather be safe :) |
||
|
dependabot[bot]
|
08343ef5a1 |
build(deps): Bump async-trait from 0.1.72 to 0.1.73 in /rust (#1932)
Bumps [async-trait](https://github.com/dtolnay/async-trait) from 0.1.72 to 0.1.73. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/async-trait/releases">async-trait's releases</a>.</em></p> <blockquote> <h2>0.1.73</h2> <ul> <li>Prevent generated code from triggering ignored_unit_patterns pedantic clippy lint</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
186dfb95a9 |
build(deps): Bump anyhow from 1.0.72 to 1.0.75 in /rust (#1934)
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.72 to 1.0.75. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/anyhow/releases">anyhow's releases</a>.</em></p> <blockquote> <h2>1.0.75</h2> <ul> <li>Partially work around rust-analyzer bug (<a href="https://redirect.github.com/rust-lang/rust-analyzer/issues/9911">rust-lang/rust-analyzer#9911</a>)</li> </ul> <h2>1.0.74</h2> <ul> <li>Add bootstrap workaround to allow rustc to depend on anyhow (<a href="https://redirect.github.com/dtolnay/anyhow/issues/320">#320</a>, thanks <a href="https://github.com/RalfJung"><code>@RalfJung</code></a>)</li> </ul> <h2>1.0.73</h2> <ul> <li>Update backtrace support to nightly's new Error::provide API (<a href="https://redirect.github.com/rust-lang/rust/pull/113464">rust-lang/rust#113464</a>, <a href="https://redirect.github.com/dtolnay/anyhow/issues/319">#319</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
54dd780a60 |
build(deps): Bump thiserror from 1.0.44 to 1.0.47 in /rust (#1935)
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.44 to 1.0.47. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/thiserror/releases">thiserror's releases</a>.</em></p> <blockquote> <h2>1.0.47</h2> <ul> <li>Work around rust-analyzer bug (<a href="https://redirect.github.com/rust-lang/rust-analyzer/issues/9911">rust-lang/rust-analyzer#9911</a>)</li> </ul> <h2>1.0.46</h2> <ul> <li>Add bootstrap workaround to allow rustc to depend on thiserror (<a href="https://redirect.github.com/dtolnay/thiserror/issues/248">#248</a>, thanks <a href="https://github.com/RalfJung"><code>@RalfJung</code></a>)</li> </ul> <h2>1.0.45</h2> <ul> <li>Update backtrace support to nightly's new Error::provide API (<a href="https://redirect.github.com/rust-lang/rust/pull/113464">rust-lang/rust#113464</a>, <a href="https://redirect.github.com/dtolnay/thiserror/issues/246">#246</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
d71635c651 |
build(deps): Bump rustls-webpki from 0.100.1 to 0.100.2 in /rust (#1941)
Bumps [rustls-webpki](https://github.com/rustls/webpki) from 0.100.1 to 0.100.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rustls/webpki/releases">rustls-webpki's releases</a>.</em></p> <blockquote> <h2>v/0.100.2</h2> <h2>Release notes</h2> <ul> <li>certificate path building and verification is now capped at 100 signature validation operations to avoid the risk of CPU usage denial-of-service attack when validating crafted certificate chains producing quadratic runtime. This risk affected both clients, as well as servers that verified client certificates.</li> </ul> <h2>What's Changed</h2> <ul> <li>v0.100.2 prep by <a href="https://github.com/cpu"><code>@cpu</code></a> in <a href="https://redirect.github.com/rustls/webpki/pull/154">rustls/webpki#154</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rustls/webpki/compare/v/0.100.1...v/0.100.2">https://github.com/rustls/webpki/compare/v/0.100.1...v/0.100.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
54e1a79a50 |
fix(ios): portal connectivity and tunnel setup (#1927)
This PR fixes issues with the iOS client connecting to the portal and setting up the tunnel. - portal IPv6 unique-local prefix typo - Use `rustls-webpki-roots` instead of `rustls-native-roots` for tokio tungstenite since the latter [only supports macOS, Linux, and Windows](https://github.com/rustls/rustls-native-certs) while the former seems to work on all platforms(?) - Remove Multipath TCP entitlement for iOS since it's not relevant for us. @conectado After this is merged, we _almost_ have a working tunnel on iOS. I believe the error we're hitting now is the 4-byte address family header that we need to add and strip from each packet written to / read from the tunnel. See below log for sample output when attempting to connect to the `HTTPbin` resource: ``` dev.firezone.firezone.network-extension packet-tunnel debug 16:10:13.401705-0700 FirezoneNetworkExtensioniOS Adapter state changed to: tunnelReady dev.firezone.firezone.network-extension packet-tunnel debug 16:10:13.401731-0700 FirezoneNetworkExtensioniOS Beginning path monitoring com.apple.network path default 16:10:13.402211-0700 FirezoneNetworkExtensioniOS nw_path_evaluator_start [1ACDE975-615B-4557-BF7C-678F3594452E <NULL> generic, multipath service: 1, attribution: developer] path: satisfied (Path is satisfied), interface: en0[802.11], scoped, ipv4, ipv6, dns com.apple.network path info 16:10:13.402235-0700 FirezoneNetworkExtensioniOS nw_path_evaluator_call_update_handler [1ACDE975-615B-4557-BF7C-678F3594452E] scheduling update com.apple.network path info 16:10:13.402261-0700 FirezoneNetworkExtensioniOS nw_path_evaluator_call_update_handler_block_invoke [1ACDE975-615B-4557-BF7C-678F3594452E] delivering update com.apple.network debug 16:10:13.402286-0700 FirezoneNetworkExtensioniOS nw_path_copy_interface_with_generation Cache miss for interface for index 3 (generation 4574) com.apple.network debug 16:10:13.402312-0700 FirezoneNetworkExtensioniOS nw_path_copy_interface_with_generation Cache miss for interface for index 31 (generation 141) dev.firezone.firezone.network-extension packet-tunnel debug 16:10:13.402363-0700 FirezoneNetworkExtensioniOS Suppressing calls to disableSomeRoamingForBrokenMobileSemantics() and bumpSockets() dev.firezone.firezone connlib debug 16:10:14.368105-0700 FirezoneNetworkExtensioniOS Reading from iface 76 bytes dev.firezone.firezone connlib debug 16:10:15.369018-0700 FirezoneNetworkExtensioniOS Reading from iface 76 bytes dev.firezone.firezone connlib debug 16:10:16.095618-0700 FirezoneNetworkExtensioniOS Reading from iface 76 bytes dev.firezone.firezone connlib debug 16:10:16.370908-0700 FirezoneNetworkExtensioniOS Reading from iface 76 bytes dev.firezone.firezone connlib debug 16:10:17.372035-0700 FirezoneNetworkExtensioniOS Reading from iface 76 bytes dev.firezone.firezone connlib debug 16:10:18.373423-0700 FirezoneNetworkExtensioniOS Reading from iface 76 bytes dev.firezone.firezone connlib debug 16:10:20.402863-0700 FirezoneNetworkExtensioniOS Reading from iface 76 bytes dev.firezone.firezone connlib debug 16:10:24.381581-0700 FirezoneNetworkExtensioniOS Reading from iface 76 bytes dev.firezone.firezone connlib debug 16:10:32.374566-0700 FirezoneNetworkExtensioniOS Reading from iface 76 bytes dev.firezone.firezone connlib debug 16:10:38.137437-0700 FirezoneNetworkExtensioniOS Text("{\"ref\":null,\"topic\":\"phoenix\",\"event\":\"phx_reply\",\"payload\":{\"status\":\"ok\",\"response\":{}}}") dev.firezone.firezone connlib debug 16:10:38.137757-0700 FirezoneNetworkExtensioniOS Phoenix status message dev.firezone.firezone connlib debug 16:10:48.376339-0700 FirezoneNetworkExtensioniOS Reading from iface 76 bytes dev.firezone.firezone connlib debug 16:11:08.148369-0700 FirezoneNetworkExtensioniOS Text("{\"ref\":null,\"topic\":\"phoenix\",\"event\":\"phx_reply\",\"payload\":{\"status\":\"ok\",\"response\":{}}}") dev.firezone.firezone connlib debug 16:11:08.148654-0700 FirezoneNetworkExtensioniOS Phoenix status message ``` |
||
|
Gabi
|
d1537b0839 |
connlib: different backoff strategy for gateway/client (#1910)
With this PR we will keep retrying reconnection forever for the gateway after it disconnects. |
||
|
dependabot[bot]
|
67147aa33a |
build(deps): Bump clap from 4.3.19 to 4.3.21 in /rust (#1907)
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.19 to 4.3.21. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/releases">clap's releases</a>.</em></p> <blockquote> <h2>v4.3.21</h2> <h2>[4.3.21] - 2023-08-08</h2> <h3>Features</h3> <ul> <li>Expose <code>TryMapValueParser</code> so the type can be named</li> </ul> <h2>v4.3.20</h2> <h2>[4.3.20] - 2023-08-08</h2> <h3>Features</h3> <ul> <li>Expose <code>TryMapValueParser</code> so the type can be named</li> <li><code>Command::mut_args</code> for modifying all arguments en masse</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's changelog</a>.</em></p> <blockquote> <h2>[4.3.21] - 2023-08-08</h2> <h3>Features</h3> <ul> <li>Expose <code>TryMapValueParser</code> so the type can be named</li> </ul> <h2>[4.3.20] - 2023-08-08</h2> <h3>Features</h3> <ul> <li><code>Command::mut_args</code> for modifying all arguments en masse</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0d42028d7e |
build(deps): Bump redis from 0.23.0 to 0.23.2 in /rust (#1906)
Bumps [redis](https://github.com/redis-rs/redis-rs) from 0.23.0 to 0.23.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/redis-rs/redis-rs/releases">redis's releases</a>.</em></p> <blockquote> <h2>v0.23.2</h2> <p>0.23.2 (2023-08-10)</p> <h4>Fixes</h4> <ul> <li>Fix sentinel tests flakiness (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/912">#912</a>)</li> <li>Rustls: Remove usage of deprecated method (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/921">#921</a>)</li> <li>Fix compiling with sentinel feature, without aio feature (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/923">#922</a> <a href="https://github.com/brocaar"><code>@brocaar</code></a>)</li> <li>Add timeouts to tests github action (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/911">#911</a>)</li> </ul> <h2>v0.23.1</h2> <h3>0.23.1 (2023-07-28)</h3> <h4>Features</h4> <ul> <li>Add basic Sentinel functionality (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/836">#836</a> <a href="https://github.com/felipou"><code>@felipou</code></a>)</li> <li>Enable keep alive on tcp connections via feature (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/886">#886</a> <a href="https://github.com/DoumanAsh"><code>@DoumanAsh</code></a>)</li> <li>Support fan-out commands in cluster-async (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/843">#843</a> <a href="https://github.com/nihohit"><code>@nihohit</code></a>)</li> <li>connection_manager: retry and backoff on reconnect (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/804">#804</a> <a href="https://github.com/nihohit"><code>@nihohit</code></a>)</li> </ul> <h4>Changes</h4> <ul> <li>Tests: Wait for all servers (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/901">#901</a> <a href="https://github.com/barshaul"><code>@barshaul</code></a>)</li> <li>Pin <code>tempfile</code> dependency (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/902">#902</a>)</li> <li>Update routing data for commands. (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/887">#887</a> <a href="https://github.com/nihohit"><code>@nihohit</code></a>)</li> <li>Add basic benchmark reporting to CI (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/880">#880</a>)</li> <li>Add <code>set_options</code> cmd (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/879">#879</a> <a href="https://github.com/RokasVaitkevicius"><code>@RokasVaitkevicius</code></a>)</li> <li>Move random connection creation to when needed. (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/882">#882</a> <a href="https://github.com/nihohit"><code>@nihohit</code></a>)</li> <li>Clean up existing benchmarks (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/881">#881</a>)</li> <li>Improve async cluster client performance. (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/877">#877</a> <a href="https://github.com/nihohit"><code>@nihohit</code></a>)</li> <li>Allow configuration of cluster retry wait duration (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/859">#859</a> <a href="https://github.com/nihohit"><code>@nihohit</code></a>)</li> <li>Fix async connect when ns resolved to multi ip (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/872">#872</a> <a href="https://github.com/hugefiver"><code>@hugefiver</code></a>)</li> <li>Reduce the number of unnecessary clones. (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/874">#874</a> <a href="https://github.com/nihohit"><code>@nihohit</code></a>)</li> <li>Remove connection checking on every request. (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/873">#873</a> <a href="https://github.com/nihohit"><code>@nihohit</code></a>)</li> <li>cluster_async: Wrap internal state with Arc. (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/864">#864</a> <a href="https://github.com/nihohit"><code>@nihohit</code></a>)</li> <li>Fix redirect routing on request with no route. (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/870">#870</a> <a href="https://github.com/nihohit"><code>@nihohit</code></a>)</li> <li>Amend README for macOS users (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/869">#869</a> <a href="https://github.com/sarisssa"><code>@sarisssa</code></a>)</li> <li>Improved redirection error handling (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/857">#857</a>)</li> <li>Fix minor async client bug. (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/862">#862</a> <a href="https://github.com/nihohit"><code>@nihohit</code></a>)</li> <li>Split aio.rs to separate files. (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/821">#821</a> <a href="https://github.com/nihohit"><code>@nihohit</code></a>)</li> <li>Add time feature to tokio dependency (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/855">#855</a> <a href="https://github.com/robjtede"><code>@robjtede</code></a>)</li> <li>Refactor cluster error handling (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/844">#844</a>)</li> <li>Fix unnecessarily mutable variable (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/849">#849</a> <a href="https://github.com/kamulos"><code>@kamulos</code></a>)</li> <li>Newtype SlotMap (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/845">#845</a>)</li> <li>Bump MSRV to 1.60 (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/846">#846</a>)</li> <li>Improve error logging. (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/838">#838</a> <a href="https://github.com/nihohit"><code>@nihohit</code></a>)</li> <li>Improve documentation, add references to <code>redis-macros</code> (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/769">#769</a> <a href="https://github.com/daniel7grant"><code>@daniel7grant</code></a>)</li> <li>Allow creating Cmd with capacity. (<a href="https://redirect.github.com/redis-rs/redis-rs/pull/817">#817</a> <a href="https://github.com/nihohit"><code>@nihohit</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
ae9a619703 |
build(deps): Bump pnet_packet from 0.33.0 to 0.34.0 in /rust (#1905)
Bumps [pnet_packet](https://github.com/libpnet/libpnet) from 0.33.0 to 0.34.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/libpnet/libpnet/releases">pnet_packet's releases</a>.</em></p> <blockquote> <h2>v0.34.0</h2> <h2>What's Changed</h2> <ul> <li>Add blanket impls of Packet for Box<!-- raw HTML omitted --> and &T. by <a href="https://github.com/landhb"><code>@landhb</code></a> in <a href="https://redirect.github.com/libpnet/libpnet/pull/606">libpnet/libpnet#606</a></li> <li>GitHub actions updates by <a href="https://github.com/mrmonday"><code>@mrmonday</code></a> in <a href="https://redirect.github.com/libpnet/libpnet/pull/608">libpnet/libpnet#608</a></li> <li>Fix typos by <a href="https://github.com/darxriggs"><code>@darxriggs</code></a> in <a href="https://redirect.github.com/libpnet/libpnet/pull/609">libpnet/libpnet#609</a></li> <li>Update pnet_macros to use syn v2 by <a href="https://github.com/james-jra"><code>@james-jra</code></a> in <a href="https://redirect.github.com/libpnet/libpnet/pull/627">libpnet/libpnet#627</a></li> <li>Spell check with <code>typos</code>. Add <code>spell-check</code> CI job by <a href="https://github.com/vvv"><code>@vvv</code></a> in <a href="https://redirect.github.com/libpnet/libpnet/pull/621">libpnet/libpnet#621</a></li> <li>Add LINKTYPE_LINUX_SLL2 support and fix link to SLL by <a href="https://github.com/reticulis"><code>@reticulis</code></a> in <a href="https://redirect.github.com/libpnet/libpnet/pull/619">libpnet/libpnet#619</a></li> <li>TCP header remove NS flag by <a href="https://github.com/rikonaka"><code>@rikonaka</code></a> in <a href="https://redirect.github.com/libpnet/libpnet/pull/625">libpnet/libpnet#625</a></li> <li>Assorted cleanup by <a href="https://github.com/mrmonday"><code>@mrmonday</code></a> in <a href="https://redirect.github.com/libpnet/libpnet/pull/630">libpnet/libpnet#630</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/james-jra"><code>@james-jra</code></a> made their first contribution in <a href="https://redirect.github.com/libpnet/libpnet/pull/627">libpnet/libpnet#627</a></li> <li><a href="https://github.com/vvv"><code>@vvv</code></a> made their first contribution in <a href="https://redirect.github.com/libpnet/libpnet/pull/621">libpnet/libpnet#621</a></li> <li><a href="https://github.com/reticulis"><code>@reticulis</code></a> made their first contribution in <a href="https://redirect.github.com/libpnet/libpnet/pull/619">libpnet/libpnet#619</a></li> <li><a href="https://github.com/rikonaka"><code>@rikonaka</code></a> made their first contribution in <a href="https://redirect.github.com/libpnet/libpnet/pull/625">libpnet/libpnet#625</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/libpnet/libpnet/compare/v0.33.0...v0.34.0">https://github.com/libpnet/libpnet/compare/v0.33.0...v0.34.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
9d13a6001b |
build(deps): Bump android_logger from 0.13.1 to 0.13.3 in /rust (#1904)
Bumps [android_logger](https://github.com/rust-mobile/android_logger-rs) from 0.13.1 to 0.13.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-mobile/android_logger-rs/blob/master/CHANGELOG.md">android_logger's changelog</a>.</em></p> <blockquote> <h1><code>android_logger</code> changelog</h1> <p>All user visible changes to this project will be documented in this file. This project uses [Semantic Versioning 2.0.0].</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/rust-mobile/android_logger-rs/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
66e78c5e72 |
build(deps): Bump log from 0.4.19 to 0.4.20 in /rust (#1903)
Bumps [log](https://github.com/rust-lang/log) from 0.4.19 to 0.4.20. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/log/blob/master/CHANGELOG.md">log's changelog</a>.</em></p> <blockquote> <h2>[0.4.20] - 2023-07-11</h2> <ul> <li>Remove rustversion dev-dependency by <a href="https://github.com/Thomasdezeeuw"><code>@Thomasdezeeuw</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/568">rust-lang/log#568</a></li> <li>Remove <code>local_inner_macros</code> usage by <a href="https://github.com/EFanZh"><code>@EFanZh</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/570">rust-lang/log#570</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
bb9110b1d0 |
build(deps): Bump async-trait from 0.1.71 to 0.1.72 in /rust (#1861)
Bumps [async-trait](https://github.com/dtolnay/async-trait) from 0.1.71 to 0.1.72. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/async-trait/releases">async-trait's releases</a>.</em></p> <blockquote> <h2>0.1.72</h2> <ul> <li>Documentation improvements</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
2d21de7035 |
build(deps): Bump axum from 0.6.18 to 0.6.20 in /rust (#1863)
Bumps [axum](https://github.com/tokio-rs/axum) from 0.6.18 to 0.6.20. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/axum/releases">axum's releases</a>.</em></p> <blockquote> <h2>axum - v0.6.20</h2> <ul> <li><strong>added:</strong> <code>WebSocketUpgrade::write_buffer_size</code> and <code>WebSocketUpgrade::max_write_buffer_size</code></li> <li><strong>changed:</strong> Deprecate <code>WebSocketUpgrade::max_send_queue</code></li> <li><strong>change:</strong> Update tokio-tungstenite to 0.20</li> <li><strong>added:</strong> Implement <code>Handler</code> for <code>T: IntoResponse</code> (<a href="https://redirect.github.com/tokio-rs/axum/issues/2140">#2140</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/axum/issues/2140">#2140</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/2140">tokio-rs/axum#2140</a></p> <h2>axum - v0.6.19</h2> <ul> <li><strong>added:</strong> Add <code>axum::extract::Query::try_from_uri</code> (<a href="https://redirect.github.com/tokio-rs/axum/issues/2058">#2058</a>)</li> <li><strong>added:</strong> Implement <code>IntoResponse</code> for <code>Box<str></code> and <code>Box<[u8]></code> (<a href="https://redirect.github.com/tokio-rs/axum/issues/2035">#2035</a>)</li> <li><strong>fixed:</strong> Fix bugs around merging routers with nested fallbacks (<a href="https://redirect.github.com/tokio-rs/axum/issues/2096">#2096</a>)</li> <li><strong>fixed:</strong> Fix <code>.source()</code> of composite rejections (<a href="https://redirect.github.com/tokio-rs/axum/issues/2030">#2030</a>)</li> <li><strong>fixed:</strong> Allow unreachable code in <code>#[debug_handler]</code> (<a href="https://redirect.github.com/tokio-rs/axum/issues/2014">#2014</a>)</li> <li><strong>change:</strong> Update tokio-tungstenite to 0.19 (<a href="https://redirect.github.com/tokio-rs/axum/issues/2021">#2021</a>)</li> <li><strong>change:</strong> axum's MSRV is now 1.63 (<a href="https://redirect.github.com/tokio-rs/axum/issues/2021">#2021</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/axum/issues/2014">#2014</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/2014">tokio-rs/axum#2014</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/2021">#2021</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/2021">tokio-rs/axum#2021</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/2030">#2030</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/2030">tokio-rs/axum#2030</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/2035">#2035</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/2035">tokio-rs/axum#2035</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/2058">#2058</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/2058">tokio-rs/axum#2058</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/2096">#2096</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/2096">tokio-rs/axum#2096</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
b409f191f9 |
build(deps): Bump serde from 1.0.179 to 1.0.183 in /rust (#1864)
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.179 to 1.0.183. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/serde/releases">serde's releases</a>.</em></p> <blockquote> <h2>v1.0.183</h2> <ul> <li>Support deserializing <code>Box<OsStr></code> with an equivalent representation as <code>OsString</code> (<a href="https://redirect.github.com/serde-rs/serde/issues/2556">#2556</a>, thanks <a href="https://github.com/DBLouis"><code>@DBLouis</code></a>)</li> </ul> <h2>v1.0.182</h2> <ul> <li>Render field aliases in sorted order in error messages (<a href="https://redirect.github.com/serde-rs/serde/issues/2458">#2458</a>, thanks <a href="https://github.com/Mingun"><code>@Mingun</code></a>)</li> <li>Support <code>serde(default)</code> on tuple structs (<a href="https://redirect.github.com/serde-rs/serde/issues/2553">#2553</a>, thanks <a href="https://github.com/Mingun"><code>@Mingun</code></a>)</li> </ul> <h2>v1.0.181</h2> <ul> <li>Make <code>serde(alias)</code> work in combination with <code>flatten</code> when using in-place deserialization (<a href="https://redirect.github.com/serde-rs/serde/issues/2443">#2443</a>, thanks <a href="https://github.com/Mingun"><code>@Mingun</code></a>)</li> <li>Improve the representation of adjacently tagged enums in formats where enum tags are serialized by index, as opposed to by string name (<a href="https://redirect.github.com/serde-rs/serde/issues/2505">#2505</a>, <a href="https://redirect.github.com/serde-rs/serde/issues/2496">#2496</a>, thanks <a href="https://github.com/Baptistemontan"><code>@Baptistemontan</code></a>)</li> </ul> <h2>v1.0.180</h2> <ul> <li>Update to 2018 edition</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Francesca Lovebloom
|
bc3a5d9e54 |
connlib: JNI bridge (#1848)
The biggest internal change is that all the methods on `Callbacks` (on the Rust side!) return a `Result` now, so errors from the bridge or even the client callbacks will be handled. @roop there's nothing for you to review here, but note: - the `bool` return values you've asked about in the past are gone now - the route string for `onAddRoute`/`onRemoveRoute` no longer has the extra quotes (it's no longer JSON) --------- Signed-off-by: Francesca Lovebloom <franlovebloom@gmail.com> Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Francesca Lovebloom
|
30232b5b76 |
connlib: Log to Console.app on Apple (#1844)
Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Gabi
|
b563c7ad5a |
connlib: fix ipv6 (#1855)
Fixes some of the ipv6 handling. Making this PR I also realized we need to update checksums on UDP and TCP too, since we're mangling packets. |
||
|
Thomas Eizinger
|
632dfdd888 |
feat(relay): support IPv6 allocations (#1814)
This patch series adds support for IPv6 allocations. If not specified otherwise in the ALLOCATE request, clients will get an IP4 allocation. They can also request an IPv6 address or an additional IPv6 address in addition to their IPv4 address. Either of those is only possible if the relay actually has a listening socket for the requested address family. The CLI is designed such that the user can either specify IP4, IP6 or both of them. The `Server` component handles all of this logic and responds with either a successful allocation response or an Address Family Not Supported error (see https://www.rfc-editor.org/rfc/rfc8656#name-stun-error-response-codes). Multiple refactorings were necessary to achieve this design, they are all extracted into separate PRs: Depends-On: #1831. Depends-On: #1832. Depends-On: #1833. --------- Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
dependabot[bot]
|
5f96858d76 |
build(deps): bump clap from 4.3.10 to 4.3.19 in /rust (#1838)
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.10 to 4.3.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/releases">clap's releases</a>.</em></p> <blockquote> <h2>v4.3.19</h2> <h2>[4.3.19] - 2023-07-21</h2> <h3>Fixes</h3> <ul> <li><em>(parse)</em> Respect <code>value_terminator</code> even in the presence of later multiple-value positional arguments</li> </ul> <h2>v4.3.18</h2> <h2>[4.3.18] - 2023-07-21</h2> <h3>Fixes</h3> <ul> <li><em>(parse)</em> Suggest <code>--</code> in fewer places where it won't work</li> </ul> <h2>v4.3.17</h2> <h2>[4.3.17] - 2023-07-19</h2> <h3>Fixes</h3> <ul> <li><em>(help)</em> Address a regression in wrapping <code>PossibleValue</code> descriptions in <code>--help</code></li> </ul> <h2>v4.3.16</h2> <h2>[4.3.16] - 2023-07-18</h2> <h3>Fixes</h3> <ul> <li>Don't assert when stateful value parsers fail on defaults (e.g. checking if a path exists)</li> </ul> <h2>v4.3.15</h2> <h2>[4.3.15] - 2023-07-18</h2> <h3>Features</h3> <ul> <li><em>(unstable-styles)</em> Re-export <code>anstyle</code></li> </ul> <h3>Documentation</h3> <ul> <li><em>(unstable-styles)</em> Provide more examples</li> </ul> <h2>v4.3.14</h2> <h2>[4.3.14] - 2023-07-17</h2> <h3>Features</h3> <ul> <li><code>ArgAction::HelpShort</code> and <code>ArgAction::HelpLong</code> for explicitly specifying which style of help to display</li> </ul> <h3>Fixes</h3> <ul> <li>Skip <code>[OPTIONS]</code> in usage if a help or version <code>ArgAction</code> is used</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's changelog</a>.</em></p> <blockquote> <h2>[4.3.19] - 2023-07-21</h2> <h3>Fixes</h3> <ul> <li><em>(parse)</em> Respect <code>value_terminator</code> even in the presence of later multiple-value positional arguments</li> </ul> <h2>[4.3.18] - 2023-07-21</h2> <h3>Fixes</h3> <ul> <li><em>(parse)</em> Suggest <code>--</code> in fewer places where it won't work</li> </ul> <h2>[4.3.17] - 2023-07-19</h2> <h3>Fixes</h3> <ul> <li><em>(help)</em> Address a regression in wrapping <code>PossibleValue</code> descriptions in <code>--help</code></li> </ul> <h2>[4.3.16] - 2023-07-18</h2> <h3>Fixes</h3> <ul> <li>Don't assert when stateful value parsers fail on defaults (e.g. checking if a path exists)</li> </ul> <h2>[4.3.15] - 2023-07-18</h2> <h3>Features</h3> <ul> <li><em>(unstable-styles)</em> Re-export <code>anstyle</code></li> </ul> <h3>Documentation</h3> <ul> <li><em>(unstable-styles)</em> Provide more examples</li> </ul> <h2>[4.3.14] - 2023-07-17</h2> <h3>Features</h3> <ul> <li><code>ArgAction::HelpShort</code> and <code>ArgAction::HelpLong</code> for explicitly specifying which style of help to display</li> </ul> <h3>Fixes</h3> <ul> <li>Skip <code>[OPTIONS]</code> in usage if a help or version <code>ArgAction</code> is used</li> </ul> <h2>[4.3.13] - 2023-07-17</h2> <h2>[4.3.12] - 2023-07-14</h2> <h3>Fixes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
eec1018f5a |
build(deps): bump serde from 1.0.171 to 1.0.179 in /rust (#1839)
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.171 to 1.0.179. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/serde/releases">serde's releases</a>.</em></p> <blockquote> <h2>v1.0.179</h2> <ul> <li>Support serialization of tuple variants inside a flattened field (<a href="https://redirect.github.com/serde-rs/serde/issues/2448">#2448</a>, thanks <a href="https://github.com/Mingun"><code>@Mingun</code></a>)</li> </ul> <h2>v1.0.178</h2> <ul> <li>Fix build error when using serde with "std" feature turned off and "unstable" feature turned on (<a href="https://redirect.github.com/serde-rs/serde/issues/2541">#2541</a>)</li> </ul> <h2>v1.0.177</h2> <ul> <li>Add <code>serde(rename_all_fields = "...")</code> attribute to apply a <code>rename_all</code> on every struct variant of an enum (<a href="https://redirect.github.com/serde-rs/serde/issues/1695">#1695</a>, thanks <a href="https://github.com/jplatte"><code>@jplatte</code></a>)</li> <li>Improve diagnostics for attribute parse errors (<a href="https://redirect.github.com/serde-rs/serde/issues/2536">#2536</a>, thanks <a href="https://github.com/jplatte"><code>@jplatte</code></a>)</li> </ul> <h2>v1.0.176</h2> <ul> <li>Allow tag field of an internally tagged enum to have same name as a field inside a skipped struct variant (<a href="https://redirect.github.com/serde-rs/serde/issues/2266">#2266</a>, thanks <a href="https://github.com/flisky"><code>@flisky</code></a>)</li> </ul> <h2>v1.0.175</h2> <ul> <li>Restore missing LICENSE files in serde_derive crate (<a href="https://redirect.github.com/serde-rs/serde/issues/2527">#2527</a>, thanks <a href="https://github.com/ankane"><code>@ankane</code></a>)</li> </ul> <h2>v1.0.174</h2> <ul> <li>Documentation improvements</li> </ul> <h2>v1.0.173</h2> <ul> <li>Fix missing trait implementations when using serde derive macro on a macro-generated data structure, such as via the <code>bitflags</code> crate (<a href="https://redirect.github.com/serde-rs/serde/issues/2516">#2516</a>)</li> </ul> <h2>v1.0.172</h2> <ul> <li>Experiment with precompiling the serde_derive macros to reduce build time (<a href="https://redirect.github.com/serde-rs/serde/issues/2514">#2514</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
1f05c4d5c1 |
build(deps): bump serde_json from 1.0.99 to 1.0.104 in /rust (#1840)
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.99 to 1.0.104. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/json/releases">serde_json's releases</a>.</em></p> <blockquote> <h2>v1.0.104</h2> <ul> <li>Provide IntoDeserializer impl for &serde_json::Value (<a href="https://redirect.github.com/serde-rs/json/issues/1045">#1045</a>, thanks <a href="https://github.com/ZetaNumbers"><code>@ZetaNumbers</code></a>)</li> </ul> <h2>v1.0.103</h2> <ul> <li>Documentation improvements</li> </ul> <h2>v1.0.102</h2> <ul> <li>Add a way to customize the serialization of byte arrays (<a href="https://redirect.github.com/serde-rs/json/issues/1039">#1039</a>)</li> </ul> <h2>v1.0.101</h2> <ul> <li>Allow f32 and f64 as keys in maps (<a href="https://redirect.github.com/serde-rs/json/issues/1027">#1027</a>, thanks <a href="https://github.com/overdrivenpotato"><code>@overdrivenpotato</code></a>)</li> </ul> <h2>v1.0.100</h2> <ul> <li>Support <code>-Z minimal-versions</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
9866c1beed |
build(deps): bump test-strategy from 0.3.0 to 0.3.1 in /rust (#1837)
Bumps [test-strategy](https://github.com/frozenlib/test-strategy) from 0.3.0 to 0.3.1. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
55da391845 |
build(deps): bump anyhow from 1.0.71 to 1.0.72 in /rust (#1836)
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.71 to 1.0.72. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/anyhow/releases">anyhow's releases</a>.</em></p> <blockquote> <h2>1.0.72</h2> <ul> <li>Documentation improvements</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
686ccf3107 |
feat(relay): add some basic prometheus metrics (#1742)
The metrics are available at `http://{listen_addr}:8080/metrics`. Currently, we collect the following: - Number of active allocations: We can have an alert once the number of allocations passes through a certain threshold. - Outcome (success / error) and message kind (allocation / channel_bind / ...) of all responses: Summing all of these up would give you the total number of requests handled. We might want to have a grafana alert for an increased number of error responses. - Total number of bytes relayed: Dividing this by time gives us an average "internal" bandwidth. This is just a start, we can explore what else is useful as we have it operate. Depends-On: https://github.com/firezone/firezone/pull/1743 |
||
|
Francesca Lovebloom
|
9fb842ed24 |
connlib: Fix resource list JSON (#1818)
Addresses one of the issues raised in firezone/product#634 Previously, we were joining a `Vec` of serialized JSON objects into a comma-separated string, which isn't valid JSON. Now the entire thing is simply serialized, `Vec` and all. Additionally, I've moved serialization to happen just before the FFI boundary, which removes some indirection from connlib and will avoid a deserialization step when writing non-FFI clients. |
||
|
dependabot[bot]
|
5b387df2fa |
build(deps): bump uuid from 1.4.0 to 1.4.1 in /rust (#1816)
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.4.0 to 1.4.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/uuid-rs/uuid/releases">uuid's releases</a>.</em></p> <blockquote> <h2>1.4.1</h2> <h2>What's Changed</h2> <ul> <li>Fix macro hygiene by <a href="https://github.com/teohhanhui"><code>@teohhanhui</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/694">uuid-rs/uuid#694</a></li> <li>Add #[inline] for Uuid::from_bytes[_ref] and Uuid::{as,into}_bytes by <a href="https://github.com/jrose-signal"><code>@jrose-signal</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/693">uuid-rs/uuid#693</a></li> <li>Print uuids in examples by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/697">uuid-rs/uuid#697</a></li> <li>Prepare for 1.4.1 release by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/698">uuid-rs/uuid#698</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/teohhanhui"><code>@teohhanhui</code></a> made their first contribution in <a href="https://redirect.github.com/uuid-rs/uuid/pull/694">uuid-rs/uuid#694</a></li> <li><a href="https://github.com/jrose-signal"><code>@jrose-signal</code></a> made their first contribution in <a href="https://redirect.github.com/uuid-rs/uuid/pull/693">uuid-rs/uuid#693</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/uuid-rs/uuid/compare/1.4.0...1.4.1">https://github.com/uuid-rs/uuid/compare/1.4.0...1.4.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Gabi
|
7ad2fb623a | connlib: add client dns interception support (#1807) | ||
|
dependabot[bot]
|
f01ffaf17b |
Bump tokio-tungstenite from 0.18.0 to 0.19.0 in /rust (#1787)
Bumps [tokio-tungstenite](https://github.com/snapview/tokio-tungstenite) from 0.18.0 to 0.19.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/snapview/tokio-tungstenite/blob/master/CHANGELOG.md">tokio-tungstenite's changelog</a>.</em></p> <blockquote> <h1>0.19.0</h1> <ul> <li>Allow users to enable/disable Nagle algorithm when using <code>connect()</code> helpers.</li> <li>Improve the behavior of the <code>Sink</code> for the <code>WebSocketStream</code>, so it does not return an error when it’s not necessary (when <code>poll_flush()</code> is called on a connection that has just been closed).</li> <li>Workaround an issue where <code>rustls</code> TLS backend expected domain in a certain format and reject IPv6 addresses if they contained square brackets in them.</li> <li>Update dependencies and remove unused errors.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
46aa962773 |
Bump itertools from 0.10.5 to 0.11.0 in /rust (#1786)
Bumps [itertools](https://github.com/rust-itertools/itertools) from 0.10.5 to 0.11.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-itertools/itertools/blob/master/CHANGELOG.md">itertools's changelog</a>.</em></p> <blockquote> <h2>0.11.0</h2> <h3>Breaking</h3> <ul> <li>Make <code>Itertools::merge_join_by</code> also accept functions returning bool (<a href="https://redirect.github.com/rust-itertools/itertools/issues/704">#704</a>)</li> <li>Implement <code>PeekingNext</code> transitively over mutable references (<a href="https://redirect.github.com/rust-itertools/itertools/issues/643">#643</a>)</li> <li>Change <code>with_position</code> to yield <code>(Position, Item)</code> instead of <code>Position<Item></code> (<a href="https://redirect.github.com/rust-itertools/itertools/issues/699">#699</a>)</li> </ul> <h3>Added</h3> <ul> <li>Add <code>Itertools::take_while_inclusive</code> (<a href="https://redirect.github.com/rust-itertools/itertools/issues/616">#616</a>)</li> <li>Implement <code>PeekingNext</code> for <code>PeekingTakeWhile</code> (<a href="https://redirect.github.com/rust-itertools/itertools/issues/644">#644</a>)</li> <li>Add <code>EitherOrBoth::{just_left, just_right, into_left, into_right, as_deref, as_deref_mut, left_or_insert, right_or_insert, left_or_insert_with, right_or_insert_with, insert_left, insert_right, insert_both}</code> (<a href="https://redirect.github.com/rust-itertools/itertools/issues/629">#629</a>)</li> <li>Implement <code>Clone</code> for <code>CircularTupleWindows</code> (<a href="https://redirect.github.com/rust-itertools/itertools/issues/686">#686</a>)</li> <li>Implement <code>Clone</code> for <code>Chunks</code> (<a href="https://redirect.github.com/rust-itertools/itertools/issues/683">#683</a>)</li> <li>Add <code>Itertools::process_results</code> (<a href="https://redirect.github.com/rust-itertools/itertools/issues/680">#680</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Use <code>Cell</code> instead of <code>RefCell</code> in <code>Format</code> and <code>FormatWith</code> (<a href="https://redirect.github.com/rust-itertools/itertools/issues/608">#608</a>)</li> <li>CI tweaks (<a href="https://redirect.github.com/rust-itertools/itertools/issues/674">#674</a>, <a href="https://redirect.github.com/rust-itertools/itertools/issues/675">#675</a>)</li> <li>Document and test the difference between stable and unstable sorts (<a href="https://redirect.github.com/rust-itertools/itertools/issues/653">#653</a>)</li> <li>Fix documentation error on <code>Itertools::max_set_by_key</code> (<a href="https://redirect.github.com/rust-itertools/itertools/issues/692">#692</a>)</li> <li>Move MSRV metadata to <code>Cargo.toml</code> (<a href="https://redirect.github.com/rust-itertools/itertools/issues/672">#672</a>)</li> <li>Implement <code>equal</code> with <code>Iterator::eq</code> (<a href="https://redirect.github.com/rust-itertools/itertools/issues/591">#591</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
44dd682569 |
Bump async-trait from 0.1.69 to 0.1.71 in /rust (#1783)
Bumps [async-trait](https://github.com/dtolnay/async-trait) from 0.1.69 to 0.1.71. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/async-trait/releases">async-trait's releases</a>.</em></p> <blockquote> <h2>0.1.71</h2> <ul> <li>Documentation improvements</li> </ul> <h2>0.1.70</h2> <p>No release notes provided.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
7a19cc4779 |
Bump serde from 1.0.165 to 1.0.171 in /rust (#1785)
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.165 to 1.0.171. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/serde/releases">serde's releases</a>.</em></p> <blockquote> <h2>v1.0.171</h2> <ul> <li>Support <code>derive(Deserialize)</code> on unit structs that have const generics (<a href="https://redirect.github.com/serde-rs/serde/issues/2500">#2500</a>, thanks <a href="https://github.com/Baptistemontan"><code>@Baptistemontan</code></a>)</li> </ul> <h2>v1.0.170</h2> <ul> <li>Produce error message on suffixed string literals inside serde attributes (<a href="https://redirect.github.com/serde-rs/serde/issues/2242">#2242</a>)</li> <li>Support single identifier as unbraced default value for const generic parameter (<a href="https://redirect.github.com/serde-rs/serde/issues/2449">#2449</a>)</li> </ul> <h2>v1.0.169</h2> <ul> <li>Add Deserializer::deserialize_identifier support for adjacently tagged enums (<a href="https://redirect.github.com/serde-rs/serde/issues/2475">#2475</a>, thanks <a href="https://github.com/Baptistemontan"><code>@Baptistemontan</code></a>)</li> <li>Fix unused_braces lint in generated Deserialize impl that uses braced const generic expressions (<a href="https://redirect.github.com/serde-rs/serde/issues/2414">#2414</a>)</li> </ul> <h2>v1.0.168</h2> <ul> <li>Allow <code>serde::de::IgnoredAny</code> to be the type for a <code>serde(flatten)</code> field (<a href="https://redirect.github.com/serde-rs/serde/issues/2436">#2436</a>, thanks <a href="https://github.com/Mingun"><code>@Mingun</code></a>)</li> <li>Allow larger preallocated capacity for smaller elements (<a href="https://redirect.github.com/serde-rs/serde/issues/2494">#2494</a>)</li> </ul> <h2>v1.0.167</h2> <ul> <li>Add serialize and deserialize impls for <code>RangeFrom</code> and <code>RangeTo</code> (<a href="https://redirect.github.com/serde-rs/serde/issues/2471">#2471</a>, thanks <a href="https://github.com/tbu"><code>@tbu</code></a>-)</li> </ul> <h2>v1.0.166</h2> <ul> <li>Add <code>no-alloc</code> category to crates.io metadata</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Francesca Lovebloom
|
e5e18e78a3 |
connlib: Disconnect on fatal error (#1801)
Resolves firezone/product#619 This additionally removes `ErrorType`: - `on_error` is now exclusively used for recoverable errors, and no longer has an `error_type` parameter. - `on_disconnect` now has an optional `error` parameter, which specifies the fatal error that caused the disconnect if relevant. |
||
|
Francesca Lovebloom
|
58c2ce5e80 |
connlib: Hook up callbacks (#1744)
Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Francesca Lovebloom
|
a71309a02a |
connlib: Use latest swift-bridge release (#1753)
A new version of `swift-bridge` released today, so we don't need it to be a git dependency anymore. |
||
|
Gabi
|
45c921b69e |
Feat/expire peers (#1739)
This PR takes care of expiring connections with peer from the gateway side. --------- Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Thomas Eizinger
|
f5c1b5a78e |
feat(relay): use structured logging (#1741)
With this patch, the relay exposes a `--json` and `JSON_LOG` env variable that will activate logs in JSON format the way it is expected by google cloud: https://cloud.google.com/logging/docs/structured-logging In addition, we make use of spans to record contextual information as first-class variables that are available in the context of every message. An example output here is: ``` {"time":"2023-07-06T19:54:42.643694430Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/main.rs","line":"156"},"severity":"INFO","message":"Seeding RNG from '0'"} {"time":"2023-07-06T19:54:42.644408014Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/main.rs","line":"130"},"severity":"INFO","message":"Listening for incoming traffic on UDP port 3478"} {"time":"2023-07-06T19:54:42.843247996Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/server.rs","line":"417"},"span":{"lifetime":"600","name":"allocate"},"spans":[{"sender":"127.0.0.1:46406","transaction_id":"0531a911a24d1e5297b94cb2","name":"client"},{"lifetime":"600","name":"allocate"}],"severity":"INFO","ip4RelayAddress":"127.0.0.1:65460","message":"Created new allocation"} {"time":"2023-07-06T19:54:42.851623041Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/server.rs","line":"569"},"span":{"allocation":"AID-1","peer_address":"127.0.0.1:42314","requested_channel":"16384","name":"channel_bind"},"spans":[{"sender":"127.0.0.1:46406","transaction_id":"e99e07e482789cdc30bd2b50","name":"client"},{"allocation":"AID-1","peer_address":"127.0.0.1:42314","requested_channel":"16384","name":"channel_bind"}],"severity":"INFO","message":"Successfully bound channel"} {"time":"2023-07-06T19:54:42.852889208Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/server.rs","line":"288"},"span":{"allocation_id":"AID-1","channel":16384,"recipient":"127.0.0.1:46406","sender":"127.0.0.1:42314","name":"peer"},"spans":[{"allocation_id":"AID-1","channel":16384,"recipient":"127.0.0.1:46406","sender":"127.0.0.1:42314","name":"peer"}],"severity":"DEBUG","message":"Relaying 32 bytes"} {"time":"2023-07-06T19:54:42.854625857Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/server.rs","line":"619"},"span":{"channel":"16384","recipient":"127.0.0.1:42314","name":"channel_data"},"spans":[{"sender":"127.0.0.1:46406","name":"client"},{"channel":"16384","recipient":"127.0.0.1:42314","name":"channel_data"}],"severity":"DEBUG","message":"Relaying 32 bytes"} ``` For some reason, the current `span` is always duplicated but I don't think that is a big issue. When run using the regular log formatter, it looks like this: ``` 2023-07-06T20:02:33.939273Z INFO relay: Seeding RNG from '0' 2023-07-06T20:02:33.940153Z INFO relay: Listening for incoming traffic on UDP port 3478 2023-07-06T20:02:34.135801Z INFO client{sender=127.0.0.1:33919 transaction_id="7092a2363377709cd18b9d98"}:allocate{lifetime=600}: relay: Created new allocation ip4_relay_address=127.0.0.1:65460 2023-07-06T20:02:34.144833Z INFO client{sender=127.0.0.1:33919 transaction_id="4e1a18e58953242c92a075a3"}:channel_bind{requested_channel=16384 peer_address=127.0.0.1:47859 allocation="AID-1"}: relay: Successfully bound channel 2023-07-06T20:02:34.145501Z DEBUG peer{sender=127.0.0.1:47859 allocation_id=AID-1 recipient=127.0.0.1:33919 channel=16384}: relay: Relaying 32 bytes 2023-07-06T20:02:34.146863Z DEBUG client{sender=127.0.0.1:33919}:channel_data{channel=16384 recipient=127.0.0.1:47859}: relay: Relaying 32 bytes ``` This provides lots of contextual information in a DRY and easily parse-able way. --------- Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Gabi
|
8967b53170 |
Feat/connlib full flow (#1722)
With this PR the full control-plane message flow is working. Meaning that if you do: ``` docker compose up -d docker compose exec -it client "ping 172.20.0.2" # will fix this IP later ``` Messages start flowing to gateway. The gateway still not correctly forwards the messages to the resource since masquerading is still not working, although I suspect there might be an additional problem. Will fix this in my next PR along with a README on how to test this whole flow. This PR also fixes how we sent the stamp secret to the gateway from the relay, but I still see some warnings in the webrtc that I'm sure that are due to a mismatch between how webrtc-rs and the relay handle messages (The most important being `bind() failed: unexpected response type`), I will take a look at that and a way to test that the flow works when: 1. hole-punching is available 2. through relay when it's not Since the flow right now works without hole-punching or relay since the gateway is in the same network in the docker compose. |
||
|
Gabi
|
720b2f8cd9 |
Fix/docker compose up (#1705)
This PR fixes `docker compose up` but it doesn't have the test client -> resource flow working but it prevent anything from erroring at startup. This fixes: * tokens (use the correct token for the client user agent we are using) * randomize `name_suffix` at start up for connlib (we will eventually allow options to set it manually) * remove port ranges for relay (see firezone/product#613) |
||
|
Francesca Lovebloom
|
a4810986c7 |
connlib: Improve FFI bridges for Apple and Android (#1691)
This makes it possible to build the Apple/Android FFI bridges and integrate them with their respective client apps. --------- Signed-off-by: Francesca Lovebloom <franlovebloom@gmail.com> Co-authored-by: Roopesh Chander <roop@roopc.net> |
||
|
Gabi
|
e9be4b9ef5 |
connlib: moves it to the main firezone library
This brindgs connlib from its own separated repo to firezone's monorepo.
On top of bringing connlib we also add and unify the Dockerfile for all
rust binaries and add a docker-compose that can run a headless client, a
relay and a gateway which eventually will test the whole flow between a
client and a resource. For this to work we also incorporated some elixir
scripts to generate portal tokens for those components.
|
||
|
Thomas Eizinger
|
247633ed33 |
feat(relay): connect to portal on startup (#1643)
With this PR, the relay can be configured with a WebSocket URL on startup. If given, it will attempt to connect to it and join the `relay` room with its `stamp_secret`. Once the `init` message is received, regular relay operation will begin. |
||
|
Thomas Eizinger
|
6491ad13c9 |
feat(relay): provide a commandline interface using clap (#1658)
This saves us several lines of code and allows usage of the relay via commandline arguments in addition to env variables. Note that because of `#[arg(env)]`, all of these can still be configured via environment variables too. |
||
|
Thomas Eizinger
|
5090d207c2 |
feat(relay): implement nonces for authentication (#1654)
To complete the authentication scheme for the relay, we need to prompt the client with a nonce when they send an unauthenticated request. The semantic meaning of a nonce is opaque to the client. As a starting point, we implement a count-based scheme. Each nonce is valid for 10 requests. After that, a request will be rejected with a 401 and the client has to authenticate with a new nonce. This scheme provides a basic form of replay-protection. |
||
|
Thomas Eizinger
|
16156a6448 | relay: implement authentication (#1641) | ||
|
Thomas Eizinger
|
d27856a8f1 |
refactor(relay): introduce type-safe Server APIs (#1630)
We introduce dedicated types for each message that the `Server` can handle. This allows us to make the functions public because the type-system now guarantees that those are either parsed from bytes or constructed with the correct data. The latter will be useful to write tests against a richer API. |
||
|
Thomas Eizinger
|
f5fdd56812 |
relay: create channel bindings and relay data (#1618)
Here is a short demo: [Relay](https://github.com/firezone/firezone/assets/5486389/c0199294-70ca-47b4-90ae-2c96428bdb56) You can run this locally using the `./run_smoke_test.sh` shell-script. It is not reliable enough yet to be used in CI but I used one if its outputs to make a regression test. --------- Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Thomas Eizinger
|
675cb2dd54 | relay: refresh allocations (#1610) |