mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
46afa52f78b615b3dc59ab13ca01a440a6fa6653
8004 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Thomas Eizinger
|
46afa52f78 |
feat(telemetry): pre-resolve Sentry ingest host (#10206)
Our Sentry client needs to resolve DNS before being able to send logs or errors to the backend. Currently, this DNS resolution happens on-demand as we don't take any control of the underlying HTTP client. In addition, this will use HTTP/1.1 by default which isn't as efficient as it could be, especially with concurrent requests. Finally, if we decide to ever proxy all Sentry for traffic through our own domain, we have to take control of the underlying client anyway. To resolve all of the above, we create a custom `TransportFactory` where we reuse the existing `ReqwestHttpTransport` but provide an already configured `reqwest::Client` that always uses HTTP/2 with a pre-configured set of DNS records for the given ingest host. |
||
|
Thomas Eizinger
|
b4cbc4f33b |
fix(connlib): exit phoenix-channel event-loop on error (#10229)
We cannot poll the `PhoenixChannel` after it has returned an error, otherwise it will panic. Therefore, we exit the event-loop then. The outer event-loop also exits as soon as it receives an error from this channel so this is fine. `PhoenixChannel` only returns an error when it has irrecoverably disconnected, e.g. after the retries have been exhausted or we hit a 4xx error on the WebSocket connection. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Thomas Eizinger
|
4e11112d9b |
feat(connlib): improve throughput on higher latencies (#10231)
Turns out the multi-threaded access of the TUN device on the Gateway causes packet reordering which makes the TCP congestion controller throttle the connection. Additionally, the default TX queue length of a TUN device on Linux is only 500 packets. With just a single thread and an increased TX queue length, we get a throughput performance of just over 1 GBit/s for a 20ms link between Client and Gateway with basically no packet drops: ``` Connecting to host 172.20.0.110, port 5201 [ 5] local 100.79.130.70 port 49546 connected to 172.20.0.110 port 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 116 MBytes 977 Mbits/sec 0 6.40 MBytes [ 5] 1.00-2.00 sec 137 MBytes 1.15 Gbits/sec 0 6.40 MBytes [ 5] 2.00-3.00 sec 134 MBytes 1.13 Gbits/sec 0 6.40 MBytes [ 5] 3.00-4.00 sec 136 MBytes 1.14 Gbits/sec 47 6.40 MBytes [ 5] 4.00-5.00 sec 137 MBytes 1.15 Gbits/sec 0 6.40 MBytes [ 5] 5.00-6.00 sec 138 MBytes 1.16 Gbits/sec 0 6.40 MBytes [ 5] 6.00-7.00 sec 138 MBytes 1.15 Gbits/sec 0 6.40 MBytes [ 5] 7.00-8.00 sec 138 MBytes 1.15 Gbits/sec 0 6.40 MBytes [ 5] 8.00-9.00 sec 138 MBytes 1.16 Gbits/sec 0 6.40 MBytes [ 5] 9.00-10.00 sec 138 MBytes 1.15 Gbits/sec 0 6.40 MBytes [ 5] 10.00-11.00 sec 139 MBytes 1.17 Gbits/sec 0 6.40 MBytes [ 5] 11.00-12.00 sec 139 MBytes 1.17 Gbits/sec 0 6.40 MBytes [ 5] 12.00-13.00 sec 136 MBytes 1.14 Gbits/sec 0 6.40 MBytes [ 5] 13.00-14.00 sec 139 MBytes 1.17 Gbits/sec 0 6.40 MBytes [ 5] 14.00-15.00 sec 140 MBytes 1.17 Gbits/sec 0 6.40 MBytes [ 5] 15.00-16.00 sec 138 MBytes 1.16 Gbits/sec 0 6.40 MBytes [ 5] 16.00-17.00 sec 137 MBytes 1.15 Gbits/sec 0 6.40 MBytes [ 5] 17.00-18.00 sec 139 MBytes 1.17 Gbits/sec 0 6.40 MBytes [ 5] 18.00-19.00 sec 138 MBytes 1.16 Gbits/sec 0 6.40 MBytes [ 5] 19.00-20.00 sec 136 MBytes 1.14 Gbits/sec 0 6.40 MBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-20.00 sec 2.67 GBytes 1.15 Gbits/sec 47 sender [ 5] 0.00-20.02 sec 2.67 GBytes 1.15 Gbits/sec receiver iperf Done. ``` For further debugging in the future, we are now recording the send and receive queue depths of both the TUN device and the UDP sockets. Neither of those showed to be full in my testing which leads me to conclude that it isn't any buffer inside Firezone that is too small here. Related: #7452 --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Brian Manifold
|
551ceafb13 |
fix(portal): REST api updates (#10191)
* Minor updates to the REST API to more gracefully handle incorrect input data from requests. * Minor updates to the OpenAPI spec. |
||
|
Jamil
|
9696d00cc3 |
fix(apple): flush dns cache on resource updates (#10224)
In the following sequence of events, a user will be unable to connect to the DNS resource for a few seconds because macOS is caching the queries, preventing connlib from seeing them. 1. User signs in 2. User has _no_ access to DNS Resource A 3. User queries for DNS Resource A - NXDOMAIN -> macOS caches this 4. Admin grants access to DNS Resource A 5. User tries query again -> connlib never sees the query -> cache hit -> NXDOMAIN To fix this, we call `networkSettings.apply()` whenever the resource list has changed. This has been tested to trigger a DNS cache flush on macOS. |
||
|
dependabot[bot]
|
6fa8c0b52a |
build(deps): bump proc-macro2 from 1.0.95 to 1.0.101 in /rust (#10218)
Bumps [proc-macro2](https://github.com/dtolnay/proc-macro2) from 1.0.95 to 1.0.101. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/proc-macro2/releases">proc-macro2's releases</a>.</em></p> <blockquote> <h2>1.0.101</h2> <ul> <li>Optimize Span location accessors (<a href="https://redirect.github.com/dtolnay/proc-macro2/issues/519">#519</a>)</li> </ul> <h2>1.0.100</h2> <ul> <li>Stabilize <code>Span</code> methods on Rust 1.88+: <code>start</code>, <code>end</code>, <code>line</code>, <code>column</code>, <code>file</code>, <code>local_file</code> (<a href="https://redirect.github.com/dtolnay/proc-macro2/issues/517">#517</a>, <a href="https://redirect.github.com/dtolnay/proc-macro2/issues/518">#518</a>)</li> </ul> <h2>1.0.99</h2> <ul> <li>Prevent Span's unstable API becoming unavailable from a future new compiler lint (<a href="https://redirect.github.com/dtolnay/proc-macro2/issues/515">#515</a>)</li> </ul> <h2>1.0.98</h2> <ul> <li>Disallow prefixed identifier as name of lifetime: <code>'prefix#lifetime</code> (<a href="https://redirect.github.com/dtolnay/proc-macro2/issues/514">#514</a>, <a href="https://redirect.github.com/rust-lang/rust/pull/126452">rust-lang/rust#126452</a>)</li> </ul> <h2>1.0.97</h2> <ul> <li>Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (<a href="https://redirect.github.com/dtolnay/proc-macro2/issues/505">#505</a>, <a href="https://redirect.github.com/dtolnay/proc-macro2/issues/512">#512</a>, thanks <a href="https://github.com/davvid"><code>@davvid</code></a>)</li> </ul> <h2>1.0.96</h2> <ul> <li>Simplify how rustdoc flags are decided during docs.rs builds (<a href="https://redirect.github.com/dtolnay/proc-macro2/issues/511">#511</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c6cb22bbd1 |
build(deps): bump anyhow from 1.0.98 to 1.0.99 in /rust (#10212)
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.98 to 1.0.99. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/anyhow/releases">anyhow's releases</a>.</em></p> <blockquote> <h2>1.0.99</h2> <ul> <li>Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (<a href="https://redirect.github.com/dtolnay/anyhow/issues/420">#420</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
52e3aeab74 |
build(deps): bump arbitrary from 1.4.1 to 1.4.2 in /rust (#10220)
Bumps [arbitrary](https://github.com/rust-fuzz/arbitrary) from 1.4.1 to 1.4.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-fuzz/arbitrary/blob/main/CHANGELOG.md">arbitrary's changelog</a>.</em></p> <blockquote> <h2>1.4.2</h2> <p>Released 2025-08-13.</p> <h3>Added</h3> <ul> <li>Added formal MSRV policy: "We reserve the right to increment the MSRV on minor releases, however we will strive to only do it deliberately and for good reasons." The current MSRV is 1.63.0.</li> <li>Added an <code>Arbitrary</code> implementation for <code>core::cmp::Reverse</code>.</li> </ul> <h3>Changed</h3> <ul> <li>Landed a handful of changes to the code generated by <code>#[derive(Arbitrary)]</code> that speed up compilation.</li> </ul> <h3>Fixed</h3> <ul> <li>Better documented bias and behavior when running out of entropy, fixed some outdated and incorrect docs related to this.</li> </ul> <hr /> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
742b94be90 |
build(deps): bump thiserror from 2.0.12 to 2.0.15 in /rust (#10213)
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 2.0.12 to 2.0.15. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/thiserror/releases">thiserror's releases</a>.</em></p> <blockquote> <h2>2.0.15</h2> <ul> <li>Prevent <code>Error::provide</code> API becoming unavailable from a future new compiler lint (<a href="https://redirect.github.com/dtolnay/thiserror/issues/427">#427</a>)</li> </ul> <h2>2.0.14</h2> <ul> <li>Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (<a href="https://redirect.github.com/dtolnay/thiserror/issues/426">#426</a>)</li> </ul> <h2>2.0.13</h2> <ul> <li>Documentation improvements</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a4352137f2 |
build(deps): bump uuid from 1.17.0 to 1.18.0 in /rust (#10214)
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.17.0 to 1.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/uuid-rs/uuid/releases">uuid's releases</a>.</em></p> <blockquote> <h2>v1.18.0</h2> <h2>What's Changed</h2> <ul> <li>Fix up mismatched_lifetime_syntaxes lint by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/837">uuid-rs/uuid#837</a></li> <li>Conversions between <code>Timestamp</code> and <code>std::time::SystemTime</code> by <a href="https://github.com/dcormier"><code>@dcormier</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/835">uuid-rs/uuid#835</a></li> <li>Wrap the error type used in time conversions by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/838">uuid-rs/uuid#838</a></li> <li>Prepare for 1.18.0 release by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/839">uuid-rs/uuid#839</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/dcormier"><code>@dcormier</code></a> made their first contribution in <a href="https://redirect.github.com/uuid-rs/uuid/pull/835">uuid-rs/uuid#835</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/uuid-rs/uuid/compare/v1.17.0...v1.18.0">https://github.com/uuid-rs/uuid/compare/v1.17.0...v1.18.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
dd312a9a83 |
build(deps): bump glob from 0.3.2 to 0.3.3 in /rust (#10215)
Bumps [glob](https://github.com/rust-lang/glob) from 0.3.2 to 0.3.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/glob/releases">glob's releases</a>.</em></p> <blockquote> <h2>v0.3.3</h2> <ul> <li>Optimize memory allocations (<a href="https://redirect.github.com/rust-lang/glob/pull/147">#147</a>)</li> <li>Bump the MSRV to 1.63 (<a href="https://redirect.github.com/rust-lang/glob/pull/172">#172</a>)</li> <li>Fix spelling in pattern documentation (<a href="https://redirect.github.com/rust-lang/glob/pull/164">#164</a>)</li> <li>Fix version numbers and some formatting (<a href="https://redirect.github.com/rust-lang/glob/pull/157">#157</a>)</li> <li>Style fixes (<a href="https://redirect.github.com/rust-lang/glob/pull/137">#137</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/glob/blob/master/CHANGELOG.md">glob's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/rust-lang/glob/compare/v0.3.2...v0.3.3">0.3.3</a> - 2025-08-11</h2> <ul> <li>Optimize memory allocations (<a href="https://redirect.github.com/rust-lang/glob/pull/147">#147</a>)</li> <li>Bump the MSRV to 1.63 (<a href="https://redirect.github.com/rust-lang/glob/pull/172">#172</a>)</li> <li>Fix spelling in pattern documentation (<a href="https://redirect.github.com/rust-lang/glob/pull/164">#164</a>)</li> <li>Fix version numbers and some formatting (<a href="https://redirect.github.com/rust-lang/glob/pull/157">#157</a>)</li> <li>Style fixes (<a href="https://redirect.github.com/rust-lang/glob/pull/137">#137</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
05b736c5a1 |
build(deps): bump clap from 4.5.43 to 4.5.45 in /rust (#10216)
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.43 to 4.5.45. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/releases">clap's releases</a>.</em></p> <blockquote> <h2>v4.5.45</h2> <h2>[4.5.45] - 2025-08-12</h2> <h3>Fixes</h3> <ul> <li><em>(unstable-v5)</em> <code>ValueEnum</code> variants now use the full doc comment, not summary, for <code>PossibleValue::help</code></li> </ul> <h2>v4.5.44</h2> <h2>[4.5.44] - 2025-08-11</h2> <h3>Features</h3> <ul> <li>Add <code>Command::mut_subcommands</code></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's changelog</a>.</em></p> <blockquote> <h2>[4.5.45] - 2025-08-12</h2> <h3>Fixes</h3> <ul> <li><em>(unstable-v5)</em> <code>ValueEnum</code> variants now use the full doc comment, not summary, for <code>PossibleValue::help</code></li> </ul> <h2>[4.5.44] - 2025-08-11</h2> <h3>Features</h3> <ul> <li>Add <code>Command::mut_subcommands</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
eb0526ce5f |
build(deps): bump async-trait from 0.1.88 to 0.1.89 in /rust (#10221)
Bumps [async-trait](https://github.com/dtolnay/async-trait) from 0.1.88 to 0.1.89. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/async-trait/releases">async-trait's releases</a>.</em></p> <blockquote> <h2>0.1.89</h2> <ul> <li>Improve IDE functionality (<a href="https://redirect.github.com/dtolnay/async-trait/issues/293">#293</a>, thanks <a href="https://github.com/Veykril"><code>@Veykril</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
2265114f6f |
build(deps): bump syn from 2.0.104 to 2.0.106 in /rust (#10219)
Bumps [syn](https://github.com/dtolnay/syn) from 2.0.104 to 2.0.106. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/syn/releases">syn's releases</a>.</em></p> <blockquote> <h2>2.0.106</h2> <ul> <li>Replace <code>~const</code> syntax with <code>[const]</code> conditionally const syntax in trait bounds (<a href="https://redirect.github.com/dtolnay/syn/issues/1896">#1896</a>, <a href="https://redirect.github.com/rust-lang/rust/pull/139858">rust-lang/rust#139858</a>)</li> <li>Support conditionally const impl Trait types (<a href="https://redirect.github.com/dtolnay/syn/issues/1897">#1897</a>)</li> <li>Reject polarity modifier and lifetime binder used in the same trait bound (<a href="https://redirect.github.com/dtolnay/syn/issues/1899">#1899</a>, <a href="https://redirect.github.com/rust-lang/rust/pull/127054">rust-lang/rust#127054</a>)</li> <li>Parse const trait bounds with bound lifetimes (<a href="https://redirect.github.com/dtolnay/syn/issues/1902">#1902</a>)</li> <li>Parse bound lifetimes with lifetime bounds (<a href="https://redirect.github.com/dtolnay/syn/issues/1903">#1903</a>)</li> <li>Allow type parameters and const parameters in trait bounds and generic closures (<a href="https://redirect.github.com/dtolnay/syn/issues/1904">#1904</a>, <a href="https://redirect.github.com/dtolnay/syn/issues/1907">#1907</a>, <a href="https://redirect.github.com/dtolnay/syn/issues/1908">#1908</a>, <a href="https://redirect.github.com/dtolnay/syn/issues/1909">#1909</a>)</li> </ul> <h2>2.0.105</h2> <ul> <li>Disallow "negative" inherent impls like <code>impl !T {}</code> (<a href="https://redirect.github.com/dtolnay/syn/issues/1881">#1881</a>, <a href="https://redirect.github.com/rust-lang/rust/pull/144386">rust-lang/rust#144386</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5cac8538b4 |
build(deps): bump reqwest from 0.12.22 to 0.12.23 in /rust (#10217)
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.12.22 to 0.12.23. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/releases">reqwest's releases</a>.</em></p> <blockquote> <h2>v0.12.23</h2> <h2>tl;dr</h2> <ul> <li>🇺🇩🇸 Add <code>ClientBuilder::unix_socket(path)</code> option that will force all requests over that Unix Domain Socket.</li> <li>🔁 Add <code>ClientBuilder::retries(policy)</code> and <code>reqwest::retry::Builder</code> to configure <a href="https://seanmonstar.com/blog/reqwest-retries/">automatic retries</a>.</li> <li>Add <code>ClientBuilder::dns_resolver2()</code> with more ergonomic argument bounds, allowing more resolver implementations.</li> <li>Add <code>http3_*</code> options to <code>blocking::ClientBuilder</code>.</li> <li>Fix default TCP timeout values to enabled and faster.</li> <li>Fix SOCKS proxies to default to port 1080</li> <li>(wasm) Add cache methods to <code>RequestBuilder</code>.</li> </ul> <h2>What's Changed</h2> <ul> <li>Minimize package size by <a href="https://github.com/weiznich"><code>@weiznich</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2759">seanmonstar/reqwest#2759</a></li> <li>chore(dev-dependencies): bump brotli by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2760">seanmonstar/reqwest#2760</a></li> <li>upgrade hickory-dns to 0.25 by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2761">seanmonstar/reqwest#2761</a></li> <li>Re-expose http3 options in blocking::clientBuilder by <a href="https://github.com/ducaale"><code>@ducaale</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2770">seanmonstar/reqwest#2770</a></li> <li>fix(proxy): restore default port 1080 for SOCKS proxies without explicit port by <a href="https://github.com/0x676e67"><code>@0x676e67</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2771">seanmonstar/reqwest#2771</a></li> <li>ci: use msrv-aware cargo in msrv job by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2779">seanmonstar/reqwest#2779</a></li> <li>feat: add request cache option for wasm by <a href="https://github.com/Spxg"><code>@Spxg</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2775">seanmonstar/reqwest#2775</a></li> <li>style(client): use <code>std::task::ready!</code> macro to simplify <code>Poll</code> branch match by <a href="https://github.com/0x676e67"><code>@0x676e67</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2781">seanmonstar/reqwest#2781</a></li> <li>fix: add default tcp keepalive and user_timeout values by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2780">seanmonstar/reqwest#2780</a></li> <li>feat: add unix_socket() option to client builder by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2624">seanmonstar/reqwest#2624</a></li> <li>Add retry policies by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2763">seanmonstar/reqwest#2763</a></li> <li>refactor: loosen retry <code>for_host</code> parameter bounds by <a href="https://github.com/Enduriel"><code>@Enduriel</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2792">seanmonstar/reqwest#2792</a></li> <li>feat: add dns_resolver2 that is more ergonomic and flexible by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2793">seanmonstar/reqwest#2793</a></li> <li>Prepare v0.12.23 by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2795">seanmonstar/reqwest#2795</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/weiznich"><code>@weiznich</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2759">seanmonstar/reqwest#2759</a></li> <li><a href="https://github.com/Spxg"><code>@Spxg</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2775">seanmonstar/reqwest#2775</a></li> <li><a href="https://github.com/Enduriel"><code>@Enduriel</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2792">seanmonstar/reqwest#2792</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/seanmonstar/reqwest/compare/v0.12.22...v0.12.23">https://github.com/seanmonstar/reqwest/compare/v0.12.22...v0.12.23</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md">reqwest's changelog</a>.</em></p> <blockquote> <h2>v0.12.23</h2> <ul> <li>Add <code>ClientBuilder::unix_socket(path)</code> option that will force all requests over that Unix Domain Socket.</li> <li>Add <code>ClientBuilder::retries(policy)</code> and <code>reqwest::retry::Builder</code> to configure automatic retries.</li> <li>Add <code>ClientBuilder::dns_resolver2()</code> with more ergonomic argument bounds, allowing more resolver implementations.</li> <li>Add <code>http3_*</code> options to <code>blocking::ClientBuilder</code>.</li> <li>Fix default TCP timeout values to enabled and faster.</li> <li>Fix SOCKS proxies to default to port 1080</li> <li>(wasm) Add cache methods to <code>RequestBuilder</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
618254cdfc |
refactor(relay): use zero check for is_learned (#10209)
Simplifies the interface map we store to use a zero-check instead of explicit bool. Related: https://github.com/firezone/firezone/pull/10200#discussion_r2281117072 |
||
|
Jamil
|
0698e0d35f |
ci: test IPv6 for CIDR resources (#10168)
Docker for Mac finally supports IPv6 in general availability. It's time to add IPv6 to our suite of integration tests. The thinking behind this PR is try and not slow down CI much, if at all, by testing IPv6 side-by-side with the existing IPv4 tests. More comprehensive testing is being developed in #10131 that will test things like IPv4-in-6 relaying, client / gateway IP stack mismatches, and so forth. |
||
|
Thomas Eizinger
|
6f4242769a |
refactor(connlib): move gw phoenix-channel to separate task (#10211)
Similar to #10210, we also move the phoenix-channel to a separate task for the Gateway's and connect it with channels to the event-loop. Related: #10003 --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
dependabot[bot]
|
dae9a10e00 |
build(deps): bump tauri from 2.6.2 to 2.7.0 in /rust in the tauri group (#10179)
Bumps the tauri group in /rust with 1 update: [tauri](https://github.com/tauri-apps/tauri). Updates `tauri` from 2.6.2 to 2.7.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases">tauri's releases</a>.</em></p> <blockquote> <h2>tauri-runtime v2.7.0</h2> <!-- raw HTML omitted --> <pre><code>Updating git repository `https://github.com/tauri-apps/schemars.git` Updating crates.io index warning: Patch `schemars_derive v0.8.21 (https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)` was not used in the crate graph. Check that the patched package version and available features are compatible with the dependency requirements. If the patch has a different version from what is locked in the Cargo.lock file, run `cargo update` to use the new version. This may also occur with an optional dependency that is not enabled. Locking 1020 packages to latest compatible versions Adding apple-codesign v0.27.0 (available: v0.29.0) Adding axum v0.7.9 (available: v0.8.4) Adding cargo_metadata v0.19.2 (available: v0.20.0) Adding colored v2.2.0 (available: v3.0.0) Adding ctor v0.2.9 (available: v0.4.2) Adding elf v0.7.4 (available: v0.8.0) Adding getrandom v0.2.16 (available: v0.3.3) Adding html5ever v0.29.1 (available: v0.32.0) Adding itertools v0.13.0 (available: v0.14.0) Adding json-patch v3.0.1 (available: v4.0.0) Adding jsonrpsee v0.24.9 (available: v0.25.1) Adding jsonrpsee-client-transport v0.24.9 (available: v0.25.1) Adding jsonrpsee-core v0.24.9 (available: v0.25.1) Adding jsonrpsee-ws-client v0.24.9 (available: v0.25.1) Adding minisign v0.7.3 (available: v0.7.9) Adding muda v0.16.1 (available: v0.17.0) Adding object v0.36.7 (available: v0.37.1) Adding oxc_allocator v0.36.0 (available: v0.74.0) Adding oxc_ast v0.36.0 (available: v0.74.0) Adding oxc_parser v0.36.0 (available: v0.74.0) Adding oxc_span v0.36.0 (available: v0.74.0) Adding phf v0.11.3 (available: v0.12.1) Adding proc-macro-crate v2.0.0 (available: v2.0.2) Adding rand v0.8.5 (available: v0.9.1) Adding rpm v0.16.0 (available: v0.17.0) Adding schemars v0.8.22 (available: v1.0.1) Adding serialize-to-javascript v0.1.1 (available: v0.1.2) Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2) Adding tiny_http v0.11.0 (available: v0.12.0) Adding which v7.0.3 (available: v8.0.0) Adding worker v0.5.0 (available: v0.6.0) Adding worker-macros v0.5.0 (available: v0.6.0) Adding x509-certificate v0.23.1 (available: v0.24.0) Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 787 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (1045 crate dependencies) </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
319b31da64 |
build(deps): bump clap from 4.5.42 to 4.5.43 in /rust (#10182)
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.42 to 4.5.43. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/releases">clap's releases</a>.</em></p> <blockquote> <h2>v4.5.43</h2> <h2>[4.5.43] - 2025-08-06</h2> <h3>Fixes</h3> <ul> <li><em>(help)</em> In long help, list Possible Values before defaults, rather than after, for a more consistent look</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's changelog</a>.</em></p> <blockquote> <h2>[4.5.43] - 2025-08-06</h2> <h3>Fixes</h3> <ul> <li><em>(help)</em> In long help, list Possible Values before defaults, rather than after, for a more consistent look</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
6038ade9a0 |
build(deps): bump socket2 from 0.5.10 to 0.6.0 in /rust (#10183)
Bumps [socket2](https://github.com/rust-lang/socket2) from 0.5.10 to 0.6.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/socket2/blob/master/CHANGELOG.md">socket2's changelog</a>.</em></p> <blockquote> <h1>0.6.0</h1> <h2>Breaking changes</h2> <p>All IPv4 methods now have a <code>_v4</code> suffix, IPv6 uses <code>_v6</code>. TCP methods have a <code>tcp_</code> prefix (looked better than a suffix).</p> <p>Furthermore we removed all types from external libraries (i.e. libc or windows-sys) from the public API, allowing us to update those without breaking the API.</p> <ul> <li>Renamed <code>Socket::freebind_ipv6</code> to <code>freebind_v6</code> (<a href="https://redirect.github.com/rust-lang/socket2/pull/592">rust-lang/socket2#592</a>).</li> <li>Renamed <code>Socket::freebind</code> to <code>freebind_v4</code> (<a href="https://redirect.github.com/rust-lang/socket2/pull/592">rust-lang/socket2#592</a>).</li> <li>Renamed <code>Socket::original_dst</code> to <code>original_dst_v4</code> (<a href="https://redirect.github.com/rust-lang/socket2/pull/592">rust-lang/socket2#592</a>).</li> <li>Renamed <code>Socket::original_dst_ipv6</code> to <code>original_dst_v6</code> (<a href="https://redirect.github.com/rust-lang/socket2/pull/592">rust-lang/socket2#592</a>).</li> <li>Bump MSRV to 1.70 (<a href="https://redirect.github.com/rust-lang/socket2/pull/597">rust-lang/socket2#597</a>).</li> <li>Use <code>c_int</code> from <code>std::ffi</code> instead of from libc (<a href="https://redirect.github.com/rust-lang/socket2/pull/599">rust-lang/socket2#599</a>, <a href="https://redirect.github.com/rust-lang/socket2/pull/595">rust-lang/socket2#595</a>).</li> <li><code>SockAddr</code>'s methods now accept/return <code>SockAddrStorage</code> instead of <code>sockaddr_storage</code>/<code>SOCKADDR_STORAGE</code> (<a href="https://redirect.github.com/rust-lang/socket2/pull/576">rust-lang/socket2#576</a>): <ul> <li><code>new</code></li> <li><code>try_init</code></li> <li><code>as_ptr</code></li> <li><code>as_storage</code></li> </ul> </li> <li>Add <code>SockFilter</code>, wrapper around <code>libc::sock_filter</code>, argument to <code>Socket::attach_filter</code> (<a href="https://redirect.github.com/rust-lang/socket2/pull/581">rust-lang/socket2#581</a>).</li> <li>Various renames of TCP methods on <code>Socket</code> (<a href="https://redirect.github.com/rust-lang/socket2/pull/592">rust-lang/socket2#592</a>): <ul> <li><code>keepalive_time</code> -> <code>tcp_keepalive_time</code></li> <li><code>keepalive_interval</code> -> <code>tcp_keepalive_interval</code></li> <li><code>keepalive_retries</code> -> <code>tcp_keepalive_retries</code></li> <li><code>nodelay</code> -> <code>tcp_nodelay</code></li> <li><code>set_nodelay</code> -> <code>tcp_set_nodelay</code></li> <li><code>tcp_mss</code> -> <code>mss</code></li> <li><code>tcp_set_mss</code> -> <code>set_mss</code></li> <li><code>tcp_cork</code> -> <code>cork</code></li> <li><code>tcp_set_cork</code> -> <code>set_cork</code></li> <li><code>tcp_quickack</code> -> <code>quickack</code></li> <li><code>tcp_set_quickack</code> -> <code>set_quickack</code></li> <li><code>thin_linear_timeouts</code> -> <code>tcp_thin_linear_timeouts</code>.</li> </ul> </li> </ul> <h2>Non-breaking changes</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/rust-lang/socket2/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
12667a98df |
build(deps): bump libc from 0.2.174 to 0.2.175 in /rust (#10181)
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.174 to 0.2.175. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/libc/releases">libc's releases</a>.</em></p> <blockquote> <h2>0.2.175</h2> <h3>Added</h3> <ul> <li>AIX: Add <code>getpeereid</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4524">#4524</a>)</li> <li>AIX: Add <code>struct ld_info</code> and friends (<a href="https://redirect.github.com/rust-lang/libc/pull/4578">#4578</a>)</li> <li>AIX: Retore <code>struct winsize</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4577">#4577</a>)</li> <li>Android: Add UDP socket option constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4619">#4619</a>)</li> <li>Android: Add <code>CLONE_CLEAR_SIGHAND</code> and <code>CLONE_INTO_CGROUP</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4502">#4502</a>)</li> <li>Android: Add more <code>prctl</code> constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4531">#4531</a>)</li> <li>FreeBSD Add further TCP stack-related constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4196">#4196</a>)</li> <li>FreeBSD x86-64: Add <code>mcontext_t.mc_tlsbase </code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4503">#4503</a>)</li> <li>FreeBSD15: Add <code>kinfo_proc.ki_uerrmsg</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4552">#4552</a>)</li> <li>FreeBSD: Add <code>in_conninfo</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4482">#4482</a>)</li> <li>FreeBSD: Add <code>xinpgen</code> and related types (<a href="https://redirect.github.com/rust-lang/libc/pull/4482">#4482</a>)</li> <li>FreeBSD: Add <code>xktls_session</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4482">#4482</a>)</li> <li>Haiku: Add functionality from <code>libbsd</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4221">#4221</a>)</li> <li>Linux: Add <code>SECBIT_*</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4480">#4480</a>)</li> <li>NetBSD, OpenBSD: Export <code>ioctl</code> request generator macros (<a href="https://redirect.github.com/rust-lang/libc/pull/4460">#4460</a>)</li> <li>NetBSD: Add <code>ptsname_r</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4608">#4608</a>)</li> <li>RISCV32: Add time-related syscalls (<a href="https://redirect.github.com/rust-lang/libc/pull/4612">#4612</a>)</li> <li>Solarish: Add <code>strftime*</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4453">#4453</a>)</li> <li>linux: Add <code>EXEC_RESTRICT_*</code> and <code>EXEC_DENY_*</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4545">#4545</a>)</li> </ul> <h3>Changed</h3> <ul> <li>AIX: Add <code>const</code> to signatures to be consistent with other platforms (<a href="https://redirect.github.com/rust-lang/libc/pull/4563">#4563</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>AIX: Fix the type of <code>struct statvfs.f_fsid</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4576">#4576</a>)</li> <li>AIX: Fix the type of constants for the <code>ioctl</code> <code>request</code> argument (<a href="https://redirect.github.com/rust-lang/libc/pull/4582">#4582</a>)</li> <li>AIX: Fix the types of <code>stat{,64}.st_*tim</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4597">#4597</a>)</li> <li>AIX: Use unique <code>errno</code> values (<a href="https://redirect.github.com/rust-lang/libc/pull/4507">#4507</a>)</li> <li>Build: Fix an incorrect <code>target_os</code> -> <code>target_arch</code> check (<a href="https://redirect.github.com/rust-lang/libc/pull/4550">#4550</a>)</li> <li>FreeBSD: Fix the type of <code>xktls_session_onedir.ifnet</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4552">#4552</a>)</li> <li>Mips64 musl: Fix the type of <code>nlink_t</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4509">#4509</a>)</li> <li>Mips64 musl: Use a special MIPS definition of <code>stack_t</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4528">#4528</a>)</li> <li>Mips64: Fix <code>SI_TIMER</code>, <code>SI_MESGQ</code> and <code>SI_ASYNCIO</code> definitions (<a href="https://redirect.github.com/rust-lang/libc/pull/4529">#4529</a>)</li> <li>Musl Mips64: Swap the order of <code>si_errno</code> and <code>si_code</code> in <code>siginfo_t</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4530">#4530</a>)</li> <li>Musl Mips64: Use a special MIPS definition of <code>statfs</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4527">#4527</a>)</li> <li>Musl: Fix the definition of <code>fanotify_event_metadata</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4510">#4510</a>)</li> <li>NetBSD: Correct <code>enum fae_action</code> to be <code>#[repr(C)]</code> (<a href=" |
||
|
Thomas Eizinger
|
2545c41366 |
refactor(connlib): move client phoenix-channel to separate task (#10210)
Currently, `connlib`'s event-loop for clients uses manual polling to advance the state of the tunnel and the phoenix-channel. Manual polling is powerful but also easy to get wrong, resulting in task-wakeup bugs. Additionally, if the tunnel is very busy with processing packets, the phoenix-channel may not get enough CPU time, resulting in a loss of the WebSocket connection. To fix this, we move the phoenix-channel to a separate task and use channels to connect it with `connlib`'s main event-loop. This one is now primarily focused on advancing the tunnel state, effectively offloading the problem of fair scheduling to the tokio runtime. Related: #10003 |
||
|
Thomas Eizinger
|
da00848549 |
build(deps): bump to Rust 1.89 (#10208)
Rust 1.89 comes with a new lint that wants us to use explicitly refer to lifetimes, even if they are elided. |
||
|
Thomas Eizinger
|
0f2cfa2e3c |
fix(rust): don't block runtime shutdown (#10204)
By default, dropping a `tokio` runtime waits until all tasks have finished. The tasks we spawn within `connlib` can have complex dependencies with each other. To ensure that we can shut down in any case and don't hang, we apply a timeout of 1s to the runtime. |
||
|
Thomas Eizinger
|
c8b01d9f43 | fix(telemetry): timeout Sentry session shutdown within 1s (#10205) | ||
|
Thomas Eizinger
|
1bdc5f0584 | feat(telemetry): reuse connections to PostHog server (#10203) | ||
|
Jamil
|
f47fb46cc7 |
feat(relay): learn interface addresses (#10200)
In order to support cross-stack relaying, we need to know what the source IP is going to be to write the packets from. To know this, we can simply learn the destination IP address for incoming packets to our XDP program. A separate cache is used per IP stack in order be a bit more cache line friendly and prevent contention when only IP stack lookup is needed. Related: #10192 |
||
|
Thomas Eizinger
|
70a930e45d |
chore(relay): use existing ebpf module import (#10202)
|
||
|
Jamil
|
b07fa341cf |
feat(relay): XDP driver (native) mode for gVNIC (#10177)
This updates our eBPF module to use DRV_MODE for less CPU overhead and better performance for all same-stack TURN relaying. Notably, gVNIC does not seem to support the `bpf_xdp_adjust_head` helper, so unfortunately we need to extend / shrink the packet tail and move the payload instead. Comprehensive benchmarks have not been performed, but early results show that we can saturate about 1 Gbps per E2 core on GCP: ``` [SUM] 0.00-30.04 sec 3.16 GBytes 904 Mbits/sec 12088 sender [SUM] 0.00-30.00 sec 3.12 GBytes 894 Mbits/sec receiver ``` This is with 64 TCP streams. More streams will better utilize all available RX queues, and lead to better performance. Related: #10138 Fixes: #8633 |
||
|
Jamil
|
b7045338df |
fix(ci): compute sha256sum of binaries earlier (#10199)
Fixes an issue where the sha256sum.txt of the relay was not available. Related: #10198 |
||
|
Jamil
|
b3ea251082 |
fix(ci): use correct relay binary location (#10198)
Fixes an issue introduced in #10196. Related: #10196 |
||
|
Jamil
|
1c2d70ac0d |
chore(infra): push relay binary to gcp (#10196)
The COS images we currently use to run our Relays ship with an older Linux kernel that doesn't have some of the nice verifier improvements for our eBPF relay. To fix this, we need to use Ubuntu 24.04. To keep things simple there, we would like to avoid installing Docker on that image and instead run the Relay raw. To support that, we first need to push the built relay binary to our staging cloud storage bucket. Related: #10177 Related: https://github.com/firezone/infra/pull/116 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Jamil
|
46ffe8fe45 |
docs(relay): add note on channel map safety (#10194)
A fair bit of time was spent validating these map accesses are thread-safe, so just documenting that for the next reader to find. Related: https://github.com/firezone/firezone/issues/10138#issuecomment-3186074350 |
||
|
Jamil
|
3e3f555c1e |
fix(relay): swap MACs for relayed traffic (#10193)
In nearly all environments, we can safely assume that we will always use the same network gateway for forwarding relayed packets as the one we received them from. By leveraging this assumption, we can simply swap the SRC and DST MAC addresses, removing the need to keep a HaspMap for these, which eliminates the need to worry about thread-safety for this particular functionality. Related: #10138 |
||
|
Jamil
|
92137ee76b |
fix(relay): don't inline hotpath loop calls (#10185)
When inlining large(ish) functions that are on the hot-path, it creates a much longer program for the eBPF verifier to validate since the verifier is working through all packet sizes and types. We're hitting an issue on GCP (in the 8-core dev VM, XDP-generic) where verification fails on `main` due to the inlining of some hot-path functions. This PR is the smallest possible change that gets the program to load, highlighting the issue. In practice, I'm not there is a detectable performance difference between having these inlined vs not (especially in DRV_MODE) so I'm not sure it's worth the potential debugging headaches later on. |
||
|
dependabot[bot]
|
c5deb7a839 |
build(deps): bump @eslint/plugin-kit from 0.3.3 to 0.3.4 in /rust/gui-client in the npm_and_yarn group (#10044)
Bumps the npm_and_yarn group in /rust/gui-client with 1 update: [@eslint/plugin-kit](https://github.com/eslint/rewrite/tree/HEAD/packages/plugin-kit). Updates `@eslint/plugin-kit` from 0.3.3 to 0.3.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/eslint/rewrite/releases"><code>@eslint/plugin-kit</code>'s releases</a>.</em></p> <blockquote> <h2>plugin-kit: v0.3.4</h2> <h2><a href="https://github.com/eslint/rewrite/compare/plugin-kit-v0.3.3...plugin-kit-v0.3.4">0.3.4</a> (2025-07-21)</h2> <h3>Bug Fixes</h3> <ul> <li>potential quadratic runtime in regular expression (<a href="https://redirect.github.com/eslint/rewrite/issues/240">#240</a>) (<a href=" |
||
|
Jamil
|
3c55ddcd1e |
fix(ci): move rust cache to Azure; docker on main (#10169)
We are _very much_ over our GHA cache limit of 10 GB so in an effort to keep evictions to a minimum, we update the Rust SCCACHE to only write on `main` and the Docker elixir and data plane image build steps to do the same. Fixes #10145 |
||
|
Jamil
|
6f0e7f3caa |
chore(ci): enable data plane arm64 debug images (#10165)
On developers with Apple Silicon machines, this allows for testing native binaries without having to build data plane images. |
||
|
Firezone Bot
|
95ee111e62 | chore: publish apple-client 1.5.7 (#10159) | ||
|
Jamil
|
e5b2af1d4e |
chore(portal): add ChangeLogs.truncate/2 and tests (#10155)
In preparation to delete old change_logs based on account and insertion time, we introduce a simple `truncate` function that removes old change logs past a cutoff date. Related: https://github.com/firezone/firezone/issues/10146 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Jamil
|
25e15bbd14 |
chore(portal): drop id in favor of lsn pkey (#10152)
On the `change_logs` table, we want to minimize write overhead as much as possible. One major way to do this is the minimize the number of indexes maintained. Because `lsn` is guaranteed to be unique, we can use it as the primary, saving us an index (and column). **NOTE**: This migration will need to acquire a lock on the table, so it's added as a manual migration to execute out of band. Since we don't read ChangeLogs anywhere, it should be fine for the app servers to come up without this migration applied. |
||
|
Jamil
|
2c788a31aa |
test(portal): Flows.delete_expired_flows/0 (#10150)
Adds a missing test for the `Flows.delete_expired_flows/0` function. |
||
|
Thomas Eizinger
|
456fde5b60 |
ci: increase bitrate of direct connection UDP perf tests (#10154)
We can easily handle 1GBit/s for the direct connections. |
||
|
Thomas Eizinger
|
507a8957c2 |
chore(connlib): only debug-assert non-retransmitted DNS queries (#10136)
When we receive the same TCP DNS query twice, we currently wrongly hit a debug assert. |
||
|
Thomas Eizinger
|
2dde3b8573 |
fix(relay): read from most-recently-ready socket first (#10148)
The relay uses `mio` to react to readiness events from multiple sockets at once. Including the control port 3478, the relay needs to also send and receive traffic from up to 16384 sockets (one for each possible allocation). We need to process readiness events from these sockets as fairly as possible. Under high-load, it may otherwise happen that we don't read packets from an allocation socket, resulting in ICE timeouts of the connection being relayed. To achieve this fairness, we collect all readiness tokens into a set and store it with the number of packets we have read so far from this socket. Then, we always read from the socket next that we have so far read the least amount of packets from. |
||
|
Thomas Eizinger
|
b5e3ee8065 |
ci: reduce UDP perf test bitrate (#10153)
Forcing 500MBit/s through a relayed connection in CI makes the user-space relay fall-over and drop control messages, leading to ICE timeouts of the connection. |
||
|
Thomas Eizinger
|
f27683760a | fix(relay): check for ANSI support on stdout (#10149) | ||
|
Thomas Eizinger
|
2841fd0017 |
chore(connlib): spawn dedicated tasks for UDP send/recv (#10147)
At the moment, `connlib`'s UDP thread spawns a single task for reading and writing to the UDP socket. It will always first try to write data before reading new data. To avoid scheduling issues, we split this into two dedicated tasks and insert ```rust tokio::task::yield_now().await; ``` into each loop. This allows the `tokio` runtime to schedule each of the tasks fairly even if one of them is very busy. For example, if we are very busy writing data (because we are receiving a lot of IP traffic), this ensures that we will occasionally also read from our socket to receive STUN control messages from our peers. |
||
|
Jamil
|
708a4b000e |
fix(ci): enable GHA backend for sccache (#10144)
We need to actually enable the GHA backend for sccache. Related: #10142 |