Unfortunately, the cwd I set for the action didn't seem to apply so it
checked the links for the entire repo instead which - together with the
`--base` setting, produces a lot of errors for relative links.
In addition, lychee doesn't currently support having the `.lycheeignore`
file in a subdirectory (see related link), meaning we unfortunately have
to put yet another dot file in the root of our repository.
Related: https://github.com/lycheeverse/lychee-action/issues/205
At present, the Gateway implements a NAT64 conversion that can convert
IPv4 packets to IPv6 and vice versa. Doing this efficiently creates a
fair amount of complexity within our `ip-packet` crate. In addition,
routing ICMP errors back through our NAT is also complicated by this
because we may have to translate the packet embedded in the ICMP error
as well.
The NAT64 module was originally conceived as a result of the new stub
resolver-based DNS architecture. When the Client resolves IPs for a
domain, it doesn't know whether the domain will actually resolve to IPv4
AND IPv6 addresses so it simply assigns 4 of each to every domain. Thus,
when receiving an IPv6 packet for such a DNS resource, the Gateway may
only have IPv4 addresses available and can therefore not route the
packet (unless it translates it).
This problem is not novel. In fact, an IP being unroutable or a
particular route disappearing happens all the time on the Internet. ICMP
was conceived to handle this problem and it is doing a pretty good job
at it. We can make use of that and simply return an ICMP unreachable
error back to the client whenever it picks an IP that we cannot map to
one that we resolved.
In this PR, we leave all of the NAT64 code intact and only add a
feature-flag that - when active - sends aforementioned ICMP error. While
offline (and thus also for our tests), the feature-flag evaluates to
false. It is however set to `true` in the backend, meaning on staging
and later in production, we will send these ICMP errors.
Once this is rolled out and indeed proving to be working as intended, we
can simplify our codebase and rip out the NAT64 module. At that point,
we will also have to adapt the test-suite.
Bumps the npm_and_yarn group in /website with 1 update:
[next](https://github.com/vercel/next.js).
Updates `next` from 14.2.21 to 14.2.25
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v14.2.25</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.
This release contains a security patch for <a
href="https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw">CVE-2025-29927</a>.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Update middleware request header (<a
href="https://redirect.github.com/vercel/next.js/issues/77202">#77202</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p>
<h2>v14.2.24</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>fix: ensure lint worker errors aren't silenced (<a
href="https://redirect.github.com/vercel/next.js/issues/75779">#75779</a>)</li>
<li>add additional x-middleware-set-cookie filtering (<a
href="https://redirect.github.com/vercel/next.js/issues/75561">#75561</a>
& <a
href="https://redirect.github.com/vercel/next.js/issues/73482">#73482</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/ztanner"><code>@ztanner</code></a> for
helping!</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d36a1f3c35"><code>d36a1f3</code></a>
v14.2.25</li>
<li><a
href="5fd3ae8f85"><code>5fd3ae8</code></a>
[backport] Update middleware request header (<a
href="https://redirect.github.com/vercel/next.js/issues/77202">#77202</a>)</li>
<li><a
href="756be15c4c"><code>756be15</code></a>
v14.2.24</li>
<li><a
href="ba6453d5ef"><code>ba6453d</code></a>
fix corepack keys</li>
<li><a
href="c482c2072f"><code>c482c20</code></a>
[backport v14] fix: ensure lint worker errors aren't silenced (<a
href="https://redirect.github.com/vercel/next.js/issues/75766">#75766</a>)
(<a
href="https://redirect.github.com/vercel/next.js/issues/75779">#75779</a>)</li>
<li><a
href="5791cb6778"><code>5791cb6</code></a>
[Backport v14] add additional x-middleware-set-cookie filtering (<a
href="https://redirect.github.com/vercel/next.js/issues/75561">#75561</a>)
(<a
href="https://redirect.github.com/vercel/next.js/issues/75">#75</a>...</li>
<li><a
href="8129a61880"><code>8129a61</code></a>
test: fix eslint plugin test (<a
href="https://redirect.github.com/vercel/next.js/issues/75687">#75687</a>)</li>
<li><a
href="f27ce02b67"><code>f27ce02</code></a>
v14.2.23</li>
<li><a
href="c4bf4acfbf"><code>c4bf4ac</code></a>
backport: force module format for virtual client-proxy (<a
href="https://redirect.github.com/vercel/next.js/issues/74162">#74162</a>)
(<a
href="https://redirect.github.com/vercel/next.js/issues/74590">#74590</a>)</li>
<li><a
href="d60bb1b5fb"><code>d60bb1b</code></a>
Backport: Use provided waitUntil for pending revalidates (<a
href="https://redirect.github.com/vercel/next.js/issues/74164">#74164</a>)
(<a
href="https://redirect.github.com/vercel/next.js/issues/74573">#74573</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/compare/v14.2.21...v14.2.25">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/firezone/firezone/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Turns out we have several broken links on our website currently. Broken
links don't make a good impression so we should catch them as early as
possible.
Due to how our website is laid out, that isn't always possible to catch
these dead links in CI. The next best thing we can do is run a cron-job
in our CI that checks our sourcecode and makes sure all links (including
relative ones) are reachable.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
This is a regression introduced in c9f085c102. The `status` at this
point is still `nil` because we have not yet fully subscribed to VPN
status change updates from the system.
That actually shouldn't prevent us from trying to start the tunnel
anyway. If the `token` is missing from the Keychain, the tunnel process
will no-op. So we simply try to start a session on launch always.
Fixes#8456
Bumps [react-markdown](https://github.com/remarkjs/react-markdown) from
9.0.3 to 10.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/remarkjs/react-markdown/releases">react-markdown's
releases</a>.</em></p>
<blockquote>
<h2>10.0.0</h2>
<ul>
<li>aaaa40b Remove support for <code>className</code> prop
see <a
href="https://github.com/remarkjs/react-markdown/blob/main/changelog.md#remove-classname">“Remove
className”</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/remarkjs/react-markdown/compare/9.1.0...10.0.0">https://github.com/remarkjs/react-markdown/compare/9.1.0...10.0.0</a></p>
<h2>9.1.0</h2>
<ul>
<li>6ce120e Add support for async plugins
by <a href="https://github.com/wooorm"><code>@wooorm</code></a> in <a
href="https://redirect.github.com/remarkjs/react-markdown/pull/890">remarkjs/react-markdown#890</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/remarkjs/react-markdown/compare/9.0.3...9.1.0">https://github.com/remarkjs/react-markdown/compare/9.0.3...9.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/remarkjs/react-markdown/blob/main/changelog.md">react-markdown's
changelog</a>.</em></p>
<blockquote>
<h2>10.0.0 - 2025-02-20</h2>
<ul>
<li><a
href="https://github.com/remarkjs/react-markdown/commit/aaaa40b"><code>aaaa40b</code></a>
Remove support for <code>className</code> prop
<strong>migrate</strong>: see “Remove <code>className</code>” below</li>
</ul>
<h3>Remove <code>className</code></h3>
<p>The <code>className</code> prop was removed.
If you want to add classes to some element that wraps the markdown
you can explicitly write that element and add the class to it.
You can then choose yourself which tag name to use and whether to add
other
props.</p>
<p>Before:</p>
<pre lang="js"><code><Markdown
className="markdown-body">{markdown}</Markdown>
</code></pre>
<p>After:</p>
<pre lang="js"><code><div className="markdown-body">
<Markdown>{markdown}</Markdown>
</div>
</code></pre>
<h2>9.1.0 - 2025-02-20</h2>
<ul>
<li><a
href="https://github.com/remarkjs/react-markdown/commit/6ce120e"><code>6ce120e</code></a>
Add support for async plugins</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="33c31e7e23"><code>33c31e7</code></a>
10.0.0</li>
<li><a
href="5768374e29"><code>5768374</code></a>
Update changelog</li>
<li><a
href="aaaa40b4f8"><code>aaaa40b</code></a>
Remove support for <code>className</code> prop</li>
<li><a
href="747e505c9a"><code>747e505</code></a>
9.1.0</li>
<li><a
href="6ce120e706"><code>6ce120e</code></a>
Add support for async plugins</li>
<li><a
href="78d08de906"><code>78d08de</code></a>
Refactor to remove warning in tests</li>
<li><a
href="bcdc5b3b4f"><code>bcdc5b3</code></a>
Refactor <code>package.json</code></li>
<li><a
href="c44e246bbb"><code>c44e246</code></a>
Update dev-dependencies</li>
<li>See full diff in <a
href="https://github.com/remarkjs/react-markdown/compare/9.0.3...10.0.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser)
from 4.5.1 to 5.0.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/NaturalIntelligence/fast-xml-parser/releases">fast-xml-parser's
releases</a>.</em></p>
<blockquote>
<h2>Summary update on all the previous releases from v4.2.4</h2>
<ul>
<li>Multiple minor fixes provided in the validator and parser</li>
<li>v6 is added for experimental use.</li>
<li>ignoreAttributes support function, and array of string or regex</li>
<li>Add support for parsing HTML numeric entities</li>
<li>v5 of the application is ESM module now. However, JS is also
supported</li>
</ul>
<p><strong>Note</strong>: Release section in not updated frequently.
Please check <a
href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">CHANGELOG</a>
or <a
href="https://github.com/NaturalIntelligence/fast-xml-parser/tags">Tags</a>
for latest release information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">fast-xml-parser's
changelog</a>.</em></p>
<blockquote>
<p><!-- raw HTML omitted -->Note: If you find missing information about
particular minor version, that version must have been changed without
any functional change in this library.<!-- raw HTML omitted --></p>
<p><strong>5.0.8 / 2025-02-27</strong></p>
<ul>
<li>fix parsing 0 if skiplike option is used.
<ul>
<li>updating strnum dependency</li>
</ul>
</li>
</ul>
<p><strong>5.0.7 / 2025-02-25</strong></p>
<ul>
<li>fix (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/724">#724</a>)
typings for cjs.</li>
</ul>
<p><strong>5.0.6 / 2025-02-20</strong></p>
<ul>
<li>fix cli output (By <a href="https://github.com/angeld7">Angel
Delgado</a>)
<ul>
<li>remove multiple JSON parsing</li>
</ul>
</li>
</ul>
<p><strong>5.0.5 / 2025-02-20</strong></p>
<ul>
<li>fix parsing of string starting with 'e' or 'E' by updating
strnum</li>
</ul>
<p><strong>5.0.4 / 2025-02-20</strong></p>
<ul>
<li>fix CLI to support all the versions of node js when displaying
library version.</li>
<li>fix CJS import in v5
<ul>
<li>by fixing webpack config</li>
</ul>
</li>
</ul>
<p><strong>5.0.3 / 2025-02-20</strong></p>
<ul>
<li>Using strnum ESM module
<ul>
<li>new fixes in strum may break your experience</li>
</ul>
</li>
</ul>
<p><strong>5.0.2 / 2025-02-20</strong></p>
<ul>
<li>fix: include CommonJS resources in the npm package <a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/714">#714</a>
(By <a href="https://github.com/tbouffard">Thomas Bouffard</a>)</li>
<li>fix: move babel deps to dev deps</li>
</ul>
<p><strong>5.0.1 / 2025-02-19</strong></p>
<ul>
<li>fix syntax error for CLI command</li>
</ul>
<p><strong>5.0.0 / 2025-02-19</strong></p>
<ul>
<li>ESM support
<ul>
<li>no change in the functionality, syntax, APIs, options, or
documentation.</li>
</ul>
</li>
</ul>
<p><strong>4.5.2 / 2025-02-18</strong></p>
<ul>
<li>Fix null CDATA to comply with undefined behavior (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/701">#701</a>)
(By <a href="https://github.com/Kelgors">Matthieu BOHEAS</a>)</li>
<li>Fix(performance): Update check for leaf node in saveTextToParentTag
function in OrderedObjParser.js (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/707">#707</a>)
(By <a href="https://github.com/tomingtoming">...</a>)</li>
<li>Fix: emit full JSON string from CLI when no output filename
specified (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/710">#710</a>)
(By <a href="https://github.com/mbenson">Matt Benson</a>)</li>
</ul>
<p><strong>4.5.1 / 2024-12-15</strong></p>
<ul>
<li>Fix empty tag key name for v5 (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/697">#697</a>).
no impact on v4</li>
<li>Fixes entity parsing when used in strict mode (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/699">#699</a>)</li>
</ul>
<p><strong>4.5.0 / 2024-09-03</strong></p>
<ul>
<li>feat <a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/666">#666</a>:
ignoreAttributes support function, and array of string or regex (By <a
href="https://github.com/mav-rik">ArtemM</a>)</li>
</ul>
<p><strong>4.4.1 / 2024-07-28</strong></p>
<ul>
<li>v5 fix: maximum length limit to currency value</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d167cb085d"><code>d167cb0</code></a>
update strnum to fix parsing 0 if skiplike option is used</li>
<li><a
href="3a5b0314fe"><code>3a5b031</code></a>
update post release checks</li>
<li><a
href="a9612d1628"><code>a9612d1</code></a>
fix (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/724">#724</a>)
add typings for cjs.</li>
<li><a
href="d9e683b331"><code>d9e683b</code></a>
update release info</li>
<li><a
href="dd9a94b9ab"><code>dd9a94b</code></a>
<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/711">#711</a>
Removed string formating on cli output (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/712">#712</a>)</li>
<li><a
href="7783341b1f"><code>7783341</code></a>
Update node.js.yml</li>
<li><a
href="09782c65e4"><code>09782c6</code></a>
Update github workflow to remove publish-please</li>
<li><a
href="0a70cb1c96"><code>0a70cb1</code></a>
update strnum to fix specific strings parsing</li>
<li><a
href="ee693485fc"><code>ee69348</code></a>
docs(README): mention v5 instead of v4 (<a
href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/717">#717</a>)</li>
<li><a
href="a6dc73dee9"><code>a6dc73d</code></a>
update release detail</li>
<li>Additional commits viewable in <a
href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v4.5.1...v5.0.8">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [remark-gfm](https://github.com/remarkjs/remark-gfm) from 4.0.0 to
4.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/remarkjs/remark-gfm/releases">remark-gfm's
releases</a>.</em></p>
<blockquote>
<h2>4.0.1</h2>
<h4>Types</h4>
<ul>
<li>4af823a Refactor to use <code>interface</code> for exposed
types</li>
<li>3a57a5b Add declaration maps</li>
<li>76559f9 Refactor to use <code>@import</code>s</li>
</ul>
<h4>Docs</h4>
<ul>
<li>173394d Add docs on footnote option</li>
<li>21cae6a Fix typo
by <a href="https://github.com/leafac"><code>@leafac</code></a> in <a
href="https://redirect.github.com/remarkjs/remark-gfm/pull/73">remarkjs/remark-gfm#73</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/remarkjs/remark-gfm/compare/4.0.0...4.0.1">https://github.com/remarkjs/remark-gfm/compare/4.0.0...4.0.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="109972e8a7"><code>109972e</code></a>
4.0.1</li>
<li><a
href="173394d373"><code>173394d</code></a>
Add docs on footnote option</li>
<li><a
href="030dd8d534"><code>030dd8d</code></a>
Update dev-dependencies</li>
<li><a
href="21cae6ac8b"><code>21cae6a</code></a>
Fix typo</li>
<li><a
href="4af823a56b"><code>4af823a</code></a>
Refactor to use <code>interface</code> for exposed types</li>
<li><a
href="3a57a5bc3c"><code>3a57a5b</code></a>
Add declaration maps</li>
<li><a
href="76559f9e05"><code>76559f9</code></a>
Refactor to use <code>@import</code>s</li>
<li><a
href="da382350cc"><code>da38235</code></a>
Refactor <code>package.json</code></li>
<li><a
href="a5e8993994"><code>a5e8993</code></a>
Remove license year</li>
<li><a
href="4e1d55f320"><code>4e1d55f</code></a>
Refactor <code>.editorconfig</code></li>
<li>Additional commits viewable in <a
href="https://github.com/remarkjs/remark-gfm/compare/4.0.0...4.0.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Before, we would receive an `NSError` object and the type-matching
wouldn't take effect at all, causing the default alert to show every
time. This solves that by introducing a `UserFriendlyError` protocol
which is more robust against the two main `Error` and `NSError`
variants.
Whenever a Resource's name, address_description, or assigned sites
change, it is not currently reflected in clients. For that to happen the
address is changed.
This PR updates that behavior so that if any display fields are changed,
the `on_update_resources` callback is called which properly updates the
resource list views in clients.
Fixes#8284
This effectively reverts #8223 due to how this interacts with the
generated packages on Linux. The _package_ itself should still be called
`firezone-client-gui` because that is what we are installing. Perhaps we
will one day add a headless-client package so the naming chosen here
should allow for that.
To customize the desktop entry, we instead make use of the
`desktopTemplate` configuration of the Tauri bundler where we can
provide a custom `.desktop` file where we can specify a particular
application name.
As part of this, we are also updating the docs on the website to mention
the new name `Firezone Client`.
In #8159, we introduced a regression that could lead to a deadlock when
shutting down the TUN device. Whilst we did close the channel prior to
awaiting the thread to exit, we failed to notice that _another_ instance
of the sender could be alive as part of an internally stored "sending
permit" with the `PollSender` in case another packet is queued for
sending. We need to explicitly call `abort_send` to free that.
Judging from the comment and a prior bug, this shutdown logic has been
buggy before. To further avoid this deadlock, we introduce two changes:
- The worker threads only receive a `Weak` reference to the
`wintun::Session`
- We move all device-related state into a dedicated `TunState` struct
that we can drop prior to joining the threads
The combination of these features means that all strong references to
channels and the session are definitely dropped without having to wait
for anything. To provide a clean and synchronous shutdown, we wait for
at most 5s on the worker-threads. If they don't exit until then, we log
a warning and exit anyway.
This should greatly reduce the risk of future bugs here because the
session (and thus the WinTUN device) gets shutdown in any case and so at
worst, we have a few zombie threads around.
Resolves: #8265
`@Published` properties that views subscribe to for UI updates need to
be updated from the main thread only. This PR annotates the relevant
variable and function from the original author's implementation with
`@MainActor` so that Swift will properly warn us when modifying these in
the future.
A regression was introduced in #8218 that removed the `menuBar` as an
environment object for `AppView`.
Unfortunately this compiles just fine, as EnvironmentObjects are loaded
at runtime, causing the "Open Menu" button to crash since it's looking
for a non-existent EnvironmentObject.
This configures the GUI client to log to journald in addition to files
as well. For better or worse, this logs all events such that structured
information is preserved, e.g. all additional fields next to the message
are also saved as fields in the journal. By default, when viewing the
logs via `journalctl`, those fields are not displayed. This makes the
default output of `journalctl` for the FIrezone GUI not as useful as it
could be. Fixing that is left to a later stage.
Related: #8173
With the addition of the Firezone Control Protocol, we are now issuing a
lot more DNS queries on the Gateway. Specifically, every DNS query for a
DNS resource name always triggers a DNS query on the Gateway. This
ensures that changes to DNS entries for resources are picked up without
having to build any sort of "stale detection" in the Gateway itself. As
a result though, a Gateway has to issue a lot of DNS queries to upstream
resolvers which in 99% or more cases will return the same result.
To reduce the load on these upstream, we cache successful results of DNS
queries for 5 minutes.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
On Linux, logs sent to stdout from a systemd-service are automatically
captured by `journald`. This is where most admins expect logs to be and
frankly, doing any kind of debugging of Firezone is much easier if you
can do `journalctl -efu firezone-client-ipc.service` in a terminal and
check what the IPC service is doing.
On Windows, stdout from a service is (unfortunately) ignored.
To achieve this and also allow dynamically changing the log-filter, I
had to introduce a (long-overdue) abstraction over tracing's "reload"
layer that allows us to combine multiple reload-handles into one.
Unfortunately, neither the `reload::Layer` nor the `reload::Handle`
implement `Clone`, which makes this unnecessarily difficult.
Related: #8173
Now that we have error reporting via Sentry in Swift-land as well, we
can handle errors in the FFI layer more gracefully and return them to
Swift.
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
The `wintun` crate will already shutdown the session for us when the
last instance of `Session` gets dropped. Shutting down the session prior
to that already results in an attempt to close an adapter that is no
longer present, causing WinTUN to log (unactionable) errors.
Alternative to #8128. If the user dismissed the unlock prompt or has
their keyring otherwise misconfigured, it is still useful to allow them
to sign-in. They just won't stay signed-in across reboots of the device.
When we receive an inbound packet from the TUN device on the Gateway, we
make a lookup in the NAT table to see if it needs to be translated back
to a DNS proxy IP.
At present, non-existence of such a NAT entry results in the packet
being sent entirely unmodified because that is what needs to happen for
CIDR resources. Whilst that is important, the same code path is
currently being executed for DNS resources whose NAT session expired!
Those packets should be dropped instead which is what we do with this
PR.
To differentiate between not having a NAT session at all or whether a
previous one existed but is expired now, we keep around all previous
"outside" tuples of NAT sessions around. Those are only very small in
their memory-footprint. The entire NAT table is scoped to a connection
to the given peer and will thus eventually freed once the peer
disconnects. This allows us to reliably and cheaply detect, whether a
packet is using an expired NAT session. This check must be cheap because
all traffic of CIDR resources and the Internet resource needs to perform
this check such that we know that they don't have to be translated.
This might be the source of some of the "Source not allowed" errors we
have been seeing in client logs.
