Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.35 to
0.4.37.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/chronotope/chrono/releases">chrono's
releases</a>.</em></p>
<blockquote>
<h2>v0.4.37</h2>
<p>Version 0.4.36 introduced an unexpected breaking change and was
yanked. In it <code>LocalResult</code> was renamed to
<code>MappedLocalTime</code> to avoid the impression that it is a
<code>Result</code> type were some of the results are errors. For
backwards compatibility a type alias with the old name was added.</p>
<p>As it turns out there is one case where a type alias behaves
differently from the regular enum: you can't import enum variants from a
type alias with <code>use chrono::LocalResult::*</code>. With 0.4.37 we
make the new name <code>MappedLocalTime</code> the alias, but keep using
it in function signatures and the documentation as much as possible.</p>
<p>See also the release notes of <a
href="https://github.com/chronotope/chrono/releases/tag/v0.4.36">chrono
0.4.36</a> from yesterday for the yanked release.</p>
<h2>v0.4.36</h2>
<p>This release un-deprecates the methods on <code>TimeDelta</code> that
were deprecated with the 0.4.35 release because of the churn they are
causing for the ecosystem.</p>
<p>New is the <code>DateTime::with_time()</code> method. As an example
of when it is useful:</p>
<pre lang="rust"><code>use chrono::{Local, NaiveTime};
// Today at 12:00:00
let today_noon = Local::now().with_time(NaiveTime::from_hms_opt(12, 0,
0).unwrap());
</code></pre>
<h1>Additions</h1>
<ul>
<li>Add <code>DateTime::with_time()</code> (<a
href="https://redirect.github.com/chronotope/chrono/issues/1510">#1510</a>)</li>
</ul>
<h1>Deprecations</h1>
<ul>
<li>Revert <code>TimeDelta</code> deprecations (<a
href="https://redirect.github.com/chronotope/chrono/issues/1543">#1543</a>)</li>
<li>Deprecate <code>TimeStamp::timestamp_subsec_nanos</code>, which was
missed in the 0.4.35 release (<a
href="https://redirect.github.com/chronotope/chrono/issues/1486">#1486</a>)</li>
</ul>
<h1>Documentation</h1>
<ul>
<li>Correct version number of deprecation notices (<a
href="https://redirect.github.com/chronotope/chrono/issues/1486">#1486</a>)</li>
<li>Fix some typos (<a
href="https://redirect.github.com/chronotope/chrono/issues/1505">#1505</a>)</li>
<li>Slightly improve serde documentation (<a
href="https://redirect.github.com/chronotope/chrono/issues/1519">#1519</a>)</li>
<li>Main documentation: simplify links and reflow text (<a
href="https://redirect.github.com/chronotope/chrono/issues/1535">#1535</a>)</li>
</ul>
<h1>Internal</h1>
<ul>
<li>CI: Lint benchmarks (<a
href="https://redirect.github.com/chronotope/chrono/issues/1489">#1489</a>)</li>
<li>Remove unnessary <code>Copy</code> and <code>Send</code> impls (<a
href="https://redirect.github.com/chronotope/chrono/issues/1492">#1492</a>,
thanks <a
href="https://github.com/erickt"><code>@erickt</code></a>)</li>
<li>Backport streamlined <code>NaiveDate</code> unit tests (<a
href="https://redirect.github.com/chronotope/chrono/issues/1500">#1500</a>,
thanks <a
href="https://github.com/Zomtir"><code>@Zomtir</code></a>)</li>
<li>Rename <code>LocalResult</code> to <code>TzResolution</code>, add
alias (<a
href="https://redirect.github.com/chronotope/chrono/issues/1501">#1501</a>)</li>
<li>Update windows-bindgen to 0.55 (<a
href="https://redirect.github.com/chronotope/chrono/issues/1504">#1504</a>)</li>
<li>Avoid duplicate imports, which generate warnings on nightly (<a
href="https://redirect.github.com/chronotope/chrono/issues/1507">#1507</a>)</li>
<li>Add extra debug assertions to <code>NaiveDate::from_yof</code> (<a
href="https://redirect.github.com/chronotope/chrono/issues/1518">#1518</a>)</li>
<li>Some small simplifications to <code>DateTime::date_naive</code> and
<code>NaiveDate::diff_months</code> (<a
href="https://redirect.github.com/chronotope/chrono/issues/1530">#1530</a>)</li>
<li>Remove <code>unwrap</code> in Unix <code>Local</code> type (<a
href="https://redirect.github.com/chronotope/chrono/issues/1533">#1533</a>)</li>
<li>Use different method to ignore feature-dependent doctests (<a
href="https://redirect.github.com/chronotope/chrono/issues/1534">#1534</a>)</li>
</ul>
<p>Thanks to all contributors on behalf of the chrono team, <a
href="https://github.com/djc"><code>@djc</code></a> and <a
href="https://github.com/pitdicker"><code>@pitdicker</code></a>!</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7d62045ec4"><code>7d62045</code></a>
Prepare 0.4.37</li>
<li><a
href="6857d00070"><code>6857d00</code></a>
Hide re-export of <code>LocalResult</code> in docs</li>
<li><a
href="9e22e48d15"><code>9e22e48</code></a>
Swap <code>MappedLocalTime</code> and <code>LocalResult</code> type
alias</li>
<li><a
href="ca3c3b6293"><code>ca3c3b6</code></a>
Prepare 0.4.36</li>
<li><a
href="1850198da9"><code>1850198</code></a>
Revert <code>TimeDelta</code> deprecations</li>
<li><a
href="e05ba8b9c2"><code>e05ba8b</code></a>
Add <code>MappedLocalTime::and_then</code></li>
<li><a
href="3adfd88ce0"><code>3adfd88</code></a>
Main documentation: simplify links and reflow text</li>
<li><a
href="1e8df65f47"><code>1e8df65</code></a>
Rustfmt doc comments</li>
<li><a
href="1b57859782"><code>1b57859</code></a>
Run doctests with <code>alloc</code> feature if possible</li>
<li><a
href="6f2c7ccabd"><code>6f2c7cc</code></a>
Use different method to run feature-dependent doctests</li>
<li>Additional commits viewable in <a
href="https://github.com/chronotope/chrono/compare/v0.4.35...v0.4.37">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This required a mid-sized refactor of the relay's eventloop. The idea is
that we can use [`mio`](https://docs.rs/mio/latest/mio/) to do the
actual IO handling instead of `tokio`. `tokio` depends on `mio`
internally but doesn't expose its primitives. Most importantly, we don't
get access to the API where we can dynamically register file descriptors
to watch for readiness.
In order to avoid allocations on the relaying hotpath, we need to listen
on a dynamic number of sockets:
1. Our client-facing socket on port 3478
2. All sockets allocated by clients
`mio` is the building block of the async tokio runtime, hence it does
not provide an async primitives. Instead, it blocks the current thread
that it is running on and feeds you events that you need to deal with.
We still need our `tokio` runtime to register timers and for
communication with the portal. To integrate the two, we spawn a
dedicated thread for `mio::Poll` and communicate with it via channels
within the `Sockets` abstraction. Thus, the `Eventloop` itself has no
idea that `mio` is used for all the network communication.
Whenever `mio` sends us an event that a socket is ready, we try to read
from that specific socket. We must read from this socket until it
returns `WouldBlock` at which point we move on to the next event.
We only register for read-readiness. If a socket is not ready for
writing, we just drop the packet.
With this design in place, we can now have a single buffer that we read
incoming packets into and dispatch it to `Server`, depending on which
port is what received on. A future refactoring could maybe even unify
these functions and let the `Server` deal with the ports internally.
Resolves: #4366.
The value returned from `poll_timeout` needs to only reset the `Sleep`
but don't need to go back to the top of the loop. Instead, we move its
polling to below the resetting of `Sleep`. This will correctly register
a waker in case we did change `Sleep`.
This `continue` causes a busy-loop and stops the relay from dealing with
the `phoenix-channel` which means the portal will eventually consider it
offline.
This was first introduced in #4455.
This is a similar fix as to #4486. I am not sure if this is / was
actively causing problems but using `continue` after _any_ ready event
is definitely more correct.
This is a low-risk change.
Within the gateway's eventloop, we MUST only return `Poll::Pending` if
`Waker`s are registered for anything that needs to happen. To ensure
that, we MUST `loop` around our the calls to `poll()` to ensure we drain
everything that is `Poll::Ready`.
Only once all sub-state machines return `Poll::Pending`, we can return
`Poll::Pending`.
This is much more robust than the previous implementation because we now
go through all allocations and channels every time we get a
`handle_timeout` and clean up everything that is expired.
Resolves: #4095.
Refs #3712 and #3713 (Linux and Windows tunnel process separation /
splitting)
This doesn't change the functionality of the GUI Client, but it adds a
boundary where:
- Windows can keep connlib in-process, so it stays stable during the
early phases of GA when I don't want to be fighting bugs caused by a big
architecture change
- Linux can move connlib into the tunnel process, which is required
before the Linux GUI Client reaches it own GA milestone
So it all looks redundant, because it's scaffolding until later this
year when both Linux and Windows are split. After that, some of this can
be removed.
Previously, we would allocate each message twice:
1. When receiving the original packet.
2. When forming the resulting channel-data message.
We can optimise this to only one allocation each by:
1. Carrying around the original `ChannelData` message for traffic from
clients to peers.
2. Pre-allocating enough space for the channel-data header for traffic
from peers to clients.
Local flamegraphing still shows most of user-space activity as
allocations. I did occasionally see a throughput of ~10GBps with these
patches. I'd like to still work towards #4095 to ensure we handle
anything time-sensitive better.
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.114 to
1.0.115.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/json/releases">serde_json's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.115</h2>
<ul>
<li>Documentation improvements</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b1ebf3888e"><code>b1ebf38</code></a>
Release 1.0.115</li>
<li><a
href="c3dc153e06"><code>c3dc153</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1119">#1119</a>
from titaniumtraveler/pr</li>
<li><a
href="218770bb75"><code>218770b</code></a>
Explicitly install a Rust toolchain for cargo-outdated job</li>
<li><a
href="840da8e892"><code>840da8e</code></a>
Fix missing backticks in doc comments</li>
<li><a
href="3a3f61b1c9"><code>3a3f61b</code></a>
Temporarily disable miri on doctests</li>
<li><a
href="4a0be88b5a"><code>4a0be88</code></a>
Format regression tests with rustfmt</li>
<li><a
href="d2dbbf7055"><code>d2dbbf7</code></a>
Ignore dead code lint in tests</li>
<li><a
href="8e7b37bf7e"><code>8e7b37b</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1118">#1118</a>
from serde-rs/transparent</li>
<li><a
href="a25f6c6f2a"><code>a25f6c6</code></a>
Remove conditional on repr(transparent)</li>
<li><a
href="fedf8341ee"><code>fedf834</code></a>
Ignore non_local_definitions false positive in test</li>
<li>See full diff in <a
href="https://github.com/serde-rs/json/compare/v1.0.114...v1.0.115">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(After GA)
This adds a unit test for the Unix domain sockets that I intend to use
for process splitting on Linux.
The length-prefixed encoding and decoding are copied from `subzone`, but
most of that code will not be re-used since it's Windows-specific and
also specific to a Chromium-like process model, which won't work for
Firezone.
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.3 to 4.5.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/clap-rs/clap/releases">clap's
releases</a>.</em></p>
<blockquote>
<h2>v4.5.4</h2>
<h2>[4.5.4] - 2024-03-25</h2>
<h3>Fixes</h3>
<ul>
<li><em>(derive)</em> Allow non-literal <code>#[arg(id)]</code>
attributes again</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's
changelog</a>.</em></p>
<blockquote>
<h2>[4.5.4] - 2024-03-25</h2>
<h3>Fixes</h3>
<ul>
<li><em>(derive)</em> Allow non-literal <code>#[arg(id)]</code>
attributes again</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e4facf76f"><code>5e4facf</code></a>
chore: Release</li>
<li><a
href="8880b0a5da"><code>8880b0a</code></a>
docs: Update changelog</li>
<li><a
href="132b5dded5"><code>132b5dd</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5425">#5425</a>
from epage/lit</li>
<li><a
href="df915fefef"><code>df915fe</code></a>
fix(derive): Re-allow expressions for id's</li>
<li><a
href="8eab48fa3c"><code>8eab48f</code></a>
refactor(derive): Make it easier to work with 'Name'</li>
<li><a
href="be73195ecf"><code>be73195</code></a>
refactor(derive): Clarify tests</li>
<li><a
href="024089bb60"><code>024089b</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5415">#5415</a>
from Pi-Cla/patch-1</li>
<li><a
href="3b35dba160"><code>3b35dba</code></a>
docs: Add mention of nushell to clap_complete README</li>
<li><a
href="58469d1669"><code>58469d1</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5405">#5405</a>
from epage/docs</li>
<li><a
href="655d8295a7"><code>655d829</code></a>
docs(derive): Fix ToC links within tutorial chapters</li>
<li>See full diff in <a
href="https://github.com/clap-rs/clap/compare/v4.5.3...v4.5.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Refs #3713
With this, the deb package for the Linux GUI Client contains a build of
the Linux CLI Client, at `/usr/bin/firezone-client-tunnel`. Future PRs
can add IPC to the code.
There is also a Windows stub, since Windows will eventually need a
tunnel process and a CLI Client.
In the future we might need to move or rename things, since the CLI
Clients and tunnel binaries for both Linux and Windows may all share
code or at least architecture. For now there is a slight duplication
with this being built as both "Firezone Client Tunnnel" and "Firezone
Linux Client"
Previously, we were creating a lot of spans because they were all set to
`level = error`. We now reduce those spans to `debug` which should help
with the CPU utilization.
Related: #4366.
Currently, controlling the RNG seed is gated for debug builds only. This
makes profiling the release build impossible because we cannot generate
credentials upfront.
Additionally, for flamegraphs to be useful, we need to enable debug
symbols for the relay.
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 20.11.25 to 20.12.2.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
These customizations were from before we used `cargo cross` for all
architectures in CI.
1.77.1 has been tested to work with the following clients:
- [x] Apple
- [x] Android
- [x] Windows
What it costs in build time will probably save us many times over in
bandwidth fees. Seeing a 3x reduction in binary size on apple with LTO =
"fat".
### `lto = false`
```
-rw-r--r--@ 1 jamil staff 50673800 Mar 29 16:42 libconnlib.a
```
### `lto = "thin"`
```
-rw-r--r--@ 1 jamil staff 26407568 Mar 29 17:32 libconnlib.a
```
### `lto = "fat"`
```
-rw-r--r--@ 1 jamil staff 15592728 Mar 29 17:18 libconnlib.a
```
This catches two of the mutants, according to `cargo-mutants`.
~~Unfortunately since `cargo test` runs in one process, it's
all-or-nothing for sudo, this will run all unit tests as sudo.~~
(This explanation is not exactly correct, `cargo test` does run _a_
subprocess, but still, there is no way to request sudo or non-sudo
runners for specific tests, since it's just an environment variable, and
since many tests run in parallel in different threads of the same
process.)
Here it is passing in Linux:
https://github.com/firezone/firezone/actions/runs/8382799272/job/22957555987#step:5:3160
And Windows:
https://github.com/firezone/firezone/actions/runs/8382799272/job/22957558003#step:5:1006
```[tasklist]
### Before merging
- [x] Try `#[ignore]` attribute
- [x] Fail gracefully if `sudo` isn't available
```
Refs #3776
I think `Tun` could use some automated coverage, so here's the baseline
if this PR goes in:
For `cargo mutants -p firezone-tunnel -p firezone-gui-client --file
connlib/tunnel/src/client.rs --file
connlib/tunnel/src/device_channel/tun_windows.rs`, 113 mutants tested,
68 missed
For `tun_linux.rs`, 128 tested, 76 missed
This is only counting the unit tests, not integration tests or anything,
but it's nice if we can cover some I/O stuff like `wintun` in unit tests
locally.
Looking through the logs of
https://github.com/firezone/firezone/issues/4348, I noticed that we
would instantly reconnect to the portal due to a "missed heartbeat" if
the connection was reset for any other error. That happens because the
timer within `Heartbeat` was still active and would immediately fire was
soon as we are connected.
To fix this, we introduce a `reset` method that gets called every time
we establish a connection to the portal.
Motivated by: #4340.
I also activated
[`clippy::unnnecessary_wraps`](https://rust-lang.github.io/rust-clippy/master/#/unnecessary_wraps)
which does create some false-positives for the platform-specific code
but is IMO overall a net-positive. With the amount of Rust code and
crates increasing, it is good to have tools point out simplifications
like these as they are otherwise hard to spot, especially across crate
boundaries.
* Move the resource changes to `ClientState` to unit test easier
* Add unit tests
* Set new config on update from portal
* Set parameters as told by portal on re-init
Fixes: #2728
This was introduced in #4296 and I'm guessing it shouldn't be there
because we are standardized on `tracing::*` and this goes straight to
stderr, can't be filtered out, etc.
Supersedes #4320, closes#4318
Updates the interface if effective dns have changed.
Fixes a bug where we could set upstream_dns to have sentinel dns
Adds corresponding unit tests.
---------
Signed-off-by: Gabi <gabrielalejandro7@gmail.com>
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Not sure if this will fix#3999 but the ~~colors for the existing icon
are wrong, so we need to fix them anyway.~~
Removes unused Tauri app icons.
Refs #3999
If it's not in CLI / env var
This is more convenient for development, and it's a step towards getting
the systemd service to work.
The token:
- Can't go in `/usr/lib/systemd/system/firezone-client.service` because
that file is updated by `dpkg`
- Probably shouldn't be in the CLI because CLI args can be seen by other
processes
- Could go in env vars, but those can also be snooped in theory
It has to be stored on disk somewhere for headless operation, so we can
just read it directly from disk.
Tried to organize this PR into commits so that it's a bit easier to
review.
1. Involves simplifying the logic in Adapter.swift so that us mortals
can maintain it confidently:
- The `.stoppingTunnel`, `.stoppedTunnelTemporarily`, and
`.stoppingTunnelTemporarily` states have been removed.
- I also removed the `self.` prefix from local vars when it's not
necessary to use it, to be more consistent.
- `onTunnelReady` and `getSystemDefaultResolvers` has been removed, and
`onUpdateRoutes` wired up, along with cleanup necessary to support that.
2. Involves adding the `reconnect` and `set_dns` stubs in the FFI and
fixing the log filter so that we can log them (see #4182 )
3. Involves getting the path update handler working well on macOS using
`SystemConfiguration` to read DNS servers.
4. Involves getting the path update handler working well on iOS by
employing careful trickery to prevent path update cycles by detecting if
`path.gateways` has changed, and avoid setting new DNS if it hasn't.
Refs #4028Fixes#4297Fixes#3565Fixes#3429Fixes#4175Fixes#4176Fixes#4309
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>
- [x] Updated log level string for client and gateways to info or higher
- [x] Update logs to hide DNS information
I also removed `hickory_resolve` errors which could contain sensitive
info from our general error and hide the logs that specifically relates
to them.
@bmanifold double checking that the log levels in the gateway's `*.tf`
files are just used for our own gateways.
Also, the relays still have `debug`, since only we see that I think that
makes sense but double checking with @jamilbk
Fixes: #3618.
---------
Signed-off-by: Gabi <gabrielalejandro7@gmail.com>
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>
On ice until after GA
```[tasklist]
# Before merging
- [x] Re-frame it as upgrading the Linux CLI to add IPC / systemd autostart support instead of replacing the CLI (thanks Thomas)
```
