github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,097 Commits 1 Branch 0 Tags
73625e4669adee8df8481caaf9be51ff80094202
Commit Graph

6097 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Eizinger
73625e4669 chore(relay): don't log all AUTH errors on WARN (#7506) 
Not all authentication errors are warnings that we need to be alerted
about.
 2024-12-13 05:37:15 +00:00
Thomas Eizinger
5d5e5ab0b1 fix(gui-client): make tray menu refresh infallible (#7498) 
In most cases, the caller of this function already handled the case of
it failing gracefully by logging. From Sentry alerts, we can see that if
this fails, there isn't much we can do about it and most likely, the
next refresh will work again (this has only happened a single time).

Logging this on `debug` is good enough in case something doesn't work
and we need to reproduce it or something really bad happens we need see
it in the breadcrumbs of another Sentry event.
 2024-12-13 04:54:41 +00:00
Thomas Eizinger
f30cc3226d fix(gateway): don't return error when client disconnected (#7504) 
When a client disconnects, we clear up the connection on the gateway.
There might still be packets arriving from resources that we then cannot
route. This isn't worth returning an error.
 2024-12-13 04:54:07 +00:00
Thomas Eizinger
b5d6c27680 fix(linux): don't print error when removing non-existent route (#7502) 
We are already handling one case where we are trying to remove a route
that doesn't exist. `ESRCH` is another variant of this error that
manifests as "No such process". According to the Internet, this just
means the route doesn't exist so we can bail out early here.
 2024-12-13 04:53:22 +00:00
Thomas Eizinger
30376cd79a fix(gateway): polish error handling in main (#7500) 
Currently, the Gateway logs all errors that happen when the event-loop
exits on ERROR level. This creates Sentry alerts for things like
"Unauthorized" errors or "404 Not found".

That isn't useful to us. To mitigate this, we polish the code a bit to
only log an ERROR when we actually fail to setup something during
startup (like the TUN device). In all other cases, we now log a more
user-friendly message on INFO but still exit with the appropriate exit
code (0 on CTRL+C, 1 on any other error).
 2024-12-13 04:51:58 +00:00
Thomas Eizinger
db2dd4a618 ci: pass SENTRY_AUTH_TOKEN explicit as input (#7503) 
Secrets are not accessible within actions.
 2024-12-13 04:47:47 +00:00
Thomas Eizinger
951edd802a fix(gui-client): lower log level when update check fails (#7501) 2024-12-13 04:43:16 +00:00
Thomas Eizinger
f0c2bfa6eb chore(gui-client): release version 1.4.0 (#7496) 
GUI Client 1.4.0 has been released
(https://github.com/firezone/firezone/releases/tag/gui-client-1.4.0).
This PR updates the changelog and versions accordingly.
 2024-12-13 04:41:49 +00:00
Brian Manifold
9711cf56c1 fix(portal): Fix update API endpoint for resources (#7493) 
Why:

* The API endpoint for updating Resources was using
`Resources.fetch_resource_by_id_or_persistent_id`, however that function
was fetching all Resources, which included deleted Resources. In order
to prevent an API user from attempting to update a Resource that is
deleted, a new function was added to fetch active Resources only.

Fixes: #7492
 2024-12-12 22:51:28 +00:00
Thomas Eizinger
67161afd2c build(deps): switch to quinn-udp release (#7491) 
The less Git-dependencies the better.
 2024-12-12 16:49:43 +00:00
Thomas Eizinger
da04924da1 chore(relay): downgrade log on missing allocation for REFRESH (#7490) 
Attempting to refresh an allocation is the only idempotent way in TURN
to test whether one has an active allocation. As such, logging this on
WARN is too aggressive.

Resolves: #7481.
 2024-12-12 16:48:02 +00:00
Thomas Eizinger
7a478634a8 feat(connlib): buffer packets during connection and NAT setup (#7477) 
At present, `connlib` will always drop all IP packets until a connection
is established and the DNS resource NAT is created. This causes an
unnecessary delay until the connection is working because we need to
wait for retransmission timers of the host's network stack to resend
those packets.

With the new idempotent control protocol, it is now much easier to
buffer these packets and send them to the gateway once the connection is
established.

The buffer sizes are chosen somewhat conservatively to ensure we don't
consume a lot of memory. The hypothesis here is that every protocol -
even if the transport layer is unreliable like UDP - will start with a
handshake involving only one or at most a few packets and waiting for a
reply before sending more. Thus, as long as we can set up a connection
quicker than the re-transmit timer in the host's network stack,
buffering those packets should result in no packet loss. Typically,
setting up a new connection takes at most 500ms which should be fast
enough to not trigger any re-transmits.

Resolves: #3246.
 2024-12-12 11:40:38 +00:00
Jamil
a7b8253766 chore(apple/xcode): Cache rust build more intelligently using build phase (#7488) 
Xcode has decent support for skipping certain build phases when input
files haven't changed. This only happens for build phases within a
single target, and not for entire Target dependencies.

Before, we defined `Connlib` as its own bonafide build target, and then
added it as a target dependency for the network extension targets. This
causes Xcode to always run our `build-rust.sh` script, which takes
around 30s on my M1 even when `rust/` hasn't changed.

Instead, we can remove the `Connlib` target, and add a "Run script"
phase to the network extension targets themselves. By configuring the
input file list, Xcode will skip this phase if `rust/**/*.rs`,
`rust/**/*.toml` and `rust/Cargo.lock` haven't changed.

This makes it **much** faster to iterate on Swift code -- Xcode is
_very_ fast when building pure Swift (sometimes under < 1s).



<img width="1016" alt="Screenshot 2024-12-11 at 6 10 45 PM"
src="https://github.com/user-attachments/assets/29b5f073-3d58-4c07-9592-f9209033c966"
/>
 2024-12-12 03:46:58 +00:00
Jamil
253e1a6972 fix(tauri): Bump nanoid re: CVE-2024-55565 (#7487) 
Fixes https://github.com/firezone/firezone/security/dependabot/136
 2024-12-12 00:52:58 +00:00
Jamil
d775487508 fix(tauri): Bump cross-spawn re: CVE-2024-21538 (#7486) 
Fixes https://github.com/firezone/firezone/security/dependabot/129
 2024-12-12 00:49:56 +00:00
dependabot[bot]
d0aef8f1d8 build(deps): Bump nanoid from 3.3.7 to 3.3.8 in /website in the npm_and_yarn group (#7485) 
Bumps the npm_and_yarn group in /website with 1 update:
[nanoid](https://github.com/ai/nanoid).

Updates `nanoid` from 3.3.7 to 3.3.8
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ai/nanoid/blob/main/CHANGELOG.md">nanoid's
changelog</a>.</em></p>
<blockquote>
<h2>3.3.8</h2>
<ul>
<li>Fixed a way to break Nano ID by passing non-integer size (by <a
href="https://github.com/myndzi"><code>@​myndzi</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3044cd5e73"><code>3044cd5</code></a>
Release 3.3.8 version</li>
<li><a
href="4fe34959c3"><code>4fe3495</code></a>
Update size limit</li>
<li><a
href="d643045f40"><code>d643045</code></a>
Fix pool pollution, infinite loop (<a
href="https://redirect.github.com/ai/nanoid/issues/510">#510</a>)</li>
<li>See full diff in <a
href="https://github.com/ai/nanoid/compare/3.3.7...3.3.8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nanoid&package-manager=npm_and_yarn&previous-version=3.3.7&new-version=3.3.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/firezone/firezone/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-11 22:47:35 +00:00
Thomas Eizinger
e507197480 docs(gateway): add changelog entry for #7479 (#7484) 
The issue is now fixed and `git pull` from `github.com` as a resource
now works as expected.
 2024-12-11 22:47:06 +00:00
dependabot[bot]
6de324af05 build(deps): Bump tokio from 1.41.1 to 1.42.0 in /rust (#7469) 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.41.1 to 1.42.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tokio-rs/tokio/releases">tokio's
releases</a>.</em></p>
<blockquote>
<h2>Tokio v1.42.0</h2>
<h1>1.42.0 (Dec 3rd, 2024)</h1>
<h3>Added</h3>
<ul>
<li>io: add <code>AsyncFd::{try_io, try_io_mut}</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6967">#6967</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>io: avoid <code>ptr-&gt;ref-&gt;ptr</code> roundtrip in
RegistrationSet (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6929">#6929</a>)</li>
<li>runtime: do not defer <code>yield_now</code> inside
<code>block_in_place</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6999">#6999</a>)</li>
</ul>
<h3>Changes</h3>
<ul>
<li>io: simplify io readiness logic (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6966">#6966</a>)</li>
</ul>
<h3>Documented</h3>
<ul>
<li>net: fix docs for <code>tokio::net::unix::{pid_t, gid_t,
uid_t}</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6791">#6791</a>)</li>
<li>time: fix a typo in <code>Instant</code> docs (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6982">#6982</a>)</li>
</ul>
<p><a
href="https://redirect.github.com/tokio-rs/tokio/issues/6791">#6791</a>:
<a
href="https://redirect.github.com/tokio-rs/tokio/pull/6791">tokio-rs/tokio#6791</a>
<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6929">#6929</a>:
<a
href="https://redirect.github.com/tokio-rs/tokio/pull/6929">tokio-rs/tokio#6929</a>
<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6966">#6966</a>:
<a
href="https://redirect.github.com/tokio-rs/tokio/pull/6966">tokio-rs/tokio#6966</a>
<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6967">#6967</a>:
<a
href="https://redirect.github.com/tokio-rs/tokio/pull/6967">tokio-rs/tokio#6967</a>
<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6982">#6982</a>:
<a
href="https://redirect.github.com/tokio-rs/tokio/pull/6982">tokio-rs/tokio#6982</a>
<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6999">#6999</a>:
<a
href="https://redirect.github.com/tokio-rs/tokio/pull/6999">tokio-rs/tokio#6999</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bb9d57017e"><code>bb9d570</code></a>
chore: prepare Tokio v1.42.0 (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7005">#7005</a>)</li>
<li><a
href="af9c683d52"><code>af9c683</code></a>
tests: fix typo in build test instructions (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7004">#7004</a>)</li>
<li><a
href="4bc5a1a058"><code>4bc5a1a</code></a>
ci: allow Unicode-3.0 license for unicode-ident (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7006">#7006</a>)</li>
<li><a
href="f8948ea021"><code>f8948ea</code></a>
runtime: do not defer <code>yield_now</code> inside
<code>block_in_place</code> (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6999">#6999</a>)</li>
<li><a
href="bce9780dd3"><code>bce9780</code></a>
time: use <code>array::from_fn</code> instead of manually creating array
(<a
href="https://redirect.github.com/tokio-rs/tokio/issues/7000">#7000</a>)</li>
<li><a
href="38151f30cb"><code>38151f3</code></a>
readme: unlist 1.32.x as LTS release (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6997">#6997</a>)</li>
<li><a
href="5dda72d338"><code>5dda72d</code></a>
ci: pin valgrind to rustc 1.82 (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6998">#6998</a>)</li>
<li><a
href="c07257f99f"><code>c07257f</code></a>
io: simplify io readiness logic (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6966">#6966</a>)</li>
<li><a
href="d08578fc9a"><code>d08578f</code></a>
time: fix a typo in <code>Instant</code> docs (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6982">#6982</a>)</li>
<li><a
href="4047d7962a"><code>4047d79</code></a>
miri: add annotations for tests with miri ignore (<a
href="https://redirect.github.com/tokio-rs/tokio/issues/6981">#6981</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tokio-rs/tokio/compare/tokio-1.41.1...tokio-1.42.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tokio&package-manager=cargo&previous-version=1.41.1&new-version=1.42.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-11 21:05:44 +00:00
Thomas Eizinger
87c3e4dd86 fix(telemetry): disable for unofficial environments (#7482) 
On the one hand, learning about in which edgecases our software fails is
useful and thus having telemetry also active for self-hosted users is
beneficial. On the other hand, we have neither control nor a contact to
those self-hosted and whatever they are doing might spam our Sentry
account with errors that we can't do anything about.

To mitigate this, we disable telemetry for self-hosted users with the
next release.

Once we have more resources, we can consider enabling this again.
 2024-12-11 19:03:48 +00:00
Thomas Eizinger
a0efc4cfdc fix(connlib): don't fail NAT64 on invalid IPv4 DSCP value (#7479) 
As per the RFC, the IPv6 traffic class should be 1-to-1 translated to
the IPv4 DSCP value. However, it appears that not all values here are
valid. In particular, when attempting to reach GitHub over IPv6, we
receive an IPv6 packet that has a traffic class value of 72 which is
out-of-range for the IPv4 DSCP value, resulting in the following error
on the Gateway:

```
Failed to translate packet: NAT64 failed: Error '72' is too big to be a 'IPv4 DSCP (Differentiated Services Code Point)' (maximum allowed value is '63')
```

The bigger scope of this issue is that this causes the ICMP packets
returned to the client to be dropped which means that `ssh` spawned by
`git` doesn't learn that the IPv6 address assigned by Firezone is not
actually routable.

Related: #7476.
 2024-12-11 19:03:37 +00:00
Thomas Eizinger
9b8e4d1764 chore(telemetry): remove outdated comments (#7483) 
We are no longer using `ArcSwap` here.
 2024-12-11 19:02:30 +00:00
Thomas Eizinger
7e38d3caee chore(connlib): downgrade warning about failed flow (#7480) 2024-12-11 19:01:37 +00:00
Thomas Eizinger
83464c6412 ci: allow unmaintained gtk crates (#7478) 
Tauri still depends on GTK3 which is now officially unmaintained
(https://github.com/rustsec/advisory-db/pull/2164). I've asked the Tauri
team for a position on it
(https://github.com/tauri-apps/tauri/issues/11942). In the meantime,
we'll have to allow the use of these unmaintained crates to unblock CI.
 2024-12-11 15:40:07 +00:00
Thomas Eizinger
81f71cba62 fix(telemetry): use package@version notation for releases (#7466) 
In order for Sentry to parse our releases as semver, they need to be in
the form of `package@version` [0]. Without this, the feature of "Mark
this issue as resolved in the _next_ version" doesn't work properly
because Sentry compares the versions as to when it first saw them vs
parsing the semver string itself. We test versions prior to releasing
them, meaning Sentry learns about a 1.4.0 version before it is actually
released. This causes false-positive "regressions" even though they are
fixed in a later (as per semver) release.

This create some redundancy with the different DSNs that we are already
using. I think it would make sense to consider merging the two projects
we have for the GUI client for example. That is really just one project
that happens to run as two binaries.

For all other projects, I think the separation still makes sense because
we e.g. may add Sentry to the "host" applications of Android and
MacOS/iOS as well. For those, we would reuse the DSN and thus funnel the
issues into the same Sentry project.

As per Sentry's docs, releases are organisation-wide and therefore need
a package identifier to be grouped correctly.

[0]:
https://docs.sentry.io/platforms/javascript/configuration/releases/#bind-the-version
 2024-12-09 05:04:45 +00:00
Jamil
ac608d560a refactor(apple): Migrate firezone-id file to keychain (#7464) 
Unlike the App extension which runs as the user, the system extension
introduced in macOS client 1.4.0 runs as `root` and thus cannot read the
App Group container directory for the GUI process. However, both
processes can read and write to the shared Keychain, which is how we
pass the token between the two processes already.

This PR does two things:

1. Tries to read an existing `firezone-id` from the pre-1.4.0 App Group
container upon app launch. This needs to be done from the GUI process.
If found, it stores it in the Keychain.
1. Refactors the `firezone-id` to be stored in the Keychain instead of a
plaintext file going forward.

The Keychain API is also cleaned up and abstracted to be more ergonomic
to use for both Token and Firezone ID storage purposes.
 2024-12-09 03:17:46 +00:00
Jamil
45bfe0f2a3 chore(infra): Deny connections from US-sanctioned countries with HTTP 403 (#7462) 
Implementing the remainder of the legally required block. Will be
applied on Dec 9th, as we notified customers.
 2024-12-06 20:26:30 +00:00
Jamil
0cdfd1fd4f fix(apple/macos): Install system extension on app launch (#7459) 
- Installs the system extension on app launch instead of each time we
start the tunnel, as [recommended by
Apple](https://developer.apple.com/documentation/systemextensions/installing-system-extensions-and-drivers).
This will typically happen when the app is installed for the first time,
or upgraded / downgraded.
- Changes the completion handler functionality for observing the system
extension status to an observed property on the class. This allows us to
update the MenuBar based on the status of the installation, preventing
the user from attempting to sign in unless the system extension has been
installed.

~~This PR exposes a new, subtle issue - since we don't reinstall the
system extension on each startTunnel, the process stays running. This is
expected. However, now the logging handle needs to be maintained across
connlib sessions, similar to the Android tunnel lifetime.~~ Fixed in
#7460

Expect one or two more PRs to handle further edge cases with improved UX
as more testing with the release build and upgrade/downgrade workflows
are attempted.
 2024-12-06 05:51:22 +00:00
Thomas Eizinger
ddce9312ea fix(android): apply new log-filter on repeated connect call (#7461) 
Related: #7460.
Resolves: #5634.
 2024-12-06 04:45:28 +00:00
Thomas Eizinger
6115f662cf fix(apple): only initialise global logger once (#7460) 
From within the FFI code, we have no control over the lifecycle of the
host application and `connect` may be called multiple times from within
the same process. Therefore, we cannot rely on the global logger state
to **not** be set when `connect` gets called.

To fix this, we cache the handles for the file logger and a
reload-handle for the log filter in a `static` variable. This allows us
to apply the new log-filter of a repeated `connect` call to the existing
logger, even if `connect` is called multiple times from the same
process.
 2024-12-06 04:44:41 +00:00
Thomas Eizinger
90cf191a7c feat(linux): multi-threaded TUN device operations (#7449) 
## Context

At present, we only have a single thread that reads and writes to the
TUN device on all platforms. On Linux, it is possible to open the file
descriptor of a TUN device multiple times by setting the
`IFF_MULTI_QUEUE` option using `ioctl`. Using multi-queue, we can then
spawn multiple threads that concurrently read and write to the TUN
device. This is critical for achieving a better throughput.

## Solution

`IFF_MULTI_QUEUE` is a Linux-only thing and therefore only applies to
headless-client, GUI-client on Linux and the Gateway (it may also be
possible on Android, I haven't tried). As such, we need to first change
our internal abstractions a bit to move the creation of the TUN thread
to the `Tun` abstraction itself. For this, we change the interface of
`Tun` to the following:

- `poll_recv_many`: An API, inspired by tokio's `mpsc::Receiver` where
multiple items in a channel can be batch-received.
- `poll_send_ready`: Mimics the API of `Sink` to check whether more
items can be written.
- `send`: Mimics the API of `Sink` to actually send an item.

With these APIs in place, we can implement various (performance)
improvements for the different platforms.

- On Linux, this allows us to spawn multiple threads to read and write
from the TUN device and send all packets into the same channel. The `Io`
component of `connlib` then uses `poll_recv_many` to read batches of up
to 100 packets at once. This ties in well with #7210 because we can then
use GSO to send the encrypted packets in single syscalls to the OS.
- On Windows, we already have a dedicated recv thread because `WinTun`'s
most-convenient API uses blocking IO. As such, we can now also tie into
that by batch-receiving from this channel.
- In addition to using multiple threads, this API now also uses correct
readiness checks on Linux, Darwin and Android to uphold backpressure in
case we cannot write to the TUN device.

## Configuration

Local testing has shown that 2 threads give the best performance for a
local `iperf3` run. I suspect this is because there is only so much
traffic that a single application (i.e. `iperf3`) can generate. With
more than 2 threads, the throughput actually drops drastically because
`connlib`'s main thread is too busy with lock-contention and triggering
`Waker`s for the TUN threads (which mostly idle around if there are 4+
of them). I've made it configurable on the Gateway though so we can
experiment with this during concurrent speedtests etc.

In addition, switching `connlib` to a single-threaded tokio runtime
further increased the throughput. I suspect due to less task / context
switching.

## Results

Local testing with `iperf3` shows some very promising results. We now
achieve a throughput of 2+ Gbit/s.

```
Connecting to host 172.20.0.110, port 5201
Reverse mode, remote host 172.20.0.110 is sending
[  5] local 100.80.159.34 port 57040 connected to 172.20.0.110 port 5201
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec   274 MBytes  2.30 Gbits/sec
[  5]   1.00-2.00   sec   279 MBytes  2.34 Gbits/sec
[  5]   2.00-3.00   sec   216 MBytes  1.82 Gbits/sec
[  5]   3.00-4.00   sec   224 MBytes  1.88 Gbits/sec
[  5]   4.00-5.00   sec   234 MBytes  1.96 Gbits/sec
[  5]   5.00-6.00   sec   238 MBytes  2.00 Gbits/sec
[  5]   6.00-7.00   sec   229 MBytes  1.92 Gbits/sec
[  5]   7.00-8.00   sec   222 MBytes  1.86 Gbits/sec
[  5]   8.00-9.00   sec   223 MBytes  1.87 Gbits/sec
[  5]   9.00-10.00  sec   217 MBytes  1.82 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  2.30 GBytes  1.98 Gbits/sec  22247             sender
[  5]   0.00-10.00  sec  2.30 GBytes  1.98 Gbits/sec                  receiver

iperf Done.
```

This is a pretty solid improvement over what is in `main`:

```
Connecting to host 172.20.0.110, port 5201
[  5] local 100.65.159.3 port 56970 connected to 172.20.0.110 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  90.4 MBytes   758 Mbits/sec  1800    106 KBytes
[  5]   1.00-2.00   sec  93.4 MBytes   783 Mbits/sec  1550   51.6 KBytes
[  5]   2.00-3.00   sec  92.6 MBytes   777 Mbits/sec  1350   76.8 KBytes
[  5]   3.00-4.00   sec  92.9 MBytes   779 Mbits/sec  1800   56.4 KBytes
[  5]   4.00-5.00   sec  93.4 MBytes   783 Mbits/sec  1650   69.6 KBytes
[  5]   5.00-6.00   sec  90.6 MBytes   760 Mbits/sec  1500   73.2 KBytes
[  5]   6.00-7.00   sec  87.6 MBytes   735 Mbits/sec  1400   76.8 KBytes
[  5]   7.00-8.00   sec  92.6 MBytes   777 Mbits/sec  1600   82.7 KBytes
[  5]   8.00-9.00   sec  91.1 MBytes   764 Mbits/sec  1500   70.8 KBytes
[  5]   9.00-10.00  sec  92.0 MBytes   771 Mbits/sec  1550   85.1 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   917 MBytes   769 Mbits/sec  15700             sender
[  5]   0.00-10.00  sec   916 MBytes   768 Mbits/sec                  receiver

iperf Done.
```
 2024-12-05 00:18:20 +00:00
Thomas Eizinger
2f2ad2cffe docs(changelog): remove enable attr (#7458) 
Idiomatic React is to conditionally render the entire element instead of
passing down an `enable` attribute.
 2024-12-05 00:08:33 +00:00
Thomas Eizinger
cf9573faa1 build(rust): bump quinn-udp (#7457) 
Pulling in a couple of fixes that have since landed on `quinn-udp`'s
`main` branch.
 2024-12-04 22:54:09 +00:00
dependabot[bot]
eb77000ac2 build(deps): Bump the google group in /terraform/environments/production with 2 updates (#7423) 
Bumps the google group in /terraform/environments/production with 2
updates:
[hashicorp/google](https://github.com/hashicorp/terraform-provider-google)
and
[hashicorp/google-beta](https://github.com/hashicorp/terraform-provider-google-beta).

Updates `hashicorp/google` from 6.10.0 to 6.12.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/terraform-provider-google/releases">hashicorp/google's
releases</a>.</em></p>
<blockquote>
<h2>v6.12.0</h2>
<p>FEATURES:</p>
<ul>
<li><strong>New Data Source:</strong>
<code>google_access_context_manager_access_policy</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20295">#20295</a>)</li>
<li><strong>New Resource:</strong>
<code>google_dataproc_gdc_spark_application</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20242">#20242</a>)</li>
<li><strong>New Resource:</strong>
<code>google_managed_kafka_cluster</code> and
<code>google_managed_kafka_topic</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20237">#20237</a>)</li>
</ul>
<p>IMPROVEMENTS:</p>
<ul>
<li>artifactregistry: added <code>common_repository</code> field to
<code>google_artifact_registry_repository</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20305">#20305</a>)</li>
<li>cloudrunv2: added <code>urls</code> output field to
<code>google_cloud_run_v2_service</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20313">#20313</a>)</li>
<li>compute: added <code>IDPF</code> as a possible value for the
<code>network_interface.nic_type</code> field in
<code>google_compute_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20250">#20250</a>)</li>
<li>compute: added <code>IDPF</code> as a possible value for the
<code>guest_os_features.type</code> field in
<code>google_compute_image</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20250">#20250</a>)</li>
<li>compute: added <code>replica_names</code> field to
<code>sql_database_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20202">#20202</a>)</li>
<li>filestore: added <code>performance_config</code> field to
<code>google_filestore_instance</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20218">#20218</a>)</li>
<li>redis: added <code>persistence_config</code> to
<code>google_redis_cluster</code>. (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20212">#20212</a>)</li>
<li>securesourcemanager: added
<code>workforce_identity_federation_config</code> field to
<code>google_secure_source_manager_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20290">#20290</a>)</li>
<li>spanner: added <code>default_backup_schedule_type</code> field to
<code>google_spanner_instance</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20213">#20213</a>)</li>
<li>sql: added <code>psc_auto_connections</code> fields to
<code>google_sql_database_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20307">#20307</a>)</li>
</ul>
<p>BUG FIXES:</p>
<ul>
<li>accesscontextmanager: fixed permadiff in perimeter
<code>google_access_context_manager_service_perimeter_ingress_policy</code>
and
<code>google_access_context_manager_service_perimeter_egress_policy</code>
resources when there are duplicate resources in the rules (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20294">#20294</a>)</li>
<li>
<ul>
<li>accesscontextmanager: fixed comparison of <code>identity_type</code>
in <code>ingress_from</code> and <code>egress_from</code> when the
<code>IDENTITY_TYPE_UNSPECIFIED</code> is set (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20221">#20221</a>)</li>
</ul>
</li>
<li>compute: fixed permadiff on attempted <code>type</code> field
updates in <code>google_computer_security_policy</code>, updating this
field will now force recreation of the resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20316">#20316</a>)</li>
<li>identityplatform: fixed perma-diff originating from the
<code>sign_in.anonymous.enabled</code> field in
<code>google_identity_platform_config</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20244">#20244</a>)</li>
</ul>
<h2>v6.11.2</h2>
<p>BUG FIXES:</p>
<ul>
<li>vertexai: fixed issue with google_vertex_ai_endpoint where upgrading
to 6.11.0 would delete all traffic splits that were set outside
Terraform (which was previously a required step for all meaningful use
of this resource). (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20350">#20350</a>)</li>
</ul>
<h2>v6.11.1</h2>
<p>BUG FIXES:</p>
<ul>
<li>container: fixed diff on
<code>google_container_cluster.user_managed_keys_config</code> field for
resources that had not set it. (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20314">#20314</a>)</li>
<li>container: marked
<code>google_container_cluster.user_managed_keys_config</code> as
immutable because it can't be updated in place. (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20314">#20314</a>)</li>
</ul>
<h2>v6.11.0</h2>
<p>NOTES:</p>
<ul>
<li>compute: migrated <code>google_compute_firewall_policy_rule</code>
from DCL engine to MMv1 engine. (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20160">#20160</a>)</li>
</ul>
<p>BREAKING CHANGES:</p>
<ul>
<li>looker: made <code>oauth_config</code> a required field in
<code>google_looker_instance</code>, as creating this resource without
that field always triggers an API error (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20196">#20196</a>)</li>
</ul>
<p>FEATURES:</p>
<ul>
<li><strong>New Data Source:</strong>
<code>google_spanner_database</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20114">#20114</a>)</li>
<li><strong>New Resource:</strong> <code>google_apigee_api</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20113">#20113</a>)</li>
<li><strong>New Resource:</strong>
<code>google_dataproc_gdc_application_environment</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20165">#20165</a>)</li>
<li><strong>New Resource:</strong>
<code>google_dataproc_gdc_service_instance</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20147">#20147</a>)</li>
<li><strong>New Resource:</strong>
<code>google_memorystore_instance</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20108">#20108</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/terraform-provider-google/blob/main/CHANGELOG.md">hashicorp/google's
changelog</a>.</em></p>
<blockquote>
<h2>6.12.0 (November 18, 2024)</h2>
<p>FEATURES:</p>
<ul>
<li><strong>New Data Source:</strong>
<code>google_access_context_manager_access_policy</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20295">#20295</a>)</li>
<li><strong>New Resource:</strong>
<code>google_dataproc_gdc_spark_application</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20242">#20242</a>)</li>
<li><strong>New Resource:</strong>
<code>google_managed_kafka_cluster</code> and
<code>google_managed_kafka_topic</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20237">#20237</a>)</li>
</ul>
<p>IMPROVEMENTS:</p>
<ul>
<li>artifactregistry: added <code>common_repository</code> field to
<code>google_artifact_registry_repository</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20305">#20305</a>)</li>
<li>cloudrunv2: added <code>urls</code> output field to
<code>google_cloud_run_v2_service</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20313">#20313</a>)</li>
<li>compute: added <code>IDPF</code> as a possible value for the
<code>network_interface.nic_type</code> field in
<code>google_compute_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20250">#20250</a>)</li>
<li>compute: added <code>IDPF</code> as a possible value for the
<code>guest_os_features.type</code> field in
<code>google_compute_image</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20250">#20250</a>)</li>
<li>compute: added <code>replica_names</code> field to
<code>sql_database_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20202">#20202</a>)</li>
<li>filestore: added <code>performance_config</code> field to
<code>google_filestore_instance</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20218">#20218</a>)</li>
<li>redis: added <code>persistence_config</code> to
<code>google_redis_cluster</code>. (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20212">#20212</a>)</li>
<li>securesourcemanager: added
<code>workforce_identity_federation_config</code> field to
<code>google_secure_source_manager_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20290">#20290</a>)</li>
<li>spanner: added <code>default_backup_schedule_type</code> field to
<code>google_spanner_instance</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20213">#20213</a>)</li>
<li>sql: added <code>psc_auto_connections</code> fields to
<code>google_sql_database_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20307">#20307</a>)</li>
</ul>
<p>BUG FIXES:</p>
<ul>
<li>accesscontextmanager: fixed permadiff in perimeter
<code>google_access_context_manager_service_perimeter_ingress_policy</code>
and
<code>google_access_context_manager_service_perimeter_egress_policy</code>
resources when there are duplicate resources in the rules (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20294">#20294</a>)</li>
<li>
<ul>
<li>accesscontextmanager: fixed comparison of <code>identity_type</code>
in <code>ingress_from</code> and <code>egress_from</code> when the
<code>IDENTITY_TYPE_UNSPECIFIED</code> is set (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20221">#20221</a>)</li>
</ul>
</li>
<li>compute: fixed permadiff on attempted <code>type</code> field
updates in <code>google_computer_security_policy</code>, updating this
field will now force recreation of the resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20316">#20316</a>)</li>
<li>identityplatform: fixed perma-diff originating from the
<code>sign_in.anonymous.enabled</code> field in
<code>google_identity_platform_config</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20244">#20244</a>)</li>
</ul>
<h2>6.11.2 (November 15, 2024)</h2>
<p>BUG FIXES:</p>
<ul>
<li>vertexai: fixed issue with google_vertex_ai_endpoint where upgrading
to 6.11.0 would delete all traffic splits that were set outside
Terraform (which was previously a required step for all meaningful use
of this resource). (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20350">#20350</a>)</li>
</ul>
<h2>6.11.1 (November 12, 2024)</h2>
<p>BUG FIXES:</p>
<ul>
<li>container: fixed diff on
<code>google_container_cluster.user_managed_keys_config</code> field for
resources that had not set it. (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20314">#20314</a>)</li>
<li>container: marked
<code>google_container_cluster.user_managed_keys_config</code> as
immutable because it can't be updated in place. (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20314">#20314</a>)</li>
</ul>
<h2>6.11.0 (November 11, 2024)</h2>
<p>NOTES:</p>
<ul>
<li>compute: migrated <code>google_compute_firewall_policy_rule</code>
from DCL engine to MMv1 engine. (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20160">#20160</a>)</li>
</ul>
<p>BREAKING CHANGES:</p>
<ul>
<li>looker: made <code>oauth_config</code> a required field in
<code>google_looker_instance</code>, as creating this resource without
that field always triggers an API error (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20196">#20196</a>)</li>
</ul>
<p>FEATURES:</p>
<ul>
<li><strong>New Data Source:</strong>
<code>google_spanner_database</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20114">#20114</a>)</li>
<li><strong>New Resource:</strong> <code>google_apigee_api</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20113">#20113</a>)</li>
<li><strong>New Resource:</strong>
<code>google_dataproc_gdc_application_environment</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20165">#20165</a>)</li>
<li><strong>New Resource:</strong>
<code>google_dataproc_gdc_service_instance</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20147">#20147</a>)</li>
<li><strong>New Resource:</strong>
<code>google_memorystore_instance</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/pull/20108">#20108</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="85a3ab77b4"><code>85a3ab7</code></a>
Upgate 6.12.0 changelog</li>
<li><a
href="e88d58e28b"><code>e88d58e</code></a>
Update CHANGELOG.md (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/issues/20329">#20329</a>)</li>
<li><a
href="97c82fdaf5"><code>97c82fd</code></a>
Made traffic_split field use default_from_api (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/issues/12323">#12323</a>)
(<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/issues/20350">#20350</a>)</li>
<li><a
href="4948856a47"><code>4948856</code></a>
compute: forced recreation of
<code>google_compute_security_policy</code> on <code>type</code>
upda...</li>
<li><a
href="5a7d34c3ee"><code>5a7d34c</code></a>
Made google_container_cluster.user_managed_keys_config not settable and
fixed...</li>
<li><a
href="a43ba47b71"><code>a43ba47</code></a>
Add Cloud Run v2 Service urls field (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/issues/12194">#12194</a>)
(<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/issues/20313">#20313</a>)</li>
<li><a
href="8a4dbdd827"><code>8a4dbdd</code></a>
pubsub: additional test permissions fixes (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/issues/12311">#12311</a>)
(<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/issues/20312">#20312</a>)</li>
<li><a
href="606d86933d"><code>606d869</code></a>
Update CHANGELOG.md (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/issues/20288">#20288</a>)</li>
<li><a
href="94da55b37a"><code>94da55b</code></a>
Revert &quot;Migrate google_compute_firewall_policy_association resource
from DCL ...</li>
<li><a
href="e140d186f0"><code>e140d18</code></a>
Mark SarahFrench as on vacation until December (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/issues/12306">#12306</a>)
(<a
href="https://redirect.github.com/hashicorp/terraform-provider-google/issues/20309">#20309</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/hashicorp/terraform-provider-google/compare/v6.10.0...v6.12.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `hashicorp/google-beta` from 6.10.0 to 6.12.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/terraform-provider-google-beta/releases">hashicorp/google-beta's
releases</a>.</em></p>
<blockquote>
<h2>v6.12.0</h2>
<p>FEATURES:</p>
<ul>
<li><strong>New Data Source:</strong>
<code>google_access_context_manager_access_policy</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8676">#8676</a>)</li>
<li><strong>New Data Source:</strong>
<code>google_backup_dr_data_source</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8641">#8641</a>)</li>
<li><strong>New Resource:</strong>
<code>google_dataproc_gdc_spark_application</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8662">#8662</a>)</li>
<li><strong>New Resource:</strong>
<code>google_iam_folders_policy_binding</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8677">#8677</a>)</li>
<li><strong>New Resource:</strong>
<code>google_iam_organizations_policy_binding</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8679">#8679</a>)</li>
</ul>
<p>IMPROVEMENTS:</p>
<ul>
<li>artifactregistry: added <code>common_repository</code> field to
<code>google_artifact_registry_repository</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8681">#8681</a>)</li>
<li>backupdr: added <code>access_restriction</code> field
to<code>google_backup_dr_backup_vault</code> resource (beta) (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8656">#8656</a>)</li>
<li>cloudrunv2: added <code>urls</code> output field to
<code>google_cloud_run_v2_service</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8686">#8686</a>)</li>
<li>compute: added <code>IDPF</code> as a possible value for the
<code>network_interface.nic_type</code> field in
<code>google_compute_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8664">#8664</a>)</li>
<li>compute: added <code>IDPF</code> as a possible value for the
<code>guest_os_features.type</code> field in
<code>google_compute_image</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8664">#8664</a>)</li>
<li>compute: added <code>replica_names</code> field to
<code>sql_database_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8637">#8637</a>)</li>
<li>filestore: added <code>performance_config</code> field to
<code>google_filestore_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8647">#8647</a>)</li>
<li>redis: added <code>persistence_config</code> to
<code>google_redis_cluster</code>. (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8643">#8643</a>)</li>
<li>securesourcemanager: added
<code>workforce_identity_federation_config</code> field to
<code>google_secure_source_manager_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8670">#8670</a>)</li>
<li>spanner: added <code>default_backup_schedule_type</code> field to
<code>google_spanner_instance</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8644">#8644</a>)</li>
<li>sql: added <code>psc_auto_connections</code> fields to
<code>google_sql_database_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8682">#8682</a>)</li>
</ul>
<p>BUG FIXES:</p>
<ul>
<li>accesscontextmanager: fixed permadiff in perimeter
<code>google_access_context_manager_service_perimeter_ingress_policy</code>
and
<code>google_access_context_manager_service_perimeter_egress_policy</code>
resources when there are duplicate resources in the rules (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8675">#8675</a>)</li>
<li>accesscontextmanager: fixed comparison of <code>identity_type</code>
in <code>ingress_from</code> and <code>egress_from</code> when the
<code>IDENTITY_TYPE_UNSPECIFIED</code> is set (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8648">#8648</a>)</li>
<li>compute: fixed permadiff on attempted <code>type</code> field
updates in <code>google_computer_security_policy</code>, updating this
field will now force recreation of the resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8689">#8689</a>)</li>
<li>identityplatform: fixed perma-diff in
<code>google_identity_platform_config</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8663">#8663</a>)</li>
</ul>
<h2>v6.11.2</h2>
<p>BUG FIXES:</p>
<ul>
<li>vertexai: fixed issue with google_vertex_ai_endpoint where upgrading
to 6.11.0 would delete all traffic splits that were set outside
Terraform (which was previously a required step for all meaningful use
of this resource). (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8708">#8708</a>)</li>
</ul>
<h2>v6.11.1</h2>
<p>BUG FIXES:</p>
<ul>
<li>container: fixed diff on
<code>google_container_cluster.user_managed_keys_config</code> field for
resources that had not set it. (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8687">#8687</a>)</li>
<li>container: marked
<code>google_container_cluster.user_managed_keys_config</code> as
immutable because it can't be updated in place. (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8687">#8687</a>)</li>
</ul>
<h2>v6.11.0</h2>
<p>NOTES:</p>
<ul>
<li>compute: migrated <code>google_compute_firewall_policy_rule</code>
from DCL engine to MMv1 engine. (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8604">#8604</a>)</li>
</ul>
<p>BREAKING CHANGES:</p>
<ul>
<li>looker: made <code>oauth_config</code> a required field in
<code>google_looker_instance</code>, as creating this resource without
that field always triggers an API error (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8633">#8633</a>)</li>
</ul>
<p>DEPRECATIONS:</p>
<ul>
<li>backupdr: deprecated <code>force_delete</code> on
<code>google_backup_dr_backup_vault</code>. Use
<code>ignore_inactive_datasources</code> instead (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8616">#8616</a>)</li>
</ul>
<p>FEATURES:</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/terraform-provider-google-beta/blob/main/CHANGELOG.md">hashicorp/google-beta's
changelog</a>.</em></p>
<blockquote>
<h2>6.12.0 (November 18, 2024)</h2>
<p>FEATURES:</p>
<ul>
<li><strong>New Data Source:</strong>
<code>google_access_context_manager_access_policy</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8676">#8676</a>)</li>
<li><strong>New Data Source:</strong>
<code>google_backup_dr_data_source</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8641">#8641</a>)</li>
<li><strong>New Resource:</strong>
<code>google_dataproc_gdc_spark_application</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8662">#8662</a>)</li>
<li><strong>New Resource:</strong>
<code>google_iam_folders_policy_binding</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8677">#8677</a>)</li>
<li><strong>New Resource:</strong>
<code>google_iam_organizations_policy_binding</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8679">#8679</a>)</li>
</ul>
<p>IMPROVEMENTS:</p>
<ul>
<li>artifactregistry: added <code>common_repository</code> field to
<code>google_artifact_registry_repository</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8681">#8681</a>)</li>
<li>backupdr: added <code>access_restriction</code> field
to<code>google_backup_dr_backup_vault</code> resource (beta) (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8656">#8656</a>)</li>
<li>cloudrunv2: added <code>urls</code> output field to
<code>google_cloud_run_v2_service</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8686">#8686</a>)</li>
<li>compute: added <code>IDPF</code> as a possible value for the
<code>network_interface.nic_type</code> field in
<code>google_compute_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8664">#8664</a>)</li>
<li>compute: added <code>IDPF</code> as a possible value for the
<code>guest_os_features.type</code> field in
<code>google_compute_image</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8664">#8664</a>)</li>
<li>compute: added <code>replica_names</code> field to
<code>sql_database_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8637">#8637</a>)</li>
<li>filestore: added <code>performance_config</code> field to
<code>google_filestore_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8647">#8647</a>)</li>
<li>redis: added <code>persistence_config</code> to
<code>google_redis_cluster</code>. (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8643">#8643</a>)</li>
<li>securesourcemanager: added
<code>workforce_identity_federation_config</code> field to
<code>google_secure_source_manager_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8670">#8670</a>)</li>
<li>spanner: added <code>default_backup_schedule_type</code> field to
<code>google_spanner_instance</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8644">#8644</a>)</li>
<li>sql: added <code>psc_auto_connections</code> fields to
<code>google_sql_database_instance</code> resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8682">#8682</a>)</li>
</ul>
<p>BUG FIXES:</p>
<ul>
<li>accesscontextmanager: fixed permadiff in perimeter
<code>google_access_context_manager_service_perimeter_ingress_policy</code>
and
<code>google_access_context_manager_service_perimeter_egress_policy</code>
resources when there are duplicate resources in the rules (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8675">#8675</a>)</li>
<li>accesscontextmanager: fixed comparison of <code>identity_type</code>
in <code>ingress_from</code> and <code>egress_from</code> when the
<code>IDENTITY_TYPE_UNSPECIFIED</code> is set (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8648">#8648</a>)</li>
<li>compute: fixed permadiff on attempted <code>type</code> field
updates in <code>google_computer_security_policy</code>, updating this
field will now force recreation of the resource (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8689">#8689</a>)</li>
<li>identityplatform: fixed perma-diff in
<code>google_identity_platform_config</code> (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8663">#8663</a>)</li>
</ul>
<h2>6.11.2 (November 15, 2024)</h2>
<p>BUG FIXES:</p>
<ul>
<li>vertexai: fixed issue with google_vertex_ai_endpoint where upgrading
to 6.11.0 would delete all traffic splits that were set outside
Terraform (which was previously a required step for all meaningful use
of this resource). (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8708">#8708</a>)</li>
</ul>
<h2>6.11.1 (November 12, 2024)</h2>
<p>BUG FIXES:</p>
<ul>
<li>container: fixed diff on
<code>google_container_cluster.user_managed_keys_config</code> field for
resources that had not set it. (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8687">#8687</a>)</li>
<li>container: marked
<code>google_container_cluster.user_managed_keys_config</code> as
immutable because it can't be updated in place. (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8687">#8687</a>)</li>
</ul>
<h2>6.11.0 (November 11, 2024)</h2>
<p>NOTES:</p>
<ul>
<li>compute: migrated <code>google_compute_firewall_policy_rule</code>
from DCL engine to MMv1 engine. (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8604">#8604</a>)</li>
</ul>
<p>BREAKING CHANGES:</p>
<ul>
<li>looker: made <code>oauth_config</code> a required field in
<code>google_looker_instance</code>, as creating this resource without
that field always triggers an API error (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8633">#8633</a>)</li>
</ul>
<p>DEPRECATIONS:</p>
<ul>
<li>backupdr: deprecated <code>force_delete</code> on
<code>google_backup_dr_backup_vault</code>. Use
<code>ignore_inactive_datasources</code> instead (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/pull/8616">#8616</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9ac2c757b0"><code>9ac2c75</code></a>
Update 6.12.0 changelog</li>
<li><a
href="a4a31ae99d"><code>a4a31ae</code></a>
Update CHANGELOG.md (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/issues/8696">#8696</a>)</li>
<li><a
href="cfe8097c21"><code>cfe8097</code></a>
Made traffic_split field use default_from_api (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/issues/12323">#12323</a>)
(<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/issues/8708">#8708</a>)</li>
<li><a
href="72b4d6e46d"><code>72b4d6e</code></a>
compute: forced recreation of
<code>google_compute_security_policy</code> on <code>type</code>
upda...</li>
<li><a
href="34dcdc94ba"><code>34dcdc9</code></a>
Made google_container_cluster.user_managed_keys_config not settable and
fixed...</li>
<li><a
href="c7adbd34e3"><code>c7adbd3</code></a>
Add Cloud Run v2 Service urls field (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/issues/12194">#12194</a>)
(<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/issues/8686">#8686</a>)</li>
<li><a
href="bcfa3cdfed"><code>bcfa3cd</code></a>
pubsub: additional test permissions fixes (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/issues/12311">#12311</a>)
(<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/issues/8685">#8685</a>)</li>
<li><a
href="a1197e174d"><code>a1197e1</code></a>
Update CHANGELOG.md (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/issues/8671">#8671</a>)</li>
<li><a
href="60d15c7fba"><code>60d15c7</code></a>
Revert &quot;Migrate google_compute_firewall_policy_association resource
from DCL ...</li>
<li><a
href="92cd6e88f1"><code>92cd6e8</code></a>
Mark SarahFrench as on vacation until December (<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/issues/12306">#12306</a>)
(<a
href="https://redirect.github.com/hashicorp/terraform-provider-google-beta/issues/8683">#8683</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/hashicorp/terraform-provider-google-beta/compare/v6.10.0...v6.12.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-04 22:22:17 +00:00
dependabot[bot]
4094e231fd build(deps-dev): Bump tailwindcss from 3.4.14 to 3.4.16 in /rust/gui-client (#7456) 
Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss) from
3.4.14 to 3.4.16.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.16</h2>
<h3>Fixed</h3>
<ul>
<li>Ensure the TypeScript types for <code>PluginsConfig</code> allow
<code>undefined</code> values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14668">#14668</a>)</li>
</ul>
<h1>Changed</h1>
<ul>
<li>Bumped lilconfig to v3.x (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/15289">#15289</a>)</li>
</ul>
<h2>v3.4.15</h2>
<ul>
<li>Bump versions for security vulnerabilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14697">#14697</a>)</li>
<li>Ensure the TypeScript types for the <code>boxShadow</code> theme
configuration allows arrays (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14856">#14856</a>)</li>
<li>Set fallback for opacity variables to ensure setting colors with the
<code>selection:*</code> variant works in Chrome 131 (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/15003">#15003</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/blob/v3.4.16/CHANGELOG.md">tailwindcss's
changelog</a>.</em></p>
<blockquote>
<h2>[3.4.16] - 2024-12-03</h2>
<h3>Fixed</h3>
<ul>
<li>Ensure the TypeScript types for <code>PluginsConfig</code> allow
<code>undefined</code> values (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14668">#14668</a>)</li>
</ul>
<h1>Changed</h1>
<ul>
<li>Bumped lilconfig to v3.x (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/15289">#15289</a>)</li>
</ul>
<h2>[3.4.15] - 2024-11-14</h2>
<ul>
<li>Bump versions for security vulnerabilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14697">#14697</a>)</li>
<li>Ensure the TypeScript types for the <code>boxShadow</code> theme
configuration allows arrays (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14856">#14856</a>)</li>
<li>Set fallback for opacity variables to ensure setting colors with the
<code>selection:*</code> variant works in Chrome 131 (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/15003">#15003</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f875ab9706"><code>f875ab9</code></a>
Bump macos version</li>
<li><a
href="8f91c27d3e"><code>8f91c27</code></a>
v3.4.16</li>
<li><a
href="8c8c986e09"><code>8c8c986</code></a>
fix: update lilconfig for ESM and Windows support (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/15289">#15289</a>)</li>
<li><a
href="2702cfcc2c"><code>2702cfc</code></a>
Fix Plugin type issue (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/14668">#14668</a>)</li>
<li><a
href="6069a81187"><code>6069a81</code></a>
v3.4.15</li>
<li><a
href="d093dce0fb"><code>d093dce</code></a>
Add variable fallback to fix Chrome issue (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/15003">#15003</a>)</li>
<li><a
href="4de07697bd"><code>4de0769</code></a>
Fix config types for boxShadow (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/14856">#14856</a>)</li>
<li><a
href="8b41e82621"><code>8b41e82</code></a>
update changelog</li>
<li><a
href="825cd83cca"><code>825cd83</code></a>
Add <code>CODEOWNERS</code> file (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/14702">#14702</a>)</li>
<li><a
href="c8c3a22442"><code>c8c3a22</code></a>
Bump dependencies to fix vulnerabilities (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/14697">#14697</a>)</li>
<li>See full diff in <a
href="https://github.com/tailwindlabs/tailwindcss/compare/v3.4.14...v3.4.16">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tailwindcss&package-manager=npm_and_yarn&previous-version=3.4.14&new-version=3.4.16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-04 21:15:14 +00:00
dependabot[bot]
0b30c2de73 build(deps): Bump bytes from 1.7.2 to 1.9.0 in /rust (#7448) 
Bumps [bytes](https://github.com/tokio-rs/bytes) from 1.7.2 to 1.9.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tokio-rs/bytes/releases">bytes's
releases</a>.</em></p>
<blockquote>
<h2>Bytes v1.9.0</h2>
<h1>1.9.0 (November 27, 2024)</h1>
<h3>Added</h3>
<ul>
<li>Add <code>Bytes::from_owner</code> to enable externally-allocated
memory (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/742">#742</a>)</li>
</ul>
<h3>Documented</h3>
<ul>
<li>Fix typo in Buf::chunk() comment (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/744">#744</a>)</li>
</ul>
<h3>Internal changes</h3>
<ul>
<li>Replace BufMut::put with BufMut::put_slice in Writer impl (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/745">#745</a>)</li>
<li>Rename hex_impl! to fmt_impl! and reuse it for fmt::Debug (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/743">#743</a>)</li>
</ul>
<h2>Bytes 1.8.0</h2>
<h1>1.8.0 (October 21, 2024)</h1>
<ul>
<li>Guarantee address in <code>split_off</code>/<code>split_to</code>
for empty slices (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/740">#740</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md">bytes's
changelog</a>.</em></p>
<blockquote>
<h1>1.9.0 (November 27, 2024)</h1>
<h3>Added</h3>
<ul>
<li>Add <code>Bytes::from_owner</code> to enable externally-allocated
memory (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/742">#742</a>)</li>
</ul>
<h3>Documented</h3>
<ul>
<li>Fix typo in Buf::chunk() comment (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/744">#744</a>)</li>
</ul>
<h3>Internal changes</h3>
<ul>
<li>Replace BufMut::put with BufMut::put_slice in Writer impl (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/745">#745</a>)</li>
<li>Rename hex_impl! to fmt_impl! and reuse it for fmt::Debug (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/743">#743</a>)</li>
</ul>
<h1>1.8.0 (October 21, 2024)</h1>
<ul>
<li>Guarantee address in <code>split_off</code>/<code>split_to</code>
for empty slices (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/740">#740</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d0a14deeb5"><code>d0a14de</code></a>
chore: prepare bytes v1.9.0 (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/748">#748</a>)</li>
<li><a
href="54f1c26f69"><code>54f1c26</code></a>
Rename hex_impl! to fmt_impl! and reuse it for fmt::Debug (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/743">#743</a>)</li>
<li><a
href="4cd8969e85"><code>4cd8969</code></a>
Replace <code>BufMut::put</code> with <code>BufMut::put_slice</code> in
Writer impl (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/745">#745</a>)</li>
<li><a
href="2d996a2b41"><code>2d996a2</code></a>
Fix typo in <code>Buf::chunk()</code> comment (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/744">#744</a>)</li>
<li><a
href="30ee8e9cba"><code>30ee8e9</code></a>
Add <code>Bytes::from_owner</code> (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/742">#742</a>)</li>
<li><a
href="c45697ce42"><code>c45697c</code></a>
chore: prepare bytes v1.8.0 (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/741">#741</a>)</li>
<li><a
href="0ac54ca706"><code>0ac54ca</code></a>
Guarantee address in split_off/split_to for empty slices (<a
href="https://redirect.github.com/tokio-rs/bytes/issues/740">#740</a>)</li>
<li>See full diff in <a
href="https://github.com/tokio-rs/bytes/compare/v1.7.2...v1.9.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=bytes&package-manager=cargo&previous-version=1.7.2&new-version=1.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-04 21:03:00 +00:00
dependabot[bot]
df285c1049 build(deps-dev): Bump @tauri-apps/cli from 2.0.4 to 2.1.0 in /rust/gui-client (#7431) 
Bumps [@tauri-apps/cli](https://github.com/tauri-apps/tauri) from 2.0.4
to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases"><code>@​tauri-apps/cli</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@​tauri-apps/cli</code> v2.1.0</h2>
<h2>[2.1.0]</h2>
<h3>New Features</h3>
<ul>
<li><a
href="6bf917941f"><code>6bf917941</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/11322">#11322</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../ShaunSHamilton"><code>@​ShaunSHamilton</code></a>)
Add <code>tauri remove</code> to remove plugins from projects.</li>
<li><a
href="058c0db72f"><code>058c0db72</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/11584">#11584</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../amrbashir"><code>@​amrbashir</code></a>)
Add <code>bundle &gt; linux &gt; rpm &gt; compression</code> config
option to control RPM bundle compression type and level.</li>
</ul>
<h3>Enhancements</h3>
<ul>
<li><a
href="1f311832ab"><code>1f311832a</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/11405">#11405</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../amrbashir"><code>@​amrbashir</code></a>)
Add more context for errors when decoding secret and public keys for
signing updater artifacts.</li>
<li><a
href="e0d1307d3f"><code>e0d1307d3</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/11414">#11414</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../Czxck001"><code>@​Czxck001</code></a>)
Migrate the <code>$schema</code> Tauri configuration to the v2
format.</li>
<li><a
href="c43d5df158"><code>c43d5df15</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/11512">#11512</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Associate a newly created capability file with the <code>main</code>
window on the <code>tauri add</code> and <code>tauri permission
add</code> commands.</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="7af01ff2ce"><code>7af01ff2c</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/11523">#11523</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../amrbashir"><code>@​amrbashir</code></a>)
Fix <code>tauri migrate</code> failing to install NPM depenencies when
running from Deno.</li>
<li><a
href="100a4455aa"><code>100a4455a</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/11529">#11529</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../amrbashir"><code>@​amrbashir</code></a>)
Fix detecting yarn berry (v2 and higher) in various tauri cli
commands.</li>
<li><a
href="60e86d5f6e"><code>60e86d5f6</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/11624">#11624</a>
by <a
href="https://www.github.com/tauri-apps/tauri/../../lucasfernog"><code>@​lucasfernog</code></a>)
Use the public network IP address on <code>android dev</code> by default
on Windows.</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>Upgraded to <code>tauri-cli@2.1.0</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="86f22f0ec9"><code>86f22f0</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/11440">#11440</a>)</li>
<li><a
href="3f6f07a1b8"><code>3f6f07a</code></a>
chore(deps): update <code>wry</code> to <code>0.47</code> and
<code>tao</code> to <code>0.30.6</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/11627">#11627</a>)</li>
<li><a
href="60e86d5f6e"><code>60e86d5</code></a>
fix(cli): <code>android dev</code> not working on Windows without
<code>--host</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/11624">#11624</a>)</li>
<li><a
href="b28435860c"><code>b284358</code></a>
chore(deps) Update Rust crate thiserror to v2 (dev) (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/11604">#11604</a>)</li>
<li><a
href="229d7f8e22"><code>229d7f8</code></a>
fix(core): fix child webviews on macOS and Windows treated as full
webview wi...</li>
<li><a
href="c561786844"><code>c561786</code></a>
docs: fix typos in drag&amp;drop event.payload (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/11620">#11620</a>)</li>
<li><a
href="6bf917941f"><code>6bf9179</code></a>
feat(cli): add <code>tauri remove</code> command (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/11322">#11322</a>)</li>
<li><a
href="8e8312bb82"><code>8e8312b</code></a>
ci: unpin ravif (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/11608">#11608</a>)</li>
<li><a
href="f550a3f471"><code>f550a3f</code></a>
chore(deps) Update Tauri Bundler (dev) (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/11601">#11601</a>)</li>
<li><a
href="4d545ab3ca"><code>4d545ab</code></a>
feat: background color APIs (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/11486">#11486</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/@tauri-apps/cli-v2.0.4...@tauri-apps/cli-v2.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@tauri-apps/cli&package-manager=npm_and_yarn&previous-version=2.0.4&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-04 20:42:39 +00:00
dependabot[bot]
fdcd63cba6 build(deps-dev): Bump typescript from 5.6.3 to 5.7.2 in /rust/gui-client (#7432) 
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.6.3
to 5.7.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/microsoft/TypeScript/releases">typescript's
releases</a>.</em></p>
<blockquote>
<h2>TypeScript 5.7</h2>
<p>For release notes, check out the <a
href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-7/">release
announcement</a>.</p>
<ul>
<li><a
href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.7.0%22+is%3Aclosed+">fixed
issues query for Typescript 5.7.0 (Beta)</a>.</li>
<li><a
href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.7.1%22+is%3Aclosed+">fixed
issues query for Typescript 5.7.1 (RC)</a>.</li>
<li><a
href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.7.2%22+is%3Aclosed+">fixed
issues query for Typescript 5.7.2 (Stable)</a>.</li>
</ul>
<p>Downloads are available on:</p>
<ul>
<li><a href="https://www.npmjs.com/package/typescript">npm</a></li>
</ul>
<h2>TypeScript 5.7 RC</h2>
<p>For release notes, check out the <a
href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-7-rc/">release
announcement</a>.</p>
<p>For the complete list of fixed issues, check out the</p>
<ul>
<li><a
href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.7.0%22+is%3Aclosed+">fixed
issues query for Typescript 5.7.0 (Beta)</a>.</li>
<li><a
href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.7.1%22+is%3Aclosed+">fixed
issues query for Typescript 5.7.1 (RC)</a>.</li>
</ul>
<p>Downloads are available on:</p>
<ul>
<li><a href="https://www.npmjs.com/package/typescript">npm</a></li>
</ul>
<h2>TypeScript 5.7 Beta</h2>
<p>For release notes, check out the <a
href="https://devblogs.microsoft.com/typescript/announcing-typescript-5-7-beta/">release
announcement</a>.</p>
<p>For the complete list of fixed issues, check out the</p>
<ul>
<li><a
href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&amp;q=milestone%3A%22TypeScript+5.7.0%22+is%3Aclosed+">fixed
issues query for Typescript 5.7.0 (Beta)</a>.</li>
</ul>
<p>Downloads are available on:</p>
<ul>
<li><a href="https://www.npmjs.com/package/typescript">npm</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d701d908d5"><code>d701d90</code></a>
Bump version to 5.7.2 and LKG</li>
<li><a
href="0503a630fd"><code>0503a63</code></a>
🤖 Pick PR <a
href="https://redirect.github.com/microsoft/TypeScript/issues/60450">#60450</a>
(Move to file: fix detection of refe...) into release-5.7 (#...</li>
<li><a
href="3140dbb79a"><code>3140dbb</code></a>
🤖 Pick PR <a
href="https://redirect.github.com/microsoft/TypeScript/issues/60488">#60488</a>
(Stub out copilotRelated command) into release-5.7 (<a
href="https://redirect.github.com/microsoft/TypeScript/issues/60495">#60495</a>)</li>
<li><a
href="c1216dea1a"><code>c1216de</code></a>
Update LKG</li>
<li><a
href="3ee2b95689"><code>3ee2b95</code></a>
🤖 Pick PR <a
href="https://redirect.github.com/microsoft/TypeScript/issues/60415">#60415</a>
(Fix false positive rewriteRelativeI...) into release-5.7 (#...</li>
<li><a
href="44bd3f21fe"><code>44bd3f2</code></a>
Bump version to 5.7.1-rc and LKG</li>
<li><a
href="5925c81eea"><code>5925c81</code></a>
Update LKG</li>
<li><a
href="84d58cf525"><code>84d58cf</code></a>
Merge remote-tracking branch 'origin/main' into release-5.7</li>
<li><a
href="0ec4d30a6e"><code>0ec4d30</code></a>
Fixing exception on unsaved file (<a
href="https://redirect.github.com/microsoft/TypeScript/issues/60362">#60362</a>)</li>
<li><a
href="11b2930fa2"><code>11b2930</code></a>
Add compatible overloads that accept ArrayBuffer to
BigInt64Array/BigUint64Ar...</li>
<li>Additional commits viewable in <a
href="https://github.com/microsoft/TypeScript/compare/v5.6.3...v5.7.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typescript&package-manager=npm_and_yarn&previous-version=5.6.3&new-version=5.7.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-04 20:41:38 +00:00
Thomas Eizinger
48bd0f9804 chore: bump client versions to 1.4.0 (#7092) 
In order to release the new control protocol to users, we need to bump
the versions of the clients to 1.4.0. The portal has a version gate to
only select gateways with version >= 1.4.0 for clients >= 1.4.0. Thus,
bumping these versions can only happen once testing has completed and
the gateway has actually been released as 1.4.0.

Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
 2024-12-04 19:48:51 +00:00
Jamil
4233fb9490 fix(apple/macos): Add app sandbox and entitlements to network extension (#7455) 
Apple
[requires](https://github.com/firezone/firezone/actions/runs/12161693820/job/33916881718)
network extensions on macOS to be sandboxed. Given this requirement, we
must explicitly allow both the `com.apple.security.network.client` and
`com.apple.security.network.security` entitlements for making outbound
network requests and for opening sockets respectively.
 2024-12-04 19:11:40 +00:00
Jamil
c22bd3c230 fix(deps): Bump hashbrown to fix RUSTSEC-2024-0402 (#7454) 
Fixes https://rustsec.org/advisories/RUSTSEC-2024-0402
 2024-12-04 18:50:51 +00:00
Thomas Eizinger
b802021cc4 feat(connlib): implement idempotent control protocol for client (#6942) 
Building on top of the gateway PR (#6941), this PR transitions the
clients to the new control protocol. Clients are **not**
backwards-compatible with old gateways. As a result, a certain customer
environment MUST have at least one gateway with the above PR running in
order for clients to be able to establish connections.

With this transition, Clients send explicit events to Gateways whenever
they assign IPs to a DNS resource name. The actual assignment only
happens once and the IPs then remain stable for the duration of the
client session.

When the Gateway receives such an event, it will perform a DNS
resolution of the requested domain name and set up the NAT between the
assigned proxy IPs and the IPs the domain actually resolves to. In order
to support self-healing of any problems that happen during this process,
the client will send an "Assigned IPs" event every time it receives a
DNS query for a particular domain. This in turn will trigger another DNS
resolution on the Gateway. Effectively, this means that DNS queries for
DNS resources propagate to the Gateway, triggering a DNS resolution
there. In case the domain resolves to the same set of IPs, no state is
changed to ensure existing connections are not interrupted.

With this new functionality in place, we can delete the old logic around
detecting "expired" IPs. This is considered a bugfix as this logic isn't
currently working as intended. It has been observed multiple times that
the Gateway can loop on this behaviour and resolving the same domain
over and over again. The only theoretical "incompatibility" here is that
pre-1.4.0 clients won't have access to this functionality of triggering
DNS refreshes on a Gateway 1.4.2+ Gateway. However, as soon as this PR
merges, we expect all admins to have already upgraded to a 1.4.0+
Gateway anyway which already mandates clients to be on 1.4.0+.

Resolves: #7391.
Resolves: #6828.
 2024-12-04 12:05:35 +00:00
dependabot[bot]
fd8ca853a3 build(deps): Bump serde from 1.0.210 to 1.0.215 in /rust (#7447) 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.210 to
1.0.215.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/serde/releases">serde's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.215</h2>
<ul>
<li>Produce warning when multiple fields or variants have the same
deserialization name (<a
href="https://redirect.github.com/serde-rs/serde/issues/2855">#2855</a>,
<a
href="https://redirect.github.com/serde-rs/serde/issues/2856">#2856</a>,
<a
href="https://redirect.github.com/serde-rs/serde/issues/2857">#2857</a>)</li>
</ul>
<h2>v1.0.214</h2>
<ul>
<li>Implement IntoDeserializer for all Deserializers in serde::de::value
module (<a
href="https://redirect.github.com/serde-rs/serde/issues/2568">#2568</a>,
thanks <a
href="https://github.com/Mingun"><code>@​Mingun</code></a>)</li>
</ul>
<h2>v1.0.213</h2>
<ul>
<li>Fix support for macro-generated <code>with</code> attributes inside
a newtype struct (<a
href="https://redirect.github.com/serde-rs/serde/issues/2847">#2847</a>)</li>
</ul>
<h2>v1.0.212</h2>
<ul>
<li>Fix hygiene of macro-generated local variable accesses in
serde(with) wrappers (<a
href="https://redirect.github.com/serde-rs/serde/issues/2845">#2845</a>)</li>
</ul>
<h2>v1.0.211</h2>
<ul>
<li>Improve error reporting about mismatched signature in
<code>with</code> and <code>default</code> attributes (<a
href="https://redirect.github.com/serde-rs/serde/issues/2558">#2558</a>,
thanks <a
href="https://github.com/Mingun"><code>@​Mingun</code></a>)</li>
<li>Show variant aliases in error message when variant deserialization
fails (<a
href="https://redirect.github.com/serde-rs/serde/issues/2566">#2566</a>,
thanks <a
href="https://github.com/Mingun"><code>@​Mingun</code></a>)</li>
<li>Improve binary size of untagged enum and internally tagged enum
deserialization by about 12% (<a
href="https://redirect.github.com/serde-rs/serde/issues/2821">#2821</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8939af48fe"><code>8939af4</code></a>
Release 1.0.215</li>
<li><a
href="fa5d58cd00"><code>fa5d58c</code></a>
Use ui test syntax that does not interfere with rustfmt</li>
<li><a
href="1a3cf4b3c1"><code>1a3cf4b</code></a>
Update PR 2562 ui tests</li>
<li><a
href="7d96352e96"><code>7d96352</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2857">#2857</a>
from dtolnay/collide</li>
<li><a
href="111ecc5d8c"><code>111ecc5</code></a>
Update ui tests for warning on colliding aliases</li>
<li><a
href="edd6fe954b"><code>edd6fe9</code></a>
Revert &quot;Add checks for conflicts for aliases&quot;</li>
<li><a
href="a20e9249c5"><code>a20e924</code></a>
Revert &quot;pacify clippy&quot;</li>
<li><a
href="b1353a99cd"><code>b1353a9</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2856">#2856</a>
from dtolnay/dename</li>
<li><a
href="c59e876bb3"><code>c59e876</code></a>
Produce a separate warning for every colliding name</li>
<li><a
href="7f1e697c0d"><code>7f1e697</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2855">#2855</a>
from dtolnay/namespan</li>
<li>Additional commits viewable in <a
href="https://github.com/serde-rs/serde/compare/v1.0.210...v1.0.215">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=serde&package-manager=cargo&previous-version=1.0.210&new-version=1.0.215)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-04 11:48:17 +00:00
Jamil
bd3f912542 refactor(apple/macos): Use System Extension packaging mode for macOS Network Extension (#7344) 
To allow macOS users to rollback, it would be helpful to distribute a
standalone macOS app, similar to how we distribute the GUI client.

The first step in this process is to refactor the macOS client to use a
System Extension -based Network Extension rather than an App Extension
based one. This offers us the flexibility to distribute the macOS client
outside the Mac App Store in addition to via the store.

For this PR I focused on making the minimal set of changes necessary to
support this change. This PR intentionally doesn't update the CI
pipeline to notarize and attach a standalone bundle that will run ad-hoc
on other Macs. That will come in a subsequent PR.

One thing to note about System Extensions is that they're slightly more
finicky when it comes to getting the signing and packaging right. Thus,
the README.md is updated to account for the gotchas involved in
developing System Extensions locally.

Related: #7071.
 2024-12-04 05:34:25 +00:00
Jamil
15e75f80ba fix(apple/ios): Expose IPHONEOS_DEPLOYMENT_TARGET to tell rustc our iOS version (#7453) 
Fixes a similar issue as #7443 where we were deleting the
`IPHONEOS_DEPLOYMENT_TARGET` variable in our Rust build script, which
caused lots of warnings about building for a different OS than being
linked against.
 2024-12-03 14:12:20 -08:00
Thomas Eizinger
dd6b52b236 chore(rust): share edition key via workspace table (#7451) 2024-12-03 00:28:06 +00:00
Thomas Eizinger
f81f8b2ed7 fix(gui-client): don't share log-directives via file system (#7445) 
At present, the GUI client shares the current log-directives with the
IPC service via the file system. Supposedly, this has been done to allow
the IPC service to start back up with the same log filter as before.
This behaviour appears to be buggy though as we are receiving a fair
number of error reports where this file is not writable.

Instead of relying on the file system to communicate, we send the
current log-directives to the IPC service as soon as we start up. The
IPC service then uses the file system as a cache that log string and
re-apply it on the next startup. This way, no two programs need to read
/ write the same file. The IPC service runs with higher privileges, so
this should resolve the permission errors we are seeing in Sentry.
 2024-12-02 23:28:43 +00:00
dependabot[bot]
2b65e5f14d build(deps): Bump @tauri-apps/api from 2.0.3 to 2.1.1 in /rust/gui-client (#7433) 
Bumps [@tauri-apps/api](https://github.com/tauri-apps/tauri) from 2.0.3
to 2.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases"><code>@​tauri-apps/api</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@​tauri-apps/api</code> v2.1.1</h2>
<!-- raw HTML omitted -->
<pre><code>No known vulnerabilities found
</code></pre>
<!-- raw HTML omitted -->
<h2>[2.1.1]</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="7f81f05236"><code>5e9435487</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/11639">#11645</a>
by <a href="https://github.com/dgerhardt">dgerhardt</a>) Fix regression
in <code>toLogical</code> and <code>toPhysical</code> for position types
in <code>dpi</code> module returning incorrect <code>y</code>
value.</li>
<li><a
href="e8a50f6d76"><code>e8a50f6d7</code></a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/11645">#11645</a>)
Fix integer values of <code>BasDirectory.Home</code> and
<code>BaseDirectory.Font</code> regression which broke path APIs in
JS.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>&gt; @tauri-apps/api@2.1.1 npm-publish
/home/runner/work/tauri/tauri/packages/api
&gt; pnpm build &amp;&amp; cd ./dist &amp;&amp; pnpm publish --access
public --loglevel silly --no-git-checks
<p>&gt; <code>@​tauri-apps/api</code><a
href="https://github.com/2"><code>@​2</code></a>.1.1 build
/home/runner/work/tauri/tauri/packages/api
&gt; rollup -c --configPlugin typescript</p>
<p>
./src/app.ts, ./src/core.ts, ./src/dpi.ts, ./src/event.ts,
./src/image.ts, ./src/index.ts, ./src/menu.ts, ./src/mocks.ts,
./src/path.ts, ./src/tray.ts, ./src/webview.ts, ./src/webviewWindow.ts,
./src/window.ts → ./dist, ./dist...
created ./dist, ./dist in 1.3s

src/index.ts →
../../crates/tauri/scripts/bundle.global.js...
created ../../crates/tauri/scripts/bundle.global.js in
1.8s
npm verbose cli /opt/hostedtoolcache/node/20.18.0/x64/bin/node
/opt/hostedtoolcache/node/20.18.0/x64/bin/npm
npm info using npm@10.8.2
npm info using node@v20.18.0
npm silly config
load:file:/opt/hostedtoolcache/node/20.18.0/x64/lib/node_modules/npm/npmrc
npm silly config load:file:/tmp/6ad0a380b775be1a5293f739102d3639/.npmrc
npm silly config load:file:/home/runner/work/_temp/.npmrc
npm silly config
load:file:/opt/hostedtoolcache/node/20.18.0/x64/etc/npmrc
npm verbose title npm publish tauri-apps-api-2.1.1.tgz
npm verbose argv &quot;publish&quot; &quot;--ignore-scripts&quot;
&quot;tauri-apps-api-2.1.1.tgz&quot; &quot;--access&quot;
&quot;public&quot; &quot;--loglevel&quot; &quot;silly&quot;
&quot;--no-git-checks&quot;
npm verbose logfile logs-max:10
dir:/home/runner/.npm/_logs/2024-11-11T14_49_08_178Z-
npm verbose logfile
/home/runner/.npm/_logs/2024-11-11T14_49_08_178Z-debug-0.log
npm verbose publish [ 'tauri-apps-api-2.1.1.tgz' ]
npm silly logfile done cleaning log files
npm notice
npm notice 📦 <code>@​tauri-apps/api</code><a
href="https://github.com/2"><code>@​2</code></a>.1.1
npm notice Tarball Contents
&lt;/tr&gt;&lt;/table&gt;
</code></pre></p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ef2592b5a8"><code>ef2592b</code></a>
Apply Version Updates From Current Changes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/11646">#11646</a>)</li>
<li><a
href="7f81f05236"><code>7f81f05</code></a>
chore: rename change file</li>
<li><a
href="e8a50f6d76"><code>e8a50f6</code></a>
fix(core): hard code <code>BaseDirectory</code> integer values to avoid
regressions when...</li>
<li><a
href="5e94354875"><code>5e94354</code></a>
fix(api/dpi): fix toLogical and toPhysical for positions (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/11639">#11639</a>)</li>
<li><a
href="0fcef3f941"><code>0fcef3f</code></a>
docs: document vanilla JS import alternative (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/11632">#11632</a>)</li>
<li><a
href="86f22f0ec9"><code>86f22f0</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/11440">#11440</a>)</li>
<li><a
href="3f6f07a1b8"><code>3f6f07a</code></a>
chore(deps): update <code>wry</code> to <code>0.47</code> and
<code>tao</code> to <code>0.30.6</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/11627">#11627</a>)</li>
<li><a
href="60e86d5f6e"><code>60e86d5</code></a>
fix(cli): <code>android dev</code> not working on Windows without
<code>--host</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/11624">#11624</a>)</li>
<li><a
href="b28435860c"><code>b284358</code></a>
chore(deps) Update Rust crate thiserror to v2 (dev) (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/11604">#11604</a>)</li>
<li><a
href="229d7f8e22"><code>229d7f8</code></a>
fix(core): fix child webviews on macOS and Windows treated as full
webview wi...</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/@tauri-apps/api-v2.0.3...@tauri-apps/api-v2.1.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@tauri-apps/api&package-manager=npm_and_yarn&previous-version=2.0.3&new-version=2.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-02 23:20:48 +00:00
Thomas Eizinger
9073bddaef fix(gateway): translate ICMP destination unreachable errors (#7398) 
## Context

The Gateway implements a stateful NAT that translates the destination IP
and source protocol of every packet that targets a DNS resource IP. This
is necessary because the IPs for DNS resources are generated on the
client without actually performing a DNS lookup, instead it always
generates 4 IPv4 and 4 IPv6 addresses. On the Gateway, these IPs are
then assigned in a round-robin fashion to the actual IPs that the domain
resolves to, necessitating a NAT64/46 translation in case a domain only
resolves to IPs of one family.

A domain may resolve to a set of IPs but not all of these IPs may be
routable. Whilst an arguably poor practise of the domain administrator,
routing problems can occur for all kinds of reasons and are well handled
on the wider Internet.

When an IP packet cannot be routed further, the current routing node
generates an ICMP error describing the routing failure and sends it back
to the original sender. ICMP is a layer 4 protocol itself, same as TCP
and UDP. As such, sending out a UDP packet may result in receiving an
ICMP response. In order to allow the sender to learn, which packet
failed to route, the ICMP error embeds parts of the original packet in
its payload [0] [1].

The Gateway's NAT table uses parts of the layer 4 protocol as part of
its key; the UDP and TCP source port and the ICMP echo request
identifier (further referred to as "source protocol"). An ICMP error
message doesn't have any of these, meaning the lookup in the NAT table
currently fails and the ICMP error is silently dropped.

A lot of software implements a happy-eyeballs approach and probs for
IPv6 and IPv4 connectivity simulataneously. The absence of the ICMP
errors confuses that algorithm as it detects the packet loss and starts
retransmits instead of giving up.

## Solution

Upon receiving an ICMP error on the Gateway, we now extract the
partially embedded packet in the ICMP error payload. We use the
destination IP and source protocol of _that_ packet for the lookup in
the NAT table. This returns us the original (client-assigned)
destination IP and source protocol. In order for the Gateway's NAT to be
transparent, we need to patch the packet embedded in the ICMP error to
use the original destination and source protocol. We also have to
account for the fact that the original packet may have been translated
with NAT64/46 and translate it back. Finally, we generate an ICMP error
with the appropriate code and embed the patched packet in its payload.

## Test implementation

To test that this works for all kind of combinations, we extend
`tunnel_test` to sample a list of unreachable IPs from all IPs sampled
for DNS resources. Upon receiving a packet for one of these IPs, the
Gateway will send an ICMP error back instead of invoking its regular
echo reply logic. On the client-side, upon receiving an ICMP error, we
extract the originally failed packet from the body and treat it as a
successful response.

This may seem a bit hacky at first but is actually how operating systems
would treat ICMP errors as well. For example, a `TcpSocket::connect`
call (triggering a TCP SYN packet) may fail with an IO error if we
receive an ICMP error packet. Thus, in a way, the original packet got
answered, just not with what we expected.

In addition, by treating these ICMP errors as responses to the original
packet, we automatically perform other assertions on them, like ensuring
that they come from the right IP address, that there are no unexpected
packets etc.

## Test alternatives

It is tricky to solve this in other ways in the test suite because at
the time of generating a packet for a DNS resource, we don't know the
actual IP that is being targeted by a certain proxy IP unless we'd start
reimplementing the round-robin algorithm employed by the Gateway. To
"test" the transparency of the NAT, we'd like to avoid knowing about
these implementation details in the test.

## Future work

In this PR, we currently only deal with "Destination Unreachable" ICMP
errors. There are other ICMP messages such as ICMPv6's `PacketTooBig` or
`ParameterProblem`. We should eventually handle these as well. They are
being deferred because translating those between the different IP
versions is only partially implemented and would thus require more work.
The most pressing need is to translate destination unreachable errors to
enable happy-eyeballs algorithms to work correctly.

Resolves: #5614.
Resolves: #6371.

[0]: https://www.rfc-editor.org/rfc/rfc792
[1]: https://www.rfc-editor.org/rfc/rfc4443#section-3.1
 2024-12-02 23:07:41 +00:00
Thomas Eizinger
4f92a0d7ca refactor(gui-client): tidy up GUI controller code (#7444) 
This PR intends to be a pure refactoring, i.e. no behaviour change. It
simplifies a few aspects of the GUI controller event-loop by getting rid
of the `select!` macro. We also remove some indirection of the
`gui_controller::Builder`.
 2024-12-02 20:07:44 +00:00
Thomas Eizinger
8bc1277c24 fix(telemetry): include span attributes in breadcrumbs (#7421) 
This is another attempt at fixing #7386. Previous PR was #7379. The
difference is, this time it works! In the following screenshot,
`handle_input` is a currently active span.


![image](https://github.com/user-attachments/assets/0845d566-8ca7-4ba2-8786-9c5819cdfd48)

I had to make some patches to Sentry, most notably:

- https://github.com/getsentry/sentry-rust/pull/708
- https://github.com/getsentry/sentry-rust/pull/712

The way we configure Sentry is quite tricky:

First and foremost, we need to understand that the `tracing` adapter for
Sentry has a `span_filter` configuration. When a span gets filtered out
there, the rest of `sentry-tracing` never sees the data in that span.
Thus, in order to capture variables from spans, we need to have a fairly
generous span filter. In this PR, we change this span filter to include
all spans except those on TRACE level.

Secondly, by default, the Sentry SDK doesn't send any spans to the
backend, i.e. the sampling rate is 0. Previously, we set the sampling
rate to 1.0 because the `span_filter` was already filtering out all
non-telemetry spans. A telemetry span is a concept that we invented. It
is a span that gets sampled at _creation_ time with a probability of 1%.
This is useful because creating a lot of spans is also expensive, so we
don't want to do it e.g. on a per-packet basis. With just these
configuration options, we now have a problem: We don't want to submit
all spans to Sentry but we need the `span_filter` to allow all spans
otherwise we can't capture the contextual fields from the span in
breadcrumbs. Luckily, the Sentry SDK has another configuration option:
`traces_sampler`.

The `traces_sampler` gets to compute a sampling rate for each individual
span. This allows us to discard all spans from being sent to Sentry
unless they are `telemetry` spans.

Resolves: #7386.
 2024-12-02 20:00:35 +00:00