mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
8eb738e66a0d82a93022b89f50519c132598c6c8
2692 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Thomas Eizinger
|
544ba11f21 |
chore(rust): allow too_many_arguments repo-wide (#10236)
We always end up allow this lint when it pops up so we can also just allow it for the whole repo in general. Most of the time, the reason for too many arguments are borrow-checker limitations of Rust where mutable references need to be tracked explicitly. |
||
|
Thomas Eizinger
|
da802323e4 |
feat(telemetry): pre-resolve PostHog ingest host (#10207)
In order to effectively share the HTTP client for requests to PostHog, we pre-resolve the IPs of the host and create a lazily initialised `reqwest::Client` that gets shared between all analytics calls. |
||
|
Thomas Eizinger
|
ae2066379e |
feat(headless-client): allow exporting metrics via OTLP (#10240)
In order to explore our metrics more easily, we add an exporter via OTLP to the headless-client. The Gateway already supports this. |
||
|
Jamil
|
d9f1b42595 |
feat(relay): handle ipv4-ipv6 relaying in eBPF (#10226)
Data has shown that we are doing a significant amount of relaying in userspace because the latency of which candidates establish first matters - if an IPv6 to IPv4 path establishes first, we could often pick that, which would bypass the eBPF relaying altogether. To address this, we now perform address translation when relaying so these paths are covered. Preliminary benchmarking on Azure has shown this performs around ~1.5 Gbps for a single client - gateway path, scaling linearly with the number clients up to the core count. On GCP, performance will be a fraction of that because we need to attach the program in SKB_MODE (generic) based on the fact the `gve` driver there does not support the needed `bpf_xdp_adjust_head` call. To keep the verifier happy (and make the verifier error trace log usable) throughout this large refactor, we unfortunately had to drop down to pointer arithmetic in this process. This however means that we have full control (and visibility) over how the bytes are loaded, stored, and copied. Each struct / abstraction adds a little bit of overhead on the stack which pushed us over the 512-byte limit. Since we are generally loading only one set of packet headers onto the stack to then copy into their new locations, our actual stack usage should be well the 512-byte limit. Further performance analysis is required to push past the current per-core 1.5 Gbps limit. This, along with CI support for integration testing these codepaths is left for a later date as this PR is already quite large and needs to soak test for a bit in a live environment before we push to prod. Fixes #10192 |
||
|
Thomas Eizinger
|
c70c88c856 | build(deps): upgrade to opentelemetry 0.30 (#10239) | ||
|
Thomas Eizinger
|
99155490c5 |
chore(connlib): make UDP buffer sizes tunable at runtime (#10234)
For easier benchmarking, we make the UDP socket send and receive buffers runtime-tunable. Related: #7452 |
||
|
Thomas Eizinger
|
f85ae75ae0 |
refactor(connlib): increase UDP queues on desktop platforms (#10235)
On desktop platforms, we can easily afford to have larger queues here despite each item in there being 65k. Benchmarking showed that we do sometimes fill these up. Related: #7452 |
||
|
Thomas Eizinger
|
a109c1a2ef |
feat(connlib): discard intermediate resource and TUN updates (#10223)
Right now, the Client event-loops have a channel with 1000 items for sending new resource lists and updates to the TUN device to the host app. This is kind of unnecessary as we always only care about the last version of these. Intermediate updates that the host app doesn't process are effectively irrelevant. We've had an issue before where a bug in the portal caused us to receive many updates to resources which ended up crashing Client apps because this channel filled up. To be more resilient on this front, we refactor the Client event loop to use a `watch` channel for this. Watch channels only retain the last value that got sent into them. |
||
|
Thomas Eizinger
|
46afa52f78 |
feat(telemetry): pre-resolve Sentry ingest host (#10206)
Our Sentry client needs to resolve DNS before being able to send logs or errors to the backend. Currently, this DNS resolution happens on-demand as we don't take any control of the underlying HTTP client. In addition, this will use HTTP/1.1 by default which isn't as efficient as it could be, especially with concurrent requests. Finally, if we decide to ever proxy all Sentry for traffic through our own domain, we have to take control of the underlying client anyway. To resolve all of the above, we create a custom `TransportFactory` where we reuse the existing `ReqwestHttpTransport` but provide an already configured `reqwest::Client` that always uses HTTP/2 with a pre-configured set of DNS records for the given ingest host. |
||
|
Thomas Eizinger
|
b4cbc4f33b |
fix(connlib): exit phoenix-channel event-loop on error (#10229)
We cannot poll the `PhoenixChannel` after it has returned an error, otherwise it will panic. Therefore, we exit the event-loop then. The outer event-loop also exits as soon as it receives an error from this channel so this is fine. `PhoenixChannel` only returns an error when it has irrecoverably disconnected, e.g. after the retries have been exhausted or we hit a 4xx error on the WebSocket connection. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Thomas Eizinger
|
4e11112d9b |
feat(connlib): improve throughput on higher latencies (#10231)
Turns out the multi-threaded access of the TUN device on the Gateway causes packet reordering which makes the TCP congestion controller throttle the connection. Additionally, the default TX queue length of a TUN device on Linux is only 500 packets. With just a single thread and an increased TX queue length, we get a throughput performance of just over 1 GBit/s for a 20ms link between Client and Gateway with basically no packet drops: ``` Connecting to host 172.20.0.110, port 5201 [ 5] local 100.79.130.70 port 49546 connected to 172.20.0.110 port 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 116 MBytes 977 Mbits/sec 0 6.40 MBytes [ 5] 1.00-2.00 sec 137 MBytes 1.15 Gbits/sec 0 6.40 MBytes [ 5] 2.00-3.00 sec 134 MBytes 1.13 Gbits/sec 0 6.40 MBytes [ 5] 3.00-4.00 sec 136 MBytes 1.14 Gbits/sec 47 6.40 MBytes [ 5] 4.00-5.00 sec 137 MBytes 1.15 Gbits/sec 0 6.40 MBytes [ 5] 5.00-6.00 sec 138 MBytes 1.16 Gbits/sec 0 6.40 MBytes [ 5] 6.00-7.00 sec 138 MBytes 1.15 Gbits/sec 0 6.40 MBytes [ 5] 7.00-8.00 sec 138 MBytes 1.15 Gbits/sec 0 6.40 MBytes [ 5] 8.00-9.00 sec 138 MBytes 1.16 Gbits/sec 0 6.40 MBytes [ 5] 9.00-10.00 sec 138 MBytes 1.15 Gbits/sec 0 6.40 MBytes [ 5] 10.00-11.00 sec 139 MBytes 1.17 Gbits/sec 0 6.40 MBytes [ 5] 11.00-12.00 sec 139 MBytes 1.17 Gbits/sec 0 6.40 MBytes [ 5] 12.00-13.00 sec 136 MBytes 1.14 Gbits/sec 0 6.40 MBytes [ 5] 13.00-14.00 sec 139 MBytes 1.17 Gbits/sec 0 6.40 MBytes [ 5] 14.00-15.00 sec 140 MBytes 1.17 Gbits/sec 0 6.40 MBytes [ 5] 15.00-16.00 sec 138 MBytes 1.16 Gbits/sec 0 6.40 MBytes [ 5] 16.00-17.00 sec 137 MBytes 1.15 Gbits/sec 0 6.40 MBytes [ 5] 17.00-18.00 sec 139 MBytes 1.17 Gbits/sec 0 6.40 MBytes [ 5] 18.00-19.00 sec 138 MBytes 1.16 Gbits/sec 0 6.40 MBytes [ 5] 19.00-20.00 sec 136 MBytes 1.14 Gbits/sec 0 6.40 MBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-20.00 sec 2.67 GBytes 1.15 Gbits/sec 47 sender [ 5] 0.00-20.02 sec 2.67 GBytes 1.15 Gbits/sec receiver iperf Done. ``` For further debugging in the future, we are now recording the send and receive queue depths of both the TUN device and the UDP sockets. Neither of those showed to be full in my testing which leads me to conclude that it isn't any buffer inside Firezone that is too small here. Related: #7452 --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
dependabot[bot]
|
6fa8c0b52a |
build(deps): bump proc-macro2 from 1.0.95 to 1.0.101 in /rust (#10218)
Bumps [proc-macro2](https://github.com/dtolnay/proc-macro2) from 1.0.95 to 1.0.101. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/proc-macro2/releases">proc-macro2's releases</a>.</em></p> <blockquote> <h2>1.0.101</h2> <ul> <li>Optimize Span location accessors (<a href="https://redirect.github.com/dtolnay/proc-macro2/issues/519">#519</a>)</li> </ul> <h2>1.0.100</h2> <ul> <li>Stabilize <code>Span</code> methods on Rust 1.88+: <code>start</code>, <code>end</code>, <code>line</code>, <code>column</code>, <code>file</code>, <code>local_file</code> (<a href="https://redirect.github.com/dtolnay/proc-macro2/issues/517">#517</a>, <a href="https://redirect.github.com/dtolnay/proc-macro2/issues/518">#518</a>)</li> </ul> <h2>1.0.99</h2> <ul> <li>Prevent Span's unstable API becoming unavailable from a future new compiler lint (<a href="https://redirect.github.com/dtolnay/proc-macro2/issues/515">#515</a>)</li> </ul> <h2>1.0.98</h2> <ul> <li>Disallow prefixed identifier as name of lifetime: <code>'prefix#lifetime</code> (<a href="https://redirect.github.com/dtolnay/proc-macro2/issues/514">#514</a>, <a href="https://redirect.github.com/rust-lang/rust/pull/126452">rust-lang/rust#126452</a>)</li> </ul> <h2>1.0.97</h2> <ul> <li>Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (<a href="https://redirect.github.com/dtolnay/proc-macro2/issues/505">#505</a>, <a href="https://redirect.github.com/dtolnay/proc-macro2/issues/512">#512</a>, thanks <a href="https://github.com/davvid"><code>@davvid</code></a>)</li> </ul> <h2>1.0.96</h2> <ul> <li>Simplify how rustdoc flags are decided during docs.rs builds (<a href="https://redirect.github.com/dtolnay/proc-macro2/issues/511">#511</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c6cb22bbd1 |
build(deps): bump anyhow from 1.0.98 to 1.0.99 in /rust (#10212)
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.98 to 1.0.99. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/anyhow/releases">anyhow's releases</a>.</em></p> <blockquote> <h2>1.0.99</h2> <ul> <li>Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (<a href="https://redirect.github.com/dtolnay/anyhow/issues/420">#420</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
52e3aeab74 |
build(deps): bump arbitrary from 1.4.1 to 1.4.2 in /rust (#10220)
Bumps [arbitrary](https://github.com/rust-fuzz/arbitrary) from 1.4.1 to 1.4.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-fuzz/arbitrary/blob/main/CHANGELOG.md">arbitrary's changelog</a>.</em></p> <blockquote> <h2>1.4.2</h2> <p>Released 2025-08-13.</p> <h3>Added</h3> <ul> <li>Added formal MSRV policy: "We reserve the right to increment the MSRV on minor releases, however we will strive to only do it deliberately and for good reasons." The current MSRV is 1.63.0.</li> <li>Added an <code>Arbitrary</code> implementation for <code>core::cmp::Reverse</code>.</li> </ul> <h3>Changed</h3> <ul> <li>Landed a handful of changes to the code generated by <code>#[derive(Arbitrary)]</code> that speed up compilation.</li> </ul> <h3>Fixed</h3> <ul> <li>Better documented bias and behavior when running out of entropy, fixed some outdated and incorrect docs related to this.</li> </ul> <hr /> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
742b94be90 |
build(deps): bump thiserror from 2.0.12 to 2.0.15 in /rust (#10213)
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 2.0.12 to 2.0.15. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/thiserror/releases">thiserror's releases</a>.</em></p> <blockquote> <h2>2.0.15</h2> <ul> <li>Prevent <code>Error::provide</code> API becoming unavailable from a future new compiler lint (<a href="https://redirect.github.com/dtolnay/thiserror/issues/427">#427</a>)</li> </ul> <h2>2.0.14</h2> <ul> <li>Allow build-script cleanup failure with NFSv3 output directory to be non-fatal (<a href="https://redirect.github.com/dtolnay/thiserror/issues/426">#426</a>)</li> </ul> <h2>2.0.13</h2> <ul> <li>Documentation improvements</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a4352137f2 |
build(deps): bump uuid from 1.17.0 to 1.18.0 in /rust (#10214)
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.17.0 to 1.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/uuid-rs/uuid/releases">uuid's releases</a>.</em></p> <blockquote> <h2>v1.18.0</h2> <h2>What's Changed</h2> <ul> <li>Fix up mismatched_lifetime_syntaxes lint by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/837">uuid-rs/uuid#837</a></li> <li>Conversions between <code>Timestamp</code> and <code>std::time::SystemTime</code> by <a href="https://github.com/dcormier"><code>@dcormier</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/835">uuid-rs/uuid#835</a></li> <li>Wrap the error type used in time conversions by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/838">uuid-rs/uuid#838</a></li> <li>Prepare for 1.18.0 release by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/839">uuid-rs/uuid#839</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/dcormier"><code>@dcormier</code></a> made their first contribution in <a href="https://redirect.github.com/uuid-rs/uuid/pull/835">uuid-rs/uuid#835</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/uuid-rs/uuid/compare/v1.17.0...v1.18.0">https://github.com/uuid-rs/uuid/compare/v1.17.0...v1.18.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
dd312a9a83 |
build(deps): bump glob from 0.3.2 to 0.3.3 in /rust (#10215)
Bumps [glob](https://github.com/rust-lang/glob) from 0.3.2 to 0.3.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/glob/releases">glob's releases</a>.</em></p> <blockquote> <h2>v0.3.3</h2> <ul> <li>Optimize memory allocations (<a href="https://redirect.github.com/rust-lang/glob/pull/147">#147</a>)</li> <li>Bump the MSRV to 1.63 (<a href="https://redirect.github.com/rust-lang/glob/pull/172">#172</a>)</li> <li>Fix spelling in pattern documentation (<a href="https://redirect.github.com/rust-lang/glob/pull/164">#164</a>)</li> <li>Fix version numbers and some formatting (<a href="https://redirect.github.com/rust-lang/glob/pull/157">#157</a>)</li> <li>Style fixes (<a href="https://redirect.github.com/rust-lang/glob/pull/137">#137</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/glob/blob/master/CHANGELOG.md">glob's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/rust-lang/glob/compare/v0.3.2...v0.3.3">0.3.3</a> - 2025-08-11</h2> <ul> <li>Optimize memory allocations (<a href="https://redirect.github.com/rust-lang/glob/pull/147">#147</a>)</li> <li>Bump the MSRV to 1.63 (<a href="https://redirect.github.com/rust-lang/glob/pull/172">#172</a>)</li> <li>Fix spelling in pattern documentation (<a href="https://redirect.github.com/rust-lang/glob/pull/164">#164</a>)</li> <li>Fix version numbers and some formatting (<a href="https://redirect.github.com/rust-lang/glob/pull/157">#157</a>)</li> <li>Style fixes (<a href="https://redirect.github.com/rust-lang/glob/pull/137">#137</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
05b736c5a1 |
build(deps): bump clap from 4.5.43 to 4.5.45 in /rust (#10216)
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.43 to 4.5.45. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/releases">clap's releases</a>.</em></p> <blockquote> <h2>v4.5.45</h2> <h2>[4.5.45] - 2025-08-12</h2> <h3>Fixes</h3> <ul> <li><em>(unstable-v5)</em> <code>ValueEnum</code> variants now use the full doc comment, not summary, for <code>PossibleValue::help</code></li> </ul> <h2>v4.5.44</h2> <h2>[4.5.44] - 2025-08-11</h2> <h3>Features</h3> <ul> <li>Add <code>Command::mut_subcommands</code></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's changelog</a>.</em></p> <blockquote> <h2>[4.5.45] - 2025-08-12</h2> <h3>Fixes</h3> <ul> <li><em>(unstable-v5)</em> <code>ValueEnum</code> variants now use the full doc comment, not summary, for <code>PossibleValue::help</code></li> </ul> <h2>[4.5.44] - 2025-08-11</h2> <h3>Features</h3> <ul> <li>Add <code>Command::mut_subcommands</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
eb0526ce5f |
build(deps): bump async-trait from 0.1.88 to 0.1.89 in /rust (#10221)
Bumps [async-trait](https://github.com/dtolnay/async-trait) from 0.1.88 to 0.1.89. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/async-trait/releases">async-trait's releases</a>.</em></p> <blockquote> <h2>0.1.89</h2> <ul> <li>Improve IDE functionality (<a href="https://redirect.github.com/dtolnay/async-trait/issues/293">#293</a>, thanks <a href="https://github.com/Veykril"><code>@Veykril</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
2265114f6f |
build(deps): bump syn from 2.0.104 to 2.0.106 in /rust (#10219)
Bumps [syn](https://github.com/dtolnay/syn) from 2.0.104 to 2.0.106. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/syn/releases">syn's releases</a>.</em></p> <blockquote> <h2>2.0.106</h2> <ul> <li>Replace <code>~const</code> syntax with <code>[const]</code> conditionally const syntax in trait bounds (<a href="https://redirect.github.com/dtolnay/syn/issues/1896">#1896</a>, <a href="https://redirect.github.com/rust-lang/rust/pull/139858">rust-lang/rust#139858</a>)</li> <li>Support conditionally const impl Trait types (<a href="https://redirect.github.com/dtolnay/syn/issues/1897">#1897</a>)</li> <li>Reject polarity modifier and lifetime binder used in the same trait bound (<a href="https://redirect.github.com/dtolnay/syn/issues/1899">#1899</a>, <a href="https://redirect.github.com/rust-lang/rust/pull/127054">rust-lang/rust#127054</a>)</li> <li>Parse const trait bounds with bound lifetimes (<a href="https://redirect.github.com/dtolnay/syn/issues/1902">#1902</a>)</li> <li>Parse bound lifetimes with lifetime bounds (<a href="https://redirect.github.com/dtolnay/syn/issues/1903">#1903</a>)</li> <li>Allow type parameters and const parameters in trait bounds and generic closures (<a href="https://redirect.github.com/dtolnay/syn/issues/1904">#1904</a>, <a href="https://redirect.github.com/dtolnay/syn/issues/1907">#1907</a>, <a href="https://redirect.github.com/dtolnay/syn/issues/1908">#1908</a>, <a href="https://redirect.github.com/dtolnay/syn/issues/1909">#1909</a>)</li> </ul> <h2>2.0.105</h2> <ul> <li>Disallow "negative" inherent impls like <code>impl !T {}</code> (<a href="https://redirect.github.com/dtolnay/syn/issues/1881">#1881</a>, <a href="https://redirect.github.com/rust-lang/rust/pull/144386">rust-lang/rust#144386</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5cac8538b4 |
build(deps): bump reqwest from 0.12.22 to 0.12.23 in /rust (#10217)
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.12.22 to 0.12.23. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/releases">reqwest's releases</a>.</em></p> <blockquote> <h2>v0.12.23</h2> <h2>tl;dr</h2> <ul> <li>🇺🇩🇸 Add <code>ClientBuilder::unix_socket(path)</code> option that will force all requests over that Unix Domain Socket.</li> <li>🔁 Add <code>ClientBuilder::retries(policy)</code> and <code>reqwest::retry::Builder</code> to configure <a href="https://seanmonstar.com/blog/reqwest-retries/">automatic retries</a>.</li> <li>Add <code>ClientBuilder::dns_resolver2()</code> with more ergonomic argument bounds, allowing more resolver implementations.</li> <li>Add <code>http3_*</code> options to <code>blocking::ClientBuilder</code>.</li> <li>Fix default TCP timeout values to enabled and faster.</li> <li>Fix SOCKS proxies to default to port 1080</li> <li>(wasm) Add cache methods to <code>RequestBuilder</code>.</li> </ul> <h2>What's Changed</h2> <ul> <li>Minimize package size by <a href="https://github.com/weiznich"><code>@weiznich</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2759">seanmonstar/reqwest#2759</a></li> <li>chore(dev-dependencies): bump brotli by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2760">seanmonstar/reqwest#2760</a></li> <li>upgrade hickory-dns to 0.25 by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2761">seanmonstar/reqwest#2761</a></li> <li>Re-expose http3 options in blocking::clientBuilder by <a href="https://github.com/ducaale"><code>@ducaale</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2770">seanmonstar/reqwest#2770</a></li> <li>fix(proxy): restore default port 1080 for SOCKS proxies without explicit port by <a href="https://github.com/0x676e67"><code>@0x676e67</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2771">seanmonstar/reqwest#2771</a></li> <li>ci: use msrv-aware cargo in msrv job by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2779">seanmonstar/reqwest#2779</a></li> <li>feat: add request cache option for wasm by <a href="https://github.com/Spxg"><code>@Spxg</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2775">seanmonstar/reqwest#2775</a></li> <li>style(client): use <code>std::task::ready!</code> macro to simplify <code>Poll</code> branch match by <a href="https://github.com/0x676e67"><code>@0x676e67</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2781">seanmonstar/reqwest#2781</a></li> <li>fix: add default tcp keepalive and user_timeout values by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2780">seanmonstar/reqwest#2780</a></li> <li>feat: add unix_socket() option to client builder by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2624">seanmonstar/reqwest#2624</a></li> <li>Add retry policies by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2763">seanmonstar/reqwest#2763</a></li> <li>refactor: loosen retry <code>for_host</code> parameter bounds by <a href="https://github.com/Enduriel"><code>@Enduriel</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2792">seanmonstar/reqwest#2792</a></li> <li>feat: add dns_resolver2 that is more ergonomic and flexible by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2793">seanmonstar/reqwest#2793</a></li> <li>Prepare v0.12.23 by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2795">seanmonstar/reqwest#2795</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/weiznich"><code>@weiznich</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2759">seanmonstar/reqwest#2759</a></li> <li><a href="https://github.com/Spxg"><code>@Spxg</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2775">seanmonstar/reqwest#2775</a></li> <li><a href="https://github.com/Enduriel"><code>@Enduriel</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2792">seanmonstar/reqwest#2792</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/seanmonstar/reqwest/compare/v0.12.22...v0.12.23">https://github.com/seanmonstar/reqwest/compare/v0.12.22...v0.12.23</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md">reqwest's changelog</a>.</em></p> <blockquote> <h2>v0.12.23</h2> <ul> <li>Add <code>ClientBuilder::unix_socket(path)</code> option that will force all requests over that Unix Domain Socket.</li> <li>Add <code>ClientBuilder::retries(policy)</code> and <code>reqwest::retry::Builder</code> to configure automatic retries.</li> <li>Add <code>ClientBuilder::dns_resolver2()</code> with more ergonomic argument bounds, allowing more resolver implementations.</li> <li>Add <code>http3_*</code> options to <code>blocking::ClientBuilder</code>.</li> <li>Fix default TCP timeout values to enabled and faster.</li> <li>Fix SOCKS proxies to default to port 1080</li> <li>(wasm) Add cache methods to <code>RequestBuilder</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
618254cdfc |
refactor(relay): use zero check for is_learned (#10209)
Simplifies the interface map we store to use a zero-check instead of explicit bool. Related: https://github.com/firezone/firezone/pull/10200#discussion_r2281117072 |
||
|
Thomas Eizinger
|
6f4242769a |
refactor(connlib): move gw phoenix-channel to separate task (#10211)
Similar to #10210, we also move the phoenix-channel to a separate task for the Gateway's and connect it with channels to the event-loop. Related: #10003 --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
dependabot[bot]
|
dae9a10e00 |
build(deps): bump tauri from 2.6.2 to 2.7.0 in /rust in the tauri group (#10179)
Bumps the tauri group in /rust with 1 update: [tauri](https://github.com/tauri-apps/tauri). Updates `tauri` from 2.6.2 to 2.7.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases">tauri's releases</a>.</em></p> <blockquote> <h2>tauri-runtime v2.7.0</h2> <!-- raw HTML omitted --> <pre><code>Updating git repository `https://github.com/tauri-apps/schemars.git` Updating crates.io index warning: Patch `schemars_derive v0.8.21 (https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)` was not used in the crate graph. Check that the patched package version and available features are compatible with the dependency requirements. If the patch has a different version from what is locked in the Cargo.lock file, run `cargo update` to use the new version. This may also occur with an optional dependency that is not enabled. Locking 1020 packages to latest compatible versions Adding apple-codesign v0.27.0 (available: v0.29.0) Adding axum v0.7.9 (available: v0.8.4) Adding cargo_metadata v0.19.2 (available: v0.20.0) Adding colored v2.2.0 (available: v3.0.0) Adding ctor v0.2.9 (available: v0.4.2) Adding elf v0.7.4 (available: v0.8.0) Adding getrandom v0.2.16 (available: v0.3.3) Adding html5ever v0.29.1 (available: v0.32.0) Adding itertools v0.13.0 (available: v0.14.0) Adding json-patch v3.0.1 (available: v4.0.0) Adding jsonrpsee v0.24.9 (available: v0.25.1) Adding jsonrpsee-client-transport v0.24.9 (available: v0.25.1) Adding jsonrpsee-core v0.24.9 (available: v0.25.1) Adding jsonrpsee-ws-client v0.24.9 (available: v0.25.1) Adding minisign v0.7.3 (available: v0.7.9) Adding muda v0.16.1 (available: v0.17.0) Adding object v0.36.7 (available: v0.37.1) Adding oxc_allocator v0.36.0 (available: v0.74.0) Adding oxc_ast v0.36.0 (available: v0.74.0) Adding oxc_parser v0.36.0 (available: v0.74.0) Adding oxc_span v0.36.0 (available: v0.74.0) Adding phf v0.11.3 (available: v0.12.1) Adding proc-macro-crate v2.0.0 (available: v2.0.2) Adding rand v0.8.5 (available: v0.9.1) Adding rpm v0.16.0 (available: v0.17.0) Adding schemars v0.8.22 (available: v1.0.1) Adding serialize-to-javascript v0.1.1 (available: v0.1.2) Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2) Adding tiny_http v0.11.0 (available: v0.12.0) Adding which v7.0.3 (available: v8.0.0) Adding worker v0.5.0 (available: v0.6.0) Adding worker-macros v0.5.0 (available: v0.6.0) Adding x509-certificate v0.23.1 (available: v0.24.0) Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 787 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (1045 crate dependencies) </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
319b31da64 |
build(deps): bump clap from 4.5.42 to 4.5.43 in /rust (#10182)
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.42 to 4.5.43. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/releases">clap's releases</a>.</em></p> <blockquote> <h2>v4.5.43</h2> <h2>[4.5.43] - 2025-08-06</h2> <h3>Fixes</h3> <ul> <li><em>(help)</em> In long help, list Possible Values before defaults, rather than after, for a more consistent look</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's changelog</a>.</em></p> <blockquote> <h2>[4.5.43] - 2025-08-06</h2> <h3>Fixes</h3> <ul> <li><em>(help)</em> In long help, list Possible Values before defaults, rather than after, for a more consistent look</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
6038ade9a0 |
build(deps): bump socket2 from 0.5.10 to 0.6.0 in /rust (#10183)
Bumps [socket2](https://github.com/rust-lang/socket2) from 0.5.10 to 0.6.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/socket2/blob/master/CHANGELOG.md">socket2's changelog</a>.</em></p> <blockquote> <h1>0.6.0</h1> <h2>Breaking changes</h2> <p>All IPv4 methods now have a <code>_v4</code> suffix, IPv6 uses <code>_v6</code>. TCP methods have a <code>tcp_</code> prefix (looked better than a suffix).</p> <p>Furthermore we removed all types from external libraries (i.e. libc or windows-sys) from the public API, allowing us to update those without breaking the API.</p> <ul> <li>Renamed <code>Socket::freebind_ipv6</code> to <code>freebind_v6</code> (<a href="https://redirect.github.com/rust-lang/socket2/pull/592">rust-lang/socket2#592</a>).</li> <li>Renamed <code>Socket::freebind</code> to <code>freebind_v4</code> (<a href="https://redirect.github.com/rust-lang/socket2/pull/592">rust-lang/socket2#592</a>).</li> <li>Renamed <code>Socket::original_dst</code> to <code>original_dst_v4</code> (<a href="https://redirect.github.com/rust-lang/socket2/pull/592">rust-lang/socket2#592</a>).</li> <li>Renamed <code>Socket::original_dst_ipv6</code> to <code>original_dst_v6</code> (<a href="https://redirect.github.com/rust-lang/socket2/pull/592">rust-lang/socket2#592</a>).</li> <li>Bump MSRV to 1.70 (<a href="https://redirect.github.com/rust-lang/socket2/pull/597">rust-lang/socket2#597</a>).</li> <li>Use <code>c_int</code> from <code>std::ffi</code> instead of from libc (<a href="https://redirect.github.com/rust-lang/socket2/pull/599">rust-lang/socket2#599</a>, <a href="https://redirect.github.com/rust-lang/socket2/pull/595">rust-lang/socket2#595</a>).</li> <li><code>SockAddr</code>'s methods now accept/return <code>SockAddrStorage</code> instead of <code>sockaddr_storage</code>/<code>SOCKADDR_STORAGE</code> (<a href="https://redirect.github.com/rust-lang/socket2/pull/576">rust-lang/socket2#576</a>): <ul> <li><code>new</code></li> <li><code>try_init</code></li> <li><code>as_ptr</code></li> <li><code>as_storage</code></li> </ul> </li> <li>Add <code>SockFilter</code>, wrapper around <code>libc::sock_filter</code>, argument to <code>Socket::attach_filter</code> (<a href="https://redirect.github.com/rust-lang/socket2/pull/581">rust-lang/socket2#581</a>).</li> <li>Various renames of TCP methods on <code>Socket</code> (<a href="https://redirect.github.com/rust-lang/socket2/pull/592">rust-lang/socket2#592</a>): <ul> <li><code>keepalive_time</code> -> <code>tcp_keepalive_time</code></li> <li><code>keepalive_interval</code> -> <code>tcp_keepalive_interval</code></li> <li><code>keepalive_retries</code> -> <code>tcp_keepalive_retries</code></li> <li><code>nodelay</code> -> <code>tcp_nodelay</code></li> <li><code>set_nodelay</code> -> <code>tcp_set_nodelay</code></li> <li><code>tcp_mss</code> -> <code>mss</code></li> <li><code>tcp_set_mss</code> -> <code>set_mss</code></li> <li><code>tcp_cork</code> -> <code>cork</code></li> <li><code>tcp_set_cork</code> -> <code>set_cork</code></li> <li><code>tcp_quickack</code> -> <code>quickack</code></li> <li><code>tcp_set_quickack</code> -> <code>set_quickack</code></li> <li><code>thin_linear_timeouts</code> -> <code>tcp_thin_linear_timeouts</code>.</li> </ul> </li> </ul> <h2>Non-breaking changes</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/rust-lang/socket2/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
12667a98df |
build(deps): bump libc from 0.2.174 to 0.2.175 in /rust (#10181)
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.174 to 0.2.175. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/libc/releases">libc's releases</a>.</em></p> <blockquote> <h2>0.2.175</h2> <h3>Added</h3> <ul> <li>AIX: Add <code>getpeereid</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4524">#4524</a>)</li> <li>AIX: Add <code>struct ld_info</code> and friends (<a href="https://redirect.github.com/rust-lang/libc/pull/4578">#4578</a>)</li> <li>AIX: Retore <code>struct winsize</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4577">#4577</a>)</li> <li>Android: Add UDP socket option constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4619">#4619</a>)</li> <li>Android: Add <code>CLONE_CLEAR_SIGHAND</code> and <code>CLONE_INTO_CGROUP</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4502">#4502</a>)</li> <li>Android: Add more <code>prctl</code> constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4531">#4531</a>)</li> <li>FreeBSD Add further TCP stack-related constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4196">#4196</a>)</li> <li>FreeBSD x86-64: Add <code>mcontext_t.mc_tlsbase </code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4503">#4503</a>)</li> <li>FreeBSD15: Add <code>kinfo_proc.ki_uerrmsg</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4552">#4552</a>)</li> <li>FreeBSD: Add <code>in_conninfo</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4482">#4482</a>)</li> <li>FreeBSD: Add <code>xinpgen</code> and related types (<a href="https://redirect.github.com/rust-lang/libc/pull/4482">#4482</a>)</li> <li>FreeBSD: Add <code>xktls_session</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4482">#4482</a>)</li> <li>Haiku: Add functionality from <code>libbsd</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4221">#4221</a>)</li> <li>Linux: Add <code>SECBIT_*</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4480">#4480</a>)</li> <li>NetBSD, OpenBSD: Export <code>ioctl</code> request generator macros (<a href="https://redirect.github.com/rust-lang/libc/pull/4460">#4460</a>)</li> <li>NetBSD: Add <code>ptsname_r</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4608">#4608</a>)</li> <li>RISCV32: Add time-related syscalls (<a href="https://redirect.github.com/rust-lang/libc/pull/4612">#4612</a>)</li> <li>Solarish: Add <code>strftime*</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4453">#4453</a>)</li> <li>linux: Add <code>EXEC_RESTRICT_*</code> and <code>EXEC_DENY_*</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4545">#4545</a>)</li> </ul> <h3>Changed</h3> <ul> <li>AIX: Add <code>const</code> to signatures to be consistent with other platforms (<a href="https://redirect.github.com/rust-lang/libc/pull/4563">#4563</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>AIX: Fix the type of <code>struct statvfs.f_fsid</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4576">#4576</a>)</li> <li>AIX: Fix the type of constants for the <code>ioctl</code> <code>request</code> argument (<a href="https://redirect.github.com/rust-lang/libc/pull/4582">#4582</a>)</li> <li>AIX: Fix the types of <code>stat{,64}.st_*tim</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4597">#4597</a>)</li> <li>AIX: Use unique <code>errno</code> values (<a href="https://redirect.github.com/rust-lang/libc/pull/4507">#4507</a>)</li> <li>Build: Fix an incorrect <code>target_os</code> -> <code>target_arch</code> check (<a href="https://redirect.github.com/rust-lang/libc/pull/4550">#4550</a>)</li> <li>FreeBSD: Fix the type of <code>xktls_session_onedir.ifnet</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4552">#4552</a>)</li> <li>Mips64 musl: Fix the type of <code>nlink_t</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4509">#4509</a>)</li> <li>Mips64 musl: Use a special MIPS definition of <code>stack_t</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4528">#4528</a>)</li> <li>Mips64: Fix <code>SI_TIMER</code>, <code>SI_MESGQ</code> and <code>SI_ASYNCIO</code> definitions (<a href="https://redirect.github.com/rust-lang/libc/pull/4529">#4529</a>)</li> <li>Musl Mips64: Swap the order of <code>si_errno</code> and <code>si_code</code> in <code>siginfo_t</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4530">#4530</a>)</li> <li>Musl Mips64: Use a special MIPS definition of <code>statfs</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4527">#4527</a>)</li> <li>Musl: Fix the definition of <code>fanotify_event_metadata</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4510">#4510</a>)</li> <li>NetBSD: Correct <code>enum fae_action</code> to be <code>#[repr(C)]</code> (<a href=" |
||
|
Thomas Eizinger
|
2545c41366 |
refactor(connlib): move client phoenix-channel to separate task (#10210)
Currently, `connlib`'s event-loop for clients uses manual polling to advance the state of the tunnel and the phoenix-channel. Manual polling is powerful but also easy to get wrong, resulting in task-wakeup bugs. Additionally, if the tunnel is very busy with processing packets, the phoenix-channel may not get enough CPU time, resulting in a loss of the WebSocket connection. To fix this, we move the phoenix-channel to a separate task and use channels to connect it with `connlib`'s main event-loop. This one is now primarily focused on advancing the tunnel state, effectively offloading the problem of fair scheduling to the tokio runtime. Related: #10003 |
||
|
Thomas Eizinger
|
da00848549 |
build(deps): bump to Rust 1.89 (#10208)
Rust 1.89 comes with a new lint that wants us to use explicitly refer to lifetimes, even if they are elided. |
||
|
Thomas Eizinger
|
0f2cfa2e3c |
fix(rust): don't block runtime shutdown (#10204)
By default, dropping a `tokio` runtime waits until all tasks have finished. The tasks we spawn within `connlib` can have complex dependencies with each other. To ensure that we can shut down in any case and don't hang, we apply a timeout of 1s to the runtime. |
||
|
Thomas Eizinger
|
c8b01d9f43 | fix(telemetry): timeout Sentry session shutdown within 1s (#10205) | ||
|
Thomas Eizinger
|
1bdc5f0584 | feat(telemetry): reuse connections to PostHog server (#10203) | ||
|
Jamil
|
f47fb46cc7 |
feat(relay): learn interface addresses (#10200)
In order to support cross-stack relaying, we need to know what the source IP is going to be to write the packets from. To know this, we can simply learn the destination IP address for incoming packets to our XDP program. A separate cache is used per IP stack in order be a bit more cache line friendly and prevent contention when only IP stack lookup is needed. Related: #10192 |
||
|
Thomas Eizinger
|
70a930e45d |
chore(relay): use existing ebpf module import (#10202)
|
||
|
Jamil
|
b07fa341cf |
feat(relay): XDP driver (native) mode for gVNIC (#10177)
This updates our eBPF module to use DRV_MODE for less CPU overhead and better performance for all same-stack TURN relaying. Notably, gVNIC does not seem to support the `bpf_xdp_adjust_head` helper, so unfortunately we need to extend / shrink the packet tail and move the payload instead. Comprehensive benchmarks have not been performed, but early results show that we can saturate about 1 Gbps per E2 core on GCP: ``` [SUM] 0.00-30.04 sec 3.16 GBytes 904 Mbits/sec 12088 sender [SUM] 0.00-30.00 sec 3.12 GBytes 894 Mbits/sec receiver ``` This is with 64 TCP streams. More streams will better utilize all available RX queues, and lead to better performance. Related: #10138 Fixes: #8633 |
||
|
Jamil
|
46ffe8fe45 |
docs(relay): add note on channel map safety (#10194)
A fair bit of time was spent validating these map accesses are thread-safe, so just documenting that for the next reader to find. Related: https://github.com/firezone/firezone/issues/10138#issuecomment-3186074350 |
||
|
Jamil
|
3e3f555c1e |
fix(relay): swap MACs for relayed traffic (#10193)
In nearly all environments, we can safely assume that we will always use the same network gateway for forwarding relayed packets as the one we received them from. By leveraging this assumption, we can simply swap the SRC and DST MAC addresses, removing the need to keep a HaspMap for these, which eliminates the need to worry about thread-safety for this particular functionality. Related: #10138 |
||
|
Jamil
|
92137ee76b |
fix(relay): don't inline hotpath loop calls (#10185)
When inlining large(ish) functions that are on the hot-path, it creates a much longer program for the eBPF verifier to validate since the verifier is working through all packet sizes and types. We're hitting an issue on GCP (in the 8-core dev VM, XDP-generic) where verification fails on `main` due to the inlining of some hot-path functions. This PR is the smallest possible change that gets the program to load, highlighting the issue. In practice, I'm not there is a detectable performance difference between having these inlined vs not (especially in DRV_MODE) so I'm not sure it's worth the potential debugging headaches later on. |
||
|
dependabot[bot]
|
c5deb7a839 |
build(deps): bump @eslint/plugin-kit from 0.3.3 to 0.3.4 in /rust/gui-client in the npm_and_yarn group (#10044)
Bumps the npm_and_yarn group in /rust/gui-client with 1 update: [@eslint/plugin-kit](https://github.com/eslint/rewrite/tree/HEAD/packages/plugin-kit). Updates `@eslint/plugin-kit` from 0.3.3 to 0.3.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/eslint/rewrite/releases"><code>@eslint/plugin-kit</code>'s releases</a>.</em></p> <blockquote> <h2>plugin-kit: v0.3.4</h2> <h2><a href="https://github.com/eslint/rewrite/compare/plugin-kit-v0.3.3...plugin-kit-v0.3.4">0.3.4</a> (2025-07-21)</h2> <h3>Bug Fixes</h3> <ul> <li>potential quadratic runtime in regular expression (<a href="https://redirect.github.com/eslint/rewrite/issues/240">#240</a>) (<a href=" |
||
|
Firezone Bot
|
95ee111e62 | chore: publish apple-client 1.5.7 (#10159) | ||
|
Thomas Eizinger
|
507a8957c2 |
chore(connlib): only debug-assert non-retransmitted DNS queries (#10136)
When we receive the same TCP DNS query twice, we currently wrongly hit a debug assert. |
||
|
Thomas Eizinger
|
2dde3b8573 |
fix(relay): read from most-recently-ready socket first (#10148)
The relay uses `mio` to react to readiness events from multiple sockets at once. Including the control port 3478, the relay needs to also send and receive traffic from up to 16384 sockets (one for each possible allocation). We need to process readiness events from these sockets as fairly as possible. Under high-load, it may otherwise happen that we don't read packets from an allocation socket, resulting in ICE timeouts of the connection being relayed. To achieve this fairness, we collect all readiness tokens into a set and store it with the number of packets we have read so far from this socket. Then, we always read from the socket next that we have so far read the least amount of packets from. |
||
|
Thomas Eizinger
|
f27683760a | fix(relay): check for ANSI support on stdout (#10149) | ||
|
Thomas Eizinger
|
2841fd0017 |
chore(connlib): spawn dedicated tasks for UDP send/recv (#10147)
At the moment, `connlib`'s UDP thread spawns a single task for reading and writing to the UDP socket. It will always first try to write data before reading new data. To avoid scheduling issues, we split this into two dedicated tasks and insert ```rust tokio::task::yield_now().await; ``` into each loop. This allows the `tokio` runtime to schedule each of the tasks fairly even if one of them is very busy. For example, if we are very busy writing data (because we are receiving a lot of IP traffic), this ensures that we will occasionally also read from our socket to receive STUN control messages from our peers. |
||
|
Jamil
|
6ad10c8f39 |
fix(ci): use etc-resolv-conf as default in headless image (#10126)
The headless client image we ship doesn't have systemd-resolved. By
default, if you try to run it without setting the `FIREZONE_DNS_CONTROL`
var, it will exit with an unhelpful error message that is difficult to
diagnose / debug for anyone unfamiliar to the inner workings of the
headless client:
```
Error: I/O error: No such file or directory (os error 2)
Caused by:
No such file or directory (os error 2)
Stack backtrace:
0: anyhow::error::<impl core::convert::From<E> for anyhow::Error>::from
1: firezone_bin_shared::network_changes::imp::Worker::new_dbus::{{closure}}
2: firezone_headless_client::main::{{closure}}
3: tokio::runtime::runtime::Runtime::block_on
4: firezone_headless_client::main
5: std::sys::backtrace::__rust_begin_short_backtrace
6: std::rt::lang_start::{{closure}}
7: main
```
To fix this, we set `FIREZONE_DNS_CONTROL=etc-resolv-conf` for the user
inside our headless-client image.
---------
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
|
||
|
Thomas Eizinger
|
3e46727362 |
chore(snownet): improve logging of boringtun session index (#10135)
Previously, boringtun's sender/receiver index of a session would just be rendered as a full u32. In reality, this u32 contains two pieces of information: The higher 24 bits identify the peer and the lower 8 bits identify the session with that peer. With the update to boringtun in https://github.com/firezone/boringtun/pull/112, we encode this logic in a dedicated type that has prints this information separately. Here is what the logs now look like: ``` 2025-08-05T07:38:37.742Z DEBUG boringtun::noise: Received handshake_response local_idx=(3428714|1) remote_idx=(1937676|1) 2025-08-05T07:38:37.743Z DEBUG boringtun::noise: New session idx=(3428714|1) 2025-08-05T07:38:37.743Z DEBUG boringtun::noise: Sending keepalive local_idx=(3428714|1) ``` |
||
|
dependabot[bot]
|
036cae84f3 |
build(deps): bump tokio from 1.46.1 to 1.47.1 in /rust (#10119)
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.46.1 to 1.47.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tokio/releases">tokio's releases</a>.</em></p> <blockquote> <h2>Tokio v1.47.1</h2> <h1>1.47.1 (August 1st, 2025)</h1> <h3>Fixed</h3> <ul> <li>process: fix panic from spurious pidfd wakeup (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7494">#7494</a>)</li> <li>sync: fix broken link of Python <code>asyncio.Event</code> in <code>SetOnce</code> docs (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7485">#7485</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tokio/issues/7485">#7485</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7485">tokio-rs/tokio#7485</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7494">#7494</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7494">tokio-rs/tokio#7494</a></p> <h2>Tokio v1.47.0</h2> <h1>1.47.0 (July 25th, 2025)</h1> <p>This release adds <code>poll_proceed</code> and <code>cooperative</code> to the <code>coop</code> module for cooperative scheduling, adds <code>SetOnce</code> to the <code>sync</code> module which provides similar functionality to [<code>std::sync::OnceLock</code>], and adds a new method <code>sync::Notify::notified_owned()</code> which returns an <code>OwnedNotified</code> without a lifetime parameter.</p> <h2>Added</h2> <ul> <li>coop: add <code>cooperative</code> and <code>poll_proceed</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7405">#7405</a>)</li> <li>sync: add <code>SetOnce</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7418">#7418</a>)</li> <li>sync: add <code>sync::Notify::notified_owned()</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7465">#7465</a>)</li> </ul> <h2>Changed</h2> <ul> <li>deps: upgrade windows-sys 0.52 → 0.59 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7117">#7117</a>)</li> <li>deps: update to socket2 v0.6 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7443">#7443</a>)</li> <li>sync: improve <code>AtomicWaker::wake</code> performance (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7450">#7450</a>)</li> </ul> <h2>Documented</h2> <ul> <li>metrics: fix listed feature requirements for some metrics (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7449">#7449</a>)</li> <li>runtime: improve safety comments of <code>Readiness<'_></code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7415">#7415</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tokio/issues/7405">#7405</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7405">tokio-rs/tokio#7405</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7415">#7415</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7415">tokio-rs/tokio#7415</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7418">#7418</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7418">tokio-rs/tokio#7418</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7449">#7449</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7449">tokio-rs/tokio#7449</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7450">#7450</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7450">tokio-rs/tokio#7450</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7465">#7465</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7465">tokio-rs/tokio#7465</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
8f35f3a0dc |
build(deps): bump serde_json from 1.0.141 to 1.0.142 in /rust (#10121)
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.141 to 1.0.142. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/json/releases">serde_json's releases</a>.</em></p> <blockquote> <h2>v1.0.142</h2> <ul> <li>impl Default for &Value (<a href="https://redirect.github.com/serde-rs/json/issues/1265">#1265</a>, thanks <a href="https://github.com/aatifsyed"><code>@aatifsyed</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
50f2cc3e2c |
build(deps): bump uniffi from 0.29.3 to 0.29.4 in /rust (#10113)
Bumps [uniffi](https://github.com/mozilla/uniffi-rs) from 0.29.3 to 0.29.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mozilla/uniffi-rs/blob/main/CHANGELOG.md">uniffi's changelog</a>.</em></p> <blockquote> <h2>v0.29.4 (backend crates: v0.29.4) - (<em>2025-07-24</em>)</h2> <ul> <li>Fixed a bug where objects with alignment >= 32 could be freed to early (<a href="https://redirect.github.com/mozilla/uniffi-rs/issues/2600">mozilla/uniffi-rs#2600</a>)</li> </ul> <p><a href="https://github.com/mozilla/uniffi-rs/compare/v0.29.3...v0.29.4">All changes in v0.29.4</a>.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
f4e69a2743 |
build(deps): bump rangemap from 1.5.1 to 1.6.0 in /rust (#10116)
Bumps [rangemap](https://github.com/jeffparsons/rangemap) from 1.5.1 to 1.6.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jeffparsons/rangemap/blob/main/CHANGELOG.md">rangemap's changelog</a>.</em></p> <blockquote> <h3>v1.6.0 (2025-07-26)</h3> <ul> <li><strong>Features</strong>: <ul> <li>Add quickcheck support, gated behind the <code>quickcheck</code> feature.</li> <li>Improve performance of <code>RangeMap::gaps</code> by efficiently seeking to the start of the query range.</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/jeffparsons/rangemap/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |