Whenever we route a packet from the Client to a DNS resource, we now
also capture the domain name. If this is the first packet and we are
thus creating a new flow, we'll save that domain in it. Later packets
for the same IP are rolled up under the same flow and thus don't need to
re-set the domain.
Resolves: #10691
In order to properly free all memory allocated by the `Event` returned
from connlib, we need to `.destroy()` it. For this to happen
automatically, we can call the `.use` helper.
Unfortunately, there are no compile-time warnings about this so we have
to manually audit the generated code to check which objects needs
closing after use.
From what I can gather, the `Event` only needs to be closed because we
hold a reference to the `DisconnectError` inside `Disconnected`. Because
we exit after that anyway, I believe all memory is free'd regardless
already.
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 24.5.0 to 24.5.2.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
In order to secure an APT repository, the `Release` file containing the
hashes of all packages needs to be signed with a GPG key. These
signatures simply need to be synced back up to the repository. The rest
is handled by `apt` itself.
Resolves: #10599
This integration test is currently flaky because we might "roam" between
IPv4 and IPv6 during ICE already. To assert that we actually roamed, we
need to check that we have at least 3 different source tuples in our
list of flows.
Bumps [etherparse](https://github.com/JulianSchmid/etherparse) from
0.17.0 to 0.19.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/JulianSchmid/etherparse/releases">etherparse's
releases</a>.</em></p>
<blockquote>
<h2>v0.19.0 Add basic ICMPv6 Neighbor Discovery Support</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: add ICMPv6 neighbour solicitation by <a
href="https://github.com/thomaseizinger"><code>@thomaseizinger</code></a>
in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/129">JulianSchmid/etherparse#129</a></li>
<li>Minor fixups for ICMPv6 NeighborSolicitation &
NeighborAdvertisement & Add RouterSolicitation &
RouterAdvertisement & Redirect by <a
href="https://github.com/JulianSchmid"><code>@JulianSchmid</code></a>
in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/130">JulianSchmid/etherparse#130</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/thomaseizinger"><code>@thomaseizinger</code></a>
made their first contribution in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/129">JulianSchmid/etherparse#129</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/JulianSchmid/etherparse/compare/v0.18.2...v0.19.0">https://github.com/JulianSchmid/etherparse/compare/v0.18.2...v0.19.0</a></p>
<h2>v0.18.2 Add core::error::Error implementation to non_std build</h2>
<h2>What's Changed</h2>
<ul>
<li>Implement core::error::Error for the error types by <a
href="https://github.com/xyzzyz"><code>@xyzzyz</code></a> in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/127">JulianSchmid/etherparse#127</a></li>
<li>Increment version 0.18.2 by <a
href="https://github.com/JulianSchmid"><code>@JulianSchmid</code></a>
in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/128">JulianSchmid/etherparse#128</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/xyzzyz"><code>@xyzzyz</code></a> made
their first contribution in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/127">JulianSchmid/etherparse#127</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/JulianSchmid/etherparse/compare/v0.18.1...v0.18.2">https://github.com/JulianSchmid/etherparse/compare/v0.18.1...v0.18.2</a></p>
<h2>v0.18.1 Add LaxPacketHeader:: from_linux_sll</h2>
<h2>What's Changed</h2>
<ul>
<li>Add from_linux_sll for LaxPacketHeaders by <a
href="https://github.com/shu-kitamura"><code>@shu-kitamura</code></a>
in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/125">JulianSchmid/etherparse#125</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/shu-kitamura"><code>@shu-kitamura</code></a>
made their first contribution in <a
href="https://redirect.github.com/JulianSchmid/etherparse/pull/125">JulianSchmid/etherparse#125</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/JulianSchmid/etherparse/compare/v0.18.0...v0.18.1">https://github.com/JulianSchmid/etherparse/compare/v0.18.0...v0.18.1</a></p>
<h2>v0.18.0 MACsec Support & ECN+DSCP Support for IPv6</h2>
<h2>What are the major changes?</h2>
<ul>
<li>Support for MACsec (IEEE 802.1AE)</li>
<li>The <code>vlan</code> field in <code>SlicedPacket</code>,
<code>LaxSlicedPacket</code>, <code>PacketHeaders</code>,
<code>LaxPacketHeaders</code> has been replaced with
<code>link_exts</code>.</li>
<li><code>Ipv4Ecn</code> & <code>Ipv4Dscp</code> have been replaced
by <code>IpEcn</code> & <code>IpDscp</code>.</li>
<li><code>Ipv6Header</code> & <code>Ipv6HeaderSlice</code> now
supports the reading & setting of <code>IpEcn</code> &
<code>IpDscp</code> (thanks to <a
href="https://github.com/baxterjo"><code>@baxterjo</code></a>)</li>
<li><code>LaxEtherPayloadSlice</code> has been introduced &
<code>len_source</code> added to <code>EtherPayloadSlice</code>.</li>
<li><code>source_addr()</code> & <code>destination_addr()</code>
methods of <code>IpSlice</code>, <code>Ipv4HeaderSlice</code>,
<code>Ipv6Header</code>, <code>Ipv6HeaderSlice</code>,
<code>LaxIpSlice</code> are now available in non-std mode (thanks to <a
href="https://github.com/Dominaezzz"><code>@Dominaezzz</code></a>)</li>
<li>Minimum supported Rust version as been configured to 1.83.0 (thanks
to <a
href="https://github.com/baxterjo"><code>@baxterjo</code></a>)</li>
</ul>
<h3>What is MACsec (IEEE 802.1AE)?</h3>
<p>MACsec is a protocol that allows the signing and/or encryption of
packet contents from the link layer downwards. The main difference
between MACsec and IPSec is that IPSec is located after the IP header
while MACsec is located above the IP header and can also encrypt the
contents of the IP header itself while IPSSec does not encrypt the IP
header. As such MACsec is usually used to secure local networks, while
IPSec is more commonly used for VPNs and alike that leave the local
network.</p>
<h3>Changes needed for MACsec Support</h3>
<p>Adding MACsec support required some breaking changes, specifically on
how VLAN headers are handled. The MACsec SECTAG is a header that can be
present in the same locations as "VLAN" headers. It has no
fixed position and can be located before or after VLAN headers or after
the Ethernet 2 header without a VLAN header being present at all. This
invalidates the assumption <code>etherparse</code> had in previous
versions that VLAN headers are always directly located after the
Ethernet2 header and that if there are multiple VLAN headers that they
are directly located after each other. Now there could be a MACsec
header present in between VLAN headers.</p>
<p>To support the different combinations of MACSec & VLAN headers
the <code>vlan</code> field in <code>SlicedPacket</code>,
<code>PacketHeaders</code>, <code>LaxSlicedPacket</code> &
<code>LaxPacketHeaders</code> has been replaced with a
<code>link_exts</code> field that can contain up to three "link
extensions":</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b76f71ac3e"><code>b76f71a</code></a>
Update version to 0.19.0 for etherparse</li>
<li><a
href="9fd5758f78"><code>9fd5758</code></a>
Merge pull request <a
href="https://redirect.github.com/JulianSchmid/etherparse/issues/130">#130</a>
from JulianSchmid/coverage-fixups</li>
<li><a
href="cd9266d03f"><code>cd9266d</code></a>
Add Router & Redirect ICMPv6 messages</li>
<li><a
href="e50e502898"><code>e50e502</code></a>
Renamed neighbour_discovery.rs to neighbor_advertisement_header.rs</li>
<li><a
href="46b4dfbfcf"><code>46b4dfb</code></a>
Further tests for coverage</li>
<li><a
href="d821f04435"><code>d821f04</code></a>
Further tests for coverage</li>
<li><a
href="454c35c271"><code>454c35c</code></a>
Increment version to 0.19.0</li>
<li><a
href="79b915aa2d"><code>79b915a</code></a>
Minor fixups for ICMPv6</li>
<li><a
href="9e967ba879"><code>9e967ba</code></a>
Merge pull request <a
href="https://redirect.github.com/JulianSchmid/etherparse/issues/129">#129</a>
from thomaseizinger/feat/icmpv6-neighbour-soliciation</li>
<li><a
href="e59fc8498b"><code>e59fc84</code></a>
Add ICMPv6 neighbour solicitation</li>
<li>Additional commits viewable in <a
href="https://github.com/JulianSchmid/etherparse/compare/v0.17.0...v0.19.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Why:
* Now that soft delete fields have been removed being referenced in the
codebase and soft deleted rows have been removed from the DB we can now
remove any remaining traces of soft delete functionality.
Resolves#8187
Bumps [ringbuffer](https://github.com/NULLx76/ringbuffer) from 0.15.0 to
0.16.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/NULLx76/ringbuffer/releases">ringbuffer's
releases</a>.</em></p>
<blockquote>
<h2>0.16.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Implement nth and nth_back to provide a O(1) way of skipping through
elements by <a
href="https://github.com/cdellacqua"><code>@cdellacqua</code></a> in <a
href="https://redirect.github.com/NULLx76/ringbuffer/pull/142">NULLx76/ringbuffer#142</a></li>
<li>Increase copy speed by orders of magnitude by <a
href="https://github.com/cdellacqua"><code>@cdellacqua</code></a> in <a
href="https://redirect.github.com/NULLx76/ringbuffer/pull/142">NULLx76/ringbuffer#142</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/NULLx76/ringbuffer/compare/0.15.0...v0.16.0">https://github.com/NULLx76/ringbuffer/compare/0.15.0...v0.16.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8aaaec89b0"><code>8aaaec8</code></a>
Merge pull request <a
href="https://redirect.github.com/NULLx76/ringbuffer/issues/145">#145</a>
from NULLx76/v0.16.0</li>
<li><a
href="b6adc9520f"><code>b6adc95</code></a>
bump version to 0.16.0</li>
<li><a
href="5250e7bca3"><code>5250e7b</code></a>
fix toml</li>
<li><a
href="ecdc089764"><code>ecdc089</code></a>
Merge branch 'main' of github.com:NULLx76/ringbuffer</li>
<li><a
href="c89c9ae35d"><code>c89c9ae</code></a>
fix readme msrv</li>
<li><a
href="9f4b442a78"><code>9f4b442</code></a>
Merge pull request <a
href="https://redirect.github.com/NULLx76/ringbuffer/issues/141">#141</a>
from cdellacqua/main</li>
<li><a
href="400dac6032"><code>400dac6</code></a>
Merge pull request <a
href="https://redirect.github.com/NULLx76/ringbuffer/issues/144">#144</a>
from NULLx76/fix-ci</li>
<li><a
href="27ddaea900"><code>27ddaea</code></a>
update ci workflows</li>
<li><a
href="f0224853e1"><code>f022485</code></a>
Merge remote-tracking branch 'origin/main' into cdellacqua/main</li>
<li><a
href="a9383ff84e"><code>a9383ff</code></a>
Merge branch 'main' of github.com:NULLx76/ringbuffer</li>
<li>Additional commits viewable in <a
href="https://github.com/NULLx76/ringbuffer/compare/0.15.0...v0.16.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.22.0 to
3.23.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md">tempfile's
changelog</a>.</em></p>
<blockquote>
<h2>3.23.0</h2>
<ul>
<li>Remove need for the "nightly" feature to compile with
"wasip2".</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fe9f4a305b"><code>fe9f4a3</code></a>
chore: release v3.23.0 (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/381">#381</a>)</li>
<li><a
href="006c3fd55a"><code>006c3fd</code></a>
fix: use std::os::fd instead of std::os::wasi (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/380">#380</a>)</li>
<li><a
href="b0e6309a58"><code>b0e6309</code></a>
doc: Update COPYRIGHT link (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/377">#377</a>)</li>
<li><a
href="2d6fc3fb57"><code>2d6fc3f</code></a>
Fix formatting in Builder::disable_cleanup documentation (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/375">#375</a>)</li>
<li>See full diff in <a
href="https://github.com/Stebalien/tempfile/compare/v3.22.0...v3.23.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
According to GitHub support, this API call is responsible for most of
our API usage. Until we find a better way of organising this, checking
every only minute should be fine too, even if it slows down the merge
queue a bit.
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Even prior to #10373, failures in resolving a name on the Gateway for a
DNS resource resulted in a failure of setting up the DNS resource NAT.
Without the DNS resource NAT, packets for that resource bounced on the
Gateway because we didn't have any traffic filters.
A non-existent filter is being treated as a "traffic not allowed" error
and we respond with an ICMP permission denied error. For domains where
both the A and AAAA query result in NXDOMAIN, that isn't necessarily
appropriate. Instead, I am proposing that for such cases, we want to
return a regular "address/host unreachable" ICMP error instead of the
more specific "permission denied" variant.
To achieve that, we refactor the Gateway's peer state to be able to hold
an `Option<IpAddr>` inside the `TranslationState`. This allows us to
always insert an entry for each proxy IP, even if we did not resolve any
IPs for it. Then, when receiving traffic for a proxy IP where the
resolved IP is `None`, we reply with the appropriate ICMP error.
As part of this, we also simplify the assignment of the proxy IPs. With
the NAT64 module removed, there is no more reason to cross-assign IPv4
and IPv6 addresses. We can simply leave the mappings for e.g. IPv6 proxy
addresses empty if the AAAA query didn't resolve anything.
From the Client's perspective, not much changes. The DNS resource NAT
setup will now succeed, even for domains that don't resolve to anything.
This doesn't change any behaviour though as we are currently already
passing packets through for failed DNS resource NAT setups. The main
change is that we now send back a different ICMP error. Most
importantly, the "address/host unreachable variant" does not trigger
#10462.
This test is currently flaky on main because it may happen that we first
roam from our IPv4 address to the IPv6 one. Therefore, to make the
assertion pass we need to check that all flows have a different source
tuple and not just a different source port.
In order to distribute pre-releases, it is useful to have a `preview`
distribution in addition to the `stable` one.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Bumps
[futures-bounded](https://github.com/thomaseizinger/rust-futures-bounded)
from 0.2.4 to 0.3.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/thomaseizinger/rust-futures-bounded/blob/main/CHANGELOG.md">futures-bounded's
changelog</a>.</em></p>
<blockquote>
<h2>0.3.0</h2>
<ul>
<li>Allow for multiple timer implementations.
See <a
href="https://redirect.github.com/thomaseizinger/rust-futures-bounded/pull/5">PR
5</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/thomaseizinger/rust-futures-bounded/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Bumps [proptest-state-machine](https://github.com/proptest-rs/proptest)
from 0.3.1 to 0.4.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c073d523dc"><code>c073d52</code></a>
new releases for all crates (<a
href="https://redirect.github.com/proptest-rs/proptest/issues/578">#578</a>)</li>
<li><a
href="cea7a0215d"><code>cea7a02</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/574">#574</a>
from Nicolapps/nicolas/fix-proptest-derive-urls-in-er...</li>
<li><a
href="ff04a9e842"><code>ff04a9e</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/576">#576</a>
from proptest-rs/rand-0.9</li>
<li><a
href="febd329dc7"><code>febd329</code></a>
fix state-machine shrinking on <= 1 transitions</li>
<li><a
href="ba38531db8"><code>ba38531</code></a>
Fix not seeding custom RNG algorithm properly</li>
<li><a
href="0730e7e98d"><code>0730e7e</code></a>
Move from deprecated <code>Rng::gen()</code> to
<code>Rng::random()</code></li>
<li><a
href="d6a14ff8af"><code>d6a14ff</code></a>
Custom <code>usize</code> and <code>isize</code> implementation</li>
<li><a
href="fc7543e62c"><code>fc7543e</code></a>
update rand to 0.9</li>
<li><a
href="7683f5b693"><code>7683f5b</code></a>
Fix URLs in proptest-derive error messages</li>
<li><a
href="f7f3600133"><code>f7f3600</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/573">#573</a>
from Nicolapps/nicolas/fix-test-name</li>
<li>Additional commits viewable in <a
href="https://github.com/proptest-rs/proptest/compare/proptest-state-machine-0.3.1...proptest-state-machine-0.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Network flow logs are a common feature of VPNs. Due to the nature of a
shared exit node, it is of great interest to a network analyst, which
TCP connections are getting routed through the tunnel, who is initiating
them, for long do they last and how much traffic is sent across them.
With this PR, the Firezone Gateway gains the ability of detecting the
TCP and UDP flows that are being routed through it. The information we
want to attach to these flows is spread out over several layers of the
packet handling code. To simplify the implementation and not complicate
the APIs unnecessarily, we chose to rely on TLS (thread-local storage)
for gathering all the necessary data as a packet gets passed through the
various layers. When using a const initializer, the overhead of a TLS
variable over an actual local variable is basically zero. The entire
routing state of the Gateway is also never sent across any threads,
making TLS variables a particularly good choice for this problem.
In its MVP form, the detected flows are only emitted on stdout and also
that only if `flow_logs=trace` is set using `RUST_LOG`. Early adopters
of this feature are encouraged to enable these logs as described and
then ingest the Gateway's logs into the SIEM of their choice for further
analysis.
Related: #8353
When working on the `client-ffi` module on a Linux or Windows machine,
we currently see a lot of "unused code" warnings. We could feature-gate
the remaining functions too but that would result in not having
code-completion on those platforms at all.
To make working on this module more ergonomic, we add a dummy
constructor for the session.
The crates from https://github.com/open-i18n/rust-unic are unmaintained but they are still being pulled in via `tauri`. Unfortunately, we have to wait for an MSRV bump from `tauri` before the update of `urlpattern` can be completed. Until then, we need to ignore these advisories to keep our CI passing.
Related: https://github.com/tauri-apps/tauri/pull/14195
When signing in, it's a good idea to clear any previous session cookie
and regenerate it, preventing the chance that any unchecked data in a
possible-fixated session cookie is used.
The `Session.newAndroid` constructor can throw an exception.
Unfortunately, the Kotlin compiler didn't warn us about that and thus,
any errors when creating a new session caused the service process to
crash.
We fix this by wrapping the entire thing in a `try-catch-finally` block.
Resolves: #10289
As far as I can tell, the `async_runtime` config option doesn't exist in
UniFFI, hence we remove that.
Whilst going through the UniFFI docs, I also noticed that there is a
specific flag about Android that we can toggle on. Effectively, this
uses the shared
[`SystemCleaner`](https://developer.android.com/reference/android/system/SystemCleaner)
instead of a per-thread one which is supposed to be more performant.
Finally, using immutable records seems like a good idea as mutating any
FFI-originated field is not going to be reflected in connlib's state.
Preventing that at compile-time has a good chance of reducing bugs.
This code appears to be configured out in CI and thus we don't run
clippy there. My IDE pointed these out however so it seems fair enough
to fix them. It is just unnecessary references, doesn't actually have an
impact on the functionality.
First in a series of new monthly devlog posts to summarize what we've
shipped over the previous month.
Intentionally detailed and engineering focused - added a new
`Engineering` section to the blog.
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
For working on the Android app, we need an installation of the JDK.
Currently, that is being installed separately in CI. We already have
`.tool-versions` which is designed to take care of this so we add
OpenJDK 17 to the list of required tools and remove the dedicated CI
step.
Bumps [framer-motion](https://github.com/motiondivision/motion) from
12.23.12 to 12.23.18.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/motiondivision/motion/blob/main/CHANGELOG.md">framer-motion's
changelog</a>.</em></p>
<blockquote>
<h2>[12.23.18] 2025-09-19</h2>
<h3>Fixed</h3>
<ul>
<li><code><motion /></code> components now support changing
<code>ref</code> prop.</li>
</ul>
<h2>[12.23.17] 2025-09-19</h2>
<h3>Fixed</h3>
<ul>
<li>Ensure <code>animate()</code> <code>onComplete</code> only fires
once, when all values are complete.</li>
</ul>
<h2>[12.23.16] 2025-09-19</h2>
<h3>Fixed</h3>
<ul>
<li>Fixing <code>ref</code> when passed to a child of
<code>AnimatePresence</code> in <code>"popLayout"</code>
mode.</li>
</ul>
<h2>[12.23.15] 2025-09-18</h2>
<h3>Fixed</h3>
<ul>
<li>Fixing <code>export *</code> error in RSC.</li>
</ul>
<h2>[12.23.14] 2025-09-17</h2>
<h3>Fixed</h3>
<ul>
<li>Fixing types of <code>Reorder.Item</code> and
<code>Reorder.Group</code> so incorrect HTML props are correctly
flagged.</li>
<li>Reverting rehydration of <code>externalRef</code> when it
switches.</li>
</ul>
<h2>[12.23.13] 2025-09-16</h2>
<h3>Fixed</h3>
<ul>
<li>Fixed issue where motion components don't update refs when
externalRef changes. The <code>useMotionRef</code> function now properly
includes <code>externalRef</code> in the dependency array to ensure ref
callbacks update when the external ref changes.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Stopped tracking yarn cache in the repo.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ffe5182684"><code>ffe5182</code></a>
v12.23.18</li>
<li><a
href="b4f71424c0"><code>b4f7142</code></a>
Adding changelog csv script</li>
<li><a
href="4c3cc17b37"><code>4c3cc17</code></a>
Merge pull request <a
href="https://redirect.github.com/motiondivision/motion/issues/3374">#3374</a>
from motiondivision/fix/handle-external-ref</li>
<li><a
href="1800f34159"><code>1800f34</code></a>
Fixing changed external ref</li>
<li><a
href="7d11517d3a"><code>7d11517</code></a>
v12.23.17</li>
<li><a
href="b2e348812f"><code>b2e3488</code></a>
Updating changelog</li>
<li><a
href="990686d31c"><code>990686d</code></a>
Refactor</li>
<li><a
href="9182d2c5dd"><code>9182d2c</code></a>
Merge pull request <a
href="https://redirect.github.com/motiondivision/motion/issues/3343">#3343</a>
from rortan134/fix-3337</li>
<li><a
href="063d9b1158"><code>063d9b1</code></a>
Merge branch 'main' into fix-3337</li>
<li><a
href="13129dad58"><code>13129da</code></a>
v12.23.16</li>
<li>Additional commits viewable in <a
href="https://github.com/motiondivision/motion/compare/v12.23.12...v12.23.18">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 24.3.0 to 24.5.2.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[@next/mdx](https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx)
from 15.3.3 to 15.5.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases"><code>@next/mdx</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v15.5.3</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>fix: validation return types of pages API routes (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83069">#83069</a>)</li>
<li>fix: relative paths in dev in validator.ts (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83073">#83073</a>)</li>
<li>fix: remove satisfies keyword from type validation to preserve old
TS compatibility (<a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83071">#83071</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/bgub"><code>@bgub</code></a> for helping!</p>
<h2>v15.5.1-canary.39</h2>
<h3>Core Changes</h3>
<ul>
<li>[metadata] change the metadata routes params to promises: <a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83560">#83560</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/huozhi"><code>@huozhi</code></a> for
helping!</p>
<h2>v15.5.1-canary.38</h2>
<h3>Core Changes</h3>
<ul>
<li>Ignore unhandledRejection events for promises that reject after a
React render aborts: <a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83590">#83590</a></li>
<li>Update font data: <a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83631">#83631</a></li>
<li>[dev] Serve static metadata from filesystem: <a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83460">#83460</a></li>
</ul>
<h3>Misc Changes</h3>
<ul>
<li>Turbopack: run NFT unit test: <a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83233">#83233</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/gnoff"><code>@gnoff</code></a>, <a
href="https://github.com/vercel-release-bot"><code>@vercel-release-bot</code></a>,
<a
href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>,
and <a href="https://github.com/mischnic"><code>@mischnic</code></a>
for helping!</p>
<h2>v15.5.1-canary.37</h2>
<h3>Core Changes</h3>
<ul>
<li>Development: Make 'ready in' 195ms faster: <a
href="https://github.com/vercel/next.js/tree/HEAD/packages/next-mdx/issues/83628">#83628</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/timneutkens"><code>@timneutkens</code></a> for
helping!</p>
<h2>v15.5.1-canary.36</h2>
<h3>Core Changes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="07d1cbc9c6"><code>07d1cbc</code></a>
v15.5.3</li>
<li><a
href="497ec6aa08"><code>497ec6a</code></a>
v15.5.2</li>
<li><a
href="cc68ced552"><code>cc68ced</code></a>
v15.5.1</li>
<li><a
href="7e08c8223d"><code>7e08c82</code></a>
v15.5.0</li>
<li><a
href="8f6d345d2d"><code>8f6d345</code></a>
v15.4.2-canary.56</li>
<li><a
href="e3e21977ed"><code>e3e2197</code></a>
v15.4.2-canary.55</li>
<li><a
href="a745826b2c"><code>a745826</code></a>
v15.4.2-canary.54</li>
<li><a
href="bec38efdb6"><code>bec38ef</code></a>
v15.4.2-canary.53</li>
<li><a
href="97dbf5f2e1"><code>97dbf5f</code></a>
v15.4.2-canary.52</li>
<li><a
href="9934b3788a"><code>9934b37</code></a>
v15.4.2-canary.51</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/commits/v15.5.3/packages/next-mdx">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
In the spirit of making Firezone as robust as possible, we make the FFI
calls infallible and complete as much of the task as possible. For
example, we don't fail `setDns` entirely just because we cannot parse a
single DNS server's IP.
Resolves: #10611
dependabot[bot]