mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
ad433dd58b0a4afc8db9ebc7a8a36cffed5fbe87
7137 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
ad433dd58b |
build(deps): bump com.google.code.gson:gson from 2.13.0 to 2.13.1 in /kotlin/android (#8977)
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.13.0 to 2.13.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/gson/releases">com.google.code.gson:gson's releases</a>.</em></p> <blockquote> <h2>Gson 2.13.1</h2> <h2>What's Changed</h2> <ul> <li>Give FieldNamingStrategy the ability to return multiple String names by <a href="https://github.com/mfriesen"><code>@mfriesen</code></a> in <a href="https://redirect.github.com/google/gson/pull/2776">google/gson#2776</a></li> <li>Remove outdated android-proguard-example by <a href="https://github.com/Goooler"><code>@Goooler</code></a> in <a href="https://redirect.github.com/google/gson/pull/2843">google/gson#2843</a></li> <li>Adjust Troubleshooting Guide ProGuard / R8 section by <a href="https://github.com/Marcono1234"><code>@Marcono1234</code></a> in <a href="https://redirect.github.com/google/gson/pull/2844">google/gson#2844</a></li> <li>Update dependencies, including the problematic <code>com.google.errorprone:error_prone_annotations:2.37.0</code>.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mfriesen"><code>@mfriesen</code></a> made their first contribution in <a href="https://redirect.github.com/google/gson/pull/2776">google/gson#2776</a></li> <li><a href="https://github.com/Goooler"><code>@Goooler</code></a> made their first contribution in <a href="https://redirect.github.com/google/gson/pull/2843">google/gson#2843</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google/gson/compare/gson-parent-2.13.0...gson-parent-2.13.1">https://github.com/google/gson/compare/gson-parent-2.13.0...gson-parent-2.13.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a6c5653d66 |
build(deps): bump com.google.firebase:firebase-bom from 33.12.0 to 33.13.0 in /kotlin/android (#8978)
Bumps com.google.firebase:firebase-bom from 33.12.0 to 33.13.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
5d62a7d357 |
build(deps): bump ex_cldr_numbers from 2.35.0 to 2.35.1 in /elixir (#8974)
Bumps [ex_cldr_numbers](https://github.com/elixir-cldr/cldr_numbers)
from 2.35.0 to 2.35.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/elixir-cldr/cldr_numbers/releases">ex_cldr_numbers's
releases</a>.</em></p>
<blockquote>
<h2>Cldr Numbers version 2.35.1</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Fix formatting currency amounts when the currency format does not
have a digit placeholder (<code>0</code> and <code>#</code>) directly
next to the currency placeholder (<code>¤</code>). Thanks to <a
href="https://github.com/benregn"><code>@benregn</code></a> for the
report. Closes <a
href="https://redirect.github.com/elixir-cldr/cldr_numbers/issues/54">#54</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/elixir-cldr/cldr_numbers/blob/main/CHANGELOG.md">ex_cldr_numbers's
changelog</a>.</em></p>
<blockquote>
<h2>Cldr Numbers v2.35.1</h2>
<p>This is the changelog for Cldr v2.35.1 released on April 23rd, 2025.
For older changelogs please consult the release tag on <a
href="https://github.com/elixir-cldr/cldr_numbers/tags">GitHub</a></p>
<h3>Bug Fixes</h3>
<ul>
<li>Fix formatting currency amounts when the currency format does not
have a digit placeholder (<code>0</code> and <code>#</code>) directly
next to the currency placeholder (<code>¤</code>). Thanks to <a
href="https://github.com/benregn"><code>@benregn</code></a> for the
report. Closes <a
href="https://redirect.github.com/elixir-cldr/cldr_numbers/issues/54">#54</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="
|
||
|
dependabot[bot]
|
aa4f66df37 |
build(deps): bump tzdata from 1.1.2 to 1.1.3 in /elixir (#8973)
Bumps [tzdata](https://github.com/lau/tzdata) from 1.1.2 to 1.1.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/lau/tzdata/blob/master/CHANGELOG.md">tzdata's changelog</a>.</em></p> <blockquote> <h2>[1.1.3] - 2025-03-05</h2> <h3>Fixed</h3> <ul> <li>Fix Elixir compiler warnings for decreasing ranges without explicit steps (Christoph Grothaus)</li> <li>Fix various Elixir compiler warnings (Thomas Cioppettini)</li> </ul> <h3>Changed</h3> <ul> <li>Now requires Elixir 1.9 or greater instead of 1.8 or greater.</li> <li>tzdata release version shipped with this library is now 2025a instead of 2024b.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
532c26fa48 |
build(deps): bump observer_cli from 1.8.2 to 1.8.3 in /elixir (#8970)
Bumps [observer_cli](https://github.com/zhongwencool/observer_cli) from 1.8.2 to 1.8.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/zhongwencool/observer_cli/releases">observer_cli's releases</a>.</em></p> <blockquote> <h2>1.8.3</h2> <h2>What's Changed</h2> <ul> <li>process_info(Pid, monitors) can also return {port, _} tuples by <a href="https://github.com/gomoripeti"><code>@gomoripeti</code></a> in <a href="https://redirect.github.com/zhongwencool/observer_cli/pull/110">zhongwencool/observer_cli#110</a></li> <li>correct the units shown for memory data by <a href="https://github.com/gonzalobf"><code>@gonzalobf</code></a> in <a href="https://redirect.github.com/zhongwencool/observer_cli/pull/111">zhongwencool/observer_cli#111</a></li> <li>Fix compile warning on OTP 27 by <a href="https://github.com/zmstone"><code>@zmstone</code></a> in <a href="https://redirect.github.com/zhongwencool/observer_cli/pull/114">zhongwencool/observer_cli#114</a></li> <li>Fix mnesia crash by handling unknown storage types by <a href="https://github.com/zhongwencool"><code>@zhongwencool</code></a> in <a href="https://redirect.github.com/zhongwencool/observer_cli/pull/115">zhongwencool/observer_cli#115</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/gonzalobf"><code>@gonzalobf</code></a> made their first contribution in <a href="https://redirect.github.com/zhongwencool/observer_cli/pull/111">zhongwencool/observer_cli#111</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/zhongwencool/observer_cli/compare/v1.8.2...1.8.3">https://github.com/zhongwencool/observer_cli/compare/v1.8.2...1.8.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
48151cb4ba |
build(deps): bump argon2_elixir from 4.1.2 to 4.1.3 in /elixir (#8966)
Bumps [argon2_elixir](https://github.com/riverrun/argon2_elixir) from 4.1.2 to 4.1.3. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
9022ead6ca |
build(deps): bump fast-xml-parser from 5.2.0 to 5.2.1 in /website (#8963)
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.2.0 to 5.2.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">fast-xml-parser's changelog</a>.</em></p> <blockquote> <p><!-- raw HTML omitted -->Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.<!-- raw HTML omitted --></p> <p><strong>5.2.1 / 2025-04-22</strong></p> <ul> <li>fix: read DOCTYPE entity value correctly</li> <li>read DOCTYPE NOTATION, ELEMENT exp but not using read values</li> </ul> <p><strong>5.2.0 / 2025-04-03</strong></p> <ul> <li>feat: support metadata on nodes (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/593">#593</a>) (By <a href="https://github.com/srl295">Steven R. Loomis</a>)</li> </ul> <p><strong>5.1.0 / 2025-04-02</strong></p> <ul> <li>feat: declare package as side-effect free (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/738">#738</a>) (By <a href="https://github.com/tbouffard">Thomas Bouffard</a>)</li> <li>fix cjs build mode</li> <li>fix builder return type to string</li> <li></li> </ul> <p><strong>5.0.9 / 2025-03-14</strong></p> <ul> <li>fix: support numeric entities with values over 0xFFFF (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/726">#726</a>) (By <a href="https://github.com/mcdurdin">Marc Durdin</a>)</li> <li>fix: update strnum to fix parsing 0 if skiplike option is used</li> </ul> <p><strong>5.0.8 / 2025-02-27</strong></p> <ul> <li>fix parsing 0 if skiplike option is used. <ul> <li>updating strnum dependency</li> </ul> </li> </ul> <p><strong>5.0.7 / 2025-02-25</strong></p> <ul> <li>fix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/724">#724</a>) typings for cjs.</li> </ul> <p><strong>5.0.6 / 2025-02-20</strong></p> <ul> <li>fix cli output (By <a href="https://github.com/angeld7">Angel Delgado</a>) <ul> <li>remove multiple JSON parsing</li> </ul> </li> </ul> <p><strong>5.0.5 / 2025-02-20</strong></p> <ul> <li>fix parsing of string starting with 'e' or 'E' by updating strnum</li> </ul> <p><strong>5.0.4 / 2025-02-20</strong></p> <ul> <li>fix CLI to support all the versions of node js when displaying library version.</li> <li>fix CJS import in v5 <ul> <li>by fixing webpack config</li> </ul> </li> </ul> <p><strong>5.0.3 / 2025-02-20</strong></p> <ul> <li>Using strnum ESM module <ul> <li>new fixes in strum may break your experience</li> </ul> </li> </ul> <p><strong>5.0.2 / 2025-02-20</strong></p> <ul> <li>fix: include CommonJS resources in the npm package <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/714">#714</a> (By <a href="https://github.com/tbouffard">Thomas Bouffard</a>)</li> <li>fix: move babel deps to dev deps</li> </ul> <p><strong>5.0.1 / 2025-02-19</strong></p> <ul> <li>fix syntax error for CLI command</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
99cd9d1dec |
build(deps): bump @types/node from 22.14.0 to 22.15.3 in /website (#8961)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.14.0 to 22.15.3. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
74339f394b |
build(deps): bump rehype-highlight from 7.0.1 to 7.0.2 in /website (#8960)
Bumps [rehype-highlight](https://github.com/rehypejs/rehype-highlight) from 7.0.1 to 7.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rehypejs/rehype-highlight/releases">rehype-highlight's releases</a>.</em></p> <blockquote> <h2>7.0.2</h2> <h4>Fix</h4> <ul> <li>5c3b277 Fix multiple <code>code</code>s in a <code>pre</code></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rehypejs/rehype-highlight/compare/7.0.1...7.0.2">https://github.com/rehypejs/rehype-highlight/compare/7.0.1...7.0.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
8e054f5c74 |
fix(portal): Restrict WAL streaming to domain nodes only (#8956)
The `web` and `api` application use `domain` as a dependency in their `mix.exs`. This means by default their Supervisor will start the Domain's supervision tree as well. The author did not realize this at the time of implementation, and so we now leverage the convention in place for restricting tasks to `domain` nodes, the `background_jobs_enabled` application configuration parameter. We also add an info log when the replication slot is being started so we can verify the node it's starting on. |
||
|
Thomas Eizinger
|
12efba3cc2 |
ci: don't build Windows headless client for perf tests (#8980)
Checking this based on the image prefix is a bit hacky but should speed up the pipeline a bit. Related: #8948 |
||
|
dependabot[bot]
|
b2d36e2500 |
build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 (#8972)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.2.1 to 4.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>feat: implement new <code>artifact-ids</code> input by <a href="https://github.com/GrantBirki"><code>@GrantBirki</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/401">actions/download-artifact#401</a></li> <li>Fix workflow example for downloading by artifact ID by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/402">actions/download-artifact#402</a></li> <li>Prep for v4.3.0 release by <a href="https://github.com/robherley"><code>@robherley</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/404">actions/download-artifact#404</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/GrantBirki"><code>@GrantBirki</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/401">actions/download-artifact#401</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v4.2.1...v4.3.0">https://github.com/actions/download-artifact/compare/v4.2.1...v4.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
b08510100e |
build(deps): bump the tailwind group in /rust/gui-client with 2 updates (#8964)
Bumps the tailwind group in /rust/gui-client with 2 updates: [@tailwindcss/cli](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-cli) and [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss). Updates `@tailwindcss/cli` from 4.1.4 to 4.1.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/releases"><code>@tailwindcss/cli</code>'s releases</a>.</em></p> <blockquote> <h2>v4.1.5</h2> <h3>Added</h3> <ul> <li>Support using <code>@tailwindcss/upgrade</code> to upgrade between versions of v4.* (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17717">#17717</a>)</li> <li>Add <code>h-lh</code> / <code>min-h-lh</code> / <code>max-h-lh</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17790">#17790</a>)</li> <li>Transition <code>display</code>, <code>visibility</code>, <code>content-visibility</code>, <code>overlay</code>, and <code>pointer-events</code> when using <code>transition</code> to simplify <code>@starting-style</code> usage (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17812">#17812</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Don't scan <code>.geojson</code> or <code>.db</code> files for classes by default (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17700">#17700</a>, <a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17711">#17711</a>)</li> <li>Hide default shadow suggestions when missing default shadow theme keys (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17743">#17743</a>)</li> <li>Replace <code>_</code> with <code>.</code> in theme suggestions for <code>@utility</code> if surrounded by digits (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17733">#17733</a>)</li> <li>Skip <code>color-mix(…)</code> when opacity is <code>100%</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17815">#17815</a>)</li> <li>PostCSS: Ensure that errors in imported stylesheets are recoverable (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17754">#17754</a>)</li> <li>Upgrade: Bump all Tailwind CSS related dependencies during upgrade (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17763">#17763</a>)</li> <li>Upgrade: Don't add <code>-</code> to variants starting with <code>@</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17814">#17814</a>)</li> <li>Upgrade: Don't format stylesheets that didn't change when upgrading (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17824">#17824</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md"><code>@tailwindcss/cli</code>'s changelog</a>.</em></p> <blockquote> <h2>[4.1.5] - 2025-04-30</h2> <h3>Added</h3> <ul> <li>Support using <code>@tailwindcss/upgrade</code> to upgrade between versions of v4.* (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17717">#17717</a>)</li> <li>Add <code>h-lh</code> / <code>min-h-lh</code> / <code>max-h-lh</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17790">#17790</a>)</li> <li>Transition <code>display</code>, <code>visibility</code>, <code>content-visibility</code>, <code>overlay</code>, and <code>pointer-events</code> when using <code>transition</code> to simplify <code>@starting-style</code> usage (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17812">#17812</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Don't scan <code>.geojson</code> or <code>.db</code> files for classes by default (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17700">#17700</a>, <a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17711">#17711</a>)</li> <li>Hide default shadow suggestions when missing default shadow theme keys (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17743">#17743</a>)</li> <li>Replace <code>_</code> with <code>.</code> in theme suggestions for <code>@utility</code> if surrounded by digits (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17733">#17733</a>)</li> <li>Skip <code>color-mix(…)</code> when opacity is <code>100%</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17815">#17815</a>)</li> <li>PostCSS: Ensure that errors in imported stylesheets are recoverable (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17754">#17754</a>)</li> <li>Upgrade: Bump all Tailwind CSS related dependencies during upgrade (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17763">#17763</a>)</li> <li>Upgrade: Don't add <code>-</code> to variants starting with <code>@</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17814">#17814</a>)</li> <li>Upgrade: Don't format stylesheets that didn't change when upgrading (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/17824">#17824</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a2b4928ee7 |
build(deps-dev): bump @types/node from 22.14.1 to 22.15.3 in /rust/gui-client (#8965)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.14.1 to 22.15.3. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
c7827b9687 |
build(deps): bump google-github-actions/auth from 2.1.8 to 2.1.10 (#8969)
Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 2.1.8 to 2.1.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google-github-actions/auth/releases">google-github-actions/auth's releases</a>.</em></p> <blockquote> <h2>v2.1.10</h2> <h2>What's Changed</h2> <ul> <li>Declare workflow permissions by <a href="https://github.com/sethvargo"><code>@sethvargo</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/482">google-github-actions/auth#482</a></li> <li>Document that the OIDC token expires in 5min by <a href="https://github.com/sethvargo"><code>@sethvargo</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/483">google-github-actions/auth#483</a></li> <li>Release: v2.1.10 by <a href="https://github.com/google-github-actions-bot"><code>@google-github-actions-bot</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/484">google-github-actions/auth#484</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google-github-actions/auth/compare/v2.1.9...v2.1.10">https://github.com/google-github-actions/auth/compare/v2.1.9...v2.1.10</a></p> <h2>v2.1.9</h2> <h2>What's Changed</h2> <ul> <li>Use our custom boolean parsing by <a href="https://github.com/sethvargo"><code>@sethvargo</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/478">google-github-actions/auth#478</a></li> <li>Update deps by <a href="https://github.com/sethvargo"><code>@sethvargo</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/479">google-github-actions/auth#479</a></li> <li>Release: v2.1.9 by <a href="https://github.com/google-github-actions-bot"><code>@google-github-actions-bot</code></a> in <a href="https://redirect.github.com/google-github-actions/auth/pull/480">google-github-actions/auth#480</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google-github-actions/auth/compare/v2.1.8...v2.1.9">https://github.com/google-github-actions/auth/compare/v2.1.8...v2.1.9</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
993a82c18a |
build(deps): bump actions/setup-python from 5.5.0 to 5.6.0 (#8967)
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.5.0 to 5.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-python/releases">actions/setup-python's releases</a>.</em></p> <blockquote> <h2>v5.6.0</h2> <h2>What's Changed</h2> <ul> <li>Workflow updates related to Ubuntu 20.04 by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1065">actions/setup-python#1065</a></li> <li>Fix for Candidate Not Iterable Error by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1082">actions/setup-python#1082</a></li> <li>Upgrade semver and <code>@types/semver</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1091">actions/setup-python#1091</a></li> <li>Upgrade prettier from 2.8.8 to 3.5.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1046">actions/setup-python#1046</a></li> <li>Upgrade ts-jest from 29.1.2 to 29.3.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1081">actions/setup-python#1081</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-python/compare/v5...v5.6.0">https://github.com/actions/setup-python/compare/v5...v5.6.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
d5c5792047 |
build(deps): bump docker/build-push-action from 6.15.0 to 6.16.0 (#8968)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.15.0 to 6.16.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/build-push-action/releases">docker/build-push-action's releases</a>.</em></p> <blockquote> <h2>v6.16.0</h2> <ul> <li>Handle no default attestations env var by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1343">docker/build-push-action#1343</a></li> <li>Only print secret keys in build summary output by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1353">docker/build-push-action#1353</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.56.0 to 0.59.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1352">docker/build-push-action#1352</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.15.0...v6.16.0">https://github.com/docker/build-push-action/compare/v6.15.0...v6.16.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
b1408ebbff |
build(deps): bump taiki-e/install-action from 2.49.50 to 2.50.4 (#8971)
Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.49.50 to 2.50.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/taiki-e/install-action/releases">taiki-e/install-action's releases</a>.</em></p> <blockquote> <h2>2.50.4</h2> <ul> <li> <p>Update <code>typos@latest</code> to 1.31.2.</p> </li> <li> <p>Update <code>osv-scanner@latest</code> to 2.0.2.</p> </li> <li> <p>Update <code>cargo-nextest@latest</code> to 0.9.95.</p> </li> </ul> <h2>2.50.3</h2> <ul> <li>Update <code>cargo-zigbuild@latest</code> to 0.20.0.</li> </ul> <h2>2.50.2</h2> <ul> <li> <p>Update <code>cargo-lambda@latest</code> to 1.8.4.</p> </li> <li> <p>Update <code>syft@latest</code> to 1.23.1.</p> </li> </ul> <h2>2.50.1</h2> <ul> <li> <p>Update <code>syft@latest</code> to 1.23.0.</p> </li> <li> <p>Update <code>cargo-semver-checks@latest</code> to 0.41.0.</p> </li> </ul> <h2>2.50.0</h2> <ul> <li> <p>Support <code>taplo</code>. (<a href="https://redirect.github.com/taiki-e/install-action/pull/944">#944</a>, thanks <a href="https://github.com/vivienm"><code>@vivienm</code></a>)</p> </li> <li> <p>Update <code>wasmtime@latest</code> to 32.0.0.</p> </li> <li> <p>Update <code>release-plz@latest</code> to 0.3.133.</p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md">taiki-e/install-action's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>This project adheres to <a href="https://semver.org">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <h2>[Unreleased]</h2> <h2>[2.50.4] - 2025-05-01</h2> <ul> <li> <p>Update <code>typos@latest</code> to 1.31.2.</p> </li> <li> <p>Update <code>osv-scanner@latest</code> to 2.0.2.</p> </li> <li> <p>Update <code>cargo-nextest@latest</code> to 0.9.95.</p> </li> </ul> <h2>[2.50.3] - 2025-04-26</h2> <ul> <li>Update <code>cargo-zigbuild@latest</code> to 0.20.0.</li> </ul> <h2>[2.50.2] - 2025-04-26</h2> <ul> <li> <p>Update <code>cargo-lambda@latest</code> to 1.8.4.</p> </li> <li> <p>Update <code>syft@latest</code> to 1.23.1.</p> </li> </ul> <h2>[2.50.1] - 2025-04-25</h2> <ul> <li> <p>Update <code>syft@latest</code> to 1.23.0.</p> </li> <li> <p>Update <code>cargo-semver-checks@latest</code> to 0.41.0.</p> </li> </ul> <h2>[2.50.0] - 2025-04-21</h2> <ul> <li> <p>Support <code>taplo</code>. (<a href="https://redirect.github.com/taiki-e/install-action/pull/944">#944</a>, thanks <a href="https://github.com/vivienm"><code>@vivienm</code></a>)</p> </li> <li> <p>Update <code>wasmtime@latest</code> to 32.0.0.</p> </li> <li> <p>Update <code>release-plz@latest</code> to 0.3.133.</p> </li> </ul> <h2>[2.49.50] - 2025-04-16</h2> <ul> <li>Update <code>grcov@latest</code> to 0.9.1.</li> </ul> <h2>[2.49.49] - 2025-04-13</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
ea5709e8da |
chore(rust): initialise OTEL with useful metadata (#8945)
Once we start collecting metrics across various Clients and Gateways, these metrics need to be tagged with the correct `service.name`, `service.version` as well as an instance ID to differentiate metrics from different instances. |
||
|
Jamil
|
42b2420c00 |
ci(portal): Only set GIT_SHA before main app compile (#8955)
Delaying setting the GIT_SHA until as late as possible allows us to cache more layers. Fixes #8774 Related: #8948 |
||
|
Jamil
|
c0a670d947 |
fix(portal): Restart ReplicationConnection using Supervisor (#8953)
When deploying, the cluster state diverges temporarily, which allows
more than one `ReplicationConnection` process to start on the new nodes.
(One of) the old nodes still has an active slot, and we get an "object
in use" error `(Postgrex.Error) ERROR 55006 (object_in_use) replication
slot "events_slot" is active for PID 603037`.
Rather than use ReplicationConnection's restart behavior (which logs
tons of errors with Logger.error), we can use the Supervisor here
instead, and continue to try and start the ReplicationConnection until
successful.
Note that if the process name is registered (globally) and running,
ReplicationConnection.start_link/1 simply returns `{:ok, pid}` instead
of erroring out with `:already_running`, so eventually one of the nodes
will succeed and the remaining ones will return the globally-registered
pid.
|
||
|
Thomas Eizinger
|
8233db4d00 |
chore(connlib): bump quinn-udp (#8954)
The latest release includes our upstreamed fix for handling `segment_size` > `contents.len()` and therefore our local workaround is no longer necessary. |
||
|
dependabot[bot]
|
1ff545814d |
build(deps-dev): bump vite from 6.3.2 to 6.3.4 in /rust/gui-client in the npm_and_yarn group (#8949)
Bumps the npm_and_yarn group in /rust/gui-client with 1 update: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 6.3.2 to 6.3.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v6.3.4</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.3.4/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.3.3</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.3.3/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted -->6.3.4 (2025-04-30)<!-- raw HTML omitted --></h2> <ul> <li>fix: check static serve file inside sirv (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965">#19965</a>) (<a href=" |
||
|
Jamil
|
fdd1105b10 |
fix(portal): alter db user role with replication (#8952)
We need the `replication` attribute set on the db user. This is trivially done in a migration, and with the `CURRENT_USER` specifier, we don't need to fetch the Application configuration. |
||
|
Thomas Eizinger
|
8dd794d8c8 |
chore(gateway): record metrics about dropped packets (#8942)
When a NAT session expires or other unallowed traffic is routed to the Gateway, we drop these packets. It will be useful to learn, how often that actually happens and what the reason is for why they got dropped. To do so, we add a counter metric for these packets. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Jamil
|
1f8090c60d |
fix(portal): use existing database user for replication (#8950)
Turns out we are making replication overly complex by creating a dedicated user for it. The `web` user is already privileged and we can reuse it since the replication system operates in the same security context as the remaining app. |
||
|
Jamil
|
a98a9867af |
fix(portal): Redact entire connection_opts param (#8946)
The LoggerJSON Redactor only redacts top-level keys, so we need to redact the entire `connection_opts` param to redact its contained password. We also don't need to pass around `connection_opts` across the entire ReplicationConnection process state, only for the initial connection, so we refactor that out of the `state`. |
||
|
Jamil
|
ab617bf2d0 |
chore: Bump staging to fix replication role (#8947)
See https://github.com/firezone/environments/pull/24 |
||
|
Thomas Eizinger
|
8a201494d0 |
ci: remove flaky Windows benchmark (#8941)
This tunnel throughput benchmark isn't a very useful benchmark and it is very flaky. Remove it entirely until we can replace it with something more robust and useful. Resolves: #8172 |
||
|
Thomas Eizinger
|
6f11568c8c |
fix(connlib): move wire::dev::recv log to right location (#8944)
I don't understand why but in the current location, this log simply doesn't show up for anything other than UDP packets. If we move it up, it will actually log all packets. |
||
|
Thomas Eizinger
|
ec4cd898ba | chore: release Gateway v1.4.7 (#8943) | ||
|
Thomas Eizinger
|
e031dfdb4a |
refactor(connlib): introduce our own bufferpool crate (#8928)
We have been using buffer pools for a while all over `connlib` as a way
to efficiently use heap-allocated memory. This PR harmonizes the usage
of buffer pools across the codebase by introducing a dedicated
`bufferpool` crate. This crate offers a convenient and easy-to-use API
for all the things we (currently) need from buffer pools. As a nice
bonus of having it all in one place, we can now also track metrics of
how many buffers we have currently allocated.
An example output from the local metrics exporter looks like this:
```
Name : system.buffer.count
Description : The number of buffers allocated in the pool.
Unit : {buffers}
Type : Sum
Sum DataPoints
Monotonic : false
Temporality : Cumulative
DataPoint #0
StartTime : 2025-04-29 12:41:25.278436
EndTime : 2025-04-29 12:42:25.278088
Value : 96
Attributes :
-> system.buffer.pool.name: udp-socket-v6
-> system.buffer.pool.buffer_size: 65535
DataPoint #1
StartTime : 2025-04-29 12:41:25.278436
EndTime : 2025-04-29 12:42:25.278088
Value : 7
Attributes :
-> system.buffer.pool.buffer_size: 131600
-> system.buffer.pool.name: gso-queue
DataPoint #2
StartTime : 2025-04-29 12:41:25.278436
EndTime : 2025-04-29 12:42:25.278088
Value : 128
Attributes :
-> system.buffer.pool.name: udp-socket-v4
-> system.buffer.pool.buffer_size: 65535
DataPoint #3
StartTime : 2025-04-29 12:41:25.278436
EndTime : 2025-04-29 12:42:25.278088
Value : 8
Attributes :
-> system.buffer.pool.buffer_size: 1336
-> system.buffer.pool.name: ip-packet
DataPoint #4
StartTime : 2025-04-29 12:41:25.278436
EndTime : 2025-04-29 12:42:25.278088
Value : 9
Attributes :
-> system.buffer.pool.buffer_size: 1336
-> system.buffer.pool.name: snownet
```
Resolves: #8385
|
||
|
Thomas Eizinger
|
96998a43ae | docs(website): add missing changelog entry for Apple Clients (#8938) | ||
|
Thomas Eizinger
|
f7df445924 |
fix(gateway): don't invalidate active NAT sessions (#8937)
Whenever the Gateway is instructed to (re)create the NAT for a DNS resource, it performs a DNS query and then overwrite the existing entries in the NAT table. Depending on how the DNS records are defined, this may lead to a very bad user experience where connections are cut regularly. In particular, if a service utilises round-robin DNS where a DNS query only ever returns a single entry yet that entry may change as soon as the TTL expires, all connections for this particular DNS resource for a Client get cut. To fix this, we now first check for active NAT sessions for a given proxy IP and only replace it if we don't have an open NAT session. The NAT sessions have a TTL of 1 minute, meaning there needs to be at least 1 outgoing packet from the Client every minute to keep it open. |
||
|
Jamil
|
968db2ae39 |
feat(portal): Receive WAL events (#8909)
Firezone's control plane is a realtime, distributed system that relies on a broadcast/subscribe system to function. In many cases, these events are broadcasted whenever relevant data in the DB changes, such as an actor losing access to a policy, a membership being deleted, and so forth. Today, this is handled in the application layer, typically happening at the place where the relevant DB call is made (i.e. in an `after_commit`). While this approach has worked thus far, it has several issues: 1. We have no guarantee that the DB change will issue a broadcast. If the application is deployed or the process crashes after the DB changes are made but before the broadcast happens, we will have potentially failed to update any connected clients or gateways with the changes. 2. We have no guarantee that the order of DB updates will be maintained in order for broadcasts. In other words, app server A could win its DB operation against app server B, but then proceed to lose being the first to broadcast. 3. If the cluster is in a bad state where broadcasts may return an error (i.e. https://github.com/firezone/firezone/issues/8660), we will never retry the broadcast. To fix the above issues, we introduce a WAL logical decoder that process the event stream one message at a time and performs any needed work. Serializability is guaranteed since we only process the WAL in a single, cluster-global process, `ReplicationConnection`. Durability is also guaranteed since we only ACK WAL segments after we've successfully ingested the event. This means we will only advance the position of our WAL stream after successfully broadcasting the event. This PR only introduces the WAL stream processing system but does not introduce any changes to our current broadcasting behavior - that's saved for another PR. |
||
|
Jamil
|
2650d81444 | chore: release clients with GSO fix (#8936) | ||
|
Thomas Eizinger
|
c75b6c6641 |
feat(connlib): record the number of IO errors as a metric (#8934)
It will be interesting to learn for example, how many installations have no IPv6 connectivity as those will encounter `NetworkUnreachable` errors. We categorise the errors by IO direction and IP stack which will allow us to deduce this information. |
||
|
Thomas Eizinger
|
6dc5f85cc5 |
fix(connlib): don't buffer when recreating DNS resource NAT (#8935)
In order to detect changes to DNS records of DNS resources, `connlib` will recreate the DNS resource NAT whenever it receives a query for a DNS resource. The way we implemented this was by clearing the local state of the DNS resource NAT, which triggered us to perform the handshake with the Gateway again upon the next packet for this resource. The Gateway would then perform the DNS query and respond back when this was finished. In order to not drop any packets, `connlib` has a buffer where it keeps the packets that are arriving in the meantime. This works reasonably well when the connection is first set up because we are only buffering a TCP SYN or equivalent handshake packet. Yet, when the connection is full use, and the application just so happens to make another DNS query, we halt the entire flow of packets until this is confirmed again. To prevent high memory use, the buffer for this packets is constrained to 32 packets which is nowhere near enough when a connection is actively transferring data (like a file upload). In most cases, the DNS query on the Gateway will yield the exact same results as because the records haven't changed. Thus, there is no reason for us to actually halt the flow of these packets when we are _recreating_ the DNS resource NAT. That way, this handshake happens in parallel to the actual packet flow and does not interrupt anything in the happy path case. |
||
|
Thomas Eizinger
|
d19d20da51 |
fix(connlib): send IO errors from UDP threads to event-loop (#8933)
With #7590, we've moved all UDP IO operations to a separate thread. As a result, some of the error handling of IO errors within the Client's and Gateway's event-loop no longer applied as those are now captured within the respective thread. To fix this, we extend the type-signature of the receive-channel to also allow for errors and use that to send back errors from sending AND receiving UDP datagrams. |
||
|
Thomas Eizinger
|
4881280a3a |
fix(connlib): don't set segment_size if it is > than payload (#8932)
When a platform's network driver does not support GSO, `quinn-udp` detects that and disables segmentation offloading: > 04-30 11:32:49.161 19612 19836 I connlib : quinn_udp:👿 `libc::sendmsg` failed with I/O error (os error 5); halting segmentation offload What this means is that it sets an internal field that sets the GSO batch-size to 1 (instead of the default 32). We then use this batch-size to compute, how we are meant to chunk up the already batched datagrams. As a consequence of #8920, we are now also using a "feature" of GSO where the last datagram in a GSO batch is allowed to be less than the segment size. The combination of these two features now makes it possible that we are passing a datagram to the kernel where the `segment_size` is greater than the actual length. Android's Linux kernel doesn't seem to like that an barfs when being passed such a datagram with an IO error 5. The long-term fix is to sanitise this within `quinn-udp` but in the short-term, we can do this ourselves as part of the loop where we segment the datagrams. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Thomas Eizinger
|
0d7e73be3c |
docs(android): document how to use adb logcat (#8931)
I've found myself having to look this up numerous times so I am documenting it in the README now. |
||
|
Thomas Eizinger
|
2ba7a87899 |
feat(connlib): add FFI for changing log-level on MacOS (#8927)
This isn't plugged into anything yet on the Swift side but lays the foundation for changing the log-level at runtime without having to sign the user out. |
||
|
Thomas Eizinger
|
122d84cfa2 |
fix(connlib): recreate log file if it got deleted (#8926)
Currently, when `connlib`'s log file gets deleted, we write logs into nirvana until the corresponding process gets restarted. This is painful for users to do because they need to restart the IPC service or Network Extension. Instead, we can simply check if the log file exists prior to writing to it and re-create it if it doesn't. Resolves: #6850 Related: #7569 |
||
|
Thomas Eizinger
|
6114bb274f |
chore(rust): make most of the Rust code compile on MacOS (#8924)
When working on the Rust code of Firezone from a MacOS computer, it is useful to have pretty much all of the code at least compile to ensure detect problems early. Eventually, once we target features like a headless MacOS client, some of these stubs will actually be filled in an be functional. |
||
|
Thomas Eizinger
|
bbc9c29d5d | docs(website): add changelog for #8920 (#8923) | ||
|
Thomas Eizinger
|
091a1d0ab9 |
fix(headless-client): don't print error for -h (#8925)
Resolves: #8897 |
||
|
Thomas Eizinger
|
66b7ca6f7f |
fix(connlib): ensure we don't mistake SYN-ACK for SYN (#8922)
This shouldn't matter because we are only using the `UniquePacketBuffer` on the client and not on the Gateway where SYN-ACK packets would be sent from. To be fully correct though, we need to also compare the ACK flag of the two packets. |
||
|
Thomas Eizinger
|
fde8d08423 |
fix(connlib): maintain packet order across GSO batches (#8920)
Despite our efforts in #8912, the current implementation still does not do enough to maintain packet ordering across GSO batches. At present, we very aggressively batch packets of the same length together. This however is too eager when we consider packet flows such as the following: ``` 9:03:49.585143 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [.], seq 1:1229, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228 09:03:49.585151 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 1229:2063, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 834 09:03:49.585157 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 2063:3094, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1031 09:03:49.585187 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [.], seq 3094:4322, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228 09:03:49.585188 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 4322:5156, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 834 09:03:49.585227 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [.], seq 5156:6384, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228 09:03:49.585228 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 6384:7612, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228 09:03:49.585230 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 7612:8249, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 637 09:03:49.585846 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [.], seq 8249:9477, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228 09:03:49.585851 IP 10.128.15.241.3000 > 100.69.109.138.53474: Flags [P.], seq 9477:10705, ack 524, win 249, options [nop,nop,TS val 3862031964 ecr 1928356896], length 1228 ``` As we can see here, the remote sends us packet batches of varying lengths: - 1228, 834 - 1031 - 1228, 834 - 1228, 1228, 637 - 1228, 1228 1228 represents a "full" TCP packet so any packet following a full-packet SHOULD be grouped together into a GSO batch. Currently, we are batching all the 1228 packets together and we ignore the fact that there were actually smaller sized packets inbetween those that belong together. To mitigate this, we refactor the `GsoQueue` to remove the `segment_size` from the binning key of our map and instead only group batches by their source, destination and ECN information. Within such a connection, we then create an ordered list of batches. A new batch is started if the length differs or we have previously pushed a packet that isn't of the length of the batch, therefore signalling the end of the batch. The result here looks very promising (this is loading `blog.firezone.dev` via the `lynx` browser from within the headless-client docker container, so going through a Gateway running this PR): |main|this PR| |---|---| ||| Related: #8899 |
||
|
Thomas Eizinger
|
ad9a453aa1 |
feat(linux-client): reduce number of TUN threads to 1 (#8914)
Having multiple threads for reading and writing the TUN device can cause packet re-orderings on the client. All other clients only use a single TUN thread, so aligning this value means a more consistent behaviour of Firezone across all platforms. |
||
|
Thomas Eizinger
|
52efb280ee |
chore(ip-packet): print length of payload (#8913)
This is useful when debugging things. |