Run the Linux Client or firezone-client-tunnel with `--act-as-tunnel`
and it'll listen for incoming connections on a Unix Domain Socket.
---------
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
To seamlessly migrate relayed connections when relays get re-deployed,
we will be introducing a new message from the portal that informs us
regarding relays that are shutting down and new ones that became active.
Currently, relays are scoped to a particular connection. With the
introduction of the above message, it would be unclear, how these new
relays should be added to these allow lists.
To make this simpler, we remove these allow lists and always use all
relays for all connections.
Related: #4548.
During the latest relay outage, we failed to send heartbeats to the
portal because we were busy-looping and never got to handle messages or
timers for the portal.
To mitigate this or similar bugs, we update an `Instant` every time we
send a heartbeat to the portal. In case we are actually
network-partitioned, this will cause the health-check to fail after 15
minutes. This value is the same as the partition timeout for the portal
connection itself[^1]. Very likely, we will never see a relay being
shutdown because of a failing health check in this case as it would have
already shut itself down.
An exception to this are bugs in the eventloop where we fail to interact
with the portal at all.
Resolves: #4510.
[^1]: Previously, this was unlimited.
Reducing the number of crates as outlined in #4470 would help with
detecting this sort of unused code because we could make more things
`pub(crate)` which allows the compiler to check whether code is actually
used.
Public API items are never subject to the dead-code analysis of the
compiler because they could be used by other crates.
We need "ON DELETE CASCADE" everywhere to fully erase account-related
data. As a safeguard measure the account can only be deleted after its
subscription in Stripe is cancelled.
Why:
* As work on the portal REST API has begun, there was a need to easily
provision API tokens to allow testing of the new API endpoints being
created. Adding the API Client UI allows for this to be done very easily
and will also be used once the API is ready to be consumed by customers.
Closes#2368
The clients, gateway and relay all employ an internal design that is
based on an eventloop. This gives us a lot of control in how various IO
components interact with each other. Great control also comes with a
source of bugs, the latest of which made the relay busy-loop once it
started relaying some traffic.
Eventloops are notoriously hard to unit-test because they compose
various IO bits together. Instead of writing unit tests, we can go and
assert the process state after the performance tests. Those generate a
fair bit of load on all our components but after that, they should
suspend.
The most effective tests survive even large refactorings and for that,
they need to be coded against a stable API / property. Asserting that
the process sleeps when it is idle from an application PoV is such a
property.
Related: #4511.
Why:
* When creating or editing an actor, the previous form had a
multi-select input that would list all groups in the account. In order
to select or deselect groups, you would need to hold down ctrl or cmd on
the keyboard and click a given group. This worked when there were a very
small number of groups, but if an account had a moderate number of
groups it became very difficult. Along with that, it was also easy to
accidentally forget to hold down ctrl/cmd and click a group, which would
clear all previously selected groups. This commit moves the group
selection out from the new/edit actor pages and creates a new actor
group edit page that allows a user to search for groups as well as
making it easy to select which group should be added or removed.
Fixes#4372
<img width="1008" alt="Screenshot 2024-04-03 at 1 37 25 AM"
src="https://github.com/firezone/firezone/assets/2646332/bca9163b-bbaf-49ef-b3b9-8c6770e8c307">
This one is a bit tricky. Our auth scheme requires me to know the
current time as a UNIX timestamp and that I can only get from
`SystemTime` but not `Instant`. The `Server` is meant to be SANS-IO,
including the current time so technically, I would have to pass that in
as a parameter.
I ended up settling on a compromise of making the auth verification
impure and internally calling `SystemTime::now`. That results in a much
nicer API and allows us to use `Instant` for everything else, e.g.
expiry of channel bindings, allocations etc.
Resolves: #4464.
Bumps [quinn-udp](https://github.com/quinn-rs/quinn) from `a2a214b` to
`cc0d2e9`.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cc0d2e9563"><code>cc0d2e9</code></a>
Allocate Incoming response buffers as needed</li>
<li><a
href="8fbcf08424"><code>8fbcf08</code></a>
Simplify BTreeMap RangeSet min/max getters for Rust 1.66</li>
<li><a
href="10155c1c41"><code>10155c1</code></a>
Update MSRV to 1.66</li>
<li><a
href="bbf68c51ab"><code>bbf68c5</code></a>
Use hashed connection IDs by default</li>
<li><a
href="abdff8061e"><code>abdff80</code></a>
Introduce hashed connection ID generator</li>
<li><a
href="0871135ad0"><code>0871135</code></a>
Allow packets with impossible CIDs to be ignored rather than reset</li>
<li><a
href="7e8e0ad56b"><code>7e8e0ad</code></a>
Introduce InitialPacket helper struct to avoid an
<code>unreachable</code></li>
<li><a
href="c248769c5e"><code>c248769</code></a>
Remove duplicates of header fields from Incoming</li>
<li><a
href="1d32dcb275"><code>1d32dcb</code></a>
Factor Header::Initial variant out into freestanding struct</li>
<li><a
href="65bddc9018"><code>65bddc9</code></a>
refactor(endpoint): use array::from_fn instead of unsafe
MaybeUninit</li>
<li>Additional commits viewable in <a
href="a2a214b968...cc0d2e9563">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Refs #4488
Part of a yak shave:
- If Windows sees us time out, it will query other DNS servers and
probably cache their response
- If we can return SERVFAIL, I'm not sure if Windows will query other
servers or not
- In order control or even test the stub resolver's behavior, I wanted
to document it first
There's a good chance that even if Windows doesn't cache a SERVFAIL, it
will think that all DNS servers are going to give the same answer and it
will query other servers anyway. Then the problem is not with Windows
caching our response, but with apps caching Windows' response.
Anyway, I have had trouble understanding these functions before, so I
wanted to document them now that I somewhat understand them.
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
When a relay restarts, our local credentials will be invalid and no
amount of retrying can fix this.
Currently, the `Allocation` can end up in busy-looping state if:
1. The allocation would be due for a refresh
2. The relay was restarted
3. We haven't received new credentials yet because we haven't made a new
connection attempt that uses the same relay
The above was observed in #4521 and results in log-spam of:
> Invalid credentials, refusing to re-authenticate refresh
One part of the state machine correctly discards the message instead of
re-sending it. Unfortunately, the result of (1) means there is still a
timer that fires and attempts to refresh the allocation.
To stop this busy-looping behaviour, we need to invalidate the
allocation if we detect that our credentials are wrong. This will also
invalidate the candidates which will fail any connection that is
currently using this relay. This would have likely already happened
before because a relay that is restarted would have lost all channel
bindings and thus, the ICE timeout will kick-in.
Bumps [swift-bridge](https://github.com/chinedufn/swift-bridge) from
0.1.52 to 0.1.53.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/chinedufn/swift-bridge/releases">swift-bridge's
releases</a>.</em></p>
<blockquote>
<h2>0.1.53</h2>
<ul>
<li>
<p>Add support for bridging
<code>Option<&OpaqueRustType></code> in <code>extern
"Rust"</code> modules. <a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/257">#257</a>
(thanks <a
href="https://github.com/PrismaPhonic"><code>@PrismaPhonic</code></a>)</p>
<pre lang="rust"><code>#[swift_bridge::bridge]
mod ffi {
extern "Rust" {
type MyRustType;
<pre><code>fn my_func(arg: Option&lt;&amp;MyRustType&gt;)
-&gt; Option&lt;&amp;MyRustType&gt;;
</code></pre>
<p>}
}
</code></pre></p>
</li>
<li>
<p>Add support for bridging <code>Option<String></code> in
<code>extern "Swift"</code> args/returns and
<code>Option<&str></code> in <code>extern
"Swift"</code> args. <a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/264">#264</a></p>
<pre lang="rust"><code>#[swift_bridge::bridge]
mod ffi {
extern "Swift" {
fn opt_string_function(arg: Option<String>) ->
Option<String>;
<pre><code> fn opt_str_function(arg:
Option&lt;&amp;str&gt;);
}
</code></pre>
<p>}
</code></pre></p>
</li>
<li>
<p>Improve error message when reporting an unsupported attribute <a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/244">#244</a>
(thanks <a href="https://github.com/bes"><code>@bes</code></a>)</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="04e6abf522"><code>04e6abf</code></a>
0.1.53</li>
<li><a
href="58f4a40f96"><code>58f4a40</code></a>
Swift Option<String> and Option<&str> (<a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/264">#264</a>)</li>
<li><a
href="53b118d17f"><code>53b118d</code></a>
Add test cases for Option<&T> and fix rust codegen (<a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/257">#257</a>)</li>
<li><a
href="dd5bef56af"><code>dd5bef5</code></a>
Fix <code>improper_ctypes</code> warning (<a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/254">#254</a>)</li>
<li><a
href="48195b550d"><code>48195b5</code></a>
Remove unnecessary <code>.deref()</code></li>
<li><a
href="9746f311ce"><code>9746f31</code></a>
Fix typos in Vec<-->RustVec docs (<a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/251">#251</a>)</li>
<li><a
href="a8059a4453"><code>a8059a4</code></a>
Fix compilation source in documentation (<a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/250">#250</a>)</li>
<li><a
href="0614ba7d6d"><code>0614ba7</code></a>
Remove <code>Array.toUnsafeBufferPointer</code></li>
<li><a
href="d527f32316"><code>d527f32</code></a>
Improve error message for unsupported attribute (<a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/244">#244</a>)</li>
<li><a
href="af962ca051"><code>af962ca</code></a>
0.1.52</li>
<li>See full diff in <a
href="https://github.com/chinedufn/swift-bridge/compare/0.1.52...0.1.53">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [swift-bridge-build](https://github.com/chinedufn/swift-bridge)
from 0.1.52 to 0.1.53.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/chinedufn/swift-bridge/releases">swift-bridge-build's
releases</a>.</em></p>
<blockquote>
<h2>0.1.53</h2>
<ul>
<li>
<p>Add support for bridging
<code>Option<&OpaqueRustType></code> in <code>extern
"Rust"</code> modules. <a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/257">#257</a>
(thanks <a
href="https://github.com/PrismaPhonic"><code>@PrismaPhonic</code></a>)</p>
<pre lang="rust"><code>#[swift_bridge::bridge]
mod ffi {
extern "Rust" {
type MyRustType;
<pre><code>fn my_func(arg: Option&lt;&amp;MyRustType&gt;)
-&gt; Option&lt;&amp;MyRustType&gt;;
</code></pre>
<p>}
}
</code></pre></p>
</li>
<li>
<p>Add support for bridging <code>Option<String></code> in
<code>extern "Swift"</code> args/returns and
<code>Option<&str></code> in <code>extern
"Swift"</code> args. <a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/264">#264</a></p>
<pre lang="rust"><code>#[swift_bridge::bridge]
mod ffi {
extern "Swift" {
fn opt_string_function(arg: Option<String>) ->
Option<String>;
<pre><code> fn opt_str_function(arg:
Option&lt;&amp;str&gt;);
}
</code></pre>
<p>}
</code></pre></p>
</li>
<li>
<p>Improve error message when reporting an unsupported attribute <a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/244">#244</a>
(thanks <a href="https://github.com/bes"><code>@bes</code></a>)</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="04e6abf522"><code>04e6abf</code></a>
0.1.53</li>
<li><a
href="58f4a40f96"><code>58f4a40</code></a>
Swift Option<String> and Option<&str> (<a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/264">#264</a>)</li>
<li><a
href="53b118d17f"><code>53b118d</code></a>
Add test cases for Option<&T> and fix rust codegen (<a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/257">#257</a>)</li>
<li><a
href="dd5bef56af"><code>dd5bef5</code></a>
Fix <code>improper_ctypes</code> warning (<a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/254">#254</a>)</li>
<li><a
href="48195b550d"><code>48195b5</code></a>
Remove unnecessary <code>.deref()</code></li>
<li><a
href="9746f311ce"><code>9746f31</code></a>
Fix typos in Vec<-->RustVec docs (<a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/251">#251</a>)</li>
<li><a
href="a8059a4453"><code>a8059a4</code></a>
Fix compilation source in documentation (<a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/250">#250</a>)</li>
<li><a
href="0614ba7d6d"><code>0614ba7</code></a>
Remove <code>Array.toUnsafeBufferPointer</code></li>
<li><a
href="d527f32316"><code>d527f32</code></a>
Improve error message for unsupported attribute (<a
href="https://redirect.github.com/chinedufn/swift-bridge/issues/244">#244</a>)</li>
<li><a
href="af962ca051"><code>af962ca</code></a>
0.1.52</li>
<li>See full diff in <a
href="https://github.com/chinedufn/swift-bridge/compare/0.1.52...0.1.53">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.12.1 to
0.12.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/seanmonstar/reqwest/releases">reqwest's
releases</a>.</em></p>
<blockquote>
<h2>v0.12.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix missing ALPN when connecting to socks5 proxy with rustls.</li>
<li>Fix TLS version limits with rustls.</li>
<li>Fix not detected ALPN h2 from server with native-tls.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/cxw620"><code>@cxw620</code></a> made
their first contribution in <a
href="https://redirect.github.com/seanmonstar/reqwest/pull/2165">seanmonstar/reqwest#2165</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/seanmonstar/reqwest/compare/v0.12.1...v0.12.2">https://github.com/seanmonstar/reqwest/compare/v0.12.1...v0.12.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md">reqwest's
changelog</a>.</em></p>
<blockquote>
<h2>v0.12.2</h2>
<ul>
<li>Fix missing ALPN when connecting to socks5 proxy with rustls.</li>
<li>Fix TLS version limits with rustls.</li>
<li>Fix not detected ALPN h2 from server with native-tls.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6768a8e818"><code>6768a8e</code></a>
v0.12.2</li>
<li><a
href="fff307bc69"><code>fff307b</code></a>
fix(connect): ALPN missed when using socks5 proxy with rustls backend
(<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/2164">#2164</a>)</li>
<li><a
href="04bf45f4ec"><code>04bf45f</code></a>
fix: tls version limit for rustls (<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/2203">#2203</a>)</li>
<li><a
href="056f8c4ff4"><code>056f8c4</code></a>
fix(connect): not negotiate h2 when using native-tls backend (<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/2165">#2165</a>)</li>
<li>See full diff in <a
href="https://github.com/seanmonstar/reqwest/compare/v0.12.1...v0.12.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
A wildcard match was the underlying bug fixed in #4486. Despite being a
bit annoying in some cases, I think it is worth having this lint turned
on to ensure we don't wildcard match in situations where it can have bad
consequences, like `poll` functions.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
