When candidates are being invalidated in str0m, they internally set a
`discarded` flag. This flag was not considered when a candidate that was
previously discarded was added again. This can happen when a client
roams back to their old network, i.e. going from Ethernet to WiFi and
back.
In that case, str0m would still form new pairs using the old discarded
candidate which would also eventually get nominated as part of a pair.
This would lead to a panic in snownet when we try to find the nominated
local candidate as we filter by non-discarded candidates there.
Related: https://github.com/algesten/str0m/pull/508.
Resolves: #4736.
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Make the GUI use systemd-resolved to retrieve the system's resolvers.
This allows the IPC service to set up sentinels for those resolvers and
control the system's DNS.
Closes#3812
This aligns some of the internal names with #4531, but it shouldn't
break the externally-visible things like package names or permalinks.
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Now that we've worked out the flakiness from the iperf tests, we should
increase the UDP send rate so we have some benchmark of how many packets
we can actually handle before dropping.
This came up while working on #2030 and thinking about testing `Peer`.
Not entirely convinced of taking both `Instant` and `DateTime<Utc>` but
unless we convert the expiration to an instant, which would bring a
bunch of new problems, I don't see another way to do this.
```[tasklist]
- [ ] Maybe change that "dev.firezone.client/token" name to something friendlier
```
But it does work, survives reboots as expected, etc.
I can't test it easily in CI, I just disabled the keyring test for now.
It works manually, and the keyring-rs crate seems pretty stable, and our
use of it hasn't changed in a couple months at least.
Why:
* The client-monitor VM can serve multiple purposes, but for now it will
act as a soak test for the latest client to allow longer term testing
of the client before pushing out a new release.
Fixes#4506
Closes#4270
Refs #3713
Refs #3782
It sort-of works, but many features are missing and it needs a refactor.
```[tasklist]
- [ ] Break `imp_linux.rs` into modules
- [ ] Get rid of `try_send` and panics where possible
```
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.115 to
1.0.116.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/json/releases">serde_json's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.116</h2>
<ul>
<li>Make module structure comprehensible to static analysis (<a
href="https://redirect.github.com/serde-rs/json/issues/1124">#1124</a>,
thanks <a
href="https://github.com/mleonhard"><code>@mleonhard</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a3f62bb10e"><code>a3f62bb</code></a>
Release 1.0.116</li>
<li><a
href="12c8ee0ce6"><code>12c8ee0</code></a>
Hide "non-exhaustive patterns" errors when crate fails to
compile</li>
<li><a
href="051ce970fe"><code>051ce97</code></a>
Merge pull request 1124 from mleonhard/master</li>
<li><a
href="25dc75050a"><code>25dc750</code></a>
Replace <code>features_check</code> mod with a call to
<code>std::compile_error!</code>. Fixes htt...</li>
<li><a
href="2e15e3d7d5"><code>2e15e3d</code></a>
Revert "Temporarily disable miri on doctests"</li>
<li><a
href="0baba28775"><code>0baba28</code></a>
Resolve legacy_numeric_constants clippy lints</li>
<li>See full diff in <a
href="https://github.com/serde-rs/json/compare/v1.0.115...v1.0.116">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gabi <gabrielalejandro7@gmail.com>
Bumps [async-trait](https://github.com/dtolnay/async-trait) from 0.1.79
to 0.1.80.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/async-trait/releases">async-trait's
releases</a>.</em></p>
<blockquote>
<h2>0.1.80</h2>
<ul>
<li>Fix unreachable code warning for async functions that return
<code>!</code> (<a
href="https://redirect.github.com/dtolnay/async-trait/issues/265">#265</a>,
thanks <a
href="https://github.com/de-vri-es"><code>@de-vri-es</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d528b5a816"><code>d528b5a</code></a>
Release 0.1.80</li>
<li><a
href="10b5c9951a"><code>10b5c99</code></a>
Drop support for compilers older than 1.47</li>
<li><a
href="83a542268d"><code>83a5422</code></a>
Drop support for compilers older than 1.45</li>
<li><a
href="22d017e941"><code>22d017e</code></a>
Build script no longer looks at $DOCS_RS</li>
<li><a
href="b64d041c65"><code>b64d041</code></a>
Move never_type test under issue266</li>
<li><a
href="b683da826e"><code>b683da8</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/async-trait/issues/265">#265</a>
from de-vri-es/fix-unreachable-code-warning</li>
<li><a
href="c8d958dfde"><code>c8d958d</code></a>
Fix unreachable code warning for functions that return
<code>!</code></li>
<li><a
href="4f0b72eb84"><code>4f0b72e</code></a>
Explicitly install a Rust toolchain for cargo-outdated job</li>
<li>See full diff in <a
href="https://github.com/dtolnay/async-trait/compare/0.1.79...0.1.80">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gabi <gabrielalejandro7@gmail.com>
* We'll be bumping the versions going forward, so instructions need a
bit of clarification.
* Added rollback instructions for systemd Gateway upgrades that have
gone awry.
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Brian Manifold <bmanifold@users.noreply.github.com>
For tests it doesn't hurt, but this will be used as a template for the
systemd service we ship to production, and that can't have the ID there.
So I'm also cleaning up a few other problems I noticed:
- I wanted to split the service files as part of #4531, so that the GUI
Client and headless Client can have separate sandbox rules. e.g, the
headless Client won't be allowed to create Unix domain sockets
- I'm punting more things to systemd, which allows us to tighten down
the sandbox further, e.g. creating `/var/lib/dev.firezone.client` and
`/run/dev.firezone.client` for us
- Closes#4461
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Calling `std::process::exit` won't let the DNS deactivation code runs.
For some control methods (systemd-resolved) this doesn't matter. For
etc-resolvconf and Windows, we are responsible for cleaning up DNS.
```[tasklist]
- [x] Replicate the issue
- [x] Fix it
- [x] Remove the fault injection code
```
Closes#4784
Closes#4763
Previously it would get stuck signing in and say that the situation was
impossible, it was actually possible.
I tested this manually by forcing the tunnel to error out in the place
where wintun fails for #4765
---------
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
```[tasklist]
- [x] Update website
- [x] Update blog entry with old link
- [ ] ~~Replace Github URL in GUI Client updater with our own links~~
- [ ] Wait for CI to go green
```
Refs #4531
This proposes a unified scheme for deb and MSI packages, and moves
Windows to that scheme.
This breaks compatibility. Existing Clients won't recognize the new
asset names once this is merged, so they won't show the "Firezone 1.0.0
is available" pop-up.
---------
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
Closes#4682Closes#4691
```[tasklist]
# Before merging
- [x] Wait for `linux-group` test to go green on `main` (#4692)
- [ ] Wait for those browsers tests to get fixed
- [ ] *All* compatibility tests must pass on this branch
```
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
In Rust, `Result::unwrap()` produces a panic with an owned `String`.
Currently, we only attempt to downcast to a `str` which means those
errors show up as "panicked with a non-string payload" instead of the
actual panic message.
Related: #4736.
As part of testing #4750, @jamilbk ran into an interesting but unrelated
bug. Currently, we never invalidate host candidates. However, because we
rebind our sockets, we get new ports and thus our old host candidates
are always invalid. Thus, if you have a setup where your gateway and
client are on the same subnet they end up settling on a host-host
connection. If the client then roams to a different network, we get a
new srflx IP but because we don't invalidate the host candidate, we run
into an ICE timeout and never switch over the connection.
We actually have a unit test for this but it wasn't caught because of a
bug in str0m (https://github.com/algesten/str0m/pull/504): Candidates
with the same IP but different kind were incorrectly invalidated. In our
test, we don't have a NAT and thus host == srflx candidate. Thus, in the
roaming test, we invalidated the host candidate based on the new srflx
candidate which made the connection migration work.
With the patch included, the reconnect unit test actually fails to send
the packet, confirming this theory. By invalidating all host candidates
on `reconnect`, we fix this bug.
---------
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Currently, the portal returns us a flat list of relays where each entry
only has a single address. But, our relays can operate in dual-stack
mode, meaning that they listen on IPv4 and IPv6 at the same time. Thus,
for a relay that is in dual-stack mode, this list will contain two
entries with the same relay ID, one for each address.
This wasn't really a problem until #4567 where we started indexing
relays by ID. As a result, a relay that operates in dual-stack mode is
now only reachable either under its IPv4 or IPv6 address. Which one wins
is non-deterministic due to the sorting behaviour of `HashMap`s and the
order that the list is returned from the portal.
For the TURN protocol, clients are indexed by their 3-tuple (IP, port,
protocol) which means a client talking to a relay over IPv4 is a
different client than one talking over IPv6. Thus, treating the same
relay as two different relays has additional consequences: It means we
allocate a pair of IPv4 & IPv6 addresses for each one, resulting in up
to 4 relay candidates per relay.
Both of these problems are solved in this PR.
1. Upon deserializing the list of relays from the portal, we group them
by ID and parse the addresses into a `RelaySocket`. This structure is
the equivalent of `IpStack` on the relay end and represents an enum with
3 different values:
- `V4`: Only an IPv4 address is known.
- `V6`: Only an IPv6 address is known.
- `Dual`: Both an IPv4 and an IPv6 address is known.
2. Instead of creating two `Allocation`s (one per address), we now
initialize an `Allocation` with this `RelaySocket`.
3. We let the `Allocation` figure out, which socket to use. Let's look
into how we do that.
Previously, the first action of an `Allocation` was to send an
`ALLOCATE` request. A naive approach would be to simply send an
`ALLOCATE` request to both IPs. In case the client / gateway has a
properly configured IPv4 and IPv6 address, both of these will succeed!
Which one should we pick?
To avoid this problem, we don't send an `ALLOCATE` but a `BINDING`
request instead. `BINDING` requests don't have side-effects and just
returned the observed address (this is commonly known as STUN). Once the
responses for the `BINDING` requests come back, we can deterministically
chose a socket to use for sending an `ALLOCATE` request. In particular,
we just pick the response that comes back first! A successful `BINDING`
request means the network path is working so we can also just it for
`ALLOCATE`. In case both requests are answered, we record both responses
as server-reflexive candidates.
Lastly, one final change with this PR is that we stop filtering the
relays returned by the portal based on the sockets that we have locally.
When a client roams, we may experience any combination of available
network interfaces (dual stack, IPv4 only and IPv6 only). Thus, it is
important that we always attempt to reach all relays over all network
paths and simply give up if we don't receive a response. Pre-filtering
relays based on the sockets that we currently have may leave us without
relays if we e.g. roam from an IPv4-only to and IPv6-only network. A
consequence of this design is that we might see a few more warnings in
the code in case the client's / gateway's interface doesn't support a
particular IP version. The warnings read something like:
```
2024-04-23T07:09:05.209212Z WARN connlib_client_shared::eventloop: Tunnel error: failed send packet to 35.197.175.154:3478: no IPv4 socket
```
Resolves: #4726.
The sidebar was missing a conditional check when displaying the API
Clients link. This was only a bug in the sidebar UI as visiting the
actual API clients URL path showed a `404` as expected when the REST API
feature was disabled.
In https://github.com/firezone/firezone/pull/4537, we fixed a bug that
made an `Allocation` busy-loop with invalid credentials. There is no
point in keeping invalid credentials around so with this PR, we are
clearing the credentials and free the memory associated with this
`Allocation`.
This is another safe-guard to prevent these kind of busy-loops and also
reduces the memory footprint of very long-running services.
Bumps the cargo group in /rust with 1 update:
[rustls](https://github.com/rustls/rustls).
Updates `rustls` from 0.22.3 to 0.22.4
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ae277befb5"><code>ae277be</code></a>
Prepare 0.22.4</li>
<li><a
href="5374108df6"><code>5374108</code></a>
complete_io: bail out if progress is impossible</li>
<li><a
href="00e695d68d"><code>00e695d</code></a>
Regression test for <code>complete_io</code> infinite loop bug</li>
<li><a
href="0c6cd7ef68"><code>0c6cd7e</code></a>
Don't specially handle unauthenticated close_notify alerts</li>
<li>See full diff in <a
href="https://github.com/rustls/rustls/compare/v/0.22.3...v/0.22.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/firezone/firezone/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [time](https://github.com/time-rs/time) from 0.3.34 to 0.3.36.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/time-rs/time/releases">time's
releases</a>.</em></p>
<blockquote>
<h2>v0.3.36</h2>
<p>See the <a
href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">changelog</a>
for details.</p>
<h2>v0.3.35</h2>
<p>See the <a
href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">changelog</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">time's
changelog</a>.</em></p>
<blockquote>
<h2>0.3.36 [2024-04-10]</h2>
<h3># Fixed</h3>
<ul>
<li><code>FormatItem</code> can be used as part of an import path. See
<a href="https://redirect.github.com/time-rs/time/issues/675">#675</a>
for details.</li>
</ul>
<p><a
href="https://redirect.github.com/time-rs/time/issues/675">#675</a>: <a
href="https://redirect.github.com/time-rs/time/issues/675">time-rs/time#675</a></p>
<h2>0.3.35 [2024-04-10]</h2>
<h3>Added</h3>
<ul>
<li><code>Duration::checked_neg</code></li>
<li><code>ext::InstantExt</code>, which provides methods for using
<code>time::Duration</code> with <code>std::time::Instant</code></li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>Instant</code> is deprecated. It is recommended to use
<code>std::time::Instant</code> directly, importing
<code>time::ext::InstantExt</code> for interoperability with
<code>time::Duration</code>.</li>
<li><code>FormatItem</code> has been renamed to
<code>BorrowedFormatItem</code>, avoiding confusion with
<code>OwnedFormatItem</code>.
An alias has been added for backwards compatibility.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>The weekday is optional when parsing RFC2822.</li>
<li>The range of sub-second values in <code>Duration</code> is
documented correctly. The previous documentation
contained an off-by-one error.</li>
<li>Leap seconds are now correctly handled when parsing ISO 8601.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3c3c546a66"><code>3c3c546</code></a>
<code>pub use</code> instead of <code>pub type</code> re-exporting</li>
<li><a
href="266178da67"><code>266178d</code></a>
Update code coverage CI</li>
<li><a
href="131049ea15"><code>131049e</code></a>
v0.3.35 release</li>
<li><a
href="9c15ee3466"><code>9c15ee3</code></a>
Permit leap seconds when parsing ISO 8601</li>
<li><a
href="d279d8d38f"><code>d279d8d</code></a>
Fix invalid offset hour diagnostic test</li>
<li><a
href="f04a28feec"><code>f04a28f</code></a>
Eliminate unreachable branch</li>
<li><a
href="06a096d821"><code>06a096d</code></a>
Rename <code>FormatItem</code> to <code>BorrowedFormatItem</code></li>
<li><a
href="fd664eef0d"><code>fd664ee</code></a>
Include diagnostics regression</li>
<li><a
href="b8d09a7bcc"><code>b8d09a7</code></a>
Address nightly lints</li>
<li><a
href="330865ac90"><code>330865a</code></a>
Update deny.toml</li>
<li>Additional commits viewable in <a
href="https://github.com/time-rs/time/compare/v0.3.34...v0.3.36">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>
