- Add 1.0 blogpost
- Update font to `Public Sans` since it has all weights and offers
better readability
- Various layout/style fixes
- Disable kotlin draft release job
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Andrew Dryga <andrew@dryga.com>
- Replaced connlib dependency to use `rust/connlib/clients/android/lib`
project
- Added `rust-android-gradle` to android project
- Set the `cargo build` target directory to
`rust/connlib/clients/android/lib/build/cargo-target`
- Moved `logger`, `session`, and `vpn` classes to their independent
packages.
- Added `SessionCallback` contract for the session callbacks.
---------
Signed-off-by: Pratik Velani <pratikvelani@gmail.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
This follows-up on the discussion in #1744 and brings connlib in line
with the callback revisions outlined in firezone/product#586
(It also adds some logging to the Apple bridge that was helpful when
testing this)
---------
Co-authored-by: Roopesh Chander <roop@roopc.net>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Bumps [rack](https://github.com/rack/rack) from 2.2.4 to 2.2.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rack/rack/releases">rack's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.7</h2>
<h2>What's Changed</h2>
<ul>
<li>Correct the year number in the changelog by <a
href="https://github.com/kimulab"><code>@kimulab</code></a> in <a
href="https://redirect.github.com/rack/rack/pull/2015">rack/rack#2015</a></li>
<li>Support underscore in host names for Rack 2.2 (Fixes <a
href="https://redirect.github.com/rack/rack/issues/2070">#2070</a>) by
<a href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>
in <a
href="https://redirect.github.com/rack/rack/pull/2071">rack/rack#2071</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/kimulab"><code>@kimulab</code></a> made
their first contribution in <a
href="https://redirect.github.com/rack/rack/pull/2015">rack/rack#2015</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7">https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7</a></p>
<h2>v2.2.6.4</h2>
<p>No release notes provided.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rack/rack/blob/main/CHANGELOG.md">rack's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
For info on how to format all future additions to this file please
reference <a href="https://keepachangelog.com/en/1.0.0/">Keep A
Changelog</a>.</p>
<h2>Unreleased</h2>
<h3>SPEC Changes</h3>
<ul>
<li><code>rack.input</code> is now optional. (<a
href="https://redirect.github.com/rack/rack/pull/1997">#1997</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>rack.input</code> is now optional, and if missing, will raise
an error. Use this to fail on multipart parsing a request without an
input body. (<a
href="https://redirect.github.com/rack/rack/pull/2018">#2018</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
<li>Introduce <code>module Rack::BadRequest</code> which is included in
multipart and query parser errors. (<a
href="https://redirect.github.com/rack/rack/pull/2019">#2019</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
<li>MIME type for JavaScript files (<code>.js</code>) changed from
<code>application/javascript</code> to <code>text/javascript</code> (<a
href="1bd0f1597d"><code>1bd0f15</code></a>)</li>
<li>Add <code>.mjs</code> MIME type (<a
href="https://redirect.github.com/rack/rack/pull/2057">#2057</a>, [<a
href="https://github.com/axilleas"><code>@axilleas</code></a>])</li>
<li>Update MIME types associated to <code>.ttf</code>,
<code>.woff</code>, <code>.woff2</code> and <code>.otf</code> extensions
to use mondern <code>font/*</code> types. (<a
href="https://redirect.github.com/rack/rack/pull/2065">#2065</a>, [<a
href="https://github.com/davidstosik"><code>@davidstosik</code></a>])</li>
</ul>
<h2>[3.0.8] - 2023-06-14</h2>
<ul>
<li>Fix some unused variable verbose warnings. (<a
href="https://redirect.github.com/rack/rack/pull/2084">#2084</a>, [<a
href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>],
<a
href="https://github.com/skipkayhil"><code>@skipkayhil</code></a>)</li>
</ul>
<h2>[3.0.7] - 2023-03-16</h2>
<ul>
<li>Make query parameters without <code>=</code> have <code>nil</code>
values. (<a
href="https://redirect.github.com/rack/rack/pull/2059">#2059</a>, [<a
href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>])</li>
</ul>
<h2>[3.0.6.1] - 2023-03-13</h2>
<ul>
<li>[CVE-2023-27539] Avoid ReDoS in header parsing</li>
</ul>
<h2>[3.0.6] - 2023-03-13</h2>
<ul>
<li>Add <code>QueryParser#missing_value</code> for handling missing
values + tests. (<a
href="https://redirect.github.com/rack/rack/pull/2052">#2052</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
</ul>
<h2>[3.0.5] - 2023-03-13</h2>
<ul>
<li>Split form/query parsing into two steps. (<a
href="https://redirect.github.com/rack/rack/pull/2038">#2038</a>, <a
href="https://github.com/matthewd"><code>@matthewd</code></a>)</li>
</ul>
<h2>[3.0.4.2] - 2023-03-02</h2>
<ul>
<li>[CVE-2023-27530] Introduce multipart_total_part_limit to limit total
parts</li>
</ul>
<h2>[3.0.4.1] - 2023-01-17</h2>
<ul>
<li>[CVE-2022-44571] Fix ReDoS vulnerability in multipart parser</li>
<li>[CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges</li>
<li>[CVE-2022-44572] Forbid control characters in attributes (also
ReDoS)</li>
</ul>
<h2>[3.0.4] - 2023-01-17</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="983b6e3b29"><code>983b6e3</code></a>
Bump patch version.</li>
<li><a
href="e5a30bf548"><code>e5a30bf</code></a>
Support underscore in host names for Rack 2.2 (Fixes <a
href="https://redirect.github.com/rack/rack/issues/2070">#2070</a>) (<a
href="https://redirect.github.com/rack/rack/issues/2071">#2071</a>)</li>
<li><a
href="70185aa15a"><code>70185aa</code></a>
Merge branch '2-2-sec' into 2-2-stable</li>
<li><a
href="27addc7f1a"><code>27addc7</code></a>
bump version</li>
<li><a
href="ee7919ea04"><code>ee7919e</code></a>
Avoid ReDoS problem</li>
<li><a
href="6f79642d90"><code>6f79642</code></a>
Merge branch '2-2-sec' into 2-2-stable</li>
<li><a
href="d6b5b2bab8"><code>d6b5b2b</code></a>
bump version</li>
<li><a
href="9aac3757fe"><code>9aac375</code></a>
Limit all multipart parts, not just files</li>
<li><a
href="cd4c9f0e4b"><code>cd4c9f0</code></a>
Correct the year in the changelog (<a
href="https://redirect.github.com/rack/rack/issues/2015">#2015</a>)</li>
<li><a
href="2606ac5d5d"><code>2606ac5</code></a>
bumping version</li>
<li>Additional commits viewable in <a
href="https://github.com/rack/rack/compare/2.2.4...v2.2.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/firezone/firezone/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [rack](https://github.com/rack/rack) from 2.2.4 to 2.2.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rack/rack/releases">rack's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.7</h2>
<h2>What's Changed</h2>
<ul>
<li>Correct the year number in the changelog by <a
href="https://github.com/kimulab"><code>@kimulab</code></a> in <a
href="https://redirect.github.com/rack/rack/pull/2015">rack/rack#2015</a></li>
<li>Support underscore in host names for Rack 2.2 (Fixes <a
href="https://redirect.github.com/rack/rack/issues/2070">#2070</a>) by
<a href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>
in <a
href="https://redirect.github.com/rack/rack/pull/2071">rack/rack#2071</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/kimulab"><code>@kimulab</code></a> made
their first contribution in <a
href="https://redirect.github.com/rack/rack/pull/2015">rack/rack#2015</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7">https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7</a></p>
<h2>v2.2.6.4</h2>
<p>No release notes provided.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rack/rack/blob/main/CHANGELOG.md">rack's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
For info on how to format all future additions to this file please
reference <a href="https://keepachangelog.com/en/1.0.0/">Keep A
Changelog</a>.</p>
<h2>Unreleased</h2>
<h3>SPEC Changes</h3>
<ul>
<li><code>rack.input</code> is now optional. (<a
href="https://redirect.github.com/rack/rack/pull/1997">#1997</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>rack.input</code> is now optional, and if missing, will raise
an error. Use this to fail on multipart parsing a request without an
input body. (<a
href="https://redirect.github.com/rack/rack/pull/2018">#2018</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
<li>Introduce <code>module Rack::BadRequest</code> which is included in
multipart and query parser errors. (<a
href="https://redirect.github.com/rack/rack/pull/2019">#2019</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
<li>MIME type for JavaScript files (<code>.js</code>) changed from
<code>application/javascript</code> to <code>text/javascript</code> (<a
href="1bd0f1597d"><code>1bd0f15</code></a>)</li>
<li>Add <code>.mjs</code> MIME type (<a
href="https://redirect.github.com/rack/rack/pull/2057">#2057</a>, [<a
href="https://github.com/axilleas"><code>@axilleas</code></a>])</li>
<li>Update MIME types associated to <code>.ttf</code>,
<code>.woff</code>, <code>.woff2</code> and <code>.otf</code> extensions
to use mondern <code>font/*</code> types. (<a
href="https://redirect.github.com/rack/rack/pull/2065">#2065</a>, [<a
href="https://github.com/davidstosik"><code>@davidstosik</code></a>])</li>
</ul>
<h2>[3.0.8] - 2023-06-14</h2>
<ul>
<li>Fix some unused variable verbose warnings. (<a
href="https://redirect.github.com/rack/rack/pull/2084">#2084</a>, [<a
href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>],
<a
href="https://github.com/skipkayhil"><code>@skipkayhil</code></a>)</li>
</ul>
<h2>[3.0.7] - 2023-03-16</h2>
<ul>
<li>Make query parameters without <code>=</code> have <code>nil</code>
values. (<a
href="https://redirect.github.com/rack/rack/pull/2059">#2059</a>, [<a
href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>])</li>
</ul>
<h2>[3.0.6.1] - 2023-03-13</h2>
<ul>
<li>[CVE-2023-27539] Avoid ReDoS in header parsing</li>
</ul>
<h2>[3.0.6] - 2023-03-13</h2>
<ul>
<li>Add <code>QueryParser#missing_value</code> for handling missing
values + tests. (<a
href="https://redirect.github.com/rack/rack/pull/2052">#2052</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
</ul>
<h2>[3.0.5] - 2023-03-13</h2>
<ul>
<li>Split form/query parsing into two steps. (<a
href="https://redirect.github.com/rack/rack/pull/2038">#2038</a>, <a
href="https://github.com/matthewd"><code>@matthewd</code></a>)</li>
</ul>
<h2>[3.0.4.2] - 2023-03-02</h2>
<ul>
<li>[CVE-2023-27530] Introduce multipart_total_part_limit to limit total
parts</li>
</ul>
<h2>[3.0.4.1] - 2023-01-17</h2>
<ul>
<li>[CVE-2022-44571] Fix ReDoS vulnerability in multipart parser</li>
<li>[CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges</li>
<li>[CVE-2022-44572] Forbid control characters in attributes (also
ReDoS)</li>
</ul>
<h2>[3.0.4] - 2023-01-17</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="983b6e3b29"><code>983b6e3</code></a>
Bump patch version.</li>
<li><a
href="e5a30bf548"><code>e5a30bf</code></a>
Support underscore in host names for Rack 2.2 (Fixes <a
href="https://redirect.github.com/rack/rack/issues/2070">#2070</a>) (<a
href="https://redirect.github.com/rack/rack/issues/2071">#2071</a>)</li>
<li><a
href="70185aa15a"><code>70185aa</code></a>
Merge branch '2-2-sec' into 2-2-stable</li>
<li><a
href="27addc7f1a"><code>27addc7</code></a>
bump version</li>
<li><a
href="ee7919ea04"><code>ee7919e</code></a>
Avoid ReDoS problem</li>
<li><a
href="6f79642d90"><code>6f79642</code></a>
Merge branch '2-2-sec' into 2-2-stable</li>
<li><a
href="d6b5b2bab8"><code>d6b5b2b</code></a>
bump version</li>
<li><a
href="9aac3757fe"><code>9aac375</code></a>
Limit all multipart parts, not just files</li>
<li><a
href="cd4c9f0e4b"><code>cd4c9f0</code></a>
Correct the year in the changelog (<a
href="https://redirect.github.com/rack/rack/issues/2015">#2015</a>)</li>
<li><a
href="2606ac5d5d"><code>2606ac5</code></a>
bumping version</li>
<li>Additional commits viewable in <a
href="https://github.com/rack/rack/compare/2.2.4...v2.2.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/firezone/firezone/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This PR adds a product roadmap landing page to our marketing site. The
primary goal is to keep our users informed about major new upcoming
features and releases while still allow enough flexibility around
timeline expectations so that we aren't crunching to meet arbitrary
deadlines.
Add a reorganization disclaimer pointing to the old `legacy` branch.
Will have a new README prepared with appropriate marketing content later
alongside the 1.0 announcement blogpost. This will keep engineers
unblocked and things tidy in the meantime.
This PR improves the build process for the macOS / iOS apps by building
connlib as part of the macOS / iOS app build.
Fixesfirezone/product#625.
This is how the build would work after this PR:
- `build-rust.sh` creates `libconnlib.a` for the appropriate target
triples only. lipo is not used. When creating macOS debug builds, it’s
built only for the native architecture.
- The network extension targets in the Xcode project set a library
search path as the cargo target dir, so that the Xcode build for a
target triple can pickup the appropriate `libconnlib.a` at link time.
Swift code reorganizations:
- connlib’s Adapter has moved to the main app
- connlib’s CallbackHandler’s logic has moved to Adapter, which is set
as CallbackHandler’s delegate. The CallbackHandler serves as an
interface to receive callbacks from the FFI. In case we need to change
the FFI, CallbackHandler should change as well, so it remains in the
connlib directory. In case of changes to the Rust FFI, as part of the
Rust FFI change PR, we can modify the CallbackHandler class and leave
the delegate unchanged, so that the app can continue to be built without
errors.
- `Connlib.xcodeproject` and build scripts for building
`Connlib.xcframework` are removed
- Connlib headers and Swift files are copied to
`FirezoneNetworkExtension/Connlib` as part of the build process, and
used from there.
Rust build changes:
- The rust target dir remains the same, but it’s ~~passed explicitly as
`--target-dir`~~ used to set `CARGO_TARGET_DIR`, so that the same target
dir can be used to populate Xcode’s library search paths
- The `build.rs` for connlib-apple had lots of code to build Swift code
as part of the Rust build. This PR reverts it to the previous simple
version. With this PR, building connlib-apple (i.e. running
`build-rust.sh`) only builds the Rust code.
- ~~We set `cargo:rerun-if-env-changed=CONNLIB_MOCK`.~~ We don't set
this because it's not required.
- The Rust CI job for building connlib-apple is removed. It's built when
the macOS / iOS apps are built in swift.yml. This means that with this
PR, connlib-apple is tested only when `rust/connlib/**` changes, not
when `rust/**` changes. Is that ok?
Other changes not directly related to the build process change but part
of this PR:
- There’s a cleanup script: `./cleanup.sh`
- Fixed a typo in `swift-pass-checks.yml`: “paths-ginore”
Previously, we would access the state around allocations from different
places. This actually led to a minor memory leak where we wouldn't clean
up the `allocations_by_port` table. We refactor the code slightly to
avoid this.
---------
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
~~This is an attempt to fix the CI bug
[here](https://github.com/firezone/firezone/actions/runs/5491388141/jobs/10007864417#step:4:1638)
possibly introduced in
[d9eb2d18](https://github.com/firezone/firezone/commit/d9eb2d18#diff-88bd94db0d5cfd5f0617b7c4ed48c0212597378ed7e28714c5d86c95999b4c7dR29)
and uncovered / exacerbated in Elixir 1.15~~
Edit: looks like this ended up being a couple cache issues with GitHub
actions:
1. The `elixir_api-container-build` cache would always overwrite the
`elixir_web-container-build` on subsequent builds of the same
`github.ref_name` (cache is scoped to branch name by default), leading
to the consistent error `Elixir.Web.Mailer.NoopAdapter does not exist`
whenever a branch was pushed to more than once.
2. The same thing happens with the `integration_test-basic-flow` job
because the `api` service gets built after the `web` service in
docker-compose.yml, overwriting its cache
For some reason it seems the `APPLICATION_NAME` ARG is not busting the
Docker cache properly on GitHub actions for elixir container builds, so
the fix here was to [use
`scope=`](https://docs.docker.com/build/cache/backends/gha/#scope) to
segregate the cache layers between builds of the same branch.
With this patch, the relay exposes a `--json` and `JSON_LOG` env
variable that will activate logs in JSON format the way it is expected
by google cloud:
https://cloud.google.com/logging/docs/structured-logging
In addition, we make use of spans to record contextual information as
first-class variables that are available in the context of every
message. An example output here is:
```
{"time":"2023-07-06T19:54:42.643694430Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/main.rs","line":"156"},"severity":"INFO","message":"Seeding RNG from '0'"}
{"time":"2023-07-06T19:54:42.644408014Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/main.rs","line":"130"},"severity":"INFO","message":"Listening for incoming traffic on UDP port 3478"}
{"time":"2023-07-06T19:54:42.843247996Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/server.rs","line":"417"},"span":{"lifetime":"600","name":"allocate"},"spans":[{"sender":"127.0.0.1:46406","transaction_id":"0531a911a24d1e5297b94cb2","name":"client"},{"lifetime":"600","name":"allocate"}],"severity":"INFO","ip4RelayAddress":"127.0.0.1:65460","message":"Created new allocation"}
{"time":"2023-07-06T19:54:42.851623041Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/server.rs","line":"569"},"span":{"allocation":"AID-1","peer_address":"127.0.0.1:42314","requested_channel":"16384","name":"channel_bind"},"spans":[{"sender":"127.0.0.1:46406","transaction_id":"e99e07e482789cdc30bd2b50","name":"client"},{"allocation":"AID-1","peer_address":"127.0.0.1:42314","requested_channel":"16384","name":"channel_bind"}],"severity":"INFO","message":"Successfully bound channel"}
{"time":"2023-07-06T19:54:42.852889208Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/server.rs","line":"288"},"span":{"allocation_id":"AID-1","channel":16384,"recipient":"127.0.0.1:46406","sender":"127.0.0.1:42314","name":"peer"},"spans":[{"allocation_id":"AID-1","channel":16384,"recipient":"127.0.0.1:46406","sender":"127.0.0.1:42314","name":"peer"}],"severity":"DEBUG","message":"Relaying 32 bytes"}
{"time":"2023-07-06T19:54:42.854625857Z","target":"relay","logging.googleapis.com/sourceLocation":{"file":"relay/src/server.rs","line":"619"},"span":{"channel":"16384","recipient":"127.0.0.1:42314","name":"channel_data"},"spans":[{"sender":"127.0.0.1:46406","name":"client"},{"channel":"16384","recipient":"127.0.0.1:42314","name":"channel_data"}],"severity":"DEBUG","message":"Relaying 32 bytes"}
```
For some reason, the current `span` is always duplicated but I don't
think that is a big issue. When run using the regular log formatter, it
looks like this:
```
2023-07-06T20:02:33.939273Z INFO relay: Seeding RNG from '0'
2023-07-06T20:02:33.940153Z INFO relay: Listening for incoming traffic on UDP port 3478
2023-07-06T20:02:34.135801Z INFO client{sender=127.0.0.1:33919 transaction_id="7092a2363377709cd18b9d98"}:allocate{lifetime=600}: relay: Created new allocation ip4_relay_address=127.0.0.1:65460
2023-07-06T20:02:34.144833Z INFO client{sender=127.0.0.1:33919 transaction_id="4e1a18e58953242c92a075a3"}:channel_bind{requested_channel=16384 peer_address=127.0.0.1:47859 allocation="AID-1"}: relay: Successfully bound channel
2023-07-06T20:02:34.145501Z DEBUG peer{sender=127.0.0.1:47859 allocation_id=AID-1 recipient=127.0.0.1:33919 channel=16384}: relay: Relaying 32 bytes
2023-07-06T20:02:34.146863Z DEBUG client{sender=127.0.0.1:33919}:channel_data{channel=16384 recipient=127.0.0.1:47859}: relay: Relaying 32 bytes
```
This provides lots of contextual information in a DRY and easily
parse-able way.
---------
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Instead of having portal URL and token optional, we default the portal
URL and decide based on the presence of the token, whether we should
connect to the portal on startup. This allows the relay to be
used/tested standalone and keeps the number of config options and error
cases small.
We require the user to config the full path of the websocket and thus
avoid the need for duplicating the connlib function. Given that most
users will never need to override this option, this seems like a good
trade-off.
Resolves https://github.com/firezone/product/issues/614.
This PR fixes a bunch of small things to allow a new flow to test
clients pinging a resource within docker compose.
Masquerade/Forwarding is enabled directly in the container for now, this
might change in the future.
Also added a README to be able to run this locally.
---------
Signed-off-by: Gabi <gabrielalejandro7@gmail.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
With this PR the full control-plane message flow is working.
Meaning that if you do:
```
docker compose up -d
docker compose exec -it client "ping 172.20.0.2" # will fix this IP later
```
Messages start flowing to gateway. The gateway still not correctly
forwards the messages to the resource since masquerading is still not
working, although I suspect there might be an additional problem. Will
fix this in my next PR along with a README on how to test this whole
flow.
This PR also fixes how we sent the stamp secret to the gateway from the
relay, but I still see some warnings in the webrtc that I'm sure that
are due to a mismatch between how webrtc-rs and the relay handle
messages (The most important being `bind() failed: unexpected response
type`), I will take a look at that and a way to test that the flow works
when:
1. hole-punching is available
2. through relay when it's not
Since the flow right now works without hole-punching or relay since the
gateway is in the same network in the docker compose.
Resolvesfirezone/product#607
Setting the env var `CONNLIB_MOCK` when building through either
`build-rust.sh` or `gradle` will activate the `mock` feature.
- Instead of having two, very similar jobs, we run our fmt, clippy and
tests steps across all crates and operating systems.
- We remove the dependency of the android and apple builds on the tests
and thus get faster feedback.
- We force clippy to fail on any warning. This one is super important
IMO. Warnings in Rust are very useful and ignoring them can lead to bugs
(think "unused Result" etc).
Resolves#1714.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Francesca Lovebloom <franlovebloom@gmail.com>
Stubs out the client app dirs and basic CI workflow for the client apps
in preparation to move them into this repository.
After this is merged @roop @pratikvelani you should be able to add the
client repos here.
Looks like for some reason the id/1 callback doesn't subscribe the channel process any more (only the socket itself), so we are doing that explicitly now.
