Currently, only the gateway has a reconnect logic for (transient) errors
when connecting to the portal. Instead of duplicating this for the
relay, I moved the reconnect state machine to `phoenix-channel`. This
means the relay now automatically gets it too and in the future, the
clients will also benefit from it.
As a nice benefit, this also greatly simplifies the gateway's
`Eventloop` and removes a bunch of cruft with channels.
Resolves: #2915.
- [x] Confirm that the PID of the pipe client matches the PID of the
subprocess we just spawned
- [x] (redundant?) Send a unique cookie to the child process' stdin and
require it to be echoed back over the named pipe. An attacker could not
intercept the token since the stdin belongs to the subprocess we just
spawned
I didn't realize, but named pipes and CLI args are both readable by
other process, so any other process could connect to our named pipe and
do a MITM.
I don't know how Chromium protects itself from this, so I did some
research and just made something up.
After this I'll probably break it up into submodules, `ipc.rs` is about
600 lines and probably more than half is just tests.
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
This required making `allow_access` `async` which is ugly, but we can
fix it later like we did it with `set_peer_connection_request`, but
doing this ASAP otherwise this would block the `peers_by_ip` struct and
also block the executor a bunch of times and slow everything down.
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.17 to 4.4.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/clap-rs/clap/releases">clap's
releases</a>.</em></p>
<blockquote>
<h2>v4.4.18</h2>
<h2>[4.4.18] - 2024-01-16</h2>
<h3>Fixes</h3>
<ul>
<li><em>(error)</em> When lacking <code>usage</code> feature, ensure the
list of required arguments is unique</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's
changelog</a>.</em></p>
<blockquote>
<h2>[4.4.18] - 2024-01-16</h2>
<h3>Fixes</h3>
<ul>
<li><em>(error)</em> When lacking <code>usage</code> feature, ensure the
list of required arguments is unique</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0134f45ff0"><code>0134f45</code></a>
chore: Release</li>
<li><a
href="995ee03277"><code>995ee03</code></a>
docs: Update changelog</li>
<li><a
href="2f1890907e"><code>2f18909</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5314">#5314</a>
from epage/required</li>
<li><a
href="0a635b9a20"><code>0a635b9</code></a>
fix(parser): Don't duplicate requireds when usage disabled</li>
<li><a
href="e648e086f3"><code>e648e08</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5311">#5311</a>
from sourcefrog/doc-exitcode</li>
<li><a
href="8c83971b8c"><code>8c83971</code></a>
docs: Link to exit code info</li>
<li><a
href="b250c0b5f5"><code>b250c0b</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5310">#5310</a>
from epage/pty</li>
<li><a
href="c742b8eb0c"><code>c742b8e</code></a>
chore(complete): Update completest-pty</li>
<li><a
href="f524d84c1d"><code>f524d84</code></a>
chore: Release</li>
<li><a
href="944fb81cf5"><code>944fb81</code></a>
docs: Update changelog</li>
<li>Additional commits viewable in <a
href="https://github.com/clap-rs/clap/compare/v4.4.17...v4.4.18">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.6.1 to 1.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/uuid-rs/uuid/releases">uuid's
releases</a>.</em></p>
<blockquote>
<h2>1.7.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add missing test for invalid parse_str by <a
href="https://github.com/CXWorks"><code>@CXWorks</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/723">uuid-rs/uuid#723</a></li>
<li>Upgrade borsh unstable dependency to v1.0 and make it stable by <a
href="https://github.com/bgeron"><code>@bgeron</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/724">uuid-rs/uuid#724</a></li>
<li>Reduce the package size of uuid by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/726">uuid-rs/uuid#726</a></li>
<li>Make use of newer Cargo features for specifying dependencies by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/727">uuid-rs/uuid#727</a></li>
<li>Prepare for 1.7.0 release by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/728">uuid-rs/uuid#728</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/CXWorks"><code>@CXWorks</code></a> made
their first contribution in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/723">uuid-rs/uuid#723</a></li>
<li><a href="https://github.com/bgeron"><code>@bgeron</code></a> made
their first contribution in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/724">uuid-rs/uuid#724</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/uuid-rs/uuid/compare/1.6.1...1.7.0">https://github.com/uuid-rs/uuid/compare/1.6.1...1.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cefc353334"><code>cefc353</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/728">#728</a> from
uuid-rs/cargo/1.7.0</li>
<li><a
href="3255b5414b"><code>3255b54</code></a>
prepare for 1.7.0 release</li>
<li><a
href="403bb17c1a"><code>403bb17</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/727">#727</a> from
uuid-rs/chore/cargo-cleanup</li>
<li><a
href="b7c6e26fea"><code>b7c6e26</code></a>
make use of newer Cargo features for specifying dependencies</li>
<li><a
href="ed13c73c7c"><code>ed13c73</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/726">#726</a> from
uuid-rs/chore/pkg-size</li>
<li><a
href="2e92a3d45f"><code>2e92a3d</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/724">#724</a> from
bgeron/borsh-1</li>
<li><a
href="38f01ffccf"><code>38f01ff</code></a>
rename workflow</li>
<li><a
href="eab4b85919"><code>eab4b85</code></a>
reduce the package size of uuid</li>
<li><a
href="421d752847"><code>421d752</code></a>
Make the borsh feature work by itself, without having to specify private
feat...</li>
<li><a
href="2534949aa3"><code>2534949</code></a>
Continue making feature borsh stable, as suggested by <a
href="https://github.com/KordAus"><code>@KordAus</code></a></li>
<li>Additional commits viewable in <a
href="https://github.com/uuid-rs/uuid/compare/1.6.1...1.7.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[async-compression](https://github.com/Nullus157/async-compression) from
0.4.5 to 0.4.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/Nullus157/async-compression/releases">async-compression's
releases</a>.</em></p>
<blockquote>
<h2>async-compression: v0.4.6</h2>
<ul>
<li>Flush available data in decoder even when there's no incoming
input.</li>
<li>Return errors instead of panicking in all encode and decode
operations.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Nullus157/async-compression/blob/main/CHANGELOG.md">async-compression's
changelog</a>.</em></p>
<blockquote>
<h2>0.4.6</h2>
<ul>
<li>Flush available data in decoder even when there's no incoming
input.</li>
<li>Return errors instead of panicking in all encode and decode
operations.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d913b2710c"><code>d913b27</code></a>
Merge pull request <a
href="https://redirect.github.com/Nullus157/async-compression/issues/257">#257</a>
from Nullus157/rel-046</li>
<li><a
href="ea4bb3cd22"><code>ea4bb3c</code></a>
Merge branch 'main' into rel-046</li>
<li><a
href="6e3996d821"><code>6e3996d</code></a>
Merge pull request <a
href="https://redirect.github.com/Nullus157/async-compression/issues/247">#247</a>
from Nullus157/fix-123</li>
<li><a
href="e323ad9c0c"><code>e323ad9</code></a>
chore: prepare release 0.4.6</li>
<li><a
href="db0d11f5f4"><code>db0d11f</code></a>
fix merge error</li>
<li><a
href="22ed0ac4ca"><code>22ed0ac</code></a>
flush data still available in the decoder when no input (<a
href="https://redirect.github.com/Nullus157/async-compression/issues/123">#123</a>)</li>
<li><a
href="7a57dfd374"><code>7a57dfd</code></a>
style: consistent use of io::Error* (<a
href="https://redirect.github.com/Nullus157/async-compression/issues/256">#256</a>)</li>
<li><a
href="5926e78444"><code>5926e78</code></a>
Merge pull request <a
href="https://redirect.github.com/Nullus157/async-compression/issues/255">#255</a>
from garypen/garypen/fewer-panics</li>
<li><a
href="3daaee7b7a"><code>3daaee7</code></a>
Add missing Use statements</li>
<li><a
href="cf7a1df61b"><code>cf7a1df</code></a>
Replacing panics with errors improves the usability of the crate</li>
<li>See full diff in <a
href="https://github.com/Nullus157/async-compression/compare/async-compression-v0.4.5...async-compression-v0.4.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [shlex](https://github.com/comex/rust-shlex) from 1.2.0 to 1.3.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/comex/rust-shlex/blob/master/CHANGELOG.md">shlex's
changelog</a>.</em></p>
<blockquote>
<h1>1.3.0</h1>
<ul>
<li>Full fix for the high-severity security vulnerability <a
href="https://rustsec.org/advisories/RUSTSEC-2024-0006.html">RUSTSEC-2024-0006</a>
a.k.a. <a
href="https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27">GHSA-r7qv-8r2h-pg27</a>:
<ul>
<li>Deprecates quote APIs in favor of <code>try_</code> equivalents that
complain about nul bytes.</li>
<li>Also adds a builder API, which allows re-enabling nul bytes without
using the deprecated interface, and in the future can allow other things
(as discussed in quoting_warning).</li>
<li>Adds documentation about various security risks that remain,
particularly with interactive shells.</li>
</ul>
</li>
<li>Adds explicit MSRV of 1.46.0.</li>
</ul>
<h1>1.2.1</h1>
<ul>
<li>Partial fix for the high-severity security vulnerability <a
href="https://rustsec.org/advisories/RUSTSEC-2024-0006.html">RUSTSEC-2024-0006</a>
a.k.a. <a
href="https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27">GHSA-r7qv-8r2h-pg27</a>
without bumping MSRV:
<ul>
<li>The bytes <code>{</code> and <code>\xa0</code> are now escaped by
quoting functions.</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/comex/rust-shlex/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/firezone/firezone/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Probably needs some refactoring and prettifying before it comes out of
drafts.
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
I tested this by temporarily putting panics in `test_ipc_manager` and
`test_ipc_worker`.
It looks like, if a process crashes, Windows will clean up its named
pipe, and the process waiting on the other side of the named pipe will
get an error.
This is good but it's not air-tight - ~~We could still have a situation
where a worker process locks up, and the main process crashes, and the
worker process then leaks.~~ #3311 will fix that
For that case I'll try this
https://stackoverflow.com/questions/53208/how-do-i-automatically-destroy-child-processes-in-windows
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Bumps [wintun](https://github.com/nulldotblack/wintun) from 0.3.2 to
0.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nulldotblack/wintun/releases">wintun's
releases</a>.</em></p>
<blockquote>
<h2>v0.4.0</h2>
<h2>Added</h2>
<ul>
<li><code>Adapter::get_mtu</code>, <code>set_dns_servers</code>, and
<code>Adapter::get_active_network_interface_gateways</code>: <a
href="https://redirect.github.com/nulldotblack/wintun/pull/13">nulldotblack/wintun#13</a></li>
<li><code>Error::ShuttingDown</code>: <a
href="https://redirect.github.com/nulldotblack/wintun/pull/14">nulldotblack/wintun#14</a></li>
</ul>
<h3>Breaking Changes</h3>
<ul>
<li>Adding the <code>ShuttingDown</code> variant to
<code>wintun::Error</code> breaks exhastive matches on previous
versions. <code>wintun::Error</code> is now marked
<code>#[non_exhaustive]</code> to make future additions backwards
compatable</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/nulldotblack/wintun/blob/main/CHANGELOG.md">wintun's
changelog</a>.</em></p>
<blockquote>
<h2>[0.4.0] - 2024-01-12</h2>
<h2>Added</h2>
<ul>
<li><code>Adapter::get_mtu</code>, <code>set_dns_servers</code>, and
<code>Adapter::get_active_network_interface_gateways</code>: <a
href="https://redirect.github.com/nulldotblack/wintun/pull/13">nulldotblack/wintun#13</a></li>
<li><code>Error::ShuttingDown</code>: <a
href="https://redirect.github.com/nulldotblack/wintun/pull/14">nulldotblack/wintun#14</a></li>
</ul>
<h3>Breaking Changes</h3>
<ul>
<li>Adding the <code>ShuttingDown</code> variant to
<code>wintun::Error</code> breaks exhastive matches on previous
versions. <code>wintun::Error</code> is now marked
<code>#[non_exhaustive]</code> to make future additions backwards
compatable</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/nulldotblack/wintun/commits/v0.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>
To work around #2975 I want to run connlib in a subprocess.
We're already using Tokio' `named_pipe` module for deep links, so I made
a generic request-response IPC system with it.
This can get merged in as its own PR, and the actual moving of the
connlib `Session` will be a later PR atop this.
Bumps [h2](https://github.com/hyperium/h2) from 0.3.23 to 0.3.24.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hyperium/h2/releases">h2's
releases</a>.</em></p>
<blockquote>
<h2>v0.3.24</h2>
<h2>Fixed</h2>
<ul>
<li>Limit error resets for misbehaving connections.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/hyperium/h2/blob/v0.3.24/CHANGELOG.md">h2's
changelog</a>.</em></p>
<blockquote>
<h1>0.3.24 (January 17, 2024)</h1>
<ul>
<li>Limit error resets for misbehaving connections.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7243ab5854"><code>7243ab5</code></a>
Prepare v0.3.24</li>
<li><a
href="d919cd6fd8"><code>d919cd6</code></a>
streams: limit error resets for misbehaving connections</li>
<li>See full diff in <a
href="https://github.com/hyperium/h2/compare/v0.3.23...v0.3.24">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/firezone/firezone/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Closes#3211
Also generally reduces our dependence on Tauri a lot, breaking some
cycles of "I need this initialized to initialize Tauri, but I need Tauri
initialized to initialize this"
Specifically deep linking had some problems:
- Passing PIPE_ID when there was no other possible valid argument
- Production use case accidentally flowed through a debug subcommand
- Unused subcommands that were ready to be removed
Currently, `firezone-connection` can only handle connections on a LAN.
Via the use of a STUN server, we can discover our public IP and attempt
to direct, hole-punched connection across multiple subnets.
While working on #3288 I saw a few messages that we don't explicitly
handle from the portal.
This PR changes it so that we handle them correctly and we don't just
depend on coincidental behavior..
... ProgramData/dev.firezone.client/dumps/last_crash.dmp, in debug
builds only for now
For #3111.
I was way off on my estimated dump size. It's only about 500 KB.
Please double-check that the Linux exes are still stripped properly.
Windows, Linux, and Mac have different ways to do embedded or
non-embedded debug info, so the Windows client should still be 20 MB but
with a ~62MB pdb next to it, and the Linux client should still be 15 MB.
- [ ] Check Linux artifacts weren't accidentally affected
- [ ] Make sure connlib's panic handler doesn't interfere with this
- [ ] Later on, change CI so pdb files are saved as artifacts
- [ ] Later on, enable for release builds
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Some dns servers return NXDOMAIN for queries where the address exists
but there is no
answer for the given query type(e.g. AAAA-only records). This is not up
to spec and
musl PROPERLY assumes that means there is no record of any type. Saddly,
this happens even
with google DNS so we can expect it to happen everywhere. So we use
getaddrinfo to separate
requests for A and AAAA queries and preventing this.
Seems to work locally, though the exact situation where we have a record
that returns NXDOMAIN while it exists is easier to reproduce in staging,
we should test it after we merge.
Fixes#3215
With https://github.com/firezone/firezone/pull/3245, there is now a 2nd
place where we set the `remote_socket` field. Hence, for the log message
to be correct we need to compare whether the new socket actually differs
from the existing one.
Turns out #3276 was only part of the problem. After that was fixed, the
issue did turn out to be the statically-linked libc runtime. Staging was
using dynamic linking and so didn't hit the issue.
This reverts back to musl which has been tested as @AndrewDryga noted.
Currently, we are hardcoding the network interface to use in the docker
compose file. This doesn't scale pariticularly well because
docker-compose doesn't like it when networks have overlapping address
ranges. Instead of hard-coding the address, we let docker compose choose
a network range and assign addresses to us.
---------
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
