mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
f2ff5dfecaa3cb95f4a7809f0fb6a13e8b9bc90d
8101 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Jamil
|
f2ff5dfeca |
fix(android): launch auth in CustomTab (#10371)
Unfortunately, Firefox on Android seems to have a bug where it only allows one tab to intercept the custom URI scheme handler for our auth redirect. This causes an issue where the first sign in works, but subsequent ones do not because that first tab is still open. Luckily the fix here is quite simple. By using Android's CustomTabs to launch the activity, only one, sandboxed instance is ever open and the URI intercept works reliably. Both Firefox and Chrome (and likely other browsers) support CustomTabs, which means the user's default browser is used, allowing cookies, password managers, etc to be used. Related to this, this PR also fixes a bug where dismissing the launched auth flow would result in it immediately relaunching, making it impossible to get back to the app unless you force quit or complete the sign in process. Fixes #10318 |
||
|
Thomas Eizinger
|
90d10a8634 |
refactor(connlib): improve fairness of event-loop (#10347)
The event-loop inside `Tunnel` processes input according to a certain priority. We only take input from lower priority sources when the higher priority sources are not ready. The current priorities are: - Flush all buffers - Read from UDP sockets - Read from TUN device - Read from DNS servers - Process recursive DNS queries - Check timeout The idea of this priority ordering is to keep all kinds of processing bounded and "finish" any kind of work that is on-going before taking on new work. Anything that sits in a buffer is basically done with processing and just needs to be written out to the network / device. Arriving UDP packets have already traversed the network and been encrypted on the other end, meaning they are higher priority than reading from the TUN device. Packets from the TUN device still need to be encrypted and sent to the remote. Whilst there is merit in this design, it also bears the potential of starving input sources further down if the top ones are extremely busy. To prevent this, we refactor `Io` to read from all input sources and present it to the event-loop as a batch, allowing all sources to make progress before looping around. Since this event-loop has first been conceived, we have refactored `Io` to use background threads for the UDP sockets and TUN device, meaning they will make progress by themselves anyway until the channels to the main-thread fill up. As such, there shouldn't be any latency increase in processing packets even though we are performing slightly more work per event-loop tick. This kind of batch-processing highlights a problem: Bailing out with an error midway through processing a batch leaves the remainder of the batch unprocessed, essentially dropping packets. To fix this, we introduce a new `TunnelError` type that presents a collection of errors that we encountered while processing the batch. This might actually also be a problem with what is currently in `main` because we are already batch-processing packets there but possibly are bailing out midway through the batch. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Mariusz Klochowicz <mariusz@klochowicz.com> |
||
|
Thomas Eizinger
|
3e6094af8d |
feat(linux): try to set rmem_max and wmem_max on startup (#10349)
The default send and receive buffer sizes on Linux are too small (only ~200 KB). Checking `nstat` after an iperf run revealed that the number of dropped packets in the first interval directly correlates with the number of receive buffer errors reported by `nstat`. We already try to increase the send and receive buffer sizes for our UDP socket but unfortunately, we cannot increase them beyond what the system limits them to. To workaround this, we try to set `rmem_max` and `wmem_max` during startup of the Linux headless client and Gateway. This behaviour can be disabled by setting `FIREZONE_NO_INC_BUF=true`. This doesn't work in Docker unfortunately, so we set the values manually in the CI perf tests and verify after the test that we didn't encounter any send and receive buffer errors. It is yet to be determined how we should deal with this problem for all the GUI clients. See #10350 as an issue tracking that. Unfortunately, this doesn't fix all packet drops during the first iperf interval. With this PR, we now see packet drops on the interface itself. |
||
|
Thomas Eizinger
|
7222167b13 |
fix(connlib): limit the number of optimistic candidates (#10367)
To facilitate direct connections, `connlib` generates "optimistic" candidates that combine the port of the host candidate with the IP of the server-reflexive candidate. This allows sysadmins to port-forward the Firezone port 52625 on the Gateway, allowing for direct connections to happen behind symmetric NAT. This feature is only really useful for IPv4 as IPv6 doesn't need symmetric NAT due to the larger address space. It is also quite common that users have multiple IPv6 addresses on a single interface. The combination of the two can result in CPU spikes on the Gateway if a client connects and sends over e.g. 10 IPv6 host candidates and various IPv6 server-reflexive candidates. The Gateway then ends up in a loop where it creates an NxM matrix of all these candidates. To mitigate this, we disable optimistic candidates for IPv6 altogether and limit the number of IPv4 optimistic candidates to 2. |
||
|
Thomas Eizinger
|
69afe71215 |
refactor(connlib): remove concept of "ReplyMessages" (#10361)
In earlier versions of Firezone, the WebSocket protocol with the portal was using the request-response semantics built into Phoenix. This however is quite cumbersome to work with to due to the polymorphic nature of the protocol design. We ended up moving away from it and instead only use one-way messages where each event directly corresponds to a message type. However, we have never removed the capability reply messages from the `phoenix-channel` module, instead all usages just set it to `()`. We can simplify the code here by always setting this to `()`. Resolves: #7091 |
||
|
Mariusz Klochowicz
|
b1ed2f8a5e |
chore: improve macos dev experience (#10363)
Quality of life improvements for macOS devs, mostly relevant when not using Xcode as daily driver - although some convenience functions & explicit sentry dependency should make it better there too. |
||
|
Mariusz Klochowicz
|
852a7a9484 |
chore(dependabot): Add 28-day cooldown for supply-chain security (#10365)
Configure Dependabot with a 28-day cooldown period across all package ecosystems to protect against supply-chain attacks. This ensures newly released packages undergo community vetting before adoption. Key changes: - Add 7-day cooldown for all dependency types (major, minor, patch) - Switch from monthly to weekly checks to ensure timely updates after cooldown expires - Use YAML anchors to maintain DRY configuration (we can unfold them if we need custom config) Security rationale: - Most supply-chain attacks are discovered within a few days of release - Patch versions are particularly vulnerable as they're often auto-merged with less scrutiny - Weekly checks + 28-day cooldown = roughly matching previous elixir dependency update cadence Note: Security updates bypass the cooldown and are applied immediately, ensuring critical CVEs are patched without delay |
||
|
Thomas Eizinger
|
22eac1ad6d |
ci: add latency to routers (#10352)
Now that we have a more realistic network setup in our compose file, we can extend our router containers to apply the latency on the network path. This means any use of the compose file has a latency by default, simplifying our CI setup. It also allows us to restart containers without having to re-apply the latency which is useful during performance testing. |
||
|
Thomas Eizinger
|
a251383edb |
docs: update Gateway sizing recommendations (#10362)
Resolves: #8769 |
||
|
Thomas Eizinger
|
737137df97 |
chore: remove nix flake (#10364)
I am not longer using Nix so this is now effectively unmaintained. Let's remove it so it doesn't got stale. |
||
|
Thomas Eizinger
|
55f6f9caf4 |
ci: faster client healthcheck (#10359)
The default healthcheck only checks every 30s which unnecessarily delays the docker-compose setup. By adding our common healthcheck params to the client, we can increase the startup speed. |
||
|
Thomas Eizinger
|
eb7090ac2c |
ci: up the veth-config container last (#10351)
It appears that we still have a race condition where the `veth-config` container runs too early and ends up not applying the `XDP_PASS` program to all interfaces, causing the double symmetric NAT integration test to fail: https://github.com/firezone/firezone/actions/runs/17718375157/job/50346744176?pr=10347 |
||
|
dependabot[bot]
|
cc6b748942 |
build(deps): bump tempfile from 3.21.0 to 3.22.0 in /rust (#10354)
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.21.0 to 3.22.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md">tempfile's changelog</a>.</em></p> <blockquote> <h2>3.22.0</h2> <ul> <li>Updated <code>windows-sys</code> requirement to allow version 0.61.x</li> <li>Remove <code>unstable-windows-keep-open-tempfile</code> feature.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
50831db410 |
build(deps): bump serde_json from 1.0.143 to 1.0.145 in /rust (#10358)
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.143 to 1.0.145. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/json/releases">serde_json's releases</a>.</em></p> <blockquote> <h2>v1.0.145</h2> <ul> <li>Raise serde version requirement to >=1.0.220</li> </ul> <h2>v1.0.144</h2> <ul> <li>Switch serde dependency to serde_core (<a href="https://redirect.github.com/serde-rs/json/issues/1285">#1285</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5fdc467924 |
build(deps): bump semver from 1.0.26 to 1.0.27 in /rust (#10357)
Bumps [semver](https://github.com/dtolnay/semver) from 1.0.26 to 1.0.27. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/semver/releases">semver's releases</a>.</em></p> <blockquote> <h2>1.0.27</h2> <ul> <li>Switch serde dependency to serde_core (<a href="https://redirect.github.com/dtolnay/semver/issues/333">#333</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
4a83383b61 |
build(deps): bump humantime from 2.2.0 to 2.3.0 in /rust (#10355)
Bumps [humantime](https://github.com/chronotope/humantime) from 2.2.0 to 2.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/chronotope/humantime/releases">humantime's releases</a>.</em></p> <blockquote> <h2>2.3.0</h2> <h2>What's Changed</h2> <ul> <li>Add 'wk', 'wks' for weeks and 'yr', 'yrs' for years by <a href="https://github.com/ryo1kato"><code>@ryo1kato</code></a> in <a href="https://redirect.github.com/chronotope/humantime/pull/50">chronotope/humantime#50</a></li> <li>Allow parsing zero durations with no units by <a href="https://github.com/RobertGauld"><code>@RobertGauld</code></a> in <a href="https://redirect.github.com/chronotope/humantime/pull/43">chronotope/humantime#43</a></li> <li>Use µs not us by <a href="https://github.com/RobertGauld"><code>@RobertGauld</code></a> in <a href="https://redirect.github.com/chronotope/humantime/pull/45">chronotope/humantime#45</a></li> <li>feat: parse_duration("0") by <a href="https://github.com/aatifsyed"><code>@aatifsyed</code></a> in <a href="https://redirect.github.com/chronotope/humantime/pull/55">chronotope/humantime#55</a></li> <li>Support fractional durations (with precision safeguards, without any new dependency) by <a href="https://github.com/TheElectronWill"><code>@TheElectronWill</code></a> in <a href="https://redirect.github.com/chronotope/humantime/pull/56">chronotope/humantime#56</a></li> <li>feat: Accept "+00:00" as an alternative way to specify the UTC timezone by <a href="https://github.com/TheElectronWill"><code>@TheElectronWill</code></a> in <a href="https://redirect.github.com/chronotope/humantime/pull/59">chronotope/humantime#59</a></li> <li>Fractional tweaks by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/chronotope/humantime/pull/60">chronotope/humantime#60</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
1045a7b255 |
build(deps): bump resolv-conf from 0.7.4 to 0.7.5 in /rust (#10356)
Bumps [resolv-conf](https://github.com/hickory-dns/resolv-conf) from 0.7.4 to 0.7.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hickory-dns/resolv-conf/releases">resolv-conf's releases</a>.</em></p> <blockquote> <h2>0.7.5</h2> <h2>What's Changed</h2> <ul> <li>Add support for no-aaaa option by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/hickory-dns/resolv-conf/pull/53">hickory-dns/resolv-conf#53</a></li> <li>Change to allow for easy linking with jemalloc for downstream crates by <a href="https://github.com/savyajha"><code>@savyajha</code></a> in <a href="https://redirect.github.com/hickory-dns/resolv-conf/pull/55">hickory-dns/resolv-conf#55</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
e2dce710f1 |
refactor: tidy up docker-compose.yml (#10334)
Our `docker-compose.yml` file has grown to a degree where it is almost unmanageable. Docker compose offers several tools to deal with complex compose setups, like include files and yaml anchors. We refactor our setup using these tools to organise these services and their configuration a bit better. |
||
|
Thomas Eizinger
|
a66a18782e |
chore(connlib): add context to IP packet parse errors (#10337)
We are seeing some very strange IP packet parse errors coming from MacOS devices. To better understand these, we extend the error messages with the src and dst IP as well as the L4 header. Related: #10335 |
||
|
Jamil
|
c043359c21 |
fix(portal): don't count internet site in limits (#10336)
Starter plans don't have access to the internet site so it's not fair to count it against their limits. Related: https://app.hubspot.com/contacts/23723443/record/0-5/29628021256 |
||
|
Thomas Eizinger
|
a39e70eb4a |
ci: run veth-config after containers have started up (#10333)
In order to make relaying reliable, we need to delay the startup of `veth-config` until all containers have booted successfully, otherwise the XDP_PASS program is not attached and relayed traffic is being dropped. |
||
|
Jamil
|
bbe8916944 |
fix(website): clarify pentest report (#10332)
It needs to be clarified that we do not provide these services and instead offer only our reports. --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Jamil
|
1f130ad562 |
fix(relay): XDP_PASS DNS replies (#10330)
DNS replies are UDP packets often arriving to our ephemeral range. As such, these get dropped because we attempt to look up a channel map for them and fail to find anything. To fix this, we assume all UDP packets arriving with a source port of 53 are DNS packets, and pass them up the stack. There are likely other types of UDP traffic this could be problematic for (QUIC comes to mind), but this fixes the immediate issue at hand for now, as detecting STUN probes is somewhat complex. Fixes #10329 |
||
|
Thomas Eizinger
|
0b89959354 |
fix(relay): handle relay-relay candidate pairs in eBPF (#10286)
Currently, the eBPF module can translate from channel data messages to UDP packets and vice versa. It can even do that across IP stacks, i.e. translate from an IPv6 UDP packet to an IPv4 channel data messages. What it cannot do is handle packets to itself. This can happen if both - Client and Gateway - pick the same relay to make an allocation. When exchanging candidates, ICE will then form pairs between both relay candidates, essentially requiring the relay to loop packets back to itself. In eBPF, we cannot do that. When sending a packet back out with `XDP_TX`, it will actually go out on the wire without an additional check whether they are for our own IP. Properly handling this in eBPF (by comparing the destination IP to our public IP) adds more cases we need to handle. The current module structure where everything is one file makes this quite hard to understand, which is why I opted to create four sub-modules: - `from_ipv4_channel` - `from_ipv4_udp` - `from_ipv6_channel` - `from_ipv6_udp` For traffic arriving via a data-channel, it is possible that we also need to send it back out via a data-channel if the peer address we are sending to is the relay itself. Therefore, the `from_ipX_channel` modules have four sub-modules: - `to_ipv4_channel` - `to_ipv4_udp` - `to_ipv6_channel` - `to_ipv6_udp` For the traffic arriving on an allocation port (`from_ipX_udp`), we always map to a data-channel and therefore can never get into a routing loop, resulting in only two modules: - `to_ipv4_channel` - `to_ipv6_channel` The actual implementation of the new code paths is rather simple and mostly copied from the existing ones. For half of them, we don't need to make any adjustments to the buffer size (i.e. IPv4 channel to IPv4 channel). For the other half, we need to adjust for the difference in the IP header size. To test these changes, we add a new integration test that makes use of the new docker-compose setup added in #10301 and configures masquerading for both Client and Gateway. To make this more useful, we also remove the `direct-` prefix from all tests as the test script itself no longer makes any decisions as to whether it is operating over a direct or relayed connection. Resolves: #7518 |
||
|
Thomas Eizinger
|
9cd25d70d8 |
ci: prevent packet reordering by router containers (#10328)
By default, RPS (Receive Packet Steering) is disabled on Linux which means the CPU handling the interrupt for an incoming packet also handles the packet. Under high-load, this can causes packet reordering in your test setup where at least two routers are in the path between Client and Gateway. To ensure our test suite is deterministic, we enable RPS and set it to 1, meaning always CPU 1 will handle all packets. Local testing has shown that this fixes the warnings of "packet counter too old" on the Gateway and instead, all packets arrive entirely in order. Source: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/performance_tuning_guide/network-rps |
||
|
Brian Manifold
|
e2e370fd76 | fix(portal): fix client show page sign-in method (#10327) | ||
|
Thomas Eizinger
|
83171d3a2d |
ci: add integration test for graceful Gateway shutdown (#10077)
Signed-off-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Thomas Eizinger
|
d1d46fdfb4 |
ci: create a more realistic network setup (#10301)
Currently, the setup we have in docker-compose does not reflect real-world scenarios very well because most components share the same subnet. In reality, Clients, Gateways, relays and the backend are all in separate subnets, connected via multiple routers on the Internet. The current setup makes it hard to properly test relayed connections. To fix this, we move all components into their own subnet with a dedicated router container that performs source and destination NAT as well as acts as a firewall for the client and gateway containers to not allow inbound traffic. This setup will allow us to more easily test #10286 which requires port randomization for outgoing traffic on the Client and Gateway side. |
||
|
Firezone Bot
|
d8079c869f | chore: publish apple-client 1.5.8 (#10323) | ||
|
Thomas Eizinger
|
f96cc3d583 |
feat(relay): remove graceful shutdown (#10322)
Initially, we added the graceful shutdown functionality to the relay to better deal with deploys and achieve as minimal downtime as possible. With the split of app and infrastructure that we now have, this functionality is no longer necessary as portal deploys don't touch the relay infra at all. Thus, we can remove this functionality which will actually speed-up deploys of the relays as systemd no longer has to time-out after sending the SIGTERM to the binary. |
||
|
Firezone Bot
|
af7f4c9992 | chore: publish headless-client 1.5.3 (#10320) | ||
|
Firezone Bot
|
cacef44b4b | chore: publish gateway 1.4.16 (#10321) | ||
|
Firezone Bot
|
ff8781b7b6 | chore: publish gui-client 1.5.7 (#10319) | ||
|
dependabot[bot]
|
0f17b5d4a3 |
build(deps): bump chrono from 0.4.41 to 0.4.42 in /rust (#10308)
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.41 to 0.4.42. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/chronotope/chrono/releases">chrono's releases</a>.</em></p> <blockquote> <h2>0.4.42</h2> <h2>What's Changed</h2> <ul> <li>Add fuzzer for DateTime::parse_from_str by <a href="https://github.com/tyler92"><code>@tyler92</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1700">chronotope/chrono#1700</a></li> <li>Fix wrong amount of micro/milliseconds by <a href="https://github.com/nmlt"><code>@nmlt</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1703">chronotope/chrono#1703</a></li> <li>Add warning about MappedLocalTime and wasm by <a href="https://github.com/lutzky"><code>@lutzky</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1702">chronotope/chrono#1702</a></li> <li>Fix incorrect parsing of fixed-length second fractions by <a href="https://github.com/chris-leach"><code>@chris-leach</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1705">chronotope/chrono#1705</a></li> <li>Fix cfgs for <code>wasm32-linux</code> support by <a href="https://github.com/arjunr2"><code>@arjunr2</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1707">chronotope/chrono#1707</a></li> <li>Fix OpenHarmony's <code>tzdata</code> parsing by <a href="https://github.com/ldm0"><code>@ldm0</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1679">chronotope/chrono#1679</a></li> <li>Convert NaiveDate to/from days since unix epoch by <a href="https://github.com/findepi"><code>@findepi</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1715">chronotope/chrono#1715</a></li> <li>Add <code>?Sized</code> bound to related methods of <code>DelayedFormat::write_to</code> by <a href="https://github.com/Huliiiiii"><code>@Huliiiiii</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1721">chronotope/chrono#1721</a></li> <li>Add <code>from_timestamp_secs</code> method to <code>DateTime</code> by <a href="https://github.com/jasonaowen"><code>@jasonaowen</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1719">chronotope/chrono#1719</a></li> <li>Migrate to core::error::Error by <a href="https://github.com/benbrittain"><code>@benbrittain</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1704">chronotope/chrono#1704</a></li> <li>Upgrade to windows-bindgen 0.63 by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1730">chronotope/chrono#1730</a></li> <li>strftime: simplify error handling by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1731">chronotope/chrono#1731</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5f73627eb7 |
build(deps): bump uuid from 1.18.0 to 1.18.1 in /rust (#10305)
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.18.0 to 1.18.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/uuid-rs/uuid/releases">uuid's releases</a>.</em></p> <blockquote> <h2>v1.18.1</h2> <h2>What's Changed</h2> <ul> <li>Unsafe cleanup by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/841">uuid-rs/uuid#841</a></li> <li>Prepare for 1.18.1 release by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/842">uuid-rs/uuid#842</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/uuid-rs/uuid/compare/v1.18.0...v1.18.1">https://github.com/uuid-rs/uuid/compare/v1.18.0...v1.18.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
e0ee94f60e |
chore: add basic context about Firezone for AI agents (#10284)
When using an AI-enabled editor (like Zed), it is useful to have a "rules" file to give it basic context about the project so we don't have to re-explain it every time. We can also extend this file with a list of code review instructions / coding guidelines for Copilot. See https://docs.github.com/en/copilot/how-tos/configure-custom-instructions/add-repository-instructions#asking-copilot-coding-agent-to-generate-a-githubcopilot-instructionsmd-file. I expect this file to grow as we learn which info the agents need about the product to be helpful. In order to use it, people are encouraged to create locally-ignored symlinks to the `docs/AGENT.md` file. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Mariusz Klochowicz
|
963cc8ede0 |
fix(apple): Enforce single Firezone instance (#10313)
show an alert to the user and ask to quit previous Firezone instance manually before starting a new one. Resolves: #10295 --------- Signed-off-by: Mariusz Klochowicz <mariusz@klochowicz.com> Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Thomas Eizinger
|
33a75f6fee |
chore(headless-client): don't make failures look like crashes (#10290)
Returning an error from `main` by default prints a backtrace. This may lead users to believe that the program is crashing when in fact it is exiting in a controlled way but with an error (such as when we don't have Internet during startup). Printing the chain of errors ourselves resolves this. |
||
|
Brian Manifold
|
56a3ce9041 |
fix(portal): move hard delete migrations (#10316)
Move some of the hard-delete migrations from manual to inline to allow us to deploy the `HEAD` of main |
||
|
Thomas Eizinger
|
4a612da189 |
fix(relay): filter traces by log filter (#10317)
We want to control which traces are collected and sent to OTEL with the log filter. To do that, we need to also apply the supplied log filter to the tracer. |
||
|
dependabot[bot]
|
46eb118a46 |
build(deps): bump time from 0.3.41 to 0.3.43 in /rust (#10309)
Bumps [time](https://github.com/time-rs/time) from 0.3.41 to 0.3.43. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/time-rs/time/releases">time's releases</a>.</em></p> <blockquote> <h2>v0.3.43</h2> <p>See the <a href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">changelog</a> for details.</p> <h2>v0.3.42</h2> <p>See the <a href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">changelog</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/time-rs/time/blob/main/CHANGELOG.md">time's changelog</a>.</em></p> <blockquote> <h2>0.3.43 [2025-09-02]</h2> <h3>Added</h3> <ul> <li>Support for <code>rand</code> 0.9</li> </ul> <h3>Fixed</h3> <ul> <li>In the <code>convert</code> module, any use of <code>per</code> with types that were not the same (such as <code>Nanosecond::per(Second)</code>) would not compile due to a bug. This has been fixed.</li> </ul> <h2>0.3.42 [2025-08-31]</h2> <h3>Added</h3> <ul> <li><code>Time::duration_until</code></li> <li><code>Time::duration_since</code></li> <li><code>per_t</code> method for all types in <code>time::convert</code>. This is similar to the existing <code>per</code> method, but can return any of the primitive numeric types that can represent the result. This will cut down on <code>as</code> casts while ensuring correctness. Type inference isn't perfect, so you may need to provide a type annotation in some situations.</li> <li><code>impl PartialOrd for Month</code> and <code>impl Ord for Month</code>; this assumes the months are in the same year</li> <li><code>SystemTimeExt</code> trait, adding methods for checked arithmetic with <code>time::Duration</code> and obtaining the difference between two <code>SystemTime</code>s as a <code>time::Duration</code></li> <li>Permit using <code>UtcDateTime</code> with <code>rand</code> (this was inadvertently omitted previously)</li> <li><code>impl core::error::Error</code> for all error types (now available when the <code>std</code> feature is disabled)</li> <li>MacOS can now obtain the local UTC offset in multi-threaded programs as the system APIs are thread-safe.</li> <li><code>#[track_caller]</code> has been added to all relevant methods.</li> </ul> <h3>Changed</h3> <ul> <li>The minimum supported Rust version is now 1.81.0.</li> <li>The dependency on <code>itoa</code> has been removed, as the standard library now has similar functionality by default.</li> <li>Formatting a component that involves a floating point number is now guaranteed to be deterministic, avoiding any subtle differences between platforms or compiler versions.</li> </ul> <h3>Fixed</h3> <ul> <li>Serializing timestamps with nanosecond precision <em>should</em> always emit the correct value. Previously, it could be off by one nanosecond due to floating point imprecision.</li> <li>A previously unknown bug in <code>OffsetDateTime::to_offset</code> and <code>UtcDateTime::to_offset</code> has been fixed. The bug could result in a value that was invalid. It was unlikely to ever occur in real-world code, as it involved passing a UTC offset that has never been used in any location.</li> </ul> <h3>Miscellaneous</h3> <ul> <li>The amount of code generated by macros has been massively reduced, on the order of 65-70% for typical use cases of <code>format_description!</code>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c16918116c |
build(deps): bump clap from 4.5.45 to 4.5.47 in /rust (#10307)
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.45 to 4.5.47. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/releases">clap's releases</a>.</em></p> <blockquote> <h2>v4.5.47</h2> <h2>[4.5.47] - 2025-09-02</h2> <h3>Features</h3> <ul> <li>Added <code>impl FromArgMatches for ()</code></li> <li>Added <code>impl Args for ()</code></li> <li>Added <code>impl Subcommand for ()</code></li> <li>Added <code>impl FromArgMatches for Infallible</code></li> <li>Added <code>impl Subcommand for Infallible</code></li> </ul> <h3>Fixes</h3> <ul> <li><em>(derive)</em> Update runtime error text to match <code>clap</code></li> </ul> <h2>v4.5.46</h2> <h2>[4.5.46] - 2025-08-26</h2> <h3>Features</h3> <ul> <li>Expose <code>StyledStr::push_str</code></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's changelog</a>.</em></p> <blockquote> <h2>[4.5.47] - 2025-09-02</h2> <h3>Features</h3> <ul> <li>Added <code>impl FromArgMatches for ()</code></li> <li>Added <code>impl Args for ()</code></li> <li>Added <code>impl Subcommand for ()</code></li> <li>Added <code>impl FromArgMatches for Infallible</code></li> <li>Added <code>impl Subcommand for Infallible</code></li> </ul> <h3>Fixes</h3> <ul> <li><em>(derive)</em> Update runtime error text to match <code>clap</code></li> </ul> <h2>[4.5.46] - 2025-08-26</h2> <h3>Features</h3> <ul> <li>Expose <code>StyledStr::push_str</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a8f76aea30 |
build(deps): bump log from 0.4.27 to 0.4.28 in /rust (#10306)
Bumps [log](https://github.com/rust-lang/log) from 0.4.27 to 0.4.28. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/log/releases">log's releases</a>.</em></p> <blockquote> <h2>0.4.28</h2> <h2>What's Changed</h2> <ul> <li>ci: drop really old trick and ensure MSRV for all feature combo by <a href="https://github.com/tisonkun"><code>@tisonkun</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/676">rust-lang/log#676</a></li> <li>chore: fix some typos in comment by <a href="https://github.com/xixishidibei"><code>@xixishidibei</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/677">rust-lang/log#677</a></li> <li>Unhide <code>#[derive(Debug)]</code> in example by <a href="https://github.com/ZylosLumen"><code>@ZylosLumen</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/688">rust-lang/log#688</a></li> <li>Chore: delete compare_exchange method for AtomicUsize on platforms without atomics by <a href="https://github.com/HaoliangXu"><code>@HaoliangXu</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/690">rust-lang/log#690</a></li> <li>Add <code>increment_severity()</code> and <code>decrement_severity()</code> methods for <code>Level</code> and <code>LevelFilter</code> by <a href="https://github.com/nebkor"><code>@nebkor</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/692">rust-lang/log#692</a></li> <li>Prepare for 0.4.28 release by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/695">rust-lang/log#695</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/xixishidibei"><code>@xixishidibei</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/677">rust-lang/log#677</a></li> <li><a href="https://github.com/ZylosLumen"><code>@ZylosLumen</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/688">rust-lang/log#688</a></li> <li><a href="https://github.com/HaoliangXu"><code>@HaoliangXu</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/690">rust-lang/log#690</a></li> <li><a href="https://github.com/nebkor"><code>@nebkor</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/692">rust-lang/log#692</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rust-lang/log/compare/0.4.27...0.4.28">https://github.com/rust-lang/log/compare/0.4.27...0.4.28</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/log/blob/master/CHANGELOG.md">log's changelog</a>.</em></p> <blockquote> <h2>[0.4.28] - 2025-09-02</h2> <h2>What's Changed</h2> <ul> <li>ci: drop really old trick and ensure MSRV for all feature combo by <a href="https://github.com/tisonkun"><code>@tisonkun</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/676">rust-lang/log#676</a></li> <li>Chore: delete compare_exchange method for AtomicUsize on platforms without atomics by <a href="https://github.com/HaoliangXu"><code>@HaoliangXu</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/690">rust-lang/log#690</a></li> <li>Add <code>increment_severity()</code> and <code>decrement_severity()</code> methods for <code>Level</code> and <code>LevelFilter</code> by <a href="https://github.com/nebkor"><code>@nebkor</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/692">rust-lang/log#692</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/xixishidibei"><code>@xixishidibei</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/677">rust-lang/log#677</a></li> <li><a href="https://github.com/ZylosLumen"><code>@ZylosLumen</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/688">rust-lang/log#688</a></li> <li><a href="https://github.com/HaoliangXu"><code>@HaoliangXu</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/690">rust-lang/log#690</a></li> <li><a href="https://github.com/nebkor"><code>@nebkor</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/692">rust-lang/log#692</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rust-lang/log/compare/0.4.27...0.4.28">https://github.com/rust-lang/log/compare/0.4.27...0.4.28</a></p> <h3>Notable Changes</h3> <ul> <li>MSRV is bumped to 1.61.0 in <a href="https://redirect.github.com/rust-lang/log/pull/676">rust-lang/log#676</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
68c1ce25ba |
build(deps): bump the tauri group in /rust with 4 updates (#10304)
Bumps the tauri group in /rust with 4 updates: [tauri](https://github.com/tauri-apps/tauri), [tauri-build](https://github.com/tauri-apps/tauri), [tauri-plugin-dialog](https://github.com/tauri-apps/plugins-workspace) and [tauri-plugin-shell](https://github.com/tauri-apps/plugins-workspace). Updates `tauri` from 2.8.3 to 2.8.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases">tauri's releases</a>.</em></p> <blockquote> <h2>tauri v2.8.4</h2> <!-- raw HTML omitted --> <pre><code>Updating git repository `https://github.com/tauri-apps/schemars.git` Updating crates.io index warning: Patch `schemars_derive v0.8.21 (https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)` was not used in the crate graph. Check that the patched package version and available features are compatible with the dependency requirements. If the patch has a different version from what is locked in the Cargo.lock file, run `cargo update` to use the new version. This may also occur with an optional dependency that is not enabled. Locking 1037 packages to latest compatible versions Adding apple-codesign v0.27.0 (available: v0.29.0) Adding borsh v1.3.0 (available: v1.5.7) Adding borsh-derive v1.3.0 (available: v1.5.7) Adding cargo_metadata v0.19.2 (available: v0.22.0) Adding colored v2.2.0 (available: v3.0.0) Adding ctor v0.2.9 (available: v0.5.0) Adding dialoguer v0.11.0 (available: v0.12.0) Adding elf v0.7.4 (available: v0.8.0) Adding goblin v0.9.3 (available: v0.10.1) Adding html5ever v0.29.1 (available: v0.35.0) Adding itertools v0.13.0 (available: v0.14.0) Adding json-patch v3.0.1 (available: v4.0.0) Adding jsonrpsee v0.24.9 (available: v0.26.0) Adding jsonrpsee-client-transport v0.24.9 (available: v0.26.0) Adding jsonrpsee-core v0.24.9 (available: v0.26.0) Adding jsonrpsee-ws-client v0.24.9 (available: v0.26.0) Adding matchit v0.8.4 (available: v0.8.6) Adding minisign v0.7.3 (available: v0.7.9) Adding object v0.36.7 (available: v0.37.3) Adding oxc_allocator v0.36.0 (available: v0.82.3) Adding oxc_ast v0.36.0 (available: v0.82.3) Adding oxc_parser v0.36.0 (available: v0.82.3) Adding oxc_span v0.36.0 (available: v0.82.3) Adding phf v0.11.3 (available: v0.13.1) Adding rpm v0.16.1 (available: v0.17.1) Adding schemars v0.8.22 (available: v1.0.4) Adding tiny_http v0.11.0 (available: v0.12.0) Adding toml v0.8.2 (available: v0.8.23) Adding toml_datetime v0.6.3 (available: v0.6.11) Adding toml_edit v0.20.2 (available: v0.20.7) Adding x509-certificate v0.23.1 (available: v0.25.0) Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 797 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (1062 crate dependencies) Crate: atk Version: 0.18.2 </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
3cffeef483 |
ci: reduce target bitrate for UDP perf tests to 600Mbit/s (#10312)
To achieve a more stable CI, we need to reduce the target bitrate of the UDP perf tests. Now that we no longer have GSO enabled in the tests, the most we can achieve in CI is 600Mbit/s. Forcing more packets through the tunnel results in all sorts of warnings which end up failing CI. |
||
|
Thomas Eizinger
|
03ac73ac00 |
fix(gateway): reset DNS resource NAT if proxy IPs change (#10310)
In #10040, we decided to persist a peer's routing state on the Gateway across ICE sessions. This routing state also includes the DNS resource NAT. Prior to #10104 (which is not released yet), when a Client signs out and back in, it resets the proxy IP mapping for DNS resources and will start numbering them again from the front, i.e. starting from 100.96.0.1. With the state still being preserved on the Gateway, this represents a problem: We keep existing mappings around if there is still a NAT session for this proxy IP. However, if the proxy IP is actually for a different domain, this NAT session is meaningless. In fact, not replacing the IP is problematic as we will now route packets for the new proxy IP to the wrong destination. The persistent DNS resource mapping from #10104 fixes this. In this PR, we add an additional check to the Gateway where we detect whether the Client has started to re-assign proxy IPs and if so, we completely reset the DNS resource NAT state including all existing NAT sessions. Fixes #10268 |
||
|
Jamil
|
5e0ca45c67 |
fix(relay): XDP_PASS non-STUN UDP traffic (#10292)
To prevent userspace relaying, all traffic that seemingly looked like STUN/TURN but we couldn't handle via the eBPF codepath we would `XDP_DROP`. This turned out to be too heavy-handed of an approach since it end up matching DNS query responses as well due to them arriving within the TURN ephemeral port range. To fix this, we `XDP_PASS` the traffic up the stack so that the kernel is able to match it to existing conntrack entries. We've identified a minor race condition where the first few channel data packets might be dropped when a channel is first being bound, but fixing this will be saved for a later PR. Related: https://github.com/firezone/infra/pull/132 |
||
|
Jamil
|
b8e0cf9b53 |
fix(ci): temporarily suppress fxhash unmaintained (#10298)
Ignoring for now to get CI to pass, since this isn't an urgent problem. Related: #10297 |
||
|
Brian Manifold
|
a178508c8d |
docs(website): Update Entra sync note (#10294)
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com> |
||
|
Thomas Eizinger
|
c891d9c864 |
fix(relay): re-add eBPF channel map entry on refresh (#10291)
TURN channels have a 5 minute cooldown period after they expire where they cannot be rebound to another peer but can be refreshed and thus "reactivated". To stop routing packets when the channel expires, we remove it from the channel map of the eBPF code. The client however knows that it still has a channel that it can reactivate for another 5min. In case it chooses to do so, we refresh the channel in userspace but until now, forget to re-populate the eBPF map. This effectively blocks this communication path from working because the relay reports the channel from being refreshed successfully, yet the new eBPF kernel drops all packets without a map entry. |