mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00

Files

Thomas Eizinger 00c7c42113 fix(snownet): don't allow duplicate server-reflexive candidates (#7334 )

In #7163, we introduced a shared cache of server-reflexive candidates
within a `snownet::Node`. What we unfortunately overlooked is that if a
node (i.e. a client or a gateway) is behind symmetric NAT, then we will
repeatedly create "new" server-reflexive candiates, thereby filling up
this cache.

This cache is used to initialise the agents with local candidates, which
manifests in us sending dozens if not hundreds of candidates to the
other party. Whilst not harmful in itself, it does create quite a lot of
spam. To fix this, we introduce a limit of only keeping around 1
server-reflexive candidate per IP version, i.e. only 1 IPv4 and IPv6
address.

At present, `connlib` only supports a single egress interface meaning
for now, we are fine with making this assumption.

In case we encounter a new candidate of the same kind and same IP
version, we evict the old one and replace it with the new one. Thus, for
subsequent connections, only the new candidate is used.

2024-11-14 00:14:29 +00:00

.cargo

docs(connlib): add profiling instructions (#6643 )

2024-09-10 14:00:00 +00:00

bin-shared

chore(rust): ban the use of .unwrap except in tests (#7319 )

2024-11-13 03:59:22 +00:00

connlib

fix(snownet): don't allow duplicate server-reflexive candidates (#7334 )

2024-11-14 00:14:29 +00:00

dns-over-tcp

chore(connlib): better error reporting for invalid IP packets (#7320 )

2024-11-12 19:46:32 +00:00

gateway

chore(rust): ban the use of .unwrap except in tests (#7319 )

2024-11-13 03:59:22 +00:00

gui-client

chore(rust): ban the use of .unwrap except in tests (#7319 )

2024-11-13 03:59:22 +00:00

headless-client

chore(rust): ban the use of .unwrap except in tests (#7319 )

2024-11-13 03:59:22 +00:00

ip-packet

chore(rust): ban the use of .unwrap except in tests (#7319 )

2024-11-13 03:59:22 +00:00

logging

chore(rust): ban the use of .unwrap except in tests (#7319 )

2024-11-13 03:59:22 +00:00

phoenix-channel

chore(rust): ban the use of .unwrap except in tests (#7319 )

2024-11-13 03:59:22 +00:00

relay

chore(rust): ban the use of .unwrap except in tests (#7319 )

2024-11-13 03:59:22 +00:00

socket-factory

build(deps): Bump tokio from 1.40.0 to 1.41.0 in /rust (#7169 )

2024-10-31 04:45:09 +00:00

telemetry

chore(rust): ban the use of .unwrap except in tests (#7319 )

2024-11-13 03:59:22 +00:00

tests

build(deps): Bump axum from 0.7.6 to 0.7.7 in /rust (#6871 )

2024-10-15 00:15:51 +00:00

tun

chore(ci/rust): build and test more packages in Windows (#7036 )

2024-10-15 21:22:27 +00:00

.dockerignore

refactor(portal): Don't pin session token to user_agent or remote_ip (#2195 )

2023-09-30 07:40:57 -07:00

.gitignore

Implement basic STUN server (#1603 )

2023-05-10 07:58:32 -07:00

Cargo.lock

chore(rust): ban the use of .unwrap except in tests (#7319 )

2024-11-13 03:59:22 +00:00

Cargo.toml

chore(rust): ban the use of .unwrap except in tests (#7319 )

2024-11-13 03:59:22 +00:00

clippy.toml

test(rust): ensure deterministic proptests (#6319 )

2024-08-16 23:15:58 +00:00

docker-compose-dev.yml

chore(docker): local dev docker-compose (#4748 )

2024-05-06 23:43:00 +00:00

docker-init-gateway.sh

fix(gateway): always masquerade for docker-deployed gateways (#6169 )

2024-08-07 03:00:50 +00:00

docker-init-relay.sh

feat(relay): add ec2 metadata discovery (#6617 )

2024-09-12 12:28:55 -06:00

docker-init.sh

fix(gateway): always masquerade for docker-deployed gateways (#6169 )

2024-08-07 03:00:50 +00:00

Dockerfile

chore(rust): bump Rust to 1.82 and run cargo update (#7086 )

2024-10-17 22:33:31 +00:00

Dockerfile-rpm

chore(ci): build RPM package (#7190 )

2024-11-01 18:06:09 +00:00

README.md

docs(connlib): add profiling instructions (#6643 )

2024-09-10 14:00:00 +00:00

rust-toolchain.toml

chore(rust): bump Rust to 1.82 and run cargo update (#7086 )

2024-10-17 22:33:31 +00:00

README.md

Rust development guide

Firezone uses Rust for all data plane components. This directory contains the Linux and Windows clients, and low-level networking implementations related to STUN/TURN.

We target the last stable release of Rust using rust-toolchain.toml. If you are using rustup, that is automatically handled for you. Otherwise, ensure you have the latest stable version of Rust installed.

Reading Client logs

The Client logs are written as JSONL for machine-readability.

To make them more human-friendly, pipe them through jq like this:

cd path/to/logs  # e.g. `$HOME/.cache/dev.firezone.client/data/logs` on Linux
cat *.log | jq -r '"\(.time) \(.severity) \(.message)"'

Resulting in, e.g.

2024-04-01T18:25:47.237661392Z INFO started log
2024-04-01T18:25:47.238193266Z INFO GIT_VERSION = 1.0.0-pre.11-35-gcc0d43531
2024-04-01T18:25:48.295243016Z INFO No token / actor_name on disk, starting in signed-out state
2024-04-01T18:25:48.295360641Z INFO null

Benchmarking on Linux

The recommended way for benchmarking any of the Rust components is Linux' perf utility. For example, to attach to a running application, do:

Ensure the binary you are profiling is compiled with the bench profile.
sudo perf perf record -g --freq 10000 --pid $(pgrep <your-binary>).
Run the speed test or whatever load-inducing task you want to measure.
sudo perf script > profile.perf
Open profiler.firefox.com and load profile.perf

Instead of attaching to a process with --pid, you can also specify the path to executable directly. That is useful if you want to capture perf data for a test or a micro-benchmark.