mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00

Files

Thomas Eizinger 6a538368cb feat(gateway): add flow-logs MVP (#10576 )

Network flow logs are a common feature of VPNs. Due to the nature of a
shared exit node, it is of great interest to a network analyst, which
TCP connections are getting routed through the tunnel, who is initiating
them, for long do they last and how much traffic is sent across them.

With this PR, the Firezone Gateway gains the ability of detecting the
TCP and UDP flows that are being routed through it. The information we
want to attach to these flows is spread out over several layers of the
packet handling code. To simplify the implementation and not complicate
the APIs unnecessarily, we chose to rely on TLS (thread-local storage)
for gathering all the necessary data as a packet gets passed through the
various layers. When using a const initializer, the overhead of a TLS
variable over an actual local variable is basically zero. The entire
routing state of the Gateway is also never sent across any threads,
making TLS variables a particularly good choice for this problem.

In its MVP form, the detected flows are only emitted on stdout and also
that only if `flow_logs=trace` is set using `RUST_LOG`. Early adopters
of this feature are encouraged to enable these logs as described and
then ingest the Gateway's logs into the SIEM of their choice for further
analysis.

Related: #8353

2025-10-22 03:10:21 +00:00

build

ci(apple): explicitly select Xcode 26.0 (#10511 )

2025-10-06 16:07:34 +00:00

compose

ci: fix build context for relay container (#10426 )

2025-09-23 04:01:55 +00:00

router

ci: remove jitter from docker-compose (#10589 )

2025-10-16 13:34:59 +00:00

tests

feat(gateway): add flow-logs MVP (#10576 )

2025-10-22 03:10:21 +00:00

upload

ci: Add fixes for upload script (#7588 )

2024-12-29 19:08:08 +00:00

bump-versions.sh

chore: publish apple-client 1.5.9 (#10654 )

2025-10-20 14:04:08 +00:00

create-publish-pr.sh

ci: automatically create PR after publishing release (#9556 )

2025-06-18 06:17:18 +00:00

firezone-client-gui-install.sh

docs: Update 'user guides' -> 'client apps' (#5940 )

2024-07-23 14:04:07 +00:00

gateway-docker-upgrade.sh

fix(docs): use sha256sum over sha256 (#9690 )

2025-06-27 20:08:41 +00:00

gateway-systemd-install.sh

fix(gateway): bump timeoutstart to 15s (#9685 )

2025-06-26 14:19:44 +00:00

README.md

chore(gui-client/linux): add install script and change group to firezone-client (#4879 )

2024-05-02 17:51:28 +00:00

sync-apt.sh

ci: upload .deb from releases to APT repository (#10587 )

2025-10-16 19:39:35 +00:00

README.md

Firezone shell scripts

This directory contains various shell scripts used for development, testing, and deployment of the Firezone product.

Developer Setup

We lint shell scripts in CI. To get your PR to pass, you'll want to ensure your local development environment is set up to lint shell scripts:

Install shfmt:
- brew install shfmt on macOS
- Install shfmt from https://github.com/mvdan/sh/releases for other platforms
Install shellcheck:
- brew install shellcheck on macOS
- sudo apt-get install shellcheck on Ubuntu

Then just lint and format your shell scripts before you commit:

shfmt -i 4 **/*.sh
shellcheck --severity=warning **/*.sh

You can achieve this more easily by using pre-commit. See CONTRIBUTING.

Editor setup

Vim (here's an example using ALE)
VSCode

Scripting tips

Use #!/usr/bin/env bash along with set -euox pipefail in general for dev and test scripts.
In Docker images and other minimal envs, stick to #!/bin/sh and simply set -eu.