mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00

Files

Thomas Eizinger 039d0be7b8 fix(connlib): drop packets with bad source IP on clients (#10552 )

When using the Internet Resource, it can happen that Clients are still
receiving packets with a source IP that is different from the TUN IP.
Such packets are dropped on the Gateway already today and therefore have
never been routed to their destination.

The Gateway cannot route these packets because the reply packets would
have the original source address set as the destination and that one is
not unique across all Firezone Clients. Without a unique destination,
the Gateway cannot send the packet to the correct Client.

Today, these packets are filtered on the Gateway and thus trigger an
ICMP error. With the addition of #10462, we create a new flow for each
one of these packets. To prevent this spam, we drop such packets early
in the Client and don't even route them to the Gateway.

2025-10-13 22:54:26 +00:00

bufferpool

build(deps): upgrade to opentelemetry 0.30 (#10239 )

2025-08-21 22:47:39 +00:00

dns-over-tcp

feat(connlib): improve throughput on higher latencies (#10231 )

2025-08-20 23:08:56 +00:00

dns-types

feat(clients): cache DNS responses (#10533 )

2025-10-08 03:26:27 +00:00

etherparse-ext

refactor(rust): move crates into a more sensical hierarchy (#9066 )

2025-05-12 01:04:17 +00:00

ip-packet

fix(connlib): log fragmented IP packets on debug (#10488 )

2025-10-02 05:03:12 +00:00

l3-tcp

test(connlib): establish real TCP connections in proptests (#9814 )

2025-07-11 15:10:22 +00:00

l4-tcp-dns-server

chore(rust): bump to Rust 1.88 (#9714 )

2025-07-12 06:42:50 +00:00

l4-udp-dns-server

build(rust): upgrade to Rust 1.85 and Edition 2024 (#8240 )

2025-03-19 02:58:55 +00:00

model

feat(connlib): always use candidates in order of priority (#10063 )

2025-08-01 01:57:29 +00:00

phoenix-channel

feat: add more specific component type to user-agent header (#10457 )

2025-09-26 00:18:36 +00:00

snownet

feat(connlib): tune down logs for recently disconnected clients (#10501 )

2025-10-03 13:08:06 +00:00

socket-factory

feat(linux): try to set rmem_max and wmem_max on startup (#10349 )

2025-09-17 23:05:01 +00:00

tun

fix(connlib): log fragmented IP packets on debug (#10488 )

2025-10-02 05:03:12 +00:00

tunnel

fix(connlib): drop packets with bad source IP on clients (#10552 )

2025-10-13 22:54:26 +00:00

.gitignore

android: update connlib dependency and integration (#1752 )

2023-07-17 18:50:39 +00:00

README.md

chore(docs): Remove outdated rust/connlib/README.md info (#3099 )

2024-01-03 18:10:52 +00:00

README.md

Connlib

Firezone's connectivity library shared by all clients.

Building Connlib

You shouldn't need to build connlib directly; it's typically built as a dependency of one of the other Firezone components. See READMEs in those directories for relevant instructions.