mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00

Files

Thomas Eizinger 4be73da21c fix(gateway): reply with cookie when rate limit is hit (#9657 )

WireGuard implements a rate-limit mechanism when the number of handshake
initiations increases a certain limit. This is important because
handshakes involve asymmetric cryptography and are cryptographically
expensive. To prevent DoS attacks where other peers repeatedly ask for
new handshakes, the rate limiter implements a cookie mechanism where -
when under load - the remote peer needs to include a given cookie in new
handshakes. This cookie is tied to the peer's IP address to prevent it
from being reused by other peers.

Up until now, we have not been passing the sender's IP address to
`boringtun` and therefore, the only option when the rate limit was hit
was to error with `UnderLoad`.

By passing the source IP of the packet, `boringtun` can engage in the
cookie-reply mechanism and therefore avoid the `UnderLoad` error.

Resolves: #9643

2025-06-24 11:33:38 +00:00

bufferpool

refactor(rust): move crates into a more sensical hierarchy (#9066 )

2025-05-12 01:04:17 +00:00

dns-over-tcp

fix(connlib): clear pending sockets on DNS server re-creation (#9093 )

2025-05-12 11:39:59 +00:00

dns-types

build(deps): bump domain from 0.10.4 to 0.11.0 in /rust (#9274 )

2025-05-28 10:37:16 +00:00

etherparse-ext

refactor(rust): move crates into a more sensical hierarchy (#9066 )

2025-05-12 01:04:17 +00:00

ip-packet

chore(gateway): remove NAT64/46 module (#9626 )

2025-06-24 06:48:30 +00:00

l4-tcp-dns-server

build(rust): upgrade to Rust 1.85 and Edition 2024 (#8240 )

2025-03-19 02:58:55 +00:00

l4-udp-dns-server

build(rust): upgrade to Rust 1.85 and Edition 2024 (#8240 )

2025-03-19 02:58:55 +00:00

model

feat(connlib): allow controlling IP stack per DNS resource (#9300 )

2025-05-31 00:27:59 +00:00

phoenix-channel

feat(gateway): send $identify event with account-slug (#9658 )

2025-06-24 11:31:56 +00:00

snownet

fix(gateway): reply with cookie when rate limit is hit (#9657 )

2025-06-24 11:33:38 +00:00

socket-factory

fix(connlib): ignore scopes for IPv6 link-local addresses (#9115 )

2025-05-13 13:33:28 +00:00

tun

ci: update to new cargo sort release (#9354 )

2025-06-02 02:01:09 +00:00

tunnel

feat(connlib): listen on 52625 by default (#9593 )

2025-06-24 08:41:08 +00:00

.gitignore

android: update connlib dependency and integration (#1752 )

2023-07-17 18:50:39 +00:00

README.md

chore(docs): Remove outdated rust/connlib/README.md info (#3099 )

2024-01-03 18:10:52 +00:00

README.md

Connlib

Firezone's connectivity library shared by all clients.

Building Connlib

You shouldn't need to build connlib directly; it's typically built as a dependency of one of the other Firezone components. See READMEs in those directories for relevant instructions.