mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00

Files

Thomas Eizinger 9de1119b69 feat(connlib): support DNS over TCP (#6944 )

At present, `connlib` only supports DNS over UDP on port 53. Responses
over UDP are size-constrained on the IP MTU and thus, not all DNS
responses fit into a UDP packet. RFC9210 therefore mandates that all DNS
resolvers must also support DNS over TCP to overcome this limitation
[0].

Handling UDP packets is easy, handling TCP streams is more difficult
because we need to effectively implement a valid TCP state machine.

Building on top of a lot of earlier work (linked in issue), this is
relatively easy because we can now simply import
`dns_over_tcp::{Client,Server}` which do the heavy lifting of sending
and receiving the correct packets for us.

The main aspects of the integration that are worth pointing out are:

- We can handle at most 10 concurrent DNS TCP connections _per defined
resolver_. The assumption here is that most applications will first
query for DNS records over UDP and only fall back to TCP if the response
is truncated. Additionally, we assume that clients will close the TCP
connections once they no longer need it.
- Errors on the TCP stream to an upstream resolver result in `SERVFAIL`
responses to the client.
- All TCP connections to upstream resolvers get reset when we roam, all
currently ongoing queries will be answered with `SERVFAIL`.
- Upon network reset (i.e. roaming), we also re-allocate new local ports
for all TCP sockets, similar to our UDP sockets.

Resolves: #6140.

[0]: https://www.ietf.org/rfc/rfc9210.html#section-3-5

2024-10-18 03:40:50 +00:00

build

feat(rust/gui-client/windows): sign the IPC service exe (#7009 )

2024-10-11 20:32:50 +00:00

nix

chore(rust): bump Rust to 1.82 and run cargo update (#7086 )

2024-10-17 22:33:31 +00:00

tests

feat(connlib): support DNS over TCP (#6944 )

2024-10-18 03:40:50 +00:00

firezone-client-gui-install.sh

docs: Update 'user guides' -> 'client apps' (#5940 )

2024-07-23 14:04:07 +00:00

gateway-docker-upgrade.sh

chore: remove test lib bash sourcing from customer-run scripts (#4753 )

2024-04-23 19:04:02 +00:00

gateway-systemd-install.sh

chore: set simpler default log filters (#7028 )

2024-10-14 18:54:36 +00:00

Makefile

chore(rust/gui-client): bump GUI to 1.3.9 to fix a crash (#6993 )

2024-10-09 21:44:40 +00:00

README.md

chore(gui-client/linux): add install script and change group to firezone-client (#4879 )

2024-05-02 17:51:28 +00:00

README.md

Firezone shell scripts

This directory contains various shell scripts used for development, testing, and deployment of the Firezone product.

Developer Setup

We lint shell scripts in CI. To get your PR to pass, you'll want to ensure your local development environment is set up to lint shell scripts:

Install shfmt:
- brew install shfmt on macOS
- Install shfmt from https://github.com/mvdan/sh/releases for other platforms
Install shellcheck:
- brew install shellcheck on macOS
- sudo apt-get install shellcheck on Ubuntu

Then just lint and format your shell scripts before you commit:

shfmt -i 4 **/*.sh
shellcheck --severity=warning **/*.sh

You can achieve this more easily by using pre-commit. See CONTRIBUTING.

Editor setup

Vim (here's an example using ALE)
VSCode

Scripting tips

Use #!/usr/bin/env bash along with set -euox pipefail in general for dev and test scripts.
In Docker images and other minimal envs, stick to #!/bin/sh and simply set -eu.