mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00

Files

Thomas Eizinger 4be73da21c fix(gateway): reply with cookie when rate limit is hit (#9657 )

WireGuard implements a rate-limit mechanism when the number of handshake
initiations increases a certain limit. This is important because
handshakes involve asymmetric cryptography and are cryptographically
expensive. To prevent DoS attacks where other peers repeatedly ask for
new handshakes, the rate limiter implements a cookie mechanism where -
when under load - the remote peer needs to include a given cookie in new
handshakes. This cookie is tied to the peer's IP address to prevent it
from being reused by other peers.

Up until now, we have not been passing the sender's IP address to
`boringtun` and therefore, the only option when the rate limit was hit
was to error with `UnderLoad`.

By passing the source IP of the packet, `boringtun` can engage in the
cookie-reply mechanism and therefore avoid the `UnderLoad` error.

Resolves: #9643

2025-06-24 11:33:38 +00:00

.cargo

fix(rust): use rust-lld linker for MSVC (#9641 )

2025-06-24 01:55:36 +10:00

apple-client-ffi

feat(telemetry): send account_slug to PostHog (#9636 )

2025-06-24 09:00:24 +00:00

bin-shared

feat(connlib): only conditionally hash firezone ID (#9633 )

2025-06-24 07:05:48 +00:00

client-ffi

feat(telemetry): send account_slug to PostHog (#9636 )

2025-06-24 09:00:24 +00:00

client-shared

refactor: use UniFFI for Android FFI (#9415 )

2025-06-17 21:48:34 +00:00

connlib

fix(gateway): reply with cookie when rate limit is hit (#9657 )

2025-06-24 11:33:38 +00:00

gateway

feat(gateway): send $identify event with account-slug (#9658 )

2025-06-24 11:31:56 +00:00

gui-client

feat(telemetry): send account_slug to PostHog (#9636 )

2025-06-24 09:00:24 +00:00

headless-client

feat(telemetry): send account_slug to PostHog (#9636 )

2025-06-24 09:00:24 +00:00

logging

refactor(gui-client): tidy up app startup (#9468 )

2025-06-08 08:04:15 +00:00

relay

fix(relay): don't fail event-loop on interrupt (#9592 )

2025-06-20 18:42:57 +00:00

telemetry

feat(telemetry): send account_slug to PostHog (#9636 )

2025-06-24 09:00:24 +00:00

tests

feat(gui-client): rename IPC service to Tunnel service (#9154 )

2025-05-19 09:52:06 +00:00

tools/uniffi-bindgen

refactor: use UniFFI for Android FFI (#9415 )

2025-06-17 21:48:34 +00:00

.dockerignore

refactor(portal): Don't pin session token to user_agent or remote_ip (#2195 )

2023-09-30 07:40:57 -07:00

.gitignore

Implement basic STUN server (#1603 )

2023-05-10 07:58:32 -07:00

Cargo.lock

feat(connlib): only conditionally hash firezone ID (#9633 )

2025-06-24 07:05:48 +00:00

Cargo.toml

build(deps): bump clap from 4.5.39 to 4.5.40 in /rust (#9544 )

2025-06-18 05:03:54 +00:00

clippy.toml

fix(connlib): prioritise GSO batches with smaller segments (#8772 )

2025-04-14 00:04:39 +00:00

deny.toml

refactor: use UniFFI for Android FFI (#9415 )

2025-06-17 21:48:34 +00:00

docker-init-gateway.sh

fix(gateway): Apply more specific firewall rules on start (#8483 )

2025-03-19 05:32:50 +00:00

docker-init-relay.sh

feat(relay): add ec2 metadata discovery (#6617 )

2024-09-12 12:28:55 -06:00

docker-init.sh

fix(gateway): always masquerade for docker-deployed gateways (#6169 )

2024-08-07 03:00:50 +00:00

Dockerfile

chore(rust): remove dev stage in Dockerfile (#8688 )

2025-04-10 04:00:58 +00:00

Dockerfile.xdp-tools

chore(relay): Add xdp-tools debug Docker image build script (#8591 )

2025-04-03 18:17:23 +00:00

README.md

docs(rust): fix profiling command (#7547 )

2024-12-18 13:01:23 +00:00

rust-toolchain.toml

build(deps): bump Rust to 1.87.0 (#9159 )

2025-05-16 01:58:17 +00:00

README.md

Rust development guide

Firezone uses Rust for all data plane components. This directory contains the Linux and Windows clients, and low-level networking implementations related to STUN/TURN.

We target the last stable release of Rust using rust-toolchain.toml. If you are using rustup, that is automatically handled for you. Otherwise, ensure you have the latest stable version of Rust installed.

Reading Client logs

The Client logs are written as JSONL for machine-readability.

To make them more human-friendly, pipe them through jq like this:

cd path/to/logs  # e.g. `$HOME/.cache/dev.firezone.client/data/logs` on Linux
cat *.log | jq -r '"\(.time) \(.severity) \(.message)"'

Resulting in, e.g.

2024-04-01T18:25:47.237661392Z INFO started log
2024-04-01T18:25:47.238193266Z INFO GIT_VERSION = 1.0.0-pre.11-35-gcc0d43531
2024-04-01T18:25:48.295243016Z INFO No token / actor_name on disk, starting in signed-out state
2024-04-01T18:25:48.295360641Z INFO null

Benchmarking on Linux

The recommended way for benchmarking any of the Rust components is Linux' perf utility. For example, to attach to a running application, do:

Ensure the binary you are profiling is compiled with the release profile.
sudo perf record -g --freq 10000 --pid $(pgrep <your-binary>).
Run the speed test or whatever load-inducing task you want to measure.
sudo perf script > profile.perf
Open profiler.firefox.com and load profile.perf

Instead of attaching to a process with --pid, you can also specify the path to executable directly. That is useful if you want to capture perf data for a test or a micro-benchmark.