mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00

Files

Thomas Eizinger 56db250e2c feat(connlib): validate integrity of all relay responses (#7378 )

In order to avoid processing of responses of relays that somehow got
altered on the network path, we now use the client's `password` as a
shared secret for the relay to also authenticate its responses. This
means that not all message can be authenticated. In particular, BINDING
requests will still be unauthenticated.

Performing this validation now requires every component that crafts
input to the `Allocation` to include a valid `MessageIntegrity`
attribute. This is somewhat problematic for the regression tests of the
relay and the unit tests of `Allocation`. In both cases, we implement
workarounds so we don't have to actually compute a valid
`MessageIntegrity`. This is deemed acceptable because:

- Both of these are just tests.
- We do test the validation path using `tunnel_test` because there we
run an actual relay.

2024-11-19 18:32:33 +00:00

.cargo

docs(connlib): add profiling instructions (#6643 )

2024-09-10 14:00:00 +00:00

bin-shared

build(deps): Bump clap from 4.5.20 to 4.5.21 in /rust (#7369 )

2024-11-19 06:16:53 +00:00

connlib

feat(connlib): validate integrity of all relay responses (#7378 )

2024-11-19 18:32:33 +00:00

dns-over-tcp

chore(connlib): better error reporting for invalid IP packets (#7320 )

2024-11-12 19:46:32 +00:00

gateway

build(deps): Bump clap from 4.5.20 to 4.5.21 in /rust (#7369 )

2024-11-19 06:16:53 +00:00

gui-client

build(deps): Bump clap from 4.5.20 to 4.5.21 in /rust (#7369 )

2024-11-19 06:16:53 +00:00

headless-client

fix(gui-client): initialise sentry-tracing for IPC service (#7363 )

2024-11-18 22:40:01 +00:00

ip-packet

chore(rust): ban the use of .unwrap except in tests (#7319 )

2024-11-13 03:59:22 +00:00

logging

fix(gui-client): initialise sentry-tracing for IPC service (#7363 )

2024-11-18 22:40:01 +00:00

phoenix-channel

fix(telemetry): don't embed errors values in telemetry_event! (#7366 )

2024-11-18 18:17:08 +00:00

relay

feat(connlib): validate integrity of all relay responses (#7378 )

2024-11-19 18:32:33 +00:00

socket-factory

chore(connlib): print GRO metadata in wire::net::recv log (#7353 )

2024-11-15 16:11:03 +00:00

telemetry

chore(rust): ban the use of .unwrap except in tests (#7319 )

2024-11-13 03:59:22 +00:00

tests

build(deps): Bump axum from 0.7.6 to 0.7.7 in /rust (#6871 )

2024-10-15 00:15:51 +00:00

tun

chore(ci/rust): build and test more packages in Windows (#7036 )

2024-10-15 21:22:27 +00:00

.dockerignore

refactor(portal): Don't pin session token to user_agent or remote_ip (#2195 )

2023-09-30 07:40:57 -07:00

.gitignore

Implement basic STUN server (#1603 )

2023-05-10 07:58:32 -07:00

Cargo.lock

build(deps): Bump clap from 4.5.20 to 4.5.21 in /rust (#7369 )

2024-11-19 06:16:53 +00:00

Cargo.toml

chore(snownet): warn on exceeding number of candidate pairs (#7376 )

2024-11-19 04:34:23 +00:00

clippy.toml

fix(gui-client): initialise sentry-tracing for IPC service (#7363 )

2024-11-18 22:40:01 +00:00

docker-compose-dev.yml

chore(docker): local dev docker-compose (#4748 )

2024-05-06 23:43:00 +00:00

docker-init-gateway.sh

fix(gateway): always masquerade for docker-deployed gateways (#6169 )

2024-08-07 03:00:50 +00:00

docker-init-relay.sh

feat(relay): add ec2 metadata discovery (#6617 )

2024-09-12 12:28:55 -06:00

docker-init.sh

fix(gateway): always masquerade for docker-deployed gateways (#6169 )

2024-08-07 03:00:50 +00:00

Dockerfile

chore(rust): bump Rust to 1.82 and run cargo update (#7086 )

2024-10-17 22:33:31 +00:00

Dockerfile-rpm

chore(ci): build RPM package (#7190 )

2024-11-01 18:06:09 +00:00

README.md

docs(connlib): add profiling instructions (#6643 )

2024-09-10 14:00:00 +00:00

rust-toolchain.toml

chore(rust): bump Rust to 1.82 and run cargo update (#7086 )

2024-10-17 22:33:31 +00:00

README.md

Rust development guide

Firezone uses Rust for all data plane components. This directory contains the Linux and Windows clients, and low-level networking implementations related to STUN/TURN.

We target the last stable release of Rust using rust-toolchain.toml. If you are using rustup, that is automatically handled for you. Otherwise, ensure you have the latest stable version of Rust installed.

Reading Client logs

The Client logs are written as JSONL for machine-readability.

To make them more human-friendly, pipe them through jq like this:

cd path/to/logs  # e.g. `$HOME/.cache/dev.firezone.client/data/logs` on Linux
cat *.log | jq -r '"\(.time) \(.severity) \(.message)"'

Resulting in, e.g.

2024-04-01T18:25:47.237661392Z INFO started log
2024-04-01T18:25:47.238193266Z INFO GIT_VERSION = 1.0.0-pre.11-35-gcc0d43531
2024-04-01T18:25:48.295243016Z INFO No token / actor_name on disk, starting in signed-out state
2024-04-01T18:25:48.295360641Z INFO null

Benchmarking on Linux

The recommended way for benchmarking any of the Rust components is Linux' perf utility. For example, to attach to a running application, do:

Ensure the binary you are profiling is compiled with the bench profile.
sudo perf perf record -g --freq 10000 --pid $(pgrep <your-binary>).
Run the speed test or whatever load-inducing task you want to measure.
sudo perf script > profile.perf
Open profiler.firefox.com and load profile.perf

Instead of attaching to a process with --pid, you can also specify the path to executable directly. That is useful if you want to capture perf data for a test or a micro-benchmark.