mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-28 02:18:50 +00:00

Files

Thomas Eizinger 56db250e2c feat(connlib): validate integrity of all relay responses (#7378 )

In order to avoid processing of responses of relays that somehow got
altered on the network path, we now use the client's `password` as a
shared secret for the relay to also authenticate its responses. This
means that not all message can be authenticated. In particular, BINDING
requests will still be unauthenticated.

Performing this validation now requires every component that crafts
input to the `Allocation` to include a valid `MessageIntegrity`
attribute. This is somewhat problematic for the regression tests of the
relay and the unit tests of `Allocation`. In both cases, we implement
workarounds so we don't have to actually compute a valid
`MessageIntegrity`. This is deemed acceptable because:

- Both of these are just tests.
- We do test the validation path using `tunnel_test` because there we
run an actual relay.

2024-11-19 18:32:33 +00:00

clients

fix(telemetry): don't embed errors values in telemetry_event! (#7366 )

2024-11-18 18:17:08 +00:00

model

chore(rust): ban the use of .unwrap except in tests (#7319 )

2024-11-13 03:59:22 +00:00

snownet

feat(connlib): validate integrity of all relay responses (#7378 )

2024-11-19 18:32:33 +00:00

tunnel

fix(telemetry): don't embed errors values in telemetry_event! (#7366 )

2024-11-18 18:17:08 +00:00

.gitignore

android: update connlib dependency and integration (#1752 )

2023-07-17 18:50:39 +00:00

README.md

chore(docs): Remove outdated rust/connlib/README.md info (#3099 )

2024-01-03 18:10:52 +00:00

README.md

Connlib

Firezone's connectivity library shared by all clients.

Building Connlib

You shouldn't need to build connlib directly; it's typically built as a dependency of one of the other Firezone components. See READMEs in those directories for relevant instructions.