github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-28 10:18:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
81ba49e2bf536fe1dc5ee55ac5ea4350feef8ae5
firezone/rust/connlib
History
Thomas Eizinger 2d802edf6a fix(connlib): _always_ use one IP stack for relayed connections (#9018) 
At the moment, Firezone already attempts to prefer the same IP stack
across relayed connections all the way through to the Gateway. This is
achieved with a feature in str0m implemented in
https://github.com/algesten/str0m/pull/640 where the `IceAgent` computes
the local preference of an added candidate such that an IPv4 candidate
allocated over an IPv4 network has a higher preference than an IPv6
candidate allocated over an IPv4 network.

If a candidate gets accepted by the local agent, it is signaled to the
remote via our control protocol. The remote peer then adds the candidate
as a remote candidate and the ICE process starts by pairing them with
local ones and testing connectivity.

Currently, str0m's API consumes the candidate and only returns a `bool`
whether it should be sent signaled to the remote. This means the local
preference computed as part of `add_local_candidate` **is not**
reflected in the priority of the candidate sent to the remote. As a
result, if the controlled agent (i.e. the Gateway) is behind symmetric
NAT and therefore only has relay candidates available, the preference of
IPv4 over IPv6 candidates on an IPv4 network is lost. This is what we
are seeing in #8998.

This changes with https://github.com/algesten/str0m/pull/650 being
merged to `main` which we are updating to with this PR. Now,
`add_local_candidate` returns an `Option<&Candidate>` which has been
modified with the local preference of the `IceAgent` around the
preferred IP stack of relay candidates. As such, the priority calculated
and signaled to the remote embeds this information and will be taken
into account by the controlling agent (i.e. the Client) when nominating
a pair.

Resolves: #8998
2025-05-05 01:11:28 +00:00
..
clients
chore: release Apple & Gateway with ECN fix (#9013)
2025-05-02 00:16:40 -07:00
l4-tcp-dns-server
build(rust): upgrade to Rust 1.85 and Edition 2024 (#8240)
2025-03-19 02:58:55 +00:00
l4-udp-dns-server
build(rust): upgrade to Rust 1.85 and Edition 2024 (#8240)
2025-03-19 02:58:55 +00:00
model
refactor(rust): introduce dns-types crate (#8380)
2025-03-10 04:33:10 +00:00
snownet
fix(connlib): _always_ use one IP stack for relayed connections (#9018)
2025-05-05 01:11:28 +00:00
tunnel
fix(connlib): never clear ECT from IP packets (#9009)
2025-05-02 05:28:19 +00:00
.gitignore
android: update connlib dependency and integration (#1752)
2023-07-17 18:50:39 +00:00
README.md
chore(docs): Remove outdated rust/connlib/README.md info (#3099)
2024-01-03 18:10:52 +00:00

README.md

Connlib

Firezone's connectivity library shared by all clients.

Building Connlib

You shouldn't need to build connlib directly; it's typically built as a dependency of one of the other Firezone components. See READMEs in those directories for relevant instructions.

Reference in New Issue View Git Blame Copy Permalink