mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
8809c0872e
This took me a while to figure out but I think the solution is quite neat. We are using ICE trickle which means there could be new candidates at any point in time. Thus, there really is never a good time to say "ICE is finished" and clean-up all other candidates (that is what non-trickle ICE would want you to do: https://datatracker.ietf.org/doc/html/rfc8445#section-8.3). But what we can do is, upon each nomination, look at our local candidates and invalidate all that are of the same priority or less. For example, if we start with a connection via a relay, discard all other relay candidates but keep the host and server-reflexive ones. If the ICE agent then figures out a better path, it will give us a new nomination and we can discard even more candidates. On the other hand, if hole-punching fails, str0m will eventually give up on certain candidate pairs because it is not receiving replies and consider them failed. Thus, the behaviour that we are getting with this PR is: Try all possible candidate pairs but settle on the best possible one. What is kind of neat is that, because we are still in ICE trickle mode, receiving a new candidate could still upgrade existing relayed connections to direct ones if the new candidate allows it. The other side of this coin is that we won't have a fallback any more to other pairs if the current one fails. In that case, we will consider the entire connection failed, remove it and create a new one on the next connection intent. Resolves: #3789.
Connlib
Firezone's connectivity library shared by all clients.
Building Connlib
You shouldn't need to build connlib directly; it's typically built as a dependency of one of the other Firezone components. See READMEs in those directories for relevant instructions.