mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
ccee476daa
When a NAT between the Client and Gateway remaps the source port to 3478, it is tricky to de-multiplex that p2p traffic from the packets we receive from a relay. Currently, we handle this edge-case by dropping these packets which effectively forces a fallback to a relayed connection. Remapping onto exactly this port is likely to be quite rare in practice which is why this behaviour was implemented in the first place. We can however do better than that by remembering, which relays we have previously been connected to. That is because the problem with traffic on port 3478 isn't so much the correct handling in case it _is_ p2p traffic: We can simply check whether the IP is one of the relays we are connected to. The problem is the mis-classification as p2p traffic in case they are packets from a relay that we have disconnected from, causing a log-spam of "unknown packet". To gracefully handle this, we now remember up to 64 relay IPs that we have been connected to in the past. This ensures we can correctly classify traffic from previous relays as such and drop the packet whilst at the same time continuing processing of packets from unknown origins which likely then is p2p traffic. The effect of this is that we can now establish direct connections to peers, even if a NAT inbetween remaps their source port to 3478. To make this fix easier, we precede it with a refactoring of introducing an `Allocations` container for the map of `Allocations`. This allows us to easily track, when we remove a value from the map and then remember the relay's IPs. This came up as part of test failures in #10887. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Rust development guide
Firezone uses Rust for all data plane components. This directory contains the Linux and Windows clients, and low-level networking implementations related to STUN/TURN.
We target the last stable release of Rust using rust-toolchain.toml.
If you are using rustup, that is automatically handled for you.
Otherwise, ensure you have the latest stable version of Rust installed.
Reading Client logs
The Client logs are written as JSONL for machine-readability.
To make them more human-friendly, pipe them through jq like this:
cd path/to/logs # e.g. `$HOME/.cache/dev.firezone.client/data/logs` on Linux
cat *.log | jq -r '"\(.time) \(.severity) \(.message)"'
Resulting in, e.g.
2024-04-01T18:25:47.237661392Z INFO started log
2024-04-01T18:25:47.238193266Z INFO GIT_VERSION = 1.0.0-pre.11-35-gcc0d43531
2024-04-01T18:25:48.295243016Z INFO No token / actor_name on disk, starting in signed-out state
2024-04-01T18:25:48.295360641Z INFO null
Benchmarking on Linux
The recommended way for benchmarking any of the Rust components is Linux' perf utility.
For example, to attach to a running application, do:
- Ensure the binary you are profiling is compiled with the
releaseprofile. sudo perf record -g --freq 10000 --pid $(pgrep <your-binary>).- Run the speed test or whatever load-inducing task you want to measure.
sudo perf script > profile.perf- Open profiler.firefox.com and load
profile.perf
Instead of attaching to a process with --pid, you can also specify the path to executable directly.
That is useful if you want to capture perf data for a test or a micro-benchmark.