mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
5b0aaa6f81
Currently, only connlib's UDP sockets for sending and receiving STUN & WireGuard traffic are protected from routing loops. This is was done via the `Sockets::with_protect` function. Connlib has additional sockets though: - A TCP socket to the portal. - UDP & TCP sockets for DNS resolution via hickory. Both of these can incur routing loops on certain platforms which becomes evident as we try to implement #2667. To fix this, we generalise the idea of "protecting" a socket via a `SocketFactory` abstraction. By allowing the different platforms to provide a specialised `SocketFactory`, anything Linux-based can give special treatment to the socket before handing it to connlib. As an additional benefit, this allows us to remove the `Sockets` abstraction from connlib's API again because we can now initialise it internally via the provided `SocketFactory` for UDP sockets. --------- Signed-off-by: Gabi <gabrielalejandro7@gmail.com> Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
105 lines
3.7 KiB
TOML
105 lines
3.7 KiB
TOML
[workspace]
|
|
members = [
|
|
"bin-shared",
|
|
"connlib/clients/android",
|
|
"connlib/clients/apple",
|
|
"connlib/clients/shared",
|
|
"connlib/shared",
|
|
"connlib/snownet",
|
|
"connlib/tunnel",
|
|
"gateway",
|
|
"gui-client/src-tauri",
|
|
"gui-smoke-test",
|
|
"headless-client",
|
|
"http-health-check",
|
|
"http-test-server",
|
|
"ip-packet",
|
|
"phoenix-channel",
|
|
"relay",
|
|
"snownet-tests",
|
|
"socket-factory",
|
|
]
|
|
|
|
resolver = "2"
|
|
|
|
[workspace.dependencies]
|
|
boringtun = { version = "0.6", default-features = false }
|
|
chrono = { version = "0.4", default-features = false, features = ["std", "clock", "oldtime", "serde"] }
|
|
swift-bridge = "0.1.55"
|
|
backoff = { version = "0.4", features = ["tokio"] }
|
|
tracing = { version = "0.1.40" }
|
|
tracing-subscriber = { version = "0.3.17", features = ["parking_lot"] }
|
|
secrecy = "0.8"
|
|
hickory-resolver = { git = "https://github.com/hickory-dns/hickory-dns", rev = "a3669bd80f3f7b97f0c301c15f1cba6368d97b63", features = ["tokio-runtime"] }
|
|
hickory-proto = { git = "https://github.com/hickory-dns/hickory-dns", rev = "a3669bd80f3f7b97f0c301c15f1cba6368d97b63" }
|
|
str0m = { version = "0.5", default-features = false }
|
|
futures-bounded = "0.2.1"
|
|
domain = { version = "0.10", features = ["serde"] }
|
|
dns-lookup = "2.0"
|
|
tokio-tungstenite = "0.21"
|
|
rtnetlink = { version = "0.14.1", default-features = false, features = ["tokio_socket"] }
|
|
tokio = "1.38"
|
|
|
|
connlib-client-android = { path = "connlib/clients/android" }
|
|
connlib-client-apple = { path = "connlib/clients/apple" }
|
|
connlib-client-shared = { path = "connlib/clients/shared" }
|
|
firezone-gateway = { path = "gateway" }
|
|
firezone-headless-client = { path = "headless-client" }
|
|
firezone-gui-client = { path = "gui-client/src-tauri" }
|
|
firezone-bin-shared = { path = "bin-shared" }
|
|
snownet = { path = "connlib/snownet" }
|
|
firezone-relay = { path = "relay" }
|
|
connlib-shared = { path = "connlib/shared" }
|
|
firezone-tunnel = { path = "connlib/tunnel" }
|
|
phoenix-channel = { path = "phoenix-channel" }
|
|
http-health-check = { path = "http-health-check" }
|
|
ip-packet = { path = "ip-packet" }
|
|
socket-factory = { path = "socket-factory" }
|
|
socket2 = { version = "0.5" }
|
|
|
|
[workspace.lints.clippy]
|
|
dbg_macro = "warn"
|
|
print_stdout = "warn"
|
|
print_stderr = "warn"
|
|
unnecessary_wraps = "warn"
|
|
unused_async = "warn"
|
|
wildcard_enum_match_arm = "warn" # Ensures we match on all combinations of `Poll`, preventing erroneous suspensions.
|
|
redundant_else = "warn"
|
|
redundant_clone = "warn"
|
|
|
|
[workspace.lints.rustdoc]
|
|
private-intra-doc-links = "allow" # We don't publish any of our docs but want to catch dead links.
|
|
|
|
[patch.crates-io]
|
|
boringtun = { git = "https://github.com/cloudflare/boringtun", branch = "master" }
|
|
str0m = { git = "https://github.com/firezone/str0m", branch = "main" }
|
|
ip_network_table = { git = "https://github.com/edmonds/ip_network_table", branch = "some-useful-traits" } # For `Debug` and `Clone`
|
|
proptest = { git = "https://github.com/thomaseizinger/proptest", branch = "fix/always-check-acceptable-current-state" }
|
|
proptest-state-machine = { git = "https://github.com/thomaseizinger/proptest", branch = "fix/always-check-acceptable-current-state" }
|
|
|
|
[profile.release]
|
|
strip = true
|
|
|
|
# Full link-time optimization. Reduces binaries by up to 3x on some platforms.
|
|
lto = "fat"
|
|
|
|
# Increases the compiler's ability to produce smaller, optimized code
|
|
# at the expense of compilation time
|
|
codegen-units = 1
|
|
|
|
# Override build settings just for the GUI client, so we get a pdb/dwp
|
|
# Cargo ignores profile settings if they're not in the workspace's Cargo.toml
|
|
[profile.dev.package.firezone-gui-client]
|
|
debug = "full"
|
|
split-debuginfo = "packed"
|
|
strip = "none"
|
|
|
|
[profile.release.package.firezone-gui-client]
|
|
debug = "full"
|
|
split-debuginfo = "packed"
|
|
strip = "none"
|
|
|
|
# Override build settings for the relay, so we can capture flamegraphs
|
|
[profile.release.package.firezone-relay]
|
|
debug = "full"
|