mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00

Files

Thomas Eizinger e81dc452f7 refactor(connlib): use a lock-free queue for the buffer pool (#9989 )

We use several buffer pools across `connlib` that are all backed by the
same buffer-pool library. Within that library, we currently use another
object-pool library to provide the actual pooling functionality.

Benchmarking has shown that spend quite a bit of time (a few % of total
CPU time), fighting for the lock to either add or remote a buffer from
the pool. This is unnecessary. By using a queue, we can remove buffers
from the front and add buffers at the back, both of which can be
implemented in a lock-free way such that they don't contend.

Using the well-known `crossbeam-queue` library, we have such a queue
directly available.

I wasn't able to directly measure a performance gain in terms of
throughput. What we can measure though, is how much time we spend
dealing with our buffer pool vs everything else. If we compare the
`perf` outputs that were recorded during an `iperf` run each, we can see
that we spend about 60% less time dealing with the buffer pool than we
did before.

|Before|After|
|---|---|
|<img width="1982" height="553" alt="Screenshot From 2025-07-24
20-27-50"
src="https://github.com/user-attachments/assets/1698f28b-5821-456f-95fa-d6f85d901920"
/>|<img width="1982" height="553" alt="Screenshot From 2025-07-24
20-27-53"
src="https://github.com/user-attachments/assets/4f26a2d1-03e3-4c0d-84da-82c53b9761dd"
/>|

The number in the thousands on the left is how often the respective
function was the currently executing function during the profiling run.

Resolves: #9972

2025-07-28 21:39:11 +00:00

.cargo

fix(rust): use rust-lld linker for MSVC (#9641 )

2025-06-24 01:55:36 +10:00

apple-client-ffi

chore: publish apple-client 1.5.5 (#10035 )

2025-07-28 20:14:12 +00:00

bin-shared

refactor(windows): share src IP cache across UDP sockets (#9976 )

2025-07-24 01:36:53 +00:00

client-ffi

feat(connlib): add reason argument to reset API (#9878 )

2025-07-15 13:48:33 +00:00

client-shared

test(iperf): install iptables rule inside of container (#9880 )

2025-07-16 10:29:33 +00:00

connlib

refactor(connlib): use a lock-free queue for the buffer pool (#9989 )

2025-07-28 21:39:11 +00:00

gateway

chore: publish gateway 1.4.14 (#10030 )

2025-07-28 06:14:07 +00:00

gui-client

refactor(gui-client): replace tslink with tauri-specta (#10031 )

2025-07-28 21:37:24 +00:00

headless-client

chore: publish headless-client 1.5.2 (#10029 )

2025-07-28 06:17:42 +00:00

logging

chore(rust): bump to Rust 1.88 (#9714 )

2025-07-12 06:42:50 +00:00

relay

chore(relay): remove spans (#9962 )

2025-07-22 13:24:58 +00:00

telemetry

chore(connlib): only log span field name into message (#9981 )

2025-07-24 01:37:43 +00:00

tests

chore(gui-smoke-test): wait for tunnel service to boot (#9766 )

2025-07-02 05:16:15 +00:00

tools/uniffi-bindgen

refactor: use UniFFI for Android FFI (#9415 )

2025-06-17 21:48:34 +00:00

.dockerignore

refactor(portal): Don't pin session token to user_agent or remote_ip (#2195 )

2023-09-30 07:40:57 -07:00

.gitignore

Implement basic STUN server (#1603 )

2023-05-10 07:58:32 -07:00

Cargo.lock

refactor(connlib): use a lock-free queue for the buffer pool (#9989 )

2025-07-28 21:39:11 +00:00

Cargo.toml

refactor(connlib): use a lock-free queue for the buffer pool (#9989 )

2025-07-28 21:39:11 +00:00

clippy.toml

chore(rust): bump to Rust 1.88 (#9714 )

2025-07-12 06:42:50 +00:00

deny.toml

refactor(gui-client): replace tslink with tauri-specta (#10031 )

2025-07-28 21:37:24 +00:00

docker-init-gateway.sh

fix(gateway): Apply more specific firewall rules on start (#8483 )

2025-03-19 05:32:50 +00:00

docker-init-relay.sh

feat(relay): add ec2 metadata discovery (#6617 )

2024-09-12 12:28:55 -06:00

docker-init.sh

fix(gateway): always masquerade for docker-deployed gateways (#6169 )

2024-08-07 03:00:50 +00:00

Dockerfile

test(iperf): install iptables rule inside of container (#9880 )

2025-07-16 10:29:33 +00:00

Dockerfile.xdp-tools

chore(relay): Add xdp-tools debug Docker image build script (#8591 )

2025-04-03 18:17:23 +00:00

README.md

docs(rust): fix profiling command (#7547 )

2024-12-18 13:01:23 +00:00

rust-toolchain.toml

chore(rust): bump to Rust 1.88 (#9714 )

2025-07-12 06:42:50 +00:00

README.md

Rust development guide

Firezone uses Rust for all data plane components. This directory contains the Linux and Windows clients, and low-level networking implementations related to STUN/TURN.

We target the last stable release of Rust using rust-toolchain.toml. If you are using rustup, that is automatically handled for you. Otherwise, ensure you have the latest stable version of Rust installed.

Reading Client logs

The Client logs are written as JSONL for machine-readability.

To make them more human-friendly, pipe them through jq like this:

cd path/to/logs  # e.g. `$HOME/.cache/dev.firezone.client/data/logs` on Linux
cat *.log | jq -r '"\(.time) \(.severity) \(.message)"'

Resulting in, e.g.

2024-04-01T18:25:47.237661392Z INFO started log
2024-04-01T18:25:47.238193266Z INFO GIT_VERSION = 1.0.0-pre.11-35-gcc0d43531
2024-04-01T18:25:48.295243016Z INFO No token / actor_name on disk, starting in signed-out state
2024-04-01T18:25:48.295360641Z INFO null

Benchmarking on Linux

The recommended way for benchmarking any of the Rust components is Linux' perf utility. For example, to attach to a running application, do:

Ensure the binary you are profiling is compiled with the release profile.
sudo perf record -g --freq 10000 --pid $(pgrep <your-binary>).
Run the speed test or whatever load-inducing task you want to measure.
sudo perf script > profile.perf
Open profiler.firefox.com and load profile.perf

Instead of attaching to a process with --pid, you can also specify the path to executable directly. That is useful if you want to capture perf data for a test or a micro-benchmark.