mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00

Files

Gabi c0f451ebea fix(connlib): blackhole DNS HTTPS type queries for resources (#6788 )

Fix #6781
Fix #6375

The problem was that browsers in iOS(and possible other OSes) queries
for A, AAAA and HTTPS, and we correctly intercept A and AAAA.

Correctly intercepting HTTPS queries is more tricky since we need the
server's alpn, before this PR we were just forwarding those and then the
response back but the problem with that is that it'd return the real IP
for the service instead of our proxy IP.

So to quickly fix this we simply blackhole the query so the browser
never use that response.

In the future an improvement over this would be to intercept the
response instead of the query and mangle the ips there.

---------

Signed-off-by: Gabi <gabrielalejandro7@gmail.com>
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>

2024-09-19 23:20:17 +00:00

clients

ci: Bump Apple and GUI versions (#6776 )

2024-09-19 07:13:33 -07:00

shared

chore(connlib): mitigate WARN logs from phoenix-channel (#6759 )

2024-09-18 20:36:04 +00:00

snownet

chore(rust): use #[expect] instead of #[allow] (#6692 )

2024-09-16 13:51:12 +00:00

tunnel

fix(connlib): blackhole DNS HTTPS type queries for resources (#6788 )

2024-09-19 23:20:17 +00:00

.gitignore

android: update connlib dependency and integration (#1752 )

2023-07-17 18:50:39 +00:00

README.md

chore(docs): Remove outdated rust/connlib/README.md info (#3099 )

2024-01-03 18:10:52 +00:00

README.md

Connlib

Firezone's connectivity library shared by all clients.

Building Connlib

You shouldn't need to build connlib directly; it's typically built as a dependency of one of the other Firezone components. See READMEs in those directories for relevant instructions.