<img width="1552" alt="Screenshot 2023-12-12 at 11 29 43 PM"
src="https://github.com/firezone/firezone/assets/167144/d517c830-64a8-462d-8cb5-c41835fa2059">
Found a reliable way to return default system DNS resolvers on iOS and
macOS. Even if this method is not perfect, I think it's still worth
pursuing because:
* Many administrators will set an upstream resolver in the portal anyway
(bypassing client system resolvers)
* It unifies our Split DNS approach across platforms (assuming we can
query the default system resolvers on Windows), allowing connlib to
intercept all DNS queries on all platforms. This opens the door for some
interesting feature possibilities in the area of malicious query
blocking. This also makes DNS bugs easier to investigate because there's
only one codepath for packets to take. See
https://github.com/firezone/firezone/issues/2859
Draft because it needs more testing and I need to figure out the
`RustVec<RustString>` type for the Swift -> Rust FFI.
Refs #2713
## Changelog
- Updates connlib parameter API_URL (formerly known under different
names as `CONTROL_PLANE_URL`, `PORTAL_URL`, `PORTAL_WS_URL`, and
friends) to be configured as an "advanced" or "hidden" feature at
runtime so that we can test production builds on both staging and
production.
- Makes `AUTH_BASE_URL` configurable at runtime too
- Moves `CONNLIB_LOG_FILTER_STRING` to be configured like this as well
and simplifies its naming
- Fixes a timing attack bug on Android when comparing the `csrf` token
- Adds proper account ID validation to Android to prevent invalid URL
parameter strings from being saved and used
- Cleans up a number of UI / view issues on Android regarding typos,
consistency, etc
- Hides vars from from the `relay` CLI we may not want to expose just
yet
- `get_device_id()` is flawed for connlib components -- SMBios is rarely
available. Data plane components now require a `FIREZONE_ID` now instead
to use for upserting.
Fixes#2482Fixes#2471
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Gabi <gabrielalejandro7@gmail.com>
With this we implement DNS forwarding that's specified in #2043
This also solve the DNS story in Android.
For the headless client in Linux we still need to implement split dns,
but we can make do with this, specially, we can read from resolvconf and
use the forward DNS (not ideal but can work if we want a beta headless
client).
For the resolver I used `trusted-proto-resolver`.
The other options were:
* Using `domain`'s resolver but while it could work for now, it's no
ideal for this since it doesn't support DoH or DoT and doesn't provide
us with a DNS cache.
* Using `trusted-proto-client`, it doesn't provide us with a DNS cache,
though we could eventually replace it since it provides a way to access
the underlying buffer which could make our code a bit simpler.
* Writing our own. While we could make the API ideal, this is too much
work for beta.
@pratikvelani I did some refactor in the kotlin side so we can return an
array of bytearrays so that we don't require parsing on connlib side, I
also tried to make the dns server detector a bit simpler please take a
look it's my first time doing kotlin
@thomaseizinger please take a look specially at the first commit, I
tried to integrate with the `poll_events` and the `ClientState`.
Should be easier to review commit by commit.
The gist of this commit is:
* `onAddRoute` on Android now takes an address+prefix as to minimize
parsing
* `onAddRoute` recreates the vpn service each time(TODO: is this too bad
for performance?)
* `on_add_route` and `onAddRoute` returns the new fd
* on android after `on_add_route` we recreate `IfaceConfig` and
`DeviceIo` and we store the new values
* `peer_handler` now runs on a loop, where each time we fail a write
with an error code 9(bad descriptor) we try to take the new `DeviceIo`
* we keep an
[`AbortHandle`](https://docs.rs/tokio/latest/tokio/task/struct.AbortHandle.html)
from the `iface_handler` task, since closing the fd doesn't awake the
`read` task for `AsyncFd`(I tried it, right now `close` is only called
after dropping the fd) so we explicitly abort the task and start a new
one with the new `device_io`.
* in android `DeviceIo` has an atomic which tells if it's closed or open
and we change it to closed after `on_add_route`, we use this as to never
double-close the fd, instead we wait until it's dropped. This *might*
affect performance on android since we use non-`Ordering::Relaxed`
atomic operation each read/write but it won't affect perfromance in
other platforms, furthermore I believe the performance gains if we
remove this will be minimal.
Fixes#2227
---------
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Instead of using combinators or early-exiting on _success_, use `?` and
keep the data flow of the FFI function focused on the happy path.
I find code easier to read if the left-most indentation is the happy
path and any further indentations are errors that exit early from the
function.
Split from #2104
This adds logging string configuration, unifies behavior between gateway
and headless clients and some cli improvements for those.
---------
Signed-off-by: Gabi <gabrielalejandro7@gmail.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
The various client platforms are too different in how they handle
logging. Contrary to what I suggested in the initial PR, I no longer
think that storing the guard within the session is a good idea.
For the headless client for example, we block on CTRL+C anyway and thus
can simplify have the guard stay alive for the entirety of the program.
For Apple, we can store the guard in the `WrappedSession`. For Android,
we store it in a static variable anyway.
Lastly, whilst working on the log-upload, I've encountered circular
dependencies caused by this as I would have to store more than just the
`WorkerGuard` in the `Session`.
Implements the FFI part of the following issues:
Fixesfirezone/product#669
Refs firezone/product#672
Refs firezone/product#673
~~Log wg stats as well by moving into warn category.~~ This contains
information we want to keep out of our logging infrastructure for now.
* Normalizes very long or very short device IDs to a predictable length
* Ensures uniform distribution for the DB index
* Provides some basic level of privacy preservation
(Supersedes #1944)
* Fixes https://github.com/firezone/product/issues/649
* Passes `dns_fallback_strategy` over FFI (these are hardcoded for now)
* Incorporates @conectado 's #1944 and cleans up a few places `fd` was
still passed
Draft for now until I can test it more tomorrow
---------
Co-authored-by: conectado <gabrielalejandro7@gmail.com>
* Refactor sharedPreferences to only save the AccountId
* Update TeamId -> AccountId to match naming elsewhere
* Update JWT -> Token to avoid confusion; this token is **not** a valid
JWT and should be treated as an opaque token
* Update FFI `connect` to accept an optional file descriptor (int32) as
a first argument. This seemed to be the most straightforward way to pass
it to the tunnel stack. Retrieving it via callback is another option,
but retrieving return vars with the `jni` was more complex. We could
have used a similar approach that we did in the Apple client
(enumerating all fd's in the `new()` function until we found ours) but
this approach is [explicitly
documented/recommended](https://developer.android.com/reference/android/net/VpnService.Builder#establish())
by the Android docs so I figured it's not likely to break.
Additionally, there was a thread safety bug in the recent JNI callback
implementation that consistently crashed the VM with `JNI DETECTED ERROR
IN APPLICATION: use of invalid jobject...`. The fix was to use
`GlobalRef` which has the explicit purpose of outliving the `JNIEnv`
lifetime so that no `static` lifetimes need to be used.
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Pratik Velani <pratikvelani@gmail.com>
Co-authored-by: Gabi <gabrielalejandro7@gmail.com>
The biggest internal change is that all the methods on `Callbacks` (on
the Rust side!) return a `Result` now, so errors from the bridge or even
the client callbacks will be handled.
@roop there's nothing for you to review here, but note:
- the `bool` return values you've asked about in the past are gone now
- the route string for `onAddRoute`/`onRemoveRoute` no longer has the
extra quotes (it's no longer JSON)
---------
Signed-off-by: Francesca Lovebloom <franlovebloom@gmail.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Removes functions from the android FFI that aren't needed. Why? These
were mistakenly copied from the apple FFI when I was prototyping this
back in April.
As per discussion from the client sync,
- this removes `TunnelAddresses` in favor of simply passing the IPv4 and
IPv6 addresses as two separate strings.
- this changes `onDisconnect`'s semantics to be called _after_
disconnect instead of before.
Additionally, as per earlier discussion, errors are now passed as
strings. These errors already weren't intended to be actionable on the
client side, so the ability to handle them programmatically is
unnecessary. When internationalization is added down the road, we'll
likely replace these with error codes for looking up localized strings;
until then, this design improves diagnostics and reduces complexity.
Closes#1796Closes#1822
Addresses one of the issues raised in firezone/product#634
Previously, we were joining a `Vec` of serialized JSON objects into a
comma-separated string, which isn't valid JSON. Now the entire thing is
simply serialized, `Vec` and all.
Additionally, I've moved serialization to happen just before the FFI
boundary, which removes some indirection from connlib and will avoid a
deserialization step when writing non-FFI clients.
Resolvesfirezone/product#619
This additionally removes `ErrorType`:
- `on_error` is now exclusively used for recoverable errors, and no
longer has an `error_type` parameter.
- `on_disconnect` now has an optional `error` parameter, which specifies
the fatal error that caused the disconnect if relevant.
This follows-up on the discussion in #1744 and brings connlib in line
with the callback revisions outlined in firezone/product#586
(It also adds some logging to the Apple bridge that was helpful when
testing this)
---------
Co-authored-by: Roopesh Chander <roop@roopc.net>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
This makes it possible to build the Apple/Android FFI bridges and
integrate them with their respective client apps.
---------
Signed-off-by: Francesca Lovebloom <franlovebloom@gmail.com>
Co-authored-by: Roopesh Chander <roop@roopc.net>
This brindgs connlib from its own separated repo to firezone's monorepo.
On top of bringing connlib we also add and unify the Dockerfile for all
rust binaries and add a docker-compose that can run a headless client, a
relay and a gateway which eventually will test the whole flow between a
client and a resource. For this to work we also incorporated some elixir
scripts to generate portal tokens for those components.
