While working on #3288 I saw a few messages that we don't explicitly
handle from the portal.
This PR changes it so that we handle them correctly and we don't just
depend on coincidental behavior..
... ProgramData/dev.firezone.client/dumps/last_crash.dmp, in debug
builds only for now
For #3111.
I was way off on my estimated dump size. It's only about 500 KB.
Please double-check that the Linux exes are still stripped properly.
Windows, Linux, and Mac have different ways to do embedded or
non-embedded debug info, so the Windows client should still be 20 MB but
with a ~62MB pdb next to it, and the Linux client should still be 15 MB.
- [ ] Check Linux artifacts weren't accidentally affected
- [ ] Make sure connlib's panic handler doesn't interfere with this
- [ ] Later on, change CI so pdb files are saved as artifacts
- [ ] Later on, enable for release builds
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Some dns servers return NXDOMAIN for queries where the address exists
but there is no
answer for the given query type(e.g. AAAA-only records). This is not up
to spec and
musl PROPERLY assumes that means there is no record of any type. Saddly,
this happens even
with google DNS so we can expect it to happen everywhere. So we use
getaddrinfo to separate
requests for A and AAAA queries and preventing this.
Seems to work locally, though the exact situation where we have a record
that returns NXDOMAIN while it exists is easier to reproduce in staging,
we should test it after we merge.
Fixes#3215
With https://github.com/firezone/firezone/pull/3245, there is now a 2nd
place where we set the `remote_socket` field. Hence, for the log message
to be correct we need to compare whether the new socket actually differs
from the existing one.
Turns out #3276 was only part of the problem. After that was fixed, the
issue did turn out to be the statically-linked libc runtime. Staging was
using dynamic linking and so didn't hit the issue.
This reverts back to musl which has been tested as @AndrewDryga noted.
Currently, we are hardcoding the network interface to use in the docker
compose file. This doesn't scale pariticularly well because
docker-compose doesn't like it when networks have overlapping address
ranges. Instead of hard-coding the address, we let docker compose choose
a network range and assign addresses to us.
---------
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
Bumps [tokio-tungstenite](https://github.com/snapview/tokio-tungstenite)
from 0.20.1 to 0.21.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/snapview/tokio-tungstenite/blob/master/CHANGELOG.md">tokio-tungstenite's
changelog</a>.</em></p>
<blockquote>
<h1>0.21.0</h1>
<ul>
<li>Update TLS dependencies.</li>
<li>Update <code>tungstenite</code> to <code>0.21.0</code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="52e59dd732"><code>52e59dd</code></a>
Release version 0.21.0</li>
<li><a
href="7b2cf20a10"><code>7b2cf20</code></a>
Update <code>rustls</code> to 0.22 and <code>tokio-rustls</code> to
0.25</li>
<li><a
href="ecf7a7ebae"><code>ecf7a7e</code></a>
Update <code>webpki-roots</code> to 0.26</li>
<li>See full diff in <a
href="https://github.com/snapview/tokio-tungstenite/compare/v0.20.1...v0.21.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
It appears that sometimes, the dialer already considers the connection
as connected whilst the other party is still finishing the ICE
handshake. In that case, the dialer will start wireguard activity. Once
the tunnel is fully established, the dialer will then start to send data
which can lead to a `NotConnected` error in case the listener hasn't yet
finished the handshake and updated the state. This is only a local
inconsistency which we can fix by also updating the `remote_socket`
field based on activity on the wireguard tunnel.
For future debugging, we also raise the log level of `str0m` to see the
STUN messages that are being exchanged.
Fixes: #3178.
Bumps [base64](https://github.com/marshallpierce/rust-base64) from
0.21.6 to 0.21.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md">base64's
changelog</a>.</em></p>
<blockquote>
<h1>0.21.7</h1>
<ul>
<li>Support getting an alphabet's contents as a str via
<code>Alphabet::as_str()</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9652c78773"><code>9652c78</code></a>
v0.21.7</li>
<li><a
href="08deccf703"><code>08deccf</code></a>
provide as_str() method to return the alphabet characters (<a
href="https://redirect.github.com/marshallpierce/rust-base64/issues/264">#264</a>)</li>
<li>See full diff in <a
href="https://github.com/marshallpierce/rust-base64/compare/v0.21.6...v0.21.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Fulfills #3159.
This means the device ID is only tied to the Windows install instead of
the user account. I also fixed up the logs and errors for that module
real quick since I was already there.
Also refactored to extract an auth state machine. The auth logic
previously was scattered throughout the GUI module, which would make it
hard to audit. Because of the refactoring I was able to add some simple
unit tests.
the way we were checking for subdomains in the gateways completely
broke, didn't detect it before because the deployed staging version for
gateways is too old.
~~Added a few CI tests so this doesn't' happen again.~~ seems like
github runners [doesn't support pinging the outside
world](https://github.com/actions/runner-images/issues/1519) so I'm
putting that off for now.
Fulfills #3141
It took a little longer than I expected but since I'll be leaving the
client running all the time even on my dev laptop, I want to easily see
what version I built, even if I've changed branches since building it.
This isn't hooked up to the GUI yet, it's a debug subcommand.
I overheard that the other clients rebuild the tunnel when they change
networks, I think? And this might be useful for debugging the issue
where Chrome / other browsers don't flush their TCP connections when the
tunnel comes up. It's also reference code for how to use COM interfaces
in Rust. The official samples are a little sparse. So I wanted to get
this checked in.
