The module and crate structure around the GUI client and its background
service are currently a mess of circular dependencies. Most of the
service implementation actually sits in `firezone-headless-client`
because the headless-client and the service share certain modules. We
have recently moved most of these to `firezone-bin-shared` which is the
correct place for these modules.
In order to move the background service to `firezone-gui-client`, we
need to untangle a few more things in the GUI client. Those are done
commit-by-commit in this PR. With that out the way, we can finally move
the service module to the GUI client; where is should actually live
given that it has nothing to do with the headless client.
As a result, the headless-client is - as one would expect - really just
a thin wrapper around connlib itself and is reduced down to 4 files with
this PR.
To make things more consistent in the GUI client, we move the `main.rs`
file also into `bin/`. By convention `bin/` is where you define binaries
if a crate has more than one. cargo will then build all of them.
Eventually, we can optimise the compile-times for `firezone-gui-client`
by splitting it into multiple crates:
- Shared structs like IPC messages
- Background service
- GUI client
This will be useful because it allows only re-compiling of the GUI
client alone if nothing in `connlib` changes and vice versa.
Resolves: #6913Resolves: #5754
Both `device_id` and `device_info` are used by the headless-client and
the GUI client / IPC service. They should therefore be defined in the
`bin-shared` crate.
In order to experiment with alternative GUI libraries, we extracted a
`gui-client-common` crate that would hold GUI-library agnostic code.
We've since upgraded to Tauri v2 and settled on that as the GUI
framework for the Windows and Linux Firezone Clients. Therefore this
abstraction is unnecessary and can be removed again.
This makes it easier to work on the GUI client and also allows the
compiler to flag unused code more easily.
Currently, the platform-specific code for controlling DNS resolution on
a system sits in `firezone-headless-client`. This code is also used by
the GUI client. This creates a weird compile-time dependency from the
GUI client to the headless client.
For other components that have platform-specific implementations, we use
the `firezone-bin-shared` crate. As a first step of resolving the
compile-time dependency, we move the `dns_control` module to
`firezone-bin-shared`.
By default, we send all WARN and ERROR logs to Sentry. This also
includes logs emitted via the `log` crate via a facade that `tracing`
installs. The wintun-rs bindings install such a logger in the native
WinTUN code. The WinTUN code has a bug where it doesn't handle adapter
removal idempotently. That is, if the adapter has already been removed
it logs an error instead of succeeding.
Typically, such logs can easily be suppressed in Sentry. In this case
however, Sentry fails to group these different logs together because
WinTUN's error message contains a path to a temporary directory which is
different every time it gets executed. As such, these logs spam our
Sentry instance with no way for us to disable them with existing tools.
The WireGuard mailing list for WinTUN also appears to be dead. We
attempted to contact the list in February and have not received a reply
yet. The last archive goes back to November 2024 [0]. We use WinTUN as a
prebuild and signed DLL so we also cannot meaningfully patch this on our
end without upstreaming it.
Thus, as a last resort, we add some infrastructure to our logging setup
that allows us to client-side filter events based on certain patterns of
the message and a log level.
[0]: https://lists.zx2c4.com/pipermail/wireguard/
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
The `known_dirs` module is used across the headless-client and the GUI
client. It should live in `bin-shared` where all the other
cross-platform modules are.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.97 to 1.0.98.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/anyhow/releases">anyhow's
releases</a>.</em></p>
<blockquote>
<h2>1.0.98</h2>
<ul>
<li>Add <a
href="https://docs.rs/anyhow/1/anyhow/struct.Error.html#method.into_boxed_dyn_error"><code>self.into_boxed_dyn_error()</code></a>
and <a
href="https://docs.rs/anyhow/1/anyhow/struct.Error.html#method.reallocate_into_boxed_dyn_error_without_backtrace"><code>self.reallocate_into_boxed_dyn_error_without_backtrace()</code></a>
methods for anyhow::Error (<a
href="https://redirect.github.com/dtolnay/anyhow/issues/415">#415</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="709fe86f04"><code>709fe86</code></a>
Release 1.0.98</li>
<li><a
href="cbc1ad2b16"><code>cbc1ad2</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/anyhow/issues/415">#415</a>
from dtolnay/intodyn</li>
<li><a
href="e1a2017668"><code>e1a2017</code></a>
Add 2 different conversions to Box<dyn Error + Send + Sync +
'static></li>
<li><a
href="29f2eddd15"><code>29f2edd</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/anyhow/issues/416">#416</a>
from dtolnay/oldnostd</li>
<li><a
href="2244db872f"><code>2244db8</code></a>
Omit unused object_boxed from vtable in old no-std rustc</li>
<li><a
href="213a9c2e6c"><code>213a9c2</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/anyhow/issues/414">#414</a>
from dtolnay/nightly</li>
<li><a
href="02aa6b6faa"><code>02aa6b6</code></a>
Make all nightly go through the module that was probed</li>
<li>See full diff in <a
href="https://github.com/dtolnay/anyhow/compare/1.0.97...1.0.98">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.34 to 4.5.37.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/clap-rs/clap/releases">clap's
releases</a>.</em></p>
<blockquote>
<h2>v4.5.37</h2>
<h2>[4.5.37] - 2025-04-18</h2>
<h3>Features</h3>
<ul>
<li>Added <code>ArgMatches::try_clear_id()</code></li>
</ul>
<h2>v4.5.36</h2>
<h2>[4.5.36] - 2025-04-11</h2>
<h3>Fixes</h3>
<ul>
<li><em>(help)</em> Revert 4.5.35's "Don't leave space for shorts
if there are none" for now</li>
</ul>
<h2>v4.5.35</h2>
<h2>[4.5.35] - 2025-04-01</h2>
<h3>Fixes</h3>
<ul>
<li><em>(help)</em> Align positionals and flags when put in the same
<code>help_heading</code></li>
<li><em>(help)</em> Don't leave space for shorts if there are none</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's
changelog</a>.</em></p>
<blockquote>
<h2>[4.5.37] - 2025-04-18</h2>
<h3>Features</h3>
<ul>
<li>Added <code>ArgMatches::try_clear_id()</code></li>
</ul>
<h2>[4.5.36] - 2025-04-11</h2>
<h3>Fixes</h3>
<ul>
<li><em>(help)</em> Revert 4.5.35's "Don't leave space for shorts
if there are none" for now</li>
</ul>
<h2>[4.5.35] - 2025-04-01</h2>
<h3>Fixes</h3>
<ul>
<li><em>(help)</em> Align positionals and flags when put in the same
<code>help_heading</code></li>
<li><em>(help)</em> Don't leave space for shorts if there are none</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c54ffa17f5"><code>c54ffa1</code></a>
chore: Release</li>
<li><a
href="26eab7b4e5"><code>26eab7b</code></a>
docs: Update changelog</li>
<li><a
href="f275804c23"><code>f275804</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5805">#5805</a>
from epage/style</li>
<li><a
href="7c7742cae8"><code>7c7742c</code></a>
fix(complete): Adjust dynamic for MSRV</li>
<li><a
href="f1ae3c0e49"><code>f1ae3c0</code></a>
style: Make clippy happy</li>
<li><a
href="5c932b7079"><code>5c932b7</code></a>
chore(deps): Update Rust crate divan to v0.1.15 (<a
href="https://redirect.github.com/clap-rs/clap/issues/5798">#5798</a>)</li>
<li><a
href="bc0537f589"><code>bc0537f</code></a>
chore(deps): Update compatible (dev) (<a
href="https://redirect.github.com/clap-rs/clap/issues/5797">#5797</a>)</li>
<li><a
href="7a6475e3c1"><code>7a6475e</code></a>
chore: Release</li>
<li><a
href="0266c4197f"><code>0266c41</code></a>
docs: Update changelog</li>
<li><a
href="6ec0b43448"><code>6ec0b43</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5791">#5791</a>
from okapia/zsh-default-fallback</li>
<li>Additional commits viewable in <a
href="https://github.com/clap-rs/clap/compare/clap_complete-v4.5.34...clap_complete-v4.5.37">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
At the moment, Firezone already attempts to prefer the same IP stack
across relayed connections all the way through to the Gateway. This is
achieved with a feature in str0m implemented in
https://github.com/algesten/str0m/pull/640 where the `IceAgent` computes
the local preference of an added candidate such that an IPv4 candidate
allocated over an IPv4 network has a higher preference than an IPv6
candidate allocated over an IPv4 network.
If a candidate gets accepted by the local agent, it is signaled to the
remote via our control protocol. The remote peer then adds the candidate
as a remote candidate and the ICE process starts by pairing them with
local ones and testing connectivity.
Currently, str0m's API consumes the candidate and only returns a `bool`
whether it should be sent signaled to the remote. This means the local
preference computed as part of `add_local_candidate` **is not**
reflected in the priority of the candidate sent to the remote. As a
result, if the controlled agent (i.e. the Gateway) is behind symmetric
NAT and therefore only has relay candidates available, the preference of
IPv4 over IPv6 candidates on an IPv4 network is lost. This is what we
are seeing in #8998.
This changes with https://github.com/algesten/str0m/pull/650 being
merged to `main` which we are updating to with this PR. Now,
`add_local_candidate` returns an `Option<&Candidate>` which has been
modified with the local preference of the `IceAgent` around the
preferred IP stack of relay candidates. As such, the priority calculated
and signaled to the remote embeds this information and will be taken
into account by the controlling agent (i.e. the Client) when nominating
a pair.
Resolves: #8998
When there is no traffic going through the tunnel, Firezone switches
into a low-power mode where it only sends STUN bindings every 60s. As
soon as we see traffic, we move out of this low-power mode to detect
connectivity problems early.
Applying this new timing config however does not clear some internal
caches in `str0m` and therefore, it can take up to the previously set
timeout value until str0m actually picks up on the new timers.
This is being fixed in https://github.com/algesten/str0m/pull/649. Until
that is merged, we depend on our fork that has these changes merged
already.
Resolves: #8999
Bumps the aya group in /rust with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [aya](https://github.com/aya-rs/aya) | ``c65a200`` | ``583709f`` |
| [aya-build](https://github.com/aya-rs/aya) | ``c65a200`` | ``583709f``
|
| [aya-ebpf](https://github.com/aya-rs/aya) | ``c65a200`` | ``583709f``
|
| [aya-log](https://github.com/aya-rs/aya) | ``c65a200`` | ``583709f`` |
| [aya-log-ebpf](https://github.com/aya-rs/aya) | ``c65a200`` |
``583709f`` |
Updates `aya` from `c65a200` to `583709f`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="583709f6a0"><code>583709f</code></a>
appease <code>clippy::uninlined-format-args</code></li>
<li>See full diff in <a
href="c65a200e9a...583709f6a0">compare
view</a></li>
</ul>
</details>
<br />
Updates `aya-build` from `c65a200` to `583709f`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="583709f6a0"><code>583709f</code></a>
appease <code>clippy::uninlined-format-args</code></li>
<li>See full diff in <a
href="c65a200e9a...583709f6a0">compare
view</a></li>
</ul>
</details>
<br />
Updates `aya-ebpf` from `c65a200` to `583709f`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="583709f6a0"><code>583709f</code></a>
appease <code>clippy::uninlined-format-args</code></li>
<li>See full diff in <a
href="c65a200e9a...583709f6a0">compare
view</a></li>
</ul>
</details>
<br />
Updates `aya-log` from `c65a200` to `583709f`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="583709f6a0"><code>583709f</code></a>
appease <code>clippy::uninlined-format-args</code></li>
<li>See full diff in <a
href="c65a200e9a...583709f6a0">compare
view</a></li>
</ul>
</details>
<br />
Updates `aya-log-ebpf` from `c65a200` to `583709f`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="583709f6a0"><code>583709f</code></a>
appease <code>clippy::uninlined-format-args</code></li>
<li>See full diff in <a
href="c65a200e9a...583709f6a0">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Validating checksums can be expensive so this is off-by-default. The
intent is to turn it on in our staging environment so we can detects
bugs in our packet handling code during testing.
Bumps [resolv-conf](https://github.com/hickory-dns/resolv-conf) from
0.7.1 to 0.7.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hickory-dns/resolv-conf/releases">resolv-conf's
releases</a>.</em></p>
<blockquote>
<h2>0.7.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump version and add dummy / compat "system" feature by <a
href="https://github.com/decathorpe"><code>@decathorpe</code></a> in <a
href="https://redirect.github.com/hickory-dns/resolv-conf/pull/48">hickory-dns/resolv-conf#48</a></li>
</ul>
<h2>0.7.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Replace external crate with inline code by <a
href="https://github.com/Jake-Shadle"><code>@Jake-Shadle</code></a> in
<a
href="https://redirect.github.com/hickory-dns/resolv-conf/pull/44">hickory-dns/resolv-conf#44</a></li>
<li>Hostname tweaks by <a
href="https://github.com/djc"><code>@djc</code></a> in <a
href="https://redirect.github.com/hickory-dns/resolv-conf/pull/45">hickory-dns/resolv-conf#45</a></li>
<li>Style updates by <a
href="https://github.com/djc"><code>@djc</code></a> in <a
href="https://redirect.github.com/hickory-dns/resolv-conf/pull/46">hickory-dns/resolv-conf#46</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5d8efe95fe"><code>5d8efe9</code></a>
Bump version to 0.7.3</li>
<li><a
href="846de1b7eb"><code>846de1b</code></a>
Add back dummy "system" feature for compatibility with
0.7.1</li>
<li><a
href="47effe2e2f"><code>47effe2</code></a>
Use match ergonomics</li>
<li><a
href="1fc695df24"><code>1fc695d</code></a>
Use inline format arguments</li>
<li><a
href="7f202b8c8d"><code>7f202b8</code></a>
Bump version to 0.7.2</li>
<li><a
href="b1f9e69538"><code>b1f9e69</code></a>
Move version up</li>
<li><a
href="523747af6e"><code>523747a</code></a>
Reduce MSRV to 1.61</li>
<li><a
href="ef960824d6"><code>ef96082</code></a>
Postpone String allocation</li>
<li><a
href="07c06becbd"><code>07c06be</code></a>
Simplify domain_from_host()</li>
<li><a
href="a2b71ca625"><code>a2b71ca</code></a>
Extend domain_from_host() tests</li>
<li>Additional commits viewable in <a
href="https://github.com/hickory-dns/resolv-conf/compare/v0.7.1...v0.7.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.217 to
1.0.219.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/serde/releases">serde's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.219</h2>
<ul>
<li>Prevent <code>absolute_paths</code> Clippy restriction being
triggered inside macro-generated code (<a
href="https://redirect.github.com/serde-rs/serde/issues/2906">#2906</a>,
thanks <a
href="https://github.com/davidzeng0"><code>@davidzeng0</code></a>)</li>
</ul>
<h2>v1.0.218</h2>
<ul>
<li>Documentation improvements</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="49d098debd"><code>49d098d</code></a>
Release 1.0.219</li>
<li><a
href="40f1d19dbe"><code>40f1d19</code></a>
Wrap dummy.rs to 80 columns</li>
<li><a
href="514848b584"><code>514848b</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2906">#2906</a>
from davidzeng0/master</li>
<li><a
href="168b6cf789"><code>168b6cf</code></a>
fix clippy absolute paths warning</li>
<li><a
href="a8bdd17333"><code>a8bdd17</code></a>
Remove unused Punctuated import</li>
<li><a
href="1c9601358b"><code>1c96013</code></a>
Resolve mem_replace_with_default clippy lint</li>
<li><a
href="f0d1ae08f3"><code>f0d1ae0</code></a>
Ignore elidable_lifetime_names pedantic clippy lint</li>
<li><a
href="e3eaa6a3dd"><code>e3eaa6a</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2896">#2896</a>
from dtolnay/stabledoc</li>
<li><a
href="6a630cf283"><code>6a630cf</code></a>
Also link to stable proc_macro</li>
<li><a
href="7bfd518dd4"><code>7bfd518</code></a>
Release 1.0.218</li>
<li>Additional commits viewable in <a
href="https://github.com/serde-rs/serde/compare/v1.0.217...v1.0.219">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Once we start collecting metrics across various Clients and Gateways,
these metrics need to be tagged with the correct `service.name`,
`service.version` as well as an instance ID to differentiate metrics
from different instances.
The latest release includes our upstreamed fix for handling
`segment_size` > `contents.len()` and therefore our local workaround is
no longer necessary.
We have been using buffer pools for a while all over `connlib` as a way
to efficiently use heap-allocated memory. This PR harmonizes the usage
of buffer pools across the codebase by introducing a dedicated
`bufferpool` crate. This crate offers a convenient and easy-to-use API
for all the things we (currently) need from buffer pools. As a nice
bonus of having it all in one place, we can now also track metrics of
how many buffers we have currently allocated.
An example output from the local metrics exporter looks like this:
```
Name : system.buffer.count
Description : The number of buffers allocated in the pool.
Unit : {buffers}
Type : Sum
Sum DataPoints
Monotonic : false
Temporality : Cumulative
DataPoint #0
StartTime : 2025-04-29 12:41:25.278436
EndTime : 2025-04-29 12:42:25.278088
Value : 96
Attributes :
-> system.buffer.pool.name: udp-socket-v6
-> system.buffer.pool.buffer_size: 65535
DataPoint #1
StartTime : 2025-04-29 12:41:25.278436
EndTime : 2025-04-29 12:42:25.278088
Value : 7
Attributes :
-> system.buffer.pool.buffer_size: 131600
-> system.buffer.pool.name: gso-queue
DataPoint #2
StartTime : 2025-04-29 12:41:25.278436
EndTime : 2025-04-29 12:42:25.278088
Value : 128
Attributes :
-> system.buffer.pool.name: udp-socket-v4
-> system.buffer.pool.buffer_size: 65535
DataPoint #3
StartTime : 2025-04-29 12:41:25.278436
EndTime : 2025-04-29 12:42:25.278088
Value : 8
Attributes :
-> system.buffer.pool.buffer_size: 1336
-> system.buffer.pool.name: ip-packet
DataPoint #4
StartTime : 2025-04-29 12:41:25.278436
EndTime : 2025-04-29 12:42:25.278088
Value : 9
Attributes :
-> system.buffer.pool.buffer_size: 1336
-> system.buffer.pool.name: snownet
```
Resolves: #8385
Currently, when `connlib`'s log file gets deleted, we write logs into
nirvana until the corresponding process gets restarted. This is painful
for users to do because they need to restart the IPC service or Network
Extension. Instead, we can simply check if the log file exists prior to
writing to it and re-create it if it doesn't.
Resolves: #6850
Related: #7569
Bumps [keyring](https://github.com/hwchen/keyring-rs) from 3.6.1 to
3.6.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hwchen/keyring-rs/releases">keyring's
releases</a>.</em></p>
<blockquote>
<h2>v3.6.2: better docs, lighter-weight tests</h2>
<p>Thanks to <a
href="https://github.com/unkcpz"><code>@unkcpz</code></a>, this release
fully documents all the platform-specific modules in each platform on <a
href="https://docs.rs/keyring/latest/keyring/">docs.rs</a>.</p>
<p>The dev dependencies (used for testing) have been switched from using
<code>rand</code> to using the lighter-weight module
<code>fastrand</code>.</p>
<p>There are no functional code changes in this release, only test
changes.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-source-cooperative/keyring-rs/blob/master/CHANGELOG.md">keyring's
changelog</a>.</em></p>
<blockquote>
<h2>Version 3.6.2</h2>
<ul>
<li>Have docs.rs build docs for all modules on all platforms (thanks to
<a href="https://github.com/unkcpz"><code>@unkcpz</code></a> - see <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/235">#235</a>).</li>
<li>Switch to <code>fastrand</code> for tests (see <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/237">#237</a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ee3f80d0d3"><code>ee3f80d</code></a>
Merge pull request <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/238">#238</a>
from brotskydotcom/issue-236</li>
<li><a
href="766c8bc4e6"><code>766c8bc</code></a>
Switch to using fastrand for testing.</li>
<li><a
href="f1b7ec192e"><code>f1b7ec1</code></a>
Merge pull request <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/237">#237</a>
from unkcpz/fix/235/keyring-doc-xplat</li>
<li><a
href="09c9c0dd94"><code>09c9c0d</code></a>
using matrix for targets in doctest.yaml</li>
<li><a
href="307e575e2f"><code>307e575</code></a>
Move to doctest.yaml as ind CI and run inline from action</li>
<li><a
href="8a5c6dd838"><code>8a5c6dd</code></a>
fast-fail test-docsrs-build.sh</li>
<li><a
href="a40bd956fd"><code>a40bd95</code></a>
r-brot</li>
<li><a
href="ac2a3b474d"><code>ac2a3b4</code></a>
experiment doccfg with attr docrs</li>
<li><a
href="3d8da9603c"><code>3d8da96</code></a>
multi-target toolchain CI</li>
<li><a
href="a994584d9b"><code>a994584</code></a>
remove -Zbuild-std which not required on docs.rs</li>
<li>Additional commits viewable in <a
href="https://github.com/hwchen/keyring-rs/compare/v3.6.1...v3.6.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the tauri group in /rust with 1 update:
[tauri](https://github.com/tauri-apps/tauri).
Updates `tauri` from 2.5.0 to 2.5.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri's
releases</a>.</em></p>
<blockquote>
<h2>tauri-runtime v2.5.1</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
Locking 1021 packages to latest compatible versions
Adding apple-codesign v0.27.0 (available: v0.29.0)
Adding axum v0.7.9 (available: v0.8.3)
Adding colored v2.2.0 (available: v3.0.0)
Adding ctor v0.2.9 (available: v0.4.1)
Adding getrandom v0.2.15 (available: v0.3.2)
Adding html5ever v0.26.0 (available: v0.30.0)
Adding itertools v0.13.0 (available: v0.14.0)
Adding json-patch v3.0.1 (available: v4.0.0)
Adding minisign v0.7.3 (available: v0.7.9)
Adding oxc_allocator v0.36.0 (available: v0.61.2)
Adding oxc_ast v0.36.0 (available: v0.61.2)
Adding oxc_parser v0.36.0 (available: v0.61.2)
Adding oxc_span v0.36.0 (available: v0.61.2)
Adding proc-macro-crate v2.0.0 (available: v2.0.2)
Adding rand v0.8.5 (available: v0.9.0)
Adding rpm v0.16.0 (available: v0.17.0)
Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
Adding tauri-utils v1.6.0 (available: v1.6.2)
Adding tiny_http v0.11.0 (available: v0.12.0)
Adding webview2-com v0.36.0 (available: v0.37.0)
Adding windows v0.60.0 (available: v0.61.1)
Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 748 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (1046 crate dependencies)
Crate: atk
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0413
URL: https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="766bccc341"><code>766bccc</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13243">#13243</a>)</li>
<li><a
href="31becbd1d1"><code>31becbd</code></a>
enhance(core): respect
<code>data-tauri-drag-region="false"</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13269">#13269</a>)</li>
<li><a
href="da2a6ae5e3"><code>da2a6ae</code></a>
fix(core): raw channel message type regression (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13268">#13268</a>)</li>
<li><a
href="87fdc3b9cd"><code>87fdc3b</code></a>
chore(deps): update rust crate jsonschema to 0.30 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13249">#13249</a>)</li>
<li><a
href="30e76c7d3a"><code>30e76c7</code></a>
chore(deps): update rust crate brotli to v8 (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13264">#13264</a>)</li>
<li><a
href="85b1912529"><code>85b1912</code></a>
Make tauri-runtime-wry optional with features (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13241">#13241</a>)</li>
<li><a
href="82da4f17f5"><code>82da4f1</code></a>
fix(ci): ubuntu 20.04 no longer exists (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13240">#13240</a>)</li>
<li>See full diff in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-v2.5.0...tauri-v2.5.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.13.0 to
3.19.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md">tempfile's
changelog</a>.</em></p>
<blockquote>
<h2>3.19.1</h2>
<ul>
<li>Don't unlink temporary files immediately on Windows (fixes <a
href="https://redirect.github.com/Stebalien/tempfile/issues/339">#339</a>).
Unfortunately, this seemed to corrupt the file object (possibly a
Windows kernel bug) in rare cases and isn't strictly speaking
necessary.</li>
</ul>
<h2>3.19.0</h2>
<ul>
<li>Remove direct dependency on <code>cfg-if</code>. It's still in the
tree, but we didn't really need to use it in this crate.</li>
<li>Add an unstable feature
(<code>unstable-windows-keep-open-tempfile</code>) to test a potential
fix to <a
href="https://redirect.github.com/Stebalien/tempfile/issues/339">#339</a>.</li>
</ul>
<h2>3.18.0</h2>
<ul>
<li>Update <code>rustix</code> to 1.0.0.</li>
<li>Make <code>NamedTempFile::persist_noclobber</code> atomic on Apple
operating systems. It's now atomic on MacOS, Windows, and Linux
(depending on the OS version and filesystem used).</li>
</ul>
<h2>3.17.1</h2>
<ul>
<li>Fix build with <code>windows-sys</code> 0.52. Unfortunately, we have
no CI for older <code>windows-sys</code> versions at the moment...</li>
</ul>
<h2>3.17.0</h2>
<ul>
<li>Make sure to use absolute paths in when creating unnamed temporary
files (avoids a small race in the "immediate unlink" logic)
and in <code>Builder::make_in</code> (when creating temporary files of
arbitrary types).</li>
<li>Prevent a theoretical crash that could (maybe) happen when a
temporary file is created from a drop function run in a TLS destructor.
Nobody has actually reported a case of this happening in practice and I
have been unable to create this scenario in a test.</li>
<li>When reseeding with <code>getrandom</code>, use platform (e.g., CPU)
specific randomness sources where possible.</li>
<li>Clarify some documentation.</li>
<li>Unlink unnamed temporary files on windows <em>immediately</em> when
possible instead of waiting for the handle to be closed. We open files
with "Unix" semantics, so this is generally possible.</li>
</ul>
<h2>3.16.0</h2>
<ul>
<li>Update <code>getrandom</code> to <code>0.3.0</code> (thanks to <a
href="https://github.com/paolobarbolini"><code>@paolobarbolini</code></a>).</li>
<li>Allow <code>windows-sys</code> versions <code>0.59.x</code> in
addition to <code>0.59.0</code> (thanks <a
href="https://github.com/ErichDonGubler"><code>@ErichDonGubler</code></a>).</li>
<li>Improved security documentation (thanks to <a
href="https://github.com/n0toose"><code>@n0toose</code></a> for
collaborating with me on this).</li>
</ul>
<h2>3.15.0</h2>
<p>Re-seed the per-thread RNG from system randomness when we repeatedly
fail to create temporary files (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/314">#314</a>).
This resolves a potential DoS vector (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/178">#178</a>)
while avoiding <code>getrandom</code> in the common case where it's
necessary. The feature is optional but enabled by default via the
<code>getrandom</code> feature.</p>
<p>For libc-free builds, you'll either need to disable this feature or
opt-in to a different <a
href="https://github.com/rust-random/getrandom?tab=readme-ov-file#opt-in-backends"><code>getrandom</code>
backend</a>.</p>
<h2>3.14.0</h2>
<ul>
<li>Make the wasip2 target work (requires tempfile's "nightly"
feature to be enabled). <a
href="https://redirect.github.com/Stebalien/tempfile/pull/305">#305</a>.</li>
<li>Allow older windows-sys versions <a
href="https://redirect.github.com/Stebalien/tempfile/pull/304">#304</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="95540ed3fc"><code>95540ed</code></a>
chore: release v3.19.1</li>
<li><a
href="b60aae49c1"><code>b60aae4</code></a>
fix(windows): don't automatically delete files on open (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/344">#344</a>)</li>
<li><a
href="167f544abe"><code>167f544</code></a>
ci(cargo-deny): remove windows-sys exception (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/343">#343</a>)</li>
<li><a
href="42fff6813d"><code>42fff68</code></a>
chore: release v3.19.0</li>
<li><a
href="61b4283c20"><code>61b4283</code></a>
feat(windows): add a feature to immediate tempfile deletion (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/340">#340</a>)</li>
<li><a
href="c2d16b3bc3"><code>c2d16b3</code></a>
ci: downgrade once-cell on old rustc versions (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/342">#342</a>)</li>
<li><a
href="35c204d7c2"><code>35c204d</code></a>
chore: remove cfg-if dependency (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/338">#338</a>)</li>
<li><a
href="b8bddaf0cf"><code>b8bddaf</code></a>
release 3.18.0</li>
<li><a
href="0e17869470"><code>0e17869</code></a>
update rustix (<a
href="https://redirect.github.com/Stebalien/tempfile/issues/336">#336</a>)</li>
<li><a
href="6cf65365a4"><code>6cf6536</code></a>
doc: fix markdown</li>
<li>Additional commits viewable in <a
href="https://github.com/Stebalien/tempfile/compare/v3.13.0...v3.19.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
When calculating preferences for candidates, `str0m` currently always
prefer IPv6 over IPv4. This is as per the ICE spec. Howver, this can
lead to sub-optimal situations when a connection ends up using a TURN
server.
TURN allows a client to allocate an IPv4 and an IPv6 address in the same
allocation. This makes it possible for e.g. an IPv4-only client to
connect to an IPv6-only peer as long as the TURN server runs in
dual-stack AND the client requests an IPv6 address in addition to an
IPv4 address with the `ADDITIONAL-ADDRESS-FAMILY` attribute.
Assume that a client sits behind symmetric NAT and therefore needs to
rely on a TURN server to communicate with its peers. The TURN server as
well as all the peers operate in dual-stack mode.
The current priority calculation will yield a communication path that
uses IPv4 to talk to the TURN server (as that is the only one available)
but due to the preference ordering of IPv6 over IPv4, will use an IPv6
path to the peer, despite the peer also supporting IPv4.
This isn't a problem per-se but makes our life unnecessarily difficult.
Our TURN servers use eBPF to efficiently deal with TURN's channel-data
messages. This however is at present only implemented for the IPv4 <>
IPv4 and IPv6 <> IPv6 path. Implementing the other paths is possible but
complicates the eBPF code because we need to also translate IP headers
between versions and not just update the source and destination IPs.
We have since patched `str0m` to extend the `Candidate::relayed`
constructor to also take a `base` address which is - similar to the
other candidate types - the address the client is sending from in order
to use this candidate. In the context of relayed candidates, this is the
address the client is using to talk to the TURN server. We can use this
information in the candidate's priority calculation to prefer candidates
that allow traffic to remain within one IP version, i.e. if the client
talks to the TURN server over IPv4, the candidate with an allocated IPv4
address will have a higher priority than the one with the IPv6 address
because we are applying a "punishment" factor as part of the
local-preference component in the priority formula.
Staying within the same IP version whilst relaying traffic allows our
TURN servers to use their eBPF kernel which results in a better UX due
to lower latency and higher throughput.
The final candidate ordering is ultimately decided by the controlling
ICE agent which in our case is the Firezone Client. Thus, we don't
necessarily need to update Gateways in order to test / benefit from
this. Building a Client with this patch included should be enough to
benefit from this change.
Related: https://github.com/algesten/str0m/pull/640
Related: https://github.com/algesten/str0m/pull/644
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.135 to
1.0.140.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/json/releases">serde_json's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.140</h2>
<ul>
<li>Documentation improvements</li>
</ul>
<h2>v1.0.139</h2>
<ul>
<li>Documentation improvements</li>
</ul>
<h2>v1.0.138</h2>
<ul>
<li>Documentation improvements</li>
</ul>
<h2>v1.0.137</h2>
<ul>
<li>Turn on "float_roundtrip" and "unbounded_depth"
features for serde_json in play.rust-lang.org (<a
href="https://redirect.github.com/serde-rs/json/issues/1231">#1231</a>)</li>
</ul>
<h2>v1.0.136</h2>
<ul>
<li>Optimize serde_json::value::Serializer::serialize_map by using
Map::with_capacity (<a
href="https://redirect.github.com/serde-rs/json/issues/1230">#1230</a>,
thanks <a
href="https://github.com/goffrie"><code>@goffrie</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="762783414e"><code>7627834</code></a>
Release 1.0.140</li>
<li><a
href="d77a498c80"><code>d77a498</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1245">#1245</a>
from serde-rs/powerpc</li>
<li><a
href="b34d317089"><code>b34d317</code></a>
Delete unused gcc installation</li>
<li><a
href="f7200c3cf6"><code>f7200c3</code></a>
Ignore unbuffered_bytes clippy lint</li>
<li><a
href="76cd4fb383"><code>76cd4fb</code></a>
Ignore elidable_lifetime_names pedantic clippy lint</li>
<li><a
href="400eaa977f"><code>400eaa9</code></a>
Point standard library links to stable</li>
<li><a
href="4d4f53c3b7"><code>4d4f53c</code></a>
Release 1.0.139</li>
<li><a
href="5d6b32f378"><code>5d6b32f</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1242">#1242</a>
from dtolnay/writefloat</li>
<li><a
href="e5bb8bd38f"><code>e5bb8bd</code></a>
Document behavior of write_f32/f64 on non-finite floats</li>
<li><a
href="7a797810d2"><code>7a79781</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1241">#1241</a>
from dtolnay/doclink</li>
<li>Additional commits viewable in <a
href="https://github.com/serde-rs/json/compare/v1.0.135...v1.0.140">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the tauri group with 2 updates in the /rust directory:
[tauri](https://github.com/tauri-apps/tauri) and
[tauri-winrt-notification](https://github.com/tauri-apps/winrt-notification).
Updates `tauri` from 2.4.1 to 2.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri's
releases</a>.</em></p>
<blockquote>
<h2>tauri-runtime v2.5.0</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
Locking 1020 packages to latest compatible versions
Adding apple-codesign v0.27.0 (available: v0.29.0)
Adding axum v0.7.9 (available: v0.8.1)
Adding colored v2.2.0 (available: v3.0.0)
Adding ctor v0.2.9 (available: v0.4.1)
Adding getrandom v0.2.15 (available: v0.3.2)
Adding html5ever v0.26.0 (available: v0.30.0)
Adding itertools v0.13.0 (available: v0.14.0)
Adding json-patch v3.0.1 (available: v4.0.0)
Adding minisign v0.7.3 (available: v0.7.9)
Adding oxc_allocator v0.36.0 (available: v0.61.0)
Adding oxc_ast v0.36.0 (available: v0.61.0)
Adding oxc_parser v0.36.0 (available: v0.61.0)
Adding oxc_span v0.36.0 (available: v0.61.0)
Adding proc-macro-crate v2.0.0 (available: v2.0.2)
Adding rand v0.8.5 (available: v0.9.0)
Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
Adding tauri-utils v1.6.0 (available: v1.6.2)
Adding tiny_http v0.11.0 (available: v0.12.0)
Adding webview2-com v0.36.0 (available: v0.37.0)
Adding windows v0.60.0 (available: v0.61.1)
Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 742 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (1045 crate dependencies)
Crate: atk
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0413
URL: https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
├── wry 0.50.5
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="977c4b496c"><code>977c4b4</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13123">#13123</a>)</li>
<li><a
href="48b12b4404"><code>48b12b4</code></a>
chore: bump crates depending on tauri-utils as minor</li>
<li><a
href="9356fa15d8"><code>9356fa1</code></a>
feat(core): include type name in state panic message (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13239">#13239</a>)</li>
<li><a
href="2dccfab532"><code>2dccfab</code></a>
fix: fileAssociations missing LSHandlerRank on macOS (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13159">#13159</a>)
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13236">#13236</a>)</li>
<li><a
href="5d3687e8c3"><code>5d3687e</code></a>
chore(tauri-driver): update README</li>
<li><a
href="0cf2d9933f"><code>0cf2d99</code></a>
fix(tauri-driver): append .exe ext on app path on Windows, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/11317">#11317</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13">#13</a>...</li>
<li><a
href="1734273bbe"><code>1734273</code></a>
fix: using center and overflow together crashes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13235">#13235</a>)</li>
<li><a
href="690146e311"><code>690146e</code></a>
fix(macros): invoke handler stack overflow (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13217">#13217</a>)</li>
<li><a
href="f888502fd2"><code>f888502</code></a>
fix(core): use <code>Headers</code> in <code>sendIpcMessage</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13227">#13227</a>)</li>
<li><a
href="577c7ffc45"><code>577c7ff</code></a>
fix(webdriver): windows: make native webdriver close with parent process
(fix...</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-v2.4.1...tauri-v2.5.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-build` from 2.1.1 to 2.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri-build's
releases</a>.</em></p>
<blockquote>
<h2>tauri-build v2.2.0</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
Locking 1021 packages to latest compatible versions
Adding apple-codesign v0.27.0 (available: v0.29.0)
Adding axum v0.7.9 (available: v0.8.3)
Adding colored v2.2.0 (available: v3.0.0)
Adding ctor v0.2.9 (available: v0.4.1)
Adding getrandom v0.2.15 (available: v0.3.2)
Adding html5ever v0.26.0 (available: v0.31.0)
Adding itertools v0.13.0 (available: v0.14.0)
Adding json-patch v3.0.1 (available: v4.0.0)
Adding minisign v0.7.3 (available: v0.7.9)
Adding oxc_allocator v0.36.0 (available: v0.63.0)
Adding oxc_ast v0.36.0 (available: v0.63.0)
Adding oxc_parser v0.36.0 (available: v0.63.0)
Adding oxc_span v0.36.0 (available: v0.63.0)
Adding proc-macro-crate v2.0.0 (available: v2.0.2)
Adding rand v0.8.5 (available: v0.9.0)
Adding rpm v0.16.0 (available: v0.17.0)
Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
Adding tauri-utils v1.6.0 (available: v1.6.2)
Adding tiny_http v0.11.0 (available: v0.12.0)
Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 752 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (1046 crate dependencies)
Crate: atk
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0413
URL: https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
├── wry 0.51.2
│ └── tauri-runtime-wry 2.6.0
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="977c4b496c"><code>977c4b4</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13123">#13123</a>)</li>
<li><a
href="48b12b4404"><code>48b12b4</code></a>
chore: bump crates depending on tauri-utils as minor</li>
<li><a
href="9356fa15d8"><code>9356fa1</code></a>
feat(core): include type name in state panic message (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13239">#13239</a>)</li>
<li><a
href="2dccfab532"><code>2dccfab</code></a>
fix: fileAssociations missing LSHandlerRank on macOS (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13159">#13159</a>)
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13236">#13236</a>)</li>
<li><a
href="5d3687e8c3"><code>5d3687e</code></a>
chore(tauri-driver): update README</li>
<li><a
href="0cf2d9933f"><code>0cf2d99</code></a>
fix(tauri-driver): append .exe ext on app path on Windows, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/11317">#11317</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13">#13</a>...</li>
<li><a
href="1734273bbe"><code>1734273</code></a>
fix: using center and overflow together crashes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13235">#13235</a>)</li>
<li><a
href="690146e311"><code>690146e</code></a>
fix(macros): invoke handler stack overflow (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13217">#13217</a>)</li>
<li><a
href="f888502fd2"><code>f888502</code></a>
fix(core): use <code>Headers</code> in <code>sendIpcMessage</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13227">#13227</a>)</li>
<li><a
href="577c7ffc45"><code>577c7ff</code></a>
fix(webdriver): windows: make native webdriver close with parent process
(fix...</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-build-v2.1.1...tauri-build-v2.2.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-runtime` from 2.5.1 to 2.6.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri-runtime's
releases</a>.</em></p>
<blockquote>
<h2>tauri-runtime v2.6.0</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
Locking 1021 packages to latest compatible versions
Adding apple-codesign v0.27.0 (available: v0.29.0)
Adding axum v0.7.9 (available: v0.8.3)
Adding colored v2.2.0 (available: v3.0.0)
Adding ctor v0.2.9 (available: v0.4.1)
Adding getrandom v0.2.15 (available: v0.3.2)
Adding html5ever v0.26.0 (available: v0.31.0)
Adding itertools v0.13.0 (available: v0.14.0)
Adding json-patch v3.0.1 (available: v4.0.0)
Adding minisign v0.7.3 (available: v0.7.9)
Adding oxc_allocator v0.36.0 (available: v0.63.0)
Adding oxc_ast v0.36.0 (available: v0.63.0)
Adding oxc_parser v0.36.0 (available: v0.63.0)
Adding oxc_span v0.36.0 (available: v0.63.0)
Adding proc-macro-crate v2.0.0 (available: v2.0.2)
Adding rand v0.8.5 (available: v0.9.0)
Adding rpm v0.16.0 (available: v0.17.0)
Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
Adding tauri-utils v1.6.0 (available: v1.6.2)
Adding tiny_http v0.11.0 (available: v0.12.0)
Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 752 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (1046 crate dependencies)
Crate: atk
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0413
URL: https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
├── wry 0.51.2
│ └── tauri-runtime-wry 2.6.0
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="977c4b496c"><code>977c4b4</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13123">#13123</a>)</li>
<li><a
href="48b12b4404"><code>48b12b4</code></a>
chore: bump crates depending on tauri-utils as minor</li>
<li><a
href="9356fa15d8"><code>9356fa1</code></a>
feat(core): include type name in state panic message (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13239">#13239</a>)</li>
<li><a
href="2dccfab532"><code>2dccfab</code></a>
fix: fileAssociations missing LSHandlerRank on macOS (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13159">#13159</a>)
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13236">#13236</a>)</li>
<li><a
href="5d3687e8c3"><code>5d3687e</code></a>
chore(tauri-driver): update README</li>
<li><a
href="0cf2d9933f"><code>0cf2d99</code></a>
fix(tauri-driver): append .exe ext on app path on Windows, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/11317">#11317</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13">#13</a>...</li>
<li><a
href="1734273bbe"><code>1734273</code></a>
fix: using center and overflow together crashes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13235">#13235</a>)</li>
<li><a
href="690146e311"><code>690146e</code></a>
fix(macros): invoke handler stack overflow (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13217">#13217</a>)</li>
<li><a
href="f888502fd2"><code>f888502</code></a>
fix(core): use <code>Headers</code> in <code>sendIpcMessage</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13227">#13227</a>)</li>
<li><a
href="577c7ffc45"><code>577c7ff</code></a>
fix(webdriver): windows: make native webdriver close with parent process
(fix...</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-runtime-v2.5.1...tauri-runtime-v2.6.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-utils` from 2.3.1 to 2.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases">tauri-utils's
releases</a>.</em></p>
<blockquote>
<h2>tauri-utils v2.4.0</h2>
<!-- raw HTML omitted -->
<pre><code>Updating git repository
`https://github.com/tauri-apps/schemars.git`
Updating crates.io index
warning: Patch `schemars_derive v0.8.21
(https://github.com/tauri-apps/schemars.git?branch=feat%2Fpreserve-description-newlines#c30f9848)`
was not used in the crate graph.
Check that the patched package version and available features are
compatible
with the dependency requirements. If the patch has a different version
from
what is locked in the Cargo.lock file, run `cargo update` to use the new
version. This may also occur with an optional dependency that is not
enabled.
Locking 1021 packages to latest compatible versions
Adding apple-codesign v0.27.0 (available: v0.29.0)
Adding axum v0.7.9 (available: v0.8.3)
Adding colored v2.2.0 (available: v3.0.0)
Adding ctor v0.2.9 (available: v0.4.1)
Adding getrandom v0.2.15 (available: v0.3.2)
Adding html5ever v0.26.0 (available: v0.31.0)
Adding itertools v0.13.0 (available: v0.14.0)
Adding json-patch v3.0.1 (available: v4.0.0)
Adding minisign v0.7.3 (available: v0.7.9)
Adding oxc_allocator v0.36.0 (available: v0.63.0)
Adding oxc_ast v0.36.0 (available: v0.63.0)
Adding oxc_parser v0.36.0 (available: v0.63.0)
Adding oxc_span v0.36.0 (available: v0.63.0)
Adding proc-macro-crate v2.0.0 (available: v2.0.2)
Adding rand v0.8.5 (available: v0.9.0)
Adding rpm v0.16.0 (available: v0.17.0)
Adding serialize-to-javascript v0.1.1 (available: v0.1.2)
Adding serialize-to-javascript-impl v0.1.1 (available: v0.1.2)
Adding tauri-utils v1.6.0 (available: v1.6.2)
Adding tiny_http v0.11.0 (available: v0.12.0)
Adding x509-certificate v0.23.1 (available: v0.24.0)
Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 752 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (1046 crate dependencies)
Crate: atk
Version: 0.18.2
Warning: unmaintained
Title: gtk-rs GTK3 bindings - no longer maintained
Date: 2024-03-04
ID: RUSTSEC-2024-0413
URL: https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
├── wry 0.51.2
│ └── tauri-runtime-wry 2.6.0
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="977c4b496c"><code>977c4b4</code></a>
apply version updates (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13123">#13123</a>)</li>
<li><a
href="48b12b4404"><code>48b12b4</code></a>
chore: bump crates depending on tauri-utils as minor</li>
<li><a
href="9356fa15d8"><code>9356fa1</code></a>
feat(core): include type name in state panic message (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13239">#13239</a>)</li>
<li><a
href="2dccfab532"><code>2dccfab</code></a>
fix: fileAssociations missing LSHandlerRank on macOS (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13159">#13159</a>)
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13236">#13236</a>)</li>
<li><a
href="5d3687e8c3"><code>5d3687e</code></a>
chore(tauri-driver): update README</li>
<li><a
href="0cf2d9933f"><code>0cf2d99</code></a>
fix(tauri-driver): append .exe ext on app path on Windows, closes <a
href="https://redirect.github.com/tauri-apps/tauri/issues/11317">#11317</a>
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13">#13</a>...</li>
<li><a
href="1734273bbe"><code>1734273</code></a>
fix: using center and overflow together crashes (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13235">#13235</a>)</li>
<li><a
href="690146e311"><code>690146e</code></a>
fix(macros): invoke handler stack overflow (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13217">#13217</a>)</li>
<li><a
href="f888502fd2"><code>f888502</code></a>
fix(core): use <code>Headers</code> in <code>sendIpcMessage</code> (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/13227">#13227</a>)</li>
<li><a
href="577c7ffc45"><code>577c7ff</code></a>
fix(webdriver): windows: make native webdriver close with parent process
(fix...</li>
<li>Additional commits viewable in <a
href="https://github.com/tauri-apps/tauri/compare/tauri-utils-v2.3.1...tauri-utils-v2.4.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tauri-winrt-notification` from 0.7.1 to 0.7.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/winrt-notification/releases">tauri-winrt-notification's
releases</a>.</em></p>
<blockquote>
<h2>tauri-winrt-notification v0.7.2</h2>
<p>Updating crates.io index
Locking 20 packages to latest compatible versions</p>
<!-- raw HTML omitted -->
<pre><code>Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 751 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (21 crate dependencies)
</code></pre>
<!-- raw HTML omitted -->
<h2>[0.7.2]</h2>
<ul>
<li><a
href="a7ec5622c4"><code>a7ec562</code></a>
(<a
href="https://redirect.github.com/tauri-apps/winrt-notification/pull/46">#46</a>
by <a
href="https://github.com/tauri-apps/winrt-notification/../../renovate"><code>@renovate</code></a>)
Update <code>windows</code> crate to <code>0.61</code>.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>Updating crates.io index
Packaging tauri-winrt-notification v0.7.2
(/home/runner/work/winrt-notification/winrt-notification)
Updating crates.io index
Packaged 33 files, 100.8KiB (45.7KiB compressed)
Uploading tauri-winrt-notification v0.7.2
(/home/runner/work/winrt-notification/winrt-notification)
Uploaded tauri-winrt-notification v0.7.2 to registry `crates-io`
note: waiting for `tauri-winrt-notification v0.7.2` to be available at
registry `crates-io`.
You may press ctrl-c to skip waiting; the crate should be available
shortly.
Published tauri-winrt-notification v0.7.2 at registry `crates-io`
</code></pre>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/winrt-notification/blob/dev/CHANGELOG.md">tauri-winrt-notification's
changelog</a>.</em></p>
<blockquote>
<h2>[0.7.2]</h2>
<ul>
<li><a
href="a7ec5622c4"><code>a7ec562</code></a>
(<a
href="https://redirect.github.com/tauri-apps/winrt-notification/pull/46">#46</a>
by <a
href="https://github.com/tauri-apps/winrt-notification/../../renovate"><code>@renovate</code></a>)
Update <code>windows</code> crate to <code>0.61</code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1cbe2d98ec"><code>1cbe2d9</code></a>
publish new versions (<a
href="https://redirect.github.com/tauri-apps/winrt-notification/issues/48">#48</a>)</li>
<li><a
href="b835cab9e6"><code>b835cab</code></a>
ci: Update action dependencies</li>
<li><a
href="a7ec5622c4"><code>a7ec562</code></a>
chore(deps): update rust crate windows to 0.61 (<a
href="https://redirect.github.com/tauri-apps/winrt-notification/issues/46">#46</a>)</li>
<li><a
href="2893beae07"><code>2893bea</code></a>
ci: Create renovate.json</li>
<li><a
href="f25d9114a1"><code>f25d911</code></a>
ci: Delete renovate.json</li>
<li><a
href="daeb2631ab"><code>daeb263</code></a>
chore: Add <code>unpackaged-app</code> example (<a
href="https://redirect.github.com/tauri-apps/winrt-notification/issues/45">#45</a>)</li>
<li>See full diff in <a
href="https://github.com/tauri-apps/winrt-notification/compare/tauri-winrt-notification-v0.7.1...tauri-winrt-notification-v0.7.2">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
`jemalloc` is a modern allocator that is designed for multi-threaded
systems and can better handle smaller allocations that may otherwise
fragment the heap. Firezone's components, especially Relays and Gateways
are intended to operate with a long uptime and therefore need to handle
memory efficiently.
Bumps the aya group in /rust with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [aya](https://github.com/aya-rs/aya) | ``6d36fe1`` | ``0237e36`` |
| [aya-build](https://github.com/aya-rs/aya) | ``6d36fe1`` | ``0237e36``
|
| [aya-ebpf](https://github.com/aya-rs/aya) | ``6d36fe1`` | ``0237e36``
|
| [aya-log](https://github.com/aya-rs/aya) | ``6d36fe1`` | ``0237e36`` |
| [aya-log-ebpf](https://github.com/aya-rs/aya) | ``6d36fe1`` |
``0237e36`` |
Updates `aya` from `6d36fe1` to `0237e36`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0237e36dbe"><code>0237e36</code></a>
ci: test against 6.12 rather than 6.10</li>
<li><a
href="5732b2c203"><code>5732b2c</code></a>
test-distro: build without cross toolchain</li>
<li><a
href="edae5cd676"><code>edae5cd</code></a>
test-distro: reduce indentation</li>
<li><a
href="35279b7c7b"><code>35279b7</code></a>
test-distro: extract common decompression code</li>
<li><a
href="680402be0c"><code>680402b</code></a>
Revert "ci: download gen_init_cpio with authentication"</li>
<li><a
href="e967d0aea2"><code>e967d0a</code></a>
Use nul bytes as delimiters</li>
<li><a
href="e692e5ffc5"><code>e692e5f</code></a>
Remove stale comments</li>
<li><a
href="fe8e1c48b0"><code>fe8e1c4</code></a>
Remove getrandom patch</li>
<li><a
href="4c5fbef869"><code>4c5fbef</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1240">#1240</a> from
dave-tucker/use-gen-bpf-add</li>
<li><a
href="11e9dcc179"><code>11e9dcc</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1241">#1241</a> from
aya-rs/dependabot/cargo/cargo-crates-cb2c366dd6</li>
<li>Additional commits viewable in <a
href="6d36fe13d3...0237e36dbe">compare
view</a></li>
</ul>
</details>
<br />
Updates `aya-build` from `6d36fe1` to `0237e36`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0237e36dbe"><code>0237e36</code></a>
ci: test against 6.12 rather than 6.10</li>
<li><a
href="5732b2c203"><code>5732b2c</code></a>
test-distro: build without cross toolchain</li>
<li><a
href="edae5cd676"><code>edae5cd</code></a>
test-distro: reduce indentation</li>
<li><a
href="35279b7c7b"><code>35279b7</code></a>
test-distro: extract common decompression code</li>
<li><a
href="680402be0c"><code>680402b</code></a>
Revert "ci: download gen_init_cpio with authentication"</li>
<li><a
href="e967d0aea2"><code>e967d0a</code></a>
Use nul bytes as delimiters</li>
<li><a
href="e692e5ffc5"><code>e692e5f</code></a>
Remove stale comments</li>
<li><a
href="fe8e1c48b0"><code>fe8e1c4</code></a>
Remove getrandom patch</li>
<li><a
href="4c5fbef869"><code>4c5fbef</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1240">#1240</a> from
dave-tucker/use-gen-bpf-add</li>
<li><a
href="11e9dcc179"><code>11e9dcc</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1241">#1241</a> from
aya-rs/dependabot/cargo/cargo-crates-cb2c366dd6</li>
<li>Additional commits viewable in <a
href="6d36fe13d3...0237e36dbe">compare
view</a></li>
</ul>
</details>
<br />
Updates `aya-ebpf` from `6d36fe1` to `0237e36`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0237e36dbe"><code>0237e36</code></a>
ci: test against 6.12 rather than 6.10</li>
<li><a
href="5732b2c203"><code>5732b2c</code></a>
test-distro: build without cross toolchain</li>
<li><a
href="edae5cd676"><code>edae5cd</code></a>
test-distro: reduce indentation</li>
<li><a
href="35279b7c7b"><code>35279b7</code></a>
test-distro: extract common decompression code</li>
<li><a
href="680402be0c"><code>680402b</code></a>
Revert "ci: download gen_init_cpio with authentication"</li>
<li><a
href="e967d0aea2"><code>e967d0a</code></a>
Use nul bytes as delimiters</li>
<li><a
href="e692e5ffc5"><code>e692e5f</code></a>
Remove stale comments</li>
<li><a
href="fe8e1c48b0"><code>fe8e1c4</code></a>
Remove getrandom patch</li>
<li><a
href="4c5fbef869"><code>4c5fbef</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1240">#1240</a> from
dave-tucker/use-gen-bpf-add</li>
<li><a
href="11e9dcc179"><code>11e9dcc</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1241">#1241</a> from
aya-rs/dependabot/cargo/cargo-crates-cb2c366dd6</li>
<li>Additional commits viewable in <a
href="6d36fe13d3...0237e36dbe">compare
view</a></li>
</ul>
</details>
<br />
Updates `aya-log` from `6d36fe1` to `0237e36`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0237e36dbe"><code>0237e36</code></a>
ci: test against 6.12 rather than 6.10</li>
<li><a
href="5732b2c203"><code>5732b2c</code></a>
test-distro: build without cross toolchain</li>
<li><a
href="edae5cd676"><code>edae5cd</code></a>
test-distro: reduce indentation</li>
<li><a
href="35279b7c7b"><code>35279b7</code></a>
test-distro: extract common decompression code</li>
<li><a
href="680402be0c"><code>680402b</code></a>
Revert "ci: download gen_init_cpio with authentication"</li>
<li><a
href="e967d0aea2"><code>e967d0a</code></a>
Use nul bytes as delimiters</li>
<li><a
href="e692e5ffc5"><code>e692e5f</code></a>
Remove stale comments</li>
<li><a
href="fe8e1c48b0"><code>fe8e1c4</code></a>
Remove getrandom patch</li>
<li><a
href="4c5fbef869"><code>4c5fbef</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1240">#1240</a> from
dave-tucker/use-gen-bpf-add</li>
<li><a
href="11e9dcc179"><code>11e9dcc</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1241">#1241</a> from
aya-rs/dependabot/cargo/cargo-crates-cb2c366dd6</li>
<li>Additional commits viewable in <a
href="6d36fe13d3...0237e36dbe">compare
view</a></li>
</ul>
</details>
<br />
Updates `aya-log-ebpf` from `6d36fe1` to `0237e36`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0237e36dbe"><code>0237e36</code></a>
ci: test against 6.12 rather than 6.10</li>
<li><a
href="5732b2c203"><code>5732b2c</code></a>
test-distro: build without cross toolchain</li>
<li><a
href="edae5cd676"><code>edae5cd</code></a>
test-distro: reduce indentation</li>
<li><a
href="35279b7c7b"><code>35279b7</code></a>
test-distro: extract common decompression code</li>
<li><a
href="680402be0c"><code>680402b</code></a>
Revert "ci: download gen_init_cpio with authentication"</li>
<li><a
href="e967d0aea2"><code>e967d0a</code></a>
Use nul bytes as delimiters</li>
<li><a
href="e692e5ffc5"><code>e692e5f</code></a>
Remove stale comments</li>
<li><a
href="fe8e1c48b0"><code>fe8e1c4</code></a>
Remove getrandom patch</li>
<li><a
href="4c5fbef869"><code>4c5fbef</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1240">#1240</a> from
dave-tucker/use-gen-bpf-add</li>
<li><a
href="11e9dcc179"><code>11e9dcc</code></a>
Merge pull request <a
href="https://redirect.github.com/aya-rs/aya/issues/1241">#1241</a> from
aya-rs/dependabot/cargo/cargo-crates-cb2c366dd6</li>
<li>Additional commits viewable in <a
href="6d36fe13d3...0237e36dbe">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Now that https://github.com/quinn-rs/quinn/pull/2208 is merged, we can
re-enable the `apple-fast-datapath` feature again on Apple platforms.
Even if we cannot yet measure a speed-increase yet, this should at least
make UDP operations more efficient and thus reduce CPU and battery
usage.
When debugging issues with the relays on GCP, it is useful to be able to
change the log-level at runtime without having to redeploy them. We can
achieve this by running an additional HTTP server as part of the relay
that response to HTTP POST requests that contain new logging directives.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Correctly implementing asynchronous IO is notoriously hard. In order to
not drop packets in the process, one has to ensure a given socket is
ready to accept packets, buffer them if it is not case, suspend
everything else until the socket is ready and then continue.
Until now, we did this because it was the only option to run the UDP
sockets on the same thread as the actual packet processing. That in turn
was motivated by wanting to pass around references of the received
packets for processing. Rust's borrow-checker does not allow to pass
references between threads which forced us to have the sockets on the
same thread as the packet processing.
Like we already did in other places in `connlib`, this can be solved
through the use of buffer pools. Using a buffer pool, we can use heap
allocations to store the received packets without having to make a new
allocation every time we read new packets. Instead, we can have a
dedicated thread that is connected to `connlib`'s packet processing
thread via two channels (one for inbound and one for outbound packets).
These channels are bounded, which ensures backpressure is maintained in
case one of the two threads lags behind. These bounds also mean that we
have at most N buffers from the buffer pool in-flight (where N is the
capacity of the channel).
Within those dedicated threads, we can then use `async/await` notation
to suspend the entire task when a socket isn't ready for sending.
Resolves: #8000
Thomas Eizinger