mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-03-21 20:41:57 +00:00
7c0812d8d37844bc3cf435425b19a7fe04f18d3a
2063 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
7957d671c5 |
build(deps-dev): bump tailwindcss from 4.0.3 to 4.0.9 in /rust/gui-client (#8326)
Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) from 4.0.3 to 4.0.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's releases</a>.</em></p> <blockquote> <h2>v4.0.9</h2> <h3>Fixed</h3> <ul> <li>Make JS APIs available to plugins and configs in the Standalone CLI (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/15934">#15934</a>)</li> <li>Vite: Don't crash when importing a virtual module from JavaScript that ends in <code>.css</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16780">#16780</a>)</li> <li>Fix an issue where <code>@reference "…"</code> would sometimes omit keyframe animations (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16774">#16774</a>)</li> <li>Ensure <code>z-*!</code> utilities are properly marked as <code>!important</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16795">#16795</a>)</li> <li>Read UTF-8 CSS files that start with a byte-order mark (BOM) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16800">#16800</a>)</li> <li>Ensure nested functions in selectors used with JavaScript plugins are not truncated (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16802">#16802</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Emit variable fallbacks when using <code>@reference "…"</code> instead of duplicate CSS variable declarations (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16774">#16774</a>)</li> </ul> <h2>v4.0.8</h2> <h3>Added</h3> <ul> <li>Allow <code>@import</code> with <code>theme(…)</code> options for stylesheets that contain more than just <code>@theme</code> rules (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16514">#16514</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Don't add <code>!important</code> to CSS variable declarations when using the important modifier (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16668">#16668</a>)</li> <li>Vite: Ignore files and directories specified in your <code>.gitignore</code> file when using automatic source detection(<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16631">#16631</a>)</li> <li>Vite: Don't rely on the module graph for detecting candidates to ensure setups with multiple Vite builds work as expected (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16631">#16631</a>)</li> <li>Vite: Ensure Astro production builds always contain classes used in client-only components (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16631">#16631</a>)</li> <li>Vite: Always scan raw file contents for utility classes before any other transforms have been applied to ensure utility classes are scanned without any additional escaping (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16631">#16631</a>)</li> <li>Ensure utilities with more declarations are always sorted before utilities with fewer declarations when utilities only define CSS variables (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16715">#16715</a>)</li> <li>Only include <code>translate-z-px</code> utilities once in compiled CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16718">#16718</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Don't include theme variables that aren't used in compiled CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16211">#16211</a>, <a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16676">#16676</a>)</li> </ul> <h2>v4.0.7</h2> <h3>Fixed</h3> <ul> <li>Export <code>tailwindcss/lib/util/flattenColorPalette.js</code> for backward compatibility (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16411">#16411</a>)</li> <li>Fix sorting of numeric utility suggestions when they have different magnitudes (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16414">#16414</a>)</li> <li>Show suggestions for fractions in IntelliSense (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16353">#16353</a>)</li> <li>Don’t replace <code>_</code> in suggested theme keys (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16433">#16433</a>)</li> <li>Ensure <code>--default-outline-width</code> can be used to change the <code>outline-width</code> value of the <code>outline</code> utility (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16469">#16469</a>)</li> <li>Ensure drop shadow utilities don't inherit unexpectedly (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16471">#16471</a>)</li> <li>Export config and plugin types from <code>tailwindcss/plugin</code> for backward compatibility (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16505">#16505</a>)</li> <li>Ensure JavaScript plugins that emit nested rules referencing the utility name work as expected (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16539">#16539</a>)</li> <li>Statically link Visual Studio redistributables in <code>@tailwindcss/oxide</code> Windows builds (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16602">#16602</a>)</li> <li>Ensure that Next.js splat routes are scanned for classes (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16457">#16457</a>)</li> <li>Pin exact version of <code>tailwindcss</code> in <code>@tailwindcss/*</code> packages (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16623">#16623</a>)</li> <li>Upgrade: Report errors when updating dependencies (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16504">#16504</a>)</li> <li>Upgrade: Ensure a <code>darkMode</code> JS config setting with block syntax converts to use <code>@slot</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16507">#16507</a>)</li> <li>Upgrade: Ensure the latest version of <code>tailwindcss</code> and <code>@tailwindcss/postcss</code> are installed when upgrading (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16620">#16620</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md">tailwindcss's changelog</a>.</em></p> <blockquote> <h2>[4.0.9] - 2025-02-25</h2> <h3>Fixed</h3> <ul> <li>Make JS APIs available to plugins and configs in the Standalone CLI (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/15934">#15934</a>)</li> <li>Vite: Don't crash when importing a virtual module from JavaScript that ends in <code>.css</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16780">#16780</a>)</li> <li>Fix an issue where <code>@reference "…"</code> would sometimes omit keyframe animations (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16774">#16774</a>)</li> <li>Ensure <code>z-*!</code> utilities are properly marked as <code>!important</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16795">#16795</a>)</li> <li>Read UTF-8 CSS files that start with a byte-order mark (BOM) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16800">#16800</a>)</li> <li>Ensure nested functions in selectors used with JavaScript plugins are not truncated (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16802">#16802</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Emit variable fallbacks when using <code>@reference "…"</code> instead of duplicate CSS variable declarations (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16774">#16774</a>)</li> </ul> <h2>[4.0.8] - 2025-02-21</h2> <h3>Added</h3> <ul> <li>Allow <code>@import</code> with <code>theme(…)</code> options for stylesheets that contain more than just <code>@theme</code> rules (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16514">#16514</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Don't add <code>!important</code> to CSS variable declarations when using the important modifier (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16668">#16668</a>)</li> <li>Vite: Ignore files and directories specified in your <code>.gitignore</code> file when using automatic source detection(<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16631">#16631</a>)</li> <li>Vite: Don't rely on the module graph for detecting candidates to ensure setups with multiple Vite builds work as expected (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16631">#16631</a>)</li> <li>Vite: Ensure Astro production builds always contain classes used in client-only components (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16631">#16631</a>)</li> <li>Vite: Always scan raw file contents for utility classes before any other transforms have been applied to ensure utility classes are scanned without any additional escaping (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16631">#16631</a>)</li> <li>Ensure utilities with more declarations are always sorted before utilities with fewer declarations when utilities only define CSS variables (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16715">#16715</a>)</li> <li>Only include <code>translate-z-px</code> utilities once in compiled CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16718">#16718</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Don't include theme variables that aren't used in compiled CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16211">#16211</a>, <a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16676">#16676</a>)</li> </ul> <h2>[4.0.7] - 2025-02-18</h2> <h3>Fixed</h3> <ul> <li>Export <code>tailwindcss/lib/util/flattenColorPalette.js</code> for backward compatibility (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16411">#16411</a>)</li> <li>Fix sorting of numeric utility suggestions when they have different magnitudes (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16414">#16414</a>)</li> <li>Show suggestions for fractions in IntelliSense (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16353">#16353</a>)</li> <li>Don’t replace <code>_</code> in suggested theme keys (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16433">#16433</a>)</li> <li>Ensure <code>--default-outline-width</code> can be used to change the <code>outline-width</code> value of the <code>outline</code> utility (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16469">#16469</a>)</li> <li>Ensure drop shadow utilities don't inherit unexpectedly (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16471">#16471</a>)</li> <li>Export config and plugin types from <code>tailwindcss/plugin</code> for backward compatibility (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16505">#16505</a>)</li> <li>Ensure JavaScript plugins that emit nested rules referencing the utility name work as expected (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16539">#16539</a>)</li> <li>Statically link Visual Studio redistributables in <code>@tailwindcss/oxide</code> Windows builds (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16602">#16602</a>)</li> <li>Ensure that Next.js splat routes are scanned for classes (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16457">#16457</a>)</li> <li>Pin exact version of <code>tailwindcss</code> in <code>@tailwindcss/*</code> packages (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16623">#16623</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
eab3a8888d |
build(deps): bump @tailwindcss/cli from 4.0.3 to 4.0.9 in /rust/gui-client (#8327)
Bumps [@tailwindcss/cli](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-cli) from 4.0.3 to 4.0.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/releases"><code>@tailwindcss/cli</code>'s releases</a>.</em></p> <blockquote> <h2>v4.0.9</h2> <h3>Fixed</h3> <ul> <li>Make JS APIs available to plugins and configs in the Standalone CLI (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/15934">#15934</a>)</li> <li>Vite: Don't crash when importing a virtual module from JavaScript that ends in <code>.css</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16780">#16780</a>)</li> <li>Fix an issue where <code>@reference "…"</code> would sometimes omit keyframe animations (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16774">#16774</a>)</li> <li>Ensure <code>z-*!</code> utilities are properly marked as <code>!important</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16795">#16795</a>)</li> <li>Read UTF-8 CSS files that start with a byte-order mark (BOM) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16800">#16800</a>)</li> <li>Ensure nested functions in selectors used with JavaScript plugins are not truncated (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16802">#16802</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Emit variable fallbacks when using <code>@reference "…"</code> instead of duplicate CSS variable declarations (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16774">#16774</a>)</li> </ul> <h2>v4.0.8</h2> <h3>Added</h3> <ul> <li>Allow <code>@import</code> with <code>theme(…)</code> options for stylesheets that contain more than just <code>@theme</code> rules (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16514">#16514</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Don't add <code>!important</code> to CSS variable declarations when using the important modifier (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16668">#16668</a>)</li> <li>Vite: Ignore files and directories specified in your <code>.gitignore</code> file when using automatic source detection(<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16631">#16631</a>)</li> <li>Vite: Don't rely on the module graph for detecting candidates to ensure setups with multiple Vite builds work as expected (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16631">#16631</a>)</li> <li>Vite: Ensure Astro production builds always contain classes used in client-only components (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16631">#16631</a>)</li> <li>Vite: Always scan raw file contents for utility classes before any other transforms have been applied to ensure utility classes are scanned without any additional escaping (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16631">#16631</a>)</li> <li>Ensure utilities with more declarations are always sorted before utilities with fewer declarations when utilities only define CSS variables (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16715">#16715</a>)</li> <li>Only include <code>translate-z-px</code> utilities once in compiled CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16718">#16718</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Don't include theme variables that aren't used in compiled CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16211">#16211</a>, <a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16676">#16676</a>)</li> </ul> <h2>v4.0.7</h2> <h3>Fixed</h3> <ul> <li>Export <code>tailwindcss/lib/util/flattenColorPalette.js</code> for backward compatibility (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16411">#16411</a>)</li> <li>Fix sorting of numeric utility suggestions when they have different magnitudes (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16414">#16414</a>)</li> <li>Show suggestions for fractions in IntelliSense (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16353">#16353</a>)</li> <li>Don’t replace <code>_</code> in suggested theme keys (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16433">#16433</a>)</li> <li>Ensure <code>--default-outline-width</code> can be used to change the <code>outline-width</code> value of the <code>outline</code> utility (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16469">#16469</a>)</li> <li>Ensure drop shadow utilities don't inherit unexpectedly (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16471">#16471</a>)</li> <li>Export config and plugin types from <code>tailwindcss/plugin</code> for backward compatibility (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16505">#16505</a>)</li> <li>Ensure JavaScript plugins that emit nested rules referencing the utility name work as expected (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16539">#16539</a>)</li> <li>Statically link Visual Studio redistributables in <code>@tailwindcss/oxide</code> Windows builds (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16602">#16602</a>)</li> <li>Ensure that Next.js splat routes are scanned for classes (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16457">#16457</a>)</li> <li>Pin exact version of <code>tailwindcss</code> in <code>@tailwindcss/*</code> packages (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16623">#16623</a>)</li> <li>Upgrade: Report errors when updating dependencies (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16504">#16504</a>)</li> <li>Upgrade: Ensure a <code>darkMode</code> JS config setting with block syntax converts to use <code>@slot</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16507">#16507</a>)</li> <li>Upgrade: Ensure the latest version of <code>tailwindcss</code> and <code>@tailwindcss/postcss</code> are installed when upgrading (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16620">#16620</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md"><code>@tailwindcss/cli</code>'s changelog</a>.</em></p> <blockquote> <h2>[4.0.9] - 2025-02-25</h2> <h3>Fixed</h3> <ul> <li>Make JS APIs available to plugins and configs in the Standalone CLI (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/15934">#15934</a>)</li> <li>Vite: Don't crash when importing a virtual module from JavaScript that ends in <code>.css</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16780">#16780</a>)</li> <li>Fix an issue where <code>@reference "…"</code> would sometimes omit keyframe animations (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16774">#16774</a>)</li> <li>Ensure <code>z-*!</code> utilities are properly marked as <code>!important</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16795">#16795</a>)</li> <li>Read UTF-8 CSS files that start with a byte-order mark (BOM) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16800">#16800</a>)</li> <li>Ensure nested functions in selectors used with JavaScript plugins are not truncated (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16802">#16802</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Emit variable fallbacks when using <code>@reference "…"</code> instead of duplicate CSS variable declarations (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16774">#16774</a>)</li> </ul> <h2>[4.0.8] - 2025-02-21</h2> <h3>Added</h3> <ul> <li>Allow <code>@import</code> with <code>theme(…)</code> options for stylesheets that contain more than just <code>@theme</code> rules (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16514">#16514</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Don't add <code>!important</code> to CSS variable declarations when using the important modifier (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16668">#16668</a>)</li> <li>Vite: Ignore files and directories specified in your <code>.gitignore</code> file when using automatic source detection(<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16631">#16631</a>)</li> <li>Vite: Don't rely on the module graph for detecting candidates to ensure setups with multiple Vite builds work as expected (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16631">#16631</a>)</li> <li>Vite: Ensure Astro production builds always contain classes used in client-only components (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16631">#16631</a>)</li> <li>Vite: Always scan raw file contents for utility classes before any other transforms have been applied to ensure utility classes are scanned without any additional escaping (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16631">#16631</a>)</li> <li>Ensure utilities with more declarations are always sorted before utilities with fewer declarations when utilities only define CSS variables (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16715">#16715</a>)</li> <li>Only include <code>translate-z-px</code> utilities once in compiled CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16718">#16718</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Don't include theme variables that aren't used in compiled CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16211">#16211</a>, <a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16676">#16676</a>)</li> </ul> <h2>[4.0.7] - 2025-02-18</h2> <h3>Fixed</h3> <ul> <li>Export <code>tailwindcss/lib/util/flattenColorPalette.js</code> for backward compatibility (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16411">#16411</a>)</li> <li>Fix sorting of numeric utility suggestions when they have different magnitudes (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16414">#16414</a>)</li> <li>Show suggestions for fractions in IntelliSense (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16353">#16353</a>)</li> <li>Don’t replace <code>_</code> in suggested theme keys (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16433">#16433</a>)</li> <li>Ensure <code>--default-outline-width</code> can be used to change the <code>outline-width</code> value of the <code>outline</code> utility (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16469">#16469</a>)</li> <li>Ensure drop shadow utilities don't inherit unexpectedly (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16471">#16471</a>)</li> <li>Export config and plugin types from <code>tailwindcss/plugin</code> for backward compatibility (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16505">#16505</a>)</li> <li>Ensure JavaScript plugins that emit nested rules referencing the utility name work as expected (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16539">#16539</a>)</li> <li>Statically link Visual Studio redistributables in <code>@tailwindcss/oxide</code> Windows builds (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16602">#16602</a>)</li> <li>Ensure that Next.js splat routes are scanned for classes (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16457">#16457</a>)</li> <li>Pin exact version of <code>tailwindcss</code> in <code>@tailwindcss/*</code> packages (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/16623">#16623</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
4ea455a66e |
build(deps-dev): bump vite from 6.0.11 to 6.2.0 in /rust/gui-client (#8328)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.0.11 to 6.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>create-vite@6.2.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/create-vite@6.2.0/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.2.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.2.0/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.2.0-beta.1</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.2.0-beta.1/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.2.0-beta.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.2.0-beta.0/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>create-vite@6.1.1</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/create-vite@6.1.1/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.1.1</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.1.1/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>create-vite@6.1.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/create-vite@6.1.0/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.1.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.1.0/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.1.0-beta.2</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.1.0-beta.2/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.1.0-beta.1</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.1.0-beta.1/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v6.1.0-beta.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.1.0-beta.0/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2>6.2.0 (2025-02-25)</h2> <ul> <li>fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19501">#19501</a>) (<a href=" |
||
|
Jamil
|
d71fdbf269 |
fix(connlib): Always emit_resources_changed (#8297)
When adding a new Resource that has the same address as a previous Resource, we would fail to call `emit_resources_changed`, and the Resource would fail to show up in the client's resource list. This happened because we essentially didn't consider "activating" the resource if the resource address didn't change. With this PR, we always do the following: - DNS Resource: Add address to the stub resolver -> no-op if address exists - CIDR Resource: `maybe_update_cidr_resources` -> no-op if duplicate CIDR is added - Internet Resource: No-op if resource ID doesn't change (it shouldn't ever) Since we remove the early-exit logic, the `maybe_update_tun_routes` and `emit_resources_changed` is always called. `maybe_update_tun_routes` is a no-op if the address hasn't changed, so the early-exit logic to avoid calling that seems to be redundant. ## Tested: - [x] Adding / removing a resource - [x] Updating a resource's fields individually, observing the client resource updates properly - [x] Adding two CIDR resources with the same address, observing that the routing table _was not updated_ (thus no disruption to packet flows). Fixes #8100 |
||
|
Jamil
|
1bd8051aae |
fix(connlib): Emit resources updated when display fields change (#8286)
Whenever a Resource's name, address_description, or assigned sites change, it is not currently reflected in clients. For that to happen the address is changed. This PR updates that behavior so that if any display fields are changed, the `on_update_resources` callback is called which properly updates the resource list views in clients. Fixes #8284 |
||
|
Thomas Eizinger
|
f222cb893e |
fix(connlib): be more lenient in deserialising resources (#8289)
At present, `connlib` can process a resource list gracefully that handles unknown resource types. If a known type fails to match the schema however, we fail to deserialise the entire list. To reduce the blast radius of potential bugs here, we accept everything that is valid JSON as the "value" of a resource. Only when processing the individual items will we attempt to deserialise it into the expected model, skipping any resources that cannot be deserialised. |
||
|
Thomas Eizinger
|
315d99f723 |
feat(gateway): allow tunneling packets to and from TUN device (#8283)
At present, Clients are only allowed to send packets to resources accessible via the Gateway but not to the Gateway itself. Thus, any application (including Firezone itself) that opens a listening socket on the TUN device will never receive any traffic. This has opens up interesting features like hosting additional services on the machine that the Gateway is running on. Concretely, in order to implement #8221, we will run a DNS server on port 53 of the TUN device as part of the Gateway. The diff for this ended up being a bit larger because we are introducing an `IpConfig` abstraction so we don't have to track 4 IP addresses as separate fields within `ClientOnGateway`; the connection-specific state on a Gateway. This is where we allow / deny traffic from a Client. To allow traffic for this particular Gateway, we need to know our own TUN IP configuration within the component. |
||
|
Thomas Eizinger
|
325604b3dd |
build(rust): bump str0m to v0.7.0 (#8277)
Good to get rid of patch dependencies where possible. |
||
|
Thomas Eizinger
|
10314e2540 |
chore(phoenix-channel): immediately retry on first error (#8238)
Currently, we wait for the first "backoff" duration when the WebSocket disconnects. Instead, we should just try to reconnect immediately and only wait if we hit another error. |
||
|
Thomas Eizinger
|
b8c4001848 |
fix(connlib): don't buffer exact & TCP SYN retransmissions (#8273)
Whilst we are establishing a connection, the host network stack may run into timeouts and retransmit packets. Buffering these copies doesn't make any sense because we are then just flooding the remote with e.g. 4 TCP SYNs for the same connection. This check is O(N) with the number of buffered packets. Those are at most a few dozens so there shouldn't be a need for anything more efficient. |
||
|
Jamil
|
14436908d2 | chore: Release GUI client 1.4.7 (#8275) | ||
|
Thomas Eizinger
|
4de0fb7640 |
chore(connlib): improve wire::dev logging (#8272)
This will log more details about the packet, such as SYN, RST and FIN flags for TCP. |
||
|
Thomas Eizinger
|
2fe5c00c64 |
fix(windows): break from retry loop if we sent the packet (#8271)
Regression introduced in #8268. |
||
|
Thomas Eizinger
|
71431e8c9c |
fix(gui-client): update Linux-desktop entry to Firezone Client (#8270)
This effectively reverts #8223 due to how this interacts with the generated packages on Linux. The _package_ itself should still be called `firezone-client-gui` because that is what we are installing. Perhaps we will one day add a headless-client package so the naming chosen here should allow for that. To customize the desktop entry, we instead make use of the `desktopTemplate` configuration of the Tauri bundler where we can provide a custom `.desktop` file where we can specify a particular application name. As part of this, we are also updating the docs on the website to mention the new name `Firezone Client`. |
||
|
dependabot[bot]
|
662b958a0b |
build(deps): bump uuid from 1.11.0 to 1.14.0 in /rust (#8243)
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.11.0 to 1.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/uuid-rs/uuid/releases">uuid's releases</a>.</em></p> <blockquote> <h2>v1.14.0</h2> <h2>What's Changed</h2> <ul> <li>Add FromStr impls to the fmt structs by <a href="https://github.com/tysen"><code>@tysen</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/806">uuid-rs/uuid#806</a></li> <li>Prepare for 1.14.0 release by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/807">uuid-rs/uuid#807</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/tysen"><code>@tysen</code></a> made their first contribution in <a href="https://redirect.github.com/uuid-rs/uuid/pull/806">uuid-rs/uuid#806</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/uuid-rs/uuid/compare/v1.13.2...v1.14.0">https://github.com/uuid-rs/uuid/compare/v1.13.2...v1.14.0</a></p> <h2>v1.13.2</h2> <h2>What's Changed</h2> <ul> <li>Add a compile_error when no source of randomness is available on wasm32-unknown-unknown by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/804">uuid-rs/uuid#804</a></li> <li>Prepare for 1.13.2 release by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/805">uuid-rs/uuid#805</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/uuid-rs/uuid/compare/1.13.1...v1.13.2">https://github.com/uuid-rs/uuid/compare/1.13.1...v1.13.2</a></p> <h2>1.13.1</h2> <h2>What's Changed</h2> <ul> <li>Fix <code>wasm32</code> with <code>atomics</code> by <a href="https://github.com/bushrat011899"><code>@bushrat011899</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/797">uuid-rs/uuid#797</a></li> <li>Prepare for 1.13.1 release by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/799">uuid-rs/uuid#799</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/bushrat011899"><code>@bushrat011899</code></a> made their first contribution in <a href="https://redirect.github.com/uuid-rs/uuid/pull/797">uuid-rs/uuid#797</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/uuid-rs/uuid/compare/1.13.0...1.13.1">https://github.com/uuid-rs/uuid/compare/1.13.0...1.13.1</a></p> <h2>1.13.0</h2> <h2>⚠️ Potential Breakage</h2> <p>This release updates our version of <code>getrandom</code> to <code>0.3</code> and <code>rand</code> to <code>0.9</code>. It is a <strong>potentially breaking change</strong> for the following users:</p> <h3>no-std users who enable the <code>rng</code> feature</h3> <p><code>uuid</code> still uses <code>getrandom</code> by default on these platforms. Upgrade your version of <code>getrandom</code> and <a href="https://docs.rs/getrandom/0.3.1/getrandom/index.html#custom-backend">follow its new docs</a> on configuring a custom backend.</p> <h3><code>wasm32-unknown-unknown</code> users who enable the <code>rng</code> feature without the <code>js</code> feature</h3> <p>Upgrade your version of <code>getrandom</code> and <a href="https://docs.rs/getrandom/0.3.1/getrandom/index.html#custom-backend">follow its new docs</a> on configuring a backend.</p> <p>You'll also need to enable the <code>rng-getrandom</code> or <code>rng-rand</code> feature of <code>uuid</code> to force it to use <code>getrandom</code> as its backend:</p> <pre lang="diff"><code>[dependencies.uuid] version = "1.13.0" - features = ["v4"] + features = ["v4", "rng-getrandom"] <p>[dependencies.getrandom] </tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
96170be082 |
fix(gui-client): mitigate deadlock when shutting down TUN device (#8268)
In #8159, we introduced a regression that could lead to a deadlock when shutting down the TUN device. Whilst we did close the channel prior to awaiting the thread to exit, we failed to notice that _another_ instance of the sender could be alive as part of an internally stored "sending permit" with the `PollSender` in case another packet is queued for sending. We need to explicitly call `abort_send` to free that. Judging from the comment and a prior bug, this shutdown logic has been buggy before. To further avoid this deadlock, we introduce two changes: - The worker threads only receive a `Weak` reference to the `wintun::Session` - We move all device-related state into a dedicated `TunState` struct that we can drop prior to joining the threads The combination of these features means that all strong references to channels and the session are definitely dropped without having to wait for anything. To provide a clean and synchronous shutdown, we wait for at most 5s on the worker-threads. If they don't exit until then, we log a warning and exit anyway. This should greatly reduce the risk of future bugs here because the session (and thus the WinTUN device) gets shutdown in any case and so at worst, we have a few zombie threads around. Resolves: #8265 |
||
|
Jamil
|
48030f68d7 |
ci: Bump Apple clients to 1.4.5 (#8252)
These have been published. This fixes a critical bug preventing the client from launching on macOS. |
||
|
Jamil
|
0bc3895c3e |
ci: Bump Apple clients to 1.4.4 (#8245)
These have been released / published. Need to merge this to get website links and changelog updated. |
||
|
Thomas Eizinger
|
a0f079f1cd |
feat(gui-client): send Linux GUI logs to journald (#8236)
This configures the GUI client to log to journald in addition to files as well. For better or worse, this logs all events such that structured information is preserved, e.g. all additional fields next to the message are also saved as fields in the journal. By default, when viewing the logs via `journalctl`, those fields are not displayed. This makes the default output of `journalctl` for the FIrezone GUI not as useful as it could be. Fixing that is left to a later stage. Related: #8173 |
||
|
Thomas Eizinger
|
4cb2b01c26 |
build(nix): manage Rust installation via rustup (#8235)
Using `rustup` - even on NixOS - is easier to manage the Rust toolchain as some tools rely on being able to use the `rustup` shims such as `+nightly` to run a nightly toolchain. |
||
|
Thomas Eizinger
|
57ce0ee469 |
feat(gateway): cache DNS queries for resources (#8225)
With the addition of the Firezone Control Protocol, we are now issuing a lot more DNS queries on the Gateway. Specifically, every DNS query for a DNS resource name always triggers a DNS query on the Gateway. This ensures that changes to DNS entries for resources are picked up without having to build any sort of "stale detection" in the Gateway itself. As a result though, a Gateway has to issue a lot of DNS queries to upstream resolvers which in 99% or more cases will return the same result. To reduce the load on these upstream, we cache successful results of DNS queries for 5 minutes. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Thomas Eizinger
|
f882edb3bd |
feat(gui-client): configure IPC service to log to stdout (#8219)
On Linux, logs sent to stdout from a systemd-service are automatically captured by `journald`. This is where most admins expect logs to be and frankly, doing any kind of debugging of Firezone is much easier if you can do `journalctl -efu firezone-client-ipc.service` in a terminal and check what the IPC service is doing. On Windows, stdout from a service is (unfortunately) ignored. To achieve this and also allow dynamically changing the log-filter, I had to introduce a (long-overdue) abstraction over tracing's "reload" layer that allows us to combine multiple reload-handles into one. Unfortunately, neither the `reload::Layer` nor the `reload::Handle` implement `Clone`, which makes this unnecessarily difficult. Related: #8173 |
||
|
Thomas Eizinger
|
ea9796e346 |
feat(gateway): apply filter engine to inbound packets (#7702)
The Gateway keeps some state for each client connection. Part of this state are filters which can be controlled via the Firezone portal. Even if no filters are set in the portal, the Gateway uses this data structure to ensure only packets to allowed resources are forwarded. If a resource is not allowed, its IP won't exist in the `IpNetworkTable` of filters and thus won't be allowed. When a Client disconnects, the Gateway cleans up this data structure and thus all filters etc are gone. As soon as a Client reconnects, default filters are installed (which don't allow anything) under the same IP (the portal always assigns the same IP to Clients). These filters are only applied on _outbound_ traffic (i.e. from the Client towards Resources). As a result, packets arriving from Resources to a Client will still be routed back, causing "Source not allowed" errors on the client (which has lost all of its state when restarting). To fix this, we apply the Gateway's filters also on the reverse path of packets from Resources to Clients. Resolves: #5568 Resolves: #7521 Resolves: #6091 |
||
|
Thomas Eizinger
|
f22a285678 |
feat(phoenix-channel): don't try to detect missing heartbeats (#8220)
At present our Rust implementation of the Phoenix Channel client tries to detect missing heartbeat responses from the portal. This is unnecessary and causes brittleness in production. The WebSocket connection runs over TCP, meaning any kind of actual network problem / partition will be detected by TCP itself and cause an IO error further up the stack. In order to keep NAT bindings alive, we only need to send _some_ traffic every so often, meaning sending a heartbeat is good enough. We don't need to actually handle the response in any particular way. Lastly, by just using an interval, I realised that we can very easily implement an optimisation from the Phoenix spec: Only send heartbeats if you haven't sent anything else. In theory, WebSocket ping/pong frames could be used for this keep-alive mechanism. Unfortunately, as I understand the Phoenix spec, it requires its own heartbeat to be sent, otherwise it will disconnect the WebSocket. |
||
|
Thomas Eizinger
|
9bc23732f3 |
chore(apple): downgrade warning about installed crypto provider (#8226)
With the introduction of system extensions, the memory is no longer free'd after the tunnel disconnects meaning this can easily happen. |
||
|
Thomas Eizinger
|
273d723729 |
fix(gui-client): use "Firezone" as the application name on Linux (#8223)
The current `.desktop` file uses the `firezone-client-gui` name from the Tauri config. This looks ugly and unprofessional. Instead, we should just call this "Firezone".  Resolves: #8205 |
||
|
Thomas Eizinger
|
deb47d956e |
chore(gateway): remove log around "No NAT session" (#8227)
This is pretty confusing when reading logs. For inbound packets, we assume that if we don't have a NAT session, they belong to the Internet Resource or a CIDR resource, meaning this log shows up for all packets for those resources and even for packets that don't belong to any resource at all. |
||
|
Thomas Eizinger
|
b10b6e75ea |
fix(gui-client): hide the .desktop entry for deep-links (#8224)
On Linux desktops, we install a dedicated `.desktop` file that is responsible for handling our deep-links for sign-in. This desktop entry is not meant to be launched manually and therefore should be hidden from the application menus. |
||
|
Thomas Eizinger
|
6f68b97558 |
chore(gui-client): release v1.4.6 (#8211)
|
||
|
Thomas Eizinger
|
d5fdb5fda8 |
test(connlib): remove assertion around idle packets / sec (#8210)
This has been flaky recently but it isn't a priority right now. |
||
|
Thomas Eizinger
|
81da120c17 |
fix(phoenix-channel): report connection hiccups to upper layer (#8203)
The WebSocket connection to the portal from within the Clients, Gateways and Relays may be temporarily interrupted by IO errors. In such cases we simply reconnect to it. This isn't as much of a problem for Clients and Gateways. For Relays however, a disconnect can be disruptive for customers because the portal will send `relays_presence` events to all Clients and Gateways. Any relayed connection will therefore be interrupted. See #8177. Relays run on our own infrastructure and we want to be notified if their connection flaps. In order to differentiate between these scenarios, we remove the logging from within `phoenix-channel` and report these connection hiccups one layer up. This allows Clients and Gateways to log them on DEBUG whereas the Relay can log them on WARN. Related: #8177 Related: #7004 |
||
|
Thomas Eizinger
|
cad84922db |
fix(apple): don't panic in FFI functions (#8202)
Now that we have error reporting via Sentry in Swift-land as well, we can handle errors in the FFI layer more gracefully and return them to Swift. --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Thomas Eizinger
|
3e4976e4ab |
fix(relay): don't starve items further down in the event-loop (#8177)
At present, the relay uses a priority in the event-loop that favors routing traffic. Whenever a task further up in the loop is `Poll::Ready`, we loop back to the top to continue processing. The issue with that is that in very busy times, this can lead to starvation in processing timers and messages from the portal. If we then finally get to process portal messages, we think that the portal hasn't replied in some time and proactively cut the connection and reconnect. As a result, the portal will send `relays_presence` messages to the clients and gateways which in turn will locally remove the relay. This breaks relayed connections. To fix this, instead of immediately traversing to the top of the event-loop with `continue`, we only set a boolean. This gives each element of the event-loop a chance to execute, even when a certain component is very busy. Related: #8165 Related: #8176 |
||
|
Thomas Eizinger
|
2e43523f75 |
fix(snownet): servers should not initiate WireGuard sessions (#8169)
Whilst ICE for a connection is in progress, it might happen that packets
for a particular client are arriving at the Gateway's TUN device. I
assume that these might be from a previous session?
We can only negotiate a WireGuard session once we have a nominated
socket. Thus, the very first packet sent on a session will always
trigger a new handshake. We don't want Gateway's to start handshakes
though, those should always be initiated by the Clients.
To avoid this, we add a conditional to `snownet::Node` that drops
packets iff the current node is a `ServerNode` and we haven't nominated
a socket yet.
The following log output from a Gateway motivated this change:
```
2025-02-17T15:36:45.372Z INFO snownet::node: Connection failed (ICE timeout) cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
// Here the previous connection failed.
2025-02-17T15:36:45.989Z DEBUG firezone_tunnel::gateway: Unknown client, perhaps already disconnected? dst=100.64.69.110
2025-02-17T15:36:45.989Z DEBUG firezone_tunnel::gateway: Unknown client, perhaps already disconnected? dst=100.64.69.110
2025-02-17T15:36:45.989Z DEBUG firezone_tunnel::gateway: Unknown client, perhaps already disconnected? dst=100.64.69.110
2025-02-17T15:36:46.213Z DEBUG firezone_tunnel::gateway: Unknown client, perhaps already disconnected? dst=100.64.69.110
// Until here, packets for this client got dropped but now a new connection (for the same IP!) is being created.
2025-02-17T15:36:46.474Z DEBUG snownet::node: Sampled relay rid=b7198983-0cf6-48ba-a459-e7d27ef7d6c9 client_id=8b106344-ba59-4050-8f9a-e2f0bab6e9e5 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.474Z INFO str0m::ice_::agent: Set local credentials: IceCreds { ufrag: "ipcg", pass: "eyy6s27emu2joisw7aqc7q" } client_id=8b106344-ba59-4050-8f9a-e2f0bab6e9e5 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.474Z INFO str0m::ice_::agent: Set remote credentials: IceCreds { ufrag: "up5k", pass: "4q6uvhawhcbnhbqrddvy5x" } client_id=8b106344-ba59-4050-8f9a-e2f0bab6e9e5 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.474Z INFO str0m::ice_::agent: Add local candidate: Candidate(host=10.0.0.4:38621/udp prio=2130706175) client_id=8b106344-ba59-4050-8f9a-e2f0bab6e9e5 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.474Z INFO str0m::ice_::agent: Add local candidate: Candidate(relay=34.16.221.134:62250/udp prio=37748479) client_id=8b106344-ba59-4050-8f9a-e2f0bab6e9e5 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.474Z INFO str0m::ice_::agent: Add local candidate: Candidate(relay=[2600:1900:4180:ee3:0:78::]:62250/udp prio=37748735) client_id=8b106344-ba59-4050-8f9a-e2f0bab6e9e5 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.474Z INFO str0m::ice_::agent: State change (new connection): New -> Checking client_id=8b106344-ba59-4050-8f9a-e2f0bab6e9e5 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.474Z INFO snownet::node: Created new connection client_id=8b106344-ba59-4050-8f9a-e2f0bab6e9e5 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.475Z INFO firezone_tunnel::peer: Allowing access to resource client=8b106344-ba59-4050-8f9a-e2f0bab6e9e5 resource=dca3fcc6-b5e0-470a-bc7b-6446cdd03bb3 expires=Some("2025-02-24T15:09:11+00:00") client_id=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
// The connection has been created and very likely another packet has arrived at the TUN interface. This time though, we have an entry in our connection map for this IP and try to route it.
2025-02-17T15:36:46.546Z DEBUG boringtun::noise: Sending handshake_initiation cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.546Z DEBUG snownet::node: ICE is still in progress, buffering WG handshake num_buffered=1 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
// We buffered the handshake packet. This is only meant to be done by clients.
2025-02-17T15:36:46.572Z INFO str0m::ice_::agent: Created peer reflexive remote candidate from STUN request: Candidate(prflx=107.197.104.68:49376/udp prio=1862270719) cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.572Z DEBUG str0m::ice_::agent: Created new pair for STUN request: CandidatePair(1-0 prio=162128486503284223 state=Waiting attempts=0 unanswered=0 remote=0 last=None nom=None) cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.574Z INFO str0m::ice_::agent: Created peer reflexive remote candidate from STUN request: Candidate(prflx=[2600:1700:3ecb:2410:7499:175a:5c9:9bc5]:57622/udp prio=1862270975) cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.574Z DEBUG str0m::ice_::agent: Created new pair for STUN request: CandidatePair(2-1 prio=162129586014912511 state=Waiting attempts=0 unanswered=0 remote=0 last=None nom=None) cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.611Z DEBUG str0m::ice_::pair: Nominated pair: CandidatePair(2-1 prio=162129586014912511 state=Succeeded attempts=1 unanswered=0 remote=2 last=Some(Instant { tv_sec: 286264, tv_nsec: 840170135 }) nom=Nominated) cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.612Z INFO str0m::ice_::agent: State change (got nomination, still trying others): Checking -> Connected cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.612Z DEBUG snownet::node: Flushing packets buffered during ICE num_buffered=1 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.612Z INFO snownet::node: Updating remote socket old=None new=Relay { relay: b7198983-0cf6-48ba-a459-e7d27ef7d6c9, dest: [2600:1700:3ecb:2410:7499:175a:5c9:9bc5]:57622 } duration_since_intent=137.48517ms cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
// The connection has been established and we receive the (forced) handshake initiation by the client. However, we also flushed a handshake initiation.
2025-02-17T15:36:46.612Z DEBUG boringtun::noise: Received handshake_initiation remote_idx=731337473 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.613Z DEBUG boringtun::noise: Sending handshake_response local_idx=185230594 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.613Z DEBUG boringtun::noise: Sending handshake_initiation cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.629Z DEBUG snownet::node: Unknown connection or socket has already been nominated ignored_candidate=candidate:fffeff021b36b51d6f7abdc3 1 udp 50331391 34.94.63.38 55487 typ relay cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.629Z DEBUG snownet::node: Unknown connection or socket has already been nominated ignored_candidate=candidate:fffeff64a52b02479dab9c4 1 udp 1694498559 107.197.104.68 49376 typ srflx cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.629Z DEBUG snownet::node: Unknown connection or socket has already been nominated ignored_candidate=candidate:fffeff7ec9b7a7db40ec1c44 1 udp 2130706175 192.168.1.150 49376 typ host cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.630Z DEBUG snownet::node: Unknown connection or socket has already been nominated ignored_candidate=candidate:ffffff026d81f5c8a4d5600e 1 udp 50331647 2600:1900:4120:521c:0:78:: 55487 typ relay cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.630Z DEBUG snownet::node: Unknown connection or socket has already been nominated ignored_candidate=candidate:ffffff64e2c91c4ff6f343f5 1 udp 1694498815 2600:1700:3ecb:2410:7499:175a:5c9:9bc5 57622 typ srflx cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.630Z DEBUG snownet::node: Unknown connection or socket has already been nominated ignored_candidate=candidate:ffffff7ed64262b110d1f279 1 udp 2130706431 2600:1700:3ecb:2410:7499:175a:5c9:9bc5 57622 typ host cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
// We are receiving a response for our handshake initiation. Let the fight begin!
2025-02-17T15:36:46.651Z DEBUG boringtun::noise: Received handshake_response local_idx=185230593 remote_idx=731337474 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.651Z DEBUG firezone_gateway::eventloop: Tunnel error: Failed to decapsulate: Failed to decapsulate: UnexpectedPacket
2025-02-17T15:36:46.651Z DEBUG boringtun::noise: Received handshake_initiation remote_idx=731337475 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.652Z DEBUG boringtun::noise: Sending handshake_response local_idx=185230596 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.652Z DEBUG boringtun::noise: Sending handshake_initiation cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.652Z DEBUG boringtun::noise: Received handshake_response local_idx=185230595 remote_idx=731337476 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.652Z DEBUG firezone_gateway::eventloop: Tunnel error: Failed to decapsulate: Failed to decapsulate: UnexpectedPacket
2025-02-17T15:36:46.652Z DEBUG boringtun::noise: Received handshake_initiation remote_idx=731337477 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.653Z DEBUG boringtun::noise: Sending handshake_response local_idx=185230598 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.653Z DEBUG boringtun::noise: Sending handshake_initiation cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.691Z DEBUG boringtun::noise: Received handshake_response local_idx=185230597 remote_idx=731337478 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.691Z DEBUG firezone_gateway::eventloop: Tunnel error: Failed to decapsulate: Failed to decapsulate: UnexpectedPacket
2025-02-17T15:36:46.691Z DEBUG boringtun::noise: Received handshake_initiation remote_idx=731337479 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.692Z DEBUG boringtun::noise: Sending handshake_response local_idx=185230600 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
2025-02-17T15:36:46.692Z INFO snownet::node: Completed wireguard handshake cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5 duration_since_intent=217.247362ms
2025-02-17T15:36:46.692Z DEBUG firezone_gateway::eventloop: Tunnel error: Failed to decapsulate: Failed to decapsulate: NoCurrentSession
2025-02-17T15:36:46.692Z DEBUG firezone_gateway::eventloop: Tunnel error: Failed to decapsulate: Failed to decapsulate: NoCurrentSession
2025-02-17T15:36:46.692Z DEBUG firezone_gateway::eventloop: Tunnel error: Failed to decapsulate: Failed to decapsulate: NoCurrentSession
2025-02-17T15:36:46.692Z DEBUG firezone_gateway::eventloop: Tunnel error: Failed to decapsulate: Failed to decapsulate: NoCurrentSession
2025-02-17T15:36:46.708Z DEBUG firezone_gateway::eventloop: Tunnel error: Failed to decapsulate: Failed to decapsulate: NoCurrentSession
2025-02-17T15:36:46.731Z DEBUG boringtun::noise: New session session=185230600 cid=8b106344-ba59-4050-8f9a-e2f0bab6e9e5
```
As you can see, with both parties initiating handshakes, they end up
fighting over who should initiate the session.
|
||
|
Thomas Eizinger
|
2d37cfa264 |
refactor(snownet): make kind of connection more descriptive (#8167)
When `snownet` establishes a connection to another peer, we may end up in one of four different connection types: - `PeerToPeer` - `PeerToRelay` - `RelayToPeer` - `RelayToRelay` From the perspective of the local node, it only matters whether or not we are sending data from our local socket or a relay's socket because in the latter case, we have to encapsulate it in a channel data message. Hence, at present, we often see logs that say "Direct" but really, we are talking to a port allocated by the remote on a relay. We know whether or not the remote candidate is a relay by looking at the candidates they sent us. To make our logs more descriptive, we now model out all 4 possibilities here. |
||
|
Thomas Eizinger
|
287068396f |
chore(snownet): advance backoff after accessing interval (#8175)
When we detect timed-out request to a relay, we print the duration we
were waiting for. Currently, this is offset by one "backoff tick"
because we advance the backoff too early.
Here is a log-output of a test prior to the change:
```
snownet::allocation: Sending BINDING requests to pick active socket relay_socket=V4(127.0.0.1:3478)
handle_timeout{active_socket=None}: snownet::allocation: Request timed out after 1.5s, re-sending id=TransactionId(0x0BFA13E983FEF36EE4877719) method=binding dst=127.0.0.1:3478
handle_timeout{active_socket=None}: snownet::allocation: Request timed out after 2.25s, re-sending id=TransactionId(0x0BFA13E983FEF36EE4877719) method=binding dst=127.0.0.1:3478
handle_timeout{active_socket=None}: snownet::allocation: Request timed out after 3.375s, re-sending id=TransactionId(0x0BFA13E983FEF36EE4877719) method=binding dst=127.0.0.1:3478
handle_timeout{active_socket=None}: snownet::allocation: Request timed out after 3.375s, re-sending id=TransactionId(0x0BFA13E983FEF36EE4877719) method=binding dst=127.0.0.1:3478
handle_timeout{active_socket=None}: snownet::allocation: Backoff expired, giving up id=TransactionId(0x0BFA13E983FEF36EE4877719) method=binding dst=127.0.0.1:3478
```
and with this change:
```
snownet::allocation: Sending BINDING requests to pick active socket relay_socket=V4(127.0.0.1:3478)
handle_timeout{active_socket=None}: snownet::allocation: Request timed out after 1s, re-sending id=TransactionId(0x6C79DD3607DF96806C4A7D8C) method=binding dst=127.0.0.1:3478
handle_timeout{active_socket=None}: snownet::allocation: Request timed out after 1.5s, re-sending id=TransactionId(0x6C79DD3607DF96806C4A7D8C) method=binding dst=127.0.0.1:3478
handle_timeout{active_socket=None}: snownet::allocation: Request timed out after 2.25s, re-sending id=TransactionId(0x6C79DD3607DF96806C4A7D8C) method=binding dst=127.0.0.1:3478
handle_timeout{active_socket=None}: snownet::allocation: Request timed out after 3.375s, re-sending id=TransactionId(0x6C79DD3607DF96806C4A7D8C) method=binding dst=127.0.0.1:3478
handle_timeout{active_socket=None}: snownet::allocation: Backoff expired, giving up id=TransactionId(0x6C79DD3607DF96806C4A7D8C) method=binding dst=127.0.0.1:3478
t
```
There is no functional difference, we were just logging the wrong
duration.
|
||
|
Thomas Eizinger
|
28f00089b9 |
test(connlib): increase threshold for idle packets (#8174)
Same as the other day. Currently no bandwidth to look into this but need to ensure stable CI. |
||
|
Thomas Eizinger
|
643347ba0e |
test(windows): reduce expected BPS of WinTUN benchmark (#8171)
This appears to have regressed in #8159. It is low-priority right now and we need to unblock a flaky CI so lower the expected BPS and investigate later. |
||
|
Thomas Eizinger
|
33c707dbf6 |
feat(windows): introduce dedicated "TUN send" thread (#8159)
Same as done for unix-based operation systems in #8117, we introduce a dedicated "TUN send" thread for Windows in this PR. Not only does this move the syscalls and copying of sending packets away from `connlib`'s main thread but it also establishes backpressure between those threads properly. WinTUN does not have any ability to signal that it has space in its send buffer. If it fails to allocate a packet for sending, it will return `ERROR_BUFFER_OVERFLOW` [0]. We now handle this case gracefully by suspending the send thread for 10ms and then try again. This isn't a great way of establishing back-pressure but at least we don't have any packet loss. To test this, I temporarily lowered the ring buffer size and ran a speed test. In that, I could confirm that `ERROR_BUFFER_OVERFLOW` is indeed emitted and handled as intended. [0]: https://git.zx2c4.com/wintun/tree/api/session.c#n267 |
||
|
Thomas Eizinger
|
2d70a8ed31 |
test(connlib): create dedicated Internet site (#8153)
To ensure that our test suite represents production as much as possible, we introduce a dedicated "Internet" site into the `StubPortal` that only hosts the Internet resource. All other creates resources are assigned to other sites. |
||
|
Thomas Eizinger
|
7ea17c144a | refactor(gui-client): de-duplicate logging of IPC message errors (#8157) | ||
|
dependabot[bot]
|
8c7c0a9e8e |
build(deps): bump os_info from 3.9.2 to 3.10.0 in /rust (#8161)
Bumps [os_info](https://github.com/stanislav-tkach/os_info) from 3.9.2 to 3.10.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stanislav-tkach/os_info/releases">os_info's releases</a>.</em></p> <blockquote> <h2>os_info 3.10.0</h2> <ul> <li>Bluefin Linux support has been added. (<a href="https://redirect.github.com/stanislav-tkach/os_info/issues/394">#394</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/stanislav-tkach/os_info/blob/master/CHANGELOG.md">os_info's changelog</a>.</em></p> <blockquote> <h2>[3.10.0] (2025-02-09)</h2> <ul> <li>Bluefin Linux support has been added. (<a href="https://redirect.github.com/stanislav-tkach/os_info/issues/394">#394</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
3b78821944 |
build(deps): bump tracing-subscriber from 0.3.18 to 0.3.19 in /rust (#8162)
Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from 0.3.18 to 0.3.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tracing/releases">tracing-subscriber's releases</a>.</em></p> <blockquote> <h2>tracing-subscriber 0.3.19</h2> <p>[ [crates.io][crate-0.3.19] ] | [ [docs.rs][docs-0.3.19] ]</p> <p>This release updates the <code>tracing</code> dependency to [v0.1.41][tracing-0.1.41] and the <code>tracing-serde</code> dependency to [v0.2.0][tracing-serde-0.2.0].</p> <h3>Added</h3> <ul> <li>Add <code>set_span_events</code> to <code>fmt::Subscriber</code> (<a href="https://redirect.github.com/tokio-rs/tracing/issues/2962">#2962</a>)</li> <li><strong>tracing</strong>: Allow <code>&[u8]</code> to be recorded as event/span field (<a href="https://redirect.github.com/tokio-rs/tracing/issues/2954">#2954</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Set <code>log</code> max level when reloading (<a href="https://redirect.github.com/tokio-rs/tracing/issues/1270">#1270</a>)</li> <li>Bump MSRV to 1.63 (<a href="https://redirect.github.com/tokio-rs/tracing/issues/2793">#2793</a>)</li> <li>Use const <code>thread_local</code>s when possible (<a href="https://redirect.github.com/tokio-rs/tracing/issues/2838">#2838</a>)</li> <li>Don't gate <code>with_ansi()</code> on the "ansi" feature (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3020">#3020</a>)</li> <li>Updated tracing-serde to 0.2.0 (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3160">#3160</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tracing/issues/1270">#1270</a>: <a href="https://redirect.github.com/tokio-rs/tracing/pull/1270">tokio-rs/tracing#1270</a> <a href="https://redirect.github.com/tokio-rs/tracing/issues/2793">#2793</a>: <a href="https://redirect.github.com/tokio-rs/tracing/pull/2793">tokio-rs/tracing#2793</a> <a href="https://redirect.github.com/tokio-rs/tracing/issues/2838">#2838</a>: <a href="https://redirect.github.com/tokio-rs/tracing/pull/2838">tokio-rs/tracing#2838</a> <a href="https://redirect.github.com/tokio-rs/tracing/issues/2954">#2954</a>: <a href="https://redirect.github.com/tokio-rs/tracing/pull/2954">tokio-rs/tracing#2954</a> <a href="https://redirect.github.com/tokio-rs/tracing/issues/2962">#2962</a>: <a href="https://redirect.github.com/tokio-rs/tracing/pull/2962">tokio-rs/tracing#2962</a> <a href="https://redirect.github.com/tokio-rs/tracing/issues/3020">#3020</a>: <a href="https://redirect.github.com/tokio-rs/tracing/pull/3020">tokio-rs/tracing#3020</a> <a href="https://redirect.github.com/tokio-rs/tracing/issues/3160">#3160</a>: <a href="https://redirect.github.com/tokio-rs/tracing/pull/3160">tokio-rs/tracing#3160</a> [tracing-0.1.41]: <a href="https://github.com/tokio-rs/tracing/releases/tag/tracing-0.1.41">https://github.com/tokio-rs/tracing/releases/tag/tracing-0.1.41</a> [tracing-serde-0.2.0]: <a href="https://github.com/tokio-rs/tracing/releases/tag/tracing-serde-0.2.0">https://github.com/tokio-rs/tracing/releases/tag/tracing-serde-0.2.0</a> [docs-0.3.19]: <a href="https://docs.rs/tracing-subscriber/0.3.19/tracing_subscriber/">https://docs.rs/tracing-subscriber/0.3.19/tracing_subscriber/</a> [crate-0.3.19]: <a href="https://crates.io/crates/tracing-subscriber/0.3.19">https://crates.io/crates/tracing-subscriber/0.3.19</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
a3c0321020 |
fix(android): init Sentry layer as part of logging (#8154)
Resolves: #8050. |
||
|
Thomas Eizinger
|
af9fc49b18 |
fix(windows): don't double shutdown session (#8156)
The `wintun` crate will already shutdown the session for us when the last instance of `Session` gets dropped. Shutting down the session prior to that already results in an attempt to close an adapter that is no longer present, causing WinTUN to log (unactionable) errors. |
||
|
Thomas Eizinger
|
9de467483f | fix(apple): init Sentry layer as part of logging (#8155) | ||
|
Thomas Eizinger
|
72782b8389 |
fix(gui-client): update telemetry context on new session (#8152)
Every time we start a new session, our telemetry context potentially changes, i.e. the user may sign into a new account. This should ensure that both the IPC service and the GUI always use the most up-to-date `account_slug` as part of Sentry events. In addition, this will also set the `account_slug` for clients that just signed in. Previously, the `account_slug` would only get populated on the next start of the client. |
||
|
Jamil
|
e487272a1b | chore(apple): Release Apple clients 1.4.3 (#8144) | ||
|
Jamil
|
d38ec466b9 | chore(android): Release Android 1.4.2 (#8145) | ||
|
Jamil
|
80aa9e76c1 |
build(phoenix-channel): add cfg to enable system CAs (#8137)
By setting the `system_certs` cfg at compile-time, any TLS connections from `phoenix-channel` will use the system-provided CA store instead of the embedded one. Resolves: #8065 Co-authored-by: oddlama <oddlama@oddlama.org> Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |