mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-03-22 05:41:54 +00:00
a5b6929fbf99476eeb23bda4eefec4e7d0390512
285 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Gabi
|
aec5b97012 | Add performance tests for client-gateway communication (#2655) | ||
|
Gabi
|
7528a765fb |
connlib: fix incorrect assumption for buffer size that was causing panics (#2663)
There was an incorrect assumption with buffer size that was causing a panic (detected on macos client) |
||
|
Gabi
|
683723ee17 |
connlib: fix logging string for macos (#2658)
filter for macos wasn't being applied correctly, this fixes that. |
||
|
Gabi
|
bc8f438a56 |
feat(connlib): directly send wireguard traffic instead of tunneling it through WebRTC datachannels (#2643)
This PR started as part of a degradation in performance for the gateways. The way to test performance in a realistic enviroment is using a GCP vm as a client and an AWS vm as a gateway with a single iperf server behind the gateway. Then the `iperf` results with current main: ``` Connecting to host 172.31.92.238, port 5201 Reverse mode, remote host 172.31.92.238 is sending [ 5] local 100.83.194.77 port 58426 connected to 172.31.92.238 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 1.01 MBytes 8.50 Mbits/sec [ 5] 1.00-2.00 sec 1.14 MBytes 9.59 Mbits/sec [ 5] 2.00-3.00 sec 699 KBytes 5.73 Mbits/sec [ 5] 3.00-4.00 sec 1.11 MBytes 9.31 Mbits/sec [ 5] 4.00-5.00 sec 664 KBytes 5.44 Mbits/sec [ 5] 5.00-6.00 sec 591 KBytes 4.84 Mbits/sec [ 5] 6.00-7.00 sec 722 KBytes 5.91 Mbits/sec [ 5] 7.00-8.00 sec 833 KBytes 6.83 Mbits/sec [ 5] 8.00-9.00 sec 738 KBytes 6.04 Mbits/sec [ 5] 9.00-10.00 sec 836 KBytes 6.85 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.06 sec 8.78 MBytes 7.32 Mbits/sec 3 sender [ 5] 0.00-10.00 sec 8.23 MBytes 6.90 Mbits/sec receiver iperf Done. ``` Most of the performance problems were due to using SCTP and DTLS. So I created a [fork](https://github.com/firezone/webrtc/tree/expose-new-endpoint) of webrtc that let us circumvent those, since we don't need them because we are depending on wireguard for encryption. With those changes much better throughput is achieved: ``` gabriel@cloudshell:~ (firezone-personal-instances)$ iperf3 -R -c 172.31.92.238 Connecting to host 172.31.92.238, port 5201 Reverse mode, remote host 172.31.92.238 is sending [ 5] local 100.83.194.77 port 51206 connected to 172.31.92.238 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 5.60 MBytes 47.0 Mbits/sec [ 5] 1.00-2.00 sec 17.2 MBytes 144 Mbits/sec [ 5] 2.00-3.00 sec 15.8 MBytes 132 Mbits/sec [ 5] 3.00-4.00 sec 14.8 MBytes 125 Mbits/sec [ 5] 4.00-5.00 sec 15.9 MBytes 133 Mbits/sec [ 5] 5.00-6.00 sec 15.8 MBytes 133 Mbits/sec [ 5] 6.00-7.00 sec 15.3 MBytes 128 Mbits/sec [ 5] 7.00-8.00 sec 15.6 MBytes 131 Mbits/sec [ 5] 8.00-9.00 sec 15.6 MBytes 131 Mbits/sec [ 5] 9.00-10.00 sec 16.0 MBytes 134 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.05 sec 151 MBytes 126 Mbits/sec 74 sender [ 5] 0.00-10.00 sec 148 MBytes 124 Mbits/sec receiver iperf Done ``` However, this is still worse than it was achieved with a previous commit(`21afdf0a9a113c996d60a63b2e8c8f32d3aeb87`): ``` gabriel@cloudshell:~ (firezone-personal-instances)$ iperf3 -R -c 172.31.92.238 Connecting to host 172.31.92.238, port 5201 Reverse mode, remote host 172.31.92.238 is sending [ 5] local 100.100.68.41 port 49762 connected to 172.31.92.238 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 6.14 MBytes 51.5 Mbits/sec [ 5] 1.00-2.00 sec 17.1 MBytes 144 Mbits/sec [ 5] 2.00-3.00 sec 22.8 MBytes 191 Mbits/sec [ 5] 3.00-4.00 sec 23.5 MBytes 197 Mbits/sec [ 5] 4.00-5.00 sec 23.0 MBytes 193 Mbits/sec [ 5] 5.00-6.00 sec 22.1 MBytes 185 Mbits/sec [ 5] 6.00-7.00 sec 23.0 MBytes 193 Mbits/sec [ 5] 7.00-8.00 sec 22.7 MBytes 190 Mbits/sec [ 5] 8.00-9.00 sec 21.0 MBytes 176 Mbits/sec [ 5] 9.00-10.00 sec 19.9 MBytes 167 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.05 sec 204 MBytes 170 Mbits/sec 127 sender [ 5] 0.00-10.00 sec 201 MBytes 169 Mbits/sec receiver ``` My profiling suggested that this is due to reading/writing packets happening in its own dedicated tasks. So much so that maybe in the future we should even consider spawning their own dedicated runtime so that those loops have a dedicated OS thread. Also, probably using a multi-queue interface will give us huge gains if we have a dedicated task for each queue(currently the interface is started as a multi-queue but a single file descriptor is used) for handling multiple concurrent clients. However, the changes proposed in this PR are good enough for now as long as performance don't degrade. In that line I will create a CI that reports the throughput using the local `docker-compose.yml` file that we should always check before merging, that is not the be all end all of the performance story but for smaller PRs the correlation to real world throughput should be enough. For bigger PRs we should manually test before merging for now, until we have a way in CI to spin up some realistic tests(note that vms should be in separate cloud enviroments, the same-cloud links are so reliable that we miss actual performance degradation due to dropped packets). On this note I'll write a small manual on how to conduct those tests with full current results that we should use always before merging new PRs that affect the hot-path. cc @thomaseizinger Finally, when testing these changes I found some flakiness regarding the re-connection path. So I changed things so that we cleanup connections only using wireguard's error(connection expiration). This is quite slow for now (~120 seconds) but in the future we can issue an ice restart each time wireguard keepalive expires(rekey timeout) so that we can restart connection each ~30 seconds and we can reduce the keepalive time out from the portal to accelerate it even more. And in the future we can get smarter about it. --------- Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
dependabot[bot]
|
95bfd5bb02 |
build(deps): Bump env_logger from 0.10.0 to 0.10.1 in /rust (#2637)
Bumps [env_logger](https://github.com/rust-cli/env_logger) from 0.10.0 to 0.10.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-cli/env_logger/blob/main/CHANGELOG.md">env_logger's changelog</a>.</em></p> <blockquote> <h2>[0.10.1] - 2023-11-10</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
d666cb2b39 |
build(deps): Bump proptest from 1.3.1 to 1.4.0 in /rust (#2635)
Bumps [proptest](https://github.com/proptest-rs/proptest) from 1.3.1 to 1.4.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Andrew Dryga
|
33ab23b636 |
Cleanup UX and fix a bunch of TODOs (#2641)
This PR cleans up a lot of TODO and some issues I've discovered while fixing them, there are _a few_ UI changes. We show `(you)` next to your name on the actor view page, where `Profile` link goes from the dropdown menu: <img width="1728" alt="Screenshot 2023-11-13 at 19 05 35" src="https://github.com/firezone/firezone/assets/1877644/f52b2531-e3be-4d3a-a587-4f9f54ca2c49"> Relays were way behind Gateways in terms of view code, so I changed them to be exactly the same: <img width="1728" alt="Screenshot 2023-11-13 at 18 54 39" src="https://github.com/firezone/firezone/assets/1877644/a9f0905d-80d2-4e91-a744-c4baf7ad4a7c"> We also show authorizations on the Actor page because previously to find "what this user did" you had to go through all user clients individually: <img width="1728" alt="Screenshot 2023-11-13 at 18 54 27" src="https://github.com/firezone/firezone/assets/1877644/02ada445-e175-427e-99de-f9fa5bdd5aab"> I've noticed there is some confusion around sign-in slugs so I added a home page where you can use ID or slug to get the in link (not all the clients will know you need to put that in the URL) and recently used accounts: <img width="1728" alt="Screenshot 2023-11-13 at 18 54 06" src="https://github.com/firezone/firezone/assets/1877644/ccfb9198-ed1f-4b3e-a26f-b76bab24243c"> Buttons to copy the code are more visible now, I've used our accent color but am open to better ideas: <img width="1728" alt="Screenshot 2023-11-13 at 19 10 29" src="https://github.com/firezone/firezone/assets/1877644/a2c0658e-1003-409b-b5ad-d5d3ade60a10"> When code is copied it's also more visible: <img width="699" alt="Screenshot 2023-11-13 at 19 11 41" src="https://github.com/firezone/firezone/assets/1877644/62e793d2-d760-4aa7-9a42-92a6bbfcbf52"> We also do not redirect from that page automatically, but the large button becomes green with the text changed: <img width="660" alt="Screenshot 2023-11-13 at 19 12 11" src="https://github.com/firezone/firezone/assets/1877644/780dcde3-8018-4405-91e5-984288431ec1"> |
||
|
Thomas Eizinger
|
16b41bf14c |
refactor(connlib): encapsulate Device (#2591)
We encapsulate the internals of `Device` by providing high-level functions on `Device` itself and make all the fields private. From the outside, each consumer this only has an `Arc<Device>` that they can interact with. To achieve this, we use the `arc-swap` crate to atomically swap out the reference to the `Arc<Device>` instead of relying on an `RwLock`. Note that the _reference_ to this `ArcSwapOption` is also wrapped in an `Arc` because we need to share this pointer across many `peer_handler`s. Once we get rid of `Arc<Tunnel>`, this will become a lot simpler. |
||
|
dependabot[bot]
|
76fabd019c |
build(deps): Bump domain from 0.9.0 to 0.9.1 in /rust (#2596)
Bumps [domain](https://github.com/nlnetlabs/domain) from 0.9.0 to 0.9.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nlnetlabs/domain/releases">domain's releases</a>.</em></p> <blockquote> <h2>0.9.1</h2> <p>Bug fixes</p> <ul> <li>Added missing <code>?Sized</code> bounds to the octets type for parsing <code>ZoneRecordData</code> and <code>UnknownRecordData</code>. (<a href="https://redirect.github.com/nlnetlabs/domain/issues/237">#237</a> by [<a href="https://github.com/hunts"><code>@hunts</code></a>])</li> </ul> <p><a href="https://redirect.github.com/nlnetlabs/domain/issues/237">#237</a>: <a href="https://redirect.github.com/NLnetLabs/domain/pull/237">NLnetLabs/domain#237</a> [<a href="https://github.com/hunts"><code>@hunts</code></a>]: <a href="https://github.com/hunts">https://github.com/hunts</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/NLnetLabs/domain/blob/main/Changelog.md">domain's changelog</a>.</em></p> <blockquote> <h2>0.9.1</h2> <p>Released 2023-10-27.</p> <p>Bug fixes</p> <ul> <li>Added missing <code>?Sized</code> bounds to the octets type for parsing <code>ZoneRecordData</code> and <code>UnknownRecordData</code>. (<a href="https://redirect.github.com/nlnetlabs/domain/issues/237">#237</a> by [<a href="https://github.com/hunts"><code>@hunts</code></a>])</li> </ul> <p><a href="https://redirect.github.com/nlnetlabs/domain/issues/237">#237</a>: <a href="https://redirect.github.com/NLnetLabs/domain/pull/237">NLnetLabs/domain#237</a> [<a href="https://github.com/hunts"><code>@hunts</code></a>]: <a href="https://github.com/hunts">https://github.com/hunts</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
6899b70da2 |
build(deps): Bump tokio-util from 0.7.9 to 0.7.10 in /rust (#2595)
Bumps [tokio-util](https://github.com/tokio-rs/tokio) from 0.7.9 to 0.7.10. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/tokio-rs/tokio/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
c51b03315e |
build(deps): Bump libc from 0.2.149 to 0.2.150 in /rust (#2594)
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.149 to 0.2.150. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/libc/releases">libc's releases</a>.</em></p> <blockquote> <h2>0.2.150</h2> <h2>What's Changed</h2> <ul> <li>feat: closefrom() and close_range() for FreeBSD by <a href="https://github.com/SteveLauC"><code>@SteveLauC</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3374">rust-lang/libc#3374</a></li> <li>adding apple ifreq by <a href="https://github.com/devnexen"><code>@devnexen</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3375">rust-lang/libc#3375</a></li> <li>Add pthread_once by <a href="https://github.com/0xcaff"><code>@0xcaff</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3376">rust-lang/libc#3376</a></li> <li>netbsd: Add SO_NOSIGPIPE by <a href="https://github.com/taiki-e"><code>@taiki-e</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3377">rust-lang/libc#3377</a></li> <li>Say goodbye to GH Pages in favor of docs.rs by <a href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3378">rust-lang/libc#3378</a></li> <li>bugfix for teeos use Option by <a href="https://github.com/Sword-Destiny"><code>@Sword-Destiny</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3379">rust-lang/libc#3379</a></li> <li>openbsd/netbsd sharing execvpe definition by <a href="https://github.com/devnexen"><code>@devnexen</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3382">rust-lang/libc#3382</a></li> <li>ifreq for apple follow-up fix case when in non libc_union case by <a href="https://github.com/devnexen"><code>@devnexen</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3385">rust-lang/libc#3385</a></li> <li>NetBSD's mod.rs: fix cpuid_t definition. by <a href="https://github.com/he32"><code>@he32</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3386">rust-lang/libc#3386</a></li> <li>ifconf addition to apple. fixing freebsd's implementation while at it. by <a href="https://github.com/devnexen"><code>@devnexen</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3388">rust-lang/libc#3388</a></li> <li>adding exect/execvP for FreeBSD/DragonflyBSD by <a href="https://github.com/devnexen"><code>@devnexen</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3381">rust-lang/libc#3381</a></li> <li>adding execvP for apple by <a href="https://github.com/devnexen"><code>@devnexen</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3383">rust-lang/libc#3383</a></li> <li>adding ifreq struct for openbsd by <a href="https://github.com/devnexen"><code>@devnexen</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3384">rust-lang/libc#3384</a></li> <li>Add <code>MCL_ONFAULT</code> constants by <a href="https://github.com/newpavlov"><code>@newpavlov</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3380">rust-lang/libc#3380</a></li> <li>Add time namespace constant by <a href="https://github.com/cd-work"><code>@cd-work</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3352">rust-lang/libc#3352</a></li> <li>adding few more CLONE_* constant for Linux/Android. by <a href="https://github.com/devnexen"><code>@devnexen</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3034">rust-lang/libc#3034</a></li> <li>android add handful lock free stdio calls by <a href="https://github.com/devnexen"><code>@devnexen</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3290">rust-lang/libc#3290</a></li> <li>hurd: Fix msghdr's msg_iov field type by <a href="https://github.com/sthibaul"><code>@sthibaul</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3389">rust-lang/libc#3389</a></li> <li>Adding missing macros from linux/if_tun.h by <a href="https://github.com/BrandonMFong"><code>@BrandonMFong</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3320">rust-lang/libc#3320</a></li> <li>vxworks: Add mman.h consts and shm functions by <a href="https://github.com/jdygert-spok"><code>@jdygert-spok</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3406">rust-lang/libc#3406</a></li> <li>Reenable FreeBSD 14 CI, and update definitions to match 14.0-RC1. by <a href="https://github.com/asomers"><code>@asomers</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3355">rust-lang/libc#3355</a></li> <li>Use new check-cfg syntax in newer nightly by <a href="https://github.com/Urgau"><code>@Urgau</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3410">rust-lang/libc#3410</a></li> <li>musl fixes and musl+riscv32 fixes by <a href="https://github.com/akiernan"><code>@akiernan</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3302">rust-lang/libc#3302</a></li> <li>Add various constants from OpenBSD's sys/exec_elf.h. by <a href="https://github.com/ltratt"><code>@ltratt</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3409">rust-lang/libc#3409</a></li> <li>riscv64/musl: Add landlock syscalls by <a href="https://github.com/marv"><code>@marv</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3398">rust-lang/libc#3398</a></li> <li>Add stat64at function declaration to AIX by <a href="https://github.com/ecnelises"><code>@ecnelises</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3324">rust-lang/libc#3324</a></li> <li>adding getmntinfo/getmntvinfo for DragonFlyBSD. by <a href="https://github.com/devnexen"><code>@devnexen</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3394">rust-lang/libc#3394</a></li> <li>adding MOVE_MOUNT* constants for linux to use with SYS_move_mount by <a href="https://github.com/devnexen"><code>@devnexen</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3391">rust-lang/libc#3391</a></li> <li>freebsd adding PROT_MAX|PROT_MAX_EXTRACT mmap flags by <a href="https://github.com/devnexen"><code>@devnexen</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3399">rust-lang/libc#3399</a></li> <li>linux/android adding few if_alg.h constants. by <a href="https://github.com/devnexen"><code>@devnexen</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3404">rust-lang/libc#3404</a></li> <li>Setup Dependabot for GitHub Actions by <a href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3411">rust-lang/libc#3411</a></li> <li>For NetBSD: add entry for NetBSD/riscv64. by <a href="https://github.com/he32"><code>@he32</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3291">rust-lang/libc#3291</a></li> <li>adding more recent pthread_get/setname_np calls to freebsd/dragonflybsd by <a href="https://github.com/devnexen"><code>@devnexen</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3412">rust-lang/libc#3412</a></li> <li>NetBSD/mipsel: add support. by <a href="https://github.com/he32"><code>@he32</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3416">rust-lang/libc#3416</a></li> <li>feat: add new constants from fanotify linux api by <a href="https://github.com/ad0"><code>@ad0</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3408">rust-lang/libc#3408</a></li> <li>linux: add PTRACE_GETSIGMASK and PTRACE_SETSIGMASK by <a href="https://github.com/mbyzhang"><code>@mbyzhang</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3163">rust-lang/libc#3163</a></li> <li>Add a few declarations for Apple systems by <a href="https://github.com/vincentisambart"><code>@vincentisambart</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3328">rust-lang/libc#3328</a></li> <li>feat: Added ifconf struct by <a href="https://github.com/Brijeshkrishna"><code>@Brijeshkrishna</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3393">rust-lang/libc#3393</a></li> <li>Upgrade Docker images to Ubuntu 23.10 by <a href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3418">rust-lang/libc#3418</a></li> <li>redox: Add remaining <code>grp.h</code> functions by <a href="https://github.com/ids1024"><code>@ids1024</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3421">rust-lang/libc#3421</a></li> <li>netbsd/openbsd adding more accessors to siginfo_t. by <a href="https://github.com/devnexen"><code>@devnexen</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3400">rust-lang/libc#3400</a></li> <li>Prepare release for v0.2.150 by <a href="https://github.com/JohnTitor"><code>@JohnTitor</code></a> in <a href="https://redirect.github.com/rust-lang/libc/pull/3424">rust-lang/libc#3424</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/0xcaff"><code>@0xcaff</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/libc/pull/3376">rust-lang/libc#3376</a></li> <li><a href="https://github.com/he32"><code>@he32</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/libc/pull/3386">rust-lang/libc#3386</a></li> <li><a href="https://github.com/sthibaul"><code>@sthibaul</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/libc/pull/3389">rust-lang/libc#3389</a></li> <li><a href="https://github.com/BrandonMFong"><code>@BrandonMFong</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/libc/pull/3320">rust-lang/libc#3320</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0c6b2c079b |
build(deps): Bump serde_json from 1.0.107 to 1.0.108 in /rust (#2593)
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.107 to 1.0.108. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/json/releases">serde_json's releases</a>.</em></p> <blockquote> <h2>v1.0.108</h2> <ul> <li>Documentation improvements (<a href="https://redirect.github.com/serde-rs/json/issues/1075">#1075</a>, <a href="https://redirect.github.com/serde-rs/json/issues/1081">#1081</a>, <a href="https://redirect.github.com/serde-rs/json/issues/1082">#1082</a>, thanks <a href="https://github.com/dimo414"><code>@dimo414</code></a> and <a href="https://github.com/fritzrehde"><code>@fritzrehde</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
b33e8fd04e |
build(deps): Bump futures-bounded from 0.2.0 to 0.2.1 in /rust (#2592)
Bumps [futures-bounded](https://github.com/libp2p/rust-libp2p) from 0.2.0 to 0.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/libp2p/rust-libp2p/releases">futures-bounded's releases</a>.</em></p> <blockquote> <h2>libp2p-v0.53.0</h2> <p>The most ergonomic version of rust-libp2p yet!</p> <p>We've been busy again, with over <a href="https://github.com/libp2p/rust-libp2p/compare/libp2p-v0.52.0...master">250</a> PRs being merged into <code>master</code> since <code>v0.52.0</code> (excluding dependency updates).</p> <h2>Backwards-compatible features</h2> <p>Numerous improvements landed as patch releases since the <code>v0.52.0</code> release, for example a new, type-safe <a href="https://redirect.github.com/libp2p/rust-libp2p/pull/4120"><code>SwarmBuilder</code></a> that also encompasses the most common transport protocols:</p> <pre lang="rust"><code>let mut swarm = libp2p::SwarmBuilder::with_new_identity() .with_tokio() .with_tcp( tcp::Config::default().port_reuse(true).nodelay(true), noise::Config::new, yamux::Config::default, )? .with_quic() .with_dns()? .with_relay_client(noise::Config::new, yamux::Config::default)? .with_behaviour(|keypair, relay_client| Behaviour { relay_client, ping: ping::Behaviour::default(), dcutr: dcutr::Behaviour::new(keypair.public().to_peer_id()), })? .build(); </code></pre> <p>The new builder makes heavy use of the type-system to guide you towards a correct composition of all transports. For example, it is important to compose the DNS transport as a wrapper around all other transports but before the relay transport. Luckily, you no longer need to worry about these details as the builder takes care of that for you! Have a look yourself if you dare <a href="https://github.com/libp2p/rust-libp2p/tree/master/libp2p/src/builder">here</a> but be warned, the internals are a bit wild :)</p> <p>Some more features that we were able to ship in <code>v0.52.X</code> patch-releases include:</p> <ul> <li><a href="https://redirect.github.com/libp2p/rust-libp2p/pull/4325">stable QUIC implementation</a></li> <li>for rust-libp2p compiled to WASM running in the browser <ul> <li><a href="https://redirect.github.com/libp2p/rust-libp2p/pull/4015">WebTransport support</a></li> <li><a href="https://redirect.github.com/libp2p/rust-libp2p/pull/4248">WebRTC support</a></li> </ul> </li> <li><a href="https://redirect.github.com/libp2p/rust-libp2p/pull/4156">UPnP implementation to automatically configure port-forwarding with ones gateway</a></li> <li><a href="https://redirect.github.com/libp2p/rust-libp2p/pull/4281">option to limit connections based on available memory</a></li> </ul> <p>We always try to ship as many features as possible in a backwards-compatible way to get them to you faster. Often times, these come with deprecations to give you a heads-up about what will change in a future version. We advise updating to each intermediate version rather than skipping directly to the most recent one, to avoid missing any crucial deprecation warnings. We highly recommend you stay up-to-date with the latest version to make upgrades as smooth as possible.</p> <p>Some improvments we unfortunately cannot ship in a way that Rust considers a non-breaking change but with every release, we attempt to smoothen the way for future upgrades.</p> <h2><code>#[non_exhaustive]</code> on key enums</h2> <p>We've identified that adding a new "message" to the <code>ToSwarm</code> enum is a common cause for breaking changes. This enum is used by plugins (i.e. <code>NetworkBehaviour</code>s) to communicate with the <code>Swarm</code>. Similarly, the <code>FromSwarm</code> enum is used to inform plugins about state changes. By adding <code>#[non_exhaustive]</code> to these and other enums we enable future additions to be non-breaking changes.</p> <p>For example, <a href="https://redirect.github.com/libp2p/rust-libp2p/issues/4302">we plan</a> to allow <code>NetworkBehaviour</code>s to share addresses of peers they've discovered with each other. Previously, we had to queue this feature until the next breaking change whereas now, we can simply ship it as soon as it is ready!</p> <p>Thanks to <a href="https://github.com/dhuseby"><code>@dhuseby</code></a> for getting the ball rolling on this one. See <a href="https://redirect.github.com/libp2p/rust-libp2p/pull/4581">PR 4581</a> for details.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0d1df924dc |
build(deps): Bump clap from 4.4.6 to 4.4.7 in /rust (#2525)
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.6 to 4.4.7. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's changelog</a>.</em></p> <blockquote> <h2>[4.4.7] - 2023-10-24</h2> <h3>Performance</h3> <ul> <li>Reduced code size</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Gabi
|
953ddeace6 |
connlib: update upstream dns format configuration (#2543)
fixes #2297 |
||
|
Thomas Eizinger
|
b404f10d87 |
refactor(connlib): read from device as part of eventloop (#2520)
As a next step in refactoring the tunnel implementation, I am removing the `device_handler` task and instead use a poll-based function to read from the device. Removing the task means there is one less component that accesses the `Tunnel` via shared-memory. The final one after this PR is the `peer_handler`. Once all shared-access is gone, we can stop using `Arc<Tunnel>` and with it, remove all uses of `Mutex` in the tunnel and simply use `&mut self`. To remove the `device_handler`, we introduce a `Device::poll_read` function that we call as the very first thing in the `Tunnel`'s poll-function. At a later point, we want to think about prioritization within the event loop. I'd suggest deferring that until we have removed the locks as handling the guards is a bit finicky at this stage. |
||
|
dependabot[bot]
|
5faad6aac5 |
build(deps): Bump org.jetbrains.kotlin:kotlin-stdlib from 1.9.10 to 1.9.20 in /rust/connlib/clients/android/connlib (#2559)
Bumps [org.jetbrains.kotlin:kotlin-stdlib](https://github.com/JetBrains/kotlin) from 1.9.10 to 1.9.20. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/JetBrains/kotlin/releases">org.jetbrains.kotlin:kotlin-stdlib's releases</a>.</em></p> <blockquote> <h2>Kotlin 1.9.20-RC2</h2> <h2>Changelog</h2> <h3>Compiler</h3> <ul> <li><a href="https://youtrack.jetbrains.com/issue/KT-62747"><code>KT-62747</code></a> Wrong warning message when overriding vararg with Array during actualization</li> <li><a href="https://youtrack.jetbrains.com/issue/KT-62655"><code>KT-62655</code></a> Don't report a warning when new members and new supertypes are added to open expect actualization</li> <li><a href="https://youtrack.jetbrains.com/issue/KT-62313"><code>KT-62313</code></a> Kotlin/Native Compiler crash: ClassCastException in IntrinsicGenerator</li> </ul> <h3>JavaScript</h3> <ul> <li><a href="https://youtrack.jetbrains.com/issue/KT-62790"><code>KT-62790</code></a> java.lang.ClassCastException in compiler when ::class is used</li> </ul> <h3>Libraries</h3> <ul> <li><a href="https://youtrack.jetbrains.com/issue/KT-62656"><code>KT-62656</code></a> Drop <code>@AllowDifferentMembersInActual</code> from stdlib</li> </ul> <h3>Reflection</h3> <ul> <li><a href="https://youtrack.jetbrains.com/issue/KT-47973"><code>KT-47973</code></a> Reflection: "IllegalArgumentException: argument type mismatch" when using callSuspend to call a function returning value class over primitive</li> </ul> <h3>Tools. Gradle</h3> <ul> <li><a href="https://youtrack.jetbrains.com/issue/KT-61359"><code>KT-61359</code></a> "Unresolved reference: platform" when enabling Gradle configuration cache</li> <li><a href="https://youtrack.jetbrains.com/issue/KT-62496"><code>KT-62496</code></a> Configuration time regression with KGP 1.9.20-Beta caused by loading of properties</li> </ul> <h2>Checksums</h2> <table> <thead> <tr> <th>File</th> <th>Sha256</th> </tr> </thead> <tbody> <tr> <td>kotlin-compiler-1.9.20-RC2.zip</td> <td>e7ecbb754203a427adcdfa97f609472e0840ef7c6722c04daaf218900b669728</td> </tr> <tr> <td>kotlin-native-linux-x86_64-1.9.20-RC2.tar.gz</td> <td>5faf5f8b1f20c8214767f23a1c9918ab97191abbb93d39aae9fd529b1a93b463</td> </tr> <tr> <td>kotlin-native-macos-x86_64-1.9.20-RC2.tar.gz</td> <td>64d40e0d3398a6fecc948391d1ccd02c30371a56da3710ee6491b5b7b98f7a24</td> </tr> <tr> <td>kotlin-native-macos-aarch64-1.9.20-RC2.tar.gz</td> <td>41be3a0f63a6f726118024c5a9960e480390267a96a30a45211d2bcf49104c33</td> </tr> <tr> <td>kotlin-native-windows-x86_64-1.9.20-RC2.zip</td> <td>a5305b21517756b108c748ade77780af564589b1f64feb810ce211fb72b2da2b</td> </tr> </tbody> </table> <h2>Kotlin 1.9.20-RC</h2> <h2>Changelog</h2> <h3>Compiler</h3> <ul> <li><a href="https://youtrack.jetbrains.com/issue/KT-62127"><code>KT-62127</code></a> "NoSuchFieldError: TRUE$delegate" on referencing companion's variable in submodule</li> <li><a href="https://youtrack.jetbrains.com/issue/KT-62335"><code>KT-62335</code></a> Improve debuggability of code generator crashes</li> <li><a href="https://youtrack.jetbrains.com/issue/KT-62263"><code>KT-62263</code></a> Turn "different expect/actual members" error into a warning</li> <li><a href="https://youtrack.jetbrains.com/issue/KT-61933"><code>KT-61933</code></a> K2: "<code>Argument type mismatch: actual type is 'Foo<kotlin/Function0<kotlin/Unit>>' but 'Foo<kotlin/coroutines/SuspendFunction0<kotlin/Unit>>' was expected</code>"</li> </ul> <h3>IDE. Multiplatform</h3> <ul> <li><a href="https://youtrack.jetbrains.com/issue/KT-61686"><code>KT-61686</code></a> Check and update places in compiler and IDE where we are saying that MPP is experimental/Beta/Alpha</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/JetBrains/kotlin/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Jamil
|
2bca378f17 |
Allow data plane configuration at runtime (#2477)
## Changelog - Updates connlib parameter API_URL (formerly known under different names as `CONTROL_PLANE_URL`, `PORTAL_URL`, `PORTAL_WS_URL`, and friends) to be configured as an "advanced" or "hidden" feature at runtime so that we can test production builds on both staging and production. - Makes `AUTH_BASE_URL` configurable at runtime too - Moves `CONNLIB_LOG_FILTER_STRING` to be configured like this as well and simplifies its naming - Fixes a timing attack bug on Android when comparing the `csrf` token - Adds proper account ID validation to Android to prevent invalid URL parameter strings from being saved and used - Cleans up a number of UI / view issues on Android regarding typos, consistency, etc - Hides vars from from the `relay` CLI we may not want to expose just yet - `get_device_id()` is flawed for connlib components -- SMBios is rarely available. Data plane components now require a `FIREZONE_ID` now instead to use for upserting. Fixes #2482 Fixes #2471 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Gabi <gabrielalejandro7@gmail.com> |
||
|
Thomas Eizinger
|
6b4142e5e9 |
fix: sort out compile error after semantic merge conflict (#2533)
Merging #2510 and #2532 created a semantic merge conflict. |
||
|
Thomas Eizinger
|
a571e5ba48 | refactor(connlib): misc cleanups (#2510) | ||
|
Gabi
|
9c98167daa | connlib: break read on 0-sized read (#2532) | ||
|
Gabi
|
6c28f90219 |
connlib: set default mtu for linux to 1280 (#2531)
Somewhere this was deleted, re-adding it. |
||
|
dependabot[bot]
|
b417e71c1d |
build(deps): Bump base64 from 0.21.4 to 0.21.5 in /rust (#2524)
Bumps [base64](https://github.com/marshallpierce/rust-base64) from 0.21.4 to 0.21.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md">base64's changelog</a>.</em></p> <blockquote> <h1>0.21.5</h1> <ul> <li>Add <code>Debug</code> and <code>Clone</code> impls for the general purpose Engine</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
bf39f65bb0 |
build(deps): Bump futures from 0.3.28 to 0.3.29 in /rust (#2523)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [futures](https://github.com/rust-lang/futures-rs) from 0.3.28 to 0.3.29. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/futures-rs/releases">futures's releases</a>.</em></p> <blockquote> <h2>0.3.29</h2> <ul> <li>Add <code>TryStreamExt::try_ready_chunks</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2757">#2757</a>)</li> <li>Add <code>TryStreamExt::{try_all,try_any}</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2783">#2783</a>)</li> <li>Add <code>UnboundedSender::{len,is_empty}</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2750">#2750</a>)</li> <li>Fix <code>Sync</code> impl of <code>FuturesUnordered</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2788">#2788</a>)</li> <li>Fix infinite loop caused by invalid UTF-8 bytes (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2785">#2785</a>)</li> <li>Fix build error with -Z minimal-versions (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2761">#2761</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/futures-rs/blob/master/CHANGELOG.md">futures's changelog</a>.</em></p> <blockquote> <h1>0.3.29 - 2023-10-26</h1> <ul> <li>Add <code>TryStreamExt::try_ready_chunks</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2757">#2757</a>)</li> <li>Add <code>TryStreamExt::{try_all,try_any}</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2783">#2783</a>)</li> <li>Add <code>UnboundedSender::{len,is_empty}</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2750">#2750</a>)</li> <li>Fix <code>Sync</code> impl of <code>FuturesUnordered</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2788">#2788</a>)</li> <li>Fix infinite loop caused by invalid UTF-8 bytes (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2785">#2785</a>)</li> <li>Fix build error with -Z minimal-versions (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2761">#2761</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
50f3809ffa |
build(deps): Bump serde from 1.0.189 to 1.0.190 in /rust (#2522)
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.189 to 1.0.190. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/serde/releases">serde's releases</a>.</em></p> <blockquote> <h2>v1.0.190</h2> <ul> <li>Preserve NaN sign when deserializing f32 from f64 or vice versa (<a href="https://redirect.github.com/serde-rs/serde/issues/2637">#2637</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
fcb0879a05 |
build(deps): Bump futures-util from 0.3.28 to 0.3.29 in /rust (#2521)
Bumps [futures-util](https://github.com/rust-lang/futures-rs) from 0.3.28 to 0.3.29. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/futures-rs/releases">futures-util's releases</a>.</em></p> <blockquote> <h2>0.3.29</h2> <ul> <li>Add <code>TryStreamExt::try_ready_chunks</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2757">#2757</a>)</li> <li>Add <code>TryStreamExt::{try_all,try_any}</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2783">#2783</a>)</li> <li>Add <code>UnboundedSender::{len,is_empty}</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2750">#2750</a>)</li> <li>Fix <code>Sync</code> impl of <code>FuturesUnordered</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2788">#2788</a>)</li> <li>Fix infinite loop caused by invalid UTF-8 bytes (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2785">#2785</a>)</li> <li>Fix build error with -Z minimal-versions (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2761">#2761</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/futures-rs/blob/master/CHANGELOG.md">futures-util's changelog</a>.</em></p> <blockquote> <h1>0.3.29 - 2023-10-26</h1> <ul> <li>Add <code>TryStreamExt::try_ready_chunks</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2757">#2757</a>)</li> <li>Add <code>TryStreamExt::{try_all,try_any}</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2783">#2783</a>)</li> <li>Add <code>UnboundedSender::{len,is_empty}</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2750">#2750</a>)</li> <li>Fix <code>Sync</code> impl of <code>FuturesUnordered</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2788">#2788</a>)</li> <li>Fix infinite loop caused by invalid UTF-8 bytes (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2785">#2785</a>)</li> <li>Fix build error with -Z minimal-versions (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2761">#2761</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Andrew Dryga
|
98383e8622 |
Introduce Sites (#2516)
Closes #2513 |
||
|
Gabi
|
559b3bd591 |
connlib: limit the number of relays used per-connection (#2514)
Fixes #2499 @AndrewDryga This should be accompanied by a portal-side PR that: * Sorts gateway somehow * Stop sending STUN servers: we only need TURN URLs since webrtc already fall back onto STUN URLs when it fails to allocate. Right now, if we merge this without removing TURN URLs we might not get a connection where TURN is needed. I think we should leave the `Stun` type in the message, for hole-punched only connections that we want to implement in the function. Which from connlib's side shouldn't need any change if we lave it like this, the portal should only send STUN urls in that case. --------- Signed-off-by: Gabi <gabrielalejandro7@gmail.com> Co-authored-by: Andrew Dryga <andrew@dryga.com> |
||
|
Thomas Eizinger
|
63542e2069 | chore: remove resolved TODO (#2509) | ||
|
Thomas Eizinger
|
6735083ed1 |
feat(connlib): remove ip-filter from SettingEngine (#2507)
|
||
|
Thomas Eizinger
|
99d1b3bc7b | refactor(connlib): move side-effects up the callstack (#2485) | ||
|
Thomas Eizinger
|
d5e182cf0a |
deps: use released version of futures-bounded (#2500)
|
||
|
Thomas Eizinger
|
487110d0b0 |
fix(gateway): stop reconnecting on client errors (#2464)
Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Andrew Dryga
|
8b8881f415 | Make CodeQL a part of CI workflow (#2492) | ||
|
dependabot[bot]
|
f0e545a8fd |
build(deps): Bump stun_codec from 0.3.3 to 0.3.4 in /rust (#2487)
Bumps [stun_codec](https://github.com/sile/stun_codec) from 0.3.3 to 0.3.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sile/stun_codec/releases">stun_codec's releases</a>.</em></p> <blockquote> <h2>v0.3.4</h2> <h2>What's Changed</h2> <ul> <li>Remove the hmac_sha1 dependency by <a href="https://github.com/pantsman0"><code>@pantsman0</code></a> in <a href="https://redirect.github.com/sile/stun_codec/pull/20">sile/stun_codec#20</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/pantsman0"><code>@pantsman0</code></a> made their first contribution in <a href="https://redirect.github.com/sile/stun_codec/pull/20">sile/stun_codec#20</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sile/stun_codec/compare/0.3.3...0.3.4">https://github.com/sile/stun_codec/compare/0.3.3...0.3.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0af112df00 |
build(deps): Bump socket2 from 0.5.4 to 0.5.5 in /rust (#2486)
Bumps [socket2](https://github.com/rust-lang/socket2) from 0.5.4 to 0.5.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/socket2/blob/master/CHANGELOG.md">socket2's changelog</a>.</em></p> <blockquote> <h1>0.5.5</h1> <ul> <li>Add support for Vita (<a href="https://redirect.github.com/rust-lang/socket2/pull/465">rust-lang/socket2#465</a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Gabi
|
cc65a63c63 |
Update Dockerfile (#2490)
When moving from debian to alpine we stopped installing `curl` and it's needed to get the public ipv4 and ipv6 of the relay in the `docker-init.sh` Signed-off-by: Gabi <gabrielalejandro7@gmail.com> |
||
|
Jamil
|
23ca75227c |
log upload interval 5 minutes; delete file after upload (#2463)
- Reduce interval to 5 minutes - Delete file after successful upload --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Dryga <andrew@dryga.com> Co-authored-by: bmanifold <bmanifold@users.noreply.github.com> |
||
|
Jamil
|
fa57d66965 |
Publish Releases (#2344)
- rebuild and publish gateway and relay binaries to currently drafted release - re-tag current relay/gateway images and push to ghcr.io Stacked on #2341 to prevent conflicts Fixes #2223 Fixes #2205 Fixes #2202 Fixes #2239 ~~Still TODO: `arm64` images and binaries...~~ Edit: added via `cross-rs` |
||
|
dependabot[bot]
|
4d73b99e70 |
build(deps): Bump ring from 0.17.4 to 0.17.5 in /rust (#2453)
Bumps [ring](https://github.com/briansmith/ring) from 0.17.4 to 0.17.5. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/briansmith/ring/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
ac6a8eefaf |
build(deps): Bump tracing from 0.1.39 to 0.1.40 in /rust (#2455)
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.39 to 0.1.40. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tracing/releases">tracing's releases</a>.</em></p> <blockquote> <h2>tracing 0.1.40</h2> <p>This release fixes a potential stack use-after-free in the <code>Instrument::into_inner</code> method. Only uses of this method are affected by this bug.</p> <h3>Fixed</h3> <ul> <li>Use <code>mem::ManuallyDrop</code> instead of <code>mem::forget</code> in <code>Instrument::into_inner</code> (<a href="https://redirect.github.com/tokio-rs/tracing/issues/2765">#2765</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tracing/issues/2765">#2765</a>: <a href="https://redirect.github.com/tokio-rs/tracing/pull/2765">tokio-rs/tracing#2765</a></p> <p>Thanks to <a href="https://github.com/cramertj"><code>@cramertj</code></a> and <a href="https://github.com/manishearth"><code>@manishearth</code></a> for finding and fixing this issue!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
85a7d002c3 |
build(deps): Bump thiserror from 1.0.49 to 1.0.50 in /rust (#2451)
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.49 to 1.0.50. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/thiserror/releases">thiserror's releases</a>.</em></p> <blockquote> <h2>1.0.50</h2> <ul> <li>Improve diagnostic when a #[source], #[from], or #[transparant] attribute refers to a type that has no std::error::Error impl (<a href="https://redirect.github.com/dtolnay/thiserror/issues/258">#258</a>, thanks <a href="https://github.com/de-vri-es"><code>@de-vri-es</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Gabi
|
29a480789e |
Fix reuse connections (#2454)
There were 2 bugs: * `gateway_awaiting_connections` should represent gateways were there is an on-going connection intent but are not connected yet but currently we were creating an empty entry when there was no entry, even if there is a connection established, this would cause the next resource connection intent to stop early without adding the allowed ip, thus never using the connection. * There was a race condition, where if the `ReuseConnection` was sent to the gateway when the connection wasn't established, the gateway would just ignore the message, but this connection intent would never be sent again. Now that I'm writing this maybe the best solution is, if there is a pending connection to a gateway, we just do nothing. That way upper layers would just retry the message and we send `ReuseConnection` once the connection is established instead of buffering the requests... Edit: that's exactly the fix I made. |
||
|
Thomas Eizinger
|
d2c0744518 | fix(connlib): correctly forward rollover (#2462) | ||
|
Thomas Eizinger
|
919b7890e6 |
refactor(connlib): move more logic to poll_next_event (#2403)
|
||
|
Jamil
|
573124bd2f |
Document relay gateway client CLIs (#2424)
Fixes #2363 * Rename `relay` package to `firezone-relay` so that binaries outputted match the `firezone-*` cli naming scheme * Rename `firezone-headless-client` package to `firezone-linux-client` for consistency * Add READMEs for user-facing CLI components (there will also be docs later) |
||
|
Thomas Eizinger
|
a65a0ad88e |
deps: update to webrtc 0.9, boringtun to master (#2404)
Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Thomas Eizinger
|
5a906cb1c4 |
refactor(connlib): remove ConnId (#2361)
Co-authored-by: Jamil <jamilbk@users.noreply.github.com> |
||
|
Gabi
|
d626f6dbf6 |
Connlib/forward dns (#2325)
With this we implement DNS forwarding that's specified in #2043 This also solve the DNS story in Android. For the headless client in Linux we still need to implement split dns, but we can make do with this, specially, we can read from resolvconf and use the forward DNS (not ideal but can work if we want a beta headless client). For the resolver I used `trusted-proto-resolver`. The other options were: * Using `domain`'s resolver but while it could work for now, it's no ideal for this since it doesn't support DoH or DoT and doesn't provide us with a DNS cache. * Using `trusted-proto-client`, it doesn't provide us with a DNS cache, though we could eventually replace it since it provides a way to access the underlying buffer which could make our code a bit simpler. * Writing our own. While we could make the API ideal, this is too much work for beta. @pratikvelani I did some refactor in the kotlin side so we can return an array of bytearrays so that we don't require parsing on connlib side, I also tried to make the dns server detector a bit simpler please take a look it's my first time doing kotlin @thomaseizinger please take a look specially at the first commit, I tried to integrate with the `poll_events` and the `ClientState`. |
||
|
dependabot[bot]
|
b69a91e33c |
build(deps): Bump uuid from 1.4.1 to 1.5.0 in /rust (#2428)
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.4.1 to 1.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/uuid-rs/uuid/releases">uuid's releases</a>.</em></p> <blockquote> <h2>1.5.0</h2> <h2>What's Changed</h2> <ul> <li>Add impl From<!-- raw HTML omitted --> for String under the std feature flag by <a href="https://github.com/brahms116"><code>@brahms116</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/700">uuid-rs/uuid#700</a></li> <li>Remove dead link to templates by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/704">uuid-rs/uuid#704</a></li> <li>make ClockSequence wrap correctly by <a href="https://github.com/fef1312"><code>@fef1312</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/705">uuid-rs/uuid#705</a></li> <li>Track MSRV in Cargo.toml by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/706">uuid-rs/uuid#706</a></li> <li>Support converting between Uuid and vec by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/703">uuid-rs/uuid#703</a></li> <li>Replace MIPS with Miri and add clippy to CI by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/712">uuid-rs/uuid#712</a></li> <li>Added <code>bytemuck</code> support by <a href="https://github.com/John-Toohey"><code>@John-Toohey</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/711">uuid-rs/uuid#711</a></li> <li>Prepare for 1.5.0 release by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/uuid-rs/uuid/pull/713">uuid-rs/uuid#713</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/brahms116"><code>@brahms116</code></a> made their first contribution in <a href="https://redirect.github.com/uuid-rs/uuid/pull/700">uuid-rs/uuid#700</a></li> <li><a href="https://github.com/fef1312"><code>@fef1312</code></a> made their first contribution in <a href="https://redirect.github.com/uuid-rs/uuid/pull/705">uuid-rs/uuid#705</a></li> <li><a href="https://github.com/John-Toohey"><code>@John-Toohey</code></a> made their first contribution in <a href="https://redirect.github.com/uuid-rs/uuid/pull/711">uuid-rs/uuid#711</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/uuid-rs/uuid/compare/1.4.1...1.5.0">https://github.com/uuid-rs/uuid/compare/1.4.1...1.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |