## Changelog
- Updates connlib parameter API_URL (formerly known under different
names as `CONTROL_PLANE_URL`, `PORTAL_URL`, `PORTAL_WS_URL`, and
friends) to be configured as an "advanced" or "hidden" feature at
runtime so that we can test production builds on both staging and
production.
- Makes `AUTH_BASE_URL` configurable at runtime too
- Moves `CONNLIB_LOG_FILTER_STRING` to be configured like this as well
and simplifies its naming
- Fixes a timing attack bug on Android when comparing the `csrf` token
- Adds proper account ID validation to Android to prevent invalid URL
parameter strings from being saved and used
- Cleans up a number of UI / view issues on Android regarding typos,
consistency, etc
- Hides vars from from the `relay` CLI we may not want to expose just
yet
- `get_device_id()` is flawed for connlib components -- SMBios is rarely
available. Data plane components now require a `FIREZONE_ID` now instead
to use for upserting.
Fixes#2482Fixes#2471
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Gabi <gabrielalejandro7@gmail.com>
There were 2 bugs:
* `gateway_awaiting_connections` should represent gateways were there is
an on-going connection intent but are not connected yet but currently we
were creating an empty entry when there was no entry, even if there is a
connection established, this would cause the next resource connection
intent to stop early without adding the allowed ip, thus never using the
connection.
* There was a race condition, where if the `ReuseConnection` was sent to
the gateway when the connection wasn't established, the gateway would
just ignore the message, but this connection intent would never be sent
again.
Now that I'm writing this maybe the best solution is, if there is a
pending connection to a gateway, we just do nothing. That way upper
layers would just retry the message and we send `ReuseConnection` once
the connection is established instead of buffering the requests...
Edit: that's exactly the fix I made.
With this we implement DNS forwarding that's specified in #2043
This also solve the DNS story in Android.
For the headless client in Linux we still need to implement split dns,
but we can make do with this, specially, we can read from resolvconf and
use the forward DNS (not ideal but can work if we want a beta headless
client).
For the resolver I used `trusted-proto-resolver`.
The other options were:
* Using `domain`'s resolver but while it could work for now, it's no
ideal for this since it doesn't support DoH or DoT and doesn't provide
us with a DNS cache.
* Using `trusted-proto-client`, it doesn't provide us with a DNS cache,
though we could eventually replace it since it provides a way to access
the underlying buffer which could make our code a bit simpler.
* Writing our own. While we could make the API ideal, this is too much
work for beta.
@pratikvelani I did some refactor in the kotlin side so we can return an
array of bytearrays so that we don't require parsing on connlib side, I
also tried to make the dns server detector a bit simpler please take a
look it's my first time doing kotlin
@thomaseizinger please take a look specially at the first commit, I
tried to integrate with the `poll_events` and the `ClientState`.
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.4.1 to 1.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/uuid-rs/uuid/releases">uuid's
releases</a>.</em></p>
<blockquote>
<h2>1.5.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add impl From<!-- raw HTML omitted --> for String under the std
feature flag by <a
href="https://github.com/brahms116"><code>@brahms116</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/700">uuid-rs/uuid#700</a></li>
<li>Remove dead link to templates by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/704">uuid-rs/uuid#704</a></li>
<li>make ClockSequence wrap correctly by <a
href="https://github.com/fef1312"><code>@fef1312</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/705">uuid-rs/uuid#705</a></li>
<li>Track MSRV in Cargo.toml by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/706">uuid-rs/uuid#706</a></li>
<li>Support converting between Uuid and vec by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/703">uuid-rs/uuid#703</a></li>
<li>Replace MIPS with Miri and add clippy to CI by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/712">uuid-rs/uuid#712</a></li>
<li>Added <code>bytemuck</code> support by <a
href="https://github.com/John-Toohey"><code>@John-Toohey</code></a> in
<a
href="https://redirect.github.com/uuid-rs/uuid/pull/711">uuid-rs/uuid#711</a></li>
<li>Prepare for 1.5.0 release by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/713">uuid-rs/uuid#713</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/brahms116"><code>@brahms116</code></a>
made their first contribution in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/700">uuid-rs/uuid#700</a></li>
<li><a href="https://github.com/fef1312"><code>@fef1312</code></a> made
their first contribution in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/705">uuid-rs/uuid#705</a></li>
<li><a
href="https://github.com/John-Toohey"><code>@John-Toohey</code></a>
made their first contribution in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/711">uuid-rs/uuid#711</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/uuid-rs/uuid/compare/1.4.1...1.5.0">https://github.com/uuid-rs/uuid/compare/1.4.1...1.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e68b0108fa"><code>e68b010</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/713">#713</a> from
uuid-rs/cargo/1.5.0</li>
<li><a
href="b1cc27a118"><code>b1cc27a</code></a>
prepare for 1.5.0 release</li>
<li><a
href="b8ebdee9b0"><code>b8ebdee</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/711">#711</a> from
John-Toohey/bytemuck</li>
<li><a
href="2dad70d3c7"><code>2dad70d</code></a>
Added the <code>bytemuck</code> optional dependency to
<code>lib.rs</code> documentation</li>
<li><a
href="bcf2b58997"><code>bcf2b58</code></a>
Added Bytemuck to .github/workflows/ci.yml::env::DEP_FEATURES</li>
<li><a
href="a8d2e1d4bf"><code>a8d2e1d</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/712">#712</a> from
uuid-rs/ci/miri-clippy</li>
<li><a
href="0c5b2dfebd"><code>0c5b2df</code></a>
fix up a clippy warning</li>
<li><a
href="1d4bd6e5b2"><code>1d4bd6e</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/703">#703</a> from
uuid-rs/feat/convert-to-vec</li>
<li><a
href="52b3fbc04a"><code>52b3fbc</code></a>
replace MIPS with Miri and add clippy to CI</li>
<li><a
href="3833d095c1"><code>3833d09</code></a>
Make the bytemuck dependency look more like the other dependencies</li>
<li>Additional commits viewable in <a
href="https://github.com/uuid-rs/uuid/compare/1.4.1...1.5.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Should be easier to review commit by commit.
The gist of this commit is:
* `onAddRoute` on Android now takes an address+prefix as to minimize
parsing
* `onAddRoute` recreates the vpn service each time(TODO: is this too bad
for performance?)
* `on_add_route` and `onAddRoute` returns the new fd
* on android after `on_add_route` we recreate `IfaceConfig` and
`DeviceIo` and we store the new values
* `peer_handler` now runs on a loop, where each time we fail a write
with an error code 9(bad descriptor) we try to take the new `DeviceIo`
* we keep an
[`AbortHandle`](https://docs.rs/tokio/latest/tokio/task/struct.AbortHandle.html)
from the `iface_handler` task, since closing the fd doesn't awake the
`read` task for `AsyncFd`(I tried it, right now `close` is only called
after dropping the fd) so we explicitly abort the task and start a new
one with the new `device_io`.
* in android `DeviceIo` has an atomic which tells if it's closed or open
and we change it to closed after `on_add_route`, we use this as to never
double-close the fd, instead we wait until it's dropped. This *might*
affect performance on android since we use non-`Ordering::Relaxed`
atomic operation each read/write but it won't affect perfromance in
other platforms, furthermore I believe the performance gains if we
remove this will be minimal.
Fixes#2227
---------
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
fixes#2013
Stops the reconnect loop on a 4xx error.
Right now it seems like android doesn't handle `on_disconnect` properly,
just logging instead of going back to sign-in screen.
