mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-03-22 10:41:48 +00:00
99d77a84cd
With #7684, we update our boringtun fork to support deterministic timers and handshake jitter. Further testing revealed that there was a bug within the jitter implementation that prevented the jitter from actually applying (https://github.com/firezone/boringtun/pull/48). In addition, we were only calling `update_timers_at` with a precision of 1s, making the internal jittering of 0 to 333ms within `boringtun` useless. To fix this, we introduced a `next_timer_update` function in `Tunn` in https://github.com/firezone/boringtun/pull/49 and make use of it in here. Finally, https://github.com/firezone/boringtun/pull/50 prioritizes the sending of these scheduled handshakes to further improve the timer precision. With these patches applied, this is what the rekey logs look like: ``` 2025-01-08T13:20:09.209Z DEBUG boringtun::noise::timers: HANDSHAKE(REKEY_AFTER_TIME (on send)) cid=b3d34a15-55ab-40df-994b-a838e75d65d7 2025-01-08T13:20:09.209Z DEBUG boringtun::noise::timers: Scheduling new handshake jitter=204.361814ms cid=b3d34a15-55ab-40df-994b-a838e75d65d7 2025-01-08T13:20:09.415Z DEBUG boringtun::noise: Sending handshake_initiation cid=b3d34a15-55ab-40df-994b-a838e75d65d7 2025-01-08T13:20:09.537Z DEBUG boringtun::noise: Received handshake_response local_idx=2898279939 remote_idx=2039394307 cid=b3d34a15-55ab-40df-994b-a838e75d65d7 2025-01-08T13:20:09.540Z DEBUG boringtun::noise: New session session=2898279939 cid=b3d34a15-55ab-40df-994b-a838e75d65d7 ``` We can see that the scheduled handshake now does indeed get sent with the applied jitter of 200ms.
Connlib
Firezone's connectivity library shared by all clients.
Building Connlib
You shouldn't need to build connlib directly; it's typically built as a dependency of one of the other Firezone components. See READMEs in those directories for relevant instructions.