Comments (5)
I think the following idea is relevant here: #3343 (comment).
from firezone.
This would be a one-off callback from connlib -> JVM, probably wouldn't need to updateTunnelState
?
from firezone.
This would be a one-off callback from connlib -> JVM
I think we should not do one-off callbacks. In fact, I think the only "callback" we should do is updateTunnelState
. I am saying "callback" because I have this vision that it is not implemented as a callback but instead, the connlib interface is essentially a Stream<Item = State>
that gets continuously read by client-specific crates (like connlib-android
). These crates can then either use a callback or something else to talk across the FFI boundary1.
We should really try to implement the clients such that they always respond to state updates. In this particular case, the Android app knows when it is creating a file descriptor (when it creates the new VPN service), it doesn't need to be told by connlib when to do that :)
The goal of what I linked above is that:
- connlib only ever emits its current state
- clients display that
- user input calls "commands" on the connlib session
- client state only changes as a result of a new connlib state
If we keep the data flow unidirectional like this, it will be very difficult to program bugs into the client! :)
Footnotes
-
On Windows for example, the stream could directly be read by the client, no need for going through a callback-based interface. Even on other platforms, one could imagine to just return an
Iterator
or directly theStream
and the client-code does the polling. ↩
from firezone.
@thomaseizinger Yeah that makes sense.
This is a platform-specific thing needed on Android for protecting the datagram socket for each channel that gets opened, not the file descriptor (we already call protect
on that).
Apple's network stack already does this for us, and on Linux we can perform this directly with fwmark
.
On Android however we can only do it on the JVM side of the boundary.
Would this mean issuing a state update from connlib -> JVM for each channel we need to open? That would be a no-op for the other platforms?
Maybe it'll help to start defining the schema for the state
object connlib sends back. The UDP datagram socket could be an optional field sent to the JVM.
from firezone.
Ah I see! Once snownet
is integrated, we only have two UDP file-descriptors, one for IP4 and one for IP6 but yes, we could make them part of the state so clients have access to them.
Maybe it'll help to start defining the schema for the
state
object connlib sends back. The UDP datagram socket could be an optional field sent to the JVM.
Unless we plan to emitting state updates prior to launching the tunnel, we should always have two defined as binding to the sockets is pretty much the very first thing we do.
from firezone.
Related Issues (20)
- Sometimes connections to a gateway are only established after 10s HOT 31
- snownet: detect NAT status HOT 5
- connlib: remove `Result` return values from `Callbacks` HOT 3
- doc: Ubuntu dependencies HOT 3
- Cert pinning
- Investigate why eur-west1-d Relay is being offered to client in NE HOT 3
- relay: rewrite design of `Server` to follow a better SANS-IO design
- Decouple component versions
- bug(gui-client): Can't open browser on Linux, selinux is unhappy
- Handle errors internally for `update_routes`.
- Add component version to logs
- `docker compose pull` doesn't work HOT 1
- Diagnose why some Application protocols don't work over WireGuard
- MacOS: re-consider automated re-connects from the app side HOT 5
- connlib: investigate using `sendmmsg` for TUN device HOT 4
- snownet: introduce connection span
- connlib: use shorter IDs for clients and gateways HOT 4
- snownet: repeated logs of new wireguard handshake
- Configurable session lifetimes per Policy HOT 2
- snownet: stagger sending of candidates based on connection state HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from firezone.