feat(snownet): timeout connections if we don't receive a candidate within 10s

[thomaseizinger]

Previously, we had a dedicated timer for this within the tunnel implementation. Now that we have control over the internals of our connection via snownet, we can timeout the connection if we don't receive a candidate from the remote within 10s.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment

Name	Status	Preview	Comments	Updated (UTC)
firezone	⬜️ Ignored (Inspect)	Visit Preview		Mar 8, 2024 2:34am

[github-actions]

Terraform Cloud Plan Output

Plan: 8 to add, 7 to change, 8 to destroy.

Terraform Cloud Plan

[github-actions]

Performance Test Results

TCP

Test Name	Received/s	Sent/s	Retransmits
direct-tcp-client2server	65.6 MiB (+0%)	66.2 MiB (+1%)	47 (-2%)
direct-tcp-server2client	53.5 MiB (-1%)	53.8 MiB (-1%)	37 (+3%)
relayed-tcp-client2server	30.0 MiB (+4%)	32.4 MiB (+5%)	105 (-67%)
relayed-tcp-server2client	28.5 MiB (+1%)	30.4 MiB (-0%)	430 (+199%)

UDP

Test Name	Total/s	Jitter	Lost
direct-udp-client2server	50.0 MiB (+0%)	0.17ms (-35%)	0.00% (NaN%)
direct-udp-server2client	50.0 MiB (-0%)	0.21ms (+1%)	0.00% (NaN%)
relayed-udp-client2server	50.0 MiB (-0%)	0.30ms (-8%)	19.85% (+3%)
relayed-udp-server2client	50.0 MiB (+0%)	0.41ms (-10%)	24.66% (+30%)

[thomaseizinger]

@conectado Do you have any idea why these integration tests could fail with this change? Am I not understanding correctly what this timer did?

[conectado]

@conectado Do you have any idea why these integration tests could fail with this change? Am I not understanding correctly what this timer did?

Looking at the code it seems equivalent but I don't see the second connection being started in the client logs. I'll later checkout this branch and try to debug it locally.

[thomaseizinger]

To run the test scripts locally, we need iptables.

[thomaseizinger]

The new timeout in snownet is also 10s.

[thomaseizinger]

This is really strange. I can't reproduce this failure locally.

What seems to happen is that the connection never times out despite the relay being restarted.

[thomaseizinger]

This is really strange. I can't reproduce this failure locally.

What seems to happen is that the connection never times out despite the relay being restarted.

Ha! It turned out to be a busy-loop when computing the next timeout :)

[thomaseizinger]

@conectado Ready for review now. I've split up the commits into atomic ones.