-
Notifications
You must be signed in to change notification settings - Fork 271
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor(connlib): delay initialization of Sockets
until we have a tokio runtime
#4286
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 1 Ignored Deployment
|
Terraform Cloud Plan Output
|
Performance Test ResultsTCP
UDP
|
@thomaseizinger I think you'd be much faster at wrapping this up, so I'll assign it to you. I went down the road of adding a new I think Gabi pulled 2c2c617 out because it was causing CI failures. |
We need to call this within a tokio runtime so we can't call it as part of setting up the `Session` but need to delay it to `Tunnel::new`.
protect
callback inside Sockets
and ensure Sockets::new()
is called within a tokio runtimeSockets
until we have a tokio runtime
@jamilbk I hope the patch I pushed fixes it! It also removes some duplication from the previous approach which is nice :) |
pub fn new() -> io::Result<Self> { | ||
#[cfg(unix)] | ||
pub fn with_protect( | ||
protect: impl Fn(std::os::fd::RawFd) -> io::Result<()> + Send + 'static, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@conectado As part of #4159, I want to move the initialization of the TUN device to the upper layers, i.e. outside of Tunnel
. At that point, the use of FIREZONE_MARK
can be entirely in the clients and the linux client can also use this callback to call set_mark
on the socket which unifies this behaviour across all platforms.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm in favor of this, in fact, I think making connlib completely platform-independent would be very nice.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As long as it doesn't make the FFI / callbacks more complex just to do something that connlib already knows it needs to do.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! I'll slot this in my PR #4133 and let the others review this week.
Tested on Android (emulator 10), macOS, and iOS and this seems to fix the issue. |
@@ -13,10 +13,47 @@ use crate::Result; | |||
pub struct Sockets { | |||
socket_v4: Option<Socket>, | |||
socket_v6: Option<Socket>, | |||
|
|||
#[cfg(unix)] | |||
protect: Box<dyn Fn(std::os::fd::RawFd) -> io::Result<()> + Send + 'static>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not that sure about this platform-dependent callback.
What if instead of having a protect
callback, we have a create_socket
callback, that returns the socket that each platform can create as it want.
Another idea, that perhaps works better, is getting a socket2::UdpSocket
instead of a tokio::Socket
and have the client just send the socket and we create the Sockets
and Socket
when it is received.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@conectado Would it make sense to save this refactor for another PR just to get these fixes into main
? I believe @thomaseizinger is out this week and you next week so maybe sometime after that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, I'll be in favor of this (sorry, I missed this comment) fixing main asap seems more important :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that is a great idea @conectado ! Despite some duplication across the clients, I think it is much cleaner to let them choose, how to initialize they sockets. There is actually no reason why connlib
should dictate the use of a random port. it should be up to the client to pick the port. That would make it trivial to e.g. implement a PORT
env variable on the gateway.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very cool 😎
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense. Some of the last month of refactors have definitely been fighting each other though, I just had to add that Sockets::new()
to session.reconnect()
in the GUI client on another PR branch, and now it's already going away again lol
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com> Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
@ReactorScram I think this is failing to get merged because #4198 got merged before. |
Updating from @AndrewDryga We finally hit a good example of where the merge queue prevented two PRs in flight prevent from landing in |
Yeah 4198 is the one I was thinking of, where I had to do |
Yeah sorry about that. What was merged in #4263 was actually an in-between design, see #4263 (comment). |
Our sockets need to be initialized within a tokio runtime context. To achieve this, we don't actually initialize anything on
Sockets::new
. Instead, we callrebind
within the constructor ofTunnel
which already runs in a tokio context.Fixes: #4282