refactor(connlib): delay initialization of Sockets until we have a tokio runtime

[jamilbk]

Our sockets need to be initialized within a tokio runtime context. To achieve this, we don't actually initialize anything on Sockets::new. Instead, we call rebind within the constructor of Tunnel which already runs in a tokio context.

Fixes: #4282

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment

Name	Status	Preview	Comments	Updated (UTC)
firezone	⬜️ Ignored (Inspect)	Visit Preview		Mar 25, 2024 10:41pm

[github-actions]

Terraform Cloud Plan Output

Plan: 9 to add, 8 to change, 9 to destroy.

Terraform Cloud Plan

[github-actions]

Performance Test Results

TCP

Test Name	Received/s	Sent/s	Retransmits
direct-tcp-client2server	221.0 MiB (-2%)	222.4 MiB (-2%)	169 (-18%)
direct-tcp-server2client	227.4 MiB (+0%)	229.2 MiB (+0%)	216 (-49%)
relayed-tcp-client2server	145.0 MiB (-4%)	145.6 MiB (-4%)	122 (-36%)
relayed-tcp-server2client	154.0 MiB (+2%)	154.4 MiB (+2%)	175 (+1%)

UDP

Test Name	Total/s	Jitter	Lost
direct-udp-client2server	50.0 MiB (-0%)	0.05ms (-85%)	0.00% (NaN%)
direct-udp-server2client	50.0 MiB (+0%)	0.01ms (-6%)	0.00% (NaN%)
relayed-udp-client2server	50.0 MiB (-0%)	0.17ms (+92%)	0.00% (NaN%)
relayed-udp-server2client	50.0 MiB (-0%)	0.05ms (-2%)	0.00% (NaN%)

[jamilbk]

@thomaseizinger I think you'd be much faster at wrapping this up, so I'll assign it to you. I went down the road of adding a new with_runtime closure to Session like you have with with_protect but got stuck. Not sure if that's the right approach.

I think Gabi pulled 2c2c617 out because it was causing CI failures.

[thomaseizinger]

@jamilbk I hope the patch I pushed fixes it! It also removes some duplication from the previous approach which is nice :)

[thomaseizinger]

@conectado As part of #4159, I want to move the initialization of the TUN device to the upper layers, i.e. outside of Tunnel. At that point, the use of FIREZONE_MARK can be entirely in the clients and the linux client can also use this callback to call set_mark on the socket which unifies this behaviour across all platforms.

[conectado]

I'm in favor of this, in fact, I think making connlib completely platform-independent would be very nice.

[ReactorScram]

As long as it doesn't make the FFI / callbacks more complex just to do something that connlib already knows it needs to do.

[jamilbk]

Thanks! I'll slot this in my PR #4133 and let the others review this week.

[jamilbk]

Tested on Android (emulator 10), macOS, and iOS and this seems to fix the issue.

[conectado]

I'm not that sure about this platform-dependent callback.

What if instead of having a protect callback, we have a create_socket callback, that returns the socket that each platform can create as it want.

Another idea, that perhaps works better, is getting a socket2::UdpSocket instead of a tokio::Socketand have the client just send the socket and we create the Sockets and Socket when it is received.

[jamilbk]

@conectado Would it make sense to save this refactor for another PR just to get these fixes into main? I believe @thomaseizinger is out this week and you next week so maybe sometime after that.

[jamilbk]

#4314

[conectado]

yeah, I'll be in favor of this (sorry, I missed this comment) fixing main asap seems more important :)

[thomaseizinger]

I think that is a great idea @conectado ! Despite some duplication across the clients, I think it is much cleaner to let them choose, how to initialize they sockets. There is actually no reason why connlib should dictate the use of a random port. it should be up to the client to pick the port. That would make it trivial to e.g. implement a PORT env variable on the gateway.

[jamilbk]

Very cool 😎

[ReactorScram]

Makes sense. Some of the last month of refactors have definitely been fighting each other though, I just had to add that Sockets::new() to session.reconnect() in the GUI client on another PR branch, and now it's already going away again lol

[jamilbk]

@ReactorScram I think this is failing to get merged because #4198 got merged before.

[jamilbk]

Updating from main, just need to fix the semantic errors.

@AndrewDryga We finally hit a good example of where the merge queue prevented two PRs in flight prevent from landing in main and causing a semantic error

[ReactorScram]

Yeah 4198 is the one I was thinking of, where I had to do session.reconnect(Sockets::new())

[thomaseizinger]

Makes sense. Some of the last month of refactors have definitely been fighting each other though, I just had to add that Sockets::new() to session.reconnect() in the GUI client on another PR branch, and now it's already going away again lol

Yeah sorry about that. What was merged in #4263 was actually an in-between design, see #4263 (comment).