feat(connlib): allow glob patterns for matching domain names

[thomaseizinger]

Currently, connlib can only handle "simple" DNS wildcards where * matches any number of subdomains, including zero and ? matches a single subdomain.

With this PR, we expand connlib's capabilities to allow for a much more complex matching of domains that more closely resembles glob patterns:

• ** matches any number of subdomains. This supersedes the previous * operator.
• * matches a single subdomain. This supersedes the previous ? operator.
• ? matches a single character. This wasn't possible before.
• Additionally, any of these can be combined. Previously, only * or ? was allowed and they were only accepted at the front of the domain name pattern.

Resolves: #5056.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
firezone	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Aug 15, 2024 1:19am

[github-actions]

Terraform Cloud Plan Output

Plan: 15 to add, 23 to change, 15 to destroy.

Terraform Cloud Plan

[github-actions]

Performance Test Results

TCP

Test Name	Received/s	Sent/s	Retransmits
direct-tcp-client2server	243.6 MiB (+1%)	244.6 MiB (+1%)	168 (-45%)
direct-tcp-server2client	246.9 MiB (-0%)	248.5 MiB (-0%)	243 (+28%)
relayed-tcp-client2server	243.8 MiB (-4%)	245.2 MiB (-4%)	425 (+11%)
relayed-tcp-server2client	263.4 MiB (+2%)	265.3 MiB (+2%)	925 (+78%)

UDP

Test Name	Total/s	Jitter	Lost
direct-udp-client2server	500.0 MiB (+0%)	0.03ms (-13%)	44.92% (+2%)
direct-udp-server2client	500.0 MiB (-0%)	0.02ms (-10%)	20.57% (+5%)
relayed-udp-client2server	500.0 MiB (+0%)	0.02ms (-72%)	52.54% (-3%)
relayed-udp-server2client	441.4 MiB (-12%)	0.03ms (+36%)	42.65% (+31%)

[thomaseizinger]

CI currently only fails here because we still have the old DNS resources configured. Unless we want better performance (see #5901 (comment)), I don't think there is anything to do on the Rust side here.

[jamilbk]

@thomaseizinger this might need rebasing if @AndrewDryga is planning to build off it

[thomaseizinger]

@thomaseizinger this might need rebasing if @AndrewDryga is planning to build off it

I am one step ahead and did so yesterday 😁
Although I think the portal changes should be shippable independently!

[jamilbk]

We don't update the current versions until after the clients/gateways have been published. Otherwise, they'll point to nonexistent URLs.

[jamilbk]

Suggested change

	current-apple-version = 1.2.0
	current-android-version = 1.2.0
	current-gateway-version = 1.2.0
	current-gui-version = 1.2.0
	current-headless-version = 1.2.0
	current-apple-version = 1.1.4
	current-android-version = 1.1.5
	current-gateway-version = 1.1.4
	current-gui-version = 1.1.11
	current-headless-version = 1.1.6

[jamilbk]

Suggested change

	next-apple-version = 1.2.1
	next-android-version = 1.2.1
	next-gateway-version = 1.2.1
	next-gui-version = 1.2.1
	next-headless-version = 1.2.1
	next-apple-version = 1.2.0
	next-android-version = 1.2.0
	next-gateway-version = 1.2.0
	next-gui-version = 1.2.0
	next-headless-version = 1.2.0

[jamilbk]

1.2.0 is not published, so it should be marked as the next version.

[jamilbk]

These changes will break all existing links to artifacts.

[thomaseizinger]

We don't update the current versions until after the clients/gateways have been published. Otherwise, they'll point to nonexistent URLs.

This PR can't merge unless we bump the versions because the we need the portal to not map the addresses.

Can we just not insta-deploy the website?

[jamilbk]

We don't update the current versions until after the clients/gateways have been published. Otherwise, they'll point to nonexistent URLs.

This PR can't merge unless we bump the versions because the we need the portal to not map the addresses.

Can we just not insta-deploy the website?

Vercel is setup to deploy on merges to main.

Why does the current version need to be changed? Next version is what updates connlib and will make tests pass. With the changes in this PR, 1.2.0 will never be a release because 1.2.1 will what gets built for TestFlight and drafted releases.

[github-actions]

Bencher

Report	Thu, August 15, 2024 at 01:28:53 UTC
Project	Firezone
Branch	feat/connlib/glob-address-match
Testbed	github-actions

Click to view all benchmark results

Benchmark	Throughput	Throughput Results bits/s | (Δ%)	Throughput Lower Boundary bits/s | (%)
direct-tcp-client2server	✅ (view plot)	251,414,508.42 (+3.36%)	237,627,635.89 (94.52%)
direct-tcp-server2client	✅ (view plot)	249,013,193.55 (-0.29%)	241,916,199.42 (97.15%)
direct-udp-client2server	✅ (view plot)	298,461,425.08 (+3.53%)	269,979,812.25 (90.46%)
direct-udp-server2client	✅ (view plot)	405,477,976.48 (+1.56%)	385,675,850.10 (95.12%)
relayed-tcp-client2server	✅ (view plot)	240,707,748.40 (-2.41%)	239,834,714.93 (99.64%)
relayed-tcp-server2client	✅ (view plot)	260,030,232.07 (+0.59%)	248,323,903.47 (95.50%)
relayed-udp-client2server	✅ (view plot)	223,954,189.92 (-2.74%)	219,396,271.26 (97.96%)
relayed-udp-server2client	✅ (view plot)	363,155,427.33 (+7.31%)	318,072,976.43 (87.59%)

Bencher - Continuous Benchmarking
View Public Perf Page
Docs | Repo | Chat | Help