LLT-6647: Use libfirewall.so #1566
Conversation
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
73ad664 to
a1dd30e
Compare
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
e84422e to
3449633
Compare
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
3449633 to
e97d8d9
Compare
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
a9c4f30 to
9e04ce8
Compare
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
2e519e4 to
ea4dbac
Compare
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
ea4dbac to
61830c1
Compare
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
de8f7b6 to
dc263c8
Compare
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
dc263c8 to
76c0f19
Compare
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
76c0f19 to
058fa4f
Compare
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
058fa4f to
ddeb5a8
Compare
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
ddeb5a8 to
f21965b
Compare
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
d5bfd68 to
868fe02
Compare
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
868fe02 to
e3e2f78
Compare
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
40c7dd3 to
58e207b
Compare
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
58e207b to
f542f59
Compare
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
f542f59 to
9dee7a3
Compare
stalowyjez
changed the base branch from
main
to
LLT-6812-move_libfirewall_dependent_tests_to_gitlab
| once_cell.workspace = true | ||
| nat-detect.workspace = true | ||
| time.workspace = true | ||
| libloading = "0.8.9" |
There was a problem hiding this comment.
Let's make this a workspace dependency since it's used in two crates
There was a problem hiding this comment.
Which is the second crate that uses it?
| @@ -1 +1 @@ | |||
| TRIGGERED_REF=LLT-6812-add_jobs_for_integration_tests | |||
| TRIGGERED_REF=LLT-6647-add_fixes_for_libfirewall_loading | |||
There was a problem hiding this comment.
Gentle reminder to remember to update this
| #[cfg(any(target_os = "macos", target_os = "ios", target_os = "tvos",))] | ||
| let lib_name = "libfirewall.dylib"; | ||
|
|
||
| #[cfg(target_os = "windows")] | ||
| let lib_name = "firewall.dll"; | ||
|
|
||
| #[cfg(not(any( | ||
| target_os = "macos", | ||
| target_os = "ios", | ||
| target_os = "tvos", | ||
| target_os = "windows" | ||
| )))] | ||
| let lib_name = "libfirewall.so"; | ||
|
|
||
| // We want to use this path when these are our tests or libtelio tests | ||
| let libfirewall_path = PathBuf::from(lib_name); |
There was a problem hiding this comment.
libloading can do this for you: https://docs.rs/libloading/latest/libloading/fn.library_filename.html
|
|
||
| /libtelio/nat-lab/bin/configure_route.sh primary | ||
|
|
||
| cp /libtelio/nat-lab/tests/uniffi/libfirewall.so /usr/lib/libfirewall.so |
There was a problem hiding this comment.
Is this executed if I run natlab locally? Because if so this would fail when executing locally and I think personally I would rather have the tests that depend on libfirewall fail if this copy fails, rather than the container setup failing
There was a problem hiding this comment.
Hmm, co should that be checked and maybe-copied in the beginning in the any firewall test? Do you have some particular solution on your mind? Should that be some additional option when creating connection, or just a function to run or sth else?
| f"{DIST_PATH}libfirewall.dylib", | ||
| f"{NATLAB_CWD}/libfirewall.dylib", | ||
| True, |
There was a problem hiding this comment.
Same here, I would rather have this succeed (with a warning) if the file is not there than failing at this stage
| } | ||
|
|
||
| #[cfg(feature = "enable_firewall")] | ||
| fn upsert_peer_whitelist<F: Firewall>( |
There was a problem hiding this comment.
Were all of these basically no-ops when we were using telio-firewall?
There was a problem hiding this comment.
I'm not sure if that's what you mean, but it seems that the only thing it was doing when StatefullFirewall was not used, it was just feeding the pet firewall (which wasn't doing any real work) with configs from time to time
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
e14f7d8 to
9578ef9
Compare
Since it's a generated file, it doesn't make sense to complain about too long function or unused variable.
Co-authored-by: Mathias Peters <52065850+mathiaspeters@users.noreply.github.com>
stalowyjez
force-pushed
the
LLT-6647-use_libfirewall
branch
from
9578ef9 to
885dcfe
Compare
Problem
Libtelio should use dynamically loaded libfirewall.so library
Solution
Add loader, load firewall library and use it instead of the implementation inside
telio-firewall, which this PR removes.☑️ Definition of Done checklist