Thomas Eizinger
Thomas Eizinger
I don't think there is much we can do about these race conditions. I'd rather opportunistically send the packets to the gateway, in case the `allow_access` call is fast enough...
This might not be as difficult as I thought it would be: - Firezone should always set ECN bits on the UDP datagrams it generates - If we detect congestion...
Potentially relevant: https://www.rfc-editor.org/rfc/rfc6040.html
> * If it doesn't have them set, drop the packet. Not sure this is going to super useful. If the upper layer _doesn't_ support ECN bits, then it doesn't...
> Is this still relevant / what priority should we give it (what user impact could it have?) It is a performance optimisation that allows ECN-aware applications / congestion controllers...
The official WG implementation also does this (and references RFC6040 for it). See https://www.wireguard.com/protocol/#diffserv-considerations.
#8511 implements copying the ECN bits back and forth between the two IP layers in `connlib`. According to my research, this might not be enough though because the default in...
I'll have to read up more on the risks.
> In our case, the Gateway will open all connections to resources and therefore, we won't actually see any change with this from just [#8511](https://github.com/firezone/firezone/pull/8511). This is wrong, the client...
I fixed the title, it is not glibc but some gnome version I guess?