Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VPN server failure detection recovery #786
VPN server failure detection recovery #786
Changes from 17 commits
bf94293
369c273
c1ff07d
5b802d8
a21a3dd
bbaaa81
5f51518
94e094a
beedbde
5159e38
4a52c88
727c271
78d3286
95ba950
ec7a3a1
18d6a59
d82cea6
c729eb1
5513d30
72e07ab
ce6f8d9
390d5bb
b33debe
f76ecc8
d3f387e
ee7ad24
4ae3962
81ba57a
58a2fbf
e82dc3f
cb9505f
4df8447
62e5ae1
a88f8ea
b26a039
a13e884
7c9ce07
5766031
7e80423
77b69d0
6d3410b
0406ce0
acb5485
e0a1456
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As mentioned above this should be rolled back - we can't support updating the environment without restarting the connection. This change can give the reader the false impression that's possible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change allowed us to instantiate the client so that we don’t need to re-init the
NetworkProtectionDeviceManager
every time it's used. Should make testing a bit easier further down the line + also means we can guarantee the client always gets the most up-to-date environment settingThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure I love this, though. I don't think we should support real-time updating of the environment while the VPN is connected.
If anything, we should discourage it.
If we want to change the environment the whole VPN should be stopped instead.
Note: this wasn't a problem before because it was possible to change environments, but we no longer can support this, and should in fact remove all the code that allows this to happen when the connection is up.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also feel like replacing the
environment
param withsettings
should at least be considered outside the scope of this PR/branch. It already does a lot and refactoring this might lead to side effect.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn’t fully explain the above. The reason why it’s important to not recreate the device manager every time is that we could end up with two register requests happening at the same time which could create racey behaviour. The
NetworkProtectionDeviceManager
is an actor and it makes sense to just have one instance which will queue up these requests rather than creating new instances every time start, stop or failure recovery happens.Rreplacing the
environment
param withsettings
was so that we could still support changing the environment without needing to restart thePacketTunnelProvider
, but @diegoreymendez and I had a chat and we think it’s actually probable more sensible to require restarting as the token we’re using would become invalid.I’m going to revert the injection of
settings
instead ofenvironment
, but I will still create a single instance of theNetworkProtectionDeviceManager
. This will mean that we need to manually restart the tunnel for the env change to take effect.