Cancel in-progress runs when pushing new code

also skip macro validation, needed for SwiftLint's  macros.

.github/actions/build-for-testing/action.yml

@@ -43,6 +43,7 @@ runs:
         -clonedSourcePackagesDirPath SourcePackages \
         -packageCachePath $PWD/PackageCache \
         -skipPackagePluginValidation \
+        -skipMacroValidation \
         -scheme '${{ inputs.scheme }}' \
         -destination '${{ inputs.destination }}' \
         -resultBundlePath BuildResults.xcresult

.github/workflows/build-apple.yml

@@ -6,10 +6,13 @@ on:
   pull_request:
     branches:
     - "*"
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
 jobs:
   build:
     name: Build App (${{ matrix.platform }})
-    runs-on: macos-14
+    runs-on: macos-13
     strategy:
       fail-fast: false
       matrix:

.github/workflows/release-apple.yml

@@ -6,7 +6,7 @@ on:
 jobs:
   build:
     name: Build ${{ matrix.configuration['platform'] }} Release
-    runs-on: macos-14
+    runs-on: macos-13
     strategy:
       fail-fast: false
       matrix:

Makefile

@@ -16,3 +16,13 @@ test-dns:
 	@sudo route delete 8.8.8.8
 	@sudo route add 8.8.8.8 -interface utun$(tun_num)
 	@dig @8.8.8.8 hackclub.com
+
+test-https:
+	@sudo route delete 193.183.0.162
+	@sudo route add 193.183.0.162 -interface utun$(tun_num)
+	@curl -vv https://search.marginalia.nu
+
+test-http:
+	@sudo route delete 146.190.62.39
+	@sudo route add 146.190.62.39 -interface utun$(tun_num)
+	@curl -vv 146.190.62.39:80

burrow/src/wireguard/config.rs

@@ -101,7 +101,7 @@ impl Default for Config {
             },
             peers: vec![Peer {
                 endpoint: "wg.burrow.rs:51820".into(),
-                allowed_ips: vec!["8.8.8.8/32".into()],
+                allowed_ips: vec!["8.8.8.8/32".into(), "0.0.0.0/0".into()],
                 public_key: "uy75leriJay0+oHLhRMpV+A5xAQ0hCJ+q7Ww81AOvT4=".into(),
                 preshared_key: Some("s7lx/mg+reVEMnGnqeyYOQkzD86n2+gYnx1M9ygi08k=".into()),
                 persistent_keepalive: Default::default(),

burrow/src/wireguard/iface.rs

@@ -135,7 +135,7 @@ impl Interface {
                 debug!("spawning read task for peer {}", i);
                 let pcb = pcbs.pcbs[i].clone();
                 let tun = tun.clone();
-                let tsk = async move {
+                let main_tsk = async move {
                     if let Err(e) = pcb.open_if_closed().await {
                         log::error!("failed to open pcb: {}", e);
                         return
@@ -147,8 +147,29 @@ impl Interface {
                         debug!("pcb ran successfully");
                     }
                 };
+
+                let pcb = pcbs.pcbs[i].clone();
+                let update_timers_tsk = async move {
+                    let mut buf = [0u8; 65535];
+                    loop {
+                        tokio::time::sleep(tokio::time::Duration::from_millis(250)).await;
+                        pcb.update_timers(&mut buf).await;
+                    }
+                };
+
+                let pcb = pcbs.pcbs[i].clone();
+                let reset_rate_limiter_tsk = async move {
+                    loop {
+                        tokio::time::sleep(tokio::time::Duration::from_secs(1)).await;
+                        pcb.reset_rate_limiter().await;
+                    }
+                };
+                tsks.extend(vec![
+                    tokio::spawn(main_tsk),
+                    tokio::spawn(update_timers_tsk),
+                    tokio::spawn(reset_rate_limiter_tsk)
+                ]);
                 debug!("task made..");
-                tsks.push(tokio::spawn(tsk));
             }
             debug!("spawned read tasks");
         }

burrow/src/wireguard/noise/mod.rs

@@ -346,6 +346,10 @@ impl Tunnel {
         self.handle_verified_packet(packet, dst)
     }
 
+    pub fn reset_rate_limiter(&self) {
+        self.rate_limiter.reset_count();
+    }
+
     pub(crate) fn handle_verified_packet<'a>(
         &mut self,
         packet: Packet,

burrow/src/wireguard/pcb.rs

@@ -1,6 +1,6 @@
 use std::{net::SocketAddr, sync::Arc};
 
-use anyhow::Error;
+use anyhow::{Error, Result};
 use fehler::throws;
 use ip_network::IpNetwork;
 use rand::random;
@@ -132,4 +132,28 @@ impl PeerPcb {
         };
         Ok(())
     }
+
+    pub async fn update_timers(&self, dst: &mut [u8]) -> Result<(), Error> {
+        match self.tunnel.write().await.update_timers(dst) {
+            TunnResult::Done => {}
+            TunnResult::Err(e) => {
+                tracing::error!(message = "Update timers error", error = ?e)
+            }
+            TunnResult::WriteToNetwork(packet) => {
+                self.open_if_closed().await?;
+                let handle = self.socket.read().await;
+                let Some(socket) = handle.as_ref() else {
+                    tracing::error!("No socket for peer");
+                    return Ok(())
+                };
+                socket.send(packet).await?;
+            }
+            _ => panic!("Unexpected result from update_timers"),
+        };
+        Ok(())
+    }
+
+    pub async fn reset_rate_limiter(&self) {
+        self.tunnel.read().await.reset_rate_limiter();
+    }
 }

tun/src/tokio/mod.rs

@@ -26,7 +26,6 @@ impl TunInterface {
         }
     }
 
-    #[instrument]
     pub async fn recv(&self, buf: &mut [u8]) -> io::Result<usize> {
         loop {
             let mut guard = self.inner.readable().await?;