You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Layer integration test. Tests the layer's loading and hooking in an http mirroring simulation with a flask web app.
Addresses but does not
close [#472] (more integration tests still needed).
mirrord-cli: added a SIP protection check for macos binaries, closes [#412]
Release CI: add extensions as artifacts, closes [#355]
intellij-ext: better support for Windows with WSL.
Test that verifies that outgoing UDP traffic (only with a bind to non-0 port and a
call to connect) is successfully intercepted and forwarded.
mirrord-layer, mirrord-cli: new command line argument/environment variable - MIRRORD_SKIP_PROCESSES to provide a list of comma separated processes to not to load into.
Closes [#298], [#308]
release CI: add arm64e to the universal dylib
intellij-ext: Add support for Goland
Code sign Apple binaries.
CD - Update latest tag after release is published.
New feature: UDP outgoing, mainly for Go DNS but should work for most use cases also!
E2E: add tests for python's fastapi with uvicorn
Socket ops - connect: ignore localhost and ports 50000 - 60000 (reserved for debugger)
getaddrinfo now uses trust-dns-resolver when resolving DNS (previously it would do a getaddrinfo call in mirrord-agent that could result in incompatibility between the mirrored pod and the user environments).
vscode-ext: Support debugging Go, and fix issues with configuring file ops and traffic stealing.
mirrord-layer: Return errors from agent when connect fails back to the hook (previously we were handling these as errors in layer, so connect had slightly wrong behavior).
mirrord-layer: instrumenting error when write_detur is called to stdout/stderr
mirrord-layer: workaround for presented server name type wasn't supported error when Kubernetes server has IP for CN in certificate. [#388]
Fix crash in VS Code extension happening because the MIRRORD_OVERRIDE_ENV_VARS_INCLUDE and MIRRORD_OVERRIDE_ENV_VARS_EXCLUDE vars being populated with empty values (rather than not being populated at all).Closes [#413].
Add exception to gradle when dylib/so file is not found. Closes [#345]
mirrord-layer: Return errors from agent when connect fails back to the hook (previously we were handling these as errors in layer, so connect had slightly wrong behavior).
Fix Environment parsing error when value contained '='
Closes [#387].
Fix bug in outgoing traffic with multiple requests in quick succession.
Closes [#331].
Add missing dependency breaking the VS Code release.
mirrord-layer: User-friendly error for invalid kubernetes api certificate
mirrord-cli: Add random prefix to the generated shared lib to prevent Bus Error/EXC_BAD_ACCESS
Support for Go 1.19>= syscall hooking
Fix Python debugger crash in VS Code Extension. Closes [#350].
Changed
Agent pod definition now has requests specifications to avoid being defaulted to high values. See #579.
Change VSCode extension configuration to have file ops, outgoing traffic, DNS, and environment variables turned on by default.
update intelliJ extension: toggles + panel for include/exclude env vars
Exclude internal configuration fields from generated schema.
Print exit message when terminating application due to an unhandled error in the layer.
mirrord-layer: refactored pod_api.rs to be more maintainble.
Don't report InProgress io error as error (log as info)
mirrord-layer: Added some dotnet files to IGNORE_FILES regex set;
mirrord-layer: Added the Detour type for use in the ops modules instead of HookResult. This type supports returning a Bypass to avoid manually checking if a hook actually failed or if we should just bypass it;
mirrord-protocol: Reduce duplicated types around read operation;
Layer integration tests for more apps. Closes
[#472].
Rename http mirroring tests from integration to http_mirroring since there are
now also integration tests in other files.
Delete useless e2e_macos CI job.
Integration tests also display test process output (with mirrord logs) when they
time out.
CI: mirrord-layer UT and integration run in same job.
.devcontainer: Added missing dependencies and also kind for running e2e tests.
Replaced pcap dependency with our own rawsocket to make cross compiling faster and easier.
Remote operations that fail logged on info level instead of error because having a file not found, connection failed, etc can be part of a valid successful flow.
mirrord-layer: When handling an outgoing connection to localhost, check first if it's a socket we intercept/mirror, then just let it connect normally.
mirrord-layer: removed tracing::instrument from *_detour functions.
Ignore http tests because they are unstable, and they block the CI.
Bundle arm64 binary into the universal binary for MacOS.
mirrord-layer: Remove check for ignored IP (localhost) from connect.
mirrord-layer: Refactor connect function to be less bloated.
.dockerignore now ignores more useless files (reduces mirrord-agent image build time, and size).
mirrord-agent: Use tracing::instrument for the outgoing traffic feature.
mirrord-agent: IndexAllocator now uses ConnectionId for outgoing traffic feature.
mirrord-layer: Remove tracing::instrument from go_env::goenvs_unix_detour.
mirrord-layer: Log to info instead of error when failing to write to local tunneled streams.
mirrord-layer: Use tracing::instrument to improve logs.
Changed agent namespace to default to the pod namespace.
Closes [#404].
In go-e2e test, call os.Exit instead fo sending SIGINT to the process.
Install script now downloads latest tag instead of main branch to avoid downtime on installs.
Change all functionality (incoming traffic mirroring, remote DNS outgoing traffic, environment variables, file reads) to be enabled by default. Note that flags now disable functionality
Deprecated
--pod-name or MIRRORD_AGENT_IMPERSONATED_POD_NAME is deprecated in favor of --target or MIRRORD_IMPERSONATED_TARGET
This discussion was created from the release 3.1.0.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Added
pwrite
hook (used bydotnet
);-target deployment/deployment_name/container/container_name
flag to run on a specific container./nix/*
path is now ignored for file operations to support NixOS.deploy
fordeployment
in target argument.pread
hook (used bydotnet
);known crash on Linux - [#380]).
Closes [#472].
Addresses but does not
close [#472] (more integration tests still needed).
--target
orMIRRORD_IMPERSONATED_TARGET
, closes [#392]call to
connect
) is successfully intercepted and forwarded.MIRRORD_SKIP_PROCESSES
to provide a list of comma separated processes to not to load into.Closes [#298], [#308]
connect
: ignore localhost and ports 50000 - 60000 (reserved for debugger)IGNORE_REGEX
, refer [#350].Fixed
error!
totrace!
.sh
to skipped list.getaddrinfo
now usestrust-dns-resolver
when resolving DNS (previously it would do agetaddrinfo
call in mirrord-agent that could result in incompatibility between the mirrored pod and the user environments).dd
.connect
returning error when called on UDP sockets and theoutgoing traffic feature of mirrord is disabled.
tokio::time:timeout
toTcpStream::connect
, fixes golang issue where sometimes it would get stuck attempting to connect on IPv6.connect
fails back to the hook (previously we were handling these as errors in layer, soconnect
had slightly wrong behavior).write_detur
is called to stdout/stderrpresented server name type wasn't supported
error when Kubernetes server has IP for CN in certificate. [#388]connect
fails back to the hook (previously we were handling these as errors in layer, soconnect
had slightly wrong behavior).Closes [#387].
Closes [#331].
Changed
requests
specifications to avoid being defaulted to high values. See #579.pod_api.rs
to be more maintainble.EAFNOSUPPORT
error reporting (valid scenario).dotnet
files toIGNORE_FILES
regex set;Detour
type for use in theops
modules instead ofHookResult
. This type supports returning aBypass
to avoid manually checking if a hook actually failed or if we should just bypass it;read
operation;[#472].
integration
tohttp_mirroring
since there arenow also integration tests in other files.
e2e_macos
CI job.time out.
pcap
dependency with our ownrawsocket
to make cross compiling faster and easier.info
level instead oferror
because having a file not found, connection failed, etc can be part of a valid successful flow.tracing::instrument
from*_detour
functions.connect
.connect
function to be less bloated..dockerignore
now ignores more useless files (reduces mirrord-agent image build time, and size).tracing::instrument
for the outgoing traffic feature.IndexAllocator
now usesConnectionId
for outgoing traffic feature.tracing::instrument
fromgo_env::goenvs_unix_detour
.tracing::instrument
to improve logs.Closes [#404].
go-e2e
test, callos.Exit
instead fo sendingSIGINT
to the process.Deprecated
--pod-name
orMIRRORD_AGENT_IMPERSONATED_POD_NAME
is deprecated in favor of--target
orMIRRORD_IMPERSONATED_TARGET
This discussion was created from the release 3.1.0.
Beta Was this translation helpful? Give feedback.
All reactions