Added
pwrite
hook (used bydotnet
);- Reuse agent - first process that runs will create the agent and its children will be able to reuse the same one to avoid creating many agents.
- Don't print progress for child processes to avoid confusion.
- Skip istio/linkerd-proxy/init container when mirroring a pod without a specific container name.
- Add "linkerd.io/inject": "disabled" annotation to pod created by mirrord to avoid linkerd auto inject.
- mirrord-layer: support
-target deployment/deployment_name/container/container_name
flag to run on a specific container. /nix/*
path is now ignored for file operations to support NixOS.- Shortcut
deploy
fordeployment
in target argument. - Added the ability to override environment variables in the config file.
pread
hook (used bydotnet
);- mirrord-layer: ignore opening self-binary (temporal SDK calculates the hash of the binary, and it fails because it happens remotely)
- Layer integration tests with more apps (testing with Go only on MacOS because of
known crash on Linux - [#380]).
Closes [#472]. - Added progress reporting to the CLI.
- CI: use bors for merging! woohoo.
- Release image for armv7 (Cloud ARM)
- Layer integration test. Tests the layer's loading and hooking in an http mirroring simulation with a flask web app.
Addresses but does not
close [#472] (more integration tests still needed). - mirrord-cli: added a SIP protection check for macos binaries, closes [#412]
- Release CI: add extensions as artifacts, closes [#355]
- Support impersonated deployments, closes [#293]
- Shorter way to select which deployment/pod/container to impersonate through
--target
orMIRRORD_IMPERSONATED_TARGET
, closes [#392] - mirrord-layer: Support config from file alongside environment variables.
- intellij-ext: Add version check, closes [#289]
- intellij-ext: better support for Windows with WSL.
- Test that verifies that outgoing UDP traffic (only with a bind to non-0 port and a
call toconnect
) is successfully intercepted and forwarded. - mirrord-layer, mirrord-cli: new command line argument/environment variable -
MIRRORD_SKIP_PROCESSES
to provide a list of comma separated processes to not to load into.
Closes [#298], [#308] - release CI: add arm64e to the universal dylib
- intellij-ext: Add support for Goland
- Code sign Apple binaries.
- CD - Update latest tag after release is published.
- New feature: UDP outgoing, mainly for Go DNS but should work for most use cases also!
- E2E: add tests for python's fastapi with uvicorn
- Socket ops -
connect
: ignore localhost and ports 50000 - 60000 (reserved for debugger) - Add "*.plist" to
IGNORE_REGEX
, refer [#350].
Fixed
- Issue #577. Changed non-error logs from
error!
totrace!
. - Issue #531. We now detect NixOS/Devbox usage and add
sh
to skipped list. - Fix IntelliJ Extension artifact - use glob pattern
- Use LabelSelector instead of app=* to select pods from deployments
- Added another protection to not execute in child processes from k8s auth by setting an env flag to avoid loading then removing it after executing the api.
- Fixed unused dependencies issue, closes [#494]
getaddrinfo
now usestrust-dns-resolver
when resolving DNS (previously it would do agetaddrinfo
call in mirrord-agent that could result in incompatibility between the mirrored pod and the user environments).- Support clusters running Istio. Closes [#485].
- tcp-steal working with linkerd meshing.
- mirrord-layer should exit when agent disconnects or unable to make initial connection
- release CI: Fix dylib path for
dd
. - mirrord-layer: Fix
connect
returning error when called on UDP sockets and the
outgoing traffic feature of mirrord is disabled. - mirrord-agent: Add a
tokio::time:timeout
toTcpStream::connect
, fixes golang issue where sometimes it would get stuck attempting to connect on IPv6. - intelliJ-ext: Fix CLion crash issue, closes [#317]
- vscode-ext: Support debugging Go, and fix issues with configuring file ops and traffic stealing.
- mirrord-layer: Return errors from agent when
connect
fails back to the hook (previously we were handling these as errors in layer, soconnect
had slightly wrong behavior). - mirrord-layer: instrumenting error when
write_detur
is called to stdout/stderr - mirrord-layer: workaround for
presented server name type wasn't supported
error when Kubernetes server has IP for CN in certificate. [#388] - Outgoing UDP test with node. Closes [#323]
- Fix crash in VS Code extension happening because the MIRRORD_OVERRIDE_ENV_VARS_INCLUDE and MIRRORD_OVERRIDE_ENV_VARS_EXCLUDE vars being populated with empty values (rather than not being populated at all).Closes [#413].
- Add exception to gradle when dylib/so file is not found. Closes [#345]
- mirrord-layer: Return errors from agent when
connect
fails back to the hook (previously we were handling these as errors in layer, soconnect
had slightly wrong behavior). - Fix Environment parsing error when value contained '='
Closes [#387]. - Fix bug in outgoing traffic with multiple requests in quick succession.
Closes [#331]. - Add missing dependency breaking the VS Code release.
- mirrord-layer: User-friendly error for invalid kubernetes api certificate
- mirrord-cli: Add random prefix to the generated shared lib to prevent Bus Error/EXC_BAD_ACCESS
- Support for Go 1.19>= syscall hooking
- Fix Python debugger crash in VS Code Extension. Closes [#350].
Changed
- Agent pod definition now has
requests
specifications to avoid being defaulted to high values. See #579. - Change VSCode extension configuration to have file ops, outgoing traffic, DNS, and environment variables turned on by default.
- update intelliJ extension: toggles + panel for include/exclude env vars
- Exclude internal configuration fields from generated schema.
- Print exit message when terminating application due to an unhandled error in the layer.
- mirrord-layer: refactored
pod_api.rs
to be more maintainble. - Use kube config namespace by default.
- mirrord-layer: Ignore
EAFNOSUPPORT
error reporting (valid scenario). - Don't report InProgress io error as error (log as info)
- mirrord-layer: Added some
dotnet
files toIGNORE_FILES
regex set; - mirrord-layer: Added the
Detour
type for use in theops
modules instead ofHookResult
. This type supports returning aBypass
to avoid manually checking if a hook actually failed or if we should just bypass it; - mirrord-protocol: Reduce duplicated types around
read
operation; - Layer integration tests for more apps. Closes
[#472]. - Rename http mirroring tests from
integration
tohttp_mirroring
since there are
now also integration tests in other files. - Delete useless
e2e_macos
CI job. - Integration tests also display test process output (with mirrord logs) when they
time out. - CI: mirrord-layer UT and integration run in same job.
- .devcontainer: Added missing dependencies and also kind for running e2e tests.
- Replaced
pcap
dependency with our ownrawsocket
to make cross compiling faster and easier. - Remote operations that fail logged on
info
level instead oferror
because having a file not found, connection failed, etc can be part of a valid successful flow. - mirrord-layer: When handling an outgoing connection to localhost, check first if it's a socket we intercept/mirror, then just let it connect normally.
- mirrord-layer: removed
tracing::instrument
from*_detour
functions. - Ignore http tests because they are unstable, and they block the CI.
- Bundle arm64 binary into the universal binary for MacOS.
- mirrord-layer: Remove check for ignored IP (localhost) from
connect
. - mirrord-layer: Refactor
connect
function to be less bloated. .dockerignore
now ignores more useless files (reduces mirrord-agent image build time, and size).- mirrord-agent: Use
tracing::instrument
for the outgoing traffic feature. - mirrord-agent:
IndexAllocator
now usesConnectionId
for outgoing traffic feature. - mirrord-layer: Remove
tracing::instrument
fromgo_env::goenvs_unix_detour
. - mirrord-layer: Log to info instead of error when failing to write to local tunneled streams.
- mirrord-layer: Use
tracing::instrument
to improve logs. - Changed agent namespace to default to the pod namespace.
Closes [#404]. - In
go-e2e
test, callos.Exit
instead fo sendingSIGINT
to the process. - Install script now downloads latest tag instead of main branch to avoid downtime on installs.
- Change all functionality (incoming traffic mirroring, remote DNS outgoing traffic, environment variables, file reads) to be enabled by default. Note that flags now disable functionality
Deprecated
--pod-name
orMIRRORD_AGENT_IMPERSONATED_POD_NAME
is deprecated in favor of--target
orMIRRORD_IMPERSONATED_TARGET