All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
This project uses towncrier and the changes for the upcoming release can be found in https://github.com/metalbear-co/mirrord/tree/main/changelog.d/.
3.46.0 - 2023-06-14
- Add support for HTTP Path filtering #1512
- Refactor vscode-ext code to be more modular
- Fixed bogus warnings in the VS Code extension. #1504
- Mirroring/stealing a port for a second time after the user application closed it once. #1526
- fixed using dotnet debugger on VSCode #1529
- Properly detecting and ignoring localhost port used by Rider's debugger.
- fix vscode SIP patch not working
- Add a state Persistent Volume Claim to operator deployment setup.
- Bring the style guide into the repo.
- Fix vscode e2e job not running
- Remove OpenSSL dependency again
- Switch to new licensing and operator authenticaion flow.
- fix launch json for vscode extension
- fix macos build script to use directory's toolchain
3.45.2 - 2023-06-12
- Remove frida openSSL dependency
3.45.1 - 2023-06-11
- Installation script now does not use
sudo
when not needed. This enbables installing mirrord in aRUN
step in an ubuntu docker container, without installingsudo
in an earlier step. #1514 - fix crio on openshift #1534
- Skipping
gcc
when debugging Go in VS Code extension.
- change
mirrord-protocol
to have its own versioning. addmirrord-macros
andprotocol_break
attribute to mark places we want to break on major updates. Add CI to verify that if protocol is changed,Cargo.toml
is changed as well (to force bumps) Fix some of the structs beingOS
controlled, potentially breaking the protocol between different OS's. (GetDEnts64(RemoteResult<GetDEnts64Response>),
) #1355 - Partial refactor towards 1512 #1512
- Add integration test for DNS resolution
- Bumped versions of some VS Code extension dependencies.
- Frida bump and other dependencies
- Integration test for recv_from
- Reorganize dev docs
- Update our socket2 dependency, since the code we pushed there was released.
3.45.0 - 2023-06-05
- Rider is now supported by the IntelliJ plugin. #1012
- Chagned agent to not return errors on reading from outgoing sockets, and layer to not crash in that case anyway
- Use one thread for namespaced runtimes #1287
- Better timeformatting in e2e and maybe reduce flakiness?
- Fix nodejs deprecation warnings in CI
- Set MIRRORD_AGENT_IMAGE for vscode e2e
3.44.2 - 2023-06-01
- Change phrasing on version mismatch warning.
- Add
/Volumes
to default local on macOS - Change Ping interval from 60s down to 30s.
- Changed local read defaults - list now includes
^/sbin(/|$)
and^/var/run/com.apple
.
- Running postman with mirrord works. #1445
- Return valid error code when dns lookup fails, instead of -1.
- Add E2E tests for vscode extension #201
- Fixed flaky integration tests. #1452
- Fixed e2e tests' flakiness in the CI. #1453
- Change CI log level to be debug instead of trace
- Hooking
_NSGetExecutablePath
on macOS to strip themirrord-bin
temp dir off the path. - Introduce a tool to extract config docs into a markdown file. Update docs to match whats in mirrord-dev.
- On macOS, if we path a binary for SIP and it is in a path that is inside a
directory that has a name that ends with
.app
, we add the frameworks directory toDYLD_FALLBACK_FRAMEWORK_PATH
. - Provide buffer for
IndexAllocator
to avoid re-use of indices too fast
3.44.1 - 2023-05-26
- Never importing
RUST_LOG
environment variable from the cluster, regardless of configuration.
- Provide helpful error messages on errors in IDEs. #1392
- Log level control when running targetless. #1446
- Change to sticky balloon on warnings in intelliJ #1456
- Setting the namespace via the configuration was not possible in the IDE without also setting a target in the configuration file. #1461
- fixed IntelliJ failing silently when error happened on listing pods
- Fix the test of reading from the SIP patch dir, that was not testing anything.
- Make the path field of
TargetConfig
anOption
.
3.44.0 - 2023-05-24
- Changed agent's pause feature. Now the pause is requested dynamically by CLI during setup and the agent keeps the target container paused until exit or the unpause request was received. #1408
- Added support for NPM run configuration on JetBrains products. #1418
- Change mirrord ls to show only pods that are in running state (not crashing,starting,etc) #1436
- Change fs mode to be local with overrides when targetless is used
- Make progress text consitently lowercase.
- Fix misalignment on IntelliJ not accepting complex path in target #1441
- Add impersonate permissions for GCP specific RBAC in operator
- Fix node spawn test flakiness on macOS #1431
3.43.0 - 2023-05-22
- Support for targetless execution: when not specifying any target for the agent, mirrord now spins up an independent agent. This can be useful e.g. if you are just interested in getting the cluster's DNS resolution and outgoing connectivity but don't want any pod's incoming traffic or FS. #574
- Support for targetless mode in IntelliJ based IDEs. #1375
- Support for targetless mode in vscode. #1376
- If a user application tries to read paths inside mirrord's temp dir, we hook that and read the path outside instead. #1403
- Don't print error if we fail checking for operator
- Added better detection for protected binaries, fixes not loading into Go binary #1397
- Disallow binding on the same address:port twice. Solves part of issue 1123. #1123
- Fix the lost update bug with config dropdown for intelliJ Fix the lost update bug with config dropdown for intelliJ. #1420
- Fix intelliJ compatability issue by implementing missing createPopupActionGroup
- Run IntelliJ Plugin Verifier on CI #1417
- Remove bors.toml since we use GH merge queue now
- Upgrade k8s dependencies and rustls, remove ugly feature ip patch
3.42.0 - 2023-05-15
- mirrord config dropdown for intelliJ. #1030
- Log agent version when initializing the agent.
- Remove quotes in InvalidTarget' target error message
- Use ProgressManager for mirrord progress on intelliJ #1337
- Fixed
go run
failing because of reading remote files by maing paths under /private and /var/folders read locally by default. #1397 - Fix not loading into Go because of SIP by adding into default patched binaries
3.41.1 - 2023-05-07
- Fixed regression in GoLand and NodeJS causing a crash #1389
3.41.0 - 2023-05-06
- Last selected target is now remembered in IntelliJ extension and shown first in the target selection dialog. #1347
- Warn user when their mirrord version doesn't match the operator version.
- mirrord loading progress is displayed in the staus indicator on IntelliJ, replacing the singleton notifier #1337
- Fix crash on unexpected LogMessage #1380
- Added hook for recvfrom to support cases where caller expects the messages to be from address they were sent to. #1386
- Add x-session-id to operator request, that is persistent across child processes in a single mirrord exec.
- Improve metadata for VSCode extension
- Remove unnecessary DNS resolve on agent addr when incluster feature is enabled in mirrord-kube.
3.40.0 - 2023-05-01
- Add a message informing users of the operator when they impersonate deployments with mirrord. #add-operator-message
- Last selected target is now remembered in VS Code and shown first in the quick pick widget. #1348
- PyCharm plugin now detects
pydevd
debugger and properly excludes its port. #1020 - VS Code extension now detects
debugpy
debugger and properly excludes its port. #1145 - Fixed delve patch not working on GoLand macOS when running go tests #1364
- Fixed issues when importing some packages in Python caused by PYTHONPATH to be used from the remote pod (add it to exclude)
- Added Clippy lint for slicing and indexing. #1049
- Eliminate unused variable warnings for E2E tests on macOS.
3.39.1 - 2023-04-21
- Updated IntelliJ usage gif.
- Add magic fix (by polling send_request) to (connection was not ready) hyper error. Also adds some more logs around HTTP stealer. #1302
- Fix arduino/setup-protoc rate limiting error.
3.39.0 - 2023-04-19
- Support for Node.js on IntelliJ - run/debug JavaScript scripts on IntelliJ with mirrord. #1284
- Use RemoteFile ops in gethostname to not have a local fd. #1202
- Fix latest tag
- Project build instructions in the testing guide now include the protoc dependency.
3.38.1 - 2023-04-19
- Release action should work now.
- Add protobuf-compiler to rust docs action
3.38.0 - 2023-04-18
- Add support for cri-o container runtime. #1258
- A descriptive message is now presented in the IntelliJ extension when no target is available. Listing targets failure is now handled and an error notification is presented. #1267
- Added waitlist registration via cli. Join the waitlist to try out first mirrord for Teams which is invite only at the moment. #1303
- Add email option to help messages. #1318
- When patching for SIP, use arm64 if possible (running on aarch64 and an arm64 binary is available). #1155
- Changed our Discord invite link to https://discord.gg/metalbear
- Change detour bypass to be more robust, not crashing in case it can't update the bypass #1320
- Added integration tests for outgoing UDP and TCP. #1051
- All Kubernetes resources are now deleted after E2E tests. Use
MIRRORD_E2E_PRESERVE_FAILED
environment variable to preserve resources from failed tests. All resources created for E2E tests now share a constant labelmirrord-e2e-test-resource=true
. #1256 - Added a debugging guide for the IntelliJ extension. #1278
- Add
impersonate
permission onuserextras/accesskeyid
,userextras/arn
,userextras/canonicalarn
anduserextras/sessionname
resources to operator setup. - Sometimes when using console logger mirrord crashes since tokio runtime isn't initialized, changed to just use a thread
3.37.0 - 2023-04-14
- Removed armv7 builds that were wrongly added
- Add
ignore_ports
toincoming
configuration so you can have ports that only listen locally (mirrord will not steal/mirror those ports). #1295 - Add support for
xstatfs
to prevent unexpected behavior with SQLite. #1270
- Improved bad target error #1291
- Optimize agent Dockerfile for better cache use #1280
- Cover more areas of the code and targets using clippy in CI and fix its warnings
- Rely more on Rusts own async trait and drop async-trait crate (the agent cant fully switch yet though). #use-rust-async-traits
3.36.0 - 2023-04-13
- Notify clients about errors happening in agent's background tasks. #1163
- Add support for the imagePullSecrets parameter on the agent pod. This can be specified in the configuration file, under agent.image_pull_secrets. #1276
- Fix pause E2E test. #1261
3.35.0 - 2023-04-11
- Added an error prompt to the VS Code extension when there is no available target in the configured namespace. #1266
- HTTP traffic stealer now supports HTTP/2 requests. #922
- Executable field was set to null if present, but no SIP patching was done. #1271
- Fixed random crash in
close_layer_fd
caused by supposed closing of stdout/stderr then calling to log that writes to it
- Use DashMap for
OPEN_DIRS
#1240 - Use DashMap for
MANAGED_ADDRINFO
#1241 - Use DashMap for
ConnectionQueue
#1242 - Implemented
Default
forSubscriptions
. Replaced usages ofSubscriptions::new
withDefault::default
. - Improve testing guide.
- Removed unnecessary trait bounds for
Default
implementation onIndexAllocator
. Replaced usages ofIndexAllocator::new
withDefault::default
. - Update contributing guide.
- Update testing and building docs, and add instructions for the IDE extensions.
3.34.0 - 2023-03-30
- Support for running SIP binaries via the vscode extension, for common configuration types. #1061
- Add the failed connection address on failure to debug easily
- New IntelliJ icons - feel free to give feedback
- Fix internal proxy receiving signals from terminal targeted for the mirrord process/parent process by using setsid #1232
- fix listing pods failing when config file exists on macOS #1245
- Use DashMap instead of Mutex for
SOCKETS
#1239 - Some small changes to make building the JetBrains plugin locally simpler.
- Update IntelliJ dependencies
- Update dependencies
- Update rust and remove unneccessary feature.
3.33.1 - 2023-03-28
- Add default requests and limits values to mirrord-operator setup (100m/100Mi).
- Change CLI's version update message to display the correct command when mirrord has been installed with homebrew. #1194
- fix using config with WSL on JetBrains #1210
- Fix internal proxy exiting before IntelliJ connects to it in some situations (maven). Issue was parent process closing causing child to exit. Fixed by waiting from the extension call to the child. #1211
- mirrord-cli: update cli so failing to use operator will fallback to no-operator mode. #1218
- Add option to install specific version using the
install.sh
script via command line argument orVERSION
environment variable #1222 - Change connection reset to be a trace message instead of error
- Error when agent exits.
-
Bring the testing documentation into the repo, link it in readme, and add some information.
-
Introduce CheckedInto trait to convert raw pointers (checking for null) in Detour values. #detours
-
Re-enable http mirror e2e tests.. #947
-
Change OPEN_FILES from Mutex HashMap to just using DashMap. #1206
-
Refactor file ops open/read/close to allow us to directly manipulate the remote file (in agent) withouht going through C (mainly used to not leak the remote file due to how gethostname works).
Change dup to take an argument that signals if we should change the fd from SOCKETS to OPEN_FILES (or vice-versa). #1202
3.33.0 - 2023-03-22
- Support for outgoing unix stream sockets (configurable via config file or environment variable). #1105
- Add version of hooked functions. #1203
- add
Hash
trait onmirrord_operator::license::License
struct - dependencies bump and cleanup
- fix mirrord loading twice (to build also) and improve error message when no pods found
- fix f-stream functions by removing its hooks and add missing underlying libc calls #947
- fix deadlock in go20 test (remove trace?) #1206
- set timeout for flaky/hanging test
3.32.3 - 2023-03-19
- change outgoing connection drop to be trace instead of error since it's not an error
- Support stealing on meshed services with ports specified in --skip-inbound-ports on linkerd and itsio equivalent. #1041
3.32.2 - 2023-03-14
- fix microk8s support by adding possible containerd socket path #1186
- fix gethostname null termination missing #1189
- Update webbrowser dependency to fix security issue.
3.32.1 - 2023-03-12
- fix mirroring not handling big requests - increase buffer size (in rawsocket dependency). also trace logs to not log the data. #1178
- fix environment regression by mixing the two approaches together. priority is proc > oci (via container api) #1180
-
compile/test speed improvements
- add CARGO_NET_GIT_FETCH_WITH_CLI=true to agent's Dockerfile since we found out it saves a lot of time on fetching (around takes 60s when using libgit2)
- change
rust-toolchain.toml
so it won't auto install unneeded targets always - remove
toolchain: nightly
parameter fromactions-rs/toolchain@v1
since it's not needed because we haverust-toolchain.toml
saves a lot of time on fetching (takes around 60s when using libgit2) - switch to use
actions-rust-lang/setup-rust-toolchain@v1
instead ofactions-rs/toolchain@v1
since it's deprecated and doesn't supportrust-toolchain.toml
- remove s
Swatinem/rust-cache@v2
since it's included inactions-rust-lang/setup-rust-toolchain@v1
- use latest version of
Apple-Actions/import-codesign-certs
to remove warnings
-
print logs of stealer/sniffer start failure
-
run docker/containerd runtime at the same time to make e2e faster
-
use base images for agent to reduce build time
3.32.0 - 2023-03-08
- mirrord-layer: changed result of
getsockname
to return requested socket onbind
instead of the detoured socket address #1047 - mirrord-layer: Added
SocketId
toUserSocket
as a better way of identifying sockets, part of #1054. #1054 - CHANGELOG - changed to use towncrier
- Change socket error on reading from outgoing sockets and mirror to be info instead of error
- Possible bug when bound address is bypassed and socket stays in
SOCKETS
map.
- Change release.yaml so pushing final tags will occur only on real releases
while manual releases will push into
ghcr.io/metalbear-co/mirrord-staging: ${{ github.sha }}
so we can leverage github CI for testing images. - Don't build builder image as part of the build, use a prebuilt image -
improve cd time
Use
taiki-e/install-action
instead ofcargo install
(compiles from source) for installingcross
. - Fix broken aarch build
- config:
ignore_localhost
tooutgoing
config for ignoring localhost connections, meaning it will connect to local instead of remote localhost. - config:
ignore_localhost
toincoming
config for ignoring localhost bound sockets, meaning it will not steal/mirror those. - combination of
ignore_localhost
inincoming
andoutgoing
can be useful when you run complex processes that does IPC over localhost. sip_binaries
to config file to allow specifying SIP-protected binaries that needs to be patched when mirrord doesn't detect those. See #1152.
- Unnecessary error logs when running a script that uses
env
in its shebang. - VSCode extension: running Python script with debugger fails because it tries to connect to the debugger port remotely.
- Big file leading to timeout: we found out that
bincode
doesn't do so well with large chunked messages so we limited remote read size to 1 megabyte, and read operation supports getting partial data until EOF. - mirrord-operator: fix silent fail when parsing websocket messages fails.
- improved mirrord cli help message.
- mirrord-config: Change
flush_connections
default totrue
, related to #1029.
- mirrord-layer: Added
port_mapping
underincoming
configuration to allow mapping local ports to custom remote port, for example you can listen on port 9999 locally and it will steal/mirror the remote 80 port ifport_mapping: [[9999, 80]]
. See #1129
- Fix issue when two (or more) containerd sockets exist and we use the wrong one. Fixes #1133.
- Invalid toml in environment variables configuration examples.
- Use container's runtime env instead of reading it from
/proc/{container_root_pid}/environ
as some processes (such as nginx) wipe it. Fixes #1135 - Removed the prefix "test" from all test names - #1065.
- Created symbolic link from the vscode directory to the
LICENSE
andCHANGELOG.md
files so that mirrord developers don't need to copy them there before building the app. - mirrord-layer:
socket
hook will now block ipv6 requests and will return EAFNOSUPPORT. See #1121.
- mirrord debug feature (for mirrord developers to debug mirrord): Cause the agent to exit early with an error.
- mirrord E2E tests: support for custom namespaces.
- Unpause the target container before exiting if the agent exits early on an error and the container is paused - #1111.
- intellij-plugin: fix issue where execution hangs when running using Gradle. Fixes #1120.
- intellij-plugin: fix issue where mirrord doesn't load into gradle, was found when fixing #1120.
- mirrord-agent: reintroduce
-o lo
back to iptable rules to prevent issue where outinging messags could be intersepted by mirrord as incoming ones. - mirrord-layer: binding same port on different IPs leads to a crash due to
ListenAlreadyExists
error. This is now ignored with ainfo
message since we can't know if the IP/Port was already bound or not. Created a follow up issue to complete implementation and error at application's bind.
- VSCode Extension: Fix wrong CLI path on Linux
- VSCode Extension: Fix wrong CLI path
- Fix error in VSCode extension compilation
- CI: fix error caused by missing dir
- Change VSCode extension to package all binaries and select the correct one based on the platform. Fixes #1101.
- agent: add log to error when handling a client message fails.
- agent: Make sniffer optional to support cases when it's not available and mirroring is not required.
- Update operator version
- mirrord now handles it when the local app closes a forwarded stolen tcp connection instead of exiting with an error. Potential fix for #1063.
- missing kubeconfig doesn't fail extensions (it failed because it first tried to resolve the default then used custom one)
- layer: Don't print error when tcp socket faces error as it can be a normal flow.
- internal proxy - set different timeout for
mirrord exec
and running from extension fixing race conditions when running from IntelliJ/VSCode. - Changed
with_span_events
fromFmtSpan::Active
toFmtSpan::NEW | FmtSpan::CLOSE
. Practically this means we will have less logs on enter/exit to span and only when it's first created and when it's closed. - JetBrains Plugin: Add debug logs for investigating user issues.
- JetBrains compatability: set limit from 222 (2022.2.4) since 221 isn't supported by us.
- Make
kubeconfig
setting effective always by using-f
inmirrord ls
. - mirrord agent can now run without sniffer, will not be able to mirror but can still steal. this is to enable users who have older kernel (4.20>=) to use the steal feature.
- VSCode Extension: Prevent double prompting of the user to select the target if not specified in config. See #1080.
- JetBrains enable support from 2021.3 (like we had in 3.14.3).
- mirrord-agent: localhost traffic (like healthprobes) won't be stolen by mirrord on meshed targets to allign behavior with non meshed targets. See #1070
- Filter out agent pods from
mirrord ls
, for better IDE UX. Closes #1045. - Not exiting on SIP-check fail. Instead, logging an error and letting the program fail as it would without mirrord. See #951.
- Fix cache does not work on test-agent workflow. See #251.
- CI: merge queue + branch protection issues
gethostname
detour that returns contents of/etc/hostname
from target pod. See relevant #1041.
getsockname
now returns the remote local address of the socket, instead of the local fake address of the socket. This should fix issues with Akka or other software that checks the local address and expects it to match the local ip of the pod. This breaks agent protocol (agent/layer need to match).- GoLand debug fails because of reading
/private/var/folders
remotely (trying to access self file?). fixed with filter change (see below)
- VSCode extension: update dialog message
- JetBrains: can now change focus from search field to targets using tab/shift+tab (for backwrad)
- Refactor - mirrord cli now spawns
internal proxy
which does the Kubernetes operations for the layer, so layer need not interact with k8s (solves issues with remote/local env mix) - filter: add `/private/var/folders" to default local read override
- filter: fixed regex for
/tmp
default local read override - disable flask e2e until we solve the glibc issue (probably fstream issue)
- Add a field to mirrord-config to specify custom path for kubeconfig , resolves #1027.
- Removed limit on future builds
untilBuild
in JetBrains plugin. - IntelliJ-ext: change the dialog to provide a sorted list and make it searchable, resolves #1031.
- mirrord-layer: Changed default to read AWS credentials + config from remote pod.
- Removed unused env var (
MIRRORD_EXTERNAL_ENV
) - mirrord-agent: Use
conntrack
to flush stealer connections (temporary fix for #1029).
- Added env guard to be used in cli + extension to prevent (self) misconfigurations (our kube settings being used from remote).
- mirrord-config: Fix disabled feature for env in config file,
env = false
should work. See #1015. - VS Code extension: release universal extension as a fallback for Windows and other platforms to be used with WSL/Remote development. Fixes #1017
- Fix
MIRRORD_AGENT_RUST_LOG
can't be more than info due to dependency on info log. - Fix pause feature not working in extension due to writing to stdout (changed to use trace)
DNSLookup
failures changed to be info log from error since it is a common case.- mirrord-agent: now prints "agent ready" instead of logging it so it can't be fudged with
RUST_LOG
control. - mirrord-agent:
agent::layer_recv
changed instrumentation to be trace instead of info. - mirrord-layer/agent: change ttl of job to be 1 second for cases where 0 means in cluster don't clean up.
- Convert go fileops e2e tests into integration tests. Part of #994.
- Rust: update rust toolchain (and agent rust
DOCKERFILE
) tonightly-2023-01-31
. - exec/spawn detour refactor #999.
- mirrord-layer: Partialy load mirrord on certian processes that spawn other processes to allow sip patch on the spawned process.
This to prevent breaking mirrord-layer load if parent process is specified in
--skip-processes
. (macOS only)
- mirrord-layer: DNS resolving doesn't work when having a non-OS resolver (using UDP sockets)
since
/etc/resolv.conf
and/etc/hosts
were in the local read override, leading to use the local nameserver for resolving. Fixes #989 - mirrord-agent: Infinite reading a file when using
fgets
/read_line
due to bug seeking to start of file. - Rare deadlock on file close that caused the e2e file-ops test to sometimes fail (#994).
- Support for Go's
os.ReadDir
on Linux (by hooking thegetdents64
syscall). Part of #120. - Test mirrord with Go 1.20rc3.
- mirrord-agent: Wrap agent with a parent proccess to doublecheck the clearing of iptables. See #955
- mirrord-layer: Change
HOOK_SENDER
fromOption
toOnceLock
.
- mirrord-agent: Handle HTTP upgrade requests when the stealer feature is enabled (with HTTP traffic) PR #973.
- E2E tests compile on MacOS.
- mirrord could not load into some newer binaries of node -
#987. Now hooking also
posix_spawn
, since node now useslibuv
'suv_spawn
(which in turn callsposix_spawn
) instead of libc'sexecvp
(which callsexecve
). - Read files from the temp dir (defined by the system's
TMPDIR
) locally, closes #986.
- Support impersonation in operator
- Go crash in some scenarios #834.
- Remove already deprecated
--no-fs
and--rw
options, that do not do anything anymore, but were still listed in the help message. - Bug: SIP would fail the second time to run scripts for which the user does not have write permissions.
- Change layer/cli logs to be to stderr instead of stdout to avoid mixing with the output of the application. Closes #786
- Code refactor: moved all file request and response types into own file.
- Changelog error failing the JetBrains release.
- mirrord-operator: replace operator api to use KubernetesAPI extension. #915
- tests: flaky passthrough fix. Avoid 2 agents running at the same time, add minimal sleep (1s)
- macOS x64/SIP(arm): fix double hooking
fstatat$INODE64
. Possible crash and undefined behavior.
- introduce
mirrord-console
- a utility to debug and investigate mirrord issues.
- Remove old fs mode
- cli: no
--rw
or--no-fs
. - layer: no
MIRRORD_FILE_OPS
/MIRRORD_FILE_RO_OPS
/MIRRORD_FILE_FILTER_INCLUDE
/MIRRORD_FILE_FILTER_EXCLUDE
- cli: no
- crash when
getaddrinfo
is bypassed and libc tries to free our structure. Closes #930 - Stealer hangs on short streams left open and fails on short closed streams to filtered HTTP ports - #926.
- Issue when connect returns
libc::EINTR
orlibc::EINPROGRESS
causing outgoing connections to fail. - config: file config updated to fix simple pattern of IncomingConfig. #933
- Agent now sends error encountered back to layer for better UX when bad times happen. (This only applies to error happening on connection-level).
- Partial ls flow for Go on macOS (implemented
fdopendir
andreaddir_r
). Closes #902 - New feature: HTTP traffic filter!
- Allows the user to steal HTTP traffic based on HTTP request headers, for example
Client: me
would steal requests that match this header, while letting unmatched requests (and non-HTTP packets) through to their original destinations.
- Allows the user to steal HTTP traffic based on HTTP request headers, for example
- Update the setup-qemu-action action to remove a deprecation warning in the Release Workflow
- stat functions now support directories.
- Possible bugs with fds being closed before time (we now handle dup'ing of fds, and hold those as ref counts)
- agent: Return better error message when failing to use
PACKET_IGNORE_OUTGOING
flag.
- Add brew command to README
- intellij plugin: mirrord icon should always load now.
- intellij plugin: on target selection cancel, don't show error - just disable mirrord for the run and show message.
- fixed setting a breakpoint in GoLand on simple app hanging on release build (disabled lto). - Fixes #906.
- Removed
disabled
in favor oflocal
infs
configuration.
- update
kube
dependency + bump other - update
dlv
packed with plugins.
- Add go to skipped processes in JetBrains plugin. Solving GoLand bug.
- Running on specific Kubernetes setups, such as Docker for Desktop should work again.
- Add golang stat hooks, closes #856
- agent: mount /var from host and reconfigure docker socket to /var/run/docker.sock for better compatibility
- Error on specifying namespace in configuration without path (pod/container/deployment). Closes #830
- IntelliJ plugin with new UI enabled now shows buttons. Closes #881
- Fix deprecation warnings (partially), update checkout action to version 3.
- Refactored detours to use new helper function
Result::as_hook
to simplify flow. (no change in behavior)
- Logging for IntelliJ plugin for debugging/bug reports.
- Crash when mirroring and state is different between local and remote (happens in Mesh). We now ignore messages that are not in the expected state. (as we can't do anything about it).
- agent: Fix typo in socket path for k3s environments
- intellij-plugin: fix missing telemetry/version check
- Add
__xstat
hook, fixes #867
- Fix build scripts for the refactored IntelliJ plugin
- agent: Add support for k3s envs
- IntelliJ plugin - refactor, uses cli like vs code.
- cli now loads env, removes go env stuff at load, might fix some bugs there.
- Create empty release to overcome temporary issue with VS Code marketplace publication
- vscode ext: use process env for running mirrord. Fixes #854
- layer + go - connect didn't intercept sometimes (we lacked a match). Fixes 851.
- cli: Set environment variables from cli to spawned process instead of layer when using
mirrord exec
. - cli: use miette for nicer errors
- cli: some ext exec preparations, nothing user facing yet.
- vs code ext: use cli, fixes some env bugs with go and better user experience.
- Don't add temp prefix when using
extract
command. - VS Code extension: mirrord enable/disable to be per workspace.
- VS Code extension: bundle the resources
- Add
/System
to default ignore list. - Remove
test_mirrord_layer
from CI as it's covered in integration testing.
- fd leak on Linux when using libuv (Node). Caused undefined behavior. Fixes #757.
- Better separation in mirrord cli.
- Adjust filters - all directory filters also filter the directory itself (for when lstat/stating the directory).
Added
/Applications
- Add
mirrord ls
which allows listing target path. Hidden from user at the moment, as for now it's meant for extension use only.
- Refactor e2e tests: split into modules based on functionality they test.
- internal refactor in mirrord-agent: Stealer feature changed from working per connection to now starting with
the agent itself ("global"). Got rid of
steal_worker
in favor of a similar abstraction to what we have insniffer.rs
(TcpConnectionStealer
that acts as the traffic stealing task, andTcpStealerApi
which bridges the communication between the agent and the stealer task). - Tests CI: don't wait for integration tests to start testing E2E tests.
- Add missing
fstat
/lstat
/fstatat
/stat
hooks.
- Weird crash that started happening after Frida upgrade on macOS M1.
- Fix asdf:
- Add
/tmp
not just/tmp/
to exclusion. - Add
.tool-version
to exclusion. fclose
was calling close which doesn't flush.
- Add
- IntelliJ Plugin: downgrade Java to version 11.
- IntelliJ Plugin: update platform version to 2022.3.
- Disable progress in mirrord-layer - can cause issues with forks and generally confusing now that agent is created by cli (and soon to be created by IDE plugin via cli).
- Update to Frida 16.0.7
- Add more paths to the default ignore list (
/snap
and*/.asdf/*
) - to fix asdf issues. - Add
/bin/
to default ignore list - asdf should be okay now! - Update GitHub action to use latest
rust-cache
- mirrord-operator: Add securityContext section for deployment in operator setup
- Fix
--fs-mode=local
didn't disable hooks as it was supposed to. - Fix hooking wrong libc functions because of lack of module specification - add function to resolve module name to hook from (libc on Unix,libsystem on macOS). Partially fixes asdf issue.
- E2E test for pause feature with service that logs http requests and a service that makes requests.
- mirrord-layer: automatic operator discovery and connection if deployed on cluster. (Discovery can be disabled with
MIRRORD_OPERATOR_ENABLE=false
).
- Added
/tmp/
to be excluded from file ops by default. Fixes #800.
- Reformatted a bit the file stuff, to make it more readable. We now have
FILE_MODE
instead ofFILE_OPS_*
internally. - Changed fileops test to also test write override (mirrord mode is read and override specific path)
--pause
feature (unstable). See #712.- operator setup cli feature.
- mirrord-layer: operator connection that can be used instad of using kubernetes api to access agents.
- CI: cancel previous runs of same PR.
- cli: set canonical path for config file to avoid possible issues when child processes change current working directory.
- config: Refactor config proc macro and behavior - we now error if a config value is wrong instead of defaulting.
- layer: panic on error instead of exiting without any message.
- CI: don't run CI on draft PRs.
- Update dependencies.
- Update to clap v4 (cli parser crate).
- Started deprecation of fsmode=disabled, use fsmode=local instead.
- Typo in
--agent-startup-timeout
flag.
- Agent dockerfile: fix build for cross arch
- Added clippy on macOS and cleaned warnings.
- release.yaml: Linux AArch64 for real this time. (embedded so was x64)
- Create agent in the cli and pass environment variables to exec'd process to improve agent re-use.
- IntelliJ: change default log level to warning (match cli/vscode).
- IntelliJ: don't show progress (can make some tests/scenarios fail).
- release.yaml: Build layer/cli with Centos 7 compatible glibc (AmazonLinux2 support).
- Change CPU/memory values requested by the Job agent to the lowest values possible.
- MacOS: Support for executing SIP binaries in user applications. We hook
execve
and create a SIP-free version of the binary on-the-go and execute that instead of the SIP binary. This means we now support running bash scripts with mirrord also on MacOS. Closes #649.
- Only warn about invalid certificates once per agent.
- Reduce tokio features to needed ones only.
- CI: Fix regex for homebrew formula
- Potentially ignoring write calls (
fd < 2
). - CI: Fix release for linux aarch64. Fixes #760.
- Possible cases where we don't close fds correctly.
- VS Code Extension: Fix crash when no env vars are defined in launch.json
- CLI: change temp lib file to only be created for new versions
- mirrord-config: refactored macro so future implementations will be easier
- Release: fix homebrew release step
- CI: fix
release_gh
zip file step
- CI: download shasums and add git username/email to make the homebrew release work
- Remove
unimplemented
for some IO cases, we now returnUnknown
instead. Also added warning logs for these cases to track. - Only recommend
--accept-invalid-certificates
on connection errors if not already set. - Terminate user application on connection error instead of only stopping mirrord.
- CI: Update homebrew formula on release, refer #484
- VS Code Extension: change extension to use the target specified in the mirrord config file, if specified, rather than show the pod dropdown
MIRRORD_AGENT_NETWORK_INTERFACE
environment variable/file config to let user control which network interface to use. Workaround for #670.- mirrord-config:
deprecated
andunstable
tags to MirrordConfg macro for messaging user when using said fields
- VS Code Extension: change extension to use a mirrord-config file for configuration
- VS Code Extension: use the IDE's telemetry settings to determine if telemetry should be enabled
- mirrord-layer: Remove
unwrap
from initialization functions. - Log level of operation bypassing log from warn to trace (for real this time).
- Perform filesystem operations for paths in
/home
locally by default (for real this time).
- VS Code Extension: add JSON schema
- Bypass SIP on MacOS on the executed binary, (also via shebang). See [#649]. This does not yet include binaries that are executed by the first binary.
- fix markdown job by adding the checkout action
- mirrord-agent: No longer resolves to
eth0
by default, now we first try to resolve the appropriate network interface, if this fails then we useeth0
as a last resort. Fixes #670.
- intelliJ: use custom delve on macos
- Release: fix broken docker build step caused by folder restructure
- using gcloud auth for kubernetes. (mistakenly loaded layer into it)
- debugging Go on VSCode. We patch to use our own delivered delve.
- Changed layer not to crash when connection is closed by agent. Closed #693.
- IntelliJ: fallback to using a textfield if listing namespaces fails
- mirrord-config: New
mirrord-schema.json
file that contains docs and types which should help the user write their mirrord config files. This file has to be manually generated (there is a test to help you remember).
- IntelliJ: Fix occurring of small namespace selection window and make mirrord dialogs resizable
- IntelliJ: Fix bug when pressing cancel in mirrord dialog and rerunning the application no mirrord window appears again
- VS Code: Fix crash occurring because it used deprecated env vars.
- mirrord-config: Take
schema
feature out of feature flag (now it's always on). - mirrord-config: Add docs for the user config types.
- mirrord-layer: Allow capturing tracing logs to file and print github issue creation link via MIRRORD_CAPTURE_ERROR_TRACE env variable
- Fix vscode artifacts where arm64 package was not released.
- IntelliJ plugin: if namespaces can't be accessed, use the default namespace
- Add
/home
to default file exclude list. - Changed log level of
Bypassing operation...
from warning to trace. - IntelliJ settings default to match CLI/VSCode.
- Fixed broken release step for VS Code Darwin arm64 version
- Fixed breaking vscode release step
- Fixed an issue with the release CI
- Update target file config to have
namespace
nested inside oftarget
and not a separatetarget_namespace
. See #587 and #667
- aarch64 release binaries (no go support yet, no IntelliJ also).
- mirrord-layer: Add
FileFilter
that allows the user to include or exclude file paths (with regex support) for file operations.
- mirrord-layer: Improve error message when user tries to run a program with args without
--
. - Add tests for environment variables passed to KubeApi for authentication feature for cli credential fetch
- Remove openssl/libssl dependency, cross compilation is easier now. (It wasn't needed/used)
- mirrord-config: Changed the way
fs
works: now it supports 2 modesSimple
andAdvanced
, whereSimple
is similar to the old behavior (enables read-only, read-write, or disable file ops), andAdvanced
allows the user to specify include and exclude (regexes) filters forFileFilter
. - Lint
README
and update it for--target
flag. - mirrord-layer: improve error message for invalid targets.
--pod-name
,--pod-namespace
,--impersonated_container_name
have been removed in favor of--target
,--target-namespace
- Env var to ignore ports used by a debugger for intelliJ/VSCode, refer #644
- Add changelog for intelliJ extension, closes #542
- Add filter for changelog to ci.yml
- Telemetry for intelliJ extension.
- Update intelliJ extension: lint & bump java version to 17.
- Added
/Users
and/Library
to path to ignore for file operations to improve UX on macOS. - Use same default options as CLI in intelliJ extension.
- Improve UI layout of intelliJ extension.
- Separate tcp and udp outgoing option in intelliJ extension.
- Tighter control of witch environment variables would be passed to the KubeApi when fetching credentials via cli in kube-config. See #637
- Lint Changelog and fix level of a "Changed" tag.
- File operations - following symlinks now works as expected. Previously, absolute symlinks lead to use our own path instead of target path.
For example, AWS/K8S uses
/var/run/..
for service account credentials. In many machines,/var/run
is symlink to/run
so we were using/run/..
instead of/proc/{target_pid}/root/run
. - Fix not reappearing window after pressing cancel-button in intelliJ extension.
- Telemetries, see TELEMETRY.md for more information.
- Added timeout for "waiting for pod to be ready..." in mirrord-layer to prevent unresponsive behavior. See #579
- IntelliJ Extension: Default log level to
ERROR
fromDEBUG
- Issue with bottlerocket where they use
/run/dockershim.sock
instead of the default containerd path. Add new path as fallback.
- Extended support for both
-s
and-x
wildcard matching, now supportsPREFIX_*
,*_SUFFIX
, ect. - Add to env default ignore
JAVA_HOME
,HOMEPATH
,CLASSPATH
,JAVA_EXE
as it's usually runtime that you don't want from remote. Possibly fixes issue discussed on Discord (used complained that they had to use absolute path and not relative). - Add
jvm.cfg
to default bypass for files. - Clarify wrong target error message.
- mirrord-layer: Improve error message in
connection::handle_error
.
- Don't ignore passed
--pod-namespace
argument, closes [#605] - Replace deprecated environment variables in IntelliJ plugin
- Issues with IntelliJ extension when debugging Kotlin applications
- Scrollable list for pods and namespaces for IntelliJ extension, closes [#610]
--impersonated-container-name
andMIRRORD_IMPERSONATED_CONTAINER_NAME
are deprecated in favor of--target
orMIRRORD_IMPERSONATED_TARGET
--pod-namespace
andMIRRORD_AGENT_IMPERSONATED_POD_NAMESPACE
are deprecated in favor of--target-namespace
andMIRRORD_TARGET_NAMESPACE
- release: VS Code extension release as stable and not pre-release.
- Dev container failing to execute
apt-get install -y clang
- Update some texts in documentation, READMEs, and extension package descriptions
- IntelliJ version check on enabling instead of on project start. Don't check again after less than 3 minutes.
- IntelliJ plugin crashing on run because both include and exclude were being set for env vars.
pwrite
hook (used bydotnet
);
- Issue #577. Changed non-error logs from
error!
totrace!
.
- Agent pod definition now has
requests
specifications to avoid being defaulted to high values. See #579. - Change VSCode extension configuration to have file ops, outgoing traffic, DNS, and environment variables turned on by default.
- update intelliJ extension: toggles + panel for include/exclude env vars
- Exclude internal configuration fields from generated schema.
- Issue #531. We now detect NixOS/Devbox usage and add
sh
to skipped list.
- Reuse agent - first process that runs will create the agent and its children will be able to reuse the same one to avoid creating many agents.
- Don't print progress for child processes to avoid confusion.
- Skip istio/linkerd-proxy/init container when mirroring a pod without a specific container name.
- Add "linkerd.io/inject": "disabled" annotation to pod created by mirrord to avoid linkerd auto inject.
- mirrord-layer: support
-target deployment/deployment_name/container/container_name
flag to run on a specific container. /nix/*
path is now ignored for file operations to support NixOS.- Shortcut
deploy
fordeployment
in target argument. - Added the ability to override environment variables in the config file.
- Print exit message when terminating application due to an unhandled error in the layer.
- mirrord-layer: refactored
pod_api.rs
to be more maintainble. - Use kube config namespace by default.
- mirrord-layer: Ignore
EAFNOSUPPORT
error reporting (valid scenario).
pread
hook (used bydotnet
);- mirrord-layer: ignore opening self-binary (temporal SDK calculates the hash of the binary, and it fails because it happens remotely)
- Layer integration tests with more apps (testing with Go only on MacOS because of known crash on Linux - [#380]). Closes [#472].
- Added progress reporting to the CLI.
- CI: use bors for merging! woohoo.
- Don't report InProgress io error as error (log as info)
- mirrord-layer: Added some
dotnet
files toIGNORE_FILES
regex set; - mirrord-layer: Added the
Detour
type for use in theops
modules instead ofHookResult
. This type supports returning aBypass
to avoid manually checking if a hook actually failed or if we should just bypass it; - mirrord-protocol: Reduce duplicated types around
read
operation; - Layer integration tests for more apps. Closes [#472].
- Rename http mirroring tests from
integration
tohttp_mirroring
since there are now also integration tests in other files. - Delete useless
e2e_macos
CI job. - Integration tests also display test process output (with mirrord logs) when they time out.
- CI: mirrord-layer UT and integration run in same job.
- .devcontainer: Added missing dependencies and also kind for running e2e tests.
- Fix IntelliJ Extension artifact - use glob pattern
- Use LabelSelector instead of app=* to select pods from deployments
- Added another protection to not execute in child processes from k8s auth by setting an env flag to avoid loading then removing it after executing the api.
- Release image for armv7 (Cloud ARM)
- Release for non-amd64 arch failed because of lack of QEMU step in the github action. Re-added it
- Replaced
pcap
dependency with our ownrawsocket
to make cross compiling faster and easier.
- Release CI: Remove another failing step
- Release CI: Temporarily comment out failing step
- Release CI: Fix checkout action position in intelliJ release.
- Layer integration test. Tests the layer's loading and hooking in an http mirroring simulation with a flask web app. Addresses but does not close [#472] (more integration tests still needed).
- Release CI: Fix paths for release artifacts
- mirrord-cli: added a SIP protection check for macos binaries, closes [#412]
- Fixed unused dependencies issue, closes [#494]
- Remove building of arm64 Docker image from the release CI
- Release CI: add extensions as artifacts, closes [#355]
- Remote operations that fail logged on
info
level instead oferror
because having a file not found, connection failed, etc can be part of a valid successful flow. - mirrord-layer: When handling an outgoing connection to localhost, check first if it's a socket we intercept/mirror, then just let it connect normally.
- mirrord-layer: removed
tracing::instrument
from*_detour
functions.
getaddrinfo
now usestrust-dns-resolver
when resolving DNS (previously it would do agetaddrinfo
call in mirrord-agent that could result in incompatibility between the mirrored pod and the user environments).- Support clusters running Istio. Closes [#485].
- Support impersonated deployments, closes [#293]
- Shorter way to select which deployment/pod/container to impersonate through
--target
orMIRRORD_IMPERSONATED_TARGET
, closes [#392] - mirrord-layer: Support config from file alongside environment variables.
- intellij-ext: Add version check, closes [#289]
- intellij-ext: better support for Windows with WSL.
--pod-name
orMIRRORD_AGENT_IMPERSONATED_POD_NAME
is deprecated in favor of--target
orMIRRORD_IMPERSONATED_TARGET
- tcp-steal working with linkerd meshing.
- mirrord-layer should exit when agent disconnects or unable to make initial connection
- Test that verifies that outgoing UDP traffic (only with a bind to non-0 port and a
call to
connect
) is successfully intercepted and forwarded.
- macOS binaries should be okay now.
- Ignore http tests because they are unstable, and they block the CI.
- Bundle arm64 binary into the universal binary for MacOS.
- release CI: Fix dylib path for
dd
.
- mirrord-layer: Fix
connect
returning error when called on UDP sockets and the outgoing traffic feature of mirrord is disabled. - mirrord-agent: Add a
tokio::time:timeout
toTcpStream::connect
, fixes golang issue where sometimes it would get stuck attempting to connect on IPv6. - intelliJ-ext: Fix CLion crash issue, closes [#317]
- vscode-ext: Support debugging Go, and fix issues with configuring file ops and traffic stealing.
- mirrord-layer: Remove check for ignored IP (localhost) from
connect
. - mirrord-layer: Refactor
connect
function to be less bloated. .dockerignore
now ignores more useless files (reduces mirrord-agent image build time, and size).- mirrord-agent: Use
tracing::instrument
for the outgoing traffic feature. - mirrord-agent:
IndexAllocator
now usesConnectionId
for outgoing traffic feature.
- mirrord-layer: Remove
tracing::instrument
fromgo_env::goenvs_unix_detour
. - mirrord-layer: Log to info instead of error when failing to write to local tunneled streams.
- mirrord-layer, mirrord-cli: new command line argument/environment variable -
MIRRORD_SKIP_PROCESSES
to provide a list of comma separated processes to not to load into. Closes [#298] , [#308] - release CI: add arm64e to the universal dylib
- intellij-ext: Add support for Goland
- mirrord-layer: Return errors from agent when
connect
fails back to the hook (previously we were handling these as errors in layer, soconnect
had slightly wrong behavior). - mirrord-layer: instrumenting error when
write_detur
is called to stdout/stderr - mirrord-layer: workaround for
presented server name type wasn't supported
error when Kubernetes server has IP for CN in certificate. [#388]
- mirrord-layer: Use
tracing::instrument
to improve logs.
- Outgoing UDP test with node. Closes [#323]
- Fix crash in VS Code extension happening because the MIRRORD_OVERRIDE_ENV_VARS_INCLUDE and MIRRORD_OVERRIDE_ENV_VARS_EXCLUDE vars being populated with empty values (rather than not being populated at all) .Closes [#413].
- Add exception to gradle when dylib/so file is not found. Closes [#345]
- mirrord-layer: Return errors from agent when
connect
fails back to the hook (previously we were handling these as errors in layer, soconnect
had slightly wrong behavior).
- Changed agent namespace to default to the pod namespace. Closes [#404].
- Code sign Apple binaries.
- CD - Update latest tag after release is published.
- In
go-e2e
test, callos.Exit
instead fo sendingSIGINT
to the process. - Install script now downloads latest tag instead of main branch to avoid downtime on installs.
- Fix Environment parsing error when value contained '=' Closes [#387].
- Fix bug in outgoing traffic with multiple requests in quick succession. Closes [#331].
- Add missing dependency breaking the VS Code release.
- New feature: UDP outgoing, mainly for Go DNS but should work for most use cases also!
- E2E: add tests for python's fastapi with uvicorn
- Socket ops -
connect
: ignore localhost and ports 50000 - 60000 (reserved for debugger) - Add "*.plist" to
IGNORE_REGEX
, refer [#350].
- Change all functionality (incoming traffic mirroring, remote DNS outgoing traffic, environment variables, file reads) to be enabled by default. Note that flags now disable functionality
- mirrord-layer: User-friendly error for invalid kubernetes api certificate
- mirrord-cli: Add random prefix to the generated shared lib to prevent Bus Error/EXC_BAD_ACCESS
- Support for Go 1.19>= syscall hooking
- Fix Python debugger crash in VS Code Extension. Closes [#350].
- Release arm64 agent image.
- Use selected namespace in IntelliJ plugin instead of always using default namespace.
- Fix bug where VS Code extension would crash on startup due to new configuration values not being the correct type.
- Unset DYLD_INSERT_LIBRARIES/LD_PRELOAD when creating the agent. Closes [#330].
- Fix NullPointerException in IntelliJ Extension. Closes [#335].
- FIx dylib/so paths for the IntelliJ Extension. Closes [#337].
- Add more configuration values to the VS Code extension.
- Warning when using remote tcp without remote DNS (can cause ipv6/v4 issues). Closes #327
- VS Code needed restart to apply kubectl config/context change. Closes 316.
- Fixed DNS feature causing crash on macOS on invalid DNS name due to mismatch of return codes. #321.
- Fixed DNS feature not using impersonated container namespace, resulting with incorrect resolved DNS names.
- mirrord-agent: Use
IndexAllocator
to properly generateConnectionId
s for the tcp outgoing feature. - tests: Fix outgoing and DNS tests that were passing invalid flags to mirrord.
- Go Hooks - use global ENABLED_FILE_OPS
- Support macOS with apple chip in the IntelliJ plugin. Closes #337.
- New feature: mirrord now supports TCP traffic stealing instead of mirroring. You can enable it by
passing
--tcp-steal
flag to cli.
- mirrord-layer: Go environment variables crash - run Go env setup in a different stack (should fix #292)
- mirrord-layer: Add
#![feature(let_chains)]
tolib.rs
to support new compiler version.
- CI:Release - Fix typo that broke the build
- New feature, tcp outgoing traffic. It's now possible to make
requests to a remote host from the staging environment context. You can enable this feature setting
the
MIRRORD_TCP_OUTGOING
variable to true, or using the-o
option in mirrord-cli. - mirrord-cli add login command for logging in to metalbear-cloud
- CI:Release - Provide zip and sha256 sums
- Environment variables feature on Golang programs. Issue #292 closed in #299
- CI - set typescript version at 4.7.4 to fix broken release action
- Support for Golang fileops
- IntelliJ Extension for mirrord
- mirrord-layer: Added common
Result
type to to reduce boilerplate, removed dependency ofanyhow
crate. - mirrord-layer: Split
LayerError
intoLayerError
andHookError
to distinguish between errors that can be handled by the layer and errors that can be handled by the hook. (no more requiring libc errno for each error!). Closes #247
- CI - remove usage of ubuntu-18.04 machines (deprecated)
- E2E - add basic env tests for bash scripts
- mirrord-agent - Update pcap library, hopefully will fix dropped packets (syn sometimes missed in e2e).
- mirrord-agent/layer - Sometimes layer tries to connect to agent before it finsihed loading, even though pod is running. Added watching the log stream for a "ready" log message before attempting to connect.
- E2E - describe all pods on failure and add file name to print of logs.
- E2E - print timestamp of stdout/stderr of
TestProcess
. - E2E - Don't delete pod/service on failure, instead leave them for debugging.
- mirrord-agent - Don't use
tokio::spawn
for spawningsniffer
(or any other namespace changing task) to avoid namespace-clashing/undefined behavior. Possibly fixing bugs. - Change the version check on the VS Code extension to happen when mirrord is enabled rather than when the IDE starts up.
- mirrord-layer: You can now pass
MIRRORD_AGENT_COMMUNICATION_TIMEOUT
as environment variable to control agent timeout. - Expand file system operations with
access
andfaccessat
hooks for absolute paths
- Ephemeral Containers didn't wait for the right condition, leading to timeouts in many cases.
- mirrord-layer: Wait for the correct condition in job creation, resolving startup/timeout issues.
- mirrord-layer: Add a sleep on closing local socket after receiving close to let local application respond before closing.
- mirrord-layer: Fix DNS issue where
ai_addr
would not live long enough (breaking the remote DNS feature).
- Removed unused dependencies from
mirrord-layer/Cargo.toml
. (Closes #220) - reduce e2e flakiness (add message sent on tcp listen subscription, wait for that message)
- reduce e2e flakiness - increase timeout time
- mirrord-layer - increase agent creation timeout (to reduce e2e flakiness on macOS)
- E2E - Don't do file stuff on http traffic to reduce flakiness (doesn't add any coverage value..)
- mirrord-layer - Change tcp mirror tunnel
select
to be biased so it flushes all data before closing it (better testing, reduces e2e flakiness) - E2E - unify resolve_node_host for linux and macOS with support for wsl provided Docker & Kubernetes
- E2E - add
trace
for tests to have paramaterized arguments printed - mirrord-agent - add debug print of args to identify runs
- E2E - remove double
--extract-path
parameter in tests - E2E - macOS colima start with 3 cores and 8GB of RAM.
- E2E - Increase agent communication timeout to reduce flakiness.
- mirrord-layer - add
DetourGuard
to prevent unwanted calls to detours from our code. - mirrord-layer - extract reused detours to seperate logic functions
- E2E - macOS run only sanity http mirror traffic with Python
- Add a flag for the agent,
--ephemeral-container
, to correctly refer to the filesystem i.e. refer to root path as/proc/1/root
when the flag is on, otherwise/
. - Add support for Golang on amd64 (x86-64).
- Assign a random port number instead of
61337
. (Reason: A forking process creates multiple agents sending traffic on the same port, causing addrinuse error.) mirrord-layer/socket
now usessocket2::SockAddr
to comply with Rust's new IP format.
- Fix filesystem tests to only run if the default path exists.
- Fix extension not running due to the node_modules directory not being packaged.
- New feature, remote DNS resolving.
It is now possible to use the remote's
addrinfo
by setting theMIRRORD_REMOTE_DNS
variable totrue
, or using the-d
option in mirrord-cli. - New feature, Ephemeral Containers.
Use Kubernetes beta feature
Ephemeral Containers
to mirror traffic with the--ephemeral-container
flag. - E2E tests on macos for Golang using the Gin framework.
- Refactored
mirrord-layer/socket
into a module structure similar tomirrord-layer/file
. - Refactored the error part of the many
Result<Response, ResponseError>
. - Refactored
file
related functions, createdFileHandler
and improved structure. - Refactored error handling in mirrord-layer.
- E2E: Collect minikube logs and fix collecting container logs
- E2E: macOS use colima instead of minikube.
- Refactored
mirrord-layer/lib.rs
- no more passing many arguments! :) - Refactored
mirrord-layer/lib.rs
- removeunwrap()
and propagate error usingResult
- Handle unwraps in fileops to gracefully exit and enable python fileops tests.
- Changed
addrinfo
toVecDeque
- fixes a potential bug (loss of order)
- mirrord-cli
exec
subcommand accepts--extract-path
argument to set the directory to extract the library to. Used for tests mainly. - mirrord-layer provides
MIRRORD_IMPERSONATED_CONTAINER_NAME
environment variable to specify container name to impersonate. mirrord-cli accepts argument to set variable. - vscode-ext provides quick-select for setting
MIRRORD_IMPERSONATED_CONTAINER_NAME
- Refactor e2e, enable only Node HTTP mirroring test.
- E2E: add macOS to E2E, support using minikube by env var.
- E2E: Skip loading to docker before loading to minikube (load directly to minikube..)
- layer: Environment variables now load before process starts, no more race conditions.
- Support connections that start with tcp flags in addition to Syn (on macOS CI we saw CWR + NS)
fcntl
error on macOS #184 by a workaround.
- Refactor(agent) - change
FileManager
to be per peer, thus removing the need of it being in a different task, moving the handling to the peer logic, change structure of peer handling to a struct. - Don't fail environment variable request if none exists.
- E2E: Don't assert jobs and pods length, to allow better debugging and less flakiness.
- Refactor(agent) - Main loop doesn't pass messages around but instead spawned peers interact directly with tcp sniffer. Renamed Peer -> Client and ClientID.
- Add context to agent/job creation errors (Fixes #112)
- Add context to stream creation error (Fixes #110)
- Change E2E to use real app, closes #149
- Add support for overriding a process' environment variables by setting
MIRRORD_OVERRIDE_ENV_VARS
totrue
. To filter out undesired variables, use theMIRRORD_OVERRIDE_FILTER_ENV_VARS
configuration with arguments such asFOO;BAR
.
- Remove
unwrap
from theFuture
that was waiting for Kube pod to spin up inpod_api.rs
. (Fixes #110) - Speed up agent container image building by using a more specific base image.
- CI: Remove building agent before building & running tests (duplicate)
- CI: Add Docker cache to Docker build-push action to reduce build duration.
- CD release: Fix universal binary for macOS
- Refactor: Change protocol + mirrord-layer to split messages into modules, so main module only handles general messages, passing down to the appropriate module for handling.
- Add a CLI flag to specify
MIRRORD_AGENT_TTL
- CI: Collect mirrord-agent logs in case of failure in e2e.
- Add "app" = "mirrord" label to the agent pod for log collection at ease.
- CI: Add sleep after local app finishes loading for agent to load filter make tests less flaky.
- Handle relative paths for open, openat
- Fix once cell renamings, PR #98165
- Enable the blocking feature of the
reqwest
library
- Compile universal binaries for MacOS. (Fixes #131)
- E2E small improvements, removing sleeps. (Fixes #99)
- File operations are now available behind the
MIRRORD_FILE_OPS
env variable, this means that mirrord now hooks into the following file functions:open
,fopen
,fdopen
,openat
,read
,fread
,fileno
,lseek
, andwrite
to provide a mirrored file system. - Support for running x64 (Intel) binary on arm (Silicon) macOS using mirrord. This will download and use the x64 mirrord-layer binary when needed.
- Add detours for fcntl/dup system calls, closes #51
- Add graceful exit for library extraction logic in case of error.
- Refactor the CI by splitting the building of mirrord-agent in a separate job and caching the agent image for E2E tests.
- Update bug report template to apply to the latest version of mirrord.
- Change release profile to strip debuginfo and enable LTO.
- VS Code extension - update dependencies.
- CLI & macOS: Extract to
/tmp/
instead of$TMPDIR
as the executed process is getting killed for some reason.
- Fix bug that caused configuration changes in the VS Code extension not to work
- Fix typos
- Prompt user to update if their version is outdated in the VS Code extension or CLI.
- Add support for docker runtime, closes #95.
- Add a keep-alive to keep the agent-pod from exiting, closes #63
Complete refactor and re-write of everything.
- The CLI/VSCode extension now use
mirrord-layer
which loads into debugged process usingLD_PRELOAD
/DYLD_INSERT_LIBRARIES
. It hooks some of the syscalls in order to proxy incoming traffic into the process as if it was running in the remote pod. - Mono repo
- Fixed unwraps inside of agent-creation, closes #191