v0.6.0

v0.6.0

• Fixed broken links in README by @ryuichi1208 in #516
• Work around build failure in uri package by @djs55 in #517
• circleci: bump to Xcode 12 by @djs55 in #518
• Remove datakit-based git database configuration mechanism by @djs55 in #519
• Remove Mac-specific DNSServiceRef resolver by @djs55 in #521
• Improve dockerfile build by @djs55 in #522
• Improve / simplify logging by @djs55 in #523
• Bump lwt to latest version 5.4.0 by @djs55 in #524
• jbuilder is deprecated, so use dune (the new name for jbuilder) by @djs55 in #525
• Bump base64 to >= 3.0.0 by @djs55 in #526
• CircleCI: restore the COMMIT and OSS-LICENSES artifacts by @djs55 in #528
• go: switch to go.mod, Mac build fixes by @djs55 in #514
• Update OCaml to 4.12 by @djs55 in #530
• Fix and speed up CircleCI by @djs55 in #532
• Base idle time calculations on a CPU counter, not a wall clock by @djs55 in #527
• Propose ebriney as a new maintainer by @djs55 in #533
• ounit: correct download URL by @djs55 in #529
• Exposing a port should be idempotent and fix an ephemeral port leak by @djs55 in #531
• Update base image and cleanup Dockerfile for kube-vpnkit-forwarder by @aiordache in #536
• Set O_CLOEXEC on received file descriptors by @djs55 in #537
• transport: allow named pipe SecurityDescriptor to be set by @djs55 in #538
• Vendor the OCaml DNS code by @djs55 in #542
• Ignore a dup SYN for older connections as well by @yamt in #546
• Update all the OCaml dependencies by @djs55 in #543
• Update dependencies again, attempt to re-enable appveyor by @djs55 in #552
• appveyor: enable tests, build artifacts by @djs55 in #553
• licenses: add dune.2.9.2 by @djs55 in #554
• licenses: include name and license type (e.g. SPDX) by @djs55 in #555
• Simplify build instructions by @djs55 in #559
• HTTP: add an optional allow list to the proxy by @djs55 in #558
• go: fix typo in struct field name by @djs55 in #560
• Update go mod to 1.17 by @mat007 in #561
• Update go mod to 1.17 by @mat007 in #562
• vpnkit-forwarder: avoid -data-connect spinning by @djs55 in #563
• Update licenses and add lower bound on mirage-entropy by @djs55 in #567
• Update licenses versions by @mat007 in #569
• logging: ensure we don't block the stack by @djs55 in #566
• Fix typo in licenses by @mat007 in #571
• Fix warning 16 (optional argument cannot be erased) by @djs55 in #540
• Don't calculate high_ip in DHCP configuration and zap outdated comment by @haesbaert in #556
• switch: request a large enough buffer for the MTU by @djs55 in #574
• http: send more informative reason phrases in errors by @djs55 in #573
• Improve logs, demote some errors to warnings by @djs55 in #575
• Add Frederic as a maintainer by @djs55 in #579
• Unlisten sockets after they disconnect by @fredericdalleau in #580
• metadata fixes for opam/ocaml versions by @avsm in #584
• libproxy: allow read/write buffers to be set by @djs55 in #582
• libproxy: ability to Close(), expose NewLoopback() by @djs55 in #583
• Replace Uwt with Luv by @djs55 in #539
• circleci: bump to latest xcode, macOS 10.15 by @djs55 in #594
• attempt to fix ocaml-ci by @djs55 in #595
• Ensure uname subprocess is cleaned up by @tmoschou in #593
• Add a mechanism to forward outgoing TCP via a Unix domain socket by @djs55 in #590
• HTTP: add --http-proxy-api by @djs55 in #598
• ocaml: bump to 4.14 by @djs55 in #600
• logger: guarantee to flush the logs on exit by @djs55 in #601
• luv: calling read_start after close can segfault by @djs55 in #607
• dhcp: offer very long leases by @djs55 in #603
• Update licenses by @djs55 in #609
• go: add missing functions and unit tests for tunnel pkg by @djs55 in #613
• vendor: update golang.org/x/sys by @djs55 in #614
• build(deps): bump github.com/emicklei/go-restful from 2.4.0+incompatible to 2.16.0+incompatible by @dependabot in #615
• tweak some of the instructions for setting up on a new machine by @nicks in #612
• go: libproxy: don't hold the metadata mutex while writing by @djs55 in #616
• build(deps): bump github.com/gogo/protobuf from 1.2.1 to 1.3.2 by @dependabot in #617
• go: skip a Unix test on Windows by @djs55 in #622
• go: use deadlock.Mutex to check for deadlocks by @djs55 in #620
• go: avoid possible overflow of the Write window by @djs55 in #619
• go: allow concurrent Write calls by @djs55 in #621
• go: don't hold the metadata mutex and then acquire the channel mutex by @djs55 in #626
• Revert "go: use deadlock.Mutex to check for deadlocks" by @fredericdalleau in #629
• Minor updates to vpnkit-forwarder by @djs55 in #631
• multiplexer: don't fail if Close() is called concurrently to Read(), Write() by @djs55 in #632
• vmnetd: fix DHCP response parser by @djs55 in #633
• deps: bump dependencies by @milas in #635
• Add version to package file and pin dependencies to fix build by @LaurentGoderre in #641
• Fix build with latest dune by @avsm in #642
• Correctly return NOERROR even if host resolver returned empty list by @dan0dbfe in #645
• Add GHA workflow to build image by @vvoland in #647
• gha: Fix registry repo by @vvoland in #648

New Contributors

• @ryuichi1208 made their first contribution in #516
• @aiordache made their first contribution in #536
• @yamt made their first contribution in #546
• @mat007 made their first contribution in #561
• @haesbaert made their first contribution in #556
• @fredericdalleau made their first contribution in #580
• @tmoschou made their first contribution in #593
• @dependabot made their first contribution in #615
• @nicks made their first contribution in #612
• @milas made their first contribution in #635
• @LaurentGoderre made their first contribution in #641
• @dan0dbfe made their first contribution in #645
• @vvoland made their first contribution in #647

Full Changelog: v0.5.0...v0.6.0

Easier multi-arch image building

• build a multi-arch image for both arm64 and amd64
• go: use narrower UDPListener interface
• Handle random port correctly: report assigned port
• correct the ounit url
• go: remove hardcoded GOARCH to support multiarch builds
• transport: fix off-by-one in Unix socket code
• transport: max socket length is different on Linux
• transport: use the path shortener for all Unix domain sockets
• transport: move the path shortening functions to unix_unix.go
• transport: work around Unix socket path lengths on Darwin
• Add guillaumerose to maintainer list
• Upgrade linuxkit/virtsock vendoring
• Isolate vpnkit http server in a separate package

more Go code

• vpnkit: clarify that --host-ip 0.0.0.0 disables the feature
• mux: avoid desynchronising the stream over a short io.Copy
• mux: reconnect if the dialer fails
• mux: close channels after shutdown
• mux: don't send shutdown after close
• mux: allow longer paths when forwarding Unix domain sockets
• re-add vpnkit-expose-port as vpnkit-userspace-proxy
• vpnkit-userspace-proxy: bind ports on a best-effort basis
• k8s: when calling OnUpdate controller now closes removed ports
• dns: if the UDP response is over 512 bytes, truncate and set the truncated bit
• vmnet: remove dhcp pcap
• revendor virtsock: support upstream kernels without AF_HVSOCK patches
• implement the host side of the vpnkit-forwarder protocol in Go (previously was OCaml)

Lots of bugs fixed

• support multiplexing forwarded connections along one Hyper-V socket connection
• add Kubernetes controller for exposing ports
• go: move to go dep
• support building Linux static binaries (with musl)
• add a --gateway-forwards file for redirecting traffic to external services
• udp: prevent too many flows exhausting all fds on the system
• support forwarding to Unix domain sockets as well as TCP and UDP
• go: move vmnet to its own package
• test: add an nmap simulation test
• vpnkit-{9pmount,tap}-vsock: fix operation on newer kernels with AF_VSOCK
• rename environment varible from DEBUG to VPNKIT_DEBUG to avoid clashing with other software
• tcp: disable keep-alives: they were causing a space leak
• http: HTTP/1.0 should default to Connection:close
• icmp: don't log parse failures
• ntp: remove the automatic NTP forward to localhost: use the --gateway-forwards
  feature instead
• http: handle Connection:close
• http: consult the "localhost" names in the transparent proxy
• http: support both hostnames and IPs in excludes
• http: fix HTTP CONNECT
• http: respect authorization headers
• http: HEAD responses must not have bodies

Support OCaml 4.06

• add 9pmount-vsock and tap-vsock helper programs
• add missing command-line options and support running without the database
• add go library and helper tools to expose ports
• tcp: enable keep-alives
• tcp: disable nagle
• udp: drop packets with incorrect source addresses
• test: record one .pcap trace per test
• icmp: add support for ping
• dns: use persistent TCP connections but transient UDP "connections" to increase
  the request entropy
• dns: increase scalability on the Mac
• http: add a regular HTTP proxy (as well as the transparent one)
• windows: use RtlGenRandom for entropy
• windows: be more robust to Hyper-V socket failures
• fix build with -safe-string and OCaml 4.06
• support builds with the system OCaml compiler
• socket protocol updated to v22:
  • support error messages returned to client for Ethernet and Preferred_ipv4
    slirp commands
  • allow client to request an IPv4 address without encoding it in the UUID
  • v1 no longer supported, clients have to be updated. Version 22 is used to
    match the current version number in Docker for Desktop.

Fix the released package build

v0.1.1 (2017-08-17)

• simplify the build by watermarking with jbuilder subst
• fix the build of the released package archive

Update to Mirage 3 interfaces

v0.1.0 (2017-08-17)

• use Mirage 3 interfaces
• add support for ICMP ECHO_REQUESTS
• add support for transparent HTTP/HTTPS proxying