Merge remote-tracking branch 'metalbear-co/main' into issue/2572/ipta…

…bles-update

CHANGELOG.md

@@ -8,6 +8,21 @@ This project uses [*towncrier*](https://towncrier.readthedocs.io/) and the chang
 
 <!-- towncrier release notes start -->
 
+## [3.110.0](https://github.com/metalbear-co/mirrord/tree/3.110.0) - 2024-07-12
+
+
+### Added
+
+- Added experimental.trust_any_certificate to enable making app trust any
+  certificate on macOS
+  [#2576](https://github.com/metalbear-co/mirrord/issues/2576)
+
+
+### Fixed
+
+- Fix empty request streaming hanging forever
+  [#2590](https://github.com/metalbear-co/mirrord/issues/2590)
+
 ## [3.109.0](https://github.com/metalbear-co/mirrord/tree/3.109.0) - 2024-07-10
 
 

Cargo.toml

@@ -25,7 +25,7 @@ resolver = "2"
 
 # latest commits on rustls suppress certificate verification
 [workspace.package]
-version = "3.109.0"
+version = "3.110.0"
 edition = "2021"
 license = "MIT"
 readme = "README.md"

changelog.d/2597.fixed.md

@@ -0,0 +1 @@
+Remove automatic ignore of incoming/outgoing traffic for ports 50000-60000

mirrord-schema.json

@@ -617,20 +617,28 @@
       "type": "object",
       "properties": {
         "readlink": {
-          "title": "_experimental_ readlink {#fexperimental-readlink}",
+          "title": "_experimental_ readlink {#experimental-readlink}",
           "description": "Enables the `readlink` hook.",
           "type": [
             "boolean",
             "null"
           ]
         },
         "tcp_ping4_mock": {
-          "title": "_experimental_ tcp_ping4_mock {#fexperimental-tcp_ping4_mock}",
+          "title": "_experimental_ tcp_ping4_mock {#experimental-tcp_ping4_mock}",
           "description": "<https://github.com/metalbear-co/mirrord/issues/2421#issuecomment-2093200904>",
           "type": [
             "boolean",
             "null"
           ]
+        },
+        "trust_any_certificate": {
+          "title": "_experimental_ trust_any_certificate {#experimental-trust_any_certificate}",
+          "description": "Enables trusting any certificate on macOS, useful for <https://github.com/golang/go/issues/51991#issuecomment-2059588252>",
+          "type": [
+            "boolean",
+            "null"
+          ]
         }
       },
       "additionalProperties": false

mirrord/agent/src/steal/connection.rs

@@ -27,6 +27,7 @@ use tokio::{
     sync::mpsc::{Receiver, Sender},
 };
 use tokio_util::sync::CancellationToken;
+use tracing::warn;
 
 use crate::{
     error::{AgentError, Result},
@@ -154,6 +155,7 @@ impl Client {
         let tx = self.tx.clone();
 
         tokio::spawn(async move {
+            tracing::trace!(?request.connection_id, ?request.request_id, ?chunked, ?framed, "starting request");
             // Chunked data is preferred over framed data
             if chunked {
                 // Send headers
@@ -171,7 +173,9 @@ impl Client {
                 ) = request.request.into_parts();
                 match body.next_frames(true).await {
                     Err(..) => return,
-                    Ok(Frames { frames, is_last }) => {
+                    // We don't check is_last here since loop will finish when body.next_frames()
+                    // returns None
+                    Ok(Frames { frames, .. }) => {
                         let frames = frames
                             .into_iter()
                             .map(InternalHttpBodyFrame::try_from)
@@ -190,7 +194,9 @@ impl Client {
                                 request_id,
                                 port: request.port,
                             }));
-                        if tx.send(message).await.is_err() || is_last {
+
+                        if let Err(e) = tx.send(message).await {
+                            warn!(?e, ?connection_id, ?request_id, ?request.port, "failed to send chunked request start");
                             return;
                         }
                     }
@@ -212,7 +218,13 @@ impl Client {
                                     request_id,
                                 },
                             ));
-                            if tx.send(message).await.is_err() || is_last {
+
+                            if let Err(e) = tx.send(message).await {
+                                warn!(?e, ?connection_id, ?request_id, ?request.port, "failed to send chunked request body");
+                                return;
+                            }
+
+                            if is_last {
                                 return;
                             }
                         }

mirrord/config/src/experimental.rs

@@ -10,22 +10,29 @@ use crate::config::source::MirrordConfigSource;
 #[config(map_to = "ExperimentalFileConfig", derive = "JsonSchema")]
 #[cfg_attr(test, config(derive = "PartialEq, Eq"))]
 pub struct ExperimentalConfig {
-    /// ## _experimental_ tcp_ping4_mock {#fexperimental-tcp_ping4_mock}
+    /// ## _experimental_ tcp_ping4_mock {#experimental-tcp_ping4_mock}
     ///
     /// <https://github.com/metalbear-co/mirrord/issues/2421#issuecomment-2093200904>
     #[config(default = true)]
     pub tcp_ping4_mock: bool,
 
-    /// ## _experimental_ readlink {#fexperimental-readlink}
+    /// ## _experimental_ readlink {#experimental-readlink}
     ///
     /// Enables the `readlink` hook.
     #[config(default = false)]
     pub readlink: bool,
+
+    /// # _experimental_ trust_any_certificate {#experimental-trust_any_certificate}
+    ///
+    /// Enables trusting any certificate on macOS, useful for <https://github.com/golang/go/issues/51991#issuecomment-2059588252>
+    #[config(default = false)]
+    pub trust_any_certificate: bool,
 }
 
 impl CollectAnalytics for &ExperimentalConfig {
     fn collect_analytics(&self, analytics: &mut mirrord_analytics::Analytics) {
         analytics.add("tcp_ping4_mock", self.tcp_ping4_mock);
         analytics.add("readlink", self.readlink);
+        analytics.add("trust_any_certificate", self.trust_any_certificate);
     }
 }