Merge pull request #460 from djs55/prepare.0.3.0

djs55 · web-flow · commit c9726dc2c92b · 2019-02-07T07:39:11.000Z
Update CHANGES.md for v0.3.0
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,3 +1,29 @@
+### v0.3.0 (2019-02-06)
+
+* support multiplexing forwarded connections along one Hyper-V socket connection
+* add Kubernetes controller for exposing ports
+* go: move to go dep
+* support building Linux static binaries (with musl)
+* add a --gateway-forwards file for redirecting traffic to external services
+* udp: prevent too many flows exhausting all fds on the system
+* support forwarding to Unix domain sockets as well as TCP and UDP
+* go: move vmnet to its own package
+* test: add an nmap simulation test
+* vpnkit-{9pmount,tap}-vsock: fix operation on newer kernels with AF\_VSOCK
+* rename environment varible from DEBUG to VPNKIT\_DEBUG to avoid clashing with
+  other software
+* tcp: disable keep-alives: they were causing a space leak
+* http: HTTP/1.0 should default to Connection:close
+* icmp: don't log parse failures
+* ntp: remove the automatic NTP forward to localhost: use the --gateway-forwards
+  feature instead
+* http: handle Connection:close
+* http: consult the "localhost" names in the transparent proxy
+* http: support both hostnames and IPs in excludes
+* http: fix HTTP CONNECT
+* http: respect authorization headers
+* http: HEAD responses must not have bodies
+
 ### v0.2.0 (2018-01-03)
 
 * add 9pmount-vsock and tap-vsock helper programs
diff --git a/src/bin/main.ml b/src/bin/main.ml
@@ -796,7 +796,7 @@ let gateway_ip =
 let host_ip =
   let doc =
     Arg.info ~doc:
-      "IP address which represents the host. Connections to this IP will be forwarded to localhost on the host."
+      "IP address which represents the host. Connections to this IP will be forwarded to localhost on the host. Use the value 0.0.0.0 to disable this feature."
       [ "host-ip" ]
   in
   Arg.(value & opt string (Ipaddr.V4.to_string Configuration.default_host_ip) doc)
diff --git a/src/hostnet/slirp.ml b/src/hostnet/slirp.ml
@@ -474,7 +474,7 @@ struct
       clock: Clock.t;
       endpoint: Endpoint.t;
       udp_nat: Udp_nat.t;
-      dns_ips: Ipaddr.V4.t list;
+      dns_ips: Ipaddr.t list;
     }
     (** Proxies connections to services on localhost on the host *)
 
@@ -989,11 +989,11 @@ struct
     >>= fun switch ->
 
     (* Serve a static ARP table *)
-    let local_arp_table = [
-      c.Configuration.lowest_ip, client_macaddr;
-      c.Configuration.gateway_ip, c.Configuration.server_macaddr;
-      c.Configuration.host_ip, c.Configuration.server_macaddr;
-    ] in
+    let local_arp_table =
+      (c.Configuration.lowest_ip, client_macaddr)
+      :: (c.Configuration.gateway_ip, c.Configuration.server_macaddr)
+      :: (if Ipaddr.V4.(compare unspecified c.Configuration.host_ip = 0) then [] else [ c.Configuration.host_ip, c.Configuration.server_macaddr])
+    in
     Global_arp_ethif.connect switch
     >>= fun global_arp_ethif ->
 
@@ -1155,7 +1155,11 @@ struct
           Global_arp.input arp (Cstruct.shift buf Ethif_wire.sizeof_ethernet)
         | Ok (Ethernet { payload = Ipv4 ({ dst; _ } as ipv4 ); _ }) ->
           (* For any new IP destination, create a stack to proxy for
-             the remote system *)
+            the remote system *)
+          let localhost_ips =
+            if Ipaddr.V4.(compare unspecified c.Configuration.host_ip) = 0
+            then []
+            else [ Ipaddr.V4 c.Configuration.host_ip ] in
           if dst = c.Configuration.gateway_ip then begin
             begin
               let open Lwt_result.Infix in
@@ -1188,7 +1192,7 @@ struct
                   end in
               Udp_nat.set_send_reply ~t:udp_nat ~send_reply;
               Gateway.create clock endpoint udp_nat [ c.Configuration.gateway_ip ]
-                c.Configuration.host_names [ Ipaddr.V4 c.Configuration.host_ip ]
+                c.Configuration.host_names localhost_ips
             end >>= function
             | Error e ->
               Log.err (fun f ->
@@ -1200,13 +1204,13 @@ struct
               | Ok ()   -> ()
               | Error e ->
                 Log.err (fun f -> f "failed to read TCP/IP input: %a" pp_error e);
-          end else if dst = c.Configuration.host_ip then begin
+          end else if dst = c.Configuration.host_ip && Ipaddr.V4.(compare unspecified c.Configuration.host_ip <> 0) then begin
             begin
               let open Lwt_result.Infix in
               find_endpoint dst >>= fun endpoint ->
               Log.debug (fun f ->
                   f "creating localhost TCP/IP proxy for %a" Ipaddr.V4.pp_hum dst);
-              Localhost.create clock endpoint udp_nat [ c.Configuration.host_ip ]
+              Localhost.create clock endpoint udp_nat localhost_ips
             end >>= function
             | Error e ->
               Log.err (fun f ->
@@ -1225,7 +1229,7 @@ struct
               Log.debug (fun f ->
                   f "create remote TCP/IP proxy for %a" Ipaddr.V4.pp_hum dst);
               Remote.create endpoint udp_nat icmp_nat
-                c.Configuration.host_names [ Ipaddr.V4 c.Configuration.host_ip ]
+                c.Configuration.host_names localhost_ips
             end >>= function
             | Error e ->
               Log.err (fun f ->
@@ -1465,11 +1469,10 @@ struct
     Log.info (fun f -> f "Configuration %s" (Configuration.to_string c));
     let global_arp_table : arp_table = {
       mutex = Lwt_mutex.create();
-      table = [
-        c.Configuration.gateway_ip, c.Configuration.server_macaddr;
-        c.Configuration.host_ip,    c.Configuration.server_macaddr;
-      ];
-
+      table =
+        (c.Configuration.gateway_ip, c.Configuration.server_macaddr)
+        :: (if Ipaddr.V4.(compare unspecified c.Configuration.host_ip) = 0 then []
+            else [c.Configuration.host_ip,  c.Configuration.server_macaddr ]);
     } in
     let client_uuids : uuid_table = {
       mutex = Lwt_mutex.create();
