This report covers weekly developments in the moby/vpnkit, mirage/ocaml-dns, mirage/ocaml-hvsock, djs55/ocaml-osx-dnssd, mirage/mirage-tcpip and djs55/ocaml-dns-forward repositories. These form the basis of the VPNKit toolkit used to translate container network traffic into native platform socket calls on Windows and OSX.
VPNKit now has an experimental transparent HTTP proxy builtin, which lets it
proxy all outgoing traffic on port 80 at the HTTP level, and all outgoing
traffic on port 443 via HTTP CONNECT
. This has the advantage that the client
doesn't need to know it's being proxied so that if the client moves on the
network everything continues to work. (moby/vpnkit#225 @djs55).
Scalability of VPNKit was also improved for a large number of connections,
and is now configurable via the --listen-backlog <n>
flag.
Various spurious DNS failures were also fixed, leading to the release of mirage/ocaml-dns:0.20.1.
One area where we could use contributions in TCP/IP is with the test suite, to help spot regressions in performance and retransmission behaviour. Please see mirage/mirage-tcpip#140 or mirage/mirage-tcpip#314 for more information, as well as the testing tcpip page on the MirageOS dev wiki.
- Add an experimental transparent HTTP proxy (moby/vpnkit#225 @djs55)
- Avoid logging spurious DNS AAAA lookup failures (moby/vpnkit#226 @djs55)
- Fix warnings, selectively re-enable
-warn-error
(moby/vpnkit#222 @djs55) - Add command-line argument
--listen-backlog <n>
(moby/vpnkit#223 @djs55) - Packaging: Update upstream packages (moby/vpnkit#224 @djs55)
- Update to Lwt.3.0.0 (mirage/ocaml-dns#136 @samoht)
- Update CHANGES (mirage/ocaml-dns#140 @samoht)
- Add missing
doc
field in opam file (mirage/ocaml-dns#141 @samoht) - Test MTUs in TCP/IP (mirage/mirage-tcpip#313 @djs55)
- Switch to jbuilder and topkg for fast builds in hvsock (mirage/ocaml-hvsock#53)
Other reports in this series can be browsed directly in the repository at moby/vpnkit:/reports.