Merge branch 'main' into improve-operator-error-handling

CHANGELOG.md

@@ -8,6 +8,23 @@ This project uses [*towncrier*](https://towncrier.readthedocs.io/) and the chang
 
 <!-- towncrier release notes start -->
 
+## [3.75.1](https://github.com/metalbear-co/mirrord/tree/3.75.1) - 2023-11-14
+
+
+### Fixed
+
+- Add a hook for
+  [gethostbyname](https://www.man7.org/linux/man-pages/man3/gethostbyname.3.html)
+  to allow erlang/elixir to resolve DNS.
+  [#2055](https://github.com/metalbear-co/mirrord/issues/2055)
+- Change spammy connect log's level from info to trace.
+
+
+### Internal
+
+- Documentation of `env` config pattern matching.
+
+
 ## [3.75.0](https://github.com/metalbear-co/mirrord/tree/3.75.0) - 2023-11-08
 
 

Cargo.toml

@@ -23,7 +23,7 @@ resolver = "2"
 
 # latest commits on rustls suppress certificate verification
 [workspace.package]
-version = "3.75.0"
+version = "3.75.1"
 edition = "2021"
 license = "MIT"
 readme = "README.md"

mirrord-schema.json

@@ -429,12 +429,12 @@
       }
     },
     "EnvFileConfig": {
-      "description": "Allows the user to set or override the local process' environment variables with the ones from the remote pod.\n\nWhich environment variables to load from the remote pod are controlled by setting either [`include`](#feature-env-include) or [`exclude`](#feature-env-exclude).\n\nSee the environment variables [reference](https://mirrord.dev/docs/reference/env/) for more details.\n\n```json { \"feature\": { \"env\": { \"include\": \"DATABASE_USER;PUBLIC_ENV\", \"exclude\": \"DATABASE_PASSWORD;SECRET_ENV\", \"override\": { \"DATABASE_CONNECTION\": \"db://localhost:7777/my-db\", \"LOCAL_BEAR\": \"panda\" } } } } ```",
+      "description": "Allows the user to set or override the local process' environment variables with the ones from the remote pod.\n\nWhich environment variables to load from the remote pod are controlled by setting either [`include`](#feature-env-include) or [`exclude`](#feature-env-exclude).\n\nSee the environment variables [reference](https://mirrord.dev/docs/reference/env/) for more details.\n\n```json { \"feature\": { \"env\": { \"include\": \"DATABASE_USER;PUBLIC_ENV;MY_APP_*\", \"exclude\": \"DATABASE_PASSWORD;SECRET_ENV\", \"override\": { \"DATABASE_CONNECTION\": \"db://localhost:7777/my-db\", \"LOCAL_BEAR\": \"panda\" } } } } ```",
       "type": "object",
       "properties": {
         "exclude": {
           "title": "feature.env.exclude {#feature-env-exclude}",
-          "description": "Include the remote environment variables in the local process that are **NOT** specified by this option.\n\nSome of the variables that are excluded by default: `PATH`, `HOME`, `HOMEPATH`, `CLASSPATH`, `JAVA_EXE`, `JAVA_HOME`, `PYTHONPATH`.\n\nValue is a list separated by \";\".",
+          "description": "Include the remote environment variables in the local process that are **NOT** specified by this option. Variable names can be matched using `*` and `?` where `?` matches exactly one occurrence of any character and `*` matches arbitrary many (including zero) occurrences of any character.\n\nSome of the variables that are excluded by default: `PATH`, `HOME`, `HOMEPATH`, `CLASSPATH`, `JAVA_EXE`, `JAVA_HOME`, `PYTHONPATH`.\n\nCan be passed as a list or as a semicolon-delimited string (e.g. `\"VAR;OTHER_VAR\"`).",
           "anyOf": [
             {
               "$ref": "#/definitions/VecOrSingle_for_String"
@@ -446,7 +446,7 @@
         },
         "include": {
           "title": "feature.env.include {#feature-env-include}",
-          "description": "Include only these remote environment variables in the local process.\n\nValue is a list separated by \";\".\n\nSome environment variables are excluded by default (`PATH` for example), including these requires specifying them with `include`",
+          "description": "Include only these remote environment variables in the local process. Variable names can be matched using `*` and `?` where `?` matches exactly one occurrence of any character and `*` matches arbitrary many (including zero) occurrences of any character.\n\nCan be passed as a list or as a semicolon-delimited string (e.g. `\"VAR;OTHER_VAR\"`).\n\nSome environment variables are excluded by default (`PATH` for example), including these requires specifying them with `include`",
           "anyOf": [
             {
               "$ref": "#/definitions/VecOrSingle_for_String"

mirrord/config/src/feature/env.rs

@@ -21,7 +21,7 @@ use crate::{
 /// {
 ///   "feature": {
 ///     "env": {
-///       "include": "DATABASE_USER;PUBLIC_ENV",
+///       "include": "DATABASE_USER;PUBLIC_ENV;MY_APP_*",
 ///       "exclude": "DATABASE_PASSWORD;SECRET_ENV",
 ///       "override": {
 ///         "DATABASE_CONNECTION": "db://localhost:7777/my-db",
@@ -38,8 +38,10 @@ pub struct EnvConfig {
     /// ### feature.env.include {#feature-env-include}
     ///
     /// Include only these remote environment variables in the local process.
+    /// Variable names can be matched using `*` and `?` where `?` matches exactly one occurrence of
+    /// any character and `*` matches arbitrary many (including zero) occurrences of any character.
     ///
-    /// Value is a list separated by ";".
+    /// Can be passed as a list or as a semicolon-delimited string (e.g. `"VAR;OTHER_VAR"`).
     ///
     /// Some environment variables are excluded by default (`PATH` for example), including these
     /// requires specifying them with `include`
@@ -50,11 +52,13 @@ pub struct EnvConfig {
     ///
     /// Include the remote environment variables in the local process that are **NOT** specified by
     /// this option.
+    /// Variable names can be matched using `*` and `?` where `?` matches exactly one occurrence of
+    /// any character and `*` matches arbitrary many (including zero) occurrences of any character.
     ///
     /// Some of the variables that are excluded by default:
     /// `PATH`, `HOME`, `HOMEPATH`, `CLASSPATH`, `JAVA_EXE`, `JAVA_HOME`, `PYTHONPATH`.
     ///
-    /// Value is a list separated by ";".
+    /// Can be passed as a list or as a semicolon-delimited string (e.g. `"VAR;OTHER_VAR"`).
     #[config(env = "MIRRORD_OVERRIDE_ENV_VARS_EXCLUDE")]
     pub exclude: Option<VecOrSingle<String>>,
 

mirrord/layer/src/error.rs

@@ -2,7 +2,7 @@ use std::{env::VarError, net::SocketAddr, ptr, str::ParseBoolError};
 
 use errno::set_errno;
 use ignore_codes::*;
-use libc::{c_char, DIR, FILE};
+use libc::{c_char, hostent, DIR, FILE};
 use mirrord_config::{config::ConfigError, feature::network::outgoing::OutgoingFilterError};
 use mirrord_protocol::{ResponseError, SerializationError};
 #[cfg(target_os = "macos")]
@@ -311,3 +311,9 @@ impl From<frida_gum::Error> for LayerError {
         LayerError::Frida(err)
     }
 }
+
+impl From<HookError> for *mut hostent {
+    fn from(_fail: HookError) -> Self {
+        ptr::null_mut()
+    }
+}

mirrord/layer/src/socket/hooks.rs

@@ -4,7 +4,7 @@ use std::{os::unix::io::RawFd, sync::LazyLock};
 
 use dashmap::DashSet;
 use errno::{set_errno, Errno};
-use libc::{c_char, c_int, c_void, size_t, sockaddr, socklen_t, ssize_t, EINVAL};
+use libc::{c_char, c_int, c_void, hostent, size_t, sockaddr, socklen_t, ssize_t, EINVAL};
 use mirrord_layer_macro::{hook_fn, hook_guard_fn};
 
 use super::ops::*;
@@ -108,6 +108,18 @@ pub(crate) unsafe extern "C" fn gethostname_detour(
         .unwrap_or_bypass_with(|_| FN_GETHOSTNAME(raw_name, name_length))
 }
 
+/// Hook for `libc::gethostbyname` (you won't find this in rust's `libc` as it's been deprecated and
+/// removed).
+///
+/// Resolves DNS `raw_name` and allocates a `static` [`libc::hostent`] that we change the inner
+/// values whenever this function is called. The address itself of `*mut hostent` has to remain the
+/// same (thus why it's a `static`).
+#[hook_guard_fn]
+unsafe extern "C" fn gethostbyname_detour(raw_name: *const c_char) -> *mut hostent {
+    let rawish_name = (!raw_name.is_null()).then(|| CStr::from_ptr(raw_name));
+    gethostbyname(rawish_name).unwrap_or_bypass_with(|_| FN_GETHOSTBYNAME(raw_name))
+}
+
 #[hook_guard_fn]
 pub(crate) unsafe extern "C" fn accept_detour(
     sockfd: c_int,
@@ -503,6 +515,14 @@ pub(crate) unsafe fn enable_socket_hooks(hook_manager: &mut HookManager, enabled
         FN_GETHOSTNAME
     );
 
+    replace!(
+        hook_manager,
+        "gethostbyname",
+        gethostbyname_detour,
+        FnGethostbyname,
+        FN_GETHOSTBYNAME
+    );
+
     #[cfg(target_os = "linux")]
     {
         // Here we replace a function of libuv and not libc, so we pass None as the .