This report covers weekly developments in the vpnkit and associated libraries (mirage/ocaml-dns mirage/ocaml-hvsock dnssd tcpip ocaml-uri ocaml-ipaddr ocaml-uri). These form the basis of the VPNKit toolkit used to translate container network traffic into native platform socket calls on Windows and OSX.
This week mostly saw stabilisation of the transparent HTTP proxy feature in VPNKit, which has now been integrated downstream into Docker for Desktop. There is documentation on how to try it in the tree (vpnkit#231 @djs55). Since this Moby component now includes HTTP functionality, these reports also report on the additional MirageOS libraries used in this part of the stack (such as mirage/ocaml-cohttp).
Tests were added to check file description limits (vpnkit#228 @djs55) and also edge cases when the connection limits are hit (vpnkit#229 @djs55). The logging ease of debugging of the tests were also improved (vpnkit#230 @djs55). In general, testing of weird network connections remains an area where VPNKit needs help -- for example see this about unreliable wifi (vpnkit#227 @djs55).
In the DNS library, there have been a slew of releases to port the build to the faster Jbuilder (ocaml-uri#104 ocaml-uri#105 @dsheets ocaml-ipaddr#64 ocaml-ipaddr#65 @avsm). Some examples were added to the repository to show how to build static DNS services (mirage/ocaml-dns#138 [@avsm @djs55]). There will be minor releases of the Uri, Ipaddr and DNS libraries this week with these changes (ocaml-uri:v1.9.4 ocaml-ipaddr:2.8.0)
In the TCP/IP library, there is a long-running PR to support IP fragmentation (tcpip#243 @samoht). Although it has been closed due to conflicting with the current master branch, this is a good time to figure out how the IP layer should signal "dont fragment" up the stack, so that Path MTU discovery can also be implementation. We also restored some pre-2012 history to the TCP/IP library that had been lost in some Git rearrangements a few years ago, so you will need to rebase any outstanding PRs to the library ([tcpip#270).
In the Cohttp library, there is a large effort by @rgrinberg to port it to Jbuilder and smaller subcomponents. The mirage-http library that was formerly a separate component has now been merged directly back into Cohttp as part of this refactoring, in order to simplify the number of repositories we have to deal with (mirage/ocaml-cohttp#550 @rgrinberg).
Other reports in this series can be browsed directly in the repository at vpnkit:/reports.