ziti-tunnel fails to notice newly-available services

[qrkourier]

If I create or authorize a service while ziti-tunnel tproxy is running there are no intercepts in IPtables until I restart the tunneler.

[qrkourier]

❯ ~/.config/ziti/bin/ziti-tunnel version
v0.15.2

[scareything]

Does this happen in a MOP-managed network or pure ziti? I have seen this when running under MOP, but not ziti.

[dovholuknf]

needs ziti-specific steps to reproduce too :) pls.

[ekoby]

ziti-tunnel does not use SDK options.OnServiceChange callback and is doing it's own polling which does not catch permission/config changes.

[qrkourier]

Possibly related, ziti-tunnel proxy fails to notice newly-available services for hosting . I am running ziti-tunnel proxy dummySvc:8080 where dummySvc does not exist. This is because the identity is only intended for hosting services. Related feature request.

[plorenz]

ziti-tunnel is now using the OnServiceChange callback. It's also now reacting to changes to hosted services. If a hosted services is change the service will be stopped and restarted with the new configuration. If you still see problems, please re-open.

[qrkourier]

@plorenz I'm able to reproduce this when running ziti-tunnel host v0.20.0.

Expectation: adding a new identity role to a bind SP or creating a new bind SP should cause ziti-tunnel host to begin hosting the newly-available services.

Observation: the newly-available services are only hosted after restarting ziti-tunnel host.

[plorenz]

Host and proxy modes in ziti-tunnel don't poll for services unless a service poll interval is explicitly specified. Host mode should poll normally and documentation should be added for proxy mode to make this known.