[Discussion]: A couple questions

planetoryd / nsproxy

Kernel-namespaces-based alternative to proxychains.

28 stars 0 forks source link

[Discussion]: A couple questions #1

Open radiumatic opened 1 month ago

radiumatic commented 1 month ago

Hi, you have an amazing project.

There have been some small problems with it, but generally, it's great. I couldn't find any alternatives that used user namespaces instead of hijacking function calls (and as a result, supported UDP), and would really appreciate it if you could name some.

I was thinking of reading the code and adding some things that I like, but noticed that you use submodules instead of cargo packages, why?

And I recall using -s SERVER -p PORT in an old version, but it seems that nsproxy no longer recognizes that. What's the correct way to use it in the offhand way that proxychains-ng lets you to? i.e., nsproxy ssh Y@X.

planetoryd commented 1 month ago

any alternatives that used user namespaces

containerization tools use user namespaces too, but there isnt such a tool specifically designed for purpose of proxying like nsproxy.

you use submodules instead of cargo packages, why?

they are not available on the registry so instead of making cargo pull the repos I'd rather make them submodules, which is better in terms of tracking code, etc. plus, I forked some of them.

What's the correct way to use it

here is the script i use daily

sproxy new -m -v -t ./config.json ./browser.sh

which creates a new namespace, -t specifies the config for the space. the command starts the .sh in the space.

and you can get a shell in the space, by sproxy node 0 run

radiumatic commented 1 month ago

Where's the config docs and do you have to leave a persistent namespace on the machine?

planetoryd commented 1 month ago

https://github.com/planetoryd/tun2socks5/blob/afe8157d4599d02a15cf47909053ed19a243bf71/src/args.rs#L38-L60

docs are in the comments. configs are straight deserialized from files

no namespaces persist across reboots iirc.

you either have anonymous namespaces that disappear as the contained processes all exit, or some namespaces mounted on paths that persist during one boot.

i pretty much have coded all the ways of doing the nsproxying thing in the repo.

planetoryd commented 1 month ago

there are indeed note worthy details. like how DNS is handled, and what if your socks proxy only works with ipv6, etc.

and you might need to fix /etc/resolv.conf if the thing doesn't work, disabling sysmted-resolved and such

tip, you may bind mount a file on that path in a mount namespace, to shadow the resolv.conf, (which nsproxy may create for you)

the point of this tool is. when i initially started looking into this problem the code pasted from stackoverflow didnt work. it was close though. i worked out some details to make it work with various softwares, flatpak, appimage, etc. which are picky about the environment where they are run