Open balki opened 1 month ago
Yes, this is expected. All ping requests will be responded immediately by tun2socks' netstack.
Thank you! Is it possible to provide a cli flag to disable ICMP?
As a workaround, If I set NoNewPrivileges=yes when starting the shell, ping does not work but regular connections work. But it would be good if it is blocked in the interface level.
👍 for adding a flag to disable ICMP
All ping requests will be responded immediately by tun2socks' netstack.
Just realized all ping requests mean, whether or not the local ip exists, the ping is successful, i.e. it is not really pinging.I think this is better as it is not leaking any local information.
hmm, it wouldn't leak any information. In fact, the icmp packets will only reach the tun2socks network stack and be instantly replied.
Thanks for clarifying. Feel free to close the issue if no further changes are planned.
Verify steps
Version
latest
What OS are you seeing the problem on?
Linux
Description
Started tun2socks using below command
And moved the device to a network namespace.
Inside the namespace, all request go through
tun0
and then via socks proxy on the unix socket. Everything works as expected except forping
.ping
should either not work or go through proxy. But instead goes through host's default network stack. I am able to ping devices in local network.CLI or Config
No response
Logs
No response
How to Reproduce
Create network namespace as shown above and start a shell in the namespace.
ping a local resource. It should not be able to ping.
Other requests work just fine.