Guillaume Rose

ICMP in gvproxy is broken. It is just the virtual gateway that answers to all messages. The only place I know it works, it's in vpnkit.

This regression test looks good to me. Since this project is in Java, it will be more natural to JUnit. Happy to do it if you are interested.

Thanks for your PR! Can you rebase and sign your commit ? Thanks!

Very good point! ipv6 also deserves e2e tests I guess.

1. The UDP forwarder uses connection tracking. It keeps the forwarding opened for 90s. If you run your loop, wait for 90s, you should see go routines count come back...

@codomania it looks good, thanks! @dimalinux I took the same code as dockerd, I bet it is ok. You can take a look at the code: https://github.com/containers/gvisor-tap-vsock/blob/main/pkg/services/forwarder/udp_proxy.go (taken from https://github.com/moby/moby/blob/master/cmd/docker-proxy/udp_proxy.go)

No, not anymore but it was working fine. A user tested it also with success.

Yes good idea. We could do that with a certificate that can be mounted in the VM.

> What do you think about adding functionality to create unix sockets on VMs that route to services? It would imply something new in the VM to handle that no?...

You can think about the port forwarder like a nginx reverse proxy and the VM like a http backend. The reverse proxy doesn't know the state of the backend without...