ztunnel icon indicating copy to clipboard operation
ztunnel copied to clipboard

Published 20 hours ago verified publisher icon istio

Support for TUN interception in ztunnel

Open costinm opened this issue 3 years ago • 2 comments
trafficstars

TUN generally requires an IP stack - in go I've used lwIP and gvisor, AFAIK lwIP is also supported in Rust ( at least Rust embedded).

It is possible to use Tun without root - by setting the owner of the tun device. This is intended for running zTunnel on VMs or on Android, as well as in cases where Tproxy + eBPF are not available.

costinm avatar Nov 09 '22 19:11 costinm

TUN makes it easy to integrate with local policy routing, we can similarly use it to create TUNs in separate network namespaces for hermetic testing.

mandarjog avatar Nov 09 '22 19:11 mandarjog

Related bug: https://github.com/istio/ztunnel/issues/67 to support SOCKS.

There are quite a few 'tun 2 socks' implementations - Socks is the protocol used by Tor, and many privacy apps bridge tun to Tor. Example: https://github.com/icepa/icepa

costinm avatar Nov 09 '22 19:11 costinm