Running websockproxy without TUN/TAP

[benjamincburns]

Discussed in https://github.com/benjamincburns/websockproxy/discussions/22

^{Originally posted by SSP6904 March 1, 2023} Hi!

I'm trying to do this in my v86 repo, along with the Docker file in the root. But it takes a while or if that's just me..

Is there a version that can deploy on GitHub actions?

Unfortunately at the moment there is no way to run websockproxy as a standalone virtual switch. At the moment, websockproxy always expects to be able to allocate and connect to a TAP device. This means that it simply won't run in unprivileged environments, such as in a docker container that's created without the --privileged flag.

It should be easy however to make websockproxy fall back to being a dumb switch in cases when it fails to allocate or access a TAP device. This will get around the need to run it in a privileged context. Unfortunately this may create new problems for some use cases, however. Specifically, setups relying on websockproxy transitively depend on the operating system and other userspace daemons to provide the following features:

• DHCP
• Hostname allocation and DNS
• NAT gateway (aka accessing the internet)

It is likely possible to bake some of these features into websockproxy directly, but I consider those to be out of scope for this ticket.