nsproxy icon indicating copy to clipboard operation
nsproxy copied to clipboard
verified publisher icon planetoryd

[Discussion]: A couple questions

Open radiumatic opened this issue 1 year ago • 6 comments

Hi, you have an amazing project.

There have been some small problems with it, but generally, it's great. I couldn't find any alternatives that used user namespaces instead of hijacking function calls (and as a result, supported UDP), and would really appreciate it if you could name some.

I was thinking of reading the code and adding some things that I like, but noticed that you use submodules instead of cargo packages, why?

And I recall using -s SERVER -p PORT in an old version, but it seems that nsproxy no longer recognizes that. What's the correct way to use it in the offhand way that proxychains-ng lets you to? i.e., nsproxy ssh Y@X.

radiumatic avatar Jul 12 '24 17:07 radiumatic

any alternatives that used user namespaces

containerization tools use user namespaces too, but there isnt such a tool specifically designed for purpose of proxying like nsproxy.

you use submodules instead of cargo packages, why?

they are not available on the registry so instead of making cargo pull the repos I'd rather make them submodules, which is better in terms of tracking code, etc. plus, I forked some of them.

What's the correct way to use it

here is the script i use daily

sproxy new -m -v -t ./config.json ./browser.sh

which creates a new namespace, -t specifies the config for the space. the command starts the .sh in the space.

and you can get a shell in the space, by sproxy node 0 run

ple1n avatar Jul 12 '24 18:07 ple1n

Where's the config docs and do you have to leave a persistent namespace on the machine?

radiumatic avatar Jul 13 '24 09:07 radiumatic

https://github.com/planetoryd/tun2socks5/blob/afe8157d4599d02a15cf47909053ed19a243bf71/src/args.rs#L38-L60

docs are in the comments. configs are straight deserialized from files

no namespaces persist across reboots iirc.

you either have anonymous namespaces that disappear as the contained processes all exit, or some namespaces mounted on paths that persist during one boot.

i pretty much have coded all the ways of doing the nsproxying thing in the repo.

ple1n avatar Jul 13 '24 13:07 ple1n

there are indeed note worthy details. like how DNS is handled, and what if your socks proxy only works with ipv6, etc.

and you might need to fix /etc/resolv.conf if the thing doesn't work, disabling sysmted-resolved and such

tip, you may bind mount a file on that path in a mount namespace, to shadow the resolv.conf, (which nsproxy may create for you)

the point of this tool is. when i initially started looking into this problem the code pasted from stackoverflow didnt work. it was close though. i worked out some details to make it work with various softwares, flatpak, appimage, etc. which are picky about the environment where they are run

ple1n avatar Jul 13 '24 13:07 ple1n

@planetoryd
Is there any version that can be used on arm64 because i want to use it on android device

doanvtamhuynh avatar Sep 06 '24 02:09 doanvtamhuynh

its up to whether your android system has network namespaces (as an optional feature of linux kernel). And if it does it needs to be ported. I'm not familiar with android systems sorry.

the tool is mostly designed with use in a quite complete installation of a desktop linux system in mind, with or without gui. in any case, its just a lot of glue code doing the dirty work interfacing the user and system, which unavoidably tends to be specific.

ple1n avatar Sep 07 '24 19:09 ple1n