-
Notifications
You must be signed in to change notification settings - Fork 617
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[POC, DNM] Expose socks proxy (per user-v2 net, not per instance) #2782
base: master
Are you sure you want to change the base?
Conversation
Originally posted by @AkihiroSuda in #2710 (comment) |
Usage: ``` curl \ --proxy socks5h://localhost/$HOME/.lima/_networks/user-v2/user-v2_socks.sock \ 192.168.104.4 ``` This is similar to the `limactl tunnel` proposal (PR 2710). While PR 2710 creates a proxy per an instance, this commit creates a proxy per a user-v2 network. Remarks: - Only works for user-v2 networks. - DNS lookup is not implemented yet in this POC. Could be taken from https://github.com/norouter/norouter/blob/v0.6.5/pkg/agent/socks/socks.go#L57-L75 - https://github.com/cybozu-go/usocksd is a dependency hog (See the `go.mod` diff). Should be replaced with a fork or another library. Overall, PR 2710 might be better than this commit, as PR 2710 works for any network driver, does not need an additional DNS resolver, and does not incur additional `go.mod` deps. Signed-off-by: Akihiro Suda <[email protected]>
b402bdb
to
a2c4111
Compare
github.com/cybozu-go/log v1.6.1 // indirect | ||
github.com/cybozu-go/netutil v1.4.2 // indirect | ||
github.com/cybozu-go/well v1.11.0 // indirect | ||
github.com/hashicorp/hcl v1.0.0 // indirect |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
License check is failing
Not allowed license MPL-2.0 found for library github.com/hashicorp/hcl
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is in the CNCF exception list (like all the other Hashicorp libraries used by Kubernetes), so using it would be fine:
{
"package": "github.com/hashicorp/hcl",
"license": "MPL-2.0",
"comment": "not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11"
},
I have not been able to figure out1 how this makes sense from a legal point of view, that some MPL libraries are acceptable and others aren't.
Footnotes
-
Yes, including asking a former TOC member. ↩
Yes this i agree. Only QEMU slirp is not supported. We could technically replace that as well with user-v2 one itself.
True, We need some work here. We could try to connect to already present DNS resolver in gvisor-tap-vsock (gatewayIP:53) which can do the resolution required. But for some reason gonet.Dial not working against that
For socks5 alone, https://github.com/things-go/go-socks5 was working. Not much of a dependency here Am fine in going with instance model for now, later it would be great if we can bring the network level tunnels for ease of access |
Usage:
This is similar to the
limactl tunnel
proposal (PR #2710). While PR #2710 creates a proxy per an instance, this commit creates a proxy per a user-v2 network.Remarks:
go.mod
diff). Should be replaced with a fork or another library.Overall, PR #2710 might be better than this commit, as PR #2710 works for any network driver, does not need an additional DNS resolver, and does not incur additional
go.mod
deps.