| ▲ | turblety 4 hours ago |
| Nice, I love WireGuard. I ended up building WrapGuard [1] to run applications without root access to the host and choose Go to write it in. I don't really know Rust, but does it make more sense for firmware/networking type software? Is there even a difference? 1. https://github.com/puzed/wrapguard |
|
| ▲ | jpeeler an hour ago | parent | next [-] |
| Very cool. I may use this, but also curious what the best choice would be if you don't need encryption. I'm specifically wanting to enable some local container networking using apple's new container tool [1]. I know I could just use Docker... [1] https://github.com/apple/container/issues/670 |
|
| ▲ | skylurk 4 hours ago | parent | prev | next [-] |
| Pick the devil you know, as they say. |
|
| ▲ | chjj 2 hours ago | parent | prev | next [-] |
| Very cool project. Is it always an LD_PRELOAD or can it function as a standalone SOCKS proxy similar to wireproxy? |
| |
| ▲ | turblety 2 hours ago | parent [-] | | Thanks chjj. Yeah it's always LD_PRELOAD. There is wireproxy [1] though that might do what you want? 1. https://github.com/whyvl/wireproxy | | |
| ▲ | throwaway894345 an hour ago | parent [-] | | Correct me if I’m wrong, but if you use LD_PRELOAD, presumably it will not work for applications that circumvent libc, such as Go binaries (at least those with CGo disabled)? | | |
| ▲ | turblety an hour ago | parent [-] | | Yeah you are right. Can you think of any way we could capture that traffic too? | | |
| ▲ | yjftsjthsd-h 37 minutes ago | parent | next [-] | | Can you use user namespaces to create a network namespace with the VPN active and stick applications in that namespace? From a quick search, https://blog.thea.codes/nordvpn-wireguard-namespaces/ sees to have at least the bones of a decent solution, though I've not had a chance to dig very far. A lot of results use root to set up the namespace, but I was pretty sure that shouldn't be needed with a new kernel and user namespaces enabled | |
| ▲ | throwaway894345 41 minutes ago | parent | prev [-] | | I have no idea. I’ve never messed with it, but maybe something like eBPF to intercept network syscalls? Not sure if that’s a thing—especially without root access? Mostly I was just thinking the project page could use a disclaimer since, in Go, it is common to bypass libc. :shrug: This seems like a very cool, useful project though! |
|
|
|
|
|
| ▲ | unrealhoang 4 hours ago | parent | prev | next [-] |
| from TFA, the main advantage would be for embedded (as a library) use case, FFI with Go is harder. |
|
| ▲ | maxmcd 3 hours ago | parent | prev [-] |
| I believe you are making use of gVisor’s userspace TCP implementation. I’m not sure if there is something similar in Rust that would be so easy to set up like this. |
| |
