Thanks chjj. Yeah it's always LD_PRELOAD. There is wireproxy [1] though that might do what you want?

throwaway894345 an hour ago | parent [-]

Correct me if I’m wrong, but if you use LD_PRELOAD, presumably it will not work for applications that circumvent libc, such as Go binaries (at least those with CGo disabled)?

▲

turblety an hour ago | parent [-]

Yeah you are right. Can you think of any way we could capture that traffic too?

	▲	yjftsjthsd-h 42 minutes ago \| parent \| next [-]
		Can you use user namespaces to create a network namespace with the VPN active and stick applications in that namespace? From a quick search, https://blog.thea.codes/nordvpn-wireguard-namespaces/ sees to have at least the bones of a decent solution, though I've not had a chance to dig very far. A lot of results use root to set up the namespace, but I was pretty sure that shouldn't be needed with a new kernel and user namespaces enabled
	▲	throwaway894345 an hour ago \| parent \| prev [-]
		I have no idea. I’ve never messed with it, but maybe something like eBPF to intercept network syscalls? Not sure if that’s a thing—especially without root access? Mostly I was just thinking the project page could use a disclaimer since, in Go, it is common to bypass libc. :shrug: This seems like a very cool, useful project though!