[POC, DNM] Expose socks proxy (per user-v2 net, not per instance)#2782
[POC, DNM] Expose socks proxy (per user-v2 net, not per instance)#2782AkihiroSuda wants to merge 1 commit intolima-vm:masterfrom
Conversation
Originally posted by @AkihiroSuda in #2710 (comment) |
Usage: ``` curl \ --proxy socks5h://localhost/$HOME/.lima/_networks/user-v2/user-v2_socks.sock \ 192.168.104.4 ``` This is similar to the `limactl tunnel` proposal (PR 2710). While PR 2710 creates a proxy per an instance, this commit creates a proxy per a user-v2 network. Remarks: - Only works for user-v2 networks. - DNS lookup is not implemented yet in this POC. Could be taken from https://github.com/norouter/norouter/blob/v0.6.5/pkg/agent/socks/socks.go#L57-L75 - https://github.com/cybozu-go/usocksd is a dependency hog (See the `go.mod` diff). Should be replaced with a fork or another library. Overall, PR 2710 might be better than this commit, as PR 2710 works for any network driver, does not need an additional DNS resolver, and does not incur additional `go.mod` deps. Signed-off-by: Akihiro Suda <[email protected]>
AkihiroSuda
force-pushed
the
user-v2-socks
branch
from
b402bdb to
a2c4111
Compare
| github.com/cybozu-go/log v1.6.1 // indirect | ||
| github.com/cybozu-go/netutil v1.4.2 // indirect | ||
| github.com/cybozu-go/well v1.11.0 // indirect | ||
| github.com/hashicorp/hcl v1.0.0 // indirect |
There was a problem hiding this comment.
License check is failing
Not allowed license MPL-2.0 found for library github.com/hashicorp/hcl
There was a problem hiding this comment.
It is in the CNCF exception list (like all the other Hashicorp libraries used by Kubernetes), so using it would be fine:
{
"package": "github.com/hashicorp/hcl",
"license": "MPL-2.0",
"comment": "not auto-allowlist because: Non-allowlist license(s); approved by GB exception 2019-03-11"
},I have not been able to figure out1 how this makes sense from a legal point of view, that some MPL libraries are acceptable and others aren't.
Footnotes
-
Yes, including asking a former TOC member. ↩
Yes this i agree. Only QEMU slirp is not supported. We could technically replace that as well with user-v2 one itself.
True, We need some work here. We could try to connect to already present DNS resolver in gvisor-tap-vsock (gatewayIP:53) which can do the resolution required. But for some reason gonet.Dial not working against that
For socks5 alone, https://github.com/things-go/go-socks5 was working. Not much of a dependency here Am fine in going with instance model for now, later it would be great if we can bring the network level tunnels for ease of access |
3 participants
Usage:
This is similar to the
limactl tunnelproposal (PR #2710). While PR #2710 creates a proxy per an instance, this commit creates a proxy per a user-v2 network.Remarks:
go.moddiff). Should be replaced with a fork or another library.Overall, PR #2710 might be better than this commit, as PR #2710 works for any network driver, does not need an additional DNS resolver, and does not incur additional
go.moddeps.