nlzy/nsproxy
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|
Repository files navigation
nsproxy ==================== nsproxy (namespace proxy) is a Linux-specific command-line tool, makes applications force to use a specific SOCKS5 or HTTP proxy. Functionally similar to tsocks / proxychains-ng / graftcp, but using a totally different mechanism. It create a TUN device and launch applications in a fresh network_namespace, then connect the TUN device to a user-mode TCP/IP stack and redirect connections through proxy server outside the namespace. Benefiting from the namespace mechanism, it doesn't require any privilege, and will not affect other processes. It has the following features: - Support SOCKS5 / HTTP proxy protocols. - Support TCP / UDP protocols. - Built-in DNS redirection. - Works perfectly on static linked applications. - No privilege required. BUILD ---------- cmake -S . -B build -DCMAKE_BUILD_TYPE=Release cmake --build build cmake --install build # optional, required root privilege USAGE ---------- nsproxy [-H] [-s <server>] [-p <port>] [-d <dns>] [-v|-q] <command> Examples: # Use socks5 proxy nsproxy curl http://example.com # Use http proxy nsproxy -H curl http://example.com # Specify a custom proxy server and port nsproxy -s 192.168.1.100 -p 8888 curl http://example.com Options: -H Use http proxy, not socks5. Note: UDP is **NOT** supported in http proxy. UDP packets will drop and got an ICMP port unreachable message. -s <server> Proxy server address. Default value is "127.0.0.1" -p <port> Proxy server port. Default value is "1080" for socks, "8080" for http -d <dns> DNS redirect, allow following options: -d off Do nothings on DNS, treat as normal UDP packets. -d tcp://<nameserver_ipaddress> Redirect DNS requests to specified TCP nameserver. -d udp://<nameserver_ipaddress> Redirect DNS requests to specified UDP nameserver. Default value is "tcp://1.1.1.1" -v Verbose mode. Use "-vv" or "-vvv" for more verbose. -q Be quiet. LIMITATIONS ---------- All UIDs and GIDs except the current user's are mapped to the overflow UID/GID. This means programs like sudo or su will not work. It's unable to establish a connection to the inside from the outside. This means programs listening a port like apache or nginx will not work. Connections to loopback addresses (127.0.0.1) refer to the inside of the namespace, not the host. TODO ---------- - IPv6 - fullcone NAT CREDITS ---------- lwip - A Lightweight TCP/IP stack https://savannah.nongnu.org/projects/lwip/ slirp4netns - User-mode networking for unprivileged network namespaces https://github.com/rootless-containers/slirp4netns LICENSE ---------- Copyright (C) 2023 NaLan ZeYu <nalanzeyu@gmail.com> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.