-
Notifications
You must be signed in to change notification settings - Fork 229
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Embed lokinet #2145
Comments
we are currently fixing up the internals right now ( #2141 #2119 ) but the public C api for embedded lokinet is currently defined in C headers: https://github.com/oxen-io/lokinet/tree/dev/include/ ( |
Thanks, I've taken a look at it. |
currently we dont have an API defined for configuration. it's all running with a set of predefined ephemeral defaults. additionally, the UDP api is very likely to change entirely. |
i'll keep this open as a stub issue |
Hello, I've been lately experimenting with adding embedded lokinet to a rust app with C-bindings, repo is here. As a POC, I want to create a lokinet stream, I first start by creating a new context with I tried different branches |
we have a draft pr for fixing some internals in embedded lokinet, see #2141 |
additionally, lokinet is licensed GPL3 (not LGPL3) at the moment. i dont think apache 2 is a compatible license for your rust lib. just a heads up. |
How about adding lokinet support to tun2proxy ? I'm still working on that per-app-vpn problem. I will use tun2proxy as a component of netns-proxy |
On Tuesday, August 29, 2023 5:45:01 AM EDT plein wrote:
How about adding lokinet support to
[tun2proxy](tun2proxy/tun2proxy#59) ?
I'm still working on that per-app-vpn problem. I will use tun2proxy as a
component of netns-proxy
this looks nice, however i am of two minds on this.
baking it into lokinet process itself feels like a bad idea from the tech debt
perspective. we discussed something around this internally about splitting up
lokinet into 2 processes, the lokinet core procsess which does all the non
privileged functionality (basically everthing that is not the tun interface)
and the tun interface or whatever interface you want to provide. the
privileged process would spawn the lokinet core process as a subprocess and
read and write ip packets as if it was a tun interface, along with commands
for name resolution and other controls and events.
using something like gvisor's netstack (golang library) for the userland proxy
layer feels like a better choice than some rust library as golang has the a
lot of effort put into it to make it work on everything (including the apple
hellscape). the amount that it works on iOS is unclear however, but no matter
what you do on iOS it's a nightmare so picking your demons on that is wise.
the changes to lokinet core wouldn't be that big, we would need to:
1. allow specifying at runtime that the process use a specific file descriptor
for the tun fd and another for name resolution
2. bring back configuration via env vars. (idk why that was removed it was
great)
3. write a bunch of docs on how it works and write a version that does TUN/DNS
and a version that does socks5.
…--
~jeff
|
Hello, Some example avaible for https://github.com/oxen-io/lokinet/tree/dev/include/lokinet ? :3 |
is there any update on this. so i finally got the arcane knowledge about that per-app-vpn niche, namespaces, mounts, etc. I was writing a ton of bloat. The per-app-vpn (with cases like proxychained Tor + another proxy) should be handled by systemd, which I just started reading about, which gets hate idk. up to now there is no accessible tool for It should be possible to do all these things with user namespaces, passing fds, mounts, w/o root. It means proxychains should not exist. It's also a better solution than opensnitch, or whatever per-app-routing-firewall, which is bloated therefore insecure, which has python, golang and stuff. there is no reliable (paranoid-level, or is it really paranoid ?) per-app-vpn tooling on android, either. |
From here, this still seems like a work in progress.
Is there any current api to integrate lokinet and use it in another program without the need for virtual interface?
The text was updated successfully, but these errors were encountered: