fix: add SOCKS5 auth, DNS bridge, and TUN capability support

Three issues prevented transparent proxying from working end-to-end: 1. bwrap dropped CAP_NET_ADMIN before exec, so ip tuntap/link commands failed inside the sandbox. Add --cap-add CAP_NET_ADMIN and CAP_NET_BIND_SERVICE when transparent proxy is active. 2. tun2socks only offered SOCKS5 no-auth (method 0x00), but many proxies (e.g. gost) require username/password auth (method 0x02). Pass through credentials from the proxy URL so tun2socks offers both auth methods. 3. DNS resolution failed because UDP DNS needs SOCKS5 UDP ASSOCIATE which most proxies don't support. Add --dns flag and DnsBridge that routes DNS queries from the sandbox through a Unix socket to a host-side DNS server. Falls back to TCP relay through the tunnel when no --dns is set. Also brings up loopback interface (ip link set lo up) inside the network namespace so socat can bind to 127.0.0.1.
2026-02-10 14:57:56 -06:00
parent 9cb65151ee
commit 481616455a
5 changed files with 219 additions and 19 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -27,6 +27,7 @@ type Config struct {
 // NetworkConfig defines network restrictions.
 type NetworkConfig struct {
 	ProxyURL            string   `json:"proxyUrl,omitempty"`            // External SOCKS5 proxy (e.g. socks5://host:1080)
+	DnsAddr             string   `json:"dnsAddr,omitempty"`             // DNS server address on host (e.g. localhost:3153)
 	AllowUnixSockets    []string `json:"allowUnixSockets,omitempty"`
 	AllowAllUnixSockets bool     `json:"allowAllUnixSockets,omitempty"`
 	AllowLocalBinding   bool     `json:"allowLocalBinding,omitempty"`
@@ -196,6 +197,11 @@ func (c *Config) Validate() error {
 			return fmt.Errorf("invalid network.proxyUrl %q: %w", c.Network.ProxyURL, err)
 		}
 	}
+	if c.Network.DnsAddr != "" {
+		if err := validateHostPort(c.Network.DnsAddr); err != nil {
+			return fmt.Errorf("invalid network.dnsAddr %q: %w", c.Network.DnsAddr, err)
+		}
+	}

 	if slices.Contains(c.Filesystem.AllowRead, "") {
 		return errors.New("filesystem.allowRead contains empty path")
@@ -261,6 +267,16 @@ func validateProxyURL(proxyURL string) error {
 	return nil
 }

+// validateHostPort validates a host:port address.
+func validateHostPort(addr string) error {
+	// Must contain a colon separating host and port
+	host, port, found := strings.Cut(addr, ":")
+	if !found || host == "" || port == "" {
+		return errors.New("must be in host:port format (e.g. localhost:3153)")
+	}
+	return nil
+}
+
 // validateHostPattern validates an SSH host pattern.
 // Host patterns are more permissive than domain patterns:
 // - Can contain wildcards anywhere (e.g., prod-*.example.com, *.example.com)
@@ -385,8 +401,9 @@ func Merge(base, override *Config) *Config {
 		AllowPty: base.AllowPty || override.AllowPty,

 		Network: NetworkConfig{
-			// ProxyURL: override wins if non-empty
+			// ProxyURL/DnsAddr: override wins if non-empty
 			ProxyURL: mergeString(base.Network.ProxyURL, override.Network.ProxyURL),
+			DnsAddr:  mergeString(base.Network.DnsAddr, override.Network.DnsAddr),

 			// Append slices (base first, then override additions)
 			AllowUnixSockets: mergeStrings(base.Network.AllowUnixSockets, override.Network.AllowUnixSockets),