Mathieu Virbel
9cb65151ee
Remove the built-in HTTP/SOCKS5 proxy servers and domain allowlist/denylist system. Instead, use tun2socks with a TUN device inside the network namespace to transparently route all TCP/UDP traffic through an external SOCKS5 proxy. This enables truly transparent proxying where any binary (Go, static, etc.) has its traffic routed through the proxy without needing to respect HTTP_PROXY/ALL_PROXY environment variables. The external proxy handles its own filtering. Key changes: - NetworkConfig: remove AllowedDomains/DeniedDomains/proxy ports, add ProxyURL - Delete internal/proxy/, internal/templates/, internal/importer/ - Embed tun2socks binary (downloaded at build time via Makefile) - Replace LinuxBridge with ProxyBridge (single Unix socket to external proxy) - Inner script sets up TUN device + tun2socks inside network namespace - Falls back to env-var proxying when TUN is unavailable - macOS: best-effort env-var proxying to external SOCKS5 proxy - CLI: remove --template/import, add --proxy flag - Feature detection: add ip/tun/tun2socks status to --linux-features
35 lines
367 B
Plaintext
35 lines
367 B
Plaintext
# Binary (only at root, not cmd/fence or pkg/fence)
|
|
/fence
|
|
/fence_*
|
|
/fence-*
|
|
|
|
# Tar archives
|
|
*.tar.gz
|
|
|
|
# OS files
|
|
.DS_Store
|
|
Thumbs.db
|
|
|
|
# IDE
|
|
.idea/
|
|
.vscode/
|
|
*.swp
|
|
*.swo
|
|
|
|
# Test artifacts
|
|
*.test
|
|
coverage.out
|
|
|
|
# GoReleaser
|
|
/dist/
|
|
|
|
# Benchmark results
|
|
/benchmarks/
|
|
*.prof
|
|
cpu.out
|
|
mem.out
|
|
|
|
# Embedded binaries (downloaded at build time)
|
|
internal/sandbox/bin/tun2socks-*
|
|
|