darwin nat implementation #298
Conversation
zolia
force-pushed
the
feature/MYST-641-darwin-nat-support
branch
2 times, most recently
from
9af81a0
to
91e79b9
Compare
nat/service_pfctl.go
Outdated
| } | ||
|
|
||
| func (service *servicePFCtl) disableRules() { | ||
| arguments := fmt.Sprintf("/sbin/pfctl -a nat-anchor:myst -F nat") |
There was a problem hiding this comment.
No arguments, do You really need to format it?
nat/service_pfctl.go
Outdated
| return err | ||
| } | ||
| natRule := fmt.Sprintf("nat on %v inet from %v to any -> %v", iface, rule.SourceAddress, rule.TargetIP) | ||
| arguments := fmt.Sprintf("echo \"%v\" | /sbin/pfctl -vEf -", natRule) |
There was a problem hiding this comment.
Could could be just /sbin/pfctl -vE -f %s?
There was a problem hiding this comment.
no, its input from stdin (-)
nat/service_pfctl.go
Outdated
| } | ||
|
|
||
| func (service *servicePFCtl) disableRules() { | ||
| arguments := fmt.Sprintf("/sbin/pfctl -F nat") |
There was a problem hiding this comment.
Sprintf is redundant, because there aren't variables
nat/service_pfctl.go
Outdated
| cmd := exec.Command( | ||
| "sh", | ||
| "-c", | ||
| arguments, |
There was a problem hiding this comment.
Looks like sub-command quoting is missing, is not it?
nat/service_pfctl.go
Outdated
| } | ||
| } | ||
| } | ||
| return "undefined", nil |
nat/service_pfctl.go
Outdated
| return | ||
| } | ||
|
|
||
| cmd := utils.SplitCommand("/usr/sbin/sysctl", "-w net.inet.ip.forwarding=0") |
There was a problem hiding this comment.
Looks like duplicated code, could be DRY'ied
There was a problem hiding this comment.
its not, different path of command and different arguments.
nat/service_pfctl.go
Outdated
| if output, err := cmd.CombinedOutput(); err != nil { | ||
| if !strings.Contains(string(output), natRule) { | ||
| log.Warn("Failed to create pfctl rule: ", cmd.Args, " Returned exit error: ", err.Error(), " Cmd output: ", string(output)) | ||
| log.Flush() |
There was a problem hiding this comment.
What is so special about your logs, that you flush it?
There was a problem hiding this comment.
There is no need to flush logs on every step. Flushing is done on main package just before program exiting
zolia
force-pushed
the
feature/MYST-641-darwin-nat-support
branch
2 times, most recently
from
960725f
to
2aa9e30
Compare
Waldz
force-pushed
the
feature/MYST-641-darwin-nat-support
branch
from
2aa9e30
to
3148ca4
Compare
zolia
force-pushed
the
feature/MYST-641-darwin-nat-support
branch
from
3148ca4
to
2aa9e30
Compare
Waldz
force-pushed
the
feature/MYST-641-darwin-nat-support
branch
from
2aa9e30
to
db5642e
Compare
Signed-off-by: Waldz <valdas@mysterium.network>
Waldz
force-pushed
the
feature/MYST-641-darwin-nat-support
branch
from
db5642e
to
f51efd0
Compare
Client still has to be on different machine.
This is due to 10.8.0.0/24 subnet clash. That is server wants to tunnel it through utun1, but client would need to tunnel it through utun2, but cannot do it since route already exists.