Mac OS version about vpn-slice HOT 11 CLOSED

the @gmacon PR works just fine for latest mac :) would be nice to have it merged, thanks for great work to both of you

from vpn-slice.

I'm not crazy about all the formatting changes ...

I'll fix that. (The answer to "Why?" is "Because I have my editor configure to do that automatically.")

What's preventing you from being able to test it?

Nothing. I just haven't done it yet.

from vpn-slice.

This would be great.
https://github.com/brona/iproute2mac appears to provide a similar interface to iproutes but major changes would need to happen to replace iptables role properly.

from vpn-slice.

I took a look at this, and I think the first step here is to change the level of the abstraction used by the os-specific layer. That is, I think there should be functions like add_route, remove_route, and so on and let the underlying command line tools be an implementation detail.

from vpn-slice.

I've now got a branch where I factored out the Linux version. I think I got a little carried away... In any case, if there are comments on the design, I'd like to hear them sooner rather than later. Note that I haven't run this code yet, so no guarantees that it works.

from vpn-slice.

@dlenski you can close this one now

from vpn-slice.

If you want to add MacOS support and submit a pull request, I'd be happy to review that. But it's not something I will work on.

I don't use MacOS or want to use MacOS. The MacOS kernel is not nearly as versatile as Linux in terms of networking capabilities, and MacOS is especially deficient in its command line routing utilities compared to Linux, in part because Apple refuses to include GPLv3 software in MacOS.

from vpn-slice.

@pmgmendes, do you want to take a crack at it?

vpn-slice uses iptables only for one very minor thing (blocking incoming traffic). Everything else is iproute2. It could be rewritten for BSD-style route, or using that iproute2 wrapper for MacOS.

I could provide advice on anything not directly related to MacOS that you might get stuck on.

from vpn-slice.

@gmacon, I agree.

Have a mock/test harness to verify and modify the routing would probably make it much easier to move to such an abstraction layer, and isolate the OS-specific parts.

from vpn-slice.

I think I got a little carried away... In any case, if there are comments on the design, I'd like to hear them sooner rather than later.

It seems pretty reasonable to me.

I'm not crazy about all the formatting changes where you replace ' with " (why? what does this do other than clutter the diffs?) and where you take…

function_calls("like", "this", with_lots_of_arguments=True, that_probably_are_longer_than_they_should_be=True)

… and change it to:

function_calls(
    "like",
    "this",
    with_lots_of_arguments=True,
    that_probably_are_longer_than_they_should_be=True
)

… since I tend to find higher code density more readable in most of these cases. But other than that it looks good.

Note that I haven't run this code yet, so no guarantees that it works.

I gave it a shot with a couple different VPNs, and it seems to work as expected. What's preventing you from being able to test it?

from vpn-slice.

🍻

from vpn-slice.