On 2/21/2018 7:53 PM, Damien Miller wrote:
Yeah, IMO it would be better to write a small userspace NAT helper e.g.
using IPPROTO_DIVERT that proxied things via SOCKS (assuming someone
hasn't already done this).
I haven't used them, but they exist:
https://github.com/darkk/redsocks
https://github.com/cybozu-go/transocks
These use tun, but achieve a similar goal:
https://github.com/normanr/socks-tun
https://github.com/ambrop72/badvpn/wiki/Tun2socks
The LD_PRELOAD method can intercept getaddrinfo()/gethostbyname() to
handle name resolution on a per-process basis, which is an advantage to
that method (dsocks does this).
Of course as OpenSSH doesn't implement the UDP interfaces of SOCKS5,
that limits what any client can do (although tun2socks has a UDP gateway
to work around this).
--
Carson Gaspar
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
