onetun
systemd
Our great sponsors
onetun | systemd | |
---|---|---|
9 | 495 | |
794 | 12,294 | |
- | 1.7% | |
7.6 | 10.0 | |
3 months ago | 7 days ago | |
Rust | C | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
onetun
-
A userspace WireGuard client that exposes itself as a proxy
Plug for my own similar project: https://github.com/aramperes/onetun
Though admittedly, mine doesn't have SOCKS support, and the code is not as lean as yours!
Sure, essentially it's a TCP and UDP server that:
- receives connections and assigns a random internal port for it
- wraps the data packets in a transport packet (TCP/UDP)
- wraps the transport in an IP packet that's routed from the internal port and to the remote WireGuard address
- wraps that with WireGuard's protocol (encryption)
- sends off the encrypted packet to the WireGuard UDP endpoint
The packet-wrapping and state machine for the connection is implemented using smoltcp in Rust, which is similar to netstack in Go
The WireGuard encapsulation and state machine is implemented with boringtun, Cloudflare's implementation of the WireGuard client in Rust.
I do have a more thorough architecture explanation in the Readme: https://github.com/aramperes/onetun#architecture
- Show HN: Onetun, a cross-platform WireGuard port-forwarder
-
onetun: Cross-platform, user-space WireGuard port-forwarder
It's in the plans! I'm going to finish UDP support and multi-port forwarding first and then I'll get to it: https://github.com/aramperes/onetun/issues/6
systemd
-
X.org Server Clears Out Remnants for Supporting Old Compilers
- Mysterious PID1 crash related to timedatectl, resolved by replacing /etc/localtime with a regular file instead of symlink (to a file on same FS). How do you strace PID1 to get some idea what's going on? You don't. Good thing timezone management needs to be part of init!
- Mysterious issue in resolvectl, some sort of race condition, 2-year old bug report https://github.com/systemd/systemd/issues/22775 - at least you actually don't have to use this one.
And those are just the two that I've had to spend hours on in the past few years.
Not using systemd is barely a choice, even if you don't use systemd itself you nearly have to use things which are designed in exactly the same bad ways (polkit, systemd-udevd), there are several (negative) changes which even systemd-resistant distros have adopted for conformity which were first driven by systemd, lots of software has completely removed their provided init-scripts and replaced them with systemd unit files only so you have to write your own or go dig it up from the git history...
Oh and it's extremely brittle and one little piece breaking means you can't boot at all, not even in single user, since everything is jammed into PID1... so good luck even examining what's going on.
I could go on but of course you've already seen and chosen to ignore any argument I could make.
-
Ask HN: Who wants to be hired? (February 2024)
Hi HN! I'm a Linux security engineer looking for work on Open Source software. I've done some security work in the Linux Kernel (containerization primitives), in systemd as well as some work on Secure Boot.
Notably I've implemented auto-enrollment of secure boot keys in systemd. See (https://github.com/systemd/systemd/pull/20255 & https://lpc.events/event/16/contributions/1259/).
Lately, I've been very interested in MicroVMs and minimizing the Linux Kernel attack surface.
Message me if any of that sounds interesting!
-
New Renderers for GTK
The xdg-portal attempt was misguided and I don't beleive anyone is pursuing it at this point. Ideally drm-leasing would be managed by the login manager, allowing multiple compositors to lease connectors and run independently on other monitors, as well as being used for VR headsets. https://github.com/systemd/systemd/issues/29078.
Sidenote: I hacked the wayland protocol implementation for gnome into working at least for SteamVR, but at least with AMD gpus there is some serious bug preventing the card from performing properly. It basically throttles itself for no reason and never hits the refresh rates needed for smooth VR, especially since there is no asynchronous reprojection at the moment. So while ideally the drm-leasing problem would be solved already there are other even more important problems to solve with linux VR for now.
-
A Suprising Discovery Inside the Steam Deck's APU
> It is very hardware dependent.
NVIDIA GPUs definitely make things more difficult, at least in the suspend-then-hibernate case. Here's where I reported a hacky workaround:
https://forums.developer.nvidia.com/t/systemds-suspend-then-...
See also:
https://github.com/systemd/systemd/issues/27559
NVIDIA kinda sorta just doesn't give a shit, unfortunately.
-
Why would you still want to use strace in 2023? [video]
> You'll still care that you can write that file, right?
Sometimes you don't need it.
systemd itself just checks that `/etc/initrd-release` exists and runs in initrd mode changing its default target to boot into (IIRC you can also manually change the default target to `initrd.target` in the initrd, but this way the default systemd vendored files don't need to be touched).
https://github.com/systemd/systemd/blob/7f13af72f89452950226...
-
Systemd through the eyes of a musl distribution maintainer
I generally embrace systemd and have been pretty happy with it but there's one component which simply doesn't work correctly and that's systemd-resolved in combination with DNSSEC. I eventually had to replace it with Knot Resolver which works flawlessly on the same machine / network.
There's a willingness from the systemd devs to start incorporating Rust into it, possibly quite soon: https://github.com/systemd/systemd/pull/19598
uint8_t signature[8]; /* "LPKSHHRH" */
== Lennart Poettering, Kay Siver, Harald Hoyer, Red Hat
I don't know the details but I heard at some point Kay and Lennart had a falling out within the project. By the time I got involved in journald development @ CoreOS, neither Kay nor Harald were visibly participating anymore... It was kind of annoying, as it left just Lennart to review any journald PRs, who was obviously busy, but eventually got around to it. I think it's worth noting that despite being the person who receives all the systemd hate, Lennart didn't promptly abandon maintenance of the project after getting installed everywhere.
[0] https://github.com/systemd/systemd/blob/v255/src/libsystemd/...
-
Earlyoom – Early OOM Daemon for Linux
Or systemd's systemd-oomd https://github.com/systemd/systemd/pull/15206
The answer for both of those is "if you're unfortunate enough to be running a 2.6 kernel linux server from 2005, then you can't use cgroupsv2 and thus can't use oomd or systemd-oomd".
-
Systemd's new blue screen of death (systemd-bsod)
Ok? I never said he wasn't involved, but he didn't create this tool. And for your info, he wasn't the only systemd developer that was involved as well. But of course, you immediatly started throwing a tantrum at just reading his name because all you can whine about is how systemd is the source of all evil and Poettering is the devil!
What are some alternatives?
openrc - The OpenRC init system
tini - A tiny but valid `init` for containers
inotify-tools - inotify-tools is a C library and a set of command-line programs providing a simple interface to inotify.
s6 - The s6 supervision suite.
earlyoom - earlyoom - Early OOM Daemon for Linux
supervisor - Supervisor process control system for Unix (supervisord)
dracut - dracut the event driven initramfs infrastructure
elogind - The systemd project's "logind", extracted to a standalone package
Fildem - Fildem global menu
zfs - OpenZFS on Linux and FreeBSD
preload - preload is an adaptive readahead daemon that prefetches files mapped by applications from the disk to reduce application startup time.
tunsocks - User-level IP forwarding, SOCKS proxy, and HTTP proxy for VPNs that provide tun-like interface