-
-
Notifications
You must be signed in to change notification settings - Fork 400
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] ICMP packets escapes proxy #361
Comments
Yes, this is expected. All ping requests will be responded immediately by tun2socks' netstack. |
Thank you! Is it possible to provide a cli flag to disable ICMP? As a workaround, If I set NoNewPrivileges=yes when starting the shell, ping does not work but regular connections work. But it would be good if it is blocked in the interface level. |
👍 for adding a flag to disable ICMP |
Just realized all ping requests mean, whether or not the local ip exists, the ping is successful, i.e. it is not really pinging.I think this is better as it is not leaking any local information. |
hmm, it wouldn't leak any information. In fact, the icmp packets will only reach the tun2socks network stack and be instantly replied. |
Thanks for clarifying. Feel free to close the issue if no further changes are planned. |
Verify steps
Version
latest
What OS are you seeing the problem on?
Linux
Description
Started tun2socks using below command
And moved the device to a network namespace.
Inside the namespace, all request go through
tun0
and then via socks proxy on the unix socket. Everything works as expected except forping
.ping
should either not work or go through proxy. But instead goes through host's default network stack. I am able to ping devices in local network.CLI or Config
No response
Logs
No response
How to Reproduce
Create network namespace as shown above and start a shell in the namespace.
ping a local resource. It should not be able to ping.
Other requests work just fine.
The text was updated successfully, but these errors were encountered: