Update README.md

README.md

@@ -1,14 +1,31 @@
 # Network Namespace setup using SSH SOCKS proxy
 
-Create network namespace where all¹ network requests go via ssh connection.
+Create network namespace where all¹ network requests go via socks proxy.
+
+## Dependency
+
+Depends on [tun2socks][4]. Install from [AUR][5] or compile from [source][6].
 
 ## Installing
 
 1. Install from [AUR][2].
-2. Download and install pre-built archlinux package: [link][3].
-3. For other linux, copy the files to appropriate path as done [here][4].
+2. Manual installation:
 
-## Creating new namespace
+This will install under `/usr`
+
+```sh
+sudo make install
+```
+
+Change install directory using `PREFIX`
+
+```sh
+sudo make PREFIX=/usr/local install
+```
+
+For uninstall, run `make uninstall` or `make PREFIX=<prefix> uninstall`
+
+## Type A: Use ssh to create socks proxy
 
 1. Create a simple ssh config at `/etc/nnss/<namespace_name>/config`. This will
    be included with [other settings][0].
@@ -37,7 +54,7 @@ Port 8822 # If the ssh server is not on default port 22
 ```
 
 
-## Testing namespace
+### Testing namespace
 
 ```bash
 ❯ sudo systemd-run \
@@ -66,17 +83,57 @@ xx.xx.xx.xx
        valid_lft forever preferred_lft forever
     inet6 fe80::fd64:c3f3:ce6:650c/64 scope link stable-privacy proto kernel_ll
        valid_lft forever preferred_lft forever
-
-❯
-Finished with result: success
-Main processes terminated with: code=exited, status=0/SUCCESS
-Service runtime: 1min 4.383s
-CPU time consumed: 201ms
-Memory peak: 5.7M (swap: 0B)
-IP traffic received: 3.2K sent: 1.3K
-IO bytes written: 304K
 ```
 
+## Type B: Use existing socks proxy
+
+1. Create an environment file at `/etc/nnss/env_<namespace_name>`. This file
+   should contain one environment variable `SOCKS_PROXY`. See example below
+2. [Edit][1] your application's service file to include below properties
+
+```systemd
+[Unit]
+Requires=nnssB@<namespace_name>.service
+After=nnssB@<namespace_name>.service
+[Service]
+NetworkNamespacePath=/run/netns/<namespace_name>ns
+```
+### Example
+
+Assuming tor daemon is running configured to listen on socks proxy on port 9050.
+
+```bash
+❯ sudo tee /etc/nnss/env_tor > /dev/null
+SOCKS_PROXY=socks5://127.0.0.1:9050
+```
+
+Create a shell inside tor namespace
+
+```bash
+❯ sudo systemd-run \
+    --property=NetworkNamespacePath=/run/netns/torns \
+    --property=User=$USER \
+    --property=Requires=nnssB@tor.service \
+    --property=After=nnssB@tor.service \
+    --shell
+```
+
+Quick check:
+```bash
+❯ curl --silent https://check.torproject.org | grep -E "Sorry|Congratulations"
+      Congratulations. This browser is configured to use Tor.
+```
+
+### Comparison with torsocks
+
+[torsocks][7] can be used to run a program to connect via tor. This works by
+replacing network function calls in libc using `LD_PRELOAD`.
+
+This does not work with programs not using libc functions for networking. E.g.
+go programs. Or when a sub-process is created wihtout passing down
+`LD_PRELOAD`. Network namespaces are more secure and works for any program.
+
+
 ## ¹DNS
 
 DNS by default still goes via host.
@@ -84,5 +141,7 @@ DNS by default still goes via host.
 [0]: ./ssh_config
 [1]: https://wiki.archlinux.org/title/Systemd#Editing_provided_units
 [2]: https://aur.archlinux.org/packages/nnss
-[3]: https://gitea.balki.me/balki-aur/-/packages/arch/nnss/0.1.0-1
-[4]: https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=nnss#n14
+[4]: https://github.com/xjasonlyu/tun2socks
+[5]: https://aur.archlinux.org/packages/tun2socks-git
+[6]: https://github.com/xjasonlyu/tun2socks/wiki/Install-from-Source
+[7]: https://gitlab.torproject.org/tpo/core/torsocks

tunsocks.sh

@@ -30,7 +30,7 @@ setup() {
 
 	done_cmd="sh -c 'echo DONE > \"$chan\"'"
 
-	/usr/bin/tun2socks -device "$device" -proxy "$proxy" -tun-post-up "$done_cmd" &
+	tun2socks -device "$device" -proxy "$proxy" -tun-post-up "$done_cmd" &
 	echo "$!" >"$pidfile"
 
 	read -r status <"$chan"