hypha: work in progress implementation of outbound internet access

2025-08-03 13:11:31 +00:00 · 2024-02-06 14:35:55 +00:00
parent 44d3799dd3
commit cfe8887c6b
18 changed files with 2102 additions and 66 deletions
--- a/container/src/init.rs
+++ b/container/src/init.rs
@ -9,6 +9,7 @@ use oci_spec::image::{Config, ImageConfiguration};
 use std::ffi::{CStr, CString};
 use std::fs;
 use std::fs::{File, OpenOptions, Permissions};
+use std::net::Ipv4Addr;
 use std::os::fd::AsRawFd;
 use std::os::linux::fs::MetadataExt;
 use std::os::unix::fs::{chroot, PermissionsExt};
@ -304,11 +305,25 @@ impl ContainerInit {
                .execute()
                .await?;

-            handle.link().set(link.header.index).up().execute().await?;
+            handle
+                .link()
+                .set(link.header.index)
+                .arp(false)
+                .up()
+                .execute()
+                .await?;
+
+            handle
+                .route()
+                .add()
+                .v4()
+                .destination_prefix(Ipv4Addr::new(0, 0, 0, 0), 0)
+                .output_interface(link.header.index)
+                .execute()
+                .await?;
        } else {
            warn!("unable to find link named {}", network.link);
        }
-
        Ok(())
    }