childflow 0.6.0

A per-command-tree network sandbox for Linux
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

// Copyright (c) 2026 Blacknon. All rights reserved.
// Use of this source code is governed by an MIT license
// that can be found in the LICENSE file.

#[cfg(test)]
pub mod env;
pub mod rootful_tproxy;
pub mod rootless_relay;
#[cfg(test)]
pub mod types;

use anyhow::Result;

use crate::cli::Cli;
use crate::network::NetworkBackend;

pub use rootful_tproxy::TproxyHandle;

pub enum ProxyPlan {
    RootfulTransparent(rootful_tproxy::TransparentProxyPlan),
    RootlessRelay(rootless_relay::RootlessRelayProxyPlan),
}

impl ProxyPlan {
    pub fn from_cli(cli: &Cli) -> Result<Option<Self>> {
        if cli.proxy.is_none() {
            return Ok(None);
        }

        match cli.selected_backend() {
            NetworkBackend::Rootful => {
                Ok(rootful_tproxy::TransparentProxyPlan::from_cli(cli)
                    .map(Self::RootfulTransparent))
            }
            NetworkBackend::RootlessInternal => Ok(Some(Self::RootlessRelay(
                rootless_relay::RootlessRelayProxyPlan::from_cli(cli)?,
            ))),
        }
    }

    pub fn child_env(&self) -> Vec<(String, String)> {
        match self {
            Self::RootfulTransparent(_) => Vec::new(),
            Self::RootlessRelay(_) => Vec::new(),
        }
    }

    pub fn transparent_rootful(&self) -> Option<&rootful_tproxy::TransparentProxyPlan> {
        match self {
            Self::RootfulTransparent(plan) => Some(plan),
            Self::RootlessRelay(_) => None,
        }
    }

    pub fn rootless_upstream(&self) -> Option<&rootless_relay::ProxyUpstreamConfig> {
        match self {
            Self::RootfulTransparent(_) => None,
            Self::RootlessRelay(plan) => Some(plan.upstream()),
        }
    }
}