sandbox_runtime/manager/
network.rs

1//! Network initialization and management.
2
3use crate::config::NetworkConfig;
4use crate::error::SandboxError;
5use crate::proxy::{DomainFilter, HttpProxy, Socks5Proxy};
6
7/// Initialize network proxies.
8pub async fn initialize_proxies(
9    config: &NetworkConfig,
10) -> Result<(HttpProxy, Socks5Proxy), SandboxError> {
11    // Create domain filter from config
12    let filter = DomainFilter::from_config(config);
13
14    // Get MITM socket path if configured
15    let mitm_socket_path = config.mitm_proxy.as_ref().map(|m| m.socket_path.clone());
16
17    // Create HTTP proxy
18    let mut http_proxy = HttpProxy::new(filter.clone(), mitm_socket_path).await?;
19    http_proxy.start()?;
20
21    // Create SOCKS5 proxy
22    let mut socks_proxy = Socks5Proxy::new(filter).await?;
23    socks_proxy.start()?;
24
25    tracing::debug!(
26        "Proxies started - HTTP: {}, SOCKS5: {}",
27        http_proxy.port(),
28        socks_proxy.port()
29    );
30
31    Ok((http_proxy, socks_proxy))
32}
33
34/// Generate proxy environment variables for sandboxed commands.
35#[allow(dead_code)]
36pub fn generate_proxy_env_vars(
37    http_port: u16,
38    socks_port: u16,
39    http_socket_path: Option<&str>,
40    _socks_socket_path: Option<&str>,
41) -> Vec<(String, String)> {
42    let http_proxy = if let Some(_socket) = http_socket_path {
43        // On Linux, use localhost inside the sandbox (socat bridges to socket)
44        format!("http://localhost:{}", http_port)
45    } else {
46        format!("http://localhost:{}", http_port)
47    };
48
49    let socks_proxy = format!("socks5://localhost:{}", socks_port);
50
51    let mut env = vec![
52        ("http_proxy".to_string(), http_proxy.clone()),
53        ("HTTP_PROXY".to_string(), http_proxy.clone()),
54        ("https_proxy".to_string(), http_proxy.clone()),
55        ("HTTPS_PROXY".to_string(), http_proxy),
56        ("ALL_PROXY".to_string(), socks_proxy.clone()),
57        ("all_proxy".to_string(), socks_proxy.clone()),
58    ];
59
60    // Git SSH command for SOCKS proxy
61    env.push((
62        "GIT_SSH_COMMAND".to_string(),
63        format!(
64            "ssh -o ProxyCommand='nc -X 5 -x localhost:{} %h %p'",
65            socks_port
66        ),
67    ));
68
69    env
70}