From 2969f9d2d691c92e7f9cdeb9d5332f33343813a5 Mon Sep 17 00:00:00 2001 From: Owen Date: Tue, 2 Sep 2025 12:20:07 -0700 Subject: [PATCH 1/4] Ensure backward compatability with --docker-socket --- docker/client.go | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/docker/client.go b/docker/client.go index f8b9d0c..2a42023 100644 --- a/docker/client.go +++ b/docker/client.go @@ -73,8 +73,11 @@ func parseDockerHost(raw string) (dockerHost, error) { s = strings.TrimPrefix(s, "http://") s = strings.TrimPrefix(s, "https://") return dockerHost{"tcp", s}, nil + case strings.HasPrefix(raw, "/"): + // Absolute path without scheme - treat as unix socket + return dockerHost{"unix", raw}, nil default: - // default fallback to unix + // For relative paths or other formats, also default to unix return dockerHost{"unix", raw}, nil } } @@ -85,6 +88,13 @@ func CheckSocket(socketPath string) bool { if socketPath == "" { socketPath = "unix:///var/run/docker.sock" } + + // Ensure the socket path is properly formatted + if !strings.Contains(socketPath, "://") { + // If no scheme provided, assume unix socket + socketPath = "unix://" + socketPath + } + host, err := parseDockerHost(socketPath) if err != nil { logger.Debug("Invalid Docker socket path '%s': %v", socketPath, err) @@ -149,7 +159,13 @@ func IsWithinHostNetwork(socketPath string, targetAddress string, targetPort int func ListContainers(socketPath string, enforceNetworkValidation bool) ([]Container, error) { // Use the provided socket path or default to standard location if socketPath == "" { - socketPath = "/var/run/docker.sock" + socketPath = "unix:///var/run/docker.sock" + } + + // Ensure the socket path is properly formatted for the Docker client + if !strings.Contains(socketPath, "://") { + // If no scheme provided, assume unix socket + socketPath = "unix://" + socketPath } // Used to filter down containers returned to Pangolin From eda8073bce6ec454f3fbd8afe247181ea52389bc Mon Sep 17 00:00:00 2001 From: Stanley Wisnioski <113554994+wisnioskis@users.noreply.github.com> Date: Thu, 4 Sep 2025 09:58:43 -0400 Subject: [PATCH 2/4] Change DNS Server Changed DNS server from Google (8.8.8.8) to Quad9 (9.9.9.9) --- main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.go b/main.go index 380efef..12849b1 100644 --- a/main.go +++ b/main.go @@ -186,7 +186,7 @@ func main() { flag.StringVar(&mtu, "mtu", "1280", "MTU to use") } if dns == "" { - flag.StringVar(&dns, "dns", "8.8.8.8", "DNS server to use") + flag.StringVar(&dns, "dns", "9.9.9.9", "DNS server to use") } if logLevel == "" { flag.StringVar(&logLevel, "log-level", "INFO", "Log level (DEBUG, INFO, WARN, ERROR, FATAL)") From 217a9346c64b90cf1763edef5b667221034bb5ed Mon Sep 17 00:00:00 2001 From: Stanley Wisnioski <113554994+wisnioskis@users.noreply.github.com> Date: Thu, 4 Sep 2025 10:00:48 -0400 Subject: [PATCH 3/4] Change DNS Server in clients.go Changed DNS server from Google (8.8.8.8) to Quad9 (9.9.9.9) --- clients.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients.go b/clients.go index 60bbf41..4b282a7 100644 --- a/clients.go +++ b/clients.go @@ -39,7 +39,7 @@ func setupClients(client *websocket.Client) { func setupClientsNetstack(client *websocket.Client, host string) { logger.Info("Setting up clients with netstack...") // Create WireGuard service - wgService, err = wgnetstack.NewWireGuardService(interfaceName, mtuInt, generateAndSaveKeyTo, host, id, client, "8.8.8.8") + wgService, err = wgnetstack.NewWireGuardService(interfaceName, mtuInt, generateAndSaveKeyTo, host, id, client, "9.9.9.9") if err != nil { logger.Fatal("Failed to create WireGuard service: %v", err) } From 2675b812aa015eb377a3e70ff1b94d2b75576dc7 Mon Sep 17 00:00:00 2001 From: Stanley Wisnioski <113554994+wisnioskis@users.noreply.github.com> Date: Thu, 4 Sep 2025 10:03:58 -0400 Subject: [PATCH 4/4] Update README.md Updated README.md to reflect change of default DNS server from Google to Quad9. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1978942..6eb32ee 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ When Newt receives WireGuard control messages, it will use the information encod - `endpoint`: The endpoint where both Gerbil and Pangolin reside in order to connect to the websocket. - `mtu` (optional): MTU for the internal WG interface. Default: 1280 -- `dns` (optional): DNS server to use to resolve the endpoint. Default: 8.8.8.8 +- `dns` (optional): DNS server to use to resolve the endpoint. Default: 9.9.9.9 - `log-level` (optional): The log level to use (DEBUG, INFO, WARN, ERROR, FATAL). Default: INFO - `enforce-hc-cert` (optional): Enforce certificate validation for health checks. Default: false (accepts any cert) - `docker-socket` (optional): Set the Docker socket to use the container discovery integration @@ -62,7 +62,7 @@ All CLI arguments can be set using environment variables as an alternative to co - `NEWT_ID`: Newt ID generated by Pangolin (equivalent to `--id`) - `NEWT_SECRET`: Newt secret for authentication (equivalent to `--secret`) - `MTU`: MTU for the internal WG interface. Default: 1280 (equivalent to `--mtu`) -- `DNS`: DNS server to use to resolve the endpoint. Default: 8.8.8.8 (equivalent to `--dns`) +- `DNS`: DNS server to use to resolve the endpoint. Default: 9.9.9.9 (equivalent to `--dns`) - `LOG_LEVEL`: Log level (DEBUG, INFO, WARN, ERROR, FATAL). Default: INFO (equivalent to `--log-level`) - `DOCKER_SOCKET`: Path to Docker socket for container discovery (equivalent to `--docker-socket`) - `PING_INTERVAL`: Interval for pinging the server. Default: 3s (equivalent to `--ping-interval`)