Porting Network Containers

Right now over at ZeroTier we're working on porting Network Containers to different platforms. Here's a summary of what porting something like this (and doing heavy deep network stuff in general) is like on each platform:

  1. Linux: It works in most cases, and in cases where it doesn't most of the OS and application code is open source. That way you can go pull it and see just how horrific most network code actually is.

  2. Windows: Technically it's possible if you get the DLL order incantations right but sometimes it doesn't work, and if it does work it probably won't work on ~1% of Windows machines in the field because every Windows machine is a special snowflake. Also winsock2.dll is named after a product from 1996 and last night you had a dream that you were working on Windows code and spiders crawled out from behind your monitor and everyone of them was carrying a small ring. When you woke up you realized you had to add a #pragma to a C source file to make it use the correct ABI since there are like six.

  3. OSX: Facebook wrote a piece of borderline malware that allows you to hook C library calls. The code calls a lot of things that start with _mach. It works.

  4. iOS: There's a beautiful, modern, polished API to do literally absolutely exactly what you want, but you can't use it. It would never be accepted into the app store because your use case does not involve something social or taking a selfie. As a result you're going to have to use a weird hack that involves emulating SOCKS5. Technically it should work but Apple might revoke support for SOCKS5 at any time. But they also might add a new category of app extension at any time, so in the end either you'll get shiny perfection or your whole market will be destroyed.

  5. Android: There's a debug API that allows function interposition and nobody in the app store will care, but future releases might break it without warning. It also probably won't work on one brand of handset used in Asia and you'll never figure out why because you can't reproduce the problem.

  6. BSD: It works perfectly but nobody uses this.

I haven't done it but there's probably an inverse correlation between ease and user base in there.

Show Comments