Repository files navigation

🧪The extension is currently in Preview stage, so some hiccups are expected. Please help us to improveby submitting feedback!

ThisGitHub CLI extension allows to bridge network between a Codespace and your local machine, so theCodespace can reach out to any remote resource that is reachable from your machine. In another words, it uses your local machine as a networkgateway to get to those resources.

For instance, if you are using aVPN to connect to your enterprise network to access a database or any other remote resources on the private network, this extension allows you to get to those resources from within a Codespace, so that you can develop fully inside a Codespace!

About GitHub CLI.

gh extension install github/gh-net

This extension depends on the latest features of GitHub CLI, please make sureto upgrade it.

How to check if my version works?

Run `gh codespace select` command, if it opens the codespace selection dialog, you are good to go!

Picking up new extension version:

gh extension upgrade github/gh-net

To start network forwarding from whithin a Codespace to your local machine, run:

sudo gh net start

Note:sudo privileges are required to bind to network sockets on your machine. In theory user with network administration rights can run this command without sudo, but this scenario is not tested well enough yet, so usingsudo is the hard requirement at the moment.

This will provide codespace selection dialog:

Select a codespace and press enter. The extension will connect to selected codespace and start forwarding network traffic:

There are two pannels in the connected view of the extension:

• Panel on the left (NAT) shows the network address translation table for currently opened connections. For stateful protocols(e.g.TCP) the records are cleaned up automatically after connection is closed so the records will come and go as connection is established and closed. For stateless protocols (e.g.UDP orICMP) or unsuccessfulTCP connections the records are cleaned up after some time, so those will show up in the list for some time.
• Panel on the right (DNS) shows the resolvedDNS records, ashostname,record andtime-to-live (TTL) values.

Pressq orctrl + c to stop the extension.

• --gui: Enanble/disable GUI mode. [true |false] [default:true]
• --trace: Specify tracing verbosity. [none |trace |debug |info |warn |error] [default:info]

Rungh net start -h for details.

General diagram is shown below:

We bind to thedefault gateway network interface inside the codespace and forward all non-routed traffic to theSSH tunnel that connects a Codespace with your local machine. We forward onlyL3 (IP) traffic and there are few criterias must hold for traffic to be forwarded:

• it must appear on thedefault gateway
• it must not be addressed tosomething that is on default gateway subnet

This ensures that we fallback to forwaring packets only if they were not handled by any other network interface inside a Codespace.

Once a packet reaches the local machine, we see if we can forward it to a meaningful destination, for that we resolve network interface that can handle the packet destination. Such network interface must not be a default gateway interface given that the packet destination is not to the gateway subnet, otherwise the packet is addressed to the internet which can be handled from whithin the codespace directly.

If such network interface is found, we create a localnetwork socket and aNAT record for the connection. The NAT record is used to map the remote packet source address to the local network socket address, so it appears to the remote resource as if traffic is coming from the local machine. When a reply packet is received, we perform reverse address translation and send the packet back to the codespace (so it appears as if the reply came directly from the codespace default gateway interface).

ForDNS packets, we register an address that is on thedefault gateway subnet which allows to catch all unresolvedDNS queries. OnceDNS packet is received, it is passed over to thelocal machine where the request to the localDNS resolver is made and a reply is sent back to the codespace.

The extension is written inRust and provides high preformance, low memory footprint and memory safety, hence must cause low latency.

✅ - currently supported 🏃 - support in progress 🙅 - not applicable

Currently onlyTCP,UDP andICMP protocols were tested extensively:

Currently onlyIPv4 is supported and was tested extensively:

• To create aBug report.
• To create aFeature request.

Please search for existing issues before creating a new one.

My local machine network configuration has changed but extension does not pick up the changes.

• Please restart the extension by pressingq and connecting to the Codespace again. The extension currently does not watch for changes in network configuration and hence does not detect new network interfaces or changes in interfaces config. This will be fixed in the future.

I'm getting an error an a stack trace immediatelly after starting the extension.

• Most likely you forgot to usesudo to run the extension. Ifsudo was used, please create aBug report.

Extension suddenly stops working after some time and I see some stack traces in the console.

Most likelySSH connection was dropped or there was an intermittent network issue on your machine. The extension does not currently reconnects to the Codespace automatically. This will be fixed in the future. If this happens too often, please create aBug report.

I'm trying to sendEthernet Datagrams(L2 network layer) directly and expect those to be forwarded but they are not.

The extension currently forwardsIP(L3 network layer) traffic and above. If the datagrams containIP packets that are addressed to a remote resource addressible from your local machine it should work. If it does not, please create aBug report. If you want to sendEthernet Datagrams directly, please create aFeature request, we would love to know about your use case!

I'm using some transport protocol that does not work.

CurrentlyTCP/UDP andICMP are supported. Other protocols should work but were not tested extensivelly. Please createBug report so we can address the issue.

• About GitHub CLI
• GitHub CLI Docs
• About GitHub Codespaces
• 🔒 Source code
• 🔒 Codespace Compose GitHub CLI extension