WireGuard interface for mitmproxy
Project description
mitmproxy_wireguard
Transparently proxy any device that can be configured as a WireGuard client!
Work-In-Progress.
Interface
The API interface of the PyO3 module is documented in mitmproxy_wireguard.pyi
:
Server
class: a running WireGuard server instance, with methods for- graceful shutdown (
close
/wait_closed
) - sending UDP packets
- graceful shutdown (
TcpStream
class: an established TCP connection (provides APIs identical to Python's)asyncio.StreamReader
andasyncio.StreamWriter
)start_server
coroutine: initialize, start, and return aServer
instance
Architecture
DONE
- multi-threaded / asynchronous WireGuard server using tokio:
- one worker thread for the user-space WireGuard server
- one worker thread for the user-space network stack
- one worker thread for communicating with the Python runtime
- basic TCP/IPv4 functionality, IPv6 only partially supported
- basic UDP functionality
- Python interface similar to the one provided by
asyncio.start_server
- basic support for reading WireGuard configuration files
TODO
- better and more complete IPv6 support
- unit tests
- various other
TODO
andFIXME
items (documented in the code)
Hacking
Setting up the development environment is relatively straightforward, as only a Rust toolchain and Python 3 are required:
# set up a new venv
python3 -m venv venv
# enter venv (use the activation script for your shell)
source ./venv/bin/activate
# install maturin and pdoc
pip install maturin pdoc
Compiling the native Rust module then becomes easy:
# compile native Rust module and install it in venv
maturin develop
# compile native Rust module with optimizations
maturin develop --release
Once that's done (phew! Rust sure does take a while to compile!), the test echo server should work correctly. It will print instructions for connecting to it over a WireGuard VPN:
python3 ./echo_test_server.py
Docs
Documentation for the Python module can be built with pdoc
.
The documentation is built from the mitmproxy_wireguard.pyi
type stubs and the
rustdoc documentation strings themselves. So to generate the documentation, the
native module needs to be rebuilt, as well:
maturin develop
pdoc mitmproxy_wireguard
By default, this will build the documentation in HTML format and serve it on http://localhost:8080.
Note: This requires version >=11.2.0
of pdoc. It is the first version that
supports generating documentation for "native-only" Python modules (like our
mitmproxy_wireguard
PyO3 module).
Introspecting the tokio runtime
The asynchronous runtime can be introspected using tokio-console
if the crate
was built with the tracing
feature:
tokio-console http://localhost:6669
There should be no task that is busy when the program is idle, i.e. there should be no busy waiting.
Note: This requires maturin>=0.12.15
, as earlier versions accidentally
clobbered the RUSTFLAGS
that were passed to the Rust compiler, breaking use
of the console_subscriber
for tokio-console
, which requires using the
--cfg tokio_unstable
flag.
Code style
The format for Rust code is enforced by rustfmt.toml
. Some used configuration
options are only available on nightly Rust. To apply the formatting rules, use:
cargo +nightly fmt
The format for Python code (i.e. the test echo server and the type stubs in
mitmproxy_wireguard.pyi
) is enforced with black
and can be applied with:
black echo_test_server.py mitmproxy_wireguard.pyi benches/*.py
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for mitmproxy_wireguard-0.1.8.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1deac33f662bd2ce777afe8c4901b790f423660ee4f46dadf16b6c67849d8f79 |
|
MD5 | 36912e97e436a291388ce2564ead8fea |
|
BLAKE2b-256 | 86151cabbf118188e44d03f127573acd2f67aa4bcbb0c3eeea3d656a8fb12ef5 |
Hashes for mitmproxy_wireguard-0.1.8-cp37-abi3-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 7e1ffdc245442b42e40cf7cd84496c155b0630ac22e7f935274a9c49c3020ce5 |
|
MD5 | a23b72a63b23179bc5ea124fbdfc466e |
|
BLAKE2b-256 | 1b5eb6a526491a56c4f9acc2b2645bc4d1462f1a2506e7a610655f94a1c8f877 |
Hashes for mitmproxy_wireguard-0.1.8-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 57e6236b369692763fbdfe44813a95653beea185c4dab067e8c040b87c411372 |
|
MD5 | 0cfe015d707529eefdde646aa5c8376b |
|
BLAKE2b-256 | 70ca24aea97aae95038f563b0a3e82873f06af4c77f6dca7cdd1452776c93512 |
Hashes for mitmproxy_wireguard-0.1.8-cp37-abi3-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 01402672303f0d00dce098c5a6f6818c9417b4a0c42dd38aae78692621f9d451 |
|
MD5 | d7c2258497c70d9821549dde271f910f |
|
BLAKE2b-256 | ac2dd5ffa54740ff58635e51d6e7473ca3c48647da474ad82aeb9c5cc97ff382 |
Hashes for mitmproxy_wireguard-0.1.8-cp37-abi3-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | c7718abbc1c88a32250da1875ca361648d0f49831e04779f72abced40a260096 |
|
MD5 | 2927eb0715cc6b6d7cd8c996b2906ff4 |
|
BLAKE2b-256 | c3c1c5f0c3ae054d091164441c145e576d7a90c2f7bd6ef1d0521cd60be46022 |
Hashes for mitmproxy_wireguard-0.1.8-cp37-abi3-macosx_10_7_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | e7a1e5de66c0bf6fef25edf01fab4f1beff062a15dfaf8c572410eb3eae31032 |
|
MD5 | 5163b5392e78627b32d042f664f23dbd |
|
BLAKE2b-256 | 8b28c12093524c33fcb95b350897a09ca470f7b265a78e6e542d07170d3ad80d |