Skip to main content

WireGuard interface for mitmproxy

Project description

mitmproxy_wireguard

PyPI PyPI - License PyPI - Status PyPI - Python Version PyPI - Wheel ci

Transparently proxy any device that can be configured as a WireGuard client!

Work-In-Progress.

Interface

The API interface of the PyO3 module is documented in mitmproxy_wireguard.pyi:

  • Server class: a running WireGuard server instance, with methods for
    • graceful shutdown (close / wait_closed)
    • sending UDP packets
  • TcpStream class: an established TCP connection (provides APIs identical to Python's) asyncio.StreamReader and asyncio.StreamWriter)
  • start_server coroutine: initialize, start, and return a Server instance

Architecture

library architecture

DONE

  • multi-threaded / asynchronous WireGuard server using tokio:
    • one worker thread for the user-space WireGuard server
    • one worker thread for the user-space network stack
    • one worker thread for communicating with the Python runtime
  • basic TCP/IPv4 functionality, IPv6 only partially supported
  • basic UDP functionality
  • Python interface similar to the one provided by asyncio.start_server
  • basic support for reading WireGuard configuration files

TODO

  • better and more complete IPv6 support
  • unit tests
  • various other TODO and FIXME items (documented in the code)

Hacking

Setting up the development environment is relatively straightforward, as only a Rust toolchain and Python 3 are required:

# set up a new venv
python3 -m venv venv

# enter venv (use the activation script for your shell)
source ./venv/bin/activate

# install maturin and pdoc
pip install maturin pdoc

Compiling the native Rust module then becomes easy:

# compile native Rust module and install it in venv
maturin develop

# compile native Rust module with optimizations
maturin develop --release

Once that's done (phew! Rust sure does take a while to compile!), the test echo server should work correctly. It will print instructions for connecting to it over a WireGuard VPN:

python3 ./echo_test_server.py

Docs

Documentation for the Python module can be built with pdoc.

The documentation is built from the mitmproxy_wireguard.pyi type stubs and the rustdoc documentation strings themselves. So to generate the documentation, the native module needs to be rebuilt, as well:

maturin develop
pdoc mitmproxy_wireguard

By default, this will build the documentation in HTML format and serve it on http://localhost:8080.

Note: This requires version >=11.2.0 of pdoc. It is the first version that supports generating documentation for "native-only" Python modules (like our mitmproxy_wireguard PyO3 module).

Introspecting the tokio runtime

The asynchronous runtime can be introspected using tokio-console if the crate was built with the tracing feature:

tokio-console http://localhost:6669

There should be no task that is busy when the program is idle, i.e. there should be no busy waiting.

Note: This requires maturin>=0.12.15, as earlier versions accidentally clobbered the RUSTFLAGS that were passed to the Rust compiler, breaking use of the console_subscriber for tokio-console, which requires using the --cfg tokio_unstable flag.

Code style

The format for Rust code is enforced by rustfmt. To apply the formatting rules, use:

cargo fmt

The format for Python code (i.e. the test echo server and the type stubs in mitmproxy_wireguard.pyi) is enforced with black and can be applied with:

black echo_test_server.py mitmproxy_wireguard.pyi benches/*.py

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mitmproxy_wireguard-0.1.9.tar.gz (20.2 kB view hashes)

Uploaded Source

Built Distributions

mitmproxy_wireguard-0.1.9-cp37-abi3-win_amd64.whl (667.2 kB view hashes)

Uploaded CPython 3.7+ Windows x86-64

mitmproxy_wireguard-0.1.9-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.2 MB view hashes)

Uploaded CPython 3.7+ manylinux: glibc 2.17+ x86-64

mitmproxy_wireguard-0.1.9-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (1.2 MB view hashes)

Uploaded CPython 3.7+ manylinux: glibc 2.17+ ARM64

mitmproxy_wireguard-0.1.9-cp37-abi3-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl (1.6 MB view hashes)

Uploaded CPython 3.7+ macOS 10.9+ universal2 (ARM64, x86-64) macOS 10.9+ x86-64 macOS 11.0+ ARM64

mitmproxy_wireguard-0.1.9-cp37-abi3-macosx_10_7_x86_64.whl (834.0 kB view hashes)

Uploaded CPython 3.7+ macOS 10.7+ x86-64

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page