Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add transparent server mode based on WireGuard #5562

Merged
merged 26 commits into from
Sep 18, 2022
Merged

add transparent server mode based on WireGuard #5562

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
151dbd6
add mode spec for WireGuard mode
decathorpe Sep 4, 2022
8238f9c
add WireGuard server implementation
decathorpe Sep 6, 2022
573b058
remove coverage excludes
mhils Sep 11, 2022
0fe25ff
simplify wireguard spec
mhils Sep 11, 2022
964a692
Merge remote-tracking branch 'origin/main' into pr-5562
mhils Sep 11, 2022
884af87
lint!
mhils Sep 11, 2022
b267d2d
remove superfluous tests
mhils Sep 11, 2022
3bc9a1b
bump to mitmproxy_wireguard 0.1.1
decathorpe Sep 12, 2022
53d14a1
proxy/test_mode_specs: remove unused import
decathorpe Sep 12, 2022
767fa18
fix wireguard server mode
decathorpe Sep 12, 2022
1160e48
WireGuard: move keyfile gen into `.start()`
mhils Sep 13, 2022
a5f75a0
fixup UDP support
mhils Sep 13, 2022
336ce6e
bump to mitmproxy_wireguard v0.1.2
decathorpe Sep 13, 2022
4000ec2
fix crash handler
mhils Sep 14, 2022
6c22471
add simple test for WireGuard server instances
decathorpe Sep 16, 2022
a857f1a
bump to mitmproxy_wireguard v0.1.5 and fix launching wg-test-client
decathorpe Sep 18, 2022
6838abe
Merge remote-tracking branch 'origin/main' into pr-5562
mhils Sep 18, 2022
77c65f4
fixups
mhils Sep 18, 2022
aa90aa6
nits
mhils Sep 18, 2022
77124b9
bump to mitmproxy_wireguard 0.1.6 for fixed test client
decathorpe Sep 18, 2022
6005811
move WireGuardDatagramTransport into dedicated module
mhils Sep 18, 2022
122f0c2
cover WireGuardServerInstance.is_running property with tests
decathorpe Sep 18, 2022
8c8cf46
enable specialized server instance creation
mhils Sep 18, 2022
7fd35e7
test wireguard conf generation
mhils Sep 18, 2022
12cbfea
deduplicate tcp/udp handlers
mhils Sep 18, 2022
0da0031
update CHANGELOG
mhils Sep 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
add mode spec for WireGuard mode
  • Loading branch information
@decathorpe
decathorpe committed Sep 11, 2022
commit 151dbd69dfe66946f69ee24a55ca1f7f891896ea
56 changes: 56 additions & 0 deletions mitmproxy/proxy/mode_specs.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -245,3 +245,59 @@ class DnsMode(ProxyMode):

def __post_init__(self) -> None:
_check_empty(self.data)


class WireGuardMode(ProxyMode):
"""Proxy Server based on WireGuard"""
description = "WireGuard server"
default_port = 51820
mhils marked this conversation as resolved.
Show resolved Hide resolved
transport_protocol = UDP
custom_listen_port: int | None = None

wireguard_cfg_gen: bool | None = None
wireguard_cfg_path: str | None = None
wireguard_peer_num: int | None = None

# noinspection PyDataclass
def __post_init__(self) -> None:
# use default settings
if self.data in [""]:
return

settings = self.data.split(",")
for setting in settings:
# handle empty strings after trailing commas
if not setting:
break

# handle settings with and without default values
if "=" not in setting:
key, value = setting, None
else:
key, value = setting.split("=", 1)

if key not in {"generate", "load", "peers"}:
raise ValueError(f"invalid wireguard mode spec (unexpected {key!r} setting)")

if key == "generate":
# generate new configuration files
if self.wireguard_cfg_gen is False:
raise ValueError("invalid wireguard mode spec (cannot set both 'load' and 'generate')")
self.wireguard_cfg_gen = True
self.wireguard_cfg_path = value

if key == "load":
# load existing configuration file
if self.wireguard_cfg_gen is True:
raise ValueError("invalid wireguard mode spec (cannot set both 'load' and 'generate')")
self.wireguard_cfg_gen = False
self.wireguard_cfg_path = value

if key == "peers":
# generate configuration for specified number of peers
if self.wireguard_cfg_gen is False:
raise ValueError(f"invalid wireguard mode spec (unexpected {setting!r} setting)")
try:
self.wireguard_peer_num = int(value) if value is not None else None
except ValueError:
raise ValueError(f"invalid wireguard mode spec (invalid peer number {value!r})")
26 changes: 25 additions & 1 deletion test/mitmproxy/proxy/test_mode_specs.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import pytest

from mitmproxy.proxy.mode_specs import ProxyMode, Socks5Mode
from mitmproxy.proxy.mode_specs import ProxyMode, Socks5Mode, WireGuardMode


def test_parse():
Expand Down Expand Up @@ -58,6 +58,8 @@ def test_parse_specific_modes():
assert ProxyMode.parse("dns")
assert ProxyMode.parse("reverse:dns://8.8.8.8")
assert ProxyMode.parse("reverse:dtls://127.0.0.1:8004")
assert ProxyMode.parse("wireguard")
assert ProxyMode.parse("wireguard@51821").listen_port() == 51821

with pytest.raises(ValueError, match="invalid port"):
ProxyMode.parse("regular@invalid-port")
Expand All @@ -73,3 +75,25 @@ def test_parse_specific_modes():

with pytest.raises(ValueError, match="Port specification missing."):
ProxyMode.parse("reverse:dtls://127.0.0.1")


def test_parse_wireguard_mode():
assert WireGuardMode.parse("wireguard:load,")
assert WireGuardMode.parse("wireguard:generate,peers=2").wireguard_peer_num == 2
assert WireGuardMode.parse("wireguard:load=~/.mitmproxy/wg.json").wireguard_cfg_path == "~/.mitmproxy/wg.json"

mode = WireGuardMode.parse("wireguard:generate,peers=2@51821")
assert mode.listen_port() == 51821
assert mode.wireguard_cfg_gen is True
assert mode.wireguard_peer_num == 2

with pytest.raises(ValueError, match="cannot set both 'load' and 'generate'"):
WireGuardMode.parse("wireguard:load,generate")
with pytest.raises(ValueError, match="cannot set both 'load' and 'generate'"):
WireGuardMode.parse("wireguard:generate,load")
with pytest.raises(ValueError, match=f"unexpected 'peers=2' setting"):
WireGuardMode.parse("wireguard:load,peers=2")
with pytest.raises(ValueError, match="unexpected 'foobar' setting"):
WireGuardMode.parse("wireguard:foobar")
with pytest.raises(ValueError, match=f"invalid peer number 'foo'"):
WireGuardMode.parse("wireguard:generate,peers=foo")