wireproxy Add support for UDP proxying

This PR adds support for a proxying a UDP server through Wireguard. It can listen on IPv4 while tunneling to an IPv6 address or vice versa.

When sending, it goes through BindAddress -> Wireguard -> Target and the opposite when receiving.

For example, if you wanted to proxy Cloudflare's DNS server, an example config would be:

[Interface]
...

[Peer]
...

[UDPProxyTunnel]
BindAddress = 127.0.0.1:53

#Target = [2606:4700:4700::1111]:53
Target = 1.1.1.1:53

# If its set to 0, it will never timeout
InactivityTimeout = 30

Jan 01 '25 06:01 VastBlast

To comply with current architecture this also needs a landlock config rules section https://github.com/pufferffish/wireproxy/blob/d7106831812f3b69d827148ddfb06a9a48e6c8ad/cmd/wireproxy/main.go#L133-L153

Jan 03 '25 13:01 ghost

To comply with current architecture this also needs a landlock config rules section

https://github.com/pufferffish/wireproxy/blob/d7106831812f3b69d827148ddfb06a9a48e6c8ad/cmd/wireproxy/main.go#L133-L153

I looked into this but there seems to be no specific method for restricting UDP bindings/connects similar to TCP. As of right now go-landlock only has TCP.

Jan 03 '25 22:01 VastBlast

Ah sorry I thought this already hit kernel, it appears it did not.

https://lore.kernel.org/all/[email protected]/ https://github.com/landlock-lsm/linux/issues/10

Latest dec 24th https://lwn.net/Articles/1002224/

There was plans to follow up in landlock with udp support.

Jan 04 '25 03:01 ghost

@0xThiebaut: What do you think?

Linked to:

https://github.com/pufferffish/wireproxy/issues/30
https://github.com/pufferffish/wireproxy/pull/51

Jan 30 '25 23:01 Neustradamus

may I ask what is preventing this pr being merged?

Aug 03 '25 10:08 ChaosEternal

wireproxy wireproxy copied to clipboard

Add support for UDP proxying

wireproxy
wireproxy copied to clipboard