Feature request: Retrieve stats from WT-EXIT

sandialabs / wiretap

Wiretap is a transparent, VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.

Other

843 stars 37 forks source link

Feature request: Retrieve stats from WT-EXIT #21

Open SkyperTHC opened 1 year ago

SkyperTHC commented 1 year ago

A REST-API call from the origin host to the WT-EXIT to retrieve information/stats about the WT-EXIT.

curl http://172.16.0.1/info

Info/Stats may include

Configured IP ranges of all interfaces on the WT-EXIT
Uptime / Load / Users

luker983 commented 1 year ago

Do you want information about the Wiretap interfaces/devices? Or the host interfaces/uptime/load/users?

Wiretap statistics are fine, but I'm a little hesitant to grab info like host interfaces or uptime/load/users. The expectation is that you can get that info through other means because you had to deploy the binary somehow.

SkyperTHC commented 1 year ago

Hi,Host interface. WT is already know (172.16.0.2). Host may be on dhcp and so interface may have changed since WT was deployed. Sent from Proton Mail for iOS On Thu, Jul 6, 2023 at 23:02, Luke Rindels @.***> wrote:
Do you want information about the Wiretap interfaces/devices? Or the host interfaces/uptime/load/users? Wiretap statistics are fine, but I'm a little hesitant to grab info like host interfaces or uptime/load/users. The expectation is that you can get that info through other means because you had to deploy the binary somehow.

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.***>

luker983 commented 1 year ago

Concerns here are similar to #22:

I have concerns about enumerating the host system because of AV/project scope
Wiretap assumes you have access to the server machine through some other means and this info can be gathered that way

I am less concerned about this one than the shell feature so leaving open for now, just not prioritizing.

Some metrics like Load that are directly related to Wiretap could be useful and relevant. I'd accept a PR that exposes these kinds of metrics through the API.

Aptimex commented 1 month ago

I think being able to retrieve some basic host networking info (probably just assigned IPs and associated CIDRs for NICs) is reasonable given that that info could be directly relevant to diagnosing network issues with wiretap if something changed on the host. If there's a good existing Golang module for getting that data without having to run separate commands on the OS then I think we can probably add that at some point in the future.

Uptime of the Wiretap server process is probably also reasonable as part of that, but I don't think we'd want to try to pull uptime/load/user data from the host itself for the reasons @luker983 mentioned.