ac

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 4, 2024 License: Apache-2.0 Imports: 20 Imported by: 0

README

NHP-AC

架构设计

  1. AC支持与多台Server互相进行通信。所有连接均为AC主动向Server发起。AC通过发送心跳包和NHP-AOL包维持与Server的连接。

  2. AC与Server通信失效后,将尝试重新建立连接,如果一直无法与任何一台Server建立连接,则进入失效状态。

  3. AC在启动后即开始与预设的服务器周期性建立连接并保持连接(AC很有可能在内网,所以不能由服务器先发连接)。连接时发送NHP_DOL消息,在收到服务器的回应后确认连接。连接期间视情况进行发送NHP_KPL消息保持连接。由maintainServerConnectionRoutine实现。

  4. AC处理服务器发送过来的NHP_DOP消息,判断请求方的serviceId, appId是否匹配并进行IPSET操作,完成后返回NHP_DRT消息。

  5. 发送消息时,向sendMsgCh发送创建好的MsgAssembler(必须指定RemoteAddr)。如果连接没有建立,AC会尝试建立并记录该连接。同时对此连接开启接收线程。MsgAssembler经过加密后会从此连接发出

  6. 接收到报文时,会将报文进行解密获取明文消息。由msghandler分别进行处理。

NHP-AC的IP放行模式

IP放行模式分为两种:

  1. ipPassMode为0(默认)时为立即放行模式,门禁开门时将以敲门来源IP地址为准。

  2. ipPassMode为1时为预访问模式,门禁开门前将先开启对应协议的临时端口并返回server临时端口和临时访问token,在短时间内需由agent携带临时访问token进行临时连接,如果临时连接有效,则开门时放行将以此次临时连接的来源IP为准。

NHP-AC配置文件

etc/config.toml

[AC]
  # (optional) assign an unique id for this ac
  ACId = "abc_group_ac_001"
  # (mandatory) specify the private key in base64 format
  ACPrivateKey = "+B0RLGbe+nknJBZ0Fjt7kCBWfSTUttbUqkGteLfIp30="
  # 0: default, passing the knock source IP
  # 1: use pre-access procedure to determine the passing source IP
  IpPassMode = 0
  # (optional) ID of authorization service provider this ac belongs to
  AuthServiceId = "abc_group" 
  # (optional) ID of resources controlled by this ac
  ResourceIds = ["abc_group_web_server", "abc_group_api_server"]
  # (optional) ID of organization
  OrganizationId = "5f3e36149fa95c0414408ad4"

# server peers list
[[Servers]]
  # (optional) the server's hostname. Its resolved address overrides the "Ip" field
  Host = ""
  # IP address of the server peer
  Ip = "192.168.80.35"
  # listening port for the server peer
  Port = 62206
  # type: NHP-Server
  Type = 2
  # specify the server peer's public key in base64 format
  PublicKey = "WqJxe+Z4+wLen3VRgZx6YnbjvJFmptz99zkONCt/7gc="
  # expire timestamp of the public key (seconds from epoch)
  ExpireTime = 1716345064

# another server
#[[Servers]]
#  Ip = "192.168.135.1"
#  Port = 7776
#  Type = 2
#  PublicKey = "dstv1KlD2oVXiwgOxWtgZd+YmrOhU46W3emTGrHRADk="
#  ExpireTime = 1716345064

Documentation

Index

Constants

View Source 
const (
	MaxConcurrentConnection      = 256
	DefaultConnectionTimeoutMs   = 300 * 1000 // 300 seconds to delete idle connection, align with server
	PacketQueueSizePerConnection = 32

	ReportToServerInterval         = 60 // seconds
	MinialServerDiscoveryInterval  = 5  // seconds
	ServerKeepaliveInterval        = 20 // seconds
	ServerDiscoveryRetryBeforeFail = 3

	TempPortOpenTime = 30 //

	IPSET_DEFAULT_NAME      = "defaultset"
	IPSET_DEFAULT_DOWN_NAME = "defaultset_down"
)
View Source 
const (
	PASS_KNOCK_IP = iota
	PASS_PRE_ACCESS_IP
)

IP pass mode

Variables

View Source 
var (
	ExeDirPath string
)

Functions

This section is empty.

Types

type AgentUser 

type AgentUser struct {
	UserId         string
	DeviceId       string
	OrganizationId string
	// contains filtered or unexported fields
}

func (*AgentUser) Hash 

func (au *AgentUser) Hash() string

type AgentUserCodeMap 

type AgentUserCodeMap = map[string]*map[string]string // agent hash string first letter > agent hash string > token

type Config 

type Config struct {
	PrivateKeyBase64 string          `json:"privateKey"`
	ACId             string          `json:"acId"`
	DefaultIp        string          `json:"defaultIp"`
	AuthServiceId    string          `json:"aspId"`
	ResourceIds      []string        `json:"resIds"`
	Servers          []*core.UdpPeer `json:"servers"`
	IpPassMode       int             `json:"ipPassMode"` // 0: pass the knock source IP, 1: use pre-access mode and release the access source IP
	LogLevel         int             `json:"logLevel"`
}

type Peers 

type Peers struct {
	Servers []*core.UdpPeer
}

type UdpAC added in v0.4.0 

type UdpAC struct {
	AgentUserTokenMutex sync.Mutex
	// contains filtered or unexported fields
}

func (*UdpAC) AddServerPeer added in v0.4.0 

func (d *UdpAC) AddServerPeer(server *core.UdpPeer)

func (*UdpAC) DeleteAccessToken added in v0.4.0 

func (d *UdpAC) DeleteAccessToken(au *AgentUser)

func (*UdpAC) GenerateAccessToken added in v0.4.0 

func (d *UdpAC) GenerateAccessToken(au *AgentUser) string

func (*UdpAC) HandleACOperations added in v0.4.0 

func (d *UdpAC) HandleACOperations(ppd *core.PacketParserData) (err error)

func (*UdpAC) IpPassMode added in v0.4.0 

func (d *UdpAC) IpPassMode() int

func (*UdpAC) IsRunning added in v0.4.0 

func (d *UdpAC) IsRunning() bool

func (*UdpAC) RemoveServerPeer added in v0.4.0 

func (d *UdpAC) RemoveServerPeer(serverKey string)

func (*UdpAC) ResolvePeer added in v0.4.0 

func (d *UdpAC) ResolvePeer(peer *core.UdpPeer) (*core.UdpPeer, net.Addr)

if the server uses hostname as destination, find the correct peer with the actual IP address

func (*UdpAC) SendPacket added in v0.4.0 

func (d *UdpAC) SendPacket(pkt *core.Packet, conn *UdpConn) (n int, err error)

func (*UdpAC) Start added in v0.4.0 

func (d *UdpAC) Start(dirPath string, logLevel int) (err error)

dirPath: the path of app or shared library entry point logLevel: 0: silent, 1: error, 2: info, 3: debug, 4: verbose

func (*UdpAC) Stop added in v0.4.0 

func (d *UdpAC) Stop()

func (*UdpAC) StopConfigWatch added in v0.4.0 

func (d *UdpAC) StopConfigWatch()

func (*UdpAC) VerifyAccessToken added in v0.4.0 

func (d *UdpAC) VerifyAccessToken(au *AgentUser, token string) bool

type UdpConn 

type UdpConn struct {
	ConnData *core.ConnectionData
	// contains filtered or unexported fields
}

func (*UdpConn) Close 

func (c *UdpConn) Close()

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.