Documentation ¶
Index ¶
- Constants
- Variables
- func DiscardLogf(format string, args ...any)
- func HMAC1(sum *[blake2s.Size]byte, key, in0 []byte)
- func HMAC2(sum *[blake2s.Size]byte, key, in0, in1 []byte)
- func KDF1(t0 *[blake2s.Size]byte, key, input []byte)
- func KDF2(t0, t1 *[blake2s.Size]byte, key, input []byte)
- func KDF3(t0, t1, t2 *[blake2s.Size]byte, key, input []byte)
- type AllowedIPs
- type CookieChecker
- type CookieGenerator
- type Device
- func (device *Device) Bind() conn.Bind
- func (device *Device) BindClose() error
- func (device *Device) BindSetMark(mark uint32) error
- func (device *Device) BindUpdate() error
- func (device *Device) Close()
- func (device *Device) ConsumeMessageInitiation(msg *MessageInitiation) *Peer
- func (device *Device) ConsumeMessageResponse(msg *MessageResponse) *Peer
- func (device *Device) CreateMessageInitiation(peer *Peer) (*MessageInitiation, error)
- func (device *Device) CreateMessageResponse(peer *Peer) (*MessageResponse, error)
- func (device *Device) DeleteKeypair(key *Keypair)
- func (device *Device) DisableSomeRoamingForBrokenMobileSemantics()
- func (device *Device) Down() error
- func (device *Device) GetInboundElement() *QueueInboundElement
- func (device *Device) GetMessageBuffer() *[MaxMessageSize]byte
- func (device *Device) GetOutboundElement() *QueueOutboundElement
- func (device *Device) IpcGet() (string, error)
- func (device *Device) IpcGetOperation(w io.Writer) error
- func (device *Device) IpcHandle(socket net.Conn)
- func (device *Device) IpcSet(uapiConf string) error
- func (device *Device) IpcSetOperation(r io.Reader) (err error)
- func (device *Device) IsUnderLoad() bool
- func (device *Device) LookupPeer(pk NoisePublicKey) *Peer
- func (device *Device) NewOutboundElement() *QueueOutboundElement
- func (device *Device) NewPeer(pk NoisePublicKey) (*Peer, error)
- func (device *Device) PopulatePools()
- func (device *Device) PutInboundElement(elem *QueueInboundElement)
- func (device *Device) PutMessageBuffer(msg *[MaxMessageSize]byte)
- func (device *Device) PutOutboundElement(elem *QueueOutboundElement)
- func (device *Device) RemoveAllPeers()
- func (device *Device) RemovePeer(key NoisePublicKey)
- func (device *Device) RoutineDecryption(id int)
- func (device *Device) RoutineEncryption(id int)
- func (device *Device) RoutineHandshake(id int)
- func (device *Device) RoutineReadFromTUN()
- func (device *Device) RoutineReceiveIncoming(recv conn.ReceiveFunc)
- func (device *Device) RoutineTUNEventReader()
- func (device *Device) SendHandshakeCookie(initiatingElem *QueueHandshakeElement) error
- func (device *Device) SendKeepalivesToPeersWithCurrentKeypair()
- func (device *Device) SetPrivateKey(sk NoisePrivateKey) error
- func (device *Device) Up() error
- func (device *Device) Wait() chan struct{}
- type Handshake
- type IPCError
- type IndexTable
- func (table *IndexTable) Delete(index uint32)
- func (table *IndexTable) Init()
- func (table *IndexTable) Lookup(id uint32) IndexTableEntry
- func (table *IndexTable) NewIndexForHandshake(peer *Peer, handshake *Handshake) (uint32, error)
- func (table *IndexTable) SwapIndexForKeypair(index uint32, keypair *Keypair)
- type IndexTableEntry
- type Keypair
- type Keypairs
- type Logger
- type MessageCookieReply
- type MessageInitiation
- type MessageResponse
- type MessageTransport
- type NoiseNonce
- type NoisePresharedKey
- type NoisePrivateKey
- type NoisePublicKey
- type Peer
- func (peer *Peer) BeginSymmetricSession() error
- func (peer *Peer) ExpireCurrentKeypairs()
- func (peer *Peer) FlushStagedPackets()
- func (peer *Peer) NewTimer(expirationFunction func(*Peer)) *Timer
- func (peer *Peer) ReceivedWithKeypair(receivedKeypair *Keypair) bool
- func (peer *Peer) RoutineSequentialReceiver()
- func (peer *Peer) RoutineSequentialSender()
- func (peer *Peer) SendBuffer(buffer []byte) error
- func (peer *Peer) SendHandshakeInitiation(isRetry bool) error
- func (peer *Peer) SendHandshakeResponse() error
- func (peer *Peer) SendKeepalive()
- func (peer *Peer) SendStagedPackets()
- func (peer *Peer) SetEndpointFromPacket(endpoint conn.Endpoint)
- func (peer *Peer) StagePacket(elem *QueueOutboundElement)
- func (peer *Peer) Start()
- func (peer *Peer) Stop()
- func (peer *Peer) String() string
- func (peer *Peer) ZeroAndFlushAll()
- type QueueHandshakeElement
- type QueueInboundElement
- type QueueOutboundElement
- type Timer
- type WaitPool
Constants ¶
const ( RekeyAfterMessages = (1 << 60) RejectAfterMessages = (1 << 64) - (1 << 13) - 1 RekeyAfterTime = time.Second * 120 RekeyAttemptTime = time.Second * 90 RekeyTimeout = time.Second * 5 MaxTimerHandshakes = 90 / 5 /* RekeyAttemptTime / RekeyTimeout */ RekeyTimeoutJitterMaxMs = 334 RejectAfterTime = time.Second * 180 KeepaliveTimeout = time.Second * 10 CookieRefreshTime = time.Second * 120 HandshakeInitationRate = time.Second / 50 PaddingMultiple = 16 )
const ( MinMessageSize = MessageKeepaliveSize // minimum size of transport message (keepalive) MaxMessageSize = MaxSegmentSize // maximum size of transport message MaxContentSize = MaxSegmentSize - MessageTransportSize // maximum size of transport message content )
const ( UnderLoadAfterTime = time.Second // how long does the device remain under load after detected MaxPeers = 1 << 16 // maximum number of configured peers )
const ( IPv4offsetTotalLength = 2 IPv4offsetSrc = 12 IPv4offsetDst = IPv4offsetSrc + net.IPv4len )
const ( IPv6offsetPayloadLength = 4 IPv6offsetSrc = 8 IPv6offsetDst = IPv6offsetSrc + net.IPv6len )
const ( LogLevelSilent = iota LogLevelError LogLevelVerbose )
Log levels for use with NewLogger.
const ( NoiseConstruction = "Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s" WGIdentifier = "WireGuard v1 zx2c4 Jason@zx2c4.com" WGLabelMAC1 = "mac1----" WGLabelCookie = "cookie--" )
const ( MessageInitiationType = 1 MessageResponseType = 2 MessageCookieReplyType = 3 MessageTransportType = 4 )
const ( MessageInitiationSize = 148 // size of handshake initiation message MessageResponseSize = 92 // size of response message MessageCookieReplySize = 64 // size of cookie reply message MessageTransportHeaderSize = 16 // size of data preceding content in transport message MessageTransportSize = MessageTransportHeaderSize + poly1305.TagSize // size of empty transport MessageKeepaliveSize = MessageTransportSize // size of keepalive MessageHandshakeSize = MessageInitiationSize // size of largest handshake related message )
const ( MessageTransportOffsetReceiver = 4 MessageTransportOffsetCounter = 8 MessageTransportOffsetContent = 16 )
const ( NoisePublicKeySize = 32 NoisePrivateKeySize = 32 )
const ( QueueStagedSize = 128 QueueOutboundSize = 1024 QueueInboundSize = 1024 QueueHandshakeSize = 1024 MaxSegmentSize = (1 << 16) - 1 // largest possible UDP datagram PreallocatedBuffersPerPool = 0 // Disable and allow for infinite memory growth )
const DefaultMTU = 1420
Variables ¶
var ( InitialChainKey [blake2s.Size]byte InitialHash [blake2s.Size]byte ZeroNonce [chacha20poly1305.NonceSize]byte )
Functions ¶
func DiscardLogf ¶
Function for use in Logger for discarding logged lines.
Types ¶
type AllowedIPs ¶
type AllowedIPs struct { IPv4 *trieEntry IPv6 *trieEntry // contains filtered or unexported fields }
func (*AllowedIPs) EntriesForPeer ¶
func (table *AllowedIPs) EntriesForPeer(peer *Peer, cb func(prefix netip.Prefix) bool)
func (*AllowedIPs) Lookup ¶
func (table *AllowedIPs) Lookup(ip []byte) *Peer
func (*AllowedIPs) RemoveByPeer ¶
func (table *AllowedIPs) RemoveByPeer(peer *Peer)
type CookieChecker ¶
func (*CookieChecker) CheckMAC1 ¶
func (st *CookieChecker) CheckMAC1(msg []byte) bool
func (*CookieChecker) CheckMAC2 ¶
func (st *CookieChecker) CheckMAC2(msg, src []byte) bool
func (*CookieChecker) CreateReply ¶
func (st *CookieChecker) CreateReply( msg []byte, recv uint32, src []byte, ) (*MessageCookieReply, error)
func (*CookieChecker) Init ¶
func (st *CookieChecker) Init(pk NoisePublicKey)
type CookieGenerator ¶
func (*CookieGenerator) AddMacs ¶
func (st *CookieGenerator) AddMacs(msg []byte)
func (*CookieGenerator) ConsumeReply ¶
func (st *CookieGenerator) ConsumeReply(msg *MessageCookieReply) bool
func (*CookieGenerator) Init ¶
func (st *CookieGenerator) Init(pk NoisePublicKey)
type Device ¶
type Device struct {
// contains filtered or unexported fields
}
func (*Device) BindSetMark ¶
func (*Device) BindUpdate ¶
func (*Device) ConsumeMessageInitiation ¶
func (device *Device) ConsumeMessageInitiation(msg *MessageInitiation) *Peer
func (*Device) ConsumeMessageResponse ¶
func (device *Device) ConsumeMessageResponse(msg *MessageResponse) *Peer
func (*Device) CreateMessageInitiation ¶
func (device *Device) CreateMessageInitiation(peer *Peer) (*MessageInitiation, error)
func (*Device) CreateMessageResponse ¶
func (device *Device) CreateMessageResponse(peer *Peer) (*MessageResponse, error)
func (*Device) DeleteKeypair ¶
func (*Device) DisableSomeRoamingForBrokenMobileSemantics ¶
func (device *Device) DisableSomeRoamingForBrokenMobileSemantics()
DisableSomeRoamingForBrokenMobileSemantics should ideally be called before peers are created, though it will try to deal with it, and race maybe, if called after.
func (*Device) GetInboundElement ¶
func (device *Device) GetInboundElement() *QueueInboundElement
func (*Device) GetMessageBuffer ¶
func (device *Device) GetMessageBuffer() *[MaxMessageSize]byte
func (*Device) GetOutboundElement ¶
func (device *Device) GetOutboundElement() *QueueOutboundElement
func (*Device) IpcGetOperation ¶
IpcGetOperation implements the WireGuard configuration protocol "get" operation. See https://www.wireguard.com/xplatform/#configuration-protocol for details.
func (*Device) IpcSetOperation ¶
IpcSetOperation implements the WireGuard configuration protocol "set" operation. See https://www.wireguard.com/xplatform/#configuration-protocol for details.
func (*Device) IsUnderLoad ¶
func (*Device) LookupPeer ¶
func (device *Device) LookupPeer(pk NoisePublicKey) *Peer
func (*Device) NewOutboundElement ¶
func (device *Device) NewOutboundElement() *QueueOutboundElement
func (*Device) PopulatePools ¶
func (device *Device) PopulatePools()
func (*Device) PutInboundElement ¶
func (device *Device) PutInboundElement(elem *QueueInboundElement)
func (*Device) PutMessageBuffer ¶
func (device *Device) PutMessageBuffer(msg *[MaxMessageSize]byte)
func (*Device) PutOutboundElement ¶
func (device *Device) PutOutboundElement(elem *QueueOutboundElement)
func (*Device) RemoveAllPeers ¶
func (device *Device) RemoveAllPeers()
func (*Device) RemovePeer ¶
func (device *Device) RemovePeer(key NoisePublicKey)
func (*Device) RoutineDecryption ¶
func (*Device) RoutineEncryption ¶
Encrypts the elements in the queue * and marks them for sequential consumption (by releasing the mutex) * * Obs. One instance per core
func (*Device) RoutineHandshake ¶
Handles incoming packets related to handshake
func (*Device) RoutineReadFromTUN ¶
func (device *Device) RoutineReadFromTUN()
Reads packets from the TUN and inserts * into staged queue for peer * * Obs. Single instance per TUN device
func (*Device) RoutineReceiveIncoming ¶
func (device *Device) RoutineReceiveIncoming(recv conn.ReceiveFunc)
Receives incoming datagrams for the device * * Every time the bind is updated a new routine is started for * IPv4 and IPv6 (separately)
func (*Device) RoutineTUNEventReader ¶
func (device *Device) RoutineTUNEventReader()
func (*Device) SendHandshakeCookie ¶
func (device *Device) SendHandshakeCookie(initiatingElem *QueueHandshakeElement) error
func (*Device) SendKeepalivesToPeersWithCurrentKeypair ¶
func (device *Device) SendKeepalivesToPeersWithCurrentKeypair()
func (*Device) SetPrivateKey ¶
func (device *Device) SetPrivateKey(sk NoisePrivateKey) error
type IndexTable ¶
func (*IndexTable) Delete ¶
func (table *IndexTable) Delete(index uint32)
func (*IndexTable) Init ¶
func (table *IndexTable) Init()
func (*IndexTable) Lookup ¶
func (table *IndexTable) Lookup(id uint32) IndexTableEntry
func (*IndexTable) NewIndexForHandshake ¶
func (table *IndexTable) NewIndexForHandshake(peer *Peer, handshake *Handshake) (uint32, error)
func (*IndexTable) SwapIndexForKeypair ¶
func (table *IndexTable) SwapIndexForKeypair(index uint32, keypair *Keypair)
type IndexTableEntry ¶
type IndexTableEntry struct {
// contains filtered or unexported fields
}
type Logger ¶
type Logger struct { Verbosef func(format string, args ...any) Errorf func(format string, args ...any) }
A Logger provides logging for a Device. The functions are Printf-style functions. They must be safe for concurrent use. They do not require a trailing newline in the format. If nil, that level of logging will be silent.
type MessageCookieReply ¶
type MessageCookieReply struct { Type uint32 Receiver uint32 Nonce [chacha20poly1305.NonceSizeX]byte Cookie [blake2s.Size128 + poly1305.TagSize]byte }
type MessageInitiation ¶
type MessageResponse ¶
type MessageTransport ¶
type NoiseNonce ¶
type NoiseNonce uint64 // padded to 12-bytes
type NoisePresharedKey ¶
type NoisePresharedKey [NoisePresharedKeySize]byte
func (*NoisePresharedKey) FromHex ¶
func (key *NoisePresharedKey) FromHex(src string) error
type NoisePrivateKey ¶
type NoisePrivateKey [NoisePrivateKeySize]byte
func (NoisePrivateKey) Equals ¶
func (key NoisePrivateKey) Equals(tar NoisePrivateKey) bool
func (*NoisePrivateKey) FromHex ¶
func (key *NoisePrivateKey) FromHex(src string) (err error)
func (*NoisePrivateKey) FromMaybeZeroHex ¶
func (key *NoisePrivateKey) FromMaybeZeroHex(src string) (err error)
func (NoisePrivateKey) IsZero ¶
func (key NoisePrivateKey) IsZero() bool
type NoisePublicKey ¶
type NoisePublicKey [NoisePublicKeySize]byte
func (NoisePublicKey) Equals ¶
func (key NoisePublicKey) Equals(tar NoisePublicKey) bool
func (*NoisePublicKey) FromHex ¶
func (key *NoisePublicKey) FromHex(src string) error
func (NoisePublicKey) IsZero ¶
func (key NoisePublicKey) IsZero() bool
type Peer ¶
type Peer struct { sync.RWMutex // Mostly protects endpoint, but is generally taken whenever we modify peer // contains filtered or unexported fields }
func (*Peer) BeginSymmetricSession ¶
Derives a new keypair from the current handshake state *
func (*Peer) ExpireCurrentKeypairs ¶
func (peer *Peer) ExpireCurrentKeypairs()
func (*Peer) FlushStagedPackets ¶
func (peer *Peer) FlushStagedPackets()
func (*Peer) ReceivedWithKeypair ¶
func (*Peer) RoutineSequentialReceiver ¶
func (peer *Peer) RoutineSequentialReceiver()
func (*Peer) RoutineSequentialSender ¶
func (peer *Peer) RoutineSequentialSender()
Sequentially reads packets from queue and sends to endpoint * * Obs. Single instance per peer. * The routine terminates then the outbound queue is closed.
func (*Peer) SendBuffer ¶
func (*Peer) SendHandshakeInitiation ¶
func (*Peer) SendHandshakeResponse ¶
func (*Peer) SendKeepalive ¶
func (peer *Peer) SendKeepalive()
Queues a keepalive if no packets are queued for peer
func (*Peer) SendStagedPackets ¶
func (peer *Peer) SendStagedPackets()
func (*Peer) SetEndpointFromPacket ¶
func (*Peer) StagePacket ¶
func (peer *Peer) StagePacket(elem *QueueOutboundElement)
func (*Peer) ZeroAndFlushAll ¶
func (peer *Peer) ZeroAndFlushAll()
type QueueHandshakeElement ¶
type QueueHandshakeElement struct {
// contains filtered or unexported fields
}