Documentation
¶
Index ¶
Constants ¶
const ( // DNSModeNone does not redirect DNS queries sent to the tunnel. DNSModeNone int32 = 0 // DNSModeIP redirects DNS requests sent to the IP endpoint set by VPN. DNSModeIP int32 = 1 // DNSModePort redirects all DNS requests on port 53. DNSModePort int32 = 2 )
const ( // BlockModeNone filters no packet. BlockModeNone int32 = 0 // BlockModeFilter filters packets on connection establishment. BlockModeFilter int32 = 1 // BlockModeSink blackholes all packets. BlockModeSink int32 = 2 // BlockModeFilterProc determines owner-uid of a tcp/udp connection // from procfs before filtering BlockModeFilterProc int32 = 3 )
const ( // PtModeAuto does not enforce (but may still use) 6to4 protocol translation. PtModeAuto int32 = 0 // PtModeForce64 enforces 6to4 protocol translation. PtModeForce64 int32 = 1 // Android implements 464Xlat out-of-the-box, so this zero userspace impl PtModeNo46 int32 = 2 )
const ( Ns4 = 0b010 // 2 Ns46 = 0b110 // 6 Ns6 = 0b100 // 4 )
msb to lsb: ipv6, ipv4, lwip(1) or netstack(0)
const ( IP4 = "4" IP46 = "46" IP6 = "6" )
IP4, IP46, IP6 are string'd repr of Ns4, Ns46, Ns6
const ( // SplitAuto is the default dial strategy; chosen by the engine. SplitAuto int32 = iota // SplitTCPOrTLS splits first TCP segment or fragments the TLS SNI header. SplitTCPOrTLS // SplitTCP splits the first TCP segment. SplitTCP // SplitDesync splits the first TCP segment after desynchronizing the connection // by sending a different, but fixed, first TCP segement to the censor. SplitDesync // SplitNever doesn't muck; connects as-is. SplitNever )
Dial strategies
const ( // RetryAfterSplit retries connection as-is after split fails. RetryAfterSplit int32 = iota // RetryWithSplit connects as-is, but retries with split. RetryWithSplit // RetryNever never retries. RetryNever )
Retry strategies
const NICID = 0x01
NICID is the default network interface card ID for the network stack.
Variables ¶
var Debug bool = false
Debug is a global flag to enable debug behaviour.
var EndpointIndependentFiltering = atomic.Bool{}
EndpointIndependentFiltering is a global flag to enable endpoint-independent filtering for UDP as per RFC 4787.
var EndpointIndependentMapping = atomic.Bool{}
EndpointIndependentMapping is a global flag to enable endpoint-independent mapping for UDP as per RFC 4787.
var ExperimentalWireGuard = atomic.Bool{}
ExperimentalWireGuard is a global flag to enable experimental settings for WireGuard.
var Loopingback = atomic.Bool{}
Loopingback is a global flag to adjust netstack behaviour wrt preventing split dialing, closing tunfd without delay etc.
var PortForward = atomic.Bool{}
PortForward is a global flag to enable bound to the same port for the outgoing conn as the incoming sockisfied conn.
var SingleThreaded = atomic.Bool{}
SingleThreaded is a global flag to run Netstack's packet forwarder in a single-threaded mode.
var SystemDNSForUndelegatedDomains = atomic.Bool{}
SystemDNSForUndelegatedDomains is a global flag to always use System DNS for undelegated domains.
Functions ¶
func SetDialerOpts ¶
SetDialerOpts sets the dialer options to use.
Types ¶
type DNSOptions ¶
type DNSOptions struct {
// contains filtered or unexported fields
}
DNSOptions define https or socks5 proxy options
func NewDNSOptions ¶
func NewDNSOptions(ipport string) (*DNSOptions, error)
NewDNSOptions returns a new DNSOpitons object.
func NewDNSOptionsFromHostname ¶
func NewDNSOptionsFromHostname(hostOrHostPort, ipcsv string) (*DNSOptions, error)
func NewDNSOptionsFromNetIp ¶
func NewDNSOptionsFromNetIp(ipp netip.AddrPort) (*DNSOptions, error)
func (*DNSOptions) AddrPort ¶
func (d *DNSOptions) AddrPort() string
AddrPort returns the ip:port or host:port.
func (*DNSOptions) Port ¶
func (d *DNSOptions) Port() uint16
func (*DNSOptions) ResolvedAddrs ¶
func (d *DNSOptions) ResolvedAddrs() string
func (*DNSOptions) String ¶
func (d *DNSOptions) String() string
type DialerOpts ¶
type DialerOpts struct {
// Strat is the dialing strategy.
Strat int32
// Retry is the retry strategy.
Retry int32
// LowerKeepAlive is the flag to enable low TCP keep-alive.
// Currently, 600s for idle, 5s for interval, and 4 probes.
LowerKeepAlive bool
}
DialerOpts define dialer options.
func (DialerOpts) String ¶
func (d DialerOpts) String() string
type ProxyOptions ¶
type ProxyOptions struct {
Auth *proxy.Auth
IP string // just the ip
Host string // just the hostname (no port)
Port string // just the port number
IPPort string // may be a url or ip:port
Scheme string // http, https, socks5, pip
Addrs []string // list of ips if ipport is a url; may be nil
}
ProxyOptions define https or socks5 proxy options
func NewAuthProxyOptions ¶
func NewAuthProxyOptions(scheme, username, password, ip, port string, addrs []string) *ProxyOptions
NewAuthProxyOptions returns a new ProxyOptions object with authentication object.
func NewProxyOptions ¶
func NewProxyOptions(ip string, port string) *ProxyOptions
NewProxyOptions returns a new ProxyOptions object.
func (*ProxyOptions) FullUrl ¶
func (p *ProxyOptions) FullUrl() string
FullUrl returns the full url with auth.
func (*ProxyOptions) HasAuth ¶
func (p *ProxyOptions) HasAuth() bool
HasAuth returns true if p has auth params.
func (*ProxyOptions) String ¶
func (p *ProxyOptions) String() string
type TunMode ¶
type TunMode struct {
// DNSMode specifies the kind of DNS traffic to be trapped and routed to DoH servers
DNSMode atomic.Int32
// BlockMode instructs change in firewall behaviour.
BlockMode atomic.Int32
// PtMode determines 6to4 translation heuristics.
PtMode atomic.Int32
}
TunMode specifies dns, firewall, xlat, and ip modes
func DefaultTunMode ¶
func DefaultTunMode() *TunMode
DefaultTunMode returns a new default TunMode with IP-only DNS capture and replay (not all DNS traffic but only the DNS traffic sent to [tcp/udp]handler.fakedns is captured and replayed to the remote DoH server) and with firewall disabled.
func NewTunMode ¶
NewTunMode returns a new TunMode object. `d` sets dns-mode. `b` sets block-mode. `pt` sets natpt-mode.
Source Files