Documentation
¶
Index ¶
- Constants
- type Controller
- type DNSListener
- type DNSOpts
- type DNSResolver
- type DNSSummary
- type DNSTransport
- type DNSTransportMult
- type GoStat
- type ICMPStat
- type IPFwdStat
- type IPStat
- type IpTree
- type NICInfo
- type NICStat
- type NetStat
- func (n *NetStat) FWD() *IPFwdStat
- func (n *NetStat) GO() *GoStat
- func (n *NetStat) ICMP() *ICMPStat
- func (n *NetStat) IP() *IPStat
- func (n *NetStat) NIC() *NICStat
- func (n *NetStat) NICINFO() *NICInfo
- func (n *NetStat) RDNSINFO() *RDNSInfo
- func (n *NetStat) TCP() *TCPStat
- func (n *NetStat) UDP() *UDPStat
- type PipKey
- type Protector
- type Proxies
- type Proxy
- type ProxyListener
- type RDNS
- type RDNSInfo
- type RDNSResolver
- type RadixTree
- type ResolverListener
- type Router
- type RouterStats
- type Rpn
- type TCPStat
- type UDPStat
- type WgKey
Constants ¶
View Source
const ( Vsep = "," // Vsep is a values separator (csv) Ksep = "," // Ksep is a key separator (csv) Kdelim = "@" // Kdelim is a key@csv(v) delimiter KVsep = "|" // KVsep is a k1:v1|k2:v2 separator )
View Source
const ( // DNS transport types DOH = "DNS-over-HTTPS" DNSCrypt = "DNSCrypt" DNS53 = "DNS" DOT = "DNS-over-TLS" ODOH = "Oblivious DNS-over-HTTPS" CT = "Cache" // cached transport prefix // special singleton DNS transports (IDs) Goos = "Goos" // Go determined default resolver System = "System" // network/os provided dns Local = "mdns" // mdns; never cached! Default = "Default" // default (fallback) dns Preferred = "Preferred" // user preferred dns, primary for alg Preset = "Preset" // synthesizes answers from presets (ex: IPs) Fixed = "Fixed" // synthesizes A/AAAA from a single fixed IP BlockFree = "BlockFree" // no local blocks; if not set, default is used BlockAll = "BlockAll" // all blocks; never cached! Bootstrap = "Bootstrap" // bootstrap dns; always encapsulted by Default Alg = "Alg" // dns application-level gateway DcProxy = "DcProxy" // dnscrypt.Proxy as a transport IpMapper = "IpMapper" // dns resolver for dns resolvers SummaryProxyLabel = "proxy:" )
View Source
const ( // Start: Transaction started Start = iota // Complete : Transaction completed successfully Complete // SendFailed : Failed to send query SendFailed // NoResponse : Got no response NoResponse // BadQuery : Malformed input BadQuery // BadResponse : Response was invalid BadResponse // InternalError : This should never happen InternalError // TransportError: Transport has issues TransportError // ClientError: Client has issues ClientError )
View Source
const ( EB32 = iota EB64 )
View Source
const ( Block = "Block" // blocks all traffic Base = "Base" // does not proxy traffic; in sync w dnsx.NetNoProxy Exit = "Exit" // always connects to the Internet (exit node); in sync w dnsx.NetExitProxy Ingress = "Ingress" // incoming connections Auto = "Auto" // auto uses ipn.Exit or any of the RPN proxies RpnWg = WG + RPN // RPN Warp RpnWs = PIPWS + RPN // RPN WebSockets RpnH2 = PIPH2 + RPN // RPN HTTP/2 Rpn64 = NAT64 + RPN // RPN Exit hopping over NAT64 RpnSE = SE + RPN // RPN SurfEasy OrbotS5 = "OrbotSocks5" // Orbot: Base Tor-as-a-SOCKS5 proxy OrbotH1 = "OrbotHttp1" // Orbot: Base Tor-as-a-HTTP/1.1 proxy GlobalH1 = "GlobalHttp1" // Global: Global HTTP/1.1 proxy SOCKS5 = "socks5" // SOCKS5 proxy HTTP1 = "http1" // HTTP/1.1 proxy WG = "wg" // WireGuard-as-a-proxy WGFAST = "gsro" // WireGuard-as-a-proxy w/ UDP GRO/GSO prefix PIPH2 = "piph2" // PIP: HTTP/2 proxy PIPWS = "pipws" // PIP: WebSockets proxy NOOP = "noop" // No proxy, ex: Base, Block INTERNET = "net" // egress network, ex: Exit RPN = "rpn" // Rethink Proxy Network NAT64 = "nat64" // A NAT64 router SE = "se" // SurfEasy TNT = 2 // proxy UP but not responding TZZ = 1 // proxy idle TUP = 0 // proxy UP but not yet OK TOK = -1 // proxy OK TKO = -2 // proxy not OK END = -3 // proxy stopped )
View Source
const ( UidSelf = "rethink" UidSystem = "system" Localhost = "localhost" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Controller ¶
type Controller interface {
// Bind4 binds fd to any internet-capable IPv4 interface.
Bind4(who, addrport string, fd int)
// Bind6 binds fd to any internet-capable IPv6 interface.
// also: github.com/lwip-tcpip/lwip/blob/239918c/src/core/ipv6/ip6.c#L68
Bind6(who, addrport string, fd int)
// Protect marks fd as protected.
Protect(who string, fd int)
}
Controller provides answers to filter network traffic.
type DNSListener ¶
type DNSListener interface {
ResolverListener
// OnQuery is called when a DNS query is received. The listener
// can return a DNSOpts to modify
OnQuery(domain string, qtyp int) *DNSOpts
// OnResponse is called when a DNS response is received.
OnResponse(*DNSSummary)
}
DNSListener receives Summaries.
type DNSResolver ¶
type DNSResolver interface {
DNSTransportMult
RDNSResolver
}
type DNSSummary ¶
type DNSSummary struct {
Type string // dnscrypt, dns53, doh, odoh, dot, preset, fixed
ID string // transport id
Latency float64 // Response (or failure) latency in seconds
QName string // query domain
QType int // A, AAAA, SVCB, HTTPS, etc.
RData string // response data, usually a csv of ips
RCode int // response code
RTtl int // response ttl
Server string
RelayServer string // hop, if any; proxy or a relay server
Status int
Blocklists string // csv separated list of blocklists names, if any.
UpstreamBlocks bool // true if any among upstream transports returned blocked ans.
Msg string // final status message, if any
Region string // region of the rethinkdns server (if used)
}
DNSSummary is a summary of a DNS transaction, reported when it is complete.
type DNSTransport ¶
type DNSTransport interface {
// uniquely identifies this transport
ID() string
// one of DNS53, DOH, DNSCrypt, System
Type() string
// Median round-trip time for this transport, in millis.
P50() int64
// Return the server host address used to initialize this transport.
GetAddr() string
// State of the transport after previous query (see: queryerror.go)
Status() int
}
DNSTransport exports necessary methods from dnsx.Transport
type DNSTransportMult ¶
type DNSTransportMult interface {
// Add adds a transport to this multi-transport.
Add(t DNSTransport) bool
// Remove removes a transport from this multi-transport.
Remove(id string) bool
// Get returns a transport from this multi-transport.
Get(id string) (DNSTransport, error)
// Refresh re-registers transports and returns a csv of active ones.
Refresh() (string, error)
// LiveTransports returns a csv of active transports.
LiveTransports() string
}
type GoStat ¶
type GoStat struct {
Alloc string // bytes allocated and not yet freed
TotalAlloc string // total bytes allocated in aggregate
Sys string // bytes obtained from system
Lookups int64 // number of pointer lookups
Mallocs int64 // number of mallocs
Frees int64 // number of frees
HeapAlloc string // bytes allocated on heap
HeapSys string // heap obtained from system
HeapIdle string // bytes in idle spans
HeapInuse string // bytes in non-idle span
HeapReleased string // bytes released to the OS
HeapObjects int64 // total number of allocated objects
StackInuse string // bytes used by stack allocator
StackSys string // bytes obtained from system for stack allocator
MSpanInuse string // mspan allocs
MSpanSys string // bytes obtained from system for mspan structures
MCacheInuse string // mcache structures
MCacheSys string // bytes obtained from system for mcache structures
BuckHashSys string // bytes used by the profiling bucket hash table
EnableGC bool // GC enabled
DebugGC bool // GC debug
GCSys string // bytes used for garbage collection system metadata
OtherSys string // bytes used for off-heap allocations
NextGC string // target heap size of the next GC
LastGC string // last run in heap
PauseSecs int64 // total STW pause time
NumGC int32 // number of GC runs
NumForcedGC int32 // number of forced GC runs
GCCPUFraction string // fraction of CPU time used by GC
NumGoroutine int64 // number of goroutines
NumCgo int64 // number of cgo calls
NumCPU int64 // number of CPUs
}
ref: github.com/google/gops/blob/35c854fb84a/agent/agent.go
type ICMPStat ¶
type ICMPStat struct {
Rcv4 int64 // ICMPv4 messages received
Rcv6 int64 // ICMPv6 messages received
Snd4 int64 // ICMPv4 messages sent
Snd6 int64 // ICMPv6 messages sent
UnrchRcv4 int64 // ICMPv4 unreachable received
UnrchRcv6 int64 // ICMPv6 unreachable received
UnrchSnd4 int64 // ICMPv4 unreachable sent
UnrchSnd6 int64 // ICMPv6 unreachable sent
Invalid4 int64 // ICMPv4 invalid messages
Invalid6 int64 // ICMPv6 invalid messages
TimeoutSnd4 int64 // ICMPv4 TTL timeouts sent
TimeoutSnd6 int64 // ICMPv6 TTL timeouts sent
TimeoutRcv4 int64 // ICMPv4 TTL timeouts received
TimeoutRcv6 int64 // ICMPv6 TTL timeouts received
Drops4 int64 // ICMPv4 messages dropped
Drops6 int64 // ICMPv6 messages dropped
}
ICMPStat is a collection of ICMP statistics for the current tunnel.
type IPFwdStat ¶
type IPFwdStat struct {
Errs int64 // errors
Unrch int64 // unreachable
NoRoute int64 // no route
NoHop int64 // no endpoint
PTB int64 // packet too big
Timeouts int64 // TTL timeouts
Drops int64 // drops
}
IPFwdStat is a collection of IP forwarding statistics for the current tunnel.
type IPStat ¶
type IPStat struct {
InvalidDst int64 // invalid destination addresses
InvalidSrc int64 // invalid source addresses
InvalidFrag int64 // invalid fragments
InvalidPkt int64 // invalid packets
Errs int64 // packet errors
Rcv int64 // packets received from l2
Snd int64 // packets sent to l4
ErrRcv int64 // packet receive errors from l2
ErrSnd int64 // packet send errors to l4
}
IPStat is a collection of IP statistics for the current tunnel.
type IpTree ¶
type IpTree interface {
// Adds value v to the cidr route.
Add(cidr, v string) error
// Sets cidr route to v, overwriting any previous value.
Set(cidr, v string) error
// Removes value v, if found.
Esc(cidr, v string) bool
// Deletes cidr route. Returns true if cidr was found.
Del(cidr string) bool
// Gets the value of cidr or "" if cidr is not found.
Get(cidr string) (string, error)
// Returns true if the cidr route is found.
Has(cidr string) (bool, error)
// Returns csv of all routes matching cidr or "".
Routes(cidr string) string
// Returns csv of values of all routes matching cidr or "".
Values(cidr string) string
// Returns the route@csv(value) of any route matching cidr or "".
GetAny(cidr string) (string, error)
// Returns true if any route matches cidr.
HasAny(cidr string) (bool, error)
// Removes values like v for cidr.
EscLike(cidr, likev string) int32
// Returns csv of all routes with any value like v matching cidr.
RoutesLike(cidr, likev string) string
// Returns csv of all routes with values like v for cidr.
ValuesLike(cidr, likev string) string
// Returns csv of all values like v for cidr.
GetLike(cidr, likev string) string
// Returns the longest route for cidr as "r1@csv(v)|r2@csv(v2)" or "".
GetAll(cidr string) (string, error)
// Deletes all routes matching cidr. Returns the number of routes deleted.
DelAll(cidr string) int32
// Clears the trie.
Clear()
// Returns the number of routes.
Len() int
}
A IpTree is a thread-safe trie that supports insertion, deletion, and route matching IP CIDRs.
type NICStat ¶
type NICStat struct {
Rx string // bytes received
RxPkts int64 // packets received
Tx string // bytes sent
TxPkts int64 // packets sent
Invalid int64 // invalid packets
L4Unknown int64 // unknown l4 packets
L3Unknown int64 // unknown l3 packets
L4Drops int64 // l4 drops
Drops int64 // drops
}
NICStat is a collection of network interface statistics for the current tunnel.
type NetStat ¶
type NetStat struct {
NICSt NICStat
NICIn NICInfo
IPSt IPStat
FWDSt IPFwdStat
ICMPSt ICMPStat
TCPSt TCPStat
UDPSt UDPStat
RDNSIn RDNSInfo
GOSt GoStat
}
NetStat is a collection of network engine statistics.
type PipKey ¶
type PipKey interface {
// Token gnerates a 32 byte randomized token (auths dataplane ops; see: tokensize)
Token() string
// Blind generates id:blindMsg:blindingFactor:salt:msg
// id is a 64 byte hmac tying blindMsg to the public key
// blindMsg is a 256 byte blinded message
// blindingFactor is upto 256 byte random blinding factor
// salt is 48 bytes random salt (see: hashfn)
// msg is a 32 byte random message (see: msgsize)
Blind() (string, error)
// Finalize returns msg:sig for a finalized blind-signature
Finalize(blindSig string) (string, error)
}
func NewPipKey ¶
NewPipKey creates a new PipKey instance. pubjwk: JWK string of the public key of the RSA-PSS signer (for which modulus must be 2048 bits, and hash-fn must be SHA384). msgOrExistingState: if empty, a new PipKey is created with a random message, if not empty, it's the state of an existing PipKey.
type Proxies ¶
type Proxies interface {
// Add adds a proxy to this multi-transport.
AddProxy(id, url string) (Proxy, error)
// Remove removes a transport from this multi-transport.
RemoveProxy(id string) bool
// GetProxy returns a transport from this multi-transport.
GetProxy(id string) (Proxy, error)
// Hop chains two proxies in the order of origin dialing through via.
Hop(via, origin string) error
// Router returns a lowest common denomination router for this multi-transport.
Router() Router
// RPN returns the Rethink Proxy Network interface.
Rpn() Rpn
// Refresh re-registers proxies and returns a csv of active ones.
RefreshProxies() (string, error)
}
type Proxy ¶
type Proxy interface {
// ID returns the ID of this proxy.
ID() string
// Type returns the type of this proxy.
Type() string
// Returns x.Router.
Router() Router
// GetAddr returns the address of this proxy.
GetAddr() string
// DNS returns the ip:port or doh/dot url or dnscrypt stamp for this proxy.
DNS() string
// Status returns the status of this proxy.
Status() int
// Ping pings this proxy.
Ping() bool
// Stop stops this proxy.
Stop() error
// Refresh re-registers this proxy, if necessary.
Refresh() error
}
type ProxyListener ¶
type ProxyListener interface {
// OnProxyAdded is called when a proxy is added.
OnProxyAdded(id string)
// OnProxyRemoved is called when a proxy is removed except when all
// proxies are stopped, in which case OnProxiesStopped is called.
OnProxyRemoved(id string)
// OnProxiesStopped is called when all proxies are stopped.
// Note: OnProxyRemoved is not called for each proxy.
OnProxiesStopped()
}
ProxyListener is a listener for proxy events.
type RDNS ¶
type RDNS interface {
// SetStamp sets the rethinkdns blockstamp.
SetStamp(string) error
// GetStamp returns the current rethinkdns blockstamp.
GetStamp() (string, error)
// StampToNames returns csv group:names of blocklists in the given stamp s.
StampToNames(s string) (string, error)
// FlagsToStamp returns a blockstamp for given csv blocklist-ids, if valid.
FlagsToStamp(csv string, enctyp int) (string, error)
// StampToFlags retruns csv blocklist-ids given a valid blockstamp s.
StampToFlags(s string) (string, error)
}
type RDNSInfo ¶
type RDNSInfo struct {
Open bool
Debug bool
Looping bool
Slowdown bool
NewWireGuard bool
Transparency bool
Dialer4 bool
Dialer6 bool
DialerOpts string
TunMode string
DNSPreferred string
DNSDefault string
DNSSystem string
DNS string
ProxiesHas4 bool
ProxiesHas6 bool
ProxyLastOKMs int64
ProxySinceMs int64
Proxies string
OpenConnsTCP string
OpenConnsUDP string
OpenConnsICMP string
}
type RDNSResolver ¶
type RDNSResolver interface {
// SetRdnsLocal sets the local rdns resolver.
SetRdnsLocal(trie, rank, conf, filetag string) error
// GetRdnsLocal returns the local rdns resolver.
GetRdnsLocal() (RDNS, error)
// SetRdnsRemote sets the remote rdns resolver.
SetRdnsRemote(filetag string) error
// GetRdnsRemote returns the remote rdns resolver.
GetRdnsRemote() (RDNS, error)
// Translate enables or disables ALG/fixed responses
Translate(bool)
}
type RadixTree ¶
type RadixTree interface {
// Adds k to the trie. Returns true if k was not already in the trie.
Add(k string) bool
// Sets k to v in the trie, overwriting any previous value.
Set(k, v string)
// Deletes k from the trie. Returns true if k was in the trie.
Del(k string) bool
// Gets the value of k from the trie or "" if k is not in the trie.
Get(k string) string
// Returns true if k is in the trie.
Has(k string) bool
// Returns the value of the longest prefix of k in the trie or "".
GetAny(prefix string) string
// Returns true if any key in the trie has the prefix.
HasAny(prefix string) bool
// Deletes all keys in the trie with the prefix. Returns the number of keys deleted.
DelAll(prefix string) int32
// Clears the trie.
Clear()
// Returns the number of keys in the trie.
Len() int
}
A RadixTree is a thread-safe trie that supports insertion, deletion, and prefix matching.
func NewRadixTree ¶
func NewRadixTree() RadixTree
type ResolverListener ¶
type ResolverListener interface {
// OnDNSAdded is called when a new DNS transport with id is added.
OnDNSAdded(id string)
// OnDNSRemoved is called when a DNS transport with id is removed, except
// when the transport is stopped, then OnDNSStopped is called instead.
OnDNSRemoved(id string)
// OnDNSStopped is called when the DNS transport is stopped. Note:
// OnDNSRemoved is not called for each transport before this.
OnDNSStopped()
}
type Router ¶
type Router interface {
// IP4 returns true if this router supports IPv4.
IP4() (y bool)
// IP6 returns true if this router supports IPv6.
IP6() (y bool)
// MTU returns the MTU of this router.
MTU() (mtu int, err error)
// Stats returns the stats of this router.
Stat() (s *RouterStats)
// Via returns the gateway for this router, if any.
Via() (gw Proxy, err error)
// Reaches returns true if any host:port or ip:port is dialable.
Reaches(hostportOrIPPortCsv string) (y bool)
// Contains returns true if this router can route ipprefix.
Contains(ipprefix string) (y bool)
}
type RouterStats ¶
type RouterStats struct {
Addr string // address of the router
Rx int64 // bytes received
Tx int64 // bytes transmitted
ErrRx int64 // receive errors
ErrTx int64 // transmit errors
LastRx int64 // last receive in millis
LastTx int64 // last transmit in millis
LastOK int64 // last handshake or ping or connect millis
Since int64 // uptime in millis
}
RouterStats lists interesting stats of a Router.
type Rpn ¶
type Rpn interface {
// RegisterWarp registers a new Warp public key.
RegisterWarp(publicKeyBase64 string) (json []byte, err error)
// RegisterSE registers a new SurfEasy user.
RegisterSE() error
// TestWarp connects to some Warp IPs and returns reachable ones.
TestWarp() (ips string, errs error)
// TestSE connects to some SurfEasy IPs and returns reachable ones.
TestSE() (ips string, errs error)
// Warp returns a RpnWg proxy.
Warp() (wg Proxy, err error)
// Pip returns a RpnWs proxy.
Pip() (ws Proxy, err error)
// Exit returns the Exit proxy.
Exit() (exit Proxy, err error)
// Exit64 returns a Exit proxy hopping over NAT64.
Exit64() (nat64 Proxy, err error)
// SE returns a SurfEasy proxy.
SE() (se Proxy, err error)
}
type TCPStat ¶
type TCPStat struct {
Active int64 // connecting
Passive int64 // listening
Est int64 // current established
EstClo int64 // established but closed
EstRst int64 // established but RST
EstTo int64 // established but timeout
Con int64 // current connected
ConFail int64 // failed connect attempts
PortFail int64 // failed port reservations
SynDrop int64 // syns dropped
AckDrop int64 // acks dropped
ErrChecksum int64 // bad checksums
ErrRcv int64 // invalid recv segments
ErrSnd int64 // segment send errors
Rcv int64 // segments received
Snd int64 // segments sent
Retrans int64 // retransmissions
Timeouts int64 // connection timeouts
Drops int64 // drops by max inflight threshold
}
TCPStat is a collection of TCP statistics for the current tunnel.
type UDPStat ¶
type UDPStat struct {
ErrChecksum int64 // bad checksums
ErrRcv int64 // recv errors
ErrSnd int64 // send errors
Snd int64 // packets sent
Rcv int64 // packets received
PortFail int64 // unknown port
Drops int64 // rcv buffer errors
}
UDPStat is a collection of UDP statistics for the current tunnel.
type WgKey ¶
type WgKey interface {
// IsZero returns true if the key is all zeros.
IsZero() bool
// Base64 returns the key as a base64-encoded string.
Base64() string
// Hex returns the key as a hex-encoded string.
Hex() string
// Mult returns the key multiplied by the basepoint (curve25519).
Mult() WgKey
}
func NewWgPrivateKey ¶
func NewWgPrivateKeyOf ¶
Source Files
Click to show internal directories.
Click to hide internal directories.