Documentation
¶
Overview ¶
Package netstack provides the implemention of data-link layer endpoints backed by boundary-preserving file descriptors (e.g., TUN devices, seqpacket/datagram sockets).
Adopted from: github.com/google/gvisor/blob/f33d034/pkg/tcpip/link/fdbased/endpoint.go since fdbased isn't built when building for android (it is only built for linux).
Index ¶
- Constants
- Variables
- func InboundTCP(s *stack.Stack, in net.Conn, to, from netip.AddrPort, h GTCPConnHandler) error
- func InboundUDP(s *stack.Stack, in net.Conn, to, from netip.AddrPort, h GUDPConnHandler) error
- func LogFile(y bool) (ok bool)
- func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumber, ...)
- func LogPcap(y bool) (ok bool)
- func NewNetstack() (s *stack.Stack)
- func NewReverseGConnHandler(pctx context.Context, to *stack.Stack, of tcpip.NICID, ep stack.LinkEndpoint, ...) *gconnhandler
- func OutboundICMP(s *stack.Stack, ep stack.LinkEndpoint, hdl GICMPHandler)
- func OutboundTCP(s *stack.Stack, h GTCPConnHandler)
- func OutboundUDP(s *stack.Stack, h GUDPConnHandler)
- func Route(s *stack.Stack, l3 string)
- func SetNetstackOpts(s *stack.Stack)
- func StackAddrs(s *stack.Stack, nic tcpip.NICID) (netip.Addr, netip.Addr)
- func Stat(s *stack.Stack) (out *x.NetStat, err error)
- func Up(s *stack.Stack, ep stack.LinkEndpoint, h GConnHandler) (tcpip.NICID, error)
- func WritePCAPHeader(w io.Writer) error
- type DemuxerFn
- type Direction
- type FdSwapper
- type GBaseConnHandler
- type GConnHandler
- type GEchoConnHandler
- type GICMPConn
- func (pc *GICMPConn) Close() error
- func (pc *GICMPConn) LocalAddr() net.Addr
- func (pc *GICMPConn) Read(p []byte) (n int, err error)
- func (pc *GICMPConn) ReadFrom(p []byte) (n int, addr net.Addr, err error)
- func (pc *GICMPConn) RemoteAddr() net.Addr
- func (pc *GICMPConn) SetDeadline(t time.Time) error
- func (pc *GICMPConn) SetReadDeadline(t time.Time) error
- func (pc *GICMPConn) SetWriteDeadline(t time.Time) error
- func (pc *GICMPConn) Write(p []byte) (n int, err error)
- func (pc *GICMPConn) WriteTo(p []byte, addr net.Addr) (n int, err error)
- type GICMPHandler
- type GMuxConnHandler
- type GSpecConnHandler
- type GTCPConn
- func (g *GTCPConn) Abort()
- func (g *GTCPConn) Close() error
- func (g *GTCPConn) CloseRead() error
- func (g *GTCPConn) CloseWrite() error
- func (g *GTCPConn) Establish() (open bool, err error)
- func (g *GTCPConn) LocalAddr() net.Addr
- func (g *GTCPConn) Read(data []byte) (int, error)
- func (g *GTCPConn) RemoteAddr() net.Addr
- func (g *GTCPConn) SetDeadline(t time.Time) error
- func (g *GTCPConn) SetReadDeadline(t time.Time) error
- func (g *GTCPConn) SetWriteDeadline(t time.Time) error
- func (g *GTCPConn) Write(data []byte) (int, error)
- type GTCPConnHandler
- type GUDPConn
- func (g *GUDPConn) Close() error
- func (g *GUDPConn) Establish() error
- func (g *GUDPConn) LocalAddr() (addr net.Addr)
- func (g *GUDPConn) Read(data []byte) (int, error)
- func (g *GUDPConn) ReadFrom(data []byte) (int, net.Addr, error)
- func (g *GUDPConn) RemoteAddr() (addr net.Addr)
- func (g *GUDPConn) SetDeadline(t time.Time) error
- func (g *GUDPConn) SetReadDeadline(t time.Time) error
- func (g *GUDPConn) SetWriteDeadline(t time.Time) error
- func (g *GUDPConn) StatefulTeardown() (fin bool)
- func (g *GUDPConn) Write(data []byte) (int, error)
- func (g *GUDPConn) WriteTo(data []byte, addr net.Addr) (int, error)
- type GUDPConnHandler
- type Options
- type PingAddr
- type SeamlessEndpoint
- type SnoopyEndpoint
- func (e *SnoopyEndpoint) DeliverNetworkPacket(protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer)
- func (e *SnoopyEndpoint) DumpPacket(dir Direction, protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer, ...)
- func (e *SnoopyEndpoint) WritePackets(pkts stack.PacketBufferList) (int, tcpip.Error)
Constants ¶
const ( // DirectionSend indicates a sent packet. DirectionSend = iota // DirectionRecv indicates a received packet. DirectionRecv )
const SnapLen uint32 = 2048 // in bytes; some sufficient value
SnapLen is the maximum bytes of a packet to be saved. Packets with a length less than or equal to snapLen will be saved in their entirety. Longer packets will be truncated to snapLen.
Variables ¶
var BufConfig = []int{128, 256, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768}
BufConfig defines the shape of the vectorised view used to read packets from the NIC.
var LogPackets atomicbitops.Uint32 = atomicbitops.FromUint32(0)
var WritePCAP atomicbitops.Uint32 = atomicbitops.FromUint32(0)
Functions ¶
func InboundTCP ¶
s is the netstack to use for dialing (reads/writes). in is the incoming connection to netstack, s. to (src) is remote. from (dst) is local (to netstack, s). h is the handler that handles connection in into netstack, s, by dialing to from (dst) from to (src).
func InboundUDP ¶
func LogPacket ¶
func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer)
LogPacket logs a packet to stdout.
func NewNetstack ¶
also: github.com/google/gvisor/blob/adbdac747/runsc/boot/loader.go#L1132 github.com/FlowerWrong/tun2socks/blob/1045a49618/cmd/netstack/main.go github.com/zen-of-proxy/go-tun2io/blob/c08b329b8/tun2io/util.go github.com/WireGuard/wireguard-go/blob/42c9af4/tun/netstack/tun.go github.com/telepresenceio/telepresence/pull/2709
func NewReverseGConnHandler ¶
func NewReverseGConnHandler(pctx context.Context, to *stack.Stack, of tcpip.NICID, ep stack.LinkEndpoint, via GConnHandler) *gconnhandler
func OutboundICMP ¶
func OutboundICMP(s *stack.Stack, ep stack.LinkEndpoint, hdl GICMPHandler)
ref: github.com/SagerNet/LibSagerNetCore/blob/632d6b892e/gvisor/icmp.go
func OutboundTCP ¶
func OutboundTCP(s *stack.Stack, h GTCPConnHandler)
func OutboundUDP ¶
func OutboundUDP(s *stack.Stack, h GUDPConnHandler)
func SetNetstackOpts ¶
func Up ¶
func Up(s *stack.Stack, ep stack.LinkEndpoint, h GConnHandler) (tcpip.NICID, error)
ref: github.com/brewlin/net-protocol/blob/ec64e5f899/internal/endpoint/endpoint.go#L20
func WritePCAPHeader ¶
Types ¶
type Direction ¶
type Direction int
A Direction indicates whether the packing is being sent or received.
type GBaseConnHandler ¶
type GConnHandler ¶
type GConnHandler interface {
TCP() GTCPConnHandler // TCP returns the TCP handler.
UDP() GUDPConnHandler // UDP returns the UDP handler.
ICMP() GICMPHandler // ICMP returns the ICMP handler.
CloseConns(csv string) string // CloseConns closes the connections with the given IDs, or all if empty.
}
func NewGConnHandler ¶
func NewGConnHandler(tcp GTCPConnHandler, udp GUDPConnHandler, icmp GICMPHandler) GConnHandler
type GEchoConnHandler ¶
type GICMPConn ¶
type GICMPConn struct {
// contains filtered or unexported fields
}
func DialPingAddr ¶
func (*GICMPConn) RemoteAddr ¶
type GICMPHandler ¶
type GICMPHandler interface {
GBaseConnHandler
GEchoConnHandler
}
type GMuxConnHandler ¶
type GSpecConnHandler ¶
type GSpecConnHandler[T gconns] interface {
GBaseConnHandler
// Proxy copies data between conn and dst (egress).
// must not block forever as it may block netstack
// see: netstack/dispatcher.go:newReadvDispatcher
Proxy(in T, src, dst netip.AddrPort) bool
// ReverseProxy copies data between conn and dst (ingress).
ReverseProxy(out T, in net.Conn, src, dst netip.AddrPort) bool
// Error notes the error in connecting src to dst; retrying if necessary.
Error(in T, src, dst netip.AddrPort, err error)
}
type GTCPConn ¶
type GTCPConn struct {
// contains filtered or unexported fields
}
func (*GTCPConn) Abort ¶
func (g *GTCPConn) Abort()
Abort aborts the connection by sending a RST segment.
func (*GTCPConn) CloseWrite ¶
func (*GTCPConn) LocalAddr ¶
gonet conn local and remote addresses may be nil ref: github.com/tailscale/tailscale/blob/8c5c87be2/wgengine/netstack/netstack.go#L768-L775 and: github.com/google/gvisor/blob/ffabadf0/pkg/tcpip/transport/tcp/endpoint.go#L2759
func (*GTCPConn) RemoteAddr ¶
type GTCPConnHandler ¶
type GTCPConnHandler interface {
GSpecConnHandler[*GTCPConn]
}
type GUDPConn ¶
type GUDPConn struct {
// contains filtered or unexported fields
}
func (*GUDPConn) RemoteAddr ¶
func (*GUDPConn) StatefulTeardown ¶
type GUDPConnHandler ¶
type GUDPConnHandler interface {
GSpecConnHandler[*GUDPConn]
GMuxConnHandler[*GUDPConn]
}
type Options ¶
type Options struct {
// FDs is a set of FDs used to read/write packets.
FDs []int
// MTU is the mtu to use for this endpoint.
MTU uint32
// EthernetHeader if true, indicates that the endpoint should read/write
// ethernet frames instead of IP packets.
EthernetHeader bool
// Address is the link address for this endpoint. Only used if
// EthernetHeader is true.
Address tcpip.LinkAddress
// SaveRestore if true, indicates that this NIC capability set should
// include CapabilitySaveRestore
SaveRestore bool
// DisconnectOk if true, indicates that this NIC capability set should
// include CapabilityDisconnectOk.
DisconnectOk bool
// TXChecksumOffload if true, indicates that this endpoints capability
// set should include CapabilityTXChecksumOffload.
TXChecksumOffload bool
// RXChecksumOffload if true, indicates that this endpoints capability
// set should include CapabilityRXChecksumOffload.
RXChecksumOffload bool
// If MaxSyscallHeaderBytes is non-zero, it is the maximum number of bytes
// of struct iovec, msghdr, and mmsghdr that may be passed by each host
// system call.
MaxSyscallHeaderBytes int
}
Options specify the details about the fd-based endpoint to be created.
type PingAddr ¶
type PingAddr struct {
// contains filtered or unexported fields
}
func PingAddrFromAddr ¶
type SeamlessEndpoint ¶
type SeamlessEndpoint interface {
stack.LinkEndpoint
FdSwapper
}
func NewEndpoint ¶
func NewEndpoint(dev, mtu int, sink io.WriteCloser) (ep SeamlessEndpoint, err error)
ref: github.com/google/gvisor/blob/91f58d2cc/pkg/tcpip/sample/tun_tcp_echo/main.go#L102
func NewFdbasedInjectableEndpoint ¶
func NewFdbasedInjectableEndpoint(opts *Options) (SeamlessEndpoint, error)
New creates a new fd-based endpoint.
Makes fd non-blocking, but does not take ownership of fd, which must remain open for the lifetime of the returned endpoint (until after the endpoint has stopped being using and Wait returns).
type SnoopyEndpoint ¶
SnoopyEndpoint is used to snoop and log network traffic.
func NewSnoopyEndpoint ¶
func NewSnoopyEndpoint(lower stack.LinkEndpoint, writer io.Writer) (*SnoopyEndpoint, error)
NewSnoopyEndpoint creates a new snoop link-layer endpoint. It wraps around another endpoint and logs packets as they traverse the endpoint.
Each packet is written to writer in the pcap format in a single Write call without synchronization. A snoop created with this function will not emit packets using the standard log package.
func (*SnoopyEndpoint) DeliverNetworkPacket ¶
func (e *SnoopyEndpoint) DeliverNetworkPacket(protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer)
DeliverNetworkPacket implements the stack.NetworkDispatcher interface. It is called by the link-layer endpoint being wrapped when a packet arrives, and logs the packet before forwarding to the actual dispatcher.
func (*SnoopyEndpoint) DumpPacket ¶
func (e *SnoopyEndpoint) DumpPacket(dir Direction, protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer, ts *time.Time)
DumpPacket logs a packet, depending on configuration, to stderr and/or a pcap file. ts is an optional timestamp for the packet.
func (*SnoopyEndpoint) WritePackets ¶
func (e *SnoopyEndpoint) WritePackets(pkts stack.PacketBufferList) (int, tcpip.Error)
WritePackets implements the stack.LinkEndpoint interface. It is called by higher-level protocols to write packets; it just logs the packet and forwards the request to the lower endpoint.
Source Files