device

package
v0.0.0-...-e7f66ed Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 2, 2020 License: MIT Imports: 39 Imported by: 0

Documentation

Index

Constants

View Source
const (
	RekeyAfterMessages      = (1 << 60)
	RejectAfterMessages     = (1 << 64) - (1 << 4) - 1
	RekeyAfterTime          = time.Second * 120
	RekeyAttemptTime        = time.Second * 90
	RekeyTimeout            = time.Second * 5
	MaxTimerHandshakes      = 90 / 5 /* RekeyAttemptTime / RekeyTimeout */
	RekeyTimeoutJitterMaxMs = 334
	RejectAfterTime         = time.Second * 180
	KeepaliveTimeout        = time.Second * 10
	CookieRefreshTime       = time.Second * 120
	HandshakeInitationRate  = time.Second / 50
	PaddingMultiple         = 16
)
View Source
const (
	MinMessageSize = MessageKeepaliveSize                  // minimum size of transport message (keepalive)
	MaxMessageSize = MaxSegmentSize                        // maximum size of transport message
	MaxContentSize = MaxSegmentSize - MessageTransportSize // maximum size of transport message content
)
View Source
const (
	UnderLoadQueueSize = QueueHandshakeSize / 8
	UnderLoadAfterTime = time.Second // how long does the device remain under load after detected
	MaxPeers           = 1 << 16     // maximum number of configured peers
)
View Source
const (
	DeviceRoutineNumberPerCPU     = 3
	DeviceRoutineNumberAdditional = 2
)
View Source
const (
	IPv4offsetTotalLength = 2
	IPv4offsetSrc         = 12
	IPv4offsetDst         = IPv4offsetSrc + net.IPv4len
)
View Source
const (
	IPv6offsetPayloadLength = 4
	IPv6offsetSrc           = 8
	IPv6offsetDst           = IPv6offsetSrc + net.IPv6len
)
View Source
const (
	LogLevelSilent = iota
	LogLevelError
	LogLevelInfo
	LogLevelDebug
)
View Source
const (
	AtomicFalse = int32(iota)
	AtomicTrue
)
View Source
const (
	HandshakeZeroed = iota
	HandshakeInitiationCreated
	HandshakeInitiationConsumed
	HandshakeResponseCreated
	HandshakeResponseConsumed
)
View Source
const (
	NoiseConstruction = "Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s"
	WGIdentifier      = "WireGuard v1 zx2c4 Jason@zx2c4.com"
	WGLabelMAC1       = "mac1----"
	WGLabelCookie     = "cookie--"
)
View Source
const (
	MessageInitiationType  = 1
	MessageResponseType    = 2
	MessageCookieReplyType = 3
	MessageTransportType   = 4
)
View Source
const (
	MessageInitiationSize      = 148                                           // size of handshake initiation message
	MessageResponseSize        = 92                                            // size of response message
	MessageCookieReplySize     = 64                                            // size of cookie reply message
	MessageTransportHeaderSize = 16                                            // size of data preceding content in transport message
	MessageTransportSize       = MessageTransportHeaderSize + poly1305.TagSize // size of empty transport
	MessageKeepaliveSize       = MessageTransportSize                          // size of keepalive
	MessageHandshakeSize       = MessageInitiationSize                         // size of largest handshake related message
)
View Source
const (
	MessageTransportOffsetReceiver = 4
	MessageTransportOffsetCounter  = 8
	MessageTransportOffsetContent  = 16
)
View Source
const (
	NoisePublicKeySize  = 32
	NoisePrivateKeySize = 32
)
View Source
const (
	QueueOutboundSize          = 1024
	QueueInboundSize           = 1024
	QueueHandshakeSize         = 1024
	MaxSegmentSize             = (1 << 16) - 1 // largest possible UDP datagram
	PreallocatedBuffersPerPool = 0             // Disable and allow for infinite memory growth
)
View Source
const (
	ConnRoutineNumber = 2
)
View Source
const DefaultMTU = 1420
View Source
const (
	FD_ERR = -1
)
View Source
const (
	PeerRoutineNumber = 3
)
View Source
const WireGuardGoVersion = "0.0.20200121"

Variables

View Source
var (
	InitialChainKey [blake2s.Size]byte
	InitialHash     [blake2s.Size]byte
	ZeroNonce       [chacha20poly1305.NonceSize]byte
)
View Source
var RoamingDisabled bool

Functions

func CreateBind

func CreateBind(port uint16, device *Device) (*nativeBind, uint16, error)

func HMAC1

func HMAC1(sum *[blake2s.Size]byte, key, in0 []byte)

func HMAC2

func HMAC2(sum *[blake2s.Size]byte, key, in0, in1 []byte)

func KDF1

func KDF1(t0 *[blake2s.Size]byte, key, input []byte)

func KDF2

func KDF2(t0, t1 *[blake2s.Size]byte, key, input []byte)

func KDF3

func KDF3(t0, t1, t2 *[blake2s.Size]byte, key, input []byte)

Types

type AllowedIPs

type AllowedIPs struct {
	IPv4 *trieEntry
	IPv6 *trieEntry
	// contains filtered or unexported fields
}

func (*AllowedIPs) EntriesForPeer

func (table *AllowedIPs) EntriesForPeer(peer *Peer) []net.IPNet

func (*AllowedIPs) Insert

func (table *AllowedIPs) Insert(ip net.IP, cidr uint, peer *Peer)

func (*AllowedIPs) LookupIPv4

func (table *AllowedIPs) LookupIPv4(address []byte) *Peer

func (*AllowedIPs) LookupIPv6

func (table *AllowedIPs) LookupIPv6(address []byte) *Peer

func (*AllowedIPs) RemoveByPeer

func (table *AllowedIPs) RemoveByPeer(peer *Peer)

func (*AllowedIPs) Reset

func (table *AllowedIPs) Reset()

type AtomicBool

type AtomicBool struct {
	// contains filtered or unexported fields
}

func (*AtomicBool) Get

func (a *AtomicBool) Get() bool

func (*AtomicBool) Set

func (a *AtomicBool) Set(val bool)

func (*AtomicBool) Swap

func (a *AtomicBool) Swap(val bool) bool

type Bind

type Bind interface {
	SetMark(value uint32) error
	ReceiveIPv6(buff []byte) (int, Endpoint, error)
	ReceiveIPv4(buff []byte) (int, Endpoint, error)
	Send(buff []byte, end Endpoint) error
	Close() error
}

A Bind handles listening on a port for both IPv6 and IPv4 UDP traffic

type CookieChecker

type CookieChecker struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func (*CookieChecker) CheckMAC1

func (st *CookieChecker) CheckMAC1(msg []byte) bool

func (*CookieChecker) CheckMAC2

func (st *CookieChecker) CheckMAC2(msg []byte, src []byte) bool

func (*CookieChecker) CreateReply

func (st *CookieChecker) CreateReply(
	msg []byte,
	recv uint32,
	src []byte,
) (*MessageCookieReply, error)

func (*CookieChecker) Init

func (st *CookieChecker) Init(pk NoisePublicKey)

type CookieGenerator

type CookieGenerator struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func (*CookieGenerator) AddMacs

func (st *CookieGenerator) AddMacs(msg []byte)

func (*CookieGenerator) ConsumeReply

func (st *CookieGenerator) ConsumeReply(msg *MessageCookieReply) bool

func (*CookieGenerator) Init

func (st *CookieGenerator) Init(pk NoisePublicKey)

type Device

type Device struct {
	// contains filtered or unexported fields
}

func NewDevice

func NewDevice(tunDevice tun.Device, logger *Logger) *Device

func (*Device) BindClose

func (device *Device) BindClose() error

func (*Device) BindSetMark

func (device *Device) BindSetMark(mark uint32) error

func (*Device) BindUpdate

func (device *Device) BindUpdate() error

func (*Device) Close

func (device *Device) Close()

func (*Device) ConsumeMessageInitiation

func (device *Device) ConsumeMessageInitiation(msg *MessageInitiation) *Peer

func (*Device) ConsumeMessageResponse

func (device *Device) ConsumeMessageResponse(msg *MessageResponse) *Peer

func (*Device) CreateMessageInitiation

func (device *Device) CreateMessageInitiation(peer *Peer) (*MessageInitiation, error)

func (*Device) CreateMessageResponse

func (device *Device) CreateMessageResponse(peer *Peer) (*MessageResponse, error)

func (*Device) DeleteKeypair

func (device *Device) DeleteKeypair(key *Keypair)

func (*Device) Down

func (device *Device) Down()

func (*Device) FlushPacketQueues

func (device *Device) FlushPacketQueues()

func (*Device) GetInboundElement

func (device *Device) GetInboundElement() *QueueInboundElement

func (*Device) GetMessageBuffer

func (device *Device) GetMessageBuffer() *[MaxMessageSize]byte

func (*Device) GetOutboundElement

func (device *Device) GetOutboundElement() *QueueOutboundElement

func (*Device) IpcGetOperation

func (device *Device) IpcGetOperation(socket *bufio.Writer) *IPCError

func (*Device) IpcHandle

func (device *Device) IpcHandle(socket net.Conn)

func (*Device) IpcSetOperation

func (device *Device) IpcSetOperation(socket *bufio.Reader) *IPCError

func (*Device) IsUnderLoad

func (device *Device) IsUnderLoad() bool

func (*Device) LookupPeer

func (device *Device) LookupPeer(pk NoisePublicKey) *Peer

func (*Device) NewOutboundElement

func (device *Device) NewOutboundElement() *QueueOutboundElement

func (*Device) NewPeer

func (device *Device) NewPeer(pk NoisePublicKey) (*Peer, error)

func (*Device) PopulatePools

func (device *Device) PopulatePools()

func (*Device) PutInboundElement

func (device *Device) PutInboundElement(msg *QueueInboundElement)

func (*Device) PutMessageBuffer

func (device *Device) PutMessageBuffer(msg *[MaxMessageSize]byte)

func (*Device) PutOutboundElement

func (device *Device) PutOutboundElement(msg *QueueOutboundElement)

func (*Device) RemoveAllPeers

func (device *Device) RemoveAllPeers()

func (*Device) RemovePeer

func (device *Device) RemovePeer(key NoisePublicKey)

func (*Device) RoutineDecryption

func (device *Device) RoutineDecryption()

func (*Device) RoutineEncryption

func (device *Device) RoutineEncryption()

Encrypts the elements in the queue * and marks them for sequential consumption (by releasing the mutex) * * Obs. One instance per core

func (*Device) RoutineHandshake

func (device *Device) RoutineHandshake()

Handles incoming packets related to handshake

func (*Device) RoutineReadFromTUN

func (device *Device) RoutineReadFromTUN()

Reads packets from the TUN and inserts * into nonce queue for peer * * Obs. Single instance per TUN device

func (*Device) RoutineReceiveIncoming

func (device *Device) RoutineReceiveIncoming(IP int, bind Bind)

Receives incoming datagrams for the device * * Every time the bind is updated a new routine is started for * IPv4 and IPv6 (separately)

func (*Device) RoutineTUNEventReader

func (device *Device) RoutineTUNEventReader()

func (*Device) SendHandshakeCookie

func (device *Device) SendHandshakeCookie(initiatingElem *QueueHandshakeElement) error

func (*Device) SendKeepalivesToPeersWithCurrentKeypair

func (device *Device) SendKeepalivesToPeersWithCurrentKeypair()

func (*Device) SetPrivateKey

func (device *Device) SetPrivateKey(sk NoisePrivateKey) error

func (*Device) Up

func (device *Device) Up()

func (*Device) Wait

func (device *Device) Wait() chan struct{}

type Endpoint

type Endpoint interface {
	ClearSrc()           // clears the source address
	SrcToString() string // returns the local source address (ip:port)
	DstToString() string // returns the destination address (ip:port)
	DstToBytes() []byte  // used for mac2 cookie calculations
	DstIP() net.IP
	SrcIP() net.IP
}

An Endpoint maintains the source/destination caching for a peer * * dst : the remote address of a peer ("endpoint" in uapi terminology) * src : the local address from which datagrams originate going to the peer

func CreateEndpoint

func CreateEndpoint(s string) (Endpoint, error)

type Handshake

type Handshake struct {
	// contains filtered or unexported fields
}

func (*Handshake) Clear

func (h *Handshake) Clear()

type IPCError

type IPCError struct {
	// contains filtered or unexported fields
}

func (IPCError) Error

func (s IPCError) Error() string

func (IPCError) ErrorCode

func (s IPCError) ErrorCode() int64

type IPv4Source

type IPv4Source struct {
	// contains filtered or unexported fields
}

type IPv6Source

type IPv6Source struct {
	// contains filtered or unexported fields
}

type IndexTable

type IndexTable struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func (*IndexTable) Delete

func (table *IndexTable) Delete(index uint32)

func (*IndexTable) Init

func (table *IndexTable) Init()

func (*IndexTable) Lookup

func (table *IndexTable) Lookup(id uint32) IndexTableEntry

func (*IndexTable) NewIndexForHandshake

func (table *IndexTable) NewIndexForHandshake(peer *Peer, handshake *Handshake) (uint32, error)

func (*IndexTable) SwapIndexForKeypair

func (table *IndexTable) SwapIndexForKeypair(index uint32, keypair *Keypair)

type IndexTableEntry

type IndexTableEntry struct {
	// contains filtered or unexported fields
}

type Keypair

type Keypair struct {
	// contains filtered or unexported fields
}

type Keypairs

type Keypairs struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func (*Keypairs) Current

func (kp *Keypairs) Current() *Keypair

type Logger

type Logger struct {
	Debug *log.Logger
	Info  *log.Logger
	Error *log.Logger
}

func NewLogger

func NewLogger(level int, prepend string) *Logger

type MessageCookieReply

type MessageCookieReply struct {
	Type     uint32
	Receiver uint32
	Nonce    [chacha20poly1305.NonceSizeX]byte
	Cookie   [blake2s.Size128 + poly1305.TagSize]byte
}

type MessageInitiation

type MessageInitiation struct {
	Type      uint32
	Sender    uint32
	Ephemeral NoisePublicKey
	Static    [NoisePublicKeySize + poly1305.TagSize]byte
	Timestamp [tai64n.TimestampSize + poly1305.TagSize]byte
	MAC1      [blake2s.Size128]byte
	MAC2      [blake2s.Size128]byte
}

type MessageResponse

type MessageResponse struct {
	Type      uint32
	Sender    uint32
	Receiver  uint32
	Ephemeral NoisePublicKey
	Empty     [poly1305.TagSize]byte
	MAC1      [blake2s.Size128]byte
	MAC2      [blake2s.Size128]byte
}

type MessageTransport

type MessageTransport struct {
	Type     uint32
	Receiver uint32
	Counter  uint64
	Content  []byte
}

type NativeEndpoint

type NativeEndpoint struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func (*NativeEndpoint) ClearDst

func (end *NativeEndpoint) ClearDst()

func (*NativeEndpoint) ClearSrc

func (end *NativeEndpoint) ClearSrc()

func (*NativeEndpoint) DstIP

func (end *NativeEndpoint) DstIP() net.IP

func (*NativeEndpoint) DstToBytes

func (end *NativeEndpoint) DstToBytes() []byte

func (*NativeEndpoint) DstToString

func (end *NativeEndpoint) DstToString() string

func (*NativeEndpoint) SrcIP

func (end *NativeEndpoint) SrcIP() net.IP

func (*NativeEndpoint) SrcToString

func (end *NativeEndpoint) SrcToString() string

type NoiseNonce

type NoiseNonce uint64 // padded to 12-bytes

type NoisePrivateKey

type NoisePrivateKey [NoisePrivateKeySize]byte

func (NoisePrivateKey) Equals

func (key NoisePrivateKey) Equals(tar NoisePrivateKey) bool

func (*NoisePrivateKey) FromHex

func (key *NoisePrivateKey) FromHex(src string) (err error)

func (NoisePrivateKey) IsZero

func (key NoisePrivateKey) IsZero() bool

func (NoisePrivateKey) ToHex

func (key NoisePrivateKey) ToHex() string

type NoisePublicKey

type NoisePublicKey [NoisePublicKeySize]byte

func (NoisePublicKey) Equals

func (key NoisePublicKey) Equals(tar NoisePublicKey) bool

func (*NoisePublicKey) FromHex

func (key *NoisePublicKey) FromHex(src string) error

func (NoisePublicKey) IsZero

func (key NoisePublicKey) IsZero() bool

func (NoisePublicKey) ToHex

func (key NoisePublicKey) ToHex() string

type NoiseSymmetricKey

type NoiseSymmetricKey [chacha20poly1305.KeySize]byte

func (*NoiseSymmetricKey) FromHex

func (key *NoiseSymmetricKey) FromHex(src string) error

func (NoiseSymmetricKey) ToHex

func (key NoiseSymmetricKey) ToHex() string

type Peer

type Peer struct {
	sync.RWMutex // Mostly protects endpoint, but is generally taken whenever we modify peer
	// contains filtered or unexported fields
}

func (*Peer) BeginSymmetricSession

func (peer *Peer) BeginSymmetricSession() error

Derives a new keypair from the current handshake state *

func (*Peer) ExpireCurrentKeypairs

func (peer *Peer) ExpireCurrentKeypairs()

func (*Peer) FlushNonceQueue

func (peer *Peer) FlushNonceQueue()

func (*Peer) NewTimer

func (peer *Peer) NewTimer(expirationFunction func(*Peer)) *Timer

func (*Peer) ReceivedWithKeypair

func (peer *Peer) ReceivedWithKeypair(receivedKeypair *Keypair) bool

func (*Peer) RoutineNonce

func (peer *Peer) RoutineNonce()

Queues packets when there is no handshake. * Then assigns nonces to packets sequentially * and creates "work" structs for workers * * Obs. A single instance per peer

func (*Peer) RoutineSequentialReceiver

func (peer *Peer) RoutineSequentialReceiver()

func (*Peer) RoutineSequentialSender

func (peer *Peer) RoutineSequentialSender()

Sequentially reads packets from queue and sends to endpoint * * Obs. Single instance per peer. * The routine terminates then the outbound queue is closed.

func (*Peer) SendBuffer

func (peer *Peer) SendBuffer(buffer []byte) error

func (*Peer) SendHandshakeInitiation

func (peer *Peer) SendHandshakeInitiation(isRetry bool) error

func (*Peer) SendHandshakeResponse

func (peer *Peer) SendHandshakeResponse() error

func (*Peer) SendKeepalive

func (peer *Peer) SendKeepalive() bool

Queues a keepalive if no packets are queued for peer

func (*Peer) SetEndpointFromPacket

func (peer *Peer) SetEndpointFromPacket(endpoint Endpoint)

func (*Peer) Start

func (peer *Peer) Start()

func (*Peer) Stop

func (peer *Peer) Stop()

func (*Peer) String

func (peer *Peer) String() string

func (*Peer) ZeroAndFlushAll

func (peer *Peer) ZeroAndFlushAll()

type QueueHandshakeElement

type QueueHandshakeElement struct {
	// contains filtered or unexported fields
}

type QueueInboundElement

type QueueInboundElement struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func (*QueueInboundElement) Drop

func (elem *QueueInboundElement) Drop()

func (*QueueInboundElement) IsDropped

func (elem *QueueInboundElement) IsDropped() bool

type QueueOutboundElement

type QueueOutboundElement struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func (*QueueOutboundElement) Drop

func (elem *QueueOutboundElement) Drop()

func (*QueueOutboundElement) IsDropped

func (elem *QueueOutboundElement) IsDropped() bool

type Timer

type Timer struct {
	*time.Timer
	// contains filtered or unexported fields
}

func (*Timer) Del

func (timer *Timer) Del()

func (*Timer) DelSync

func (timer *Timer) DelSync()

func (*Timer) IsPending

func (timer *Timer) IsPending() bool

func (*Timer) Mod

func (timer *Timer) Mod(d time.Duration)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL