Documentation ¶
Index ¶
- Constants
- Variables
- func CreateBind(port uint16, device *Device) (*nativeBind, uint16, error)
- func HMAC1(sum *[blake2s.Size]byte, key, in0 []byte)
- func HMAC2(sum *[blake2s.Size]byte, key, in0, in1 []byte)
- func KDF1(t0 *[blake2s.Size]byte, key, input []byte)
- func KDF2(t0, t1 *[blake2s.Size]byte, key, input []byte)
- func KDF3(t0, t1, t2 *[blake2s.Size]byte, key, input []byte)
- type AllowedIPs
- func (table *AllowedIPs) EntriesForPeer(peer *Peer) []net.IPNet
- func (table *AllowedIPs) Insert(ip net.IP, cidr uint, peer *Peer)
- func (table *AllowedIPs) LookupIPv4(address []byte) *Peer
- func (table *AllowedIPs) LookupIPv6(address []byte) *Peer
- func (table *AllowedIPs) RemoveByPeer(peer *Peer)
- func (table *AllowedIPs) Reset()
- type AtomicBool
- type Bind
- type CookieChecker
- type CookieGenerator
- type Device
- func (device *Device) BindClose() error
- func (device *Device) BindSetMark(mark uint32) error
- func (device *Device) BindUpdate() error
- func (device *Device) Close()
- func (device *Device) ConsumeMessageInitiation(msg *MessageInitiation) *Peer
- func (device *Device) ConsumeMessageResponse(msg *MessageResponse) *Peer
- func (device *Device) CreateMessageInitiation(peer *Peer) (*MessageInitiation, error)
- func (device *Device) CreateMessageResponse(peer *Peer) (*MessageResponse, error)
- func (device *Device) DeleteKeypair(key *Keypair)
- func (device *Device) Down()
- func (device *Device) FlushPacketQueues()
- func (device *Device) GetInboundElement() *QueueInboundElement
- func (device *Device) GetMessageBuffer() *[MaxMessageSize]byte
- func (device *Device) GetOutboundElement() *QueueOutboundElement
- func (device *Device) IpcGetOperation(socket *bufio.Writer) *IPCError
- func (device *Device) IpcHandle(socket net.Conn)
- func (device *Device) IpcSetOperation(socket *bufio.Reader) *IPCError
- func (device *Device) IsUnderLoad() bool
- func (device *Device) LookupPeer(pk NoisePublicKey) *Peer
- func (device *Device) NewOutboundElement() *QueueOutboundElement
- func (device *Device) NewPeer(pk NoisePublicKey) (*Peer, error)
- func (device *Device) PopulatePools()
- func (device *Device) PutInboundElement(msg *QueueInboundElement)
- func (device *Device) PutMessageBuffer(msg *[MaxMessageSize]byte)
- func (device *Device) PutOutboundElement(msg *QueueOutboundElement)
- func (device *Device) RemoveAllPeers()
- func (device *Device) RemovePeer(key NoisePublicKey)
- func (device *Device) RoutineDecryption()
- func (device *Device) RoutineEncryption()
- func (device *Device) RoutineHandshake()
- func (device *Device) RoutineReadFromTUN()
- func (device *Device) RoutineReceiveIncoming(IP int, bind Bind)
- func (device *Device) RoutineTUNEventReader()
- func (device *Device) SendHandshakeCookie(initiatingElem *QueueHandshakeElement) error
- func (device *Device) SendKeepalivesToPeersWithCurrentKeypair()
- func (device *Device) SetPrivateKey(sk NoisePrivateKey) error
- func (device *Device) Up()
- func (device *Device) Wait() chan struct{}
- type Endpoint
- type Handshake
- type IPCError
- type IPv4Source
- type IPv6Source
- type IndexTable
- func (table *IndexTable) Delete(index uint32)
- func (table *IndexTable) Init()
- func (table *IndexTable) Lookup(id uint32) IndexTableEntry
- func (table *IndexTable) NewIndexForHandshake(peer *Peer, handshake *Handshake) (uint32, error)
- func (table *IndexTable) SwapIndexForKeypair(index uint32, keypair *Keypair)
- type IndexTableEntry
- type Keypair
- type Keypairs
- type Logger
- type MessageCookieReply
- type MessageInitiation
- type MessageResponse
- type MessageTransport
- type NativeEndpoint
- func (end *NativeEndpoint) ClearDst()
- func (end *NativeEndpoint) ClearSrc()
- func (end *NativeEndpoint) DstIP() net.IP
- func (end *NativeEndpoint) DstToBytes() []byte
- func (end *NativeEndpoint) DstToString() string
- func (end *NativeEndpoint) SrcIP() net.IP
- func (end *NativeEndpoint) SrcToString() string
- type NoiseNonce
- type NoisePrivateKey
- type NoisePublicKey
- type NoiseSymmetricKey
- type Peer
- func (peer *Peer) BeginSymmetricSession() error
- func (peer *Peer) ExpireCurrentKeypairs()
- func (peer *Peer) FlushNonceQueue()
- func (peer *Peer) NewTimer(expirationFunction func(*Peer)) *Timer
- func (peer *Peer) ReceivedWithKeypair(receivedKeypair *Keypair) bool
- func (peer *Peer) RoutineNonce()
- func (peer *Peer) RoutineSequentialReceiver()
- func (peer *Peer) RoutineSequentialSender()
- func (peer *Peer) SendBuffer(buffer []byte) error
- func (peer *Peer) SendHandshakeInitiation(isRetry bool) error
- func (peer *Peer) SendHandshakeResponse() error
- func (peer *Peer) SendKeepalive() bool
- func (peer *Peer) SetEndpointFromPacket(endpoint Endpoint)
- func (peer *Peer) Start()
- func (peer *Peer) Stop()
- func (peer *Peer) String() string
- func (peer *Peer) ZeroAndFlushAll()
- type QueueHandshakeElement
- type QueueInboundElement
- type QueueOutboundElement
- type Timer
Constants ¶
const ( RekeyAfterMessages = (1 << 60) RejectAfterMessages = (1 << 64) - (1 << 4) - 1 RekeyAfterTime = time.Second * 120 RekeyAttemptTime = time.Second * 90 RekeyTimeout = time.Second * 5 MaxTimerHandshakes = 90 / 5 /* RekeyAttemptTime / RekeyTimeout */ RekeyTimeoutJitterMaxMs = 334 RejectAfterTime = time.Second * 180 KeepaliveTimeout = time.Second * 10 CookieRefreshTime = time.Second * 120 HandshakeInitationRate = time.Second / 50 PaddingMultiple = 16 )
const ( MinMessageSize = MessageKeepaliveSize // minimum size of transport message (keepalive) MaxMessageSize = MaxSegmentSize // maximum size of transport message MaxContentSize = MaxSegmentSize - MessageTransportSize // maximum size of transport message content )
const ( UnderLoadQueueSize = QueueHandshakeSize / 8 UnderLoadAfterTime = time.Second // how long does the device remain under load after detected MaxPeers = 1 << 16 // maximum number of configured peers )
const ( DeviceRoutineNumberPerCPU = 3 DeviceRoutineNumberAdditional = 2 )
const ( IPv4offsetTotalLength = 2 IPv4offsetSrc = 12 IPv4offsetDst = IPv4offsetSrc + net.IPv4len )
const ( IPv6offsetPayloadLength = 4 IPv6offsetSrc = 8 IPv6offsetDst = IPv6offsetSrc + net.IPv6len )
const ( LogLevelSilent = iota LogLevelError LogLevelInfo LogLevelDebug )
const ( AtomicFalse = int32(iota) AtomicTrue )
const ( HandshakeZeroed = iota HandshakeInitiationCreated HandshakeInitiationConsumed HandshakeResponseCreated HandshakeResponseConsumed )
const ( NoiseConstruction = "Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s" WGIdentifier = "WireGuard v1 zx2c4 Jason@zx2c4.com" WGLabelMAC1 = "mac1----" WGLabelCookie = "cookie--" )
const ( MessageInitiationType = 1 MessageResponseType = 2 MessageCookieReplyType = 3 MessageTransportType = 4 )
const ( MessageInitiationSize = 148 // size of handshake initiation message MessageResponseSize = 92 // size of response message MessageCookieReplySize = 64 // size of cookie reply message MessageTransportHeaderSize = 16 // size of data preceding content in transport message MessageTransportSize = MessageTransportHeaderSize + poly1305.TagSize // size of empty transport MessageKeepaliveSize = MessageTransportSize // size of keepalive MessageHandshakeSize = MessageInitiationSize // size of largest handshake related message )
const ( MessageTransportOffsetReceiver = 4 MessageTransportOffsetCounter = 8 MessageTransportOffsetContent = 16 )
const ( NoisePublicKeySize = 32 NoisePrivateKeySize = 32 )
const ( QueueOutboundSize = 1024 QueueInboundSize = 1024 QueueHandshakeSize = 1024 MaxSegmentSize = (1 << 16) - 1 // largest possible UDP datagram PreallocatedBuffersPerPool = 0 // Disable and allow for infinite memory growth )
const (
ConnRoutineNumber = 2
)
const DefaultMTU = 1420
const (
FD_ERR = -1
)
const (
PeerRoutineNumber = 3
)
const WireGuardGoVersion = "0.0.20200121"
Variables ¶
var ( InitialChainKey [blake2s.Size]byte InitialHash [blake2s.Size]byte ZeroNonce [chacha20poly1305.NonceSize]byte )
var RoamingDisabled bool
Functions ¶
Types ¶
type AllowedIPs ¶
type AllowedIPs struct { IPv4 *trieEntry IPv6 *trieEntry // contains filtered or unexported fields }
func (*AllowedIPs) EntriesForPeer ¶
func (table *AllowedIPs) EntriesForPeer(peer *Peer) []net.IPNet
func (*AllowedIPs) LookupIPv4 ¶
func (table *AllowedIPs) LookupIPv4(address []byte) *Peer
func (*AllowedIPs) LookupIPv6 ¶
func (table *AllowedIPs) LookupIPv6(address []byte) *Peer
func (*AllowedIPs) RemoveByPeer ¶
func (table *AllowedIPs) RemoveByPeer(peer *Peer)
func (*AllowedIPs) Reset ¶
func (table *AllowedIPs) Reset()
type AtomicBool ¶
type AtomicBool struct {
// contains filtered or unexported fields
}
func (*AtomicBool) Get ¶
func (a *AtomicBool) Get() bool
func (*AtomicBool) Set ¶
func (a *AtomicBool) Set(val bool)
func (*AtomicBool) Swap ¶
func (a *AtomicBool) Swap(val bool) bool
type Bind ¶
type Bind interface { SetMark(value uint32) error ReceiveIPv6(buff []byte) (int, Endpoint, error) ReceiveIPv4(buff []byte) (int, Endpoint, error) Send(buff []byte, end Endpoint) error Close() error }
A Bind handles listening on a port for both IPv6 and IPv4 UDP traffic
type CookieChecker ¶
func (*CookieChecker) CheckMAC1 ¶
func (st *CookieChecker) CheckMAC1(msg []byte) bool
func (*CookieChecker) CreateReply ¶
func (st *CookieChecker) CreateReply( msg []byte, recv uint32, src []byte, ) (*MessageCookieReply, error)
func (*CookieChecker) Init ¶
func (st *CookieChecker) Init(pk NoisePublicKey)
type CookieGenerator ¶
func (*CookieGenerator) AddMacs ¶
func (st *CookieGenerator) AddMacs(msg []byte)
func (*CookieGenerator) ConsumeReply ¶
func (st *CookieGenerator) ConsumeReply(msg *MessageCookieReply) bool
func (*CookieGenerator) Init ¶
func (st *CookieGenerator) Init(pk NoisePublicKey)
type Device ¶
type Device struct {
// contains filtered or unexported fields
}
func (*Device) BindSetMark ¶
func (*Device) BindUpdate ¶
func (*Device) ConsumeMessageInitiation ¶
func (device *Device) ConsumeMessageInitiation(msg *MessageInitiation) *Peer
func (*Device) ConsumeMessageResponse ¶
func (device *Device) ConsumeMessageResponse(msg *MessageResponse) *Peer
func (*Device) CreateMessageInitiation ¶
func (device *Device) CreateMessageInitiation(peer *Peer) (*MessageInitiation, error)
func (*Device) CreateMessageResponse ¶
func (device *Device) CreateMessageResponse(peer *Peer) (*MessageResponse, error)
func (*Device) DeleteKeypair ¶
func (*Device) FlushPacketQueues ¶
func (device *Device) FlushPacketQueues()
func (*Device) GetInboundElement ¶
func (device *Device) GetInboundElement() *QueueInboundElement
func (*Device) GetMessageBuffer ¶
func (device *Device) GetMessageBuffer() *[MaxMessageSize]byte
func (*Device) GetOutboundElement ¶
func (device *Device) GetOutboundElement() *QueueOutboundElement
func (*Device) IpcGetOperation ¶
func (*Device) IpcSetOperation ¶
func (*Device) IsUnderLoad ¶
func (*Device) LookupPeer ¶
func (device *Device) LookupPeer(pk NoisePublicKey) *Peer
func (*Device) NewOutboundElement ¶
func (device *Device) NewOutboundElement() *QueueOutboundElement
func (*Device) PopulatePools ¶
func (device *Device) PopulatePools()
func (*Device) PutInboundElement ¶
func (device *Device) PutInboundElement(msg *QueueInboundElement)
func (*Device) PutMessageBuffer ¶
func (device *Device) PutMessageBuffer(msg *[MaxMessageSize]byte)
func (*Device) PutOutboundElement ¶
func (device *Device) PutOutboundElement(msg *QueueOutboundElement)
func (*Device) RemoveAllPeers ¶
func (device *Device) RemoveAllPeers()
func (*Device) RemovePeer ¶
func (device *Device) RemovePeer(key NoisePublicKey)
func (*Device) RoutineDecryption ¶
func (device *Device) RoutineDecryption()
func (*Device) RoutineEncryption ¶
func (device *Device) RoutineEncryption()
Encrypts the elements in the queue * and marks them for sequential consumption (by releasing the mutex) * * Obs. One instance per core
func (*Device) RoutineHandshake ¶
func (device *Device) RoutineHandshake()
Handles incoming packets related to handshake
func (*Device) RoutineReadFromTUN ¶
func (device *Device) RoutineReadFromTUN()
Reads packets from the TUN and inserts * into nonce queue for peer * * Obs. Single instance per TUN device
func (*Device) RoutineReceiveIncoming ¶
Receives incoming datagrams for the device * * Every time the bind is updated a new routine is started for * IPv4 and IPv6 (separately)
func (*Device) RoutineTUNEventReader ¶
func (device *Device) RoutineTUNEventReader()
func (*Device) SendHandshakeCookie ¶
func (device *Device) SendHandshakeCookie(initiatingElem *QueueHandshakeElement) error
func (*Device) SendKeepalivesToPeersWithCurrentKeypair ¶
func (device *Device) SendKeepalivesToPeersWithCurrentKeypair()
func (*Device) SetPrivateKey ¶
func (device *Device) SetPrivateKey(sk NoisePrivateKey) error
type Endpoint ¶
type Endpoint interface { ClearSrc() // clears the source address SrcToString() string // returns the local source address (ip:port) DstToString() string // returns the destination address (ip:port) DstToBytes() []byte // used for mac2 cookie calculations DstIP() net.IP SrcIP() net.IP }
An Endpoint maintains the source/destination caching for a peer * * dst : the remote address of a peer ("endpoint" in uapi terminology) * src : the local address from which datagrams originate going to the peer
func CreateEndpoint ¶
type IPv4Source ¶
type IPv4Source struct {
// contains filtered or unexported fields
}
type IPv6Source ¶
type IPv6Source struct {
// contains filtered or unexported fields
}
type IndexTable ¶
func (*IndexTable) Delete ¶
func (table *IndexTable) Delete(index uint32)
func (*IndexTable) Init ¶
func (table *IndexTable) Init()
func (*IndexTable) Lookup ¶
func (table *IndexTable) Lookup(id uint32) IndexTableEntry
func (*IndexTable) NewIndexForHandshake ¶
func (table *IndexTable) NewIndexForHandshake(peer *Peer, handshake *Handshake) (uint32, error)
func (*IndexTable) SwapIndexForKeypair ¶
func (table *IndexTable) SwapIndexForKeypair(index uint32, keypair *Keypair)
type IndexTableEntry ¶
type IndexTableEntry struct {
// contains filtered or unexported fields
}
type MessageCookieReply ¶
type MessageCookieReply struct { Type uint32 Receiver uint32 Nonce [chacha20poly1305.NonceSizeX]byte Cookie [blake2s.Size128 + poly1305.TagSize]byte }
type MessageInitiation ¶
type MessageResponse ¶
type MessageTransport ¶
type NativeEndpoint ¶
func (*NativeEndpoint) ClearDst ¶
func (end *NativeEndpoint) ClearDst()
func (*NativeEndpoint) ClearSrc ¶
func (end *NativeEndpoint) ClearSrc()
func (*NativeEndpoint) DstIP ¶
func (end *NativeEndpoint) DstIP() net.IP
func (*NativeEndpoint) DstToBytes ¶
func (end *NativeEndpoint) DstToBytes() []byte
func (*NativeEndpoint) DstToString ¶
func (end *NativeEndpoint) DstToString() string
func (*NativeEndpoint) SrcIP ¶
func (end *NativeEndpoint) SrcIP() net.IP
func (*NativeEndpoint) SrcToString ¶
func (end *NativeEndpoint) SrcToString() string
type NoiseNonce ¶
type NoiseNonce uint64 // padded to 12-bytes
type NoisePrivateKey ¶
type NoisePrivateKey [NoisePrivateKeySize]byte
func (NoisePrivateKey) Equals ¶
func (key NoisePrivateKey) Equals(tar NoisePrivateKey) bool
func (*NoisePrivateKey) FromHex ¶
func (key *NoisePrivateKey) FromHex(src string) (err error)
func (NoisePrivateKey) IsZero ¶
func (key NoisePrivateKey) IsZero() bool
func (NoisePrivateKey) ToHex ¶
func (key NoisePrivateKey) ToHex() string
type NoisePublicKey ¶
type NoisePublicKey [NoisePublicKeySize]byte
func (NoisePublicKey) Equals ¶
func (key NoisePublicKey) Equals(tar NoisePublicKey) bool
func (*NoisePublicKey) FromHex ¶
func (key *NoisePublicKey) FromHex(src string) error
func (NoisePublicKey) IsZero ¶
func (key NoisePublicKey) IsZero() bool
func (NoisePublicKey) ToHex ¶
func (key NoisePublicKey) ToHex() string
type NoiseSymmetricKey ¶
type NoiseSymmetricKey [chacha20poly1305.KeySize]byte
func (*NoiseSymmetricKey) FromHex ¶
func (key *NoiseSymmetricKey) FromHex(src string) error
func (NoiseSymmetricKey) ToHex ¶
func (key NoiseSymmetricKey) ToHex() string
type Peer ¶
type Peer struct { sync.RWMutex // Mostly protects endpoint, but is generally taken whenever we modify peer // contains filtered or unexported fields }
func (*Peer) BeginSymmetricSession ¶
Derives a new keypair from the current handshake state *
func (*Peer) ExpireCurrentKeypairs ¶
func (peer *Peer) ExpireCurrentKeypairs()
func (*Peer) FlushNonceQueue ¶
func (peer *Peer) FlushNonceQueue()
func (*Peer) ReceivedWithKeypair ¶
func (*Peer) RoutineNonce ¶
func (peer *Peer) RoutineNonce()
Queues packets when there is no handshake. * Then assigns nonces to packets sequentially * and creates "work" structs for workers * * Obs. A single instance per peer
func (*Peer) RoutineSequentialReceiver ¶
func (peer *Peer) RoutineSequentialReceiver()
func (*Peer) RoutineSequentialSender ¶
func (peer *Peer) RoutineSequentialSender()
Sequentially reads packets from queue and sends to endpoint * * Obs. Single instance per peer. * The routine terminates then the outbound queue is closed.
func (*Peer) SendBuffer ¶
func (*Peer) SendHandshakeInitiation ¶
func (*Peer) SendHandshakeResponse ¶
func (*Peer) SendKeepalive ¶
Queues a keepalive if no packets are queued for peer
func (*Peer) SetEndpointFromPacket ¶
func (*Peer) ZeroAndFlushAll ¶
func (peer *Peer) ZeroAndFlushAll()
type QueueHandshakeElement ¶
type QueueHandshakeElement struct {
// contains filtered or unexported fields
}
type QueueInboundElement ¶
func (*QueueInboundElement) Drop ¶
func (elem *QueueInboundElement) Drop()
func (*QueueInboundElement) IsDropped ¶
func (elem *QueueInboundElement) IsDropped() bool
type QueueOutboundElement ¶
func (*QueueOutboundElement) Drop ¶
func (elem *QueueOutboundElement) Drop()
func (*QueueOutboundElement) IsDropped ¶
func (elem *QueueOutboundElement) IsDropped() bool