internal

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 4, 2024 License: BSD-3-Clause Imports: 48 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// DefaultManagementURL points to the NetBird's cloud management endpoint
	DefaultManagementURL = "https://api.netbird.io:443"

	// DefaultAdminURL points to NetBird's cloud management console
	DefaultAdminURL = "https://app.netbird.io:443"
)
View Source
const (
	PeerConnectionTimeoutMax = 45000 // ms
	PeerConnectionTimeoutMin = 30000 // ms
)

PeerConnectionTimeoutMax is a timeout of an initial connection attempt to a remote peer. E.g. this peer will wait PeerConnectionTimeoutMax for the remote peer to respond, if not successful then it will retry the connection attempt. Todo pass timeout at EnginConfig

Variables

View Source
var ErrResetConnection = fmt.Errorf("reset connection")

Functions

func CheckUIApp

func CheckUIApp() bool

CheckUIApp checks whether UI application is running.

func CtxGetState

func CtxGetState(ctx context.Context) *contextState

CtxGetState object to get/update state/errors of process.

func CtxInitState

func CtxInitState(ctx context.Context) context.Context

CtxInitState setup context state into the context tree.

This function should be used to initialize context before CtxGetState will be executed.

func IsLoginRequired

func IsLoginRequired(ctx context.Context, privateKey string, mgmURL *url.URL, sshKey string) (bool, error)

IsLoginRequired check that the server is support SSO or not

func Login

func Login(ctx context.Context, config *Config, setupKey string, jwtToken string) error

Login or register the client

func SignalOfferAnswer

func SignalOfferAnswer(offerAnswer peer.OfferAnswer, myKey wgtypes.Key, remoteKey wgtypes.Key, s signal.Client,
	isAnswer bool) error

SignalOfferAnswer signals either an offer or an answer to remote peer

func WriteOutConfig

func WriteOutConfig(path string, config *Config) error

WriteOutConfig write put the prepared config to the given path

Types

type Config

type Config struct {
	// Wireguard private key of local peer
	PrivateKey           string
	PreSharedKey         string
	ManagementURL        *url.URL
	AdminURL             *url.URL
	WgIface              string
	WgPort               int
	NetworkMonitor       bool
	IFaceBlackList       []string
	DisableIPv6Discovery bool
	RosenpassEnabled     bool
	RosenpassPermissive  bool
	ServerSSHAllowed     *bool
	// SSHKey is a private SSH key in a PEM format
	SSHKey string

	NATExternalIPs []string
	// CustomDNSAddress sets the DNS resolver listening address in format ip:port
	CustomDNSAddress string

	// DisableAutoConnect determines whether the client should not start with the service
	// it's set to false by default due to backwards compatibility
	DisableAutoConnect bool
}

Config Configuration type

func CreateInMemoryConfig

func CreateInMemoryConfig(input ConfigInput) (*Config, error)

CreateInMemoryConfig generate a new config but do not write out it to the store

func ReadConfig

func ReadConfig(configPath string) (*Config, error)

ReadConfig read config file and return with Config. If it is not exists create a new with default values

func UpdateConfig

func UpdateConfig(input ConfigInput) (*Config, error)

UpdateConfig update existing configuration according to input configuration and return with the configuration

func UpdateOldManagementURL

func UpdateOldManagementURL(ctx context.Context, config *Config, configPath string) (*Config, error)

UpdateOldManagementURL checks whether client can switch to the new Management URL with port 443 and the management domain. If it can switch, then it updates the config and returns a new one. Otherwise, it returns the provided config. The check is performed only for the NetBird's managed version.

func UpdateOrCreateConfig

func UpdateOrCreateConfig(input ConfigInput) (*Config, error)

UpdateOrCreateConfig reads existing config or generates a new one

type ConfigInput

type ConfigInput struct {
	ManagementURL       string
	AdminURL            string
	ConfigPath          string
	PreSharedKey        *string
	ServerSSHAllowed    *bool
	NATExternalIPs      []string
	CustomDNSAddress    []byte
	RosenpassEnabled    *bool
	RosenpassPermissive *bool
	InterfaceName       *string
	WireguardPort       *int
	NetworkMonitor      *bool
	DisableAutoConnect  *bool
	ExtraIFaceBlackList []string
}

ConfigInput carries configuration changes to the client

type ConnectClient

type ConnectClient struct {
	// contains filtered or unexported fields
}

func NewConnectClient

func NewConnectClient(
	ctx context.Context,
	config *Config,
	statusRecorder *peer.Status,

) *ConnectClient

func (*ConnectClient) Engine

func (c *ConnectClient) Engine() *Engine

func (*ConnectClient) Run

func (c *ConnectClient) Run() error

Run with main logic.

func (*ConnectClient) RunOnAndroid

func (c *ConnectClient) RunOnAndroid(
	tunAdapter iface.TunAdapter,
	iFaceDiscover stdnet.ExternalIFaceDiscover,
	networkChangeListener listener.NetworkChangeListener,
	dnsAddresses []string,
	dnsReadyListener dns.ReadyListener,
) error

RunOnAndroid with main logic on mobile system

func (*ConnectClient) RunOniOS

func (c *ConnectClient) RunOniOS(
	fileDescriptor int32,
	networkChangeListener listener.NetworkChangeListener,
	dnsManager dns.IosDnsManager,
) error

func (*ConnectClient) RunWithProbes

func (c *ConnectClient) RunWithProbes(
	mgmProbe *Probe,
	signalProbe *Probe,
	relayProbe *Probe,
	wgProbe *Probe,
) error

RunWithProbes runs the client's main logic with probes attached

type DeviceAuthProviderConfig

type DeviceAuthProviderConfig struct {
	// ClientID An IDP application client id
	ClientID string
	// ClientSecret An IDP application client secret
	ClientSecret string
	// Domain An IDP API domain
	// Deprecated. Use OIDCConfigEndpoint instead
	Domain string
	// Audience An Audience for to authorization validation
	Audience string
	// TokenEndpoint is the endpoint of an IDP manager where clients can obtain access token
	TokenEndpoint string
	// DeviceAuthEndpoint is the endpoint of an IDP manager where clients can obtain device authorization code
	DeviceAuthEndpoint string
	// Scopes provides the scopes to be included in the token request
	Scope string
	// UseIDToken indicates if the id token should be used for authentication
	UseIDToken bool
}

DeviceAuthProviderConfig has all attributes needed to initiate a device authorization flow

type DeviceAuthorizationFlow

type DeviceAuthorizationFlow struct {
	Provider       string
	ProviderConfig DeviceAuthProviderConfig
}

DeviceAuthorizationFlow represents Device Authorization Flow information

func GetDeviceAuthorizationFlowInfo

func GetDeviceAuthorizationFlowInfo(ctx context.Context, privateKey string, mgmURL *url.URL) (DeviceAuthorizationFlow, error)

GetDeviceAuthorizationFlowInfo initialize a DeviceAuthorizationFlow instance and return with it

type Engine

type Engine struct {

	// STUNs is a list of STUN servers used by ICE
	STUNs []*stun.URI
	// TURNs is a list of STUN servers used by ICE
	TURNs []*stun.URI
	// contains filtered or unexported fields
}

Engine is a mechanism responsible for reacting on Signal and Management stream events and managing connections to the remote peers.

func NewEngine

func NewEngine(
	clientCtx context.Context,
	clientCancel context.CancelFunc,
	signalClient signal.Client,
	mgmClient mgm.Client,
	config *EngineConfig,
	mobileDep MobileDependency,
	statusRecorder *peer.Status,
) *Engine

NewEngine creates a new Connection Engine

func NewEngineWithProbes

func NewEngineWithProbes(
	clientCtx context.Context,
	clientCancel context.CancelFunc,
	signalClient signal.Client,
	mgmClient mgm.Client,
	config *EngineConfig,
	mobileDep MobileDependency,
	statusRecorder *peer.Status,
	mgmProbe *Probe,
	signalProbe *Probe,
	relayProbe *Probe,
	wgProbe *Probe,
) *Engine

NewEngineWithProbes creates a new Connection Engine with probes attached

func (*Engine) GetClientRoutes

func (e *Engine) GetClientRoutes() route.HAMap

GetClientRoutes returns the current routes from the route map

func (*Engine) GetClientRoutesWithNetID

func (e *Engine) GetClientRoutesWithNetID() map[route.NetID][]*route.Route

GetClientRoutesWithNetID returns the current routes from the route map, but the keys consist of the network ID only

func (*Engine) GetRouteManager

func (e *Engine) GetRouteManager() routemanager.Manager

GetRouteManager returns the route manager

func (*Engine) Start

func (e *Engine) Start() error

Start creates a new WireGuard tunnel interface and listens to events from Signal and Management services Connections to remote peers are not established here. However, they will be established once an event with a list of peers to connect to will be received from Management Service

func (*Engine) Stop

func (e *Engine) Stop() error

type EngineConfig

type EngineConfig struct {
	WgPort      int
	WgIfaceName string

	// WgAddr is a Wireguard local address (Netbird Network IP)
	WgAddr string

	// WgPrivateKey is a Wireguard private key of our peer (it MUST never leave the machine)
	WgPrivateKey wgtypes.Key

	// NetworkMonitor is a flag to enable network monitoring
	NetworkMonitor bool

	// IFaceBlackList is a list of network interfaces to ignore when discovering connection candidates (ICE related)
	IFaceBlackList       []string
	DisableIPv6Discovery bool

	PreSharedKey *wgtypes.Key

	// UDPMuxPort default value 0 - the system will pick an available port
	UDPMuxPort int

	// UDPMuxSrflxPort default value 0 - the system will pick an available port
	UDPMuxSrflxPort int

	// SSHKey is a private SSH key in a PEM format
	SSHKey []byte

	NATExternalIPs []string

	CustomDNSAddress string

	RosenpassEnabled    bool
	RosenpassPermissive bool

	ServerSSHAllowed bool
}

EngineConfig is a config for the Engine

type MobileDependency

type MobileDependency struct {
	// Android only
	TunAdapter            iface.TunAdapter
	IFaceDiscover         stdnet.ExternalIFaceDiscover
	NetworkChangeListener listener.NetworkChangeListener
	HostDNSAddresses      []string
	DnsReadyListener      dns.ReadyListener

	//	iOS only
	DnsManager     dns.IosDnsManager
	FileDescriptor int32
}

MobileDependency collect all dependencies for mobile platform

type PKCEAuthProviderConfig

type PKCEAuthProviderConfig struct {
	// ClientID An IDP application client id
	ClientID string
	// ClientSecret An IDP application client secret
	ClientSecret string
	// Audience An Audience for to authorization validation
	Audience string
	// TokenEndpoint is the endpoint of an IDP manager where clients can obtain access token
	TokenEndpoint string
	// AuthorizationEndpoint is the endpoint of an IDP manager where clients can obtain authorization code
	AuthorizationEndpoint string
	// Scopes provides the scopes to be included in the token request
	Scope string
	// RedirectURL handles authorization code from IDP manager
	RedirectURLs []string
	// UseIDToken indicates if the id token should be used for authentication
	UseIDToken bool
}

PKCEAuthProviderConfig has all attributes needed to initiate pkce authorization flow

type PKCEAuthorizationFlow

type PKCEAuthorizationFlow struct {
	ProviderConfig PKCEAuthProviderConfig
}

PKCEAuthorizationFlow represents PKCE Authorization Flow information

func GetPKCEAuthorizationFlowInfo

func GetPKCEAuthorizationFlowInfo(ctx context.Context, privateKey string, mgmURL *url.URL) (PKCEAuthorizationFlow, error)

GetPKCEAuthorizationFlowInfo initialize a PKCEAuthorizationFlow instance and return with it

type Peer

type Peer struct {
	WgPubKey     string
	WgAllowedIps string
}

Peer is an instance of the Connection Peer

type Probe

type Probe struct {
	// contains filtered or unexported fields
}

Probe allows to run on-demand callbacks from different code locations. Pass the probe to a receiving and a sending end. The receiving end starts listening to requests with Receive and executes a callback when the sending end requests it by calling Probe.

func NewProbe

func NewProbe() *Probe

NewProbe returns a new initialized probe.

func (*Probe) Probe

func (p *Probe) Probe() bool

Probe requests the callback to be run and returns a bool indicating success. It always returns true as long as the receiver is not ready.

func (*Probe) Receive

func (p *Probe) Receive(ctx context.Context, callback func() bool)

Receive starts listening for probe requests. On such a request it runs the supplied callback func which must return a bool indicating success. Blocks until the passed context is cancelled.

type SessionWatcher

type SessionWatcher struct {
	// contains filtered or unexported fields
}

func NewSessionWatcher

func NewSessionWatcher(ctx context.Context, peerStatusRecorder *peer.Status) *SessionWatcher

NewSessionWatcher creates a new instance of SessionWatcher.

func (*SessionWatcher) SetOnExpireListener

func (s *SessionWatcher) SetOnExpireListener(onExpire func())

SetOnExpireListener sets the callback func to be called when the session expires.

type StatusType

type StatusType string
const (
	StatusIdle StatusType = "Idle"

	StatusConnecting  StatusType = "Connecting"
	StatusConnected   StatusType = "Connected"
	StatusNeedsLogin  StatusType = "NeedsLogin"
	StatusLoginFailed StatusType = "LoginFailed"
)

Directories

Path Synopsis
acl
mocks
Package mocks is a generated GoMock package.
Package mocks is a generated GoMock package.
Package stdnet is an extension of the pion's stdnet.
Package stdnet is an extension of the pion's stdnet.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL