lib

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 8, 2024 License: MIT Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source 
const FirstHandshakeTimeout = 10 * time.Second

A new peer must connect with a handshake within this time.

View Source 
const FwmarkBase = 0x54437D00

FwmarkBase is the base value for firewall marks used by vprox.

View Source 
const PeerIdleTimeout = 5 * time.Minute

If no handshakes are received in this time, the peer is considered idle and removed from the server's WireGuard interface list.

Note that this must be at least 2-3 minutes, since WireGuard sends handshakes interleaved with a data message only when 2-3 minutes have passed since the last successful handshake. This is regardless of the persistent-keepalive setting.

View Source 
const RunDir string = "/run/vprox"

RunDir is the path for runtime data that should be kept across restarts.

View Source 
const WireguardListenPortBase = 50227

UDP listen port base value for WireGuard connections.

Variables

This section is empty.

Functions

func AfterCountIpBlock 

func AfterCountIpBlock(ip netip.Addr, size uint, count uint) netip.Addr

AfterCountIpBlock returns the result of incrementing an IP address by N CIDR counts.

func GetClientKey 

func GetClientKey(ifname string) (key wgtypes.Key, err error)

func GetServerKey 

func GetServerKey() (key wgtypes.Key, err error)

func GetVproxPassword 

func GetVproxPassword() (string, error)

Types

type AwsInterface 

type AwsInterface struct {
	MacAddress  string
	InterfaceId string // eni-[XXXXXXXXXX]
	PrivateIps  []string
}

AwsInterface contains information about a network interface.

type AwsMetadata 

type AwsMetadata struct {
	// contains filtered or unexported fields
}

AwsMetadata is a client for the AWS instance metadata service.

func NewAwsMetadata 

func NewAwsMetadata() *AwsMetadata

NewAwsMetadata creates a new AWS metadata client.

func (*AwsMetadata) GetAddresses 

func (am *AwsMetadata) GetAddresses() ([]AwsInterface, error)

GetAddresses returns the info about the instance's network interfaces.

type Client 

type Client struct {
	// Key is the private key of the client.
	Key wgtypes.Key

	// Ifname is the name of the client WireGuard interface.
	Ifname string

	// ServerIp is the public IPv4 address of the server.
	ServerIp netip.Addr

	// Password authenticates the client connection.
	Password string

	// WgClient is a shared client for interacting with the WireGuard kernel module.
	WgClient *wgctrl.Client

	// Http is used to make connect requests to the server.
	Http *http.Client
	// contains filtered or unexported fields
}

Client manages a peering connection with with a local WireGuard interface.

func (*Client) CheckConnection 

func (c *Client) CheckConnection(timeout time.Duration, cancelCtx context.Context) bool

CheckConnection checks the status of the connection with the wireguard peer, and returns true if it is healthy. This sends 3 pings in succession, and blocks until they receive a response or the timeout passes.

func (*Client) Connect 

func (c *Client) Connect() error

Connect attempts to reconnect to the peer. A network interface needs to have already been created with CreateInterface() before calling Connect()

func (*Client) CreateInterface 

func (c *Client) CreateInterface() error

CreateInterface creates a new interface for wireguard. DeleteInterface() needs to be called to clean this up.

func (*Client) DeleteInterface 

func (c *Client) DeleteInterface()

type IpAllocator 

type IpAllocator struct {
	// contains filtered or unexported fields
}

IpAllocator is a simple IP address allocator that produces IP addresses within a prefix, in increasing order of available IPs.

All operations on an IpAllocator are thread-safe.

func NewIpAllocator 

func NewIpAllocator(prefix netip.Prefix) *IpAllocator

NewIpAllocator creates a new IpAllocator for the given prefix.

The prefix is masked out to normalize its address at the beginning of the IP range. It must be valid.

func (*IpAllocator) Allocate 

func (ipa *IpAllocator) Allocate() netip.Addr

Allocate returns the next available IP address in the prefix.

This never uses the initial address (the "zero address") of the prefix. For example, for the prefix `192.168.0.0/24`, the first IP address allocated will be `192.168.0.1`.

If there are no more available IP addresses, this returns the zero address.

func (*IpAllocator) Free 

func (ipa *IpAllocator) Free(addr netip.Addr) bool

Free marks the given IP address as available for allocation.

type Server 

type Server struct {
	// Key is the private key of the server.
	Key wgtypes.Key

	// BindAddr is the private IPv4 address that the server binds to.
	BindAddr netip.Addr

	// BindIface is the interface that the address is bound to, and it's also
	// the interface for outbound VPN traffic after masquerade.
	//
	// Currently only setting this to the default interface is supported.
	BindIface netlink.Link

	// Password is needed to authenticate connection requests.
	Password string

	// Index is a unique server index for firewall marks and other uses. It starts at 0.
	Index uint16

	// Ipt is the iptables client for managing firewall rules.
	Ipt *iptables.IPTables

	// WgClient is a shared client for interacting with the WireGuard kernel module.
	WgClient *wgctrl.Client

	// WgCidr is the CIDR block of IPs that the server assigns to WireGuard peers.
	WgCidr netip.Prefix

	// Ctx is the shutdown context for the server.
	Ctx context.Context
	// contains filtered or unexported fields
}

Server handles state for one WireGuard network.

The `vprox server` command should create one Server instance for each private IP that the server should bind to.

func (*Server) CleanupIptables 

func (srv *Server) CleanupIptables()

func (*Server) CleanupWireguard 

func (srv *Server) CleanupWireguard()

func (*Server) Ifname 

func (srv *Server) Ifname() string

func (*Server) InitState 

func (srv *Server) InitState() error

InitState initializes the private server state.

func (*Server) ListenForHttps 

func (srv *Server) ListenForHttps() error

func (*Server) StartIptables 

func (srv *Server) StartIptables() error

func (*Server) StartWireguard 

func (srv *Server) StartWireguard() error

type ServerInfo 

type ServerInfo struct {
	// contains filtered or unexported fields
}

type ServerManager 

type ServerManager struct {
	// contains filtered or unexported fields
}

ServerManager handles creating and terminating servers on ips ServerManager is not thread safe for concurrent access.

func NewServerManager 

func NewServerManager(wgBlock netip.Prefix, wgBlockPerIp uint, ctx context.Context, key wgtypes.Key, password string) (*ServerManager, error)

NewServerManager creates a new server manager

func (*ServerManager) Start 

func (sm *ServerManager) Start(ip netip.Addr) error

Start creates a new server on the specified ip.

func (*ServerManager) Stop 

func (sm *ServerManager) Stop(ip netip.Addr)

Stop stops the server at the specified ip address

func (*ServerManager) Wait 

func (sm *ServerManager) Wait()

Wait blocks until the running servers exit.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.