internal

package
v0.36.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 16, 2025 License: BSD-3-Clause Imports: 67 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// DefaultManagementURL points to the NetBird's cloud management endpoint
	DefaultManagementURL = "https://api.netbird.io:443"

	// DefaultAdminURL points to NetBird's cloud management console
	DefaultAdminURL = "https://app.netbird.io:443"
)
View Source 
const (
	PeerConnectionTimeoutMax = 45000 // ms
	PeerConnectionTimeoutMin = 30000 // ms

)

PeerConnectionTimeoutMax is a timeout of an initial connection attempt to a remote peer. E.g. this peer will wait PeerConnectionTimeoutMax for the remote peer to respond, if not successful then it will retry the connection attempt. Todo pass timeout at EnginConfig

Variables

View Source 
var ErrResetConnection = fmt.Errorf("reset connection")

Functions

func CheckUIApp added in v0.26.3 

func CheckUIApp() bool

CheckUIApp checks whether UI application is running.

func CtxGetState 

func CtxGetState(ctx context.Context) *contextState

CtxGetState object to get/update state/errors of process.

func CtxInitState 

func CtxInitState(ctx context.Context) context.Context

CtxInitState setup context state into the context tree.

This function should be used to initialize context before CtxGetState will be executed.

func IsLoginRequired added in v0.14.5 

func IsLoginRequired(ctx context.Context, config *Config) (bool, error)

IsLoginRequired check that the server is support SSO or not

func Login 

func Login(ctx context.Context, config *Config, setupKey string, jwtToken string) error

Login or register the client

func WriteOutConfig added in v0.14.5 

func WriteOutConfig(path string, config *Config) error

WriteOutConfig write put the prepared config to the given path

Types

type Config 

type Config struct {
	// Wireguard private key of local peer
	PrivateKey           string
	PreSharedKey         string
	ManagementURL        *url.URL
	AdminURL             *url.URL
	WgIface              string
	WgPort               int
	NetworkMonitor       *bool
	IFaceBlackList       []string
	DisableIPv6Discovery bool
	RosenpassEnabled     bool
	RosenpassPermissive  bool
	ServerSSHAllowed     *bool

	DisableClientRoutes bool
	DisableServerRoutes bool
	DisableDNS          bool
	DisableFirewall     bool

	BlockLANAccess bool

	// SSHKey is a private SSH key in a PEM format
	SSHKey string

	NATExternalIPs []string
	// CustomDNSAddress sets the DNS resolver listening address in format ip:port
	CustomDNSAddress string

	// DisableAutoConnect determines whether the client should not start with the service
	// it's set to false by default due to backwards compatibility
	DisableAutoConnect bool

	// DNSRouteInterval is the interval in which the DNS routes are updated
	DNSRouteInterval time.Duration
	// Path to a certificate used for mTLS authentication
	ClientCertPath string

	// Path to corresponding private key of ClientCertPath
	ClientCertKeyPath string

	ClientCertKeyPair *tls.Certificate `json:"-"`
}

Config Configuration type

func CreateInMemoryConfig added in v0.14.5 

func CreateInMemoryConfig(input ConfigInput) (*Config, error)

CreateInMemoryConfig generate a new config but do not write out it to the store

func ReadConfig 

func ReadConfig(configPath string) (*Config, error)

ReadConfig read config file and return with Config. If it is not exists create a new with default values

func UpdateConfig added in v0.14.2 

func UpdateConfig(input ConfigInput) (*Config, error)

UpdateConfig update existing configuration according to input configuration and return with the configuration

func UpdateOldManagementURL added in v0.25.3 

func UpdateOldManagementURL(ctx context.Context, config *Config, configPath string) (*Config, error)

UpdateOldManagementURL checks whether client can switch to the new Management URL with port 443 and the management domain. If it can switch, then it updates the config and returns a new one. Otherwise, it returns the provided config. The check is performed only for the NetBird's managed version.

func UpdateOrCreateConfig added in v0.14.2 

func UpdateOrCreateConfig(input ConfigInput) (*Config, error)

UpdateOrCreateConfig reads existing config or generates a new one

type ConfigInput added in v0.12.0 

type ConfigInput struct {
	ManagementURL       string
	AdminURL            string
	ConfigPath          string
	StateFilePath       string
	PreSharedKey        *string
	ServerSSHAllowed    *bool
	NATExternalIPs      []string
	CustomDNSAddress    []byte
	RosenpassEnabled    *bool
	RosenpassPermissive *bool
	InterfaceName       *string
	WireguardPort       *int
	NetworkMonitor      *bool
	DisableAutoConnect  *bool
	ExtraIFaceBlackList []string
	DNSRouteInterval    *time.Duration
	ClientCertPath      string
	ClientCertKeyPath   string

	DisableClientRoutes *bool
	DisableServerRoutes *bool
	DisableDNS          *bool
	DisableFirewall     *bool

	BlockLANAccess *bool
}

ConfigInput carries configuration changes to the client

type ConnectClient added in v0.27.5 

type ConnectClient struct {
	// contains filtered or unexported fields
}

func NewConnectClient added in v0.27.5 

func NewConnectClient(
	ctx context.Context,
	config *Config,
	statusRecorder *peer.Status,

) *ConnectClient

func (*ConnectClient) Engine added in v0.27.5 

func (c *ConnectClient) Engine() *Engine

func (*ConnectClient) Run added in v0.27.5 

func (c *ConnectClient) Run() error

Run with main logic.

func (*ConnectClient) RunOnAndroid added in v0.27.5 

func (c *ConnectClient) RunOnAndroid(
	tunAdapter device.TunAdapter,
	iFaceDiscover stdnet.ExternalIFaceDiscover,
	networkChangeListener listener.NetworkChangeListener,
	dnsAddresses []string,
	dnsReadyListener dns.ReadyListener,
) error

RunOnAndroid with main logic on mobile system

func (*ConnectClient) RunOniOS added in v0.27.5 

func (c *ConnectClient) RunOniOS(
	fileDescriptor int32,
	networkChangeListener listener.NetworkChangeListener,
	dnsManager dns.IosDnsManager,
	stateFilePath string,
) error

func (*ConnectClient) RunWithProbes added in v0.27.5 

func (c *ConnectClient) RunWithProbes(probes *ProbeHolder, runningChan chan error) error

RunWithProbes runs the client's main logic with probes attached

func (*ConnectClient) SetNetworkMapPersistence added in v0.34.0 

func (c *ConnectClient) SetNetworkMapPersistence(enabled bool)

SetNetworkMapPersistence enables or disables network map persistence. When enabled, the last received network map will be stored and can be retrieved through the Engine's getLatestNetworkMap method. When disabled, any stored network map will be cleared.

func (*ConnectClient) Status added in v0.34.0 

func (c *ConnectClient) Status() StatusType

Status returns the current client status

func (*ConnectClient) Stop added in v0.29.0 

func (c *ConnectClient) Stop() error

type DeviceAuthProviderConfig added in v0.22.0 

type DeviceAuthProviderConfig struct {
	// ClientID An IDP application client id
	ClientID string
	// ClientSecret An IDP application client secret
	ClientSecret string
	// Domain An IDP API domain
	// Deprecated. Use OIDCConfigEndpoint instead
	Domain string
	// Audience An Audience for to authorization validation
	Audience string
	// TokenEndpoint is the endpoint of an IDP manager where clients can obtain access token
	TokenEndpoint string
	// DeviceAuthEndpoint is the endpoint of an IDP manager where clients can obtain device authorization code
	DeviceAuthEndpoint string
	// Scopes provides the scopes to be included in the token request
	Scope string
	// UseIDToken indicates if the id token should be used for authentication
	UseIDToken bool
}

DeviceAuthProviderConfig has all attributes needed to initiate a device authorization flow

type DeviceAuthorizationFlow 

type DeviceAuthorizationFlow struct {
	Provider       string
	ProviderConfig DeviceAuthProviderConfig
}

DeviceAuthorizationFlow represents Device Authorization Flow information

func GetDeviceAuthorizationFlowInfo 

func GetDeviceAuthorizationFlowInfo(ctx context.Context, privateKey string, mgmURL *url.URL) (DeviceAuthorizationFlow, error)

GetDeviceAuthorizationFlowInfo initialize a DeviceAuthorizationFlow instance and return with it

type Engine 

type Engine struct {

	// STUNs is a list of STUN servers used by ICE
	STUNs []*stun.URI
	// TURNs is a list of STUN servers used by ICE
	TURNs []*stun.URI
	// contains filtered or unexported fields
}

Engine is a mechanism responsible for reacting on Signal and Management stream events and managing connections to the remote peers.

func NewEngine 

func NewEngine(
	clientCtx context.Context,
	clientCancel context.CancelFunc,
	signalClient signal.Client,
	mgmClient mgm.Client,
	relayManager *relayClient.Manager,
	config *EngineConfig,
	mobileDep MobileDependency,
	statusRecorder *peer.Status,
	checks []*mgmProto.Checks,
) *Engine

NewEngine creates a new Connection Engine

func NewEngineWithProbes added in v0.25.5 

func NewEngineWithProbes(
	clientCtx context.Context,
	clientCancel context.CancelFunc,
	signalClient signal.Client,
	mgmClient mgm.Client,
	relayManager *relayClient.Manager,
	config *EngineConfig,
	mobileDep MobileDependency,
	statusRecorder *peer.Status,
	probes *ProbeHolder,
	checks []*mgmProto.Checks,
) *Engine

NewEngineWithProbes creates a new Connection Engine with probes attached

func (*Engine) GetLatestNetworkMap added in v0.34.0 

func (e *Engine) GetLatestNetworkMap() (*mgmProto.NetworkMap, error)

GetLatestNetworkMap returns the stored network map if persistence is enabled

func (*Engine) GetRouteManager added in v0.27.4 

func (e *Engine) GetRouteManager() routemanager.Manager

GetRouteManager returns the route manager

func (*Engine) SetNetworkMapPersistence added in v0.34.0 

func (e *Engine) SetNetworkMapPersistence(enabled bool)

SetNetworkMapPersistence enables or disables network map persistence

func (*Engine) Start 

func (e *Engine) Start() error

Start creates a new WireGuard tunnel interface and listens to events from Signal and Management services Connections to remote peers are not established here. However, they will be established once an event with a list of peers to connect to will be received from Management Service

func (*Engine) Stop 

func (e *Engine) Stop() error

type EngineConfig 

type EngineConfig struct {
	WgPort      int
	WgIfaceName string

	// WgAddr is a Wireguard local address (Netbird Network IP)
	WgAddr string

	// WgPrivateKey is a Wireguard private key of our peer (it MUST never leave the machine)
	WgPrivateKey wgtypes.Key

	// NetworkMonitor is a flag to enable network monitoring
	NetworkMonitor bool

	// IFaceBlackList is a list of network interfaces to ignore when discovering connection candidates (ICE related)
	IFaceBlackList       []string
	DisableIPv6Discovery bool

	PreSharedKey *wgtypes.Key

	// UDPMuxPort default value 0 - the system will pick an available port
	UDPMuxPort int

	// UDPMuxSrflxPort default value 0 - the system will pick an available port
	UDPMuxSrflxPort int

	// SSHKey is a private SSH key in a PEM format
	SSHKey []byte

	NATExternalIPs []string

	CustomDNSAddress string

	RosenpassEnabled    bool
	RosenpassPermissive bool

	ServerSSHAllowed bool

	DNSRouteInterval time.Duration

	DisableClientRoutes bool
	DisableServerRoutes bool
	DisableDNS          bool
	DisableFirewall     bool

	BlockLANAccess bool
}

EngineConfig is a config for the Engine

type MobileDependency added in v0.17.0 

type MobileDependency struct {
	// Android only
	TunAdapter            device.TunAdapter
	IFaceDiscover         stdnet.ExternalIFaceDiscover
	NetworkChangeListener listener.NetworkChangeListener
	HostDNSAddresses      []string
	DnsReadyListener      dns.ReadyListener

	//	iOS only
	DnsManager     dns.IosDnsManager
	FileDescriptor int32
	StateFilePath  string
}

MobileDependency collect all dependencies for mobile platform

type PKCEAuthProviderConfig added in v0.22.0 

type PKCEAuthProviderConfig struct {
	// ClientID An IDP application client id
	ClientID string
	// ClientSecret An IDP application client secret
	ClientSecret string
	// Audience An Audience for to authorization validation
	Audience string
	// TokenEndpoint is the endpoint of an IDP manager where clients can obtain access token
	TokenEndpoint string
	// AuthorizationEndpoint is the endpoint of an IDP manager where clients can obtain authorization code
	AuthorizationEndpoint string
	// Scopes provides the scopes to be included in the token request
	Scope string
	// RedirectURL handles authorization code from IDP manager
	RedirectURLs []string
	// UseIDToken indicates if the id token should be used for authentication
	UseIDToken bool
	//ClientCertPair is used for mTLS authentication to the IDP
	ClientCertPair *tls.Certificate
}

PKCEAuthProviderConfig has all attributes needed to initiate pkce authorization flow

type PKCEAuthorizationFlow added in v0.22.0 

type PKCEAuthorizationFlow struct {
	ProviderConfig PKCEAuthProviderConfig
}

PKCEAuthorizationFlow represents PKCE Authorization Flow information

func GetPKCEAuthorizationFlowInfo added in v0.22.0 

func GetPKCEAuthorizationFlowInfo(ctx context.Context, privateKey string, mgmURL *url.URL, clientCert *tls.Certificate) (PKCEAuthorizationFlow, error)

GetPKCEAuthorizationFlowInfo initialize a PKCEAuthorizationFlow instance and return with it

type Peer 

type Peer struct {
	WgPubKey     string
	WgAllowedIps string
}

Peer is an instance of the Connection Peer

type Probe added in v0.25.5 

type Probe struct {
	// contains filtered or unexported fields
}

Probe allows to run on-demand callbacks from different code locations. Pass the probe to a receiving and a sending end. The receiving end starts listening to requests with Receive and executes a callback when the sending end requests it by calling Probe.

func NewProbe added in v0.25.5 

func NewProbe() *Probe

NewProbe returns a new initialized probe.

func (*Probe) Probe added in v0.25.5 

func (p *Probe) Probe() bool

Probe requests the callback to be run and returns a bool indicating success. It always returns true as long as the receiver is not ready.

func (*Probe) Receive added in v0.25.5 

func (p *Probe) Receive(ctx context.Context, callback func() bool)

Receive starts listening for probe requests. On such a request it runs the supplied callback func which must return a bool indicating success. Blocks until the passed context is cancelled.

type ProbeHolder added in v0.29.0 

type ProbeHolder struct {
	MgmProbe    *Probe
	SignalProbe *Probe
	RelayProbe  *Probe
	WgProbe     *Probe
}

type SessionWatcher added in v0.26.3 

type SessionWatcher struct {
	// contains filtered or unexported fields
}

func NewSessionWatcher added in v0.26.3 

func NewSessionWatcher(ctx context.Context, peerStatusRecorder *peer.Status) *SessionWatcher

NewSessionWatcher creates a new instance of SessionWatcher.

func (*SessionWatcher) SetOnExpireListener added in v0.26.3 

func (s *SessionWatcher) SetOnExpireListener(onExpire func())

SetOnExpireListener sets the callback func to be called when the session expires.

type StatusType 

type StatusType string
const (
	StatusIdle StatusType = "Idle"

	StatusConnecting  StatusType = "Connecting"
	StatusConnected   StatusType = "Connected"
	StatusNeedsLogin  StatusType = "NeedsLogin"
	StatusLoginFailed StatusType = "LoginFailed"
)

Source Files

View all Source files

Directories

Path Synopsis
acl
id
mocks
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.
manager
guard
ice
dnsinterceptor
dynamic
notifier
refcounter
static
sysctl
systemops
util
vars
Package stdnet is an extension of the pion's stdnet.
 Package stdnet is an extension of the pion's stdnet.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.