Documentation ¶
Overview ¶
Package iface provides wireguard network interface creation and management
Index ¶
- Constants
- Variables
- func WireGuardModuleIsLoaded() bool
- type DeviceWrapper
- type MobileIFaceArguments
- type PacketFilter
- type TunAdapter
- type WGAddress
- type WGIface
- func (w *WGIface) AddAllowedIP(peerKey string, allowedIP string) error
- func (w *WGIface) Address() WGAddress
- func (w *WGIface) Close() error
- func (w *WGIface) Create() error
- func (w *WGIface) CreateOnAndroid([]string, string, []string) error
- func (w *WGIface) GetDevice() *DeviceWrapper
- func (w *WGIface) GetFilter() PacketFilter
- func (w *WGIface) GetStats(peerKey string) (WGStats, error)
- func (w *WGIface) IsUserspaceBind() bool
- func (w *WGIface) Name() string
- func (w *WGIface) RemoveAllowedIP(peerKey string, allowedIP string) error
- func (w *WGIface) RemovePeer(peerKey string) error
- func (w *WGIface) SetFilter(filter PacketFilter) error
- func (r *WGIface) ToInterface() *net.Interface
- func (w *WGIface) Up() (*bind.UniversalUDPMuxDefault, error)
- func (w *WGIface) UpdateAddr(newAddr string) error
- func (w *WGIface) UpdatePeer(peerKey string, allowedIps string, keepAlive time.Duration, ...) error
- type WGStats
Constants ¶
const ( DefaultMTU = 1280 DefaultWgPort = 51820 )
const WgInterfaceDefault = "wt0"
WgInterfaceDefault is a default interface name of Wiretrustee
Variables ¶
var ErrAllowedIPNotFound = fmt.Errorf("allowed IP not found")
var ( // ErrModuleNotFound is the error resulting if a module can't be found. ErrModuleNotFound = errors.New("module not found") )
var ErrPeerNotFound = errors.New("peer not found")
Functions ¶
func WireGuardModuleIsLoaded ¶ added in v0.16.0
func WireGuardModuleIsLoaded() bool
WireGuardModuleIsLoaded check if we can load WireGuard mod (linux only)
Types ¶
type DeviceWrapper ¶ added in v0.21.0
DeviceWrapper to override Read or Write of packets
func (*DeviceWrapper) SetFilter ¶ added in v0.21.2
func (d *DeviceWrapper) SetFilter(filter PacketFilter)
SetFilter sets packet filter to device
type MobileIFaceArguments ¶ added in v0.21.2
type MobileIFaceArguments struct { TunAdapter TunAdapter // only for Android TunFd int // only for iOS }
type PacketFilter ¶ added in v0.21.0
type PacketFilter interface { // DropOutgoing filter outgoing packets from host to external destinations DropOutgoing(packetData []byte) bool // DropIncoming filter incoming packets from external sources to host DropIncoming(packetData []byte) bool // AddUDPPacketHook calls hook when UDP packet from given direction matched // // Hook function returns flag which indicates should be the matched package dropped or not. // Hook function receives raw network packet data as argument. AddUDPPacketHook(in bool, ip net.IP, dPort uint16, hook func(packet []byte) bool) string // RemovePacketHook removes hook by ID RemovePacketHook(hookID string) error // SetNetwork of the wireguard interface to which filtering applied SetNetwork(*net.IPNet) }
PacketFilter interface for firewall abilities
type TunAdapter ¶ added in v0.14.5
type TunAdapter interface { ConfigureInterface(address string, mtu int, dns string, searchDomains string, routes string) (int, error) UpdateAddr(address string) error ProtectSocket(fd int32) bool }
TunAdapter is an interface for create tun device from external service
type WGIface ¶
type WGIface struct {
// contains filtered or unexported fields
}
WGIface represents a interface instance
func NewWGIFace ¶ added in v0.6.3
func NewWGIFace(iFaceName string, address string, wgPort int, wgPrivKey string, mtu int, transportNet transport.Net, args *MobileIFaceArguments, filterFn bind.FilterFn) (*WGIface, error)
NewWGIFace Creates a new WireGuard interface instance
func (*WGIface) AddAllowedIP ¶ added in v0.9.0
AddAllowedIP adds a prefix to the allowed IPs list of peer
func (*WGIface) Create ¶
Create creates a new Wireguard interface, sets a given IP and brings it up. Will reuse an existing one. this function is different on Android
func (*WGIface) CreateOnAndroid ¶ added in v0.25.0
CreateOnAndroid this function make sense on mobile only
func (*WGIface) GetDevice ¶ added in v0.21.2
func (w *WGIface) GetDevice() *DeviceWrapper
GetDevice to interact with raw device (with filtering)
func (*WGIface) GetFilter ¶ added in v0.21.2
func (w *WGIface) GetFilter() PacketFilter
GetFilter returns packet filter used by interface if it uses userspace device implementation
func (*WGIface) GetStats ¶ added in v0.25.5
GetStats returns the last handshake time, rx and tx bytes for the given peer
func (*WGIface) IsUserspaceBind ¶ added in v0.16.0
IsUserspaceBind indicates whether this interfaces is userspace with bind.ICEBind
func (*WGIface) RemoveAllowedIP ¶ added in v0.9.0
RemoveAllowedIP removes a prefix from the allowed IPs list of peer
func (*WGIface) RemovePeer ¶
RemovePeer removes a Wireguard Peer from the interface iface
func (*WGIface) SetFilter ¶ added in v0.21.2
func (w *WGIface) SetFilter(filter PacketFilter) error
SetFilter sets packet filters for the userspace implementation
func (*WGIface) ToInterface ¶ added in v0.28.0
ToInterface returns the net.Interface for the Wireguard interface
func (*WGIface) Up ¶ added in v0.25.3
func (w *WGIface) Up() (*bind.UniversalUDPMuxDefault, error)
Up configures a Wireguard interface The interface must exist before calling this method (e.g. call interface.Create() before)
func (*WGIface) UpdateAddr ¶ added in v0.6.3
UpdateAddr updates address of the interface