GO-2024-3057: NetBird uses a static initialization vector (IV) in github.com/netbirdio/netbird

iface

package

v0.29.1 Latest Latest Go to latest Published: Sep 11, 2024 License: BSD-3-Clause Imports: 30 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/netbirdio/netbird

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

Package iface provides wireguard network interface creation and management

Index ¶

Constants
Variables
func WireGuardModuleIsLoaded() bool
type DeviceWrapper
type IWGIface
type MobileIFaceArguments
type MockWGIface
type PacketFilter
type TunAdapter
type WGAddress
- func (addr WGAddress) String() string
type WGIface
- func NewWGIFace(iFaceName string, address string, wgPort int, wgPrivKey string, mtu int, ...) (*WGIface, error)
type WGStats

Constants ¶

View Source

const (
	DefaultMTU    = 1280
	DefaultWgPort = 51820
)

View Source

const WgInterfaceDefault = "wt0"

WgInterfaceDefault is a default interface name of Wiretrustee

Variables ¶

View Source

var CustomWindowsGUIDString string

CustomWindowsGUIDString is a custom GUID string for the interface

View Source

var ErrAllowedIPNotFound = fmt.Errorf("allowed IP not found")

View Source

var (
	// ErrModuleNotFound is the error resulting if a module can't be found.
	ErrModuleNotFound = errors.New("module not found")
)

View Source

var ErrPeerNotFound = errors.New("peer not found")

Functions ¶

func WireGuardModuleIsLoaded ¶ added in v0.16.0

func WireGuardModuleIsLoaded() bool

WireGuardModuleIsLoaded check if we can load WireGuard mod (linux only)

Types ¶

type DeviceWrapper ¶ added in v0.21.0

type DeviceWrapper struct {
	tun.Device
	// contains filtered or unexported fields
}

DeviceWrapper to override Read or Write of packets

func (*DeviceWrapper) Read ¶ added in v0.21.0

func (d *DeviceWrapper) Read(bufs [][]byte, sizes []int, offset int) (n int, err error)

Read wraps read method with filtering feature

func (*DeviceWrapper) SetFilter ¶ added in v0.21.2

func (d *DeviceWrapper) SetFilter(filter PacketFilter)

SetFilter sets packet filter to device

func (*DeviceWrapper) Write ¶ added in v0.21.0

func (d *DeviceWrapper) Write(bufs [][]byte, offset int) (int, error)

Write wraps write method with filtering feature

type IWGIface ¶ added in v0.29.0

type IWGIface interface {
	Create() error
	CreateOnAndroid(routeRange []string, ip string, domains []string) error
	IsUserspaceBind() bool
	Name() string
	Address() WGAddress
	ToInterface() *net.Interface
	Up() (*bind.UniversalUDPMuxDefault, error)
	UpdateAddr(newAddr string) error
	UpdatePeer(peerKey string, allowedIps string, keepAlive time.Duration, endpoint *net.UDPAddr, preSharedKey *wgtypes.Key) error
	RemovePeer(peerKey string) error
	AddAllowedIP(peerKey string, allowedIP string) error
	RemoveAllowedIP(peerKey string, allowedIP string) error
	Close() error
	SetFilter(filter PacketFilter) error
	GetFilter() PacketFilter
	GetDevice() *DeviceWrapper
	GetStats(peerKey string) (WGStats, error)
}

type MobileIFaceArguments ¶ added in v0.21.2

type MobileIFaceArguments struct {
	TunAdapter TunAdapter // only for Android
	TunFd      int        // only for iOS
}

type MockWGIface ¶ added in v0.29.0

type MockWGIface struct {
	CreateFunc                 func() error
	CreateOnAndroidFunc        func(routeRange []string, ip string, domains []string) error
	IsUserspaceBindFunc        func() bool
	NameFunc                   func() string
	AddressFunc                func() WGAddress
	ToInterfaceFunc            func() *net.Interface
	UpFunc                     func() (*bind.UniversalUDPMuxDefault, error)
	UpdateAddrFunc             func(newAddr string) error
	UpdatePeerFunc             func(peerKey string, allowedIps string, keepAlive time.Duration, endpoint *net.UDPAddr, preSharedKey *wgtypes.Key) error
	RemovePeerFunc             func(peerKey string) error
	AddAllowedIPFunc           func(peerKey string, allowedIP string) error
	RemoveAllowedIPFunc        func(peerKey string, allowedIP string) error
	CloseFunc                  func() error
	SetFilterFunc              func(filter PacketFilter) error
	GetFilterFunc              func() PacketFilter
	GetDeviceFunc              func() *DeviceWrapper
	GetStatsFunc               func(peerKey string) (WGStats, error)
	GetInterfaceGUIDStringFunc func() (string, error)
}

func (*MockWGIface) AddAllowedIP ¶ added in v0.29.0

func (m *MockWGIface) AddAllowedIP(peerKey string, allowedIP string) error

func (*MockWGIface) Address ¶ added in v0.29.0

func (m *MockWGIface) Address() WGAddress

func (*MockWGIface) Close ¶ added in v0.29.0

func (m *MockWGIface) Close() error

func (*MockWGIface) Create ¶ added in v0.29.0

func (m *MockWGIface) Create() error

func (*MockWGIface) CreateOnAndroid ¶ added in v0.29.0

func (m *MockWGIface) CreateOnAndroid(routeRange []string, ip string, domains []string) error

func (*MockWGIface) GetDevice ¶ added in v0.29.0

func (m *MockWGIface) GetDevice() *DeviceWrapper

func (*MockWGIface) GetFilter ¶ added in v0.29.0

func (m *MockWGIface) GetFilter() PacketFilter

func (*MockWGIface) GetInterfaceGUIDString ¶ added in v0.29.0

func (m *MockWGIface) GetInterfaceGUIDString() (string, error)

func (*MockWGIface) GetStats ¶ added in v0.29.0

func (m *MockWGIface) GetStats(peerKey string) (WGStats, error)

func (*MockWGIface) IsUserspaceBind ¶ added in v0.29.0

func (m *MockWGIface) IsUserspaceBind() bool

func (*MockWGIface) Name ¶ added in v0.29.0

func (m *MockWGIface) Name() string

func (*MockWGIface) RemoveAllowedIP ¶ added in v0.29.0

func (m *MockWGIface) RemoveAllowedIP(peerKey string, allowedIP string) error

func (*MockWGIface) RemovePeer ¶ added in v0.29.0

func (m *MockWGIface) RemovePeer(peerKey string) error

func (*MockWGIface) SetFilter ¶ added in v0.29.0

func (m *MockWGIface) SetFilter(filter PacketFilter) error

func (*MockWGIface) ToInterface ¶ added in v0.29.0

func (m *MockWGIface) ToInterface() *net.Interface

func (*MockWGIface) Up ¶ added in v0.29.0

func (m *MockWGIface) Up() (*bind.UniversalUDPMuxDefault, error)

func (*MockWGIface) UpdateAddr ¶ added in v0.29.0

func (m *MockWGIface) UpdateAddr(newAddr string) error

func (*MockWGIface) UpdatePeer ¶ added in v0.29.0

func (m *MockWGIface) UpdatePeer(peerKey string, allowedIps string, keepAlive time.Duration, endpoint *net.UDPAddr, preSharedKey *wgtypes.Key) error

type PacketFilter ¶ added in v0.21.0

type PacketFilter interface {
	// DropOutgoing filter outgoing packets from host to external destinations
	DropOutgoing(packetData []byte) bool

	// DropIncoming filter incoming packets from external sources to host
	DropIncoming(packetData []byte) bool

	// AddUDPPacketHook calls hook when UDP packet from given direction matched
	//
	// Hook function returns flag which indicates should be the matched package dropped or not.
	// Hook function receives raw network packet data as argument.
	AddUDPPacketHook(in bool, ip net.IP, dPort uint16, hook func(packet []byte) bool) string

	// RemovePacketHook removes hook by ID
	RemovePacketHook(hookID string) error

	// SetNetwork of the wireguard interface to which filtering applied
	SetNetwork(*net.IPNet)
}

PacketFilter interface for firewall abilities

type TunAdapter ¶ added in v0.14.5

type TunAdapter interface {
	ConfigureInterface(address string, mtu int, dns string, searchDomains string, routes string) (int, error)
	UpdateAddr(address string) error
	ProtectSocket(fd int32) bool
}

TunAdapter is an interface for create tun device from external service

type WGAddress ¶

type WGAddress struct {
	IP      net.IP
	Network *net.IPNet
}

WGAddress Wireguard parsed address

func (WGAddress) String ¶ added in v0.6.3

func (addr WGAddress) String() string

type WGIface ¶

type WGIface struct {
	// contains filtered or unexported fields
}

WGIface represents a interface instance

func NewWGIFace ¶ added in v0.6.3

func NewWGIFace(iFaceName string, address string, wgPort int, wgPrivKey string, mtu int, transportNet transport.Net, args *MobileIFaceArguments, filterFn bind.FilterFn) (*WGIface, error)

NewWGIFace Creates a new WireGuard interface instance

func (*WGIface) AddAllowedIP ¶ added in v0.9.0

func (w *WGIface) AddAllowedIP(peerKey string, allowedIP string) error

AddAllowedIP adds a prefix to the allowed IPs list of peer

func (*WGIface) Address ¶

func (w *WGIface) Address() WGAddress

Address returns the interface address

func (*WGIface) Close ¶

func (w *WGIface) Close() error

Close closes the tunnel interface

func (*WGIface) Create ¶

func (w *WGIface) Create() error

Create creates a new Wireguard interface, sets a given IP and brings it up. Will reuse an existing one. this function is different on Android

func (*WGIface) CreateOnAndroid ¶ added in v0.25.0

func (w *WGIface) CreateOnAndroid([]string, string, []string) error

CreateOnAndroid this function make sense on mobile only

func (*WGIface) Destroy ¶ added in v0.29.0

func (w *WGIface) Destroy() error

func (*WGIface) GetDevice ¶ added in v0.21.2

func (w *WGIface) GetDevice() *DeviceWrapper

GetDevice to interact with raw device (with filtering)

func (*WGIface) GetFilter ¶ added in v0.21.2

func (w *WGIface) GetFilter() PacketFilter

GetFilter returns packet filter used by interface if it uses userspace device implementation

func (*WGIface) GetStats ¶ added in v0.25.5

func (w *WGIface) GetStats(peerKey string) (WGStats, error)

GetStats returns the last handshake time, rx and tx bytes for the given peer

func (*WGIface) IsUserspaceBind ¶ added in v0.16.0

func (w *WGIface) IsUserspaceBind() bool

IsUserspaceBind indicates whether this interfaces is userspace with bind.ICEBind

func (*WGIface) Name ¶

func (w *WGIface) Name() string

Name returns the interface name

func (*WGIface) RemoveAllowedIP ¶ added in v0.9.0

func (w *WGIface) RemoveAllowedIP(peerKey string, allowedIP string) error

RemoveAllowedIP removes a prefix from the allowed IPs list of peer

func (*WGIface) RemovePeer ¶

func (w *WGIface) RemovePeer(peerKey string) error

RemovePeer removes a Wireguard Peer from the interface iface

func (*WGIface) SetFilter ¶ added in v0.21.2

func (w *WGIface) SetFilter(filter PacketFilter) error

SetFilter sets packet filters for the userspace implementation

func (*WGIface) ToInterface ¶ added in v0.28.0

func (r *WGIface) ToInterface() *net.Interface

ToInterface returns the net.Interface for the Wireguard interface

func (*WGIface) Up ¶ added in v0.25.3

func (w *WGIface) Up() (*bind.UniversalUDPMuxDefault, error)

Up configures a Wireguard interface The interface must exist before calling this method (e.g. call interface.Create() before)

func (*WGIface) UpdateAddr ¶ added in v0.6.3

func (w *WGIface) UpdateAddr(newAddr string) error

UpdateAddr updates address of the interface

func (*WGIface) UpdatePeer ¶

func (w *WGIface) UpdatePeer(peerKey string, allowedIps string, keepAlive time.Duration, endpoint *net.UDPAddr, preSharedKey *wgtypes.Key) error

UpdatePeer updates existing Wireguard Peer or creates a new one if doesn't exist Endpoint is optional

type WGStats ¶ added in v0.25.5

type WGStats struct {
	LastHandshake time.Time
	TxBytes       int64
	RxBytes       int64
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
bind
freebsd
mocks Package mocks is a generated GoMock package.	Package mocks is a generated GoMock package.
iface/mocks Package mocks is a generated GoMock package.	Package mocks is a generated GoMock package.
netstack

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL