noisysockets

package module
v0.12.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 5, 2024 License: MPL-2.0 Imports: 28 Imported by: 7

README

Noisy Sockets

Noisy Sockets is a secure service-to-service communications library based on the Noise Protocol Framework. Endpoints are identified by Curve25519 public keys, traffic is encrypted and authenticated using ChaCha20-Poly1305, and sent/received as UDP packets. Noisy Sockets is wire compatible with WireGuard.

Noisy Sockets implements a drop-in replacement for the Go net package, allowing it to be used with any existing code. This is implemented using a userspace TCP/IP stack based on Netstack from the gVisor project.

Usage

An example of how to use Noisy Sockets can be found in the benchmarks repository.

gVisor Dependency

When you import Noisy Sockets Go Modules will attempt to use the gVisor master branch. The master branch cannot be used as a library, so you will need to explictly import the synthetic go branch in your project. If you don't do this you will see some strange build errors.

go get -u gvisor.dev/gvisor@go

Performance

Surprisingly decent, I've been able to saturate a 1Gbps link with approximately two CPU cores and a single noisy socket. Interestingly it appears to outperform the kernel implementation of WireGuard.

Some preliminary benchmark results can be found in the benchmarks respository.

Credits

Noisy Sockets is based on code originally from the wireguard-go project by Jason A. Donenfeld.

WireGuard is a registered trademark of Jason A. Donenfeld.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrCanceled          = errors.New("operation was canceled")
	ErrTimeout           = errors.New("i/o timeout")
	ErrNumericPort       = errors.New("port must be numeric")
	ErrNoSuitableAddress = errors.New("no suitable address found")
	ErrMissingAddress    = errors.New("missing address")
	ErrNoEndpoint        = errors.New("no known endpoint for peer")
	ErrUnknownPeer       = errors.New("unknown peer")
)

Functions

func NewNetwork added in v0.8.0

func NewNetwork(logger *slog.Logger, conf *v1alpha1.Config) (network.Network, error)

NewNetwork creates a new network using the provided configuration. The returned network is a userspace WireGuard peer that exposes Dial() and Listen() methods compatible with the net package.

Types

type Addr added in v0.12.0

type Addr struct {
	stdnet.Addr
	// contains filtered or unexported fields
}

Addr is a wrapper around net.Addr that includes the source NoisePublicKey.

func (*Addr) PublicKey added in v0.12.0

func (a *Addr) PublicKey() types.NoisePublicKey

PublicKey returns the NoisePublicKey of the peer.

type Conn added in v0.12.0

type Conn struct {
	stdnet.Conn
	// contains filtered or unexported fields
}

Conn is a wrapper around net.Conn that includes the source NoisePublicKey.

func (*Conn) RemoteAddr added in v0.12.0

func (c *Conn) RemoteAddr() stdnet.Addr

type NoisySocketsNetwork added in v0.10.0

type NoisySocketsNetwork struct {
	// contains filtered or unexported fields
}

func (*NoisySocketsNetwork) Close added in v0.10.0

func (net *NoisySocketsNetwork) Close() error

func (*NoisySocketsNetwork) Dial added in v0.10.0

func (net *NoisySocketsNetwork) Dial(network, address string) (stdnet.Conn, error)

func (*NoisySocketsNetwork) DialContext added in v0.10.0

func (net *NoisySocketsNetwork) DialContext(ctx context.Context, network, address string) (stdnet.Conn, error)

func (*NoisySocketsNetwork) GetPeerEndpoint added in v0.12.1

func (net *NoisySocketsNetwork) GetPeerEndpoint(pk types.NoisePublicKey) (netip.AddrPort, error)

GetPeerEndpoint returns the public address/endpoint of a peer (if known).

func (*NoisySocketsNetwork) HasIPv4 added in v0.10.0

func (net *NoisySocketsNetwork) HasIPv4() bool

func (*NoisySocketsNetwork) HasIPv6 added in v0.10.0

func (net *NoisySocketsNetwork) HasIPv6() bool

func (*NoisySocketsNetwork) KnownPeers added in v0.12.4

func (net *NoisySocketsNetwork) KnownPeers() []types.NoisePublicKey

KnownPeers returns a list of all known peers.

func (*NoisySocketsNetwork) Listen added in v0.10.0

func (net *NoisySocketsNetwork) Listen(network, address string) (stdnet.Listener, error)

func (*NoisySocketsNetwork) ListenPacket added in v0.10.0

func (net *NoisySocketsNetwork) ListenPacket(network, address string) (stdnet.PacketConn, error)

func (*NoisySocketsNetwork) LookupHost added in v0.10.0

func (net *NoisySocketsNetwork) LookupHost(host string) ([]string, error)

func (*NoisySocketsNetwork) SetPeerEndpoint added in v0.12.3

func (net *NoisySocketsNetwork) SetPeerEndpoint(pk types.NoisePublicKey, endpoint netip.AddrPort) error

SetPeerEndpoint sets the public address/endpoint of a peer.

Directories

Path Synopsis
benchmark module
examples module
internal
conn
Package conn implements WireGuard's network connections.
Package conn implements WireGuard's network connections.
dns
dns/addrselect
Package addrselect implements RFC 6724, which describes the preferred source and destination address selection algorithm for Internet Protocol version 6 (IPv6) and Internet Protocol version 4 (IPv4).
Package addrselect implements RFC 6724, which describes the preferred source and destination address selection algorithm for Internet Protocol version 6 (IPv6) and Internet Protocol version 4 (IPv4).
replay
Package replay implements an efficient anti-replay algorithm as specified in RFC 6479.
Package replay implements an efficient anti-replay algorithm as specified in RFC 6479.
Package network provides an interface for the standard library's network operations.
Package network provides an interface for the standard library's network operations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL