noisysockets

package module
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 25, 2024 License: MIT Imports: 22 Imported by: 7

README

Noisy Sockets

Noisy Sockets is a secure service-to-service communications library based on the Noise Protocol Framework. Endpoints are identified by Curve25519 public keys, traffic is encrypted and authenticated using ChaCha20-Poly1305, and sent/received as UDP packets. Noisy Sockets is wire compatible with WireGuard.

Noisy Sockets implements a drop-in replacement for the standard Go net.Conn interface, allowing it to be used with any existing Go code that uses TCP/IP sockets. It also provides a net.Listener implementation for accepting incoming connections. This is implemented using a userspace TCP/IP stack based on Netstack from the gVisor project.

Noisy Sockets is based on code originally from the WireGuard Go project.

Usage

An example of how to use Noisy Sockets can be found in the examples directory.

Performance

Surprisingly good, I've been able to saturate a 1Gbps link with approximately two CPU cores and a single noisy socket. Interestingly it appears to outperform the kernel implementation of WireGuard.

Some preliminary benchmark results can be found in the benchmark directory.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	// Name is the hostname of this socket.
	Name string `yaml:"name" mapstructure:"name"`
	// ListenPort is the public port on which this socket listens for incoming packets.
	ListenPort uint16 `yaml:"listenPort" mapstructure:"listenPort"`
	// PrivateKey is the private key for this socket.
	PrivateKey string `yaml:"privateKey" mapstructure:"privateKey"`
	// IPs is a list of IP addresses assigned to this socket.
	IPs []string `yaml:"ips" mapstructure:"ips"`
	// Peers is a list of known peers to which this socket can send and receive packets.
	Peers []PeerConfig `yaml:"peers" mapstructure:"peers"`
}

Config is the configuration for a NoisySocket. It is analogous to the configuration for a WireGuard interface.

type NoisySocket

type NoisySocket struct {
	// contains filtered or unexported fields
}

NoisySocket is a noisy socket, it exposes Dial() and Listen() methods compatible with the net package.

func NewNoisySocket

func NewNoisySocket(logger *slog.Logger, config *Config) (*NoisySocket, error)

NewNoisySocket creates a new NoisySocket.

func (*NoisySocket) Close

func (s *NoisySocket) Close() error

Close closes the socket.

func (NoisySocket) Dial

func (n NoisySocket) Dial(network, address string) (net.Conn, error)

Dial creates a network connection.

func (NoisySocket) DialContext

func (n NoisySocket) DialContext(ctx context.Context, network, address string) (net.Conn, error)

DialContext creates a network connection with a context.

func (NoisySocket) Listen

func (n NoisySocket) Listen(network, address string) (net.Listener, error)

Listen creates a network listener.

func (NoisySocket) LookupHost

func (n NoisySocket) LookupHost(host string) ([]string, error)

LookupHost resolves host names (encoded public keys) to IP addresses.

type PeerConfig

type PeerConfig struct {
	// Name is the hostname of the peer.
	Name string `yaml:"name" mapstructure:"name"`
	// PublicKey is the public key of the peer.
	PublicKey string `yaml:"publicKey" mapstructure:"publicKey"`
	// Endpoint is an optional endpoint to which the peer's packets should be sent.
	// If not specified, we will attempt to discover the peer's endpoint from its packets.
	Endpoint string `yaml:"endpoint" mapstructure:"endpoint"`
	// IPs is a list of IP addresses assigned to the peer.
	IPs []string `yaml:"ips" mapstructure:"ips"`
}

PeerConfig is the configuration for a known peer.

Directories

Path Synopsis
internal
conn
Package conn implements WireGuard's network connections.
Package conn implements WireGuard's network connections.
replay
Package replay implements an efficient anti-replay algorithm as specified in RFC 6479.
Package replay implements an efficient anti-replay algorithm as specified in RFC 6479.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL