noisysockets

package module
v0.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 13, 2024 License: MPL-2.0 Imports: 34 Imported by: 7

README

Noisy Sockets

Noisy Sockets is a secure service-to-service communications library based on the Noise Protocol Framework. Endpoints are identified by Curve25519 public keys, traffic is encrypted and authenticated using ChaCha20-Poly1305, and sent/received as UDP packets. Noisy Sockets is wire compatible with WireGuard.

Noisy Sockets implements a drop-in replacement for the Go net package, allowing it to be used with any existing code. This is implemented using a userspace TCP/IP stack based on Netstack from the gVisor project.

Usage

Examples of how to use Noisy Sockets can be found in the examples directory.

Performance

Surprisingly decent, I've been able to saturate a 1Gbps link with approximately two CPU cores and a single noisy socket. Interestingly it appears to outperform the kernel implementation of WireGuard.

Some preliminary benchmark results can be found in the benchmarks respository.

Credits

Noisy Sockets is based on code originally from the wireguard-go project by Jason A. Donenfeld.

WireGuard is a registered trademark of Jason A. Donenfeld.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrCanceled          = fmt.Errorf("operation was canceled")
	ErrTimeout           = fmt.Errorf("i/o timeout")
	ErrNumericPort       = fmt.Errorf("port must be numeric")
	ErrNoSuitableAddress = fmt.Errorf("no suitable address found")
	ErrMissingAddress    = fmt.Errorf("missing address")
	ErrUnknownPeer       = fmt.Errorf("unknown peer")
)
View Source
var (
	ErrNoEndpoint = fmt.Errorf("no known endpoint for peer")
)

Functions

func OpenNetwork added in v0.18.0

func OpenNetwork(logger *slog.Logger, conf *latestconfig.Config) (network.Network, error)

OpenNetwork creates a new network using the provided configuration. The returned network is a userspace WireGuard peer that exposes Dial() and Listen() methods compatible with the net package.

Types

type Addr added in v0.12.0

type Addr struct {
	stdnet.Addr
	// contains filtered or unexported fields
}

Addr is a wrapper around net.Addr that includes the source NoisePublicKey.

func (*Addr) PublicKey added in v0.12.0

func (a *Addr) PublicKey() types.NoisePublicKey

PublicKey returns the NoisePublicKey of the peer.

type Conn added in v0.12.0

type Conn struct {
	stdnet.Conn
	// contains filtered or unexported fields
}

Conn is a wrapper around net.Conn that includes the source NoisePublicKey.

func (*Conn) RemoteAddr added in v0.12.0

func (c *Conn) RemoteAddr() stdnet.Addr

type NoisySocketsNetwork added in v0.10.0

type NoisySocketsNetwork struct {
	// contains filtered or unexported fields
}

func (*NoisySocketsNetwork) AddPeer added in v0.15.0

func (net *NoisySocketsNetwork) AddPeer(peerConf latestconfig.PeerConfig) error

AddPeer adds a wireguard peer to the network.

func (*NoisySocketsNetwork) AddRoute added in v0.15.0

func (net *NoisySocketsNetwork) AddRoute(destination netip.Prefix, viaPeerName string) error

AddRoute adds a routing table entry for the network.

func (*NoisySocketsNetwork) Close added in v0.10.0

func (net *NoisySocketsNetwork) Close() error

func (*NoisySocketsNetwork) Dial added in v0.10.0

func (net *NoisySocketsNetwork) Dial(network, address string) (stdnet.Conn, error)

func (*NoisySocketsNetwork) DialContext added in v0.10.0

func (net *NoisySocketsNetwork) DialContext(ctx context.Context, network, address string) (stdnet.Conn, error)

func (*NoisySocketsNetwork) GetPeer added in v0.15.0

func (net *NoisySocketsNetwork) GetPeer(publicKey types.NoisePublicKey) (*Peer, bool)

GetPeer returns a peer by its public key.

func (*NoisySocketsNetwork) HasIPv4 added in v0.10.0

func (net *NoisySocketsNetwork) HasIPv4() bool

func (*NoisySocketsNetwork) HasIPv6 added in v0.10.0

func (net *NoisySocketsNetwork) HasIPv6() bool

func (*NoisySocketsNetwork) Hostname added in v0.15.1

func (net *NoisySocketsNetwork) Hostname() (string, error)

func (*NoisySocketsNetwork) ListPeers added in v0.15.0

func (net *NoisySocketsNetwork) ListPeers() []types.NoisePublicKey

ListPeers returns a list of the public keys of all known peers.

func (*NoisySocketsNetwork) Listen added in v0.10.0

func (net *NoisySocketsNetwork) Listen(network, address string) (stdnet.Listener, error)

func (*NoisySocketsNetwork) ListenPacket added in v0.10.0

func (net *NoisySocketsNetwork) ListenPacket(network, address string) (stdnet.PacketConn, error)

func (*NoisySocketsNetwork) LookupHost added in v0.10.0

func (net *NoisySocketsNetwork) LookupHost(host string) ([]string, error)

func (*NoisySocketsNetwork) RemovePeer added in v0.15.0

func (net *NoisySocketsNetwork) RemovePeer(publicKey types.NoisePublicKey) error

RemovePeer removes a wireguard peer from the network.

func (*NoisySocketsNetwork) RemoveRoute added in v0.15.0

func (net *NoisySocketsNetwork) RemoveRoute(destination netip.Prefix) error

RemoveRoute removes a routing table entry for the network.

type Peer added in v0.15.0

type Peer struct {
	*transport.Peer
	// contains filtered or unexported fields
}

Peer represents a wireguard peer in the network.

func (*Peer) AddAddresses added in v0.18.0

func (p *Peer) AddAddresses(addrs ...netip.Addr)

AddAddress adds one or more addresses to the peer.

func (*Peer) AddDestinationPrefixes added in v0.18.0

func (p *Peer) AddDestinationPrefixes(prefixes ...netip.Prefix)

AddDestinationForPrefix adds one or more prefixes the peer is the destination for.

func (*Peer) Addresses added in v0.18.0

func (p *Peer) Addresses() []netip.Addr

Addresses returns the list of addresses of the peer.

func (*Peer) DestinationForPrefixes added in v0.18.0

func (p *Peer) DestinationForPrefixes() []netip.Prefix

DestinationForPrefixes returns the list of prefixes the peer is the destination for.

func (*Peer) GetEndpoint added in v0.15.0

func (p *Peer) GetEndpoint() (netip.AddrPort, error)

GetEndpoint returns the endpoint (public address) of the peer.

func (*Peer) Name added in v0.15.0

func (p *Peer) Name() string

Name returns the human friendly name of the peer.

func (*Peer) PublicKey added in v0.15.0

func (p *Peer) PublicKey() types.NoisePublicKey

PublicKey returns the public key of the peer.

func (*Peer) RemoveAddresses added in v0.18.0

func (p *Peer) RemoveAddresses(addrs ...netip.Addr)

RemoveAddress removes one or more addresses from the peer.

func (*Peer) RemoveDestinationPrefixes added in v0.18.0

func (p *Peer) RemoveDestinationPrefixes(prefixes ...netip.Prefix)

RemoveDestinationForPrefix removes one or more prefixes the peer is the destination for.

func (*Peer) SetEndpoint added in v0.15.0

func (p *Peer) SetEndpoint(endpoint netip.AddrPort)

SetEndpoint sets the endpoint (public address) of the peer.

Directories

Path Synopsis
benchmark module
examples module
internal
conn
Package conn implements WireGuard's network connections.
Package conn implements WireGuard's network connections.
dns
dns/addrselect
Package addrselect implements RFC 6724, which describes the preferred source and destination address selection algorithm for Internet Protocol version 6 (IPv6) and Internet Protocol version 4 (IPv4).
Package addrselect implements RFC 6724, which describes the preferred source and destination address selection algorithm for Internet Protocol version 6 (IPv6) and Internet Protocol version 4 (IPv4).
replay
Package replay implements an efficient anti-replay algorithm as specified in RFC 6479.
Package replay implements an efficient anti-replay algorithm as specified in RFC 6479.
Package network provides an interface for the standard library's network operations.
Package network provides an interface for the standard library's network operations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL