transport

package
v0.24.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 4, 2024 License: MPL-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source
const (
	RekeyAfterMessages      = (1 << 60)
	RejectAfterMessages     = (1 << 64) - (1 << 13) - 1
	RekeyAfterTime          = time.Second * 120
	RekeyAttemptTime        = time.Second * 90
	RekeyTimeout            = time.Second * 5
	MaxTimerHandshakes      = 90 / 5 /* RekeyAttemptTime / RekeyTimeout */
	RekeyTimeoutJitterMaxMs = 334
	RejectAfterTime         = time.Second * 180
	KeepaliveTimeout        = time.Second * 10
	CookieRefreshTime       = time.Second * 120
	HandshakeInitationRate  = time.Second / 50
	PaddingMultiple         = 16
)
View Source
const (
	MinMessageSize = MessageKeepaliveSize                  // minimum size of transport message (keepalive)
	MaxMessageSize = MaxSegmentSize                        // maximum size of transport message
	MaxContentSize = MaxSegmentSize - MessageTransportSize // maximum size of transport message content
)
View Source
const (
	UnderLoadAfterTime = time.Second // how long does the transport remain under load after detected
	MaxPeers           = 1 << 16     // maximum number of configured peers
)
View Source
const (
	IPv4offsetTotalLength = 2
	IPv4offsetSrc         = 12
	IPv4offsetDst         = IPv4offsetSrc + net.IPv4len
)
View Source
const (
	IPv6offsetPayloadLength = 4
	IPv6offsetSrc           = 8
	IPv6offsetDst           = IPv6offsetSrc + net.IPv6len
)
View Source
const (
	NoiseConstruction = "Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s"
	NoiseIdentifier   = "WireGuard v1 zx2c4 Jason@zx2c4.com"
	NoiseLabelMAC1    = "mac1----"
	NoiseLabelCookie  = "cookie--"
)
View Source
const (
	MessageInitiationType  = 1
	MessageResponseType    = 2
	MessageCookieReplyType = 3
	MessageTransportType   = 4
)
View Source
const (
	MessageInitiationSize      = 148                                           // size of handshake initiation message
	MessageResponseSize        = 92                                            // size of response message
	MessageCookieReplySize     = 64                                            // size of cookie reply message
	MessageTransportHeaderSize = 16                                            // size of data preceding content in transport message
	MessageTransportSize       = MessageTransportHeaderSize + poly1305.TagSize // size of empty transport
	MessageKeepaliveSize       = MessageTransportSize                          // size of keepalive
	MessageHandshakeSize       = MessageInitiationSize                         // size of largest handshake related message
)
View Source
const (
	MessageTransportOffsetReceiver = 4
	MessageTransportOffsetCounter  = 8
	MessageTransportOffsetContent  = 16
)
View Source
const (
	QueueStagedSize            = conn.IdealBatchSize
	QueueOutboundSize          = 1024
	QueueInboundSize           = 1024
	QueueHandshakeSize         = 1024
	MaxSegmentSize             = (1 << 16) - 1 // largest possible UDP datagram
	PreallocatedBuffersPerPool = 0             // Disable and allow for infinite memory growth
)
View Source
const DefaultMTU = 1280

Use as small MTU as reasonable to avoid fragmentation, particularly on IPv6.

Variables

View Source
var (
	InitialChainKey [blake2s.Size]byte
	InitialHash     [blake2s.Size]byte
	ZeroNonce       [chacha20poly1305.NonceSize]byte
)

Functions

func HMAC1

func HMAC1(sum *[blake2s.Size]byte, key, in0 []byte)

func HMAC2

func HMAC2(sum *[blake2s.Size]byte, key, in0, in1 []byte)

func KDF1

func KDF1(t0 *[blake2s.Size]byte, key, input []byte)

func KDF2

func KDF2(t0, t1 *[blake2s.Size]byte, key, input []byte)

func KDF3

func KDF3(t0, t1, t2 *[blake2s.Size]byte, key, input []byte)

Types

type AllowedIPs added in v0.22.0

type AllowedIPs struct {
	IPv4 *trieEntry
	IPv6 *trieEntry
	// contains filtered or unexported fields
}

func (*AllowedIPs) EntriesForPeer added in v0.22.0

func (table *AllowedIPs) EntriesForPeer(peer *Peer, cb func(prefix netip.Prefix) bool)

func (*AllowedIPs) Insert added in v0.22.0

func (table *AllowedIPs) Insert(prefix netip.Prefix, peer *Peer)

func (*AllowedIPs) Lookup added in v0.22.0

func (table *AllowedIPs) Lookup(ip []byte) *Peer

func (*AllowedIPs) RemoveByPeer added in v0.22.0

func (table *AllowedIPs) RemoveByPeer(peer *Peer)

type CookieChecker

type CookieChecker struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func (*CookieChecker) CheckMAC1

func (st *CookieChecker) CheckMAC1(msg []byte) bool

func (*CookieChecker) CheckMAC2

func (st *CookieChecker) CheckMAC2(msg, src []byte) bool

func (*CookieChecker) CreateReply

func (st *CookieChecker) CreateReply(
	msg []byte,
	recv uint32,
	src []byte,
) (*MessageCookieReply, error)

func (*CookieChecker) Init

func (st *CookieChecker) Init(pk types.NoisePublicKey)

type CookieGenerator

type CookieGenerator struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func (*CookieGenerator) AddMacs

func (st *CookieGenerator) AddMacs(msg []byte)

func (*CookieGenerator) ConsumeReply

func (st *CookieGenerator) ConsumeReply(msg *MessageCookieReply) bool

func (*CookieGenerator) Init

func (st *CookieGenerator) Init(pk types.NoisePublicKey)

type Handshake

type Handshake struct {
	// contains filtered or unexported fields
}

func (*Handshake) Clear

func (h *Handshake) Clear()

type IndexTable

type IndexTable struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func (*IndexTable) Delete

func (table *IndexTable) Delete(index uint32)

func (*IndexTable) Init

func (table *IndexTable) Init()

func (*IndexTable) Lookup

func (table *IndexTable) Lookup(id uint32) IndexTableEntry

func (*IndexTable) NewIndexForHandshake

func (table *IndexTable) NewIndexForHandshake(peer *Peer, handshake *Handshake) (uint32, error)

func (*IndexTable) SwapIndexForKeypair

func (table *IndexTable) SwapIndexForKeypair(index uint32, keypair *Keypair)

type IndexTableEntry

type IndexTableEntry struct {
	// contains filtered or unexported fields
}

type Keypair

type Keypair struct {
	// contains filtered or unexported fields
}

type Keypairs

type Keypairs struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func (*Keypairs) Current

func (kp *Keypairs) Current() *Keypair

type MessageCookieReply

type MessageCookieReply struct {
	Type     uint32
	Receiver uint32
	Nonce    [chacha20poly1305.NonceSizeX]byte
	Cookie   [blake2s.Size128 + poly1305.TagSize]byte
}

type MessageInitiation

type MessageInitiation struct {
	Type      uint32
	Sender    uint32
	Ephemeral types.NoisePublicKey
	Static    [types.NoisePublicKeySize + poly1305.TagSize]byte
	Timestamp [tai64n.TimestampSize + poly1305.TagSize]byte
	MAC1      [blake2s.Size128]byte
	MAC2      [blake2s.Size128]byte
}

type MessageResponse

type MessageResponse struct {
	Type      uint32
	Sender    uint32
	Receiver  uint32
	Ephemeral types.NoisePublicKey
	Empty     [poly1305.TagSize]byte
	MAC1      [blake2s.Size128]byte
	MAC2      [blake2s.Size128]byte
}

type MessageTransport

type MessageTransport struct {
	Type     uint32
	Receiver uint32
	Counter  uint64
	Content  []byte
}

type Peer

type Peer struct {
	// contains filtered or unexported fields
}

func (*Peer) AddAllowedIP added in v0.22.0

func (peer *Peer) AddAllowedIP(prefix netip.Prefix)

func (*Peer) BeginSymmetricSession

func (peer *Peer) BeginSymmetricSession() error

Derives a new keypair from the current handshake state *

func (*Peer) ExpireCurrentKeypairs

func (peer *Peer) ExpireCurrentKeypairs()

func (*Peer) FlushStagedPackets

func (peer *Peer) FlushStagedPackets()

func (*Peer) GetEndpoint added in v0.7.1

func (peer *Peer) GetEndpoint() conn.Endpoint

func (*Peer) NewTimer

func (peer *Peer) NewTimer(expirationFunction func(*Peer)) *Timer

func (*Peer) ReceivedWithKeypair

func (peer *Peer) ReceivedWithKeypair(receivedKeypair *Keypair) bool

func (*Peer) RoutineSequentialReceiver

func (peer *Peer) RoutineSequentialReceiver(maxBatchSize int)

func (*Peer) RoutineSequentialSender

func (peer *Peer) RoutineSequentialSender(maxBatchSize int)

func (*Peer) SendBuffers

func (peer *Peer) SendBuffers(buffers [][]byte) error

func (*Peer) SendHandshakeInitiation

func (peer *Peer) SendHandshakeInitiation(isRetry bool) error

func (*Peer) SendHandshakeResponse

func (peer *Peer) SendHandshakeResponse() error

func (*Peer) SendKeepalive

func (peer *Peer) SendKeepalive() error

Queues a keepalive if no packets are queued for peer

func (*Peer) SendStagedPackets

func (peer *Peer) SendStagedPackets() error

func (*Peer) SetEndpoint added in v0.7.1

func (peer *Peer) SetEndpoint(endpoint conn.Endpoint)

func (*Peer) SetKeepAliveInterval added in v0.10.0

func (peer *Peer) SetKeepAliveInterval(interval time.Duration)

func (*Peer) StagePackets

func (peer *Peer) StagePackets(elems *QueueOutboundElementsContainer)

func (*Peer) Start

func (peer *Peer) Start()

func (*Peer) Stop

func (peer *Peer) Stop()

func (*Peer) String

func (peer *Peer) String() string

func (*Peer) ZeroAndFlushAll

func (peer *Peer) ZeroAndFlushAll()

type QueueHandshakeElement

type QueueHandshakeElement struct {
	// contains filtered or unexported fields
}

type QueueInboundElement

type QueueInboundElement struct {
	// contains filtered or unexported fields
}

type QueueInboundElementsContainer

type QueueInboundElementsContainer struct {
	sync.Mutex
	// contains filtered or unexported fields
}

type QueueOutboundElement

type QueueOutboundElement struct {
	// contains filtered or unexported fields
}

type QueueOutboundElementsContainer

type QueueOutboundElementsContainer struct {
	sync.Mutex
	// contains filtered or unexported fields
}

type Timer

type Timer struct {
	*time.Timer
	// contains filtered or unexported fields
}

A Timer manages time-based aspects of the WireGuard protocol. Timer roughly copies the interface of the Linux kernel's struct timer_list.

func (*Timer) Del

func (timer *Timer) Del()

func (*Timer) DelSync

func (timer *Timer) DelSync()

func (*Timer) IsPending

func (timer *Timer) IsPending() bool

func (*Timer) Mod

func (timer *Timer) Mod(d time.Duration)

type Transport

type Transport struct {
	// contains filtered or unexported fields
}

func NewTransport

func NewTransport(ctx context.Context, logger *slog.Logger, nic network.Interface, bind conn.Bind) *Transport

func (*Transport) BatchSize

func (transport *Transport) BatchSize() int

BatchSize returns the BatchSize for the transport as a whole which is the max of the bind batch size and the sink batch size. The batch size reported by transport is the size used to construct memory pools, and is the allowed batch size for the lifetime of the transport.

func (*Transport) Bind

func (transport *Transport) Bind() conn.Bind

func (*Transport) BindClose

func (transport *Transport) BindClose() error

func (*Transport) BindUpdate

func (transport *Transport) BindUpdate() error

func (*Transport) Close

func (transport *Transport) Close() error

func (*Transport) ConsumeMessageInitiation

func (transport *Transport) ConsumeMessageInitiation(msg *MessageInitiation) *Peer

func (*Transport) ConsumeMessageResponse

func (transport *Transport) ConsumeMessageResponse(msg *MessageResponse) *Peer

func (*Transport) CreateMessageInitiation

func (transport *Transport) CreateMessageInitiation(peer *Peer) (*MessageInitiation, error)

func (*Transport) CreateMessageResponse

func (transport *Transport) CreateMessageResponse(peer *Peer) (*MessageResponse, error)

func (*Transport) DeleteKeypair

func (transport *Transport) DeleteKeypair(key *Keypair)

func (*Transport) Down

func (transport *Transport) Down() error

func (*Transport) GetInboundElement

func (transport *Transport) GetInboundElement() *QueueInboundElement

func (*Transport) GetInboundElementsContainer

func (transport *Transport) GetInboundElementsContainer() *QueueInboundElementsContainer

func (*Transport) GetMessageBuffer

func (transport *Transport) GetMessageBuffer() *[MaxMessageSize]byte

func (*Transport) GetOutboundElement

func (transport *Transport) GetOutboundElement() *QueueOutboundElement

func (*Transport) GetOutboundElementsContainer

func (transport *Transport) GetOutboundElementsContainer() *QueueOutboundElementsContainer

func (*Transport) GetPort added in v0.23.4

func (transport *Transport) GetPort() uint16

func (*Transport) IsUnderLoad

func (transport *Transport) IsUnderLoad() bool

func (*Transport) LookupPeer

func (transport *Transport) LookupPeer(pk types.NoisePublicKey) *Peer

func (*Transport) NewOutboundElement

func (transport *Transport) NewOutboundElement() *QueueOutboundElement

func (*Transport) NewPeer

func (transport *Transport) NewPeer(pk types.NoisePublicKey) (*Peer, error)

func (*Transport) Peers added in v0.12.4

func (transport *Transport) Peers() []types.NoisePublicKey

func (*Transport) PopulatePools

func (transport *Transport) PopulatePools()

func (*Transport) PutInboundElement

func (transport *Transport) PutInboundElement(elem *QueueInboundElement)

func (*Transport) PutInboundElementsContainer

func (transport *Transport) PutInboundElementsContainer(c *QueueInboundElementsContainer)

func (*Transport) PutMessageBuffer

func (transport *Transport) PutMessageBuffer(msg *[MaxMessageSize]byte)

func (*Transport) PutOutboundElement

func (transport *Transport) PutOutboundElement(elem *QueueOutboundElement)

func (*Transport) PutOutboundElementsContainer

func (transport *Transport) PutOutboundElementsContainer(c *QueueOutboundElementsContainer)

func (*Transport) RemoveAllPeers

func (transport *Transport) RemoveAllPeers()

func (*Transport) RemovePeer

func (transport *Transport) RemovePeer(pk types.NoisePublicKey)

func (*Transport) RoutineDecryption

func (transport *Transport) RoutineDecryption(id int)

func (*Transport) RoutineEncryption

func (transport *Transport) RoutineEncryption(id int)

Encrypts the elements in the queue * and marks them for sequential consumption (by releasing the mutex) * * Obs. One instance per core

func (*Transport) RoutineHandshake

func (transport *Transport) RoutineHandshake(id int)

Handles incoming packets related to handshake

func (*Transport) RoutineReadFromNIC added in v0.22.0

func (transport *Transport) RoutineReadFromNIC()

func (*Transport) RoutineReceiveIncoming

func (transport *Transport) RoutineReceiveIncoming(maxBatchSize int, recv conn.ReceiveFunc)

Receives incoming datagrams for the device * * Every time the bind is updated a new routine is started for * IPv4 and IPv6 (separately)

func (*Transport) SendHandshakeCookie

func (transport *Transport) SendHandshakeCookie(initiatingElem *QueueHandshakeElement) error

func (*Transport) SendKeepalivesToPeersWithCurrentKeypair

func (transport *Transport) SendKeepalivesToPeersWithCurrentKeypair()

func (*Transport) SetPrivateKey

func (transport *Transport) SetPrivateKey(sk types.NoisePrivateKey)

func (*Transport) Up

func (transport *Transport) Up() error

func (*Transport) UpdatePort

func (transport *Transport) UpdatePort(port uint16) error

func (*Transport) Wait

func (transport *Transport) Wait() chan struct{}

type WaitPool

type WaitPool struct {
	// contains filtered or unexported fields
}

func NewWaitPool

func NewWaitPool(max uint32, new func() any) *WaitPool

func (*WaitPool) Get

func (p *WaitPool) Get() any

func (*WaitPool) Put

func (p *WaitPool) Put(x any)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL