noisysockets

package module
v0.27.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 15, 2024 License: MPL-2.0 Imports: 21 Imported by: 7

README

Noisy Sockets

Noisy Sockets is a secure service-to-service communications library based on the Noise Protocol Framework. Endpoints are identified by Curve25519 public keys, traffic is encrypted and authenticated using ChaCha20-Poly1305, and sent/received as UDP packets. Noisy Sockets is wire compatible with WireGuard.

Noisy Sockets implements a drop-in replacement for the Go net package, allowing it to be used with any existing code. This is implemented using a userspace TCP/IP stack based on Netstack from the gVisor project.

Usage

Examples of how to use Noisy Sockets can be found in the examples directory.

Performance

Surprisingly decent, I've been able to saturate a 1Gbps link with approximately two CPU cores and a single noisy socket. Interestingly it appears to outperform the kernel implementation of WireGuard.

Some preliminary benchmark results can be found in the benchmarks respository.

Credits

Noisy Sockets is based on code originally from the wireguard-go project by Jason A. Donenfeld.

WireGuard is a registered trademark of Jason A. Donenfeld.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrUnknownPeer = errors.New("unknown peer")
)

Functions

This section is empty.

Types

type NoisySocketsInterface added in v0.25.0

type NoisySocketsInterface struct {
	// contains filtered or unexported fields
}

func NewInterface added in v0.26.1

func NewInterface(ctx context.Context, logger *slog.Logger, packetPool *network.PacketPool,
	versionedConf configtypes.Config) (*NoisySocketsInterface, error)

NewInterface creates a new WireGuard interface using the provided configuration. pr is a peer resolver that can be used to resolve peer addresses from peer names.

func (*NoisySocketsInterface) AddPeer added in v0.25.0

func (nic *NoisySocketsInterface) AddPeer(peerConf latestconfig.PeerConfig) error

AddPeer adds a peer to the WireGuard interface.

func (*NoisySocketsInterface) AddRoute added in v0.25.0

func (nic *NoisySocketsInterface) AddRoute(ctx context.Context, routeConf latestconfig.RouteConfig) error

AddRoute adds a route to the WireGuard interface.

func (*NoisySocketsInterface) BatchSize added in v0.25.0

func (nic *NoisySocketsInterface) BatchSize() int

func (*NoisySocketsInterface) Close added in v0.25.0

func (nic *NoisySocketsInterface) Close() error

func (*NoisySocketsInterface) ListenPort added in v0.25.0

func (nic *NoisySocketsInterface) ListenPort() uint16

ListenPort returns the port that wireguard is listening on.

func (*NoisySocketsInterface) MTU added in v0.25.0

func (nic *NoisySocketsInterface) MTU() (int, error)

func (*NoisySocketsInterface) Read added in v0.25.0

func (nic *NoisySocketsInterface) Read(ctx context.Context, packets []*network.Packet, offset int) ([]*network.Packet, error)

func (*NoisySocketsInterface) RemovePeer added in v0.25.0

func (nic *NoisySocketsInterface) RemovePeer(publicKey types.NoisePublicKey)

RemovePeer removes a peer from the WireGuard interface.

func (*NoisySocketsInterface) RemoveRoute added in v0.25.0

func (nic *NoisySocketsInterface) RemoveRoute(destination netip.Prefix) error

RemoveRoute removes a route from the WireGuard interface.

func (*NoisySocketsInterface) Write added in v0.25.0

func (nic *NoisySocketsInterface) Write(ctx context.Context, packets []*network.Packet) error

type NoisySocketsNetwork added in v0.10.0

type NoisySocketsNetwork struct {
	*network.UserspaceNetwork
	// contains filtered or unexported fields
}

NoisySocketsNetwork is a wrapper around a userspace WireGuard peer.

func OpenNetwork added in v0.18.0

func OpenNetwork(logger *slog.Logger, versionedConf configtypes.Config) (*NoisySocketsNetwork, error)

OpenNetwork creates a new network using the provided configuration. The returned network is a userspace WireGuard peer that exposes Dial() and Listen() methods compatible with the net package.

func (*NoisySocketsNetwork) AddPeer added in v0.15.0

func (net *NoisySocketsNetwork) AddPeer(peerConf latestconfig.PeerConfig) error

AddPeer adds a wireguard peer to the network.

func (*NoisySocketsNetwork) AddRoute added in v0.15.0

func (net *NoisySocketsNetwork) AddRoute(routeConf latestconfig.RouteConfig) error

AddRoute adds a route to the network.

func (*NoisySocketsNetwork) BufferedPacketsCount added in v0.24.10

func (net *NoisySocketsNetwork) BufferedPacketsCount() int

BufferedPacketsCount returns the number of buffered packets. This is exposed for leak testing purposes.

func (*NoisySocketsNetwork) Close added in v0.10.0

func (net *NoisySocketsNetwork) Close() error

Close closes the network.

func (*NoisySocketsNetwork) ListenPort added in v0.23.4

func (net *NoisySocketsNetwork) ListenPort() uint16

ListenPort returns the port that wireguard is listening on.

func (*NoisySocketsNetwork) RemovePeer added in v0.15.0

func (net *NoisySocketsNetwork) RemovePeer(publicKey types.NoisePublicKey)

RemovePeer removes a wireguard peer from the network.

func (*NoisySocketsNetwork) RemoveRoute added in v0.15.0

func (net *NoisySocketsNetwork) RemoveRoute(destination netip.Prefix) error

RemoveRoute removes a route from the network.

Directories

Path Synopsis
benchmark module
examples module
internal
conn
Package conn implements WireGuard's network connections.
Package conn implements WireGuard's network connections.
replay
Package replay implements an efficient anti-replay algorithm as specified in RFC 6479.
Package replay implements an efficient anti-replay algorithm as specified in RFC 6479.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL