README
¶
Noisy Sockets
Noisy Sockets is a secure service-to-service communications library based on the Noise Protocol Framework. Endpoints are identified by Curve25519 public keys, traffic is encrypted and authenticated using ChaCha20-Poly1305, and sent/received as UDP packets. Noisy Sockets is wire compatible with WireGuard.
Noisy Sockets implements a drop-in replacement for the standard Go net.Conn interface, allowing it to be used with any existing Go code that uses TCP/IP sockets. It also provides a net.Listener implementation for accepting incoming connections. This is implemented using a userspace TCP/IP stack based on Netstack from the gVisor project.
Noisy Sockets is based on code originally from the WireGuard Go project.
Usage
An example of how to use Noisy Sockets can be found in the examples directory.
gVisor Dependency
When you import Noisy Sockets Go Modules will attempt to use the gVisor master branch. The master branch cannot be used as a library, so you will need to explictly import the synthetic go branch in your project. If you don't do this you will see some strange build errors.
go get -u gvisor.dev/gvisor@go
Performance
Surprisingly good, I've been able to saturate a 1Gbps link with approximately two CPU cores and a single noisy socket. Interestingly it appears to outperform the kernel implementation of WireGuard.
Some preliminary benchmark results can be found in the benchmark directory.
Documentation
¶
Index ¶
- type DialContextFn
- type NoisyNetwork
- func (n *NoisyNetwork) Close() error
- func (n *NoisyNetwork) Dial(network, address string) (net.Conn, error)
- func (n *NoisyNetwork) DialContext(ctx context.Context, network, address string) (net.Conn, error)
- func (n *NoisyNetwork) Listen(network, address string) (net.Listener, error)
- func (n *NoisyNetwork) ListenPacket(network, address string) (net.PacketConn, error)
- func (n *NoisyNetwork) LookupHostContext(ctx context.Context, host string) ([]string, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DialContextFn ¶ added in v0.5.0
type NoisyNetwork ¶ added in v0.7.0
type NoisyNetwork struct {
// contains filtered or unexported fields
}
NoisyNetworkwork is a userspace WireGuard peer that exposes Dial() and Listen() methods compatible with the net package.
func NewNoisyNetwork ¶ added in v0.7.0
func (*NoisyNetwork) Close ¶ added in v0.7.0
func (n *NoisyNetwork) Close() error
Close closes the network and releases any resources associated with it.
func (*NoisyNetwork) Dial ¶ added in v0.7.0
func (n *NoisyNetwork) Dial(network, address string) (net.Conn, error)
Dial creates a network connection.
func (*NoisyNetwork) DialContext ¶ added in v0.7.0
DialContext creates a network connection with a context.
func (*NoisyNetwork) Listen ¶ added in v0.7.0
func (n *NoisyNetwork) Listen(network, address string) (net.Listener, error)
Listen creates a network listener.
func (*NoisyNetwork) ListenPacket ¶ added in v0.7.0
func (n *NoisyNetwork) ListenPacket(network, address string) (net.PacketConn, error)
ListenPacket creates a network packet listener.
func (*NoisyNetwork) LookupHostContext ¶ added in v0.7.0
LookupHost resolves host names (encoded public keys) to IP addresses.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
internal
|
|
|
conn
Package conn implements WireGuard's network connections.
|
Package conn implements WireGuard's network connections. |
|
replay
Package replay implements an efficient anti-replay algorithm as specified in RFC 6479.
|
Package replay implements an efficient anti-replay algorithm as specified in RFC 6479. |