noisysockets

package module
v0.9.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 2, 2024 License: MPL-2.0 Imports: 26 Imported by: 7

README

Noisy Sockets

Noisy Sockets is a secure service-to-service communications library based on the Noise Protocol Framework. Endpoints are identified by Curve25519 public keys, traffic is encrypted and authenticated using ChaCha20-Poly1305, and sent/received as UDP packets. Noisy Sockets is wire compatible with WireGuard.

Noisy Sockets implements a drop-in replacement for the Go net package, allowing it to be used with any existing code. This is implemented using a userspace TCP/IP stack based on Netstack from the gVisor project.

Usage

An example of how to use Noisy Sockets can be found in the examples directory.

gVisor Dependency

When you import Noisy Sockets Go Modules will attempt to use the gVisor master branch. The master branch cannot be used as a library, so you will need to explictly import the synthetic go branch in your project. If you don't do this you will see some strange build errors.

go get -u gvisor.dev/gvisor@go

Performance

Surprisingly good, I've been able to saturate a 1Gbps link with approximately two CPU cores and a single noisy socket. Interestingly it appears to outperform the kernel implementation of WireGuard.

Some preliminary benchmark results can be found in the benchmark directory.

Credits

Noisy Sockets is based on code originally from the wireguard-go project by Jason A. Donenfeld.

WireGuard is a registered trademark of Jason A. Donenfeld.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DialContextFn added in v0.5.0

type DialContextFn func(ctx context.Context, network, address string) (net.Conn, error)

type Network added in v0.8.0

type Network struct {
	// contains filtered or unexported fields
}

Network is a userspace WireGuard peer that exposes Dial() and Listen() methods compatible with the net package.

func NewNetwork added in v0.8.0

func NewNetwork(logger *slog.Logger, conf *v1alpha1.Config) (*Network, error)

func (*Network) Close added in v0.8.0

func (n *Network) Close() error

Close closes the network and releases any resources associated with it.

func (*Network) Dial added in v0.8.0

func (n *Network) Dial(network, address string) (net.Conn, error)

Dial creates a network connection.

func (*Network) DialContext added in v0.8.0

func (n *Network) DialContext(ctx context.Context, network, address string) (net.Conn, error)

DialContext creates a network connection with a context.

func (*Network) GetPeerEndpoint added in v0.8.0

func (n *Network) GetPeerEndpoint(publicKey transport.NoisePublicKey) (netip.AddrPort, error)

GetPeerEndpoint returns the public address/endpoint of a peer (if known).

func (*Network) Listen added in v0.8.0

func (n *Network) Listen(network, address string) (net.Listener, error)

Listen creates a network listener (only TCP is currently supported).

func (*Network) ListenPacket added in v0.8.0

func (n *Network) ListenPacket(network, address string) (net.PacketConn, error)

ListenPacket creates a network packet listener (only UDP is currently supported). Caveat: The SetDeadline, SetReadDeadline, or SetWriteDeadline f8unctions on the returned PacketConn may not work as expected (due to limitations in the gVisor network stack).

func (*Network) LookupHost added in v0.9.0

func (n *Network) LookupHost(host string) ([]string, error)

LookupHost resolves host names (encoded public keys) to IP addresses.

func (*Network) LookupPeerByAddress added in v0.8.1

func (n *Network) LookupPeerByAddress(addr netip.Addr) (transport.NoisePublicKey, bool)

LookupPeerByAddress returns the public key of a peer by its address.

Directories

Path Synopsis
internal
conn
Package conn implements WireGuard's network connections.
Package conn implements WireGuard's network connections.
replay
Package replay implements an efficient anti-replay algorithm as specified in RFC 6479.
Package replay implements an efficient anti-replay algorithm as specified in RFC 6479.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL