Documentation ¶
Overview ¶
Package model implements common models for the vpn data structures.
Index ¶
- Constants
- Variables
- type Dialer
- type Direction
- type DummyTracer
- func (dt DummyTracer) OnDroppedPacket(Direction, NegotiationState, *Packet)
- func (dt DummyTracer) OnIncomingPacket(*Packet, NegotiationState)
- func (dt DummyTracer) OnOutgoingPacket(*Packet, NegotiationState, int)
- func (dt DummyTracer) OnStateChange(NegotiationState)
- func (dt DummyTracer) TimeNow() time.Time
- type HandshakeTracer
- type Logger
- type NegotiationState
- type Notification
- type Opcode
- type Packet
- type PacketID
- type PeerID
- type SessionID
- type TestLogger
- type TunnelInfo
Constants ¶
const ( P_CONTROL_HARD_RESET_CLIENT_V1 = Opcode(iota + 1) // 1 P_CONTROL_HARD_RESET_SERVER_V1 // 2 P_CONTROL_SOFT_RESET_V1 // 3 P_CONTROL_V1 // 4 P_ACK_V1 // 5 P_DATA_V1 // 6 P_CONTROL_HARD_RESET_CLIENT_V2 // 7 P_CONTROL_HARD_RESET_SERVER_V2 // 8 P_DATA_V2 // 9 )
OpenVPN packets opcodes.
const ( // S_ERROR means there was some form of protocol error. S_ERROR = NegotiationState(iota) - 1 // S_UNDEF is the undefined state. S_UNDEF // S_INITIAL means we're ready to begin the three-way handshake. S_INITIAL // S_PRE_START means we're waiting for acknowledgment from the remote. S_PRE_START // S_START means we've done the three-way handshake. S_START // S_SENT_KEY means we have sent the local part of the key_source2 random material. S_SENT_KEY // S_GOT_KEY means we have got the remote part of key_source2. S_GOT_KEY // S_ACTIVE means the control channel was established. S_ACTIVE // S_GENERATED_KEYS means the data channel keys have been generated. S_GENERATED_KEYS )
const ( // DirectionIncoming marks received packets. DirectionIncoming = Direction(iota) // DirectionOutgoing marks packets to be sent. DirectionOutgoing )
const ( // NotificationReset indicates that a SOFT or HARD reset occurred. NotificationReset = 1 << iota )
Variables ¶
var ErrEmptyPayload = errors.New("openvpn: empty payload")
ErrEmptyPayload indicates tha the payload of an OpenVPN control packet is empty.
var ErrMarshalPacket = errors.New("cannot marshal packet")
ErrMarshalPacket is the error returned when we cannot marshal a packet.
var ErrPacketTooShort = errors.New("openvpn: packet too short")
ErrPacketTooShort indicates that a packet is too short.
var ErrParsePacket = errors.New("openvpn: packet parse error")
ErrParsePacket is a generic packet parse error which may be further qualified.
Functions ¶
This section is empty.
Types ¶
type DummyTracer ¶
type DummyTracer struct{}
DummyTracer is a no-op implementation of model.HandshakeTracer that does nothing but can be safely passed as a default implementation.
func (DummyTracer) OnDroppedPacket ¶
func (dt DummyTracer) OnDroppedPacket(Direction, NegotiationState, *Packet)
OnDroppedPacket is called whenever a packet is dropped (in/out)
func (DummyTracer) OnIncomingPacket ¶
func (dt DummyTracer) OnIncomingPacket(*Packet, NegotiationState)
OnIncomingPacket is called when a packet is received.
func (DummyTracer) OnOutgoingPacket ¶
func (dt DummyTracer) OnOutgoingPacket(*Packet, NegotiationState, int)
OnOutgoingPacket is called when a packet is about to be sent.
func (DummyTracer) OnStateChange ¶
func (dt DummyTracer) OnStateChange(NegotiationState)
OnStateChange is called for each transition in the state machine.
func (DummyTracer) TimeNow ¶
func (dt DummyTracer) TimeNow() time.Time
TimeNow allows to manipulate time for deterministic tests.
type HandshakeTracer ¶
type HandshakeTracer interface { // TimeNow allows to inject time for deterministic tests. TimeNow() time.Time // OnStateChange is called for each transition in the state machine. OnStateChange(state NegotiationState) // OnIncomingPacket is called when a packet is received. OnIncomingPacket(packet *Packet, stage NegotiationState) // OnOutgoingPacket is called when a packet is about to be sent. OnOutgoingPacket(packet *Packet, stage NegotiationState, retries int) // OnDroppedPacket is called whenever a packet is dropped (in/out) OnDroppedPacket(direction Direction, stage NegotiationState, packet *Packet) }
HandshakeTracer allows to collect traces for a given OpenVPN handshake. A HandshakeTracer can be optionally added to the top-level TUN constructor, and it will be propagated to any layer that needs to register an event.
type Logger ¶
type Logger interface { // Debug emits a debug message. Debug(msg string) // Debugf formats and emits a debug message. Debugf(format string, v ...any) // Info emits an informational message. Info(msg string) // Infof formats and emits an informational message. Infof(format string, v ...any) // Warn emits a warning message. Warn(msg string) // Warnf formats and emits a warning message. Warnf(format string, v ...any) }
Logger is the generic logger definition.
type NegotiationState ¶
type NegotiationState int
NegotiationState is the state of the session negotiation.
func (NegotiationState) String ¶
func (sns NegotiationState) String() string
String maps a [SessionNegotiationState] to a string.
type Notification ¶
type Notification struct { // Flags contains flags explaining what happened. Flags int64 }
Notification is a notification for a service worker.
type Opcode ¶
type Opcode byte
Opcode is an OpenVPN packet opcode.
func NewOpcodeFromString ¶
NewOpcodeFromString returns an opcode from a string representation, and an error if it cannot parse the opcode representation. The zero return value is invalid and always coupled with a non-nil error.
type Packet ¶
type Packet struct { // Opcode is the packet message type (a P_* constant; high 5-bits of // the first packet byte). Opcode Opcode // The key_id refers to an already negotiated TLS session. // This is the shortened version of the key-id (low 3-bits of the first // packet byte). KeyID byte // PeerID is the peer ID. PeerID PeerID // LocalSessionID is the local session ID. LocalSessionID SessionID // Acks contains the remote packets we're ACKing. ACKs []PacketID // RemoteSessionID is the remote session ID. RemoteSessionID SessionID // ID is the packet-id for replay protection. According to the spec: "4 or 8 bytes, // includes sequence number and optional time_t timestamp". // // This library does not use the timestamp. // TODO(ainghazal): use optional.Value (only control packets have packet id) ID PacketID // Payload is the packet's payload. Payload []byte }
Packet is an OpenVPN packet.
func NewPacket ¶
NewPacket returns a packet from the passed arguments: opcode, keyID and a raw payload.
func ParsePacket ¶
ParsePacket produces a packet after parsing the common header. We assume that the underlying connection has already stripped out the framing.
type TestLogger ¶
type TestLogger struct {
Lines []string
}
TestLogger is a logger that can be used whenever a test needs a logger to be passed around.
func NewTestLogger ¶
func NewTestLogger() *TestLogger
func (*TestLogger) Debugf ¶
func (tl *TestLogger) Debugf(format string, v ...any)
Debugf implements model.Logger
func (*TestLogger) Infof ¶
func (tl *TestLogger) Infof(format string, v ...any)
Infof implements model.Logger
func (*TestLogger) Warnf ¶
func (tl *TestLogger) Warnf(format string, v ...any)
Warnf implements model.Logger
type TunnelInfo ¶
type TunnelInfo struct { // GW is the Route Gateway. GW string // IP is the assigned IP. IP string // MTU is the configured MTU pushed by the remote. MTU int // NetMask is the netmask configured on the TUN interface, pushed by the ifconfig command. NetMask string // PeerID is the peer-id assigned to us by the remote. PeerID int }
TunnelInfo holds state about the VPN TunnelInfo that has longer duration than a given session. This information is gathered at different stages: - during the handshake (mtu). - after server pushes config options(ip, gw).