nebula

package module
v1.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 11, 2021 License: MIT Imports: 49 Imported by: 5

README

What is Nebula?

Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. It lets you seamlessly connect computers anywhere in the world. Nebula is portable, and runs on Linux, OSX, Windows, iOS, and Android. It can be used to connect a small number of computers, but is also able to connect tens of thousands of computers.

Nebula incorporates a number of existing concepts like encryption, security groups, certificates, and tunneling, and each of those individual pieces existed before Nebula in various forms. What makes Nebula different to existing offerings is that it brings all of these ideas together, resulting in a sum that is greater than its individual parts.

You can read more about Nebula here.

You can also join the NebulaOSS Slack group here

Supported Platforms

Desktop and Server

Check the releases page for downloads

  • Linux - 64 and 32 bit, arm, and others
  • Windows
  • MacOS
  • Freebsd
Mobile

Technical Overview

Nebula is a mutually authenticated peer-to-peer software defined network based on the Noise Protocol Framework. Nebula uses certificates to assert a node's IP address, name, and membership within user-defined groups. Nebula's user-defined groups allow for provider agnostic traffic filtering between nodes. Discovery nodes allow individual peers to find each other and optionally use UDP hole punching to establish connections from behind most firewalls or NATs. Users can move data between nodes in any number of cloud service providers, datacenters, and endpoints, without needing to maintain a particular addressing scheme.

Nebula uses elliptic curve Diffie-Hellman key exchange, and AES-256-GCM in its default configuration.

Nebula was created to provide a mechanism for groups hosts to communicate securely, even across the internet, while enabling expressive firewall definitions similar in style to cloud security groups.

Getting started (quickly)

To set up a Nebula network, you'll need:

1. The Nebula binaries for your specific platform. Specifically you'll need nebula-cert and the specific nebula binary for each platform you use.
2. (Optional, but you really should..) At least one discovery node with a routable IP address, which we call a lighthouse.

Nebula lighthouses allow nodes to find each other, anywhere in the world. A lighthouse is the only node in a Nebula network whose IP should not change. Running a lighthouse requires very few compute resources, and you can easily use the least expensive option from a cloud hosting provider. If you're not sure which provider to use, a number of us have used $5/mo DigitalOcean droplets as lighthouses.

Once you have launched an instance, ensure that Nebula udp traffic (default port udp/4242) can reach it over the internet.

3. A Nebula certificate authority, which will be the root of trust for a particular Nebula network.
./nebula-cert ca -name "Myorganization, Inc"

This will create files named ca.key and ca.cert in the current directory. The ca.key file is the most sensitive file you'll create, because it is the key used to sign the certificates for individual nebula nodes/hosts. Please store this file somewhere safe, preferably with strong encryption.

4. Nebula host keys and certificates generated from that certificate authority

This assumes you have four nodes, named lighthouse1, laptop, server1, host3. You can name the nodes any way you'd like, including FQDN. You'll also need to choose IP addresses and the associated subnet. In this example, we are creating a nebula network that will use 192.168.100.x/24 as its network range. This example also demonstrates nebula groups, which can later be used to define traffic rules in a nebula network.

./nebula-cert sign -name "lighthouse1" -ip "192.168.100.1/24"
./nebula-cert sign -name "laptop" -ip "192.168.100.2/24" -groups "laptop,home,ssh"
./nebula-cert sign -name "server1" -ip "192.168.100.9/24" -groups "servers"
./nebula-cert sign -name "host3" -ip "192.168.100.10/24"
5. Configuration files for each host

Download a copy of the nebula example configuration.

  • On the lighthouse node, you'll need to ensure am_lighthouse: true is set.

  • On the individual hosts, ensure the lighthouse is defined properly in the static_host_map section, and is added to the lighthouse hosts section.

6. Copy nebula credentials, configuration, and binaries to each host

For each host, copy the nebula binary to the host, along with config.yaml from step 5, and the files ca.crt, {host}.crt, and {host}.key from step 4.

DO NOT COPY ca.key TO INDIVIDUAL NODES.

7. Run nebula on each host
./nebula -config /path/to/config.yaml

Building Nebula from source

Download go and clone this repo. Change to the nebula directory.

To build nebula for all platforms: make all

To build nebula for a specific platform (ex, Windows): make bin-windows

See the Makefile for more details on build targets

Credits

Nebula was created at Slack Technologies, Inc by Nate Brown and Ryan Huber, with contributions from Oliver Fross, Alan Lam, Wade Simmons, and Lining Wang.

Documentation

Index

Constants

View Source 
const (
	DefaultHandshakeTryInterval   = time.Millisecond * 100
	DefaultHandshakeRetries       = 10
	DefaultHandshakeTriggerBuffer = 64
)
View Source 
const (
	Version   uint8 = 1
	HeaderLen       = 16
)
View Source 
const DEFAULT_MTU = 1300
View Source 
const MaxRemotes = 10
View Source 
const PromoteEvery = 1000

const ProbeLen = 100

View Source 
const ReQueryEvery = 5000
View Source 
const ReplayWindow = 1024
View Source 
const RoamingSuppressSeconds = 2

How long we should prevent roaming back to the previous IP. This helps prevent flapping due to packets already in flight

Variables

View Source 
var (
	ErrExistingHostInfo    = errors.New("existing hostinfo")
	ErrAlreadySeen         = errors.New("already seen")
	ErrLocalIndexCollision = errors.New("local index collision")
	ErrExistingHandshake   = errors.New("existing handshake")
)
View Source 
var (
	ErrInvalidLengthNebula        = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowNebula          = fmt.Errorf("proto: integer overflow")
	ErrUnexpectedEndOfGroupNebula = fmt.Errorf("proto: unexpected end of group")
)
View Source 
var ErrHostNotKnown = errors.New("host not known")
View Source 
var ErrInvalidLocalIP = errors.New("local IP is not in list of handled local IPs")
View Source 
var ErrInvalidRemoteIP = errors.New("remote IP is not in remote certificate subnets")
View Source 
var ErrNoMatchingRule = errors.New("no matching rule in firewall table")
View Source 
var NebulaMeta_MessageType_name = map[int32]string{
	0: "None",
	1: "HostQuery",
	2: "HostQueryReply",
	3: "HostUpdateNotification",
	4: "HostMovedNotification",
	5: "HostPunchNotification",
	6: "HostWhoami",
	7: "HostWhoamiReply",
	8: "PathCheck",
	9: "PathCheckReply",
}
View Source 
var NebulaMeta_MessageType_value = map[string]int32{
	"None":                   0,
	"HostQuery":              1,
	"HostQueryReply":         2,
	"HostUpdateNotification": 3,
	"HostMovedNotification":  4,
	"HostPunchNotification":  5,
	"HostWhoami":             6,
	"HostWhoamiReply":        7,
	"PathCheck":              8,
	"PathCheckReply":         9,
}
View Source 
var NebulaPing_MessageType_name = map[int32]string{
	0: "Ping",
	1: "Reply",
}
View Source 
var NebulaPing_MessageType_value = map[string]int32{
	"Ping":  0,
	"Reply": 1,
}

Functions

func AddFirewallRulesFromConfig 

func AddFirewallRulesFromConfig(l *logrus.Logger, inbound bool, config *Config, fw FirewallInterface) error

func HandleIncomingHandshake 

func HandleIncomingHandshake(f *Interface, addr *udpAddr, packet []byte, h *Header, hostinfo *HostInfo)

func HeaderEncode 

func HeaderEncode(b []byte, v uint8, t uint8, st uint8, ri uint32, c uint64) []byte

HeaderEncode uses the provided byte array to encode the provided header values into. Byte array must be capped higher than HeaderLen or this will panic

func NewListenConfig 

func NewListenConfig(multi bool) net.ListenConfig

func NewListener 

func NewListener(l *logrus.Logger, ip string, port int, multi bool) (*udpConn, error)

func NewUDPAddr 

func NewUDPAddr(ip net.IP, port uint16) *udpAddr

func NewUDPAddrFromLH4 added in v1.4.0 

func NewUDPAddrFromLH4(ipp *Ip4AndPort) *udpAddr

func NewUDPAddrFromLH6 added in v1.4.0 

func NewUDPAddrFromLH6(ipp *Ip6AndPort) *udpAddr

func NewUDPAddrFromString 

func NewUDPAddrFromString(s string) *udpAddr

func NewUDPStatsEmitter added in v1.4.0 

func NewUDPStatsEmitter(udpConns []*udpConn) func()

func RecombineCertAndValidate 

func RecombineCertAndValidate(h *noise.HandshakeState, rawCertBytes []byte, caPool *cert.NebulaCAPool) (*cert.NebulaCertificate, error)

func SubTypeName 

func SubTypeName(t NebulaMessageType, s NebulaMessageSubType) string

SubTypeName will transform a nebula message sub type into a human string

func TypeName 

func TypeName(t NebulaMessageType) string

TypeName will transform a nebula message type into a human string

Types

type AllowList added in v1.2.0 

type AllowList struct {
	// contains filtered or unexported fields
}

func (*AllowList) Allow added in v1.2.0 

func (al *AllowList) Allow(ip net.IP) bool

func (*AllowList) AllowIpV4 added in v1.4.0 

func (al *AllowList) AllowIpV4(ip uint32) bool

func (*AllowList) AllowIpV6 added in v1.4.0 

func (al *AllowList) AllowIpV6(hi, lo uint64) bool

func (*AllowList) AllowName added in v1.2.0 

func (al *AllowList) AllowName(name string) bool

type AllowListNameRule added in v1.2.0 

type AllowListNameRule struct {
	Name  *regexp.Regexp
	Allow bool
}

type Bits 

type Bits struct {
	// contains filtered or unexported fields
}

func NewBits 

func NewBits(bits uint64) *Bits

func (*Bits) Check 

func (b *Bits) Check(l logrus.FieldLogger, i uint64) bool

func (*Bits) Update 

func (b *Bits) Update(l *logrus.Logger, i uint64) bool

type CIDR6Tree added in v1.4.0 

type CIDR6Tree struct {
	// contains filtered or unexported fields
}

func NewCIDR6Tree added in v1.4.0 

func NewCIDR6Tree() *CIDR6Tree

func (*CIDR6Tree) AddCIDR added in v1.4.0 

func (tree *CIDR6Tree) AddCIDR(cidr *net.IPNet, val interface{})

func (*CIDR6Tree) MostSpecificContains added in v1.4.0 

func (tree *CIDR6Tree) MostSpecificContains(ip net.IP) (value interface{})

Finds the most specific match

func (*CIDR6Tree) MostSpecificContainsIpV4 added in v1.4.0 

func (tree *CIDR6Tree) MostSpecificContainsIpV4(ip uint32) (value interface{})

func (*CIDR6Tree) MostSpecificContainsIpV6 added in v1.4.0 

func (tree *CIDR6Tree) MostSpecificContainsIpV6(hi, lo uint64) (value interface{})

type CIDRNode 

type CIDRNode struct {
	// contains filtered or unexported fields
}

type CIDRTree 

type CIDRTree struct {
	// contains filtered or unexported fields
}

func NewCIDRTree 

func NewCIDRTree() *CIDRTree

func (*CIDRTree) AddCIDR 

func (tree *CIDRTree) AddCIDR(cidr *net.IPNet, val interface{})

func (*CIDRTree) Contains 

func (tree *CIDRTree) Contains(ip uint32) (value interface{})

Finds the first match, which may be the least specific

func (*CIDRTree) Match 

func (tree *CIDRTree) Match(ip uint32) (value interface{})

Finds the most specific match

func (*CIDRTree) MostSpecificContains added in v1.1.0 

func (tree *CIDRTree) MostSpecificContains(ip uint32) (value interface{})

Finds the most specific match

type Cache added in v1.4.0 

type Cache struct {
	Learned  []*udpAddr `json:"learned,omitempty"`
	Reported []*udpAddr `json:"reported,omitempty"`
}

Cache is the other part of CacheMap to better represent the lighthouse cache for humans We don't reason about ipv4 vs ipv6 here

type CacheMap added in v1.4.0 

type CacheMap map[string]*Cache

CacheMap is a struct that better represents the lighthouse cache for humans The string key is the owners vpnIp

type CertState 

type CertState struct {
	// contains filtered or unexported fields
}

func NewCertState 

func NewCertState(certificate *cert.NebulaCertificate, privateKey []byte) (*CertState, error)

func NewCertStateFromConfig 

func NewCertStateFromConfig(c *Config) (*CertState, error)

type Config 

type Config struct {
	Settings map[interface{}]interface{}
	// contains filtered or unexported fields
}

func NewConfig 

func NewConfig(l *logrus.Logger) *Config

func (*Config) CatchHUP 

func (c *Config) CatchHUP()

CatchHUP will listen for the HUP signal in a go routine and reload all configs found in the original path provided to Load. The old settings are shallow copied for change detection after the reload.

func (*Config) Get 

func (c *Config) Get(k string) interface{}

func (*Config) GetAllowList added in v1.2.0 

func (c *Config) GetAllowList(k string, allowInterfaces bool) (*AllowList, error)

func (*Config) GetBool 

func (c *Config) GetBool(k string, d bool) bool

GetBool will get the bool for k or return the default d if not found or invalid

func (*Config) GetDuration 

func (c *Config) GetDuration(k string, d time.Duration) time.Duration

GetDuration will get the duration for k or return the default d if not found or invalid

func (*Config) GetInt 

func (c *Config) GetInt(k string, d int) int

GetInt will get the int for k or return the default d if not found or invalid

func (*Config) GetMap 

func (c *Config) GetMap(k string, d map[interface{}]interface{}) map[interface{}]interface{}

GetMap will get the map for k or return the default d if not found or invalid

func (*Config) GetString 

func (c *Config) GetString(k, d string) string

GetString will get the string for k or return the default d if not found or invalid

func (*Config) GetStringSlice 

func (c *Config) GetStringSlice(k string, d []string) []string

GetStringSlice will get the slice of strings for k or return the default d if not found or invalid

func (*Config) HasChanged 

func (c *Config) HasChanged(k string) bool

HasChanged checks if the underlying structure of the provided key has changed after a config reload. The value of k in both the old and new settings will be serialized, the result of the string comparison is returned. If k is an empty string the entire config is tested. It's important to note that this is very rudimentary and susceptible to configuration ordering issues indicating there is change when there actually wasn't any.

func (*Config) IsSet added in v1.2.0 

func (c *Config) IsSet(k string) bool

func (*Config) Load 

func (c *Config) Load(path string) error

Load will find all yaml files within path and load them in lexical order

func (*Config) LoadString added in v1.3.0 

func (c *Config) LoadString(raw string) error

func (*Config) RegisterReloadCallback 

func (c *Config) RegisterReloadCallback(f func(*Config))

RegisterReloadCallback stores a function to be called when a config reload is triggered. The functions registered here should decide if they need to make a change to the current process before making the change. HasChanged can be used to help decide if a change is necessary. These functions should return quickly or spawn their own go routine if they will take a while

func (*Config) ReloadConfig 

func (c *Config) ReloadConfig()

type ConnectionState 

type ConnectionState struct {
	H *noise.HandshakeState
	// contains filtered or unexported fields
}

func (*ConnectionState) MarshalJSON 

func (cs *ConnectionState) MarshalJSON() ([]byte, error)

type ConntrackCache added in v1.4.0 

type ConntrackCache map[FirewallPacket]struct{}

ConntrackCache is used as a local routine cache to know if a given flow has been seen in the conntrack table.

type ConntrackCacheTicker added in v1.4.0 

type ConntrackCacheTicker struct {
	// contains filtered or unexported fields
}

func NewConntrackCacheTicker added in v1.4.0 

func NewConntrackCacheTicker(d time.Duration) *ConntrackCacheTicker

func (*ConntrackCacheTicker) Get added in v1.4.0 

func (c *ConntrackCacheTicker) Get(l *logrus.Logger) ConntrackCache

Get checks if the cache ticker has moved to the next version before returning the map. If it has moved, we reset the map.

type ContextualError added in v1.3.0 

type ContextualError struct {
	RealError error
	Fields    map[string]interface{}
	Context   string
}

func NewContextualError added in v1.3.0 

func NewContextualError(msg string, fields map[string]interface{}, realError error) ContextualError

func (ContextualError) Error added in v1.3.0 

func (ce ContextualError) Error() string

func (*ContextualError) Log added in v1.3.0 

func (ce *ContextualError) Log(lr *logrus.Logger)

func (ContextualError) Unwrap added in v1.3.0 

func (ce ContextualError) Unwrap() error

type Control added in v1.3.0 

type Control struct {
	// contains filtered or unexported fields
}

func Main 

func Main(config *Config, configTest bool, buildVersion string, logger *logrus.Logger, tunFd *int) (*Control, error)

func (*Control) CloseAllTunnels added in v1.4.0 

func (c *Control) CloseAllTunnels(excludeLighthouses bool) (closed int)

CloseAllTunnels is just like CloseTunnel except it goes through and shuts them all down, optionally you can avoid shutting down lighthouse tunnels the int returned is a count of tunnels closed

func (*Control) CloseTunnel added in v1.3.0 

func (c *Control) CloseTunnel(vpnIP uint32, localOnly bool) bool

CloseTunnel closes a fully established tunnel. If localOnly is false it will notify the remote end as well.

func (*Control) GetHostInfoByVpnIP added in v1.3.0 

func (c *Control) GetHostInfoByVpnIP(vpnIP uint32, pending bool) *ControlHostInfo

GetHostInfoByVpnIP returns a single tunnels hostInfo, or nil if not found

func (*Control) ListHostmap added in v1.3.0 

func (c *Control) ListHostmap(pendingMap bool) []ControlHostInfo

ListHostmap returns details about the actual or pending (handshaking) hostmap

func (*Control) RebindUDPServer added in v1.3.0 

func (c *Control) RebindUDPServer()

RebindUDPServer asks the UDP listener to rebind it's listener. Mainly used on mobile clients when interfaces change

func (*Control) SetRemoteForTunnel added in v1.3.0 

func (c *Control) SetRemoteForTunnel(vpnIP uint32, addr udpAddr) *ControlHostInfo

SetRemoteForTunnel forces a tunnel to use a specific remote

func (*Control) ShutdownBlock added in v1.3.0 

func (c *Control) ShutdownBlock()

ShutdownBlock will listen for and block on term and interrupt signals, calling Control.Stop() once signalled

func (*Control) Start added in v1.3.0 

func (c *Control) Start()

Start actually runs nebula, this is a nonblocking call. To block use Control.ShutdownBlock()

func (*Control) Stop added in v1.3.0 

func (c *Control) Stop()

Stop signals nebula to shutdown, returns after the shutdown is complete

type ControlHostInfo added in v1.3.0 

type ControlHostInfo struct {
	VpnIP          net.IP                  `json:"vpnIp"`
	LocalIndex     uint32                  `json:"localIndex"`
	RemoteIndex    uint32                  `json:"remoteIndex"`
	RemoteAddrs    []*udpAddr              `json:"remoteAddrs"`
	CachedPackets  int                     `json:"cachedPackets"`
	Cert           *cert.NebulaCertificate `json:"cert"`
	MessageCounter uint64                  `json:"messageCounter"`
	CurrentRemote  *udpAddr                `json:"currentRemote"`
}

type EncWriter 

type EncWriter interface {
	SendMessageToVpnIp(t NebulaMessageType, st NebulaMessageSubType, vpnIp uint32, p, nb, out []byte)
}

type Firewall 

type Firewall struct {
	Conntrack *FirewallConntrack

	InRules  *FirewallTable
	OutRules *FirewallTable

	//TODO: we should have many more options for TCP, an option for ICMP, and mimic the kernel a bit better
	// https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt
	TCPTimeout     time.Duration //linux: 5 days max
	UDPTimeout     time.Duration //linux: 180s max
	DefaultTimeout time.Duration //linux: 600s
	// contains filtered or unexported fields
}

TODO: need conntrack max tracked connections handling

func NewFirewall 

func NewFirewall(l *logrus.Logger, tcpTimeout, UDPTimeout, defaultTimeout time.Duration, c *cert.NebulaCertificate) *Firewall

NewFirewall creates a new Firewall object. A TimerWheel is created for you from the provided timeouts.

func NewFirewallFromConfig 

func NewFirewallFromConfig(l *logrus.Logger, nc *cert.NebulaCertificate, c *Config) (*Firewall, error)

func (*Firewall) AddRule 

func (f *Firewall) AddRule(incoming bool, proto uint8, startPort int32, endPort int32, groups []string, host string, ip *net.IPNet, caName string, caSha string) error

AddRule properly creates the in memory rule structure for a firewall table.

func (*Firewall) Destroy 

func (f *Firewall) Destroy()

Destroy cleans up any known cyclical references so the object can be free'd my GC. This should be called if a new firewall object is created

func (*Firewall) Drop 

func (f *Firewall) Drop(packet []byte, fp FirewallPacket, incoming bool, h *HostInfo, caPool *cert.NebulaCAPool, localCache ConntrackCache) error

Drop returns an error if the packet should be dropped, explaining why. It returns nil if the packet should not be dropped.

func (*Firewall) EmitStats 

func (f *Firewall) EmitStats()

func (*Firewall) GetRuleHash 

func (f *Firewall) GetRuleHash() string

GetRuleHash returns a hash representation of all inbound and outbound rules

type FirewallCA added in v1.1.0 

type FirewallCA struct {
	Any     *FirewallRule
	CANames map[string]*FirewallRule
	CAShas  map[string]*FirewallRule
}

type FirewallConntrack added in v1.3.0 

type FirewallConntrack struct {
	sync.Mutex

	Conns      map[FirewallPacket]*conn
	TimerWheel *TimerWheel
}

type FirewallInterface 

type FirewallInterface interface {
	AddRule(incoming bool, proto uint8, startPort int32, endPort int32, groups []string, host string, ip *net.IPNet, caName string, caSha string) error
}

type FirewallPacket 

type FirewallPacket struct {
	LocalIP    uint32
	RemoteIP   uint32
	LocalPort  uint16
	RemotePort uint16
	Protocol   uint8
	Fragment   bool
}

func (*FirewallPacket) Copy 

func (fp *FirewallPacket) Copy() *FirewallPacket

func (FirewallPacket) MarshalJSON 

func (fp FirewallPacket) MarshalJSON() ([]byte, error)

type FirewallRule 

type FirewallRule struct {
	// Any makes Hosts, Groups, and CIDR irrelevant
	Any    bool
	Hosts  map[string]struct{}
	Groups [][]string
	CIDR   *CIDRTree
}

type FirewallTable 

type FirewallTable struct {
	TCP      firewallPort
	UDP      firewallPort
	ICMP     firewallPort
	AnyProto firewallPort
}

type HandshakeConfig added in v1.2.0 

type HandshakeConfig struct {
	// contains filtered or unexported fields
}

type HandshakeManager 

type HandshakeManager struct {
	OutboundHandshakeTimer *SystemTimerWheel
	// contains filtered or unexported fields
}

func NewHandshakeManager 

func NewHandshakeManager(l *logrus.Logger, tunCidr *net.IPNet, preferredRanges []*net.IPNet, mainHostMap *HostMap, lightHouse *LightHouse, outside *udpConn, config HandshakeConfig) *HandshakeManager

func (*HandshakeManager) AddIndexHostInfo 

func (c *HandshakeManager) AddIndexHostInfo(h *HostInfo) error

AddIndexHostInfo generates a unique localIndexId for this HostInfo and adds it to the pendingHostMap. Will error if we are unable to generate a unique localIndexId

func (*HandshakeManager) AddVpnIP 

func (c *HandshakeManager) AddVpnIP(vpnIP uint32) *HostInfo

func (*HandshakeManager) CheckAndComplete added in v1.4.0 

func (c *HandshakeManager) CheckAndComplete(hostinfo *HostInfo, handshakePacket uint8, overwrite bool, f *Interface) (*HostInfo, error)

ErrAlreadySeen if we already have an entry in the hostmap that has seen the exact same handshake packet

ErrExistingHostInfo if we already have an entry in the hostmap for this VpnIP and the new handshake was older than the one we currently have

ErrLocalIndexCollision if we already have an entry in the main or pending hostmap for the hostinfo.localIndexId.

func (*HandshakeManager) Complete added in v1.4.0 

func (c *HandshakeManager) Complete(hostinfo *HostInfo, f *Interface)

Complete is a simpler version of CheckAndComplete when we already know we won't have a localIndexId collision because we already have an entry in the pendingHostMap

func (*HandshakeManager) DeleteHostInfo added in v1.4.0 

func (c *HandshakeManager) DeleteHostInfo(hostinfo *HostInfo)

func (*HandshakeManager) EmitStats 

func (c *HandshakeManager) EmitStats()

func (*HandshakeManager) NextOutboundHandshakeTimerTick 

func (c *HandshakeManager) NextOutboundHandshakeTimerTick(now time.Time, f EncWriter)

func (*HandshakeManager) QueryIndex 

func (c *HandshakeManager) QueryIndex(index uint32) (*HostInfo, error)

func (*HandshakeManager) Run 

func (c *HandshakeManager) Run(f EncWriter)
type Header struct {
	Version        uint8
	Type           NebulaMessageType
	Subtype        NebulaMessageSubType
	Reserved       uint16
	RemoteIndex    uint32
	MessageCounter uint64
}

func NewHeader 

func NewHeader(b []byte) (*Header, error)

NewHeader turns bytes into a header

func (*Header) Encode 

func (h *Header) Encode(b []byte) ([]byte, error)

Encode turns header into bytes

func (*Header) MarshalJSON 

func (h *Header) MarshalJSON() ([]byte, error)

MarshalJSON creates a json string representation of a header

func (*Header) Parse 

func (h *Header) Parse(b []byte) error

Parse is a helper function to parses given bytes into new Header struct

func (*Header) String 

func (h *Header) String() string

String creates a readable string representation of a header

func (*Header) SubTypeName 

func (h *Header) SubTypeName() string

SubTypeName will transform the headers message sub type into a human string

func (*Header) TypeName 

func (h *Header) TypeName() string

TypeName will transform the headers message type into a human string

type HostInfo 

type HostInfo struct {
	sync.RWMutex

	ConnectionState *ConnectionState

	HandshakeReady    bool             //todo: being in the manager means you are ready
	HandshakeCounter  int              //todo: another handshake manager entry
	HandshakeComplete bool             //todo: this should go away in favor of ConnectionState.ready
	HandshakePacket   map[uint8][]byte //todo: this is other handshake manager entry
	// contains filtered or unexported fields
}

func (*HostInfo) BindConnectionState 

func (i *HostInfo) BindConnectionState(cs *ConnectionState)

func (*HostInfo) ClearConnectionState 

func (i *HostInfo) ClearConnectionState()

func (*HostInfo) CreateRemoteCIDR added in v1.1.0 

func (i *HostInfo) CreateRemoteCIDR(c *cert.NebulaCertificate)

func (*HostInfo) GetCert 

func (i *HostInfo) GetCert() *cert.NebulaCertificate

func (*HostInfo) RecvErrorExceeded 

func (i *HostInfo) RecvErrorExceeded() bool

func (*HostInfo) SetRemote 

func (i *HostInfo) SetRemote(remote *udpAddr)

func (*HostInfo) TryPromoteBest 

func (i *HostInfo) TryPromoteBest(preferredRanges []*net.IPNet, ifce *Interface)

TryPromoteBest handles re-querying lighthouses and probing for better paths NOTE: It is an error to call this if you are a lighthouse since they should not roam clients!

type HostMap 

type HostMap struct {
	sync.RWMutex //Because we concurrently read and write to our maps

	Indexes       map[uint32]*HostInfo
	RemoteIndexes map[uint32]*HostInfo
	Hosts         map[uint32]*HostInfo
	// contains filtered or unexported fields
}

func NewHostMap 

func NewHostMap(l *logrus.Logger, name string, vpnCIDR *net.IPNet, preferredRanges []*net.IPNet) *HostMap

func (*HostMap) Add 

func (hm *HostMap) Add(ip uint32, hostinfo *HostInfo)

func (*HostMap) AddVpnIP 

func (hm *HostMap) AddVpnIP(vpnIP uint32) *HostInfo

func (*HostMap) AddVpnIPHostInfo 

func (hm *HostMap) AddVpnIPHostInfo(vpnIP uint32, h *HostInfo)

func (*HostMap) DeleteHostInfo added in v1.4.0 

func (hm *HostMap) DeleteHostInfo(hostinfo *HostInfo)

func (*HostMap) DeleteIndex 

func (hm *HostMap) DeleteIndex(index uint32)

This is only called in pendingHostmap, to cleanup an inbound handshake

func (*HostMap) DeleteReverseIndex added in v1.4.0 

func (hm *HostMap) DeleteReverseIndex(index uint32)

This is used to cleanup on recv_error

func (*HostMap) DeleteVpnIP 

func (hm *HostMap) DeleteVpnIP(vpnIP uint32)

func (*HostMap) EmitStats 

func (hm *HostMap) EmitStats(name string)

UpdateStats takes a name and reports host and index counts to the stats collection system

func (*HostMap) GetIndexByVpnIP 

func (hm *HostMap) GetIndexByVpnIP(vpnIP uint32) (uint32, error)

func (*HostMap) PromoteBestQueryVpnIP 

func (hm *HostMap) PromoteBestQueryVpnIP(vpnIp uint32, ifce *Interface) (*HostInfo, error)

PromoteBestQueryVpnIP will attempt to lazily switch to the best remote every `PromoteEvery` calls to this function for a given host.

func (*HostMap) Punchy 

func (hm *HostMap) Punchy(conn *udpConn)

Punchy iterates through the result of punchList() to assemble all known addresses and sends a hole punch packet to them

func (*HostMap) QueryIndex 

func (hm *HostMap) QueryIndex(index uint32) (*HostInfo, error)

func (*HostMap) QueryReverseIndex 

func (hm *HostMap) QueryReverseIndex(index uint32) (*HostInfo, error)

func (*HostMap) QueryVpnIP 

func (hm *HostMap) QueryVpnIP(vpnIp uint32) (*HostInfo, error)

type Inside added in v1.3.0 

type Inside interface {
	io.ReadWriteCloser
	Activate() error
	CidrNet() *net.IPNet
	DeviceName() string
	WriteRaw([]byte) error
	NewMultiQueueReader() (io.ReadWriteCloser, error)
}

type IntIp 

type IntIp uint32

A helper type to avoid converting to IP when logging

func (IntIp) MarshalJSON 

func (ip IntIp) MarshalJSON() ([]byte, error)

func (IntIp) String 

func (ip IntIp) String() string

type Interface 

type Interface struct {
	// contains filtered or unexported fields
}

func NewInterface 

func NewInterface(c *InterfaceConfig) (*Interface, error)

func (*Interface) RegisterConfigChangeCallbacks 

func (f *Interface) RegisterConfigChangeCallbacks(c *Config)

func (*Interface) SendMessageToVpnIp 

func (f *Interface) SendMessageToVpnIp(t NebulaMessageType, st NebulaMessageSubType, vpnIp uint32, p, nb, out []byte)

SendMessageToVpnIp handles real ip:port lookup and sends to the current best known address for vpnIp

type InterfaceConfig 

type InterfaceConfig struct {
	HostMap *HostMap
	Outside *udpConn
	Inside  Inside

	Cipher           string
	Firewall         *Firewall
	ServeDns         bool
	HandshakeManager *HandshakeManager

	DropLocalBroadcast bool
	DropMulticast      bool
	UDPBatchSize       int

	MessageMetrics *MessageMetrics

	ConntrackCacheTimeout time.Duration
	// contains filtered or unexported fields
}

type Ip4AndPort added in v1.4.0 

type Ip4AndPort struct {
	Ip   uint32 `protobuf:"varint,1,opt,name=Ip,proto3" json:"Ip,omitempty"`
	Port uint32 `protobuf:"varint,2,opt,name=Port,proto3" json:"Port,omitempty"`
}

func NewIp4AndPort added in v1.4.0 

func NewIp4AndPort(ip net.IP, port uint32) *Ip4AndPort

func (*Ip4AndPort) Descriptor added in v1.4.0 

func (*Ip4AndPort) Descriptor() ([]byte, []int)

func (*Ip4AndPort) GetIp added in v1.4.0 

func (m *Ip4AndPort) GetIp() uint32

func (*Ip4AndPort) GetPort added in v1.4.0 

func (m *Ip4AndPort) GetPort() uint32

func (*Ip4AndPort) Marshal added in v1.4.0 

func (m *Ip4AndPort) Marshal() (dAtA []byte, err error)

func (*Ip4AndPort) MarshalTo added in v1.4.0 

func (m *Ip4AndPort) MarshalTo(dAtA []byte) (int, error)

func (*Ip4AndPort) MarshalToSizedBuffer added in v1.4.0 

func (m *Ip4AndPort) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Ip4AndPort) ProtoMessage added in v1.4.0 

func (*Ip4AndPort) ProtoMessage()

func (*Ip4AndPort) Reset added in v1.4.0 

func (m *Ip4AndPort) Reset()

func (*Ip4AndPort) Size added in v1.4.0 

func (m *Ip4AndPort) Size() (n int)

func (*Ip4AndPort) String added in v1.4.0 

func (m *Ip4AndPort) String() string

func (*Ip4AndPort) Unmarshal added in v1.4.0 

func (m *Ip4AndPort) Unmarshal(dAtA []byte) error

func (*Ip4AndPort) XXX_DiscardUnknown added in v1.4.0 

func (m *Ip4AndPort) XXX_DiscardUnknown()

func (*Ip4AndPort) XXX_Marshal added in v1.4.0 

func (m *Ip4AndPort) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Ip4AndPort) XXX_Merge added in v1.4.0 

func (m *Ip4AndPort) XXX_Merge(src proto.Message)

func (*Ip4AndPort) XXX_Size added in v1.4.0 

func (m *Ip4AndPort) XXX_Size() int

func (*Ip4AndPort) XXX_Unmarshal added in v1.4.0 

func (m *Ip4AndPort) XXX_Unmarshal(b []byte) error

type Ip6AndPort added in v1.4.0 

type Ip6AndPort struct {
	Hi   uint64 `protobuf:"varint,1,opt,name=Hi,proto3" json:"Hi,omitempty"`
	Lo   uint64 `protobuf:"varint,2,opt,name=Lo,proto3" json:"Lo,omitempty"`
	Port uint32 `protobuf:"varint,3,opt,name=Port,proto3" json:"Port,omitempty"`
}

func NewIp6AndPort added in v1.4.0 

func NewIp6AndPort(ip net.IP, port uint32) *Ip6AndPort

func (*Ip6AndPort) Descriptor added in v1.4.0 

func (*Ip6AndPort) Descriptor() ([]byte, []int)

func (*Ip6AndPort) GetHi added in v1.4.0 

func (m *Ip6AndPort) GetHi() uint64

func (*Ip6AndPort) GetLo added in v1.4.0 

func (m *Ip6AndPort) GetLo() uint64

func (*Ip6AndPort) GetPort added in v1.4.0 

func (m *Ip6AndPort) GetPort() uint32

func (*Ip6AndPort) Marshal added in v1.4.0 

func (m *Ip6AndPort) Marshal() (dAtA []byte, err error)

func (*Ip6AndPort) MarshalTo added in v1.4.0 

func (m *Ip6AndPort) MarshalTo(dAtA []byte) (int, error)

func (*Ip6AndPort) MarshalToSizedBuffer added in v1.4.0 

func (m *Ip6AndPort) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Ip6AndPort) ProtoMessage added in v1.4.0 

func (*Ip6AndPort) ProtoMessage()

func (*Ip6AndPort) Reset added in v1.4.0 

func (m *Ip6AndPort) Reset()

func (*Ip6AndPort) Size added in v1.4.0 

func (m *Ip6AndPort) Size() (n int)

func (*Ip6AndPort) String added in v1.4.0 

func (m *Ip6AndPort) String() string

func (*Ip6AndPort) Unmarshal added in v1.4.0 

func (m *Ip6AndPort) Unmarshal(dAtA []byte) error

func (*Ip6AndPort) XXX_DiscardUnknown added in v1.4.0 

func (m *Ip6AndPort) XXX_DiscardUnknown()

func (*Ip6AndPort) XXX_Marshal added in v1.4.0 

func (m *Ip6AndPort) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Ip6AndPort) XXX_Merge added in v1.4.0 

func (m *Ip6AndPort) XXX_Merge(src proto.Message)

func (*Ip6AndPort) XXX_Size added in v1.4.0 

func (m *Ip6AndPort) XXX_Size() int

func (*Ip6AndPort) XXX_Unmarshal added in v1.4.0 

func (m *Ip6AndPort) XXX_Unmarshal(b []byte) error

type LightHouse 

type LightHouse struct {
	//TODO: We need a timer wheel to kick out vpnIps that haven't reported in a long time
	sync.RWMutex //Because we concurrently read and write to our maps
	// contains filtered or unexported fields
}

func NewLightHouse 

func NewLightHouse(l *logrus.Logger, amLighthouse bool, myVpnIpNet *net.IPNet, ips []uint32, interval int, nebulaPort uint32, pc *udpConn, punchBack bool, punchDelay time.Duration, metricsEnabled bool) *LightHouse

func (*LightHouse) AddStaticRemote added in v1.4.0 

func (lh *LightHouse) AddStaticRemote(vpnIp uint32, toAddr *udpAddr)

AddStaticRemote adds a static host entry for vpnIp as ourselves as the owner We are the owner because we don't want a lighthouse server to advertise for static hosts it was configured with And we don't want a lighthouse query reply to interfere with our learned cache if we are a client

func (*LightHouse) DeleteVpnIP 

func (lh *LightHouse) DeleteVpnIP(vpnIP uint32)

func (*LightHouse) IsLighthouseIP 

func (lh *LightHouse) IsLighthouseIP(vpnIP uint32) bool

func (*LightHouse) LhUpdateWorker 

func (lh *LightHouse) LhUpdateWorker(f EncWriter)

func (*LightHouse) NewRequestHandler added in v1.4.0 

func (lh *LightHouse) NewRequestHandler() *LightHouseHandler

func (*LightHouse) Query 

func (lh *LightHouse) Query(ip uint32, f EncWriter) *RemoteList

func (*LightHouse) QueryCache 

func (lh *LightHouse) QueryCache(ip uint32) *RemoteList

func (*LightHouse) QueryServer 

func (lh *LightHouse) QueryServer(ip uint32, f EncWriter)

This is asynchronous so no reply should be expected

func (*LightHouse) SendUpdate added in v1.4.0 

func (lh *LightHouse) SendUpdate(f EncWriter)

func (*LightHouse) SetLocalAllowList added in v1.2.0 

func (lh *LightHouse) SetLocalAllowList(allowList *AllowList)

func (*LightHouse) SetRemoteAllowList added in v1.2.0 

func (lh *LightHouse) SetRemoteAllowList(allowList *AllowList)

func (*LightHouse) ValidateLHStaticEntries added in v1.1.0 

func (lh *LightHouse) ValidateLHStaticEntries() error

type LightHouseHandler added in v1.4.0 

type LightHouseHandler struct {
	// contains filtered or unexported fields
}

func (*LightHouseHandler) HandleRequest added in v1.4.0 

func (lhh *LightHouseHandler) HandleRequest(rAddr *udpAddr, vpnIp uint32, p []byte, w EncWriter)

type MessageMetrics added in v1.3.0 

type MessageMetrics struct {
	// contains filtered or unexported fields
}

func (*MessageMetrics) Rx added in v1.3.0 

func (m *MessageMetrics) Rx(t NebulaMessageType, s NebulaMessageSubType, i int64)

func (*MessageMetrics) Tx added in v1.3.0 

func (m *MessageMetrics) Tx(t NebulaMessageType, s NebulaMessageSubType, i int64)

type NebulaCipherState 

type NebulaCipherState struct {
	// contains filtered or unexported fields
}

func NewNebulaCipherState 

func NewNebulaCipherState(s *noise.CipherState) *NebulaCipherState

func (*NebulaCipherState) DecryptDanger 

func (s *NebulaCipherState) DecryptDanger(out, ad, ciphertext []byte, n uint64, nb []byte) ([]byte, error)

func (*NebulaCipherState) EncryptDanger 

func (s *NebulaCipherState) EncryptDanger(out, ad, plaintext []byte, n uint64, nb []byte) ([]byte, error)

type NebulaHandshake 

type NebulaHandshake struct {
	Details *NebulaHandshakeDetails `protobuf:"bytes,1,opt,name=Details,proto3" json:"Details,omitempty"`
	Hmac    []byte                  `protobuf:"bytes,2,opt,name=Hmac,proto3" json:"Hmac,omitempty"`
}

func (*NebulaHandshake) Descriptor 

func (*NebulaHandshake) Descriptor() ([]byte, []int)

func (*NebulaHandshake) GetDetails 

func (m *NebulaHandshake) GetDetails() *NebulaHandshakeDetails

func (*NebulaHandshake) GetHmac 

func (m *NebulaHandshake) GetHmac() []byte

func (*NebulaHandshake) Marshal added in v1.4.0 

func (m *NebulaHandshake) Marshal() (dAtA []byte, err error)

func (*NebulaHandshake) MarshalTo added in v1.4.0 

func (m *NebulaHandshake) MarshalTo(dAtA []byte) (int, error)

func (*NebulaHandshake) MarshalToSizedBuffer added in v1.4.0 

func (m *NebulaHandshake) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*NebulaHandshake) ProtoMessage 

func (*NebulaHandshake) ProtoMessage()

func (*NebulaHandshake) Reset 

func (m *NebulaHandshake) Reset()

func (*NebulaHandshake) Size added in v1.4.0 

func (m *NebulaHandshake) Size() (n int)

func (*NebulaHandshake) String 

func (m *NebulaHandshake) String() string

func (*NebulaHandshake) Unmarshal added in v1.4.0 

func (m *NebulaHandshake) Unmarshal(dAtA []byte) error

func (*NebulaHandshake) XXX_DiscardUnknown 

func (m *NebulaHandshake) XXX_DiscardUnknown()

func (*NebulaHandshake) XXX_Marshal 

func (m *NebulaHandshake) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*NebulaHandshake) XXX_Merge 

func (m *NebulaHandshake) XXX_Merge(src proto.Message)

func (*NebulaHandshake) XXX_Size 

func (m *NebulaHandshake) XXX_Size() int

func (*NebulaHandshake) XXX_Unmarshal 

func (m *NebulaHandshake) XXX_Unmarshal(b []byte) error

type NebulaHandshakeDetails 

type NebulaHandshakeDetails struct {
	Cert           []byte `protobuf:"bytes,1,opt,name=Cert,proto3" json:"Cert,omitempty"`
	InitiatorIndex uint32 `protobuf:"varint,2,opt,name=InitiatorIndex,proto3" json:"InitiatorIndex,omitempty"`
	ResponderIndex uint32 `protobuf:"varint,3,opt,name=ResponderIndex,proto3" json:"ResponderIndex,omitempty"`
	Cookie         uint64 `protobuf:"varint,4,opt,name=Cookie,proto3" json:"Cookie,omitempty"`
	Time           uint64 `protobuf:"varint,5,opt,name=Time,proto3" json:"Time,omitempty"`
}

func (*NebulaHandshakeDetails) Descriptor 

func (*NebulaHandshakeDetails) Descriptor() ([]byte, []int)

func (*NebulaHandshakeDetails) GetCert 

func (m *NebulaHandshakeDetails) GetCert() []byte

func (*NebulaHandshakeDetails) GetCookie 

func (m *NebulaHandshakeDetails) GetCookie() uint64

func (*NebulaHandshakeDetails) GetInitiatorIndex 

func (m *NebulaHandshakeDetails) GetInitiatorIndex() uint32

func (*NebulaHandshakeDetails) GetResponderIndex 

func (m *NebulaHandshakeDetails) GetResponderIndex() uint32

func (*NebulaHandshakeDetails) GetTime 

func (m *NebulaHandshakeDetails) GetTime() uint64

func (*NebulaHandshakeDetails) Marshal added in v1.4.0 

func (m *NebulaHandshakeDetails) Marshal() (dAtA []byte, err error)

func (*NebulaHandshakeDetails) MarshalTo added in v1.4.0 

func (m *NebulaHandshakeDetails) MarshalTo(dAtA []byte) (int, error)

func (*NebulaHandshakeDetails) MarshalToSizedBuffer added in v1.4.0 

func (m *NebulaHandshakeDetails) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*NebulaHandshakeDetails) ProtoMessage 

func (*NebulaHandshakeDetails) ProtoMessage()

func (*NebulaHandshakeDetails) Reset 

func (m *NebulaHandshakeDetails) Reset()

func (*NebulaHandshakeDetails) Size added in v1.4.0 

func (m *NebulaHandshakeDetails) Size() (n int)

func (*NebulaHandshakeDetails) String 

func (m *NebulaHandshakeDetails) String() string

func (*NebulaHandshakeDetails) Unmarshal added in v1.4.0 

func (m *NebulaHandshakeDetails) Unmarshal(dAtA []byte) error

func (*NebulaHandshakeDetails) XXX_DiscardUnknown 

func (m *NebulaHandshakeDetails) XXX_DiscardUnknown()

func (*NebulaHandshakeDetails) XXX_Marshal 

func (m *NebulaHandshakeDetails) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*NebulaHandshakeDetails) XXX_Merge 

func (m *NebulaHandshakeDetails) XXX_Merge(src proto.Message)

func (*NebulaHandshakeDetails) XXX_Size 

func (m *NebulaHandshakeDetails) XXX_Size() int

func (*NebulaHandshakeDetails) XXX_Unmarshal 

func (m *NebulaHandshakeDetails) XXX_Unmarshal(b []byte) error

type NebulaMessageSubType 

type NebulaMessageSubType uint8

type NebulaMessageType 

type NebulaMessageType uint8

type NebulaMeta 

type NebulaMeta struct {
	Type    NebulaMeta_MessageType `protobuf:"varint,1,opt,name=Type,proto3,enum=nebula.NebulaMeta_MessageType" json:"Type,omitempty"`
	Details *NebulaMetaDetails     `protobuf:"bytes,2,opt,name=Details,proto3" json:"Details,omitempty"`
}

func NewLhQueryByInt 

func NewLhQueryByInt(VpnIp uint32) *NebulaMeta

func (*NebulaMeta) Descriptor 

func (*NebulaMeta) Descriptor() ([]byte, []int)

func (*NebulaMeta) GetDetails 

func (m *NebulaMeta) GetDetails() *NebulaMetaDetails

func (*NebulaMeta) GetType 

func (m *NebulaMeta) GetType() NebulaMeta_MessageType

func (*NebulaMeta) Marshal added in v1.4.0 

func (m *NebulaMeta) Marshal() (dAtA []byte, err error)

func (*NebulaMeta) MarshalTo added in v1.4.0 

func (m *NebulaMeta) MarshalTo(dAtA []byte) (int, error)

func (*NebulaMeta) MarshalToSizedBuffer added in v1.4.0 

func (m *NebulaMeta) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*NebulaMeta) ProtoMessage 

func (*NebulaMeta) ProtoMessage()

func (*NebulaMeta) Reset 

func (m *NebulaMeta) Reset()

func (*NebulaMeta) Size added in v1.4.0 

func (m *NebulaMeta) Size() (n int)

func (*NebulaMeta) String 

func (m *NebulaMeta) String() string

func (*NebulaMeta) Unmarshal added in v1.4.0 

func (m *NebulaMeta) Unmarshal(dAtA []byte) error

func (*NebulaMeta) XXX_DiscardUnknown 

func (m *NebulaMeta) XXX_DiscardUnknown()

func (*NebulaMeta) XXX_Marshal 

func (m *NebulaMeta) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*NebulaMeta) XXX_Merge 

func (m *NebulaMeta) XXX_Merge(src proto.Message)

func (*NebulaMeta) XXX_Size 

func (m *NebulaMeta) XXX_Size() int

func (*NebulaMeta) XXX_Unmarshal 

func (m *NebulaMeta) XXX_Unmarshal(b []byte) error

type NebulaMetaDetails 

type NebulaMetaDetails struct {
	VpnIp       uint32        `protobuf:"varint,1,opt,name=VpnIp,proto3" json:"VpnIp,omitempty"`
	Ip4AndPorts []*Ip4AndPort `protobuf:"bytes,2,rep,name=Ip4AndPorts,proto3" json:"Ip4AndPorts,omitempty"`
	Ip6AndPorts []*Ip6AndPort `protobuf:"bytes,4,rep,name=Ip6AndPorts,proto3" json:"Ip6AndPorts,omitempty"`
	Counter     uint32        `protobuf:"varint,3,opt,name=counter,proto3" json:"counter,omitempty"`
}

func (*NebulaMetaDetails) Descriptor 

func (*NebulaMetaDetails) Descriptor() ([]byte, []int)

func (*NebulaMetaDetails) GetCounter 

func (m *NebulaMetaDetails) GetCounter() uint32

func (*NebulaMetaDetails) GetIp4AndPorts added in v1.4.0 

func (m *NebulaMetaDetails) GetIp4AndPorts() []*Ip4AndPort

func (*NebulaMetaDetails) GetIp6AndPorts added in v1.4.0 

func (m *NebulaMetaDetails) GetIp6AndPorts() []*Ip6AndPort

func (*NebulaMetaDetails) GetVpnIp 

func (m *NebulaMetaDetails) GetVpnIp() uint32

func (*NebulaMetaDetails) Marshal added in v1.4.0 

func (m *NebulaMetaDetails) Marshal() (dAtA []byte, err error)

func (*NebulaMetaDetails) MarshalTo added in v1.4.0 

func (m *NebulaMetaDetails) MarshalTo(dAtA []byte) (int, error)

func (*NebulaMetaDetails) MarshalToSizedBuffer added in v1.4.0 

func (m *NebulaMetaDetails) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*NebulaMetaDetails) ProtoMessage 

func (*NebulaMetaDetails) ProtoMessage()

func (*NebulaMetaDetails) Reset 

func (m *NebulaMetaDetails) Reset()

func (*NebulaMetaDetails) Size added in v1.4.0 

func (m *NebulaMetaDetails) Size() (n int)

func (*NebulaMetaDetails) String 

func (m *NebulaMetaDetails) String() string

func (*NebulaMetaDetails) Unmarshal added in v1.4.0 

func (m *NebulaMetaDetails) Unmarshal(dAtA []byte) error

func (*NebulaMetaDetails) XXX_DiscardUnknown 

func (m *NebulaMetaDetails) XXX_DiscardUnknown()

func (*NebulaMetaDetails) XXX_Marshal 

func (m *NebulaMetaDetails) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*NebulaMetaDetails) XXX_Merge 

func (m *NebulaMetaDetails) XXX_Merge(src proto.Message)

func (*NebulaMetaDetails) XXX_Size 

func (m *NebulaMetaDetails) XXX_Size() int

func (*NebulaMetaDetails) XXX_Unmarshal 

func (m *NebulaMetaDetails) XXX_Unmarshal(b []byte) error

type NebulaMeta_MessageType 

type NebulaMeta_MessageType int32
const (
	NebulaMeta_None                   NebulaMeta_MessageType = 0
	NebulaMeta_HostQuery              NebulaMeta_MessageType = 1
	NebulaMeta_HostQueryReply         NebulaMeta_MessageType = 2
	NebulaMeta_HostUpdateNotification NebulaMeta_MessageType = 3
	NebulaMeta_HostMovedNotification  NebulaMeta_MessageType = 4
	NebulaMeta_HostPunchNotification  NebulaMeta_MessageType = 5
	NebulaMeta_HostWhoami             NebulaMeta_MessageType = 6
	NebulaMeta_HostWhoamiReply        NebulaMeta_MessageType = 7
	NebulaMeta_PathCheck              NebulaMeta_MessageType = 8
	NebulaMeta_PathCheckReply         NebulaMeta_MessageType = 9
)

func (NebulaMeta_MessageType) EnumDescriptor 

func (NebulaMeta_MessageType) EnumDescriptor() ([]byte, []int)

func (NebulaMeta_MessageType) String 

func (x NebulaMeta_MessageType) String() string

type NebulaPing 

type NebulaPing struct {
	Type NebulaPing_MessageType `protobuf:"varint,1,opt,name=Type,proto3,enum=nebula.NebulaPing_MessageType" json:"Type,omitempty"`
	Time uint64                 `protobuf:"varint,2,opt,name=Time,proto3" json:"Time,omitempty"`
}

func (*NebulaPing) Descriptor 

func (*NebulaPing) Descriptor() ([]byte, []int)

func (*NebulaPing) GetTime 

func (m *NebulaPing) GetTime() uint64

func (*NebulaPing) GetType 

func (m *NebulaPing) GetType() NebulaPing_MessageType

func (*NebulaPing) Marshal added in v1.4.0 

func (m *NebulaPing) Marshal() (dAtA []byte, err error)

func (*NebulaPing) MarshalTo added in v1.4.0 

func (m *NebulaPing) MarshalTo(dAtA []byte) (int, error)

func (*NebulaPing) MarshalToSizedBuffer added in v1.4.0 

func (m *NebulaPing) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*NebulaPing) ProtoMessage 

func (*NebulaPing) ProtoMessage()

func (*NebulaPing) Reset 

func (m *NebulaPing) Reset()

func (*NebulaPing) Size added in v1.4.0 

func (m *NebulaPing) Size() (n int)

func (*NebulaPing) String 

func (m *NebulaPing) String() string

func (*NebulaPing) Unmarshal added in v1.4.0 

func (m *NebulaPing) Unmarshal(dAtA []byte) error

func (*NebulaPing) XXX_DiscardUnknown 

func (m *NebulaPing) XXX_DiscardUnknown()

func (*NebulaPing) XXX_Marshal 

func (m *NebulaPing) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*NebulaPing) XXX_Merge 

func (m *NebulaPing) XXX_Merge(src proto.Message)

func (*NebulaPing) XXX_Size 

func (m *NebulaPing) XXX_Size() int

func (*NebulaPing) XXX_Unmarshal 

func (m *NebulaPing) XXX_Unmarshal(b []byte) error

type NebulaPing_MessageType 

type NebulaPing_MessageType int32
const (
	NebulaPing_Ping  NebulaPing_MessageType = 0
	NebulaPing_Reply NebulaPing_MessageType = 1
)

func (NebulaPing_MessageType) EnumDescriptor 

func (NebulaPing_MessageType) EnumDescriptor() ([]byte, []int)

func (NebulaPing_MessageType) String 

func (x NebulaPing_MessageType) String() string

type Punchy added in v1.2.0 

type Punchy struct {
	Punch   bool
	Respond bool
	Delay   time.Duration
}

func NewPunchyFromConfig added in v1.2.0 

func NewPunchyFromConfig(c *Config) *Punchy

type RemoteList added in v1.4.0 

type RemoteList struct {
	// Every interaction with internals requires a lock!
	sync.RWMutex
	// contains filtered or unexported fields
}

RemoteList is a unifying concept for lighthouse servers and clients as well as hostinfos. It serves as a local cache of query replies, host update notifications, and locally learned addresses

func NewRemoteList added in v1.4.0 

func NewRemoteList() *RemoteList

NewRemoteList creates a new empty RemoteList

func (*RemoteList) BlockRemote added in v1.4.0 

func (r *RemoteList) BlockRemote(bad *udpAddr)

BlockRemote locks and records the address as bad, it will be excluded from the deduplicated address list

func (*RemoteList) CopyAddrs added in v1.4.0 

func (r *RemoteList) CopyAddrs(preferredRanges []*net.IPNet) []*udpAddr

CopyAddrs locks and makes a deep copy of the deduplicated address list The deduplication work may need to occur here, so you must pass preferredRanges

func (*RemoteList) CopyBlockedRemotes added in v1.4.0 

func (r *RemoteList) CopyBlockedRemotes() []*udpAddr

CopyBlockedRemotes locks and makes a deep copy of the blocked remotes list

func (*RemoteList) CopyCache added in v1.4.0 

func (r *RemoteList) CopyCache() *CacheMap

CopyCache locks and creates a more human friendly form of the internal address cache. This may contain duplicates and blocked addresses

func (*RemoteList) ForEach added in v1.4.0 

func (r *RemoteList) ForEach(preferredRanges []*net.IPNet, forEach forEachFunc)

ForEach locks and will call the forEachFunc for every deduplicated address in the list The deduplication work may need to occur here, so you must pass preferredRanges

func (*RemoteList) LearnRemote added in v1.4.0 

func (r *RemoteList) LearnRemote(ownerVpnIp uint32, addr *udpAddr)

LearnRemote locks and sets the learned slot for the owner vpn ip to the provided addr Currently this is only needed when HostInfo.SetRemote is called as that should cover both handshaking and roaming. It will mark the deduplicated address list as dirty, so do not call it unless new information is available TODO: this needs to support the allow list list

func (*RemoteList) Len added in v1.4.0 

func (r *RemoteList) Len(preferredRanges []*net.IPNet) int

Len locks and reports the size of the deduplicated address list The deduplication work may need to occur here, so you must pass preferredRanges

func (*RemoteList) Rebuild added in v1.4.0 

func (r *RemoteList) Rebuild(preferredRanges []*net.IPNet)

Rebuild locks and generates the deduplicated address list only if there is work to be done There is generally no reason to call this directly but it is safe to do so

func (*RemoteList) ResetBlockedRemotes added in v1.4.0 

func (r *RemoteList) ResetBlockedRemotes()

ResetBlockedRemotes locks and clears the blocked remotes list

type SystemTimeoutItem 

type SystemTimeoutItem struct {
	Item uint32
	Next *SystemTimeoutItem
}

Represents an item within a tick

type SystemTimeoutList 

type SystemTimeoutList struct {
	Head *SystemTimeoutItem
	Tail *SystemTimeoutItem
}

Represents a tick in the wheel

type SystemTimerWheel 

type SystemTimerWheel struct {
	// contains filtered or unexported fields
}

func NewSystemTimerWheel 

func NewSystemTimerWheel(min, max time.Duration) *SystemTimerWheel

Builds a timer wheel and identifies the tick duration and wheel duration from the provided values Purge must be called once per entry to actually remove anything

func (*SystemTimerWheel) Add 

func (tw *SystemTimerWheel) Add(v uint32, timeout time.Duration) *SystemTimeoutItem

func (*SystemTimerWheel) Purge 

func (tw *SystemTimerWheel) Purge() interface{}

type TimeoutItem 

type TimeoutItem struct {
	Packet FirewallPacket
	Next   *TimeoutItem
}

Represents an item within a tick

type TimeoutList 

type TimeoutList struct {
	Head *TimeoutItem
	Tail *TimeoutItem
}

Represents a tick in the wheel

type TimerWheel 

type TimerWheel struct {
	// contains filtered or unexported fields
}

func NewTimerWheel 

func NewTimerWheel(min, max time.Duration) *TimerWheel

Builds a timer wheel and identifies the tick duration and wheel duration from the provided values Purge must be called once per entry to actually remove anything

func (*TimerWheel) Add 

func (tw *TimerWheel) Add(v FirewallPacket, timeout time.Duration) *TimeoutItem

Add will add a FirewallPacket to the wheel in it's proper timeout

func (*TimerWheel) Purge 

func (tw *TimerWheel) Purge() (FirewallPacket, bool)

type Tun 

type Tun struct {
	Device       string
	Cidr         *net.IPNet
	MTU          int
	UnsafeRoutes []route

	*water.Interface
	// contains filtered or unexported fields
}

func (*Tun) Activate 

func (c *Tun) Activate() error

func (*Tun) CidrNet added in v1.3.0 

func (c *Tun) CidrNet() *net.IPNet

func (*Tun) DeviceName added in v1.3.0 

func (c *Tun) DeviceName() string

func (*Tun) NewMultiQueueReader added in v1.4.0 

func (t *Tun) NewMultiQueueReader() (io.ReadWriteCloser, error)

func (*Tun) WriteRaw 

func (c *Tun) WriteRaw(b []byte) error

Source Files

View all Source files

Directories

Path Synopsis
cmd
nebula
nebula-cert
nebula-service
e2e
router

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.