Documentation ¶
Index ¶
- Constants
- Variables
- func AddFirewallRulesFromConfig(l *logrus.Logger, inbound bool, c *config.C, fw FirewallInterface) error
- func HandleIncomingHandshake(f *Interface, addr *udp.Addr, packet []byte, h *header.H, hostinfo *HostInfo)
- func NewUDPAddrFromLH4(ipp *Ip4AndPort) *udp.Addr
- func NewUDPAddrFromLH6(ipp *Ip6AndPort) *udp.Addr
- func RecombineCertAndValidate(h *noise.HandshakeState, rawCertBytes []byte, caPool *cert.NebulaCAPool) (*cert.NebulaCertificate, error)
- type AllowList
- type AllowListNameRule
- type Bits
- type Cache
- type CacheMap
- type CertState
- type ConnectionState
- type Control
- func (c *Control) CloseAllTunnels(excludeLighthouses bool) (closed int)
- func (c *Control) CloseTunnel(vpnIp iputil.VpnIp, localOnly bool) bool
- func (c *Control) GetHostInfoByVpnIp(vpnIp iputil.VpnIp, pending bool) *ControlHostInfo
- func (c *Control) ListHostmap(pendingMap bool) []ControlHostInfo
- func (c *Control) RebindUDPServer()
- func (c *Control) SetRemoteForTunnel(vpnIp iputil.VpnIp, addr udp.Addr) *ControlHostInfo
- func (c *Control) ShutdownBlock()
- func (c *Control) Start()
- func (c *Control) Stop()
- type ControlHostInfo
- type Firewall
- func (f *Firewall) AddRule(incoming bool, proto uint8, startPort int32, endPort int32, groups []string, ...) error
- func (f *Firewall) Destroy()
- func (f *Firewall) Drop(packet []byte, fp firewall.Packet, incoming bool, h *HostInfo, ...) error
- func (f *Firewall) EmitStats()
- func (f *Firewall) GetRuleHash() string
- type FirewallCA
- type FirewallConntrack
- type FirewallInterface
- type FirewallRule
- type FirewallTable
- type HandshakeConfig
- type HandshakeManager
- func (c *HandshakeManager) AddIndexHostInfo(h *HostInfo) error
- func (c *HandshakeManager) AddVpnIp(vpnIp iputil.VpnIp, init func(*HostInfo)) *HostInfo
- func (c *HandshakeManager) CheckAndComplete(hostinfo *HostInfo, handshakePacket uint8, overwrite bool, f *Interface) (*HostInfo, error)
- func (c *HandshakeManager) Complete(hostinfo *HostInfo, f *Interface)
- func (c *HandshakeManager) DeleteHostInfo(hostinfo *HostInfo)
- func (c *HandshakeManager) EmitStats()
- func (c *HandshakeManager) NextOutboundHandshakeTimerTick(now time.Time, f udp.EncWriter)
- func (c *HandshakeManager) QueryIndex(index uint32) (*HostInfo, error)
- func (c *HandshakeManager) Run(ctx context.Context, f udp.EncWriter)
- type HostInfo
- func (i *HostInfo) CreateRemoteCIDR(c *cert.NebulaCertificate)
- func (i *HostInfo) GetCert() *cert.NebulaCertificate
- func (i *HostInfo) RecvErrorExceeded() bool
- func (i *HostInfo) SetRemote(remote *udp.Addr)
- func (i *HostInfo) SetRemoteIfPreferred(hm *HostMap, newRemote *udp.Addr) bool
- func (i *HostInfo) TryPromoteBest(preferredRanges []*net.IPNet, ifce *Interface)
- type HostMap
- func (hm *HostMap) Add(ip iputil.VpnIp, hostinfo *HostInfo)
- func (hm *HostMap) AddVpnIp(vpnIp iputil.VpnIp, init func(hostinfo *HostInfo)) (hostinfo *HostInfo, created bool)
- func (hm *HostMap) AddVpnIpHostInfo(vpnIp iputil.VpnIp, h *HostInfo)
- func (hm *HostMap) DeleteHostInfo(hostinfo *HostInfo)
- func (hm *HostMap) DeleteIndex(index uint32)
- func (hm *HostMap) DeleteReverseIndex(index uint32)
- func (hm *HostMap) DeleteVpnIp(vpnIp iputil.VpnIp)
- func (hm *HostMap) EmitStats(name string)
- func (hm *HostMap) GetIndexByVpnIp(vpnIp iputil.VpnIp) (uint32, error)
- func (hm *HostMap) PromoteBestQueryVpnIp(vpnIp iputil.VpnIp, ifce *Interface) (*HostInfo, error)
- func (hm *HostMap) Punchy(ctx context.Context, conn *udp.Conn)
- func (hm *HostMap) QueryIndex(index uint32) (*HostInfo, error)
- func (hm *HostMap) QueryReverseIndex(index uint32) (*HostInfo, error)
- func (hm *HostMap) QueryVpnIp(vpnIp iputil.VpnIp) (*HostInfo, error)
- type Interface
- type InterfaceConfig
- type Ip4AndPort
- func (*Ip4AndPort) Descriptor() ([]byte, []int)
- func (m *Ip4AndPort) GetIp() uint32
- func (m *Ip4AndPort) GetPort() uint32
- func (m *Ip4AndPort) Marshal() (dAtA []byte, err error)
- func (m *Ip4AndPort) MarshalTo(dAtA []byte) (int, error)
- func (m *Ip4AndPort) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*Ip4AndPort) ProtoMessage()
- func (m *Ip4AndPort) Reset()
- func (m *Ip4AndPort) Size() (n int)
- func (m *Ip4AndPort) String() string
- func (m *Ip4AndPort) Unmarshal(dAtA []byte) error
- func (m *Ip4AndPort) XXX_DiscardUnknown()
- func (m *Ip4AndPort) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Ip4AndPort) XXX_Merge(src proto.Message)
- func (m *Ip4AndPort) XXX_Size() int
- func (m *Ip4AndPort) XXX_Unmarshal(b []byte) error
- type Ip6AndPort
- func (*Ip6AndPort) Descriptor() ([]byte, []int)
- func (m *Ip6AndPort) GetHi() uint64
- func (m *Ip6AndPort) GetLo() uint64
- func (m *Ip6AndPort) GetPort() uint32
- func (m *Ip6AndPort) Marshal() (dAtA []byte, err error)
- func (m *Ip6AndPort) MarshalTo(dAtA []byte) (int, error)
- func (m *Ip6AndPort) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*Ip6AndPort) ProtoMessage()
- func (m *Ip6AndPort) Reset()
- func (m *Ip6AndPort) Size() (n int)
- func (m *Ip6AndPort) String() string
- func (m *Ip6AndPort) Unmarshal(dAtA []byte) error
- func (m *Ip6AndPort) XXX_DiscardUnknown()
- func (m *Ip6AndPort) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Ip6AndPort) XXX_Merge(src proto.Message)
- func (m *Ip6AndPort) XXX_Size() int
- func (m *Ip6AndPort) XXX_Unmarshal(b []byte) error
- type LightHouse
- func (lh *LightHouse) AddStaticRemote(vpnIp iputil.VpnIp, toAddr *udp.Addr)
- func (lh *LightHouse) DeleteVpnIp(vpnIp iputil.VpnIp)
- func (lh *LightHouse) IsLighthouseIP(vpnIp iputil.VpnIp) bool
- func (lh *LightHouse) LhUpdateWorker(ctx context.Context, f udp.EncWriter)
- func (lh *LightHouse) NewRequestHandler() *LightHouseHandler
- func (lh *LightHouse) Query(ip iputil.VpnIp, f udp.EncWriter) *RemoteList
- func (lh *LightHouse) QueryCache(ip iputil.VpnIp) *RemoteList
- func (lh *LightHouse) QueryServer(ip iputil.VpnIp, f udp.EncWriter)
- func (lh *LightHouse) SendUpdate(f udp.EncWriter)
- func (lh *LightHouse) SetLocalAllowList(allowList *LocalAllowList)
- func (lh *LightHouse) SetRemoteAllowList(allowList *RemoteAllowList)
- func (lh *LightHouse) ValidateLHStaticEntries() error
- type LightHouseHandler
- type LocalAllowList
- type MessageMetrics
- type NebulaCipherState
- type NebulaHandshake
- func (*NebulaHandshake) Descriptor() ([]byte, []int)
- func (m *NebulaHandshake) GetDetails() *NebulaHandshakeDetails
- func (m *NebulaHandshake) GetHmac() []byte
- func (m *NebulaHandshake) Marshal() (dAtA []byte, err error)
- func (m *NebulaHandshake) MarshalTo(dAtA []byte) (int, error)
- func (m *NebulaHandshake) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*NebulaHandshake) ProtoMessage()
- func (m *NebulaHandshake) Reset()
- func (m *NebulaHandshake) Size() (n int)
- func (m *NebulaHandshake) String() string
- func (m *NebulaHandshake) Unmarshal(dAtA []byte) error
- func (m *NebulaHandshake) XXX_DiscardUnknown()
- func (m *NebulaHandshake) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *NebulaHandshake) XXX_Merge(src proto.Message)
- func (m *NebulaHandshake) XXX_Size() int
- func (m *NebulaHandshake) XXX_Unmarshal(b []byte) error
- type NebulaHandshakeDetails
- func (*NebulaHandshakeDetails) Descriptor() ([]byte, []int)
- func (m *NebulaHandshakeDetails) GetCert() []byte
- func (m *NebulaHandshakeDetails) GetCookie() uint64
- func (m *NebulaHandshakeDetails) GetInitiatorIndex() uint32
- func (m *NebulaHandshakeDetails) GetResponderIndex() uint32
- func (m *NebulaHandshakeDetails) GetTime() uint64
- func (m *NebulaHandshakeDetails) Marshal() (dAtA []byte, err error)
- func (m *NebulaHandshakeDetails) MarshalTo(dAtA []byte) (int, error)
- func (m *NebulaHandshakeDetails) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*NebulaHandshakeDetails) ProtoMessage()
- func (m *NebulaHandshakeDetails) Reset()
- func (m *NebulaHandshakeDetails) Size() (n int)
- func (m *NebulaHandshakeDetails) String() string
- func (m *NebulaHandshakeDetails) Unmarshal(dAtA []byte) error
- func (m *NebulaHandshakeDetails) XXX_DiscardUnknown()
- func (m *NebulaHandshakeDetails) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *NebulaHandshakeDetails) XXX_Merge(src proto.Message)
- func (m *NebulaHandshakeDetails) XXX_Size() int
- func (m *NebulaHandshakeDetails) XXX_Unmarshal(b []byte) error
- type NebulaMeta
- func (*NebulaMeta) Descriptor() ([]byte, []int)
- func (m *NebulaMeta) GetDetails() *NebulaMetaDetails
- func (m *NebulaMeta) GetType() NebulaMeta_MessageType
- func (m *NebulaMeta) Marshal() (dAtA []byte, err error)
- func (m *NebulaMeta) MarshalTo(dAtA []byte) (int, error)
- func (m *NebulaMeta) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*NebulaMeta) ProtoMessage()
- func (m *NebulaMeta) Reset()
- func (m *NebulaMeta) Size() (n int)
- func (m *NebulaMeta) String() string
- func (m *NebulaMeta) Unmarshal(dAtA []byte) error
- func (m *NebulaMeta) XXX_DiscardUnknown()
- func (m *NebulaMeta) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *NebulaMeta) XXX_Merge(src proto.Message)
- func (m *NebulaMeta) XXX_Size() int
- func (m *NebulaMeta) XXX_Unmarshal(b []byte) error
- type NebulaMetaDetails
- func (*NebulaMetaDetails) Descriptor() ([]byte, []int)
- func (m *NebulaMetaDetails) GetCounter() uint32
- func (m *NebulaMetaDetails) GetIp4AndPorts() []*Ip4AndPort
- func (m *NebulaMetaDetails) GetIp6AndPorts() []*Ip6AndPort
- func (m *NebulaMetaDetails) GetVpnIp() uint32
- func (m *NebulaMetaDetails) Marshal() (dAtA []byte, err error)
- func (m *NebulaMetaDetails) MarshalTo(dAtA []byte) (int, error)
- func (m *NebulaMetaDetails) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*NebulaMetaDetails) ProtoMessage()
- func (m *NebulaMetaDetails) Reset()
- func (m *NebulaMetaDetails) Size() (n int)
- func (m *NebulaMetaDetails) String() string
- func (m *NebulaMetaDetails) Unmarshal(dAtA []byte) error
- func (m *NebulaMetaDetails) XXX_DiscardUnknown()
- func (m *NebulaMetaDetails) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *NebulaMetaDetails) XXX_Merge(src proto.Message)
- func (m *NebulaMetaDetails) XXX_Size() int
- func (m *NebulaMetaDetails) XXX_Unmarshal(b []byte) error
- type NebulaMeta_MessageType
- type NebulaPing
- func (*NebulaPing) Descriptor() ([]byte, []int)
- func (m *NebulaPing) GetTime() uint64
- func (m *NebulaPing) GetType() NebulaPing_MessageType
- func (m *NebulaPing) Marshal() (dAtA []byte, err error)
- func (m *NebulaPing) MarshalTo(dAtA []byte) (int, error)
- func (m *NebulaPing) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*NebulaPing) ProtoMessage()
- func (m *NebulaPing) Reset()
- func (m *NebulaPing) Size() (n int)
- func (m *NebulaPing) String() string
- func (m *NebulaPing) Unmarshal(dAtA []byte) error
- func (m *NebulaPing) XXX_DiscardUnknown()
- func (m *NebulaPing) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *NebulaPing) XXX_Merge(src proto.Message)
- func (m *NebulaPing) XXX_Size() int
- func (m *NebulaPing) XXX_Unmarshal(b []byte) error
- type NebulaPing_MessageType
- type Punchy
- type RemoteAllowList
- type RemoteList
- func (r *RemoteList) BlockRemote(bad *udp.Addr)
- func (r *RemoteList) CopyAddrs(preferredRanges []*net.IPNet) []*udp.Addr
- func (r *RemoteList) CopyBlockedRemotes() []*udp.Addr
- func (r *RemoteList) CopyCache() *CacheMap
- func (r *RemoteList) ForEach(preferredRanges []*net.IPNet, forEach forEachFunc)
- func (r *RemoteList) LearnRemote(ownerVpnIp iputil.VpnIp, addr *udp.Addr)
- func (r *RemoteList) Len(preferredRanges []*net.IPNet) int
- func (r *RemoteList) Rebuild(preferredRanges []*net.IPNet)
- func (r *RemoteList) ResetBlockedRemotes()
- type SystemTimeoutItem
- type SystemTimeoutList
- type SystemTimerWheel
- type TimeoutItem
- type TimeoutList
- type TimerWheel
Constants ¶
const ( DefaultHandshakeTryInterval = time.Millisecond * 100 DefaultHandshakeRetries = 10 DefaultHandshakeTriggerBuffer = 64 )
const MaxRemotes = 10
const PromoteEvery = 1000
const ProbeLen = 100
const ReQueryEvery = 5000
const ReplayWindow = 1024
const RoamingSuppressSeconds = 2
How long we should prevent roaming back to the previous IP. This helps prevent flapping due to packets already in flight
Variables ¶
var ( ErrExistingHostInfo = errors.New("existing hostinfo") ErrAlreadySeen = errors.New("already seen") ErrLocalIndexCollision = errors.New("local index collision") ErrExistingHandshake = errors.New("existing handshake") )
var ( ErrInvalidLengthNebula = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflowNebula = fmt.Errorf("proto: integer overflow") ErrUnexpectedEndOfGroupNebula = fmt.Errorf("proto: unexpected end of group") )
var ErrHostNotKnown = errors.New("host not known")
var ErrInvalidLocalIP = errors.New("local IP is not in list of handled local IPs")
var ErrInvalidRemoteIP = errors.New("remote IP is not in remote certificate subnets")
var ErrNoMatchingRule = errors.New("no matching rule in firewall table")
var NebulaMeta_MessageType_name = map[int32]string{
0: "None",
1: "HostQuery",
2: "HostQueryReply",
3: "HostUpdateNotification",
4: "HostMovedNotification",
5: "HostPunchNotification",
6: "HostWhoami",
7: "HostWhoamiReply",
8: "PathCheck",
9: "PathCheckReply",
}
var NebulaMeta_MessageType_value = map[string]int32{
"None": 0,
"HostQuery": 1,
"HostQueryReply": 2,
"HostUpdateNotification": 3,
"HostMovedNotification": 4,
"HostPunchNotification": 5,
"HostWhoami": 6,
"HostWhoamiReply": 7,
"PathCheck": 8,
"PathCheckReply": 9,
}
var NebulaPing_MessageType_name = map[int32]string{
0: "Ping",
1: "Reply",
}
var NebulaPing_MessageType_value = map[string]int32{
"Ping": 0,
"Reply": 1,
}
Functions ¶
func HandleIncomingHandshake ¶
func NewUDPAddrFromLH4 ¶ added in v1.4.0
func NewUDPAddrFromLH4(ipp *Ip4AndPort) *udp.Addr
func NewUDPAddrFromLH6 ¶ added in v1.4.0
func NewUDPAddrFromLH6(ipp *Ip6AndPort) *udp.Addr
func RecombineCertAndValidate ¶
func RecombineCertAndValidate(h *noise.HandshakeState, rawCertBytes []byte, caPool *cert.NebulaCAPool) (*cert.NebulaCertificate, error)
Types ¶
type AllowList ¶ added in v1.2.0
type AllowList struct {
// contains filtered or unexported fields
}
type AllowListNameRule ¶ added in v1.2.0
type Cache ¶ added in v1.4.0
type Cache struct { Learned []*udp.Addr `json:"learned,omitempty"` Reported []*udp.Addr `json:"reported,omitempty"` }
Cache is the other part of CacheMap to better represent the lighthouse cache for humans We don't reason about ipv4 vs ipv6 here
type CacheMap ¶ added in v1.4.0
CacheMap is a struct that better represents the lighthouse cache for humans The string key is the owners vpnIp
type CertState ¶
type CertState struct {
// contains filtered or unexported fields
}
func NewCertState ¶
func NewCertState(certificate *cert.NebulaCertificate, privateKey []byte) (*CertState, error)
type ConnectionState ¶
type ConnectionState struct { H *noise.HandshakeState // contains filtered or unexported fields }
func (*ConnectionState) MarshalJSON ¶
func (cs *ConnectionState) MarshalJSON() ([]byte, error)
type Control ¶ added in v1.3.0
type Control struct {
// contains filtered or unexported fields
}
func (*Control) CloseAllTunnels ¶ added in v1.4.0
CloseAllTunnels is just like CloseTunnel except it goes through and shuts them all down, optionally you can avoid shutting down lighthouse tunnels the int returned is a count of tunnels closed
func (*Control) CloseTunnel ¶ added in v1.3.0
CloseTunnel closes a fully established tunnel. If localOnly is false it will notify the remote end as well.
func (*Control) GetHostInfoByVpnIp ¶ added in v1.5.0
func (c *Control) GetHostInfoByVpnIp(vpnIp iputil.VpnIp, pending bool) *ControlHostInfo
GetHostInfoByVpnIp returns a single tunnels hostInfo, or nil if not found
func (*Control) ListHostmap ¶ added in v1.3.0
func (c *Control) ListHostmap(pendingMap bool) []ControlHostInfo
ListHostmap returns details about the actual or pending (handshaking) hostmap
func (*Control) RebindUDPServer ¶ added in v1.3.0
func (c *Control) RebindUDPServer()
RebindUDPServer asks the UDP listener to rebind it's listener. Mainly used on mobile clients when interfaces change
func (*Control) SetRemoteForTunnel ¶ added in v1.3.0
SetRemoteForTunnel forces a tunnel to use a specific remote
func (*Control) ShutdownBlock ¶ added in v1.3.0
func (c *Control) ShutdownBlock()
ShutdownBlock will listen for and block on term and interrupt signals, calling Control.Stop() once signalled
type ControlHostInfo ¶ added in v1.3.0
type ControlHostInfo struct { VpnIp net.IP `json:"vpnIp"` LocalIndex uint32 `json:"localIndex"` RemoteIndex uint32 `json:"remoteIndex"` RemoteAddrs []*udp.Addr `json:"remoteAddrs"` CachedPackets int `json:"cachedPackets"` Cert *cert.NebulaCertificate `json:"cert"` MessageCounter uint64 `json:"messageCounter"` CurrentRemote *udp.Addr `json:"currentRemote"` }
type Firewall ¶
type Firewall struct { Conntrack *FirewallConntrack InRules *FirewallTable OutRules *FirewallTable //TODO: we should have many more options for TCP, an option for ICMP, and mimic the kernel a bit better // https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt TCPTimeout time.Duration //linux: 5 days max UDPTimeout time.Duration //linux: 180s max DefaultTimeout time.Duration //linux: 600s // contains filtered or unexported fields }
TODO: need conntrack max tracked connections handling
func NewFirewall ¶
func NewFirewall(l *logrus.Logger, tcpTimeout, UDPTimeout, defaultTimeout time.Duration, c *cert.NebulaCertificate) *Firewall
NewFirewall creates a new Firewall object. A TimerWheel is created for you from the provided timeouts.
func NewFirewallFromConfig ¶
func (*Firewall) AddRule ¶
func (f *Firewall) AddRule(incoming bool, proto uint8, startPort int32, endPort int32, groups []string, host string, ip *net.IPNet, caName string, caSha string) error
AddRule properly creates the in memory rule structure for a firewall table.
func (*Firewall) Destroy ¶
func (f *Firewall) Destroy()
Destroy cleans up any known cyclical references so the object can be free'd my GC. This should be called if a new firewall object is created
func (*Firewall) Drop ¶
func (f *Firewall) Drop(packet []byte, fp firewall.Packet, incoming bool, h *HostInfo, caPool *cert.NebulaCAPool, localCache firewall.ConntrackCache) error
Drop returns an error if the packet should be dropped, explaining why. It returns nil if the packet should not be dropped.
func (*Firewall) GetRuleHash ¶
GetRuleHash returns a hash representation of all inbound and outbound rules
type FirewallCA ¶ added in v1.1.0
type FirewallCA struct { Any *FirewallRule CANames map[string]*FirewallRule CAShas map[string]*FirewallRule }
type FirewallConntrack ¶ added in v1.3.0
type FirewallConntrack struct { sync.Mutex Conns map[firewall.Packet]*conn TimerWheel *TimerWheel }
type FirewallInterface ¶
type FirewallRule ¶
type FirewallTable ¶
type FirewallTable struct { TCP firewallPort UDP firewallPort ICMP firewallPort AnyProto firewallPort }
type HandshakeConfig ¶ added in v1.2.0
type HandshakeConfig struct {
// contains filtered or unexported fields
}
type HandshakeManager ¶
type HandshakeManager struct { OutboundHandshakeTimer *SystemTimerWheel // contains filtered or unexported fields }
func NewHandshakeManager ¶
func NewHandshakeManager(l *logrus.Logger, tunCidr *net.IPNet, preferredRanges []*net.IPNet, mainHostMap *HostMap, lightHouse *LightHouse, outside *udp.Conn, config HandshakeConfig) *HandshakeManager
func (*HandshakeManager) AddIndexHostInfo ¶
func (c *HandshakeManager) AddIndexHostInfo(h *HostInfo) error
AddIndexHostInfo generates a unique localIndexId for this HostInfo and adds it to the pendingHostMap. Will error if we are unable to generate a unique localIndexId
func (*HandshakeManager) AddVpnIp ¶ added in v1.5.0
func (c *HandshakeManager) AddVpnIp(vpnIp iputil.VpnIp, init func(*HostInfo)) *HostInfo
func (*HandshakeManager) CheckAndComplete ¶ added in v1.4.0
func (c *HandshakeManager) CheckAndComplete(hostinfo *HostInfo, handshakePacket uint8, overwrite bool, f *Interface) (*HostInfo, error)
CheckAndComplete checks for any conflicts in the main and pending hostmap before adding hostinfo to main. If err is nil, it was added. Otherwise err will be:
ErrAlreadySeen if we already have an entry in the hostmap that has seen the exact same handshake packet
ErrExistingHostInfo if we already have an entry in the hostmap for this VpnIp and the new handshake was older than the one we currently have
ErrLocalIndexCollision if we already have an entry in the main or pending hostmap for the hostinfo.localIndexId.
func (*HandshakeManager) Complete ¶ added in v1.4.0
func (c *HandshakeManager) Complete(hostinfo *HostInfo, f *Interface)
Complete is a simpler version of CheckAndComplete when we already know we won't have a localIndexId collision because we already have an entry in the pendingHostMap
func (*HandshakeManager) DeleteHostInfo ¶ added in v1.4.0
func (c *HandshakeManager) DeleteHostInfo(hostinfo *HostInfo)
func (*HandshakeManager) EmitStats ¶
func (c *HandshakeManager) EmitStats()
func (*HandshakeManager) NextOutboundHandshakeTimerTick ¶
func (c *HandshakeManager) NextOutboundHandshakeTimerTick(now time.Time, f udp.EncWriter)
func (*HandshakeManager) QueryIndex ¶
func (c *HandshakeManager) QueryIndex(index uint32) (*HostInfo, error)
type HostInfo ¶
type HostInfo struct { sync.RWMutex ConnectionState *ConnectionState HandshakeReady bool //todo: being in the manager means you are ready HandshakeCounter int //todo: another handshake manager entry HandshakeComplete bool //todo: this should go away in favor of ConnectionState.ready HandshakePacket map[uint8][]byte //todo: this is other handshake manager entry // contains filtered or unexported fields }
func (*HostInfo) CreateRemoteCIDR ¶ added in v1.1.0
func (i *HostInfo) CreateRemoteCIDR(c *cert.NebulaCertificate)
func (*HostInfo) GetCert ¶
func (i *HostInfo) GetCert() *cert.NebulaCertificate
func (*HostInfo) RecvErrorExceeded ¶
func (*HostInfo) SetRemoteIfPreferred ¶ added in v1.5.0
SetRemoteIfPreferred returns true if the remote was changed. The lastRoam time on the HostInfo will also be updated.
type HostMap ¶
type HostMap struct { sync.RWMutex //Because we concurrently read and write to our maps Indexes map[uint32]*HostInfo RemoteIndexes map[uint32]*HostInfo Hosts map[iputil.VpnIp]*HostInfo // contains filtered or unexported fields }
func NewHostMap ¶
func (*HostMap) AddVpnIpHostInfo ¶ added in v1.5.0
func (*HostMap) DeleteHostInfo ¶ added in v1.4.0
func (*HostMap) DeleteIndex ¶
This is only called in pendingHostmap, to cleanup an inbound handshake
func (*HostMap) DeleteReverseIndex ¶ added in v1.4.0
This is used to cleanup on recv_error
func (*HostMap) DeleteVpnIp ¶ added in v1.5.0
func (*HostMap) EmitStats ¶
UpdateStats takes a name and reports host and index counts to the stats collection system
func (*HostMap) GetIndexByVpnIp ¶ added in v1.5.0
func (*HostMap) PromoteBestQueryVpnIp ¶ added in v1.5.0
PromoteBestQueryVpnIp will attempt to lazily switch to the best remote every `PromoteEvery` calls to this function for a given host.
func (*HostMap) Punchy ¶
Punchy iterates through the result of punchList() to assemble all known addresses and sends a hole punch packet to them
func (*HostMap) QueryReverseIndex ¶
type Interface ¶
type Interface struct {
// contains filtered or unexported fields
}
func NewInterface ¶
func NewInterface(ctx context.Context, c *InterfaceConfig) (*Interface, error)
func (*Interface) RegisterConfigChangeCallbacks ¶
func (*Interface) SendMessageToVpnIp ¶
func (f *Interface) SendMessageToVpnIp(t header.MessageType, st header.MessageSubType, vpnIp iputil.VpnIp, p, nb, out []byte)
SendMessageToVpnIp handles real ip:port lookup and sends to the current best known address for vpnIp
type InterfaceConfig ¶
type InterfaceConfig struct { HostMap *HostMap Outside *udp.Conn Inside overlay.Device Cipher string Firewall *Firewall ServeDns bool HandshakeManager *HandshakeManager DropLocalBroadcast bool DropMulticast bool MessageMetrics *MessageMetrics ConntrackCacheTimeout time.Duration // contains filtered or unexported fields }
type Ip4AndPort ¶ added in v1.4.0
type Ip4AndPort struct { Ip uint32 `protobuf:"varint,1,opt,name=Ip,proto3" json:"Ip,omitempty"` Port uint32 `protobuf:"varint,2,opt,name=Port,proto3" json:"Port,omitempty"` }
func NewIp4AndPort ¶ added in v1.4.0
func NewIp4AndPort(ip net.IP, port uint32) *Ip4AndPort
func (*Ip4AndPort) Descriptor ¶ added in v1.4.0
func (*Ip4AndPort) Descriptor() ([]byte, []int)
func (*Ip4AndPort) GetIp ¶ added in v1.4.0
func (m *Ip4AndPort) GetIp() uint32
func (*Ip4AndPort) GetPort ¶ added in v1.4.0
func (m *Ip4AndPort) GetPort() uint32
func (*Ip4AndPort) Marshal ¶ added in v1.4.0
func (m *Ip4AndPort) Marshal() (dAtA []byte, err error)
func (*Ip4AndPort) MarshalTo ¶ added in v1.4.0
func (m *Ip4AndPort) MarshalTo(dAtA []byte) (int, error)
func (*Ip4AndPort) MarshalToSizedBuffer ¶ added in v1.4.0
func (m *Ip4AndPort) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Ip4AndPort) ProtoMessage ¶ added in v1.4.0
func (*Ip4AndPort) ProtoMessage()
func (*Ip4AndPort) Reset ¶ added in v1.4.0
func (m *Ip4AndPort) Reset()
func (*Ip4AndPort) Size ¶ added in v1.4.0
func (m *Ip4AndPort) Size() (n int)
func (*Ip4AndPort) String ¶ added in v1.4.0
func (m *Ip4AndPort) String() string
func (*Ip4AndPort) Unmarshal ¶ added in v1.4.0
func (m *Ip4AndPort) Unmarshal(dAtA []byte) error
func (*Ip4AndPort) XXX_DiscardUnknown ¶ added in v1.4.0
func (m *Ip4AndPort) XXX_DiscardUnknown()
func (*Ip4AndPort) XXX_Marshal ¶ added in v1.4.0
func (m *Ip4AndPort) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*Ip4AndPort) XXX_Merge ¶ added in v1.4.0
func (m *Ip4AndPort) XXX_Merge(src proto.Message)
func (*Ip4AndPort) XXX_Size ¶ added in v1.4.0
func (m *Ip4AndPort) XXX_Size() int
func (*Ip4AndPort) XXX_Unmarshal ¶ added in v1.4.0
func (m *Ip4AndPort) XXX_Unmarshal(b []byte) error
type Ip6AndPort ¶ added in v1.4.0
type Ip6AndPort struct { Hi uint64 `protobuf:"varint,1,opt,name=Hi,proto3" json:"Hi,omitempty"` Lo uint64 `protobuf:"varint,2,opt,name=Lo,proto3" json:"Lo,omitempty"` Port uint32 `protobuf:"varint,3,opt,name=Port,proto3" json:"Port,omitempty"` }
func NewIp6AndPort ¶ added in v1.4.0
func NewIp6AndPort(ip net.IP, port uint32) *Ip6AndPort
func (*Ip6AndPort) Descriptor ¶ added in v1.4.0
func (*Ip6AndPort) Descriptor() ([]byte, []int)
func (*Ip6AndPort) GetHi ¶ added in v1.4.0
func (m *Ip6AndPort) GetHi() uint64
func (*Ip6AndPort) GetLo ¶ added in v1.4.0
func (m *Ip6AndPort) GetLo() uint64
func (*Ip6AndPort) GetPort ¶ added in v1.4.0
func (m *Ip6AndPort) GetPort() uint32
func (*Ip6AndPort) Marshal ¶ added in v1.4.0
func (m *Ip6AndPort) Marshal() (dAtA []byte, err error)
func (*Ip6AndPort) MarshalTo ¶ added in v1.4.0
func (m *Ip6AndPort) MarshalTo(dAtA []byte) (int, error)
func (*Ip6AndPort) MarshalToSizedBuffer ¶ added in v1.4.0
func (m *Ip6AndPort) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*Ip6AndPort) ProtoMessage ¶ added in v1.4.0
func (*Ip6AndPort) ProtoMessage()
func (*Ip6AndPort) Reset ¶ added in v1.4.0
func (m *Ip6AndPort) Reset()
func (*Ip6AndPort) Size ¶ added in v1.4.0
func (m *Ip6AndPort) Size() (n int)
func (*Ip6AndPort) String ¶ added in v1.4.0
func (m *Ip6AndPort) String() string
func (*Ip6AndPort) Unmarshal ¶ added in v1.4.0
func (m *Ip6AndPort) Unmarshal(dAtA []byte) error
func (*Ip6AndPort) XXX_DiscardUnknown ¶ added in v1.4.0
func (m *Ip6AndPort) XXX_DiscardUnknown()
func (*Ip6AndPort) XXX_Marshal ¶ added in v1.4.0
func (m *Ip6AndPort) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*Ip6AndPort) XXX_Merge ¶ added in v1.4.0
func (m *Ip6AndPort) XXX_Merge(src proto.Message)
func (*Ip6AndPort) XXX_Size ¶ added in v1.4.0
func (m *Ip6AndPort) XXX_Size() int
func (*Ip6AndPort) XXX_Unmarshal ¶ added in v1.4.0
func (m *Ip6AndPort) XXX_Unmarshal(b []byte) error
type LightHouse ¶
type LightHouse struct { //TODO: We need a timer wheel to kick out vpnIps that haven't reported in a long time sync.RWMutex //Because we concurrently read and write to our maps // contains filtered or unexported fields }
func NewLightHouse ¶
func (*LightHouse) AddStaticRemote ¶ added in v1.4.0
func (lh *LightHouse) AddStaticRemote(vpnIp iputil.VpnIp, toAddr *udp.Addr)
AddStaticRemote adds a static host entry for vpnIp as ourselves as the owner We are the owner because we don't want a lighthouse server to advertise for static hosts it was configured with And we don't want a lighthouse query reply to interfere with our learned cache if we are a client
func (*LightHouse) DeleteVpnIp ¶ added in v1.5.0
func (lh *LightHouse) DeleteVpnIp(vpnIp iputil.VpnIp)
func (*LightHouse) IsLighthouseIP ¶
func (lh *LightHouse) IsLighthouseIP(vpnIp iputil.VpnIp) bool
func (*LightHouse) LhUpdateWorker ¶
func (lh *LightHouse) LhUpdateWorker(ctx context.Context, f udp.EncWriter)
func (*LightHouse) NewRequestHandler ¶ added in v1.4.0
func (lh *LightHouse) NewRequestHandler() *LightHouseHandler
func (*LightHouse) Query ¶
func (lh *LightHouse) Query(ip iputil.VpnIp, f udp.EncWriter) *RemoteList
func (*LightHouse) QueryCache ¶
func (lh *LightHouse) QueryCache(ip iputil.VpnIp) *RemoteList
func (*LightHouse) QueryServer ¶
func (lh *LightHouse) QueryServer(ip iputil.VpnIp, f udp.EncWriter)
This is asynchronous so no reply should be expected
func (*LightHouse) SendUpdate ¶ added in v1.4.0
func (lh *LightHouse) SendUpdate(f udp.EncWriter)
func (*LightHouse) SetLocalAllowList ¶ added in v1.2.0
func (lh *LightHouse) SetLocalAllowList(allowList *LocalAllowList)
func (*LightHouse) SetRemoteAllowList ¶ added in v1.2.0
func (lh *LightHouse) SetRemoteAllowList(allowList *RemoteAllowList)
func (*LightHouse) ValidateLHStaticEntries ¶ added in v1.1.0
func (lh *LightHouse) ValidateLHStaticEntries() error
type LightHouseHandler ¶ added in v1.4.0
type LightHouseHandler struct {
// contains filtered or unexported fields
}
func (*LightHouseHandler) HandleRequest ¶ added in v1.4.0
type LocalAllowList ¶ added in v1.5.0
type LocalAllowList struct { AllowList *AllowList // contains filtered or unexported fields }
func NewLocalAllowListFromConfig ¶ added in v1.5.0
func NewLocalAllowListFromConfig(c *config.C, k string) (*LocalAllowList, error)
func (*LocalAllowList) AllowName ¶ added in v1.5.0
func (al *LocalAllowList) AllowName(name string) bool
type MessageMetrics ¶ added in v1.3.0
type MessageMetrics struct {
// contains filtered or unexported fields
}
func (*MessageMetrics) Rx ¶ added in v1.3.0
func (m *MessageMetrics) Rx(t header.MessageType, s header.MessageSubType, i int64)
func (*MessageMetrics) Tx ¶ added in v1.3.0
func (m *MessageMetrics) Tx(t header.MessageType, s header.MessageSubType, i int64)
type NebulaCipherState ¶
type NebulaCipherState struct {
// contains filtered or unexported fields
}
func NewNebulaCipherState ¶
func NewNebulaCipherState(s *noise.CipherState) *NebulaCipherState
func (*NebulaCipherState) DecryptDanger ¶
func (*NebulaCipherState) EncryptDanger ¶
type NebulaHandshake ¶
type NebulaHandshake struct { Details *NebulaHandshakeDetails `protobuf:"bytes,1,opt,name=Details,proto3" json:"Details,omitempty"` Hmac []byte `protobuf:"bytes,2,opt,name=Hmac,proto3" json:"Hmac,omitempty"` }
func (*NebulaHandshake) Descriptor ¶
func (*NebulaHandshake) Descriptor() ([]byte, []int)
func (*NebulaHandshake) GetDetails ¶
func (m *NebulaHandshake) GetDetails() *NebulaHandshakeDetails
func (*NebulaHandshake) GetHmac ¶
func (m *NebulaHandshake) GetHmac() []byte
func (*NebulaHandshake) Marshal ¶ added in v1.4.0
func (m *NebulaHandshake) Marshal() (dAtA []byte, err error)
func (*NebulaHandshake) MarshalTo ¶ added in v1.4.0
func (m *NebulaHandshake) MarshalTo(dAtA []byte) (int, error)
func (*NebulaHandshake) MarshalToSizedBuffer ¶ added in v1.4.0
func (m *NebulaHandshake) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*NebulaHandshake) ProtoMessage ¶
func (*NebulaHandshake) ProtoMessage()
func (*NebulaHandshake) Reset ¶
func (m *NebulaHandshake) Reset()
func (*NebulaHandshake) Size ¶ added in v1.4.0
func (m *NebulaHandshake) Size() (n int)
func (*NebulaHandshake) String ¶
func (m *NebulaHandshake) String() string
func (*NebulaHandshake) Unmarshal ¶ added in v1.4.0
func (m *NebulaHandshake) Unmarshal(dAtA []byte) error
func (*NebulaHandshake) XXX_DiscardUnknown ¶
func (m *NebulaHandshake) XXX_DiscardUnknown()
func (*NebulaHandshake) XXX_Marshal ¶
func (m *NebulaHandshake) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*NebulaHandshake) XXX_Merge ¶
func (m *NebulaHandshake) XXX_Merge(src proto.Message)
func (*NebulaHandshake) XXX_Size ¶
func (m *NebulaHandshake) XXX_Size() int
func (*NebulaHandshake) XXX_Unmarshal ¶
func (m *NebulaHandshake) XXX_Unmarshal(b []byte) error
type NebulaHandshakeDetails ¶
type NebulaHandshakeDetails struct { Cert []byte `protobuf:"bytes,1,opt,name=Cert,proto3" json:"Cert,omitempty"` InitiatorIndex uint32 `protobuf:"varint,2,opt,name=InitiatorIndex,proto3" json:"InitiatorIndex,omitempty"` ResponderIndex uint32 `protobuf:"varint,3,opt,name=ResponderIndex,proto3" json:"ResponderIndex,omitempty"` Cookie uint64 `protobuf:"varint,4,opt,name=Cookie,proto3" json:"Cookie,omitempty"` Time uint64 `protobuf:"varint,5,opt,name=Time,proto3" json:"Time,omitempty"` }
func (*NebulaHandshakeDetails) Descriptor ¶
func (*NebulaHandshakeDetails) Descriptor() ([]byte, []int)
func (*NebulaHandshakeDetails) GetCert ¶
func (m *NebulaHandshakeDetails) GetCert() []byte
func (*NebulaHandshakeDetails) GetCookie ¶
func (m *NebulaHandshakeDetails) GetCookie() uint64
func (*NebulaHandshakeDetails) GetInitiatorIndex ¶
func (m *NebulaHandshakeDetails) GetInitiatorIndex() uint32
func (*NebulaHandshakeDetails) GetResponderIndex ¶
func (m *NebulaHandshakeDetails) GetResponderIndex() uint32
func (*NebulaHandshakeDetails) GetTime ¶
func (m *NebulaHandshakeDetails) GetTime() uint64
func (*NebulaHandshakeDetails) Marshal ¶ added in v1.4.0
func (m *NebulaHandshakeDetails) Marshal() (dAtA []byte, err error)
func (*NebulaHandshakeDetails) MarshalTo ¶ added in v1.4.0
func (m *NebulaHandshakeDetails) MarshalTo(dAtA []byte) (int, error)
func (*NebulaHandshakeDetails) MarshalToSizedBuffer ¶ added in v1.4.0
func (m *NebulaHandshakeDetails) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*NebulaHandshakeDetails) ProtoMessage ¶
func (*NebulaHandshakeDetails) ProtoMessage()
func (*NebulaHandshakeDetails) Reset ¶
func (m *NebulaHandshakeDetails) Reset()
func (*NebulaHandshakeDetails) Size ¶ added in v1.4.0
func (m *NebulaHandshakeDetails) Size() (n int)
func (*NebulaHandshakeDetails) String ¶
func (m *NebulaHandshakeDetails) String() string
func (*NebulaHandshakeDetails) Unmarshal ¶ added in v1.4.0
func (m *NebulaHandshakeDetails) Unmarshal(dAtA []byte) error
func (*NebulaHandshakeDetails) XXX_DiscardUnknown ¶
func (m *NebulaHandshakeDetails) XXX_DiscardUnknown()
func (*NebulaHandshakeDetails) XXX_Marshal ¶
func (m *NebulaHandshakeDetails) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*NebulaHandshakeDetails) XXX_Merge ¶
func (m *NebulaHandshakeDetails) XXX_Merge(src proto.Message)
func (*NebulaHandshakeDetails) XXX_Size ¶
func (m *NebulaHandshakeDetails) XXX_Size() int
func (*NebulaHandshakeDetails) XXX_Unmarshal ¶
func (m *NebulaHandshakeDetails) XXX_Unmarshal(b []byte) error
type NebulaMeta ¶
type NebulaMeta struct { Type NebulaMeta_MessageType `protobuf:"varint,1,opt,name=Type,proto3,enum=nebula.NebulaMeta_MessageType" json:"Type,omitempty"` Details *NebulaMetaDetails `protobuf:"bytes,2,opt,name=Details,proto3" json:"Details,omitempty"` }
func NewLhQueryByInt ¶
func NewLhQueryByInt(VpnIp iputil.VpnIp) *NebulaMeta
func (*NebulaMeta) Descriptor ¶
func (*NebulaMeta) Descriptor() ([]byte, []int)
func (*NebulaMeta) GetDetails ¶
func (m *NebulaMeta) GetDetails() *NebulaMetaDetails
func (*NebulaMeta) GetType ¶
func (m *NebulaMeta) GetType() NebulaMeta_MessageType
func (*NebulaMeta) Marshal ¶ added in v1.4.0
func (m *NebulaMeta) Marshal() (dAtA []byte, err error)
func (*NebulaMeta) MarshalTo ¶ added in v1.4.0
func (m *NebulaMeta) MarshalTo(dAtA []byte) (int, error)
func (*NebulaMeta) MarshalToSizedBuffer ¶ added in v1.4.0
func (m *NebulaMeta) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*NebulaMeta) ProtoMessage ¶
func (*NebulaMeta) ProtoMessage()
func (*NebulaMeta) Reset ¶
func (m *NebulaMeta) Reset()
func (*NebulaMeta) Size ¶ added in v1.4.0
func (m *NebulaMeta) Size() (n int)
func (*NebulaMeta) String ¶
func (m *NebulaMeta) String() string
func (*NebulaMeta) Unmarshal ¶ added in v1.4.0
func (m *NebulaMeta) Unmarshal(dAtA []byte) error
func (*NebulaMeta) XXX_DiscardUnknown ¶
func (m *NebulaMeta) XXX_DiscardUnknown()
func (*NebulaMeta) XXX_Marshal ¶
func (m *NebulaMeta) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*NebulaMeta) XXX_Merge ¶
func (m *NebulaMeta) XXX_Merge(src proto.Message)
func (*NebulaMeta) XXX_Size ¶
func (m *NebulaMeta) XXX_Size() int
func (*NebulaMeta) XXX_Unmarshal ¶
func (m *NebulaMeta) XXX_Unmarshal(b []byte) error
type NebulaMetaDetails ¶
type NebulaMetaDetails struct { VpnIp uint32 `protobuf:"varint,1,opt,name=VpnIp,proto3" json:"VpnIp,omitempty"` Ip4AndPorts []*Ip4AndPort `protobuf:"bytes,2,rep,name=Ip4AndPorts,proto3" json:"Ip4AndPorts,omitempty"` Ip6AndPorts []*Ip6AndPort `protobuf:"bytes,4,rep,name=Ip6AndPorts,proto3" json:"Ip6AndPorts,omitempty"` Counter uint32 `protobuf:"varint,3,opt,name=counter,proto3" json:"counter,omitempty"` }
func (*NebulaMetaDetails) Descriptor ¶
func (*NebulaMetaDetails) Descriptor() ([]byte, []int)
func (*NebulaMetaDetails) GetCounter ¶
func (m *NebulaMetaDetails) GetCounter() uint32
func (*NebulaMetaDetails) GetIp4AndPorts ¶ added in v1.4.0
func (m *NebulaMetaDetails) GetIp4AndPorts() []*Ip4AndPort
func (*NebulaMetaDetails) GetIp6AndPorts ¶ added in v1.4.0
func (m *NebulaMetaDetails) GetIp6AndPorts() []*Ip6AndPort
func (*NebulaMetaDetails) GetVpnIp ¶
func (m *NebulaMetaDetails) GetVpnIp() uint32
func (*NebulaMetaDetails) Marshal ¶ added in v1.4.0
func (m *NebulaMetaDetails) Marshal() (dAtA []byte, err error)
func (*NebulaMetaDetails) MarshalTo ¶ added in v1.4.0
func (m *NebulaMetaDetails) MarshalTo(dAtA []byte) (int, error)
func (*NebulaMetaDetails) MarshalToSizedBuffer ¶ added in v1.4.0
func (m *NebulaMetaDetails) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*NebulaMetaDetails) ProtoMessage ¶
func (*NebulaMetaDetails) ProtoMessage()
func (*NebulaMetaDetails) Reset ¶
func (m *NebulaMetaDetails) Reset()
func (*NebulaMetaDetails) Size ¶ added in v1.4.0
func (m *NebulaMetaDetails) Size() (n int)
func (*NebulaMetaDetails) String ¶
func (m *NebulaMetaDetails) String() string
func (*NebulaMetaDetails) Unmarshal ¶ added in v1.4.0
func (m *NebulaMetaDetails) Unmarshal(dAtA []byte) error
func (*NebulaMetaDetails) XXX_DiscardUnknown ¶
func (m *NebulaMetaDetails) XXX_DiscardUnknown()
func (*NebulaMetaDetails) XXX_Marshal ¶
func (m *NebulaMetaDetails) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*NebulaMetaDetails) XXX_Merge ¶
func (m *NebulaMetaDetails) XXX_Merge(src proto.Message)
func (*NebulaMetaDetails) XXX_Size ¶
func (m *NebulaMetaDetails) XXX_Size() int
func (*NebulaMetaDetails) XXX_Unmarshal ¶
func (m *NebulaMetaDetails) XXX_Unmarshal(b []byte) error
type NebulaMeta_MessageType ¶
type NebulaMeta_MessageType int32
const ( NebulaMeta_None NebulaMeta_MessageType = 0 NebulaMeta_HostQuery NebulaMeta_MessageType = 1 NebulaMeta_HostQueryReply NebulaMeta_MessageType = 2 NebulaMeta_HostUpdateNotification NebulaMeta_MessageType = 3 NebulaMeta_HostMovedNotification NebulaMeta_MessageType = 4 NebulaMeta_HostPunchNotification NebulaMeta_MessageType = 5 NebulaMeta_HostWhoami NebulaMeta_MessageType = 6 NebulaMeta_HostWhoamiReply NebulaMeta_MessageType = 7 NebulaMeta_PathCheck NebulaMeta_MessageType = 8 NebulaMeta_PathCheckReply NebulaMeta_MessageType = 9 )
func (NebulaMeta_MessageType) EnumDescriptor ¶
func (NebulaMeta_MessageType) EnumDescriptor() ([]byte, []int)
func (NebulaMeta_MessageType) String ¶
func (x NebulaMeta_MessageType) String() string
type NebulaPing ¶
type NebulaPing struct { Type NebulaPing_MessageType `protobuf:"varint,1,opt,name=Type,proto3,enum=nebula.NebulaPing_MessageType" json:"Type,omitempty"` Time uint64 `protobuf:"varint,2,opt,name=Time,proto3" json:"Time,omitempty"` }
func (*NebulaPing) Descriptor ¶
func (*NebulaPing) Descriptor() ([]byte, []int)
func (*NebulaPing) GetTime ¶
func (m *NebulaPing) GetTime() uint64
func (*NebulaPing) GetType ¶
func (m *NebulaPing) GetType() NebulaPing_MessageType
func (*NebulaPing) Marshal ¶ added in v1.4.0
func (m *NebulaPing) Marshal() (dAtA []byte, err error)
func (*NebulaPing) MarshalTo ¶ added in v1.4.0
func (m *NebulaPing) MarshalTo(dAtA []byte) (int, error)
func (*NebulaPing) MarshalToSizedBuffer ¶ added in v1.4.0
func (m *NebulaPing) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*NebulaPing) ProtoMessage ¶
func (*NebulaPing) ProtoMessage()
func (*NebulaPing) Reset ¶
func (m *NebulaPing) Reset()
func (*NebulaPing) Size ¶ added in v1.4.0
func (m *NebulaPing) Size() (n int)
func (*NebulaPing) String ¶
func (m *NebulaPing) String() string
func (*NebulaPing) Unmarshal ¶ added in v1.4.0
func (m *NebulaPing) Unmarshal(dAtA []byte) error
func (*NebulaPing) XXX_DiscardUnknown ¶
func (m *NebulaPing) XXX_DiscardUnknown()
func (*NebulaPing) XXX_Marshal ¶
func (m *NebulaPing) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*NebulaPing) XXX_Merge ¶
func (m *NebulaPing) XXX_Merge(src proto.Message)
func (*NebulaPing) XXX_Size ¶
func (m *NebulaPing) XXX_Size() int
func (*NebulaPing) XXX_Unmarshal ¶
func (m *NebulaPing) XXX_Unmarshal(b []byte) error
type NebulaPing_MessageType ¶
type NebulaPing_MessageType int32
const ( NebulaPing_Ping NebulaPing_MessageType = 0 NebulaPing_Reply NebulaPing_MessageType = 1 )
func (NebulaPing_MessageType) EnumDescriptor ¶
func (NebulaPing_MessageType) EnumDescriptor() ([]byte, []int)
func (NebulaPing_MessageType) String ¶
func (x NebulaPing_MessageType) String() string
type Punchy ¶ added in v1.2.0
func NewPunchyFromConfig ¶ added in v1.2.0
type RemoteAllowList ¶ added in v1.5.0
type RemoteAllowList struct { AllowList *AllowList // contains filtered or unexported fields }
func NewRemoteAllowListFromConfig ¶ added in v1.5.0
func NewRemoteAllowListFromConfig(c *config.C, k, rangesKey string) (*RemoteAllowList, error)
func (*RemoteAllowList) AllowIpV6 ¶ added in v1.5.0
func (al *RemoteAllowList) AllowIpV6(vpnIp iputil.VpnIp, hi, lo uint64) bool
func (*RemoteAllowList) AllowUnknownVpnIp ¶ added in v1.5.0
func (al *RemoteAllowList) AllowUnknownVpnIp(ip net.IP) bool
type RemoteList ¶ added in v1.4.0
type RemoteList struct { // Every interaction with internals requires a lock! sync.RWMutex // contains filtered or unexported fields }
RemoteList is a unifying concept for lighthouse servers and clients as well as hostinfos. It serves as a local cache of query replies, host update notifications, and locally learned addresses
func NewRemoteList ¶ added in v1.4.0
func NewRemoteList() *RemoteList
NewRemoteList creates a new empty RemoteList
func (*RemoteList) BlockRemote ¶ added in v1.4.0
func (r *RemoteList) BlockRemote(bad *udp.Addr)
BlockRemote locks and records the address as bad, it will be excluded from the deduplicated address list
func (*RemoteList) CopyAddrs ¶ added in v1.4.0
func (r *RemoteList) CopyAddrs(preferredRanges []*net.IPNet) []*udp.Addr
CopyAddrs locks and makes a deep copy of the deduplicated address list The deduplication work may need to occur here, so you must pass preferredRanges
func (*RemoteList) CopyBlockedRemotes ¶ added in v1.4.0
func (r *RemoteList) CopyBlockedRemotes() []*udp.Addr
CopyBlockedRemotes locks and makes a deep copy of the blocked remotes list
func (*RemoteList) CopyCache ¶ added in v1.4.0
func (r *RemoteList) CopyCache() *CacheMap
CopyCache locks and creates a more human friendly form of the internal address cache. This may contain duplicates and blocked addresses
func (*RemoteList) ForEach ¶ added in v1.4.0
func (r *RemoteList) ForEach(preferredRanges []*net.IPNet, forEach forEachFunc)
ForEach locks and will call the forEachFunc for every deduplicated address in the list The deduplication work may need to occur here, so you must pass preferredRanges
func (*RemoteList) LearnRemote ¶ added in v1.4.0
func (r *RemoteList) LearnRemote(ownerVpnIp iputil.VpnIp, addr *udp.Addr)
LearnRemote locks and sets the learned slot for the owner vpn ip to the provided addr Currently this is only needed when HostInfo.SetRemote is called as that should cover both handshaking and roaming. It will mark the deduplicated address list as dirty, so do not call it unless new information is available TODO: this needs to support the allow list list
func (*RemoteList) Len ¶ added in v1.4.0
func (r *RemoteList) Len(preferredRanges []*net.IPNet) int
Len locks and reports the size of the deduplicated address list The deduplication work may need to occur here, so you must pass preferredRanges
func (*RemoteList) Rebuild ¶ added in v1.4.0
func (r *RemoteList) Rebuild(preferredRanges []*net.IPNet)
Rebuild locks and generates the deduplicated address list only if there is work to be done There is generally no reason to call this directly but it is safe to do so
func (*RemoteList) ResetBlockedRemotes ¶ added in v1.4.0
func (r *RemoteList) ResetBlockedRemotes()
ResetBlockedRemotes locks and clears the blocked remotes list
type SystemTimeoutItem ¶
type SystemTimeoutItem struct { Item iputil.VpnIp Next *SystemTimeoutItem }
Represents an item within a tick
type SystemTimeoutList ¶
type SystemTimeoutList struct { Head *SystemTimeoutItem Tail *SystemTimeoutItem }
Represents a tick in the wheel
type SystemTimerWheel ¶
type SystemTimerWheel struct {
// contains filtered or unexported fields
}
func NewSystemTimerWheel ¶
func NewSystemTimerWheel(min, max time.Duration) *SystemTimerWheel
Builds a timer wheel and identifies the tick duration and wheel duration from the provided values Purge must be called once per entry to actually remove anything
func (*SystemTimerWheel) Add ¶
func (tw *SystemTimerWheel) Add(v iputil.VpnIp, timeout time.Duration) *SystemTimeoutItem
func (*SystemTimerWheel) Purge ¶
func (tw *SystemTimerWheel) Purge() interface{}
type TimeoutItem ¶
type TimeoutItem struct { Packet firewall.Packet Next *TimeoutItem }
Represents an item within a tick
type TimeoutList ¶
type TimeoutList struct { Head *TimeoutItem Tail *TimeoutItem }
Represents a tick in the wheel
type TimerWheel ¶
type TimerWheel struct {
// contains filtered or unexported fields
}
func NewTimerWheel ¶
func NewTimerWheel(min, max time.Duration) *TimerWheel
Builds a timer wheel and identifies the tick duration and wheel duration from the provided values Purge must be called once per entry to actually remove anything
func (*TimerWheel) Add ¶
func (tw *TimerWheel) Add(v firewall.Packet, timeout time.Duration) *TimeoutItem
Add will add a firewall.Packet to the wheel in it's proper timeout
Source Files ¶
- allow_list.go
- bits.go
- cert.go
- connection_manager.go
- connection_state.go
- control.go
- dns_server.go
- firewall.go
- handshake.go
- handshake_ix.go
- handshake_manager.go
- hostmap.go
- inside.go
- interface.go
- lighthouse.go
- logger.go
- main.go
- message_metrics.go
- metadata.go
- nebula.pb.go
- noise.go
- outside.go
- punchy.go
- remote_list.go
- ssh.go
- stats.go
- timeout.go
- timeout_system.go