connection

package
v10.341.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 23, 2021 License: Apache-2.0 Imports: 18 Imported by: 2

Documentation

Index

Constants

View Source
const MaximumUDPQueueLen = 50

MaximumUDPQueueLen is the maximum number of UDP packets buffered.

Variables

View Source
var DefaultConnectionTimeout = 24 * time.Second

DefaultConnectionTimeout is used as the timeout for connection in the cache.

Functions

func UDPConnectionExpirationNotifier

func UDPConnectionExpirationNotifier(c cache.DataStore, id interface{}, item interface{})

UDPConnectionExpirationNotifier expiration notifier when cache entry expires

Types

type AuthInfo

type AuthInfo struct {
	Nonce                        [tokens.NonceLength]byte
	RemoteNonce                  []byte
	RemoteContextID              string
	RemoteIP                     string
	RemotePort                   string
	LocalDatapathPrivateKey      *ephemeralkeys.PrivateKey
	SecretKey                    []byte
	LocalDatapathPublicKeyV1     []byte
	LocalDatapathPublicKeySignV1 []byte
	LocalDatapathPublicKeyV2     []byte
	LocalDatapathPublicKeySignV2 []byte
	ConnectionClaims             tokens.ConnectionClaims
	SynAckToken                  []byte
	AckToken                     []byte
	Proto314                     bool
}

AuthInfo keeps authentication information about a connection

type ProxyConnState

type ProxyConnState int

ProxyConnState identifies the constants of the state of a proxied connection

const (
	// ClientTokenSend Init token send for client
	ClientTokenSend ProxyConnState = iota

	// ServerReceivePeerToken -- waiting to receive peer token
	ServerReceivePeerToken

	// ServerSendToken -- Send our own token and the client tokens
	ServerSendToken

	// ClientPeerTokenReceive -- Receive signed tokens from server
	ClientPeerTokenReceive

	// ClientSendSignedPair -- Sign the (token/nonce pair) and send
	ClientSendSignedPair

	// ServerAuthenticatePair -- Authenticate pair of tokens
	ServerAuthenticatePair
)

type ProxyConnection

type ProxyConnection struct {
	sync.Mutex

	Auth             AuthInfo
	ReportFlowPolicy *policy.FlowPolicy
	PacketFlowPolicy *policy.FlowPolicy

	Secrets secrets.Secrets
	// contains filtered or unexported fields
}

ProxyConnection is a record to keep state of proxy auth

func NewProxyConnection

func NewProxyConnection(keyPair ephemeralkeys.KeyAccessor) *ProxyConnection

NewProxyConnection returns a new Proxy Connection

func (*ProxyConnection) GetState

func (c *ProxyConnection) GetState() ProxyConnState

GetState returns the state of a proxy connection

func (*ProxyConnection) SetReported

func (c *ProxyConnection) SetReported(reported bool)

SetReported sets the flag to reported when the conn is reported

func (*ProxyConnection) SetState

func (c *ProxyConnection) SetState(state ProxyConnState)

SetState is used to setup the state for the Proxy Connection

type TCPCache

type TCPCache interface {
	Put(string, *TCPConnection)
	Get(string) (*TCPConnection, bool)
	Remove(string)
	Len() int
}

TCPCache is an interface to store tcp connections keyed with the string.

func NewTCPConnectionCache

func NewTCPConnectionCache() TCPCache

NewTCPConnectionCache initializes the tcp connection cache

type TCPConnection

type TCPConnection struct {
	sync.RWMutex

	Auth AuthInfo

	// ServiceData allows services to associate state with a connection
	ServiceData interface{}

	// Context is the pucontext.PUContext that is associated with this connection
	// Minimizes the number of caches and lookups
	Context *pucontext.PUContext

	// TimeOut signals the timeout to be used by the state machines
	TimeOut time.Duration

	// ServiceConnection indicates that this connection is handled by a service
	ServiceConnection bool

	// ReportFlowPolicy holds the last matched observed policy
	ReportFlowPolicy *policy.FlowPolicy

	// PacketFlowPolicy holds the last matched actual policy
	PacketFlowPolicy *policy.FlowPolicy

	// MarkForDeletion -- this is is used only in conjunction with serviceconnection. Its a hint for us if we have a fin for an earlier connection
	// and this is reused port flow.
	MarkForDeletion bool

	RetransmittedSynAck bool

	// TCPtuple is tcp tuple
	TCPtuple *TCPTuple

	// PingConfig is the config that holds ping related information.
	PingConfig *pingconfig.PingConfig

	Secrets secrets.Secrets

	SourceController      string
	DestinationController string

	EncodedBuf [tokens.ClaimsEncodedBufSize]byte
	// contains filtered or unexported fields
}

TCPConnection is information regarding TCP Connection

func NewTCPConnection

func NewTCPConnection(context *pucontext.PUContext, p *packet.Packet) *TCPConnection

NewTCPConnection returns a TCPConnection information struct

func (*TCPConnection) ChangeConnectionTimeout

func (c *TCPConnection) ChangeConnectionTimeout(t time.Duration)

ChangeConnectionTimeout is used by test code to change the default connection timeout

func (*TCPConnection) Cleanup

func (c *TCPConnection) Cleanup()

Cleanup will provide information when a connection is removed by a timer.

func (*TCPConnection) GetCounterAndReset

func (c *TCPConnection) GetCounterAndReset() uint32

GetCounterAndReset returns the counter and resets it to zero

func (*TCPConnection) GetInitialSequenceNumber

func (c *TCPConnection) GetInitialSequenceNumber() uint32

GetInitialSequenceNumber returns the initial sequence number that was found on the syn packet corresponding to this TCP Connection

func (*TCPConnection) GetMarkForDeletion

func (c *TCPConnection) GetMarkForDeletion() bool

GetMarkForDeletion returns the state of markForDeletion flag

func (*TCPConnection) GetReportReason

func (c *TCPConnection) GetReportReason() string

GetReportReason returns the reason for reporting this connection

func (*TCPConnection) GetState

func (c *TCPConnection) GetState() TCPFlowState

GetState is used to return the state

func (*TCPConnection) GetStateString

func (c *TCPConnection) GetStateString() string

GetStateString is used to return the state as string

func (*TCPConnection) IncrementCounter

func (c *TCPConnection) IncrementCounter()

IncrementCounter increments counter for this connection

func (*TCPConnection) IsLoopbackConnection

func (c *TCPConnection) IsLoopbackConnection() bool

IsLoopbackConnection sets LoopbackConnection field.

func (*TCPConnection) PingEnabled

func (c *TCPConnection) PingEnabled() bool

PingEnabled returns true if ping is enabled for this connection

func (*TCPConnection) ResetTimer

func (c *TCPConnection) ResetTimer(newTimeout time.Duration)

ResetTimer resets the timer

func (*TCPConnection) SetLoopbackConnection

func (c *TCPConnection) SetLoopbackConnection(isLoopback bool)

SetLoopbackConnection sets LoopbackConnection field.

func (*TCPConnection) SetReportReason

func (c *TCPConnection) SetReportReason(reason string)

SetReportReason sets the reason for reporting this connection

func (*TCPConnection) SetState

func (c *TCPConnection) SetState(state TCPFlowState)

SetState is used to setup the state for the TCP connection

func (*TCPConnection) StartTimer

func (c *TCPConnection) StartTimer(f func())

StartTimer starts the timer for 24 seconds and on expiry will call the function passed in the argument.

func (*TCPConnection) StopTimer

func (c *TCPConnection) StopTimer()

StopTimer will stop the timer in the connection object.

func (*TCPConnection) String

func (c *TCPConnection) String() string

String returns a printable version of connection

type TCPFlowState

type TCPFlowState int

TCPFlowState identifies the constants of the state of a TCP connectioncon

const (

	// TCPSynSend is the state where the Syn packets has been send, but no response has been received
	TCPSynSend TCPFlowState = iota

	// TCPSynReceived indicates that the syn packet has been received
	TCPSynReceived

	// TCPSynAckSend indicates that the SynAck packet has been send
	TCPSynAckSend

	// TCPSynAckReceived is the state where the SynAck has been received
	TCPSynAckReceived

	// TCPAckSend indicates that the ack packets has been sent
	TCPAckSend

	// TCPAckProcessed is the state that the negotiation has been completed
	TCPAckProcessed

	// TCPData indicates that the packets are now data packets
	TCPData

	// UnknownState indicates that this an existing connection in the unknown state.
	UnknownState
)

type TCPTuple

type TCPTuple struct {
	SourceAddress      net.IP
	DestinationAddress net.IP
	SourcePort         uint16
	DestinationPort    uint16
}

TCPTuple contains the 4 tuple for tcp connection

func (*TCPTuple) String

func (tcpTuple *TCPTuple) String() string

type UDPConnection

type UDPConnection struct {
	sync.RWMutex

	Context *pucontext.PUContext
	Auth    AuthInfo

	ReportFlowPolicy *policy.FlowPolicy
	PacketFlowPolicy *policy.FlowPolicy
	// ServiceData allows services to associate state with a connection
	ServiceData interface{}

	// PacketQueue indicates app UDP packets queued while authorization is in progress.
	PacketQueue chan *packet.Packet
	Writer      afinetrawsocket.SocketWriter
	// ServiceConnection indicates that this connection is handled by a service
	ServiceConnection bool

	TestIgnore bool

	Secrets secrets.Secrets

	SourceController      string
	DestinationController string
	EncodedBuf            [tokens.ClaimsEncodedBufSize]byte
	// contains filtered or unexported fields
}

UDPConnection is information regarding UDP connection.

func NewUDPConnection

func NewUDPConnection(context *pucontext.PUContext, writer afinetrawsocket.SocketWriter) *UDPConnection

NewUDPConnection returns UDPConnection struct.

func (*UDPConnection) AckChannel

func (c *UDPConnection) AckChannel() chan bool

AckChannel returns the Ack stop channel.

func (*UDPConnection) AckStop

func (c *UDPConnection) AckStop()

AckStop issues a stop in the Ack channel.

func (*UDPConnection) Cleanup

func (c *UDPConnection) Cleanup()

Cleanup is called on cache expiry of the connection to record incomplete connections

func (*UDPConnection) DropPackets

func (c *UDPConnection) DropPackets()

DropPackets drops packets on errors during Authorization.

func (*UDPConnection) GetState

func (c *UDPConnection) GetState() UDPFlowState

GetState is used to get state of UDP Connection.

func (*UDPConnection) IsLoopbackConnection

func (c *UDPConnection) IsLoopbackConnection() bool

IsLoopbackConnection sets LoopbackConnection field.

func (*UDPConnection) QueuePackets

func (c *UDPConnection) QueuePackets(udpPacket *packet.Packet) (err error)

QueuePackets queues UDP packets till the flow is authenticated.

func (*UDPConnection) ReadPacket

func (c *UDPConnection) ReadPacket() *packet.Packet

ReadPacket reads a packet from the queue.

func (*UDPConnection) SetLoopbackConnection

func (c *UDPConnection) SetLoopbackConnection(isLoopback bool)

SetLoopbackConnection sets LoopbackConnection field.

func (*UDPConnection) SetState

func (c *UDPConnection) SetState(state UDPFlowState)

SetState is used to setup the state for the UDP Connection.

func (*UDPConnection) String

func (c *UDPConnection) String() string

String returns a printable version of connection

func (*UDPConnection) SynAckChannel

func (c *UDPConnection) SynAckChannel() chan bool

SynAckChannel returns the SynAck stop channel.

func (*UDPConnection) SynAckStop

func (c *UDPConnection) SynAckStop()

SynAckStop issues a stop in the synAckStop channel.

func (*UDPConnection) SynChannel

func (c *UDPConnection) SynChannel() chan bool

SynChannel returns the SynStop channel.

func (*UDPConnection) SynStop

func (c *UDPConnection) SynStop()

SynStop issues a stop on the synStop channel.

type UDPFlowState

type UDPFlowState int

UDPFlowState identifies the constants of the state of a UDP connection.

const (
	// UDPStart is the state where a syn will be sent.
	UDPStart UDPFlowState = iota

	// UDPClientSendSyn is the state where a syn has been sent.
	UDPClientSendSyn

	// UDPClientSendAck  is the state where application side has send the ACK.
	UDPClientSendAck

	// UDPReceiverSendSynAck is the state where syn ack packet has been sent.
	UDPReceiverSendSynAck

	// UDPReceiverProcessedAck is the state that the negotiation has been completed.
	UDPReceiverProcessedAck

	// UDPData is the state where data is being transmitted.
	UDPData

	// UDPRST is the state when we received rst from peer. This connection is dead
	UDPRST
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL