connection

package
v10.345.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2021 License: Apache-2.0 Imports: 18 Imported by: 2

Documentation

Index

Constants

View Source 
const MaximumUDPQueueLen = 50

MaximumUDPQueueLen is the maximum number of UDP packets buffered.

Variables

View Source 
var DefaultConnectionTimeout = 24 * time.Second

DefaultConnectionTimeout is used as the timeout for connection in the cache.

Functions

func UDPConnectionExpirationNotifier 

func UDPConnectionExpirationNotifier(c cache.DataStore, id interface{}, item interface{})

UDPConnectionExpirationNotifier expiration notifier when cache entry expires

Types

type AuthInfo 

type AuthInfo struct {
	Nonce                        [tokens.NonceLength]byte
	RemoteNonce                  []byte
	RemoteContextID              string
	RemoteIP                     string
	RemotePort                   string
	LocalDatapathPrivateKey      *ephemeralkeys.PrivateKey
	SecretKey                    []byte
	LocalDatapathPublicKeyV1     []byte
	LocalDatapathPublicKeySignV1 []byte
	LocalDatapathPublicKeyV2     []byte
	LocalDatapathPublicKeySignV2 []byte
	ConnectionClaims             tokens.ConnectionClaims
	SynAckToken                  []byte
	AckToken                     []byte
	Proto314                     bool
}

AuthInfo keeps authentication information about a connection

type ProxyConnState 

type ProxyConnState int

ProxyConnState identifies the constants of the state of a proxied connection 

const (
	// ClientTokenSend Init token send for client
	ClientTokenSend ProxyConnState = iota

	// ServerReceivePeerToken -- waiting to receive peer token
	ServerReceivePeerToken

	// ServerSendToken -- Send our own token and the client tokens
	ServerSendToken

	// ClientPeerTokenReceive -- Receive signed tokens from server
	ClientPeerTokenReceive

	// ClientSendSignedPair -- Sign the (token/nonce pair) and send
	ClientSendSignedPair

	// ServerAuthenticatePair -- Authenticate pair of tokens
	ServerAuthenticatePair
)

type ProxyConnection 

type ProxyConnection struct {
	sync.Mutex

	Auth             AuthInfo
	ReportFlowPolicy *policy.FlowPolicy
	PacketFlowPolicy *policy.FlowPolicy

	Secrets secrets.Secrets
	// contains filtered or unexported fields
}

ProxyConnection is a record to keep state of proxy auth

func NewProxyConnection 

func NewProxyConnection(keyPair ephemeralkeys.KeyAccessor) *ProxyConnection

NewProxyConnection returns a new Proxy Connection

func (*ProxyConnection) GetState 

func (c *ProxyConnection) GetState() ProxyConnState

GetState returns the state of a proxy connection

func (*ProxyConnection) SetReported 

func (c *ProxyConnection) SetReported(reported bool)

SetReported sets the flag to reported when the conn is reported

func (*ProxyConnection) SetState 

func (c *ProxyConnection) SetState(state ProxyConnState)

SetState is used to setup the state for the Proxy Connection

type TCPCache 

type TCPCache interface {
	Put(string, *TCPConnection)
	Get(string) (*TCPConnection, bool)
	Remove(string)
	Len() int
}

TCPCache is an interface to store tcp connections keyed with the string.

func NewTCPConnectionCache 

func NewTCPConnectionCache() TCPCache

NewTCPConnectionCache initializes the tcp connection cache

type TCPConnection 

type TCPConnection struct {
	sync.RWMutex

	Auth AuthInfo

	// ServiceData allows services to associate state with a connection
	ServiceData interface{}

	// Context is the pucontext.PUContext that is associated with this connection
	// Minimizes the number of caches and lookups
	Context *pucontext.PUContext

	// TimeOut signals the timeout to be used by the state machines
	TimeOut time.Duration

	// ServiceConnection indicates that this connection is handled by a service
	ServiceConnection bool

	// ReportFlowPolicy holds the last matched observed policy
	ReportFlowPolicy *policy.FlowPolicy

	// PacketFlowPolicy holds the last matched actual policy
	PacketFlowPolicy *policy.FlowPolicy

	// MarkForDeletion -- this is is used only in conjunction with serviceconnection. Its a hint for us if we have a fin for an earlier connection
	// and this is reused port flow.
	MarkForDeletion bool

	RetransmittedSynAck bool

	// TCPtuple is tcp tuple
	TCPtuple *TCPTuple

	// PingConfig is the config that holds ping related information.
	PingConfig *pingconfig.PingConfig

	Secrets secrets.Secrets

	SourceController      string
	DestinationController string

	EncodedBuf [tokens.ClaimsEncodedBufSize]byte
	// contains filtered or unexported fields
}

TCPConnection is information regarding TCP Connection

func NewTCPConnection 

func NewTCPConnection(context *pucontext.PUContext, p *packet.Packet) *TCPConnection

NewTCPConnection returns a TCPConnection information struct

func (*TCPConnection) ChangeConnectionTimeout 

func (c *TCPConnection) ChangeConnectionTimeout(t time.Duration)

ChangeConnectionTimeout is used by test code to change the default connection timeout

func (*TCPConnection) Cleanup 

func (c *TCPConnection) Cleanup()

Cleanup will provide information when a connection is removed by a timer.

func (*TCPConnection) GetCounterAndReset 

func (c *TCPConnection) GetCounterAndReset() uint32

GetCounterAndReset returns the counter and resets it to zero

func (*TCPConnection) GetInitialSequenceNumber 

func (c *TCPConnection) GetInitialSequenceNumber() uint32

GetInitialSequenceNumber returns the initial sequence number that was found on the syn packet corresponding to this TCP Connection

func (*TCPConnection) GetMarkForDeletion 

func (c *TCPConnection) GetMarkForDeletion() bool

GetMarkForDeletion returns the state of markForDeletion flag

func (*TCPConnection) GetReportReason 

func (c *TCPConnection) GetReportReason() string

GetReportReason returns the reason for reporting this connection

func (*TCPConnection) GetState 

func (c *TCPConnection) GetState() TCPFlowState

GetState is used to return the state

func (*TCPConnection) GetStateString 

func (c *TCPConnection) GetStateString() string

GetStateString is used to return the state as string

func (*TCPConnection) IncrementCounter 

func (c *TCPConnection) IncrementCounter()

IncrementCounter increments counter for this connection

func (*TCPConnection) IsLoopbackConnection 

func (c *TCPConnection) IsLoopbackConnection() bool

IsLoopbackConnection sets LoopbackConnection field.

func (*TCPConnection) PingEnabled 

func (c *TCPConnection) PingEnabled() bool

PingEnabled returns true if ping is enabled for this connection

func (*TCPConnection) ResetTimer 

func (c *TCPConnection) ResetTimer(newTimeout time.Duration)

ResetTimer resets the timer

func (*TCPConnection) SetLoopbackConnection 

func (c *TCPConnection) SetLoopbackConnection(isLoopback bool)

SetLoopbackConnection sets LoopbackConnection field.

func (*TCPConnection) SetReportReason 

func (c *TCPConnection) SetReportReason(reason string)

SetReportReason sets the reason for reporting this connection

func (*TCPConnection) SetState 

func (c *TCPConnection) SetState(state TCPFlowState)

SetState is used to setup the state for the TCP connection

func (*TCPConnection) StartTimer 

func (c *TCPConnection) StartTimer(f func())

StartTimer starts the timer for 24 seconds and on expiry will call the function passed in the argument.

func (*TCPConnection) StopTimer 

func (c *TCPConnection) StopTimer()

StopTimer will stop the timer in the connection object.

func (*TCPConnection) String 

func (c *TCPConnection) String() string

String returns a printable version of connection

type TCPFlowState 

type TCPFlowState int

TCPFlowState identifies the constants of the state of a TCP connectioncon 

const (

	// TCPSynSend is the state where the Syn packets has been send, but no response has been received
	TCPSynSend TCPFlowState = iota

	// TCPSynReceived indicates that the syn packet has been received
	TCPSynReceived

	// TCPSynAckSend indicates that the SynAck packet has been send
	TCPSynAckSend

	// TCPSynAckReceived is the state where the SynAck has been received
	TCPSynAckReceived

	// TCPAckSend indicates that the ack packets has been sent
	TCPAckSend

	// TCPAckProcessed is the state that the negotiation has been completed
	TCPAckProcessed

	// TCPData indicates that the packets are now data packets
	TCPData

	// UnknownState indicates that this an existing connection in the unknown state.
	UnknownState
)

type TCPTuple 

type TCPTuple struct {
	SourceAddress      net.IP
	DestinationAddress net.IP
	SourcePort         uint16
	DestinationPort    uint16
}

TCPTuple contains the 4 tuple for tcp connection

func (*TCPTuple) String 

func (tcpTuple *TCPTuple) String() string

type UDPConnection 

type UDPConnection struct {
	sync.RWMutex

	Context *pucontext.PUContext
	Auth    AuthInfo

	ReportFlowPolicy *policy.FlowPolicy
	PacketFlowPolicy *policy.FlowPolicy
	// ServiceData allows services to associate state with a connection
	ServiceData interface{}

	// PacketQueue indicates app UDP packets queued while authorization is in progress.
	PacketQueue chan *packet.Packet
	Writer      afinetrawsocket.SocketWriter
	// ServiceConnection indicates that this connection is handled by a service
	ServiceConnection bool

	TestIgnore bool

	Secrets secrets.Secrets

	SourceController      string
	DestinationController string
	EncodedBuf            [tokens.ClaimsEncodedBufSize]byte
	// contains filtered or unexported fields
}

UDPConnection is information regarding UDP connection.

func NewUDPConnection 

func NewUDPConnection(context *pucontext.PUContext, writer afinetrawsocket.SocketWriter) *UDPConnection

NewUDPConnection returns UDPConnection struct.

func (*UDPConnection) AckChannel 

func (c *UDPConnection) AckChannel() chan bool

AckChannel returns the Ack stop channel.

func (*UDPConnection) AckStop 

func (c *UDPConnection) AckStop()

AckStop issues a stop in the Ack channel.

func (*UDPConnection) Cleanup 

func (c *UDPConnection) Cleanup()

Cleanup is called on cache expiry of the connection to record incomplete connections

func (*UDPConnection) DropPackets 

func (c *UDPConnection) DropPackets()

DropPackets drops packets on errors during Authorization.

func (*UDPConnection) GetState 

func (c *UDPConnection) GetState() UDPFlowState

GetState is used to get state of UDP Connection.

func (*UDPConnection) IsLoopbackConnection 

func (c *UDPConnection) IsLoopbackConnection() bool

IsLoopbackConnection sets LoopbackConnection field.

func (*UDPConnection) QueuePackets 

func (c *UDPConnection) QueuePackets(udpPacket *packet.Packet) (err error)

QueuePackets queues UDP packets till the flow is authenticated.

func (*UDPConnection) ReadPacket 

func (c *UDPConnection) ReadPacket() *packet.Packet

ReadPacket reads a packet from the queue.

func (*UDPConnection) SetLoopbackConnection 

func (c *UDPConnection) SetLoopbackConnection(isLoopback bool)

SetLoopbackConnection sets LoopbackConnection field.

func (*UDPConnection) SetState 

func (c *UDPConnection) SetState(state UDPFlowState)

SetState is used to setup the state for the UDP Connection.

func (*UDPConnection) String 

func (c *UDPConnection) String() string

String returns a printable version of connection

func (*UDPConnection) SynAckChannel 

func (c *UDPConnection) SynAckChannel() chan bool

SynAckChannel returns the SynAck stop channel.

func (*UDPConnection) SynAckStop 

func (c *UDPConnection) SynAckStop()

SynAckStop issues a stop in the synAckStop channel.

func (*UDPConnection) SynChannel 

func (c *UDPConnection) SynChannel() chan bool

SynChannel returns the SynStop channel.

func (*UDPConnection) SynStop 

func (c *UDPConnection) SynStop()

SynStop issues a stop on the synStop channel.

type UDPFlowState 

type UDPFlowState int

UDPFlowState identifies the constants of the state of a UDP connection. 

const (
	// UDPStart is the state where a syn will be sent.
	UDPStart UDPFlowState = iota

	// UDPClientSendSyn is the state where a syn has been sent.
	UDPClientSendSyn

	// UDPClientSendAck  is the state where application side has send the ACK.
	UDPClientSendAck

	// UDPReceiverSendSynAck is the state where syn ack packet has been sent.
	UDPReceiverSendSynAck

	// UDPReceiverProcessedAck is the state that the negotiation has been completed.
	UDPReceiverProcessedAck

	// UDPData is the state where data is being transmitted.
	UDPData

	// UDPRST is the state when we received rst from peer. This connection is dead
	UDPRST
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.