protocol

package
v0.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 4, 2026 License: AGPL-3.0 Imports: 2 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PeerTunnelData   byte = 0x11
	PeerTunnelClose  byte = 0x12
	PeerTunnelPause  byte = 0x13 // Propagate pause to tunnel origin
	PeerTunnelResume byte = 0x14 // Propagate resume to tunnel origin
)

Control bytes for peer binary messages for tunneled data.

View Source 
const (
	TokenIssuer   = "authorizer"
	TokenAudience = "nexus"
)
View Source 
const (
	RouteKeyPrefixTCP = "tcp:"
	RouteKeyPrefixUDP = "udp:"
)
View Source 
const (
	// ClientIDLength is the expected length of a client's unique identifier (UUID).
	ClientIDLength = 16
	// ControlByteData indicates a standard data message.
	ControlByteData byte = 0x01
	// ControlByteControl indicates a JSON control message.
	ControlByteControl byte = 0x02

	MessageHeaderLength = 1 + ClientIDLength // Length of the control message header, including control byte and client ID
)

Variables

This section is empty.

Functions

func RouteKey added in v0.3.1 

func RouteKey(transport Transport, port int) string

RouteKey returns the route key for a port-claimed transport and port.

Types

type BackendClaims added in v0.3.1 

type BackendClaims struct {
	Hostnames                  []string        `json:"hostnames,omitempty"`
	TCPPorts                   []int           `json:"tcp_ports,omitempty"`
	UDPRoutes                  []UDPRouteClaim `json:"udp_routes,omitempty"`
	Weight                     int             `json:"weight"`
	SessionNonce               string          `json:"session_nonce,omitempty"`
	HandshakeMaxAgeSeconds     *int            `json:"handshake_max_age_seconds,omitempty"`
	ReauthIntervalSeconds      *int            `json:"reauth_interval_seconds,omitempty"`
	ReauthGraceSeconds         *int            `json:"reauth_grace_seconds,omitempty"`
	MaintenanceGraceCapSeconds *int            `json:"maintenance_grace_cap_seconds,omitempty"`
	AuthorizerStatusURI        string          `json:"authorizer_status_uri,omitempty"`
	PolicyVersion              string          `json:"policy_version,omitempty"`
	OutboundAllowed            bool            `json:"outbound_allowed,omitempty"`
	AllowedOutboundPorts       []int           `json:"allowed_outbound_ports,omitempty"`
}

BackendClaims represents the custom attestation fields shared by both the client (token producer) and the server (token consumer). Each side embeds this struct alongside jwt.RegisteredClaims locally.

type ChallengeMessage 

type ChallengeMessage struct {
	Type  ChallengeType `json:"type"`
	Nonce string        `json:"nonce"`
}

ChallengeMessage is a JSON text-frame exchanged during the handshake and re-authentication flows.

type ChallengeType 

type ChallengeType string

ChallengeType identifies a WebSocket text-frame challenge during authentication. 

const (
	ChallengeHandshake ChallengeType = "handshake_challenge"
	ChallengeReauth    ChallengeType = "reauth_challenge"
)

type ControlMessage 

type ControlMessage struct {
	Event     EventType `json:"event"`
	ClientID  uuid.UUID `json:"client_id"`
	ConnPort  int       `json:"conn_port,omitempty"`
	ClientIP  string    `json:"client_ip,omitempty"`
	Transport Transport `json:"transport,omitempty"`
	// Hostname is the virtual host this client connected for. Included on connect.
	Hostname string `json:"hostname,omitempty"`
	// IsTLS indicates whether the original connection was negotiated over TLS.
	IsTLS bool `json:"is_tls,omitempty"`
	// Reason provides context for disconnect or pause events.
	Reason string `json:"reason,omitempty"`
	// TargetAddr is the host:port that the backend wants to connect to
	// (used with EventOutboundConnect).
	TargetAddr string `json:"target_addr,omitempty"`
	// Success indicates whether the outbound connection was established
	// (used with EventOutboundResult).
	Success bool `json:"success,omitempty"`
}

ControlMessage defines the structure for out-of-band communication between the proxy and the backend.

type DisconnectReason 

type DisconnectReason string

DisconnectReason identifies why a backend disconnected a client. 

const (
	DisconnectNormal        DisconnectReason = "normal"
	DisconnectBufferFull    DisconnectReason = "buffer_full"
	DisconnectDialFailed    DisconnectReason = "dial_failed"
	DisconnectTimeout       DisconnectReason = "timeout"
	DisconnectLocalError    DisconnectReason = "local_error"
	DisconnectShutdown      DisconnectReason = "shutdown"
	DisconnectSessionEnded  DisconnectReason = "session_ended"
	DisconnectPauseViolated DisconnectReason = "pause_violated"
	DisconnectUnknown       DisconnectReason = "unknown"
)

type EventType 

type EventType string

EventType defines the type of a control message event. 

const (
	// EventConnect is sent to a backend when a new client connects.
	EventConnect EventType = "connect"
	// EventDisconnect is sent to a backend when a client disconnects.
	EventDisconnect EventType = "disconnect"
	// EventPingClient is sent from a backend to the proxy to check liveness.
	EventPingClient EventType = "ping_client"
	// EventPongClient is sent from the proxy to a backend in response to a ping.
	EventPongClient EventType = "pong_client"
	// EventPauseStream is sent from a backend to pause reading from a client.
	EventPauseStream EventType = "pause_stream"
	// EventResumeStream is sent from a backend to resume reading from a client.
	EventResumeStream EventType = "resume_stream"
	// EventOutboundConnect is sent from a backend to request the proxy to
	// open an outbound TCP connection to an external target on its behalf.
	EventOutboundConnect EventType = "outbound_connect"
	// EventOutboundResult is sent from the proxy back to the backend with
	// the result of an outbound connection request.
	EventOutboundResult EventType = "outbound_result"
)

type PeerMessage 

type PeerMessage struct {
	Version   uint64          `json:"version,omitempty"`
	Type      PeerMessageType `json:"type"`
	Hostnames []string        `json:"hostnames,omitempty"`
	// Fields for tunneling request
	ClientID  uuid.UUID `json:"client_id,omitempty"`
	ConnPort  int       `json:"conn_port,omitempty"`
	ClientIP  string    `json:"client_ip,omitempty"`
	Hostname  string    `json:"hostname,omitempty"`
	Transport Transport `json:"transport,omitempty"`
	IsTLS     bool      `json:"is_tls,omitempty"`
}

PeerMessage is the structure for JSON control messages exchanged between peers. Note: Payload is not used for JSON messages, it's for conceptual clarity. Actual tunneled data is sent via binary messages for efficiency.

type PeerMessageType 

type PeerMessageType string

PeerMessageType defines the type of a JSON control message sent between peers. 

const (
	PeerAnnounce      PeerMessageType = "announce"
	PeerTunnelRequest PeerMessageType = "tunnel_request"
)

type Transport 

type Transport string
const (
	TransportTCP Transport = "tcp"
	TransportUDP Transport = "udp"
)

type UDPRouteClaim added in v0.3.1 

type UDPRouteClaim struct {
	Port                   int  `json:"port"`
	FlowIdleTimeoutSeconds *int `json:"flow_idle_timeout_seconds,omitempty"`
}

UDPRouteClaim represents a UDP route within attestation claims.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.