wireguard

package
v0.8.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2025 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func TryStun 

func TryStun(ctx context.Context, bind conn.Bind, srcPort uint16, stunServers ...string) (netip.AddrPort, error)

TrySTUN tries to resolve the external IP address and port of the host by sending a STUN request to the specified STUN servers.

Types

type DeviceConfig 

type DeviceConfig struct {
	// Private key (base64). "0" indicates removal in set operations.
	PrivateKey *string `ini:"PrivateKey" uapi:"private_key,hex"`
	// Listening port in decimal-string format.
	ListenPort *uint16 `ini:"ListenPort" uapi:"listen_port"`
	// Decimal-string integer for fwmark. Zero indicates removal in set operations.
	FirewallMark *uint32 `ini:"FwMark" uapi:"fwmark"`
	// Only for set operations; true means subsequent peers replace existing ones.
	ReplacePeers *bool `uapi:"replace_peers"`

	// wg-quick specific fields.
	// Comma-separated list of IP (v4 or v6) addresses with CIDR to assign to the interface.
	Address []string `ini:"Address"`
	// Comma-separated list of DNS IPs or non-IP DNS search domains.
	DNS []string `ini:"DNS"`
	// Optional MTU; if unset, system automatically determines it.
	MTU *int `ini:"MTU"`
	// Controls the routing table; "off" disables routes, "auto" is default.
	Table *string `ini:"Table"`
	// Commands executed before the interface is up. Can be specified multiple times.
	PreUp []string `ini:"PreUp"`
	// Commands executed after the interface is up. Can be specified multiple times.
	PostUp []string `ini:"PostUp"`
	// Commands executed before the interface is down. Can be specified multiple times.
	PreDown []string `ini:"PreDown"`
	// Commands executed after the interface is down. Can be specified multiple times.
	PostDown []string `ini:"PostDown"`

	// Apoxy specific fields.
	// Packet capture file to write to.
	PacketCapturePath string
	// Bind to use for the device. If nil, the default bind is used.
	Bind conn.Bind
	// Verbose logging.
	Verbose *bool
}

DeviceConfig represents the configuration of a WireGuard device. This is the [Interface] section of a wg-quick(8) compatible INI configuration file.

type IceBind added in v0.7.0 

type IceBind struct {
	Conf *ice.AgentConfig
	// contains filtered or unexported fields
}

func NewIceBind added in v0.7.0 

func NewIceBind(ctx context.Context, conf *ice.AgentConfig) *IceBind

NewIceBind creates a new IceBind.

func (*IceBind) BatchSize added in v0.7.0 

func (b *IceBind) BatchSize() int

func (*IceBind) Close added in v0.7.0 

func (b *IceBind) Close() error

func (*IceBind) NewPeer added in v0.7.0 

func (b *IceBind) NewPeer(ctx context.Context, isControlling bool) (*IcePeer, error)

func (*IceBind) Open added in v0.7.0 

func (b *IceBind) Open(port uint16) (fns []conn.ReceiveFunc, actualPort uint16, err error)

func (*IceBind) ParseEndpoint added in v0.7.0 

func (b *IceBind) ParseEndpoint(s string) (conn.Endpoint, error)

func (*IceBind) Send added in v0.7.0 

func (b *IceBind) Send(bufs [][]byte, ep conn.Endpoint) error

func (*IceBind) SetMark added in v0.7.0 

func (b *IceBind) SetMark(mark uint32) error

type IcePeer added in v0.7.0 

type IcePeer struct {
	OnCandidate     func(candidate string)
	OnConnected     func()
	OnDisconnected  func(msg string)
	OnCandidatePair func(local, remote string)
	// contains filtered or unexported fields
}

func (*IcePeer) AddRemoteOffer added in v0.7.0 

func (p *IcePeer) AddRemoteOffer(offer *corev1alpha.ICEOffer) error

func (*IcePeer) Close added in v0.7.0 

func (p *IcePeer) Close() error

func (*IcePeer) Connect added in v0.7.0 

func (p *IcePeer) Connect(
	ctx context.Context,
	dst string,
) error

func (*IcePeer) Init added in v0.7.0 

func (p *IcePeer) Init(ctx context.Context) error

func (*IcePeer) LocalCandidates added in v0.7.0 

func (p *IcePeer) LocalCandidates() []string

func (*IcePeer) LocalUserCredentials added in v0.7.0 

func (p *IcePeer) LocalUserCredentials() (ufrag, pwd string)

type PeerConfig 

type PeerConfig struct {
	// Public key (base64). Unique within a message; not repeated.
	PublicKey *string `ini:"PublicKey" uapi:"public_key,hex"`
	// Preshared key (base64), "0" removes it in set operations.
	PresharedKey *string `ini:"PresharedKey" uapi:"preshared_key,hex"`
	// Endpoint in IP:port format (IPv4) or [IP]:port format (IPv6).
	Endpoint *string `ini:"Endpoint" uapi:"endpoint"`
	// Keepalive interval; 0 disables it.
	PersistentKeepaliveIntervalSec *uint16 `ini:"PersistentKeepalive" uapi:"persistent_keepalive_interval"`
	// IP/cidr for allowed IPs for this peer.
	AllowedIPs []string `ini:"AllowedIPs" uapi:"allowed_ip"`
	// Only for set operations; true means allowed IPs replace existing ones.
	ReplaceAllowedIPs *bool `uapi:"replace_allowed_ips"`
	// Only for set operations; true removes the previously added peer.
	Remove *bool `uapi:"remove"`
	// Only for set operations; true restricts changes to existing peers only.
	UpdateOnly *bool `uapi:"update_only"`

	// Fields valid only in get operations
	// Number of received bytes.
	RxBytes *uint64 `uapi:"rx_bytes"`
	// Number of transmitted bytes.
	TxBytes *uint64 `uapi:"tx_bytes"`
	// Seconds since Unix epoch of last handshake.
	LastHandshakeTimeSec *uint64 `uapi:"last_handshake_time_sec"`
	// Nanoseconds since Unix epoch of last handshake.
	LastHandshakeTimeNSec *uint64 `uapi:"last_handshake_time_nsec"`
}

PeerConfig represents the configuration of a WireGuard peer. This is the [Peer] section of a wg-quick(8) compatible INI configuration file.

type WireGuardNetwork 

type WireGuardNetwork struct {
	// contains filtered or unexported fields
}

WireGuardNetwork is a user-space network implementation that uses WireGuard.

func Network 

func Network(conf *DeviceConfig) (*WireGuardNetwork, error)

Network returns a new WireGuardNetwork.

func (*WireGuardNetwork) AddPeer 

func (n *WireGuardNetwork) AddPeer(peerConf *PeerConfig) error

AddPeer adds, or updates, a peer to the WireGuard network.

func (*WireGuardNetwork) Close 

func (n *WireGuardNetwork) Close()

func (*WireGuardNetwork) DialContext 

func (n *WireGuardNetwork) DialContext(ctx context.Context, network, addr string) (net.Conn, error)

func (*WireGuardNetwork) Endpoint 

func (n *WireGuardNetwork) Endpoint() netip.AddrPort

Endpoint returns the external endpoint of the WireGuard network.

func (*WireGuardNetwork) FowardToLoopback 

func (n *WireGuardNetwork) FowardToLoopback(ctx context.Context) error

FowardToLoopback forwards all inbound traffic to the loopback interface.

func (*WireGuardNetwork) LocalAddresses 

func (n *WireGuardNetwork) LocalAddresses() []netip.Prefix

LocalAddresses returns the list of local addresses assigned to the WireGuard network.

func (*WireGuardNetwork) LookupContextHost 

func (n *WireGuardNetwork) LookupContextHost(ctx context.Context, host string) ([]string, error)

func (*WireGuardNetwork) Peers added in v0.4.2 

func (n *WireGuardNetwork) Peers() ([]PeerConfig, error)

Peers returns the list of public keys for all peers on the WireGuard network.

func (*WireGuardNetwork) PublicKey 

func (n *WireGuardNetwork) PublicKey() string

PublicKey returns the public key for this peer on the WireGuard network.

func (*WireGuardNetwork) RemovePeer 

func (n *WireGuardNetwork) RemovePeer(publicKey string) error

RemovePeer removes a peer from the WireGuard network.

Source Files

View all Source files

Directories

Path Synopsis
Package uapi implements a marshaller for the WireGuard User-space API.
 Package uapi implements a marshaller for the WireGuard User-space API.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.