wireguard

package
v0.8.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 10, 2025 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DeviceConfig 

type DeviceConfig struct {
	// Private key (base64). "0" indicates removal in set operations.
	PrivateKey *string `ini:"PrivateKey" uapi:"private_key,hex"`
	// Listening port in decimal-string format.
	ListenPort *uint16 `ini:"ListenPort" uapi:"listen_port"`
	// Decimal-string integer for fwmark. Zero indicates removal in set operations.
	FirewallMark *uint32 `ini:"FwMark" uapi:"fwmark"`
	// Only for set operations; true means subsequent peers replace existing ones.
	ReplacePeers *bool `uapi:"replace_peers"`

	// wg-quick specific fields.
	// Comma-separated list of IP (v4 or v6) addresses with CIDR to assign to the interface.
	Address []string `ini:"Address"`
	// Comma-separated list of DNS IPs or non-IP DNS search domains.
	DNS []string `ini:"DNS"`
	// Optional MTU; if unset, system automatically determines it.
	MTU *int `ini:"MTU"`
	// Controls the routing table; "off" disables routes, "auto" is default.
	Table *string `ini:"Table"`
	// Commands executed before the interface is up. Can be specified multiple times.
	PreUp []string `ini:"PreUp"`
	// Commands executed after the interface is up. Can be specified multiple times.
	PostUp []string `ini:"PostUp"`
	// Commands executed before the interface is down. Can be specified multiple times.
	PreDown []string `ini:"PreDown"`
	// Commands executed after the interface is down. Can be specified multiple times.
	PostDown []string `ini:"PostDown"`

	// Apoxy specific fields.
	// Packet capture file to write to (only supported in userspace mode).
	PacketCapturePath string
	// Verbose logging.
	Verbose *bool
}

DeviceConfig represents the configuration of a WireGuard device. This is the [Interface] section of a wg-quick(8) compatible INI configuration file.

type KernelModeTransport added in v0.8.3 

type KernelModeTransport struct {
	*network.FilteredNetwork
	// contains filtered or unexported fields
}

func NewKernelModeTransport added in v0.8.3 

func NewKernelModeTransport(
	conf *DeviceConfig,
) (*KernelModeTransport, error)

NewKernelModeTransport returns a new kernel mode wireguard network.

func (*KernelModeTransport) AddPeer added in v0.8.3 

func (t *KernelModeTransport) AddPeer(peerConf *PeerConfig) error

func (*KernelModeTransport) Close added in v0.8.3 

func (t *KernelModeTransport) Close() error

func (*KernelModeTransport) ListenPort added in v0.8.3 

func (t *KernelModeTransport) ListenPort() (uint16, error)

func (*KernelModeTransport) LocalAddresses added in v0.8.3 

func (t *KernelModeTransport) LocalAddresses() ([]netip.Prefix, error)

func (*KernelModeTransport) Peers added in v0.8.3 

func (t *KernelModeTransport) Peers() ([]PeerConfig, error)

func (*KernelModeTransport) PublicKey added in v0.8.3 

func (t *KernelModeTransport) PublicKey() string

func (*KernelModeTransport) RemovePeer added in v0.8.3 

func (t *KernelModeTransport) RemovePeer(publicKey string) error

type PeerConfig 

type PeerConfig struct {
	// Public key (base64). Unique within a message; not repeated.
	PublicKey *string `ini:"PublicKey" uapi:"public_key,hex"`
	// Preshared key (base64), "0" removes it in set operations.
	PresharedKey *string `ini:"PresharedKey" uapi:"preshared_key,hex"`
	// Endpoint in IP:port format (IPv4) or [IP]:port format (IPv6).
	Endpoint *string `ini:"Endpoint" uapi:"endpoint"`
	// Keepalive interval; 0 disables it.
	PersistentKeepaliveIntervalSec *uint16 `ini:"PersistentKeepalive" uapi:"persistent_keepalive_interval"`
	// IP/cidr for allowed IPs for this peer.
	AllowedIPs []string `ini:"AllowedIPs" uapi:"allowed_ip"`
	// Only for set operations; true means allowed IPs replace existing ones.
	ReplaceAllowedIPs *bool `uapi:"replace_allowed_ips"`
	// Only for set operations; true removes the previously added peer.
	Remove *bool `uapi:"remove"`
	// Only for set operations; true restricts changes to existing peers only.
	UpdateOnly *bool `uapi:"update_only"`

	// Fields valid only in get operations
	// Number of received bytes.
	RxBytes *uint64 `uapi:"rx_bytes"`
	// Number of transmitted bytes.
	TxBytes *uint64 `uapi:"tx_bytes"`
	// Seconds since Unix epoch of last handshake.
	LastHandshakeTimeSec *uint64 `uapi:"last_handshake_time_sec"`
	// Nanoseconds since Unix epoch of last handshake.
	LastHandshakeTimeNSec *uint64 `uapi:"last_handshake_time_nsec"`
}

PeerConfig represents the configuration of a WireGuard peer. This is the [Peer] section of a wg-quick(8) compatible INI configuration file.

type TunnelTransport added in v0.8.3 

type TunnelTransport interface {
	io.Closer
	network.Network
	// Peers returns known peers associated with the network.
	Peers() ([]PeerConfig, error)
	// AddPeer adds a new peer to the network.
	AddPeer(peerConf *PeerConfig) error
	// RemovePeer removes a peer from the network.
	RemovePeer(publicKey string) error
	// PublicKey returns the public key of this node.
	PublicKey() string
	// LocalAddresses returns the addresses associated with the node.
	LocalAddresses() ([]netip.Prefix, error)
	// ListenPort returns the local listen port of this node.
	ListenPort() (uint16, error)
}

TunnelTransport is an interface that represents a WireGuard network. It provides methods to manage peers, retrieve local addresses, and make/listen for connections.

type UserspaceTransport added in v0.8.3 

type UserspaceTransport struct {
	*network.NetstackNetwork
	// contains filtered or unexported fields
}

UserspaceTransport is a user-space network implementation that uses WireGuard.

func NewUserspaceTransport added in v0.8.3 

func NewUserspaceTransport(conf *DeviceConfig) (*UserspaceTransport, error)

NewUserspaceTransport returns a new userspace wireguard network.

func (*UserspaceTransport) AddPeer added in v0.8.3 

func (t *UserspaceTransport) AddPeer(peerConf *PeerConfig) error

AddPeer adds, or updates, a peer to the WireGuard network.

func (*UserspaceTransport) Close added in v0.8.3 

func (t *UserspaceTransport) Close() error

func (*UserspaceTransport) FowardTo added in v0.8.4 

func (t *UserspaceTransport) FowardTo(ctx context.Context, upstream network.Network) error

FowardTo forwards all inbound traffic to the specified upstream netwrok.

func (*UserspaceTransport) ListenPort added in v0.8.3 

func (t *UserspaceTransport) ListenPort() (uint16, error)

ListenPort returns the local listen port of this end of the tunnel.

func (*UserspaceTransport) LocalAddresses added in v0.8.3 

func (t *UserspaceTransport) LocalAddresses() ([]netip.Prefix, error)

LocalAddresses returns the list of local addresses assigned to the WireGuard network.

func (*UserspaceTransport) Peers added in v0.8.3 

func (n *UserspaceTransport) Peers() ([]PeerConfig, error)

Peers returns the list of public keys for all peers on the WireGuard network.

func (*UserspaceTransport) PublicKey added in v0.8.3 

func (t *UserspaceTransport) PublicKey() string

PublicKey returns the public key for this peer on the WireGuard network.

func (*UserspaceTransport) RemovePeer added in v0.8.3 

func (t *UserspaceTransport) RemovePeer(publicKey string) error

RemovePeer removes a peer from the WireGuard network.

Source Files

View all Source files

Directories

Path Synopsis
Package uapi implements a marshaller for the WireGuard User-space API.
 Package uapi implements a marshaller for the WireGuard User-space API.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.