sysnet

package
v0.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 31, 2026 License: CC0-1.0 Imports: 9 Imported by: 0

Documentation

Overview

Package sysnet provides an abstraction of the OS networking system so that each specific integration (Linux, Windows, macOS, etc.) can be implemented once and reused across applications. This abstraction also makes it possible to build virtual implementations for testing.

Index

Constants

View Source 
const (
	CGROUP_UNKNOWN     = 0
	UID_UNKNOWN        = math.MaxUint64
	GID_UNKNOWN        = math.MaxUint64
	PID_UNKNOWN        = math.MinInt
	ROUTE_MARK_UNKNOWN = 0
)

Variables

This section is empty.

Functions

This section is empty.

Types

type BuildOpts 

type BuildOpts struct {
	// TunNeeded specifies whether a TUN device should be created.
	TunNeeded bool
	// DnsNeeded specifies whether DNS integration should be enabled.
	DnsNeeded bool

	// TunAddrs specifies the addresses that should be owned by the TUN device,
	// for example: "10.0.0.2/32".
	TunAddrs []string

	// TunRoutes specifies the routes that should be owned by the TUN device,
	// for example: "0.0.0.0/0" for all routes.
	TunRoutes []string

	// MTU specifies the initial MTU for the TUN device.
	MTU int

	// Exclude specifies a list of rules to exclude traffic from being routed
	// through System.Tun.
	Exclude []Rule
}

BuildOpts specifies configuration options for building a System.

type DebugIPMatcher 

type DebugIPMatcher struct {
	sync.RWMutex
	FixedInfo NetInfo
	TrueRules []Rule
	// contains filtered or unexported fields
}

func (*DebugIPMatcher) Close 

func (d *DebugIPMatcher) Close() error

func (*DebugIPMatcher) Map 

func (d *DebugIPMatcher) Map(rule Rule) uint64

func (*DebugIPMatcher) Match 

func (d *DebugIPMatcher) Match(pkt []byte, rule uint64) bool

func (*DebugIPMatcher) PktInfo 

func (d *DebugIPMatcher) PktInfo(pkt []byte) *NetInfo

func (*DebugIPMatcher) UnMap 

func (d *DebugIPMatcher) UnMap(rule uint64)

func (*DebugIPMatcher) UnMapAll 

func (d *DebugIPMatcher) UnMapAll()

type DebugSysBuilder 

type DebugSysBuilder struct {
	Tun tun.Tun

	// FixedInfo is the static NetInfo returned for all connections and packets.
	FixedInfo NetInfo

	// TrueRules is the list of rules that will always match any packet or
	// connection. Rules not in this list will never match.
	TrueRules []Rule

	// SupportedRules is the list of rule types reported as supported by
	// ListRules. Use this to simulate different platform capabilities.
	SupportedRules []RuleTypeInfo

	// CgroupSupported reports whether cgroup support is advertised by Cgroup().
	CgroupSupported bool

	// TunFormat is the format string returned by TunNameFormat(), e.g. "debug%d".
	TunFormat string

	// ValidTunNames is the list of TUN device names that pass TunNameVerify().
	ValidTunNames []string

	// RuleCompletions maps partial rule values to completion suggestions
	// returned by RuleCompl(). For example: "org.mozilla.fir" -> ["org.mozilla.firefox"].
	RuleCompletions map[string][]string

	IPAlloc     subnet.IPAllocator
	SubnetAlloc subnet.SubnetAllocator

	OutNet, LocalNet gonnect.Network

	DNSOut dns.Interface
	DNSIn  func(dns.Interface)
}

DebugSysBuilder is a test implementation of SysBuilder that returns predictable, fixed values for testing purposes. It follows the same concepts as DebugIPMatcher: rules in TrueRules always match any packet or connection, while other rules do not match. Network information is returned from fixed static values configured on the builder.

DebugSysBuilder is not thread-safe and is intended for use in unit tests and development environments only.

func NewDebugSysBuilder 

func NewDebugSysBuilder() *DebugSysBuilder

NewDebugSysBuilder returns a new DebugSysBuilder initialized with sensible defaults for testing. Callers can modify the returned builder's exported fields to customize behavior for specific test scenarios.

func (*DebugSysBuilder) AllocIP 

func (d *DebugSysBuilder) AllocIP() subnet.IPAllocator

func (*DebugSysBuilder) AllocSubnet 

func (d *DebugSysBuilder) AllocSubnet() subnet.SubnetAllocator

func (*DebugSysBuilder) Build 

func (d *DebugSysBuilder) Build(opts BuildOpts) (*System, error)

func (*DebugSysBuilder) Close 

func (d *DebugSysBuilder) Close() error

func (*DebugSysBuilder) ConnInfo 

func (d *DebugSysBuilder) ConnInfo(c net.Conn) *NetInfo

ConnInfo returns a copy of the configured FixedInfo, ignoring the connection.

func (*DebugSysBuilder) ConnRule 

func (d *DebugSysBuilder) ConnRule(c net.Conn, rule Rule) bool

ConnRule matches the given rule against the TrueRules list. Returns true if the rule is present in TrueRules, false otherwise. The connection argument is ignored, matching the deterministic behavior of DebugIPMatcher.

func (*DebugSysBuilder) ListRules 

func (d *DebugSysBuilder) ListRules() []RuleTypeInfo

ListRules returns the list of supported rule types configured on the builder.

func (*DebugSysBuilder) RuleCompl 

func (d *DebugSysBuilder) RuleCompl(rule Rule) []string

RuleCompl returns autocompletion suggestions for a partial rule value, looked up from the RuleCompletions map. Returns nil if no suggestions exist.

func (*DebugSysBuilder) RuleVerify 

func (d *DebugSysBuilder) RuleVerify(rule Rule) bool

RuleVerify checks whether a rule's type is listed in SupportedRules.

func (*DebugSysBuilder) TunNameFormat 

func (d *DebugSysBuilder) TunNameFormat() string

TunNameFormat returns the configured TUN device name format string.

func (*DebugSysBuilder) TunNameVerify 

func (d *DebugSysBuilder) TunNameVerify(name string) bool

TunNameVerify checks whether the given name is in the ValidTunNames list.

type IPMatcher 

type IPMatcher interface {
	Lock()
	Unlock()

	Map(rule Rule) uint64
	UnMap(rule uint64)
	UnMapAll()

	Match(pkt []byte, rule uint64) bool

	PktInfo(pkt []byte) *NetInfo

	Close() error
}

IPMatcher matches IP packets against rules and extracts network information. IPMatcher must be thread safe.

type NetInfo 

type NetInfo struct {
	Cgroup uint64 // Default 0

	UID  uint64 // Default UID_UNKNOWN
	GID  uint64 // Default GID_UNKNOWN
	User string // Default ""

	PID int // Default PID_UNKNOWN

	// RouteMark holds the packet/connection route mark value:
	// SO_MARK on Linux, SO_USER_COOKIE on FreeBSD, SO_RTABLE on OpenBSD.
	// There is no matching concept specified for other operating systems.
	// Default 0.
	RouteMark int
}

NetInfo reports information that can be fetched for a connection or packet. Not all systems support all fields; unsupported or unknown fields should have their default values.

type Rule 

type Rule struct {
	Type, Rule string
}

A Rule matches IP packets and connections to check if they are owned by a specific process, user, application, or other entity. For example: Type="app", Rule="org.mozilla.firefox". Different SysBuilder and System implementations may support different sets of rule types, so callers should check SysBuilder.ListRules first.

type RuleTypeInfo 

type RuleTypeInfo struct {
	Type, Description string
}

RuleTypeInfo describes a supported rule type and its human-readable description.

type SysBuilder 

type SysBuilder interface {
	io.Closer

	// AllocIP returns an IP address allocator for the system.
	AllocIP() subnet.IPAllocator
	// AllocSubnet returns a subnet allocator for the system.
	AllocSubnet() subnet.SubnetAllocator

	// ListRules returns a list of supported rule types and their descriptions.
	ListRules() []RuleTypeInfo

	// RuleVerify checks whether a rule is valid for its specified type.
	// This is intended for UI validation hints.
	RuleVerify(rule Rule) bool

	// RuleCompl returns autocompletion suggestions for a partial rule value,
	// intended for UI use. For example: Type="app", Partial="org.mozilla.fir"
	// might return []string{"org.mozilla.firefox"}.
	RuleCompl(rule Rule) []string

	// TunNameFormat returns the expected format string for TUN device names.
	TunNameFormat() string
	// TunNameVerify checks whether a TUN device name is valid.
	TunNameVerify(name string) bool

	// ConnInfo fetches network information about an incoming connection.
	ConnInfo(c net.Conn) *NetInfo
	// ConnRule matches an incoming connection against a rule.
	ConnRule(c net.Conn, rule Rule) bool

	// Build constructs a System instance with the specified options.
	// Build may be called multiple times, but only one System should be used
	// at a time. It is recommended that SysBuilder implementations close or
	// stop artifacts from a previous build when a new one is created.
	Build(opts BuildOpts) (*System, error)
}

SysBuilder constructs System instances for a specific platform.

type System 

type System struct {
	// Tun is the TUN device interface, or nil if not enabled.
	Tun tun.Tun

	// OutNet and LocalNet are the outbound and local network interfaces.
	// These must never be nil; SysBuilder implementations that cannot provide
	// one should return gonnect.RejectNetwork.
	OutNet, LocalNet gonnect.Network

	// DNSOut is the interface for handling outgoing DNS requests.
	DNSOut dns.Interface
	// DNSIn is an optional callback to set the current system DNS resolver.
	DNSIn func(dns.Interface)

	// Matcher is a pointer to the IP packet matcher.
	Matcher IPMatcher
}

System holds the components for operating with the network system.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.