apf

package
v2.36.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2025 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package apf implements the APF (AMT Port Forwarding) Protocol

********************************************************************

  • Copyright (c) Intel Corporation 2022
  • SPDX-License-Identifier: Apache-2.0 *********************************************************************

********************************************************************

  • Copyright (c) Intel Corporation 2025
  • SPDX-License-Identifier: Apache-2.0 *********************************************************************

Index

Constants

View Source 
const (
	LMS_PROTOCOL_VERSION = 4
	LME_RX_WINDOW_SIZE   = 4096
)
View Source 
const (
	APF_DISCONNECT                = 1
	APF_SERVICE_REQUEST           = 5
	APF_SERVICE_ACCEPT            = 6
	APF_USERAUTH_REQUEST          = 50
	APF_USERAUTH_FAILURE          = 51
	APF_USERAUTH_SUCCESS          = 52
	APF_GLOBAL_REQUEST            = 80
	APF_REQUEST_SUCCESS           = 81
	APF_REQUEST_FAILURE           = 82
	APF_CHANNEL_OPEN              = 90
	APF_CHANNEL_OPEN_CONFIRMATION = 91
	APF_CHANNEL_OPEN_FAILURE      = 92
	APF_CHANNEL_WINDOW_ADJUST     = 93
	APF_CHANNEL_DATA              = 94
	APF_CHANNEL_CLOSE             = 97
	APF_PROTOCOLVERSION           = 192
	APF_KEEPALIVE_REQUEST         = 208
	APF_KEEPALIVE_REPLY           = 209
	APF_KEEPALIVE_OPTIONS_REQUEST = 210
	APF_KEEPALIVE_OPTIONS_REPLY   = 211
)

message op codes.

View Source 
const (
	APF_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT    = 1
	APF_DISCONNECT_PROTOCOL_ERROR                 = 2
	APF_DISCONNECT_KEY_EXCHANGE_FAILED            = 3
	APF_DISCONNECT_RESERVED                       = 4
	APF_DISCONNECT_MAC_ERROR                      = 5
	APF_DISCONNECT_COMPRESSION_ERROR              = 6
	APF_DISCONNECT_SERVICE_NOT_AVAILABLE          = 7
	APF_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED = 8
	APF_DISCONNECT_HOST_KEY_NOT_VERIFIABLE        = 9
	APF_DISCONNECT_CONNECTION_LOST                = 10
	APF_DISCONNECT_BY_APPLICATION                 = 11
	APF_DISCONNECT_TOO_MANY_CONNECTIONS           = 12
	APF_DISCONNECT_AUTH_CANCELLED_BY_USER         = 13
	APF_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE = 14
	APF_DISCONNECT_ILLEGAL_USER_NAME              = 15
)

disconnect reason codes.

View Source 
const (
	APF_GLOBAL_REQUEST_STR_TCP_FORWARD_REQUEST        = "tcpip-forward"
	APF_GLOBAL_REQUEST_STR_TCP_FORWARD_CANCEL_REQUEST = "cancel-tcpip-forward"
	APF_GLOBAL_REQUEST_STR_UDP_SEND_TO                = "udp-send-to@amt.intel.com"
	APF_OPEN_CHANNEL_REQUEST_FORWARDED                = "forwarded-tcpip"
	APF_OPEN_CHANNEL_REQUEST_DIRECT                   = "direct-tcpip"
)

strings used in global messages.

View Source 
const (
	APF_SERVICE_PFWD = "pfwd@amt.intel.com"
	APF_SERVICE_AUTH = "auth@amt.intel.com"
)

APF service names.

View Source 
const (
	APF_AUTH_NONE     = "none"
	APF_AUTH_PASSWORD = "password"
)

APF Authentication method.

View Source 
const (
	APF_TRIGGER_REASON_USER_INITIATED_REQUEST   = 1
	APF_TRIGGER_REASON_ALERT_REQUEST            = 2
	APF_TRIGGER_REASON_HIT_PROVISIONING_REQUEST = 3
	APF_TRIGGER_REASON_PERIODIC_REQUEST         = 4
	APF_TRIGGER_REASON_LME_REQUEST              = 254
)
View Source 
const (
	OPEN_FAILURE_REASON_ADMINISTRATIVELY_PROHIBITED = 1
	OPEN_FAILURE_REASON_CONNECT_FAILED              = 2
	OPEN_FAILURE_REASON_UNKNOWN_CHANNEL_TYPE        = 3
	OPEN_FAILURE_REASON_RESOURCE_SHORTAGE           = 4
)

Variables

This section is empty.

Functions

func BuildChannelCloseBytes added in v2.35.0 

func BuildChannelCloseBytes(recipientChannel uint32) []byte

BuildChannelCloseBytes serializes APF_CHANNEL_CLOSE for sending over the wire.

func BuildChannelDataBytes added in v2.35.0 

func BuildChannelDataBytes(recipientChannel uint32, data []byte) []byte

BuildChannelDataBytes serializes APF_CHANNEL_DATA for sending over the wire.

func BuildChannelWindowAdjustBytes added in v2.35.0 

func BuildChannelWindowAdjustBytes(recipientChannel, bytesToAdd uint32) []byte

BuildChannelWindowAdjustBytes serializes APF_CHANNEL_WINDOW_ADJUST for sending over the wire.

func ChannelOpen 

func ChannelOpen(senderChannel int) bytes.Buffer

func Process 

func Process(data []byte, session *Session) bytes.Buffer

Process is maintained for backward compatibility. It uses a DefaultHandler for non CIRA use cases.

func ProcessChannelData 

func ProcessChannelData(data []byte, session *Session)

func ProcessChannelOpenConfirmation 

func ProcessChannelOpenConfirmation(data []byte, session *Session)

func ProcessChannelOpenFailure 

func ProcessChannelOpenFailure(data []byte, session *Session)

func ProcessChannelWindowAdjust 

func ProcessChannelWindowAdjust(data []byte, session *Session)

func ProcessKeepAliveOptionsReply added in v2.33.0 

func ProcessKeepAliveOptionsReply(data []byte, session *Session)

func ProcessKeepAliveReply added in v2.33.0 

func ProcessKeepAliveReply(data []byte, session *Session)

func ProcessKeepAliveRequest added in v2.33.0 

func ProcessKeepAliveRequest(data []byte, session *Session) any

func ValidateChannelClose 

func ValidateChannelClose(data []byte) bool

ValidateChannelClose checks if the data length is at least 5 bytes for APF_CHANNEL_CLOSE.

func ValidateChannelData 

func ValidateChannelData(data []byte) bool

ValidateChannelData checks if the data length is sufficient for APF_CHANNEL_DATA.

func ValidateChannelOpenConfirmation 

func ValidateChannelOpenConfirmation(data []byte) bool

ValidateChannelOpenConfirmation checks if the data length is at least 17 bytes for APF_CHANNEL_OPEN_CONFIRMATION.

func ValidateChannelOpenFailure 

func ValidateChannelOpenFailure(data []byte) bool

ValidateChannelOpenFailure checks if the data length is at least 17 bytes for APF_CHANNEL_OPEN_FAILURE.

func ValidateChannelWindowAdjust 

func ValidateChannelWindowAdjust(data []byte) bool

ValidateChannelWindowAdjust checks if the data length is at least 9 bytes for APF_CHANNEL_WINDOW_ADJUST.

func ValidateGlobalRequest 

func ValidateGlobalRequest(data []byte) bool

ValidateGlobalRequest checks if the data length is sufficient for APF_GLOBAL_REQUEST.

func ValidateProtocolVersion 

func ValidateProtocolVersion(data []byte) bool

ValidateProtocolVersion checks if the data length is at least 93 bytes for APF_PROTOCOLVERSION.

func ValidateServiceRequest 

func ValidateServiceRequest(data []byte) bool

ValidateServiceRequest checks if the data length is sufficient for APF_SERVICE_REQUEST.

Types

type APF_CHANNEL_CLOSE_MESSAGE 

type APF_CHANNEL_CLOSE_MESSAGE struct {
	MessageType      byte
	RecipientChannel uint32
}

*

  • close channel message
  • @MessageType - APF_CHANNEL_CLOSE
  • @RecipientChannel - channel number given in the open request. *.

func ChannelClose 

func ChannelClose(recipientChannel uint32) APF_CHANNEL_CLOSE_MESSAGE

func ProcessChannelClose 

func ProcessChannelClose(data []byte, session *Session) APF_CHANNEL_CLOSE_MESSAGE

type APF_CHANNEL_DATA_MESSAGE 

type APF_CHANNEL_DATA_MESSAGE struct {
	MessageType      byte
	RecipientChannel uint32
	DataLength       uint32
	Data             []byte
}

*

  • used to send/receive data.
  • @MessageType - APF_CHANNEL_DATA
  • @RecipientChannel - channel number given in the open request
  • @Length - Length of the data in the message
  • @Data - The data in the message. *.

func ChannelData 

func ChannelData(recipientChannel uint32, buffer []byte) APF_CHANNEL_DATA_MESSAGE

type APF_CHANNEL_OPEN_CONFIRMATION_MESSAGE 

type APF_CHANNEL_OPEN_CONFIRMATION_MESSAGE struct {
	MessageType       byte
	RecipientChannel  uint32
	SenderChannel     uint32
	InitialWindowSize uint32
	Reserved          uint32
}

*

  • response to ChannelOpen when channel open succeed
  • @MessageType - APF_CHANNEL_OPEN_CONFIRMATION
  • @RecipientChannel - channel number given in the open request
  • @SenderChannel - channel number assigned by the sender
  • @InitialWindowSize - Number of bytes in the window
  • @Reserved - Reserved. *.

func ChannelOpenReplySuccess 

func ChannelOpenReplySuccess(recipientChannel, senderChannel uint32) APF_CHANNEL_OPEN_CONFIRMATION_MESSAGE

type APF_CHANNEL_OPEN_FAILURE_MESSAGE 

type APF_CHANNEL_OPEN_FAILURE_MESSAGE struct {
	MessageType      byte
	RecipientChannel uint32
	ReasonCode       uint32
	Reserved         uint32
	Reserved2        uint32
}

*

  • response to ChannelOpen when a channel open failed
  • @MessageType - APF_CHANNEL_OPEN_FAILURE
  • @RecipientChannel - channel number given in the open request
  • @ReasonCode - code for the reason channel could not be open
  • @Reserved - Reserved. *.

func ChannelOpenReplyFailure 

func ChannelOpenReplyFailure(recipientChannel, reason uint32) APF_CHANNEL_OPEN_FAILURE_MESSAGE

type APF_CHANNEL_OPEN_MESSAGE 

type APF_CHANNEL_OPEN_MESSAGE struct {
	MessageType               byte
	ChannelTypeLength         uint32
	ChannelType               [15]uint8
	SenderChannel             uint32
	InitialWindowSize         uint32
	Reserved                  uint32
	ConnectedAddressLength    uint32
	ConnectedAddress          [3]uint8
	ConnectedPort             uint32
	OriginatorIPAddressLength uint32
	OriginatorIPAddress       [3]uint8
	OriginatorPort            uint32
}

type APF_CHANNEL_WINDOW_ADJUST_MESSAGE 

type APF_CHANNEL_WINDOW_ADJUST_MESSAGE struct {
	MessageType      byte
	RecipientChannel uint32
	BytesToAdd       uint32
}

*

  • used to adjust receive window size.
  • @MessageType - APF_WINDOW_ADJUST
  • @RecipientChannel - channel number given in the open request
  • @BytesToAdd - number of bytes to add to current window size value. *.

func ChannelWindowAdjust 

func ChannelWindowAdjust(recipientChannel, l uint32) APF_CHANNEL_WINDOW_ADJUST_MESSAGE

type APF_DISCONNECT_MESSAGE 

type APF_DISCONNECT_MESSAGE struct {
	MessageType byte
	ReasonCode  uint32
	Reserved    uint // short32
}

*

  • This message causes immediate termination of the connection with AMT.
  • @ReasonCode - A Reason code for the disconnection event
  • @Reserved - Reserved must be set to 0. *.

type APF_GENERIC_HEADER 

type APF_GENERIC_HEADER struct {
	MessageType  byte
	StringLength uint32
	String       string
}

type APF_KEEPALIVE_OPTIONS_REQUEST_MESSAGE added in v2.33.0 

type APF_KEEPALIVE_OPTIONS_REQUEST_MESSAGE struct {
	MessageType     byte
	IntervalSeconds uint32
	TimeoutSeconds  uint32
}

func KeepAliveOptionsRequest added in v2.33.0 

func KeepAliveOptionsRequest(keepAliveTime, timeout uint32) APF_KEEPALIVE_OPTIONS_REQUEST_MESSAGE

type APF_KEEPALIVE_REPLY_MESSAGE added in v2.33.0 

type APF_KEEPALIVE_REPLY_MESSAGE struct {
	MessageType byte
	Cookie      uint32
}

type APF_MESSAGE_HEADER 

type APF_MESSAGE_HEADER struct {
	MessageType byte
}

type APF_PROTOCOL_VERSION_MESSAGE 

type APF_PROTOCOL_VERSION_MESSAGE struct {
	MessageType   byte
	MajorVersion  uint32
	MinorVersion  uint32
	TriggerReason uint32
	UUID          [16]byte
	Reserved      [64]byte
}

*

  • holds the protocol major and minor version implemented by AMT.
  • @MajorVersion - Protocol's Major version
  • @MinorVersion - Protocol's Minor version
  • @Trigger - The open session reason
  • @UUID - System Id. *.

func ProcessProtocolVersion 

func ProcessProtocolVersion(data []byte) APF_PROTOCOL_VERSION_MESSAGE

func ProtocolVersion 

func ProtocolVersion(majorversion, minorversion, triggerreason uint32) APF_PROTOCOL_VERSION_MESSAGE

func ProtocolVersionWithUUID added in v2.33.0 

func ProtocolVersionWithUUID(majorversion, minorversion, triggerreason uint32, uuid [16]byte) APF_PROTOCOL_VERSION_MESSAGE

type APF_SERVICE_ACCEPT_MESSAGE 

type APF_SERVICE_ACCEPT_MESSAGE struct {
	MessageType       byte
	ServiceNameLength uint32
	ServiceName       [18]byte
}

*

  • Used to send a service accept identified by name
  • @ServiceNameLength - The length of the service name string.
  • @ServiceName - The name of the service being requested. *.

func ProcessServiceRequest 

func ProcessServiceRequest(data []byte) APF_SERVICE_ACCEPT_MESSAGE

func ServiceAccept 

func ServiceAccept(serviceName string) APF_SERVICE_ACCEPT_MESSAGE

Send the APF service accept message to the MEI.

type APF_SERVICE_REQUEST_MESSAGE 

type APF_SERVICE_REQUEST_MESSAGE struct {
	MessageType       byte
	ServiceNameLength uint32
	ServiceName       string
}

*

  • Used to request a service identified by name
  • @ServiceNameLength - The length of the service name string.
  • @ServiceName - The name of the service being requested. *.

type APF_TCP_FORWARD_REPLY_MESSAGE 

type APF_TCP_FORWARD_REPLY_MESSAGE struct {
	MessageType byte
	PortBound   uint32
}

*

  • TCP forward reply message
  • @MessageType - Protocol's Major version
  • @PortBound - the TCP port was bound on the server. *.

func TcpForwardReplySuccess 

func TcpForwardReplySuccess(port uint32) APF_TCP_FORWARD_REPLY_MESSAGE

type APF_TCP_FORWARD_REQUEST 

type APF_TCP_FORWARD_REQUEST struct {
	WantReply     uint8
	AddressLength uint32
	Address       string
	Port          uint32
}

type APF_USERAUTH_FAILURE_MESSAGE added in v2.33.0 

type APF_USERAUTH_FAILURE_MESSAGE struct {
	MessageType                          byte
	AuthenticationsThatCanContinueLength uint32
	AuthenticationsThatCanContinue       [8]byte
	PartialSuccess                       byte
}

*

  • holds the user authentication request failure response.
  • @MessageType - APF_USERAUTH_FAILURE
  • @AuthenticationsThatCanContinueLength - length of the methods string
  • @AuthenticationsThatCanContinue - methods that can continue (e.g., "password")
  • @PartialSuccess - 0 for no partial success.

type APF_USERAUTH_SUCCESS_MESSAGE 

type APF_USERAUTH_SUCCESS_MESSAGE struct {
	MessageType byte
}

*

  • holds the user authentication request success response. *.

type AuthRequest added in v2.33.0 

type AuthRequest struct {
	Username    string
	ServiceName string
	MethodName  string
	Password    string // Only populated when MethodName == "password"
}

AuthRequest contains the decoded fields from an APF_USERAUTH_REQUEST message.

type AuthResponse added in v2.33.0 

type AuthResponse struct {
	Authenticated bool
}

AuthResponse indicates whether authentication succeeded.

type DefaultHandler added in v2.33.0 

type DefaultHandler struct{}

DefaultHandler provides a no-op implementation of Handler. This maintains backward compatibility - existing code that doesn't need callbacks can continue to work unchanged.

func (DefaultHandler) OnAuthRequest added in v2.33.0 

func (h DefaultHandler) OnAuthRequest(request AuthRequest) AuthResponse

OnAuthRequest does not authenticate by default.

func (DefaultHandler) OnGlobalRequest added in v2.33.0 

func (h DefaultHandler) OnGlobalRequest(request GlobalRequest) bool

OnGlobalRequest returns false (no keep-alive by default).

func (DefaultHandler) OnProtocolVersion added in v2.33.0 

func (h DefaultHandler) OnProtocolVersion(info ProtocolVersionInfo) error

OnProtocolVersion accepts all protocol version messages.

type GlobalRequest added in v2.33.0 

type GlobalRequest struct {
	RequestType string // "tcpip-forward" or "cancel-tcpip-forward"
	Address     string
	Port        uint32
}

GlobalRequest contains the decoded fields from an APF_GLOBAL_REQUEST message.

func ProcessGlobalRequest 

func ProcessGlobalRequest(data []byte) (GlobalRequest, interface{})

ProcessGlobalRequest decodes the global request and returns both the decoded info and the reply.

type Handler added in v2.33.0 

type Handler interface {
	// OnProtocolVersion is called when an APF_PROTOCOLVERSION message is received.
	// The application can use the UUID to identify the device.
	// Returns an error if the device should be rejected.
	OnProtocolVersion(info ProtocolVersionInfo) error

	// OnAuthRequest is called when an APF_USERAUTH_REQUEST message is received.
	// The application should validate the credentials and return an AuthResponse.
	// The library will generate the appropriate success/failure response message.
	OnAuthRequest(request AuthRequest) AuthResponse

	// OnGlobalRequest is called when an APF_GLOBAL_REQUEST message is received.
	// The application can use this to track TCP forwarding requests.
	// Returns true if the application wants to send a keep-alive options request
	// after the response (caller is responsible for sending it separately).
	OnGlobalRequest(request GlobalRequest) bool
}

Handler is the interface that applications must implement to receive APF protocol events and provide application-specific decisions.

Methods are called synchronously during message processing. The library handles protocol encoding/decoding; the application handles business logic (authentication, device registration, etc.).

type Processor added in v2.33.0 

type Processor struct {
	// contains filtered or unexported fields
}

Processor handles APF protocol messages with optional callbacks.

func NewProcessor added in v2.33.0 

func NewProcessor(handler Handler) *Processor

NewProcessor creates a new Processor with the given handler. If handler is nil, a DefaultHandler is used (maintains backward compatibility).

func (*Processor) Process added in v2.33.0 

func (p *Processor) Process(data []byte, session *Session) bytes.Buffer

Process handles incoming APF data with handler callbacks and returns the response.

type ProtocolVersionInfo added in v2.33.0 

type ProtocolVersionInfo struct {
	MajorVersion  uint32
	MinorVersion  uint32
	TriggerReason uint32
	UUID          string   // Formatted as GUID string (e.g., "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX")
	RawUUID       [16]byte // Raw UUID bytes
}

ProtocolVersionInfo contains the decoded fields from an APF_PROTOCOL_VERSION_MESSAGE.

type Session 

type Session struct {
	SenderChannel    uint32
	RecipientChannel uint32
	TXWindow         uint32
	RXWindow         uint32
	Tempdata         []byte
	DataBuffer       chan []byte
	ErrorBuffer      chan error
	Status           chan bool
	Timer            *time.Timer
	WaitGroup        *sync.WaitGroup
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.