Documentation
¶
Index ¶
- Constants
- func EnsureAllowedIPs(peer *wgtypes.Peer, facts []*fact.Fact, cfg *wgtypes.PeerConfig, ...) *wgtypes.PeerConfig
- func EnsurePeerAutoIP(peer *wgtypes.Peer, cfg *wgtypes.PeerConfig) (*wgtypes.PeerConfig, bool)
- func EnsurePeersAutoIP(ctrl *wgctrl.Client, dev *wgtypes.Device) (int, error)
- func IsHandshakeHealthy(lastHandshake time.Time) bool
- func OnlyAutoIP(peer *wgtypes.Peer, cfg *wgtypes.PeerConfig) *wgtypes.PeerConfig
- type Manager
- type PeerConfigState
- func (pcs *PeerConfigState) AliveSince() time.Time
- func (pcs *PeerConfigState) Describe() string
- func (pcs *PeerConfigState) EnsureNotNil() *PeerConfigState
- func (pcs *PeerConfigState) IsAlive() bool
- func (pcs *PeerConfigState) IsHealthy() bool
- func (pcs *PeerConfigState) NextEndpoint(peerFacts []*fact.Fact) *net.UDPAddr
- func (pcs *PeerConfigState) TimeForNextEndpoint() bool
- func (pcs *PeerConfigState) Update(peer *wgtypes.Peer, name string, newAlive bool, bootID *uuid.UUID) *PeerConfigState
Constants ¶
const HandshakeValidity = HandshakeValidityBase + HealthHysteresisBandaid
HandshakeValidity is how long we thing a handshake should be valid for, including tolerances
const HandshakeValidityBase = device.RekeyAfterTime + device.RekeyTimeout + device.KeepaliveTimeout + device.RekeyTimeoutJitterMaxMs*time.Millisecond
HandshakeValidityBase is the base amount of time we think a handshake should be valid for, without accounting for tolerances
const HealthHysteresisBandaid = 30 * time.Second
HealthHysteresisBandaid is an extra delay to add before considering a peer unhealthy, based on as-yet undiagnosed observations of handshakes not refreshing as often as documentation seems to suggest they should
Variables ¶
This section is empty.
Functions ¶
func EnsureAllowedIPs ¶
func EnsureAllowedIPs( peer *wgtypes.Peer, facts []*fact.Fact, cfg *wgtypes.PeerConfig, allowDeconfigure bool, ) *wgtypes.PeerConfig
EnsureAllowedIPs updates the device config if needed to add all the AllowedIPs from the facts to the peer. This assumes that facts have already been filtered to be just the trusted ones.
func EnsurePeerAutoIP ¶
func EnsurePeerAutoIP(peer *wgtypes.Peer, cfg *wgtypes.PeerConfig) (*wgtypes.PeerConfig, bool)
EnsurePeerAutoIP ensures that the config (if any) for the given peer key includes its automatic IPv6-LL address.
func EnsurePeersAutoIP ¶ added in v0.1.1
EnsurePeersAutoIP updates the config of the device, if needed, to ensure all peers have their IPv6-LL IP listed in their AllowedIPs. It returns the number of peers modified and any error that happens
func IsHandshakeHealthy ¶ added in v0.2.1
IsHandshakeHealthy returns whether the handshake looks recent enough that the peer is likely to be in communication.
func OnlyAutoIP ¶
func OnlyAutoIP(peer *wgtypes.Peer, cfg *wgtypes.PeerConfig) *wgtypes.PeerConfig
OnlyAutoIP configures a peer to have _only_ its IPv6-LL IP in its AllowedIPs it returns whether a change was attempted and any error that happens
Types ¶
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager is a wrapper for applying local configuration changes
func NewManager ¶
NewManager instantiates a new Manager object with its own netlink handle
type PeerConfigState ¶
type PeerConfigState struct {
// contains filtered or unexported fields
}
PeerConfigState stores state to remember peer info so we can cycle through configurations effectively
func (*PeerConfigState) AliveSince ¶ added in v0.1.2
func (pcs *PeerConfigState) AliveSince() time.Time
AliveSince gives the time since which the peer has been healthy and alive, or a _very_ far future value if it is not healthy and alive.
func (*PeerConfigState) Describe ¶ added in v0.3.0
func (pcs *PeerConfigState) Describe() string
Describe gives a textual summary of the state. Note that this is not done as String() because it doesn't represent the whole object.
func (*PeerConfigState) EnsureNotNil ¶ added in v0.7.2
func (pcs *PeerConfigState) EnsureNotNil() *PeerConfigState
EnsureNotNil returns either its receiver if not nil, or else a new object suitable to be its receiver
func (*PeerConfigState) IsAlive ¶ added in v0.0.2
func (pcs *PeerConfigState) IsAlive() bool
IsAlive returns if the peer looked alive on the last call to `Update`. note that a peer can be alive but unhealthy!
func (*PeerConfigState) IsHealthy ¶
func (pcs *PeerConfigState) IsHealthy() bool
IsHealthy returns if the peer looked healthy on the last call to `Update`
func (*PeerConfigState) NextEndpoint ¶
func (pcs *PeerConfigState) NextEndpoint(peerFacts []*fact.Fact) *net.UDPAddr
NextEndpoint recommends the next endpoint to try configuring on the peer, if any, based on the available facts (assumed to all be about the peer!) Note that this does _not_ embed the logic for whether a new endpoint _should_ be attempted (i.e. it doesn't call `TimeForNextEndpoint` internally).
func (*PeerConfigState) TimeForNextEndpoint ¶
func (pcs *PeerConfigState) TimeForNextEndpoint() bool
TimeForNextEndpoint returns if we should try another endpoint for the peer (or if we should wait for the current endpoint to test out)
func (*PeerConfigState) Update ¶
func (pcs *PeerConfigState) Update( peer *wgtypes.Peer, name string, newAlive bool, bootID *uuid.UUID, ) *PeerConfigState
Update refreshes the PeerConfigState with new data from the wireguard device. NOTE: It is safe to call this on a `nil` pointer, it will return a new state TODO: give this access to the `peerKnowledgeSet` instead of passing in the alive state
Source Files