Documentation
¶
Index ¶
- Constants
- func EnsureAllowedIPs(peer *wgtypes.Peer, facts []*fact.Fact, cfg *wgtypes.PeerConfig, ...) *wgtypes.PeerConfig
- func EnsureLocalAutoIP(env networking.Environment, dev *wgtypes.Device) (bool, error)
- func EnsurePeerAutoIP(peer *wgtypes.Peer, cfg *wgtypes.PeerConfig) (peerConfig *wgtypes.PeerConfig, added bool)
- func EnsurePeersAutoIP(ctrl internal.WgClient, dev *wgtypes.Device) (int, error)
- func IsHandshakeHealthy(lastHandshake time.Time) bool
- func OnlyAutoIP(peer *wgtypes.Peer, cfg *wgtypes.PeerConfig) *wgtypes.PeerConfig
- type PeerConfigState
- func (pcs *PeerConfigState) AliveSince() time.Time
- func (pcs *PeerConfigState) Describe() string
- func (pcs *PeerConfigState) EnsureNotNil() *PeerConfigState
- func (pcs *PeerConfigState) IsAlive() bool
- func (pcs *PeerConfigState) IsHealthy() bool
- func (pcs *PeerConfigState) NextEndpoint(peerFacts []*fact.Fact, now time.Time) *net.UDPAddr
- func (pcs *PeerConfigState) TimeForNextEndpoint() bool
- func (pcs *PeerConfigState) Update(peer *wgtypes.Peer, name string, newAlive bool, bootID *uuid.UUID, ...) *PeerConfigState
Constants ¶
const HandshakeValidity = HandshakeValidityBase + HealthHysteresisBandaid
HandshakeValidity is how long we thing a handshake should be valid for, including tolerances
const HandshakeValidityBase = device.RekeyAfterTime + device.RekeyTimeout + device.KeepaliveTimeout + device.RekeyTimeoutJitterMaxMs*time.Millisecond
HandshakeValidityBase is the base amount of time we think a handshake should be valid for, without accounting for tolerances
const HealthHysteresisBandaid = 30 * time.Second
HealthHysteresisBandaid is an extra delay to add before considering a peer unhealthy, based on as-yet undiagnosed observations of handshakes not refreshing as often as documentation seems to suggest they should
Variables ¶
This section is empty.
Functions ¶
func EnsureAllowedIPs ¶
func EnsureAllowedIPs( peer *wgtypes.Peer, facts []*fact.Fact, cfg *wgtypes.PeerConfig, allowDeconfigure bool, ) *wgtypes.PeerConfig
EnsureAllowedIPs updates the device config if needed to add all the AllowedIPs from the facts to the peer. This assumes that facts have already been filtered to be just the trusted ones.
func EnsureLocalAutoIP ¶ added in v0.8.2
func EnsureLocalAutoIP(env networking.Environment, dev *wgtypes.Device) (bool, error)
EnsureLocalAutoIP makes sure that the automatic IPv6 link-local IP is present on the interface that matches the device It returns whether it had to add it, and if any errors happened
func EnsurePeerAutoIP ¶
func EnsurePeerAutoIP(peer *wgtypes.Peer, cfg *wgtypes.PeerConfig) (peerConfig *wgtypes.PeerConfig, added bool)
EnsurePeerAutoIP ensures that the config (if any) for the given peer key includes its automatic IPv6-LL address.
func EnsurePeersAutoIP ¶ added in v0.1.1
EnsurePeersAutoIP updates the config of the device, if needed, to ensure all peers have their IPv6-LL IP listed in their AllowedIPs. It returns the number of peers modified and any error that happens
func IsHandshakeHealthy ¶ added in v0.2.1
IsHandshakeHealthy returns whether the handshake looks recent enough that the peer is likely to be in communication.
func OnlyAutoIP ¶
func OnlyAutoIP(peer *wgtypes.Peer, cfg *wgtypes.PeerConfig) *wgtypes.PeerConfig
OnlyAutoIP configures a peer to have _only_ its IPv6-LL IP in its AllowedIPs it returns whether a change was attempted and any error that happens
Types ¶
type PeerConfigState ¶
type PeerConfigState struct {
// contains filtered or unexported fields
}
PeerConfigState stores state to remember peer info so we can cycle through configurations effectively
func (*PeerConfigState) AliveSince ¶ added in v0.1.2
func (pcs *PeerConfigState) AliveSince() time.Time
AliveSince gives the time since which the peer has been healthy and alive, or a _very_ far future value if it is not healthy and alive.
func (*PeerConfigState) Describe ¶ added in v0.3.0
func (pcs *PeerConfigState) Describe() string
Describe gives a textual summary of the state. Note that this is not done as String() because it doesn't represent the whole object.
func (*PeerConfigState) EnsureNotNil ¶ added in v0.7.2
func (pcs *PeerConfigState) EnsureNotNil() *PeerConfigState
EnsureNotNil returns either its receiver if not nil, or else a new object suitable to be its receiver
func (*PeerConfigState) IsAlive ¶ added in v0.0.2
func (pcs *PeerConfigState) IsAlive() bool
IsAlive returns if the peer looked alive on the last call to `Update`. note that a peer can be alive but unhealthy!
func (*PeerConfigState) IsHealthy ¶
func (pcs *PeerConfigState) IsHealthy() bool
IsHealthy returns if the peer looked healthy on the last call to `Update`
func (*PeerConfigState) NextEndpoint ¶
NextEndpoint recommends the next endpoint to try configuring on the peer, if any, based on the available facts (assumed to all be about the peer!) Note that this does _not_ embed the logic for whether a new endpoint _should_ be attempted (i.e. it doesn't call `TimeForNextEndpoint` internally).
func (*PeerConfigState) TimeForNextEndpoint ¶
func (pcs *PeerConfigState) TimeForNextEndpoint() bool
TimeForNextEndpoint returns if we should try another endpoint for the peer (or if we should wait for the current endpoint to test out)
func (*PeerConfigState) Update ¶
func (pcs *PeerConfigState) Update( peer *wgtypes.Peer, name string, newAlive bool, bootID *uuid.UUID, now time.Time, ) *PeerConfigState
Update refreshes the PeerConfigState with new data from the wireguard device. NOTE: It is safe to call this on a `nil` pointer, it will return a new state TODO: give this access to the `peerKnowledgeSet` instead of passing in the alive state
Source Files