Documentation
¶
Overview ¶
Package protocol implements all the generic protocols to detect public IP addresses. Generic protocols are not tied to a particular server (e.g., Cloudflare).
Index ¶
- func CloseIdleConnections()
- func NormalizeDetectedRawIPs(ppfmt pp.PP, ipFamily ipnet.Family, defaultPrefixLen int, ips []netip.Addr) ([]ipnet.RawEntry, bool)
- func SharedRetryableSplitClient(ipFamily ipnet.Family) *retryablehttp.Client
- func SharedSplitClient(ipFamily ipnet.Family) *http.Client
- type CloudflareTrace
- type DNSOverHTTPS
- type DNSOverHTTPSParam
- type DetectionResult
- type File
- type HTTP
- type LocalAuto
- type LocalWithInterface
- type Static
- type Unavailable
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CloseIdleConnections ¶ added in v1.15.0
func CloseIdleConnections()
CloseIdleConnections closes all idle connections after making detecting the IP addresses.
func NormalizeDetectedRawIPs ¶ added in v1.16.0
func NormalizeDetectedRawIPs( ppfmt pp.PP, ipFamily ipnet.Family, defaultPrefixLen int, ips []netip.Addr, ) ([]ipnet.RawEntry, bool)
NormalizeDetectedRawIPs validates detected addresses for one family and lifts them into deterministic raw entries using the given default prefix length.
func SharedRetryableSplitClient ¶ added in v1.15.0
func SharedRetryableSplitClient(ipFamily ipnet.Family) *retryablehttp.Client
SharedRetryableSplitClient returns a retryablehttp.Client with the shared underlying http.Client that allows only the traffic of specified IP family.
func SharedSplitClient ¶ added in v1.15.0
SharedSplitClient returns the shared http.Client that allows only the traffic of specified IP family.
Types ¶
type CloudflareTrace ¶ added in v1.16.0
type CloudflareTrace struct {
ProviderName string // name of the detection protocol
URL map[ipnet.Family]string // trace endpoint URL per family
}
CloudflareTrace implements detection via Cloudflare's /cdn-cgi/trace endpoint with hard validation of h, warp, and ip fields.
Validation rationale:
- This detector returns a publishable client/public IP for DDNS use.
- The h field is a conservative integrity check on the response source, based on observed endpoint behavior rather than a strong public field specification.
- warp=on indicates WARP is routing the connection, so the reported ip is a Cloudflare egress IP, not the client's real IP.
- An ip inside Cloudflare's published ranges indicates a proxy scenario where the reported ip is not the client's real public IP.
func (CloudflareTrace) GetRawData ¶ added in v1.16.0
func (p CloudflareTrace) GetRawData( ctx context.Context, ppfmt pp.PP, ipFamily ipnet.Family, defaultPrefixLen int, ) DetectionResult
GetRawData detects the IP address by parsing and validating a Cloudflare trace response.
func (CloudflareTrace) IsExplicitEmpty ¶ added in v1.16.0
func (CloudflareTrace) IsExplicitEmpty() bool
IsExplicitEmpty reports whether the provider intentionally clears the family.
func (CloudflareTrace) Name ¶ added in v1.16.0
func (p CloudflareTrace) Name() string
Name of the detection protocol.
type DNSOverHTTPS ¶
type DNSOverHTTPS struct {
ProviderName string // name of the protocol
Param map[ipnet.Family]DNSOverHTTPSParam
// Rejecter is an optional hook called after the IP is parsed from the DNS
// response. If it rejects the IP, the result is treated as unavailable.
// This allows provider-specific validation (e.g., rejecting Cloudflare
// egress IPs) without breaking the generic protocol type.
Rejecter ipnet.RawIPRejecter
}
DNSOverHTTPS represents a generic detection protocol using DNS over HTTPS.
func (DNSOverHTTPS) GetRawData ¶ added in v1.16.0
func (p DNSOverHTTPS) GetRawData( ctx context.Context, ppfmt pp.PP, ipFamily ipnet.Family, defaultPrefixLen int, ) DetectionResult
GetRawData detects the IP address by DNS over HTTPS.
func (DNSOverHTTPS) IsExplicitEmpty ¶ added in v1.16.0
func (DNSOverHTTPS) IsExplicitEmpty() bool
IsExplicitEmpty reports whether the provider intentionally clears the family.
type DNSOverHTTPSParam ¶ added in v1.14.0
type DNSOverHTTPSParam = struct {
URL string // the DoH server
Name string // domain name to query
Class dnsmessage.Class // DNS class to query
}
DNSOverHTTPSParam is the parameter of a DNS-based IP provider.
type DetectionResult ¶ added in v1.16.0
type DetectionResult struct {
// Available reports whether the raw data is known for this run.
// When it is false, the reconciliation intent is "abort" (raw data
// unavailable); the current algorithm preserves existing managed content.
// See docs/designs/features/reconciliation-algorithm.markdown for intent handling.
//
// When it is true, RawEntries stores the current deterministic raw-data carrier.
// Each entry is an IP address with prefix length (host bits are preserved).
// An empty list is the explicit-empty intent ("clear").
Available bool
RawEntries []ipnet.RawEntry
}
DetectionResult carries one managed family's detection-phase raw data for a run.
Runtime maps use presence to mean "managed/in scope" and absence to mean "out of scope". That keeps out-of-scope distinct from temporary raw-data unavailability without reusing nil pointers or empty slices.
func NewKnownDetectionResult ¶ added in v1.16.0
func NewKnownDetectionResult(rawEntries []ipnet.RawEntry) DetectionResult
NewKnownDetectionResult builds the managed deterministic raw-data state.
func NewUnavailableDetectionResult ¶ added in v1.16.0
func NewUnavailableDetectionResult() DetectionResult
NewUnavailableDetectionResult builds the managed temporary-unavailability state.
func (DetectionResult) HasUsableRawData ¶ added in v1.16.0
func (r DetectionResult) HasUsableRawData() bool
HasUsableRawData reports whether downstream derivation and reconciliation may proceed.
type File ¶ added in v1.16.0
type File struct {
// ProviderName is the name of the detection protocol.
ProviderName string
// Path is the absolute path to the file containing IP addresses.
Path string
}
File reads IP addresses from a file on every detection cycle.
func (File) GetRawData ¶ added in v1.16.0
func (p File) GetRawData( _ context.Context, ppfmt pp.PP, ipFamily ipnet.Family, defaultPrefixLen int, ) DetectionResult
GetRawData reads the file, parses IP addresses or IP addresses in CIDR notation, validates them for the requested family, and returns deterministic raw data.
func (File) IsExplicitEmpty ¶ added in v1.16.0
IsExplicitEmpty reports whether the provider intentionally clears the family. File providers are dynamic; the content may change between cycles.
type HTTP ¶
type HTTP struct {
ProviderName string // name of the protocol
URL map[ipnet.Family]string // URL of the page for detection
ForcedTransportIPFamily *ipnet.Family
}
HTTP represents a generic detection protocol to use an HTTP response directly.
func (HTTP) GetRawData ¶ added in v1.16.0
func (p HTTP) GetRawData( ctx context.Context, ppfmt pp.PP, ipFamily ipnet.Family, defaultPrefixLen int, ) DetectionResult
GetRawData detects the IP address by using the HTTP response directly.
func (HTTP) IsExplicitEmpty ¶ added in v1.16.0
IsExplicitEmpty reports whether the provider intentionally clears the family.
type LocalAuto ¶ added in v1.15.0
type LocalAuto struct {
// Name of the detection protocol.
ProviderName string
// The target of the hypothetical UDP packet to be sent.
RemoteUDPAddr string
}
LocalAuto detects the IP address by pretending to send out an UDP packet and using the source IP address assigned by the system. In most cases it will detect the IP address of the network interface toward the internet. (No actual UDP packets will be sent out.)
func (LocalAuto) GetRawData ¶ added in v1.16.0
func (p LocalAuto) GetRawData( ctx context.Context, ppfmt pp.PP, ipFamily ipnet.Family, defaultPrefixLen int, ) DetectionResult
GetRawData detects the IP address by pretending to send an UDP packet. (No actual UDP packets will be sent out.)
func (LocalAuto) IsExplicitEmpty ¶ added in v1.16.0
IsExplicitEmpty reports whether the provider intentionally clears the family.
type LocalWithInterface ¶ added in v1.15.0
type LocalWithInterface struct {
// Name of the detection protocol.
ProviderName string
// The name of the network interface
InterfaceName string
}
LocalWithInterface detects IP addresses assigned to a network interface.
func (LocalWithInterface) GetRawData ¶ added in v1.16.0
func (p LocalWithInterface) GetRawData( _ context.Context, ppfmt pp.PP, ipFamily ipnet.Family, defaultPrefixLen int, ) DetectionResult
GetRawData detects raw data from unicast addresses assigned to a network interface.
func (LocalWithInterface) IsExplicitEmpty ¶ added in v1.16.0
func (LocalWithInterface) IsExplicitEmpty() bool
IsExplicitEmpty reports whether the provider intentionally clears the family.
func (LocalWithInterface) Name ¶ added in v1.15.0
func (p LocalWithInterface) Name() string
Name of the detection protocol.
type Static ¶ added in v1.16.0
type Static struct {
// Name of the detection protocol.
ProviderName string
// The raw IP addresses with prefix lengths. Config-side constructors
// canonicalize these for stable naming. Runtime normalization still runs
// in GetRawData because the provider contract is enforced per requested
// family at the point the raw data is consumed.
RawEntries []ipnet.RawEntry
}
Static returns the same set of raw IP addresses with prefix lengths.
func (Static) GetRawData ¶ added in v1.16.0
func (p Static) GetRawData( _ context.Context, ppfmt pp.PP, ipFamily ipnet.Family, _ int, ) DetectionResult
GetRawData returns the static raw entries as deterministic raw data.
func (Static) IsExplicitEmpty ¶ added in v1.16.0
IsExplicitEmpty reports whether the provider intentionally clears the family.
type Unavailable ¶ added in v1.16.0
type Unavailable struct {
ProviderName string
}
Unavailable is a synthetic provider that always reports detection as unavailable.
func (Unavailable) GetRawData ¶ added in v1.16.0
func (p Unavailable) GetRawData( _ context.Context, ppfmt pp.PP, _ ipnet.Family, _ int, ) DetectionResult
GetRawData always reports unavailable raw data for the requested family.
func (Unavailable) IsExplicitEmpty ¶ added in v1.16.0
func (p Unavailable) IsExplicitEmpty() bool
IsExplicitEmpty reports whether the provider intentionally clears the family. Unavailable is in-scope but produces no usable data; it is not explicit-empty.
func (Unavailable) Name ¶ added in v1.16.0
func (p Unavailable) Name() string
Name of the detection protocol.
Source Files