GO-2025-4040: NetBird VPN does not remove the default password of an admin account in github.com/netbirdio/netbird

device

package

v0.48.0-dev2 Latest Latest Go to latest Published: Jun 24, 2025 License: BSD-3-Clause Imports: 29 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/netbirdio/netbird

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

Package iface provides wireguard network interface creation and management

Index ¶

Variables
func ModuleTunIsLoaded() bool
func WireGuardModuleIsLoaded() bool
type FilteredDevice
type MobileIFaceArguments
type PacketFilter
type TunAdapter
type TunKernelDevice
- func NewKernelDevice(name string, address wgaddr.Address, wgPort int, key string, mtu int, ...) *TunKernelDevice
type TunNetstackDevice
- func NewNetstackDevice(name string, address wgaddr.Address, wgPort int, key string, mtu int, ...) *TunNetstackDevice
type USPDevice
- func NewUSPDevice(name string, address wgaddr.Address, port int, key string, mtu int, ...) *USPDevice
type WGConfigurer

Constants ¶

This section is empty.

Variables ¶

View Source

var CustomWindowsGUIDString string

CustomWindowsGUIDString is a custom GUID string for the interface

View Source

var (
	// ErrModuleNotFound is the error resulting if a module can't be found.
	ErrModuleNotFound = errors.New("module not found")
)

Functions ¶

func ModuleTunIsLoaded ¶

func ModuleTunIsLoaded() bool

ModuleTunIsLoaded check if tun module exist, if is not attempt to load it

func WireGuardModuleIsLoaded ¶

func WireGuardModuleIsLoaded() bool

WireGuardModuleIsLoaded check if we can load WireGuard mod (linux only)

Types ¶

type FilteredDevice ¶

type FilteredDevice struct {
	tun.Device
	// contains filtered or unexported fields
}

FilteredDevice to override Read or Write of packets

func (*FilteredDevice) Read ¶

func (d *FilteredDevice) Read(bufs [][]byte, sizes []int, offset int) (n int, err error)

Read wraps read method with filtering feature

func (*FilteredDevice) SetFilter ¶

func (d *FilteredDevice) SetFilter(filter PacketFilter)

SetFilter sets packet filter to device

func (*FilteredDevice) Write ¶

func (d *FilteredDevice) Write(bufs [][]byte, offset int) (int, error)

Write wraps write method with filtering feature

type MobileIFaceArguments ¶

type MobileIFaceArguments struct {
	TunAdapter TunAdapter // only for Android
	TunFd      int        // only for iOS
}

type PacketFilter ¶

type PacketFilter interface {
	// DropOutgoing filter outgoing packets from host to external destinations
	DropOutgoing(packetData []byte, size int) bool

	// DropIncoming filter incoming packets from external sources to host
	DropIncoming(packetData []byte, size int) bool

	// AddUDPPacketHook calls hook when UDP packet from given direction matched
	//
	// Hook function returns flag which indicates should be the matched package dropped or not.
	// Hook function receives raw network packet data as argument.
	AddUDPPacketHook(in bool, ip netip.Addr, dPort uint16, hook func(packet []byte) bool) string

	// RemovePacketHook removes hook by ID
	RemovePacketHook(hookID string) error
}

PacketFilter interface for firewall abilities

type TunAdapter ¶

type TunAdapter interface {
	ConfigureInterface(address string, mtu int, dns string, searchDomains string, routes string) (int, error)
	UpdateAddr(address string) error
	ProtectSocket(fd int32) bool
}

TunAdapter is an interface for create tun device from external service

type TunKernelDevice ¶

type TunKernelDevice struct {
	// contains filtered or unexported fields
}

func NewKernelDevice ¶

func NewKernelDevice(name string, address wgaddr.Address, wgPort int, key string, mtu int, transportNet transport.Net) *TunKernelDevice

func (*TunKernelDevice) Close ¶

func (t *TunKernelDevice) Close() error

func (*TunKernelDevice) Create ¶

func (t *TunKernelDevice) Create() (WGConfigurer, error)

func (*TunKernelDevice) Device ¶ added in v0.36.6

func (t *TunKernelDevice) Device() *device.Device

Device returns the wireguard device, not applicable for kernel devices

func (*TunKernelDevice) DeviceName ¶

func (t *TunKernelDevice) DeviceName() string

func (*TunKernelDevice) FilteredDevice ¶

func (t *TunKernelDevice) FilteredDevice() *FilteredDevice

func (*TunKernelDevice) GetNet ¶ added in v0.37.0

func (t *TunKernelDevice) GetNet() *netstack.Net

func (*TunKernelDevice) Up ¶

func (t *TunKernelDevice) Up() (*bind.UniversalUDPMuxDefault, error)

func (*TunKernelDevice) UpdateAddr ¶

func (t *TunKernelDevice) UpdateAddr(address wgaddr.Address) error

func (*TunKernelDevice) WgAddress ¶

func (t *TunKernelDevice) WgAddress() wgaddr.Address

type TunNetstackDevice ¶

type TunNetstackDevice struct {
	// contains filtered or unexported fields
}

func NewNetstackDevice ¶

func NewNetstackDevice(name string, address wgaddr.Address, wgPort int, key string, mtu int, iceBind *bind.ICEBind, listenAddress string) *TunNetstackDevice

func (*TunNetstackDevice) Close ¶

func (t *TunNetstackDevice) Close() error

func (*TunNetstackDevice) Create ¶

func (t *TunNetstackDevice) Create() (WGConfigurer, error)

func (*TunNetstackDevice) Device ¶ added in v0.36.6

func (t *TunNetstackDevice) Device() *device.Device

Device returns the wireguard device

func (*TunNetstackDevice) DeviceName ¶

func (t *TunNetstackDevice) DeviceName() string

func (*TunNetstackDevice) FilteredDevice ¶

func (t *TunNetstackDevice) FilteredDevice() *FilteredDevice

func (*TunNetstackDevice) GetNet ¶ added in v0.37.0

func (t *TunNetstackDevice) GetNet() *netstack.Net

func (*TunNetstackDevice) Up ¶

func (t *TunNetstackDevice) Up() (*bind.UniversalUDPMuxDefault, error)

func (*TunNetstackDevice) UpdateAddr ¶

func (t *TunNetstackDevice) UpdateAddr(wgaddr.Address) error

func (*TunNetstackDevice) WgAddress ¶

func (t *TunNetstackDevice) WgAddress() wgaddr.Address

type USPDevice ¶

type USPDevice struct {
	// contains filtered or unexported fields
}

func NewUSPDevice ¶

func NewUSPDevice(name string, address wgaddr.Address, port int, key string, mtu int, iceBind *bind.ICEBind) *USPDevice

func (*USPDevice) Close ¶

func (t *USPDevice) Close() error

func (*USPDevice) Create ¶

func (t *USPDevice) Create() (WGConfigurer, error)

func (*USPDevice) Device ¶ added in v0.36.6

func (t *USPDevice) Device() *device.Device

Device returns the wireguard device

func (*USPDevice) DeviceName ¶

func (t *USPDevice) DeviceName() string

func (*USPDevice) FilteredDevice ¶

func (t *USPDevice) FilteredDevice() *FilteredDevice

func (*USPDevice) GetNet ¶ added in v0.37.0

func (t *USPDevice) GetNet() *netstack.Net

func (*USPDevice) Up ¶

func (t *USPDevice) Up() (*bind.UniversalUDPMuxDefault, error)

func (*USPDevice) UpdateAddr ¶

func (t *USPDevice) UpdateAddr(address wgaddr.Address) error

func (*USPDevice) WgAddress ¶

func (t *USPDevice) WgAddress() wgaddr.Address

type WGConfigurer ¶

type WGConfigurer interface {
	ConfigureInterface(privateKey string, port int) error
	UpdatePeer(peerKey string, allowedIps []netip.Prefix, keepAlive time.Duration, endpoint *net.UDPAddr, preSharedKey *wgtypes.Key) error
	RemovePeer(peerKey string) error
	AddAllowedIP(peerKey string, allowedIP netip.Prefix) error
	RemoveAllowedIP(peerKey string, allowedIP netip.Prefix) error
	Close()
	GetStats() (map[string]configurer.WGStats, error)
	FullStats() (*configurer.Stats, error)
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL