device

package
v0.71.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 14, 2026 License: BSD-3-Clause Imports: 33 Imported by: 0

Documentation

Overview

Package iface provides wireguard network interface creation and management

Index

Constants

This section is empty.

Variables

View Source 
var CustomWindowsGUIDString string

CustomWindowsGUIDString is a custom GUID string for the interface

View Source 
var (
	// ErrModuleNotFound is the error resulting if a module can't be found.
	ErrModuleNotFound = errors.New("module not found")
)

Functions

func ModuleTunIsLoaded 

func ModuleTunIsLoaded() bool

ModuleTunIsLoaded check if tun module exist, if is not attempt to load it

func WireGuardModuleIsLoaded 

func WireGuardModuleIsLoaded() bool

WireGuardModuleIsLoaded check if we can load WireGuard mod (linux only)

Types

type Bind added in v0.59.0 

type Bind interface {
	conn.Bind
	GetICEMux() (*udpmux.UniversalUDPMuxDefault, error)
	ActivityRecorder() *bind.ActivityRecorder
	EndpointManager
}

type EndpointManager added in v0.59.7 

type EndpointManager interface {
	SetEndpoint(fakeIP netip.Addr, conn net.Conn)
	RemoveEndpoint(fakeIP netip.Addr)
}

EndpointManager manages fake IP to connection mappings for userspace bind implementations. Implemented by bind.ICEBind and bind.RelayBindJS.

type FilteredDevice 

type FilteredDevice struct {
	tun.Device
	// contains filtered or unexported fields
}

FilteredDevice to override Read or Write of packets

func (*FilteredDevice) Close added in v0.64.6 

func (d *FilteredDevice) Close() error

Close closes the underlying tun device exactly once. wireguard-go's netTun.Close() panics on double-close due to a bare close(channel), and multiple code paths can trigger Close on the same device.

func (*FilteredDevice) Read 

func (d *FilteredDevice) Read(bufs [][]byte, sizes []int, offset int) (n int, err error)

Read wraps read method with filtering feature

func (*FilteredDevice) SetCapture added in v0.70.5 

func (d *FilteredDevice) SetCapture(pc PacketCapture)

SetCapture sets or clears the packet capture sink. Pass nil to disable. Uses atomic store so the hot path (Read/Write) is a single pointer load with no locking overhead when capture is off.

func (*FilteredDevice) SetFilter 

func (d *FilteredDevice) SetFilter(filter PacketFilter)

SetFilter sets packet filter to device

func (*FilteredDevice) Write 

func (d *FilteredDevice) Write(bufs [][]byte, offset int) (int, error)

Write wraps write method with filtering feature

type MobileIFaceArguments 

type MobileIFaceArguments struct {
	TunAdapter TunAdapter // only for Android
	TunFd      int        // only for iOS
}

type PacketCapture added in v0.70.5 

type PacketCapture interface {
	// Offer submits a packet for capture. outbound is true for packets
	// leaving the host (Read path), false for packets arriving (Write path).
	Offer(data []byte, outbound bool)
}

PacketCapture captures raw packets for debugging. Implementations must be safe for concurrent use and must not block.

type PacketFilter 

type PacketFilter interface {
	// FilterOutbound filter outgoing packets from host to external destinations
	FilterOutbound(packetData []byte, size int) bool

	// FilterInbound filter incoming packets from external sources to host
	FilterInbound(packetData []byte, size int) bool

	// SetUDPPacketHook registers a hook for outbound UDP packets matching the given IP and port.
	// Hook function returns true if the packet should be dropped.
	// Only one UDP hook is supported; calling again replaces the previous hook.
	// Pass nil hook to remove.
	SetUDPPacketHook(ip netip.Addr, dPort uint16, hook func(packet []byte) bool)

	// SetTCPPacketHook registers a hook for outbound TCP packets matching the given IP and port.
	// Hook function returns true if the packet should be dropped.
	// Only one TCP hook is supported; calling again replaces the previous hook.
	// Pass nil hook to remove.
	SetTCPPacketHook(ip netip.Addr, dPort uint16, hook func(packet []byte) bool)
}

PacketFilter interface for firewall abilities

type TunAdapter 

type TunAdapter interface {
	ConfigureInterface(address string, addressV6 string, mtu int, dns string, searchDomains string, routes string) (int, error)
	UpdateAddr(address string) error
	ProtectSocket(fd int32) bool
}

TunAdapter is an interface for create tun device from external service

type TunDevice added in v0.71.0 

type TunDevice struct {
	// contains filtered or unexported fields
}

func NewTunDevice added in v0.71.0 

func NewTunDevice(name string, address wgaddr.Address, port int, key string, mtu uint16, iceBind *bind.ICEBind) *TunDevice

func (*TunDevice) Close added in v0.71.0 

func (t *TunDevice) Close() error

func (*TunDevice) Create added in v0.71.0 

func (t *TunDevice) Create() (WGConfigurer, error)

func (*TunDevice) Device added in v0.71.0 

func (t *TunDevice) Device() *device.Device

Device returns the wireguard device

func (*TunDevice) DeviceName added in v0.71.0 

func (t *TunDevice) DeviceName() string

func (*TunDevice) FilteredDevice added in v0.71.0 

func (t *TunDevice) FilteredDevice() *FilteredDevice

func (*TunDevice) GetICEBind added in v0.71.0 

func (t *TunDevice) GetICEBind() EndpointManager

GetICEBind returns the ICEBind instance

func (*TunDevice) GetNet added in v0.71.0 

func (t *TunDevice) GetNet() *netstack.Net

func (*TunDevice) MTU added in v0.71.0 

func (t *TunDevice) MTU() uint16

func (*TunDevice) Up added in v0.71.0 

func (t *TunDevice) Up() (*udpmux.UniversalUDPMuxDefault, error)

func (*TunDevice) UpdateAddr added in v0.71.0 

func (t *TunDevice) UpdateAddr(address wgaddr.Address) error

func (*TunDevice) WgAddress added in v0.71.0 

func (t *TunDevice) WgAddress() wgaddr.Address

type TunKernelDevice 

type TunKernelDevice struct {
	// contains filtered or unexported fields
}

func NewKernelDevice 

func NewKernelDevice(name string, address wgaddr.Address, wgPort int, key string, mtu uint16, transportNet transport.Net) *TunKernelDevice

func (*TunKernelDevice) Close 

func (t *TunKernelDevice) Close() error

func (*TunKernelDevice) Create 

func (t *TunKernelDevice) Create() (WGConfigurer, error)

func (*TunKernelDevice) Device added in v0.36.6 

func (t *TunKernelDevice) Device() *device.Device

Device returns the wireguard device, not applicable for kernel devices

func (*TunKernelDevice) DeviceName 

func (t *TunKernelDevice) DeviceName() string

func (*TunKernelDevice) FilteredDevice 

func (t *TunKernelDevice) FilteredDevice() *FilteredDevice

func (*TunKernelDevice) GetICEBind added in v0.59.7 

func (t *TunKernelDevice) GetICEBind() EndpointManager

GetICEBind returns nil for kernel mode devices

func (*TunKernelDevice) GetNet added in v0.37.0 

func (t *TunKernelDevice) GetNet() *netstack.Net

func (*TunKernelDevice) MTU added in v0.56.0 

func (t *TunKernelDevice) MTU() uint16

func (*TunKernelDevice) Up 

func (t *TunKernelDevice) Up() (*udpmux.UniversalUDPMuxDefault, error)

func (*TunKernelDevice) UpdateAddr 

func (t *TunKernelDevice) UpdateAddr(address wgaddr.Address) error

func (*TunKernelDevice) WgAddress 

func (t *TunKernelDevice) WgAddress() wgaddr.Address

type TunNetstackDevice 

type TunNetstackDevice struct {
	// contains filtered or unexported fields
}

func NewNetstackDevice 

func NewNetstackDevice(name string, address wgaddr.Address, wgPort int, key string, mtu uint16, bind Bind, listenAddress string) *TunNetstackDevice

func (*TunNetstackDevice) Close 

func (t *TunNetstackDevice) Close() error

func (*TunNetstackDevice) Create 

func (t *TunNetstackDevice) Create() (WGConfigurer, error)

func (*TunNetstackDevice) Device added in v0.36.6 

func (t *TunNetstackDevice) Device() *device.Device

Device returns the wireguard device

func (*TunNetstackDevice) DeviceName 

func (t *TunNetstackDevice) DeviceName() string

func (*TunNetstackDevice) FilteredDevice 

func (t *TunNetstackDevice) FilteredDevice() *FilteredDevice

func (*TunNetstackDevice) GetICEBind added in v0.59.7 

func (t *TunNetstackDevice) GetICEBind() EndpointManager

GetICEBind returns the bind instance

func (*TunNetstackDevice) GetNet added in v0.37.0 

func (t *TunNetstackDevice) GetNet() *netstack.Net

func (*TunNetstackDevice) MTU added in v0.56.0 

func (t *TunNetstackDevice) MTU() uint16

func (*TunNetstackDevice) Up 

func (t *TunNetstackDevice) Up() (*udpmux.UniversalUDPMuxDefault, error)

func (*TunNetstackDevice) UpdateAddr 

func (t *TunNetstackDevice) UpdateAddr(wgaddr.Address) error

func (*TunNetstackDevice) WgAddress 

func (t *TunNetstackDevice) WgAddress() wgaddr.Address

type WGConfigurer 

type WGConfigurer interface {
	ConfigureInterface(privateKey string, port int) error
	UpdatePeer(peerKey string, allowedIps []netip.Prefix, keepAlive time.Duration, endpoint *net.UDPAddr, preSharedKey *wgtypes.Key) error
	RemovePeer(peerKey string) error
	AddAllowedIP(peerKey string, allowedIP netip.Prefix) error
	RemoveAllowedIP(peerKey string, allowedIP netip.Prefix) error
	SetPresharedKey(peerKey string, psk wgtypes.Key, updateOnly bool) error
	Close()
	GetStats() (map[string]configurer.WGStats, error)
	FullStats() (*configurer.Stats, error)
	LastActivities() map[string]monotime.Time
	RemoveEndpointAddress(peerKey string) error
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.