wireguard

package
v0.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 14, 2026 License: GPL-3.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateKeyPair 

func GenerateKeyPair() (privateKey, publicKey string, err error)

GenerateKeyPair generates a new WireGuard key pair

Types

type Config 

type Config struct {
	InterfaceName string         `json:"interface_name"`
	PrivateKey    string         `json:"private_key"`
	PreSharedKey  string         `json:"pre_shared_key,omitempty"`
	ListenPort    int            `json:"listen_port"`
	Address       []string       `json:"address"`
	Latency       *LatencyConfig `json:"latency,omitempty"`
	// contains filtered or unexported fields
}

Config represents the WireGuard configuration

func NewConfig 

func NewConfig(config string) (*Config, error)

NewConfig creates a new WireGuard configuration from JSON

func (*Config) GetPreSharedKey 

func (c *Config) GetPreSharedKey() (*wgtypes.Key, error)

GetPreSharedKey parses and caches the pre-shared key, optionally returning nil if not set.

func (*Config) GetPrivateKey 

func (c *Config) GetPrivateKey() (wgtypes.Key, error)

GetPrivateKey returns the parsed WireGuard private key. The parsed key is stored in memory and reused after first successful parse.

func (*Config) InterfaceNetworks added in v0.3.1 

func (c *Config) InterfaceNetworks() []*net.IPNet

InterfaceNetworks returns CIDR prefixes parsed from the node's core `address` list. Used to restrict peer AllowedIPs to subnets this interface actually serves.

type DesiredPeer 

type DesiredPeer struct {
	Email         string
	PublicKey     string
	ParsedKey     wgtypes.Key
	AllowedIPNets []net.IPNet
}

type LatencyConfig added in v0.4.1 

type LatencyConfig struct {
	TestURL        string `json:"test_url,omitempty"`
	TimeoutSeconds int    `json:"timeout_seconds,omitempty"`
}

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager handles WireGuard interface management using wgctrl

func NewManager 

func NewManager(interfaceName string) (*Manager, error)

NewManager creates a new WireGuard manager

func (*Manager) ApplyConfig 

func (m *Manager) ApplyConfig(config wgtypes.Config) error

ApplyConfig safely configures the device with the given configuration under lock.

func (*Manager) ApplyPeers 

func (m *Manager) ApplyPeers(peers []wgtypes.PeerConfig) error

ApplyPeers applies a batch of peer configurations in a single kernel call.

func (*Manager) ApplyPeersReplaceAll 

func (m *Manager) ApplyPeersReplaceAll(peers []wgtypes.PeerConfig) error

ApplyPeersReplaceAll applies peers as an authoritative full snapshot in a single kernel call.

func (*Manager) Close 

func (m *Manager) Close() error

Close cleans up the WireGuard manager and removes the interface

func (*Manager) GetDevice 

func (m *Manager) GetDevice() (*wgtypes.Device, error)

GetDevice returns the current WireGuard device statistics

func (*Manager) GetInterfaceStats 

func (m *Manager) GetInterfaceStats() (rxBytes, txBytes int64, err error)

GetInterfaceStats returns RX/TX statistics for the interface

func (*Manager) InitializeWithPeers 

func (m *Manager) InitializeWithPeers(privateKey wgtypes.Key, listenPort int, serverIPs []string, peers []wgtypes.PeerConfig) error

InitializeWithPeers sets up the WireGuard interface with initial configuration and optional full peer snapshot.

type PeerInfo 

type PeerInfo struct {
	Email      string      `json:"email"`
	PublicKey  wgtypes.Key `json:"public_key"`
	AllowedIPs []net.IPNet `json:"allowed_ips"`
}

PeerInfo stores information about a WireGuard peer

type PeerStore 

type PeerStore struct {
	// contains filtered or unexported fields
}

PeerStore manages the runtime state of WireGuard peers. It enforces a 1:1 mapping between User (Email) and WireGuard Public Key.

func NewPeerStore 

func NewPeerStore() *PeerStore

NewPeerStore creates a new empty PeerStore

func (*PeerStore) ApplyChanges 

func (ps *PeerStore) ApplyChanges(removeKeys []string, upsertPeers []*PeerInfo) []string

ApplyChanges commits removals and upserts in one lock scope. It returns the keys actually removed from the store.

func (*PeerStore) GetAll 

func (ps *PeerStore) GetAll() []*PeerInfo

GetAll returns all configured peers.

func (*PeerStore) GetByEmail 

func (ps *PeerStore) GetByEmail(email string) *PeerInfo

GetByEmail returns the peer for a given email if it exists.

func (*PeerStore) GetByKey 

func (ps *PeerStore) GetByKey(publicKey string) *PeerInfo

GetByKey returns a single peer by public key.

func (*PeerStore) GetEmailMap 

func (ps *PeerStore) GetEmailMap() map[string]string

GetEmailMap returns a completely decoupled, point-in-time map of publicKey -> email. Replaces the over-engineered emailByKeySnapshotCache.

func (*PeerStore) Init 

func (ps *PeerStore) Init(peers []*PeerInfo)

Init bulk initializes the peer store. Should ONLY be used during startup when the store is known to be empty.

func (*PeerStore) ReplaceAll 

func (ps *PeerStore) ReplaceAll(peers []*PeerInfo) []string

ReplaceAll completely replaces the peer store contents with the given peers. It returns a list of public keys that were removed in the process.

type SyncDiff 

type SyncDiff struct {
	RemoveKeys  []string
	UpsertPeers []*PeerInfo
	PeerConfigs []wgtypes.PeerConfig
	TargetPeers map[string]*PeerInfo
	Changed     bool
}

type WireGuard 

type WireGuard struct {
	// contains filtered or unexported fields
}

WireGuard locking hierarchy — must always be acquired in this order: 

wg.syncMu  serialises all peer sync/remove operations
wg.mu      guards lifecycle state (manager, state, config, version)
m.mu       guards Manager internals (client, configure, nl)

Never acquire an outer lock while holding an inner one.

func New 

func New(cfg *config.Config, wgConfig *Config, users []*common.User) (*WireGuard, error)

New creates a new WireGuard backend instance

func (*WireGuard) GetOutboundsLatency added in v0.4.1 

func (wg *WireGuard) GetOutboundsLatency(ctx context.Context, request *common.LatencyRequest) (*common.LatencyResponse, error)

func (*WireGuard) GetStats 

func (wg *WireGuard) GetStats(ctx context.Context, request *common.StatRequest) (*common.StatResponse, error)

func (*WireGuard) GetSysStats 

func (wg *WireGuard) GetSysStats(ctx context.Context) (*common.BackendStatsResponse, error)

GetSysStats returns system stats for the WireGuard backend

func (*WireGuard) GetUserOnlineIpListStats 

func (wg *WireGuard) GetUserOnlineIpListStats(ctx context.Context, email string) (*common.StatsOnlineIpListResponse, error)

func (*WireGuard) GetUserOnlineStats 

func (wg *WireGuard) GetUserOnlineStats(ctx context.Context, email string) (*common.OnlineStatResponse, error)

func (*WireGuard) Logs 

func (wg *WireGuard) Logs() <-chan string

Logs returns the log channel as a receive-only channel. The channel is closed when Shutdown is called; callers should use range so they naturally stop reading once it is closed.

func (*WireGuard) Restart 

func (wg *WireGuard) Restart() error

Restart applies a new configuration dynamically to the WireGuard interface without tearing it down.

func (*WireGuard) Shutdown 

func (wg *WireGuard) Shutdown()

Shutdown stops the WireGuard backend

func (*WireGuard) Started 

func (wg *WireGuard) Started() bool

Started returns whether the WireGuard backend is running

func (*WireGuard) SyncUser 

func (wg *WireGuard) SyncUser(_ context.Context, user *common.User) error

SyncUser synchronizes a single user to the WireGuard interface. Each user has a single key/IP pair (/32 for IPv4, /128 for IPv6).

func (*WireGuard) SyncUsers 

func (wg *WireGuard) SyncUsers(_ context.Context, users []*common.User) error

SyncUsers synchronizes multiple users to the WireGuard interface.

func (*WireGuard) UpdateUsers 

func (wg *WireGuard) UpdateUsers(_ context.Context, users []*common.User) error

UpdateUsers performs partial reconciliation for users provided in the request.

func (*WireGuard) UpdateUsersAndRestart 

func (wg *WireGuard) UpdateUsersAndRestart(_ context.Context, users []*common.User) error

UpdateUsersAndRestart applies targeted user updates, then rebuilds the full peer snapshot so interface-wide settings like keepalive are reapplied to all peers.

func (*WireGuard) Version 

func (wg *WireGuard) Version() string

Version returns the WireGuard version

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.