network

package
v0.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 26, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PeerStatusUnknown = "unknown"
	PeerStatusUp      = "up"
	PeerStatusDown    = "down"
)
View Source 
const (
	WireGuardInterfaceName = "uncloud"
	DefaultWireGuardPort   = 51820
	// MinWireGuardMTU is the minimum MTU for the WireGuard interface. The management traffic inside the tunnel uses
	// IPv6 whose minimum link MTU is 1280, so this is a safe floor that also keeps Corrosion's max_mtu (>= 1200) valid.
	MinWireGuardMTU = 1280
	// MaxWireGuardMTU is the conservative maximum MTU set by auto-detection and the fallback when detection fails.
	// It's the standard WireGuard MTU for a 1500-byte underlay (1500 - 80) that matches the kernel's default
	// for WireGuard links.
	MaxWireGuardMTU = 1500 - wireGuardEncapOverhead

	// WireGuardKeepaliveInterval is sensible interval that works with a wide variety of firewalls.
	WireGuardKeepaliveInterval = 25 * time.Second
)

Variables

This section is empty.

Functions

func DetectMTU added in v0.20.0 

func DetectMTU() int

DetectMTU returns the optimal MTU for the WireGuard interface based on the machine's egress network. The egress MTU is capped at MaxWireGuardMTU to not overestimate the path MTU between machines which can go over the public internet. If the egress MTU cannot be detected, it falls back to MaxWireGuardMTU.

func GetPublicIP 

func GetPublicIP() (netip.Addr, error)

func ListRoutableIPs 

func ListRoutableIPs() ([]netip.Addr, error)

ListRoutableIPs returns a list of routable unicast IP addresses.

func MachineIP 

func MachineIP(subnet netip.Prefix) netip.Addr

MachineIP returns the IP address of the machine which is the first address in the subnet.

func ManagementIP 

func ManagementIP(publicKey secret.Secret) netip.Addr

ManagementIP returns the IPv6 address of a peer derived from the first 14 bytes of its public key. This address always starts with fdcc: and is intended for cluster management traffic.

func NewMachineKeys 

func NewMachineKeys() (privKey, pubKey secret.Secret, err error)

NewMachineKeys generates a new WireGuard private and public key pair.

Types

type Config 

type Config struct {
	// Subnet is the IPv4 address range allocated to the machine. The machine's IP address is the first address
	// in the subnet. Other IP addresses are allocated to containers running on the machine.
	Subnet netip.Prefix
	// ManagementIP is the IPv6 address assigned to the machine within the WireGuard network. This address is used
	// for cluster management traffic, such as gRPC communication with the machine API server and Corrosion gossip.
	ManagementIP netip.Addr
	// WireGuardPort is the UDP port WireGuard listens on. Zero means the default port (51820).
	WireGuardPort int `json:",omitempty"`
	// MTU of the WireGuard interface. Use EffectiveMTU to get the default if not set (zero).
	MTU        int `json:",omitempty"`
	PrivateKey secret.Secret
	PublicKey  secret.Secret
	// Endpoints are this machine's own WireGuard endpoints advertised to other machines.
	Endpoints []netip.AddrPort `json:",omitempty"`
	Peers     []PeerConfig     `json:",omitempty"`
}

func (Config) EffectiveMTU added in v0.20.0 

func (c Config) EffectiveMTU() int

EffectiveMTU returns the MTU for the WireGuard interface. Falls back to MaxWireGuardMTU if not set (zero).

func (Config) EffectiveWireGuardPort added in v0.20.0 

func (c Config) EffectiveWireGuardPort() int

EffectiveWireGuardPort returns the WireGuard listen port for this config. If WireGuardPort is not set (zero), it returns the default WireGuard port.

func (Config) IsConfigured 

func (c Config) IsConfigured() bool

IsConfigured returns true if the configuration is complete to establish a WireGuard network.

type EndpointChangeEvent 

type EndpointChangeEvent struct {
	PublicKey secret.Secret
	// Endpoint is the new endpoint of the peer.
	Endpoint netip.AddrPort
}

type PeerConfig 

type PeerConfig struct {
	Subnet *netip.Prefix `json:",omitempty"`
	// ManagementIP is the IPv6 address assigned to the peer within the WireGuard network. This address is used
	// for cluster management traffic, such as gRPC communication with the machine API server and Corrosion gossip.
	ManagementIP netip.Addr
	Endpoint     *netip.AddrPort  `json:",omitempty"`
	AllEndpoints []netip.AddrPort `json:",omitempty"`
	PublicKey    secret.Secret
}

type WireGuardNetwork 

type WireGuardNetwork struct {
	// contains filtered or unexported fields
}

func NewWireGuardNetwork 

func NewWireGuardNetwork() (*WireGuardNetwork, error)

func (*WireGuardNetwork) Cleanup added in v0.10.0 

func (n *WireGuardNetwork) Cleanup() error

Cleanup deletes the WireGuard link. The network must not be running when this method is called.

func (*WireGuardNetwork) Configure 

func (n *WireGuardNetwork) Configure(config Config) error

Configure applies the given configuration to the WireGuard network interface. It updates device and peers settings, subnet, and peer routes.

func (*WireGuardNetwork) Run 

func (n *WireGuardNetwork) Run(ctx context.Context) error

func (*WireGuardNetwork) WatchEndpoints 

func (n *WireGuardNetwork) WatchEndpoints() <-chan EndpointChangeEvent

WatchEndpoints returns a channel that receives endpoint change events for the WireGuard peers.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.