internal

package
v0.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2026 License: BSD-3-Clause Imports: 86 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PeerConnectionTimeoutMax = 45000 // ms
	PeerConnectionTimeoutMin = 30000 // ms

)

PeerConnectionTimeoutMax is a timeout of an initial connection attempt to a remote peer. E.g. this peer will wait PeerConnectionTimeoutMax for the remote peer to respond, if not successful then it will retry the connection attempt. Todo pass timeout at EnginConfig

Variables

View Source 
var ErrResetConnection = fmt.Errorf("reset connection")

Functions

func CheckUIApp 

func CheckUIApp() bool

CheckUIApp checks whether UI application is running.

func CtxGetState 

func CtxGetState(ctx context.Context) *contextState

CtxGetState object to get/update state/errors of process.

func CtxInitState 

func CtxInitState(ctx context.Context) context.Context

CtxInitState setup context state into the context tree.

This function should be used to initialize context before CtxGetState will be executed.

Types

type ConnMgr 

type ConnMgr struct {
	// contains filtered or unexported fields
}

ConnMgr coordinates both lazy connections (established on-demand) and permanent peer connections.

The connection manager is responsible for: - Managing lazy connections via the lazyConnManager - Maintaining a list of excluded peers that should always have permanent connections - Handling connection establishment based on peer signaling

The implementation is not thread-safe; it is protected by engine.syncMsgMux.

func NewConnMgr 

func NewConnMgr(engineConfig *EngineConfig, statusRecorder *peer.Status, peerStore *peerstore.Store, iface lazyconn.WGIface) *ConnMgr

func (*ConnMgr) ActivatePeer 

func (e *ConnMgr) ActivatePeer(ctx context.Context, conn *peer.Conn)

func (*ConnMgr) AddPeerConn 

func (e *ConnMgr) AddPeerConn(ctx context.Context, peerKey string, conn *peer.Conn) (exists bool)

func (*ConnMgr) Close 

func (e *ConnMgr) Close()

func (*ConnMgr) DeactivatePeer 

func (e *ConnMgr) DeactivatePeer(conn *peer.Conn)

DeactivatePeer deactivates a peer connection in the lazy connection manager. If locally the lazy connection is disabled, we force the peer connection open.

func (*ConnMgr) RemovePeerConn 

func (e *ConnMgr) RemovePeerConn(peerKey string)

func (*ConnMgr) SetExcludeList 

func (e *ConnMgr) SetExcludeList(ctx context.Context, peerIDs map[string]bool)

SetExcludeList sets the list of peer IDs that should always have permanent connections.

func (*ConnMgr) Start 

func (e *ConnMgr) Start(ctx context.Context)

Start initializes the connection manager and starts the lazy connection manager if enabled by env var or cmd line option.

func (*ConnMgr) UpdateRouteHAMap 

func (e *ConnMgr) UpdateRouteHAMap(haMap route.HAMap)

UpdateRouteHAMap updates the route HA mappings in the lazy connection manager

func (*ConnMgr) UpdatedRemoteFeatureFlag 

func (e *ConnMgr) UpdatedRemoteFeatureFlag(ctx context.Context, enabled bool) error

UpdatedRemoteFeatureFlag is called when the remote feature flag is updated. If enabled, it initializes the lazy connection manager and start it. Do not need to call Start() again. If disabled, then it closes the lazy connection manager and open the connections to all peers.

type ConnectClient 

type ConnectClient struct {
	// contains filtered or unexported fields
}

func NewConnectClient 

func NewConnectClient(
	ctx context.Context,
	config *profilemanager.Config,
	statusRecorder *peer.Status,
	doInitalAutoUpdate bool,
) *ConnectClient

func (*ConnectClient) Engine 

func (c *ConnectClient) Engine() *Engine

func (*ConnectClient) GetLatestSyncResponse 

func (c *ConnectClient) GetLatestSyncResponse() (*mgmProto.SyncResponse, error)

GetLatestSyncResponse returns the latest sync response from the engine.

func (*ConnectClient) Run 

func (c *ConnectClient) Run(runningChan chan struct{}, logPath string) error

Run with main logic.

func (*ConnectClient) RunOnAndroid 

func (c *ConnectClient) RunOnAndroid(
	tunAdapter device.TunAdapter,
	iFaceDiscover stdnet.ExternalIFaceDiscover,
	networkChangeListener listener.NetworkChangeListener,
	dnsAddresses []netip.AddrPort,
	dnsReadyListener dns.ReadyListener,
	stateFilePath string,
) error

RunOnAndroid with main logic on mobile system

func (*ConnectClient) RunOniOS 

func (c *ConnectClient) RunOniOS(
	fileDescriptor int32,
	networkChangeListener listener.NetworkChangeListener,
	dnsManager dns.IosDnsManager,
	stateFilePath string,
) error

func (*ConnectClient) SetLogLevel added in v0.3.0 

func (c *ConnectClient) SetLogLevel(level log.Level)

SetLogLevel sets the log level for the firewall manager if the engine is running.

func (*ConnectClient) SetSyncResponsePersistence 

func (c *ConnectClient) SetSyncResponsePersistence(enabled bool)

SetSyncResponsePersistence enables or disables sync response persistence. When enabled, the last received sync response will be stored and can be retrieved through the Engine's GetLatestSyncResponse method. When disabled, any stored sync response will be cleared.

func (*ConnectClient) Status 

func (c *ConnectClient) Status() StatusType

Status returns the current client status

func (*ConnectClient) Stop 

func (c *ConnectClient) Stop() error

type Engine 

type Engine struct {

	// STUNs is a list of STUN servers used by ICE
	STUNs []*stun.URI
	// TURNs is a list of STUN servers used by ICE
	TURNs []*stun.URI
	// contains filtered or unexported fields
}

Engine is a mechanism responsible for reacting on Signal and Management stream events and managing connections to the remote peers.

func NewEngine 

func NewEngine(
	clientCtx context.Context,
	clientCancel context.CancelFunc,
	signalClient signal.Client,
	mgmClient mgm.Client,
	relayManager *relayClient.Manager,
	config *EngineConfig,
	mobileDep MobileDependency,
	statusRecorder *peer.Status,
	checks []*mgmProto.Checks,
	stateManager *statemanager.Manager,
) *Engine

NewEngine creates a new Connection Engine with probes attached

func (*Engine) Address 

func (e *Engine) Address() (netip.Addr, error)

func (*Engine) GetFirewallManager 

func (e *Engine) GetFirewallManager() firewallManager.Manager

GetFirewallManager returns the firewall manager

func (*Engine) GetLatestSyncResponse 

func (e *Engine) GetLatestSyncResponse() (*mgmProto.SyncResponse, error)

GetLatestSyncResponse returns the stored sync response if persistence is enabled

func (*Engine) GetNet 

func (e *Engine) GetNet() (*netstack.Net, error)

func (*Engine) GetPeerSSHKey 

func (e *Engine) GetPeerSSHKey(peerAddress string) ([]byte, bool)

GetPeerSSHKey returns the SSH host key for a specific peer by IP or FQDN

func (*Engine) GetRouteManager 

func (e *Engine) GetRouteManager() routemanager.Manager

GetRouteManager returns the route manager

func (*Engine) GetSSHServerStatus 

func (e *Engine) GetSSHServerStatus() (enabled bool, sessions []sshserver.SessionInfo)

GetSSHServerStatus returns the SSH server status and active sessions

func (*Engine) GetWgAddr 

func (e *Engine) GetWgAddr() netip.Addr

GetWgAddr returns the wireguard address

func (*Engine) InitialUpdateHandling added in v0.2.3 

func (e *Engine) InitialUpdateHandling(autoUpdateSettings *mgmProto.AutoUpdateSettings)

func (*Engine) PopulateNetbirdConfig 

func (e *Engine) PopulateNetbirdConfig(netbirdConfig *mgmProto.NetbirdConfig, mgmtURL *url.URL) error

PopulateNetbirdConfig populates the DNS cache with infrastructure domains from login response

func (*Engine) RenewTun added in v0.1.1 

func (e *Engine) RenewTun(fd int) error

func (*Engine) RunHealthProbes 

func (e *Engine) RunHealthProbes(waitForResult bool) bool

RunHealthProbes executes health checks for Signal, Management, Relay, and WireGuard services and updates the status recorder with the latest states.

func (*Engine) SetSyncResponsePersistence 

func (e *Engine) SetSyncResponsePersistence(enabled bool)

SetSyncResponsePersistence enables or disables sync response persistence

func (*Engine) Start 

func (e *Engine) Start(netbirdConfig *mgmProto.NetbirdConfig, mgmtURL *url.URL) error

Start creates a new WireGuard tunnel interface and listens to events from Signal and Management services Connections to remote peers are not established here. However, they will be established once an event with a list of peers to connect to will be received from Management Service

func (*Engine) Stop 

func (e *Engine) Stop() error

type EngineConfig 

type EngineConfig struct {
	WgPort      int
	WgIfaceName string

	// WgAddr is a Wireguard local address (Netbird Network IP)
	WgAddr string

	// WgPrivateKey is a Wireguard private key of our peer (it MUST never leave the machine)
	WgPrivateKey wgtypes.Key

	// NetworkMonitor is a flag to enable network monitoring
	NetworkMonitor bool

	// IFaceBlackList is a list of network interfaces to ignore when discovering connection candidates (ICE related)
	IFaceBlackList       []string
	DisableIPv6Discovery bool

	PreSharedKey *wgtypes.Key

	// UDPMuxPort default value 0 - the system will pick an available port
	UDPMuxPort int

	// UDPMuxSrflxPort default value 0 - the system will pick an available port
	UDPMuxSrflxPort int

	// SSHKey is a private SSH key in a PEM format
	SSHKey []byte

	NATExternalIPs []string

	CustomDNSAddress string

	RosenpassEnabled    bool
	RosenpassPermissive bool

	ServerSSHAllowed              bool
	EnableSSHRoot                 *bool
	EnableSSHSFTP                 *bool
	EnableSSHLocalPortForwarding  *bool
	EnableSSHRemotePortForwarding *bool
	DisableSSHAuth                *bool

	DNSRouteInterval time.Duration

	DisableClientRoutes bool
	DisableServerRoutes bool
	DisableDNS          bool
	DisableFirewall     bool
	BlockLANAccess      bool
	BlockInbound        bool

	LazyConnectionEnabled bool

	MTU uint16

	// for debug bundle generation
	ProfileConfig *profilemanager.Config

	LogPath string
}

EngineConfig is a config for the Engine

type MobileDependency 

type MobileDependency struct {
	// Android only
	TunAdapter            device.TunAdapter
	IFaceDiscover         stdnet.ExternalIFaceDiscover
	NetworkChangeListener listener.NetworkChangeListener
	HostDNSAddresses      []netip.AddrPort
	DnsReadyListener      dns.ReadyListener

	//	iOS only
	DnsManager     dns.IosDnsManager
	FileDescriptor int32
	StateFilePath  string
}

MobileDependency collect all dependencies for mobile platform

type Peer 

type Peer struct {
	WgPubKey     string
	WgAllowedIps string
}

Peer is an instance of the Connection Peer

type SessionWatcher 

type SessionWatcher struct {
	// contains filtered or unexported fields
}

func NewSessionWatcher 

func NewSessionWatcher(ctx context.Context, peerStatusRecorder *peer.Status) *SessionWatcher

NewSessionWatcher creates a new instance of SessionWatcher.

func (*SessionWatcher) SetOnExpireListener 

func (s *SessionWatcher) SetOnExpireListener(onExpire func())

SetOnExpireListener sets the callback func to be called when the session expires.

type StatusType 

type StatusType string
const (
	StatusIdle StatusType = "Idle"

	StatusConnecting     StatusType = "Connecting"
	StatusConnected      StatusType = "Connected"
	StatusNeedsLogin     StatusType = "NeedsLogin"
	StatusLoginFailed    StatusType = "LoginFailed"
	StatusSessionExpired StatusType = "SessionExpired"
)

type WGIface 

type WGIface interface {
	// contains filtered or unexported methods
}

type WGIfaceMonitor 

type WGIfaceMonitor struct {
	// contains filtered or unexported fields
}

WGIfaceMonitor monitors the WireGuard interface lifecycle and restarts the engine if the interface is deleted externally while the engine is running.

func NewWGIfaceMonitor 

func NewWGIfaceMonitor() *WGIfaceMonitor

NewWGIfaceMonitor creates a new WGIfaceMonitor instance.

func (*WGIfaceMonitor) Start 

func (m *WGIfaceMonitor) Start(ctx context.Context, ifaceName string) (shouldRestart bool, err error)

Start begins monitoring the WireGuard interface. It relies on the provided context cancellation to stop.

Source Files

View all Source files

Directories

Path Synopsis
acl
id
mocks
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.
dns
config
local
mgmt
resutil
Package resutil provides shared DNS resolution utilities
 Package resutil provides shared DNS resolution utilities
test
types
manager
Package lazyconn provides mechanisms for managing lazy connections, which activate on demand to optimize resource usage and establish connections efficiently.
 Package lazyconn provides mechanisms for managing lazy connections, which activate on demand to optimize resource usage and establish connections efficiently.
activity
inactivity
manager
conntrack
logger
store
types
conntype
dispatcher
guard
ice
id
worker
client
common
dnsinterceptor
dynamic
fakeip
iface
ipfwdstate
notifier
refcounter
server
static
sysctl
systemops
util
vars
Package stdnet is an extension of the pion's stdnet.
 Package stdnet is an extension of the pion's stdnet.
Package updatemanager provides automatic update management for the Nirvati Connect Client.
 Package updatemanager provides automatic update management for the Nirvati Connect Client.
downloader
installer
Package installer provides functionality for managing NetBird application updates and installations across Windows, macOS.
 Package installer provides functionality for managing NetBird application updates and installations across Windows, macOS.
reposign
Package reposign implements a cryptographic signing and verification system for NetBird software update artifacts.
 Package reposign implements a cryptographic signing and verification system for NetBird software update artifacts.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.